RH134 Notes

Red Hat System Administration 2 (RH134) Notes
Automate Installation with Kickstart:

To automate the installation of Red Hat Enterprise Linux a feature called Kickstart. A single file
containing the answers to all the questions that would normally be asked during a typical
installation. Kickstart installations can be performed using a local CD-ROM, a local hard drive, or
via NFS, FTP, or HTTP. Kickstart perform Automatic Installations of RHEL/CentOS 7, without the
need for user intervention, the machines using a Kickstart file read from a local FTP server.
Kickstart in RedHat Enterprise Linux is similar to unattended installation for Microsoft Windows.
The default configuration file for kickstart “anaconda-ks.cfg” is available in the home directory
of the root user. In kickstart configuration file lines start with # characters are comments that
are ignored by the installer. Line that starts with a % character and end with the %end is
directive. The %packages section specifies the software to be installed on the target system.
%post, Configure the system after all the software has been installed. The %pre, script is
executed before any disk partitioning is done.
Commands Description
[root@server ~] # ls Default Kickstart configuration file location
# yum install -y system-config-kickstart Install GUI package of kickstart
# yum install -y vsftpd Install FTP for network access
# systemctl start vsftpd Start FTP services
# systemctl enable vsftpd Start Ftp services on boot
# mount /dev/cdrom /var/ftp/pub/ Mount Centos or RedHat DVD to FTP folder
# setenforce 0 Temporary disable SELinux Security
# systemctl stop firewalld Stop Firewall temporary OR
# firewall-cmd --permanent --add-service=ftp Add the firewall for FTP
# firewall-cmd --reload After add role reload the firewall
# system-config-kickstart Open Kickstart from command line
Applications> System Tools> Kickstart OR Open kickstart from GUI
# cp ks.cfg /var/ftp/ Copy the save kickstart file to FTP path
# chmod 755 /var/ftp/ks.cfg Set permission on kickstart file
# ksvalidator /var/ftp/ks.cfg Check for kickstart file syntax
ks=ftp://192.168.147.151/ks.cfg Press Tab on client and type FTP location
ks=ftp://192.168.147.151/ks.cfg Press tab on client and type FTP location with
ip=192.168.147.3 netmask=255.255.255.0 static IP and gateway configuration
gateway=192.168.147.2
ks=http://server/directory/ks.cfg Kickstart installation using http
ks=ftp://server/directory/ks.cfg Kickstart installation using ftp
ks=nfs: server:/directory/ks.cfg Kickstart installation using nfs
ks=hd: device:/directory/ks.cfg Kickstart installation using hd
ks=cdrom:/directory/ks.cfg Kickstart installation using CDROM
Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 1

Go to Applications → System Tools → Kickstart for graphical mode or else run # system-config-
kickstart command to open.
1- Choose “Basic Configuration” and choose Default Language, Keyboard layout, Time
Zone, Root Password and Encrypt root password. Select Reboot system after
installation.
2- Select the “Installation Method” Installation Method -Perform new installation.
Installation source FTP, FTP Server: 192.168.147.151, FTP Directory: pub.
3- Select “Boot Loader Options” and choose the required Installation Type: Install new
boot loader, grub password if want set and Install option: Install boot loader on Master
Boot Record (MBR).
4- Choose “Partition Information” and create the partitions details for /boot partitioning.
Now click Add Enter the details for /boot and / partitioning.
5- Select “Network Configuration” and add the Network Device as per requirement.
Choose the DHCP or static IP. Add Network Device: Network Device Name: eth0,
Network Type: DHCP and press OK.
6- Select “Authentication”, Firewall Configuration, Display Configuration, Package
Selection, Pre-Installation Script, Post-Installation Script and finally Save the file.
7- Open the “anaconda-ks.cfg” file and copy the %packages lines to the “ks.cfg” file during
the installation process.
8- Copy or save the ks.cfg file from /root/ks.cfg to the ftp path /var/ftp/.
9- Bootup the client machine with Centos/RHEL 7 installation ISO image.
10- Press the “Tab” button to inject the kickstart configuration file. Type the command
ks=ftp://192.168.147.151/ks.cfg & press “Enter” to continue with the installation.

Use Regular Expressions with Grep:

Regular expressions are used to search and manipulate the text, based on the patterns. Grep
command is used to search for a specific string in a file. Also use regular expressions with grep
command when you want to search for a text containing a particular pattern.
Regular Expressions:
Regular Expressions are special characters which help search data, matching complex patterns.
A Regular Expression, often shortened to “regex” or “regexp”. Regular Expression enhance the
ability to meaningfully process text content, especially when combined with other commands.
Usually, Regular Expressions are included in the Grep command.
Patterns that exactly specify the characters to be matched are called "literals" because they
match the pattern literally, character-for-character.
The period character and the special meta-character (.) is used in regular expressions to mean
that any single character can exist at the specified location.
Anchors are special characters that specify where in the line a match must occur to be valid.
Use the "^" anchor before the literal string. Similarly, the "$" anchor can be used after a string
to indicate that the match will only be valid if it occurs at the very end of a line.
One of the most commonly used meta-characters is the "*", which means "repeat the previous
character or expression zero or more times".
We can escape characters by using the backslash character (\) before the character that would
normally have a special meaning.
One of the easiest and most useful abilities that extended regular expressions open up is the
ability to group expressions together to manipulate. Group expressions together using
parentheses.
A bracket expression is a list of characters enclosed by [and]. It matches any single character in
that list.
Symbol Descriptions
. Match a single character of any value
^ Anchors symbol to match a starting at the beginning of line
$ Anchors symbol to match end of the line
* Matches up zero or more times the preceding character
\ Represent special characters
() Groups regular expressions
? Matches up exactly one character
[] Range of character
^$ Count of empty lines

Grep Command:
The grep command which stands for “Global Regular Expression Print,” The grep command is
used to search text or searches the given file for lines containing a match to the given strings or
words. Use grep to search for lines of text that match one or many regular expressions, and
outputs only the matching lines. Grep is a powerful file pattern searcher in Linux.
# yum install grep Install grep package
# grep “linux” file Search the given string in specified file
# grep -i "linux" file Case insensitive search
# grep -v linux file Display don't contain a specified string
# grep “fast. *host” file Regular expression anything
# grep -n "word*" file Displaying the line numbers contains matches
# grep -color "linux" file Highlighting matched search
# grep ^root /etc/passwd Display lines starts with root word
# grep bash$ /etc/passwd Display line ends with bash word
# grep -r linux /etc Search pattern recursively
# grep -c 'test' file Counting the lines when word match
# grep c.t /usr/share/dict/words Contains any single character between c and t
# grep c..t /usr/share/dict/words Contains any two characters between c and t
# grep -A 2 'test' file Display 2 lines after the regex match
# grep -B 2 'test' file Display 2 lines before the regex match
# grep -C 2 'test' file Display 2 lines before & after the regex match
# grep c[aou]t /usr/share/dict/words Contains any one character found in bracket
# grep -e cat -e tele /usr/share/dict/words Contains either string in the file
# grep "^[A-Z]" file Find every line that begins with a capital letter
Grep Option Description Grep Option Description

-i Ignore case -c Count of matching
-v Invert match -A Print n number of lines After
matching
-e multiple search patterns -B Print n number of line Before
matching
-r Read all files under each -C Print n number of line before
directory, recursively and after matching
-n Line Number -w matches the whole words

Create and Edit Text Files with Vim:

Introduce the vim text editor, with which you can open, edit, and save text files.
VIM text Editor:

Vim short for Visual Interface IMprove is an improved version of VI (Visual Interface), a famous
text editor in Linux. VIM is display-oriented: the screen of terminal acts as a window into the
file you are editing. Changes you make to the file are reflected in what you see. Vim is
backward-compatible with VI. Vim editor provides syntax highlighting, completion modes, spell-
checking, scripting in multiple languages, file-type plug-ins, and many other options. VIM editor
is a full screen editor and has three modes of operation:
Command Mode:
Commands which cause action to be taken on the file. This mode is used for file navigation, cut
and paste, and simple commands such as undo and redo.
Insert Mode:
This mode is used for normal text editing means entered text is inserted into the file. Accessed
by typing the letter “I”, we simply enter text. Most keystrokes result in text appearing on the
screen. To get out of insert mode, hit the “esc” Escape key. Once you press “Esc” Escape key it
will turns off the Insert Mode.
Last-Line Mode:
This mode is used to save, quit and open files, as well as search & replace and other operations.
Press”:” and VI will switch to Last-Line Mode. Enter a command like “:w” to write the file or
“:q” to exit the editor.
Starting VIM:
You may use vim to open an already existing file by typing (#vim filename) where "filename" is
the name of the existing file. If the file is not in your current directory, you must use the full
pathname. Or you may create a new file by typing (#vim newname) where "newname" is the
name to give the new file. Once open new file on-screen, you will see blank lines, each with a
tilde (~) at the left, and a line at the bottom giving the name and status of the new file:
Insert Mode Commands:

Key Command Description
i Insert text before the current cursor position
I Insert text at the beginning of the cursor line
a Append text following current cursor position
A Append text to the end of current line
o Open a new line following the current line and add text there
0 Open a new line in front of the current line and add text there

Command Mode Commands:

Key Command Description
h or Left Arrow Go one character to the left
j or Down Arrow Go down one line
12j Move the cursor 12 lines down
k or Up Arrow Go up one line
l (lowercase L) or Right Arrow Go one character to the right
$ Go to the end of the current line
G Move to the last line of the document
gg Move to the first line of the document
w Forward one word
5w Forward five words
b Backward one word
( Move cursor to beginning of current or previous sentence
) Move cursor to beginning of next sentence
{ Move to beginning of current/previous paragraph
} Move cursor to beginning of next paragraph
Last-Line Mode Commands:

:w Save the current file and remain in editor
:x Save and quit the current file
:q Quit without saving changes
:q! Quit the current file ignoring any unsaved changes
:w file Save the current file under a different file name
:wq Save and quit the current file
:r filename Open a file
VI Editor More Commands:
Key command Description
H Go to the top of the screen
L Go to the bottom of the screen
0 (zero) Go to the beginning of the current line
Ctrl-B Go back one screen
Ctrl-F Go forward one screen
r Replace the character at the current cursor position
R Overwrite at the current cursor position
x Delete the character at the current cursor position
X Delete the character immediately before (to the left)
dd Cut (for later pasting) the entire current line
D Cut from the current cursor position to the end of the line
yy or Y Yank (copy) the entire current line
p Paste after (next line) the current cursor position
P Paste before (previous line) the current cursor position

. (period) Repeat the last command
u Undo the last command
U Undo the last command in the last line.
n Find the next match in a search
N Find the previous match in a search
cw Change current word to a new word
:/ To search forward
:? To search backward
: set number Enables line numbers
: set nu Enables line numbers
: set nonu Turn line numbers off
: set nonumber Turn line numbers off

Schedule Future Linux Tasks:

Schedule tasks to automatically execute in the future. There are two basic daemons for
scheduling tasks on a Linux System “at” command which is very useful for scheduling one time
tasks and “crontab” are for routine tasks.
AT Command:
The “at” command schedules a command to be run once at a particular time. It reads
commands from standard input or script or file which can be executed later once. The “at”
command can’t be used for any recurring tasks. For recurring tasks Linux crontab is use. For
normal users, permission to use “at” command is determined by the files /etc/at.allow and
/etc/at.deny. If the file /etc/at.allow exists, only usernames mentioned in it are allowed to use
at. If /etc/at.allow does not exist, /etc/at.deny is checked, every user name not mentioned in it
is then allowed to use at. If neither exists, only the superuser is allowed use of “at”.
Run AT Command:
To start “at” command run “at” the command line, passing it the scheduled time as an option.
It will place you at a special prompt, type the command or series of commands to be run at the
scheduled time. When done, press Control-D on a new line, and the command will be placed in
the queue.
# yum install at Install at package
# systemctl start atd Start at command service
# systemctl enable atd Enable at package service on boot
# systemctl status atd Check at command status
# at 4:30pm November 20 At command passing scheduled time
at> touch output.txt Passing touch command to create file
at> date > output.txt Passing another command to save in file
at> ctrl + D Press Ctrl + D to terminate at command
# at 4:30pm November 20 enter At command passing scheduled time
at> whoami > /name.txt Passing the whoami command to save in file
at> date > /date.txt Passing another date command to save in file
at> ctrl + D Press ctrl + D to get out from at command
# at now + 1 minute at> cal >/cal.txt Just after one minute calendar int file
# at now + 30 minutes Just after 30 minutes
# at now + 1 hour Just after 1 hour
# at now + 1 week Just after 1 week
# at now + 2 week Just after 2 weeks
# atq View currently-queued at jobs
# at -l List each of the scheduled jobs
# at -c JOBID List job contents
# atrm 1 OR # at -r 1 Remove the at job number 1

Crontab Command:
Linux crontab is similar to windows task schedules. Crontab are very useful for routine tasks like
scheduling system scanning, daily backups etc. Crontab executes jobs automatically in backend
on specified time interval. For scheduling one time tasks you can use at command in Linux.
Cron is a scheduler that can run commands at regular intervals. It's often referred to as crontab
which is name of its configuration file and the tool used to edit the configuration file.
Crontab file consists of command per line and have six fields actually and separated either of
space or tab. The beginning five fields represent time to run tasks and last field is for command.
[Minute] [Hour] [Day_of_the_Month] [Month_of_the_Year] [Day_of_the_Week] [Command]
To configure cron jobs modify the /etc/crontab file. Allowed special character are (*, -, /, ?, #).
Character Description
Asterisk (*) Match all values in the field or any possible value
Hyphen (-) To define range
Slash (/) 1st field /10 meaning every ten minutes or increment of range
Comma (,) To separate items

# yum install cronie Install cron package
# systemctl restart crond Restart cron service
# systemctl status crond Check whether the crond service is running
# cat /etc/crontab Checking crontab format
# crontab -e Add or update job in crontab (e=edit)
# crontab -u username -e Add or update job in crontab for another user
# crontab -l View crontab entries of current user (l=list)
# crontab -u username -l View crontab entries of another user (l=list) (u=user)
# crontab -r Remove crontable entries (r=remove)
# crontab -e Add job to cron table
0 1 * * 5 /scripts/script.sh Schedule the script to run at 1AM every Friday
minute: 0, hour: 1, Day of month: * (Every day of
month), Month: * (Every Month) & Day: 5 (Friday)
* * * * * touch /test.txt Runs every minute, to create test.txt file
30 6 * * * <Command> Runs at 6:30 am every day
30 18 * * * <Command> Runs at 6:30 pm every day
00 11 * * * rm -f /var/tmp/* Runs at 11 am every day to remove all file from temp

Manage Priority of Linux Processes:

By default, Linux kernel considers all processes equally important and allocates the same
amount of CPU time for each process. Sometimes, you might want to increase or decrease the
priority of certain processes to utilize more CPU time.
Process Definition:
A process is a running program. So, any running program or a command given to a Linux system
is called a process. Linux can run a lot of processes at a time, which can slow down the speed of
some high priority processes and result in poor performance. The default value of all the
processes is 0.
Priority of Process:
When talking about processes priority is all about managing processor time. PR is the process's
actual priority, as viewed by the Linux kernel. The priority of a process denotes how much
processor time allocated to that process.
Nice and Renice Command:

Sometimes, we might want to increase or decrease the priority of certain processes to utilize
more CPU time. This is where the nice and renice commands comes in help.
Nice command is used to run a process with a user defined priority whereas renice command
changing the priority of an already running process. With the help of Nice command in Linux
you can set process priority. If you give a process a higher priority, then Kernel will allocate
more CPU time to that process. Nice command will launch a process with a user defined
scheduling priority.
Whenever a process starts normally, it gets the default nice value (0). If you start a process with
nice command without any arguments, it gets the default value of 10. Here 10 is the niceness
value or priority. Niceness values range from -20 to 19. The negative values such as -20 gives
higher priority to a process and positive values such as 19 gives lower priority.
Regular users are not allowed to start a process with higher priority. You need to be root user
to launch any process with higher priority.
# ps -l Display process nice values
# ps axo user, pid, nice, command Display customize process
# ps axo user, pid, command, nice --sort=nice Display customize process sorted by nice
# nice vim text & Start process with nice default value is 10
# nice -n 15 vim text & Starts the process with 15 nice value
# renice 19 9182 OR renice 19 -p 9182 Change nice value of running process to 19
# top Run Top press r to renice a process
# nice --15 vim & Another way to change nice value
# renice -n -20 -u ahmad Change priority for all running process of user

Control Access to Files with Access Control Lists (ACL):

Files and directories have permission sets for the owner of the file along with the group
associated with that file and all other users of that system. But these permission sets have
some limitations. Such as Different permissions cannot be configured for different users. Thus,
Access Control Lists (ACLs) were implemented. ACLs can be configured as Per User, Per Group
and For Users not in the User Group for the file.
ACLs requires kernel support and kernel must support ACL in order to implement ACL on Linux
distribution. Along with support in the kernel, the ACL package is also required to implement
ACLs. ACL package contains the utilities used to add, modify, remove, and retrieve ACL
information from a file and folder. The filesystem needs to be mounted with ACL support
enabled. XFS filesystems have built-in ACL support and Ext4 filesystem in RHEL7 have ACL
option enabled by default.
ACL use only two commands getfacl (Get File Access Control Lists) to see ACL permissions on
directory/file and setfacl (Set File Access Control Lists) to set ACL permissions. The + sign at the
end of the permissions. This confirms that the file has an ACL attached to it. POSIX (Portable
Operating System Interface) ACL are two types ACLs:
Access ACLs:
Access ACLs is used to grant permissions for a particular file or directory.
Default ACLs:
Default ACL can be used on directory level only. Any sub directory or file created within that
directory will inherit the ACLs from its parent directory. Make use of “–d” for setting default
ACLs and Default ACLs are optional.
# cat /boot/config* | grep _ACL OR To check kernel supports ACL or not
# grep -i acl /boot/config* If display ACL= y, kernel support ACL
# yum install acl To install ACL
# ls -l file.txt OR # ll file.txt Display ACL and permission of file
# getfacl file.txt Display ACL and permission of file
# setfacl -m u: ahmad:rw file.txt Set ACL for user ahmad on file.txt
# setfacl -m g:hr:rw dir1 Set ACL for group hr on directory dir1
# setfacl -m d: o:rx dir1 Set default ACL for directory dir1
#setfacl -d -m u: ahmad:rx dir1 Set default ACL for user ahmad on dir1
# setfacl -R -m g:hr:rw dir1 Set ACL on all files & subfolders in a dir1
# setfacl -R -b dir1 Remove ACL for all users from directory dir1
# setfacl -x u: ahmad file.txt Remove ACL for user ahmad only on file.txt
# setfacl -x g:hr file.txt Remove ACL for group hr only on file.txt
# setfacl -b file.txt Remove entire ACL from file or folder
# setfacl -m u: ahmad:- file.txt Deny already allowed user on file.txt
# setfacl -m o:rwx file.txt Set ACL for all users on file.txt
# setfacl -m o:- file.txt Remove ACL for all other users on file.txt

Manage SELinux Security:

Manage the Security Enhanced Linux (SELinux) behavior of a system to keep it secure in case of
a network service compromise. SELinux is the security implementation which enhances system
security and in the event of security breach, it stops that from spreading in entire system.
SELinux:
Security Enhanced Linux (SELinux) is an additional layer security for the system. A primary goal
of SELinux is to protect user data from system services that have been compromised. It as a set
of security rules that determine which process can access which files, directories & ports, with a
special security label called SELinux context.
SELinux Example:
Suppose we are running a web server which hosts several websites. To allow access on
websites we have to open several ports in firewall. Hackers may use these ports to crack the
system through the security exploits. And if that happens, hackers will gain the access
permission of web server process. To serve web pages, usually a web server process has read
permission on document root and write permission on the /tmp and /var/tmp directory. With
this permission, hackers can write malicious scripts in /tmp directory which can be used to hack
other services available on server. This way one infected process can cause a huge security rick
to all services running on server. If SELinux is enabled, hackers will not be able to access the
other services available on sever as well as they will not be able to write anything in /tmp or
/var/tmp directory.
SELinux Modes:
SELinux works in three modes; Disable, Permissive and Enforcing. In disable mode SELinux
remains completely disable. If SELinux is enabled, it will be in either Permissive mode or in
Enforcing mode. In permissive mode SELinux will only monitor the interaction. In enforcing
mode SELinux will also filter the interaction with monitoring. No reboot is required to go from
enforcing to permissive or back again. A system reboot is required to disable SELinux entirely,
or to get from disabled mode to enforcing or permissive mode. If configuration file value is set
to disable, after reboot, Linux will not load any libraries associated with SELinux. So, it will not
allow switch between enable and disable mode in running session.
SELinux Policy:
To protect the system SELinux uses the policy. A SELinux policy is basically a set of rules that
defines which process can access which files, directories and ports. With these rules set an
application will be able to access only the certain types of files and process which it requires to
function, nothing extra. SELinux uses context to identify the associated resources with an
application or process.

SELinux Context:
A context is the collection of security related information assigned on each object file,
directory, application, port, process etc of Linux file system. SELinux uses context to make
access control decision. To view the context of an object we can use Z flag with regular listing
command. Context always consists of four parts; User Part, Role Part, Type Part and Sensitivity
Part. Each part is separated by a colon (:).
User Part:
User Part is the first part. It ends with _u in the context label. In context label, it represents
SELinux user account. Each Linux user account is mapped with a SELinux user account. SELinux
does this mapping in policy.
Role Part:
Role Part is the second part in context label. It ends with _r. In SELinux policy role defines what
a subject can do with an object in specified domain. A subject is a user or a daemon or a
process which access the object. An object is a resource such as file, directory, process,
hardware device or network application which is accessed by subject. A domain defines what a
subject can do and what it can’t do. It is just like a bubble around the subject.
Type Part:
Type Part is third part in context label. It ends with _t. This part defines what kind of object is it.
For example, a type for file defines what kind of file is it such as /etc directory file, web page
file, hardware device file or network file.
Sensitivity Part:
Sensitivity Part is fourth and last part of security context label. This part defines multiple layer
of security. This part is used only when SELinux policy type is set to MLS mode.
SELinux Policy Mode:

SELinux policy modes control the behavior of SELinux. There are two modes; MLS and targeted.
MLS mode is developed for the departments which require very high level of security such as
Military, Defense, etc. Targeted mode is the default mode. In this mode SELinux targets only the
selected process. SELinux policy modes are also controlled by the same file which control the
SELinux mode /etc/selinux/config.

Update Type Context:

When copied the file, its type context changed. While when moved the file, its type context
remain unchanged. There are two commands to update the SELinux context:
The Chcon (Change Context) command is used to change the SELinux context for files. Changes
made with this command do not survive the file system relabel, or the execution of restorecon
command. Chcon temporarily changes the context of files, it means after the execution of
restorecon command the context will be reset.
The Semanage command is used to change the SELinux context of a file or directory
persistently. The Semanage command updates SELinux policy directly. When it used with the
fcontext argument, is used to define SELinux file contexts for file. It basically adds the new
definition to the file, /etc/selinux/targeted/contexts/files/file_contexts.
SELinux Booleans:
SELinux Booleans are just like a switch which can be on or off as per requirement. SELinux
provides several ready to use Booleans to secure the default Linux environment. SELinux
Booleans are SELinux policy setting. A SELinux Boolean can be either on or off. If Boolean is on,
SELinux will permit the associate action. If Boolean is off, SELinux will deny the associate action.
# getenforce View the current status of SELinux
# sestatus OR details view of SELinux Status
# setenforce 0 Put SELinux in permissive mode OR
# setenforce permissive Put SELinux in permissive mode
# setenforce 1 Put the SELinux in enforcing mode OR
# setenforce enforcing Put the SELinux in enforcing mode
# vim /etc/selinux/config SELinux configuration file location
SELINUX = enforcing Permanently put SELinux in enforcing mode
SELINUX = permissive Permanently put SELinux in Permissive mode
SELINUX = disabled Permanently put SELinux in Disable mode
# ls –lZ View the context of files and directories
# netstat –Ztulpen View the context of network ports
# ps Zaux View the context of running process
# id -Z View the context of current user
# yum -y install httpd Install web server package
# systemctl start httpd Start web server services
# systemctl enable httpd Start Web Server services on boot
# cd /var/www/html Change to HTTP Sever default document root
# vim index.html Create index.html file
<h1> SELinux LAB Work</h1> Write some heading and bold text in
<b> This is just Test </b> index.html file

http://192.168.147.151/ Access the file by IP or localhost through

http://localhost/ Firefox web browser
# cd ~ Change directory to home
# vim test1.html In home directory create test1.html file
<h1> This is Test 1 Web Page</h1> File contents
# vim test2.html In home directory create test2.html file
<h1> This is Test 2 Web Page</h1> File 2 contents
# ls -lZ test* View the security context of both test files
# cp test1.html /var/www/html Copy test1.html file to default document root
# mv test2.html /var/www/html Move test2.html file to default document root
# ls -lZ /var/www/html After move & copy check security context again
http://192.168.147.151/test1.html Access test1.html web page from browser
http://192.168.147.151/test2.html Access test2.html web page from browser
# chcon -v -t httpd_sys_content_t Change context temporary of test.html file
test2.html
# restorecon -v test2.html Restore default context of test2.html file
# semanage fcontext -a -t Permanently, change context of files or folders
httpd_sys_content_t “/www/html/(/.*)?”
# restorecon -v -R -i /www/html Run after you set the context of file
# # tailf /var/log/messages Monitoring SELinux violations log messages
# tailf /var/log/audit/audit.log Monitoring SELinux violations log audit
Applications -> Sundry -> SELinux GUI SELinux troubleshooter tool
Troubleshooter
# semanage login -l Display SELinux user mapping
# cat /etc/selinux/targeted/setrans.conf Display sensitivity mapping file
# getsebool -a View all available Booleans
# getsebool ftp_home_dir View the status of a single Boolean
# getsebool -a | grep ftp Search for specific Boolean
# semanage boolean -l Detailed information about available Booleans
# semanage boolean -l | grep ftp Search for specific Boolean
# setsebool ftp_home_dir on Temporary Enable FTP Boolean, using on
# setsebool ftp_home_dir 1 OR Temporary Enable FTP Boolean using 1
# setsebool ftp_home_dir off Temporary Disable FTP Boolean, using off
# setsebool ftp_home_dir 0 OR Temporary Disable FTP Boolean using 0
# setsebool -P ftp_home_dir on Permanently Enable FTP boolean using on
# setsebool -P ftp_home_dir off Permanently Disable FTP boolean using on
#cd /sys/fs/selinux/booleans SELinux Booleans setting file location
# yum install policycoreutils-gui.x86_64 Install SELinux Graphical interface
# system-config-selinux Open SELinux Graphical Interface
Application->Other->SELinux Management

Add Disks, Partitions, and File Systems to a Linux System:

Linux disk management includes several important tasks such as adding or removing storage
devices, creating and deleting partitions, mounting partitions on appropriate directories and
making file system in partitions.
Disk Partitions:
Disk partitioning allows a hard drive to be divided into multiple logical storage units referred to
as partitions. By separating a disk into partitions, system administrators can use different
partitions to perform different functions. A hard disk needs partition table before it can be
used. There are two types of partition table MBR and GPT. If system is equipped with BIOS, only
MBR partition table can be used while if system is equipped with UEFI, any partition table can
be used.
BIOS / UEFI:
When the computer power on, the first program which starts is either a BIOS or a UEFI. This is
the starting point of computer. It performs a series of diagnostic test to detect and connect
CPU, Memory, Keyboard, Hard disks and other peripherals. This process is known as Power on
Self-Test (POST). If all peripherals are connected without any issue, BIOS/UEFI will find and
execute the boot loader program.
BIOS UEFI
BIOS stands for Basic Input Output System Stands for Unified Extensible Firmware Interface
BIOS is the classical approach to detect and UEFI is the modern way to start the system. It is
connect peripherals in system developed as the replacement of BIOS
BIOS was invented for PC in 1982 UEFI became available for all in 2007
BIOS provides very basic functionality. It UEFI provides backward compatibility, pre-boot
does not provide any troubleshooting environment which has its own shell, drivers
utility and applications. This environment includes
basic features for troubleshooting such as
remote diagnosis, emergency mode, Internet
connectivity and storage backup.
All settings are stored in CMOS Memory All settings are stored in Flash memory
BIOS doesn’t include driver for modern Usually UEFI can detect all modern devices
BIOS cannot boot from a partition which is The UEFI firmware can boot from a drive which
larger than 2TiB is up to 9ZiB in size
The BIOS runs in 16-bit processor mode, UEFI can run in 32-bit or 64-bit mode
and has only 1 MB of space to execute in
BIOS supports only MBR partition scheme UEFI supports both MBR and GPT partition

MBR Partition Scheme:

MBR (Master Boot Record) Partition scheme uses first sector of hard disk to store all necessary
information which is required to boot the system including boot loader and partition table.
Boot loader is a small script that is used to load the operating system. Partition table is the
layout of hard disk. The partition table information is stored in 32-bit values. MBR only works
with disks up to 2 TB in size. It only supports up to four primary partitions—if need more
partitions make one of primary partitions as a “Extended Partition” and create logical partitions
inside Extended Partition. In Linux, we can create up to 15 partitions.
GPT Partition Scheme:

GPT Partition Scheme was invented with UEFI standards to meet with the requirement of
modern storage devices. In GPT maximum size of a partition is 8 ZiB. GPT allows maximum 128
partitions. GPT uses a 128-bit global unique ID (GUID) to identify the partition. Since GPT
provides a lot of partitions (128) and much bigger space in each partition there is no need to
divide the partitions in primary, extended and logical partitions.
MBR GPT
MBR supports maximum 4 primary partitions. GPT supports maximum 128 partitions.
One primary partition can be used an extended Primary, extended and logical partition
partition. Extended partition can be used to method is not used in GPT. All partitions
create logical partitions. are equal.
Maximum partition size is 2TiB. Maximum partition size is 8 ZiB.
Use 32 bits standard to store the partition table Use 64 bits standard to store the partition
information
All information is stored in first sector of hard Information is stored in two locations. If
disk. If this sector is corrupted, booting will be one location is corrupted, system will boot
failed. from another location.
Linux File System:

We cannot create files and directories directly in the partition. To use a partition for data
storage we need to create a file system on it. File system is a logical container that is used to
store the files and directories. We can create a separate file system type in each partition or can
use same file system type in all partitions. Each partition must be formatted with file system
before it can be used for data storage. Red Hat Linux supports several file system types.
EXT (Extended File System) This is First Linux file system
EXT2 File System This is 2nd generation of EXT file system
EXT3 File System This is 3rd generation of EXT file system
EXT4 File System This is 4th generation of EXT file system
XFS (X-File System) File System This is the default file system in RHEL 7
SWAP Space Special space in HD use as a temporary memory
LVM (Logical Volume Manager) Flexible to shrink & grow a partition per requirement

Managing MBR Partitions with FDISK:

FDISK stands for “Fixed Disk or Format Disk” is a command-line based disk manipulation utility
for a Linux systems. With the help of fdisk command you can view, create, resize, delete,
change, copy and move partitions on a hard drive using its own user-friendly text based menu.
It allows you to create a maximum of four new primary partition and number of logical
(extended) partitions, based on size of the hard disk you have in the system. Recently added
disk will be the last disk in sequence (sda, sdb and sdc).
# fdisk -l View all Disk Partitions in Linux
# fdisk -l /dev/sdb View Specific Disk Partition in Linux
# fdisk /dev/sdb Create the MBR partitions of disk b
Command (m for help): m To list all the commands
Command (m for help): n Create new partition
Command (m for help): p Print the current partition table
Command (m for help): l List known partition types
Command (m for help): d Delete a partition
Command (m for help): w Write table to disk and exit
# partprobe /dev/sdb Force the kernel to reread the partition table
# mkfs.ext3 /dev/sdb1 OR Format created partition with ext3 file
# mkfs -t ext3 /dev/sdb1 system
# mkfs -t ext4 /dev/sdb2 Format partition with ext4 file system
# mkfs -t xfs /dev/sdb3 Format partition with xfs file system
# mkfs -t xfs /dev/sdb4 Extended partition can’t be format
# mkdir /dev/sdb1/test It will give error until mounted
# mkdir /data Create directory named data
# mount /dev/sdb1 /data/ Temporary mounted partition drive
# umount /data/ OR # umount /dev/sdb1 Unmounted partition drive
# vim /etc/fstab Permanently mount partition in fstab
/dev/sdb1 /data ext3 defaults 0 0 Sdb1 partition in data folder
# mount -a Re-read the fstab file check for error
# e2label /dev/sdb1 data Give data label to sdb1 partition
# blkid /dev/sdb1 Find UUI of sdb1 partition
# vim /etc/fstab Open fstab file for configuration
LABEL=data /data ext3 defaults 0 0 Mount partition using label permanently
UUID=2cc90e10-8a48-4cbe-8b8b- Mount partition using UUID permanently
dd1097ed0ae9 /data ext3 defaults 00
# umount /data/ OR # umount /dev/sdb1 Unmounted partition drive before delating
# fdisk /dev/sdb Select sdb drive to delate
Press “d” and in the end press “w” Delete all partition one by one then save

Linux Important Partition Types:

Linux supports several kinds of partitions type. Following table lists some important Linux
partition types. Unless change the type of any partition, it is marked as Linux Standard partition.
Fdisk System Identifier Gdisk System Identifier Description

82 8200 Linux Swap Partition
83 8300 Linux Standard Partition Default
85 Linux Extended Partition
88 Linux Plain Text Partition
8e 8e00 Linux LVM Partition
fd fd00 Linux RAID Partition
Mounting Partitions Permanently:

Each resource in file system has a unique ID called UUID. When mounting a partition
permanently we should use UUID instead of its name. The UUID stands for Universally Unique
Identifier. It is a 128-bit number, expressed in hexadecimal (base 16) format. you may use
device name as well. When system boots, it looks in /etc/fstab file to find out the partitions
which need to be mount automatically. Make a permanent entry for partition in this file. Each
entry in this file has six fields.
Number Filed Description

1 What to mount Device which we want to mount. We can use device name,
UUID and label in this filed to represent the device
2 Where to mount The directory in main Linux File System where we want to
mount the device
3 File system File system type of device
4 Options To control the mount process, use default options
5 Dump support To enable the dump on this device, use 1. Use 0 to disable
6 Automatic check Whether this device should be checked while mounting or not.
disable use 0, to enable use 1 for root partition or 2 for all
Managing GPT Partitions with GDISK:

GPT fdisk (gdisk) is a text-mode menu-driven utility for creation and manipulation of GPT disk
partition tables. Everything you can do with Fdisk you can do with Gdisk utility. Gdisk can be
used to add, modify, and remove partitions on disks with GPT (Globally Unique Identifiers
Partition Table) partitioning schemes.

Commands Descriptions
# gdisk /dev/sdc Create the GPT partitions of disk sdc
Command (? for help): p Current layout of disk
Command (? for help): n Create new partition
Command (? for help): l List known partition types
Command (? for help): w Write table to disk and exit
# partprobe /dev/sdc Force the kernel to reread the partition table
# fdisk -l View all Disk Partitions in Linux
# fdisk -l /dev/sdc View Specific Disk Partition in Linux
# mkfs.ext3 /dev/sdc1 OR Format created partition with ext3 file
# mkfs -t ext3 /dev/sdc1 system both method can be used
# mkfs -t ext4 /dev/sdc2 Format partition with ext4 file system
# mkfs -t xfs /dev/sdc3 Format partition with xfs file system
# mkfs -t xfs /dev/sdc4 Extended partition can’t be format
# mkdir /data1 Create directory named data1
# mount /dev/sdc1 /data1/ Temporary mounted partition drive
# umount /data1/ OR # umount /dev/sdc1 Unmounted partition drive
# vim /etc/fstab Permanently mount partition in fstab
/dev/sdc1 /data1 ext3 defaults 0 0 Sdc1 partition in data1 folder
# mount -a Re-read the fstab file check for error
# e2label /dev/sdc1 data1 Give data1 label to sdc1 partition
# blkid /dev/sdc1 Find UUI of sdc1 partition
LABEL=data1 /data1 ext3 defaults 0 0 Mount partition using label permanently
UUID=2cc90e10-8a48-4cbe-8b8b- Mount partition using UUID permanently
dd1097ed0ae9 /data1 ext3 defaults 0 0
# umount /data1/ OR # umount /dev/sdc1 Unmounted partition drive before delating
# fdisk /dev/sdc Select sdc drive to delate
Command (m for help): d Delete all partition one by one
Command (m for help): w Save the changes
# lsblk List of block devices to check devices
Swap Memory or Space:

Linux primarily use for server system. Server systems are built to process several processes on
the same time. Sometime some process may use more than expected memory. Linux uses swap
space to deal with the shortage of physical memory. The swap space is the space of hard disk
that can be used as the memory. Swap partition is created as a regular partition, we can use
any disk utility from fdisk or gdisk. New partitions can be created only from un-partitioned disk
space. mkswap command is used to format a partition for swap space. use the swapon

command to activate a formatted swap space. To deactivate a swap space using the swapoff
command. Swap space priorities are displayed with swapon -s command.
# fdisk /dev/sdc Create the partitions of disk sdc
Command (m for help): p Current layout of disk
Command (m for help): n Create new partition
Command (m for help): l List known partition types
Command (m for help): t Change a partition's code
Hex code (type L to list all codes): 82 Partitions type identifier for swap space
Command (m for help): w Write table to disk and exit
# partprobe /dev/sdc Force the kernel to reread the partition table
# swapon -s OR # free -m Display the status of swap space
# mkswap /dev/sdc1 Format a partition for swap space
# swapon /dev/sdc1 Temporary Activate new swap partition
# swapoff /dev/sdc1 deactivate the swap space
# vim /etc/fstab Permanently mount swap partition in fstab
/dev/swap swap swap defaults 00 swap partition in swap folder
# swapon -a Activate all swap spaces listed in the fstab
# fdisk /dev/sdc Select sdc drive to delate
Command (m for help): d Delete all partition one by one
Command (m for help): w Save the changes
# dd if=/dev/random of=/swap_file bs=1M create swap space from file
count=1024 create a swap file
# mkswap /swap_file Put swap signature in the file
# chmod 0600 /swap_file Set permission on swap file
# swapon /swap_file Activate the swap space
# swapon -s Check swap space activation
# swapoff /swap_file Deactivate the swap space
# rm -rf /swap_file To delete the swap space file

Manage Logical Volume Management (LVM) Storage:

LVM stands for Logical Volume Manager. LVM is the modern way to manage the storage
devices. LVM allows adding, removing, and resizing the size of online in the existing volume
without taking any downtime. LVM allocating disks, striping, mirroring and resizing logical
volumes. With LVM, a hard drive or set of hard drives is allocated to one or more physical
volumes. The physical volumes are combined into volume group. The volume groups can be
divided into logical volumes.
Advantages of LVM:
Volumes can consist of more than one disk. Easy resize operation and replacement of failing
disks. Advanced options such a working with snapshots, which allows you to create backups
even if they are open. Easy to add new volumes up to 256 logical volume.
Creating LVM Steps:

There are five steps needed to create a usable logical volume. Physical Partition, Physical
Volume, Volume Group, Logical Volume, and Filesystem. After completing these steps in last
mounting the Logical Volumes temporary or permanently.
Physical Partition (PP):

Disk partitioning allows a hard drive to be divided into multiple logical storage units referred
to as partitions. A hard disk needs partition table before it can be used with LVM. Use fdisk,
gdisk or parted to create a new partition for use with LVM. Always set the partition type to
Linux LVM on LVM partitions.
Physical Volume (PV):

Physical volumes are regular storage devices. LVM writes a header to the device to allocate it
for management. Pvcreate is used to label the partition for use with LVM as a Physical Volume.
A PV is divided into Physical Extents (PE) of a fixed size.
Volume Group (VG):

LVM combines physical volumes into storage pools known as Volume Groups. Vgcreate is used
to create a pool of one or more physical volumes, called a Volume Group. A VG is responsible
for hosting one or more logical volumes by allocating free PEs to a LV.
Logical Volume (LV):
A Volume Group can be sliced up into any number of logical volumes. Logical Volumes are
functionally equivalent to partitions on a physical disk, but with much more flexibility. Logical
Volumes are the primary component that users and applications will interact with.

Filesystem (FS):
To use a partition for data storage we need to create a file system on it. File system is a logical
container that is used to store the files and directories. Each partition must be formatted with
file system before it can be used for data storage. Red Hat Linux supports several file system
types such as EXT, EXT1, EXT2, EXT3, EXT4, XFS etc.
File systems are built on top of logical volumes. The command mkfs can be used to create file
system on top of a logical volume. Once the file system is created mount the logical volume as
per requirement.
Mounting Point (MP):

Mount is to access a filesystem in Linux. You can mount a filesystem on any directory and
access the content by entering to that directory. In Linux terms, these directories are called
Mount Points. The Logical Volume can be mounted, temporary or permanently once the file
system is created. Add an entry to /etc/fstab, so that it is mounted automatically when the
system boots.
Creating Physical Partition:

# fdisk -l Display all Disk Partitions in Linux
Partition number (1-128, default 1): 1 Select partition 1
Last sector: +1G Partition size 1 Gb
Hex code or GUID: 8e00 Partition code LVM
Command (? for help): p Print partition details
Do you want to proceed? (Y/N): y Type y to proceed
Partition number (1-128, default 2): 2 Select partition 2
Last sector: +1G Partition size 1 Gb
Hex code or GUID: 8e00 Partition code LVM
Command (? for help): p Print partition details
Do you want to proceed? (Y/N): y Type y to proceed
# partprobe OR # partprobe /dev/sdc Force the kernel to reread the partition table
# cat /proc/partitions Check the new partition in partition table
# lsblk List Block Devices & File Systems

Creating LVM Physical Volume:

# pvcreate -v /dev/sdc1 /dev/sdc2 Creating Physical Volumes from partition
# pvs Display Physical Volumes Summary
# pvdisplay Display Physical Volumes Details
# pvdisplay /dev/sdb1 Display Physical Volumes for specific
Creating LVM Volume Group:

# vgcreate vg01 /dev/sdc1 Creating Volume Groups named vg01
# vgextend vg01 /dev/sdc2 Extend Volume Groups vg01
# vgdisplay Display Volume Group details
# vgdisplay vg01 Display Volume Group for given one
# vgs Display Volume Group summary
Creating LVM Logical Volume:

# lvcreate -n lv01 -L 1G vg01 Creating Logical Volume named lv01
# lvcreate -n lv02 -L 1G vg01 Creating Logical Volume named lv02
# lvdisplay Display Logical Volumes details
# lvdisplay /dev/vg01/lv01 Display Logical Volumes for given one
# lvs Display Logical Volumes summary
Formatting LVM Logical Volume:

# mkfs -t ext3 /dev/vg01/lv01 Format Logical Volume with ext3 file system
# mkfs -t ext4 /dev/vg01/lv02 Format Logical Volume with ext4 file system
Temporary Mounting Logical Volume:

# mkdir /mount1 Create directory for mounting
# mkdir /mount2 Create another directory for mounting
# mount /dev/vg01/lv01 /mount1 Mount Logical Volume lv01
# mount /dev/vg01/lv02 /mount2 Mount Logical Volume lvo2
# umount /mount1 OR Unmount Logical Volume by destination
# umount /dev/gv01/lv01 Umount Logical Volume by Source Folder
# umount /mount2 Umount Logical Volume by Destination
# umount /dev/gv01/lv02 Umount Logical Volume by Source Folder
# df -h Display mounting points

Permanently Mounting Logical Volume:

# blkid Display all Block Devices UUID
# vim /etc/fstab Writing fs-table with VIM editor
/dev/vg01/lv01 /mount1 ext3 defaults 0 0 Permanently mounting logical volume 1
/dev/vg01/lv02 /mount2 ext4 defaults 0 0 Permanently mounting logical volume 2
:wq Save the change and quit
# mount -a Checking mounting for syntax error
# vim/etc/fstab Writing fs-table with VIM editor
UUID=d202e2c5-65ac-4e5d-8efc- Permanently mounting logical volume 1 using
b093ced1a20d /mount1 ext3 defaults 0 0 UUID
UUID=acdae08e-2476-4c88-86d1- Permanently mounting logical volume 2 using
94a914dfcb4c /mount2 ext4 defaults 0 0 UUID
:wq Save the change and quit
# mount -a Checking mounting for syntax error
# df –h Display all mounting points
Extending Logical Volume:

# pvcreate /dev/sdc3 First Creating Physical Volume
# vgextend vg01 /dev/sdc3 Extend Volume Group by adding new PV
# lvextend -L +1G /dev/vg01/lv02 Extend Logical Volume lv02
# resize2fs /dev/vg01/lv02 Update the file system for EXT file systems
# xfs_growfs /dev/vg01/lv02 Update the file system for XFS file systems
# lvextend -r -L +1G /dev/vg01/lv02 OR Extend and Update in one step

Access Networked Attached Storage with Network File System (NFS):

NFS stands for Network File System, helps you to share files and folders between Linux
systems. It is a popular distributed filesystem protocol that enables users to mount remote
directories on their server. NFS enables you to mount a remote share locally. NFS default port
number is 2049. NFS share can be mount Manually and automatically using AutoFS. RHEL7
supports NFSv4 by default. NFSv4 uses the TCP protocol to communicate with the server, while
older versions of NFS may use either TCP or UDP. NFS doesn't support user authentication. All
users can see the exported directories even if they don't have access.
Usage of NFS:
File / Folder sharing between Linux systems. Allows to mount remote filesystems locally. Can be
acted as Centralized Storage system. It can be used as a Storage Domain (Datastore) for
VMware and another Virtualization Platform. Allows applications to share configuration and
data files with multiple nodes. Allows to have updated files across the share.
Server Side NFS Configuration:
# yum install nfs-utils libnfsidmap Install nfs package utilities
# systemctl enable rpcbind Enable rpcbind service on boot
# systemctl enable nfs-server Enable nfs-server service on boot
# systemctl start rpcbind Start rpcbind service
# systemctl start nfs-server Start nfs-server service
# systemctl start nfs-idmap Start nfs-idmap service
# systemctl stop firewalld Stop firewall temporary
# setenforce 0 OR # setenforce Permissive Disable SELinux Temporary
# firewall-cmd --permanent --add-service=nfs Incase using Firewall add service NFS
# firewall-cmd --permanent --add- Incase using Firewall add service mounted
service=mountd
# firewall-cmd --permanent --add- Also add service rpc-bind
service=rpc-bind
# firewall-cmd --reload Reload firewall configuration to take effect
# mkdir /nfsshare Create a shared directory for NFS
# chmod 777 /nfsshare/ Set full permission on shared directory
# vi /etc/exports Edit Export file put share directory
/nfsshare 192.168.147.144(rw, sync, Share folder, NFS client IP, & permission
no_root_squash) OR OR
/nfsfileshare 192.168.147.144 (rw) OR Share folder, NFS client IP and permission
/nfsfileshare 192.168.147.0 (rw) Share, NFS client network & permission
# exportfs -r Exporting the share
# systemctl restart nfs-server Restarting NFS Server service

Client Side NFS Configuration:

# yum install nfs-utils libnfsidmap Install NFS package utilities
# systemctl enable rpcbind Enable rpcbind service on boot
# systemctl enable nfs-server Enable nfs-server service on boot
# systemctl start rpcbind Start rpcbind service
# systemctl start nfs-server Start nfs-server service
# systemctl start nfs-idmap Start nfs-idmap service
# setenforce 0 OR # setenforce Permissive Disable SELinux Temporary
# firewall-cmd --permanent --add-service=nfs Incase using Firewall add service nfs
# firewall-cmd --permanent --add- Incase using Firewall add service mounted
service=mountd
# firewall-cmd --permanent --add- Also add service rpc-bind
service=rpc-bind
# firewall-cmd --reload Reload firewall configuration to take effect
# showmount -e 192.168.147.128 Display NFS shares directory
# mkdir /mnt/data Create local directory for remote mounting
# mount 192.168.147.128:/nfsshare Temporary NFS share data mounting
/mnt/data
# mount -t nfs 192.168.147.128:/nfsshare Temporary NFS mounting
/mnt/data
# mount | grep nfs Display NFS mounting
# df -hT
# vi /etc/fstab Permanently mounting NFS
192.168.147.128:/nfsshare/ /mnt/data nfs NFS Server IP, NFS share, Local share, File
rw, sync, hard, intr 0 0 OR system, permission
192.168.147.128:/nfsshare/ /mnt/data nfs NFS Server IP, NFS server Share, Local Share,
defaults 0 0 File System, and default
# umount /mnt/nfsshare To Unmount NFS Share folder
/nfsshare Shared Directory
192.168.147.0/24 IP address range of clients
rw Writable permission to shared folder
sync Synchronize shared directory
no_root_squash Enable root privilege
no_all_squash Enable user’s authority

Fstab Mounting:
Fstab is Linux operating system’s file system table. Fstab is an alternate method to mount NFS
permanently, filesystem will be mounted automatically after the reboot even use the filesystem
or not all the time mounted. It contains information about major filesystems on the system. The
fstab file is located at: /etc/fstab
Autofs Mounting:
Autofs is a service offered us to automatically mount the filesystem when they need. It can also
unmount the filesystem when not in use for a particular predefined timeout value. If mount
the NFS filesystem using autofs, filesystem will be mounted when someone is accessing it and
automatically unmount when not in use after the timeout value. Booting time is significantly
reduced because no mounting is done at boot time. The main configuration file for Autofs is the
/etc/auto.master file, referred as the master map. The master map file contains list of a mount
and the location of its map.
# rpm -qa autofs Verifying autofs package is install or not
# yum install -y autofs Install autofs package
# systemctl start autofs Start autofs service
# systemctl enable autofs Enable autofs service on boot
# vim /etc/auto.master Edit master map configuration file
/autofs /etc/auto.nfs --timeout=60 Local directory, Map file location, timeout
# cp /etc/auto.misc /etc/auto.nfs Copy and edit default auto file
# vim /etc/auto.nfs OR Create map file auto.nfs
nfsshare -rw 192.168.147.128:/nfsshare Mount Point, Mount Option, Share Location
# systemctl restart autofs Restart autofs service
# cd /autofs/nfsshare Accessing share directory
# df -hT OR # df -kh Display file system type in human-readable
# mount -av Display all mount filesystems

Access Networked Storage with SMB:

SMB, which stands for Server Message Block, is a cross-platform protocol for sharing files and
printers between Windows and Linux systems. We can use autofs and the command line to
mount and unmount SMB file systems.
SMB:
SMB stands for Server Message Block. It’s a Windows file sharing protocols. The smbd server
daemon provides file sharing and printing services to Windows clients. The initials of smbd
stand for Server Message Block Daemon. It allows us to share files, folders, and printers
between Linux server and Windows clients.
Samba:
Samba is an open source implementation of the Server Message Block (SMB) protocol. It allows
the networking of Microsoft Windows, Linux, UNIX, and other operating systems together,
enabling access to Windows-based file and printer shares. Samba, can also be used to setup a
domain controller on Linux server, and integrate Windows clients to the Domain controller. The
technology used by SMB protocol is called SAMBA.
Samba Client:
When an RHEL system accesses resources on a Windows system, it is using the Samba Client.
Use Samba Client utility to transfer files between a Windows 'server' and a Linux client. An RHEL
system, by default, has the Samba Client installed.
Samba Server:
When an RHEL system serves resources to a Windows system, it uses the package Samba Server
or simply Samba. This is not installed by default.
NMBD:
Nmbd stand for NetBIOS Message Block Daemon. Nmbd is a server that understands and can
reply to NetBIOS over IP name service requests.
Autofs Mounting:
Autofs is a service offered us to automatically mount the filesystem when they need. It can also
unmount the filesystem when not in use for a particular predefined timeout value. If mount
the NFS filesystem using autofs, filesystem will be mounted when someone is accessing it and
automatically unmount when not in use after the timeout value. Booting time is significantly
reduced because no mounting is done at boot time. The main configuration file for Autofs is the
/etc/auto.master file, referred as the master map. The master map file contains list of a mount
and the location of its map.

Anonymous Share:
# rpm -q samba OR Quarry samba is install or not
# yum list installed | grep samba Another way to check samba is install or not
# yum install samba samba-client samba- Install samba packages
common OR
# yum install samba* Easy way to install samba packages
# cp /etc/samba/smb.conf Take backup of samba configuration file
/etc/samba/smb.conf.bak
# mkdir /any_share Create share directory named any_share
# chmod 777 /any_share Set full permission on share directory
# chown -R nobody: nobody /any_share Change group to nobody
# vim /etc/samba/smb.conf Edit the Samba configuration file in the end
[Any Share] Share Name is whatever title you choose
path = /any_share Full path of share Directory
browsable = yes The share appears available to all users
writable = yes Writable permission to yes
guest ok = yes Specifies this share as publicly accessible
guest only = yes Allow guest to access share
read only = no To modify or copy files to the directory
public = yes The share is publicly accessible
# systemctl restart smb Restart samba service
# systemctl enable smb Enable samba service on boot
# systemctl restart nmb Restart nmb service
# systemctl enable nmb Enable nmb service on boot
# testparm Check samba configuration settings
# firewall-cmd --permanent --zone=public -- OR Add samba to firewall
add-service=samba
# firewall-cmd --reload Reload Firewall services
# chcon -t samba_share_t any_share Add samba to SELinux
# setenforce 0 OR Disable Temporary
\\192.168.147.151 For Windows user to access samba share
smb://192.168.147.151 For Linux user to access samba share
# smbclient -L localhost Check list of shares on local system
#smbclient -L 192.168.147.151 OR check list of shares on local system by IP

Secured Share:
# mkdir /secure_share Create share directory named secure_share
# chmod 777 /secure_share Set full permission on share directory
# useradd smbuser Create user named smbuser
# groupadd smbgroup Create group name smbgroup
# usermod smbuser -G smbgroup Add user smbuser to group smbgroup
# smbpasswd -a smbuser Set smb password for user
# chown -R smbuser: smbgroup Give permission to user on share directory
/secure_share
# firewall-cmd --permanent --zone=public -- OR Add samba to firewall
add-service=samba
# firewall-cmd --reload Reload Firewall services
# chcon -t samba_share_t secure_share Add samba to SELinux
# setenforce 0 OR Disable Temporary
# vim /etc/samba/smb.conf Edit the Samba configuration file in the end
[Secure Share] Share Name is whatever title you choose
path = /secure_share Full path of share Directory
browsable = yes The share appears available to all users
writable = yes Writable permission to yes
guest ok = no Require password to access share
read only = no To modify or copy files to the directory
hosts allow = 192.168.147.0/24 Host to allowed share access
valid users = smbuser ahmad @smbgroup Users list to login to share
# systemctl restart smb Restart samba service
# systemctl enable smb Enable samba service on boot
# systemctl restart nmb Restart nmb service
# systemctl enable nmb Enable nmb service on boot
# testparm Check samba configuration settings
\\192.168.147.151 For windows user to access samba share
smb://192.168.147.151 For Linux user to access samba share
# smbclient -L localhost Check list of shares on local system
#smbclient -L 192.168.147.151 OR check list of shares on local system by IP

Command Descriptions
guest ok = yes No password is required to connect to the service
guest ok = no Password is required to connect to the service
guest only = yes Only guest connections to the service are permitted
guest only = no Guest connections to the service are not permitted
hosts allow = ahmad, user comma, space, or tab to set of hosts which are permitted
hosts allow = none All hosts permitted access
hosts deny = user2 hosts listed here are NOT permitted access to services
browseable = yes Share is seen in the list of available shares in the browse
browsable = yes Synonym for browseable
valid users = ali, @users List of users allowed to login to this service
read only = yes Users not create or modify files in the service's directory
read only = no Users can create or modify files in the service's directory
map to guest = Bad User User logins with an invalid password are rejected
map to guest = Bad Password User logins with an invalid password are treated as a guest
map to guest = Never User login requests with an invalid password are rejected
public = yes Synonym for guest ok

Controlling & Troubleshooting the RedHat Linux Boot Process:

Understanding the Linux boot process is crucial for being able to effectively troubleshoot a
Linux system, when boot problems occur.
The RedHat Linux 7 Boot Process:

It is very important to know about booting process of RHEL7 & CentOS 7 to troubleshoot the
booting problem and understanding the Linux OS functionality.
1. BIOS/UEFI:
When the computer power on, the first program, which starts, is either a BIOS or a UEFI. This is
the starting point of computer. It performs a series of diagnostic test to detect and connect
CPU, Memory, Keyboard, Hard disks and other peripherals. This process is known as Power on
Self-Test (POST). If all peripherals are connected without any issue, BIOS/UEFI will find and
execute the boot loader program.
2. MBR (Master Boot Record):
Master boot Record placed in the first sector of the Linux boot Hard Drive and this information
pre-loads into ROM (Read Only Memory) by BIOS.
The MBR is only 512 bytes in size and it contains the machine code instructions for booting the
Operating System, it’s called a boot loader, along with the partition table. Once the BIOS finds
and loads the bootloader (GRUB2) program into (ROM) memory or Hard drive, it takes the
control of the boot process to it. Simply MBR (Master Boot Record) loads and executes the
GRUB2 bootloader.
3. GRUB2 (Grand Unified Bootloader version2) Bootloader:
GRUB2 is the default bootloader program in all latest version of like Red Hat and CentOS 7. The
boot loader (GRUB2) starts the RHEL 7 kernel and initial RAM disk (initrd). GRUB2 is installed in
the boot sector of server’s hard drive and is configured to load a Linux kernel and the initramfs
and the initrd is an initial root file system that will mount prior to the real root file system on
Linux system.
4. Kernel:
Linux Kernel is the central core of the OS and it is the first program loaded on the system starts
up. While system starting kernel loads all the necessary Kernel Modules and Drives from
initrd.img to load system first process systemd in Linux 7.
5. Systemd:
Systemd process is the first process ID (PID 1) to run on Linux 7 systems, it initializes the system
and launches all the services. Systemd process reads the configuration file of
/etc/systemd/system/default.target, then its load the OS in targeted runlevel.target.
This tells systemd to start everything in the /usr/lib/systemd/system/basic.target before
starting the other multi-user services.

Initramfs (Initial RAM File System):

The job of the Initial RAM File System is to preload the block device modules, such as for IDE,
SCSI, or RAID, so that the root file system, on which those modules normally reside, can then be
accessed and mounted.
Initrd (Initial RAM Disk):

The Initial RAM Disk (initrd) is an initial root file system that is mounted prior to when the real
root file system is available. The initrd contains various executables and drivers that permit the
real root file system to be mounted.
Vmlinuz (Virtual Memory LINUx gZip):

vmlinuz is the name of the Linux kernel executable. vmlinuz is a compressed Linux kernel, and it
is capable of loading the operating system into memory so that the computer becomes usable
and application programs can be run.

Boot, Reboot, and Shutdown:

Boot:
Booting is the process of starting or restarting a computer. When turning on a computer that
has been powered off completely, you are performing a cold boot. A warm boot, by contrast, is
the process of using the operating system to restart a computer.
Reboot:
Reboot is a way of restarting your computer while in a working state, using your computer
hardware, like the computer can be restart by using power button or through the GUI. It can be
used to shut down or reboot Linux. Hard or Cold Reboot to power physically shut down & then
turned back on. Soft or Warm Reboot the system gets restarted by losing any kind of power.
Shutdown:
Shutdown command is used to shut down a system or restart it. It is commonly used to shut
down or reboot both local and remote machines. Syntax: shutdown [Option] [Time] [Message]
Commands Descriptions
# reboot Reboot or restart the system
# reboot -f Forcefully reboot the system like pressing button
# systemctl reboot Reboot or restart the system
# shutdown -r now Reboot or restart the system
# shutdown -r +5 “Any Message” Reboot system after 5 minutes display message
# init 6 Reboot the system
# telinit 6 Reboot the system
# halt Shutdown the system
# systemctl halt Shutdown the system
# shutdown -h now Shutdown the system now
# shutdown -h +5 “Any Message” Shutdown system after 5 minutes display message
# shutdown -c Cancelled the shutdown
# init 0 Shutdown the system
# telinit 0 Shutdown the system
# poweroff Poweroff the system
# systemctl poweroff Poweroff the system
# systemctl --no-wall poweroff Poweroff the system
# reboot -p Poweroff the system using reboot command
# systemctl suspend Suspend the system
# systemctl hibernate Hibernate the system
# systemctl hybrid-sleep Hibernate and suspend the system

Systemd Target:
Each Target designates a different system configuration and allows access to a different
combination of processes. Targets determine how much of the systems services are actually
running. Should it start with GUI Mode or should it start with Text Mode is decided by Target.
Target units have a (. target) extension and similar to run levels, Target units allow you to start a
system with only the services that are required for a specific purpose. RedHat Enterprise Linux 7
is distributed with a set of predefined targets. The default target unit is represented by the
/etc/systemd/system/default.target file. This file is a symbolic link to the current default target
unit. Even after the Linux system is booted to a target, you can change it to another target. It is
possible for a target to be a part of another target; for example, the graphical.Target includes
multi-user. target, which in turn depends on basic. target and others.
Multi-User.Target:
In this type of target system starts in Text Mode with Multi User Access, Networking and all
active Services. System supports multiple users, text-based logins only.
Graphical.Target:
In this type of target system starts with Graphical User Interface (GUI) with Multi User Access,
Networking & all active Services. System supports multiple users, graphical & text-based logins.
Runlevel Systemd Target Description

0 poweroff.target To Halt/Shutdown the System
1 rescue.target To Start in Single User Mode for Troubleshooting Tasks
2 multi-user.target Multi-User Mode without Networking like NFS
3 multi-user.target Multi-User, Non-Graphical Mode, with Networking
4 multi-user.target Reserved
5 graphical.target Multi-User, Graphical Mode
6 reboot.target Reboot the System
Emergency emergency.target Emergency Mode
# systemctl get-default View the default target
# systemctl list-units --type=target View all currently loaded targets
# systemctl list-units --type target --all View all loaded active and inactive targets
# systemctl set-default multi-user.target Set default target to multi user target
# systemctl set-default rescue.target Set default target to rescue.target mode
# systemctl isolate multi-user.target Switch the target while system is running
# systemctl default Set current target to default without reboot
# systemctl isolate default.target OR Set current target to default without reboot

Change Different Target at Boot Time:

Boot time configuration change will only affect a single boot, making it a useful tool for
troubleshooting the boot process. This is similar behavior that you have in a Windows system
where you may hit the F8 key during boot to enter a safe mode.
1. Boot or Reboot the system.

2. Interrupt the boot loader menu countdown by pressing any key.
3. Highlight the desired menu entry with the arrow keys, Press e to edit the current entry.
4. Move the cursor to the line that starts with linux16. Press the End key, this will move the
cursor to the end of the linux16 line.
5. Append systemd.unit=desired.target. (systemd.unit=emergency.target, multi-user.targe)
6. Press Ctrl+x to boot with these changes.
Root Password Recovery:

One task that every system administrator should be able to accomplish is recovering a lost root
password. Below are steps to reset root password in RedHat and Centos 7.

3. Press e to edit the selected entry.
4. Move the cursor to the line that starts with linux16. Press the End key, it will move the
5. Append rd.break (RAM Disk Break).
6. Press Ctrl+x to boot with the changes.
7. mount -o remount, rw /sysroot (Remount sysroot as a read and write)
8. chroot /sysroot (Change Root Jail)
9. passwd root (Set password for root)
10. touch /.autorelabel (Update SELinux Parameters)
11. Ctrl + D or type exit (Exit from chroot )
12. Ctrl + D or type exit (Exit to reboot the system)
Repairing File System Issues at Boot:

Fstab file define the mount points for partition. Before use the files in a directory, it need to
mount that directory on a partition formatted to some readable filesystem. Linux normally
automates this process using the /etc/fstab configuration file. It may encounter problems if the
connections are lost or media is removed. This cause errors in /etc/fstab and corrupt
filesystems can stop a system from booting. In most cases, systemd will actually continue to
boot after a timeout, or drop to an emergency repair shell that requires the root password.
Description of /etc/fstab by Column, Left to Right be mention in below table.

Label Lists the device to be mounted

Mount Point Notes the directory where the filesystem will be mounted
Filesystem Describes the filesystem type. Valid filesystem types include ext, ext2,
Format ext3, msdos, vfat, devpts, proc, tmpfs, udf, iso9660, nfs, smb, and swap.
Dump Value Dump Value Either 0 or 1. A value of 1 means that data is automatically
saved to disk by the dump command when you exit Linux.
Filesystem Filesystem Check Order Determines the order that filesystems are
Check Order checked by fsck during the boot process. The root directory (/) filesystem
should be set to 1, and other local filesystems should be set to 2.
Removable filesystems such as /mnt/cdrom should be set to 0, which
means that they are not checked during the Linux boot process.

3. Press e to edit the selected entry.
4. Move the cursor to the line that starts with linux16. Press the End key, it will move the
5. Append systemd.unit=emergency.target
6. # mount -o remount, rw /
7. Edit fstab file and correct the file and save the change. (# vim /etc/fstab).
8. Edit cryptotab file in case of LUKS file System. (# vim /etc/cryptotab).
9. After saving the change reboot system this time system will boot without any error.
Repairing Boot Loader Issues:

The boot loader used by default on CentOS and RHEL 7 is GRUB2, the second major version of
the Grand Unified Bootloader. Which uses a new way of installing to the MBR of boot device.
You may have to reinstall the GRUB2 bootloader if system is not bootable after a failure. In
order to reinstall GRUB2 boot into rescue mode.
1. Boot from the RHEL7 installation DVD by altering the boot order in BIOS and selecting DVD
media as the first booting preference.
2. At the boot screen, select the Troubleshooting option at the end of the screen. OR press tab
on the keyboard and type linux rescue
3. At the next screen, select the option Rescue a CentOS Linux system.
4. On the next screen, press enter to continue. When asked if you would like Rescue to find
your installation, choose Continue.
5. Next step is to change your root directory to /mnt/sysimage using the chroot command.
(# chroot /mnt/sysimage)
6. Use the grub2-install command to re-write the MBR to your boot device. The boot device is
usually /dev/sda. (# grub2-install /dev/sda)
7. Finally, exit from the chroot environment and the run reboot command.

Limit Network Communication with Firewall:

Firewall is a network security system that monitors and controls the incoming and outgoing
network traffic based on predetermined security rules. Firewall protect one portion of network
or computer system from another portion of network or computer system. A firewall can be
either software-based, or hardware-based. Firewall commonly operates on network layer i.e.
on IP packets both Ipv4 and Ipv6.
Netfilter:
The Linux kernel includes Netfilter, which allows kernel modules to inspect every packet
traversing the system. Tools like iptables, ip6tables, ebtables and firewalld are used to manage
Netfilter.
FirewallD:
FirewallD is the Dynamic Firewall Manager of Linux systems. It allows and deny particular port
to particular network and IP Address. FirewallD is available in GUI and CLI, CLI tool is firewall-
cmd. firewall-cmd is the command line client of the firewalld daemon. It provides interface to
manage runtime and permanent configuration.
Firewalld uses two configuration sets: Runtime and Permanent. Any changes made in the
Permanent configuration will not become active until the firewalld service is restarted or
reloaded. Likewise, any changes made in the Runtime configuration will get lost ones the
service is restarted or reloaded of the firewalld service.
Firewalld classifies the network into zones (private, public, DMZ) and each zone includes
interfaces. The default zone is set to public and interfaces are assigned to public if no changes
are made. A network zone defines the level of trust for network connections.
In order to use firewalld as a default disable and mask iptables and ip6tables permanently.
Firewalld comes with pre-defined services by default, there are many services are available and
we can take these services as example to add our services by simply copying them. Services are
set of rules with ports and options which is used by Firewalld. Services which are enabled, will
be automatically loaded when the Firewalld service up and running.
Default Zone Description

Drop Deny all incoming connections, outgoing ones are accepted
Block Deny all incoming connections, with ICMP host prohibited messages issued
Trusted Allow all network connections
Public Public areas, do not trust other computers
External For computers with masquerading enabled, protecting a local network
DMZ For computers, publicly accessible with restricted access
Work For trusted work areas
Home For trusted home network connections
Internal For internal network, restrict incoming connections

Go to Applications Menu -> Sundry -> Firewall to open GUI version of Firewall
# systemctl disable iptables Disable iptables service
# systemctl disable ip6tables Disable ip6tables service
# systemctl stop ip6tables Stop ip6tables service
# systemctl stop iptables Stop iptables service
# systemctl mask ip6tables Mask ip6tables service
# systemctl mask iptables Mask iptables service

# yum install -y firewalld firewall-config Install firewall packages CLI and GUI
# firewall-cmd --version Check firewall version
# systemctl start firewalld Start firewall service
# systemctl enable firewalld Enable firewall service
# systemctl status firewalld Verify Service Status of Firewall
# firewall-cmd --state Check firewalld daemon is running
# systemctl stop firewalld To stop the firewall service
# systemctl disable firewalld To disable the firewall service
# firewall-cmd --reload Reload firewall configuration
# firewall-config GUI tool to manage firewalld
# firewall-cmd --get-default-zone Check default zone
# firewall-cmd --set-default-zone=home Change default zone to home
# firewall-cmd --get-active-zones Check the zone used by network interface
# firewall-cmd --list-all-zones All configurations for all zones
# firewall-cmd --zone=public --list-all All configurations for a specific zone
# firewall-cmd --get-services List out currently loaded services on firewall
# firewall-cmd --permanent --get-services List permanent loaded services on firewall
# firewall-cmd --panic-on Disable incoming and outgoing packets
# firewall-cmd --panic-off Enable incoming out going packets
# firewall-cmd --query-panic Check panic mode is enabled or disabled
# firewall-cmd --list-all List all open ports and services
# firewall-cmd --zone=public --list-ports List all ports from specified zone
# firewall-cmd --permanent --add- Add Ports to firewall rules
port=22/tcp
# firewall-cmd --permanent --zone=public -- Add Ports to specified firewall zone rules
add-port=22/tcp
# firewall-cmd --permanent --remove- Remove Ports to firewall rules
port=22/tcp
# firewall-cmd --list-services List all Services to firewall rules
# firewall-cmd --list-services --zone=public List all services of specified firewall zone
# firewall-cmd --permanent --add- Add services to firewall rules permanently
service=https
# firewall-cmd --permanent --remove- Remove services from firewall rules
service=https permanently
# firewall-cmd --remove-service=https Remove services from firewall rules runtime
# vim /etc/firewalld/zones/public.xml Adding & removing services/ports using XML
# cat /etc/firewalld/zones/public.xml Firewalld configuring ports / services XML file
# ls /usr/lib/firewalld/services/ Default system services
# man firewalld Firewalld help manual
# firewall-cmd --help Get help of firewalld


RH134 Notes

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

RH134 Notes

Caricato da

Copyright:

Formati disponibili

Red Hat System Administration 2 (RH134) Notes

Automate Installation with Kickstart:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 1

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 2

Use Regular Expressions with Grep:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 3

Grep Option Description Grep Option Description

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 4

Create and Edit Text Files with Vim:

VIM text Editor:

Insert Mode Commands:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 5

Command Mode Commands:

Last-Line Mode Commands:

P Paste before (previous line) the current cursor position

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 7

Schedule Future Linux Tasks:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 8

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 9

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 10

Manage Priority of Linux Processes:

Nice and Renice Command:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 11

Control Access to Files with Access Control Lists (ACL):

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 12

Manage SELinux Security:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 13

SELinux Policy Mode:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 14

Update Type Context:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 15

http://192.168.147.151/ Access the file by IP or localhost through

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 16

Add Disks, Partitions, and File Systems to a Linux System:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 17

MBR Partition Scheme:

GPT Partition Scheme:

Linux File System:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 18

Managing MBR Partitions with FDISK:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 19

Linux Important Partition Types:

Fdisk System Identifier Gdisk System Identifier Description

Mounting Partitions Permanently:

Number Filed Description

Managing GPT Partitions with GDISK:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 20

Swap Memory or Space:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 21

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 22

Manage Logical Volume Management (LVM) Storage:

Creating LVM Steps:

Physical Partition (PP):

Physical Volume (PV):

Volume Group (VG):

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 23

Mounting Point (MP):

Creating Physical Partition:

Created by Ahmad Ali E-Mail: ahmadalimsc@gmail.com , Mobile# +966-564303717 Page | 24

Creating LVM Physical Volume:

Creating LVM Volume Group:

Creating LVM Logical Volume:

Formatting LVM Logical Volume:

Temporary Mounting Logical Volume: