November 27, 2013

Using the Automounter Service on RHEL 6

RHEL 6 ships with a convenient network mounter service, the automounter.

To check if the automounter is running.

$ service autofs status
automount (pid  2061) is running...

To use it, simply cd into the /net folder followed by nfs hostname.

$ cd /net/192.168.1.3
[root@tester1 192.168.1.3]# ll
total 0
dr-xr-xr-x. 4 root root 0 Nov 27 22:25 c

The remote network share will be unmounted automatically when unused for a configurable timeout.

$ grep -i timeout /etc/sysconfig/autofs 
...
TIMEOUT=300
...

Managing LVM with RHEL 6

Introduction

LVM (Logical Volume Manager) is a flexible way to handle disk space, since you can increase and decrease file systems, that is not possible to the same extent as in MBR (Master Boot Record) partitioning format.

NOTE: "It is generally recommended that you create a single partition that covers the whole disk to label as an LVM physical volume" [https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Logical_Volume_Manager_Administration/LVM_components.html#multiple_partitions]

The LVM is build up on three cornerstone.

  1. Physical Volume, PV
  2. Volume Group, VG
  3. Logical Volume, LV

Prerequisite

Create a new partition with type 0x8E Linux LVM.

$ fdisk -cu /dev/sda

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +1G

Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): L

 0  Empty           24  NEC DOS         81  Minix / old Lin bf  Solaris        
 1  FAT12           39  Plan 9          82  Linux swap / So c1  DRDOS/sec (FAT-
 2  XENIX root      3c  PartitionMagic  83  Linux           c4  DRDOS/sec (FAT-
 3  XENIX usr       40  Venix 80286     84  OS/2 hidden C:  c6  DRDOS/sec (FAT-
 4  FAT16 <32M      41  PPC PReP Boot   85  Linux extended  c7  Syrinx         
 5  Extended        42  SFS             86  NTFS volume set da  Non-FS data    
 6  FAT16           4d  QNX4.x          87  NTFS volume set db  CP/M / CTOS / .
 7  HPFS/NTFS       4e  QNX4.x 2nd part 88  Linux plaintext de  Dell Utility   
 8  AIX             4f  QNX4.x 3rd part 8e  Linux LVM       df  BootIt         
 9  AIX bootable    50  OnTrack DM      93  Amoeba          e1  DOS access     
 a  OS/2 Boot Manag 51  OnTrack DM6 Aux 94  Amoeba BBT      e3  DOS R/O        
 b  W95 FAT32       52  CP/M            9f  BSD/OS          e4  SpeedStor      
 c  W95 FAT32 (LBA) 53  OnTrack DM6 Aux a0  IBM Thinkpad hi eb  BeOS fs        
 e  W95 FAT16 (LBA) 54  OnTrackDM6      a5  FreeBSD         ee  GPT            
 f  W95 Ext'd (LBA) 55  EZ-Drive        a6  OpenBSD         ef  EFI (FAT-12/16/
10  OPUS            56  Golden Bow      a7  NeXTSTEP        f0  Linux/PA-RISC b
11  Hidden FAT12    5c  Priam Edisk     a8  Darwin UFS      f1  SpeedStor      
12  Compaq diagnost 61  SpeedStor       a9  NetBSD          f4  SpeedStor      
14  Hidden FAT16 <3 63  GNU HURD or Sys ab  Darwin boot     f2  DOS secondary  
16  Hidden FAT16    64  Novell Netware  af  HFS / HFS+      fb  VMware VMFS    
17  Hidden HPFS/NTF 65  Novell Netware  b7  BSDI fs         fc  VMware VMKCORE 
18  AST SmartSleep  70  DiskSecure Mult b8  BSDI swap       fd  Linux raid auto
1b  Hidden W95 FAT3 75  PC/IX           bb  Boot Wizard hid fe  LANstep        
1c  Hidden W95 FAT3 80  Old Minix       be  Solaris boot    ff  BBT            
1e  Hidden W95 FAT1
Hex code (type L to list codes): 8e
Changed system type of partition 3 to 8e (Linux LVM)

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   207923199     1048576   8e  Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot

The Most Imported Commands

$ man 8 lvm
...
pvcreate - Initialize a disk or partition for use by LVM.
pvdisplay - Display attributes of a Physical Volume.
...
vgcreate - Create a Volume Group.
vgdisplay - Display attributes of Volume Groups.
vgextend - Add Physical Volumes to a Volume Group.
vgreduce - Reduce a Volume Group by removing one or more Physical Volumes.
...
lvcreate - Create a Logical Volume in an existing Volume Group.
lvdisplay - Display attributes of a Logical Volume.
lvextend - Extend the size of a Logical Volume.
lvreduce - Reduce the size of a Logical Volume.

Create Physical Volume (PV), Volumme Group (VG) and Logical Volume (LV)

First lets create a new physical volume on the prerequisite partition.

$ pvcreate /dev/sda3 

Create volume group vg_test that span entire physical volume /dev/sda3

$ vgcreate vg_test /dev/sda3 
  Volume group "vg_test" successfully created

Create logical volumne with size 500 MB, named lv_test in volume group vg_test.

$ lvcreate -L 500M -n lv_test vg_test

The lvcreate will now create a device block file in /dev/vgName/lvName that we now can create a filesystem on and mount.

$ mkfs -t ext4 /dev/vg_test/lv_test
$ mkdir /data
$ mount /dev/vg_test/lv_test /data

Extends Logical Volume (LV)

Extend the logical volume lv_test with plus 500 MB.

$ lvextend -L +250M /dev/vg_test/lv_test 
  Rounding size to boundary between physical extents: 252.00 MiB
  Extending logical volume lv_test to 752.00 MiB
  Logical volume lv_test successfully resized

Now you need to grow the file system.

$ resize2fs -p /dev/vg_test/lv_test
resize2fs 1.41.12 (17-May-2010)
Filesystem at /dev/vg_test/lv_test is mounted on /data; on-line resizing required
old desc_blocks = 2, new_desc_blocks = 3
Performing an on-line resize of /dev/vg_test/lv_test to 770048 (1k) blocks.
The filesystem on /dev/vg_test/lv_test is now 770048 blocks long.

Verify/test the new size of /data.

$ df -h /data

Reduce Logical Volume (LV)

When reducing a file system, you need to unmount it first.

$ umount /data

Then reduce the actual filesystem.

$ e2fsck -f /dev/vg_test/lv_test
$ resize2fs -p /dev/vg_test/lv_test 512M
resize2fs 1.41.12 (17-May-2010)
Resizing the filesystem on /dev/vg_test/lv_test to 524288 (1k) blocks.
Begin pass 3 (max = 94)
Scanning inode table          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/vg_test/lv_test is now 524288 blocks long.

After the actual file system is reduced, we can now shrink the logical volume.

$ lvreduce -L 512M /dev/vg_test/lv_test 
  WARNING: Reducing active logical volume to 512.00 MiB
  THIS MAY DESTROY YOUR DATA (filesystem etc.)
Do you really want to reduce lv_test? [y/n]: y
  Reducing logical volume lv_test to 512.00 MiB
  Logical volume lv_test successfully resized

Finally test/verify, by remounting and check disk space

$ mount /dev/vg_test/lv_test /data
$ df -h /data
Filesystem                   Size  Used Avail Use% Mounted on
/dev/mapper/vg_test-lv_test  496M   11M  461M   3% /data

Extends Volume Group (VG)

First create a new physical volume.

$ pvcreate /dev/sda4
  Physical volume "/dev/sda4" successfully created

Now lets extends existing volume group 'vg_test' with our new physical volume.

$ vgextend vg_test /dev/sda4 
  Volume group "vg_test" successfully extended

And last test/verify.

$ vgdisplay vg_test
  --- Volume group ---
  VG Name               vg_test
  System ID             
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  5
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               0
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               134.73 GiB
  PE Size               4.00 MiB
  Total PE              34492
  Alloc PE / Size       128 / 512.00 MiB
  Free  PE / Size       34364 / 134.23 GiB
  VG UUID               ItBewY-gWvu-tzUx-JIEj-gJb2-d8Jh-HdANUb

Reduce Volume Group (VG)

Remove existing volume group 'vg_test' with physical volume /dev/sda4.

$ vgreduce vg_test /dev/sda4
  Removed "/dev/sda4" from volume group "vg_test"

Test/verify

$ vgdisplay vg_test
  --- Volume group ---
  VG Name               vg_test
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  6
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               1020.00 MiB
  PE Size               4.00 MiB
  Total PE              255
  Alloc PE / Size       128 / 512.00 MiB
  Free  PE / Size       127 / 508.00 MiB
  VG UUID               ItBewY-gWvu-tzUx-JIEj-gJb2-d8Jh-HdANUb

Reference

  • lvm(8): lvm - LVM2 tools
  • pvcreate(8): pvcreate - initialize a disk or partition for use by LVM
  • vgcreate(8): vgcreate - create a volume group
  • lvcreate(8): lvcreate - create a logical volume in an existing volume group
  • vgextend(8): vgextend - add physical volumes to a volume group
  • vgreduce(8): vgreduce - reduce a volume group
  • lvextend(8): lvextend - extend the size of a logical volume
  • lvreduce(8): lvreduce - reduce the size of a logical volume
  • resize2fs(8): resize2fs - ext2/ext3/ext4 file system resizer

Encrypting Disks with LUKS in RHEL 6

Introduction

LUKS (Linux Unified Key Setup) is a standard for hard disk encryption. LUKS can encrypt both partition and LVM volumes. Here I will encrypt a partition.

Prerequisite

Creata a new partition with fdisk.

$ fdisk -cu /dev/sda

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +1G

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot 

Enrypt a Partition

First we need to encrypt the partition.

$ cryptsetup luksFormat /dev/sda3 

WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: 
Verify passphrase: 

Next step is to unlock the partition via luksOpen <blockDeviceFile> <luksname>. The cryptsetup will after create a new mapped blocked device file under /dev/mapper/<luksname>.

$ cryptsetup luksOpen /dev/sda3 luksname
Enter passphrase for /dev/sda3:  

Finally we format now the unencrypted partition we a file system and mount it.

$ mkfs -t ext4 /dev/mapper/luksname
$ mkdir /mnt/secret
$ mount /dev/mapper/luksname /mnt/secret

Persistently Mount Encrypted Partition

To make the mounting persisted we normally add the block device file in /etc/fstab, but with encrypted storage we also need to add the encrypted partition to the list of devices to be unlocked during system startup. That is done by adding the luksname and block device file to the /etc/crypttab.

$ vi /etc/crypttab

luksname    /dev/sda3

After that extra step, normally edit /etc/fstab.

$ vi /etc/fstab

/dev/mapper/luksname      /mnt/secret             ext4    defaults        1 2

Automatically Mount Encrypted Partition

To automatically unlock a encrypted partition we need to store the password on disk, has obvious security problems, but if wanted to the following.

$ echo -n "redhat" > /root/lukspassword
$ chown root:root /root/lukspassword
$ chmod 600 /root/lukspassword
$ ll /root/
...
-rw-------. 1 root root     6 Nov 27 12:12 lukspassword

$ cryptsetup luksAddKey /dev/sda3 /root/lukspassword

Now edit /etc/crypttab and add password file.

$ vi /etc/crypttab

luksName    /dev/sda3   /root/lukspassword

Reboot and verify, that no password is needed and that encrypted partition is mounted.

Remove Encrypted Partition

  1. Remove mapped block device file from /etc/fstab.
  2. Remove luksName from /etc/crypttab.
  3. unmount the mapped block device: umount /dev/mapper/luksname.
  4. Lock encrypted partition: cryptsetup luksClose luksname.

Reference

  • cryptsetup(8): cryptsetup - setup cryptographic volumes for dm-crypt (including LUKS extension)
  • crypttab(5): /etc/crypttab - encrypted block device table
  • fstab(5): /etc/fstab - static information about the filesystems

November 26, 2013

Managing Swap Space in RHEL 6

Introduction

The swap space is used by the OS to handle overflow for parts of the RAM that are currently not being used.

The recommended size of the swap space is depending on how much RAM you have.

  • < 2GB RAM, use 2 * RAM
  • >= 2GB RAM, use RAM + 2GB

How to Create a New Swap Partition

$ fdisk -cul /dev/sda

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
$ fdisk -cu /dev/sda

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +1G

Command (m for help): t
Partition number (1-4): 3
Hex code (type L to list codes): L

 0  Empty           24  NEC DOS         81  Minix / old Lin bf  Solaris        
 1  FAT12           39  Plan 9          82  Linux swap / So c1  DRDOS/sec (FAT-
 2  XENIX root      3c  PartitionMagic  83  Linux           c4  DRDOS/sec (FAT-
 3  XENIX usr       40  Venix 80286     84  OS/2 hidden C:  c6  DRDOS/sec (FAT-
 4  FAT16 <32M      41  PPC PReP Boot   85  Linux extended  c7  Syrinx         
 5  Extended        42  SFS             86  NTFS volume set da  Non-FS data    
 6  FAT16           4d  QNX4.x          87  NTFS volume set db  CP/M / CTOS / .
 7  HPFS/NTFS       4e  QNX4.x 2nd part 88  Linux plaintext de  Dell Utility   
 8  AIX             4f  QNX4.x 3rd part 8e  Linux LVM       df  BootIt         
 9  AIX bootable    50  OnTrack DM      93  Amoeba          e1  DOS access     
 a  OS/2 Boot Manag 51  OnTrack DM6 Aux 94  Amoeba BBT      e3  DOS R/O        
 b  W95 FAT32       52  CP/M            9f  BSD/OS          e4  SpeedStor      
 c  W95 FAT32 (LBA) 53  OnTrack DM6 Aux a0  IBM Thinkpad hi eb  BeOS fs        
 e  W95 FAT16 (LBA) 54  OnTrackDM6      a5  FreeBSD         ee  GPT            
 f  W95 Ext'd (LBA) 55  EZ-Drive        a6  OpenBSD         ef  EFI (FAT-12/16/
10  OPUS            56  Golden Bow      a7  NeXTSTEP        f0  Linux/PA-RISC b
11  Hidden FAT12    5c  Priam Edisk     a8  Darwin UFS      f1  SpeedStor      
12  Compaq diagnost 61  SpeedStor       a9  NetBSD          f4  SpeedStor      
14  Hidden FAT16 <3 63  GNU HURD or Sys ab  Darwin boot     f2  DOS secondary  
16  Hidden FAT16    64  Novell Netware  af  HFS / HFS+      fb  VMware VMFS    
17  Hidden HPFS/NTF 65  Novell Netware  b7  BSDI fs         fc  VMware VMKCORE 
18  AST SmartSleep  70  DiskSecure Mult b8  BSDI swap       fd  Linux raid auto
1b  Hidden W95 FAT3 75  PC/IX           bb  Boot Wizard hid fe  LANstep        
1c  Hidden W95 FAT3 80  Old Minix       be  Solaris boot    ff  BBT            
1e  Hidden W95 FAT1
Hex code (type L to list codes): 82
Changed system type of partition 3 to 82 (Linux swap / Solaris)

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   207923199     1048576   82  Linux swap / Solaris

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot 

After reboot we need to format the new swap partition.

$ mkswap /dev/sda3 
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=b28d9a2c-51a4-45e8-a0d3-d4b457afa359

Next step is to activating it.

$ swapon -a /dev/sda3

To verify/list current swap spaces.

$ swapon -s
Filename    Type  Size Used Priority
/dev/dm-0                               partition 4095992 0 -1
/dev/sda3                               partition 1048568 0 -2

To make this new swap space persistent, we need to add this new swap space to /etc/fstab.

$ blkid /dev/sda3 
/dev/sda3: UUID="b28d9a2c-51a4-45e8-a0d3-d4b457afa359" TYPE="swap"

$ vi /etc/fstab 

UUID=b28d9a2c-51a4-45e8-a0d3-d4b457afa359 swap                    swap    defaults        0 02

Reboot and verify that new swap space is active.

How to Remove a Swap Partition

First deactive it.

$ swapoff /dev/sda3

Verify it is no longer active.

$ swapon -s
Filename    Type  Size Used Priority
/dev/dm-0                               partition 4095992 0 -1

IF YOU HAVE ADDED IT TO /etc/fstab, DO NOT FORGET TO REMOVE IT FROM THERE AS WELL!

Managing Partions With RHEL 6

Introduction

Most Linux distrobution, which is also the case with RHEL 6, uses the MBR (Master Boot Record) partitioning format. The MBR is designed to hold up to maximum 4 primary partition. If more is needed, you must use one primary as extended partition. And do not forget to let the extended partition use all remaining disk space. After creating an extended partition, you can create logical partition on the extended partiti

Graphical Tool

In a desktop RHEL, there is the graphical tool for managing our partition - palimpsest.

$ yum install gnome-disk-utility

A never GUI tool that is maybe better is parted. The good thing with this tool is that it also can resize and copy partitions.

$ yum install parted

Command Line

At the command line, you have the fdisk tool. When using the fdisk tool always use the following options:

  • -c Switch off DOS-compatible mode.
  • -u When listing partition tables, give sizes in sectors instead of cylinders.

Lets get started with fdisk and create a new primary partition.

$ fdisk -cu /dev/sda

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 3
First sector (205826048-488397167, default 205826048): 
Using default value 205826048
Last sector, +sectors or +size{K,M,G} (205826048-488397167, default 488397167): +500M

Command (m for help): p

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   206850047      512000   83  Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

$ reboot

After reboot you can check your new primary partition.

$ fdisk -cul /dev/sda

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders, total 488397168 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x7f3d8c0f

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048   205826047   102400000   8e  Linux LVM
/dev/sda3       205826048   206850047      512000   83  Linux

Now lets create an ext4 file system on the new primary partition.

$ mkfs -t ext4 /dev/sda3

And mount it.

$ mkdir /extra
$ mount /dev/sda3 /extra

If you want RHEL to automatically mount your new partition at boot, you need to add that to /etc/fstab. And the recommended way to identify the partition is with it's UUID.

$ blkid /dev/sda3

$ vi /etc/fstab

UUID=b2b97c2f-f0cb-4b41-b297-7f7d36d2efd0 /extra                   ext4    defaults        1 2

And finally save and reboot.

November 25, 2013

How to Mount an USB Device in Linux

Short Version

1. Before inserting the USB, check which disks you already have.

$ ll /dev/sd*
brw-rw----. 1 root disk 8, 0 Nov 24 19:41 /dev/sda
brw-rw----. 1 root disk 8, 1 Nov 24 19:41 /dev/sda1
brw-rw----. 1 root disk 8, 2 Nov 24 19:41 /dev/sda2

2. Create a new directory under /mnt to which you will mount your USB.

$ mkdir /mnt/usb

3. Now insert the USB and mount it.

$ mount /dev/sdb <hit tab>
sdb sdb1

$ mount /dev/sdb1 /mnt/usb

4. Now you are ready to read and write to your USB.

5. To unmount.

$ umount /mnt/usb

Longer Version

In Linux a storage device is represented by a device file in /dev/.

The three letter naming convention for storage devices in Linux are:

  1. s - storage
  2. d - disc (such as SCSI, USB, SATA), cd - cd or dvd
  3. litteral order character, starting with a, then b, c, etc

Example: /dev/sda (SCSI, USB, SATA), /dev/sdb (SCSI, USB, SATA), /dev/scd (CD/DVD)

These device files represent the whole drive. Each drive is partitioned into partition. The first partition receives order number one, the next one two, etc

When a new storage device is added it will receive the last character order literal, here it is b (/dev/sdb). Another way to find out the device file is to tail the dmesg log file.

$ less /var/log/dmesg <hit enter>

...
<press shift+f (follow)>
Waiting for data... (interrupt to abort)

<Now insert USB>

sd ... [sdb] Assuming drive cache: write through
<press ctrl+c (quite)>

Here we see that the USB was allocated device name sdb. But when you mount you mount to a partition that contains a file system. And in general, most USB only have one partition, hence sdb1.

November 24, 2013

Securing SSH with Public/Private Key Authentication

The motive for using public/private key authentication are:

  1. Firstly for convinience, you no longer need to enter password (unless you encrypt your keys with password protected).
  2. Secondly, ones setup, you can remove password protection, which is a big cracking hole.

Prerequisite

The remote user needs to exist on the remote server. If it does not. Create it. And at least LOGIN ONES, so that it's home directory is created. Otherwise you can eagerly created the home directory when you add the user.

Here I will use the existing user root, for simplicity.

Client Side

Generate public and private keys, with NO password protection. I will here use the RSA algorithm and key length 2048 bits.

$ ssh-keygen -b 2048 -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/magnus/.ssh/id_rsa): <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>
Your identification has been saved in /home/magnus/.ssh/id_rsa.
Your public key has been saved in /home/magnus/.ssh/id_rsa.pub.
The key fingerprint is:
90:da:b5:5a:db:59:be:34:04:6a:99:81:c3:d5:5d:25 magnus@tester1.example.com
The key's randomart image is:
+--[ RSA 2048]----+
|        .. . .E..|
|     . +  . .  . |
|      * o .      |
|     o + * .     |
|    . . S   o    |
|       + o =     |
|      . . o +    |
|           . o   |
|            .    |
+-----------------+

Next make sure that the ssh key directory and private key has proper file permission

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa

The last step is to copy the client public key to the server. You can either do that manually, or with the ssh-copy-id tool. Here I will use the tool.

$ ssh-copy-id -i ~/.ssh/id_rsa.pub root@remoteserver

If you were setting up public/private key authentication for a different user, please replace root in above command with you user.

Server Side

On the server side, open /etc/ssh/sshd_config and enable public/private key authentication

PubkeyAuthentication yes

Then restart the ssh daemon service.

$ service sshd restart

And finally verify that the keys directory and files have the proper file permission and SELinux type for your user.

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa

$ restorecon -Rv ~/.ssh

Test

Finally you need to test, to verify the installation. On the client machine switch to the user you had setup for and

$ ssh <your_user>@remoteserver

RHEL: How to Switch Users in Multiuser Runlevels

Switching User

To switch to a different user, e.g. student, run

$ su - student

To switch to root

$ su -

Runlevels

Most Linux distribution can be ran in 5 different runlevels. Runlevel 0 and 6 are special, which you can see below.

  • 0 - Shutdown
  • 1 - Single user mode, without network
  • 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
  • 3 - Full multiuser mode, with network.
  • 4 - Unused
  • 5 - X11, graphical mode with network
  • 6 - Reboot

To see the current runlevel, type:

$ runlevel

The default runlevel is set in /etc/inittab.

How to Switch Runlevels

You can switch the runlevel with init, e.g. init 3. But from the graphical mode, there is also a keyboard shortcut.

ctrl + alt + F1 - for init 1, ctrl + alt + F2 - for init 2, etc.

November 23, 2013

Accessing Network Files via NFS and CIFS in Linux

Working with remote file system under Linux is not hard. Below I will show how to use the two most common remote file system used:

  • NFS - Network File System
  • CIFS - Common Internet File System

NFS

Show the NFS server’s export list.

$ showmount -e nfsserver.domain.com

Mount. Note that the directory /remote must exist before mount, if not create it with mkdir /remotenfs.

$ mount nfsserver.domain.com:/c/media /remotenfs

Unmount file systems

$ umount /remotenfs

CIFS

CIFS is the underlying remote file protocol used for samba server and which is the most common file server when having a mixed client environment with Windows and Linux.

Install client library

$ yum install samba-client

Show the CIFS server’s sharenames.

$ smbclient -L nfsserver.domain.com

Mount. Note that the directory /remote must exist before mount, if not create it with mkdir /remotecifs.

$ mount //cifsserver.domain.com/media /remotecifs

Unmount file systems

$ umount /remotecifs

Common vi commands

Most Linux server runs without a graphical interface and the most sure installed editor for file is the vi editor. But getting used with vi can be a little challenging. Below I will show you the most common vi commands.

Openvi file.txt
Close without saving:q!
Inserti
Quite editingESC
Write and close:wq
Copy line and paste lineyy + p
Delete line and paste linedd + P (capital)
Change wordcw
Browse to next workw
Browse to previous workb
Go to first line1G
Go to last lineG

Linux File and Special Permission

File Permission

The simplest file permission in Linux are the r (read), w (write), x (executable). These file permission yields for u (user), g (group) and o (other). They can be set both:

  • Symbolically: +-r, +-w, +-x
  • Numerically: r=4, w=2, x=1

Special Permission

There are three special permission: setuid, setgid and sticky. They can be both applied to files and directories, but then have different meanings.

Special Permission File Directory
setuid Only meaning for executable file: The executable file be be run as the file owner, not as the user that executes it.

Example /usr/bin/passwd
No effect.
setgid Only meaning for executable file: The executable file be be run as the file group, not as the user that executes it. All newly created file in directory, will inherit the parent directory group permission.
sticky No effect. All files created with a user that have write permission for a specific file can only remove that file, except for root.

Example: /tmp

To set the special permission:

  • Symbolically: setuid=u+s, setgid=g+s, sticky=o+t
  • Numerically: setuid=4, setgid=2, sticky=1