Notice dont forget to test you configuration with a reboot!!!!

Check how to confi

gure a repo for http/ftp server Configure network with system-config-network/tui
, and be sure it works after reb oot!!!!!! I had a issue had to set NM to yes, Y
es almost forgot, it is also essential to know how to reset roots pwd on a unkn
ow system, where you simply dont know the previous roots pwd, just at boot type
a and type 1 and boot system in single user mode and reset roo ts pwd, to that y
ou will have to use at your exam Questions 1 | CREATE LVM Create the "LVM" with
the name "source" by using 26PE's from the volume group "o pen". Consider the PE
size as "8MB". Mount it on /mnt/secret with filesystem vfa t. --> notice here t
hat the already 3 partition present vda1,2,3 I had two question 1st was to creat
e a swap from partition (NOT from LVM) and 2nd was to create a new LVM with new
VG and new LV. Since you cant have 5 primary partition you need to create the ne
xt 5 partition as logical, recommend doing this with cfdisk, ha d issues rereadi
ng new partitions using partx -a, or partprobe, in some cases I had to reboot th
e server Questions 2 | USER'S GROUPS AND PERMISSION: Create a group named "sysad
min" A user sarah and natasha should belongs to "mana ger" group as a secondary
group . A user harry should not have access to interac tive shell and he should
not be a member of "manager" group. passwd for all user created should be "passw
ord". --> This task can differ with names, but the task I had was similiar Quest
ions 3 | DIRECTORY COLLABORATION: Create the Directory "/home/manager" with the
following characteristics. Group o wnership of "/home/manager" should go to "man
ager" group. The directory should b e have full permission for all members off "
manager" group but not to any other users accept "root". Files created under "/h
ome/manager" should get the same gro up ownership is set to the "manager" group.
--> this also pretty ease you need to set g+s on the directory Questions 4 | UP
DATE THE KERNEL: Install the appropriate Kernel fromftp://instructor.example.com
/ftp/updates. You r machine should boot with updated kernel. --> I think I had t
he kernel on a http location used lynx to get the exact path to the new kernel a
nd kernel-firmware, used after wget to download it. use rpm -vih kernel-firmware
and then rpm -ivh kermel dont do -Uvh, this will remove the previous kernel, no
changes are needed. --> if the source is ftp just ftp and open or lftp Question
s 5 | CRON JOB: The user sarah must configure a cron job that runs today at 14:2
3 today. and exe cutes "/bin/echo "hyer" and deny the user max for creating cron
job . --> yes this matches, but had it without the deny Questions 6 | RESIZE LVM
: Resize the lvm "/dev/vgsrv/home" (/dev/myvol/vo) so that after reboot size sho
ul d be in between 90MB to 120MB.. Yup, if you are not sure make a copy of the /
home, or where the LV points to. so umount > fsck > resize /dev.../lv 100M > lvr
esize -L 100M /dev. (by lvresize yo

u may get a message about destroying your data just confirm).., dont change the
order lvresize and resize, Questions 7 | BIND THE "LDAP" FOR USER AUTHENTICATION
: Note the following. BASE DN: dc=example,dc=com ldap path ldap://instructor.exa
mp le.com/ Download the certificate from "ftp://instructor.example.com/pub/EXAMP
LECA-CERT"Ldap user should login into your system . Where "X" is your system no.
--> Yes this is pretty easy, just start from GUI the Authentification Tool or a
u thconfig/authconfig-tui If all goes well verify changes with getend passwd lda
puser01 Questions 8 | "NTP" CLIENT: Configure your system as "NTP" client for "i
nstructor.example.com". --> yes done with system-configure-date or time dont kno
w the exact name, can be also found in the system tools Questions 9 | AUTOMOUNT
THE HOME DIRECTORY FOR LDAPUSER Note the following. instructor.example.com(192.1
68.0.254) "Nfs exports" /home/gu ests to your system where "x" is your station i
p. Ldapuser's home directory is i nstructor.example.com:/home/guests/ldapuserx.
Ldapuser's home directory should b e automounted locally beneath at /home/guests
/ldapuserx. While login with any of the ldapuser then only home directory should
accesible from your system that ld apuserx. --> Yes matches, create a copy from
auto.misc called auto.ldap in ldap comment all and type the following /home/gue
sts auto.ldap in the auto.ldap ldapuser01 -fstype=nfs IP:/home/quests/ldapuser01
--> nfs is NFSv3 * -fstype=nfs IP:/home/quests/& --> all users Questions 10 | A
CCESS CONTROL LIST: Copy the file /etc/fstab to /var/tmp and configure the "ACL"
as mention followin g. The file /var/tmp/fstab is owned by the "root". The file
/var/tmp/fstab belon gs to the group "root" The file /var/tmp/fstab should not
be executable by other 's. The user "sarah" should able to read and write to the
file. The user "natash a" can neither read nor write to the file. other users (
future and current) shuo ld be able to read /var/tmp/fstab. Create a directory /
data ,set default group a s ftp so that when content will be created under this
dir group ftp will be inhe rited. --> matches, just use setfacl -m u:user:rwx fi
le, verify with getfacl, or simply switch to users and try to make changes Quest
ions 11 | CONFIGURE FTP SERVER: Configure FTP access from your system. Clients w
ithin the remote.test should not have anonomyous FTP access to your system. Yes,
notice, you must configure you network connection! yum install vsftpd chkconfig
vsftpd on service vsftpd start Didnt had the second part, with deny just that a
nonymous users should have acces s Questions 12 | CONFIGURE "web server": Config
ure your system as "web server" for the sitehttp://serverX.example.com . D ownlo
ad the web page fromftp://instructor.example.com/updates/station.html Renam

e the the downloaded page as "index.html" Copy the "index.html" page to the "doc
ument root" Do not make any modifications to the content of index.html. Similia
r installation as vsftpd packege name is httpd Dont forget to configure /etc/htt
pd/conf/httpd.conf NameVirtualHost XX:80 <VirtualHost XX:80> DocumentRoot /var/w
ww/html/ ServerName station.domainXX.example.com </VirtualHost> Questions 13 | A
DD USERS: Create the user "dax" with uid 4223. --> ok Questions 14 | EXTEND SWAP
SPACE: Extend the SWAP space with "250" MB dont remove the existing swap. --> y
es check first questions and create new logical/extended partition Questions 15
| LOCATE THE FILES: locate the files of owner "dax" and copy to the directory /r
oot/found directory --> yes, find / -user dax -exec cp -prf {} /dest_folder/ \;
Questions 16 | SEARCH FOR WORD: List all lines which have string "full" from "/u
sr/share/dict/words" file and co py the lines in /root/word.found. --> simply to
do for grep
Questions 1 | CREATE LVM Create the "LVM" with the name "source" by using 26PE's
from the volume group "o pen". Consider the PE size as "8MB". Mount it on /mnt/
secret with filesystem vfa t. root@rhel01 ~]# pvcreate /dev/sdc Writing physical
volume data to disk "/dev/sdc" Physical volume "/dev/sdc" successfully created
root@rhel01 ~]# vgcreate -s 8m open /dev/sdc Volume group "open" successfully cr
eated [root@rhel01 ~]# vgs VG #PV #LV #SN Attr VSize VFree VolGroup 1 2 0 wz--n19.51g 0 open 1 0 0 wz--n- 7.99g 7.99g [root@rhel01 ~]# vgdisplay open --- Volu
me group --VG Name open System ID Format lvm2 Metadata Areas 1 Metadata Sequence
No 1 VG Access read/write VG Status resizable MAX LV 0 Cur LV 0 Open LV 0 Max P
V 0

Cur PV Act PV VG Size PE Size Total PE Alloc PE / Size Free PE / Size VG UUID
1 1 7.99 GiB 8.00 MiB 1023 0 / 0 1023 / 7.99 GiB QhlZRz-MAk1-5Y9y-UbYi-LaYS-41lF
-KUEzeN
lvm> lvcreate -L 8M -n source open Logical volume "source" created lvm> lvs LV V
G Attr LSize Pool Origin Data% Move Log Copy% Convert lv_root VolGroup -wi-ao-18.51g lv_swap VolGroup -wi-ao-- 1.00g source open -wi-a--- 8.00m
[root@rhel01 ~]# mke2fs -t vfat /dev/open/source mke2fs 1.41.12 (17-May-2010) Fi
lesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2
) Stride=0 blocks, Stripe width=0 blocks 51296 inodes, 204800 blocks 10240 block
s (5.00%) reserved for the super user First data block=0 Maximum filesystem bloc
ks=209715200 7 block groups 32768 blocks per group, 32768 fragments per group 73
28 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840 Wr
iting inode tables: done Writing superblocks and filesystem accounting informati
on: done
[root@rhel01 ~]# mount /dev/open/source /mnt/secret/ Questions 2 | USER'S GROUPS
AND PERMISSION: Create a group named "sysadmin" A user sarah and natasha should
belongs to "mana ger" group as a secondary group . A user harry should not have
access to interac tive shell and he should not be a member of "manager" group.
passwd for all user created should be "password". Question 2 Create a group name
d "sysadmin" #groupadd -q 25000 sysadmin A user sarah and natasha should belongs
to "manager" group as a secondary group # groupadd -q 25001 manager # useradd G manager sarah;passwd sarah # useradd -G manager natasha;passwd natasha A user
harry should not have access to interactive shell and he should not be a member
of "manager" group

useradd harry;passwd harry #vi /etc/passwd. Look for harry and change "/bin/bash
" to "/sbin/nologin". save and exit. Questions 3 | DIRECTORY COLLABORATION: Crea
te the Directory "/home/manager" with the following characteristics. Group o wne
rship of "/home/manager" should go to "manager" group. The directory should b e
have full permission for all members off "manager" group but not to any other us
ers accept "root". Files created under "/home/manager" should get the same gro u
p ownership is set to the "manager" group. # mkdir /home/manager # chown nobody.
manager /home/manager # chmod 2770 /home/manager Questions 4 | UPDATE THE KERNEL
: Install the appropriate Kernel fromftp://instructor.example.com/ftp/updates. Y
ou r machine should boot with updated kernel. there are two ways: first, we can
get the related rpm from this ftp with wget for example: #wget ftp://instructor.
example.com/ftp/updates/kernel-2.6.32-XX.el6.x86_64.rpm then we can install it:
#rpm -ivh kernel-2.6.32-XX.el6.x86_64.rpm The second and fastest way is using yu
m: #yum update kernel This option needs to set this ftp as a local repository, a
dding a .repo file in /etc/yum.repos.d/ Questions 5 | CRON JOB: The user sarah m
ust configure a cron job that runs today at 14:23 today. and exe cutes "/bin/ech
o "hyer" and deny the user max for creating cronjob . Since the job is specific
and not periodically, we will use the command at: #at 1423 >/bin/echo "hyer" >EO
T to deny max use cronjob we need tu include him in /etc/cron.deny and /etc/at.d
en y Questions 6 | RESIZE LVM: Resize the lvm "/dev/vgsrv/home" (/dev/myvol/vo)
so that after reboot size shoul d be in between 90MB to 120MB.. [root@rhel01 ~]#
lvs LV VG Attr LSize Pool Origin Data% Move Log Copy% Convert lv_root VolGroup
-wi-ao-- 18.51g lv_swap VolGroup -wi-ao-- 1.00g source open -wi-ao-- 800.00m hom
e vgsrv -wi-a--- 200.00m [root@rhel01 ~]# lvresize /dev/vgsrv/home -L 120M WARNI
NG: Reducing active logical volume to 120.00 MiB THIS MAY DESTROY YOUR DATA (fil
esystem etc.) Do you really want to reduce home? [y/n]: y Reducing logical volum
e home to 120.00 MiB Logical volume home successfully resized [root@rhel01 ~]# l
vs LV VG Attr LSize Pool Origin Data% Move Log Copy% Convert lv_root VolGroup -w
i-ao-- 18.51g lv_swap VolGroup -wi-ao-- 1.00g source open -wi-ao-- 800.00m home
vgsrv -wi-a--- 120.00m

[root@rhel01 ~]# vgrename /dev/vgsrv /dev/myvol Volume group "vgsrv" successfull

y renamed to "myvol" [root@rhel01 ~]# lvrename /dev/myvol/home /dev/myvol/vo Ren
amed "home" to "vo" in volume group "myvol"
Questions 7 | BIND THE "LDAP" FOR USER AUTHENTICATION: Note the following. BASE
DN: dc=example,dc=com ldap path ldap://instructor.examp le.com/ Download the cer
tificate from "ftp://instructor.example.com/pub/EXAMPLECA-CERT"Ldap user should
login into your system . Where "X" is your system no. Questions 8 | "NTP" CLIENT
: Configure your system as "NTP" client for "instructor.example.com". Questions
9 | AUTOMOUNT THE HOME DIRECTORY FOR LDAPUSER Note the following. instructor.exa
mple.com(192.168.0.254) "Nfs exports" /home/gu ests to your system where "x" is
your station ip. Ldapuser's home directory is i nstructor.example.com:/home/gues
ts/ldapuserx. Ldapuser's home directory should b e automounted locally beneath a
t /home/guests/ldapuserx. While login with any of the ldapuser then only home di
rectory should accesible from your system that ld apuserx. Questions 10 | ACCESS
CONTROL LIST: Copy the file /etc/fstab to /var/tmp and configure the "ACL" as m
ention followin g. The file /var/tmp/fstab is owned by the "root". The file /var
/tmp/fstab belon gs to the group "root" The file /var/tmp/fstab should not be ex
ecutable by other 's. The user "sarah" should able to read and write to the file
. The user "natash a" can neither read nor write to the file. other users (futur
e and current) shuo ld be able to read /var/tmp/fstab. Create a directory /data
,set default group a s ftp so that when content will be created under this dir g
roup ftp will be inhe rited. Questions 11 | CONFIGURE FTP SERVER: Configure FTP
access from your system. Clients within the remote.test should not have anonomyo
us FTP access to your system. Questions 12 | CONFIGURE "web server": Configure y
our system as "web server" for the sitehttp://serverX.example.com . D ownload th
e web page fromftp://instructor.example.com/updates/station.html Renam e the the
downloaded page as "index.html" Copy the "index.html" page to the "doc ument ro
ot" Do not make any modifications to the content of index.html. Questions 13 | A
DD USERS: Create the user "dax" with uid 4223. useradd -u 4223 dax Questions 14
| EXTEND SWAP SPACE: Extend the SWAP space with "250" MB dont remove the existin
g swap. Questions 15 | LOCATE THE FILES: locate the files of owner "dax" and cop
y to the directory /root/found directory Questions 16 | SEARCH FOR WORD: List al
l lines which have string "full" from "/usr/share/dict/words" file and co py the
lines in /root/word.found.
Well, first of all candidates will have to break the root password and set the p

assword to whatever is specified in the question paper. Repository And after you
configure the network, you have to connect to the repository. In a dditional in
formation, Redhat will give instructions for configuration of the re pository. T
hey will give an url which looks like this: ftp://redhat.domain10.example.com/ft
p/pub/updates/x86_64Server Be careful, the spelling of server at the end starts
with a capital S and not sm all s. This is a big mistake made by many candidates
, due to which repository wi ll not work. Just write down that url in the paper
provided because copy and pas te will not work. Now carry out the following step
s: [root@station]# vim /etc/yum.repos.d/max.repo (Inside the directory /etc/yum.
re pos.d/ create a file with any name but the extension should be .repo which st
and s for repository linker file) Inside the file max.repo type in the following
information: [Server] name=redhat baseurl=ftp://redhat.domain10.example.com/ftp
/pub/updates/x86_64Server enabled=1 gpgcheck=0 Save & Quit the file (Use :wq) In
the name field u can give any name; In the 1st line, u can give any word; But i
n the 3rd line, u have to give the ftp path given for configuring the reposito r
y. Type the path very carefully, check twice and then give the following comman
d to verify: [root@station]# yum repolist This command will show whether your re
pository has been configured correctly. After this u can give commands like: [ro
ot@station]# yum install y samba* Always keep 2 things in mind: 1) Always use yum
install y. The y switch will reduce your time as it will automat ically provide ye
s option to any user interaction required. This basically perform s unattended in
stallation with yes as default answer. 2) When installing any package for a servic
e, first check whether the package is already installed. Give: [root@station]# r
pm qa | grep <package name> In package name always use wildcard(*). Ex: ftp*, sam
ba*, nfs*, ssh*,ldap*. While installing also, use * for packages, because there
can be multiple package s. That concludes the pre-requisites for you to attempt
the main questions. I will list the questions along with answers. Most will be c
orrect. Q1. Create the following users, groups and group memberships: - Create a
group named sysadmin - A user saarawho belongs to sysadmin as a secondary group
. - A user Natasha who also belongs to sysadmin as a secondary group. - A user h
arry who does not have access to an interactive shell on the system, and who is
not a member of sysadmin. - Saara, Natasha and harry should all have the passwor
d of avaster. # Groupaddsysadmin # Useraddsaara # Useradd Natasha

# # # # # #
Useradd s /sbin/nologin harry Passwd saara Passwd Natasha Passwd harry Usermod G s
ysadmin saara Usermod G sysadmin natasha
Q2. Create a collaborative directory /shared/sysadmin with the following charact
eristics: - Group ownership of /shared/sysadmin is sysadmin. - The directory sh
ould be readable, writable and accessible to members of sysa dmin, but not to an
y other user.(It is understood that root has access to all fi les and directorie
s on the system). - Files created in /shared/sysadmin automatically have group o
wnership set to the sysadmin group. # Mkdir -p /shared/sysadmin # Chgrpsysadmin
/shared/sysadmin # Chmod g+s /shared/sysadmin # Chmod g+rwx /shared/sysadmin # C
hmod o-rwx /shared/sysadmin Q3. Install the appropriate kernel update from ftp:/
/instructor.example.com/ftpu pdates. Thefollowing must also be met: - The update
d kernel is the default kernel when the system is rebooted. - The original kerne
l remains available and bootable on the system. # uname r # Wget ftp://instructor
.example.com/ftpupdates/kernel* # Rpm ivh kernel<TAB> # Vim /etc/grub.conf Check
for default (0 or 1) "Just make sure that u execute the rpm -ivh command from th
e same directory whic h contains the new kernel just downloaded" Q4. Enable IP f
orwarding. vim /etc/sysctl.conf net.ipv4.ip_forward=1 :wq #sysctl p Q5. The user
saara must configure a cron job that runs daily at 15:25 local ti me and execute
s - /bin/echo hello. # rpm q cronie (it shows whether crond was installed or not)
If its not installed # yum install cronie # service crond restart #chkconfig cr
ond on # su saara $ crontab e 25 15 * * * /bin/echo hello
Q6. Resize the LVM(200MB)so that it should be in between 400MB to450MB. (or) 130
MB to 150MB.

For Extending: # lvs # df h /dev/vgname/lvname # Lvextend L +210M /dev/vgname/lvna

me (or) # Lvresize L 420M /dev/vgname/lvname # Resize2fs P /dev/vgname/lvname # df
h /dev/vgname/lvname # lvs (or) lvdisplay For Shrinking # # # # # # # # # lvs df
h /dev/vgname/lvname umount /dev/vgname/lvname e2fsck f /dev/vgname/lvname Resize
2fs /dev/vgname/lvname 150M Lvresize L 150M /dev/vgname/lvname mount /dev/vgname/
lvname df h /dev/vgname/lvname Lvs (or) lvdisplay
Q7. Bind the LDAP for user authentication. Note the following: - Dc=station, dc=
example,dc=com - Ldap path ldap://instructor.example.com/ - Download the certifi
cate from http://instructor.example.com/pub/EXAMPLE-CA-C ERT - ldapuserx should
be able to log into your system, where x is your station nu mber, but will not h
ave a home directory until you have completed the autofs req uirement. # Systemconfig-authentication User account LDAP Dc=station, dc=example,dc=com ldap://ins
tructor.example.com/ tick use tls http://instructor.example.com/pub/EXAMPLE-CA-C
ERT authentication method LDAP password # getent passwd ldapuserx # service sssd
restart # chkconfig sssd on ===================================================
= Q8. Configure autofs to auto mount the home directories of LDAP users. Note th
e following: - instructor.example.com(192.168.0.254) NFS-exports /home/guests to
your syste m, where is x is your station ip. - Ldapuserxs home directory is inst
ructor.example.com:/home/guests/ldapuserx - Ldapuserxs home directory should be a
utomounted locally beneath /home as /hom e/ldapuserx. - Home directories must be
writable by their users. - While you are able to log in as any of the users lda
puser1 through ldapuser2 0, the only home directory that is accessible from your
system is ldapuserx. # Vim /etc/auto.master /home/guests /etc/auto.guests # Vim
/etc/auto.guests LdapuserX -rw instructor.example.com:/home/guests/ldapuserX #
Service autofs reload

# Su ldapuserX
Q9. Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tm p
/fstab so that: - The file /var/tmp/fstab is owned by the root user. - The file
/var/tmp/fstab belongs to the group root. - The file /var/tmp/fstab should not b
e executable by anyone. - The user saara is able to read and write /var/tmp/fsta
b. - The user Natasha can neither write nor read /var/tmp/fstab. - All other use
rs (current and future) have the ability to read /var/tmp/fstab . # # # # # # #
Cp /etc/fstab /var/tmp/fstab Chown root /var/tmp/fstab Chgrp root /var/tmp/fstab
Chmod 664 /var/tmp/fstab Setfacl m u:saara:rw- /var/tmp/fstab Setfacl m u:Natasha
:--- /var/tmp/fstab Setfacl m o::r-- /var/tmp/fstab
================================================================================
Q10. Configure your system so that it is an NTP client of instructor.example.c
om # System-config-date Synchronize date and time over network Add instructor.ex
ample.com in NTP server In advance speed up initial synchronize Ok