Features:
1. The ability to restrict/control access to files
Note: 10 bits represent permissions for files (including directories)
Note: use 'ls -l' to examine permissions or GUI application like 'Nautilus'
-rwxrwxr-x 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
1st bit = file type. '-' = file, 'd' = directory
2nd - 4th bits = owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
5th - 7th bits = group owner's permissions
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
8th - 10th bits = everyone (world)
r = read = 4
w = write = 2
x = execute = 1
- = none = 0
Task:
1. Manipulate file permissions using 'chmod'
a. chmod -x regextest.pl
-rw-rw-r-- 1 linuxcbt linuxcbt 681 Jan 13 11:31 regextest.pl
rw = 6 or 4+2 for owner
rw = 6 or 4+2 for group owner
r = 4 for everyone else (world)
Octal notation: 664 for file 'regexetest.pl'
chmod 664 regextest.pl - removes execution for ALL users
chmod 775 regextest.pl - enables execution for ALL users
2. Ensure that 'regextest.pl' is rw by owner and noone else
a. chmod 600 regextest.pl
Note: File will now be rw by owner (linuxcbt) and 'root'
3. Ensure that 'regextest.pl' is r by owner and noone else
a. chmod 400 regextest.pl && ls -l regextest.pl
Note: chmod supports string values, which represent octal values
chmod +/- x file
chmod +/- w file
chmod +/- r file
chmod +/- u+x file - updates owner's execute permissions on the file
chmod +/- o+x file - updates other's execute permissions on the file
chmod +/- g+x file - updates group's execute permissions on the file
chmod a+rwx = chmod 777
chown - permits changing of ownership of files
a. chown root regextest.pl - changes ownership to 'root'
b. chown linuxcbt:sales regextest.pl - changes owner and group to 'linuxcbt:sales'
Task:
Update 'regextest.pl' so that owner and group owner may modify the file
a. chmod 660 regextest.pl
SETUID:
Features:
1. ability to execute file as owner
chmod 4760 regextest.pl - this will ensure that the perl script always executes as the user 'linuxcbt'
-rwsrw---- 1 linuxcbt sales 787 Jan 28 16:08 regextest.pl
's' in the execute position means that the program will execute as that user
SETGID:
Features:
1. Ability to enforce permissions to a directory structure
mkdir /sales
chmod 2775 /sales
Create a file in the '/sales' directory as 'linuxcbt'
seq 1000000 > linuxcbt.1million.txt
chgrp:
Permits updating of group permissions
Sticky Bit:
Features:
1. Ability to ensure that users cannot delete others' files in a directory
drwxrwxrwt 23 root root 4096 Jan 28 15:05 /tmp/
/tmp - users cannot delete other user's files in '/tmp'
chmod 3777 /sales - ensures that /sales will not lose files from incorrect users
Task:
1. Set '/sales' using sticky bit and test
a. chmod 3777 /sales && ls -ld /sales OR chmod 777 /sales && chmod +t /sales
Thursday, July 15, 2010
Monday, July 12, 2010
User/Group Management
Features:
1. The ability to control users and groups
Primary tools:
1. useradd - used to add users and modify group membership
2. system-config-users
Task:
1. Create a user named 'student1' using 'useradd'
Note: Default user settings derive from: /etc/login.defs
a. useradd student1
b. set password for user 'student1': passwd student1
Default User Accounts DB: /etc/passwd
student1:x:501:501::/home/student1:/bin/bash
username:shadow_reference:uid:gid:Description(GECOS):$HOME:$SHELL
Note: /etc/passwd is a world-readable file
Note: /etc/shadow now stores passwords in encrypted form
Note: /etc/shadow is NOT world-readable
Fields in /etc/shadow:
student1:$1$XSFMv2ru$lfTACjN.XxaxbHA0EkB4U0:13891:0:99999:7:::
1. username:
2. encrypted_password:
3. Days_since_Unix_epoch_password_was_changed (01/01/1970)
4. Days before password may be changed
5. Days after which the password MUST be changed
6. Days before password is to expire that user is warned
7. Days after password expires, that account is disabled
8. Days since Unix epoch, that account is disabled
9. Reserved field (currently unused)
2. Modify user 'student1' to have password expire after 45 days
a. usermod
Groups:
1. groupadd - adds new group
2. groups - lists groups on the system: /etc/group
/etc/group - maintains group membership information
Task: Create a 'sales' group and add 'linuxbbt' and 'student1' as members
1. groupadd sales
2. usermod -G sales linuxbbt
3. usermod -G sales student1
Note: 2 types of groups exist:
1. Primary - used by default for a user's permissions
2. Supplemental - used to determine effective permissions
Note: use 'id' to determine the group information of user
Note: Create a new shell session to realize new group membership information
userdel/groupdel are used to delete users and groups, respectively
1. The ability to control users and groups
Primary tools:
1. useradd - used to add users and modify group membership
2. system-config-users
Task:
1. Create a user named 'student1' using 'useradd'
Note: Default user settings derive from: /etc/login.defs
a. useradd student1
b. set password for user 'student1': passwd student1
Default User Accounts DB: /etc/passwd
student1:x:501:501::/home/student1:/bin/bash
username:shadow_reference:uid:gid:Description(GECOS):$HOME:$SHELL
Note: /etc/passwd is a world-readable file
Note: /etc/shadow now stores passwords in encrypted form
Note: /etc/shadow is NOT world-readable
Fields in /etc/shadow:
student1:$1$XSFMv2ru$lfTACjN.XxaxbHA0EkB4U0:13891:0:99999:7:::
1. username:
2. encrypted_password:
3. Days_since_Unix_epoch_password_was_changed (01/01/1970)
4. Days before password may be changed
5. Days after which the password MUST be changed
6. Days before password is to expire that user is warned
7. Days after password expires, that account is disabled
8. Days since Unix epoch, that account is disabled
9. Reserved field (currently unused)
2. Modify user 'student1' to have password expire after 45 days
a. usermod
Groups:
1. groupadd - adds new group
2. groups - lists groups on the system: /etc/group
/etc/group - maintains group membership information
Task: Create a 'sales' group and add 'linuxbbt' and 'student1' as members
1. groupadd sales
2. usermod -G sales linuxbbt
3. usermod -G sales student1
Note: 2 types of groups exist:
1. Primary - used by default for a user's permissions
2. Supplemental - used to determine effective permissions
Note: use 'id' to determine the group information of user
Note: Create a new shell session to realize new group membership information
userdel/groupdel are used to delete users and groups, respectively
System Utilities
Features:
1. Process listing
2. Free/available memory
3. Disk utilization
1. ps - process status/listing
a. ps -ef or ps -aux
2. top - combines, ps, uptime, free and updates regulary
3. uptime - returns useful system utilization information:
a. current time
b. uptime - days, hours and minutes
c. connected users
d. load averaged - 1,5,15 minute values
4. free - returns memory utilization
a. RAM
b. SWAP
free -m - for human readable format
5. df - returns disk partition/mount point information
a. df - returns info. using kilobytes
b. df -h - returns info. using megabytes/human readable (gigs/teray/etc.)
6. vmstat - reports on: processes, memory, paging, block I/O, traps, CPU activity
a. vmstat
b. vmstat -p /dev/hda1 - returns partitions stats for /dev/hda1 (/boot)
7. gnome-system-monitor - GUI, combining most system utilities
8. ls -ltr /proc
a. cat /proc/cpuinfo
9. kill PID - kills the process with a given PID
10. runlevel - returns runlevel information using 2 fields:
a. represents previous runlevel
b. represents current runlevel
1. Process listing
2. Free/available memory
3. Disk utilization
1. ps - process status/listing
a. ps -ef or ps -aux
2. top - combines, ps, uptime, free and updates regulary
3. uptime - returns useful system utilization information:
a. current time
b. uptime - days, hours and minutes
c. connected users
d. load averaged - 1,5,15 minute values
4. free - returns memory utilization
a. RAM
b. SWAP
free -m - for human readable format
5. df - returns disk partition/mount point information
a. df - returns info. using kilobytes
b. df -h - returns info. using megabytes/human readable (gigs/teray/etc.)
6. vmstat - reports on: processes, memory, paging, block I/O, traps, CPU activity
a. vmstat
b. vmstat -p /dev/hda1 - returns partitions stats for /dev/hda1 (/boot)
7. gnome-system-monitor - GUI, combining most system utilities
8. ls -ltr /proc
a. cat /proc/cpuinfo
9. kill PID - kills the process with a given PID
10. runlevel - returns runlevel information using 2 fields:
a. represents previous runlevel
b. represents current runlevel
Perl
Features:
1. Parses text
2. Executes programs
3. CGI - Web forms, etc.
4. Supports RegExes (Perl and POSIX)
5. etc.
Task:
1. Print 'Hello World' to STDOUT
a. perl -c helloworld.pl - checks the syntax of the script
b. perl helloworld.pl - executes the script
c. chmod +x helloworld.pl && ./helloworld.pl
2. Parse RegExes from the command line
1. Parses text
2. Executes programs
3. CGI - Web forms, etc.
4. Supports RegExes (Perl and POSIX)
5. etc.
Task:
1. Print 'Hello World' to STDOUT
a. perl -c helloworld.pl - checks the syntax of the script
b. perl helloworld.pl - executes the script
c. chmod +x helloworld.pl && ./helloworld.pl
2. Parse RegExes from the command line
Sed - Stream Editor
Features:
1. Faciliates automated text editing
2. Supports RegExes (POSIX)
3. Like Awk, supports scripting using '-F' option
4. Supports input via: STDIN, pipe, file
Usage:
1. sed [options] 'instruction[s]' file[s]
2. sed -n '1p' grep1.txt - prints the first line of the file
3. sed -n '1,5p' grep1.txt - prints the first 5 lines of the file
4. sed -n '$p' grep1.txt - prints the last line of the file
5. sed -n '1,3!p' grep1.txt - prints ALL but lines 1-3
6. sed -n '/linux/p' grep1.txt - prints lines with 'linux'
7. sed -e '/^$/d' grep1.txt - deletes blank lines from the document
8. sed -e '/^$/d' grep1.txt > sed1.txt - deletes blank lines from the document 'grep1.txt' and creates 'sed1.txt'
9. sed -ne 's/search/replace/p' sed1.txt
10. sed -ne 's/linux/unix/p' sed1.txt
11. sed -i.bak -e 's/3/4' sed1.txt - this backs up the original file and creates a new 'sed1.txt' with the modifications indicated in the command
Note: Generally, to create new files, use output redirection, instead of allowing sed to write to STDOUT
Note: Sed applies each instruction to each line
1. Faciliates automated text editing
2. Supports RegExes (POSIX)
3. Like Awk, supports scripting using '-F' option
4. Supports input via: STDIN, pipe, file
Usage:
1. sed [options] 'instruction[s]' file[s]
2. sed -n '1p' grep1.txt - prints the first line of the file
3. sed -n '1,5p' grep1.txt - prints the first 5 lines of the file
4. sed -n '$p' grep1.txt - prints the last line of the file
5. sed -n '1,3!p' grep1.txt - prints ALL but lines 1-3
6. sed -n '/linux/p' grep1.txt - prints lines with 'linux'
7. sed -e '/^$/d' grep1.txt - deletes blank lines from the document
8. sed -e '/^$/d' grep1.txt > sed1.txt - deletes blank lines from the document 'grep1.txt' and creates 'sed1.txt'
9. sed -ne 's/search/replace/p' sed1.txt
10. sed -ne 's/linux/unix/p' sed1.txt
11. sed -i.bak -e 's/3/4' sed1.txt - this backs up the original file and creates a new 'sed1.txt' with the modifications indicated in the command
Note: Generally, to create new files, use output redirection, instead of allowing sed to write to STDOUT
Note: Sed applies each instruction to each line
Awk
Features:
1. Field/Column processor
2. Supports egrep-compatible (POSIX) RegExes
3. Can return full lines like grep
4. Awk runs 3 steps:
a. BEGIN - optional
b. Body, where the main action(s) take place
c. END - optional
5. Multiple body actions can be executed by separating them using semicolons. e.g. '{ print $1; print $2 }'
6. Awk, auto-loops through input stream, regardless of the source of the stream. e.g. STDIN, Pipe, File
Usage:
1. awk '/optional_match/ { action }' file_name | Pipe
2. awk '{ print $1 }' grep1.txt
Note: Use single quotes with awk, to avoid shell interpolation of awk's variables
3. awk '{ print $1,$2 }' grep1.txt
Note: Default input and output field separators is whitespace
4. awk '/linux/ { print } ' grep1.txt - this will print ALL lines containing 'linux'
5. awk '{ if ($2 ~ /Linux/) print}' grep1.txt
6. awk '{ if ($2 ~ /8/) print }' /var/log/messages - this will print the entire line for log items for the 8th
7. awk '{ print $3 }' /var/log/messages | awk -F: '{ print $1}'
1. Field/Column processor
2. Supports egrep-compatible (POSIX) RegExes
3. Can return full lines like grep
4. Awk runs 3 steps:
a. BEGIN - optional
b. Body, where the main action(s) take place
c. END - optional
5. Multiple body actions can be executed by separating them using semicolons. e.g. '{ print $1; print $2 }'
6. Awk, auto-loops through input stream, regardless of the source of the stream. e.g. STDIN, Pipe, File
Usage:
1. awk '/optional_match/ { action }' file_name | Pipe
2. awk '{ print $1 }' grep1.txt
Note: Use single quotes with awk, to avoid shell interpolation of awk's variables
3. awk '{ print $1,$2 }' grep1.txt
Note: Default input and output field separators is whitespace
4. awk '/linux/ { print } ' grep1.txt - this will print ALL lines containing 'linux'
5. awk '{ if ($2 ~ /Linux/) print}' grep1.txt
6. awk '{ if ($2 ~ /8/) print }' /var/log/messages - this will print the entire line for log items for the 8th
7. awk '{ print $3 }' /var/log/messages | awk -F: '{ print $1}'
GREP
Features:
1. The ability to parse lines based on text and/or RegExes
2. Post-processor
3. Searches case-sensitively, by default
4. Searches for the text anywhere on the line
1. grep 'linux' grep1.txt
2. grep -i 'linux' grep1.txt - case-insensitive search
3. grep '^linux' grep1.txt - uses '^' anchor to anchor searches at the beginning of lines
4. grep -i '^linux' grep1.txt
5. grep -i 'linux$' grep1.txt - uses '$' anchor to anchor searches at the end of lines
Note: Anchors are RegEx characters (meta-characters). They're used to match at the beginning and end of lines
6. grep '[0-9]' grep1.txt - returns lines containing at least 1 number
7. grep '[a-z]' grep1.txt
8. rpm -qa | grep grep - searches the package database for programs named 'grep'
9. rpm -qa | grep -i xorg | wc -l - returns the number of pacakges with 'xorg' in their names
10. grep sshd messages
11. grep -v sshd messages - performs and inverted search (all but 'sshd' entries will be returned)
12. grep -v sshd messages | grep -v gconfd
13. grep -C 2 sshd messages - returns 2 lines, above and below matching line
Note: Most, if not all, Linux programs log linearly, which means one line after another, from the earliest to the current
Note: Use single or double quotes to specify RegExes
Also, execute 'grep' using 'egrep' when RegExes are being used
1. The ability to parse lines based on text and/or RegExes
2. Post-processor
3. Searches case-sensitively, by default
4. Searches for the text anywhere on the line
1. grep 'linux' grep1.txt
2. grep -i 'linux' grep1.txt - case-insensitive search
3. grep '^linux' grep1.txt - uses '^' anchor to anchor searches at the beginning of lines
4. grep -i '^linux' grep1.txt
5. grep -i 'linux$' grep1.txt - uses '$' anchor to anchor searches at the end of lines
Note: Anchors are RegEx characters (meta-characters). They're used to match at the beginning and end of lines
6. grep '[0-9]' grep1.txt - returns lines containing at least 1 number
7. grep '[a-z]' grep1.txt
8. rpm -qa | grep grep - searches the package database for programs named 'grep'
9. rpm -qa | grep -i xorg | wc -l - returns the number of pacakges with 'xorg' in their names
10. grep sshd messages
11. grep -v sshd messages - performs and inverted search (all but 'sshd' entries will be returned)
12. grep -v sshd messages | grep -v gconfd
13. grep -C 2 sshd messages - returns 2 lines, above and below matching line
Note: Most, if not all, Linux programs log linearly, which means one line after another, from the earliest to the current
Note: Use single or double quotes to specify RegExes
Also, execute 'grep' using 'egrep' when RegExes are being used
Subscribe to:
Posts (Atom)