{"id":13467,"date":"2019-04-03T04:19:37","date_gmt":"2019-04-03T04:19:37","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=13467"},"modified":"2019-04-03T04:19:37","modified_gmt":"2019-04-03T04:19:37","slug":"lfcs-linux-foundation-certified-sysadmin","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/04\/03\/lfcs-linux-foundation-certified-sysadmin\/","title":{"rendered":"LFCS (Linux Foundation Certified Sysadmin)"},"content":{"rendered":"<h1 class=\"post-title\">LFCS: How to use GNU \u2018sed\u2019 Command to Create, Edit, and Manipulate files in Linux \u2013 Part 1<\/h1>\n<p>The Linux Foundation announced the\u00a0<strong>LFCS<\/strong>\u00a0(<strong>Linux Foundation Certified Sysadmin<\/strong>) certification, a new program that aims at helping individuals all over the world to get certified in basic to intermediate system administration tasks for Linux systems. This includes supporting running systems and services, along with first-hand troubleshooting and analysis, and smart decision-making to escalate issues to engineering teams.<\/p>\n<div id=\"attachment_9165\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9165\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-1.png\" alt=\"Linux Foundation Certified Sysadmin\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9165\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9165\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 1<\/p>\n<\/div>\n<p>Please watch the following video that demonstrates about The Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>The series will be titled Preparation for the\u00a0<strong>LFCS<\/strong>\u00a0(<strong>Linux Foundation Certified Sysadmin<\/strong>) Parts\u00a0<strong>1<\/strong>\u00a0through\u00a0<strong>10<\/strong>\u00a0and cover the following topics for Ubuntu, CentOS, and openSUSE:<\/p>\n<div id=\"exam_announcement\"><b>Part 1<\/b>:\u00a0<b>How to use GNU \u2018sed\u2019 Command to Create, Edit, and Manipulate files in Linux<\/b><\/div>\n<div id=\"exam_announcement\"><b>Part 2<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/vi-editor-usage\/\" target=\"_blank\" rel=\"noopener\">How to Install and Use vi\/m as a full Text Editor<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 3<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/compress-files-and-finding-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">Archiving Files\/Directories and Finding Files on the Filesystem<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 4<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/create-partitions-and-filesystems-in-linux\/\" target=\"_blank\" rel=\"noopener\">Partitioning Storage Devices, Formatting Filesystems and Configuring Swap Partition<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 5<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/mount-filesystem-in-linux\/\" target=\"_blank\" rel=\"noopener\">Mount\/Unmount Local and Network (Samba &amp; NFS) Filesystems in Linux<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 6<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/creating-and-managing-raid-backups-in-linux\/\" target=\"_blank\" rel=\"noopener\">Assembling Partitions as RAID Devices \u2013 Creating &amp; Managing System Backups<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 7<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/linux-boot-process-and-manage-services\/\" target=\"_blank\" rel=\"noopener\">Managing System Startup Process and Services (SysVinit, Systemd and Upstart<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 8<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/manage-users-and-groups-in-linux\/\" target=\"_blank\" rel=\"noopener\">Managing Users &amp; Groups, File Permissions &amp; Attributes and Enabling sudo Access on Accounts<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 9<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/linux-package-management\/\" target=\"_blank\" rel=\"noopener\">Linux Package Management with Yum, RPM, Apt, Dpkg, Aptitude and Zypper<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 10<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/linux-basic-shell-scripting-and-linux-filesystem-troubleshooting\/\" target=\"_blank\" rel=\"noopener\">Learning Basic Shell Scripting and Filesystem Troubleshooting<\/a><\/div>\n<p><strong>Important<\/strong>: Due to changes in the LFCS certification requirements effective\u00a0<strong>Feb. 2, 2016<\/strong>, we are including the following necessary topics to the LFCS series published here. To prepare for this exam, your are highly encouraged to use the\u00a0<a href=\"https:\/\/www.tecmint.com\/installing-network-services-and-configuring-services-at-system-boot\/\" target=\"_blank\" rel=\"noopener\">LFCE series<\/a>\u00a0as well.<\/p>\n<div id=\"exam_announcement\"><b>Part 11<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/manage-and-create-lvm-parition-using-vgcreate-lvcreate-and-lvextend\/\" target=\"_blank\" rel=\"noopener\">How to Manage and Create LVM Using vgcreate, lvcreate and lvextend Commands<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 12<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/explore-linux-installed-help-documentation-and-tools\/\" target=\"_blank\" rel=\"noopener\">How to Explore Linux with Installed Help Documentations and Tools<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 13<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/configure-and-troubleshoot-grub-boot-loader-linux\/\" target=\"_blank\" rel=\"noopener\">How to Configure and Troubleshoot Grand Unified Bootloader (GRUB)<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 14<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/monitor-linux-processes-and-set-process-limits-per-user\/\" target=\"_blank\" rel=\"noopener\">Monitor Linux Processes Resource Usage and Set Process Limits on a Per-User Basis<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 15<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/change-modify-linux-kernel-runtime-parameters\/\" target=\"_blank\" rel=\"noopener\">How to Set or Modify Kernel Runtime Parameters in Linux Systems<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 16<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/set-access-control-lists-acls-and-disk-quotas-for-users-groups\/\" target=\"_blank\" rel=\"noopener\">How to Set Access Control Lists (ACL\u2019s) and Disk Quotas for Users and Groups<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 17<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/install-cygwin-to-run-linux-commands-on-windows-system\/\" target=\"_blank\" rel=\"noopener\">How to Install Cygwin, a Linux-like Commandline Environment for Windows<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 18<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/setup-ftp-anonymous-logins-in-linux\/\" target=\"_blank\" rel=\"noopener\">An Ultimate Guide to Setting Up FTP Server to Allow Anonymous Logins<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 19<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/setup-recursive-caching-dns-server-and-configure-dns-zones\/\" target=\"_blank\" rel=\"noopener\">Setup a Basic Recursive Caching DNS Server and Configure Zones for Domain<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 20<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/mandatory-access-control-with-selinux-or-apparmor-linux\/\" target=\"_blank\" rel=\"noopener\">Implementing Mandatory Access Control with SELinux or AppArmor in Linux<\/a><\/div>\n<p>This post is Part\u00a0<strong>1<\/strong>\u00a0of a\u00a0<strong>20-tutorial series<\/strong>, which will cover the necessary domains and competencies that are required for the\u00a0<strong>LFCS<\/strong>\u00a0certification exam. That being said, fire up your terminal, and let\u2019s start.<\/p>\n<h3>Processing Text Streams in Linux<\/h3>\n<p>Linux treats the input to and the output from programs as streams (or sequences) of characters. To begin understanding redirection and pipes, we must first understand the three most important types of I\/O (Input and Output) streams, which are in fact special files (by convention in UNIX and Linux, data streams and peripherals, or device files, are also treated as ordinary files).<\/p>\n<p>The difference between\u00a0<b>&gt;<\/b>\u00a0(redirection operator) and\u00a0<b>|<\/b>\u00a0(pipeline operator) is that while the first connects a command with a file, the latter connects the output of a command with another command.<\/p>\n<pre># command &gt; file\r\n# command1 | command2\r\n<\/pre>\n<p>Since the redirection operator creates or overwrites files silently, we must use it with extreme caution, and never mistake it with a pipeline. One advantage of pipes on Linux and UNIX systems is that there is no intermediate file involved with a pipe \u2013 the stdout of the first command is not written to a file and then read by the second command.<\/p>\n<p>For the following practice exercises we will use the poem \u201c<b>A happy child<\/b>\u201d (anonymous author).<\/p>\n<div id=\"attachment_9147\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/cat-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9147\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/cat-command.png\" alt=\"cat command\" width=\"445\" height=\"210\" aria-describedby=\"caption-attachment-9147\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9147\" class=\"wp-caption-text\">cat command example<\/p>\n<\/div>\n<h4>Using sed<\/h4>\n<p>The name\u00a0<b>sed<\/b>\u00a0is short for stream editor. For those unfamiliar with the term, a stream editor is used to perform basic text transformations on an input stream (a file or input from a pipeline).<\/p>\n<p>The most basic (and popular) usage of sed is the substitution of characters. We will begin by changing every occurrence of the lowercase\u00a0<b>y<\/b>\u00a0to UPPERCASE\u00a0<b>Y<\/b>\u00a0and redirecting the output to\u00a0<b>ahappychild2.txt<\/b>. The\u00a0<b>g<\/b>\u00a0flag indicates that sed should perform the substitution for all instances of term on every line of file. If this flag is omitted, sed will replace only the first occurrence of term on each line.<\/p>\n<h5>Basic syntax:<\/h5>\n<pre># sed \u2018s\/term\/replacement\/flag\u2019 file\r\n<\/pre>\n<h5>Our example:<\/h5>\n<pre># sed \u2018s\/y\/Y\/g\u2019 ahappychild.txt &gt; ahappychild2.txt\r\n<\/pre>\n<div id=\"attachment_9148\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9148\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-command-620x202.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-command-620x202.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-command.png 702w\" alt=\"sed command\" width=\"620\" height=\"202\" aria-describedby=\"caption-attachment-9148\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9148\" class=\"wp-caption-text\">sed command example<\/p>\n<\/div>\n<p>Should you want to search for or replace a special character (such as\u00a0<b>\/<\/b>,\u00a0<b>\\<\/b>,\u00a0<b>&amp;<\/b>) you need to escape it, in the term or replacement strings, with a backward slash.<\/p>\n<p>For example, we will substitute the word and for an ampersand. At the same time, we will replace the word\u00a0<b>I<\/b>with\u00a0<b>You<\/b>\u00a0when the first one is found at the beginning of a line.<\/p>\n<pre># sed 's\/and\/\\&amp;\/g;s\/^I\/You\/g' ahappychild.txt\r\n<\/pre>\n<div id=\"attachment_9149\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-replace-string.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9149\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-replace-string-620x211.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-replace-string-620x211.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-replace-string.png 668w\" alt=\"sed replace string\" width=\"620\" height=\"211\" aria-describedby=\"caption-attachment-9149\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9149\" class=\"wp-caption-text\">sed replace string<\/p>\n<\/div>\n<p>In the above command, a\u00a0<b>^<\/b>\u00a0(caret sign) is a well-known regular expression that is used to represent the beginning of a line.<\/p>\n<p>As you can see, we can combine two or more substitution commands (and use regular expressions inside them) by separating them with a semicolon and enclosing the set inside single quotes.<\/p>\n<p>Another use of sed is showing (or deleting) a chosen portion of a file. In the following example, we will display the first 5 lines of\u00a0<b>\/var\/log\/messages<\/b>\u00a0from Jun 8.<\/p>\n<pre># sed -n '\/^Jun  8\/ p' \/var\/log\/messages | sed -n 1,5p\r\n<\/pre>\n<p>Note that by default, sed prints every line. We can override this behaviour with the\u00a0<b>-n<\/b>\u00a0option and then tell sed to print (indicated by\u00a0<b>p<\/b>) only the part of the file (or the pipe) that matches the pattern (Jun 8 at the beginning of line in the first case and lines 1 through 5 inclusive in the second case).<\/p>\n<p>Finally, it can be useful while inspecting scripts or configuration files to inspect the code itself and leave out comments. The following sed one-liner deletes (<b>d<\/b>) blank lines or those starting with\u00a0<b>#<\/b>\u00a0(the\u00a0<b>|<\/b>\u00a0character indicates a boolean OR between the two regular expressions).<\/p>\n<pre># sed '\/^#\\|^$\/d' apache2.conf\r\n<\/pre>\n<div id=\"attachment_9150\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-match-string.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9150\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sed-match-string.png\" alt=\"sed match string\" width=\"495\" height=\"352\" aria-describedby=\"caption-attachment-9150\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9150\" class=\"wp-caption-text\">sed match string<\/p>\n<\/div>\n<h4>uniq Command<\/h4>\n<p>The\u00a0<b>uniq<\/b>\u00a0command allows us to report or remove duplicate lines in a file, writing to stdout by default. We must note that\u00a0<b>uniq<\/b>\u00a0does not detect repeated lines unless they are adjacent. Thus,\u00a0<b>uniq<\/b>\u00a0is commonly used along with a preceding\u00a0<b>sort<\/b>\u00a0(which is used to sort lines of text files). By default,\u00a0<b>sort<\/b>\u00a0takes the first field (separated by spaces) as key field. To specify a different key field, we need to use the\u00a0<b>-k<\/b>\u00a0option.<\/p>\n<h5>Examples<\/h5>\n<p>The\u00a0<b>du \u2013sch \/path\/to\/directory\/*<\/b>\u00a0command returns the disk space usage per subdirectories and files within the specified directory in human-readable format (also shows a total per directory), and does not order the output by size, but by subdirectory and file name. We can use the following command to sort by size.<\/p>\n<pre># du -sch \/var\/* | sort \u2013h\r\n<\/pre>\n<div id=\"attachment_9156\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sort-command.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9156\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sort-command.jpg\" alt=\"sort command\" width=\"570\" height=\"303\" aria-describedby=\"caption-attachment-9156\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9156\" class=\"wp-caption-text\">sort command example<\/p>\n<\/div>\n<p>You can count the number of events in a log by date by telling\u00a0<b>uniq<\/b>\u00a0to perform the comparison using the first 6 characters (-w 6) of each line (where the date is specified), and prefixing each output line by the number of occurrences (<b>-c<\/b>) with the following command.<\/p>\n<pre># cat \/var\/log\/mail.log | uniq -c -w 6\r\n<\/pre>\n<div id=\"attachment_9157\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/count-numbers-in-file.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9157\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/count-numbers-in-file-620x118.jpg\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/count-numbers-in-file-620x118.jpg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/count-numbers-in-file-1024x195.jpg 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/count-numbers-in-file.jpg 1025w\" alt=\"Count Numbers in File\" width=\"620\" height=\"118\" aria-describedby=\"caption-attachment-9157\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9157\" class=\"wp-caption-text\">Count Numbers in File<\/p>\n<\/div>\n<p>Finally, you can combine\u00a0<b>sort<\/b>\u00a0and\u00a0<b>uniq<\/b>\u00a0(as they usually are). Consider the following file with a list of donors, donation date, and amount. Suppose we want to know how many unique donors there are. We will use the following command to cut the first field (fields are delimited by a colon), sort by name, and remove duplicate lines.<\/p>\n<pre># cat sortuniq.txt | cut -d: -f1 | sort | uniq\r\n<\/pre>\n<div id=\"attachment_9158\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/find-uniqu-records-in-file.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9158\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/find-uniqu-records-in-file-620x302.jpg\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/find-uniqu-records-in-file-620x302.jpg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/find-uniqu-records-in-file.jpg 754w\" alt=\"Find Unique Records in File\" width=\"620\" height=\"302\" aria-describedby=\"caption-attachment-9158\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9158\" class=\"wp-caption-text\">Find Unique Records in File<\/p>\n<\/div>\n<p><b>Read Also<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/13-basic-cat-command-examples-in-linux\/\" target=\"_blank\" rel=\"noopener\">13 \u201ccat\u201d Command Examples<\/a><\/p>\n<h4>grep Command<\/h4>\n<p><b>grep<\/b>\u00a0searches text files or (command output) for the occurrence of a specified regular expression and outputs any line containing a match to standard output.<\/p>\n<h5>Examples<\/h5>\n<p>Display the information from\u00a0<b>\/etc\/passwd<\/b>\u00a0for user gacanepa, ignoring case.<\/p>\n<pre># grep -i gacanepa \/etc\/passwd\r\n<\/pre>\n<div id=\"attachment_9159\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/grep-command.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9159\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/grep-command.jpg\" alt=\"grep Command\" width=\"605\" height=\"70\" aria-describedby=\"caption-attachment-9159\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9159\" class=\"wp-caption-text\">grep command example<\/p>\n<\/div>\n<p>Show all the contents of\u00a0<b>\/etc<\/b>\u00a0whose name begins with\u00a0<b>rc<\/b>\u00a0followed by any single number.<\/p>\n<pre># ls -l \/etc | grep rc[0-9]\r\n<\/pre>\n<div id=\"attachment_9160\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/list-content-using-grep.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9160\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/list-content-using-grep.jpg\" alt=\"List Content Using grep\" width=\"580\" height=\"189\" aria-describedby=\"caption-attachment-9160\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9160\" class=\"wp-caption-text\">List Content Using grep<\/p>\n<\/div>\n<p><b>Read Also<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/12-practical-examples-of-linux-grep-command\/\" target=\"_blank\" rel=\"noopener\">12 \u201cgrep\u201d Command Examples<\/a><\/p>\n<h4>tr Command Usage<\/h4>\n<p>The\u00a0<b>tr<\/b>\u00a0command can be used to translate (change) or delete characters from stdin, and write the result to stdout.<\/p>\n<h5>Examples<\/h5>\n<p>Change all lowercase to uppercase in sortuniq.txt file.<\/p>\n<pre># cat sortuniq.txt | tr [:lower:] [:upper:]\r\n<\/pre>\n<div id=\"attachment_9161\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sort-strings.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9161\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sort-strings-620x231.jpg\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sort-strings-620x231.jpg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sort-strings.jpg 719w\" alt=\"Sort Strings in File\" width=\"620\" height=\"231\" aria-describedby=\"caption-attachment-9161\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9161\" class=\"wp-caption-text\">Sort Strings in File<\/p>\n<\/div>\n<p>Squeeze the delimiter in the output of\u00a0<b>ls \u2013l<\/b>\u00a0to only one space.<\/p>\n<pre># ls -l | tr -s ' '\r\n<\/pre>\n<div id=\"attachment_9162\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/squeeze-delimeter.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9162\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/squeeze-delimeter-620x254.jpg\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/squeeze-delimeter-620x254.jpg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/squeeze-delimeter.jpg 654w\" alt=\"Squeeze Delimiter\" width=\"620\" height=\"254\" aria-describedby=\"caption-attachment-9162\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9162\" class=\"wp-caption-text\">Squeeze Delimiter<\/p>\n<\/div>\n<h4>cut Command Usage<\/h4>\n<p>The\u00a0<b>cut<\/b>\u00a0command extracts portions of input lines (from stdin or files) and displays the result on standard output, based on number of bytes (<b>-b<\/b>\u00a0option), characters (<b>-c<\/b>), or fields (<b>-f<\/b>). In this last case (based on fields), the default field separator is a tab, but a different delimiter can be specified by using the\u00a0<b>-d<\/b>\u00a0option.<\/p>\n<h5>Examples<\/h5>\n<p>Extract the user accounts and the default shells assigned to them from\u00a0<b>\/etc\/passwd<\/b>\u00a0(the\u00a0<b>\u2013d<\/b>\u00a0option allows us to specify the field delimiter, and the\u00a0<b>\u2013f<\/b>\u00a0switch indicates which field(s) will be extracted.<\/p>\n<pre># cat \/etc\/passwd | cut -d: -f1,7\r\n<\/pre>\n<div id=\"attachment_9163\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/extract-user-accounts.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9163\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/extract-user-accounts-620x227.jpg\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/extract-user-accounts-620x227.jpg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/extract-user-accounts.jpg 635w\" alt=\"Extract User Accounts\" width=\"620\" height=\"227\" aria-describedby=\"caption-attachment-9163\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9163\" class=\"wp-caption-text\">Extract User Accounts<\/p>\n<\/div>\n<p>Summing up, we will create a text stream consisting of the first and third non-blank files of the output of the\u00a0<b>last<\/b>command. We will use\u00a0<b>grep<\/b>\u00a0as a first filter to check for sessions of user\u00a0<b>gacanepa<\/b>, then squeeze delimiters to only one space (<b>tr -s<\/b>\u00a0\u2018 \u2018). Next, we\u2019ll extract the first and third fields with\u00a0<b>cut<\/b>, and finally sort by the second field (IP addresses in this case) showing unique.<\/p>\n<pre># last | grep gacanepa | tr -s ' ' | cut -d' ' -f1,3 | sort -k2 | uniq\r\n<\/pre>\n<div id=\"attachment_9151\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/last-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9151\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/last-command-620x133.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/last-command-620x133.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/last-command.png 884w\" alt=\"last command\" width=\"620\" height=\"133\" aria-describedby=\"caption-attachment-9151\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9151\" class=\"wp-caption-text\">last command example<\/p>\n<\/div>\n<p>The above command shows how multiple commands and pipes can be combined so as to obtain filtered data according to our desires. Feel free to also run it by parts, to help you see the output that is pipelined from one command to the next (this can be a great learning experience, by the way!).<\/p>\n<h3>Summary<\/h3>\n<p>Although this example (along with the rest of the examples in the current tutorial) may not seem very useful at first sight, they are a nice starting point to begin experimenting with commands that are used to create, edit, and manipulate files from the Linux command line. Feel free to leave your questions and comments below \u2013 they will be much appreciated!<\/p>\n<h5>Reference Links<\/h5>\n<ol>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/LFCS\" target=\"_blank\" rel=\"noopener\">About the LFCS<\/a><\/li>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/why-certify-with-us\" target=\"_blank\" rel=\"noopener\">Why get a Linux Foundation Certification?<\/a><\/li>\n<li><a href=\"https:\/\/www.shareasale.com\/r.cfm?b=768106&amp;u=1260899&amp;m=59485&amp;urllink=&amp;afftrack=\" target=\"_blank\" rel=\"noopener\">Register for the LFCS exam<\/a><\/li>\n<\/ol>\n<h1 class=\"post-title\">LFCS: How to Install and Use vi\/vim as a Full Text Editor \u2013 Part 2<\/h1>\n<p>A couple of months ago, the Linux Foundation launched the\u00a0<strong>LFCS<\/strong>\u00a0(<strong>Linux Foundation Certified Sysadmin<\/strong>) certification in order to help individuals from all over the world to verify they are capable of doing basic to intermediate system administration tasks on Linux systems: system support, first-hand troubleshooting and maintenance, plus intelligent decision-making to know when it\u2019s time to raise issues to upper support teams.<\/p>\n<div id=\"attachment_9187\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/LFCS-Part-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9187\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/LFCS-Part-2.png\" alt=\"Learning VI Editor in Linux\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9187\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9187\" class=\"wp-caption-text\">Learning VI Editor in Linux<\/p>\n<\/div>\n<p>Please take a look at the below video that explains The Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This post is\u00a0<strong>Part 2<\/strong>\u00a0of a 10-tutorial series, here in this part, we will cover the basic file editing operations and understanding modes in vi\/m editor, that are required for the LFCS certification exam.<\/p>\n<h3>Perform Basic File Editing Operations Using vi\/m<\/h3>\n<p><b>Vi<\/b>\u00a0was the first full-screen text editor written for Unix. Although it was intended to be small and simple, it can be a bit challenging for people used exclusively to GUI text editors, such as\u00a0<b>NotePad++<\/b>, or\u00a0<strong>gedit<\/strong>, to name a few examples.<\/p>\n<p>To use\u00a0<b>Vi<\/b>, we must first understand the\u00a0<b>3<\/b>\u00a0modes in which this powerful program operates, in order to begin learning later about the its powerful text-editing procedures.<\/p>\n<p>Please note that most modern Linux distributions ship with a variant of\u00a0<b>vi<\/b>\u00a0known as\u00a0<b>vim<\/b>\u00a0(\u201cVi improved\u201d), which supports more features than the original vi does. For that reason, throughout this tutorial we will use vi and vim interchangeably.<\/p>\n<p>If your distribution does not have vim installed, you can install it as follows.<\/p>\n<ol>\n<li><b>Ubuntu and derivatives<\/b>: aptitude update &amp;&amp; aptitude install vim<\/li>\n<li><b>Red Hat-based distributions<\/b>: yum update &amp;&amp; yum install vim<\/li>\n<li><b>openSUSE<\/b>: zypper update &amp;&amp; zypper install vim<\/li>\n<\/ol>\n<h3>Why should I want to learn vi?<\/h3>\n<p>There are at least 2 good reasons to learn vi.<\/p>\n<p>1.\u00a0<b>vi<\/b>\u00a0is always available (no matter what distribution you\u2019re using) since it is required by POSIX.<\/p>\n<p>2.\u00a0<b>vi<\/b>\u00a0does not consume a considerable amount of system resources and allows us to perform any imaginable tasks without lifting our fingers from the keyboard.<\/p>\n<p>In addition, vi has a very extensive built-in manual, which can be launched using the\u00a0<b>:help<\/b>\u00a0command right after the program is started. This built-in manual contains more information than vi\/m\u2019s man page.<\/p>\n<div id=\"attachment_9178\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-man-pages.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9178\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-man-pages-620x336.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-man-pages-620x336.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-man-pages.png 745w\" alt=\"vi Man Pages\" width=\"620\" height=\"336\" aria-describedby=\"caption-attachment-9178\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9178\" class=\"wp-caption-text\">vi Man Pages<\/p>\n<\/div>\n<h4>Launching vi<\/h4>\n<p>To launch vi, type vi in your command prompt.<\/p>\n<div id=\"attachment_9179\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/start-vi-editor.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9179\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/start-vi-editor.png\" alt=\"Start vi Editor\" width=\"546\" height=\"308\" aria-describedby=\"caption-attachment-9179\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9179\" class=\"wp-caption-text\">Start vi Editor<\/p>\n<\/div>\n<p>Then press\u00a0<b>i<\/b>\u00a0to enter\u00a0<b>Insert<\/b>\u00a0mode, and you can start typing. Another way to launch vi\/m is.<\/p>\n<pre># vi filename\r\n<\/pre>\n<p>Which will open a new buffer (more on buffers later) named filename, which you can later save to disk.<\/p>\n<h4>Understanding Vi modes<\/h4>\n<p>1. In command mode, vi allows the user to navigate around the file and enter vi commands, which are brief, case-sensitive combinations of one or more letters. Almost all of them can be prefixed with a number to repeat the command that number of times.<\/p>\n<p>For example,\u00a0<b>yy<\/b>\u00a0(or\u00a0<b>Y<\/b>) copies the entire current line, whereas\u00a0<b>3yy<\/b>\u00a0(or\u00a0<b>3Y<\/b>) copies the entire current line along with the two next lines (3 lines in total). We can always enter command mode (regardless of the mode we\u2019re working on) by pressing the\u00a0<b>Esc<\/b>\u00a0key. The fact that in command mode the keyboard keys are interpreted as commands instead of text tends to be confusing to beginners.<\/p>\n<p>2. In\u00a0<b>ex<\/b>\u00a0mode, we can manipulate files (including saving a current file and running outside programs). To enter this mode, we must type a colon (<b>:<\/b>) from command mode, directly followed by the name of the ex-mode command that needs to be used. After that, vi returns automatically to command mode.<\/p>\n<p>3. In insert mode (the letter\u00a0<b>i<\/b>\u00a0is commonly used to enter this mode), we simply enter text. Most keystrokes result in text appearing on the screen (one important exception is the\u00a0<b>Esc<\/b>\u00a0key, which exits insert mode and returns to command mode).<\/p>\n<div id=\"attachment_9180\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-insert-mode.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9180\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-insert-mode.png\" alt=\"vi Insert Mode\" width=\"128\" height=\"427\" aria-describedby=\"caption-attachment-9180\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9180\" class=\"wp-caption-text\">vi Insert Mode<\/p>\n<\/div>\n<h4>Vi Commands<\/h4>\n<p>The following table shows a list of commonly used vi commands. File edition commands can be enforced by appending the exclamation sign to the command (for example, &lt;b.:q! enforces quitting without saving).<\/p>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"LEFT\" bgcolor=\"#999999\" height=\"19\"><b>\u00a0Key command<\/b><\/td>\n<td align=\"LEFT\" bgcolor=\"#999999\"><b>\u00a0Description<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0h or left arrow<\/td>\n<td align=\"LEFT\">\u00a0Go one character to the left<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0j or down arrow<\/td>\n<td align=\"LEFT\">\u00a0Go down one line<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0k or up arrow<\/td>\n<td align=\"LEFT\">\u00a0Go up one line<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0l (lowercase L) or right arrow<\/td>\n<td align=\"LEFT\">\u00a0Go one character to the right<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0H<\/td>\n<td align=\"LEFT\">\u00a0Go to the top of the screen<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0L<\/td>\n<td align=\"LEFT\">\u00a0Go to the bottom of the screen<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0G<\/td>\n<td align=\"LEFT\">\u00a0Go to the end of the file<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0w<\/td>\n<td align=\"LEFT\">\u00a0Move one word to the right<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0b<\/td>\n<td align=\"LEFT\">\u00a0Move one word to the left<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a00 (zero)<\/td>\n<td align=\"LEFT\">\u00a0Go to the beginning of the current line<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0^<\/td>\n<td align=\"LEFT\">\u00a0Go to the first nonblank character on the current line<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0$<\/td>\n<td align=\"LEFT\">\u00a0Go to the end of the current line<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0Ctrl-B<\/td>\n<td align=\"LEFT\">\u00a0Go back one screen<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0Ctrl-F<\/td>\n<td align=\"LEFT\">\u00a0Go forward one screen<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0i<\/td>\n<td align=\"LEFT\">\u00a0Insert at the current cursor position<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0I (uppercase i)<\/td>\n<td align=\"LEFT\">\u00a0Insert at the beginning of the current line<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0J (uppercase j)<\/td>\n<td align=\"LEFT\">\u00a0Join current line with the next one (move next line up)<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0a<\/td>\n<td align=\"LEFT\">\u00a0Append after the current cursor position<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0o (lowercase O)<\/td>\n<td align=\"LEFT\">\u00a0Creates a blank line after the current line<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0O (uppercase o)<\/td>\n<td align=\"LEFT\">\u00a0Creates a blank line before the current line<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0r<\/td>\n<td align=\"LEFT\">\u00a0Replace the character at the current cursor position<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0R<\/td>\n<td align=\"LEFT\">\u00a0Overwrite at the current cursor position<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0x<\/td>\n<td align=\"LEFT\">\u00a0Delete the character at the current cursor position<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0X<\/td>\n<td align=\"LEFT\">\u00a0Delete the character immediately before (to the left) of the current cursor position<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0dd<\/td>\n<td align=\"LEFT\">\u00a0Cut (for later pasting) the entire current line<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0D<\/td>\n<td align=\"LEFT\">\u00a0Cut from the current cursor position to the end of the line (this command is equivalent to d$)<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"20\">\u00a0yX<\/td>\n<td align=\"LEFT\">\u00a0Give a movement command X, copy (yank) the appropriate number of characters, words, or lines from the current cursor position<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0yy or Y<\/td>\n<td align=\"LEFT\">\u00a0Yank (copy) the entire current line<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0p<\/td>\n<td align=\"LEFT\">\u00a0Paste after (next line) the current cursor position<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0P<\/td>\n<td align=\"LEFT\">\u00a0Paste before (previous line) the current cursor position<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0. (period)<\/td>\n<td align=\"LEFT\">\u00a0Repeat the last command<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0u<\/td>\n<td align=\"LEFT\">\u00a0Undo the last command<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0U<\/td>\n<td align=\"LEFT\">\u00a0Undo the last command in the last line. This will work as long as the cursor is still on the line.<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0n<\/td>\n<td align=\"LEFT\">\u00a0Find the next match in a search<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0N<\/td>\n<td align=\"LEFT\">\u00a0Find the previous match in a search<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0:n<\/td>\n<td align=\"LEFT\">\u00a0Next file; when multiple files are specified for editing, this commands loads the next file.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"20\">\u00a0:e file<\/td>\n<td align=\"LEFT\">\u00a0Load file in place of the current file.<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0:r file<\/td>\n<td align=\"LEFT\">\u00a0Insert the contents of file after (next line) the current cursor position<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0:q<\/td>\n<td align=\"LEFT\">\u00a0Quit without saving changes.<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0:w file<\/td>\n<td align=\"LEFT\">\u00a0Write the current buffer to file. To append to an existing file, use :w &gt;&gt; file.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0:wq<\/td>\n<td align=\"LEFT\">\u00a0Write the contents of the current file and quit. Equivalent to x! and ZZ<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0:r! command<\/td>\n<td align=\"LEFT\">\u00a0Execute command and insert output after (next line) the current cursor position.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h4>Vi Options<\/h4>\n<p>The following options can come in handy while running vim (we need to add them in our\u00a0<b>~\/.vimrc<\/b>\u00a0file).<\/p>\n<pre># echo set number &gt;&gt; ~\/.vimrc\r\n# echo syntax on &gt;&gt; ~\/.vimrc\r\n# echo set tabstop=4 &gt;&gt; ~\/.vimrc\r\n# echo set autoindent &gt;&gt; ~\/.vimrc\r\n<\/pre>\n<div id=\"attachment_9181\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-options.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9181\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-options.png\" alt=\"vi Editor Options\" width=\"278\" height=\"124\" aria-describedby=\"caption-attachment-9181\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9181\" class=\"wp-caption-text\">vi Editor Options<\/p>\n<\/div>\n<ol>\n<li><b>set number<\/b>\u00a0shows line numbers when vi opens an existing or a new file.<\/li>\n<li><b>syntax<\/b>\u00a0on turns on syntax highlighting (for multiple file extensions) in order to make code and config files more readable.<\/li>\n<li><b>set tabstop=4<\/b>\u00a0sets the tab size to 4 spaces (default value is 8).<\/li>\n<li><b>set autoindent<\/b>\u00a0carries over previous indent to the next line.<\/li>\n<\/ol>\n<h4>Search and replace<\/h4>\n<p>vi has the ability to move the cursor to a certain location (on a single line or over an entire file) based on searches. It can also perform text replacements with or without confirmation from the user.<\/p>\n<p>a). Searching within a line: the\u00a0<b>f<\/b>\u00a0command searches a line and moves the cursor to the next occurrence of a specified character in the current line.<\/p>\n<p>For example, the command\u00a0<b>fh<\/b>\u00a0would move the cursor to the next instance of the letter\u00a0<b>h<\/b>\u00a0within the current line. Note that neither the letter\u00a0<b>f<\/b>\u00a0nor the character you\u2019re searching for will appear anywhere on your screen, but the character will be highlighted after you press\u00a0<b>Enter<\/b>.<\/p>\n<p>For example, this is what I get after pressing\u00a0<b>f4<\/b>\u00a0in command mode.<\/p>\n<div id=\"attachment_9182\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-search-string.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9182\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-search-string.png\" alt=\"Search String in Vi\" width=\"275\" height=\"78\" aria-describedby=\"caption-attachment-9182\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9182\" class=\"wp-caption-text\">Search String in Vi<\/p>\n<\/div>\n<p>b). Searching an entire file: use the\u00a0<b>\/<\/b>\u00a0command, followed by the word or phrase to be searched for. A search may be repeated using the previous search string with the\u00a0<b>n<\/b>\u00a0command, or the next one (using the\u00a0<b>N<\/b>\u00a0command). This is the result of typing\u00a0<b>\/Jane<\/b>\u00a0in command mode.<\/p>\n<div id=\"attachment_9183\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-search-line.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9183\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-search-line.png\" alt=\"Vi Search String in File \" width=\"306\" height=\"301\" aria-describedby=\"caption-attachment-9183\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9183\" class=\"wp-caption-text\">Vi Search String in File<\/p>\n<\/div>\n<p>c). vi uses a command (similar to sed\u2019s) to perform substitution operations over a range of lines or an entire file. To change the word \u201c<b>old<\/b>\u201d to \u201c<b>young<\/b>\u201d for the entire file, we must enter the following command.<\/p>\n<pre> :%s\/old\/young\/g \r\n<\/pre>\n<p><strong>Notice<\/strong>: The colon at the beginning of the command.<\/p>\n<div id=\"attachment_9184\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-search-and-replace.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9184\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-search-and-replace.png\" alt=\"Vi Search and Replace\" width=\"193\" height=\"121\" aria-describedby=\"caption-attachment-9184\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9184\" class=\"wp-caption-text\">Vi Search and Replace<\/p>\n<\/div>\n<p>The colon (<b>:<\/b>) starts the ex command,\u00a0<b>s<\/b>\u00a0in this case (for substitution),\u00a0<b>%<\/b>\u00a0is a shortcut meaning from the first line to the last line (the range can also be specified as\u00a0<b>n<\/b>,<b>m<\/b>\u00a0which means \u201cfrom line n to line m\u201d),\u00a0<b>old<\/b>\u00a0is the search pattern, while\u00a0<b>young<\/b>\u00a0is the replacement text, and\u00a0<b>g<\/b>\u00a0indicates that the substitution should be performed on every occurrence of the search string in the file.<\/p>\n<p>Alternatively, a\u00a0<b>c<\/b>\u00a0can be added to the end of the command to ask for confirmation before performing any substitution.<\/p>\n<pre>:%s\/old\/young\/gc\r\n<\/pre>\n<p>Before replacing the original text with the new one, vi\/m will present us with the following message.<\/p>\n<div id=\"attachment_9185\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-replace-old-with-young.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9185\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-replace-old-with-young.png\" alt=\"Replace String in Vi\" width=\"365\" height=\"120\" aria-describedby=\"caption-attachment-9185\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9185\" class=\"wp-caption-text\">Replace String in Vi<\/p>\n<\/div>\n<ol>\n<li><b>y<\/b>: perform the substitution (yes)<\/li>\n<li><b>n<\/b>: skip this occurrence and go to the next one (no)<\/li>\n<li><b>a<\/b>: perform the substitution in this and all subsequent instances of the pattern.<\/li>\n<li><b>q<\/b>\u00a0or\u00a0<b>Esc<\/b>: quit substituting.<\/li>\n<li><b>l<\/b>\u00a0(<b>lowercase L<\/b>): perform this substitution and quit (last).<\/li>\n<li><b>Ctrl-e<\/b>,\u00a0<b>Ctrl-y<\/b>: Scroll down and up, respectively, to view the context of the proposed substitution.<\/li>\n<\/ol>\n<h4>Editing Multiple Files at a Time<\/h4>\n<p>Let\u2019s type\u00a0<b>vim file1 file2 file3<\/b>\u00a0in our command prompt.<\/p>\n<pre># vim file1 file2 file3\r\n<\/pre>\n<p>First, vim will open\u00a0<b>file1<\/b>. To switch to the next file (<b>file2<\/b>), we need to use the\u00a0<b>:n<\/b>\u00a0command. When we want to return to the previous file,\u00a0<b>:N<\/b>\u00a0will do the job.<\/p>\n<p>In order to switch from\u00a0<b>file1<\/b>\u00a0to\u00a0<b>file3<\/b>.<\/p>\n<p>a). The\u00a0<b>:buffers<\/b>\u00a0command will show a list of the file currently being edited.<\/p>\n<pre>:buffers\r\n<\/pre>\n<div id=\"attachment_9186\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-edit-multiple-files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9186\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/vi-edit-multiple-files.png\" alt=\"Edit Multiple Files\" width=\"427\" height=\"105\" aria-describedby=\"caption-attachment-9186\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9186\" class=\"wp-caption-text\">Edit Multiple Files<\/p>\n<\/div>\n<p>b). The command\u00a0<b>:buffer 3<\/b>\u00a0(without the\u00a0<b>s<\/b>\u00a0at the end) will open\u00a0<b>file3<\/b>\u00a0for editing.<\/p>\n<p>In the image above, a pound sign (<b>#<\/b>) indicates that the file is currently open but in the background, while\u00a0<b>%a<\/b>marks the file that is currently being edited. On the other hand, a blank space after the file number (3 in the above example) indicates that the file has not yet been opened.<\/p>\n<h4>Temporary vi buffers<\/h4>\n<p>To copy a couple of consecutive lines (let\u2019s say\u00a0<b>4<\/b>, for example) into a temporary buffer named a (not associated with a file) and place those lines in another part of the file later in the current vi section, we need to\u2026<\/p>\n<p>1. Press the\u00a0<b>ESC<\/b>\u00a0key to be sure we are in vi Command mode.<\/p>\n<p>2. Place the cursor on the first line of the text we wish to copy.<\/p>\n<p>3. Type \u201c<b>a4yy<\/b>\u201d to copy the current line, along with the 3 subsequent lines, into a buffer named a. We can continue editing our file \u2013 we do not need to insert the copied lines immediately.<\/p>\n<p>4. When we reach the location for the copied lines, use \u201c<b>a<\/b>\u00a0before the\u00a0<b>p<\/b>\u00a0or\u00a0<b>P<\/b>\u00a0commands to insert the lines copied into the buffer named\u00a0<b>a<\/b>:<\/p>\n<ol>\n<li>Type \u201c<b>ap<\/b>\u00a0to insert the lines copied into buffer a after the current line on which the cursor is resting.<\/li>\n<li>Type \u201c<b>aP<\/b>\u00a0to insert the lines copied into buffer a before the current line.<\/li>\n<\/ol>\n<p>If we wish, we can repeat the above steps to insert the contents of buffer a in multiple places in our file. A temporary buffer, as the one in this section, is disposed when the current window is closed.<\/p>\n<h3>Summary<\/h3>\n<p>As we have seen,\u00a0<b>vi<\/b>\/<b>m<\/b>\u00a0is a powerful and versatile text editor for the CLI. Feel free to share your own tricks and comments below.<\/p>\n<h5>Reference Links<\/h5>\n<ol>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/LFCS\" target=\"_blank\" rel=\"nofollow noopener\">About the LFCS<\/a><\/li>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/why-certify-with-us\" target=\"_blank\" rel=\"nofollow noopener\">Why get a Linux Foundation Certification?<\/a><\/li>\n<li><a href=\"https:\/\/www.shareasale.com\/r.cfm?b=768106&amp;u=1260899&amp;m=59485&amp;urllink=&amp;afftrack=\" target=\"_blank\" rel=\"nofollow noopener\">Register for the LFCS exam<\/a><\/li>\n<\/ol>\n<p><strong>Update<\/strong>: If you want to extend your VI editor skills, then I would suggest you read following two guides that will guide you to some useful VI editor tricks and tips.<\/p>\n<p><b>Part 1<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/learn-vi-and-vim-editor-tips-and-tricks-in-linux\/\" target=\"_blank\" rel=\"noopener\">Learn Useful \u2018Vi\/Vim\u2019 Editor Tips and Tricks to Enhance Your Skills<\/a><\/p>\n<p><b>Part 2<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/how-to-use-vi-and-vim-editor-in-linux\/\" target=\"_blank\" rel=\"noopener\">8 Interesting \u2018Vi\/Vim\u2019 Editor Tips and Tricks<\/a><\/p>\n<h1 class=\"post-title\">LFCS: How to Archive\/Compress Files &amp; Directories, Setting File Attributes and Finding Files in Linux \u2013 Part 3<\/h1>\n<p>Recently, the Linux Foundation started the\u00a0<strong>LFCS<\/strong>\u00a0(<strong>Linux Foundation Certified Sysadmin<\/strong>) certification, a brand new program whose purpose is allowing individuals from all corners of the globe to have access to an exam, which if approved, certifies that the person is knowledgeable in performing basic to intermediate system administration tasks on Linux systems. This includes supporting already running systems and services, along with first-level troubleshooting and analysis, plus the ability to decide when to escalate issues to engineering teams.<\/p>\n<div id=\"attachment_9238\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9238\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-3.png\" alt=\"Linux Foundation Certified Sysadmin \u2013 Part 3\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9238\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9238\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 3<\/p>\n<\/div>\n<p>Please watch the below video that gives the idea about The Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This post is Part 3 of a 10-tutorial series, here in this part, we will cover how to archive\/compress files and directories, set file attributes, and find files on the filesystem, that are required for the LFCS certification exam.<\/p>\n<h3>Archiving and Compression Tools<\/h3>\n<p>A file archiving tool groups a set of files into a single standalone file that we can backup to several types of media, transfer across a network, or send via email. The most frequently used archiving utility in Linux is\u00a0<b>tar<\/b>. When an archiving utility is used along with a compression tool, it allows to reduce the disk size that is needed to store the same files and information.<\/p>\n<h4>The tar utility<\/h4>\n<p><b>tar<\/b>\u00a0bundles a group of files together into a single archive (commonly called a tar file or tarball). The name originally stood for tape archiver, but we must note that we can use this tool to archive data to any kind of writeable media (not only to tapes). Tar is normally used with a compression tool such as\u00a0<b>gzip<\/b>,\u00a0<b>bzip2<\/b>, or\u00a0<b>xz<\/b>\u00a0to produce a compressed tarball.<\/p>\n<h6>Basic syntax:<\/h6>\n<pre># tar [options] [pathname ...]\r\n<\/pre>\n<p>Where\u00a0<b>\u2026<\/b>\u00a0represents the expression used to specify which files should be acted upon.<\/p>\n<h5>Most commonly used tar commands<\/h5>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"CENTER\" bgcolor=\"#999999\" height=\"18\"><b>Long option<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Abbreviation<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Description<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013create<\/td>\n<td align=\"LEFT\">\u00a0c<\/td>\n<td align=\"LEFT\">\u00a0Creates a tar archive<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013concatenate<\/td>\n<td align=\"LEFT\">\u00a0A<\/td>\n<td align=\"LEFT\">\u00a0Appends tar files to an archive<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013append<\/td>\n<td align=\"LEFT\">\u00a0r<\/td>\n<td align=\"LEFT\">\u00a0Appends files to the end of an archive<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013update<\/td>\n<td align=\"LEFT\">\u00a0u<\/td>\n<td align=\"LEFT\">\u00a0Appends files newer than copy in archive<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013diff or \u2013compare<\/td>\n<td align=\"LEFT\">\u00a0d<\/td>\n<td align=\"LEFT\">\u00a0Find differences between archive and file system<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013file archive<\/td>\n<td align=\"LEFT\">\u00a0f<\/td>\n<td align=\"LEFT\">\u00a0Use archive file or device ARCHIVE<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013list<\/td>\n<td align=\"LEFT\">\u00a0t<\/td>\n<td align=\"LEFT\">\u00a0Lists the contents of a tarball<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013extract or \u2013get<\/td>\n<td align=\"LEFT\">\u00a0x<\/td>\n<td align=\"LEFT\">\u00a0Extracts files from an archive<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h5>Normally used operation modifiers<\/h5>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr class=\"alt\">\n<td align=\"CENTER\" bgcolor=\"#999999\" height=\"18\"><b>Long option<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Abbreviation<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Description<\/b><\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013directory dir<\/td>\n<td align=\"LEFT\">\u00a0C<\/td>\n<td align=\"LEFT\">\u00a0Changes to directory dir before performing operations<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013same-permissions<\/td>\n<td align=\"LEFT\">\u00a0p<\/td>\n<td align=\"LEFT\">\u00a0Preserves original permissions<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"38\">\u00a0\u2013verbose<\/td>\n<td align=\"LEFT\">\u00a0v<\/td>\n<td align=\"LEFT\">\u00a0Lists all files read or extracted. When this flag is used along with \u2013list, the file sizes, ownership, and time stamps are displayed.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013verify<\/td>\n<td align=\"LEFT\">\u00a0W<\/td>\n<td align=\"LEFT\">\u00a0Verifies the archive after writing it<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013exclude file<\/td>\n<td align=\"LEFT\">\u00a0\u2014<\/td>\n<td align=\"LEFT\">\u00a0Excludes file from the archive<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u00a0\u2013exclude=pattern<\/td>\n<td align=\"LEFT\">\u00a0X<\/td>\n<td align=\"LEFT\">\u00a0Exclude files, given as a PATTERN<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013gzip or \u2013gunzip<\/td>\n<td align=\"LEFT\">\u00a0z<\/td>\n<td align=\"LEFT\">\u00a0Processes an archive through gzip<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013bzip2<\/td>\n<td align=\"LEFT\">\u00a0j<\/td>\n<td align=\"LEFT\">\u00a0Processes an archive through bzip2<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u00a0\u2013xz<\/td>\n<td align=\"LEFT\">\u00a0J<\/td>\n<td align=\"LEFT\">\u00a0Processes an archive through xz<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Gzip<\/b>\u00a0is the oldest compression tool and provides the least compression, while\u00a0<b>bzip2<\/b>\u00a0provides improved compression. In addition,\u00a0<b>xz<\/b>\u00a0is the newest but (usually) provides the best compression. This advantages of best compression come at a price: the time it takes to complete the operation, and system resources used during the process.<\/p>\n<p>Normally,\u00a0<b>tar<\/b>\u00a0files compressed with these utilities have\u00a0<b>.gz<\/b>,\u00a0<b>.bz2<\/b>, or\u00a0<b>.xz<\/b>\u00a0extensions, respectively. In the following examples we will be using these files: file1, file2, file3, file4, and file5.<\/p>\n<h6>Grouping and compressing with gzip, bzip2 and xz<\/h6>\n<p>Group all the files in the current working directory and compress the resulting bundle with\u00a0<b>gzip<\/b>,\u00a0<b>bzip2<\/b>, and\u00a0<b>xz<\/b>(please note the use of a regular expression to specify which files should be included in the bundle \u2013 this is to prevent the archiving tool to group the tarballs created in previous steps).<\/p>\n<pre># tar czf myfiles.tar.gz file[0-9]\r\n# tar cjf myfiles.tar.bz2 file[0-9]\r\n# tar cJf myfile.tar.xz file[0-9]\r\n<\/pre>\n<div id=\"attachment_9229\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Compress-Multiple-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9229\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Compress-Multiple-Files.png\" alt=\"Compress Multiple Files Using tar\" width=\"518\" height=\"91\" aria-describedby=\"caption-attachment-9229\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9229\" class=\"wp-caption-text\">Compress Multiple Files<\/p>\n<\/div>\n<h6>Listing the contents of a tarball and updating \/ appending files to the bundle<\/h6>\n<p>List the contents of a tarball and display the same information as a long directory listing. Note that\u00a0<b>update<\/b>\u00a0or\u00a0<b>append<\/b>\u00a0operations cannot be applied to compressed files directly (if you need to update or append a file to a compressed tarball, you need to uncompress the tar file and update \/ append to it, then compress again).<\/p>\n<pre># tar tvf [tarball]\r\n<\/pre>\n<div id=\"attachment_9230\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/List-Archive-Content.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9230\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/List-Archive-Content.png\" alt=\"Check Files in tar Archive\" width=\"478\" height=\"125\" aria-describedby=\"caption-attachment-9230\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9230\" class=\"wp-caption-text\">List Archive Content<\/p>\n<\/div>\n<p>Run any of the following commands:<\/p>\n<pre># gzip -d myfiles.tar.gz\t[#1] \r\n# bzip2 -d myfiles.tar.bz2\t[#2] \r\n# xz -d myfiles.tar.xz \t\t[#3] \r\n<\/pre>\n<p>Then<\/p>\n<pre># tar --delete --file myfiles.tar file4 (deletes the file inside the tarball)\r\n# tar --update --file myfiles.tar file4 (adds the updated file)\r\n<\/pre>\n<p>and<\/p>\n<pre># gzip myfiles.tar\t\t[ if you choose #1 above ]\r\n# bzip2 myfiles.tar\t\t[ if you choose #2 above ]\r\n# xz myfiles.tar \t\t[ if you choose #3 above ]\r\n<\/pre>\n<p>Finally,<\/p>\n<pre># tar tvf [tarball] #again\r\n<\/pre>\n<p>and compare the modification date and time of\u00a0<b>file4<\/b>\u00a0with the same information as shown earlier.<\/p>\n<h6>Excluding file types<\/h6>\n<p>Suppose you want to perform a backup of user\u2019s\u00a0<b>home<\/b>\u00a0directories. A good sysadmin practice would be (may also be specified by company policies) to exclude all video and audio files from backups.<\/p>\n<p>Maybe your first approach would be to exclude from the backup all files with an\u00a0<b>.mp3<\/b>\u00a0or\u00a0<b>.mp4<\/b>\u00a0extension (or other extensions). What if you have a clever user who can change the extension to\u00a0<b>.txt<\/b>\u00a0or\u00a0<b>.bkp<\/b>, your approach won\u2019t do you much good. In order to detect an audio or video file, you need to check its file type with file. The following shell script will do the job.<\/p>\n<pre>#!\/bin\/bash\r\n# Pass the directory to backup as first argument.\r\nDIR=$1\r\n# Create the tarball and compress it. Exclude files with the MPEG string in its file type.\r\n# -If the file type contains the string mpeg, $? (the exit status of the most recently executed command) expands to 0, and the filename is redirected to the exclude option. Otherwise, it expands to 1.\r\n# -If $? equals 0, add the file to the list of files to be backed up.\r\ntar X &lt;(for i in $DIR\/*; do file $i | grep -i mpeg; if [ $? -eq 0 ]; then echo $i; fi;done) -cjf backupfile.tar.bz2 $DIR\/*\r\n<\/pre>\n<div id=\"attachment_9231\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Exclude-Files-in-Tar.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9231\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Exclude-Files-in-Tar-620x99.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Exclude-Files-in-Tar-620x99.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Exclude-Files-in-Tar.png 1008w\" alt=\"Exclude Files in tar Archive\" width=\"620\" height=\"99\" aria-describedby=\"caption-attachment-9231\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9231\" class=\"wp-caption-text\">Exclude Files in tar<\/p>\n<\/div>\n<h6>Restoring backups with tar preserving permissions<\/h6>\n<p>You can then restore the backup to the original user\u2019s home directory (user_restore in this example), preserving permissions, with the following command.<\/p>\n<pre># tar xjf backupfile.tar.bz2 --directory user_restore --same-permissions\r\n<\/pre>\n<div id=\"attachment_9232\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Restore-tar-Backup-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9232\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Restore-tar-Backup-Files-620x88.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Restore-tar-Backup-Files-620x88.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Restore-tar-Backup-Files.png 1017w\" alt=\"Restore Files from tar Archive\" width=\"620\" height=\"88\" aria-describedby=\"caption-attachment-9232\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9232\" class=\"wp-caption-text\">Restore Files from Archive<\/p>\n<\/div>\n<p><b>Read Also<\/b>:<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/18-tar-command-examples-in-linux\/\" target=\"_blank\" rel=\"noopener\">18 tar Command Examples in Linux<\/a><\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/dtrx-an-intelligent-archive-extraction-tar-zip-cpio-rpm-deb-rar-tool-for-linux\/\" target=\"_blank\" rel=\"noopener\">Dtrx \u2013 An Intelligent Archive Tool for Linux<\/a><\/li>\n<\/ol>\n<h3>Using find Command to Search for Files<\/h3>\n<p>The\u00a0<b>find<\/b>\u00a0command is used to search recursively through directory trees for files or directories that match certain characteristics, and can then either print the matching files or directories or perform other operations on the matches.<\/p>\n<p>Normally, we will search by name, owner, group, type, permissions, date, and size.<\/p>\n<h5>Basic syntax:<\/h5>\n<p># find [directory_to_search] [expression]<\/p>\n<h6>Finding files recursively according to Size<\/h6>\n<p>Find all files (<b>-f<\/b>) in the current directory (<b>.<\/b>) and\u00a0<b>2<\/b>\u00a0subdirectories below (<b>-maxdepth 3<\/b>\u00a0includes the current working directory and 2 levels down) whose size (<b>-size<\/b>) is greater than\u00a0<b>2 MB<\/b>.<\/p>\n<pre># find . -maxdepth 3 -type f -size +2M\r\n<\/pre>\n<div id=\"attachment_9233\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Find-Files-Based-on-Size.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9233\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Find-Files-Based-on-Size.png\" alt=\"Find Files by Size in Linux\" width=\"573\" height=\"126\" aria-describedby=\"caption-attachment-9233\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9233\" class=\"wp-caption-text\">Find Files Based on Size<\/p>\n<\/div>\n<h6>Finding and deleting files that match a certain criteria<\/h6>\n<p>Files with\u00a0<b>777<\/b>\u00a0permissions are sometimes considered an open door to external attackers. Either way, it is not safe to let anyone do anything with files. We will take a rather aggressive approach and delete them! (\u2018<b>{}<\/b>\u2018\u00a0<b>+<\/b>\u00a0is used to \u201ccollect\u201d the results of the search).<\/p>\n<pre># find \/home\/user -perm 777 -exec rm '{}' +\r\n<\/pre>\n<div id=\"attachment_9234\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Find-Files-with-777-Permission.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9234\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Find-Files-with-777-Permission.png\" alt=\"Find all 777 Permission Files\" width=\"487\" height=\"91\" aria-describedby=\"caption-attachment-9234\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9234\" class=\"wp-caption-text\">Find Files with 777Permission<\/p>\n<\/div>\n<h6>Finding files per atime or mtime<\/h6>\n<p>Search for configuration files in\u00a0<b>\/etc<\/b>\u00a0that have been accessed (<b>-atime<\/b>) or modified (<b>-mtime<\/b>) more (<b>+180<\/b>) or less (<b>-180<\/b>) than\u00a0<b>6<\/b>\u00a0months ago or exactly\u00a0<b>6<\/b>\u00a0months ago (<b>180<\/b>).<\/p>\n<p>Modify the following command as per the example below:<\/p>\n<pre># find \/etc -iname \"*.conf\" -mtime -180 -print\r\n<\/pre>\n<div id=\"attachment_9235\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Find-Modified-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9235\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Find-Modified-Files.png\" alt=\"Find Files by Modification Time\" width=\"478\" height=\"229\" aria-describedby=\"caption-attachment-9235\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9235\" class=\"wp-caption-text\">Find Modified Files<\/p>\n<\/div>\n<p><b>Read Also<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/35-practical-examples-of-linux-find-command\/\" target=\"_blank\" rel=\"noopener\">35 Practical Examples of Linux \u2018find\u2019 Command<\/a><\/p>\n<h3>File Permissions and Basic Attributes<\/h3>\n<p>The first\u00a0<b>10<\/b>\u00a0characters in the output of\u00a0<b>ls -l<\/b>\u00a0are the file attributes. The first of these characters is used to indicate the file type:<\/p>\n<ol>\n<li><b>\u2013<\/b>\u00a0: a regular file<\/li>\n<li><b>-d<\/b>\u00a0: a directory<\/li>\n<li><b>-l<\/b>\u00a0: a symbolic link<\/li>\n<li><b>-c<\/b>\u00a0: a character device (which treats data as a stream of bytes, i.e. a terminal)<\/li>\n<li><b>-b<\/b>\u00a0: a block device (which handles data in blocks, i.e. storage devices)<\/li>\n<\/ol>\n<p>The next nine characters of the file attributes are called the file mode and represent the read (<b>r<\/b>), write (<b>w<\/b>), and execute (<b>x<\/b>) permissions of the file\u2019s owner, the file\u2019s group owner, and the rest of the users (commonly referred to as \u201cthe world\u201d).<\/p>\n<p>Whereas the read permission on a file allows the same to be opened and read, the same permission on a directory allows its contents to be listed if the execute permission is also set. In addition, the execute permission in a file allows it to be handled as a program and run, while in a directory it allows the same to be cd\u2019ed into it.<\/p>\n<p>File permissions are changed with the\u00a0<b>chmod<\/b>\u00a0command, whose basic syntax is as follows:<\/p>\n<pre># chmod [new_mode] file\r\n<\/pre>\n<p>Where\u00a0<b>new_mode<\/b>\u00a0is either an octal number or an expression that specifies the new permissions.<\/p>\n<p>The octal number can be converted from its binary equivalent, which is calculated from the desired file permissions for the owner, the group, and the world, as follows:<\/p>\n<p>The presence of a certain permission equals a power of\u00a0<b>2<\/b>\u00a0(<b>r=22<\/b>,\u00a0<b>w=21<\/b>,\u00a0<b>x=20<\/b>), while its absence equates to\u00a0<b>0<\/b>. For example:<\/p>\n<div id=\"attachment_9236\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/File-Permissions.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9236\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/File-Permissions.png\" alt=\"Linux File Permissions\" width=\"529\" height=\"97\" aria-describedby=\"caption-attachment-9236\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9236\" class=\"wp-caption-text\">File Permissions<\/p>\n<\/div>\n<p>To set the file\u2019s permissions as above in octal form, type:<\/p>\n<pre># chmod 744 myfile\r\n<\/pre>\n<p>You can also set a file\u2019s mode using an expression that indicates the owner\u2019s rights with the letter\u00a0<b>u<\/b>, the group owner\u2019s rights with the letter\u00a0<b>g<\/b>, and the rest with\u00a0<b>o<\/b>. All of these \u201c<b>individuals<\/b>\u201d can be represented at the same time with the letter\u00a0<b>a<\/b>. Permissions are granted (or revoked) with the\u00a0<b>+<\/b>\u00a0or\u00a0<b>\u2013<\/b>\u00a0signs, respectively.<\/p>\n<h6>Revoking execute permission for a shell script to all users<\/h6>\n<p>As we explained earlier, we can revoke a certain permission prepending it with the minus sign and indicating whether it needs to be revoked for the owner, the group owner, or all users. The one-liner below can be interpreted as follows: Change mode for all (<b>a<\/b>) users, revoke (<b>\u2013<\/b>) execute permission (<b>x<\/b>).<\/p>\n<pre># chmod a-x backup.sh\r\n<\/pre>\n<p>Granting read, write, and execute permissions for a file to the owner and group owner, and read permissions for the world.<\/p>\n<p>When we use a 3-digit octal number to set permissions for a file, the first digit indicates the permissions for the owner, the second digit for the group owner and the third digit for everyone else:<\/p>\n<ol>\n<li><b>Owner<\/b>: (r=22 + w=21 + x=20 = 7)<\/li>\n<li><b>Group owner<\/b>: (r=22 + w=21 + x=20 = 7)<\/li>\n<li><b>World<\/b>: (r=22 + w=0 + x=0 = 4),<\/li>\n<\/ol>\n<pre># chmod 774 myfile\r\n<\/pre>\n<p>In time, and with practice, you will be able to decide which method to change a file mode works best for you in each case. A long directory listing also shows the file\u2019s owner and its group owner (which serve as a rudimentary yet effective access control to files in a system):<\/p>\n<div id=\"attachment_9237\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Linux-File-Listing.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9237\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Linux-File-Listing.png\" alt=\"Linux File Listing\" width=\"565\" height=\"174\" aria-describedby=\"caption-attachment-9237\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9237\" class=\"wp-caption-text\">Linux File Listing<\/p>\n<\/div>\n<p>File ownership is changed with the\u00a0<b>chown<\/b>\u00a0command. The owner and the group owner can be changed at the same time or separately. Its basic syntax is as follows:<\/p>\n<pre># chown user:group file\r\n<\/pre>\n<p>Where at least user or group need to be present.<\/p>\n<h6>Few Examples<\/h6>\n<p>Changing the owner of a file to a certain user.<\/p>\n<pre># chown gacanepa sent\r\n<\/pre>\n<p>Changing the owner and group of a file to an specific user:group pair.<\/p>\n<pre># chown gacanepa:gacanepa TestFile\r\n<\/pre>\n<p>Changing only the group owner of a file to a certain group. Note the colon before the group\u2019s name.<\/p>\n<pre># chown :gacanepa email_body.txt\r\n<\/pre>\n<h3>Conclusion<\/h3>\n<p>As a sysadmin, you need to know how to create and restore backups, how to find files in your system and change their attributes, along with a few tricks that can make your life easier and will prevent you from running into future issues.<\/p>\n<p>I hope that the tips provided in the present article will help you to achieve that goal. Feel free to add your own tips and ideas in the comments section for the benefit of the community. Thanks in advance!<\/p>\n<h5>Reference Links<\/h5>\n<ol>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/LFCS\" target=\"_blank\" rel=\"nofollow noopener\">About the LFCS<\/a><\/li>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/why-certify-with-us\" target=\"_blank\" rel=\"nofollow noopener\">Why get a Linux Foundation Certification?<\/a><\/li>\n<li><a href=\"https:\/\/www.shareasale.com\/r.cfm?b=768106&amp;u=1260899&amp;m=59485&amp;urllink=&amp;afftrack=\" target=\"_blank\" rel=\"nofollow noopener\">Register for the LFCS exam<\/a><\/li>\n<\/ol>\n<h1 class=\"post-title\">LFCS: Partitioning Storage Devices, Formatting Filesystems and Configuring Swap Partition \u2013 Part 4<\/h1>\n<p>Last August, the Linux Foundation launched the\u00a0<strong>LFCS<\/strong>\u00a0certification (<strong>Linux Foundation Certified Sysadmin<\/strong>), a shiny chance for system administrators to show, through a performance-based exam, that they can perform overall operational support of Linux systems: system support, first-level diagnosing and monitoring, plus issue escalation \u2013 if needed \u2013 to other support teams.<\/p>\n<div id=\"attachment_9307\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9307\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-4.png\" alt=\"Linux Foundation Certified Sysadmin \u2013 Part 4\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9307\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9307\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 4<\/p>\n<\/div>\n<p>Please aware that Linux Foundation certifications are precise, totally based on performance and available through an online portal anytime, anywhere. Thus, you no longer have to travel to a examination center to get the certifications you need to establish your skills and expertise.<\/p>\n<p>Please watch the below video that explains The Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This post is Part 4 of a 10-tutorial series, here in this part, we will cover the Partitioning storage devices, Formatting filesystems and Configuring swap partition, that are required for the LFCS certification exam.<\/p>\n<h3>Partitioning Storage Devices<\/h3>\n<p>Partitioning is a means to divide a single hard drive into one or more parts or \u201c<b>slices<\/b>\u201d called partitions. A partition is a section on a drive that is treated as an independent disk and which contains a single type of file system, whereas a partition table is an index that relates those physical sections of the hard drive to partition identifications.<\/p>\n<p>In Linux, the traditional tool for managing MBR partitions (up to ~2009) in IBM PC compatible systems is\u00a0<b>fdisk<\/b>. For GPT partitions (~2010 and later) we will use\u00a0<b>gdisk<\/b>. Each of these tools can be invoked by typing its name followed by a device name (such as\u00a0<b>\/dev\/sdb<\/b>).<\/p>\n<h4>Managing MBR Partitions with fdisk<\/h4>\n<p>We will cover\u00a0<b>fdisk<\/b>\u00a0first.<\/p>\n<pre># fdisk \/dev\/sdb\r\n<\/pre>\n<p>A prompt appears asking for the next operation. If you are unsure, you can press the \u2018<b>m<\/b>\u2018 key to display the help contents.<\/p>\n<div id=\"attachment_9295\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/fdisk-help.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9295\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/fdisk-help.png\" alt=\"fdisk Help Menu\" width=\"393\" height=\"384\" aria-describedby=\"caption-attachment-9295\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9295\" class=\"wp-caption-text\">fdisk Help Menu<\/p>\n<\/div>\n<p>In the above image, the most frequently used options are highlighted. At any moment, you can press \u2018<b>p<\/b>\u2018 to display the current partition table.<\/p>\n<div id=\"attachment_9296\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Show-Partition-Table.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9296\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Show-Partition-Table.png\" alt=\"Check Partition Table in Linux\" width=\"549\" height=\"215\" aria-describedby=\"caption-attachment-9296\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9296\" class=\"wp-caption-text\">Show Partition Table<\/p>\n<\/div>\n<p>The\u00a0<b>Id<\/b>\u00a0column shows the partition type (or partition id) that has been assigned by fdisk to the partition. A partition type serves as an indicator of the file system, the partition contains or, in simple words, the way data will be accessed in that partition.<\/p>\n<p>Please note that a comprehensive study of each partition type is out of the scope of this tutorial \u2013 as this series is focused on the\u00a0<b>LFCS<\/b>\u00a0exam, which is performance-based.<\/p>\n<h6>Some of the options used by fdisk as follows:<\/h6>\n<p>You can list all the partition types that can be managed by fdisk by pressing the \u2018<b>l<\/b>\u2018 option (lowercase l).<\/p>\n<p>Press \u2018<b>d<\/b>\u2018 to delete an existing partition. If more than one partition is found in the drive, you will be asked which one should be deleted.<\/p>\n<p>Enter the corresponding number, and then press \u2018<b>w<\/b>\u2018 (write modifications to partition table) to apply changes.<\/p>\n<p>In the following example, we will delete\u00a0<b>\/dev\/sdb2<\/b>, and then print (<b>p<\/b>) the partition table to verify the modifications.<\/p>\n<div id=\"attachment_9297\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/fdisk-options.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9297\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/fdisk-options.png\" alt=\"fdisk Command Options\" width=\"544\" height=\"274\" aria-describedby=\"caption-attachment-9297\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9297\" class=\"wp-caption-text\">fdisk Command Options<\/p>\n<\/div>\n<p>Press \u2018<b>n<\/b>\u2018 to create a new partition, then \u2018<b>p<\/b>\u2018 to indicate it will be a primary partition. Finally, you can accept all the default values (in which case the partition will occupy all the available space), or specify a size as follows.<\/p>\n<div id=\"attachment_9298\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-New-Partition.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9298\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-New-Partition.png\" alt=\"Create New Partition in Linux\" width=\"579\" height=\"311\" aria-describedby=\"caption-attachment-9298\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9298\" class=\"wp-caption-text\">Create New Partition<\/p>\n<\/div>\n<p>If the partition\u00a0<b>Id<\/b>\u00a0that fdisk chose is not the right one for our setup, we can press \u2018<b>t<\/b>\u2018 to change it.<\/p>\n<div id=\"attachment_9299\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Change-Partition-Name.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9299\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Change-Partition-Name.png\" alt=\"Change Partition Name in Linux\" width=\"577\" height=\"311\" aria-describedby=\"caption-attachment-9299\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9299\" class=\"wp-caption-text\">Change Partition Name<\/p>\n<\/div>\n<p>When you\u2019re done setting up the partitions, press \u2018<b>w<\/b>\u2018 to commit the changes to disk.<\/p>\n<div id=\"attachment_9300\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Save-Partition-Changes.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9300\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Save-Partition-Changes.png\" alt=\"Save Partition Changes\" width=\"362\" height=\"89\" aria-describedby=\"caption-attachment-9300\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9300\" class=\"wp-caption-text\">Save Partition Changes<\/p>\n<\/div>\n<h4>Managing GPT Partitions with gdisk<\/h4>\n<p>In the following example, we will use\u00a0<b>\/dev\/sdb<\/b>.<\/p>\n<pre># gdisk \/dev\/sdb\r\n<\/pre>\n<p>We must note that gdisk can be used either to create MBR or GPT partitions.<\/p>\n<div id=\"attachment_9301\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-GPT-Partitions.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9301\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-GPT-Partitions.png\" alt=\"Create GPT Partitions in Linux\" width=\"410\" height=\"280\" aria-describedby=\"caption-attachment-9301\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9301\" class=\"wp-caption-text\">Create GPT Partitions<\/p>\n<\/div>\n<p>The advantage of using GPT partitioning is that we can create up to\u00a0<b>128<\/b>\u00a0partitions in the same disk whose size can be up to the order of petabytes, whereas the maximum size for MBR partitions is\u00a0<b>2 TB<\/b>.<\/p>\n<p>Note that most of the options in fdisk are the same in gdisk. For that reason, we will not go into detail about them, but here\u2019s a screenshot of the process.<\/p>\n<div id=\"attachment_9302\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/gdisk-options.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9302\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/gdisk-options-620x286.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/gdisk-options-620x286.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/gdisk-options.png 623w\" alt=\"gdisk Command Options\" width=\"620\" height=\"286\" aria-describedby=\"caption-attachment-9302\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9302\" class=\"wp-caption-text\">gdisk Command Options<\/p>\n<\/div>\n<h3>Formatting Filesystems<\/h3>\n<p>Once we have created all the necessary partitions, we must create filesystems. To find out the list of filesystems supported in your system, run.<\/p>\n<pre># ls \/sbin\/mk*\r\n<\/pre>\n<div id=\"attachment_9303\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Filesystems.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9303\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Filesystems-620x83.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Filesystems-620x83.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Filesystems.png 628w\" alt=\"Check Filesystems Type in Linux\" width=\"620\" height=\"83\" aria-describedby=\"caption-attachment-9303\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9303\" class=\"wp-caption-text\">Check Filesystems Type<\/p>\n<\/div>\n<p>The type of filesystem that you should choose depends on your requirements. You should consider the pros and cons of each filesystem and its own set of features. Two important attributes to look for in a filesystem are.<\/p>\n<ol>\n<li>Journaling support, which allows for faster data recovery in the event of a system crash.<\/li>\n<li>Security Enhanced Linux (SELinux) support, as per the project wiki, \u201ca security enhancement to Linux which allows users and administrators more control over access control\u201d.<\/li>\n<\/ol>\n<p>In our next example, we will create an\u00a0<b>ext4<\/b>\u00a0filesystem (supports both journaling and SELinux) labeled\u00a0<b>Tecmint<\/b>on\u00a0<b>\/dev\/sdb1<\/b>, using\u00a0<b>mkfs<\/b>, whose basic syntax is.<\/p>\n<pre># mkfs -t [filesystem] -L [label] device\r\nor\r\n# mkfs.[filesystem] -L [label] device\r\n<\/pre>\n<div id=\"attachment_9304\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-ext4-Filesystems.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9304\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-ext4-Filesystems.png\" alt=\"Create ext4 Filesystems in Linux\" width=\"575\" height=\"394\" aria-describedby=\"caption-attachment-9304\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9304\" class=\"wp-caption-text\">Create ext4 Filesystems<\/p>\n<\/div>\n<h3>Creating and Using Swap Partitions<\/h3>\n<p>Swap partitions are necessary if we need our Linux system to have access to virtual memory, which is a section of the hard disk designated for use as memory, when the main system memory (RAM) is all in use. For that reason, a swap partition may not be needed on systems with enough RAM to meet all its requirements; however, even in that case it\u2019s up to the system administrator to decide whether to use a swap partition or not.<\/p>\n<p>A simple rule of thumb to decide the size of a swap partition is as follows.<\/p>\n<p>Swap should usually equal\u00a0<b>2x<\/b>\u00a0physical RAM for up to\u00a0<b>2 GB<\/b>\u00a0of physical RAM, and then an additional\u00a0<b>1x<\/b>\u00a0physical RAM for any amount above\u00a0<b>2 GB<\/b>, but never less than\u00a0<b>32 MB<\/b>.<\/p>\n<p>So, if:<\/p>\n<p><b>M<\/b>\u00a0= Amount of RAM in GB, and\u00a0<b>S<\/b>\u00a0= Amount of swap in GB, then<\/p>\n<pre>If M &lt; 2\r\n\tS = M *2\r\nElse\r\n\tS = M + 2\r\n<\/pre>\n<p>Remember this is just a formula and that only you, as a sysadmin, have the final word as to the use and size of a swap partition.<\/p>\n<p>To configure a swap partition, create a regular partition as demonstrated earlier with the desired size. Next, we need to add the following entry to the\u00a0<b>\/etc\/fstab<\/b>\u00a0file (<b>X<\/b>\u00a0can be either\u00a0<b>b<\/b>\u00a0or\u00a0<b>c<\/b>).<\/p>\n<pre>\/dev\/sdX1 swap swap sw 0 0\r\n<\/pre>\n<p>Finally, let\u2019s format and enable the swap partition.<\/p>\n<pre># mkswap \/dev\/sdX1\r\n# swapon -v \/dev\/sdX1\r\n<\/pre>\n<p>To display a snapshot of the swap partition(s).<\/p>\n<pre># cat \/proc\/swaps\r\n<\/pre>\n<p>To disable the swap partition.<\/p>\n<pre># swapoff \/dev\/sdX1\r\n<\/pre>\n<p>For the next example, we\u2019ll use\u00a0<b>\/dev\/sdc1<\/b>\u00a0(=512 MB, for a system with 256 MB of RAM) to set up a partition with fdisk that we will use as swap, following the steps detailed above. Note that we will specify a fixed size in this case.<\/p>\n<div id=\"attachment_9305\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-Swap-Partition.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9305\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-Swap-Partition-620x206.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-Swap-Partition-620x206.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Create-Swap-Partition.png 629w\" alt=\"Create-Swap-Partition in Linux\" width=\"620\" height=\"206\" aria-describedby=\"caption-attachment-9305\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9305\" class=\"wp-caption-text\">Create Swap Partition<\/p>\n<\/div>\n<div id=\"attachment_9306\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Swap-Partition.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9306\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Swap-Partition-620x132.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Swap-Partition-620x132.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Swap-Partition.png 642w\" alt=\"Add Swap Partition in Linux\" width=\"620\" height=\"132\" aria-describedby=\"caption-attachment-9306\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9306\" class=\"wp-caption-text\">Enable Swap Partition<\/p>\n<\/div>\n<h3>Conclusion<\/h3>\n<p>Creating partitions (including swap) and formatting filesystems are crucial in your road to Sysadminship. I hope that the tips given in this article will guide you to achieve your goals. Feel free to add your own tips &amp; ideas in the comments section below, for the benefit of the community.<\/p>\n<h5>Reference Links<\/h5>\n<ol>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/LFCS\" target=\"_blank\" rel=\"nofollow noopener\">About the LFCS<\/a><\/li>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/why-certify-with-us\" target=\"_blank\" rel=\"nofollow noopener\">Why get a Linux Foundation Certification?<\/a><\/li>\n<li><a href=\"https:\/\/www.shareasale.com\/r.cfm?b=768106&amp;u=1260899&amp;m=59485&amp;urllink=&amp;afftrack=\" target=\"_blank\" rel=\"nofollow noopener\">Register for the LFCS exam<\/a><\/li>\n<\/ol>\n<h1 class=\"post-title\">LFCS: How to Mount\/Unmount Local and Network (Samba &amp; NFS) Filesystems in Linux \u2013 Part 5<\/h1>\n<p>The Linux Foundation launched the\u00a0<strong>LFCS<\/strong>\u00a0certification (<strong>Linux Foundation Certified Sysadmin<\/strong>), a brand new program whose purpose is allowing individuals from all corners of the globe to get certified in basic to intermediate system administration tasks for Linux systems, which includes supporting running systems and services, along with overall monitoring and analysis, plus smart decision-making when it comes to raising issues to upper support teams.<\/p>\n<div id=\"attachment_9368\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9368\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-5.png\" alt=\"Linux Foundation Certified Sysadmin \u2013 Part 5\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9368\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9368\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 5<\/p>\n<\/div>\n<p>The following video shows an introduction to The Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This post is Part 5 of a 10-tutorial series, here in this part, we will explain How to mount\/unmount local and network filesystems in linux, that are required for the LFCS certification exam.<\/p>\n<h3>Mounting Filesystems<\/h3>\n<p>Once a disk has been partitioned, Linux needs some way to access the data on the partitions. Unlike DOS or Windows (where this is done by assigning a drive letter to each partition), Linux uses a unified directory tree where each partition is mounted at a mount point in that tree.<\/p>\n<p>A mount point is a directory that is used as a way to access the filesystem on the partition, and mounting the filesystem is the process of associating a certain filesystem (a partition, for example) with a specific directory in the directory tree.<\/p>\n<p>In other words, the first step in managing a storage device is attaching the device to the file system tree. This task can be accomplished on a one-time basis by using tools such as\u00a0<b>mount<\/b>\u00a0(and then unmounted with\u00a0<b>umount<\/b>) or persistently across reboots by editing the\u00a0<b>\/etc\/fstab<\/b>\u00a0file.<\/p>\n<p>The\u00a0<b>mount<\/b>\u00a0command (without any options or arguments) shows the currently mounted filesystems.<\/p>\n<pre># mount\r\n<\/pre>\n<div id=\"attachment_9360\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/check-mounted-filesystems.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9360\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/check-mounted-filesystems-620x202.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/check-mounted-filesystems-620x202.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/check-mounted-filesystems.png 847w\" alt=\"Check Mounted Filesystem in Linux\" width=\"620\" height=\"202\" aria-describedby=\"caption-attachment-9360\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9360\" class=\"wp-caption-text\">Check Mounted Filesystem<\/p>\n<\/div>\n<p>In addition,\u00a0<b>mount<\/b>\u00a0is used to mount filesystems into the filesystem tree. Its standard syntax is as follows.<\/p>\n<pre># mount -t type device dir -o options\r\n<\/pre>\n<p>This command instructs the kernel to\u00a0<b>mount<\/b>\u00a0the filesystem found on\u00a0<b>device<\/b>\u00a0(a partition, for example, that has been formatted with a filesystem\u00a0<b>type<\/b>) at the directory\u00a0<b>dir<\/b>, using all\u00a0<b>options<\/b>. In this form, mount does not look in\u00a0<b>\/etc\/fstab<\/b>\u00a0for instructions.<\/p>\n<p>If only a directory or device is specified, for example.<\/p>\n<pre># mount \/dir -o options\r\nor\r\n# mount device -o options\r\n<\/pre>\n<p><b>mount<\/b>\u00a0tries to find a mount point and if it can\u2019t find any, then searches for a device (both cases in the\u00a0<b>\/etc\/fstab<\/b>file), and finally attempts to complete the mount operation (which usually succeeds, except for the case when either the directory or the device is already being used, or when the user invoking mount is not root).<\/p>\n<p>You will notice that every line in the output of mount has the following format.<\/p>\n<pre>device on directory type (options)\r\n<\/pre>\n<p>For example,<\/p>\n<pre>\/dev\/mapper\/debian-home on \/home type ext4 (rw,relatime,user_xattr,barrier=1,data=ordered)\r\n<\/pre>\n<p>Reads:<\/p>\n<p>dev\/mapper\/debian-home is mounted on \/home, which has been formatted as ext4, with the following options: rw,relatime,user_xattr,barrier=1,data=ordered<\/p>\n<h5>Mount Options<\/h5>\n<p>Most frequently used mount options include.<\/p>\n<ol>\n<li><b>async<\/b>: allows asynchronous I\/O operations on the file system being mounted.<\/li>\n<li><b>auto<\/b>: marks the file system as enabled to be mounted automatically using mount\u00a0<b>-a<\/b>. It is the opposite of noauto.<\/li>\n<li><b>defaults<\/b>: this option is an alias for async,auto,dev,exec,nouser,rw,suid. Note that multiple options must be separated by a comma without any spaces. If by accident you type a space between options, mount will interpret the subsequent text string as another argument.<\/li>\n<li><b>loop<\/b>: Mounts an image (an .iso file, for example) as a loop device. This option can be used to simulate the presence of the disk\u2019s contents in an optical media reader.<\/li>\n<li><b>noexec<\/b>: prevents the execution of executable files on the particular filesystem. It is the opposite of exec.<\/li>\n<li><b>nouser<\/b>: prevents any users (other than root) to mount and unmount the filesystem. It is the opposite of user.<\/li>\n<li><b>remount<\/b>: mounts the filesystem again in case it is already mounted.<\/li>\n<li><b>ro<\/b>: mounts the filesystem as read only.<\/li>\n<li><b>rw<\/b>: mounts the file system with read and write capabilities.<\/li>\n<li><b>relatime<\/b>: makes access time to files be updated only if atime is earlier than mtime.<\/li>\n<li><b>user_xattr<\/b>: allow users to set and remote extended filesystem attributes.<\/li>\n<\/ol>\n<h6>Mounting a device with ro and noexec options<\/h6>\n<pre># mount -t ext4 \/dev\/sdg1 \/mnt -o ro,noexec\r\n<\/pre>\n<p>In this case we can see that attempts to write a file to or to run a binary file located inside our mounting point fail with corresponding error messages.<\/p>\n<pre># touch \/mnt\/myfile\r\n# \/mnt\/bin\/echo \u201cHi there\u201d\r\n<\/pre>\n<div id=\"attachment_9362\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Device-Read-Write.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9362\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Device-Read-Write.png\" alt=\"Mount Device in Read Write Mode\" width=\"462\" height=\"89\" aria-describedby=\"caption-attachment-9362\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9362\" class=\"wp-caption-text\">Mount Device Read Write<\/p>\n<\/div>\n<h6>Mounting a device with default options<\/h6>\n<p>In the following scenario, we will try to write a file to our newly mounted device and run an executable file located within its filesystem tree using the same commands as in the previous example.<\/p>\n<pre># mount -t ext4 \/dev\/sdg1 \/mnt -o defaults\r\n<\/pre>\n<div id=\"attachment_9363\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Device.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9363\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Device.png\" alt=\"Mount Device in Linux\" width=\"447\" height=\"127\" aria-describedby=\"caption-attachment-9363\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9363\" class=\"wp-caption-text\">Mount Device<\/p>\n<\/div>\n<p>In this last case, it works perfectly.<\/p>\n<h3>Unmounting Devices<\/h3>\n<p>Unmounting a device (with the\u00a0<b>umount<\/b>\u00a0command) means finish writing all the remaining \u201con transit\u201d data so that it can be safely removed. Note that if you try to remove a mounted device without properly unmounting it first, you run the risk of damaging the device itself or cause data loss.<\/p>\n<p>That being said, in order to unmount a device, you must be \u201cstanding outside\u201d its block device descriptor or mount point. In other words, your current working directory must be something else other than the mounting point. Otherwise, you will get a message saying that the device is busy.<\/p>\n<div id=\"attachment_9364\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Unmount-Device.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9364\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Unmount-Device.png\" alt=\"Unmount Device in Linux\" width=\"485\" height=\"120\" aria-describedby=\"caption-attachment-9364\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9364\" class=\"wp-caption-text\">Unmount Device<\/p>\n<\/div>\n<p>An easy way to \u201c<b>leave<\/b>\u201d the mounting point is typing the\u00a0<b>cd<\/b>\u00a0command which, in lack of arguments, will take us to our current user\u2019s home directory, as shown above.<\/p>\n<h3>Mounting Common Networked Filesystems<\/h3>\n<p>The two most frequently used network file systems are\u00a0<b>SMB<\/b>\u00a0(which stands for \u201c<b>Server Message Block<\/b>\u201d) and\u00a0<b>NFS<\/b>\u00a0(\u201c<b>Network File System<\/b>\u201d). Chances are you will use NFS if you need to set up a share for Unix-like clients only, and will opt for Samba if you need to share files with Windows-based clients and perhaps other Unix-like clients as well.<\/p>\n<p><b>Read Also<\/b><\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/setup-samba-server-using-tdbsam-backend-on-rhel-centos-6-3-5-8-and-fedora-17-12\/\" target=\"_blank\" rel=\"noopener\">Setup Samba Server in RHEL\/CentOS and Fedora<\/a><\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/how-to-setup-nfs-server-in-linux\/\" target=\"_blank\" rel=\"noopener\">Setting up NFS (Network File System) on RHEL\/CentOS\/Fedora and Debian\/Ubuntu<\/a><\/li>\n<\/ol>\n<p>The following steps assume that\u00a0<b>Samba<\/b>\u00a0and\u00a0<b>NFS<\/b>\u00a0shares have already been set up in the server with IP\u00a0<b>192.168.0.10<\/b>\u00a0(please note that setting up a NFS share is one of the competencies required for the\u00a0<b>LFCE<\/b>\u00a0exam, which we will cover after the present series).<\/p>\n<h4>Mounting a Samba share on Linux<\/h4>\n<p><b>Step 1<\/b>: Install the samba-client samba-common and cifs-utils packages on Red Hat and Debian based distributions.<\/p>\n<pre># yum update &amp;&amp; yum install samba-client samba-common cifs-utils\r\n# aptitude update &amp;&amp; aptitude install samba-client samba-common cifs-utils\r\n<\/pre>\n<p>Then run the following command to look for available samba shares in the server.<\/p>\n<pre># smbclient -L 192.168.0.10\r\n<\/pre>\n<p>And enter the password for the root account in the remote machine.<\/p>\n<div id=\"attachment_9365\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Samba-Share.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9365\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Samba-Share.png\" alt=\"Mount Samba Share in Linux\" width=\"509\" height=\"362\" aria-describedby=\"caption-attachment-9365\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9365\" class=\"wp-caption-text\">Mount Samba Share<\/p>\n<\/div>\n<p>In the above image we have highlighted the share that is ready for mounting on our local system. You will need a valid samba username and password on the remote server in order to access it.<\/p>\n<p><b>Step 2<\/b>: When mounting a password-protected network share, it is not a good idea to write your credentials in the\u00a0<b>\/etc\/fstab<\/b>\u00a0file. Instead, you can store them in a hidden file somewhere with permissions set to\u00a0<b>600<\/b>, like so.<\/p>\n<pre># mkdir \/media\/samba\r\n# echo \u201cusername=samba_username\u201d &gt; \/media\/samba\/.smbcredentials\r\n# echo \u201cpassword=samba_password\u201d &gt;&gt; \/media\/samba\/.smbcredentials\r\n# chmod 600 \/media\/samba\/.smbcredentials\r\n<\/pre>\n<p><b>Step 3<\/b>: Then add the following line to\u00a0<b>\/etc\/fstab<\/b>\u00a0file.<\/p>\n<pre># \/\/192.168.0.10\/gacanepa \/media\/samba cifs credentials=\/media\/samba\/.smbcredentials,defaults 0 0\r\n<\/pre>\n<p><b>Step 4<\/b>: You can now mount your samba share, either manually (mount \/\/192.168.0.10\/gacanepa) or by rebooting your machine so as to apply the changes made in\u00a0<b>\/etc\/fstab<\/b>\u00a0permanently.<\/p>\n<pre># mount -a\r\n<\/pre>\n<div id=\"attachment_9366\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Password-Protect-Samba-Share.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9366\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-Password-Protect-Samba-Share.png\" alt=\"Mount Password Protect Samba Share\" width=\"556\" height=\"119\" aria-describedby=\"caption-attachment-9366\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9366\" class=\"wp-caption-text\">Mount Password Protect Samba Share<\/p>\n<\/div>\n<h4>Mounting a NFS share on Linux<\/h4>\n<p><b>Step 1<\/b>: Install the nfs-common and portmap packages on Red Hat and Debian based distributions.<\/p>\n<pre># yum update &amp;&amp; yum install nfs-utils nfs-utils-lib\r\n# aptitude update &amp;&amp; aptitude install nfs-common\r\n<\/pre>\n<p><b>Step 2<\/b>: Create a mounting point for the NFS share.<\/p>\n<pre># mkdir \/media\/nfs\r\n<\/pre>\n<p><b>Step 3<\/b>: Add the following line to\u00a0<b>\/etc\/fstab<\/b>\u00a0file.<\/p>\n<pre>192.168.0.10:\/NFS-SHARE \/media\/nfs nfs defaults 0 0\r\n<\/pre>\n<p><b>Step 4<\/b>: You can now mount your nfs share, either manually (mount 192.168.0.10:\/NFS-SHARE) or by rebooting your machine so as to apply the changes made in\u00a0<b>\/etc\/fstab<\/b>\u00a0permanently.<\/p>\n<div id=\"attachment_9367\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-NFS-Share.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9367\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Mount-NFS-Share.png\" alt=\"Mount NFS Share in Linux\" width=\"481\" height=\"132\" aria-describedby=\"caption-attachment-9367\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9367\" class=\"wp-caption-text\">Mount NFS Share<\/p>\n<\/div>\n<h3>Mounting Filesystems Permanently<\/h3>\n<p>As shown in the previous two examples, the\u00a0<b>\/etc\/fstab<\/b>\u00a0file controls how Linux provides access to disk partitions and removable media devices and consists of a series of lines that contain six fields each; the fields are separated by one or more spaces or tabs. A line that begins with a hash mark (<b>#<\/b>) is a comment and is ignored.<\/p>\n<p>Each line has the following format.<\/p>\n<pre>&lt;file system&gt; &lt;mount point&gt; &lt;type&gt; &lt;options&gt; &lt;dump&gt; &lt;pass&gt;\r\n<\/pre>\n<p>Where:<\/p>\n<ol>\n<li><b>&lt;file system&gt;<\/b>: The first column specifies the mount device. Most distributions now specify partitions by their labels or UUIDs. This practice can help reduce problems if partition numbers change.<\/li>\n<li><b>&lt;mount point&gt;<\/b>: The second column specifies the mount point.<\/li>\n<li><b>&lt;type&gt;<\/b>: The file system type code is the same as the type code used to mount a filesystem with the mount command. A file system type code of auto lets the kernel auto-detect the filesystem type, which can be a convenient option for removable media devices. Note that this option may not be available for all filesystems out there.<\/li>\n<li><b>&lt;options&gt;<\/b>: One (or more) mount option(s).<\/li>\n<li><b>&lt;dump&gt;<\/b>: You will most likely leave this to 0 (otherwise set it to 1) to disable the dump utility to backup the filesystem upon boot (The dump program was once a common backup tool, but it is much less popular today.)<\/li>\n<li><b>&lt;pass&gt;<\/b>: This column specifies whether the integrity of the filesystem should be checked at boot time with fsck. A 0 means that fsck should not check a filesystem. The higher the number, the lowest the priority. Thus, the root partition will most likely have a value of 1, while all others that should be checked should have a value of 2.<\/li>\n<\/ol>\n<h5>Mount Examples<\/h5>\n<p>1. To mount a partition with label\u00a0<b>TECMINT<\/b>\u00a0at boot time with\u00a0<b>rw<\/b>\u00a0and\u00a0<b>noexec<\/b>\u00a0attributes, you should add the following line in\u00a0<b>\/etc\/fstab<\/b>\u00a0file.<\/p>\n<pre>LABEL=TECMINT \/mnt ext4 rw,noexec 0 0\r\n<\/pre>\n<p>2. If you want the contents of a disk in your DVD drive be available at boot time.<\/p>\n<pre>\/dev\/sr0    \/media\/cdrom0    iso9660    ro,user,noauto    0    0\r\n<\/pre>\n<p>Where\u00a0<b>\/dev\/sr0<\/b>\u00a0is your DVD drive.<\/p>\n<h3>Summary<\/h3>\n<p>You can rest assured that mounting and unmounting local and network filesystems from the command line will be part of your day-to-day responsibilities as sysadmin. You will also need to master\u00a0<b>\/etc\/fstab<\/b>. I hope that you have found this article useful to help you with those tasks. Feel free to add your comments (or ask questions) below and to share this article through your network social profiles.<\/p>\n<h5>Reference Links<\/h5>\n<ol>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/LFCS\" target=\"_blank\" rel=\"nofollow noopener\">About the LFCS<\/a><\/li>\n<li><a href=\"https:\/\/training.linuxfoundation.org\/certification\/why-certify-with-us\" target=\"_blank\" rel=\"nofollow noopener\">Why get a Linux Foundation Certification?<\/a><\/li>\n<li><a href=\"https:\/\/www.shareasale.com\/r.cfm?b=768106&amp;u=1260899&amp;m=59485&amp;urllink=&amp;afftrack=\" target=\"_blank\" rel=\"nofollow noopener\">Register for the LFCS exam<\/a><\/li>\n<\/ol>\n<h1 class=\"post-title\">LFCS: Assembling Partitions as RAID Devices \u2013 Creating &amp; Managing System Backups \u2013 Part 6<\/h1>\n<p>Recently, the Linux Foundation launched the\u00a0<strong>LFCS<\/strong>\u00a0(<strong>Linux Foundation Certified Sysadmin<\/strong>) certification, a shiny chance for system administrators everywhere to demonstrate, through a performance-based exam, that they are capable of performing overall operational support on Linux systems: system support, first-level diagnosing and monitoring, plus issue escalation, when required, to other support teams.<\/p>\n<div id=\"attachment_9427\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9427\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-6.png\" alt=\"Linux Foundation Certified Sysadmin \u2013 Part 6\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9427\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9427\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 6<\/p>\n<\/div>\n<p>The following video provides an introduction to The Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This post is Part 6 of a 10-tutorial series, here in this part, we will explain How to Assemble Partitions as RAID Devices \u2013 Creating &amp; Managing System Backups, that are required for the LFCS certification exam.<\/p>\n<h3>Understanding RAID<\/h3>\n<p>The technology known as\u00a0<b>Redundant Array of Independent Disks<\/b>\u00a0(<b>RAID<\/b>) is a storage solution that combines multiple hard disks into a single logical unit to provide redundancy of data and\/or improve performance in read \/ write operations to disk.<\/p>\n<p>However, the actual fault-tolerance and disk I\/O performance lean on how the hard disks are set up to form the disk array. Depending on the available devices and the fault tolerance \/ performance needs, different RAID levels are defined. You can refer to the RAID series here in Tecmint.com for a more detailed explanation on each RAID level.<\/p>\n<p><b>RAID Guide<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/understanding-raid-setup-in-linux\/\" target=\"_blank\" rel=\"noopener\">What is RAID, Concepts of RAID and RAID Levels Explained<\/a><\/p>\n<p>Our tool of choice for creating, assembling, managing, and monitoring our software RAIDs is called\u00a0<b>mdadm<\/b>(short for multiple disks admin).<\/p>\n<pre>---------------- Debian and Derivatives ----------------\r\n# aptitude update &amp;&amp; aptitude install mdadm \r\n<\/pre>\n<pre>---------------- Red Hat and CentOS based Systems ----------------\r\n# yum update &amp;&amp; yum install mdadm\r\n<\/pre>\n<pre>---------------- On openSUSE ----------------\r\n# zypper refresh &amp;&amp; zypper install mdadm # \r\n<\/pre>\n<h4>Assembling Partitions as RAID Devices<\/h4>\n<p>The process of assembling existing partitions as RAID devices consists of the following steps.<\/p>\n<h6>1. Create the array using mdadm<\/h6>\n<p>If one of the partitions has been formatted previously, or has been a part of another RAID array previously, you will be prompted to confirm the creation of the new array. Assuming you have taken the necessary precautions to avoid losing important data that may have resided in them, you can safely type\u00a0<b>y<\/b>\u00a0and press\u00a0<b>Enter<\/b>.<\/p>\n<pre># mdadm --create --verbose \/dev\/md0 --level=stripe --raid-devices=2 \/dev\/sdb1 \/dev\/sdc1\r\n<\/pre>\n<div id=\"attachment_9420\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Creating-RAID-Array.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9420\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Creating-RAID-Array-620x113.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Creating-RAID-Array-620x113.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Creating-RAID-Array.png 795w\" alt=\"Creating RAID Array\" width=\"620\" height=\"113\" aria-describedby=\"caption-attachment-9420\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9420\" class=\"wp-caption-text\">Creating RAID Array<\/p>\n<\/div>\n<h6>2. Check the array creation status<\/h6>\n<p>In order to check the array creation status, you will use the following commands \u2013 regardless of the RAID type. These are just as valid as when we are creating a RAID0 (as shown above), or when you are in the process of setting up a RAID5, as shown in the image below.<\/p>\n<pre># cat \/proc\/mdstat\r\nor \r\n# mdadm --detail \/dev\/md0\t[More detailed summary]\r\n<\/pre>\n<div id=\"attachment_9421\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-RAID-Array-Status.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9421\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-RAID-Array-Status-431x450.png\" sizes=\"auto, (max-width: 431px) 100vw, 431px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-RAID-Array-Status-431x450.png 431w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-RAID-Array-Status.png 623w\" alt=\"Check RAID Array Status\" width=\"431\" height=\"450\" aria-describedby=\"caption-attachment-9421\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9421\" class=\"wp-caption-text\">Check RAID Array Status<\/p>\n<\/div>\n<h6>3. Format the RAID Device<\/h6>\n<p>Format the device with a filesystem as per your needs \/ requirements, as explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/create-partitions-and-filesystems-in-linux\/\" target=\"_blank\" rel=\"noopener\">Part 4<\/a>\u00a0of this series.<\/p>\n<h6>4. Monitor RAID Array Service<\/h6>\n<p>Instruct the monitoring service to \u201ckeep an eye\u201d on the array. Add the output of\u00a0<b>mdadm \u2013detail \u2013scan<\/b>\u00a0to\u00a0<b>\/etc\/mdadm\/mdadm.conf<\/b>\u00a0(Debian and derivatives) or\u00a0<b>\/etc\/mdadm.conf<\/b>\u00a0(CentOS \/ openSUSE), like so.<\/p>\n<pre># mdadm --detail --scan\r\n<\/pre>\n<div id=\"attachment_9422\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Monitor-RAID-Array.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9422\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Monitor-RAID-Array-620x140.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Monitor-RAID-Array-620x140.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Monitor-RAID-Array.png 722w\" alt=\"Monitor RAID Array\" width=\"620\" height=\"140\" aria-describedby=\"caption-attachment-9422\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9422\" class=\"wp-caption-text\">Monitor RAID Array<\/p>\n<\/div>\n<pre># mdadm --assemble --scan \t[Assemble the array]\r\n<\/pre>\n<p>To ensure the service starts on system boot, run the following commands as root.<\/p>\n<h6>Debian and Derivatives<\/h6>\n<p>Debian and derivatives, though it should start running on boot by default.<\/p>\n<pre># update-rc.d mdadm defaults\r\n<\/pre>\n<p>Edit the\u00a0<b>\/etc\/default\/mdadm<\/b>\u00a0file and add the following line.<\/p>\n<pre>AUTOSTART=true\r\n<\/pre>\n<h6>On CentOS and openSUSE (systemd-based)<\/h6>\n<pre># systemctl start mdmonitor\r\n# systemctl enable mdmonitor\r\n<\/pre>\n<h6>On CentOS and openSUSE (SysVinit-based)<\/h6>\n<pre># service mdmonitor start\r\n# chkconfig mdmonitor on\r\n<\/pre>\n<h6>5. Check RAID Disk Failure<\/h6>\n<p>In RAID levels that support redundancy, replace failed drives when needed. When a device in the disk array becomes faulty, a rebuild automatically starts only if there was a spare device added when we first created the array.<\/p>\n<div id=\"attachment_9423\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-RAID-Faulty-Disk.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9423\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-RAID-Faulty-Disk.png\" alt=\"Check RAID Faulty Disk\" width=\"558\" height=\"407\" aria-describedby=\"caption-attachment-9423\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9423\" class=\"wp-caption-text\">Check RAID Faulty Disk<\/p>\n<\/div>\n<p>Otherwise, we need to manually attach an extra physical drive to our system and run.<\/p>\n<pre># mdadm \/dev\/md0 --add \/dev\/sdX1\r\n<\/pre>\n<p>Where\u00a0<b>\/dev\/md0<\/b>\u00a0is the array that experienced the issue and\u00a0<b>\/dev\/sdX1<\/b>\u00a0is the new device.<\/p>\n<h6>6. Disassemble a working array<\/h6>\n<p>You may have to do this if you need to create a new array using the devices \u2013 (<b>Optional Step<\/b>).<\/p>\n<pre># mdadm --stop \/dev\/md0 \t\t\t\t#  Stop the array\r\n# mdadm --remove \/dev\/md0 \t\t\t# Remove the RAID device\r\n# mdadm --zero-superblock \/dev\/sdX1 \t# Overwrite the existing md superblock with zeroes\r\n<\/pre>\n<h6>7. Set up mail alerts<\/h6>\n<p>You can configure a valid email address or system account to send alerts to (make sure you have this line in\u00a0<b>mdadm.conf<\/b>). \u2013 (<b>Optional Step<\/b>)<\/p>\n<pre>MAILADDR root\r\n<\/pre>\n<p>In this case, all alerts that the RAID monitoring daemon collects will be sent to the local root account\u2019s mail box. One of such alerts looks like the following.<\/p>\n<p><strong>Note<\/strong>: This event is related to the example in\u00a0<b>STEP 5<\/b>, where a device was marked as faulty and the spare device was automatically built into the array by mdadm. Thus, we \u201c<b>ran out<\/b>\u201d of healthy spare devices and we got the alert.<\/p>\n<div id=\"attachment_9424\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/RAID-Monitoring-Alerts.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9424\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/RAID-Monitoring-Alerts.png\" alt=\"RAID Monitoring Alerts\" width=\"578\" height=\"366\" aria-describedby=\"caption-attachment-9424\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9424\" class=\"wp-caption-text\">RAID Monitoring Alerts<\/p>\n<\/div>\n<h4>Understanding RAID Levels<\/h4>\n<h5>RAID 0<\/h5>\n<p>The total array size is\u00a0<b>n<\/b>\u00a0times the size of the smallest partition, where\u00a0<b>n<\/b>\u00a0is the number of independent disks in the array (you will need at least two drives). Run the following command to assemble a\u00a0<b>RAID 0<\/b>\u00a0array using partitions\u00a0<b>\/dev\/sdb1<\/b>\u00a0and\u00a0<b>\/dev\/sdc1<\/b>.<\/p>\n<pre># mdadm --create --verbose \/dev\/md0 --level=stripe --raid-devices=2 \/dev\/sdb1 \/dev\/sdc1\r\n<\/pre>\n<p><b>Common uses<\/b>: Setups that support real-time applications where performance is more important than fault-tolerance.<\/p>\n<h5>RAID 1 (aka Mirroring)<\/h5>\n<p>The total array size equals the size of the smallest partition (you will need at least two drives). Run the following command to assemble a\u00a0<b>RAID 1<\/b>\u00a0array using partitions\u00a0<b>\/dev\/sdb1<\/b>\u00a0and\u00a0<b>\/dev\/sdc1<\/b>.<\/p>\n<pre># mdadm --create --verbose \/dev\/md0 --level=1 --raid-devices=2 \/dev\/sdb1 \/dev\/sdc1\r\n<\/pre>\n<p><b>Common uses<\/b>: Installation of the operating system or important subdirectories, such as\u00a0<b>\/home<\/b>.<\/p>\n<h5>RAID 5 (aka drives with Parity)<\/h5>\n<p>The total array size will be (<b>n \u2013 1<\/b>) times the size of the smallest partition. The \u201c<b>lost<\/b>\u201d space in (<b>n-1<\/b>) is used for parity (redundancy) calculation (you will need at least three drives).<\/p>\n<p>Note that you can specify a spare device (<b>\/dev\/sde1<\/b>\u00a0in this case) to replace a faulty part when an issue occurs. Run the following command to assemble a\u00a0<b>RAID 5<\/b>\u00a0array using partitions\u00a0<b>\/dev\/sdb1<\/b>,\u00a0<b>\/dev\/sdc1<\/b>,\u00a0<b>\/dev\/sdd1<\/b>, and\u00a0<b>\/dev\/sde1<\/b>\u00a0as spare.<\/p>\n<pre># mdadm --create --verbose \/dev\/md0 --level=5 --raid-devices=3 \/dev\/sdb1 \/dev\/sdc1 \/dev\/sdd1 --spare-devices=1 \/dev\/sde1\r\n<\/pre>\n<p><b>Common uses<\/b>: Web and file servers.<\/p>\n<h5>RAID 6 (aka drives with double Parity<\/h5>\n<p>The total array size will be (<b>n*s)-2*s<\/b>, where\u00a0<b>n<\/b>\u00a0is the number of independent disks in the array and\u00a0<b>s<\/b>\u00a0is the size of the smallest disk. Note that you can specify a spare device (<b>\/dev\/sdf1<\/b>\u00a0in this case) to replace a faulty part when an issue occurs.<\/p>\n<p>Run the following command to assemble a\u00a0<b>RAID 6<\/b>\u00a0array using partitions\u00a0<b>\/dev\/sdb1<\/b>,\u00a0<b>\/dev\/sdc1<\/b>,\u00a0<b>\/dev\/sdd1<\/b>,\u00a0<b>\/dev\/sde1<\/b>, and\u00a0<b>\/dev\/sdf1<\/b>\u00a0as spare.<\/p>\n<pre># mdadm --create --verbose \/dev\/md0 --level=6 --raid-devices=4 \/dev\/sdb1 \/dev\/sdc1 \/dev\/sdd1 \/dev\/sde --spare-devices=1 \/dev\/sdf1\r\n<\/pre>\n<p><b>Common uses<\/b>: File and backup servers with large capacity and high availability requirements.<\/p>\n<h5>RAID 1+0 (aka stripe of mirrors)<\/h5>\n<p>The total array size is computed based on the formulas for\u00a0<b>RAID 0<\/b>\u00a0and\u00a0<b>RAID 1<\/b>, since\u00a0<b>RAID 1+0<\/b>\u00a0is a combination of both. First, calculate the size of each mirror and then the size of the stripe.<\/p>\n<p>Note that you can specify a spare device (<b>\/dev\/sdf1<\/b>\u00a0in this case) to replace a faulty part when an issue occurs. Run the following command to assemble a\u00a0<b>RAID 1+0<\/b>\u00a0array using partitions\u00a0<b>\/dev\/sdb1<\/b>,\u00a0<b>\/dev\/sdc1<\/b>,\u00a0<b>\/dev\/sdd1<\/b>,\u00a0<b>\/dev\/sde1<\/b>, and\u00a0<b>\/dev\/sdf1<\/b>\u00a0as spare.<\/p>\n<pre># mdadm --create --verbose \/dev\/md0 --level=10 --raid-devices=4 \/dev\/sd[b-e]1 --spare-devices=1 \/dev\/sdf1<\/pre>\n<p><b>Common uses<\/b>: Database and application servers that require fast I\/O operations.<\/p>\n<h4>Creating and Managing System Backups<\/h4>\n<p>It never hurts to remember that RAID with all its bounties\u00a0<b>IS NOT A REPLACEMENT FOR BACKUPS!<\/b>\u00a0Write it 1000 times on the chalkboard if you need to, but make sure you keep that idea in mind at all times. Before we begin, we must note that there is no\u00a0<b>one-size-fits-all<\/b>\u00a0solution for system backups, but here are some things that you do need to take into account while planning a backup strategy.<\/p>\n<ol>\n<li>What do you use your system for? (Desktop or server? If the latter case applies, what are the most critical services \u2013 whose configuration would be a real pain to lose?)<\/li>\n<li>How often do you need to take backups of your system?<\/li>\n<li>What is the data (e.g. files \/ directories \/ database dumps) that you want to backup? You may also want to consider if you really need to backup huge files (such as audio or video files).<\/li>\n<li>Where (meaning physical place and media) will those backups be stored?<\/li>\n<\/ol>\n<h5>Backing Up Your Data<\/h5>\n<p><b>Method 1<\/b>: Backup entire drives with\u00a0<b>dd<\/b>\u00a0command. You can either back up an entire hard disk or a partition by creating an exact image at any point in time. Note that this works best when the device is offline, meaning it\u2019s not mounted and there are no processes accessing it for I\/O operations.<\/p>\n<p>The downside of this backup approach is that the image will have the same size as the disk or partition, even when the actual data occupies a small percentage of it. For example, if you want to image a partition of\u00a0<b>20<\/b>\u00a0GB that is only\u00a0<b>10%<\/b>\u00a0full, the image file will still be\u00a0<b>20 GB<\/b>\u00a0in size. In other words, it\u2019s not only the actual data that gets backed up, but the entire partition itself. You may consider using this method if you need exact backups of your devices.<\/p>\n<h6>Creating an image file out of an existing device<\/h6>\n<pre># dd if=\/dev\/sda of=\/system_images\/sda.img\r\nOR\r\n--------------------- Alternatively, you can compress the image file --------------------- \r\n# dd if=\/dev\/sda | gzip -c &gt; \/system_images\/sda.img.gz \r\n<\/pre>\n<h6>Restoring the backup from the image file<\/h6>\n<pre># dd if=\/system_images\/sda.img of=\/dev\/sda\r\nOR \r\n\r\n--------------------- Depending on your choice while creating the image  --------------------- \r\ngzip -dc \/system_images\/sda.img.gz | dd of=\/dev\/sda \r\n<\/pre>\n<p><b>Method 2<\/b>: Backup certain files\u00a0<b>\/<\/b>\u00a0directories with\u00a0<b>tar<\/b>\u00a0command \u2013 already covered in\u00a0<a href=\"https:\/\/www.tecmint.com\/compress-files-and-finding-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">Part 3<\/a>\u00a0of this series. You may consider using this method if you need to keep copies of specific files and directories (configuration files, users\u2019 home directories, and so on).<\/p>\n<p><b>Method 3<\/b>: Synchronize files with\u00a0<b>rsync<\/b>\u00a0command. Rsync is a versatile remote (and local) file-copying tool. If you need to backup and synchronize your files to\/from network drives, rsync is a go.<\/p>\n<p>Whether you\u2019re synchronizing two local directories or local &lt; \u2014 &gt; remote directories mounted on the local filesystem, the basic syntax is the same.<\/p>\n<h6>Synchronizing two local directories or local &lt; \u2014 &gt; remote directories mounted on the local filesystem<\/h6>\n<pre># rsync -av source_directory destination directory\r\n<\/pre>\n<p>Where,\u00a0<b>-a<\/b>\u00a0recurse into subdirectories (if they exist), preserve symbolic links, timestamps, permissions, and original owner \/ group and\u00a0<b>-v<\/b>\u00a0verbose.<\/p>\n<div id=\"attachment_9425\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/rsync-synchronizing-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9425\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/rsync-synchronizing-Files.png\" alt=\"rsync Synchronizing Files\" width=\"497\" height=\"212\" aria-describedby=\"caption-attachment-9425\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9425\" class=\"wp-caption-text\">rsync Synchronizing Files<\/p>\n<\/div>\n<p>In addition, if you want to increase the security of the data transfer over the wire, you can use\u00a0<b>ssh<\/b>\u00a0over\u00a0<b>rsync<\/b>.<\/p>\n<h6>Synchronizing local \u2192 remote directories over ssh<\/h6>\n<pre># rsync -avzhe ssh backups root@remote_host:\/remote_directory\/\r\n<\/pre>\n<p>This example will synchronize the backups directory on the local host with the contents of\u00a0<b>\/root\/remote_directory<\/b>\u00a0on the remote host.<\/p>\n<p>Where the\u00a0<b>-h<\/b>\u00a0option shows file sizes in human-readable format, and the\u00a0<b>-e<\/b>\u00a0flag is used to indicate a ssh connection.<\/p>\n<div id=\"attachment_9426\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/rsync-synchronize-Remote-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9426\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/rsync-synchronize-Remote-Files-620x184.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/rsync-synchronize-Remote-Files-620x184.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/rsync-synchronize-Remote-Files-1024x304.png 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/rsync-synchronize-Remote-Files.png 1180w\" alt=\"rsync Synchronize Remote Files\" width=\"620\" height=\"184\" aria-describedby=\"caption-attachment-9426\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9426\" class=\"wp-caption-text\">rsync Synchronize Remote Files<\/p>\n<\/div>\n<p>Synchronizing remote \u2192 local directories over ssh.<\/p>\n<p>In this case, switch the source and destination directories from the previous example.<\/p>\n<pre># rsync -avzhe ssh root@remote_host:\/remote_directory\/ backups \r\n<\/pre>\n<p>Please note that these are only 3 examples (most frequent cases you\u2019re likely to run into) of the use of rsync. For more examples and usages of rsync commands can be found at the following article.<\/p>\n<p><b>Read Also<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rsync-local-remote-file-synchronization-commands\/\" target=\"_blank\" rel=\"noopener\">10 rsync Commands to Sync Files in Linux<\/a><\/p>\n<h3>Summary<\/h3>\n<p>As a sysadmin, you need to ensure that your systems perform as good as possible. If you\u2019re well prepared, and if the integrity of your data is well supported by a storage technology such as RAID and regular system backups, you\u2019ll be safe.<\/p>\n<p>If you have questions, comments, or further ideas on how this article can be improved, feel free to speak out below. In addition, please consider sharing this series through your social network profiles.<\/p>\n<h1 class=\"post-title\">LFCS: Managing System Startup Process and Services (SysVinit, Systemd and Upstart) \u2013 Part 7<\/h1>\n<p>A couple of months ago, the Linux Foundation announced the\u00a0<strong>LFCS<\/strong>\u00a0(<strong>Linux Foundation Certified Sysadmin<\/strong>) certification, an exciting new program whose aim is allowing individuals from all ends of the world to get certified in performing basic to intermediate system administration tasks on Linux systems. This includes supporting already running systems and services, along with first-hand problem-finding and analysis, plus the ability to decide when to raise issues to engineering teams.<\/p>\n<div id=\"attachment_9496\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9496\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-7.png\" alt=\"Linux Foundation Certified Sysadmin \u2013 Part 7\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9496\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9496\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 7<\/p>\n<\/div>\n<p>The following video describes an brief introduction to The Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This post is Part 7 of a 10-tutorial series, here in this part, we will explain how to Manage Linux System Startup Process and Services, that are required for the LFCS certification exam.<\/p>\n<h3>Managing the Linux Startup Process<\/h3>\n<p>The boot process of a Linux system consists of several phases, each represented by a different component. The following diagram briefly summarizes the boot process and shows all the main components involved.<\/p>\n<div id=\"attachment_9482\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Linux-Boot-Process.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9482\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Linux-Boot-Process.png\" alt=\"Linux Boot Process\" width=\"246\" height=\"356\" aria-describedby=\"caption-attachment-9482\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9482\" class=\"wp-caption-text\">Linux Boot Process<\/p>\n<\/div>\n<p>When you press the\u00a0<b>Power<\/b>\u00a0button on your machine, the firmware that is stored in a\u00a0<b>EEPROM<\/b>\u00a0chip in the motherboard initializes the\u00a0<b>POST<\/b>\u00a0(<b>Power-On Self Test<\/b>) to check on the state of the system\u2019s hardware resources. When the\u00a0<b>POST<\/b>\u00a0is finished, the firmware then searches and loads the\u00a0<b>1st stage<\/b>\u00a0boot loader, located in the\u00a0<b>MBR<\/b>\u00a0or in the\u00a0<b>EFI<\/b>\u00a0partition of the first available disk, and gives control to it.<\/p>\n<h4>MBR Method<\/h4>\n<p>The\u00a0<b>MBR<\/b>\u00a0is located in the first sector of the disk marked as bootable in the\u00a0<b>BIOS<\/b>\u00a0settings and is\u00a0<b>512<\/b>\u00a0bytes in size.<\/p>\n<ol>\n<li><b>First 446 bytes<\/b>: The bootloader contains both executable code and error message text.<\/li>\n<li><b>Next 64 bytes<\/b>: The Partition table contains a record for each of four partitions (primary or extended). Among other things, each record indicates the status (active \/ not active), size, and start \/ end sectors of each partition.<\/li>\n<li><b>Last 2 bytes<\/b>: The magic number serves as a validation check of the MBR.<\/li>\n<\/ol>\n<p>The following command performs a backup of the\u00a0<b>MBR<\/b>\u00a0(in this example,\u00a0<b>\/dev\/sda<\/b>\u00a0is the first hard disk). The resulting file,\u00a0<b>mbr.bkp<\/b>\u00a0can come in handy should the partition table become corrupt, for example, rendering the system unbootable.<\/p>\n<p>Of course, in order to use it later if the need arises, we will need to save it and store it somewhere else (like a\u00a0<b>USB<\/b>\u00a0drive, for example). That file will help us restore the MBR and will get us going once again if and only if we do not change the hard drive layout in the meanwhile.<\/p>\n<h5>Backup MBR<\/h5>\n<pre># dd if=\/dev\/sda of=mbr.bkp bs=512 count=1\r\n<\/pre>\n<div id=\"attachment_9483\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Backup-MBR-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9483\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Backup-MBR-in-Linux.png\" alt=\"Backup MBR in Linux\" width=\"448\" height=\"92\" aria-describedby=\"caption-attachment-9483\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9483\" class=\"wp-caption-text\">Backup MBR in Linux<\/p>\n<\/div>\n<h5>Restoring MBR<\/h5>\n<pre># dd if=mbr.bkp of=\/dev\/sda bs=512 count=1\r\n<\/pre>\n<div id=\"attachment_9484\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Restore-MBR-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9484\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Restore-MBR-in-Linux.png\" alt=\"Restore MBR in Linux\" width=\"442\" height=\"93\" aria-describedby=\"caption-attachment-9484\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9484\" class=\"wp-caption-text\">Restore MBR in Linux<\/p>\n<\/div>\n<h4>EFI\/UEFI Method<\/h4>\n<p>For systems using the\u00a0<b>EFI<\/b>\/<b>UEFI<\/b>\u00a0method, the UEFI firmware reads its settings to determine which UEFI application is to be launched and from where (i.e., in which disk and partition the EFI partition is located).<\/p>\n<p>Next, the\u00a0<b>2nd stage<\/b>\u00a0boot loader (aka boot manager) is loaded and run.\u00a0<b>GRUB<\/b>\u00a0[<b>GRand Unified Boot<\/b>] is the most frequently used boot manager in Linux. One of two distinct versions can be found on most systems used today.<\/p>\n<ol>\n<li><b>GRUB legacy configuration file<\/b>: \/boot\/grub\/menu.lst (older distributions, not supported by EFI\/UEFI firmwares).<\/li>\n<li><b>GRUB2 configuration file<\/b>: most likely, \/etc\/default\/grub.<\/li>\n<\/ol>\n<p>Although the objectives of the\u00a0<b>LFCS<\/b>\u00a0exam do not explicitly request knowledge about\u00a0<b>GRUB<\/b>\u00a0internals, if you\u2019re brave and can afford to mess up your system (you may want to try it first on a virtual machine, just in case), you need to run.<\/p>\n<pre># update-grub\r\n<\/pre>\n<p>As\u00a0<b>root<\/b>\u00a0after modifying GRUB\u2019s configuration in order to apply the changes.<\/p>\n<p>Basically,\u00a0<b>GRUB<\/b>\u00a0loads the default\u00a0<b>kernel<\/b>\u00a0and the\u00a0<b>initrd<\/b>\u00a0or\u00a0<b>initramfs<\/b>\u00a0image. In few words, initrd or initramfs help to perform the hardware detection, the kernel module loading and the device discovery necessary to get the real root filesystem mounted.<\/p>\n<p>Once the real root filesystem is up, the kernel executes the system and service manager (<b>init<\/b>\u00a0or\u00a0<b>systemd<\/b>, whose process identification or PID is always 1) to begin the normal user-space boot process in order to present a user interface.<\/p>\n<p>Both\u00a0<b>init<\/b>\u00a0and\u00a0<b>systemd<\/b>\u00a0are daemons (background processes) that manage other daemons, as the first service to start (during boot) and the last service to terminate (during shutdown).<\/p>\n<div id=\"attachment_9485\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/systemd-and-init.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9485\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/systemd-and-init-620x82.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/systemd-and-init-620x82.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/systemd-and-init.png 646w\" alt=\"Systemd and Init\" width=\"620\" height=\"82\" aria-describedby=\"caption-attachment-9485\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9485\" class=\"wp-caption-text\">Systemd and Init<\/p>\n<\/div>\n<h3>Starting Services (SysVinit)<\/h3>\n<p>The concept of\u00a0<b>runlevels<\/b>\u00a0in Linux specifies different ways to use a system by controlling which services are running. In other words, a runlevel controls what tasks can be accomplished in the current execution state = runlevel (and which ones cannot).<\/p>\n<p>Traditionally, this startup process was performed based on conventions that originated with\u00a0<b>System V UNIX<\/b>, with the system passing executing collections of scripts that start and stop services as the machine entered a specific runlevel (which, in other words, is a different mode of running the system).<\/p>\n<p>Within each runlevel, individual services can be set to run, or to be shut down if running. Latest versions of some major distributions are moving away from the\u00a0<b>System V<\/b>\u00a0standard in favour of a rather new service and system manager called\u00a0<b>systemd<\/b>\u00a0(which stands for system daemon), but usually support\u00a0<b>sysv<\/b>\u00a0commands for compatibility purposes. This means that you can run most of the well-known\u00a0<b>sysv<\/b>\u00a0init tools in a systemd-based distribution.<\/p>\n<p><b>Read Also<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/systemd-replaces-init-in-linux\/\" target=\"_blank\" rel=\"noopener\">Why \u2018systemd\u2019 replaces \u2018init\u2019 in Linux<\/a><\/p>\n<p>Besides starting the system process,\u00a0<b>init<\/b>\u00a0looks to the\u00a0<b>\/etc\/inittab<\/b>\u00a0file to decide what runlevel must be entered.<\/p>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"CENTER\" height=\"18\"><b>Runlevel<\/b><\/td>\n<td align=\"LEFT\"><b>Description<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\">0<\/td>\n<td align=\"LEFT\">\u00a0Halt the system. Runlevel 0 is a special transitional state used to shutdown the system quickly.<\/td>\n<\/tr>\n<tr>\n<td align=\"CENTER\" height=\"20\">1<\/td>\n<td align=\"LEFT\">\u00a0Also aliased to s, or S, this runlevel is sometimes called maintenance mode. What services, if any, are started at this runlevel varies by distribution. It\u2019s typically used for low-level system maintenance that may be impaired by normal system operation.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\">2<\/td>\n<td align=\"LEFT\">\u00a0Multiuser. On Debian systems and derivatives, this is the default runlevel, and includes -if available- a graphical login. On Red-Hat based systems, this is multiuser mode without networking.<\/td>\n<\/tr>\n<tr>\n<td align=\"CENTER\" height=\"18\">3<\/td>\n<td align=\"LEFT\">\u00a0On Red-Hat based systems, this is the default multiuser mode, which runs everything except the graphical environment. This runlevel and levels 4 and 5 usually are not used on Debian-based systems.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\">4<\/td>\n<td align=\"LEFT\">\u00a0Typically unused by default and therefore available for customization.<\/td>\n<\/tr>\n<tr>\n<td align=\"CENTER\" height=\"18\">5<\/td>\n<td align=\"LEFT\">\u00a0On Red-Hat based systems, full multiuser mode with GUI login. This runlevel is like level 3, but with a GUI login available.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\">6<\/td>\n<td align=\"LEFT\">\u00a0Reboot the system.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>To switch between runlevels, we can simply issue a runlevel change using the\u00a0<b>init<\/b>\u00a0command: init\u00a0<b>N<\/b>\u00a0(where N is one of the runlevels listed above). Please note that this is not the recommended way of taking a running system to a different runlevel because it gives no warning to existing logged-in users (thus causing them to lose work and processes to terminate abnormally).<\/p>\n<p>Instead, the\u00a0<b>shutdown<\/b>\u00a0command should be used to restart the system (which first sends a warning message to all logged-in users and blocks any further logins; it then signals init to switch runlevels); however, the default runlevel (the one the system will boot to) must be edited in the\u00a0<b>\/etc\/inittab<\/b>\u00a0file first.<\/p>\n<p>For that reason, follow these steps to properly switch between runlevels, As root, look for the following line in\u00a0<b>\/etc\/inittab<\/b>.<\/p>\n<pre>id:2:initdefault:\r\n<\/pre>\n<p>and change the number\u00a0<b>2<\/b>\u00a0for the desired runlevel with your preferred text editor, such as vim (described in\u00a0<a href=\"https:\/\/www.tecmint.com\/vi-editor-usage\/\" target=\"_blank\" rel=\"noopener\">How to use vi\/vim editor in Linux \u2013 Part 2<\/a>\u00a0of this series).<\/p>\n<p>Next, run as root.<\/p>\n<pre># shutdown -r now\r\n<\/pre>\n<p>That\u00a0<b>last<\/b>\u00a0command will restart the system, causing it to start in the specified runlevel during next boot, and will run the scripts located in the\u00a0<b>\/etc\/rc[runlevel].d<\/b>\u00a0directory in order to decide which services should be started and which ones should not. For example, for runlevel 2 in the following system.<\/p>\n<div id=\"attachment_9486\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Change-Runlevels-in-Linux.jpeg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9486\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Change-Runlevels-in-Linux-595x450.jpeg\" sizes=\"auto, (max-width: 595px) 100vw, 595px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Change-Runlevels-in-Linux-595x450.jpeg 595w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Change-Runlevels-in-Linux.jpeg 817w\" alt=\"Change Runlevels in Linux\" width=\"595\" height=\"450\" aria-describedby=\"caption-attachment-9486\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9486\" class=\"wp-caption-text\">Change Runlevels in Linux<\/p>\n<\/div>\n<h4>Manage Services using chkconfig<\/h4>\n<p>To enable or disable system services on boot, we will use\u00a0<a href=\"https:\/\/www.tecmint.com\/chkconfig-command-examples\/\" target=\"_blank\" rel=\"noopener\">chkconfig command<\/a>\u00a0in CentOS \/ openSUSE and\u00a0<b>sysv-rc-conf<\/b>\u00a0in Debian and derivatives. This tool can also show us what is the preconfigured state of a service for a particular runlevel.<\/p>\n<p><b>Read Also<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/remove-unwanted-services-from-linux\/\" target=\"_blank\" rel=\"noopener\">How to Stop and Disable Unwanted Services in Linux<\/a><\/p>\n<p>Listing the runlevel configuration for a service.<\/p>\n<pre># chkconfig --list [service name]\r\n# chkconfig --list postfix\r\n# chkconfig --list mysqld\r\n<\/pre>\n<div id=\"attachment_9487\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Listing-Runlevel-Configuration.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9487\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Listing-Runlevel-Configuration.png\" alt=\"Listing Runlevel Configuration\" width=\"565\" height=\"98\" aria-describedby=\"caption-attachment-9487\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9487\" class=\"wp-caption-text\">Listing Runlevel Configuration<\/p>\n<\/div>\n<p>In the above image we can see that\u00a0<b>postfix<\/b>\u00a0is set to start when the system enters runlevels\u00a0<b>2<\/b>\u00a0through\u00a0<b>5<\/b>, whereas\u00a0<b>mysqld<\/b>\u00a0will be running by default for runlevels\u00a0<b>2<\/b>\u00a0through\u00a0<b>4<\/b>. Now suppose that this is not the expected behaviour.<\/p>\n<p>For example, we need to turn on\u00a0<b>mysqld<\/b>\u00a0for runlevel\u00a0<b>5<\/b>\u00a0as well, and turn off postfix for runlevels 4 and 5. Here\u2019s what we would do in each case (run the following commands as root).<\/p>\n<h6>Enabling a service for a particular runlevel<\/h6>\n<pre># chkconfig --level [level(s)] service on\r\n# chkconfig --level 5 mysqld on\r\n<\/pre>\n<h6>Disabling a service for particular runlevels<\/h6>\n<pre># chkconfig --level [level(s)] service off\r\n# chkconfig --level 45 postfix off\r\n<\/pre>\n<div id=\"attachment_9488\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Disable-Services.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9488\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Disable-Services.png\" alt=\"Enable Disable Services in Linux\" width=\"565\" height=\"127\" aria-describedby=\"caption-attachment-9488\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9488\" class=\"wp-caption-text\">Enable Disable Services<\/p>\n<\/div>\n<p>We will now perform similar tasks in a\u00a0<b>Debian-based<\/b>\u00a0system using\u00a0<b>sysv-rc-conf<\/b>.<\/p>\n<h4>Manage Services using sysv-rc-conf<\/h4>\n<p>Configuring a service to start automatically on a specific runlevel and prevent it from starting on all others.<\/p>\n<p><strong>1.<\/strong>\u00a0Let\u2019s use the following command to see what are the runlevels where\u00a0<b>mdadm<\/b>\u00a0is configured to start.<\/p>\n<pre># ls -l \/etc\/rc[0-6].d | grep -E 'rc[0-6]|mdadm'\r\n<\/pre>\n<div id=\"attachment_9489\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Runlevel.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9489\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Runlevel-620x251.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Runlevel-620x251.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Runlevel.png 850w\" alt=\"Check Runlevel of Service Running\" width=\"620\" height=\"251\" aria-describedby=\"caption-attachment-9489\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9489\" class=\"wp-caption-text\">Check Runlevel of Service Running<\/p>\n<\/div>\n<p><strong>2.<\/strong>\u00a0We will use\u00a0<b>sysv-rc-conf<\/b>\u00a0to prevent mdadm from starting on all runlevels except\u00a0<b>2<\/b>. Just check or uncheck (with the space bar) as desired (you can move up, down, left, and right with the arrow keys).<\/p>\n<pre># sysv-rc-conf\r\n<\/pre>\n<div id=\"attachment_9490\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/SysV-Runlevel-Config.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9490\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/SysV-Runlevel-Config-620x191.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/SysV-Runlevel-Config-620x191.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/SysV-Runlevel-Config.png 656w\" alt=\"SysV Runlevel Config\" width=\"620\" height=\"191\" aria-describedby=\"caption-attachment-9490\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9490\" class=\"wp-caption-text\">SysV Runlevel Config<\/p>\n<\/div>\n<p>Then press\u00a0<b>q<\/b>\u00a0to quit.<\/p>\n<p><strong>3.<\/strong>\u00a0We will restart the system and run again the command from\u00a0<b>STEP 1<\/b>.<\/p>\n<pre># ls -l \/etc\/rc[0-6].d | grep -E 'rc[0-6]|mdadm'\r\n<\/pre>\n<div id=\"attachment_9491\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Verify-Service-Runlevel.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9491\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Verify-Service-Runlevel-620x310.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Verify-Service-Runlevel-620x310.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Verify-Service-Runlevel.png 694w\" alt=\"Verify Service Runlevel\" width=\"620\" height=\"310\" aria-describedby=\"caption-attachment-9491\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9491\" class=\"wp-caption-text\">Verify Service Runlevel<\/p>\n<\/div>\n<p>In the above image we can see that\u00a0<b>mdadm<\/b>\u00a0is configured to start only on runlevel\u00a0<b>2<\/b>.<\/p>\n<h3>What About systemd?<\/h3>\n<p><b>systemd<\/b>\u00a0is another service and system manager that is being adopted by several major Linux distributions. It aims to allow more processing to be done in parallel during system startup (unlike\u00a0<b>sysvinit<\/b>, which always tends to be slower because it starts processes one at a time, checks whether one depends on another, and waits for daemons to launch so more services can start), and to serve as a dynamic resource management to a running system.<\/p>\n<p>Thus, services are started when needed (to avoid consuming system resources) instead of being launched without a solid reason during boot.<\/p>\n<p>Viewing the status of all the processes running on your system, both\u00a0<b>systemd<\/b>\u00a0native and\u00a0<b>SysV<\/b>\u00a0services, run the following command.<\/p>\n<pre># systemctl\r\n<\/pre>\n<div id=\"attachment_9492\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-All-Running-Processes.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9492\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-All-Running-Processes-620x210.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-All-Running-Processes-620x210.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-All-Running-Processes-1024x347.png 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-All-Running-Processes.png 1287w\" alt=\"Check All Running Processes in Linux\" width=\"620\" height=\"210\" aria-describedby=\"caption-attachment-9492\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9492\" class=\"wp-caption-text\">Check All Running Processes<\/p>\n<\/div>\n<p>The\u00a0<b>LOAD<\/b>\u00a0column shows whether the unit definition (refer to the\u00a0<b>UNIT<\/b>\u00a0column, which shows the service or anything maintained by systemd) was properly loaded, while the\u00a0<b>ACTIVE<\/b>\u00a0and\u00a0<b>SUB<\/b>\u00a0columns show the current status of such unit.<\/p>\n<h6>Displaying information about the current status of a service<\/h6>\n<p>When the\u00a0<b>ACTIVE<\/b>\u00a0column indicates that an unit\u2019s status is other than active, we can check what happened using.<\/p>\n<pre># systemctl status [unit]\r\n<\/pre>\n<p>For example, in the image above,\u00a0<b>media-samba.mount<\/b>\u00a0is in failed state. Let\u2019s run.<\/p>\n<pre># systemctl status media-samba.mount\r\n<\/pre>\n<div id=\"attachment_9493\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Status.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9493\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Status-620x184.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Status-620x184.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Service-Status.png 790w\" alt=\"Check Linux Service Status\" width=\"620\" height=\"184\" aria-describedby=\"caption-attachment-9493\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9493\" class=\"wp-caption-text\">Check Service Status<\/p>\n<\/div>\n<p>We can see that\u00a0<b>media-samba.mount<\/b>\u00a0failed because the mount process on host\u00a0<b>dev1<\/b>\u00a0was unable to find the network share at\u00a0<b>\/\/192.168.0.10\/gacanepa<\/b>.<\/p>\n<h3>Starting or Stopping Services<\/h3>\n<p>Once the network share\u00a0<b>\/\/192.168.0.10\/gacanepa<\/b>\u00a0becomes available, let\u2019s try to start, then stop, and finally restart the unit\u00a0<b>media-samba.mount<\/b>. After performing each action, let\u2019s run systemctl status media-samba.mount to check on its status.<\/p>\n<pre># systemctl start media-samba.mount\r\n# systemctl status media-samba.mount\r\n# systemctl stop media-samba.mount\r\n# systemctl restart media-samba.mount\r\n# systemctl status media-samba.mount\r\n<\/pre>\n<div id=\"attachment_9494\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Starting-Stoping-Service.jpeg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9494\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Starting-Stoping-Service-620x444.jpeg\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Starting-Stoping-Service-620x444.jpeg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Starting-Stoping-Service.jpeg 912w\" alt=\"Starting Stoping Services\" width=\"620\" height=\"444\" aria-describedby=\"caption-attachment-9494\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9494\" class=\"wp-caption-text\">Starting Stoping Services<\/p>\n<\/div>\n<h6>Enabling or disabling a service to start during boot<\/h6>\n<p>Under\u00a0<b>systemd<\/b>\u00a0you can enable or disable a service when it boots.<\/p>\n<pre># systemctl enable [service] \t\t# enable a service \r\n# systemctl disable [service] \t\t# prevent a service from starting at boot\r\n<\/pre>\n<p>The process of enabling or disabling a service to start automatically on boot consists in adding or removing symbolic links in the\u00a0<b>\/etc\/systemd\/system\/multi-user.target.wants<\/b>\u00a0directory.<\/p>\n<div id=\"attachment_9495\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enabling-Disabling-Services.jpeg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9495\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enabling-Disabling-Services-620x262.jpeg\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enabling-Disabling-Services-620x262.jpeg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enabling-Disabling-Services.jpeg 737w\" alt=\"Enabling Disabling Services\" width=\"620\" height=\"262\" aria-describedby=\"caption-attachment-9495\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9495\" class=\"wp-caption-text\">Enabling Disabling Services<\/p>\n<\/div>\n<p>Alternatively, you can find out a service\u2019s current status (enabled or disabled) with the command.<\/p>\n<pre># systemctl is-enabled [service]\r\n<\/pre>\n<p>For example,<\/p>\n<pre># systemctl is-enabled postfix.service\r\n<\/pre>\n<p>In addition, you can reboot or shutdown the system with.<\/p>\n<pre># systemctl reboot\r\n# systemctl shutdown\r\n<\/pre>\n<h3>Upstart<\/h3>\n<p><b>Upstart<\/b>\u00a0is an event-based replacement for the\u00a0<b>\/sbin\/init<\/b>\u00a0daemon and was born out of the need for starting services only, when they are needed (also supervising them while they are running), and handling events as they occur, thus surpassing the classic, dependency-based sysvinit system.<\/p>\n<p>It was originally developed for the Ubuntu distribution, but is used in Red Hat Enterprise Linux 6.0. Though it was intended to be suitable for deployment in all Linux distributions as a replacement for\u00a0<b>sysvinit<\/b>, in time it was overshadowed by\u00a0<b>systemd<\/b>. On February 14, 2014, Mark Shuttleworth (founder of Canonical Ltd.) announced that future releases of Ubuntu would use systemd as the default init daemon.<\/p>\n<p>Because the\u00a0<b>SysV<\/b>\u00a0startup script for system has been so common for so long, a large number of software packages include SysV startup scripts. To accommodate such packages, Upstart provides a compatibility mode: It runs SysV startup scripts in the usual locations (<b>\/etc\/rc.d\/rc?.d<\/b>,\u00a0<b>\/etc\/init.d\/rc?.d<\/b>,\u00a0<b>\/etc\/rc?.d<\/b>, or a similar location). Thus, if we install a package that doesn\u2019t yet include an Upstart configuration script, it should still launch in the usual way.<\/p>\n<p>Furthermore, if we have installed utilities such as\u00a0<a href=\"https:\/\/www.tecmint.com\/chkconfig-command-examples\/\" target=\"_blank\" rel=\"noopener\">chkconfig<\/a>, you should be able to use them to manage your SysV-based services just as we would on sysvinit based systems.<\/p>\n<p>Upstart scripts also support starting or stopping services based on a wider variety of actions than do SysV startup scripts; for example, Upstart can launch a service whenever a particular hardware device is attached.<\/p>\n<p>A system that uses Upstart and its native scripts exclusively replaces the\u00a0<b>\/etc\/inittab<\/b>\u00a0file and the runlevel-specific\u00a0<b>SysV<\/b>\u00a0startup script directories with\u00a0<b>.conf<\/b>\u00a0scripts in the\u00a0<b>\/etc\/init<\/b>\u00a0directory.<\/p>\n<p>These\u00a0<b>*.conf<\/b>\u00a0scripts (also known as job definitions) generally consists of the following:<\/p>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li>Description of the process.<\/li>\n<li>Runlevels where the process should run or events that should trigger it.<\/li>\n<li>Runlevels where process should be stopped or events that should stop it.<\/li>\n<li>Options.<\/li>\n<li>Command to launch the process.<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p>For example,<\/p>\n<pre># My test service - Upstart script demo description \"Here goes the description of 'My test service'\" author \"Dave Null &lt;dave.null@example.com&gt;\"\r\n# Stanzas\r\n\r\n#\r\n# Stanzas define when and how a process is started and stopped\r\n# See a list of stanzas here: http:\/\/upstart.ubuntu.com\/wiki\/Stanzas#respawn\r\n# When to start the service\r\nstart on runlevel [2345]\r\n# When to stop the service\r\nstop on runlevel [016]\r\n# Automatically restart process in case of crash\r\nrespawn\r\n# Specify working directory\r\nchdir \/home\/dave\/myfiles\r\n# Specify the process\/command (add arguments if needed) to run\r\nexec bash backup.sh arg1 arg2\r\n<\/pre>\n<p>To apply changes, you will need to tell upstart to reload its configuration.<\/p>\n<pre># initctl reload-configuration\r\n<\/pre>\n<p>Then start your job by typing the following command.<\/p>\n<pre>$ sudo start yourjobname\r\n<\/pre>\n<p>Where\u00a0<b>yourjobname<\/b>\u00a0is the name of the job that was added earlier with the\u00a0<b>yourjobname.conf<\/b>\u00a0script.<\/p>\n<p>A more complete and detailed reference guide for Upstart is available in the project\u2019s web site under the menu \u201c<a href=\"http:\/\/upstart.ubuntu.com\/cookbook\/\" target=\"_blank\" rel=\"nofollow noopener\">Cookbook<\/a>\u201d.<\/p>\n<h3>Summary<\/h3>\n<p>A knowledge of the Linux boot process is necessary to help you with troubleshooting tasks as well as with adapting the computer\u2019s performance and running services to your needs.<\/p>\n<p>In this article we have analyzed what happens from the moment when you press the\u00a0<b>Power<\/b>\u00a0switch to turn on the machine until you get a fully operational user interface. I hope you have learned reading it as much as I did while putting it together. Feel free to leave your comments or questions below. We always look forward to hearing from our readers!<\/p>\n<h1 class=\"post-title\">Managing Users &amp; Groups, File Permissions &amp; Attributes and Enabling sudo Access on Accounts \u2013 Part 8<\/h1>\n<p>Last August, the Linux Foundation started the\u00a0<strong>LFCS<\/strong>\u00a0certification (<strong>Linux Foundation Certified Sysadmin<\/strong>), a brand new program whose purpose is to allow individuals everywhere and anywhere take an exam in order to get certified in basic to intermediate operational support for Linux systems, which includes supporting running systems and services, along with overall monitoring and analysis, plus intelligent decision-making to be able to decide when it\u2019s necessary to escalate issues to higher level support teams.<\/p>\n<div id=\"attachment_9532\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9532\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lfcs-Part-8.png\" alt=\"Linux Users and Groups Management\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9532\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9532\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 8<\/p>\n<\/div>\n<p>Please have a quick look at the following video that describes an introduction to the Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This article is Part 8 of a 10-tutorial long series, here in this section, we will guide you on how to manage users and groups permissions in Linux system, that are required for the LFCS certification exam.<\/p>\n<p>Since Linux is a multi-user operating system (in that it allows multiple users on different computers or terminals to access a single system), you will need to know how to perform effective user management: how to add, edit, suspend, or delete user accounts, along with granting them the necessary permissions to do their assigned tasks.<\/p>\n<h3>Adding User Accounts<\/h3>\n<p>To add a new user account, you can run either of the following two commands as root.<\/p>\n<pre># adduser [new_account]\r\n# useradd [new_account]\r\n<\/pre>\n<p>When a new user account is added to the system, the following operations are performed.<\/p>\n<p><strong>1.<\/strong>\u00a0His\/her home directory is created (<b>\/home\/username<\/b>\u00a0by default).<\/p>\n<p><strong>2.<\/strong>\u00a0The following hidden files are copied into the user\u2019s home directory, and will be used to provide environment variables for his\/her user session.<\/p>\n<pre>.bash_logout\r\n.bash_profile\r\n.bashrc\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a0A mail spool is created for the user at \/var\/spool\/mail\/<b>username<\/b>.<\/p>\n<p><strong>4.<\/strong>\u00a0A group is created and given the same name as the new user account.<\/p>\n<h5>Understanding \/etc\/passwd<\/h5>\n<p>The full account information is stored in the\u00a0<b>\/etc\/passwd<\/b>\u00a0file. This file contains a record per system user account and has the following format (fields are delimited by a colon).<\/p>\n<pre>[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]\r\n<\/pre>\n<ol>\n<li>Fields\u00a0<b>[username]<\/b>\u00a0and\u00a0<b>[Comment]<\/b>\u00a0are self explanatory.<\/li>\n<li>The\u00a0<b>x<\/b>\u00a0in the second field indicates that the account is protected by a shadowed password (in\u00a0<b>\/etc\/shadow<\/b>), which is needed to logon as\u00a0<b>[username]<\/b>.<\/li>\n<li>The\u00a0<b>[UID]<\/b>\u00a0and\u00a0<b>[GID]<\/b>\u00a0fields are integers that represent the User IDentification and the primary Group IDentification to which\u00a0<b>[username]<\/b>\u00a0belongs, respectively.<\/li>\n<li>The\u00a0<b>[Home directory]<\/b>\u00a0indicates the absolute path to\u00a0<b>[username]<\/b>\u2019s home directory, and<\/li>\n<li>The\u00a0<b>[Default shell]<\/b>\u00a0is the shell that will be made available to this user when he or she logins the system.<\/li>\n<\/ol>\n<h5>Understanding \/etc\/group<\/h5>\n<p>Group information is stored in the\u00a0<b>\/etc\/group<\/b>\u00a0file. Each record has the following format.<\/p>\n<pre>[Group name]:[Group password]:[GID]:[Group members]\r\n<\/pre>\n<ol>\n<li><b>[Group name]<\/b>\u00a0is the name of group.<\/li>\n<li>An\u00a0<b>x<\/b>\u00a0in\u00a0<b>[Group password]<\/b>\u00a0indicates group passwords are not being used.<\/li>\n<li><b>[GID]<\/b>: same as in \/etc\/passwd.<\/li>\n<li><b>[Group members]<\/b>: a comma separated list of users who are members of\u00a0<b>[Group name]<\/b>.<\/li>\n<\/ol>\n<div id=\"attachment_9522\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-user-accounts.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9522\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-user-accounts.png\" alt=\"Add User Accounts in Linux\" width=\"493\" height=\"96\" aria-describedby=\"caption-attachment-9522\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9522\" class=\"wp-caption-text\">Add User Accounts<\/p>\n<\/div>\n<p>After adding an account, you can edit the following information (to name a few fields) using the\u00a0<b>usermod<\/b>command, whose basic syntax of usermod is as follows.<\/p>\n<pre># usermod [options] [username]\r\n<\/pre>\n<h6>Setting the expiry date for an account<\/h6>\n<p>Use the\u00a0<b>\u2013expiredate<\/b>\u00a0flag followed by a date in\u00a0<b>YYYY-MM-DD<\/b>\u00a0format.<\/p>\n<pre># usermod --expiredate 2014-10-30 tecmint\r\n<\/pre>\n<h6>Adding the user to supplementary groups<\/h6>\n<p>Use the combined\u00a0<b>-aG<\/b>, or\u00a0<b>\u2013append<\/b>\u00a0<b>\u2013groups<\/b>\u00a0options, followed by a comma separated list of groups.<\/p>\n<pre># usermod --append --groups root,users tecmint\r\n<\/pre>\n<h6>Changing the default location of the user\u2019s home directory<\/h6>\n<p>Use the\u00a0<b>-d<\/b>, or\u00a0<b>\u2013home<\/b>\u00a0options, followed by the absolute path to the new home directory.<\/p>\n<pre># usermod --home \/tmp tecmint\r\n<\/pre>\n<h6>Changing the shell the user will use by default<\/h6>\n<p>Use\u00a0<b>\u2013shell<\/b>, followed by the path to the new shell.<\/p>\n<pre># usermod --shell \/bin\/sh tecmint\r\n<\/pre>\n<h6>Displaying the groups an user is a member of<\/h6>\n<pre># groups tecmint\r\n# id tecmint\r\n<\/pre>\n<p>Now let\u2019s execute all the above commands in one go.<\/p>\n<pre># usermod --expiredate 2014-10-30 --append --groups root,users --home \/tmp --shell \/bin\/sh tecmint\r\n<\/pre>\n<div id=\"attachment_9523\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/usermod-command-examples.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9523\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/usermod-command-examples-620x161.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/usermod-command-examples-620x161.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/usermod-command-examples.png 896w\" alt=\"usermod Command Examples\" width=\"620\" height=\"161\" aria-describedby=\"caption-attachment-9523\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9523\" class=\"wp-caption-text\">usermod Command Examples<\/p>\n<\/div>\n<p>In the example above, we will set the expiry date of the\u00a0<strong>tecmint<\/strong>\u00a0user account to\u00a0<strong>October 30th, 2014<\/strong>. We will also add the account to the\u00a0<strong>root<\/strong>\u00a0and users group. Finally, we will set\u00a0<code>sh<\/code>\u00a0as its default shell and change the location of the home directory to\u00a0<strong>\/tmp<\/strong>:<\/p>\n<p><b>Read Also<\/b>:<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/add-users-in-linux\/\" target=\"_blank\" rel=\"noopener\">15 useradd Command Examples in Linux<\/a><\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/usermod-command-examples\/\" target=\"_blank\" rel=\"noopener\">15 usermod Command Examples in Linux<\/a><\/li>\n<\/ol>\n<p>For existing accounts, we can also do the following.<\/p>\n<h6>Disabling account by locking password<\/h6>\n<p>Use the\u00a0<b>-L<\/b>\u00a0(uppercase L) or the\u00a0<b>\u2013lock<\/b>\u00a0option to lock a user\u2019s password.<\/p>\n<pre># usermod --lock tecmint\r\n<\/pre>\n<h6>Unlocking user password<\/h6>\n<p>Use the\u00a0<b>\u2013u<\/b>\u00a0or the\u00a0<b>\u2013unlock<\/b>\u00a0option to unlock a user\u2019s password that was previously blocked.<\/p>\n<pre># usermod --unlock tecmint\r\n<\/pre>\n<div id=\"attachment_9524\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lock-user-in-linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9524\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lock-user-in-linux-620x224.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lock-user-in-linux-620x224.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/lock-user-in-linux.png 745w\" alt=\"Lock User in Linux\" width=\"620\" height=\"224\" aria-describedby=\"caption-attachment-9524\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9524\" class=\"wp-caption-text\">Lock User Accounts<\/p>\n<\/div>\n<h6>Creating a new group for read and write access to files that need to be accessed by several users<\/h6>\n<p>Run the following series of commands to achieve the goal.<\/p>\n<pre># groupadd common_group # Add a new group\r\n# chown :common_group common.txt # Change the group owner of common.txt to common_group\r\n# usermod -aG common_group user1 # Add user1 to common_group\r\n# usermod -aG common_group user2 # Add user2 to common_group\r\n# usermod -aG common_group user3 # Add user3 to common_group\r\n<\/pre>\n<h6>Deleting a group<\/h6>\n<p>You can delete a group with the following command.<\/p>\n<pre># groupdel [group_name]\r\n<\/pre>\n<p>If there are files owned by\u00a0<b>group_name<\/b>, they will not be deleted, but the group owner will be set to the\u00a0<b>GID<\/b>\u00a0of the group that was deleted.<\/p>\n<h3>Linux File Permissions<\/h3>\n<p>Besides the basic read, write, and execute permissions that we discussed in\u00a0<a href=\"https:\/\/www.tecmint.com\/compress-files-and-finding-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">Archiving Tools and Setting File Attributes \u2013 Part 3<\/a>\u00a0of this series, there are other less used (but not less important) permission settings, sometimes referred to as \u201c<b>special permissions<\/b>\u201d.<\/p>\n<p>Like the basic permissions discussed earlier, they are set using an octal file or through a letter (symbolic notation) that indicates the type of permission.<\/p>\n<h6>Deleting user accounts<\/h6>\n<p>You can delete an account (along with its home directory, if it\u2019s owned by the user, and all the files residing therein, and also the mail spool) using the\u00a0<b>userdel<\/b>\u00a0command with the\u00a0<b>\u2013remove<\/b>\u00a0option.<\/p>\n<pre># userdel --remove [username]\r\n<\/pre>\n<h4>Group Management<\/h4>\n<p>Every time a new user account is added to the system, a group with the same name is created with the username as its only member. Other users can be added to the group later. One of the purposes of groups is to implement a simple access control to files and other system resources by setting the right permissions on those resources.<\/p>\n<p>For example, suppose you have the following users.<\/p>\n<ol>\n<li>user1 (primary group: user1)<\/li>\n<li>user2 (primary group: user2)<\/li>\n<li>user3 (primary group: user3)<\/li>\n<\/ol>\n<p>All of them need\u00a0<b>read<\/b>\u00a0and\u00a0<b>write<\/b>\u00a0access to a file called\u00a0<b>common.txt<\/b>\u00a0located somewhere on your local system, or maybe on a network share that\u00a0<b>user1<\/b>\u00a0has created. You may be tempted to do something like,<\/p>\n<pre># chmod 660 common.txt\r\nOR\r\n# chmod u=rw,g=rw,o= common.txt [notice the space between the last equal sign and the file name]\r\n<\/pre>\n<p>However, this will only provide\u00a0<b>read<\/b>\u00a0and\u00a0<b>write<\/b>\u00a0access to the owner of the file and to those users who are members of the group owner of the file (<b>user1<\/b>\u00a0in this case). Again, you may be tempted to add\u00a0<b>user2<\/b>\u00a0and\u00a0<b>user3<\/b>to group\u00a0<b>user1<\/b>, but that will also give them access to the rest of the files owned by user\u00a0<b>user1<\/b>\u00a0and group\u00a0<b>user1<\/b>.<\/p>\n<p>This is where groups come in handy, and here\u2019s what you should do in a case like this.<\/p>\n<h5>Understanding Setuid<\/h5>\n<p>When the\u00a0<b>setuid<\/b>\u00a0permission is applied to an executable file, an user running the program inherits the effective privileges of the program\u2019s owner. Since this approach can reasonably raise security concerns, the number of files with setuid permission must be kept to a minimum. You will likely find programs with this permission set when a system user needs to access a file owned by root.<\/p>\n<p>Summing up, it isn\u2019t just that the user can execute the binary file, but also that he can do so with root\u2019s privileges. For example, let\u2019s check the permissions of\u00a0<b>\/bin\/passwd<\/b>. This binary is used to change the password of an account, and modifies the\u00a0<b>\/etc\/shadow<\/b>\u00a0file. The superuser can change anyone\u2019s password, but all other users should only be able to change their own.<\/p>\n<div id=\"attachment_9525\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/passwd-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9525\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/passwd-command.png\" alt=\"passwd Command Examples\" width=\"448\" height=\"64\" aria-describedby=\"caption-attachment-9525\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9525\" class=\"wp-caption-text\">passwd Command Examples<\/p>\n<\/div>\n<p>Thus, any user should have permission to run\u00a0<b>\/bin\/passwd<\/b>, but only root will be able to specify an account. Other users can only change their corresponding passwords.<\/p>\n<div id=\"attachment_9526\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/change-user-password.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9526\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/change-user-password.png\" alt=\"Change User Password in Linux\" width=\"446\" height=\"180\" aria-describedby=\"caption-attachment-9526\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9526\" class=\"wp-caption-text\">Change User Password<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<h5>Understanding Setgid<\/h5>\n<p>When the\u00a0<b>setgid<\/b>\u00a0bit is set, the effective\u00a0<b>GID<\/b>\u00a0of the real user becomes that of the group owner. Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the setgid bit is set on a directory, newly created files inherit the same group as the directory, and newly created subdirectories will also inherit the setgid bit of the parent directory. You will most likely use this approach whenever members of a certain group need access to all the files in a directory, regardless of the file owner\u2019s primary group.<\/p>\n<pre># chmod g+s [filename]\r\n<\/pre>\n<p>To set the\u00a0<b>setgid<\/b>\u00a0in octal form, prepend the number\u00a0<b>2<\/b>\u00a0to the current (or desired) basic permissions.<\/p>\n<pre># chmod 2755 [directory]\r\n<\/pre>\n<h6>Setting the SETGID in a directory<\/h6>\n<div id=\"attachment_9527\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-setgid-to-directory.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9527\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-setgid-to-directory-620x190.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-setgid-to-directory-620x190.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-setgid-to-directory.png 625w\" alt=\"Add Setgid in Linux\" width=\"620\" height=\"190\" aria-describedby=\"caption-attachment-9527\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9527\" class=\"wp-caption-text\">Add Setgid to Directory<\/p>\n<\/div>\n<h5>Understanding Sticky Bit<\/h5>\n<p>When the \u201c<b>sticky bit<\/b>\u201d is set on files, Linux just ignores it, whereas for directories it has the effect of preventing users from deleting or even renaming the files it contains unless the user owns the directory, the file, or is root.<\/p>\n<pre># chmod o+t [directory]\r\n<\/pre>\n<p>To set the\u00a0<b>sticky bit<\/b>\u00a0in octal form, prepend the number\u00a0<b>1<\/b>\u00a0to the current (or desired) basic permissions.<\/p>\n<pre># chmod 1755 [directory]\r\n<\/pre>\n<p>Without the sticky bit, anyone able to write to the directory can delete or rename files. For that reason, the sticky bit is commonly found on directories, such as\u00a0<b>\/tmp<\/b>, that are world-writable.<\/p>\n<div id=\"attachment_9528\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-sticky-bit-to-directory.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9528\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/add-sticky-bit-to-directory.png\" alt=\"Add Stickybit in Linux\" width=\"576\" height=\"263\" aria-describedby=\"caption-attachment-9528\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9528\" class=\"wp-caption-text\">Add Stickybit to Directory<\/p>\n<\/div>\n<h3>Special Linux File Attributes<\/h3>\n<p>There are other attributes that enable further limits on the operations that are allowed on files. For example, prevent the file from being renamed, moved, deleted, or even modified. They are set with the\u00a0<a href=\"https:\/\/www.tecmint.com\/chattr-command-examples\/\" target=\"_blank\" rel=\"noopener\">chattr command<\/a>and can be viewed using the\u00a0<strong>lsattr<\/strong>\u00a0tool, as follows.<\/p>\n<pre># chattr +i file1\r\n# chattr +a file2\r\n<\/pre>\n<p>After executing those two commands,\u00a0<b>file1<\/b>\u00a0will be immutable (which means it cannot be moved, renamed, modified or deleted) whereas\u00a0<b>file2<\/b>\u00a0will enter append-only mode (can only be open in append mode for writing).<\/p>\n<div id=\"attachment_9529\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/chattr-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9529\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/chattr-command.png\" alt=\"Protect File from Deletion\" width=\"608\" height=\"429\" aria-describedby=\"caption-attachment-9529\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9529\" class=\"wp-caption-text\">Chattr Command to Protect Files<\/p>\n<\/div>\n<h3>Accessing the root Account and Using sudo<\/h3>\n<p>One of the ways users can gain access to the root account is by typing.<\/p>\n<pre>$ su\r\n<\/pre>\n<p>and then entering root\u2019s password.<\/p>\n<p>If authentication succeeds, you will be logged on as\u00a0<b>root<\/b>\u00a0with the current working directory as the same as you were before. If you want to be placed in root\u2019s home directory instead, run.<\/p>\n<pre>$ su -\r\n<\/pre>\n<p>and then enter root\u2019s password.<\/p>\n<div id=\"attachment_9530\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Sudo-Access.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9530\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Enable-Sudo-Access.png\" alt=\"Enable sudo Access on Linux\" width=\"413\" height=\"248\" aria-describedby=\"caption-attachment-9530\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9530\" class=\"wp-caption-text\">Enable Sudo Access on Users<\/p>\n<\/div>\n<p>The above procedure requires that a normal user knows root\u2019s password, which poses a serious security risk. For that reason, the sysadmin can configure the\u00a0<b>sudo<\/b>\u00a0command to allow an ordinary user to execute commands as a different user (usually the superuser) in a very controlled and limited way. Thus, restrictions can be set on a user so as to enable him to run one or more specific privileged commands and no others.<\/p>\n<p><b>Read Also<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/su-vs-sudo-and-how-to-configure-sudo-in-linux\/\" target=\"_blank\" rel=\"noopener\">Difference Between su and sudo User<\/a><\/p>\n<p>To authenticate using\u00a0<b>sudo<\/b>, the user uses his\/her own password. After entering the command, we will be prompted for our password (not the superuser\u2019s) and if the authentication succeeds (and if the user has been granted privileges to run the command), the specified command is carried out.<\/p>\n<p>To grant access to sudo, the system administrator must edit the\u00a0<b>\/etc\/sudoers<\/b>\u00a0file. It is recommended that this file is edited using the\u00a0<b>visudo<\/b>\u00a0command instead of opening it directly with a text editor.<\/p>\n<pre># visudo\r\n<\/pre>\n<p>This opens the\u00a0<b>\/etc\/sudoers<\/b>\u00a0file using\u00a0<b>vim<\/b>\u00a0(you can follow the instructions given in\u00a0<a href=\"https:\/\/www.tecmint.com\/vi-editor-usage\/\" target=\"_blank\" rel=\"noopener\">Install and Use vim as Editor \u2013 Part 2<\/a>\u00a0of this series to edit the file).<\/p>\n<p>These are the most relevant lines.<\/p>\n<pre>Defaults    secure_path=\"\/usr\/sbin:\/usr\/bin:\/sbin\"\r\nroot        ALL=(ALL) ALL\r\ntecmint     ALL=\/bin\/yum update\r\ngacanepa    ALL=NOPASSWD:\/bin\/updatedb\r\n%admin      ALL=(ALL) ALL\r\n<\/pre>\n<p>Let\u2019s take a closer look at them.<\/p>\n<pre>Defaults    secure_path=\"\/usr\/sbin:\/usr\/bin:\/sbin:\/usr\/local\/bin\"\r\n<\/pre>\n<p>This line lets you specify the directories that will be used for\u00a0<b>sudo<\/b>, and is used to prevent using user-specific directories, which can harm the system.<\/p>\n<p>The next lines are used to specify permissions.<\/p>\n<pre>root        ALL=(ALL) ALL\r\n<\/pre>\n<ol>\n<li>The first\u00a0<b>ALL<\/b>\u00a0keyword indicates that this rule applies to all hosts.<\/li>\n<li>The second\u00a0<b>ALL<\/b>\u00a0indicates that the user in the first column can run commands with the privileges of any user.<\/li>\n<li>The third\u00a0<b>ALL<\/b>\u00a0means any command can be run.<\/li>\n<\/ol>\n<pre>tecmint     ALL=\/bin\/yum update\r\n<\/pre>\n<p>If no user is specified after the\u00a0<b>=<\/b>\u00a0sign, sudo assumes the root user. In this case, user\u00a0<b>tecmint<\/b>\u00a0will be able to run\u00a0<b>yum update<\/b>\u00a0as root.<\/p>\n<pre>gacanepa    ALL=NOPASSWD:\/bin\/updatedb\r\n<\/pre>\n<p>The\u00a0<b>NOPASSWD<\/b>\u00a0directive allows user gacanepa to run\u00a0<b>\/bin\/updatedb<\/b>\u00a0without needing to enter his password.<\/p>\n<pre>%admin      ALL=(ALL) ALL\r\n<\/pre>\n<p>The\u00a0<b>%<\/b>\u00a0sign indicates that this line applies to a group called \u201c<b>admin<\/b>\u201d. The meaning of the rest of the line is identical to that of an regular user. This means that members of the group \u201c<b>admin<\/b>\u201d can run all commands as any user on all hosts.<\/p>\n<p>To see what privileges are granted to you by sudo, use the \u201c<b>-l<\/b>\u201d option to list them.<\/p>\n<div id=\"attachment_9531\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sudo-access-rules.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9531\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sudo-access-rules-620x305.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sudo-access-rules-620x305.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/sudo-access-rules.png 628w\" alt=\"Sudo Access Rules\" width=\"620\" height=\"305\" aria-describedby=\"caption-attachment-9531\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9531\" class=\"wp-caption-text\">Sudo Access Rules<\/p>\n<\/div>\n<h3>PAM (Pluggable Authentication Modules)<\/h3>\n<p><strong>Pluggable Authentication Modules<\/strong>\u00a0(PAM) offer the flexibility of setting a specific authentication scheme on a per-application and \/ or per-service basis using modules. This tool present on all modern Linux distributions overcame the problem often faced by developers in the early days of Linux, when each program that required authentication had to be compiled specially to know how to get the necessary information.<\/p>\n<p>For example, with PAM, it doesn\u2019t matter whether your password is stored in\u00a0<strong>\/etc\/shadow<\/strong>\u00a0or on a separate server inside your network.<\/p>\n<p>For example, when the login program needs to authenticate a user, PAM provides dynamically the library that contains the functions for the right authentication scheme. Thus, changing the authentication scheme for the login application (or any other program using PAM) is easy since it only involves editing a configuration file (most likely, a file named after the application, located inside\u00a0<code>\/etc\/pam.d<\/code>, and less likely in\u00a0<code>\/etc\/pam.conf<\/code>).<\/p>\n<p>Files inside\u00a0<code>\/etc\/pam.d<\/code>\u00a0indicate which applications are using PAM natively. In addition, we can tell whether a certain application uses PAM by checking if it the PAM library (<strong>libpam<\/strong>) has been linked to it:<\/p>\n<pre># ldd $(which login) | grep libpam # login uses PAM\r\n# ldd $(which top) | grep libpam # top does not use PAM\r\n<\/pre>\n<div id=\"attachment_21275\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Linux-PAM-Library.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21275\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Check-Linux-PAM-Library.png\" alt=\"Check Linux PAM Library\" width=\"654\" height=\"106\" aria-describedby=\"caption-attachment-21275\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-21275\" class=\"wp-caption-text\">Check Linux PAM Library<\/p>\n<\/div>\n<p>In the above image we can see that the\u00a0<strong>libpam<\/strong>\u00a0has been linked with the login application. This makes sense since this application is involved in the operation of system user authentication, whereas top does not.<\/p>\n<p>Let\u2019s examine the PAM configuration file for\u00a0<strong>passwd<\/strong>\u00a0\u2013 yes, the well-known utility to change user\u2019s passwords. It is located at\u00a0<strong>\/etc\/pam.d\/passwd<\/strong>:<\/p>\n<pre># cat \/etc\/passwd\r\n<\/pre>\n<div id=\"attachment_21276\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/PAM-Configuration-File-for-Linux-Password.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21276\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/PAM-Configuration-File-for-Linux-Password.png\" alt=\"PAM Configuration File for Linux Password\" width=\"516\" height=\"159\" aria-describedby=\"caption-attachment-21276\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-21276\" class=\"wp-caption-text\">PAM Configuration File for Linux Password<\/p>\n<\/div>\n<p>The first column indicates the\u00a0<code>type<\/code>\u00a0of authentication to be used with the\u00a0<code>module-path<\/code>\u00a0(third column). When a hyphen appears before the type, PAM will not record to the system log if the module cannot be loaded because it could not be found in the system.<\/p>\n<p>The following authentication types are available:<\/p>\n<ol>\n<li><code>account<\/code>: this module type checks if the user or service has supplied valid credentials to authenticate.<\/li>\n<li><code>auth<\/code>: this module type verifies that the user is who he \/ she claims to be and grants any needed privileges.<\/li>\n<li><code>password<\/code>: this module type allows the user or service to update their password.<\/li>\n<li><code>session<\/code>: this module type indicates what should be done before and\/or after the authentication succeeds.<\/li>\n<\/ol>\n<p>The second column (called\u00a0<code>control<\/code>) indicates what should happen if the authentication with this module fails:<\/p>\n<ol>\n<li><code>requisite<\/code>: if the authentication via this module fails, overall authentication will be denied immediately.<\/li>\n<li><code>required<\/code>\u00a0is similar to requisite, although all other listed modules for this service will be called before denying authentication.<\/li>\n<li><code>sufficient<\/code>: if the authentication via this module fails, PAM will still grant authentication even if a previous marked as required failed.<\/li>\n<li><code>optional<\/code>: if the authentication via this module fails or succeeds, nothing happens unless this is the only module of its type defined for this service.<\/li>\n<li><code>include<\/code>\u00a0means that the lines of the given type should be read from another file.<\/li>\n<li><code>substack<\/code>\u00a0is similar to includes but authentication failures or successes do not cause the exit of the complete module, but only of the substack.<\/li>\n<\/ol>\n<p>The fourth column, if it exists, shows the arguments to be passed to the module.<\/p>\n<p>The first three lines in\u00a0<strong>\/etc\/pam.d\/passwd<\/strong>\u00a0(shown above), load the\u00a0<strong>system-auth<\/strong>\u00a0module to check that the user has supplied valid credentials (account). If so, it allows him \/ her to change the authentication token (password) by giving permission to use passwd (<strong>auth<\/strong>).<\/p>\n<p>For example, if you append<\/p>\n<pre>remember=2\r\n<\/pre>\n<p>to the following line<\/p>\n<pre>password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok\r\n<\/pre>\n<p>in\u00a0<strong>\/etc\/pam.d\/system-auth<\/strong>:<\/p>\n<pre>password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=2\r\n<\/pre>\n<p>the last two hashed passwords of each user are saved in\u00a0<strong>\/etc\/security\/opasswd<\/strong>\u00a0so that they cannot be reused:<\/p>\n<div id=\"attachment_21277\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Linux-Password-Fields.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-21277\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/10\/Linux-Password-Fields.png\" alt=\"Linux Password Fields\" width=\"600\" height=\"228\" aria-describedby=\"caption-attachment-21277\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-21277\" class=\"wp-caption-text\">Linux Password Fields<\/p>\n<\/div>\n<h3>Summary<\/h3>\n<p>Effective user and file management skills are essential tools for any system administrator. In this article we have covered the basics and hope you can use it as a good starting to point to build upon. Feel free to leave your comments or questions below, and we\u2019ll respond quickly.<\/p>\n<h1 class=\"post-title\">Linux Package Management with Yum, RPM, Apt, Dpkg, Aptitude and Zypper \u2013 Part 9<\/h1>\n<p>Last August, the Linux Foundation announced the\u00a0<b>LFCS<\/b>\u00a0certification (<b>Linux Foundation Certified Sysadmin<\/b>), a shiny chance for system administrators everywhere to demonstrate, through a performance-based exam, that they are capable of succeeding at overall operational support for Linux systems. A Linux Foundation Certified Sysadmin has the expertise to ensure effective system support, first-level troubleshooting and monitoring, including finally issue escalation, when needed, to engineering support teams.<\/p>\n<div id=\"attachment_9605\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/lfcs-Part-9.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9605\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/lfcs-Part-9.png\" alt=\"Linux Package Management\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9605\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9605\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 9<\/p>\n<\/div>\n<p>Watch the following video that explains about the Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This article is a Part 9 of 10-tutorial long series, today in this article we will guide you about Linux Package Management, that are required for the LFCS certification exam.<\/p>\n<h3>Package Management<\/h3>\n<p>In few words, package management is a method of installing and maintaining (which includes updating and probably removing as well) software on the system.<\/p>\n<p>In the early days of Linux, programs were only distributed as source code, along with the required man pages, the necessary configuration files, and more. Nowadays, most Linux distributors use by default pre-built programs or sets of programs called packages, which are presented to users ready for installation on that distribution. However, one of the wonders of Linux is still the possibility to obtain source code of a program to be studied, improved, and compiled.<\/p>\n<h5>How package management systems work<\/h5>\n<p>If a certain package requires a certain resource such as a shared library, or another package, it is said to have a dependency. All modern package management systems provide some method of dependency resolution to ensure that when a package is installed, all of its dependencies are installed as well.<\/p>\n<h5>Packaging Systems<\/h5>\n<p>Almost all the software that is installed on a modern Linux system will be found on the Internet. It can either be provided by the distribution vendor through central repositories (which can contain several thousands of packages, each of which has been specifically built, tested, and maintained for the distribution) or be available in source code that can be downloaded and installed manually.<\/p>\n<p>Because different distribution families use different packaging systems (Debian:\u00a0<b>*.deb<\/b>\u00a0\/ CentOS:\u00a0<b>*.rpm<\/b>\u00a0\/ openSUSE:\u00a0<b>*.rpm<\/b>\u00a0built specially for openSUSE), a package intended for one distribution will not be compatible with another distribution. However, most distributions are likely to fall into one of the three distribution families covered by the LFCS certification.<\/p>\n<h5>High and low-level package tools<\/h5>\n<p>In order to perform the task of package management effectively, you need to be aware that you will have two types of available utilities:\u00a0<b>low-level<\/b>\u00a0tools (which handle in the backend the actual installation, upgrade, and removal of package files), and\u00a0<b>high-level<\/b>\u00a0tools (which are in charge of ensuring that the tasks of dependency resolution and metadata searching -\u201ddata about the data\u201d- are performed).<\/p>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"CENTER\" bgcolor=\"#AEA79F\" height=\"18\"><b>DISTRIBUTION<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#AEA79F\"><b>LOW-LEVEL TOOL<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#AEA79F\"><b>HIGH-LEVEL TOOL<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\" height=\"18\">\u00a0Debian and derivatives<\/td>\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\">\u00a0dpkg<\/td>\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\">\u00a0apt-get \/ aptitude<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\" height=\"18\">\u00a0CentOS<\/td>\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\">\u00a0rpm<\/td>\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\">\u00a0yum<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\" height=\"18\">\u00a0openSUSE<\/td>\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\">\u00a0rpm<\/td>\n<td align=\"LEFT\" bgcolor=\"#FFFFFF\">\u00a0zypper<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Let us see the descrption of the low-level and high-level tools.<\/p>\n<p><b>dpkg<\/b>\u00a0is a low-level package manager for Debian-based systems. It can install, remove, provide information about and build *.deb packages but it can\u2019t automatically download and install their corresponding dependencies.<\/p>\n<p><b>Read More<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/dpkg-command-examples\/\" target=\"_blank\" rel=\"noopener\">15 dpkg Command Examples<\/a><\/p>\n<p><b>apt-get<\/b>\u00a0is a high-level package manager for Debian and derivatives, and provides a simple way to retrieve and install packages, including dependency resolution, from multiple sources using the command line. Unlike dpkg, apt-get does not work directly with *.deb files, but with the package proper name.<\/p>\n<p><b>Read More<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/useful-basic-commands-of-apt-get-and-apt-cache-for-package-management\/\" target=\"_blank\" rel=\"noopener\">25 apt-get Command Examples<\/a><\/p>\n<p><b>aptitude<\/b>\u00a0is another high-level package manager for Debian-based systems, and can be used to perform management tasks (installing, upgrading, and removing packages, also handling dependency resolution automatically) in a fast and easy way. It provides the same functionality as apt-get and additional ones, such as offering access to several versions of a package.<\/p>\n<p><b>rpm<\/b>\u00a0is the package management system used by Linux Standard Base (LSB)-compliant distributions for low-level handling of packages. Just like dpkg, it can query, install, verify, upgrade, and remove packages, and is more frequently used by Fedora-based distributions, such as RHEL and CentOS.<\/p>\n<p><b>Read More<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/20-practical-examples-of-rpm-commands-in-linux\/\" target=\"_blank\" rel=\"noopener\">20 rpm Command Examples<\/a><\/p>\n<p><b>yum<\/b>\u00a0adds the functionality of automatic updates and package management with dependency management to RPM-based systems. As a high-level tool, like apt-get or aptitude, yum works with repositories.<\/p>\n<p><b>Read More<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement\/\" target=\"_blank\" rel=\"noopener\">20 yum Command Examples<\/a><\/p>\n<h3>Common Usage of Low-Level Tools<\/h3>\n<p>The most frequent tasks that you will do with low level tools are as follows:<\/p>\n<h6>1. Installing a package from a compiled (*.deb or *.rpm) file<\/h6>\n<p>The downside of this installation method is that no dependency resolution is provided. You will most likely choose to install a package from a compiled file when such package is not available in the distribution\u2019s repositories and therefore cannot be downloaded and installed through a high-level tool. Since low-level tools do not perform dependency resolution, they will exit with an error if we try to install a package with unmet dependencies.<\/p>\n<pre># dpkg -i file.deb \t\t[Debian and derivative]\r\n# rpm -i file.rpm \t\t[CentOS \/ openSUSE]\r\n<\/pre>\n<p><strong>Note<\/strong>: Do not attempt to install on CentOS a *.rpm file that was built for openSUSE, or vice-versa!<\/p>\n<h6>2. Upgrading a package from a compiled file<\/h6>\n<p>Again, you will only upgrade an installed package manually when it is not available in the central repositories.<\/p>\n<pre># dpkg -i file.deb \t\t[Debian and derivative]\r\n# rpm -U file.rpm \t\t[CentOS \/ openSUSE]\r\n<\/pre>\n<h6>3. Listing installed packages<\/h6>\n<p>When you first get your hands on an already working system, chances are you\u2019ll want to know what packages are installed.<\/p>\n<pre># dpkg -l \t\t[Debian and derivative]\r\n# rpm -qa \t\t[CentOS \/ openSUSE]\r\n<\/pre>\n<p>If you want to know whether a specific package is installed, you can pipe the output of the above commands to\u00a0<strong>grep<\/strong>, as explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">manipulate files in Linux \u2013 Part 1<\/a>\u00a0of this series. Suppose we need to verify if package\u00a0<b>mysql-common<\/b>\u00a0is installed on an Ubuntu system.<\/p>\n<pre># dpkg -l | grep mysql-common\r\n<\/pre>\n<div id=\"attachment_9600\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Installed-Package.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9600\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Installed-Package-620x73.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Installed-Package-620x73.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Installed-Package-1024x122.png 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Installed-Package.png 1124w\" alt=\"Check Installed Packages in Linux\" width=\"620\" height=\"73\" aria-describedby=\"caption-attachment-9600\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9600\" class=\"wp-caption-text\">Check Installed Packages<\/p>\n<\/div>\n<p>Another way to determine if a package is installed.<\/p>\n<pre># dpkg --status package_name \t\t[Debian and derivative]\r\n# rpm -q package_name \t\t\t[CentOS \/ openSUSE]\r\n<\/pre>\n<p>For example, let\u2019s find out whether package\u00a0<b>sysdig<\/b>\u00a0is installed on our system.<\/p>\n<pre># rpm -qa | grep sysdig\r\n<\/pre>\n<div id=\"attachment_9601\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-sysdig-Package.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9601\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-sysdig-Package.png\" alt=\"Check sysdig Package\" width=\"456\" height=\"110\" aria-describedby=\"caption-attachment-9601\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9601\" class=\"wp-caption-text\">Check sysdig Package<\/p>\n<\/div>\n<h6>4. Finding out which package installed a file<\/h6>\n<pre># dpkg --search file_name\r\n# rpm -qf file_name\r\n<\/pre>\n<p>For example, which package installed\u00a0<b>pw_dict.hwm<\/b>?<\/p>\n<pre># rpm -qf \/usr\/share\/cracklib\/pw_dict.hwm\r\n<\/pre>\n<div id=\"attachment_9602\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Query-File-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9602\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Query-File-in-Linux.png\" alt=\"Query File in Linux\" width=\"445\" height=\"63\" aria-describedby=\"caption-attachment-9602\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9602\" class=\"wp-caption-text\">Query File in Linux<\/p>\n<\/div>\n<h3>Common Usage of High-Level Tools<\/h3>\n<p>The most frequent tasks that you will do with high level tools are as follows.<\/p>\n<h6>1. Searching for a package<\/h6>\n<p><b>aptitude update<\/b>\u00a0will update the list of available packages, and\u00a0<b>aptitude search<\/b>\u00a0will perform the actual search for\u00a0<b>package_name<\/b>.<\/p>\n<pre># aptitude update &amp;&amp; aptitude search package_name \r\n<\/pre>\n<p>In the search all option,\u00a0<b>yum<\/b>\u00a0will search for package_name not only in package names, but also in package descriptions.<\/p>\n<pre># yum search package_name\r\n# yum search all package_name\r\n# yum whatprovides \u201c*\/package_name\u201d\r\n<\/pre>\n<p>Let\u2019s supposed we need a file whose name is\u00a0<b>sysdig<\/b>. To know that package we will have to install, let\u2019s run.<\/p>\n<pre># yum whatprovides \u201c*\/sysdig\u201d\r\n<\/pre>\n<div id=\"attachment_9603\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Description.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9603\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Description-620x334.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Description-620x334.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Description.png 680w\" alt=\"Check Package Description in Linux\" width=\"620\" height=\"334\" aria-describedby=\"caption-attachment-9603\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9603\" class=\"wp-caption-text\">Check Package Description<\/p>\n<\/div>\n<p><b>whatprovides<\/b>\u00a0tells\u00a0<b>yum<\/b>\u00a0to search the package the will provide a file that matches the above regular expression.<\/p>\n<pre># zypper refresh &amp;&amp; zypper search package_name\t\t[On openSUSE]\r\n<\/pre>\n<h6>2. Installing a package from a repository<\/h6>\n<p>While installing a package, you may be prompted to confirm the installation after the package manager has resolved all dependencies. Note that running update or refresh (according to the package manager being used) is not strictly necessary, but keeping installed packages up to date is a good sysadmin practice for security and dependency reasons.<\/p>\n<pre># aptitude update &amp;&amp; aptitude install package_name \t\t[Debian and derivatives]\r\n# yum update &amp;&amp; yum install package_name \t\t\t[CentOS]\r\n# zypper refresh &amp;&amp; zypper install package_name \t\t[openSUSE]\r\n<\/pre>\n<h6>3. Removing a package<\/h6>\n<p>The option\u00a0<b>remove<\/b>\u00a0will uninstall the package but leaving configuration files intact, whereas purge will erase every trace of the program from your system.<br \/>\n# aptitude remove \/ purge package_name<br \/>\n# yum erase package_name<\/p>\n<pre>---Notice the minus sign in front of the package that will be uninstalled, openSUSE ---\r\n\r\n# zypper remove -package_name \r\n<\/pre>\n<p>Most (if not all) package managers will prompt you, by default, if you\u2019re sure about proceeding with the uninstallation before actually performing it. So read the onscreen messages carefully to avoid running into unnecessary trouble!<\/p>\n<h6>4. Displaying information about a package<\/h6>\n<p>The following command will display information about the\u00a0<b>birthday<\/b>\u00a0package.<\/p>\n<pre># aptitude show birthday \r\n# yum info birthday\r\n# zypper info birthday\r\n<\/pre>\n<div id=\"attachment_9604\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Information.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9604\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Information-620x290.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Information-620x290.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Package-Information.png 729w\" alt=\"Check Package Information in Linux\" width=\"620\" height=\"290\" aria-describedby=\"caption-attachment-9604\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9604\" class=\"wp-caption-text\">Check Package Information<\/p>\n<\/div>\n<h3>Summary<\/h3>\n<p>Package management is something you just can\u2019t sweep under the rug as a system administrator. You should be prepared to use the tools described in this article at a moment\u2019s notice. Hope you find it useful in your preparation for the\u00a0<b>LFCS<\/b>\u00a0exam and for your daily tasks. Feel free to leave your comments or questions below. We will be more than glad to get back to you as soon as possible.<\/p>\n<h1 class=\"post-title\">Understanding &amp; Learning Basic Shell Scripting and Linux Filesystem Troubleshooting \u2013 Part 10<\/h1>\n<p>The Linux Foundation launched the\u00a0<b>LFCS<\/b>\u00a0certification (<b>Linux Foundation Certified Sysadmin<\/b>), a brand new initiative whose purpose is to allow individuals everywhere (and anywhere) to get certified in basic to intermediate operational support for Linux systems, which includes supporting running systems and services, along with overall monitoring and analysis, plus smart decision-making when it comes to raising issues to upper support teams.<\/p>\n<div id=\"attachment_9705\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/lfcs-Part-10.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9705\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/lfcs-Part-10.png\" alt=\"Basic Shell Scripting and Filesystem Troubleshooting\" width=\"600\" height=\"400\" aria-describedby=\"caption-attachment-9705\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9705\" class=\"wp-caption-text\">Linux Foundation Certified Sysadmin \u2013 Part 10<\/p>\n<\/div>\n<p>Check out the following video that guides you an introduction to the Linux Foundation Certification Program.<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/Y29qZ71Kicg\" width=\"720\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This is the last article (Part 10) of the present 10-tutorial long series. In this article we will focus on basic shell scripting and troubleshooting Linux file systems. Both topics are required for the LFCS certification exam.<\/p>\n<h3>Understanding Terminals and Shells<\/h3>\n<p>Let\u2019s clarify a few concepts first.<\/p>\n<ol>\n<li>A shell is a program that takes commands and gives them to the operating system to be executed.<\/li>\n<li>A terminal is a program that allows us as end users to interact with the shell. One example of a terminal is GNOME terminal, as shown in the below image.<\/li>\n<\/ol>\n<div id=\"attachment_9697\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Gnome-Terminal.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9697\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Gnome-Terminal.png\" alt=\"Gnome Terminal\" width=\"404\" height=\"248\" aria-describedby=\"caption-attachment-9697\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9697\" class=\"wp-caption-text\">Gnome Terminal<\/p>\n<\/div>\n<p>When we first start a shell, it presents a command prompt (also known as the command line), which tells us that the shell is ready to start accepting commands from its standard input device, which is usually the keyboard.<\/p>\n<p>You may want to refer to another article in this series (<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">Use Command to Create, Edit, and Manipulate files \u2013 Part 1<\/a>) to review some useful commands.<\/p>\n<p>Linux provides a range of options for shells, the following being the most common:<\/p>\n<h5>bash Shell<\/h5>\n<p><b>Bash<\/b>\u00a0stands for\u00a0<b>Bourne Again SHell<\/b>\u00a0and is the GNU Project\u2019s default shell. It incorporates useful features from the Korn shell (ksh) and C shell (csh), offering several improvements at the same time. This is the default shell used by the distributions covered in the LFCS certification, and it is the shell that we will use in this tutorial.<\/p>\n<h5>sh Shell<\/h5>\n<p>The\u00a0<b>Bourne SHell<\/b>\u00a0is the oldest shell and therefore has been the default shell of many UNIX-like operating systems for many years.<\/p>\n<h5>ksh Shell<\/h5>\n<p>The\u00a0<b>Korn SHell<\/b>\u00a0is a Unix shell which was developed by David Korn at Bell Labs in the early 1980s. It is backward-compatible with the Bourne shell and includes many features of the C shell.<\/p>\n<p>A shell script is nothing more and nothing less than a text file turned into an executable program that combines commands that are executed by the shell one after another.<\/p>\n<h3>Basic Shell Scripting<\/h3>\n<p>As mentioned earlier, a shell script is born as a plain text file. Thus, can be created and edited using our preferred text editor. You may want to consider using vi\/m (refer to\u00a0<a href=\"https:\/\/www.tecmint.com\/vi-editor-usage\/\" target=\"_blank\" rel=\"noopener\">Usage of vi Editor \u2013 Part 2<\/a>\u00a0of this series), which features syntax highlighting for your convenience.<\/p>\n<p>Type the following command to create a file named myscript.sh and press Enter.<\/p>\n<pre># vim myscript.sh\r\n<\/pre>\n<p>The very first line of a shell script must be as follows (also known as a\u00a0<b>shebang<\/b>).<\/p>\n<pre>#!\/bin\/bash\r\n<\/pre>\n<p>It \u201c<b>tells<\/b>\u201d the operating system the name of the interpreter that should be used to run the text that follows.<\/p>\n<p>Now it\u2019s time to add our commands. We can clarify the purpose of each command, or the entire script, by adding comments as well. Note that the shell ignores those lines beginning with a pound sign\u00a0<b>#<\/b>\u00a0(explanatory comments).<\/p>\n<pre>#!\/bin\/bash\r\necho This is Part 10 of the 10-article series about the LFCS certification\r\necho Today is $(date +%Y-%m-%d)\r\n<\/pre>\n<p>Once the script has been written and saved, we need to make it executable.<\/p>\n<pre># chmod 755 myscript.sh\r\n<\/pre>\n<p>Before running our script, we need to say a few words about the\u00a0<b>$PATH<\/b>\u00a0environment variable. If we run,<\/p>\n<pre>echo $PATH\r\n<\/pre>\n<p>from the command line, we will see the contents of\u00a0<b>$PATH:<\/b>\u00a0a colon-separated list of directories that are searched when we enter the name of a executable program. It is called an environment variable because it is part of the shell environment \u2013 a set of information that becomes available for the shell and its child processes when the shell is first started.<\/p>\n<p>When we type a command and press Enter, the shell searches in all the directories listed in the\u00a0<b>$PATH<\/b>\u00a0variable and executes the first instance that is found. Let\u2019s see an example,<\/p>\n<div id=\"attachment_9698\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Environment-Variable.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9698\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Environment-Variable-620x53.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Environment-Variable-620x53.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Environment-Variable.png 760w\" alt=\"Linux Environment Variables\" width=\"620\" height=\"53\" aria-describedby=\"caption-attachment-9698\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9698\" class=\"wp-caption-text\">Environment Variables<\/p>\n<\/div>\n<p>If there are two executable files with the same name, one in\u00a0<b>\/usr\/local\/bin<\/b>\u00a0and another in\u00a0<b>\/usr\/bin<\/b>, the one in the first directory will be executed first, whereas the other will be disregarded.<\/p>\n<p>If we haven\u2019t saved our script inside one of the directories listed in the\u00a0<b>$PATH<\/b>\u00a0variable, we need to append\u00a0<b>.\/<\/b>\u00a0to the file name in order to execute it. Otherwise, we can run it just as we would do with a regular command.<\/p>\n<pre># pwd\r\n# .\/myscript.sh\r\n# cp myscript.sh ..\/bin\r\n# cd ..\/bin\r\n# pwd\r\n# myscript.sh\r\n<\/pre>\n<div id=\"attachment_9699\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Execute-Script.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9699\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Execute-Script-620x195.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Execute-Script-620x195.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Execute-Script.png 852w\" alt=\"Execute Script in Linux\" width=\"620\" height=\"195\" aria-describedby=\"caption-attachment-9699\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9699\" class=\"wp-caption-text\">Execute Script<\/p>\n<\/div>\n<h4>Conditionals<\/h4>\n<p>Whenever you need to specify different courses of action to be taken in a shell script, as result of the success or failure of a command, you will use the\u00a0<b>if<\/b>\u00a0construct to define such conditions. Its basic syntax is:<\/p>\n<pre>if CONDITION; then \r\n\tCOMMANDS;\r\nelse\r\n\tOTHER-COMMANDS \r\nfi\r\n<\/pre>\n<p>Where\u00a0<b>CONDITION<\/b>\u00a0can be one of the following (only the most frequent conditions are cited here) and evaluates to true when:<\/p>\n<ol>\n<li><b>[ -a file ]<\/b>\u00a0\u2192 file exists.<\/li>\n<li><b>[ -d file ]<\/b>\u00a0\u2192 file exists and is a directory.<\/li>\n<li><b>[ -f file ]<\/b>\u00a0\u2192file exists and is a regular file.<\/li>\n<li><b>[ -u file ]<\/b>\u00a0\u2192file exists and its SUID (set user ID) bit is set.<\/li>\n<li><b>[ -g file ]<\/b>\u00a0\u2192file exists and its SGID bit is set.<\/li>\n<li><b>[ -k file ]<\/b>\u00a0\u2192file exists and its sticky bit is set.<\/li>\n<li><b>[ -r file ]<\/b>\u00a0\u2192file exists and is readable.<\/li>\n<li><b>[ -s file ]<\/b>\u2192 file exists and is not empty.<\/li>\n<li><b>[ -w file ]<\/b>\u2192file exists and is writable.<\/li>\n<li><b>[ -x file ]<\/b>\u00a0is true if file exists and is executable.<\/li>\n<li><b>[ string1 = string2 ]<\/b>\u00a0\u2192 the strings are equal.<\/li>\n<li><b>[ string1 != string2 ]<\/b>\u00a0\u2192the strings are not equal.<\/li>\n<\/ol>\n<p><b>[ int1 op int2 ]<\/b>\u00a0should be part of the preceding list, while the items that follow (for example,\u00a0<b>-eq \u2013&gt;<\/b>\u00a0is true if\u00a0<b>int1<\/b>is equal to\u00a0<b>int2<\/b>.) should be a \u201c<b>children<\/b>\u201d list of [\u00a0<b>int1<\/b>\u00a0op\u00a0<b>int2<\/b>\u00a0] where op is one of the following comparison operators.<\/p>\n<ol>\n<li><b>-eq \u2013&gt;<\/b>\u00a0is true if int1 is equal to int2.<\/li>\n<li><b>-ne \u2013&gt;<\/b>\u00a0true if int1 is not equal to int2.<\/li>\n<li><b>-lt \u2013&gt;<\/b>\u00a0true if int1 is less than int2.<\/li>\n<li><b>-le \u2013&gt;<\/b>\u00a0true if int1 is less than or equal to int2.<\/li>\n<li><b>-gt \u2013&gt;<\/b>\u00a0true if int1 is greater than int2.<\/li>\n<li><b>-ge \u2013&gt;<\/b>\u00a0true if int1 is greater than or equal to int2.<\/li>\n<\/ol>\n<h4>For Loops<\/h4>\n<p>This loop allows to execute one or more commands for each value in a list of values. Its basic syntax is:<\/p>\n<pre>for item in SEQUENCE; do \r\n\t\tCOMMANDS; \r\ndone\r\n<\/pre>\n<p>Where\u00a0<b>item<\/b>\u00a0is a generic variable that represents each value in\u00a0<b>SEQUENCE<\/b>\u00a0during each iteration.<\/p>\n<h4>While Loops<\/h4>\n<p>This loop allows to execute a series of repetitive commands as long as the control command executes with an exit status equal to zero (successfully). Its basic syntax is:<\/p>\n<pre>while EVALUATION_COMMAND; do \r\n\t\tEXECUTE_COMMANDS; \r\ndone\r\n<\/pre>\n<p>Where\u00a0<b>EVALUATION_COMMAND<\/b>\u00a0can be any command(s) that can exit with a success (<b>0<\/b>) or failure (other than\u00a0<b>0)<\/b>\u00a0status, and EXECUTE_COMMANDS can be any program, script or shell construct, including other nested loops.<\/p>\n<h4>Putting It All Together<\/h4>\n<p>We will demonstrate the use of the if construct and the for loop with the following example.<\/p>\n<h6>Determining if a service is running in a systemd-based distro<\/h6>\n<p>Let\u2019s create a file with a list of services that we want to monitor at a glance.<\/p>\n<pre># cat myservices.txt\r\n\r\nsshd\r\nmariadb\r\nhttpd\r\ncrond\r\nfirewalld\r\n<\/pre>\n<div id=\"attachment_9700\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Monitor-Services.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9700\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Monitor-Services.png\" alt=\"Script to Monitor Linux Services\" width=\"308\" height=\"137\" aria-describedby=\"caption-attachment-9700\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9700\" class=\"wp-caption-text\">Script to Monitor Linux Services<\/p>\n<\/div>\n<p>Our shell script should look like.<\/p>\n<pre>#!\/bin\/bash\r\n\r\n# This script iterates over a list of services and\r\n# is used to determine whether they are running or not.\r\n\r\nfor service in $(cat myservices.txt); do\r\n    \tsystemctl status $service | grep --quiet \"running\"\r\n    \tif [ $? -eq 0 ]; then\r\n            \techo $service \"is [ACTIVE]\"\r\n    \telse\r\n            \techo $service \"is [INACTIVE or NOT INSTALLED]\"\r\n    \tfi\r\ndone\r\n<\/pre>\n<div id=\"attachment_9701\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Monitor-Script.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9701\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Monitor-Script.png\" alt=\"Linux Service Monitoring Script\" width=\"506\" height=\"228\" aria-describedby=\"caption-attachment-9701\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9701\" class=\"wp-caption-text\">Linux Service Monitoring Script<\/p>\n<\/div>\n<h6>Let\u2019s explain how the script works.<\/h6>\n<p><strong>1).<\/strong>\u00a0The for loop reads the\u00a0<b>myservices.txt<\/b>\u00a0file one element of LIST at a time. That single element is denoted by the generic variable named service. The LIST is populated with the output of,<\/p>\n<pre># cat myservices.txt\r\n<\/pre>\n<p><strong>2).<\/strong>\u00a0The above command is enclosed in parentheses and preceded by a dollar sign to indicate that it should be evaluated to populate the LIST that we will iterate over.<\/p>\n<p><strong>3).<\/strong>\u00a0For each element of LIST (meaning every instance of the service variable), the following command will be executed.<\/p>\n<pre># systemctl status $service | grep --quiet \"running\"\r\n<\/pre>\n<p>This time we need to precede our generic variable (which represents each element in\u00a0<b>LIST<\/b>) with a dollar sign to indicate it\u2019s a variable and thus its value in each iteration should be used. The output is then piped to grep.<\/p>\n<p>The\u00a0<b>\u2013quiet<\/b>\u00a0flag is used to prevent\u00a0<b>grep<\/b>\u00a0from displaying to the screen the lines where the word running appears. When that happens, the above command returns an exit status of\u00a0<b>0<\/b>\u00a0(represented by\u00a0<b>$?<\/b>\u00a0in the if construct), thus verifying that the service is running.<\/p>\n<p>An exit status different than\u00a0<b>0<\/b>\u00a0(meaning the\u00a0<b>word<\/b>\u00a0running was not found in the output of\u00a0<b>systemctl status $service<\/b>) indicates that the service is not running.<\/p>\n<div id=\"attachment_9702\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Services-Monitoring-Script.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9702\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Services-Monitoring-Script.png\" alt=\"Services Monitoring Script\" width=\"327\" height=\"128\" aria-describedby=\"caption-attachment-9702\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9702\" class=\"wp-caption-text\">Services Monitoring Script<\/p>\n<\/div>\n<p>We could go one step further and check for the existence of\u00a0<b>myservices.txt<\/b>\u00a0before even attempting to enter the for loop.<\/p>\n<pre>#!\/bin\/bash\r\n\r\n# This script iterates over a list of services and\r\n# is used to determine whether they are running or not.\r\n\r\nif [ -f myservices.txt ]; then\r\n    \tfor service in $(cat myservices.txt); do\r\n            \tsystemctl status $service | grep --quiet \"running\"\r\n            \tif [ $? -eq 0 ]; then\r\n                    \techo $service \"is [ACTIVE]\"\r\n            \telse\r\n                    \techo $service \"is [INACTIVE or NOT INSTALLED]\"\r\n            \tfi\r\n    \tdone\r\nelse\r\n    \techo \"myservices.txt is missing\"\r\nfi\r\n<\/pre>\n<h6>Pinging a series of network or internet hosts for reply statistics<\/h6>\n<p>You may want to maintain a list of hosts in a text file and use a script to determine every now and then whether they\u2019re pingable or not (feel free to replace the contents of\u00a0<b>myhosts<\/b>\u00a0and try for yourself).<\/p>\n<p>The read shell built-in command tells the while loop to read myhosts line by line and assigns the content of each line to variable host, which is then passed to the\u00a0<b>ping<\/b>\u00a0command.<\/p>\n<pre>#!\/bin\/bash\r\n\r\n# This script is used to demonstrate the use of a while loop\r\n\r\nwhile read host; do\r\n    \tping -c 2 $host\r\ndone &lt; myhosts\r\n<\/pre>\n<div id=\"attachment_9703\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Script-to-Ping-Servers.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-9703\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Script-to-Ping-Servers.png\" alt=\"Script to Ping Servers\" width=\"499\" height=\"276\" aria-describedby=\"caption-attachment-9703\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9703\" class=\"wp-caption-text\">Script to Ping Servers<\/p>\n<\/div>\n<p><b>Read Also<\/b>:<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/learning-shell-scripting-language-a-guide-from-newbies-to-system-administrator\/\" target=\"_blank\" rel=\"noopener\">Learn Shell Scripting: A Guide from Newbies to System Administrator<\/a><\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/basic-shell-programming-part-ii\/\" target=\"_blank\" rel=\"noopener\">5 Shell Scripts to Learn Shell Programming<\/a><\/li>\n<\/ol>\n<h3>Filesystem Troubleshooting<\/h3>\n<p>Although Linux is a very stable operating system, if it crashes for some reason (for example, due to a power outage), one (or more) of your file systems will not be unmounted properly and thus will be automatically checked for errors when Linux is restarted.<\/p>\n<p>In addition, each time the system boots during a normal boot, it always checks the integrity of the filesystems before mounting them. In both cases this is performed using a tool named\u00a0<b>fsck<\/b>\u00a0(\u201c<b>file system check<\/b>\u201d).<\/p>\n<p><b>fsck<\/b>\u00a0will not only check the integrity of file systems, but also attempt to repair corrupt file systems if instructed to do so. Depending on the severity of damage, fsck may succeed or not; when it does, recovered portions of files are placed in the\u00a0<b>lost+found<\/b>\u00a0directory, located in the root of each file system.<\/p>\n<p>Last but not least, we must note that inconsistencies may also happen if we try to remove an USB drive when the operating system is still writing to it, and may even result in hardware damage.<\/p>\n<p>The basic syntax of fsck is as follows:<\/p>\n<pre># fsck [options] filesystem\r\n<\/pre>\n<h6>Checking a filesystem for errors and attempting to repair automatically<\/h6>\n<p>In order to check a filesystem with fsck, we must first unmount it.<\/p>\n<pre># mount | grep sdg1\r\n# umount \/mnt\r\n# fsck -y \/dev\/sdg1\r\n<\/pre>\n<div id=\"attachment_9704\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Filesystem-Errors.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-9704\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Filesystem-Errors-620x215.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Filesystem-Errors-620x215.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2014\/11\/Check-Filesystem-Errors.png 767w\" alt=\"Scan Linux Filesystem for Errors\" width=\"620\" height=\"215\" aria-describedby=\"caption-attachment-9704\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-9704\" class=\"wp-caption-text\">Check Filesystem Errors<\/p>\n<\/div>\n<p>Besides the\u00a0<b>-y<\/b>\u00a0flag, we can use the\u00a0<b>-a<\/b>\u00a0option to automatically repair the file systems without asking any questions, and force the check even when the filesystem looks clean.<\/p>\n<pre># fsck -af \/dev\/sdg1\r\n<\/pre>\n<p>If we\u2019re only interested in finding out what\u2019s wrong (without trying to fix anything for the time being) we can run fsck with the\u00a0<b>-n<\/b>\u00a0option, which will output the filesystem issues to standard output.<\/p>\n<pre># fsck -n \/dev\/sdg1\r\n<\/pre>\n<p>Depending on the error messages in the output of fsck, we will know whether we can try to solve the issue ourselves or escalate it to engineering teams to perform further checks on the hardware.<\/p>\n<h3>Summary<\/h3>\n<p>We have arrived at the end of this\u00a0<b>10-article<\/b>\u00a0series where have tried to cover the basic domain competencies required to pass the\u00a0<b>LFCS<\/b>\u00a0exam.<\/p>\n<p>For obvious reasons, it is not possible to cover every single aspect of these topics in any single tutorial, and that\u2019s why we hope that these articles have put you on the right track to try new stuff yourself and continue learning.<\/p>\n<p>If you have any questions or comments, they are always welcome \u2013 so don\u2019t hesitate to drop us a line via the form below!<\/p>\n<h1 class=\"post-title\">LFCS: How to Manage and Create LVM Using vgcreate, lvcreate and lvextend Commands \u2013 Part 11<\/h1>\n<p>Because of the changes in the LFCS exam requirements effective\u00a0<strong>Feb. 2, 2016<\/strong>, we are adding the necessary topics to the\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">LFCS series<\/a>\u00a0published here. To prepare for this exam, your are highly encouraged to use the\u00a0<a href=\"https:\/\/www.tecmint.com\/installing-network-services-and-configuring-services-at-system-boot\/\" target=\"_blank\" rel=\"noopener\">LFCE series<\/a>\u00a0as well.<\/p>\n<div id=\"attachment_19251\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Manage-LVM-and-Create-LVM-Partition-in-Linux.png\" rel=\"attachment wp-att-19251\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19251\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Manage-LVM-and-Create-LVM-Partition-in-Linux.png\" alt=\"Manage LVM and Create LVM Partition\" width=\"720\" height=\"345\" aria-describedby=\"caption-attachment-19251\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19251\" class=\"wp-caption-text\">LFCS: Manage LVM and Create LVM Partition \u2013 Part 11<\/p>\n<\/div>\n<p>One of the most important decisions while installing a Linux system is the amount of storage space to be allocated for system files, home directories, and others. If you make a mistake at that point, growing a partition that has run out of space can be burdensome and somewhat risky.<\/p>\n<p><strong>Logical Volumes Management<\/strong>\u00a0(also known as\u00a0<strong>LVM<\/strong>), which have become a default for the installation of most (if not all) Linux distributions, have numerous advantages over traditional partitioning management. Perhaps the most distinguishing feature of LVM is that it allows logical divisions to be resized (reduced or increased) at will without much hassle.<\/p>\n<p>The structure of the LVM consists of:<\/p>\n<ol>\n<li>One or more entire hard disks or partitions are configured as physical volumes (PVs).<\/li>\n<li>A volume group (<strong>VG<\/strong>) is created using one or more physical volumes. You can think of a volume group as a single storage unit.<\/li>\n<li>Multiple logical volumes can then be created in a volume group. Each logical volume is somewhat equivalent to a traditional partition \u2013 with the advantage that it can be resized at will as we mentioned earlier.<\/li>\n<\/ol>\n<p>In this article we will use three disks of\u00a0<strong>8 GB<\/strong>\u00a0each (<strong>\/dev\/sdb<\/strong>,\u00a0<strong>\/dev\/sdc<\/strong>, and\u00a0<strong>\/dev\/sdd<\/strong>) to create three physical volumes. You can either create the PVs directly on top of the device, or partition it first.<\/p>\n<p>Although we have chosen to go with the first method, if you decide to go with the second (as explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/create-partitions-and-filesystems-in-linux\/\" target=\"_blank\" rel=\"noopener\">Part 4 \u2013 Create Partitions and File Systems in Linux<\/a>\u00a0of this series) make sure to configure each partition as type\u00a0<code>8e<\/code>.<\/p>\n<h3>Creating Physical Volumes, Volume Groups, and Logical Volumes<\/h3>\n<p>To create physical volumes on top of\u00a0<strong>\/dev\/sdb<\/strong>,\u00a0<strong>\/dev\/sdc<\/strong>, and\u00a0<strong>\/dev\/sdd<\/strong>, do:<\/p>\n<pre># pvcreate \/dev\/sdb \/dev\/sdc \/dev\/sdd\r\n<\/pre>\n<p>You can list the newly created PVs with:<\/p>\n<pre># pvs\r\n<\/pre>\n<p>and get detailed information about each PV with:<\/p>\n<pre># pvdisplay \/dev\/sdX\r\n<\/pre>\n<p>(where\u00a0<strong>X<\/strong>\u00a0is b, c, or d)<\/p>\n<p>If you omit\u00a0<code>\/dev\/sdX<\/code>\u00a0as parameter, you will get information about all the PVs.<\/p>\n<p>To create a volume group named\u00a0<code>vg00<\/code>\u00a0using\u00a0<code>\/dev\/sdb<\/code>\u00a0and\u00a0<code>\/dev\/sdc<\/code>\u00a0(we will save\u00a0<code>\/dev\/sdd<\/code>\u00a0for later to illustrate the possibility of adding other devices to expand storage capacity when needed):<\/p>\n<pre># vgcreate vg00 \/dev\/sdb \/dev\/sdc\r\n<\/pre>\n<p>As it was the case with physical volumes, you can also view information about this volume group by issuing:<\/p>\n<pre># vgdisplay vg00\r\n<\/pre>\n<p>Since\u00a0<code>vg00<\/code>\u00a0is formed with two\u00a0<strong>8 GB<\/strong>\u00a0disks, it will appear as a single\u00a0<strong>16 GB<\/strong>\u00a0drive:<\/p>\n<div id=\"attachment_19221\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-LVM-Volume-Groups.png\" rel=\"attachment wp-att-19221\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19221\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-LVM-Volume-Groups.png\" alt=\"List LVM Volume Groups\" width=\"423\" height=\"111\" aria-describedby=\"caption-attachment-19221\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19221\" class=\"wp-caption-text\">List LVM Volume Groups<\/p>\n<\/div>\n<p>When it comes to creating logical volumes, the distribution of space must take into consideration both current and future needs. It is considered good practice to name each logical volume according to its intended use.<\/p>\n<p>For example, let\u2019s create two LVs named\u00a0<code>vol_projects<\/code>\u00a0(<strong>10 GB<\/strong>) and\u00a0<code>vol_backups<\/code>\u00a0(remaining space), which we can use later to store project documentation and system backups, respectively.<\/p>\n<p>The\u00a0<code>-n<\/code>\u00a0option is used to indicate a name for the LV, whereas\u00a0<code>-L<\/code>\u00a0sets a fixed size and\u00a0<code>-l<\/code>\u00a0(lowercase L) is used to indicate a percentage of the remaining space in the container VG.<\/p>\n<pre># lvcreate -n vol_projects -L 10G vg00\r\n# lvcreate -n vol_backups -l 100%FREE vg00\r\n<\/pre>\n<p>As before, you can view the list of LVs and basic information with:<\/p>\n<pre># lvs\r\n<\/pre>\n<p>and detailed information with<\/p>\n<pre># lvdisplay\r\n<\/pre>\n<p>To view information about a single LV, use\u00a0<strong>lvdisplay<\/strong>\u00a0with the\u00a0<strong>VG<\/strong>\u00a0and\u00a0<strong>LV<\/strong>\u00a0as parameters, as follows:<\/p>\n<pre># lvdisplay vg00\/vol_projects\r\n<\/pre>\n<div id=\"attachment_19222\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-Logical-Volume.png\" rel=\"attachment wp-att-19222\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19222\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-Logical-Volume.png\" alt=\"List Logical Volume\" width=\"512\" height=\"328\" aria-describedby=\"caption-attachment-19222\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19222\" class=\"wp-caption-text\">List Logical Volume<\/p>\n<\/div>\n<p>In the image above we can see that the LVs were created as storage devices (refer to the\u00a0<strong>LV Path<\/strong>\u00a0line). Before each logical volume can be used, we need to create a filesystem on top of it.<\/p>\n<p>We\u2019ll use ext4 as an example here since it allows us both to increase and reduce the size of each LV (as opposed to xfs that only allows to increase the size):<\/p>\n<pre># mkfs.ext4 \/dev\/vg00\/vol_projects\r\n# mkfs.ext4 \/dev\/vg00\/vol_backups\r\n<\/pre>\n<p>In the next section we will explain how to resize logical volumes and add extra physical storage space when the need arises to do so.<\/p>\n<h3>Resizing Logical Volumes and Extending Volume Groups<\/h3>\n<p>Now picture the following scenario. You are starting to run out of space in\u00a0<code>vol_backups<\/code>, while you have plenty of space available in\u00a0<code>vol_projects<\/code>. Due to the nature of LVM, we can easily reduce the size of the latter (say\u00a0<strong>2.5 GB<\/strong>) and allocate it for the former, while resizing each filesystem at the same time.<\/p>\n<p>Fortunately, this is as easy as doing:<\/p>\n<pre># lvreduce -L -2.5G -r \/dev\/vg00\/vol_projects\r\n# lvextend -l +100%FREE -r \/dev\/vg00\/vol_backups\r\n<\/pre>\n<div id=\"attachment_19223\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Resize-Reduce-Logical-Volume-and-Volume-Group.png\" rel=\"attachment wp-att-19223\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19223\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Resize-Reduce-Logical-Volume-and-Volume-Group.png\" sizes=\"auto, (max-width: 876px) 100vw, 876px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Resize-Reduce-Logical-Volume-and-Volume-Group.png 876w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Resize-Reduce-Logical-Volume-and-Volume-Group-768x295.png 768w\" alt=\"Resize Reduce Logical Volume and Volume Group\" width=\"876\" height=\"336\" aria-describedby=\"caption-attachment-19223\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19223\" class=\"wp-caption-text\">Resize Reduce Logical Volume and Volume Group<\/p>\n<\/div>\n<p>It is important to include the minus\u00a0<code>(-)<\/code>\u00a0or plus\u00a0<code>(+)<\/code>\u00a0signs while resizing a logical volume. Otherwise, you\u2019re setting a fixed size for the LV instead of resizing it.<\/p>\n<p>It can happen that you arrive at a point when resizing logical volumes cannot solve your storage needs anymore and you need to buy an extra storage device. Keeping it simple, you will need another disk. We are going to simulate this situation by adding the remaining PV from our initial setup (<code>\/dev\/sdd<\/code>).<\/p>\n<p>To add\u00a0<code>\/dev\/sdd<\/code>\u00a0to\u00a0<code>vg00<\/code>, do<\/p>\n<pre># vgextend vg00 \/dev\/sdd\r\n<\/pre>\n<p>If you run\u00a0<code>vgdisplay vg00<\/code>\u00a0before and after the previous command, you will see the increase in the size of the VG:<\/p>\n<pre># vgdisplay vg00\r\n<\/pre>\n<div id=\"attachment_19224\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-Volume-Group-Size.png\" rel=\"attachment wp-att-19224\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19224\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-Volume-Group-Size.png\" alt=\"Check Volume Group Disk Size\" width=\"694\" height=\"344\" aria-describedby=\"caption-attachment-19224\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19224\" class=\"wp-caption-text\">Check Volume Group Disk Size<\/p>\n<\/div>\n<p>Now you can use the newly added space to resize the existing LVs according to your needs, or to create additional ones as needed.<\/p>\n<h3>Mounting Logical Volumes on Boot and on Demand<\/h3>\n<p>Of course there would be no point in creating logical volumes if we are not going to actually use them! To better identify a logical volume we will need to find out what its\u00a0<code>UUID<\/code>\u00a0(a non-changing attribute that uniquely identifies a formatted storage device) is.<\/p>\n<p>To do that, use\u00a0<strong>blkid<\/strong>\u00a0followed by the path to each device:<\/p>\n<pre># blkid \/dev\/vg00\/vol_projects\r\n# blkid \/dev\/vg00\/vol_backups\r\n<\/pre>\n<div id=\"attachment_19225\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Logical-Volume-UUID.png\" rel=\"attachment wp-att-19225\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19225\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Logical-Volume-UUID.png\" alt=\"Find Logical Volume UUID\" width=\"639\" height=\"94\" aria-describedby=\"caption-attachment-19225\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19225\" class=\"wp-caption-text\">Find Logical Volume UUID<\/p>\n<\/div>\n<p>Create mount points for each LV:<\/p>\n<pre># mkdir \/home\/projects\r\n# mkdir \/home\/backups\r\n<\/pre>\n<p>and insert the corresponding entries in\u00a0<code>\/etc\/fstab<\/code>\u00a0(make sure to use the UUIDs obtained before):<\/p>\n<pre>UUID=b85df913-580f-461c-844f-546d8cde4646 \/home\/projects\text4 defaults 0 0\r\nUUID=e1929239-5087-44b1-9396-53e09db6eb9e \/home\/backups ext4\tdefaults 0 0\r\n<\/pre>\n<p>Then save the changes and mount the LVs:<\/p>\n<pre># mount -a\r\n# mount | grep home\r\n<\/pre>\n<div id=\"attachment_20709\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Mount-Logical-Volumes-on-Linux-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20709\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Mount-Logical-Volumes-on-Linux-1.png\" alt=\"Mount Logical Volumes on Linux\" width=\"754\" height=\"92\" aria-describedby=\"caption-attachment-20709\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20709\" class=\"wp-caption-text\">Mount Logical Volumes on Linux<\/p>\n<\/div>\n<p>When it comes to actually using the LVs, you will need to assign proper\u00a0<code>ugo+rwx<\/code>\u00a0permissions as explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/manage-users-and-groups-in-linux\/\" target=\"_blank\" rel=\"noopener\">Part 8 \u2013 Manage Users and Groups in Linux<\/a>\u00a0of this series.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have introduced\u00a0<a href=\"https:\/\/www.tecmint.com\/create-lvm-storage-in-linux\/\" target=\"_blank\" rel=\"noopener\">Logical Volume Management<\/a>, a versatile tool to manage storage devices that provides scalability. When combined with RAID (which we explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/creating-and-managing-raid-backups-in-linux\/\" target=\"_blank\" rel=\"noopener\">Part 6 \u2013 Create and Manage RAID in Linux<\/a>\u00a0of this series), you can enjoy not only scalability (provided by LVM) but also redundancy (offered by RAID).<\/p>\n<p>In this type of setup, you will typically find\u00a0<strong>LVM<\/strong>\u00a0on top of\u00a0<strong>RAID<\/strong>, that is, configure RAID first and then configure LVM on top of it.<\/p>\n<p>If you have questions about this article, or suggestions to improve it, feel free to reach us using the comment form below.<\/p>\n<h1 class=\"post-title\">LFCS: How to Explore Linux with Installed Help Documentations and Tools \u2013 Part 12<\/h1>\n<p>Because of the changes in the LFCS exam objectives effective\u00a0<strong>February 2nd, 2016<\/strong>, we are adding the needed topics to the\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">LFCS series<\/a>\u00a0published here. To prepare for this exam, your are highly encouraged to use the\u00a0<a href=\"https:\/\/www.tecmint.com\/installing-network-services-and-configuring-services-at-system-boot\/\" target=\"_blank\" rel=\"noopener\">LFCE series<\/a>\u00a0as well.<\/p>\n<div id=\"attachment_19330\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Explore-Linux-with-Documentation-and-Tools.png\" rel=\"attachment wp-att-19330\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19330\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Explore-Linux-with-Documentation-and-Tools.png\" alt=\"Explore Linux with Installed Documentations and Tools\" width=\"720\" height=\"345\" aria-describedby=\"caption-attachment-19330\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19330\" class=\"wp-caption-text\">LFCS: Explore Linux with Installed Documentations and Tools \u2013 Part 12<\/p>\n<\/div>\n<p>Once you get used to working with the command line and feel comfortable doing so, you realize that a regular Linux installation includes all the documentation you need to use and configure the system.<\/p>\n<p>Another good reason to become familiar with command line help tools is that in the\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">LFCS<\/a>\u00a0and\u00a0<a href=\"https:\/\/www.tecmint.com\/installing-network-services-and-configuring-services-at-system-boot\/\" target=\"_blank\" rel=\"noopener\">LFCE<\/a>\u00a0exams, those are the only sources of information you can use \u2013 no internet browsing and no googling. It\u2019s just you and the command line.<\/p>\n<p>For that reason, in this article we will give you some tips to effectively use the installed docs and tools in order to prepare to pass the\u00a0<strong>Linux Foundation Certification<\/strong>\u00a0exams.<\/p>\n<h3>Linux Man Pages<\/h3>\n<p>A man page, short for manual page, is nothing less and nothing more than what the word suggests: a manual for a given tool. It contains the list of options (with explanation) that the command supports, and some man pages even include usage examples as well.<\/p>\n<p>To open a man page, use the\u00a0<strong>man command<\/strong>\u00a0followed by the name of the tool you want to learn more about. For example:<\/p>\n<pre># man diff\r\n<\/pre>\n<p>will open the manual page for\u00a0<code>diff<\/code>, a tool used to compare text files line by line (to exit, simply hit the\u00a0<code>q<\/code>\u00a0key.).<\/p>\n<p>Let\u2019s say we want to compare two text files named\u00a0<code>file1<\/code>\u00a0and\u00a0<code>file2<\/code>\u00a0in Linux. These files contain the list of packages that are installed in two Linux boxes with the same distribution and version.<\/p>\n<p>Doing a\u00a0<code>diff<\/code>\u00a0between\u00a0<code>file1<\/code>\u00a0and\u00a0<code>file2<\/code>\u00a0will tell us if there is a difference between those lists:<\/p>\n<pre># diff file1 file2\r\n<\/pre>\n<div id=\"attachment_19317\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Compare-Two-Text-Files-in-Linux.png\" rel=\"attachment wp-att-19317\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19317\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Compare-Two-Text-Files-in-Linux.png\" alt=\"Compare Two Text Files in Linux\" width=\"447\" height=\"248\" aria-describedby=\"caption-attachment-19317\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19317\" class=\"wp-caption-text\">Compare Two Text Files in Linux<\/p>\n<\/div>\n<p>where the\u00a0<code>&lt;<\/code>\u00a0sign indicates lines missing in\u00a0<code>file2<\/code>. If there were lines missing in\u00a0<code>file1<\/code>, they would be indicated by the\u00a0<code>&gt;<\/code>\u00a0sign instead.<\/p>\n<p>On the other hand,\u00a0<strong>7d6<\/strong>\u00a0means line\u00a0<strong>#7<\/strong>\u00a0in file should be deleted in order to match\u00a0<code>file2<\/code>\u00a0(same with\u00a0<strong>24d22<\/strong>\u00a0and\u00a0<strong>41d38<\/strong>), and\u00a0<strong>65,67d61<\/strong>\u00a0tells us we need to remove lines\u00a0<strong>65<\/strong>\u00a0through\u00a0<strong>67<\/strong>\u00a0in file one. If we make these corrections, both files will then be identical.<\/p>\n<p>Alternatively, you can display both files side by side using the\u00a0<code>-y<\/code>\u00a0option, according to the man page. You may find this helpful to more easily identify missing lines in files:<\/p>\n<pre># diff -y file1 file2\r\n<\/pre>\n<div id=\"attachment_19318\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Compare-and-List-Difference-of-Two-Files.png\" rel=\"attachment wp-att-19318\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19318\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Compare-and-List-Difference-of-Two-Files.png\" alt=\"Compare and List Difference of Two Files\" width=\"714\" height=\"170\" aria-describedby=\"caption-attachment-19318\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19318\" class=\"wp-caption-text\">Compare and List Difference of Two Files<\/p>\n<\/div>\n<p>Also, you can use\u00a0<code>diff<\/code>\u00a0to compare two binary files. If they are identical,\u00a0<code>diff<\/code>\u00a0will exit silently without output. Otherwise, it will return the following message:\u00a0<strong>\u201cBinary files X and Y differ\u201d<\/strong>.<\/p>\n<h3>The \u2013help Option<\/h3>\n<p>The\u00a0<code>--help<\/code>\u00a0option, available in many (if not all) commands, can be considered a short manual page for that specific command. Although it does not provide a comprehensive description of the tool, it is an easy way to obtain information on the usage of a program and a list of its available options at a quick glance.<\/p>\n<p>For example,<\/p>\n<pre># sed --help\r\n<\/pre>\n<p>shows the usage of each option available in sed (the stream editor).<\/p>\n<p>One of the classic examples of using\u00a0<code>sed<\/code>\u00a0consists of replacing characters in files. Using the\u00a0<code>-i<\/code>\u00a0option (described as \u201c<strong>edit files in place<\/strong>\u201d), you can edit a file without opening it. If you want to make a backup of the original contents as well, use the\u00a0<code>-i<\/code>\u00a0option followed by a SUFFIX to create a separate file with the original contents.<\/p>\n<p>For example, to replace each occurrence of the word\u00a0<code>Lorem<\/code>\u00a0with\u00a0<code>Tecmint<\/code>\u00a0(case insensitive) in\u00a0<code>lorem.txt<\/code>and create a new file with the original contents of the file, do:<\/p>\n<pre># less lorem.txt | grep -i lorem\r\n<strong># sed -i.orig 's\/Lorem\/Tecmint\/gI' lorem.txt<\/strong>\r\n# less lorem.txt | grep -i lorem\r\n# less lorem.txt.orig | grep -i lorem\r\n<\/pre>\n<p>Please note that every occurrence of\u00a0<code>Lorem<\/code>\u00a0has been replaced with\u00a0<code>Tecmint<\/code>\u00a0in\u00a0<code>lorem.txt<\/code>, and the original contents of\u00a0<code>lorem.txt<\/code>\u00a0has been saved to\u00a0<code>lorem.txt.orig<\/code>.<\/p>\n<div id=\"attachment_19319\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Replace-A-String-in-File.png\" rel=\"attachment wp-att-19319\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19319\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Replace-A-String-in-File.png\" alt=\"Replace A String in Files\" width=\"642\" height=\"505\" aria-describedby=\"caption-attachment-19319\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19319\" class=\"wp-caption-text\">Replace A String in Files<\/p>\n<\/div>\n<h3>Installed Documentation in \/usr\/share\/doc<\/h3>\n<p>This is probably my favorite pick. If you go to\u00a0<code>\/usr\/share\/doc<\/code>\u00a0and do a directory listing, you will see lots of directories with the names of the installed tools in your Linux system.<\/p>\n<p>According to the\u00a0<a href=\"https:\/\/www.tecmint.com\/linux-directory-structure-and-important-files-paths-explained\/\" target=\"_blank\" rel=\"noopener\">Filesystem Hierarchy Standard<\/a>, these directories contain useful information that might not be in the man pages, along with templates and configuration files to make configuration easier.<\/p>\n<p>For example, let\u2019s consider\u00a0<code>squid-3.3.8<\/code>\u00a0(version may vary from distribution to distribution) for the popular HTTP proxy and\u00a0<a href=\"https:\/\/www.tecmint.com\/configure-squid-server-in-linux\/\" target=\"_blank\" rel=\"noopener\">squid cache server<\/a>.<\/p>\n<p>Let\u2019s\u00a0<code>cd<\/code>\u00a0into that directory:<\/p>\n<pre># cd \/usr\/share\/doc\/squid-3.3.8\r\n<\/pre>\n<p>and do a directory listing:<\/p>\n<pre># ls\r\n<\/pre>\n<div id=\"attachment_19320\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-Files-in-Linux.png\" rel=\"attachment wp-att-19320\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19320\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-Files-in-Linux.png\" alt=\"Linux Directory Listing with ls Command\" width=\"628\" height=\"107\" aria-describedby=\"caption-attachment-19320\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19320\" class=\"wp-caption-text\">Linux Directory Listing with ls Command<\/p>\n<\/div>\n<p>You may want to pay special attention to\u00a0<code>QUICKSTART<\/code>\u00a0and\u00a0<code>squid.conf.documented<\/code>. These files contain an extensive documentation about Squid and a heavily commented configuration file, respectively. For other packages, the exact names may differ (as\u00a0<strong>QuickRef<\/strong>\u00a0or\u00a0<strong>00QUICKSTART<\/strong>, for example), but the principle is the same.<\/p>\n<p>Other packages, such as the Apache web server, provide configuration file templates inside\u00a0<code>\/usr\/share\/doc<\/code>, that will be helpful when you have to configure a standalone server or a virtual host, to name a few cases.<\/p>\n<h3>GNU info Documentation<\/h3>\n<p>You can think of info documents as man pages on steroids. As such, they not only provide help for a specific tool, but also they do so with hyperlinks (yes, hyperlinks in the command line!) that allow you to navigate from a section to another using the arrow keys and Enter to confirm.<\/p>\n<p>Perhaps the most illustrative example is:<\/p>\n<pre># info coreutils\r\n<\/pre>\n<p>Since coreutils contains the\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">basic file, shell and text manipulation utilities<\/a>\u00a0which are expected to exist on every operating system, you can reasonably expect a detailed description for each one of those categories in info\u00a0<strong>coreutils<\/strong>.<\/p>\n<div id=\"attachment_19321\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Info-Coreutils.png\" rel=\"attachment wp-att-19321\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19321\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Info-Coreutils.png\" alt=\"Info Coreutils\" width=\"585\" height=\"375\" aria-describedby=\"caption-attachment-19321\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19321\" class=\"wp-caption-text\">Info Coreutils<\/p>\n<\/div>\n<p>As it is the case with man pages, you can exit an info document by pressing the\u00a0<code>q<\/code>\u00a0key.<\/p>\n<p>Additionally, GNU info can be used to display regular man pages as well when followed by the tool name. For example:<\/p>\n<pre># info tune2fs\r\n<\/pre>\n<p>will return the man page of\u00a0<strong>tune2fs<\/strong>, the ext2\/3\/4 filesystems management tool.<\/p>\n<p>And now that we\u2019re at it, let\u2019s review some of the uses of\u00a0<strong>tune2fs<\/strong>:<\/p>\n<p>Display information about the filesystem on top of\u00a0<strong>\/dev\/mapper\/vg00-vol_backups<\/strong>:<\/p>\n<pre># tune2fs -l \/dev\/mapper\/vg00-vol_backups\r\n<\/pre>\n<p>Set a filesystem volume name (Backups in this case):<\/p>\n<pre># tune2fs -L Backups \/dev\/mapper\/vg00-vol_backups\r\n<\/pre>\n<p>Change the check intervals and\u00a0<code>\/<\/code>\u00a0or mount counts (use the\u00a0<code>-c<\/code>\u00a0option to set a number of mount counts and\u00a0<code>\/<\/code>or the\u00a0<code>-i<\/code>\u00a0option to set a check interval, where\u00a0<strong>d=days<\/strong>,\u00a0<strong>w=weeks<\/strong>, and\u00a0<strong>m=months<\/strong>).<\/p>\n<pre># tune2fs -c 150 \/dev\/mapper\/vg00-vol_backups # Check every 150 mounts\r\n# tune2fs -i 6w \/dev\/mapper\/vg00-vol_backups # Check every 6 weeks\r\n<\/pre>\n<p>All of the above options can be listed with the\u00a0<code>--help<\/code>\u00a0option, or viewed in the man page.<\/p>\n<h3>Summary<\/h3>\n<p>Regardless of the method that you choose to invoke help for a given tool, knowing that they exist and how to use them will certainly come in handy in the exam. Do you know of any other tools that can be used to look up documentation?\u00a0 Questions and other comments are more than welcome as well.<\/p>\n<h1 class=\"post-title\">LFCS: How to Configure and Troubleshoot Grand Unified Bootloader (GRUB) \u2013 Part 13<\/h1>\n<p>Because of the recent changes in the LFCS certification exam objectives effective from\u00a0<strong>February 2nd, 2016<\/strong>, we are adding the needed topics to the\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">LFCS series<\/a>\u00a0published here. To prepare for this exam, you are highly encouraged to follow the\u00a0<a href=\"https:\/\/www.tecmint.com\/installing-network-services-and-configuring-services-at-system-boot\/\" target=\"_blank\" rel=\"noopener\">LFCE series<\/a>\u00a0as well.<\/p>\n<div id=\"attachment_19613\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Configure-Troubleshoot-Grub-Boot-Loader.png\" rel=\"attachment wp-att-19613\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19613\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Configure-Troubleshoot-Grub-Boot-Loader.png\" alt=\"Configure and Troubleshoot Grub Boot Loader\" width=\"720\" height=\"345\" aria-describedby=\"caption-attachment-19613\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19613\" class=\"wp-caption-text\">LFCS: Configure and Troubleshoot Grub Boot Loader \u2013 Part 13<\/p>\n<\/div>\n<p>In this article we will introduce you to GRUB and explain why a boot loader is necessary, and how it adds versatility to the system.<\/p>\n<p>The\u00a0<a href=\"https:\/\/www.tecmint.com\/linux-boot-process\/\" target=\"_blank\" rel=\"noopener\">Linux boot process<\/a>\u00a0from the time you press the power button of your computer until you get a fully-functional system follows this high-level sequence:<\/p>\n<ol>\n<li><strong>1.<\/strong>\u00a0A process known as\u00a0<strong>POST<\/strong>\u00a0(<strong>Power-On Self Test<\/strong>) performs an overall check on the hardware components of your computer.<\/li>\n<li><strong>2.<\/strong>\u00a0When\u00a0<strong>POST<\/strong>\u00a0completes, it passes the control over to the boot loader, which in turn loads the Linux kernel in memory (along with\u00a0<strong>initramfs<\/strong>) and executes it. The most used boot loader in Linux is the\u00a0<strong>GRand Unified Boot loader<\/strong>, or\u00a0<strong>GRUB<\/strong>\u00a0for short.<\/li>\n<li><strong>3.<\/strong>\u00a0The kernel checks and accesses the hardware, and then runs the initial process (mostly known by its generic name \u201c<strong>init<\/strong>\u201d) which in turn completes the system boot by starting services.<\/li>\n<\/ol>\n<p>In\u00a0<strong>Part 7<\/strong>\u00a0of this series (\u201c<a href=\"https:\/\/www.tecmint.com\/linux-boot-process-and-manage-services\/\" target=\"_blank\" rel=\"noopener\">SysVinit, Upstart, and Systemd<\/a>\u201d) we introduced the\u00a0<a href=\"https:\/\/www.tecmint.com\/best-linux-log-monitoring-and-management-tools\/\" target=\"_blank\" rel=\"noopener\">service management systems and tools<\/a>\u00a0used by modern Linux distributions. You may want to review that article before proceeding further.<\/p>\n<h3>Introducing GRUB Boot Loader<\/h3>\n<p>Two major\u00a0<strong>GRUB<\/strong>\u00a0versions (<strong>v1<\/strong>\u00a0sometimes called\u00a0<strong>GRUB Legacy<\/strong>\u00a0and\u00a0<strong>v2<\/strong>) can be found in modern systems, although most distributions use\u00a0<strong>v2<\/strong>\u00a0by default in their latest versions. Only\u00a0<strong>Red Hat Enterprise Linux 6<\/strong>\u00a0and its derivatives still use\u00a0<strong>v1<\/strong>\u00a0today.<\/p>\n<p>Thus, we will focus primarily on the features of\u00a0<strong>v2<\/strong>\u00a0in this guide.<\/p>\n<p>Regardless of the\u00a0<strong>GRUB<\/strong>\u00a0version, a boot loader allows the user to:<\/p>\n<ol>\n<li><strong>1).<\/strong>\u00a0modify the way the system behaves by specifying different kernels to use,<\/li>\n<li><strong>2).<\/strong>\u00a0choose between alternate operating systems to boot, and<\/li>\n<li><strong>3).<\/strong>\u00a0add or edit configuration stanzas to change boot options, among other things.<\/li>\n<\/ol>\n<p>Today,\u00a0<strong>GRUB<\/strong>\u00a0is maintained by the\u00a0<strong>GNU<\/strong>\u00a0project and is well documented in their website. You are encouraged to use the\u00a0<a href=\"https:\/\/www.gnu.org\/software\/grub\/manual\/\" target=\"_blank\" rel=\"noopener\">GNU official documentation<\/a>\u00a0while going through this guide.<\/p>\n<p>When the system boots you are presented with the following\u00a0<strong>GRUB<\/strong>\u00a0screen in the main console. Initially, you are prompted to choose between alternate kernels (by default, the system will boot using the latest kernel) and are allowed to enter a\u00a0<strong>GRUB<\/strong>\u00a0command line (with\u00a0<code>c<\/code>) or edit the boot options (by pressing the\u00a0<code>e<\/code>\u00a0key).<\/p>\n<div id=\"attachment_19584\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/GRUB-Boot-Screen.png\" rel=\"attachment wp-att-19584\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19584\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/GRUB-Boot-Screen.png\" alt=\"GRUB Boot Screen\" width=\"613\" height=\"324\" aria-describedby=\"caption-attachment-19584\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19584\" class=\"wp-caption-text\">GRUB Boot Screen<\/p>\n<\/div>\n<p>One of the reasons why you would consider booting with an older kernel is a hardware device that used to work properly and has started \u201c<strong>acting up<\/strong>\u201d after an upgrade (refer to\u00a0<a href=\"https:\/\/askubuntu.com\/questions\/82140\/how-can-i-boot-with-an-older-kernel-version\" target=\"_blank\" rel=\"nofollow noopener\">this link<\/a>\u00a0in the\u00a0<strong>AskUbuntu<\/strong>\u00a0forums for an example).<\/p>\n<p>The\u00a0<strong>GRUB v2<\/strong>\u00a0configuration is read on boot from\u00a0<code>\/boot\/grub\/grub.cfg<\/code>\u00a0or\u00a0<code>\/boot\/grub2\/grub.cfg<\/code>, whereas\u00a0<code>\/boot\/grub\/grub.conf<\/code>\u00a0or\u00a0<code>\/boot\/grub\/menu.lst<\/code>\u00a0are used in\u00a0<strong>v1<\/strong>. These files are NOT to be edited by hand, but are modified based on the contents of\u00a0<code>\/etc\/default\/grub<\/code>\u00a0and the files found inside\u00a0<code>\/etc\/grub.d<\/code>.<\/p>\n<p>In a\u00a0<strong>CentOS 7<\/strong>, here\u2019s the configuration file that is created when the system is first installed:<\/p>\n<pre>GRUB_TIMEOUT=5\r\nGRUB_DISTRIBUTOR=\"$(sed 's, release .*$,,g' \/etc\/system-release)\"\r\nGRUB_DEFAULT=saved\r\nGRUB_DISABLE_SUBMENU=true\r\nGRUB_TERMINAL_OUTPUT=\"console\"\r\nGRUB_CMDLINE_LINUX=\"vconsole.keymap=la-latin1 rd.lvm.lv=centos_centos7-2\/swap crashkernel=auto  vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos_centos7-2\/root rhgb quiet\"\r\nGRUB_DISABLE_RECOVERY=\"true\"\r\n<\/pre>\n<p>In addition to the online documentation, you can also find the GNU GRUB manual using info as follows:<\/p>\n<pre># info grub\r\n<\/pre>\n<p>If you\u2019re interested specifically in the options available for\u00a0<strong>\/etc\/default\/grub<\/strong>, you can invoke the configuration section directly:<\/p>\n<pre># info -f grub -n 'Simple configuration'\r\n<\/pre>\n<p>Using the command above you will find out that\u00a0<code>GRUB_TIMEOUT<\/code>\u00a0sets the time between the moment when the initial screen appears and the system automatic booting begins unless interrupted by the user. When this variable is set to\u00a0<code>-1<\/code>, boot will not be started until the user makes a selection.<\/p>\n<p>When multiple operating systems or kernels are installed in the same machine,\u00a0<code>GRUB_DEFAULT<\/code>\u00a0requires an integer value that indicates which OS or kernel entry in the GRUB initial screen should be selected to boot by default. The list of entries can be viewed not only in the splash screen shown above, but also using the following command:<\/p>\n<h4>In CentOS and openSUSE:<\/h4>\n<pre># awk -F\\' '$1==\"menuentry \" {print $2}' \/boot\/grub2\/grub.cfg\r\n<\/pre>\n<h4>In Ubuntu:<\/h4>\n<pre># awk -F\\' '$1==\"menuentry \" {print $2}' \/boot\/grub\/grub.cfg\r\n<\/pre>\n<p>In the example shown in the below image, if we wish to boot with the kernel version\u00a0<strong>3.10.0-123.el7.x86_64<\/strong>\u00a0(4th entry), we need to set\u00a0<code>GRUB_DEFAULT<\/code>\u00a0to\u00a0<code>3<\/code>\u00a0(entries are internally numbered beginning with zero) as follows:<\/p>\n<pre>GRUB_DEFAULT=3\r\n<\/pre>\n<div id=\"attachment_19585\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Boot-System-with-Old-Kernel-Version.png\" rel=\"attachment wp-att-19585\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19585\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Boot-System-with-Old-Kernel-Version.png\" alt=\"Boot System with Old Kernel Version\" width=\"702\" height=\"147\" aria-describedby=\"caption-attachment-19585\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19585\" class=\"wp-caption-text\">Boot System with Old Kernel Version<\/p>\n<\/div>\n<p>One final GRUB configuration variable that is of special interest is\u00a0<code>GRUB_CMDLINE_LINUX<\/code>, which is used to pass options to the kernel. The options that can be passed through GRUB to the kernel are well documented in the\u00a0<a href=\"https:\/\/www.kernel.org\/doc\/Documentation\/kernel-parameters.txt\" target=\"_blank\" rel=\"noopener\">Kernel Parameters file<\/a>\u00a0and in\u00a0<a href=\"http:\/\/man7.org\/linux\/man-pages\/man7\/bootparam.7.html\" target=\"_blank\" rel=\"noopener\">man 7 bootparam<\/a>.<\/p>\n<p>Current options in my\u00a0<strong>CentOS 7<\/strong>\u00a0server are:<\/p>\n<pre>GRUB_CMDLINE_LINUX=\"vconsole.keymap=la-latin1 rd.lvm.lv=centos_centos7-2\/swap crashkernel=auto  vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos_centos7-2\/root rhgb quiet\"\r\n<\/pre>\n<p>Why would you want to modify the default kernel parameters or pass extra options? In simple terms, there may be times when you need to tell the kernel certain hardware parameters that it may not be able to determine on its own, or to override the values that it would detect.<\/p>\n<p>This happened to me not too long ago when I tried\u00a0<strong>Vector Linux<\/strong>, a derivative of\u00a0<strong>Slackware<\/strong>, on my 10-year old laptop. After installation it did not detect the right settings for my video card so I had to modify the kernel options passed through GRUB in order to make it work.<\/p>\n<p>Another example is when you need to bring the system to single-user mode to perform maintenance tasks. You can do this by appending the word single to\u00a0<code>GRUB_CMDLINE_LINUX<\/code>\u00a0and rebooting:<\/p>\n<pre>GRUB_CMDLINE_LINUX=\"vconsole.keymap=la-latin1 rd.lvm.lv=centos_centos7-2\/swap crashkernel=auto  vconsole.font=latarcyrheb-sun16 rd.lvm.lv=centos_centos7-2\/root rhgb quiet <strong>single<\/strong>\"\r\n<\/pre>\n<p>After editing\u00a0<code>\/etc\/defalt\/grub<\/code>, you will need to run\u00a0<code>update-grub<\/code>\u00a0(Ubuntu) or\u00a0<code>grub2-mkconfig -o \/boot\/grub2\/grub.cfg<\/code>\u00a0(<strong>CentOS<\/strong>\u00a0and\u00a0<strong>openSUSE<\/strong>) afterwards to update\u00a0<code>grub.cfg<\/code>(otherwise, changes will be lost upon boot).<\/p>\n<p>This command will process the boot configuration files mentioned earlier to update\u00a0<code>grub.cfg<\/code>. This method ensures changes are permanent, while options passed through GRUB at boot time will only last during the current session.<\/p>\n<h3>Fixing Linux GRUB Issues<\/h3>\n<p>If you install a second operating system or if your GRUB configuration file gets corrupted due to human error, there are ways you can get your system back on its feet and be able to boot again.<\/p>\n<p>In the initial screen, press\u00a0<code>c<\/code>\u00a0to get a GRUB command line (remember that you can also press\u00a0<code>e<\/code>\u00a0to edit the default boot options), and use help to bring the available commands in the GRUB prompt:<\/p>\n<div id=\"attachment_19586\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Fix-Grub-Issues-in-Linux.png\" rel=\"attachment wp-att-19586\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19586\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Fix-Grub-Issues-in-Linux.png\" alt=\"Fix Grub Configuration Issues in Linux\" width=\"639\" height=\"111\" aria-describedby=\"caption-attachment-19586\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19586\" class=\"wp-caption-text\">Fix Grub Configuration Issues in Linux<\/p>\n<\/div>\n<p>We will focus on\u00a0<strong>ls<\/strong>, which will list the installed devices and filesystems, and we will examine what it finds. In the image below we can see that there are 4 hard drives (<code>hd0<\/code>\u00a0through\u00a0<code>hd3<\/code>).<\/p>\n<p>Only\u00a0<code>hd0<\/code>\u00a0seems to have been partitioned (as evidenced by\u00a0<strong>msdos1<\/strong>\u00a0and\u00a0<strong>msdos2<\/strong>, where\u00a0<strong>1<\/strong>\u00a0and\u00a0<strong>2<\/strong>\u00a0are the partition numbers and msdos is the partitioning scheme).<\/p>\n<p>Let\u2019s now examine the first partition on\u00a0<code>hd0<\/code>\u00a0(<strong>msdos1<\/strong>) to see if we can find GRUB there. This approach will allow us to boot Linux and there use other high level tools to repair the configuration file or reinstall GRUB altogether if it is needed:<\/p>\n<pre># ls (hd0,msdos1)\/\r\n<\/pre>\n<p>As we can see in the highlighted area, we found the\u00a0<strong>grub2<\/strong>\u00a0directory in this partition:<\/p>\n<div id=\"attachment_19587\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Grub-Configuration.png\" rel=\"attachment wp-att-19587\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19587\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Grub-Configuration.png\" alt=\"Find Grub Configuration\" width=\"576\" height=\"185\" aria-describedby=\"caption-attachment-19587\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19587\" class=\"wp-caption-text\">Find Grub Configuration<\/p>\n<\/div>\n<p>Once we are sure that GRUB resides in (<strong>hd0,msdos1<\/strong>), let\u2019s tell GRUB where to find its configuration file and then instruct it to attempt to launch its menu:<\/p>\n<pre>set prefix=(hd0,msdos1)\/grub2\r\nset root=(hd0,msdos1)\r\ninsmod normal\r\nnormal\r\n<\/pre>\n<div id=\"attachment_19588\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-and-Launch-Grub-Menu.png\" rel=\"attachment wp-att-19588\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19588\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-and-Launch-Grub-Menu.png\" alt=\"Find and Launch Grub Menu\" width=\"334\" height=\"91\" aria-describedby=\"caption-attachment-19588\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19588\" class=\"wp-caption-text\">Find and Launch Grub Menu<\/p>\n<\/div>\n<p>Then in the GRUB menu, choose an entry and press\u00a0<strong>Enter<\/strong>\u00a0to boot using it. Once the system has booted you can issue the\u00a0<code>grub2-install \/dev\/sdX<\/code>\u00a0command (change\u00a0<code>sdX<\/code>\u00a0with the device you want to install GRUB on). The boot information will then be updated and all related files be restored.<\/p>\n<pre># grub2-install \/dev\/sdX\r\n<\/pre>\n<p>Other more complex scenarios are documented, along with their suggested fixes, in the\u00a0<a href=\"https:\/\/help.ubuntu.com\/community\/Grub2\/Troubleshooting\" target=\"_blank\" rel=\"noopener\">Ubuntu GRUB2 Troubleshooting guide<\/a>. The concepts explained there are valid for other distributions as well.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have introduced you to GRUB, indicated where you can find documentation both online and offline, and explained how to approach an scenario where a system has stopped booting properly due to a bootloader-related issue.<br \/>\nFortunately, GRUB is one of the tools that is best documented and you can easily find help either in the installed docs or online using the resources we have shared in this article.<br \/>\nDo you have questions or comments? Don\u2019t hesitate to let us know using the comment form below. We look forward to hearing from you!<\/p>\n<h1 class=\"post-title\">LFCS: Monitor Linux Processes Resource Usage and Set Process Limits on a Per-User Basis \u2013 Part 14<\/h1>\n<p>Due to recent modifications in the LFCS certification exam objectives effective from\u00a0<strong>February 2nd, 2016<\/strong>, we are adding the needed articles to the\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">LFCS series<\/a>\u00a0published here. To prepare for this exam, you are strongly encouraged to go through the\u00a0<a href=\"https:\/\/www.tecmint.com\/installing-network-services-and-configuring-services-at-system-boot\/\" target=\"_blank\" rel=\"noopener\">LFCE series<\/a>\u00a0as well.<\/p>\n<div id=\"attachment_19694\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Linux-Process-Monitoring-Set-Process-Limits-Per-User.png\" rel=\"attachment wp-att-19694\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19694\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Linux-Process-Monitoring-Set-Process-Limits-Per-User.png\" alt=\"Linux Process Monitoring and Set Process Limits Per User\" width=\"720\" height=\"345\" aria-describedby=\"caption-attachment-19694\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19694\" class=\"wp-caption-text\">Monitor Linux Processes and Set Process Limits Per User \u2013 Part 14<\/p>\n<\/div>\n<p>Every Linux system administrator needs to know how to verify the integrity and availability of hardware, resources, and key processes. In addition, setting resource limits on a per-user basis must also be a part of his \/ her skill set.<\/p>\n<p>In this article we will explore a few ways to ensure that the system both hardware and the software is behaving correctly to avoid potential issues that may cause unexpected production downtime and money loss.<\/p>\n<h3>Linux Reporting Processors Statistics<\/h3>\n<p>With\u00a0<strong>mpstat<\/strong>\u00a0you can view the activities for each processor individually or the system as a whole, both as a one-time snapshot or dynamically.<\/p>\n<p>In order to use this tool, you will need to install\u00a0<strong>sysstat<\/strong>:<\/p>\n<pre># yum update &amp;&amp; yum install sysstat              [On <strong>CentOS<\/strong> based systems]\r\n# aptitutde update &amp;&amp; aptitude install sysstat   [On <strong>Ubuntu<\/strong> based systems]\r\n# zypper update &amp;&amp; zypper install sysstat        [On <strong>openSUSE<\/strong> systems]\r\n<\/pre>\n<p>Read more about\u00a0<strong>sysstat<\/strong>\u00a0and it\u2019s utilities at\u00a0<a href=\"https:\/\/www.tecmint.com\/sysstat-commands-to-monitor-linux\/\" target=\"_blank\" rel=\"noopener\">Learn Sysstat and Its Utilities mpstat, pidstat, iostat and sar in Linux<\/a><\/p>\n<p>Once you have installed\u00a0<strong>mpstat<\/strong>, use it to generate reports of processors statistics.<\/p>\n<p>To display\u00a0<strong>3<\/strong>\u00a0global reports of CPU utilization (<code>-u<\/code>) for all CPUs (as indicated by\u00a0<code>-P<\/code>\u00a0ALL) at a 2-second interval, do:<\/p>\n<pre># mpstat -P ALL -u 2 3\r\n<\/pre>\n<h5>Sample Output<\/h5>\n<pre>Linux 3.19.0-32-generic (tecmint.com) \tWednesday 30 March 2016 \t_x86_64_\t(4 CPU)\r\n\r\n11:41:07  IST  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle\r\n11:41:09  IST  all    5.85    0.00    1.12    0.12    0.00    0.00    0.00    0.00    0.00   92.91\r\n11:41:09  IST    0    4.48    0.00    1.00    0.00    0.00    0.00    0.00    0.00    0.00   94.53\r\n11:41:09  IST    1    2.50    0.00    0.50    0.00    0.00    0.00    0.00    0.00    0.00   97.00\r\n11:41:09  IST    2    6.44    0.00    0.99    0.00    0.00    0.00    0.00    0.00    0.00   92.57\r\n11:41:09  IST    3   10.45    0.00    1.99    0.00    0.00    0.00    0.00    0.00    0.00   87.56\r\n\r\n11:41:09  IST  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle\r\n11:41:11  IST  all   11.60    0.12    1.12    0.50    0.00    0.00    0.00    0.00    0.00   86.66\r\n11:41:11  IST    0   10.50    0.00    1.00    0.00    0.00    0.00    0.00    0.00    0.00   88.50\r\n11:41:11  IST    1   14.36    0.00    1.49    2.48    0.00    0.00    0.00    0.00    0.00   81.68\r\n11:41:11  IST    2    2.00    0.50    1.00    0.00    0.00    0.00    0.00    0.00    0.00   96.50\r\n11:41:11  IST    3   19.40    0.00    1.00    0.00    0.00    0.00    0.00    0.00    0.00   79.60\r\n\r\n11:41:11  IST  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle\r\n11:41:13  IST  all    5.69    0.00    1.24    0.00    0.00    0.00    0.00    0.00    0.00   93.07\r\n11:41:13  IST    0    2.97    0.00    1.49    0.00    0.00    0.00    0.00    0.00    0.00   95.54\r\n11:41:13  IST    1   10.78    0.00    1.47    0.00    0.00    0.00    0.00    0.00    0.00   87.75\r\n11:41:13  IST    2    2.00    0.00    1.00    0.00    0.00    0.00    0.00    0.00    0.00   97.00\r\n11:41:13  IST    3    6.93    0.00    0.50    0.00    0.00    0.00    0.00    0.00    0.00   92.57\r\n\r\nAverage:     CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle\r\nAverage:     all    7.71    0.04    1.16    0.21    0.00    0.00    0.00    0.00    0.00   90.89\r\nAverage:       0    5.97    0.00    1.16    0.00    0.00    0.00    0.00    0.00    0.00   92.87\r\nAverage:       1    9.24    0.00    1.16    0.83    0.00    0.00    0.00    0.00    0.00   88.78\r\nAverage:       2    3.49    0.17    1.00    0.00    0.00    0.00    0.00    0.00    0.00   95.35\r\nAverage:       3   12.25    0.00    1.16    0.00    0.00    0.00    0.00    0.00    0.00   86.59\r\n<\/pre>\n<p>To view the same statistics for a specific\u00a0<strong>CPU<\/strong>\u00a0(<strong>CPU 0<\/strong>\u00a0in the following example), use:<\/p>\n<pre># mpstat -P 0 -u 2 3\r\n<\/pre>\n<h5>Sample Output<\/h5>\n<pre>Linux 3.19.0-32-generic (tecmint.com) \tWednesday 30 March 2016 \t_x86_64_\t(4 CPU)\r\n\r\n11:42:08  IST  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle\r\n11:42:10  IST    0    3.00    0.00    0.50    0.00    0.00    0.00    0.00    0.00    0.00   96.50\r\n11:42:12  IST    0    4.08    0.00    0.00    2.55    0.00    0.00    0.00    0.00    0.00   93.37\r\n11:42:14  IST    0    9.74    0.00    0.51    0.00    0.00    0.00    0.00    0.00    0.00   89.74\r\nAverage:       0    5.58    0.00    0.34    0.85    0.00    0.00    0.00    0.00    0.00   93.23\r\n<\/pre>\n<p>The output of the above commands shows these columns:<\/p>\n<ol>\n<li><code>CPU<\/code>: Processor number as an integer, or the word all as an average for all processors.<\/li>\n<li><code>%usr<\/code>: Percentage of CPU utilization while running user level applications.<\/li>\n<li><code>%nice<\/code>: Same as\u00a0<code>%usr<\/code>, but with nice priority.<\/li>\n<li><code>%sys<\/code>: Percentage of CPU utilization that occurred while executing kernel applications. This does not include time spent dealing with interrupts or handling hardware.<\/li>\n<li><code>%iowait<\/code>: Percentage of time when the given CPU (or all) was idle, during which there was a resource-intensive I\/O operation scheduled on that CPU. A more detailed explanation (with examples) can be found\u00a0<a href=\"https:\/\/veithen.github.io\/2013\/11\/18\/iowait-linux.html\" target=\"_blank\" rel=\"nofollow noopener\">here<\/a>.<\/li>\n<li><code>%irq<\/code>: Percentage of time spent servicing hardware interrupts.<\/li>\n<li><code>%soft<\/code>: Same as\u00a0<code>%irq<\/code>, but with software interrupts.<\/li>\n<li><code>%steal<\/code>: Percentage of time spent in involuntary wait (steal or stolen time) when a virtual machine, as guest, is \u201cwinning\u201d the hypervisor\u2019s attention while competing for the CPU(s). This value should be kept as small as possible. A high value in this field means the virtual machine is stalling \u2013 or soon will be.<\/li>\n<li><code>%guest<\/code>: Percentage of time spent running a virtual processor.<\/li>\n<li><code>%idle<\/code>: percentage of time when CPU(s) were not executing any tasks. If you observe a low value in this column, that is an indication of the system being placed under a heavy load. In that case, you will need to take a closer look at the process list, as we will discuss in a minute, to determine what is causing it.<\/li>\n<\/ol>\n<p>To put the place the processor under a somewhat high load, run the following commands and then execute mpstat (as indicated) in a separate terminal:<\/p>\n<pre># dd if=\/dev\/zero of=test.iso bs=1G count=1\r\n# mpstat -u -P 0 2 3\r\n# ping -f localhost # Interrupt with Ctrl + C after mpstat below completes\r\n# mpstat -u -P 0 2 3\r\n<\/pre>\n<p>Finally, compare to the output of\u00a0<strong>mpstat<\/strong>\u00a0under \u201cnormal\u201d circumstances:<\/p>\n<div id=\"attachment_19687\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Report-Processors-Related-Statistics.png\" rel=\"attachment wp-att-19687\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19687\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Report-Processors-Related-Statistics.png\" sizes=\"auto, (max-width: 786px) 100vw, 786px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Report-Processors-Related-Statistics.png 786w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Report-Processors-Related-Statistics-768x405.png 768w\" alt=\"Report Linux Processors Related Statistics\" width=\"786\" height=\"415\" aria-describedby=\"caption-attachment-19687\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19687\" class=\"wp-caption-text\">Report Linux Processors Related Statistics<\/p>\n<\/div>\n<p>As you can see in the image above,\u00a0<strong>CPU 0<\/strong>\u00a0was under a heavy load during the first two examples, as indicated by the\u00a0<code>%idle<\/code>\u00a0column.<\/p>\n<p>In the next section we will discuss how to identify these resource-hungry processes, how to obtain more information about them, and how to take appropriate action.<\/p>\n<h3>Reporting Linux Processes<\/h3>\n<p>To list processes sorting them by CPU usage, we will use the well known\u00a0<code>ps<\/code>\u00a0command with the\u00a0<code>-eo<\/code>\u00a0(to select all processes with user-defined format) and\u00a0<code>--sort<\/code>\u00a0(to specify a custom sorting order) options, like so:<\/p>\n<pre># ps -eo pid,ppid,cmd,%cpu,%mem --sort=-%cpu\r\n<\/pre>\n<p>The above command will only show the\u00a0<code>PID<\/code>,\u00a0<code>PPID<\/code>, the command associated with the process, and the percentage of CPU and RAM usage sorted by the percentage of CPU usage in descending order. When executed during the creation of the\u00a0<strong>.iso<\/strong>\u00a0file, here\u2019s the first few lines of the output:<\/p>\n<div id=\"attachment_19688\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Linux-Processes-By-CPU-Usage.png\" rel=\"attachment wp-att-19688\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19688\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Linux-Processes-By-CPU-Usage.png\" alt=\"Find Linux Processes By CPU Usage\" width=\"481\" height=\"247\" aria-describedby=\"caption-attachment-19688\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19688\" class=\"wp-caption-text\">Find Linux Processes By CPU Usage<\/p>\n<\/div>\n<p>Once we have identified a process of interest (such as the one with\u00a0<code>PID=2822<\/code>), we can navigate to\u00a0<code>\/proc\/PID<\/code>\u00a0(<code>\/proc\/2822<\/code>\u00a0in this case) and do a directory listing.<\/p>\n<p>This directory is where several files and subdirectories with detailed information about this particular process are kept while it is running.<\/p>\n<h6>For example:<\/h6>\n<ol>\n<li><code>\/proc\/2822\/io<\/code>\u00a0contains IO statistics for the process (number of characters and bytes read and written, among others, during IO operations).<\/li>\n<li><code>\/proc\/2822\/attr\/current<\/code>\u00a0shows the current SELinux security attributes of the process.<\/li>\n<li><code>\/proc\/2822\/cgroup<\/code>\u00a0describes the control groups (cgroups for short) to which the process belongs if the CONFIG_CGROUPS kernel configuration option is enabled, which you can verify with:<\/li>\n<\/ol>\n<pre># cat \/boot\/config-$(uname -r) | grep -i cgroups\r\n<\/pre>\n<p>If the option is enabled, you should see:<\/p>\n<pre>CONFIG_CGROUPS=y\r\n<\/pre>\n<p>Using\u00a0<code>cgroups<\/code>\u00a0you can manage the amount of allowed resource usage on a per-process basis as explained in Chapters 1 through 4 of the\u00a0<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/Resource_Management_Guide\/index.html\" target=\"_blank\" rel=\"noopener\">Red Hat Enterprise Linux 7 Resource Management guide<\/a>, in Chapter 9 of the\u00a0<a href=\"https:\/\/doc.opensuse.org\/documentation\/leap\/tuning\/html\/book.sle.tuning\/cha.tuning.cgroups.html\" target=\"_blank\" rel=\"noopener\">openSUSE System Analysis and Tuning guide<\/a>, and in the\u00a0<a href=\"https:\/\/help.ubuntu.com\/lts\/serverguide\/cgroups.html\" target=\"_blank\" rel=\"noopener\">Control Groups section of the Ubuntu 14.04 Server documentation<\/a>.<\/p>\n<p>The\u00a0<code>\/proc\/2822\/fd<\/code>\u00a0is a directory that contains one symbolic link for each file descriptor the process has opened. The following image shows this information for the process that was started in tty1 (the first terminal) to create the\u00a0<strong>.iso<\/strong>\u00a0image:<\/p>\n<div id=\"attachment_19689\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Linux-Process-Information.png\" rel=\"attachment wp-att-19689\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19689\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Find-Linux-Process-Information.png\" alt=\"Find Linux Process Information\" width=\"547\" height=\"308\" aria-describedby=\"caption-attachment-19689\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19689\" class=\"wp-caption-text\">Find Linux Process Information<\/p>\n<\/div>\n<p>The above image shows that\u00a0<strong>stdin<\/strong>\u00a0(file descriptor\u00a0<strong>0<\/strong>),\u00a0<strong>stdout<\/strong>\u00a0(file descriptor\u00a0<strong>1<\/strong>), and\u00a0<strong>stderr<\/strong>\u00a0(file descriptor\u00a0<strong>2<\/strong>) are mapped to\u00a0<strong>\/dev\/zero<\/strong>,\u00a0<strong>\/root\/test.iso<\/strong>, and\u00a0<strong>\/dev\/tty1<\/strong>, respectively.<\/p>\n<p>More information about\u00a0<code>\/proc<\/code>\u00a0can be found in \u201cThe\u00a0<code>\/proc<\/code>\u00a0filesystem\u201d document kept and maintained by Kernel.org, and in the\u00a0<a href=\"http:\/\/man7.org\/linux\/man-pages\/man5\/proc.5.html\" target=\"_blank\" rel=\"noopener\">Linux Programmer\u2019s Manual<\/a>.<\/p>\n<h3>Setting Resource Limits on a Per-User Basis in Linux<\/h3>\n<p>If you are not careful and allow any user to run an unlimited number of processes, you may eventually experience an unexpected system shutdown or get locked out as the system enters an unusable state. To prevent this from happening, you should place a limit on the number of processes users can start.<\/p>\n<p>To do this, edit\u00a0<strong>\/etc\/security\/limits.conf<\/strong>\u00a0and add the following line at the bottom of the file to set the limit:<\/p>\n<pre>*   \thard\tnproc   10\r\n<\/pre>\n<p>The first field can be used to indicate either a user, a group, or all of them\u00a0<code>(*)<\/code>, whereas the second field enforces a hard limit on the number of process (nproc) to\u00a0<strong>10<\/strong>. To apply changes, logging out and back in is enough.<\/p>\n<p>Thus, let\u2019s see what happens if a certain user other than root (either a legitimate one or not) attempts to start a shell fork bomb. If we had not implemented limits, this would initially launch two instances of a function, and then duplicate each of them in a neverending loop. Thus, it would eventually bringing your system to a crawl.<\/p>\n<p>However, with the above restriction in place, the fork bomb does not succeed but the user will still get locked out until the system administrator kills the process associated with it:<\/p>\n<div id=\"attachment_19690\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Shell-Fork-Bomb.png\" rel=\"attachment wp-att-19690\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19690\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/Shell-Fork-Bomb.png\" alt=\"Run Shell Fork Bomb\" width=\"598\" height=\"183\" aria-describedby=\"caption-attachment-19690\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19690\" class=\"wp-caption-text\">Run Shell Fork Bomb<\/p>\n<\/div>\n<p><strong>TIP:<\/strong>\u00a0Other possible restrictions made possible by\u00a0<strong>ulimit<\/strong>\u00a0are documented in the\u00a0<code>limits.conf<\/code>\u00a0file.<\/p>\n<h3>Linux Other Process Management Tools<\/h3>\n<p>In addition to the tools discussed previously, a system administrator may also need to:<\/p>\n<p><strong>a)<\/strong>\u00a0Modify the execution priority (use of system resources) of a process using\u00a0<strong>renice<\/strong>. This means that the kernel will allocate more or less system resources to the process based on the assigned priority (a number commonly known as \u201c<strong>niceness<\/strong>\u201d in a range from\u00a0<code>-20<\/code>\u00a0to\u00a0<code>19<\/code>).<\/p>\n<p>The lower the value, the greater the execution priority. Regular users (other than root) can only modify the niceness of processes they own to a higher value (meaning a lower execution priority), whereas root can modify this value for any process, and may increase or decrease it.<\/p>\n<p>The basic syntax of renice is as follows:<\/p>\n<pre># renice [-n] &lt;new priority&gt; &lt;UID, GID, PGID, or empty&gt; identifier\r\n<\/pre>\n<p>If the argument after the new priority value is not present (empty), it is set to PID by default. In that case, the niceness of process with\u00a0<strong>PID=identifier<\/strong>\u00a0is set to\u00a0<code>&lt;new priority&gt;<\/code>.<\/p>\n<p><strong>b)<\/strong>\u00a0Interrupt the normal execution of a process when needed. This is commonly known as\u00a0<a href=\"https:\/\/www.tecmint.com\/kill-processes-unresponsive-programs-in-ubuntu\/\" target=\"_blank\" rel=\"noopener\">\u201ckilling\u201d the process<\/a>. Under the hood, this means sending the process a signal to finish its execution properly and release any used resources in an orderly manner.<\/p>\n<p><a href=\"https:\/\/www.tecmint.com\/find-and-kill-running-processes-pid-in-linux\/\" target=\"_blank\" rel=\"noopener\">To kill a process<\/a>, use the\u00a0<strong>kill<\/strong>\u00a0command as follows:<\/p>\n<pre># kill PID\r\n<\/pre>\n<p>Alternatively, you can use\u00a0<a href=\"https:\/\/www.tecmint.com\/how-to-kill-a-process-in-linux\/\" target=\"_blank\" rel=\"noopener\">pkill to terminate all processes<\/a>\u00a0of a given owner\u00a0<code>(-u)<\/code>, or a group owner\u00a0<code>(-G)<\/code>, or even those processes which have a PPID in common\u00a0<code>(-P)<\/code>. These options may be followed by the numeric representation or the actual name as identifier:<\/p>\n<pre># pkill [options] identifier\r\n<\/pre>\n<p>For example,<\/p>\n<pre># pkill -G 1000\r\n<\/pre>\n<p>will kill all processes owned by group with\u00a0<strong>GID=1000<\/strong>.<\/p>\n<p>And,<\/p>\n<pre># pkill -P 4993 \r\n<\/pre>\n<p>will kill all processes whose PPID is\u00a0<strong>4993<\/strong>.<\/p>\n<p>Before running a\u00a0<strong>pkill<\/strong>, it is a good idea to test the results with\u00a0<strong>pgrep<\/strong>\u00a0first, perhaps using the\u00a0<code>-l<\/code>\u00a0option as well to list the processes\u2019 names. It takes the same options but only returns the PIDs of processes (without taking any further action) that would be killed if\u00a0<strong>pkill<\/strong>\u00a0is used.<\/p>\n<pre># pgrep -l -u gacanepa\r\n<\/pre>\n<p>This is illustrated in the next image:<\/p>\n<div id=\"attachment_19691\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-User-Running-Processes.png\" rel=\"attachment wp-att-19691\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19691\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/03\/List-User-Running-Processes.png\" alt=\"Find User Running Processes in Linux\" width=\"582\" height=\"109\" aria-describedby=\"caption-attachment-19691\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19691\" class=\"wp-caption-text\">Find User Running Processes in Linux<\/p>\n<\/div>\n<h3>Summary<\/h3>\n<p>In this article we have explored a few ways to monitor resource usage in order to verify the integrity and availability of critical hardware and software components in a Linux system.<\/p>\n<p>We have also learned how to take appropriate action (either by adjusting the execution priority of a given process or by terminating it) under unusual circumstances.<\/p>\n<p>We hope the concepts explained in this tutorial have been helpful. If you have any questions or comments, feel free to reach us using the contact form below.<\/p>\n<h1 class=\"post-title\">How to Change Kernel Runtime Parameters in a Persistent and Non-Persistent Way<\/h1>\n<p>In\u00a0<strong>Part 13<\/strong>\u00a0of this\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">LFCS (Linux Foundation Certified Sysadmin) series<\/a>\u00a0we explained\u00a0<a href=\"https:\/\/www.tecmint.com\/configure-and-troubleshoot-grub-boot-loader-linux\/\" target=\"_blank\" rel=\"noopener\">how to use GRUB to modify the behavior of the system<\/a>\u00a0by passing options to the kernel for the ongoing boot process.<\/p>\n<p>Similarly, you can use the command line in a running Linux system to alter certain runtime kernel parameters as a one-time modification, or permanently by editing a configuration file.<\/p>\n<p>Thus, you are allowed to enable or disable kernel parameters on-the-fly without much difficulty when it is needed due to a required change in the way the system is expected to operate.<\/p>\n<h3>Introducing the \/proc Filesystem<\/h3>\n<p>The latest specification of the\u00a0<a href=\"https:\/\/www.tecmint.com\/linux-directory-structure-and-important-files-paths-explained\/\" target=\"_blank\" rel=\"noopener\">Filesystem Hierarchy Standard<\/a>\u00a0indicates that\u00a0<code>\/proc<\/code>\u00a0represents the default method for handling process and system information as well as other kernel and memory information. Particularly,\u00a0<code>\/proc\/sys<\/code>\u00a0is where you can find all the information about devices, drivers, and some kernel features.<\/p>\n<p>The actual internal structure of\u00a0<code>\/proc\/sys<\/code>\u00a0depends heavily on the kernel being used, but you are likely to find the following directories inside. In turn, each of them will contain other subdirectories where the values for each parameter category are maintained:<\/p>\n<ol>\n<li><code>dev<\/code>: parameters for specific devices connected to the machine.<\/li>\n<li><code>fs<\/code>: filesystem configuration (quotas and inodes, for example).<\/li>\n<li>kernel: kernel-specific configuration.<\/li>\n<li><code>net<\/code>: network configuration.<\/li>\n<li><code>vm<\/code>: use of the kernel\u2019s virtual memory.<\/li>\n<\/ol>\n<p>To modify the kernel runtime parameters we will use the\u00a0<code>sysctl<\/code>\u00a0command. The exact number of parameters that can be modified can be viewed with:<\/p>\n<pre># sysctl -a | wc -l\r\n<\/pre>\n<p>If you want to view the complete list of Kernel parameters, just do:<\/p>\n<pre># sysctl -a \r\n<\/pre>\n<p>As the the output of the above command will consist of A LOT of lines, we can use a pipeline followed by less to inspect it more carefully:<\/p>\n<pre># sysctl -a | less\r\n<\/pre>\n<p>Let\u2019s take a look at the first few lines. Please note that the first characters in each line match the names of the directories inside\u00a0<code>\/proc\/sys<\/code>:<\/p>\n<div id=\"attachment_19980\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Understand-Linux-proc-Filesystem.png\" rel=\"attachment wp-att-19980\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19980\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Understand-Linux-proc-Filesystem.png\" alt=\"Understand Linux \/proc Filesystem\" width=\"622\" height=\"243\" aria-describedby=\"caption-attachment-19980\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19980\" class=\"wp-caption-text\">Understand Linux \/proc Filesystem<\/p>\n<\/div>\n<p>For example, the highlighted line:<\/p>\n<pre>dev.cdrom.info = drive name:        \tsr0\r\n<\/pre>\n<p>indicates that\u00a0<code>sr0<\/code>\u00a0is an alias for the optical drive. In other words, that is how the kernel \u201c<strong>sees<\/strong>\u201d that drive and uses that name to refer to it.<\/p>\n<p>In the following section we will explain how to change other \u201cmore important\u201d kernel runtime parameters in Linux.<\/p>\n<h3>How to Change or Modify Linux Kernel Runtime Parameteres<\/h3>\n<p>Based on what we have explained so far, it is easy to see that the name of a parameter matches the directory structure inside\u00a0<code>\/proc\/sys<\/code>\u00a0where it can be found.<\/p>\n<p>For example:<\/p>\n<pre>dev.cdrom.autoclose \u2192 \/proc\/sys\/dev\/cdrom\/autoclose\r\nnet.ipv4.ip_forward \u2192 \/proc\/sys\/net\/ipv4\/ip_forward\r\n<\/pre>\n<h4>Check Linux Kernel Parameters<\/h4>\n<p>That said, we can view the value of a particular Linux kernel parameter using either\u00a0<code>sysctl<\/code>\u00a0followed by the name of the parameter or reading the associated file:<\/p>\n<pre># sysctl dev.cdrom.autoclose\r\n# cat \/proc\/sys\/dev\/cdrom\/autoclose\r\n# sysctl net.ipv4.ip_forward\r\n# cat \/proc\/sys\/net\/ipv4\/ip_forward\r\n<\/pre>\n<div id=\"attachment_19981\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Check-Linux-Kernel-Parameter.png\" rel=\"attachment wp-att-19981\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19981\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Check-Linux-Kernel-Parameter.png\" alt=\"Check Linux Kernel Parameters\" width=\"408\" height=\"158\" aria-describedby=\"caption-attachment-19981\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19981\" class=\"wp-caption-text\">Check Linux Kernel Parameters<\/p>\n<\/div>\n<h4>Set or Modify Linux Kernel Parameters<\/h4>\n<p>To set the value for a kernel parameter we can also use\u00a0<code>sysctl<\/code>, but using the\u00a0<code>-w<\/code>\u00a0option and followed by the parameter\u2019s name, the equal sign, and the desired value.<\/p>\n<p>Another method consists of using\u00a0<code>echo<\/code>\u00a0to overwrite the file associated with the parameter. In other words, the following methods are equivalent to disable the packet forwarding functionality in our system (which, by the way, should be the default value when a box is not supposed to pass traffic between networks):<\/p>\n<pre># echo 0 &gt; \/proc\/sys\/net\/ipv4\/ip_forward\r\n# sysctl -w net.ipv4.ip_forward=0\r\n<\/pre>\n<p>It is important to note that kernel parameters that are set using\u00a0<code>sysctl<\/code>\u00a0will only be enforced during the current session and will disappear when the system is rebooted.<\/p>\n<p>To set these values permanently, edit\u00a0<code>\/etc\/sysctl.conf<\/code>\u00a0with the desired values. For example, to disable packet forwarding in\u00a0<strong>\/etc\/sysctl.conf<\/strong>\u00a0make sure this line appears in the file:<\/p>\n<pre>net.ipv4.ip_forward=0\r\n<\/pre>\n<p>Then run following command to apply the changes to the running configuration.<\/p>\n<pre># sysctl -p\r\n<\/pre>\n<p>Other examples of important kernel runtime parameters are:<\/p>\n<p><code>fs.file-max<\/code>\u00a0specifies the maximum number of file handles the kernel can allocate for the system. Depending on the intended use of your system (web \/ database \/ file server, to name a few examples), you may want to change this value to meet the system\u2019s needs.<\/p>\n<p>Otherwise, you will receive a \u201c<strong>Too many open files<\/strong>\u201d error message at best, and may prevent the operating system to boot at the worst.<\/p>\n<p>If due to an innocent mistake you find yourself in this last situation, boot in single user mode (as explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/configure-and-troubleshoot-grub-boot-loader-linux\/\" target=\"_blank\" rel=\"noopener\">Part 13 \u2013 Configure and Troubleshoot Linux Grub Boot Loader<\/a>) and edit\u00a0<strong>\/etc\/sysctl.conf<\/strong>\u00a0as instructed earlier. To set the same restriction on a per-user basis, refer to\u00a0<a href=\"https:\/\/www.tecmint.com\/monitor-linux-processes-and-set-process-limits-per-user\/\" target=\"_blank\" rel=\"noopener\">Part 14 \u2013 Monitor and Set Linux Process Limit Usage<\/a>\u00a0of this series.<\/p>\n<p><code>kernel.sysrq<\/code>\u00a0is used to enable the\u00a0<strong>SysRq<\/strong>\u00a0key in your keyboard (also known as the print screen key) so as to allow certain key combinations to invoke emergency actions when the system has become unresponsive.<\/p>\n<p>The default value\u00a0<strong>(16)<\/strong>\u00a0indicates that the system will honor the\u00a0<code>Alt+SysRq+key<\/code>\u00a0combination and perform the actions listed in the\u00a0<strong>sysrq.c<\/strong>\u00a0documentation found in\u00a0<a href=\"https:\/\/www.kernel.org\/doc\/Documentation\/sysrq.txt\" target=\"_blank\" rel=\"noopener\">kernel.org<\/a>\u00a0(where key is one letter in the b-z range). For example,\u00a0<code>Alt+SysRq+b<\/code>\u00a0will reboot the system forcefully (use this as a last resort if your server is unresponsive).<\/p>\n<p><strong>Warning!<\/strong>\u00a0Do not attempt to press this key combination on a virtual machine because it may force your host system to reboot!<\/p>\n<p>When set to\u00a0<strong>1<\/strong>,\u00a0<strong>net.ipv4.icmp_echo_ignore_all<\/strong>\u00a0will ignore ping requests and drop them at the kernel level. This is shown in the below image \u2013 note how ping requests are lost after setting this kernel parameter:<\/p>\n<div id=\"attachment_19982\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Block-Ping-Requests-in-Linux.png\" rel=\"attachment wp-att-19982\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-19982\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Block-Ping-Requests-in-Linux.png\" alt=\"Block Ping Requests in Linux\" width=\"556\" height=\"294\" aria-describedby=\"caption-attachment-19982\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-19982\" class=\"wp-caption-text\">Block Ping Requests in Linux<\/p>\n<\/div>\n<p>A better and easier way to set individual runtime parameters is using\u00a0<strong>.conf<\/strong>\u00a0files inside\u00a0<code>\/etc\/sysctl.d<\/code>, grouping them by categories.<\/p>\n<p>For example, instead of setting\u00a0<strong>net.ipv4.ip_forward=0<\/strong>\u00a0and\u00a0<strong>net.ipv4.icmp_echo_ignore_all=1<\/strong>\u00a0in\u00a0<strong>\/etc\/sysctl.conf<\/strong>, we can create a new file named\u00a0<code>net.conf<\/code>\u00a0inside\u00a0<strong>\/etc\/sysctl.d<\/strong>:<\/p>\n<pre># echo \"net.ipv4.ip_forward=0\" &gt; \/etc\/sysctl.d\/net.conf\r\n# echo \"net.ipv4.icmp_echo_ignore_all=1\" &gt;&gt; \/etc\/sysctl.d\/net.conf\r\n<\/pre>\n<p>If you choose to use this approach, do not forget to remove those same lines from\u00a0<code>\/etc\/sysctl.conf<\/code>.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have explained how to modify kernel runtime parameters, both persistent and non persistently, using\u00a0<strong>sysctl<\/strong>,\u00a0<strong>\/etc\/sysctl.conf<\/strong>, and files inside\u00a0<strong>\/etc\/sysctl.d<\/strong>.<\/p>\n<p>In the\u00a0<strong>sysctl<\/strong>\u00a0docs you can find more information on the meaning of more variables. Those files represent the most complete source of documentation about the parameters that can be set via sysctl.<\/p>\n<p>Did you find this article useful? We surely hope you did. Don\u2019t hesitate to let us know if you have any questions or suggestions to improve.<\/p>\n<h1 class=\"post-title\">How to Set Access Control Lists (ACL\u2019s) and Disk Quotas for Users and Groups<\/h1>\n<p><a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-configure-acls-and-mount-nfs-samba-shares\/\" target=\"_blank\" rel=\"noopener\">Access Control Lists<\/a>\u00a0(also known as ACLs) are a feature of the Linux kernel that allows to define more fine-grained access rights for files and directories than those specified by regular\u00a0<strong>ugo\/rwx<\/strong>\u00a0permissions.<\/p>\n<p>For example, the standard\u00a0<strong>ugo\/rwx<\/strong>\u00a0permissions does not allow to set different permissions for different individual users or groups. With ACLs this is relatively easy to do, as we will see in this article.<\/p>\n<h3>Checking File System Compatibility with ACLs<\/h3>\n<p>To ensure that your file systems are currently supporting ACLs, you should check that they have been mounted using the acl option. To do that, we will use\u00a0<strong>tune2fs<\/strong>\u00a0for ext2\/3\/4 file systems as indicated below. Replace\u00a0<strong>\/dev\/sda1<\/strong>\u00a0with the device or file system you want to check:<\/p>\n<pre># tune2fs -l \/dev\/sda1 | grep \"Default mount options:\"\r\n<\/pre>\n<p><strong>Note<\/strong>: With\u00a0<strong>XFS<\/strong>, Access Control Lists are supported out of the box.<\/p>\n<p>In the following\u00a0<strong>ext4<\/strong>\u00a0file system, we can see that ACLs have been enabled for\u00a0<strong>\/dev\/xvda2<\/strong>:<\/p>\n<pre># tune2fs -l \/dev\/xvda2 | grep \"Default mount options:\"\r\n<\/pre>\n<div id=\"attachment_20254\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Check-ACL-on-Linux-Filesystem.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20254\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Check-ACL-on-Linux-Filesystem.png\" alt=\"Check ACL Enabled on Linux Filesystem\" width=\"657\" height=\"67\" aria-describedby=\"caption-attachment-20254\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20254\" class=\"wp-caption-text\">Check ACL Enabled on Linux Filesystem<\/p>\n<\/div>\n<p>If the above command does not indicate that the file system has been mounted with support for ACLs, it is most likely due to the\u00a0<strong>noacl<\/strong>\u00a0option being present in\u00a0<strong>\/etc\/fstab<\/strong>.<\/p>\n<p>In that case, remove it, unmount the file system, and then mount it again, or simply reboot your system after saving the changes to\u00a0<strong>\/etc\/fstab<\/strong>.<\/p>\n<h3>Introducing ACLs in Linux<\/h3>\n<p>To illustrate how ACLs work, we will use a group named\u00a0<strong>developers<\/strong>\u00a0and add users\u00a0<strong>walterwhite<\/strong>\u00a0and\u00a0<strong>saulgoodman<\/strong>\u00a0(yes, I am a Breaking Bad fan!) to it.:<\/p>\n<pre># groupadd developers\r\n# useradd walterwhite\r\n# useradd saulgoodman\r\n# usermod -a -G developers walterwhite\r\n# usermod -a -G developers saulgoodman\r\n<\/pre>\n<p>Before we proceed, let\u2019s verify that both users have been added to the developers group:<\/p>\n<pre># id walterwhite\r\n# id saulgoodman\r\n<\/pre>\n<div id=\"attachment_20255\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Find-User-ID-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20255\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Find-User-ID-in-Linux.png\" alt=\"Find User ID in Linux\" width=\"712\" height=\"103\" aria-describedby=\"caption-attachment-20255\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20255\" class=\"wp-caption-text\">Find User ID in Linux<\/p>\n<\/div>\n<p>Let\u2019s now create a directory called\u00a0<strong>test<\/strong>\u00a0in\u00a0<strong>\/mnt<\/strong>, and a file named\u00a0<strong>acl.txt<\/strong>\u00a0inside (<strong>\/mnt\/test\/acl.txt<\/strong>).<\/p>\n<p>Then we will set the group owner to\u00a0<strong>developers<\/strong>\u00a0and change its default\u00a0<strong>ugo\/rwx<\/strong>\u00a0permissions recursively to\u00a0<strong>770<\/strong>(thus granting read, write, and execute permissions granted to both the owner and the group owner of the file):<\/p>\n<pre># mkdir \/mnt\/test\r\n# touch \/mnt\/test\/acl.txt\r\n# chgrp -R developers \/mnt\/test\r\n# chmod -R 770 \/mnt\/test\r\n<\/pre>\n<p>As expected, you can write to\u00a0<strong>\/mnt\/test\/acl.txt<\/strong>\u00a0as\u00a0<strong>walterwhite<\/strong>\u00a0or\u00a0<strong>saulgoodman<\/strong>:<\/p>\n<pre># su - walterwhite\r\n# echo \"My name is Walter White\" &gt; \/mnt\/test\/acl.txt\r\n# exit\r\n# su - saulgoodman\r\n# echo \"My name is Saul Goodman\" &gt;&gt; \/mnt\/test\/acl.txt\r\n# exit\r\n<\/pre>\n<div id=\"attachment_20256\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Verify-ACL-Rules-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20256\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Verify-ACL-Rules-in-Linux.png\" alt=\"Verify ACL Rules on Users\" width=\"685\" height=\"244\" aria-describedby=\"caption-attachment-20256\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20256\" class=\"wp-caption-text\">Verify ACL Rules on Users<\/p>\n<\/div>\n<p>So far so good. However, we will soon see a problem when we need to grant write access to\u00a0<strong>\/mnt\/test\/acl.txt<\/strong>for another user that is not in the developers group.<\/p>\n<p>Standard\u00a0<strong>ugo\/rwx<\/strong>\u00a0permissions would require that the new user be added to the developers group, but that would give him\/her the same permissions over all the objects owned by the group. That is precisely where ACLs come in handy.<\/p>\n<h3>Setting ACL\u2019s in Linux<\/h3>\n<p>There are two types of ACLs:\u00a0<strong>access ACLs<\/strong>\u00a0are (which are applied to a file or directory), and\u00a0<strong>default (optional) ACLs<\/strong>, which can only be applied to a directory.<\/p>\n<p>If files inside a directory where a\u00a0<strong>default ACL<\/strong>\u00a0has been set do not have a ACL of their own, they inherit the default ACL of their parent directory.<\/p>\n<p>Let\u2019s give user\u00a0<strong>gacanepa<\/strong>\u00a0read and write access to\u00a0<strong>\/mnt\/test\/acl.txt<\/strong>. Before doing that, let\u2019s take a look at the current ACL settings in that directory with:<\/p>\n<pre># getfacl \/mnt\/test\/acl.txt\r\n<\/pre>\n<p>Then change the ACLs on the file, use\u00a0<code>u:<\/code>\u00a0followed by the username and\u00a0<code>:rw<\/code>\u00a0to indicate read \/ write permissions:<\/p>\n<pre># setfacl -m u:gacanepa:rw \/mnt\/test\/acl.txt\r\n<\/pre>\n<p>And run\u00a0<strong>getfacl<\/strong>\u00a0on the file again to compare. The following image shows the\u00a0<strong>\u201cBefore\u201d<\/strong>\u00a0and\u00a0<strong>\u201cAfter\u201d<\/strong>:<\/p>\n<pre># getfacl \/mnt\/test\/acl.txt\r\n<\/pre>\n<div id=\"attachment_20257\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Set-ACL-on-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20257\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Set-ACL-on-Linux.png\" alt=\"Set ACL on Linux Users\" width=\"487\" height=\"347\" aria-describedby=\"caption-attachment-20257\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20257\" class=\"wp-caption-text\">Set ACL on Linux Users<\/p>\n<\/div>\n<p>Next, we will need to give others execute permissions on the\u00a0<strong>\/mnt\/test<\/strong>\u00a0directory:<\/p>\n<pre># chmod +x \/mnt\/test\r\n<\/pre>\n<p>Keep in mind that in order to access the contents of a directory, a regular user needs execute permissions on that directory.<\/p>\n<p>User\u00a0<strong>gacanepa<\/strong>\u00a0should now be able to write to the file. Switch to that user account and execute the following command to confirm:<\/p>\n<pre># echo \"My name is Gabriel C\u00e1nepa\" &gt;&gt; \/mnt\/test\/acl.txt\r\n<\/pre>\n<p>To set a default ACL to a directory (which its contents will inherit unless overwritten otherwise), add\u00a0<code>d:<\/code>\u00a0before the rule and specify a directory instead of a file name:<\/p>\n<pre># setfacl -m d:o:r \/mnt\/test\r\n# getfacl \/mnt\/test\/\r\n<\/pre>\n<p>The ACL above will allow users not in the owner group to have read access to the future contents of the\u00a0<strong>\/mnt\/test<\/strong>\u00a0directory. Note the difference in the output of\u00a0<strong>getfacl \/mnt\/test<\/strong>\u00a0before and after the change:<\/p>\n<div id=\"attachment_20258\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Set-Default-ACL-to-Linux-Directory.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20258\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Set-Default-ACL-to-Linux-Directory.png\" alt=\"Set Default ACL to Linux Directory\" width=\"449\" height=\"395\" aria-describedby=\"caption-attachment-20258\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20258\" class=\"wp-caption-text\">Set Default ACL to Linux Directory<\/p>\n<\/div>\n<p>To remove a specific ACL, replace\u00a0<code>-m<\/code>\u00a0in the commands above with\u00a0<code>-x<\/code>. For example,<\/p>\n<pre># setfacl -x d:o \/mnt\/test\r\n<\/pre>\n<p>Alternatively, you can also use the\u00a0<code>-b<\/code>\u00a0option to remove ALL ACLs in one step:<\/p>\n<pre># setfacl -b \/mnt\/test\r\n<\/pre>\n<p>For more information and examples on the use of ACLs, please refer to\u00a0<strong>chapter 10<\/strong>,\u00a0<strong>section 2<\/strong>, of the\u00a0<a href=\"https:\/\/doc.opensuse.org\/documentation\/leap\/security\/html\/book.security\/index.html\" target=\"_blank\" rel=\"nofollow noopener\">openSUSE Security Guide<\/a>\u00a0(also available for download at no cost in PDF format).<\/p>\n<h3>Set Linux Disk Quotas on Users and Filesystems<\/h3>\n<p>Storage space is another resource that must be carefully used and monitored. To do that, quotas can be set on a file system basis, either for individual users or for groups.<\/p>\n<p>Thus, a limit is placed on the disk usage allowed for a given user or a specific group, and you can rest assured that your disks will not be filled to capacity by a careless (or malintentioned) user.<\/p>\n<p>The first thing you must do in order to enable quotas on a file system is to mount it with the usrquota or grpquota (for user and group quotas, respectively) options in\u00a0<strong>\/etc\/fstab<\/strong>.<\/p>\n<p>For example, let\u2019s enable user-based quotas on\u00a0<strong>\/dev\/vg00\/vol_backups<\/strong>\u00a0and group-based quotas on\u00a0<strong>\/dev\/vg00\/vol_projects<\/strong>.<\/p>\n<p>Note that the\u00a0<strong>UUID<\/strong>\u00a0is used to identify each file system.<\/p>\n<pre>UUID=f6d1eba2-9aed-40ea-99ac-75f4be05c05a \/home\/projects ext4 defaults,grpquota 0 0\r\nUUID=e1929239-5087-44b1-9396-53e09db6eb9e \/home\/backups ext4 defaults,usrquota 0 0\r\n<\/pre>\n<p>Unmount and remount both file systems:<\/p>\n<pre># umount \/home\/projects\r\n# umount \/home\/backups\r\n# mount -o remount \/home\/projects\r\n# mount -o remount \/home\/backups \r\n<\/pre>\n<p>Then check that the usrquota and grpquota options are present in the output of mount (see highlighted below):<\/p>\n<pre># mount | grep vg00\r\n<\/pre>\n<div id=\"attachment_20259\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Check-Linux-User-Quota-and-Group-Quota.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20259\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Check-Linux-User-Quota-and-Group-Quota.png\" alt=\"Check Linux User Quota and Group Quota\" width=\"722\" height=\"75\" aria-describedby=\"caption-attachment-20259\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20259\" class=\"wp-caption-text\">Check Linux User Quota and Group Quota<\/p>\n<\/div>\n<p>Finally, run the following commands to initialize and enable quotas:<\/p>\n<pre># quotacheck -avugc\r\n# quotaon -vu \/home\/backups\r\n# quotaon -vg \/home\/projects\r\n<\/pre>\n<p>That said, let\u2019s now assign quotas to the username and group we mentioned earlier. You can later disable quotas with\u00a0<strong>quotaoff<\/strong>.<\/p>\n<h3>Setting Linux Disk Quotas<\/h3>\n<p>Let\u2019s begin by setting an ACL on\u00a0<strong>\/home\/backups<\/strong>\u00a0for user\u00a0<strong>gacanepa<\/strong>, which will give him read, write, and execute permissions on that directory:<\/p>\n<pre># setfacl -m u:gacanepa:rwx \/home\/backups\/\r\n<\/pre>\n<p>Then with,<\/p>\n<pre># edquota -u gacanepa\r\n<\/pre>\n<p>We will make the soft\u00a0<strong>limit=900<\/strong>\u00a0and the hard\u00a0<strong>limit=1000<\/strong>\u00a0blocks (<strong>1024 bytes\/block * 1000 blocks = 1024000 bytes = 1 MB<\/strong>) of disk space usage.<\/p>\n<p>We can also place a limit of\u00a0<strong>20<\/strong>\u00a0and\u00a0<strong>25<\/strong>\u00a0as soft and hard limites on the number of files this user can create.<\/p>\n<p>The above command will launch the text editor\u00a0<strong>($EDITOR)<\/strong>\u00a0with a temporary file where we can set the limits mentioned previously:<\/p>\n<div id=\"attachment_20260\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Linux-Disk-Quota-For-User.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20260\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Linux-Disk-Quota-For-User.png\" alt=\"Linux Disk Quota For User\" width=\"721\" height=\"64\" aria-describedby=\"caption-attachment-20260\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20260\" class=\"wp-caption-text\">Linux Disk Quota For User<\/p>\n<\/div>\n<p>These settings will cause a warning to be shown to user\u00a0<strong>gacanepa<\/strong>\u00a0when he has either reached the\u00a0<strong>900-block<\/strong>\u00a0or\u00a0<strong>20-inode<\/strong>\u00a0limits for a default grace period of 7 days.<\/p>\n<p>If the\u00a0<strong>over-quota<\/strong>\u00a0situation has not been eliminated by then (for example, by removing files), the soft limit will become the hard limit and this user will be prevented from using more storage space or creating more files.<\/p>\n<p>To test, let\u2019s have user gacanepa try to create an empty\u00a0<strong>2 MB<\/strong>\u00a0file named\u00a0<strong>test1<\/strong>\u00a0inside\u00a0<strong>\/home\/backups<\/strong>:<\/p>\n<pre># dd if=\/dev\/zero of=\/home\/backups\/test1 bs=2M count=1\r\n# ls -lh \/home\/backups\/test1\r\n<\/pre>\n<div id=\"attachment_20261\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Verify-Linux-User-Quota-on-Disk.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20261\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/04\/Verify-Linux-User-Quota-on-Disk.png\" alt=\"Verify Linux User Quota on Disk\" width=\"589\" height=\"143\" aria-describedby=\"caption-attachment-20261\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20261\" class=\"wp-caption-text\">Verify Linux User Quota on Disk<\/p>\n<\/div>\n<p>As you can see, the write operation file fails due to the disk quota having been exceeded. Since only the first\u00a0<strong>1000 KB<\/strong>\u00a0are written to disk, the result in this case will most likely be a corrupt file.<\/p>\n<p>Similarly, you can create an ACL for the developers groups in order to give members of that group rwx access to\u00a0<strong>\/home\/projects<\/strong>:<\/p>\n<pre># setfacl -m g:developers:rwx \/home\/projects\/\r\n<\/pre>\n<p>And set the quota limits with:<\/p>\n<pre># edquota -g developers\r\n<\/pre>\n<p>Just like we did with user\u00a0<strong>gacanepa<\/strong>\u00a0earlier.<\/p>\n<p>The grace period can be specified for any number of seconds, minutes, hours, days, weeks, or months by executing.<\/p>\n<pre># edquota -t\r\n<\/pre>\n<p>and updating the values under\u00a0<strong>Block grace period and Inode grace period<\/strong>.<\/p>\n<p>As opposed to block or inode usage (which are set on an user or group-basis), the grace period is set system-wide.<\/p>\n<p>To report quotas, you can use quota\u00a0<code>-u [user]<\/code>\u00a0or\u00a0<code>quota -g [group]<\/code>\u00a0for a quick list or\u00a0<code>repquota -v [\/path\/to\/filesystem]<\/code>\u00a0for a more detailed (verbose) and nicely formatted report.<\/p>\n<p>Of course, you will want to replace\u00a0<code>[user]<\/code>,\u00a0<code>[group]<\/code>, and\u00a0<code>[\/path\/to\/filesystem]<\/code>\u00a0with specific user \/ group names and file system you want to check.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have explained how to set\u00a0<strong>Access Control Lists<\/strong>\u00a0and disk quotas for users and groups. Using both, you will be able to manage permissions and disk usage more effectively.<\/p>\n<p>If you want to learn more about quotas, you can refer to the\u00a0<a href=\"http:\/\/www.tldp.org\/HOWTO\/Quota.html\" target=\"_blank\" rel=\"noopener\">Quota Mini-HowTo<\/a>\u00a0in The Linux Documentation Project.<\/p>\n<p>Needless to say, you can also count on us to answer questions. Just submit them using the comment form below and we will be more than glad to take a look.<\/p>\n<h1 class=\"post-title\">How to Install Cygwin, a Linux-like Commandline Environment for Windows<\/h1>\n<p>During the last Microsoft Build Developer Conference held from\u00a0<strong>March 30th to April 1st<\/strong>, Microsoft released an announcement and gave a presentation that surprised the industry: beginning with\u00a0<strong>Windows 10<\/strong>\u00a0update\u00a0<strong>#14136<\/strong>, it would be possible to run\u00a0<strong>bash<\/strong>\u00a0on\u00a0<strong>Ubuntu<\/strong>\u00a0on top of\u00a0<strong>Windows<\/strong>.<\/p>\n<p>Although this update has already been released by now, it is still in beta and is only available for insiders \/ developers and not for the public in general.<\/p>\n<p>Without a doubt, when this feature reaches stable status and is available for everyone to use, it will be welcome with open arms \u2013 especially by FOSS professionals who work with technologies (Python, Ruby, etc) that are native to the Linux command line environment. Unfortunately, it will only be available in Windows 10 and not on previous versions.<\/p>\n<p>However,\u00a0<strong>Cygwin<\/strong>\u00a0a well-known and widely-used Linux environment for Windows has been around for quite some time and has been extensively utilized by Linux pros whenever they\u2019ve had the need to work on a Windows computer.<\/p>\n<p>While foundationally different from \u201c<strong>Bash on Ubuntu on Windows<\/strong>\u201d, Cygwin is free software and provides a large set of GNU and Open Source tools that you can use as if you were on Linux, and a DLL that which contributes with substantial POSIX API functionality. On top of that, you can use Cygwin on all 32 and 64-bit Windows versions starting with XP SP3.<\/p>\n<h3>Downloading and Installing Cygwin<\/h3>\n<p>In this article we will guide you how to set up\u00a0<strong>Cygwin<\/strong>\u00a0with the most frequently used tools in the Linux command line. Depending on the available storage space and on your specific needs, you can later choose to install others very easily.<\/p>\n<p>To install\u00a0<strong>Cygwin<\/strong>\u00a0(note that the same instructions apply to updating the software), we will need to\u00a0<a href=\"https:\/\/cygwin.com\/\" target=\"_blank\" rel=\"noopener\">download the Cygwin setup<\/a>, depending on your version of Microsoft Windows. Once downloaded, double click on the\u00a0<strong>.exe<\/strong>\u00a0file to begin with the installation and follow the steps outlined below to complete it.<\/p>\n<p><strong>Step 1<\/strong>\u00a0\u2013 Launch the installation process and choose \u201c<strong>Install from Internet<\/strong>\u201d:<\/p>\n<div id=\"attachment_20513\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Installing-Cygwin.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20513\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Installing-Cygwin.png\" alt=\"Installing Cygwin\" width=\"717\" height=\"248\" aria-describedby=\"caption-attachment-20513\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20513\" class=\"wp-caption-text\">Installing Cygwin<\/p>\n<\/div>\n<p><strong>Step 2<\/strong>\u00a0\u2013 Select an existing directory where you want to install Cygwin and its installation file (<strong>Warning:<\/strong>\u00a0don\u2019t choose folders with spaces on their names):<\/p>\n<div id=\"attachment_20514\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Select-Cygwin-Installation-Directory.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20514\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Select-Cygwin-Installation-Directory.png\" alt=\"Select Cygwin Installation Directory\" width=\"719\" height=\"251\" aria-describedby=\"caption-attachment-20514\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20514\" class=\"wp-caption-text\">Select Cygwin Installation Directory<\/p>\n<\/div>\n<p><strong>Step 3<\/strong>\u00a0\u2013 Choose your Internet connection type and a select a\u00a0<strong>FTP<\/strong>\u00a0or\u00a0<strong>HTTP<\/strong>\u00a0mirror (go to\u00a0<strong>https:\/\/cygwin.com\/mirrors.html<\/strong>\u00a0to select a mirror near your geographical location and then click\u00a0<strong>Add<\/strong>\u00a0to insert the desired mirror in the site list) to proceed with the download:<\/p>\n<div id=\"attachment_20515\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Select-Cygwin-Connection-Type.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20515\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Select-Cygwin-Connection-Type.png\" alt=\"Select Cygwin Connection Type\" width=\"719\" height=\"249\" aria-describedby=\"caption-attachment-20515\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20515\" class=\"wp-caption-text\">Select Cygwin Connection Type<\/p>\n<\/div>\n<p>After you click next in the last screen, some preliminary packages -which will guide the actual installation process- will be retrieved first. If the chosen mirror is not operational or does not contain all the necessary files, you will be prompted to use another one. You can also choose a FTP server if the HTTP counterpart does not work.<\/p>\n<p>If everything goes as expected, within a matter of minutes you will be presented with the package selection screen. In my case, I ended up choosing\u00a0<strong>ftp:\/\/mirrors.kernel.org<\/strong>\u00a0after others failed.<\/p>\n<p><strong>Step 4<\/strong>\u00a0\u2013 Select the packages you want to install by clicking on each desired category. Note you can also choose to install the source code as well. You can also search for packages using the input textbox. When you\u2019re done selecting the packages you need, click\u00a0<strong>Next<\/strong>.<\/p>\n<div id=\"attachment_20516\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Select-Packages-to-Install-under-Cygwin.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20516\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Select-Packages-to-Install-under-Cygwin.png\" alt=\"Select Packages to Install under Cygwin\" width=\"694\" height=\"382\" aria-describedby=\"caption-attachment-20516\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20516\" class=\"wp-caption-text\">Select Packages to Install under Cygwin<\/p>\n<\/div>\n<p>If you selected a package that has dependencies, you will be prompted to confirm the installation of dependencies as well.<\/p>\n<div id=\"attachment_20517\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Cygwin-Setup.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20517\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Cygwin-Setup.png\" alt=\"Cygwin Setup\" width=\"488\" height=\"359\" aria-describedby=\"caption-attachment-20517\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20517\" class=\"wp-caption-text\">Cygwin Setup<\/p>\n<\/div>\n<p>As it is to be expected, the download time will depend on the number of packages you selected previously and their required dependencies. In any event, you should see the following screen after 15-20 minutes.<\/p>\n<p>Select the desired options (Create icon on\u00a0<strong>Desktop<\/strong>\u00a0\/ Add icon to\u00a0<strong>Start Menu<\/strong>) and click\u00a0<strong>Finish<\/strong>\u00a0to complete the installation:<\/p>\n<div id=\"attachment_20518\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Cygwin-Installation-Setup.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20518\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Cygwin-Installation-Setup.png\" alt=\"Cygwin Installation Setup\" width=\"541\" height=\"397\" aria-describedby=\"caption-attachment-20518\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20518\" class=\"wp-caption-text\">Cygwin Installation Setup<\/p>\n<\/div>\n<p>After you have successfully completed\u00a0<strong>steps 1<\/strong>\u00a0through\u00a0<strong>4<\/strong>, we can open\u00a0<strong>Cygwin<\/strong>\u00a0by double clicking its icon on the Windows desktop, as we will see in the next section.<\/p>\n<h3>Launching and using Cygwin<\/h3>\n<p>Once you have launched\u00a0<strong>Cygwin<\/strong>\u00a0you can start typing commands as if you would do in a Linux terminal. However, you should note that just like it is the case in Linux, the initial directory is a virtual folder called\u00a0<strong>\/home\/username<\/strong>.<\/p>\n<p>The image below shows the result of running the following commands in my recently finished Cygwin installation.<\/p>\n<p>Print current date:<\/p>\n<pre>$ echo \"Today is $(date +%F)\" \r\n<\/pre>\n<p>The initial directory is found inside a folder named\u00a0<strong>home<\/strong>\u00a0that is located in the directory where Cygwin was installed (<strong>\/cygdrive\/c = C:\\Cygwin\\home<\/strong>\u00a0in my case):<\/p>\n<pre>$ pwd\r\n<\/pre>\n<p>Change directory to the root of the\u00a0<code>C:<\/code>\u00a0drive:<\/p>\n<pre>$ cd C:\r\n<\/pre>\n<p>Create a directory:<\/p>\n<pre>$ mkdir 'C:\\Users\\Gabriel\\test'\r\n<\/pre>\n<p>Redirect the output of the command to a file:<\/p>\n<pre>$ ls -l &gt; 'C:\\Users\\Gabriel\\test\\files.txt'\r\n<\/pre>\n<p>View contents of the root directory of the\u00a0<code>C:<\/code>\u00a0drive.<\/p>\n<pre>$ cat 'C:\\Users\\Gabriel\\test\\files.txt' \r\n<\/pre>\n<div id=\"attachment_20519\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Running-Linux-Commands-on-Cygwin.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20519\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Running-Linux-Commands-on-Cygwin.png\" alt=\"Running Linux Commands on Cygwin\" width=\"721\" height=\"388\" aria-describedby=\"caption-attachment-20519\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20519\" class=\"wp-caption-text\">Running Linux Commands on Cygwin<\/p>\n<\/div>\n<p>If you installed\u00a0<strong>vim<\/strong>\u00a0or another text editor, you can also invoke it as usual to create a bash shell script. The following example will search for files with permissions set to\u00a0<strong>777<\/strong>\u00a0beginning at the directory given as parameter and will\u00a0<strong>1)<\/strong>\u00a0print the file names to the screen, and\u00a0<strong>2)<\/strong>\u00a0change the permissions to\u00a0<strong>644<\/strong>, and delete them if they are empty.<\/p>\n<pre># vim fixperms.sh\r\n<\/pre>\n<p>Add the following content to file:<\/p>\n<pre>#!\/bin\/bash\r\nDIR=$1\r\necho \"The permissions of the following files are being changed to 644: \"\r\nfind $DIR -type f -perm 777 -print -exec chmod 644 {} +\r\necho \"The following empty files are being removed: \"\r\nfind $DIR -type f -empty -print -empty -delete\r\n<\/pre>\n<p>Feel free to add to the above script other commands if you wish, then give it execute permissions and run it:<\/p>\n<pre>$ chmod +x fixperms.sh\r\n$ .\/fixperms.sh .\r\n<\/pre>\n<p>Let\u2019s see the script in action:<\/p>\n<div id=\"attachment_20520\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Run-Shell-Scripts-in-Cygwin.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20520\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Run-Shell-Scripts-in-Cygwin.png\" alt=\"Run Shell Scripts in Cygwin\" width=\"456\" height=\"275\" aria-describedby=\"caption-attachment-20520\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20520\" class=\"wp-caption-text\">Run Shell Scripts in Cygwin<\/p>\n<\/div>\n<p>As you can see, we were able to run a bash shell script in\u00a0<strong>Windows<\/strong>\u00a0(using the\u00a0<strong>GNU<\/strong>\u00a0version of\u00a0<a href=\"https:\/\/www.tecmint.com\/35-practical-examples-of-linux-find-command\/\" target=\"_blank\" rel=\"noopener\">find command<\/a>) with the help of\u00a0<strong>Cygwin<\/strong>\u00a0\u2013 and that was just an example.<\/p>\n<p>Think for a minute. What other examples of classic Linux commands would you like to see? Feel free to give it a try, let us know how it goes, and don\u2019t hesitate to ask us for help.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have explained how to install\u00a0<strong>Cygwin<\/strong>, a Linux-like command line environment for Windows. As such, keep in mind that it is NOT a method to run native Linux applications in Windows, but you can compile applications using the source code if you want to do so.<\/p>\n<p>If you find out that some of the commands you use more frequently are not available, restart the installation and search for the specific packages when you reach\u00a0<strong>Step 4<\/strong>\u00a0(feel free to repeat this process as many times as needed). The number of packages available is amazing and the chances of not being able to find what you need are next to zero.<\/p>\n<p>If you have had the chance to use Cygwin already, we would appreciate it if you can leave a comment using the form below to tell us about your experience. If not, we certainly hope we ignited a spark of interest with this article, and your feedback is highly appreciated as well.<\/p>\n<h1 class=\"post-title\">An Ultimate Guide to Setting Up FTP Server to Allow Anonymous Logins<\/h1>\n<p>In a day where massive remote storage is rather common, it may be strange to talk about\u00a0<a href=\"https:\/\/www.tecmint.com\/sftp-command-examples\/\" target=\"_blank\" rel=\"noopener\">sharing files using FTP<\/a>\u00a0(<strong>File Transfer Protocol<\/strong>).<\/p>\n<p>However, it is still used for file exchange where security does not represent an important consideration and for public downloads of documents, for example.<\/p>\n<p>It\u2019s for that reason that learning how to configure a FTP server and enable anonymous downloads (not requiring authentication) is still a relevant topic.<\/p>\n<p>In this article we will explain how to set up a\u00a0<strong>FTP<\/strong>\u00a0server to allow connections on passive mode where the client initiates both channels of communication to the server (one for commands and the other for the actual transmission of files, also known as the control and data channels, respectively).<\/p>\n<p>You can read more about passive and active modes (which we will not cover here) in\u00a0<a href=\"http:\/\/slacksite.com\/other\/ftp.html\" target=\"_blank\" rel=\"nofollow noopener\">Active FTP vs. Passive FTP<\/a>, a Definitive Explanation.<\/p>\n<p>That said, let\u2019s begin!<\/p>\n<h3>Setting up a FTP Server in Linux<\/h3>\n<p>To set up\u00a0<strong>FTP<\/strong>\u00a0in our server we will install the following packages:<\/p>\n<pre># yum install vsftpd ftp         [<strong>CentOS<\/strong>]\r\n# aptitude install vsftpd ftp    [<strong>Ubuntu<\/strong>]\r\n# zypper install vsftpd ftp      [<strong>openSUSE<\/strong>]\r\n<\/pre>\n<p>The\u00a0<strong>vsftpd<\/strong>\u00a0package is an implementation of a FTP server. The name of the package stands for\u00a0<strong>Very Secure FTP Daemon<\/strong>. On the other hand,\u00a0<strong>ftp<\/strong>\u00a0is the client program that will be used to access the server.<\/p>\n<p>Keep in mind that during the exam, you will be given only one VPS where you will need to install both client and server, so that is precisely the same approach that we will follow in this article.<\/p>\n<p>In\u00a0<strong>CentOS<\/strong>\u00a0and\u00a0<strong>openSUSE<\/strong>, you will be required to start and enable the\u00a0<strong>vsftpd<\/strong>\u00a0service:<\/p>\n<pre># systemctl start vsftpd &amp;&amp; systemctl enable vsftpd\r\n<\/pre>\n<p>In\u00a0<strong>Ubuntu<\/strong>,\u00a0<strong>vsftpd<\/strong>\u00a0should be started and set to start on subsequent boots automatically after the installation. If not, you can start it manually with:<\/p>\n<pre>$ sudo service vsftpd start\r\n<\/pre>\n<p>Once\u00a0<strong>vsftpd<\/strong>\u00a0is installed and running, we can proceed to configure our FTP server.<\/p>\n<h3>Configuring the FTP Server in Linux<\/h3>\n<p>At any point, you can refer to man\u00a0<code>vsftpd.conf<\/code>\u00a0for further configuration options. We will set the most common options and mention their purpose in this guide.<\/p>\n<p>As with any other configuration file, it is important to make a backup copy of the original before making changes:<\/p>\n<pre># cp \/etc\/vsftpd\/vsftpd.conf \/etc\/vsftpd\/vsftpd.conf.orig\r\n<\/pre>\n<p>Then open\u00a0<code>\/etc\/vsftpd\/vsftpd.conf<\/code>\u00a0(the main configuration file) and edit the following options as indicated:<\/p>\n<p><strong>1.<\/strong>\u00a0Make sure you allow anonymous access to the server (we will use the\u00a0<code>\/storage\/ftp<\/code>\u00a0directory for this example \u2013 that\u2019s where we will store documents for anonymous users to access) without password:<\/p>\n<pre>anonymous_enable=YES\r\nno_anon_password=YES\r\nanon_root=\/storage\/ftp\/\r\n<\/pre>\n<p>If you omit the last setting, the ftp directory will default to\u00a0<code>\/var\/ftp<\/code>\u00a0(the home directory of the dedicated ftp user that was created during installation).<\/p>\n<p><strong>2.<\/strong>\u00a0To enable read-only access (thus disabling file uploads to the server), set the following variable to\u00a0<strong>NO<\/strong>:<\/p>\n<pre>write_enable=NO\r\n<\/pre>\n<p><strong>Important<\/strong>: Only use steps\u00a0<strong>#3<\/strong>\u00a0and\u00a0<strong>#4<\/strong>\u00a0if you choose to disable the anonymous logins.<\/p>\n<p><strong>3.<\/strong>\u00a0Likewise, you may want to also allow local users to login with their system credentials to the FTP server. Later on this article we will show you how to restrict them to their respective home directories to store and retrieve files using FTP:<\/p>\n<pre>local_enable=YES\r\n<\/pre>\n<p>If\u00a0<strong>SELinux<\/strong>\u00a0is in\u00a0<strong>enforcing<\/strong>\u00a0mode, you will also need to set the\u00a0<code>ftp_home_dir<\/code>\u00a0flag to on so that FTP is allowed to write and read files to and from their home directories:<\/p>\n<pre># getsebool ftp_home_dir\r\n<\/pre>\n<p>If not, you can enable it permanently with:<\/p>\n<pre># setsebool -P ftp_home_dir 1\r\n<\/pre>\n<p>The expected output is shown below:<\/p>\n<div id=\"attachment_20569\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/SELinux-Enable-Home-Directory-for-FTP.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20569\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/SELinux-Enable-Home-Directory-for-FTP.png\" alt=\"SELinux - Enable FTP on Home Directories\" width=\"507\" height=\"106\" aria-describedby=\"caption-attachment-20569\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20569\" class=\"wp-caption-text\">SELinux \u2013 Enable FTP on Home Directories<\/p>\n<\/div>\n<p><strong>4.<\/strong>\u00a0In order to restrict authenticated system users to their home directories, we will use:<\/p>\n<pre>chroot_local_user=YES\r\nchroot_list_enable=YES\r\nchroot_list_file=\/etc\/vsftpd\/chroot_list\r\n<\/pre>\n<p>With the above\u00a0<strong>chroot<\/strong>\u00a0settings and an empty\u00a0<code>\/etc\/vsftpd\/chroot_list<\/code>\u00a0file (which YOU need to create), you will restrict ALL system users to their home directories.<\/p>\n<p><strong>Important<\/strong>: Please note this still requires that you ensure that none of them has write permissions to the top directory.<\/p>\n<p>If you want to allow a specific user (or more) outside their home directories, insert the usernames in\u00a0<strong>\/etc\/vsftpd\/chroot_list<\/strong>, one per line.<\/p>\n<p><strong>5.<\/strong>\u00a0In addition, the following settings will allow you to limit the available bandwidth for anonymous logins (<strong>10 KB<\/strong>) and authenticated users (<strong>20 KB<\/strong>) in bytes per second, and restrict the number of simultaneous connections per IP address to\u00a0<strong>5<\/strong>:<\/p>\n<pre>anon_max_rate=10240\r\nlocal_max_rate=20480\r\nmax_per_ip=5\r\n<\/pre>\n<p><strong>6.<\/strong>\u00a0We will restrict the data channel to TCP ports\u00a0<strong>15000<\/strong>\u00a0through\u00a0<strong>15500<\/strong>\u00a0in the server. Note this is an arbitrary choice and you can use a different range if you wish.<\/p>\n<p>Add the following lines to\u00a0<code>\/etc\/vsftpd\/vsftpd.conf<\/code>\u00a0if they are not already present:<\/p>\n<pre>pasv_enable=YES\r\npasv_max_port=15500\r\npasv_min_port=15000\r\n<\/pre>\n<p><strong>7.<\/strong>\u00a0Finally, you can set a welcome message to be shown each time a user access the server. A little information without further details will do:<\/p>\n<pre>ftpd_banner=This is a test FTP server brought to you by Tecmint.com\r\n<\/pre>\n<p>.<br \/>\n<strong>8.<\/strong>\u00a0Now don\u2019t forget to restart the service in order to apply the new configuration:<\/p>\n<pre># systemctl restart vsftpd      [<strong>CentOS<\/strong>]\r\n$ sudo service vsftpd restart   [<strong>Ubuntu<\/strong>]\r\n<\/pre>\n<p><strong>9.<\/strong>\u00a0Allow FTP traffic through the firewall (for\u00a0<strong>firewalld<\/strong>):<\/p>\n<h4>On FirewallD<\/h4>\n<pre># firewall-cmd --add-service=ftp\r\n# firewall-cmd --add-service=ftp --permanent\r\n# firewall-cmd --add-port=15000-15500\/tcp\r\n# firewall-cmd --add-port=15000-15500\/tcp --permanent\r\n<\/pre>\n<h4>On IPTables<\/h4>\n<pre># iptables --append INPUT --protocol tcp --destination-port 21 -m state --state NEW,ESTABLISHED --jump ACCEPT\r\n# iptables --append INPUT --protocol tcp --destination-port 15000:15500  -m state --state ESTABLISHED,RELATED --jump ACCEPT\r\n<\/pre>\n<p>Regardless of the distribution, we will need to load the\u00a0<code>ip_conntrack_ftp<\/code>\u00a0module:<\/p>\n<pre># modprobe ip_conntrack_ftp \r\n<\/pre>\n<p>And make it persistent across boots. On\u00a0<strong>CentOS<\/strong>\u00a0and\u00a0<strong>openSUSE<\/strong>\u00a0this means adding the module name to the\u00a0<strong>IPTABLES_MODULES<\/strong>\u00a0in\u00a0<strong>\/etc\/sysconfig\/iptables-config<\/strong>\u00a0like so:<\/p>\n<pre>IPTABLES_MODULES=\"ip_conntrack_ftp\"\r\n<\/pre>\n<p>whereas in\u00a0<strong>Ubuntu<\/strong>\u00a0you\u2019ll want to add the module name (without the\u00a0<strong>modprobe<\/strong>\u00a0command) at the bottom of\u00a0<strong>\/etc\/modules<\/strong>:<\/p>\n<pre>$ sudo echo \"ip_conntrack_ftp\" &gt;&gt; \/etc\/modules\r\n<\/pre>\n<p><strong>10.<\/strong>\u00a0Last but not least, make sure the server is listening on\u00a0<strong>IPv4<\/strong>\u00a0or\u00a0<strong>IPv6<\/strong>\u00a0sockets (but not both!). We will use\u00a0<strong>IPv4<\/strong>here:<\/p>\n<pre>listen=YES\r\n<\/pre>\n<p>We will now test the newly installed and configured FTP server.<\/p>\n<h3>Testing the FTP Server in Linux<\/h3>\n<p>We will create a regular\u00a0<strong>PDF<\/strong>\u00a0file (in this case, the PDF version of the\u00a0<strong>vsftpd.conf<\/strong>\u00a0manpage) in\u00a0<strong>\/storage\/ftp<\/strong>.<\/p>\n<p>Note that you may need to install the\u00a0<strong>ghostcript<\/strong>\u00a0package (which provides\u00a0<strong>ps2pdf<\/strong>) separately, or use another file of your choice:<\/p>\n<pre># man -t vsftpd.conf | ps2pdf - \/storage\/ftp\/vstpd.conf.pdf\r\n<\/pre>\n<p>To test, we will use both a web browser (by going to\u00a0<code>ftp:\/\/Your_IP_here<\/code>) and using the command line client (<strong>ftp<\/strong>). Let\u2019s see what happens when we enter that FTP address in our browser:<\/p>\n<div id=\"attachment_20570\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Browse-FTP-Directory.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20570\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Browse-FTP-Directory.png\" alt=\"FTP Web Directory Browsing\" width=\"480\" height=\"279\" aria-describedby=\"caption-attachment-20570\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20570\" class=\"wp-caption-text\">FTP Web Directory Browsing<\/p>\n<\/div>\n<p>As you can see, the PDF file we saved earlier in\u00a0<code>\/storage\/ftp<\/code>\u00a0is available for you to download.<\/p>\n<p>On the command line, type:<\/p>\n<pre># ftp localhost\r\n<\/pre>\n<p>And enter anonymous as the user name. You should not be prompted for your password:<\/p>\n<div id=\"attachment_20571\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Verify-FTP-Connection.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20571\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Verify-FTP-Connection.png\" alt=\"Verify FTP Connection\" width=\"580\" height=\"277\" aria-describedby=\"caption-attachment-20571\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20571\" class=\"wp-caption-text\">Verify FTP Connection<\/p>\n<\/div>\n<p>To retrieve files using the command line, use the\u00a0<code>get<\/code>\u00a0command followed by the filename, like so:<\/p>\n<pre># get vsftpd.conf.pdf\r\n<\/pre>\n<p>and you\u2019re good to go.<\/p>\n<h3>Summary<\/h3>\n<p>In this guide we have explained how to properly set up a\u00a0<strong>FTP<\/strong>\u00a0and use it to allow anonymous logins. You can also follow the instructions given to disable such logins and only allow local users to authenticate using their system credentials (not illustrated in this article since it is not required on the exam).<\/p>\n<p>If you run into any issues, please share with us the output of the following command, which will stripe the configuration file from commented and empty lines, and we will be more than glad to take a look:<\/p>\n<pre># grep -Eiv '(^$|^#)' \/etc\/vsftpd\/vsftpd.conf\r\n<\/pre>\n<p>Mine is as below (note that there are other configuration directives that we did not cover in this article as they are set by default, so no change was required at our side):<\/p>\n<pre>local_enable=NO\r\nwrite_enable=NO\r\nlocal_umask=022\r\ndirmessage_enable=YES\r\nxferlog_enable=YES\r\nconnect_from_port_20=YES\r\nxferlog_std_format=YES\r\nftpd_banner=This is a test FTP server brought to you by Tecmint.com\r\nlisten=YES\r\nlisten_ipv6=NO\r\npam_service_name=vsftpd\r\nuserlist_enable=YES\r\ntcp_wrappers=YES\r\nanon_max_rate=10240\r\nlocal_max_rate=20480\r\nmax_per_ip=5\r\nanon_root=\/storage\/ftp\r\nno_anon_password=YES\r\nallow_writeable_chroot=YES\r\npasv_enable=YES\r\npasv_min_port=15000\r\npasv_max_port=15500\r\n<\/pre>\n<p>Particularly, this directive<\/p>\n<pre>xferlog_enable=YES\r\n<\/pre>\n<p>will enable the transfer log in\u00a0<code>\/var\/log\/xferlog<\/code>. Make sure you look in that file while troubleshooting.<\/p>\n<p>Additionally, feel free to drop us a note using the comment form below if you have questions or any comments about this article.<\/p>\n<h1 class=\"post-title\">Setup a Basic Recursive Caching DNS Server and Configure Zones for Domain<\/h1>\n<p>Imagine what it would be like if we had to remember the IP addresses of all the websites that we use on a daily basis. Even if we had a prodigious memory, the process to browse to a website would be ridiculously slow and time-consuming.<\/p>\n<p>And what about if we needed to visit multiple websites or use several applications that reside in the same machine or virtual host? That would be one of the worst headaches I can think of \u2013 not to mention the possibility that the IP address associated with a website or application can be changed without prior notice.<\/p>\n<p>Just the very thought of it would be enough reason to desist using the Internet or internal networks after a while.<\/p>\n<p>That\u2019s precisely what a world without\u00a0<strong>Domain Name System<\/strong>\u00a0(also known as\u00a0<strong>DNS<\/strong>) would be. Fortunately, this service solves all of the issues mentioned above \u2013 even if the relationship between an IP address and a name changes.<\/p>\n<p>For that reason, in this article we will learn how to configure and use a simple DNS server, a service that will allow to translate domain names into IP addresses and vice versa.<\/p>\n<h3>Introducing DNS Name Resolution<\/h3>\n<p>For small networks that are not subject to frequent changes, the\u00a0<strong>\/etc\/hosts<\/strong>\u00a0file can be used as a rudimentary method of domain name to IP address resolution.<\/p>\n<p>With a very simple syntax, this file allows us to associate a name (and \/ or an alias) with an IP address as follows:<\/p>\n<pre>[IP address] [name] [alias(es)]\r\n<\/pre>\n<p>For example,<\/p>\n<pre>192.168.0.1 gateway gateway.mydomain.com\r\n192.168.0.2 web web.mydomain.com\r\n<\/pre>\n<p>Thus, you can reach the web machine either by its name, the\u00a0<strong>web.mydomain.com<\/strong>\u00a0alias, or its IP address.<\/p>\n<p>For larger networks, or those that are subject to frequent changes, using the\u00a0<strong>\/etc\/hosts<\/strong>\u00a0file to resolve domain names into IP addresses would not be an acceptable solution. That\u2019s where the need for a dedicated service comes in.<\/p>\n<p>Under the hood, a\u00a0<strong>DNS<\/strong>\u00a0server queries a large database in the form of a tree, which starts at the root\u00a0<code>(\u201c.\u201d)<\/code>zone.<\/p>\n<p>The following image will help us to illustrate:<\/p>\n<div id=\"attachment_20575\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/DNS-Name-Resolution-Diagram.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20575\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/DNS-Name-Resolution-Diagram.png\" alt=\"DNS Name Resolution Diagram\" width=\"380\" height=\"279\" aria-describedby=\"caption-attachment-20575\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20575\" class=\"wp-caption-text\">DNS Name Resolution Diagram<\/p>\n<\/div>\n<p>In the image above, the root\u00a0<code>(.)<\/code>\u00a0zone contains\u00a0<strong>com<\/strong>,\u00a0<strong>edu<\/strong>, and\u00a0<strong>net<\/strong>\u00a0domains. Each of these domains are (or can be) managed by different organizations to avoid depending on a big, central one. This allows to properly distribute requests in a hierarchical way.<\/p>\n<p>Let\u2019s see what happens under the hood:<\/p>\n<p><strong>1.<\/strong>\u00a0When a client makes a query to a DNS server for\u00a0<strong>web1.sales.me.com<\/strong>, the server sends the query to the top (root) DNS server, which points the query to the name server in the\u00a0<code>.com<\/code>\u00a0zone.<\/p>\n<p>This, in turn, sends the query to the next level name server (in the\u00a0<code>me.com<\/code>\u00a0zone), and then to\u00a0<code>sales.me.com<\/code>. This process is repeated as many times as needed until the\u00a0<strong>FQDN<\/strong>\u00a0(<strong>Fully Qualified Domain Name<\/strong>,\u00a0<strong>web1.sales.me.com<\/strong>\u00a0in this example) is returned by the name server of the zone where it belongs.<\/p>\n<p><strong>2.<\/strong>\u00a0In this example, the name server in\u00a0<code>sales.me.com.<\/code>\u00a0responds for the address\u00a0<code>web1.sales.me.com<\/code>\u00a0and returns the desired domain name-IP association and other information as well (if configured to do so).<\/p>\n<p>All this information is sent to the original DNS server, which then passes it back to the client that requested it in the first place. To avoid repeating the same steps for future identical queries, the results of the query are stored in the DNS server.<\/p>\n<p>These are the reasons why this kind of setup is commonly known as a recursive,\u00a0<a href=\"https:\/\/www.tecmint.com\/install-configure-cache-only-dns-server-in-rhel-centos-7\/\" target=\"_blank\" rel=\"noopener\">caching DNS server<\/a>.<\/p>\n<h3>Installing and Configuring a DNS Server<\/h3>\n<p>In Linux, the most used DNS server is\u00a0<strong>bind<\/strong>\u00a0(short for\u00a0<strong>Berkeley Internet Name Daemon<\/strong>), which can be installed as follows:<\/p>\n<pre># yum install bind bind-utils        [<strong>CentOS<\/strong>]\r\n# zypper install bind bind-utils     [<strong>openSUSE<\/strong>]\r\n# aptitude install bind9 bind9utils  [<strong>Ubuntu<\/strong>]\r\n<\/pre>\n<p>Once we have installed\u00a0<strong>bind<\/strong>\u00a0and related utilities, let\u2019s make a copy of the configuration file before making any changes:<\/p>\n<pre># cp \/etc\/named.conf \/etc\/named.conf.orig            [<strong>CentOS<\/strong> and <strong>openSUSE<\/strong>]\r\n# cp \/etc\/bind\/named.conf \/etc\/bind\/named.conf.orig  [<strong>Ubuntu<\/strong>]\r\n<\/pre>\n<p>Then let\u2019s open\u00a0<code>named.conf<\/code>\u00a0and head over to the options block, where we need to set make sure the following settings are present to configure a recursive, caching server with\u00a0<strong>IP 192.168.0.18\/24<\/strong>\u00a0that can be accessed only by hosts in the same network (as a security measure).<\/p>\n<p>The forwarders settings are used to indicate which name servers should be queried first (in the following example we use Google\u2019s name servers) for hosts outside our domain:<\/p>\n<pre>options {\r\n...\r\nlisten-on port 53 { 127.0.0.1; 192.168.0.18};\r\nallow-query \t{ localhost; 192.168.0.0\/24; };\r\nrecursion yes;\r\nforwarders {\r\n    \t8.8.8.8;\r\n    \t8.8.4.4;\r\n};\r\n\u2026\r\n}\r\n<\/pre>\n<p>Outside the options block we will define our\u00a0<code>sales.me.com<\/code>\u00a0zone (in\u00a0<strong>Ubuntu<\/strong>\u00a0this is usually done in a separate file called\u00a0<strong>named.conf.local<\/strong>) that maps a domain with a given IP address and a reverse zone to map the IP address to the corresponding domain.<\/p>\n<p>However, the actual configuration of each zone will go in separate files as indicated by the file directive (<code>\u201cmaster\u201d<\/code>\u00a0indicates we will only use one DNS server).<\/p>\n<p>Add the following blocks to\u00a0<code>named.conf<\/code>\u00a0file:<\/p>\n<pre>zone \"sales.me.com.\" IN {\r\n    type master;\r\n    file \"\/var\/named\/sales.me.com.zone\";\r\n};\r\nzone \"0.168.192.in-addr.arpa\" IN {\r\n    type master;\r\n    file \"\/var\/named\/0.162.198.in-addr.arpa.zone\";\r\n};\r\n<\/pre>\n<p>Note that\u00a0<code>in-addr.arpa<\/code>\u00a0(for IPv4 addresses) and\u00a0<code>ip6.arpa<\/code>\u00a0(for IPv6) are conventions for reverse zone configurations.<\/p>\n<p>After saving the above changes to\u00a0<strong>named.conf<\/strong>, we can check for errors as follows:<\/p>\n<pre># named-checkconf \/etc\/named.conf\r\n<\/pre>\n<p>If any errors are found, the above command will output an informative message with the cause and the line where they are located. Otherwise, it will not return anything.<\/p>\n<h3>Configuring DNS Zones<\/h3>\n<p>In the files\u00a0<code>\/var\/named\/sales.me.com.zone<\/code>\u00a0and\u00a0<code>\/var\/named\/0.168.192.in-addr.arpa.zone<\/code>\u00a0we will configure the forward (domain \u2192 IP address) and reverse (IP address \u2192 domain) zones.<\/p>\n<p>Let\u2019s tackle the forward configuration first:<\/p>\n<p><strong>1.<\/strong>\u00a0At the top of the file you will find a line beginning with\u00a0<strong>TTL<\/strong>\u00a0(short for\u00a0<strong>Time To Live<\/strong>), which specifies how long the cached response should\u00a0<strong>\u201clive\u201d<\/strong>\u00a0before being replaced by the results of a new query.<\/p>\n<p>In the line immediately below, we will reference our domain and set the email address where notifications should be sent (note that the\u00a0<strong>root.sales.me.com<\/strong>\u00a0means\u00a0<strong>root@sales.me.com<\/strong>).<\/p>\n<p><strong>2.<\/strong>\u00a0A\u00a0<code>SOA<\/code>\u00a0(<strong>Start Of Authority<\/strong>) record indicates that this system is the authoritative nameserver for machines inside the\u00a0<code>sales.me.com<\/code>\u00a0domain.<\/p>\n<p>The following settings are required when there are two nameservers (one\u00a0<strong>master<\/strong>\u00a0and one\u00a0<strong>slave<\/strong>) per domain (although such is not our case since it is not required in the exam, they are presented here for your reference):<\/p>\n<p>The\u00a0<code>Serial<\/code>\u00a0is used to distinguish one version of the zone definition file from a previous one (where settings could have changed). If the cached response points to a definition with a different serial, the query is performed again instead of feeding it back to the client.<\/p>\n<p>In a setup with a\u00a0<strong>slave<\/strong>\u00a0(secondary) nameserver,\u00a0<code>Refresh<\/code>\u00a0indicates the amount of time until the secondary should check for a new serial from the master server.<\/p>\n<p>In addition,\u00a0<code>Retry<\/code>\u00a0tells the server how often the secondary should attempt to contact the primary if no response from the primary has been received, whereas\u00a0<code>Expire<\/code>\u00a0indicates when the zone definition in the secondary is no longer valid after the master server could not be reached, and\u00a0<code>Negative TTL<\/code>\u00a0is the time that a Non-existent domain (NXdomain) should be cached.<\/p>\n<p><strong>3.<\/strong>\u00a0A\u00a0<code>NS<\/code>\u00a0record indicates what is the authoritative DNS server for our domain (referenced by the\u00a0<code>@<\/code>\u00a0sign at the beginning of the line).<\/p>\n<p><strong>4.<\/strong>\u00a0An\u00a0<code>A<\/code>\u00a0record (for IPv4 addresses) or an\u00a0<code>AAAA<\/code>\u00a0(for IPv6 addresses) translates names into IP addresses.<\/p>\n<p>In the example below:<\/p>\n<pre>dns: 192.168.0.18 (the DNS server itself)\r\nweb1: 192.168.0.29 (a web server inside the sales.me.com zone)\r\nmail1: 192.168.0.28 (a mail server inside the sales.me.com zone)\r\nmail2: 192.168.0.30 (another mail server)\r\n<\/pre>\n<p><strong>5.<\/strong>\u00a0A\u00a0<code>MX<\/code>\u00a0record indicates the names of the authorized mail transfer agents (MTAs) for this domain. The hostname should be prefaced by a number indicating the priority that the current mail server should have when there are two or more MTAs for the domain (the lower the value, the higher the priority \u2013 in the following example, mail1 is the primary whereas mail2 is the secondary MTA).<\/p>\n<p><strong>6.<\/strong>\u00a0A\u00a0<code>CNAME<\/code>\u00a0record sets an alias (<strong>www.web1<\/strong>) for a host (<strong>web1<\/strong>).<\/p>\n<p><strong>IMPORTANT<\/strong>: The dot\u00a0<code>(.)<\/code>\u00a0at the end of the names is required.<\/p>\n<pre>$TTL\t604800\r\n@   \tIN  \tSOA \tsales.me.com. root.sales.me.com. (\r\n                    \t2016051101 ; Serial\r\n                    \t10800 ; Refresh\r\n                    \t3600  ; Retry\r\n                    \t604800 ; Expire\r\n                    \t604800) ; Negative TTL\r\n;\r\n@   \tIN  \tNS  \tdns.sales.me.com.\r\ndns \tIN  \tA   \t192.168.0.18\r\nweb1\tIN  \tA   \t192.168.0.29\r\nmail1   IN  \tA   \t192.168.0.28\r\nmail2   IN  \tA   \t192.168.0.30\r\n@   \tIN  \tMX  \t10 mail1.sales.me.com.\r\n@   \tIN  \tMX  \t20 mail2.sales.me.com.\r\nwww.web1    \tIN  \tCNAME   web1\r\n<\/pre>\n<p>Let\u2019s now take a look at the reverse zone configuration (<strong>\/var\/named\/0.168.192.in-addr.arpa.zone<\/strong>). The\u00a0<code>SOA<\/code>record is the same as in the previous file, whereas the last three lines with a\u00a0<code>PTR<\/code>\u00a0(pointer) record indicate the last octet in the IPv4 address of the\u00a0<strong>mail1<\/strong>,\u00a0<strong>web1<\/strong>, and\u00a0<strong>mail2<\/strong>\u00a0hosts (<strong>192.168.0.28<\/strong>,\u00a0<strong>192.168.0.29<\/strong>, and\u00a0<strong>192.168.0.30<\/strong>, respectively).<\/p>\n<pre>$TTL\t604800\r\n@   \tIN  \tSOA \tsales.me.com. root.sales.me.com. (\r\n                    \t2016051101 ; Serial\r\n                    \t10800 ; Refresh\r\n                    \t3600  ; Retry\r\n                    \t604800 ; Expire\r\n                    \t604800) ; Minimum TTL\r\n@   \tIN  \tNS  \tdns.sales.me.com.\r\n28  \tIN  \tPTR \tmail1.sales.me.com.\r\n29  \tIN  \tPTR \tweb1.sales.me.com.\r\n30  \tIN  \tPTR \tmail2.sales.me.com.\r\n<\/pre>\n<p>You can check the zone files for errors with:<\/p>\n<pre># named-checkzone sales.me.com \/var\/named\/sales.me.com.zone\r\n# named-checkzone 0.168.192.in-addr.arpa \/var\/named\/0.168.192.in-addr.arpa.zone\r\n<\/pre>\n<p>The following image illustrates what is the expected output on success:<\/p>\n<div id=\"attachment_20576\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Check-DNS-Zone-File-Configuration-Errors.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20576\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Check-DNS-Zone-File-Configuration-Errors.png\" alt=\"Check DNS Zone File Configuration Errors\" width=\"722\" height=\"128\" aria-describedby=\"caption-attachment-20576\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20576\" class=\"wp-caption-text\">Check DNS Zone File Configuration Errors<\/p>\n<\/div>\n<p>Otherwise, you will get an error message stating the cause and how to fix it:<\/p>\n<div id=\"attachment_20577\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Fix-DNS-Zone-Configuration-Error.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20577\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Fix-DNS-Zone-Configuration-Error.png\" alt=\"Fix DNS Zone Configuration Error\" width=\"721\" height=\"338\" aria-describedby=\"caption-attachment-20577\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20577\" class=\"wp-caption-text\">Fix DNS Zone Configuration Error<\/p>\n<\/div>\n<p>Once you have verified the main configuration file and the zone files, restart the\u00a0<strong>named<\/strong>\u00a0service to apply changes.<\/p>\n<p>In\u00a0<strong>CentOS<\/strong>\u00a0and\u00a0<strong>openSUSE<\/strong>, do:<\/p>\n<pre># systemctl restart named\r\n<\/pre>\n<p>And don\u2019t forget to enable it as well:<\/p>\n<pre># systemctl enable named\r\n<\/pre>\n<p>In\u00a0<strong>Ubuntu<\/strong>:<\/p>\n<pre>$ sudo service bind9 restart\r\n<\/pre>\n<p>Finally, you will have to edit the configuration of your main network interfaces:<\/p>\n<pre>---- In <strong>\/etc\/sysconfig\/network-scripts\/ifcfg-enp0s3<\/strong> for <strong>CentOS<\/strong> and <strong>openSUSE<\/strong> ----\r\nDNS1=192.168.0.18 \r\n\r\n---- In <strong>\/etc\/network\/interfaces<\/strong> for <strong>Ubuntu<\/strong> ----\r\ndns-nameservers 192.168.0.18 \r\n<\/pre>\n<p>and restart the network service to apply changes.<\/p>\n<h3>Testing the DNS Server<\/h3>\n<p>At this point we are ready to query our DNS server for local and outside names and addresses. The following commands will return the IP address associated with the host\u00a0<strong>web1<\/strong>:<\/p>\n<pre># host web1.sales.me.com\r\n# host web1\r\n# host www.web1\r\n<\/pre>\n<div id=\"attachment_20578\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Query-DNS-on-Domain-Host.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20578\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Query-DNS-on-Domain-Host.png\" alt=\"Query DNS on Domain Host\" width=\"454\" height=\"147\" aria-describedby=\"caption-attachment-20578\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20578\" class=\"wp-caption-text\">Query DNS on Domain Host<\/p>\n<\/div>\n<p>How can we find out who is handling emails for\u00a0<strong>sales.me.com<\/strong>? It\u2019s easy to find out \u2013 just query the\u00a0<strong>MX<\/strong>\u00a0records for the domain:<\/p>\n<pre># host -t mx sales.me.com\r\n<\/pre>\n<div id=\"attachment_20579\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Query-MX-Record-Of-Domain.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20579\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Query-MX-Record-Of-Domain.png\" alt=\"Query MX Record Of Domain\" width=\"439\" height=\"84\" aria-describedby=\"caption-attachment-20579\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20579\" class=\"wp-caption-text\">Query MX Record Of Domain<\/p>\n<\/div>\n<p>Likewise, let\u2019s perform a reverse query. This will help us find out the name behind an IP address:<\/p>\n<pre># host 192.168.0.28\r\n# host 192.168.0.29\r\n<\/pre>\n<div id=\"attachment_20580\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/DNS-Reverse-Query-on-IP.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20580\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/DNS-Reverse-Query-on-IP.png\" alt=\"DNS Reverse Query on IP Address\" width=\"529\" height=\"95\" aria-describedby=\"caption-attachment-20580\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20580\" class=\"wp-caption-text\">DNS Reverse Query on IP Address<\/p>\n<\/div>\n<p>You can try the same operations for outside hosts:<\/p>\n<pre># host -t mx linux.com\r\n# host 8.8.8.8\r\n<\/pre>\n<div id=\"attachment_20582\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Check-DNS-of-Domain.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20582\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Check-DNS-of-Domain.png\" alt=\"Check Domain DNS Information\" width=\"580\" height=\"117\" aria-describedby=\"caption-attachment-20582\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20582\" class=\"wp-caption-text\">Check Domain DNS Information<\/p>\n<\/div>\n<p>To verify that queries are indeed going through our DNS server, let\u2019s enable logging:<\/p>\n<pre># rndc querylog\r\n<\/pre>\n<p>And check the \/var\/log\/messages file (in\u00a0<strong>CentOS<\/strong>\u00a0and\u00a0<strong>openSUSE<\/strong>):<\/p>\n<pre># host -t mx linux.com\r\n# host 8.8.8.8\r\n<\/pre>\n<div id=\"attachment_20583\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Verify-DNS-Queries-in-Log.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20583\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/05\/Verify-DNS-Queries-in-Log.png\" alt=\"Verify DNS Queries in Log\" width=\"720\" height=\"206\" aria-describedby=\"caption-attachment-20583\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20583\" class=\"wp-caption-text\">Verify DNS Queries in Log<\/p>\n<\/div>\n<p>To disable DNS logging, type again:<\/p>\n<pre># rndc querylog\r\n<\/pre>\n<p>In\u00a0<strong>Ubuntu<\/strong>, enabling logging will require adding the following independent block (same level as the options block) to\u00a0<strong>\/etc\/bind\/named.conf<\/strong>:<\/p>\n<pre>logging {\r\n\tchannel query_log {\r\n    \tfile \"\/var\/log\/bind9\/query.log\";\r\n    \tseverity dynamic;\r\n    \tprint-category yes;\r\n    \tprint-severity yes;\r\n    \tprint-time yes;\r\n\t};\r\n\tcategory queries { query_log; };  \r\n};\r\n<\/pre>\n<p>Note that the log file must exist and be writable by named.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have explained how to set up a basic recursive, caching\u00a0<strong>DNS<\/strong>\u00a0server and how to configure zones for a domain.<\/p>\n<p>The mystery of name to IP resolution (and vice versa) is not such anymore! To ensure the proper operation of your DNS server, don\u2019t forget to allow the service in your firewall (port TCP\u00a0<strong>53<\/strong>) as explained in\u00a0<strong>Part 8<\/strong>\u00a0of the LFCE series (\u201c<a href=\"https:\/\/www.tecmint.com\/configure-iptables-firewall\/\" target=\"_blank\" rel=\"noopener\">Setup an Iptables Firewall to Enable Remote Access to Services<\/a>\u201c) and other articles in this same site such as\u00a0<a href=\"https:\/\/www.tecmint.com\/firewalld-vs-iptables-and-control-network-traffic-in-firewall\/\" target=\"_blank\" rel=\"noopener\">Firewall Essentials and Network Traffic Control Using FirewallD and Iptables<\/a>.<\/p>\n<p>We hope you have found this article helpful \u2013 don\u2019t hesitate to let us know if you have questions or comments. We always enjoy hearing from our readers!<\/p>\n<h1 class=\"post-title\">Implementing Mandatory Access Control with SELinux or AppArmor in Linux<\/h1>\n<p>To overcome the limitations of and to increase the security mechanisms provided by standard\u00a0<code>ugo\/rwx<\/code>permissions and\u00a0<a href=\"https:\/\/www.tecmint.com\/secure-files-using-acls-in-linux\/\" target=\"_blank\" rel=\"noopener\">access control lists<\/a>, the\u00a0<strong>United States National Security Agency<\/strong>\u00a0(NSA) devised a flexible\u00a0<strong>Mandatory Access Control<\/strong>\u00a0(MAC) method known as\u00a0<strong>SELinux<\/strong>\u00a0(short for\u00a0<strong>Security Enhanced Linux<\/strong>) in order to restrict among other things, the ability of processes to access or perform other operations on system objects (such as files, directories, network ports, etc) to the least permission possible, while still allowing for later modifications to this model.<\/p>\n<div id=\"attachment_20954\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/SELinux-AppArmor-Security-Hardening-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20954\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/SELinux-AppArmor-Security-Hardening-Linux.png\" alt=\"SELinux and AppArmor Security Hardening Linux\" width=\"720\" height=\"345\" aria-describedby=\"caption-attachment-20954\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20954\" class=\"wp-caption-text\">SELinux<br \/>\nand AppArmor Security Hardening Linux<\/p>\n<\/div>\n<p>Another popular and widely-used MAC is\u00a0<strong>AppArmor<\/strong>, which in addition to the features provided by\u00a0<strong>SELinux<\/strong>, includes a learning mode that allows the system to \u201c<strong>learn<\/strong>\u201d how a specific application behaves, and to set limits by configuring profiles for safe application usage.<\/p>\n<p>In\u00a0<strong>CentOS 7<\/strong>,\u00a0<strong>SELinux<\/strong>\u00a0is incorporated into the kernel itself and is enabled in\u00a0<strong>Enforcing<\/strong>\u00a0mode by default (more on this in the next section), as opposed to\u00a0<strong>openSUSE<\/strong>\u00a0and\u00a0<strong>Ubuntu<\/strong>\u00a0which use\u00a0<strong>AppArmor<\/strong>.<\/p>\n<p>In this article we will explain the essentials of SELinux and AppArmor and how to use one of these tools for your benefit depending on your chosen distribution.<\/p>\n<h3>Introduction to SELinux and How to Use it on CentOS 7<\/h3>\n<p>Security Enhanced Linux can operate in two different ways:<\/p>\n<ol>\n<li><strong>Enforcing<\/strong>: SELinux denies access based on SELinux policy rules, a set of guidelines that control the security engine.<\/li>\n<li><strong>Permissive<\/strong>: SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode.<\/li>\n<\/ol>\n<p>SELinux can also be disabled. Although it is not an operation mode itself, it is still an option. However, learning how to use this tool is better than just ignoring it. Keep it in mind!<\/p>\n<p>To display the current mode of\u00a0<strong>SELinux<\/strong>, use\u00a0<code>getenforce<\/code>. If you want to toggle the operation mode, use\u00a0<code>setenforce 0<\/code>\u00a0(to set it to\u00a0<strong>Permissive<\/strong>) or\u00a0<code>setenforce 1<\/code>\u00a0(<strong>Enforcing<\/strong>).<\/p>\n<p>Since this change will not survive a\u00a0<strong>reboot<\/strong>, you will need to edit the\u00a0<strong>\/etc\/selinux\/config<\/strong>\u00a0file and set the\u00a0<strong>SELINUX<\/strong>variable to either\u00a0<code>enforcing<\/code>,\u00a0<code>permissive<\/code>, or\u00a0<code>disabled<\/code>\u00a0in order to achieve persistence across reboots:<\/p>\n<div id=\"attachment_20939\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Enable-Disable-SELinux-Mode.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20939\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Enable-Disable-SELinux-Mode.png\" alt=\"How to Enable and Disable SELinux Mode\" width=\"725\" height=\"205\" aria-describedby=\"caption-attachment-20939\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20939\" class=\"wp-caption-text\">How to Enable and Disable SELinux Mode<\/p>\n<\/div>\n<p>On a side note, if\u00a0<code>getenforce<\/code>\u00a0returns Disabled, you will have to edit\u00a0<strong>\/etc\/selinux\/config<\/strong>\u00a0with the desired operation mode and reboot. Otherwise, you will not be able to set (or toggle) the operation mode with\u00a0<code>setenforce<\/code>.<\/p>\n<p>One of the typical uses of\u00a0<code>setenforce<\/code>\u00a0consists of toggling between SELinux modes (from\u00a0<strong>enforcing<\/strong>\u00a0to\u00a0<strong>permissive<\/strong>\u00a0or the other way around) to troubleshoot an application that is misbehaving or not working as expected. If it works after you set SELinux to\u00a0<strong>Permissive<\/strong>\u00a0mode, you can be confident you\u2019re looking at a SELinux permissions issue.<\/p>\n<p>Two classic cases where we will most likely have to deal with SELinux are:<\/p>\n<ol>\n<li>Changing the default port where a daemon listens on.<\/li>\n<li>Setting the\u00a0<strong>DocumentRoot<\/strong>\u00a0directive for a virtual host outside of\u00a0<strong>\/var\/www\/html<\/strong>.<\/li>\n<\/ol>\n<p>Let\u2019s take a look at these two cases using the following examples.<\/p>\n<h6>EXAMPLE 1: Changing the default port for the sshd daemon<\/h6>\n<p>One of the first thing most system administrators do in order to secure their servers is change the port where the SSH daemon listens on, mostly to discourage port scanners and external attackers. To do this, we use the Port directive in\u00a0<strong>\/etc\/ssh\/sshd_config<\/strong>\u00a0followed by the new port number as follows (we will use port\u00a0<strong>9999<\/strong>\u00a0in this case):<\/p>\n<pre>Port 9999\r\n<\/pre>\n<p>After attempting to restart the service and checking its status we will see that it failed to start:<\/p>\n<pre># systemctl restart sshd\r\n# systemctl status sshd\r\n<\/pre>\n<div id=\"attachment_20940\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-sshd-Service-Status.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20940\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-sshd-Service-Status.png\" alt=\"Check SSH Service Status\" width=\"690\" height=\"243\" aria-describedby=\"caption-attachment-20940\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20940\" class=\"wp-caption-text\">Check SSH Service Status<\/p>\n<\/div>\n<p>If we take a look at\u00a0<strong>\/var\/log\/audit\/audit.log<\/strong>, we will see that\u00a0<strong>sshd<\/strong>\u00a0was prevented from starting on port\u00a0<strong>9999<\/strong>\u00a0by\u00a0<strong>SELinux<\/strong>\u00a0because that is a reserved port for the\u00a0<strong>JBoss Management<\/strong>\u00a0service (SELinux log messages include the word\u00a0<strong>\u201cAVC\u201d<\/strong>\u00a0so that they might be easily identified from other messages):<\/p>\n<pre># cat \/var\/log\/audit\/audit.log | grep AVC | tail -1\r\n<\/pre>\n<div id=\"attachment_20941\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-Linux-Audit-Logs.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20941\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-Linux-Audit-Logs.png\" alt=\"Check Linux Audit Logs\" width=\"641\" height=\"77\" aria-describedby=\"caption-attachment-20941\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20941\" class=\"wp-caption-text\">Check Linux Audit Logs<\/p>\n<\/div>\n<p>At this point most people would probably disable\u00a0<strong>SELinux<\/strong>\u00a0but we won\u2019t. We will see that there\u2019s a way for SELinux, and sshd listening on a different port, to live in harmony together. Make sure you have the\u00a0<strong>policycoreutils-python<\/strong>\u00a0package installed and run:<\/p>\n<pre># yum install policycoreutils-python\r\n<\/pre>\n<p>To view a list of the ports where SELinux allows sshd to listen on. In the following image we can also see that port\u00a0<strong>9999<\/strong>\u00a0was reserved for another service and thus we can\u2019t use it to run another service for the time being:<\/p>\n<pre># semanage port -l | grep ssh\r\n<\/pre>\n<p>Of course we could choose another port for SSH, but if we are certain that we will not need to use this specific machine for any JBoss-related services, we can then modify the existing SELinux rule and assign that port to SSH instead:<\/p>\n<pre># semanage port -m -t ssh_port_t -p tcp 9999\r\n<\/pre>\n<p>After that, we can use the first\u00a0<strong>semanage<\/strong>\u00a0command to check if the port was correctly assigned, or the\u00a0<code>-lC<\/code>options (short for list custom):<\/p>\n<pre># semanage port -lC\r\n# semanage port -l | grep ssh\r\n<\/pre>\n<div id=\"attachment_20942\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Assign-Port-to-SSH.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20942\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Assign-Port-to-SSH.png\" alt=\"Assign Port to SSH\" width=\"654\" height=\"210\" aria-describedby=\"caption-attachment-20942\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20942\" class=\"wp-caption-text\">Assign Port to SSH<\/p>\n<\/div>\n<p>We can now restart SSH and connect to the service using port\u00a0<strong>9999<\/strong>. Note that this change WILL survive a reboot.<\/p>\n<h6>EXAMPLE 2: Choosing a DocumentRoot outside \/var\/www\/html for a virtual host<\/h6>\n<p>If you need to\u00a0<a href=\"https:\/\/www.tecmint.com\/apache-virtual-hosting-in-centos\/\" target=\"_blank\" rel=\"noopener\">set up a Apache virtual host<\/a>\u00a0using a directory other than\u00a0<strong>\/var\/www\/html<\/strong>\u00a0as\u00a0<strong>DocumentRoot<\/strong>\u00a0(say, for example,\u00a0<strong>\/websrv\/sites\/gabriel\/public_html<\/strong>):<\/p>\n<pre>DocumentRoot \u201c\/websrv\/sites\/gabriel\/public_html\u201d\r\n<\/pre>\n<p>Apache will refuse to serve the content because the\u00a0<strong>index.html<\/strong>\u00a0has been labeled with the\u00a0<strong>default_t SELinux<\/strong>type, which Apache can\u2019t access:<\/p>\n<pre># wget http:\/\/localhost\/index.html\r\n# ls -lZ \/websrv\/sites\/gabriel\/public_html\/index.html\r\n<\/pre>\n<div id=\"attachment_20943\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Labeled-default_t-SELinux-Type.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20943\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Labeled-default_t-SELinux-Type.png\" alt=\"Labeled as default_t SELinux Type\" width=\"625\" height=\"194\" aria-describedby=\"caption-attachment-20943\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20943\" class=\"wp-caption-text\">Labeled as default_t SELinux Type<\/p>\n<\/div>\n<p>As with the previous example, you can use the following command to verify that this is indeed a SELinux-related issue:<\/p>\n<pre># cat \/var\/log\/audit\/audit.log | grep AVC | tail -1\r\n<\/pre>\n<div id=\"attachment_20944\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-Logs-for-SELinux-Issues.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20944\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-Logs-for-SELinux-Issues.png\" alt=\"Check Logs for SELinux Issues\" width=\"629\" height=\"87\" aria-describedby=\"caption-attachment-20944\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20944\" class=\"wp-caption-text\">Check Logs for SELinux Issues<\/p>\n<\/div>\n<p>To change the label of\u00a0<strong>\/websrv\/sites\/gabriel\/public_html<\/strong>\u00a0recursively to\u00a0<code>httpd_sys_content_t<\/code>, do:<\/p>\n<pre># semanage fcontext -a -t httpd_sys_content_t \"\/websrv\/sites\/gabriel\/public_html(\/.*)?\"\r\n<\/pre>\n<p>The above command will grant Apache read-only access to that directory and its contents.<\/p>\n<p>Finally, to apply the policy (and make the label change effective immediately), do:<\/p>\n<pre># restorecon -R -v \/websrv\/sites\/gabriel\/public_html\r\n<\/pre>\n<p>Now you should be able to access the directory:<\/p>\n<pre># wget http:\/\/localhost\/index.html\r\n<\/pre>\n<div id=\"attachment_20945\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Access-Apache-Directory.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20945\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Access-Apache-Directory.png\" alt=\"Access Apache Directory\" width=\"581\" height=\"228\" aria-describedby=\"caption-attachment-20945\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20945\" class=\"wp-caption-text\">Access Apache Directory<\/p>\n<\/div>\n<p>For more information on SELinux, refer to the Fedora 22\u00a0<a href=\"https:\/\/docs.fedoraproject.org\/en-US\/Fedora\/22\/html\/SELinux_Users_and_Administrators_Guide\/index.html\" target=\"_blank\" rel=\"noopener\">SELinux and Administrator guide<\/a>.<\/p>\n<h3>Introduction to AppArmor and How to Use it on OpenSUSE and Ubuntu<\/h3>\n<p>The operation of\u00a0<strong>AppArmor<\/strong>\u00a0is based on profiles defined in plain text files where the allowed permissions and access control rules are set. Profiles are then used to place limits on how applications interact with processes and files in the system.<\/p>\n<p>A set of profiles is provided out-of-the-box with the operating system, whereas others can be put in place either automatically by applications when they are installed or manually by the system administrator.<\/p>\n<p>Like\u00a0<strong>SELinux<\/strong>,\u00a0<strong>AppArmor<\/strong>\u00a0runs profiles in two modes. In\u00a0<code>enforce mode<\/code>, applications are given the minimum permissions that are necessary for them to run, whereas in\u00a0<code>complain mode<\/code>\u00a0AppArmor allows an application to take restricted actions and saves the\u00a0<strong>\u201ccomplaints\u201d<\/strong>\u00a0resulting from that operation to a log (<strong>\/var\/log\/kern.log<\/strong>,\u00a0<strong>\/var\/log\/audit\/audit.log<\/strong>, and other logs inside\u00a0<strong>\/var\/log\/apparmor<\/strong>).<\/p>\n<p>These logs will show through lines with the word\u00a0<strong>audit<\/strong>\u00a0in them errors that would occur should the profile be run in\u00a0<strong>enforce mode<\/strong>. Thus, you can try out an application in\u00a0<strong>complain mode<\/strong>\u00a0and adjust its behavior before running it under AppArmor in enforce mode.<\/p>\n<p>The current status of AppArmor can be shown using:<\/p>\n<pre>$ sudo apparmor_status\r\n<\/pre>\n<div id=\"attachment_20946\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-AppArmor-Status.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20946\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/Check-AppArmor-Status.png\" alt=\"Check AppArmor Status\" width=\"438\" height=\"293\" aria-describedby=\"caption-attachment-20946\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20946\" class=\"wp-caption-text\">Check AppArmor Status<\/p>\n<\/div>\n<p>The image above indicates that the profiles\u00a0<strong>\/sbin\/dhclient<\/strong>,\u00a0<strong>\/usr\/sbin\/<\/strong>, and\u00a0<strong>\/usr\/sbin\/tcpdump<\/strong>\u00a0are in\u00a0<strong>enforce mode<\/strong>\u00a0(that is true by default in Ubuntu).<\/p>\n<p>Since not all applications include the associated AppArmor profiles, the\u00a0<strong>apparmor-profiles<\/strong>\u00a0package, which provides other profiles that have not been shipped by the packages they provide confinement for. By default, they are configured to run in\u00a0<strong>complain mode<\/strong>\u00a0so that system administrators can test them and choose which ones are desired.<\/p>\n<p>We will make use of\u00a0<strong>apparmor-profiles<\/strong>\u00a0since writing our own profiles is out of the scope of the\u00a0<a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">LFCS certification<\/a>. However, since profiles are plain text files, you can view them and study them in preparation to create your own profiles in the future.<\/p>\n<p><strong>AppArmor<\/strong>\u00a0profiles are stored inside\u00a0<strong>\/etc\/apparmor.d<\/strong>. Let\u2019s take a look at the contents of that directory before and after installing\u00a0<strong>apparmor-profiles<\/strong>:<\/p>\n<pre>$ ls \/etc\/apparmor.d\r\n<\/pre>\n<div id=\"attachment_20947\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/View-AppArmor-Directory-Content.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-20947\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2016\/06\/View-AppArmor-Directory-Content.png\" alt=\"View AppArmor Directory Content\" width=\"486\" height=\"472\" aria-describedby=\"caption-attachment-20947\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-20947\" class=\"wp-caption-text\">View AppArmor Directory Content<\/p>\n<\/div>\n<p>If you execute\u00a0<code>sudo apparmor_status<\/code>\u00a0again, you will see a longer list of profiles in\u00a0<strong>complain mode<\/strong>. You can now perform the following operations:<\/p>\n<p>To switch a profile currently in\u00a0<strong>enforce mode<\/strong>\u00a0to\u00a0<strong>complain mode<\/strong>:<\/p>\n<pre>$ sudo aa-complain \/path\/to\/file\r\n<\/pre>\n<p>and the other way around (<strong>complain \u2013&gt; enforce<\/strong>):<\/p>\n<pre>$ sudo aa-enforce \/path\/to\/file\r\n<\/pre>\n<p>Wildcards are allowed in the above cases. For example,<\/p>\n<pre>$ sudo aa-complain \/etc\/apparmor.d\/*\r\n<\/pre>\n<p>will place all profiles inside\u00a0<strong>\/etc\/apparmor.d<\/strong>\u00a0into\u00a0<strong>complain mode<\/strong>, whereas<\/p>\n<pre>$ sudo aa-enforce \/etc\/apparmor.d\/*\r\n<\/pre>\n<p>will switch all profiles to\u00a0<strong>enforce mode<\/strong>.<\/p>\n<p>To entirely disable a profile, create a symbolic link in the\u00a0<strong>\/etc\/apparmor.d\/disabled<\/strong>\u00a0directory:<\/p>\n<pre>$ sudo ln -s \/etc\/apparmor.d\/profile.name \/etc\/apparmor.d\/disable\/\r\n<\/pre>\n<p>For more information on\u00a0<strong>AppArmor<\/strong>, please refer to the\u00a0<a href=\"http:\/\/wiki.apparmor.net\/index.php\/Main_Page\" target=\"_blank\" rel=\"noopener\">official AppArmor wiki<\/a>\u00a0and to the documentation\u00a0<a href=\"https:\/\/help.ubuntu.com\/community\/AppArmor\" target=\"_blank\" rel=\"noopener\">provided by Ubuntu<\/a>.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have gone through the basics of\u00a0<strong>SELinux<\/strong>\u00a0and\u00a0<strong>AppArmor<\/strong>, two well-known MACs. When to use one or the other? To avoid difficulties, you may want to consider sticking with the one that comes with your chosen distribution. In any event, they will help you place restrictions on processes and access to system resources to increase the security in your servers.<\/p>\n<p>Do you have any questions, comments, or suggestions about this article? Feel free to let us know using the form below. Don\u2019t hesitate to let us know if you have any questions or comments.<\/p>\n<p><a href=\"https:\/\/www.tecmint.com\/sed-command-to-create-edit-and-manipulate-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>LFCS: How to use GNU \u2018sed\u2019 Command to Create, Edit, and Manipulate files in Linux \u2013 Part 1 The Linux Foundation announced the\u00a0LFCS\u00a0(Linux Foundation Certified Sysadmin) certification, a new program that aims at helping individuals all over the world to get certified in basic to intermediate system administration tasks for Linux systems. This includes supporting &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/04\/03\/lfcs-linux-foundation-certified-sysadmin\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;LFCS (Linux Foundation Certified Sysadmin)&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13467","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=13467"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13467\/revisions"}],"predecessor-version":[{"id":13515,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13467\/revisions\/13515"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=13467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=13467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=13467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}