Tuesday, August 24, 2010

Basic file permitions

*The linux file has 8 attributes which are listed with (ls -l or ll) commands.
-rw-r--r--1 root root 1230 Feb 12 15:20 raj.doc

1st field

Types

- files
d directories
l links
p processfile
s socket files
b block devices
c character devices

2nd field.
rwx  owner

3rd field.
rwx group

4th field.
rwx others

Ex.  -     rwx    rwx    rwx   1 root root 1230 Feb 12 15:20 raj.doc
   (type)(owner)(group)(others)


Permition access mode.

             File                              Directory

r --> To display contents of a file.      To list contents of a dir.(Read only)

w --> To create or append a file.         To create file’s & directories.(Read & Write)

x --> To execute a file.                  To execute to a directory.


File Permition Mode.

Permitions
1) Symbolic mode -- rwx
2) Absolute mode -- 421

*Defoults file permition.

1) When a file created with the help of cat, touch, vi will get the permissions as 644.
EX.-->  - rw- r-- r--

2)Actually in the basic UNIX system when a file is created it gets the permission as 666.

3)But this lapses in security, so when ever a file is created in UNIX system it masks some
  bits,with a mask value of 022.

4)After masking we get the default value of a file as
  644. [666 – 022 = 644]

5) 022 is as the UMASK value.



*Default directory permitions.

1)When a directory is created with the help of mkdir will get the permissions as 755.
  d rwx r-x r-x


2)Actually in the basic UNIX system when a directory is created it gets the permission as 777.
  But this lapses in security,so whenever a directory is created in UNIX system it masks some
  bits,with a mask value of 022.


3)After masking we get the default value of a file as
  777. [777 – 022 = 755]

4)022 is as the UMASK value.


###############################################################

1)To view the umask value.
#umask

2)To view the umask value into file.
#vim /etc/bashrc

3)To create file.
#touch 123
#ll 123
-rw-r--r-- 1 root root 0 Feb 12 08:18 123
 (6  4  4) After umask value.

4)To create Directory
#mkdir ram
#ll
drwxr-xr-x 2 root root  4096 Feb 12 08:21 ram
 (7  5  5) After umask value.

##############################################################


chmod Command

1)chmod command is used to change the permissions of a file/directory.

2)chmod can be used by the owner of the file or by root.

3)With chmod command we can assign permission’s or remove permissions as required.

4)Permission parameters used with chmod command

Category    u g o
Operators   + - =
Permissions r w x
Weight      4 2 1

Applying permission to Owner (u), Group (g) & Others (o) for File1

Applying permission to File or Directory

#chmod (permitions) (file/derectory)

################################################################

*Example of Permission - Absolute.

#touch 123
#ll
-rw-r--r-- 1 root root     0 Feb 12 08:18 123

*To change the value.

#chmod 777 123
-rwxrwxrwx 1 root root     0 Feb 12 08:18 123

#chmod 766 123
#ll
-rw-rwxrwx 1 root root     0 Feb 12 08:18 123

##############################################################

*Example of Permission - Symbolic

#touch text
-rw-r--r-- 1 root root     0 Feb 12 08:31 text

1)change group permition.(+)
#chmod g+w text
-rw-rw-r-- 1 root root     0 Feb 12 08:31 text

2)change user permition.(-)
#chmod u-w text
-r--rw-r-- 1 root root     0 Feb 12 08:31 text

3)change others permition.(=)
before.
-r--rw-r-- 1 root root     0 Feb 12 08:31 text
After = permition.
#chmod o=rx text
-r--rw-r-x 1 root root     0 Feb 12 08:31 text

Advanced File Permitions

1)SUID

2)SGID

3)STICKY BIT



###################### SUID. #############################



1)SUID stands for Set User ID.



2)SUID allows applications to run by normal user with privileges of root user.



3)That means in case I have an application (eg.ping) whose owner is 'root' and it has its SUID bit

set, then when I run this application as a normal user, that application would still run as root.



4)By default the SUID will be applied on ping so that the normal users will also can ping to other

systems.





Implement SUID.



1)Impliment the SUID on ping.

#chmod 4755 /bin/ping



By this command we stop the normal users to ping the other machines.

-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping



2)To remove the SUID.

#chmod 0755 /bin/ping

-rwsr-xr-x 1 root root 35864 Dec 21 2006 ping



EX.



1)To create directory.

#mkdir /vikas



2)To implement the SUID on /vikas directory.

#chmod 4755 /vikas

#ll /

drwsr-xr-x 2 root root 4096 Feb 12 12:15 vikas



3)create users.

#useradd u1

#useradd u2

#passwd u1

#passwd u2



4)login by the users & go to /vikas directory.

#su - u1

u1$cd /vikas

u1$touch 11

touch: cannot touch `11': Permission denied



"That mince normal users can not create the file into /vikas directory."



5)To remove the SUID.

#chmod 0755 /vikas



######################## SGID ###########################



*SGID is used for group inheritance.

when SGID is applied to a directory, all sub directories & files created by any user in that particular directory would be owned by the specified group, regardless of userĂ¢€™s group.



1)To create directory.

#mkdir /sales



2)To implement the SGID on /vikas directory.

#chmod 2755 /sales

#ll /

drwxr-sr-x 2 root root 4096 Feb 12 12:32 sales



3)create users.

#useradd u1

#useradd u2

#passwd u1

#passwd u2



4)create group.

#groupadd sales



5)Add users into the group.

#gpasswd -a u1 sales

Adding user u1 to group sales



#gpasswd -a u2 sales

Adding user u2 to group sales



6)To check.

#tail /etc/group

sales:x:502:u1,u2



7)To login by user.

# su - u1

u1$cd /sales

u1$touch 22

touch: cannot touch `22': Permission denied



*That mince users can not create the files in /sales directory because they are in sales group.

we apply the SGID on /sales directory. If users are not in the sales group so he can create the files into the sales directory.



####################### STICKY BIT ##########################


sticky bit :- It is used to secure files. The files from the sticke bit

directory can be deleted by the owner of the file only.



# chmod o+t /test # chmod 1777 /test



# chmod o-t /test # chmod 777 /test



How to do :->



# mkdir /test

# chmod 777 /test

# chmod 1777 /test

Disk Managment (Partitioning)



1) Partition is a part of hard disk which is to be utilized for a different

cause than it's neighbouring partition.



2) Partition is "Hardware" since it comes from a hard disk which is a

hardware . Basically anything can be holded in hands is a hardware

, and as hard disk could be , hard disk and hence partition is a h/w.



3) Partitions could be further subdidvided into two types -:



i) Primary Partitions -> It is an actual partition which can be given a

label and can be used for some purpose. There can be max 4 primary

partitions on a hard disk ( limitations of BIOS which was first

inroduced by IBM and all other personal computers are it's clones.



ii) Extended Partition -> This is ideally not a partition but a concept

that can be further divided into logical partitions which can be

further given labels and used for some purpose.



4) Only 1 extended partition can be created from a hard disk which can be

further sub divided to 64 logical volumes ( partitions ) . Windows

allows only 21 logical partitions.



Max. Number of logical volumes also depends on motherboard . In some

cases only 16 logical volumes are allowed from an extended partition.



5) Windows can oly be installed on an primary , active partition.



6) Drive in Windows = Filesystem in Linux



7) Normally the important directories which if filled could hamper the

functioning of system are made a totally different filesystem on a

different partition in linux.



Normally , the various directories which are given different partitions

are /boot , / , /home , /tmp , /var , /usr .



For eg. -> /home is the directory in which all users have their home

directories , if there is no quota policy for users in place , in

case they dump more and more data in their home directories and if

/home is not in another partition , all data will be going into the

"/" directory and ultimately it gets filled up . This will make the

system slow and ultimately system may hang and will give problems

later while booting.Even the root user will not be able to login

because his home directory ( /root ) is in / directory which is

already full.



To slove above problem , root user can login from linux rescue mode

and try to do the cleanup.



8) 'df' is command used to see all filesystems present on the system and

being used by linux kernel and their current usage.



df -h gives the output in human readable form ( in MB's )



For eg. -> df -h

Filesystem Size Used Avail Use% Mounted on

/dev/hda7 950M 116M 786M 13% /

/dev/hda6 99M 9.2M 85M 10% /boot

none 109M 0 109M 0% /dev/shm

/dev/hda10 950M 17M 885M 2% /tmp

/dev/hda12 8.3G 4.5G 3.5G 57% /usr

/dev/hda11 950M 263M 639M 30% /var

/dev/vg/lv 465M 8.1M 433M 2% /home



9) Minimum 3 partitions required for a successful installation
/boot , / , swap



10) 7 Partitions required for a successful and efficient linux installation
/boot , / , /home , swap , /tmp , /var , /usr



11) For getting an optimum performance from a system , no partition should

be filled more than 82% of it's size.



12) Partition can be done in order to use the free space, to install

multiple OS, to format HDD with multiple file systems etc



13) LOGICAL FILE SYSTEM:

for windows - FAT16, FAT32 and NTFS

Linux - ext2 and ext3

################################################################

How to Partitioning,Formating & Mounting. 
How to create swap partition?




1. To view partition table

# fdisk -l



2.To create new partition

# fdisk

Suppose we have created /dev/hda9 partition.



3.To update partition table to kernel without rebooting

# partprobe



4.To format partition table with file system ext2 and ext3



# mkfs.ext2

# mkfs.ext3

eg.

# mkfs.ext3 /dev/hda9



5.To mount partition table on mount point(on created directory)

# mount

eg.

# mount /dev/hda9 /linux



MOUNTING : Means creating a link between physical and logical file system

in order to access partitions through mount point.



6.To umount partition

# umount

eg.

# umount /linux



7.To mouint file system permentatly # vi /etc/fstab



/dev/hda9 /linux ext3 defaults 0 0

8.Convertiting file system from ext2 -> ext3

# tune2fs -j

eg.

# tune2fs -j /dev/hda9



9.Converting file system from ext3 -> ext2
# tune2fs -O^has_journal

eg.

# tune2fs -O^has_journal /dev/hda9



10.To assign a lable

# e2lable

eg.

# e2lable /dev/hda9 /songs



11.To view existion lable

# e2lable

eg.

# e2lable /dev/hda9

/songs



================= SWAP PARTITION ===============

We create a swap partition for a support to ram. In case If ram is a full that time
the swap partition is active.

12.TO make partition a swap partition

# mkswap



13. To enable swap partition

# swapon /dev/hda9



14.To view status of swap partition

# swapon -s



15.To disable partition

# swapoff

#################################################

LVM

1. Logical Volume Manager is the esier way to manage hard disk by resizing

logical volumes.

2. The LVM2 packge is used for kernel 2.6.

3. In LVM structure there are three levels of organisation :-

physical volume - volume group - logical volume

4. Linux LVM partition has 8e code.

5. The physical partitions i.e. physical volumes turns into volume groups

that then turns into logical volumes.

This logical volumes are assigned mount points and file system types

like ext2, ext3.

When "partitions" reach their full capacity, free space from the volume

group can be added to the logical volume to increase the size of the

partition. When a new hard drive is added to the system, it can be added

to the volume group,and partitions that are logical volumes can be

increased in size.



#############################################



STEPS TO CONFIGURE LVM :



# Creating Physical Volumes

# Creating Volume Groups

# Creating Logical Volumes and assigning mount points.

# Resizing VG and LVs.

# Removing PV, VG and LVs.

# Monitoring PV, VG and LVS.





######## LOGICAL VOLUME MANAGER CONFIGURETION #######



1)To create the partition.

#fdisk /dev/sda

#partprobe /dev/sda



2)To create the PV (physical volume)

# pvcreate /dev/sda9 /dev/sda10 /dev/sda11

Physical volume "/dev/sda9" successfully created

Physical volume "/dev/sda10" successfully created

Physical volume "/dev/sda11" successfully created



3)To check PV

#pvdisplay



4)To create the VG (volume group)

#vgcreate india /dev/sda9 /dev/sda10 /dev/sda11

Volume group "india" successfully created



5)To check VG

#vgdisplay



6)To create the LV (logical volume).

#lvcreate -L 20m india -n mumbai

#lvcreate -L 20m india -n chennai

#lvcreate -L 20m india -n dehli



7)To check LV.

#lvdisplay



8)To extend the VG.

#fdisk -l

#fdisk /dev/sda

#partprobe /dev/sda

#pvcreate /dev/sda12

Physical volume "/dev/sda12" successfully created

#vgextend india /dev/sda12

Volume group "india" successfully extended



9)To resize the LV.

#lvresize -L +50m /dev/india/mumbai

Rounding up size to full physical extent 52.00 MB

Extending logical volume mumbai to 72.00 MB

Logical volume mumbai successfully resized



10)To check the LV by mounting.



1)To create mount point.

#mkdir /mumbai

#mkdir /chennai

#mkdir /delhi



2)To format the LV.

#mkfs.ext3 /dev/india/mumbai

#mkfs.ext3 /dev/india/chennai

#mkfs.ext3 /dev/india/delhi



3)To mount on mount point.

#mount /dev/india/mumbai /mumbai

#mount /dev/india/mumbai /chennai

#mount /dev/india/mumbai /delhi



4)To check.

#mount

/dev/mapper/india-mumbai on /mumbai type ext3 (rw)

#umount



11)LV Remove.

#lvremove /dev/india/mumbai

Do you really want to remove active logical volume "mumbai"? [y/n]: y

Logical volume "mumbai" successfully removed

#lvremove /dev/india/chennai

#lvremove /dev/india/delhi



12)VG Remove.

#vgremove india

Volume group "india" successfully removed



13)PV Remove.

#pvremove /dev/sda9 /dev/sda10 /dev/sda11 /dev/sda12

Labels on physical volume "/dev/sda9" successfully wiped

Labels on physical volume "/dev/sda10" successfully wiped

Labels on physical volume "/dev/sda11" successfully wiped

Labels on physical volume "/dev/sda12" successfully wiped



14)To update the logical volume with kernel.

#resize2fs /dev/share/mkt

Yum Configuretion

Why to use YUM ? Why not RPM ?
The rpm command-line utility has many functions for working with
individual RPM packages. You may use it to manually install and remove packages from your system. If you install software with the rpm utility, you must
manually check and install any dependencies. For this reason, pirut and yum are the recommended methods for installing software.
#####################################################

What YUM does ?
Use the yum utility to modify the software on your system in four ways:
· To install new software from package repositories
· To install new software from an individual package file
· To update existing software on your system
· To remove unwanted software from your system
####################################################
/etc/yum.conf <----- Configuration File
/etc/repos.d/ <----- Repository directory
####################################################


How to setUP local YUM repository ?

1. Mount rhel5 DVD
# mount /dev/hdb /mnt

2. Install vsftpd package
# rpm -ivh vsftpd-2.0.5-10.el5* --force --aid

3. Copy complete DVD into /var/ftp/pub directory.
# cd /mnt
# cp -rf * /var/ftp/pub

# mv /var/ftp/pub/Server/repodata /tmp

# mkdir /tmp/VT
# mv /var/ftp/pub/VT/repodata /tmp/VT

4. To Create repomd (xml-rpm-metadata) repository
# cd /mnt
# rpm -ivh createrepo-0.4.4-2.fc6.noarch.rpm --force --aid
# createrepo -g /tmp/repodata/comps-rhel5-server-core.xml /var/ftp/pub/Server
# createrepo -g /tmp/VT/repodata/comps-rhel5-vt.xml /var/ftp/pub/VT
# createrepo /var/ftp/pub/images

5. Start the ftp service
# service vsftpd restart

6. To configure repo file.
# cd /etc/yum.repos.d/
# cp rhel-debuginfo.repo base.repo

7. To configure base.repo file
# vi base.repo
[base]
name=server data
baseurl=ftp://192.168.0.254/pub/Server
gpgcheck=0

8. # cp base.repo base1.repo base2.repo
# vi base1.repo
[base1]
name=server data
baseurl=ftp://192.168.0.254/pub/VT
gpgcheck=0

# vi base2.repo
[base2]
name=server data
baseurl=ftp://192.168.0.254/pub/images
gpgcheck=0

IPTABLES (Firewall)

###################### IPTABLES ########################

*NATING = network address translation.

*PATING = port address translation.

*What is Routing
ANS :- forwarding the packet from 1 interface to another interface.

Postrouting - After routing change the source ip address.
              To hide the internel network (Dnat).

Prerouting - Before routing change the destination ip address.(Snat)

INPUT Chain - To configure in filter tables.

Targets --> ACCEPT,DROP,REJECT.
            drop - no acknoledgement
            reject - get acknoledgement.

icmp - internet control messege protocol.

#######################################################

1)To Configure the iptables command is.
#iptabls

                            Filter               NAT                            Mangle

                        INPUT           PREROUTING                 INPUT

CHAINS:-      OUTPUT        POSTROUTING              OUTPUT

                       FORWARD        OUTPUT                  PREROUTING

                                                                                    POSTROUTING
  
                                                                                    FORWARD

########################################################

1)To apply the rules.
ACCEPT,DROP,REJECT.

-L --> To listening
-A --> To append
-p --> Protocol
-j --> To jump
-F --> To flush

2)To check whether the rule is applied or not.
#iptables -L

3)To remove the previous rules.
#iptables -F

4)To remove the rule.
#iptables -D

5)To insert a rule.
#iptables -I


6)To install the rules.

1)(ping)input traficc block.
#iptables -A INPUT -p icmp -j DROP/reject

2)To block perticuler matchine.    
#iptables -A INPUT -p icmp -s 10.0.0.1 -j DROP/reject

3)To allow 1 matchine & block other all traffic.
#iptables -A INPUT -p icmp -s ! 10.0.0.1 -j DROP/reject

4)To block http service.
#iptables -A INPUT -p tcp --dport 80 -j DROP/reject

7)To set the iptables rules Permanent.
first set the rules.
#service iptables save

8)To delet the set rules.
#rm /etc/sysconfig/iptables

9)To remove a rule from the chain.
#iptables -D INPUT 1 -t filter

################### END #########################

NFS Server Configuretion

################### NFS ###################################

Requirements
• Packages
  portmap-4.0-63.i386.rpm
  nfs-utils-1.0.6-46.i386.rpm
• Port Numbers
  2049       Nfsd
  111        Portmap
• Configuration File
  /etc/exports
• Service
  portmap
  nfs
• Daemons
  nfsd
  mountd
  statd
  lockd


1)To install packages.
#rpm -ivh portmap-4.0-63.i386.rpm
#rpm -ivh nfs-utils-lib-devel-1.0.8.i386.rpm

2)to create directory.
# mkdir /share

3)to export directory.
#vim /etc/exports
/share *(rw,sync)    -- sync --> syncronisation.
or
/share 10.0.0.0/255.0.0.0(ro,sync)
or
/share 10.0.0.0/255.0.0.0(ro,async)

4)to restart the services.
#service portmap restart
#service nfs restart

5)To check nfs server.
#showmount -e
#showmount -e 10.0.0.1


#####################################################################


Configuring Client

1)Create Mount point on client
#mkdir /nfs

2)Mount remote shared filesystem on local mount point
#mount 10.0.0.1:/share /nfs
#cd /nfs



###################### Advanced Practical #############################




*To share the nfs server for different networks.

1)To assigne the virtual IP.
2)export the directory & assigne the permitions.
3)restart the service.
4)Try to connect from client side.


*To assigne the virtual IP.
#netconfig --device eth0:1
10.0.0.2 255.0.0.0

*Restart the service.
#service network restart

*To configure the export file.
#vim /etc/exports

/share 10.0.0.3/8(ro,sync)

/share 10.0.0.0/8(rw,sync)

/reliance 192.168.1.0/24(rw,sync)

*To create the directory.
#mkdir /reliance
#chmod 777 /reliance/

*To restart the service.
# service portmap restart
#service nfs restart

*To check.
#exportfs -rav



############## Client side configuretion.##########################

*To check from clientside.
#showmount -e (server IP)
#showmount -e 10.0.0.2
*To create the directory.
#mkdir /mount

*To mount the export directory by server.
#mount 10.0.0.2:/reliance /mount

*Directory should be mount but that directory is a read-only.


###################### END ###############################

Live DNS Setup

########## LIVE DNS SETUP WITH WEB SERVER ###############

1)hostname configuretion file.

#vim /etc/sysconfig/network



2)To assign hostname temp.

#hostname server1.example.com



3)To install packages.

#rpm -ivh bind* --force --aid

#rpm -ivh caching-nameserver-9.3.3-7.el5.i386.rpm



4)DNS configuretion file



#vim /var/named/chroot/etc/named.conf



options {

directory "/var/named";

};





zone "example.com" IN {

type master;

file "example.for";

};



zone "0.168.192.in-addr.arpa" IN {

type master;

file "example.rev";

};





5)Go into this path.

#cd /var/named/chroot/var/named/



6)Copy the file

#cp localhost.zone example.for



7)Copy the file

#cp named.local example.rev



8)To change the owenership.

#chown named.named example*



9)To configure the file(.for)

#vim example.for



$TTL 86400

@ IN SOA server1.example.com. root (

                                                          42 ; serial (d. adams)

                                                          3H ; refresh

                                                          15M ; retry

                                                          1W ; expiry

                                                          1D ) ; minimum



IN       NS      server1.example.com.


server1     IN    A   192.168.0.1

server2     IN    A   192.168.0.2

server3     IN    A   192.168.0.3 --------> (windows machine)

www        IN    CNAME   server1





10)To configure the file(.rev)

#vim example.rev



$TTL 86400

@ IN SOA server1.example.com.                               root.server1.example.com. (

                                                                                   1997022700 ; Serial

                                                                                   28800 ; Refresh

                                                                                   14400 ; Retry

                                                                                   3600000 ; Expire

                                                                                   86400 ) ; Minimum

IN     NS     server1.example.com.



1       IN      PTR     server1.example.com.

2       IN      PTR     server2.example.com.





11)To configure the file.

#vim /etc/resolv.conf

nameserver 192.168.0.6



12)To restart the srvice.

#service named restart



13)To check.

#host server1.example.com

server1.example.com has address 192.168.0.6



14)To check.

#host 192.168.0.2

2.0.168.192.in-addr.arpa domain name pointer server2.example.com.



15)client side.

#dig (server name)

#dig -x (ip)





############### WEB SERVER CONFIGURETION ####################





1)Matchine name.

#hostname server1.example.com

#vim /etc/sysconfig/network

HOSTNAME= server1.example.com



2)Matchine IP.

192.168.0.1



3)To install package.

#rpm -ivh httpd* --force



4)Open configuretion file.

#vim /etc/httpd/conf/httpd.conf



LINE NO-250

ServerAdmin root@server1.example.com



LINE NO-264

ServerName www.example.com:80

LINE NO-280

DocumentRoot "/var/www/html"

LINE NO-305


LINE NO-390

DirectoryIndex index.html index.html.var



5)To create a html file.

#vim /var/www/html/index.html



6)To restart the service.

#service httpd restart



7)To open the file.

# vim /etc/hosts

192.168.0.253 www.example.com



8)To check the page.

open the firefox & check.



###############################################################



From windows client machine.

Machine Name --> server3

My network place --> Property --> Tcp/IP --> Property --> DNS 192.168.0.2
 
##################### END ##################################### 

Mail Server Configuretion

############## TO configure the sendmail.##############

1)To assigne the hostname.
mail.example.com

2)To configure the DNS Mster server.
#rpm -ivh bind* --force

3)Open the configuretion file.
#vim /var/named/chroot/etc/named.conf

options {
     directory "/var/named";
};

zone "example.com"{
   type master;
   file "example.for";

4)Copy the file
#cp /usr/share/doc/bind-9.3.3/sample/var/named/localdomain.zone /var/named/chroot/var/named/example.for

5)To open the file.
#vim /var/named/chroot/var/named/example.for
$TTL    86400
@               IN SOA  mail.example.com. root (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
                IN NS           mail.example.com.
                IN MX 14        mail.eample.com.
mail            IN A            10.0.0.1

6)To restart the service.
# service named restart

7)To check.
#dig mail.example.com
#dig -t MX example.com

################# To confgure sendmail.################
1)To install the package.
#rpm -ivh sendmail* m4* --force

2)To open the configuretion file.
#vim /etc/mail/sendmail.mc
LINE NO-116
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
To comment this line.

LINE NO-155
LOCAL_DOMAIN(`mail.example.com')dnl

3)To compile the sendmail.mc file.
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

4)To restart the service.
#service sendmail restart

5)To open the /etc/hosts file
#vim /etc/hosts
127.0.0.1       localhost.localdomain   localhost    mail.example.com     mail

MAIL SERVER configuretion is over.

6)To create user.
#useradd u1
#useradd u2
#useradd u3
#passwd u1
#passwd u2
#passwd u3

*SQUERREL MAIL configuretion.

1)To install the packages.
squirrelmail*
dovecot*
curl*
php*
perl*
cyrus*
httpd*

2)Restart the following servicec.
# service httpd start
#service dovecot start
#service cyrus-imapd start
#service saslauthd start

To client side configuretion.
#vim /etc/resolve.conf
nameserver 10.0.0.1(webmail server ip)

User & Group Administration

########## USER, GROUP ADMINISTRATION. ##########

*Unix/Linux is multi user and multi tasking OS.
*Scheme :-
  #User always get created with primary group
  # One Primary Group per User

*When a user is created in Linux :--
--> home directory ( /home/username)
--> mail account     (/var/spool/mail/username)
--> unique UID & GID

*Types of Users.
System Users--> 0 — 499
Normal Users--> 500 — 60,000

User and Group Administration Database Files.
#/etc/passwd
root:x:0:0:root:/root:/bin/bash
u1:x:500:500::/home/u1:/bin/bash

#vim /etc/passwd
    u1:x:500:500:prog:/home/u1:/bin/bash
    |  |  |   |    |      |        |
    1  2  3   4    5      6        7

    Discription : -

    1. First field     : - Login name of the User
    2. Second field    : - Clear text encrypted password
                            Note: In case if shadowing is enabled it always denotes a
                            "x" which means the password is stored in /etc/shadow file
    3. Third field     : - User id which is unique to every user
    4. Fourth field    : - Group id which is unique to every group
    5. Fifth field     : - Comments i.e. user related info like Full Name, Office Add.,Off. No., Home No.
    6. Sixth field     : - Home directory
    7. Seventh field   : - Login shell
################################################################

#/etc/shadow
root:$1$d.MWHOEJ$zeLZ2sfTBhNVVWxzpwoAv/:14281:0:99999:7:::
u1:$1$SIOUwX2W$VO/QJmvEp13mlZ9E5B/EP1:14285:0:99999:7:::

#vim /etc/shadow
    u1: hjkadfhs8974uyh5jrt/ :13536:0:99999:7: : :
    |           |               |   |   |   | | | |
    1        2               3   4   5   6 7 8 9

      Discription : -

        1. First field     : - Login name of the User.
        2. Second field    : - Clear text encrypted password.
        3. Third field     : - Number of days since January 1 1970, when the password was last changed.
        4. Fourth field    : - Minimum number of days gap before a password can be changed again.
        5. Fifth field     : - Maximum number of days for the validity of a password.
        6. Sixth field     : - Warning for password expiry to be given before the stipulated number of days.
        7. Seventh field   : - Number of days after the expiration of password that the account should be disabled.
    8. Eight field     : - Number of days since 1 January 1970, the account is disabled.
    9. Ninth field     : - Reserved field.

###############################################################

#/etc/group
root:x:0:root
u1:x:500:

/etc/group
    u1:x:500:sachin,tom
    |  |  |     |
    1  2  3     4

    Discription :-
    1. Group Name
    2. Shadow passwd
    3. GID
    4. Groupmembers



###################### NEW USERS ###############################

*To create new users.

1)To change UID.
#useradd -u 501 u1
#passwd u1

2)To change primary group.
#useradd -g 501 u2
#passwd u2

*If we change & overwrite the group id so that
should be existed.

3)To overwrite.
#useradd -u 700 -o lax
#usermod -g 700 -o u3

4)To change secondary group.
#useradd -G 700 lax2
#usermod -G 700 lax3

5)To insert the comment.
#useradd -c "pranay" u4
#usermod -c "vijay" u3

6)To change the home directory.
#useradd -d /vikas u4
#usermod -d /vikas u3


7)To change the shell.
#useradd -s /bin/csh u1
#passwd u1
To check.
#tail /etc/passwd
u1:x:561:562::/home/u1:/bin/csh

##################### MODIFY USERS #############################

To modify the existing users by "usermod" command.

1)To modify the user login name.
#usermod -l vikas u1
            (N.N) (O.N)
N.N- new name.
O.N- old name.

To check.
# tail /etc/passwd
vikas:x:561:562::/home/u1:/bin/csh

2)To lock the account.
#usermod -L u1

3)To unlock the account.
#usermod -U u1

4)To change the comments.
#usermod -c "laxman" u1
#tail /etc/passwd
u1:x:561:562:laxman:/home/u1:/bin/csh

5)To modify the shell.
#usermod -s /bin/bash u1
#tail /etc/passwd
u1:x:561:562:laxman:/home/u1:/bin/bash

6)To change the UID.
#usermod -u 600 u1
#tail /etc/passwd
u1:x:600:562:laxman:/home/u1:/bin/bash

7)To change the GID with other existing users GID .
#usermod -g 560 u1
#tail /etc/passwd
raj:x:560:560::/home/raj:/bin/bash
u1:x:600:560:laxman:/home/u1:/bin/bash

8)To change the home directory.
#usermod -d /home/u1 u2
#tail /etc/passwd

Before modify the home directory.
u2:x:601:601::/home/u2:/bin/bash

After modify the home directory.
u2:x:601:601::/home/u1:/bin/bash


################### T0 DLETE A USER  ##############################


To Delet the user without home directory.
#userdel u1

To Delet the user with home directory.
#userdel -r u1
-r --> recursively.

##################################################################

*To change user setting.
#chage u3
Changing the aging information for u3
Enter the new value, or press ENTER for the default

        Minimum Password Age [0]:
        Maximum Password Age [99999]:
        Last Password Change (YYYY-MM-DD) [2009-02-09]:
        Password Expiration Warning [7]:
        Password Inactive [-1]:
        Account Expiration Date (YYYY-MM-DD) [1969-12-31]:



############### GROUP ADMINISTRATION ########################


1)To create a group.
#groupadd sales

2)To change the GID on new group.
#groupadd -g 700 mkt

3)To check.
#tail /etc/group
sales:x:602:
mkt:x:700:

4)To override.
#groupadd -g 800 -o admin
#tail /etc/group
sales:x:602:
mkt:x:700:
admin:x:800:

*To modify the group.

1)To modify the existing group.
#groupmod -g 610 sales
#tail /etc/group

Before.
sales:x:602:
After.
sales:x:610:

2)To change the groupname.
#groupmod -n marketing mkt
             (N.N)    (O.N)
#tail /etc/group

Before.
mkt:x:710:
After.
marketing:x:710:

3)To add user into group.

Add single user.
#gpasswd -a u3 admin
Adding user u3 to group admin

Add multyple users.
#gpasswd -M u4,u5 admin

To check.
#tail /etc/group
admin:x:800:u4,u5,u3

To delet a user from group.
#gpasswd -d u3 admin
Removing user u3 from group admin
You have new mail in /var/spool/mail/root

#tail /etc/group
admin:x:800:u4,u5

*To Delet a group.
# groupdel sales
################## END #########################