** Guide to administering Linux on RHEL, CentOS, Amazon AMI's **
Copyright 2014 Craig H
Licensed under the Apache License, Version 2.0 (the 'License');
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an 'AS IS' BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Searches, loads, and executes the boot loader program.
It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
So, in simple terms BIOS loads and executes the MBR boot loader.
MBR
It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
MBR is less than 512 bytes in size. This has three components 1) primary boot loader info in 1st 446 bytes 2) partition table info in next 64 bytes 3) mbr validation check in last 2 bytes.
It contains information about GRUB (or LILO in old systems).
So, in simple terms MBR loads and executes the GRUB boot loader.
GRUB
If you have multiple kernel images installed on your system, you can choose which one to be executed.
GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS.
boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/boot/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.el5PAE)
root (hd0,0)
kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/
initrd /boot/initrd-2.6.18-194.el5PAE.img</strong></span>
As you notice from the above info, it contains kernel and initrd image.
So, in simple terms GRUB just loads and executes Kernel and initrd images.
Kernel
Mounts the root file system as specified in the “root=” in grub.conf
Kernel executes the /sbin/init program
Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a ‘ps -ef | grep init’ and check the pid.
initrd stands for Initial RAM Disk.
initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware.
Init
Looks at the /etc/inittab file to decide the Linux run level.
Following are the available run levels
0 – halt
1 – Single user mode
2 – Multiuser, without NFS
3 – Full multiuser mode
4 – unused
5 – X11
6 – reboot
Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
Typically you would set the default run level to either 3 or 5.
Runlevel
Depending on your default init level setting, the system will execute the programs from one of the following directories.
Run level 0 – /etc/rc.d/rc0.d/
Run level 1 – /etc/rc.d/rc1.d/
Run level 2 – /etc/rc.d/rc2.d/
Run level 3 – /etc/rc.d/rc3.d/
Run level 4 – /etc/rc.d/rc4.d/
Run level 5 – /etc/rc.d/rc5.d/
Run level 6 – /etc/rc.d/rc6.d/
Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
Programs starts with S are used during startup. S for startup.
Programs starts with K are used during shutdown. K for kill.
There are numbers right next to S and K in the program names. Those are the sequence number in which the programs should be started or killed.
For example, S12syslog is to start the syslog deamon, which has the sequence number of 12. S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program will be started before sendmail.
Shutdown the system after 10 minutes.
shutdown -h +10
Process States
Init process is the first process when linux boots up
pidof systemd
>1
There are 4 states for a process
- Running: running or waiting to be assigned to CPU
- Waiting: : iowait - waiting for io, or just waiting for an event to occur. uninterruptible are ones waiting on hardware
- Zombie: process is dead but its still in process table
Background Jobs
& or ctrl+z
Foreground Jobs
jobs
fg %1
Signals
Signals notify an process of an event. Similar to how a hardware sends kernel interupts. Programs only recognize signals if they are programmed to do so.
Shows all available signals
kill -l
Signal Types:
SIGINT - interupprt
SIGHUP - when controlling terminal is closed without closing. The OS sends sighup
SIGINIT2 - sent when user hits control+c
SIGQUIT - sent when quit signal Ctrl + D
SIGKIll9 - terminates immediately and without out cleaning up
SIGTERM15 - kill uses this by default. Clean shutdown.
SIGTSTP2- - Control z
System Calls
When a program does open, fork, read, write its doing a system call. Its how a program enters the kernel. it instructs the kernel to do something on its behalf. Why doesn’t the user application run itself? Because of ring levels. Users are ring3, kernel is ring0.
Userspace and Kernel space
Processes in user space only have access to small part of memory. Kernel has all. Cannot do io or have a hardware access. Access to kernel space by system calls.
Sends an interupt to kernel if it wasn’t to write a file. Rings are so programs dont interfere with eachother
User Admin
Become system administrator:
sudo -s
sudo su
The accounts capable of using sudo
are specified in /etc/sudoers, which is edited with the visudo utility. By default, relevant logs are written to /var/log/secure.
Switch user
su - user2
argument "-" Provides an environment similar to what the user would expect had the user logged in directly.
Password file syntax
/etc/passwd
* Username: It is used when user logs in. It should be between 1 and 32 characters in length.
* Password: An x character indicates that encrypted password is stored in /etc/shadow file.
* User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
* Group ID (GID): The primary group ID (stored in /etc/group file)
* User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
* Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
* Command/shell: The absolute path of a command or shell (/bin/bash). Typically, this is a shell. Please note that it does not have to be a shell.
System User vs Normal User
System users will be created with no aging information in /etc/shadow, and their numeric identifiers are chosen in the SYS_UID_MIN–SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN–UID_MAX (and their GID counterparts for the creation of groups).On CentOS: Although useradd --system foouser creates no home directory for that user. Service accounts often don't have a "proper" login shell, i.e. they have /usr/sbin/nologin. Moreover, service accounts are typically locked, i.e. it is not possible to login (for traditional /etc/passwd and /etc/shadow this can be achieved by setting the password hash to arbitrary values such as * or x)
Change password
passwd
Change password expiration
chage
chage -E never username (sets to never expire)
Lock user password
usermod -L username
Define default attributes for new users (UID, Password Expiriny, HomeDir)
nano /etc/login.defs
Kill a process
1 HUP (hang up)
2 INT (interrupt)
3 QUIT (quit)
6 ABRT (abort)
9 KILL (non-catchable, non-ignorable kill)
Each process is supplied with a set of standard signal handlers by the operating system in order to deal with incoming signals. When no signal is explicitly included in the command, signal 15, named SIGTERM, is sent by default. If this fails, the stronger signal 9, called SIGKILL
Kill all users processes
killall -u username
Kill all processes by name
killall firefox
pkill -9 firefox
Get process id
pgrep bash
Reload process
sudo kill -HUP pid_of_apache
Display users using file/folder
fuser -u file/folder
Kill processes using file/folder
fuser -k file/folder
Add User
add user user1
Show last logged in
last
last Log
last reboot # shows last reboot
Show users groups
groups {username}
Add User to Sudo
usermod -a -G sudo user1
Change default sudo timeout (in minutes)
add to /etc/sudoers
Defaults timestamp_timeout=<value>
Edit Group Config
Nano /etc/group
cdrom:x:24:vivek,student13,raj
Where, group_name: It is the name of group. If you run ls -l command, you will see this name printed in the group field. Password: Generally password is not used, hence it is empty/blank. It can store encrypted password. This is useful to implement privileged groups. Group ID (GID): Each user must be assigned a group ID. You can see this number in your /etc/passwd file. Group List: It is a list of user names of users who are members of the group. The user names, must be separated by commas.
Variables
echo $PATH #shows path variable
export -p #shows all defined
export MYAPP=1 #sets variable my app to value 1
EDITOR="nano"
Add path to system path
export PATH=$PATH:/usr/local/bin
Print usernames of logged in users:
users
Write one line to another user from your terminal:
talk
show info on current user
id
show all users and host where logged in from
who -umH
To temporarily prevent logins system wide (for all users but root) use nologin. The message in nologin will be displayed (might not work with ssh pre-shared keys).
echo "Sorry no login now" > /etc/nologin
Hardware
Print full date and time:
date
Print the hostname of this machine:
echo $HOSTNAME
Print the default file permissions(subtract from 777):
echo $umask
Print the session timeout:
echo $tmout
Print information about current linux distro:
lsb_release -a
cat /etc/*-release
cat /proc/version
Print linux kernel version:
uname -a
Print information about kernel modules:
lsmod
Configure kernel modules (never do this):
modprobe
Look for messages from drivers:
dmesg
View Installed packages:
dpkg --get-selections
Print environment variables:
printenv
List hardware connected via PCI ports:
lspci
List hardware connected via USB ports:
lsusb
Print hardware info stored in BIOS:
dmidecode
sysreport
Dump captured data off of wireless card:
dumpcap
Dump info about keyboard drivers:
dumpkeys
Print information about ethernet
ethtool
Make a bootable USB
dd if=efidisk.img of=/dev/usb (usb device name)
Make a swap file
dd if=/dev/zero of=/opt/myswap bs=1024 count=4
mkswap /opt/myswap
swapon -a
For adding this myswap at boot time, add following in /etc/fstab file:
/opt/myswap swap swap defaults 0 0
Show default kernel
grubby –default-kernel
Modify kernel parameters
nano /etc/sysctl.conf
Backup & Restore MBR
To backup: dd if=/dev/sda of=/tmp/mbr.img_backup bs=512 count=1
To restore: dd if=/tmp/mbr.img of=/dev/sda bs=512 count=1
The MBR is a 512 byte segment on the very first sector of your hard drive composed of three parts: 1) the boot code which is 446 bytes long, 2) the partiton table which is 64 bytes long, and 3) the boot code signature which is 2 bytes long.
Sync NTP time
sudo service ntp stop
sudo ntpdate -s time.nist.gov
sudo service ntp start
Show Memory information
cat /proc/meminfo
Show number of cores
lscpu
Hardware Info
cat /proc/cpuinfo # CPU model
cat /proc/meminfo # Hardware memory
grep MemTotal /proc/meminfo # Display the physical memory
watch -n1 'cat /proc/interrupts' # Watch changeable interrupts continuously
free -m # Used and free memory (-m for MB)
cat /proc/devices # Configured devices
lspci -tv # Show PCI devices
lsusb -tv # Show USB devices
lshal # Show a list of all devices with their properties
dmidecode # Show DMI/SMBIOS: hw info from the BIOS
An inode stores basic information about a regular file, directory, or other file system object
iNode number also called as index number, it consists following attributes:
File type (executable, block special etc)
Permissions (read, write etc)
Owner
Group
File Size
File access, change and modification time (remember UNIX or Linux never stores file creation
time, this is favorite question asked in UNIX/Linux sys admin job interview)
File deletion time
Number of links (soft/hard)
Extended attribute such as append only or no one can delete file including root user
(immutability)
Access Control List (ACLs)
Show inodes of files and folders
ls -i
stat
Find where a commmand is executed from
which
ie: which python > /usr/bin
list directories and recurse into subdirectories
ls -r
Find files bigger than 100m
find . -size +100M
Find largest directories in current directory
du -hs */ | sort -hr | head
Find files created within last 7 days
find . -mtime -7
Find files accessed within last 7 days
find . -atime -7
Find Disk Usage by Directory
du -sh /home/*
#Using the -c option with the du command will show the grand total of used space for the designated directory
lsblk #find drive which is not mounted
sudo mkfs -t ext4 /dev/xvdf #makes file system on /dev/xvdf)
(or sudo mkfs -it xfs /dev/xvdf #makes file system on /dev/xvdf)
sudo mkdir /mnt/my-data #make a mount point
sudo mount /dev/xvdf /mnt/my-data #mount device
Show Physical Volumes
pvdisplay
Create Volume Group
A group of physical volumes or disks are combined together into a single storage file which is referred to as the LVM volume group.
0 - Striped set without parity or Striping
1 - Mirrored set without parity or Mirroring
0+1 - (increased speed) arrays are created and they are each mirrored via an overall RAID 1 (data backup) array. By definition, this configuration requires at least 4 drives.
5 - Provides both backup and increased speed. Additionally, a RAID 5 array can continue normally operating if one of its drives fails. The performance speed of the array will be reduced until the failed drive is replaced, but no data loss would occur. This array requires a minimum of 3 drives.
1+0 Mirrors two drives together and then creates a striped set with the pair.
Mount a new file system
fdisk /dev/hda1 #create new partision
mkfs /dev/hda1 #create file system
mount -a # causes all filesystems mentioned in fstab to be mounted
Define boot disk
cat /etc/fstab
# UUID=9246707a-30ab-47be-b78f-bb7b24a459a8 / ext4 defaults 1 1
# ext4= filesystem , defaults = mount on boot
Copy hello.txt from local computer to remote home directory
scp hello.txt awshost1:~/
Copy hello.txt from local to remote home directory, renaming it foo.txt
scp hello.txt awshost1:~/foo.txt
Copying ~/foo.txt from the remote computer to the current local director
scp awshost1:~/foo.txt .
Copying ~/foo.txt from remote to local directory cc, renaming it a.b
scp awshost1:~/foo.txt cc/a.b
Compress a directory
tar -zcvf archive-name.tar.gz directory-name
-c = create
-f = following is archive name
-v = verbose
-z = gzip
To append file to archive
tar rvf archive_name.tar new file.txt
Encrypt a file:
gpg -o [outputfilename.gpg] -c [target file]
Decrypt a file:
gpg -o [outputfilename] -d [target.gpg]
Uncompress file
unzip filename.zip
Open a compressed .tgz or .tar.gz file:
tar -xvf [target.tgz]
tar -xvf —strip-components 1 # extracts without its parent folder
tar -xvf -C # extracts to a different directory
Find Files
Find . -name http*
Find all files not owned by root:
find . \! -user root -print
Find all files not with permissions 644:
find . \! -perm 644 root -print
Find files matching [filename]:
locate [filename]
Show a file type
file image.jpg
Show uncommented items in config files
grep -v "#" file.conf
Search for a given string in all files recursively
grep -r "ramesh" *
View the differences between two files:
diff [file 1] [file 2]
Change File Permissions
chmod 775 filename
chmod o+r file.txt # o=other +=add r=read
7 = Read + Write + Execute
6 = Read + Write
5 = Read + Execute
4 = Read
3 = Write + Execute
2 = Write
1 = Execute
0 = All access denied
First number is for the owner, second for the group, and third for everyon
r: read only the names of the files in the directory
w: create and delete of the files in the directory
x: traverse the directory
Permissions On files
r: open a file for reading (e.g. with the cat command)
w: write a file (e.g. use sed -i (inplace) on it)
x: execute a file
It is important to note that a script can be executed even by a user who doesn’t have the execute permission on it. Passing a python script path to the python executable will cause python to open the file for reading and then interpret it. So it is not safe to rely on the executable permission for security. This goes for php, perl, ruby, javascript, etc, etc
客服电话
APP下载
官方微信
请发表评论