Tushar Jadhav Blog

Tuesday, August 2, 2016

Linux User Administration

User Administration

Only root (i.e. system administrator) can use adduser command to create new users. It is not allow to other users.

Adduser is symlink of Useradd which is binary in /usr/sbin. We (root) can customize adduser by using another word (rocky) & make it symlink of useradd. Let's see

Main File of useradd

[root@localhost Desktop]# ls -l /usr/sbin/adduser

lrwxrwxrwx. 1 root root 7 Jun 20 2015 /usr/sbin/adduser -> useradd

[root@localhost Desktop]# which useradd -to check file location

/usr/sbin/useradd ----------------------main file of useradd command

#useradd ---main file (/usr/sbin/useradd)

#ln –s /usr/sbin/useradd /user/sbin/u ---create links or short cut file

Now “ u” is symlink of useradd.

#u rocky --- create user

[root@localhost Desktop]# ln -s /usr/sbin/useradd /usr/sbin/T

Now “T” is symlink of useradd.

[root@localhost Desktop]# T mouse

[root@localhost Desktop]# ls /home

rocky lalit mouse olx rajesh paytm test

--------------------------------------------------------------------------------------------------------------------

There are 3 types of users

________________________|________________________

| | |

Super user System user Normal user

<1> Superuser : At the time of linux installation it is create. He has right to make other users & his`userid' & `groupid' is zero in `/etc/Passwd' file.

<2> Systemuser: These users create by System. They can't login becoz their shell `sbin/noloin' is default in seventh field in `/etc/passwd' file.

<3> Normaluser: These users create by superuser.(root user)

--------------------------------------------------------------------------------------------------------------------

Let's see how superuser make normaluser :

[root@localhost root]$ adduser john

[root@localhost root]$ passwd john

New password :( user password)

Retype new password:(user password)

Passwd: all authentication tokens updated successfully.

--------------------------------------------------------------------------------------------------------------------

[root@localhost root]$ userdel john ---> `userdel' command delete only name of the user from /home directory but it's data remain there. It's /usr/sbin/userdel

--------------------------------------------------------------------------------------------------------------------

[root@localhost root]$ userdel -r john ---->userdel -r delete name of user as well as data.

--------------------------------------------------------------------------------------------------------------------

[root@localhost root]$ usermod -G groupname username

i.e. [root@localhost root]$ usermod -G sales vikas

--------------------------------------------------------------------------------------------------------------------

usermod –G ---- Secondary Group

usermod –g ------Primary Group

--------------------------------------------------------------------------------------------------------------------

---->`usermod -G' command makes the user vikas member of the group sales. /usr/sbin/usermod.

--------------------------------------------------------------------------------------------------------------------

su ----> with the help of this command root can work as substitute user.

su -r ---->with the help of this command root come out from substitute user.

--------------------------------------------------------------------------------------------------------------------

[root@localhost root]$ adduser john

# useradd mouse --- after create user, created the below details

i) UID -----------------------------------------User ID

ii) GID -----------------------------------------Group ID

iii) cd /home/mouse/ ---------------------------Create Home Directory

iv) Owner Group Permission 700 --------- Set Default permission to group

v) Owner Group (John) ----------------------create owner group same as user name.

vi) /etc/skel ----------------------Copied all file from /etc/skel to user home directory.

--------------------------------------------------------------------------------------------------------------------

[root@localhost Desktop]# id---------------------- with the help of this command to check user id

uid=0(root) gid=0(root) groups=0(root)

[root@localhost ~]# id john --------------------------- with the help of this command to check user id

uid=514(john) gid=514(john) groups=514(john)

[root@localhost ~]# id tushar --------------------------- with the help of this command to check user id

uid=515(tushar) gid=515(tushar) groups=515(tushar)

--------------------------------------------------------------------------------------------------------------------

[root@tushar ~]# T -G sales lalit -----user create and group added as a secondary

[root@tushar ~]# id lalit

uid=3003(lalit) gid=3005(lalit) groups=3005(lalit),3003(sales)

--------------------------------------------------------------------------------------------------------------------

[root@tushar ~]# T -g maket sohel ---user create and group added as a primary

[root@tushar ~]# id sohel

uid=3004(sohel) gid=3004(maket) groups=3004(maket)

--------------------------------------------------------------------------------------------------------------------

# useradd file ---- Refers 2 files & update 4 files

The information of adduser refers 2 files & updates 4 files.

Refers 2 Files

|----ls /etc/login.defs

|----ls /etc/default/useradd

Updates 4 files ------user all information updated in below files.

IT’S CALL THE LINUX USER DATABASE

|----/etc/passwd

|----/etc/group

|----/etc/shadow

|----/etc/gshadow

l. ----------------------------to see hidden file

ls –a ------------------------- to see hidden file

---------------------------------------------------------------------------------------------------

[root@localhost ~]# vi /etc/login.defs - (.defs –Defaults )

# Min/max values for automatic uid selection in useradd

UID_MIN 500 ------------------ TAG---------500 -----create only 100 user

UID_MAX 60000-----------------TAG---------600 u can change this value

# Min/max values for automatic gid selection in groupadd

UID_MIN 500 -------------------- TAG-------500 -- create only 200 groups

UID_MAX 60000-----------------TAG---------700 u can change this value

# If useradd should create home directories for users by default

# On RH systems, we do. This option is overridden with the -m flag on

# useradd command line.

CREATE_HOME yes ------if should be not create home DIR so u can just type no

You can manage and change home directory name.

How money user create in Linux

User and group = 59500 - by default user created

Answer: its depends on the /etc/login.defs file

--------------------------------------------------------------------------------------------------------------------

# passwd ------to change current user password

--------------------------------------------------------------------------------------------------------------------

/etc/login.defs

<1> /etc/login.defs : It keep the information of directory where mailboxes reside or name of file relative to the home directory, Password duration & how many users can login.

"Passwd file" & "Group file" get the information of userid & groupid from this file.

"shadow file" & "Gshadow file" get the information of user login & password duration of user from this file.

Min/max values for automatic uid selection in useradd.

UID-MIN 500

UID-MAX 60000

The id of user start from 500 & max it is 60000 which is default according to REDHAT but we can customize it.

If there are two department ACCOUNTANT & MARKETING in one office then I can start userid to ACCOUNTANT from 1000 & to MARKETING from 2000 which is reliable.

Similar way to Groupid

GID-MIN 500

GID-MAX 60000

--------------------------------------------------------------------------------------------------------------------

Umask

Default value of umask is:

For root 022

For user 002

777 777

022 002

------ ------

755 775

Umask 077 is default permissions

MAIL_DIR /var/spool/mail -------------------- TAG - user mails server indox in /var/spool/mail

_______________________________________________________________________________

/etc/default/useradd

<2> /etc/default/useradd : It has information of no. of groups, directory of users & user using which shell in following way.

1. Group=100 ----> It's default no. of groups according to Redhat which can customise.

2. Home=/home ----> It's default dir of user as Redhat say to which we can give any name i.e. we can make `ghar'instead of `home' by making directory under /

3. Inactive ----> It's number of days after account expire of user.

4. Expire ----> It's number of days for the password of user will expire.

5. Shell=/bin/bash --> It's path of user shell.

6. Skel=/etc/skel ---> When user create there is zero dir or file but when give command `l.' it shows some hidden files which comes from /etc/skel.

[root@localhost ~]# vi /etc/default/useradd

# useradd defaults file

GROUP=100 ------------------------------------------------------------------query

HOME=/home (wallet)----------------------u can manage home dir and u can change the /home sir name

INACTIVE=-1 ------------------------------------10 account expire day select (-1 ----no value or its depends of

the other files)

EXPIRE= ---------------------------------------------IF you set 7 days the password will be expire after 7 days

SHELL=/bin/bash -----------------------------------if you want to change folder eg . /bin/sh ---The shell of the user will be /bin/sh for feture

SKEL=/etc/skel --------------------------------------If you want to change this pasth /etc/opt u can manage that , Then opt folder all file copied to home dir

IF you want to share common file to every new joiner get this file so u can copy file in /etc/skel folder

CREATE_MAIL_SPOOL=yes

--------------------------------------------------------------------------------------------------------------------

[root@localhost /]# mkdir wallet ---------------wallet dir create in / locaton

[root@localhost /]# T paresh ------------------------create user

[root@localhost jacky]# cd /wallet/paresh/ --------change home dir name

[root@localhost paresh]# l. or ls -a

. .. .bash_logout .bash_profile .bashrc .gnome2 .mozilla

--------------------------------------------------------------------------------------------------------------------

[root@localhost ~]# cd /home/jacky/

[root@localhost jacky]# l.

. .. .bash_logout .bash_profile .bashrc .gnome2 .mozilla

-------------------------------------------------------------------------------------

LINUX USER DATABASE

Update 4 files

i) /etc/passwd

ii) /etc/shadow

iii) /etc/group

iv) /etc/gshadow

--------------------------------------------------------------------------------------------------------------------

1) /etc/passwd

<3> /etc/passwd : * It keeps the record of new user when create by superuser. Each line is entry of new user. It is text file & has details of all system users.

* It has 7 fields for each user in each line so

it is called `system passwd database' & each field is separated : (colon) also called "Internal field Separator".

--------------------------------------------------------------------------------------------------------------------

[root@localhost paresh]# vi /etc/passwd

: (colon) is separated by filed

How many filed in passwd file = 7

Paresh :x :517 : 517 : :/wallet/paresh :/bin/bash

\_____/\__/\____/\____/|__|\______________/\__________/

| | | | | | |

1 2 3 4 5 6 7

--------------------------------------------------------------------------------------------------------------------

Champu :x :500 :500 : :/home/champu :/bin/bash

\_____/\__/\___/\___/|_|\______________/\________/

| | | | | | |

1 2 3 4 5 6 7

--------------------------------------------------------------------------------------------------------------------

1 --- It is username

2 ---- X means your password reside in shadow files

It contain user password which is somewhere else if exist.

If we put * in place of x then user can't login.

If we keep second field blank then user can login without password.

i.e. (x) --- password somewhere else or its store in shadow file

(*) --- user can't login.

( ) --- user can login without passwd.

3 ---- UID ------User id

4 ------ GID-------Group id

It contains groupid which is always same as userid. It's group of users.

5 ------It is comment field or GECOS(General electric compressive

operating system) Finger Information’s ( blank filed )

user can keep his information by using command

Name []: office []: office phone []: Home phone []:

6 ------- field (/home/champu) : It's home of champu. /home is directory where

all users store. ( Home directory of the user )

7 ----- field (/bin/bash) : shell of the user

It contain the full path of shell used by user.

Through shell we can convert shell script into binary format &

Whatever get from kernel convert into text format.

--------------------------------------------------------------------------------------------------------------------

2) /etc/shadow ---passwd policy

: (colon) is separated by filed: How many filed in passwd file = 9

John : $1$eEfpbdwf$PyPoi0 :16792 : 0 : 99999 : 7 : : :

\___/\_____________________/\______/\_/\_______/\_/|_|_|_|__|

1 2 3 4 5 6 7 8 9

man shadow -------all the detain get in man shadow files.

The meanings of each field are:

1 ---------User Name (sp_namp - pointer to null-terminated user name)

2 ------- Password is in MD5 clear text encryption ( IMP ) (sp_pwdp-password)

3 ------- sp_lstchg - days since Jan1,1970 password was last changed Unix Time is called epoch time (u can used time conversion) Last password change record

4 --------- sp_min – 10 days before which password may not be changed

User may not change before 10 day his passwd

5 --------- sp_max – 65 days after which password must be changed

User must be change password after 65 days (forcefully change)

6 ---------- sp_warn – 30 days before password is to expire that user

is warned of pending password expiration

7 ----------- sp_inact – 55 days after password expires that account is

considered inactive and disabled

8 ------------ sp_expire – 4 days since Jan 1,1970 when account will be disabled

9 -------------- sp_flag - reserved for future use

root:$1$Z.8vsNYS$/cSeo0Sx/5aQlQdR4oF6M.:16793:0:99999:7:::

--------------------------------------------------------------------------------------------------------------------

3) /etc/group

Group contain 4 fields

line in this field like follow

groupadd maket

tushar:x:3001:

maket:x:3004:

--------------------------------------------------------------------------------------------------------------------

vi /etc/group

tushar :x :3001 : --------user own group

maket :x :3004 : ---------create group

\_____/\___/\_____/\_/

1 2 3 4

1 ---- Group Name

2 ---- Group Password

3 ---- group ID

4 ---- Members of the group

--------------------------------------------------------------------------------------------------------------------

$ usermod -G groupname username

[root@localhost ~]# usermod -G sales lalit -----add users to in group

sales:x:3003:lalit - add lalit to sales group as secondary

[root@tushar rajeshj]# id lalit

uid=3003(lalit) gid=3005(lalit) groups=3005(lalit),3003(sales)

--------------------------------------------------------------------------------------------------------------------

[root@localhost ~]# usermod -g maket sohel

[root@tushar ~]# id sohel

uid=3004(sohel) gid=3004(maket) groups=3004(maket) ---add as primary

--------------------------------------------------------------------------------------------------------------------

Diferance between primary and secondary group

usermod –G ---- Secondary Group

usermod –g ------Primary Group

--------------------------------------------------------------------------------------------------------------------

Group Password Set

#gpasswd sales– set group passwd

User can change this own primary group

[root@localhost ~]# su vikas

[vikas@localhost root]$ newgrp PUR

Password:

[vikas@localhost root]$ id

uid=513(vikas) gid=519(PUR) groups=513(vikas),505(sales),519(PUR) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

--------------------------------------------------------------------------------------------------------------------

[root@tushar ~]# su - rajeshj

[rajeshj@tushar ~]$ id

uid=3007(rajeshj) gid=3008(rajeshj) groups=3008(rajeshj) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

[rajeshj@tushar ~]$ newgrp sales ---user self-change group

Password:

[rajeshj@tushar ~]$ id

uid=3007(rajeshj) gid=3003(sales) groups=3008(rajeshj),3003(sales) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

--------------------------------------------------------------------------------------------------------------------

<4> /etc/group : This file keep the information of group. It has four field of each group of each line so it is called `system group database'.

Member of group has right to enter other member's of system who is member of same group.

line in this field like follow

Accounts:x:500:

| | | |

1 2 3 4

1. field (accounts) : It contain name of group which is always same as the first member username.

2. field (x) : It contain group password which is somewhere else if exist & it's password is same of first member of group.

3. field (500) : It contain group id which is same of first member's id of group.

4. field : It contains list of members of group. By default Redhat it is blank but user can fill it by put the name of members of group.

One user can makes members of his group by using command

`usermod -G' which

is run by only root.

$usermod -G groupname username

when system admin first time creates users he can send message like

`Thanku for using redhat linux' through this & user get this mail whenever

he login.

[root@tushar ~]# T -G sales lalit

[root@tushar ~]# id lalit

uid=3003(lalit) gid=3005(lalit) groups=3005(lalit),3003(sales)

[root@tushar ~]# T -g maket sohel

[root@tushar ~]# id sohel

uid=3004(sohel) gid=3004(maket) groups=3004(maket)

[root@tushar ~]# ls -l /home/

-rw-r--r--. 2 root root 47 Dec 18 22:44 harry.txt

drwx------. 4 lalit lalit 4096 Dec 28 02:07 lalit

drwx------. 4 ls ls 4096 Dec 15 23:13 ls

drwx------. 4 rakesh rakesh 4096 Dec 28 02:03 rakesh

drwx------. 4 sohel maket 4096 Dec 28 02:07 sohel

-rw-r--r--. 1 root root 32 Dec 18 20:23 test1.txt

drwx------. 4 tushar tushar 4096 Dec 28 02:03 tushar

---------------------------------------------------------------------------------------------------------

CREATE ANY USER WITHOUT EXECUTE ANY COMMADS

Fist refers 2 files and updates 4 files

1) /etc/login.defs
2) /etc/default/useradd

3) /etc/passwd
4) /etc/shadow/
5) /etc/group
6) /etc/gshadow

Create user home DIR as same user name
chmod 700 /home/samy/
su – samy
copy skel form home dir

cp /etc/skel/.bash* /home/samy/

chown –Rv samy : samy /home/samy

[root@localhost ~]# mkdir /hiome/samy

[root@localhost home]# chmod 700 /home/samy/

[root@localhost home]# ls -l

drwx------. 2 root root 4096 Dec 24 00:13 samy
---------------------------------------------------------------------------------------------------------

3 # vi /etc/shadow

Ms5-crypt -------you can set encrypted passed to user

---------------------------------------------------------------------------------------------------------

PASSWORD AGING CONTROLS:

1. PASS-MAX-DAYS 99999 : The maximum number of days a password can be used.

i.e max 99999 days.

2. PASS-MIN-DAYS 0 : The minimum number of days allowed between password

can change.

3. PASS-MIN-LEN 5 : The minimum length of the password. i.e. 5 character.

4. PASS-WARN-AGE 7 : Specifies the number of days warning given to user

before the password expire. ie 7 days.

The above PASSWORD AGING information is default according to REDHAT which we can customize it.

--------------------------------------------------------------------------------------

# /etc/passwd ------User details for UID and GID

Whenever we create second user then system can refer /etc/passwd file

How to delete user account

# userdel champu ------User can delete but user home DIR not delete.

Advantage of userdel command ----Database delete only but home DIR not delete.

# userdel -r champu ( -r -----recursive) delete USER as well as HOME DIR

----------------------------------------------------------------------------------------------------

How to check user is created or not

You can check user name or to search in below files

[root@localhost home]# less /etc/passwd

[root@localhost home]# grep tushar /etc/passwd

tushar:x:515:515::/home/tushar:/bin/bash

paresh :x :517 :517 : :/wallet/paresh :/bin/bash

\______/\_/\___/\____/|_|\_____________/\__________/

| | | | | | |

1 2 3 4 5 6 7

1 --- It is username

2 ---- X means your password reside in shadow files

If we put * in place of x then user can't login.

If we keep second field blank then user can login without password.

i.e. (x) --- password somewhere else or its store in shadow file

(*) --- user can't login.

( ) --- user can login without passwd.

3 ---- UID ------User id

4 ------ GID-------Group id It contains groupid which is always same as userid.

5 ------It is comment field or GECOS(General electric compressive

operating system) Finger Information’s ( blank filed )

user can keep his information by using command

Name []: office []: office phone []: Home phone []:

6 ------- field (/home/champu) : It's home of champu. /home is directory where

all users store. ( Home directory of the user )

7 ----- field (/bin/bash) : shell of the user

--------------------------------------------------------------------------------------------------------------

How to user modification

Usermod ---------to modify user

How to change UID

-u ---------- UID ------- to change UID

-s ------------ Shell ------- to change Shell

-c ------------- add comment ----------to add comments eg . Thane mob no , add , location off add

-d --------------home DIR ------------------ to change home DIR name.

-g --------------GID ----------first check group and decide to set GID value to user or

---------------------------------------------------------------------------------------------------------------

Add user to group

Usermod –u 10 -s /bin/sh -c “ Thane Dombivali 989283938 98293898 “ –d /opt champu

Practice and example

[root@localhost home]# grep john /etc/passwd

john:x:514:514::/home/john:/bin/bash --------------------------before modification user details

--------------------------After modification john user details in below--------------------

[root@localhost home]# usermod -u 1000 -s /bin/sh -c " Tushar Jadhav 9892562869 dombivali thane" -d /GHAR/ john

[root@localhost home]# grep john /etc/passwd

john:x:1000:514: Tushar Jadhav 9892562869 dombivali thane:/GHAR/:/bin/sh

----------------------------------------------------------------------------------------------------------------

[root@tushar ~]# useradd jockey

[root@tushar ~]# usermod -u 1000 -s /bin/sh -c " Tushar Jadhav 9892562869 dombivali thane" -d /GHAR/ jockey

[root@tushar ~]# id jockey

uid=1000(jockey) gid=3009(jockey) groups=3009(jockey)

[root@tushar ~]# grep jockey /etc/passwd

jockey:x:1000:3009: Tushar Jadhav 9892562869 dombivali thane:/GHAR/:/bin/sh

---------------------------Change user GID & user add in group ----------------

[root@localhost home]# usermod -u 2000 -s /bin/bash -g 519 -c " Tushar Jadhav 9892562869 dombivali thane" -d /home/ john

[root@localhost home]# grep john /etc/passwd

john:x:2000:519: Tushar Jadhav 9892562869 dombivali thane:/home/: /bin/bash

[root@localhost home]# id john

uid=2000(john) gid=519(PUR) groups=519(PUR) ----after change GID user add in this group

----------------------------------------------------------------------------------------------------------------

While creating user we can give specific home DIR shell,

(Create user and set permission and specific flags,)

Useradd jary -----set default value

Useradd –d –u –s -- if you used this fags then skip home , uid , shell tags

Practice and example

[root@Tusharjahdav ~]# Useradd –d /mnt –u 3000 –s /bin/ksh jokey

[root@Tusharjahdav ~]# grep jary /etc/passwd

Jokey :x: 3000: 3000 : : /mnt: /bin/sh

----------------------------------------------------------------------------------------------------

[root@Tusharjahdav ~]# useradd -u 1002 -s /bin/sh jary

[root@Tusharjahdav ~]# grep jary /etc/passwd

jary:x:1002:1002::/home/jary:/bin/sh

----------------------------------------------------------------------------------------------------

[root@localhost /]# useradd -u 3001 -m -c "Mr.harry power is back" pintu

useradd: cannot create directory /home:/pintu

---------------------------------------------------------------------------------------------------- [root@Tusharjahdav ~]# useradd vikey

useradd: cannot create directory /home:/vikey

Ans : if facing above error then go to /etc/default/useradd file and check home path.

----------------------------------------------------------------------------------------------------

How to create 10 users in one command

# Fist create user file and run for a look

Practice and example

[root@] ~]# vi /opt/tuss ----- add user list in this file

[root@tushar /]# for i in "cat /opt/users" ; do useradd $i ; done

----------------------------------------------------------------------------------------------------

How to disable user ----there are multiple way to disable user

root@tushar /]# vi /etc/passwd

jary: x : 1002:1002::/home/jary:/bin/sh ----(user will be login)original user passwd

jary: : 1002:1002::/home/jary:/bin/sh -----------------black (disable)

jary:* : 1002:1002::/home/jary:/bin/sh -------------------- * (disable)

jary: x : 1002:1002::/home/jary:/sbin/false --- ---/sbin/false (disable)

jary: x : 1002:1002::/home/jary:/sbin/nolgin --------- / sbin/nolgin (disable)

root@tushar /]# vi /etc/shadow

paresh:!!:16792:0:99999:7:::9 ------ Put any value of last filed, user will be disable

--------------------------------------------------------------------------------------------------------------

How to Lock user

Passwd –l john ----------------lock the user

[root@tushar ~]# passwd -l paresh

Locking password for user paresh.

passwd: Success

Passwd –u john --------------unlock the user

[root@tushar ~]# passwd -u paresh

Unlocking password for user paresh.

passwd: Warning: unlocked password would be empty.

passwd: Unsafe operation (use -f to force)

---------------------------------------------------------------------------------------------------------------

All users will be disable if /etc/login this file is exist

Touch /etc/nologin ----just create this file then all users will be disable

-------------------------------------------------------------------------------------------------------------

How to Add group ---groupadd Group Name

How to Delete group -----groupdel Group Name

How to modify group ------groupmod

How to change shell

Usermode –s --------------to change shell

[root@tushar /]# chsh paresh -----------updated in passwd

Changing shell for paresh.

New shell [/bin/bash]: /bin/sh

Shell changed.

-----------------------------------------------------------------------------------------

[root@tushar /]# chfn paresh ----- Finger information --change in gicos filed

Changing finger information for paresh.

Name []: paresh moon 983333883 dombivali current bangalore

Office []: ajsdadada

Office Phone []: asdasda

Home Phone []: asda

Finger information changed.

Practice and example

[root@tushar /]# grep paresh /etc/passwd

paresh:x:517:517:paresh moon 983333883 dombivali current bangalore,ajsdadada,asdasda,asda:/wallet/paresh:/bin/sh

-----------------------------------------------------------------------------------------

[root@tushar /]# finger paresh -------all user details

-----------------------------------------------------------------------------------------

To change the AGING ( to change the password policy in shadow file)

[root@tushar /]# chage paresh

Changing the aging information for paresh

Enter the new value, or press ENTER for the default

3 Minimum Password Age [0]:

4 Maximum Password Age [99999]:

5 Last Password Change (YYYY-MM-DD) [2015-12-23]:

6 Password Expiration Warning [7]:

7 Password Inactive [-1]:

8 Account Expiration Date (YYYY-MM-DD) [1969-12-31]:

John : $1$eEfpbdwf$PyPoi0 :16792 : 0 : 99999 : 7 : : :

\___/\_____________________/\______/\__/\______/\__/|__|__|__|

1 2 3 4 5 6 7 8 9

1 filed -user name , 2 filed password and last is reserved is skip

Create user and set password & user will be change password is first login.

[root@tushar /]# useradd pranay ------------------create user

[root@tushar /]# passwd pranay ----------------------set password

Changing password for user pranay.

New password:

BAD PASSWORD: it is based on a dictionary word

BAD PASSWORD: is too simple

Retype new password:

passwd: all authentication tokens updated successfully.

----------------------------------------------------------------------------------------------------

Before chage command /etc/shadow entry

pranay:$1$EmTX7J96$7Van4j3TJM.lIjFBwmryZ1:16792:0:99999:7:::

root@tushar /]# chage -d 0 pranay ---------------------user will be prompt to change password for 1^st login

[root@tushar /]# su - pranay ----------------------------------------switch user

[pranay@tushar root]$ su pranay

Password:

You are required to change your password immediately (root enforced)

Changing password for pranay.

(current) UNIX password:

New password:

Retype new password:

Grep prnay /etc/shadow

After chage command 3 filed value will be change

pranay:$1$EmTX7J96$7Van4j3TJM.lIjFBwmryZ1:0:0:99999:7:::

This entry goes to ( 1 jan, 1970 ) Value will be change 0

----------------------------------------------------------------------------------------------------

All created users call Valid Linux Users

[root@tushar ~]# Vi /etc/passwd

[root@tushar ~]# vipw------------------short cut file of vi /etc/passwd

[root@tushar ~]# vi /etc/grouphu

[root@tushar ~]# vigr -------------shart cut file of vi /etc/group

---------------------------------------------------------------------------------------------------

How to disable shadow file

[root@tushar etc]# cd /etc/shadow ----------------- shadow file

[root@tushar etc]# pwunconv ----Disable command ---After this command shadow file will be disable and password will show in passwd file ..

[root@localhost Desktop]# less /etc/shadow- disable file

passwd file user entry qiukr:$1$ml1iS2Ke$TL0UYLWoGTbIfczYwy7tL.:500:500:Centos:/home/qiukr:/bin/bash

[root@tushar etc]# less /etc/shadow ---------------------- shadow- its menas disable

[root@tushar etc]# pwconv ---------- Enable command-----------------shadow file will be enbale

[root@tushar etc]# less /etc/shadow -------------------enable file

---------------------------------------------------------------------------------------------------------------------

Permission of shadow files 400

[root@tushar etc]# ls -l /etc/shadow

-r--------. 1 root root 1236 Dec 24 05:29 /etc/shadow

passwd file will be deleted by mistake

there is already backup file is system so just copy this file passwd

passwd- ---------------------backup files

passwd.OLD -------------------- old backup files

[root@localhost etc]# cp /etc/passwd- /etc/passwd

Linux File-systems format

ext2, ext3 and ext4 are all filesystems created for Linux. This article explains the following:

§ High level difference between these filesystems.

§ How to create these filesystems.

§ How to convert from one filesystem type to another.

Ext2

§ Ext2 stands for second extended file system.

§ It was introduced in 1993. Developed by Rémy Card.

§ This was developed to overcome the limitation of the original ext file system.

§ Ext2 does not have journaling feature.

§ On flash drives, usb drives, ext2 is recommended, as it doesn’t need to do the over head of journaling.

§ Maximum individual file size can be from 16 GB to 2 TB

§ Overall ext2 file system size can be from 2 TB to 32 TB

Ext3

§ Ext3 stands for third extended file system.

§ It was introduced in 2001. Developed by Stephen Tweedie.

§ Starting from Linux Kernel 2.4.15 ext3 was available.

§ The main benefit of ext3 is that it allows journaling.

§ Journaling has a dedicated area in the file system, where all the changes are tracked. When the system crashes, the possibility of file system corruption is less because of journaling.

§ Maximum individual file size can be from 16 GB to 2 TB

§ Overall ext3 file system size can be from 2 TB to 32 TB

§ There are three types of journaling available in ext3 file system.

§ Journal – Metadata and content are saved in the journal.

§ Ordered – Only metadata is saved in the journal. Metadata are journaled only after writing the content to disk. This is the default.

§ Writeback – Only metadata is saved in the journal. Metadata might be journaled either before or after the content is written to the disk.

§ You can convert a ext2 file system to ext3 file system directly (without backup/restore).

Ext4

§ Ext4 stands for fourth extended file system.

§ It was introduced in 2008.

§ Starting from Linux Kernel 2.6.19 ext4 was available.

§ Supports huge individual file size and overall file system size.

§ Maximum individual file size can be from 16 GB to 16 TB

§ Overall maximum ext4 file system size is 1 EB (exabyte). 1 EB = 1024 PB (petabyte). 1 PB = 1024 TB (terabyte).

§ Directory can contain a maximum of 64,000 subdirectories (as opposed to 32,000 in ext3)

§ You can also mount an existing ext3 fs as ext4 fs (without having to upgrade it).

§ Several other new features are introduced in ext4: multiblock allocation, delayed allocation, journal checksum. fast fsck, etc. All you need to know is that these new features have improved the performance and reliability of the filesystem when compared to ext3.

§ In ext4, you also have the option of turning the journaling feature “off”.

IP TABLES ( FIREWALL ) - 1

Iptables / Firewall is Kernel Level Firewall

Its used Hardware Firewall

Iptables is package

rpm -qa | grep -i iptable ------check iptable install or not

/etc/init.d/iptables status ----check iptable service status

TASK

No one access my pc – i want to block all the traffic / network ---its load on ram (temporary )

# iptable -A I NPUT –s 0.0.0.0/0.0.0.0 –j REJECT ---its load on ram (temporary )

# service iptables save --- for persist / permanent rules

Iptable ---- it’s a command / utility / tool

A ------ Appended / ADD

INPUT ----- chain

s ------ Source

0.0.0.0/0.0.0.0 ----- network

INPUT –s 0.0.0.0/0.0.0.0 --- rules

j --------- jump

REJECT ----- Action / Target

D ---- Destination

F ------ Flush

# ipitables -L -----check rules

# iptable -A I NPUT –s 192.168.1.94/32 –j REJECT -- block only 94 ip

# service iptables save --- for persist / permanent rules

# ipitables -F ----- to remove all rules but temporary

# service iptables save --- for persist / permanent iptables

# iptables -D I NPUT 2 ---- Delete 2^nd no of rules

Add URl In Nagios Monitoring

Add URl In Nagios Monitoring

1) /usr/local/nagios/etc/objects/linux-servers/ALL_URL

2) Create file for monitoring & if your want host group separately create host file

3) but before set call URl from curl command & check output & set strings

4) /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg --- to check string

5) /etc/init.d/nagios reload ------------------------------------------reload the Nagios service

6) Check Nagios pending alerts

------------------------------------------------------------------------------------------------------------------

define host{

use linux-server ; Inherit default values from a template

host_name m.paytm_URL ; The name we're giving to this server

alias m. paytm _dummy ; A longer name for the server

address m. paytm ; IP address of the server

check_interval 5

retry_interval 1

max_check_attempts 5

check_period 24x7

process_perf_data 0

retain_nonstatus_information 0

notification_interval 30

notification_period 24x7

notification_options d,u,r

check_command check_dummy

}

define service{

use local-service ; generic-services

host_name m. paytm _URL

service_description Test http://201.29.10.200/paytm /index.php

is_volatile 0

check_period 24x7

max_check_attempts 3

normal_check_interval 1

retry_check_interval 1

notification_interval 120

notification_period 24x7

notification_options w,u,c,r

check_command check_curl!http://201.29.10.200/paytm/index.php

}

-------------------------------------------------------------------------------------------------------------------------

How to Backup running Virtual Machine in XenServer

################ How to Backup running Virtual Machine in XenServer ###########

Xen server snapshot backup creation

1) mkdir /vm_backup
#mount -t nfs 192.168.10.212:/vol/vmimgbackup /vm_backup

2) List VM's (Steps to Manually Backup Running VM)

2.1) Find VMs UUID
xe vm-list is-control-domain=false is-a-snapshot=false
uuid ( RO) : 04eb7bf4-d5d1-e17f-cd73-90f469705c23
name-label ( RW): CentOS_6_Noc_Test
power-state ( RO): running

04eb7bf4-d5d1-e17f-cd73-90f469705c23 -- we get Server UUID

3) Create VMs Snapshot (Snapshot VM to template)
xe vm-snapshot uuid=04eb7bf4-d5d1-e17f-cd73-90f469705c23 new-name-label=Backup-test-Webserver-1-28JUN16

{Above command will retrun a UUID of snapshot, Use that UUID to convert snapshot to a vm, so we can export it to file using below command.}
426ef33c-24a2-252d-d4e3-cf012382ae66 -- Template UUID

4) Export template to standby VM - Backup NFS mount
xe template-param-set is-a-template=false ha-always-run=false uuid=426ef33c-24a2-252d-d4e3-cf012382ae66 ((Temlate on UUID ) )

5) Export Snapshot to file
xe vm-export vm=426ef33c-24a2-252d-d4e3-cf012382ae66 filename=/var/run/sr-mount/226ccade-c619-a32d-5ac0-116d66b8f505/bakcup/Backup-test-Webserver-1-28JUN16.xva

--------------------------------------------------------------------------------------------------------------
Import snapshot/create server from snapshot
xe vm-import filename=Backup-test-Webserver-1-28JUN16.xva

9c5e0951-ec6d-0e9a-ec22-0ad3c88ac525

Restart VM
xe vm-reset-powerstate uuid=9c5e0951-ec6d-0e9a-ec22-0ad3c88ac525 force=true

--------------------------------------------------------------------------------------------------------------
error resolved XenServer host CLI

Please execute "xe-toolstack-restart" command on the XenServer host CLI and let me know if it resolved the issue

--------------------------------------------------------------------------------------------------------------
################# 1.4. Destroy Snapshot ##############

{Finally as we have already taken backup to xva file, so we can destroy created snapshot from xenserver.}
xe snapshot-list -----use for lost snapshot
xe host-list
xe sr-list

# xe vm-uninstall uuid=69616fa4-da57-947c-a8a7-aa043cf644ec force=true
384e54d6-fd6c-c041-90e8-f7db18aa89a5 --------- 1
8851d761-278d-5e4a-0ca1-43483c8b5aac --------- 2

Delete Snapshots
List VM's
xe vm-list is-control-domain=false is-a-snapshot=false

Delete Snapshots
xe vm-uninstall uuid=snapshot-name force=true
xe vm-uninstall uuid=9c5e0951-ec6d-0e9a-ec22-0ad3c88ac525 force=true