{"id":13526,"date":"2019-04-03T07:22:55","date_gmt":"2019-04-03T07:22:55","guid":{"rendered":"http:\/\/www.appservgrid.com\/paw92\/?p=13526"},"modified":"2019-04-03T07:22:55","modified_gmt":"2019-04-03T07:22:55","slug":"rhcsa-red-hat-certified-system-administrator","status":"publish","type":"post","link":"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/04\/03\/rhcsa-red-hat-certified-system-administrator\/","title":{"rendered":"RHCSA (Red Hat Certified System Administrator)"},"content":{"rendered":"<h1 class=\"post-title\">RHCSA Series: Reviewing Essential Commands &amp; System Documentation \u2013 Part 1<\/h1>\n<p><strong>RHCSA<\/strong>\u00a0(<strong>Red Hat Certified System Administrator<\/strong>) is a certification exam from Red Hat company, which provides an open source operating system and software to the enterprise community, It also provides support, training and consulting services for the organizations.<\/p>\n<div id=\"attachment_11761\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/RHCSA-Series-by-Tecmint.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11761\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/RHCSA-Series-by-Tecmint.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/RHCSA-Series-by-Tecmint.png 720w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/RHCSA-Series-by-Tecmint-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/RHCSA-Series-by-Tecmint-520x245.png 520w\" alt=\"RHCSA Exam Guide\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-11761\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11761\" class=\"wp-caption-text\">RHCSA Exam Preparation Guide<\/p>\n<\/div>\n<p><strong>RHCSA<\/strong>\u00a0exam is the certification obtained from Red Hat Inc, after passing the exam (codename\u00a0<strong>EX200<\/strong>). RHCSA exam is an upgrade to the\u00a0<strong>RHCT<\/strong>\u00a0(<strong>Red Hat Certified Technician<\/strong>) exam, and this upgrade is compulsory as the Red Hat Enterprise Linux was upgraded. The main variation between RHCT and RHCSA is that RHCT exam based on RHEL 5, whereas RHCSA certification is based on RHEL 6 and 7, the courseware of these two certifications are also vary to a certain level.<\/p>\n<p>This Red Hat Certified System Administrator (RHCSA) is essential to perform the following core system administration tasks needed in Red Hat Enterprise Linux environments:<\/p>\n<ol>\n<li>Understand and use necessary tools for handling files, directories, command-environments line, and system-wide \/ packages documentation.<\/li>\n<li>Operate running systems, even in different run levels, identify and control processes, start and stop virtual machines.<\/li>\n<li>Set up local storage using partitions and logical volumes.<\/li>\n<li>Create and configure local and network file systems and its attributes (permissions, encryption, and ACLs).<\/li>\n<li>Setup, configure, and control systems, including installing, updating and removing software.<\/li>\n<li>Manage system users and groups, along with use of a centralized LDAP directory for authentication.<\/li>\n<li>Ensure system security, including basic firewall and SELinux configuration.<\/li>\n<\/ol>\n<p>To view fees and register for an exam in your country, check the\u00a0<a href=\"https:\/\/www.redhat.com\/en\/services\/certification\/rhcsa\" target=\"_blank\" rel=\"noopener\">RHCSA Certification<\/a>\u00a0page.<\/p>\n<p>In this 15-article RHCSA series, titled Preparation for the RHCSA (Red Hat Certified System Administrator) exam, we will going to cover the following topics on the latest releases of\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>.<\/p>\n<div id=\"exam_announcement\"><b>Part 1<\/b>:\u00a0<b>Reviewing Essential Commands &amp; System Documentation<\/b><\/div>\n<div id=\"exam_announcement\"><b>Part 2<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/file-and-directory-management-in-linux\/\" target=\"_blank\" rel=\"noopener\">How to Perform File and Directory Management in RHEL 7<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 3<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-manage-users-and-groups\/\" target=\"_blank\" rel=\"noopener\">How to Manage Users and Groups in RHEL 7<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 4<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-how-to-use-nano-vi-editors\/\" target=\"_blank\" rel=\"noopener\">Editing Text Files with Nano and Vim \/ Analyzing text with grep and regexps<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 5<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-boot-process-and-process-management\/\" target=\"_blank\" rel=\"noopener\">Process Management in RHEL 7: boot, shutdown, and everything in between<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 6<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-create-format-resize-delete-and-encrypt-partitions-in-linux\/\" target=\"_blank\" rel=\"noopener\">Using \u2018Parted\u2019 and \u2018SSM\u2019 to Configure and Encrypt System Storage<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 7<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-configure-acls-and-mount-nfs-samba-shares\/\" target=\"_blank\" rel=\"noopener\">Using ACLs (Access Control Lists) and Mounting Samba \/ NFS Shares<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 8<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-series-secure-ssh-set-hostname-enable-network-services-in-rhel-7\/\" target=\"_blank\" rel=\"noopener\">Securing SSH, Setting Hostname and Enabling Network Services<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 9<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel\/\" target=\"_blank\" rel=\"noopener\">Installing, Configuring and Securing a Web and FTP Server<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 10<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/yum-package-management-cron-job-scheduling-monitoring-linux-logs\/\" target=\"_blank\" rel=\"noopener\">Yum Package Management, Automating Tasks with Cron and Monitoring System Logs<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 11<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/firewalld-vs-iptables-and-control-network-traffic-in-firewall\/\" target=\"_blank\" rel=\"noopener\">Firewall Essentials and Control Network Traffic Using FirewallD and Iptables<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 12<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/automatic-rhel-installations-using-kickstart\/\" target=\"_blank\" rel=\"noopener\">Automate RHEL 7 Installations Using \u2018Kickstart\u2019<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 13<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/selinux-essentials-and-control-filesystem-access\/\" target=\"_blank\" rel=\"noopener\">Mandatory Access Control Essentials with SELinux<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 14<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/setup-ldap-server-and-configure-client-authentication\/\" target=\"_blank\" rel=\"noopener\">Setting Up LDAP-based Authentication in RHEL 7<\/a><\/div>\n<div id=\"exam_announcement\"><b>Part 15<\/b>:\u00a0<a href=\"https:\/\/www.tecmint.com\/kvm-virtualization-basics-and-guest-administration\/\" target=\"_blank\" rel=\"noopener\">Essentials of Virtualization and Guest Administration with KVM<\/a><\/div>\n<p>In this\u00a0<b>Part 1<\/b>\u00a0of the RHCSA series, we will explain how to enter and execute commands with the correct syntax in a shell prompt or terminal, and explained how to find, inspect, and use system documentation.<\/p>\n<div id=\"attachment_11762\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Reviewing-Essential-Linux-Commands.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11762\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Reviewing-Essential-Linux-Commands.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Reviewing-Essential-Linux-Commands.png 720w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Reviewing-Essential-Linux-Commands-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Reviewing-Essential-Linux-Commands-520x245.png 520w\" alt=\"RHCSA: Reviewing Essential Linux Commands \u2013 Part 1\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-11762\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11762\" class=\"wp-caption-text\">RHCSA: Reviewing Essential Linux Commands \u2013 Part 1<\/p>\n<\/div>\n<h4>Prerequisites:<\/h4>\n<p>At least a slight degree of familiarity with basic Linux commands such as:<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/cd-command-in-linux\/\" target=\"_blank\" rel=\"noopener\">cd command<\/a>\u00a0(change directory)<\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/ls-command-interview-questions\/\" target=\"_blank\" rel=\"noopener\">ls command<\/a>\u00a0(list directory)<\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/advanced-copy-command-shows-progress-bar-while-copying-files\/\" target=\"_blank\" rel=\"noopener\">cp command<\/a>\u00a0(copy files)<\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/rename-multiple-files-in-linux\/\" target=\"_blank\" rel=\"noopener\">mv command<\/a>\u00a0(move or rename files)<\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/8-pratical-examples-of-linux-touch-command\/\" target=\"_blank\" rel=\"noopener\">touch command<\/a>\u00a0(create empty files or update the timestamp of existing ones)<\/li>\n<li>rm command (delete files)<\/li>\n<li>mkdir command (make directory)<\/li>\n<\/ol>\n<p>The correct usage of some of them are anyway exemplified in this article, and you can find further information about each of them using the suggested methods in this article.<\/p>\n<p>Though not strictly required to start, as we will be discussing general commands and methods for information search in a Linux system, you should try to install\u00a0<b>RHEL 7<\/b>\u00a0as explained in the following article. It will make things easier down the road.<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/redhat-enterprise-linux-7-installation\/\" target=\"_blank\" rel=\"noopener\">Red Hat Enterprise Linux (RHEL) 7 Installation Guide<\/a><\/li>\n<\/ol>\n<h3>Interacting with the Linux Shell<\/h3>\n<p>If we log into a Linux box using a\u00a0<b>text-mode<\/b>\u00a0login screen, chances are we will be dropped directly into our default shell. On the other hand, if we login using a graphical user interface (GUI), we will have to open a shell manually by starting a terminal. Either way, we will be presented with the user prompt and we can start typing and executing commands (a command is executed by pressing the\u00a0<b>Enter<\/b>\u00a0key after we have typed it).<\/p>\n<p>Commands are composed of two parts:<\/p>\n<ol>\n<li>the name of the command itself, and<\/li>\n<li>arguments<\/li>\n<\/ol>\n<p>Certain arguments, called\u00a0<b>options<\/b>\u00a0(usually preceded by a hyphen), alter the behavior of the command in a particular way while other arguments specify the objects upon which the command operates.<\/p>\n<p>The\u00a0<b>type<\/b>\u00a0command can help us identify whether another certain command is built into the shell or if it is provided by a separate package. The need to make this distinction lies in the place where we will find more information about the command. For shell built-ins we need to look in the shell\u2019s man page, whereas for other binaries we can refer to its own man page.<\/p>\n<div id=\"attachment_11589\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Check-shell-built-in-Commands.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11589\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Check-shell-built-in-Commands.png\" alt=\"Check Shell built in Commands\" width=\"240\" height=\"159\" aria-describedby=\"caption-attachment-11589\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11589\" class=\"wp-caption-text\">Check Shell built in Commands<\/p>\n<\/div>\n<p>In the examples above,\u00a0<b>cd<\/b>\u00a0and\u00a0<b>type<\/b>\u00a0are shell built-ins, while\u00a0<b>top<\/b>\u00a0and\u00a0<b>less<\/b>\u00a0are binaries external to the shell itself (in this case, the location of the command executable is returned by\u00a0<b>type<\/b>).<\/p>\n<p>Other well-known shell built-ins include:<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/echo-command-in-linux\/\" target=\"_blank\" rel=\"noopener\">echo command<\/a>: Displays strings of text.<\/li>\n<li><a href=\"https:\/\/www.tecmint.com\/pwd-command-examples\/\" target=\"_blank\" rel=\"noopener\">pwd command<\/a>: Prints the current working directory.<\/li>\n<\/ol>\n<div id=\"attachment_11590\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/More-Built-in-Shell-Commands.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11590\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/More-Built-in-Shell-Commands-620x80.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/More-Built-in-Shell-Commands-620x80.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/More-Built-in-Shell-Commands.png 707w\" alt=\"More Built in Shell Commands\" width=\"620\" height=\"80\" aria-describedby=\"caption-attachment-11590\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11590\" class=\"wp-caption-text\">More Built in Shell Commands<\/p>\n<\/div>\n<h6>exec command<\/h6>\n<p>Runs an external program that we specify. Note that in most cases, this is better accomplished by just typing the name of the program we want to run, but the\u00a0<b>exec<\/b>\u00a0command has one special feature: rather than create a new process that runs alongside the shell, the new process replaces the shell, as can verified by subsequent.<\/p>\n<pre># ps -ef | grep [original PID of the shell process]\r\n<\/pre>\n<p>When the new process terminates, the shell terminates with it. Run\u00a0<b>exec top<\/b>\u00a0and then hit the\u00a0<b>q<\/b>\u00a0key to quit top. You will notice that the shell session ends when you do, as shown in the following screencast:<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/f02w4WT73LE\" width=\"640\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<h6>export command<\/h6>\n<p>Exports variables to the environment of subsequently executed commands.<\/p>\n<h6>history Command<\/h6>\n<p>Displays the command history list with line numbers. A command in the history list can be repeated by typing the command number preceded by an exclamation sign. If we need to edit a command in history list before executing it, we can press\u00a0<b>Ctrl + r<\/b>\u00a0and start typing the first letters associated with the command. When we see the command completed automatically, we can edit it as per our current need:<\/p>\n<div class=\"post-format\">\n<div class=\"video-container\"><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/69vafdSMfU4\" width=\"640\" height=\"405\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\"><\/iframe><\/div>\n<\/div>\n<p>This list of commands is kept in our home directory in a file called\u00a0<b>.bash_history<\/b>. The history facility is a useful resource for reducing the amount of typing, especially when combined with command line editing. By default, bash stores the last 500 commands you have entered, but this limit can be extended by using the\u00a0<b>HISTSIZE<\/b>environment variable:<\/p>\n<div id=\"attachment_11591\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-history-Command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11591\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-history-Command.png\" alt=\"Linux history Command\" width=\"304\" height=\"109\" aria-describedby=\"caption-attachment-11591\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11591\" class=\"wp-caption-text\">Linux history Command<\/p>\n<\/div>\n<p>But this change\u00a0<b>as<\/b>\u00a0performed above, will not be persistent on our next boot. In order to preserve the change in the\u00a0<b>HISTSIZE<\/b>\u00a0variable, we need to edit the\u00a0<b>.bashrc file<\/b>\u00a0by hand:<\/p>\n<pre># for setting history length see HISTSIZE and HISTFILESIZE in bash(1)\r\nHISTSIZE=1000\r\n<\/pre>\n<p><strong>Important<\/strong>: Keep in mind that these changes will not take effect until we restart our shell session.<\/p>\n<h6>alias command<\/h6>\n<p>With no arguments or with the\u00a0<b>-p<\/b>\u00a0option prints the list of aliases in the form alias\u00a0<b>name=value<\/b>\u00a0on standard output. When arguments are provided, an alias is defined for each name whose value is given.<\/p>\n<p>With\u00a0<b>alias<\/b>, we can make up our own commands or modify existing ones by including desired options. For example, suppose we want to alias\u00a0<b>ls<\/b>\u00a0to\u00a0<b>ls \u2013color=auto<\/b>\u00a0so that the output will display regular files, directories, symlinks, and so on, in different colors:<\/p>\n<pre># alias ls='ls --color=auto'\r\n<\/pre>\n<div id=\"attachment_11592\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-alias-Command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11592\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-alias-Command.png\" alt=\"Linux alias Command\" width=\"526\" height=\"143\" aria-describedby=\"caption-attachment-11592\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11592\" class=\"wp-caption-text\">Linux alias Command<\/p>\n<\/div>\n<p><strong>Note<\/strong>: That you can assign any name to your \u201c<b>new command<\/b>\u201d and enclose as many commands as desired between single quotes, but in that case you need to separate them by semicolons, as follows:<\/p>\n<pre># alias myNewCommand='cd \/usr\/bin; ls; cd; clear'\r\n<\/pre>\n<h6>exit command<\/h6>\n<p>The\u00a0<b>exit<\/b>\u00a0and\u00a0<b>logout<\/b>\u00a0commands both terminate the shell. The\u00a0<b>exit<\/b>\u00a0command terminates any shell, but the\u00a0<b>logout<\/b>command terminates only login shells\u2014that is, those that are launched automatically when you initiate a text-mode login.<\/p>\n<p>If we are ever in doubt as to what a program does, we can refer to its man page, which can be invoked using the\u00a0<b>man command<\/b>. In addition, there are also man pages for important files (inittab, fstab, hosts, to name a few), library functions, shells, devices, and other features.<\/p>\n<h5>Examples:<\/h5>\n<ol>\n<li><b>man uname<\/b>\u00a0(print system information, such as kernel name, processor, operating system type, architecture, and so on).<\/li>\n<li><b>man inittab<\/b>\u00a0(init daemon configuration).<\/li>\n<\/ol>\n<p>Another important source of information is provided by the\u00a0<b>info<\/b>\u00a0command, which is used to read info documents. These documents often provide more information than the man page. It is invoked by using the\u00a0<b>info keyword<\/b>\u00a0followed by a command name, such as:<\/p>\n<pre># info ls\r\n# info cut\r\n<\/pre>\n<p>In addition, the\u00a0<b>\/usr\/share\/doc<\/b>\u00a0directory contains several subdirectories where further documentation can be found. They either contain plain-text files or other friendly formats.<\/p>\n<p>Make sure you make it a habit to use these three methods to look up information for commands. Pay special and careful attention to the syntax of each of them, which is explained in detail in the documentation.<\/p>\n<h6>Converting Tabs into Spaces with expand Command<\/h6>\n<p>Sometimes text files contain tabs but programs that need to process the files don\u2019t cope well with tabs. Or maybe we just want to convert tabs into spaces. That\u2019s where the\u00a0<b>expand<\/b>\u00a0tool (provided by the GNU coreutils package) comes in handy.<\/p>\n<p>For example, given the file\u00a0<b>NumbersList.txt<\/b>, let\u2019s run\u00a0<b>expand<\/b>\u00a0against it, changing tabs to one space, and display on standard output.<\/p>\n<pre># expand --tabs=1 NumbersList.txt\r\n<\/pre>\n<div id=\"attachment_11593\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-expand-Command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11593\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-expand-Command.png\" alt=\"Linux expand Command\" width=\"362\" height=\"158\" aria-describedby=\"caption-attachment-11593\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11593\" class=\"wp-caption-text\">Linux expand Command<\/p>\n<\/div>\n<p>The\u00a0<b>unexpand<\/b>\u00a0command performs the reverse operation (converts spaces into tabs).<\/p>\n<h6>Display the first lines of a file with head and the last lines with tail<\/h6>\n<p>By default, the\u00a0<b>head<\/b>\u00a0command followed by a\u00a0<b>filename<\/b>, will display the first 10 lines of the said file. This behavior can be changed using the\u00a0<b>-n<\/b>\u00a0option and specifying a certain number of lines.<\/p>\n<pre># head -n3 \/etc\/passwd\r\n# tail -n3 \/etc\/passwd\r\n<\/pre>\n<div id=\"attachment_11594\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-head-and-tail-Command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11594\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Linux-head-and-tail-Command.png\" alt=\"Linux head and tail Command\" width=\"399\" height=\"157\" aria-describedby=\"caption-attachment-11594\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11594\" class=\"wp-caption-text\">Linux head and tail Command<\/p>\n<\/div>\n<p>One of the most interesting features of\u00a0<b>tail<\/b>\u00a0is the possibility of displaying data (last lines) as the input file grows (<b>tail -f my.log<\/b>, where my.log is the file under observation). This is particularly useful when monitoring a log to which data is being continually added.<\/p>\n<p>Read More:\u00a0<a href=\"https:\/\/www.tecmint.com\/view-contents-of-file-in-linux\/\" target=\"_blank\" rel=\"noopener\">Manage Files Effectively using head and tail Commands<\/a><\/p>\n<h6>Merging Lines with paste<\/h6>\n<p>The\u00a0<b>paste<\/b>\u00a0command merges files line by line, separating the lines from each file with tabs (by default), or another delimiter that can be specified (in the following example the fields in the output are separated by an equal sign).<\/p>\n<pre># paste -d= file1 file2\r\n<\/pre>\n<div id=\"attachment_11595\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Merge-Files-in-Linux-with-paste-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11595\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Merge-Files-in-Linux-with-paste-command.png\" alt=\"Merge Files in Linux\" width=\"300\" height=\"380\" aria-describedby=\"caption-attachment-11595\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11595\" class=\"wp-caption-text\">Merge Files in Linux<\/p>\n<\/div>\n<h6>Breaking a file into pieces using split command<\/h6>\n<p>The\u00a0<b>split<\/b>\u00a0command is used split a file into two (or more) separate files, which are named according to a prefix of our choosing. The splitting can be defined by size, chunks, or number of lines, and the resulting files can have a numeric or alphabetic suffixes. In the following example, we will split\u00a0<b>bash.pdf<\/b>\u00a0into files of size\u00a0<b>50 KB<\/b>\u00a0(-b 50KB), using numeric suffixes (<b>-d<\/b>):<\/p>\n<pre># split -b 50KB -d bash.pdf bash_\r\n<\/pre>\n<div id=\"attachment_11596\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Split-Files-in-Linux-with-split-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11596\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Split-Files-in-Linux-with-split-command.png\" alt=\"Split Files in Linux\" width=\"405\" height=\"211\" aria-describedby=\"caption-attachment-11596\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11596\" class=\"wp-caption-text\">Split Files in Linux<\/p>\n<\/div>\n<p>You can merge the files to recreate the original file with the following command:<\/p>\n<pre># cat bash_00 bash_01 bash_02 bash_03 bash_04 bash_05 &gt; bash.pdf\r\n<\/pre>\n<h6>Translating characters with tr command<\/h6>\n<p>The\u00a0<b>tr<\/b>\u00a0command can be used to translate (change) characters on a one-by-one basis or using character ranges. In the following example we will use the same\u00a0<b>file2<\/b>\u00a0as previously, and we will change:<\/p>\n<ol>\n<li>lowercase o\u2019s to uppercase,<\/li>\n<li>and all lowercase to uppercase<\/li>\n<\/ol>\n<pre># cat file2 | tr o O\r\n# cat file2 | tr [a-z] [A-Z]\r\n<\/pre>\n<div id=\"attachment_11597\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Translate-characters-in-Linux-with-tr-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11597\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Translate-characters-in-Linux-with-tr-command.png\" alt=\"Linux tr Command Examples\" width=\"320\" height=\"379\" aria-describedby=\"caption-attachment-11597\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11597\" class=\"wp-caption-text\">Translate Characters in Linux<\/p>\n<\/div>\n<h6>Reporting or deleting duplicate lines with uniq and sort command<\/h6>\n<p>The\u00a0<b>uniq<\/b>\u00a0command allows us to report or remove duplicate lines in a file, writing to\u00a0<b>stdout<\/b>\u00a0by default. We must note that\u00a0<b>uniq<\/b>\u00a0does not detect repeated lines unless they are adjacent. Thus,\u00a0<b>uniq<\/b>\u00a0is commonly used along with a preceding\u00a0<b>sort<\/b>\u00a0(which is used to sort lines of text files).<\/p>\n<p>By default,\u00a0<b>sort<\/b>\u00a0takes the first field (separated by spaces) as key field. To specify a different key field, we need to use the\u00a0<b>-k<\/b>\u00a0option. Please note how the output returned by sort and uniq change as we change the key field in the following example:<\/p>\n<pre># cat file3\r\n# sort file3 | uniq\r\n# sort -k2 file3 | uniq\r\n# sort -k3 file3 | uniq\r\n<\/pre>\n<div id=\"attachment_11598\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Remove-Duplicate-Lines-in-file.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11598\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Remove-Duplicate-Lines-in-file.png\" alt=\"Remove Duplicate Lines in Linux\" width=\"286\" height=\"444\" aria-describedby=\"caption-attachment-11598\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11598\" class=\"wp-caption-text\">Remove Duplicate Lines in Linux<\/p>\n<\/div>\n<h6>Extracting text with cut command<\/h6>\n<p>The\u00a0<b>cut<\/b>\u00a0command extracts portions of input lines (from\u00a0<b>stdin<\/b>\u00a0or files) and displays the result on standard output, based on number of bytes (-b), characters (-c), or fields (-f).<\/p>\n<p>When using\u00a0<b>cut<\/b>\u00a0based on fields, the default field separator is a tab, but a different separator can be specified by using the\u00a0<b>-d<\/b>\u00a0option.<\/p>\n<pre># cut -d: -f1,3 \/etc\/passwd # Extract specific fields: 1 and 3 in this case\r\n# cut -d: -f2-4 \/etc\/passwd # Extract range of fields: 2 through 4 in this example\r\n<\/pre>\n<div id=\"attachment_11599\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Extract-Text-from-a-file.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11599\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Extract-Text-from-a-file-620x171.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Extract-Text-from-a-file-620x171.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/Extract-Text-from-a-file.png 665w\" alt=\"Extract Text From a File in Linux\" width=\"620\" height=\"171\" aria-describedby=\"caption-attachment-11599\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11599\" class=\"wp-caption-text\">Extract Text From a File in Linux<\/p>\n<\/div>\n<p>Note that the output of the two examples above was truncated for brevity.<\/p>\n<h6>Reformatting files with fmt command<\/h6>\n<p><b>fmt<\/b>\u00a0is used to \u201cclean up\u201d files with a great amount of content or lines, or with varying degrees of indentation. The new paragraph formatting defaults to no more than 75 characters wide. You can change this with the\u00a0<b>-w<\/b>\u00a0(width) option, which set the line length to the specified number of characters.<\/p>\n<p>For example, let\u2019s see what happens when we use\u00a0<b>fmt<\/b>\u00a0to display the\u00a0<b>\/etc\/passwd<\/b>\u00a0file setting the width of each line to 100 characters. Once again, output has been truncated for brevity.<\/p>\n<pre># fmt -w100 \/etc\/passwd\r\n<\/pre>\n<div id=\"attachment_11600\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Reformatting-in-Linux-with-fmt-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11600\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Reformatting-in-Linux-with-fmt-command-620x82.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Reformatting-in-Linux-with-fmt-command-620x82.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Reformatting-in-Linux-with-fmt-command.png 812w\" alt=\"Linux fmt Command Examples\" width=\"620\" height=\"82\" aria-describedby=\"caption-attachment-11600\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11600\" class=\"wp-caption-text\">File Reformatting in Linux<\/p>\n<\/div>\n<h6>Formatting content for printing with pr command<\/h6>\n<p><b>pr<\/b>\u00a0paginates and displays in columns one or more files for printing. In other words,\u00a0<b>pr<\/b>\u00a0formats a file to make it look better when printed. For example, the following command:<\/p>\n<pre># ls -a \/etc | pr -n --columns=3 -h \"Files in \/etc\"\r\n<\/pre>\n<p>Shows a listing of all the files found in\u00a0<b>\/etc<\/b>\u00a0in a printer-friendly format (3 columns) with a custom header (indicated by the\u00a0<b>-h<\/b>\u00a0option), and numbered lines (<b>-n<\/b>).<\/p>\n<div id=\"attachment_11601\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Formatting-in-Linux-with-pr-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11601\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Formatting-in-Linux-with-pr-command-620x214.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Formatting-in-Linux-with-pr-command-620x214.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/02\/File-Formatting-in-Linux-with-pr-command.png 628w\" alt=\"Linux pr Command Examples\" width=\"620\" height=\"214\" aria-describedby=\"caption-attachment-11601\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11601\" class=\"wp-caption-text\">File Formatting in Linux<\/p>\n<\/div>\n<h3>Summary<\/h3>\n<p>In this article we have discussed how to enter and execute commands with the correct syntax in a shell prompt or terminal, and explained how to find, inspect, and use system documentation. As simple as it seems, it\u2019s a large first step in your way to becoming a\u00a0<b>RHCSA<\/b>.<\/p>\n<p>If you would like to add other commands that you use on a periodic basis and that have proven useful to fulfill your daily responsibilities, feel free to share them with the world by using the comment form below. Questions are also welcome. We look forward to hearing from you!<\/p>\n<h1 class=\"post-title\">RHCSA Series: How to Perform File and Directory Management \u2013 Part 2<\/h1>\n<p>In this article,\u00a0<strong>RHCSA Part 2<\/strong>: File and directory management, we will review some essential skills that are required in the day-to-day tasks of a system administrator.<\/p>\n<div id=\"attachment_11878\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHCSA-Part2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11878\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHCSA-Part2-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHCSA-Part2-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHCSA-Part2-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHCSA-Part2.png 720w\" alt=\"RHCSA: Perform File and Directory Management \u2013 Part 2\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-11878\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11878\" class=\"wp-caption-text\">RHCSA: Perform File and Directory Management \u2013 Part 2<\/p>\n<\/div>\n<h3>Create, Delete, Copy, and Move Files and Directories<\/h3>\n<p>File and directory management is a critical competence that every system administrator should possess. This includes the ability to create \/ delete text files from scratch (the core of each program\u2019s configuration) and directories (where you will organize files and other directories), and to find out the type of existing files.<\/p>\n<p>The\u00a0<a href=\"https:\/\/www.tecmint.com\/8-pratical-examples-of-linux-touch-command\/\" target=\"_blank\" rel=\"noopener\">touch command<\/a>\u00a0can be used not only to create empty files, but also to update the access and modification times of existing files.<\/p>\n<div id=\"attachment_11861\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/touch-command-example.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11861\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/touch-command-example.png\" alt=\"touch command example\" width=\"547\" height=\"273\" aria-describedby=\"caption-attachment-11861\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11861\" class=\"wp-caption-text\">touch command example<\/p>\n<\/div>\n<p>You can use\u00a0<code>file [filename]<\/code>\u00a0to determine a file\u2019s type (this will come in handy before launching your preferred text editor to edit it).<\/p>\n<div id=\"attachment_11862\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/file-command-example.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11862\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/file-command-example.png\" alt=\"file command example\" width=\"297\" height=\"78\" aria-describedby=\"caption-attachment-11862\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11862\" class=\"wp-caption-text\">file command example<\/p>\n<\/div>\n<p>and\u00a0<code>rm [filename]<\/code>\u00a0to delete it.<\/p>\n<div id=\"attachment_11863\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/rm-command-examples.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11863\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/rm-command-examples.png\" alt=\"Linux rm command examples\" width=\"357\" height=\"132\" aria-describedby=\"caption-attachment-11863\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11863\" class=\"wp-caption-text\">rm command example<\/p>\n<\/div>\n<p>As for directories, you can create directories inside existing paths with\u00a0<code>mkdir [directory]<\/code>\u00a0or create a full path with\u00a0<code>mkdir -p [\/full\/path\/to\/directory]<\/code>.<\/p>\n<div id=\"attachment_11864\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/mkdir-command-example.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11864\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/mkdir-command-example-620x424.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/mkdir-command-example-620x424.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/mkdir-command-example.png 691w\" alt=\"mkdir command example\" width=\"620\" height=\"424\" aria-describedby=\"caption-attachment-11864\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11864\" class=\"wp-caption-text\">mkdir command example<\/p>\n<\/div>\n<p>When it comes to removing directories, you need to make sure that they\u2019re empty before issuing the\u00a0<code>rmdir [directory]<\/code>\u00a0command, or use the more powerful (handle with care!)\u00a0<code>rm -rf [directory]<\/code>. This last option will force remove recursively the\u00a0<code>[directory]<\/code>\u00a0and all its contents \u2013 so use it at your own risk.<\/p>\n<h3>Input and Output Redirection and Pipelining<\/h3>\n<p>The command line environment provides two very useful features that allows to redirect the\u00a0<strong>input<\/strong>\u00a0and\u00a0<strong>output<\/strong>\u00a0of commands from and to files, and to send the output of a command to another, called redirection and pipelining, respectively.<\/p>\n<p>To understand those two important concepts, we must first understand the three most important types of I\/O (Input and Output) streams (or sequences) of characters, which are in fact special files, in the *nix sense of the word.<\/p>\n<ol>\n<li><strong>Standard input\u00a0<\/strong>(aka stdin) is by default attached to the keyboard. In other words, the keyboard is the standard input device to enter commands to the command line.<\/li>\n<li><strong>Standard output<\/strong>\u00a0(aka stdout) is by default attached to the screen, the device that \u201creceives\u201d the output of commands and display them on the screen.<\/li>\n<li><strong>Standard error<\/strong>\u00a0(aka stderr), is where the status messages of a command is sent to by default, which is also the screen.<\/li>\n<\/ol>\n<p>In the following example, the output of\u00a0<code>ls \/var<\/code>\u00a0is sent to\u00a0<strong>stdout<\/strong>\u00a0(the screen), as well as the result of ls\u00a0<strong>\/tecmint<\/strong>. But in the latter case, it is\u00a0<strong>stderr<\/strong>\u00a0that is shown.<\/p>\n<div id=\"attachment_11865\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Linux-input-output-redirect.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11865\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Linux-input-output-redirect-620x82.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Linux-input-output-redirect-620x82.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Linux-input-output-redirect.png 726w\" alt=\"Linux input output redirect\" width=\"620\" height=\"82\" aria-describedby=\"caption-attachment-11865\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11865\" class=\"wp-caption-text\">Input and Output Example<\/p>\n<\/div>\n<p>To more easily identify these special files, they are each assigned a file descriptor, an abstract representation that is used to access them. The essential thing to understand is that these files, just like others, can be redirected. What this means is that you can capture the output from a file or script and send it as input to another file, command, or script. This will allow you to store on disk, for example, the output of commands for later processing or analysis.<\/p>\n<p>To redirect stdin (fd 0), stdout (fd 1), or stderr (fd 2), the following operators are available.<\/p>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"CENTER\" bgcolor=\"#999999\" height=\"24\"><b>Redirection Operator<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Effect<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\"><b>&gt;<\/b><\/td>\n<td align=\"LEFT\">Redirects standard output to a file containing standard output. If the destination file exists, it will be overwritten.<\/td>\n<\/tr>\n<tr>\n<td align=\"CENTER\" height=\"18\"><b>&gt;&gt;<\/b><\/td>\n<td align=\"LEFT\">Appends standard output to a file.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\"><b>2&gt;<\/b><\/td>\n<td align=\"LEFT\">Redirects standard error to a file containing standard output. If the destination file exists, it will be overwritten.<\/td>\n<\/tr>\n<tr>\n<td align=\"CENTER\" height=\"18\"><b>2&gt;&gt;<\/b><\/td>\n<td align=\"LEFT\">Appends standard error to the existing file.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\"><b>&amp;&gt;<\/b><\/td>\n<td align=\"LEFT\">Redirects both standard output and standard error to a file; if the specified file exists, it will be overwritten.<\/td>\n<\/tr>\n<tr>\n<td align=\"CENTER\" height=\"18\"><b>&lt;<\/b><\/td>\n<td align=\"LEFT\">Uses the specified file as standard input.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"CENTER\" height=\"18\"><b>&lt;&gt;<\/b><\/td>\n<td align=\"LEFT\">The specified file is used for both standard input and standard output.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>As opposed to redirection, pipelining is performed by adding a vertical bar\u00a0<code>(|)<\/code>\u00a0after a command and before another one.<\/p>\n<p>Remember:<\/p>\n<ol>\n<li><strong>Redirection<\/strong>\u00a0is used to send the output of a command to a file, or to send a file as input to a command.<\/li>\n<li><strong>Pipelining<\/strong>\u00a0is used to send the output of a command to another command as input.<\/li>\n<\/ol>\n<h4>Examples Of Redirection and Pipelining<\/h4>\n<h6>Example 1: Redirecting the output of a command to a file<\/h6>\n<p>There will be times when you will need to iterate over a list of files. To do that, you can first save that list to a file and then read that file line by line. While it is true that you can iterate over the output of ls directly, this example serves to illustrate redirection.<\/p>\n<pre># ls -1 \/var\/mail &gt; mail.txt\r\n<\/pre>\n<div id=\"attachment_11870\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Redirect-output-to-a-file.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11870\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Redirect-output-to-a-file.png\" alt=\"Redirect output of command tot a file\" width=\"420\" height=\"139\" aria-describedby=\"caption-attachment-11870\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11870\" class=\"wp-caption-text\">Redirect output of command tot a file<\/p>\n<\/div>\n<h6>Example 2: Redirecting both stdout and stderr to \/dev\/null<\/h6>\n<p>In case we want to prevent both stdout and stderr to be displayed on the screen, we can redirect both file descriptors to\u00a0<code>\/dev\/null<\/code>. Note how the output changes when the redirection is implemented for the same command.<\/p>\n<pre># ls \/var \/tecmint\r\n# ls \/var\/ \/tecmint &amp;&gt; \/dev\/null\r\n<\/pre>\n<div id=\"attachment_11871\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Redirecting-stdout-stderr-ouput.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11871\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Redirecting-stdout-stderr-ouput-620x138.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Redirecting-stdout-stderr-ouput-620x138.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Redirecting-stdout-stderr-ouput.png 625w\" alt=\"Redirecting stdout and stderr ouput to \/dev\/null\" width=\"620\" height=\"138\" aria-describedby=\"caption-attachment-11871\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11871\" class=\"wp-caption-text\">Redirecting stdout and stderr ouput to \/dev\/null<\/p>\n<\/div>\n<h6>Example 3: Using a file as input to a command<\/h6>\n<p>While the classic syntax of the\u00a0<a href=\"https:\/\/www.tecmint.com\/13-basic-cat-command-examples-in-linux\/\" target=\"_blank\" rel=\"noopener\">cat command<\/a>\u00a0is as follows.<\/p>\n<pre># cat [file(s)]\r\n<\/pre>\n<p>You can also send a file as input, using the correct redirection operator.<\/p>\n<pre># cat &lt; mail.txt\r\n<\/pre>\n<div id=\"attachment_11872\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/cat-command-examples.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-11872\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/cat-command-examples.png\" alt=\"Linux cat command examples\" width=\"309\" height=\"123\" aria-describedby=\"caption-attachment-11872\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11872\" class=\"wp-caption-text\">cat command example<\/p>\n<\/div>\n<h6>Example 4: Sending the output of a command as input to another<\/h6>\n<p>If you have a large directory or process listing and want to be able to locate a certain file or process at a glance, you will want to pipeline the listing to grep.<\/p>\n<p>Note that we use to pipelines in the following example. The first one looks for the required keyword, while the second one will eliminate the actual\u00a0<code>grep command<\/code>\u00a0from the results. This example lists all the processes associated with the apache user.<\/p>\n<pre># ps -ef | grep apache | grep -v grep\r\n<\/pre>\n<div id=\"attachment_11874\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Send-output-of-command-as-input-to-another1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11874\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Send-output-of-command-as-input-to-another1-620x218.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Send-output-of-command-as-input-to-another1-620x218.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Send-output-of-command-as-input-to-another1.png 710w\" alt=\"Send output of command as input to another\" width=\"620\" height=\"218\" aria-describedby=\"caption-attachment-11874\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11874\" class=\"wp-caption-text\">Send output of command as input to another<\/p>\n<\/div>\n<h3>Archiving, Compressing, Unpacking, and Uncompressing Files<\/h3>\n<p>If you need to transport, backup, or send via email a group of files, you will use an archiving (or grouping) tool such as\u00a0<a href=\"https:\/\/www.tecmint.com\/18-tar-command-examples-in-linux\/\" target=\"_blank\" rel=\"noopener\">tar<\/a>, typically used with a compression utility like\u00a0<strong>gzip<\/strong>,\u00a0<strong>bzip2<\/strong>, or\u00a0<strong>xz<\/strong>.<\/p>\n<p>Your choice of a compression tool will be likely defined by the compression speed and rate of each one. Of these three compression tools,\u00a0<strong>gzip<\/strong>\u00a0is the oldest and provides the least compression,\u00a0<strong>bzip2<\/strong>\u00a0provides improved compression, and\u00a0<strong>xz<\/strong>\u00a0is the newest and provides the best compression. Typically, files compressed with these utilities have\u00a0<strong>.gz<\/strong>,\u00a0<strong>.bz2<\/strong>, or\u00a0<strong>.xz<\/strong>\u00a0extensions, respectively.<\/p>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"CENTER\" bgcolor=\"#999999\" height=\"24\"><b>Command<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Abbreviation<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Description<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u2013create<\/td>\n<td align=\"LEFT\">c<\/td>\n<td align=\"LEFT\">Creates a tar archive<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u2013concatenate<\/td>\n<td align=\"LEFT\">A<\/td>\n<td align=\"LEFT\">Appends tar files to an archive<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u2013append<\/td>\n<td align=\"LEFT\">r<\/td>\n<td align=\"LEFT\">Appends non-tar files to an archive<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"18\">\u2013update<\/td>\n<td align=\"LEFT\">u<\/td>\n<td align=\"LEFT\">Appends files that are newer than those in an archive<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u2013diff or \u2013compare<\/td>\n<td align=\"LEFT\">d<\/td>\n<td align=\"LEFT\">Compares an archive to files on disk<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"20\">\u2013list<\/td>\n<td align=\"LEFT\">t<\/td>\n<td align=\"LEFT\">Lists the contents of a tarball<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"18\">\u2013extract or \u2013get<\/td>\n<td align=\"LEFT\">x<\/td>\n<td align=\"LEFT\">Extracts files from an archive<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"CENTER\" bgcolor=\"#999999\" height=\"24\"><b>Operation modifier<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Abbreviation<\/b><\/td>\n<td align=\"CENTER\" bgcolor=\"#999999\"><b>Description<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"24\">\u2014directory dir<\/td>\n<td align=\"LEFT\">C<\/td>\n<td align=\"LEFT\">Changes to directory dir before performing operations<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"24\">\u2014same-permissions and\u00a0\u2014same-owner<\/td>\n<td align=\"LEFT\">p<\/td>\n<td align=\"LEFT\">Preserves permissions and ownership information, respectively.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"24\">\u2013verbose<\/td>\n<td align=\"LEFT\">v<\/td>\n<td align=\"LEFT\">Lists all files as they are read or extracted; if combined with \u2013list, it also displays file sizes, ownership, and timestamps<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"24\">\u2014exclude file<\/td>\n<td align=\"LEFT\">\u2014<\/td>\n<td align=\"LEFT\">Excludes file from the archive. In this case, file can be an actual file or a pattern.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"24\">\u2014gzip or\u00a0\u2014gunzip<\/td>\n<td align=\"LEFT\">z<\/td>\n<td align=\"LEFT\">Compresses an archive through gzip<\/td>\n<\/tr>\n<tr>\n<td align=\"LEFT\" height=\"24\">\u2013bzip2<\/td>\n<td align=\"LEFT\">j<\/td>\n<td align=\"LEFT\" height=\"24\">Compresses an archive through bzip2<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"LEFT\" height=\"24\">\u2013xz<\/td>\n<td align=\"LEFT\">J<\/td>\n<td align=\"LEFT\">Compresses an archive through xz<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h6>Example 5: Creating a tarball and then compressing it using the three compression utilities<\/h6>\n<p>You may want to compare the effectiveness of each tool before deciding to use one or another. Note that while compressing small files, or a few files, the results may not show much differences, but may give you a glimpse of what they have to offer.<\/p>\n<pre># tar cf ApacheLogs-$(date +%Y%m%d).tar \/var\/log\/httpd\/*        # Create an ordinary tarball\r\n# tar czf ApacheLogs-$(date +%Y%m%d).tar.gz \/var\/log\/httpd\/*    # Create a tarball and compress with gzip\r\n# tar cjf ApacheLogs-$(date +%Y%m%d).tar.bz2 \/var\/log\/httpd\/*   # Create a tarball and compress with bzip2\r\n# tar cJf ApacheLogs-$(date +%Y%m%d).tar.xz \/var\/log\/httpd\/*    # Create a tarball and compress with xz\r\n<\/pre>\n<div id=\"attachment_11875\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/tar-command-examples.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11875\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/tar-command-examples-620x278.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/tar-command-examples-620x278.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/tar-command-examples.png 709w\" alt=\"Linux tar command examples\" width=\"620\" height=\"278\" aria-describedby=\"caption-attachment-11875\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11875\" class=\"wp-caption-text\">tar command examples<\/p>\n<\/div>\n<h6>Example 6: Preserving original permissions and ownership while archiving and when<\/h6>\n<p>If you are creating backups from users\u2019 home directories, you will want to store the individual files with the original permissions and ownership instead of changing them to that of the user account or daemon performing the backup. The following example preserves these attributes while taking the backup of the contents in the\u00a0<code>\/var\/log\/httpd<\/code>\u00a0directory:<\/p>\n<pre># tar cJf ApacheLogs-$(date +%Y%m%d).tar.xz \/var\/log\/httpd\/* --same-permissions --same-owner\r\n<\/pre>\n<h3>Create Hard and Soft Links<\/h3>\n<p>In Linux, there are two types of links to files:\u00a0<strong>hard links<\/strong>\u00a0and\u00a0<strong>soft<\/strong>\u00a0(aka symbolic) links. Since a hard link represents another name for an existing file and is identified by the same\u00a0<strong>inode<\/strong>, it then points to the actual data, as opposed to symbolic links, which point to filenames instead.<\/p>\n<p>In addition, hard links do not occupy space on disk, while symbolic links do take a small amount of space to store the text of the link itself. The downside of hard links is that they can only be used to reference files within the filesystem where they are located because inodes are unique inside a filesystem. Symbolic links save the day, in that they point to another file or directory by name rather than by inode, and therefore can cross filesystem boundaries.<\/p>\n<p>The basic syntax to create links is similar in both cases:<\/p>\n<pre># ln TARGET LINK_NAME               # Hard link named LINK_NAME to file named TARGET\r\n# ln -s TARGET LINK_NAME            # Soft link named LINK_NAME to file named TARGET\r\n<\/pre>\n<h6>Example 7: Creating hard and soft links<\/h6>\n<p>There is no better way to visualize the relation between a file and a hard or symbolic link that point to it, than to create those links. In the following screenshot you will see that the file and the hard link that points to it share the same inode and both are identified by the same disk usage of 466 bytes.<\/p>\n<p>On the other hand, creating a hard link results in an extra disk usage of 5 bytes. Not that you\u2019re going to run out of storage capacity, but this example is enough to illustrate the difference between a hard link and a soft link.<\/p>\n<div id=\"attachment_11876\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/hard-soft-link.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-11876\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/hard-soft-link-620x226.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/hard-soft-link-620x226.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/hard-soft-link.png 651w\" alt=\"Difference between a hard link and a soft link\" width=\"620\" height=\"226\" aria-describedby=\"caption-attachment-11876\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-11876\" class=\"wp-caption-text\">Difference between a hard link and a soft link<\/p>\n<\/div>\n<p>A typical usage of symbolic links is to reference a versioned file in a Linux system. Suppose there are several programs that need access to file\u00a0<strong>fooX.Y<\/strong>, which is subject to frequent version updates (think of a library, for example). Instead of updating every single reference to\u00a0<strong>fooX.Y<\/strong>\u00a0every time there\u2019s a version update, it is wiser, safer, and faster, to have programs look to a symbolic link named just foo, which in turn points to the actual\u00a0<strong>fooX.Y<\/strong>.<\/p>\n<p>Thus, when\u00a0<strong>X<\/strong>\u00a0and\u00a0<strong>Y<\/strong>\u00a0change, you only need to edit the symbolic link foo with a new destination name instead of tracking every usage of the destination file and updating it.<\/p>\n<h3>Summary<\/h3>\n<p>In this article we have reviewed some essential file and directory management skills that must be a part of every system administrator\u2019s tool-set. Make sure to review other parts of this series as well in order to integrate these topics with the content covered in this tutorial.<\/p>\n<p>Feel free to let us know if you have any questions or comments. We are always more than glad to hear from our readers.<\/p>\n<h1 class=\"post-title\">RHCSA Series: How to Manage Users and Groups in RHEL 7 \u2013 Part 3<\/h1>\n<p>Managing a\u00a0<strong>RHEL 7<\/strong>\u00a0server, as it is the case with any other Linux server, will require that you know how to add, edit, suspend, or delete user accounts, and grant users the necessary permissions to files, directories, and other system resources to perform their assigned tasks.<\/p>\n<div id=\"attachment_12014\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/User-and-Group-Management-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12014\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/User-and-Group-Management-in-Linux.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/User-and-Group-Management-in-Linux.png 720w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/User-and-Group-Management-in-Linux-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/User-and-Group-Management-in-Linux-520x245.png 520w\" alt=\"User and Group Management in Linux\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-12014\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12014\" class=\"wp-caption-text\">RHCSA: User and Group Management \u2013 Part 3<\/p>\n<\/div>\n<h3>Managing User Accounts<\/h3>\n<p>To add a new user account to a RHEL 7 server, you can run either of the following two commands as root:<\/p>\n<pre># adduser [new_account]\r\n# useradd [new_account]\r\n<\/pre>\n<p>When a new user account is added, by default the following operations are performed.<\/p>\n<ol>\n<li>His\/her home directory is created (<code>\/home\/username<\/code>\u00a0unless specified otherwise).<\/li>\n<li>These\u00a0<code>.bash_logout<\/code>,\u00a0<code>.bash_profile<\/code>\u00a0and\u00a0<code>.bashrc<\/code>\u00a0hidden files are copied inside the user\u2019s home directory, and will be used to provide environment variables for his\/her user session. You can explore each of them for further details.<\/li>\n<li>A mail spool directory is created for the added user account.<\/li>\n<li>A group is created with the same name as the new user account.<\/li>\n<\/ol>\n<p>The full account summary is stored in the\u00a0<code>\/etc\/passwd<\/code>\u00a0file. This file holds a record per system user account and has the following format (fields are separated by a colon):<\/p>\n<pre>[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]\r\n<\/pre>\n<ol>\n<li>These two fields\u00a0<code>[username]<\/code>\u00a0and\u00a0<code>[Comment]<\/code>\u00a0are self explanatory.<\/li>\n<li>The second filed \u2018x\u2019 indicates that the account is secured by a shadowed password (in\u00a0<code>\/etc\/shadow<\/code>), which is used to logon as\u00a0<code>[username]<\/code>.<\/li>\n<li>The fields\u00a0<code>[UID]<\/code>\u00a0and\u00a0<code>[GID]<\/code>\u00a0are integers that shows the User IDentification and the primary Group IDentification to which\u00a0<code>[username]<\/code>\u00a0belongs, equally.<\/li>\n<\/ol>\n<p>Finally,<\/p>\n<ol>\n<li>The\u00a0<code>[Home directory]<\/code>\u00a0shows the absolute location of\u00a0<code>[username]\u2019s<\/code>\u00a0home directory, and<\/li>\n<li><code>[Default shell]<\/code>\u00a0is the shell that is commit to this user when he\/she logins into the system.<\/li>\n<\/ol>\n<p>Another important file that you must become familiar with is\u00a0<code>\/etc\/group<\/code>, where group information is stored. As it is the case with\u00a0<code>\/etc\/passwd<\/code>, there is one record per line and its fields are also delimited by a colon:<\/p>\n<pre>[Group name]:[Group password]:[GID]:[Group members]\r\n<\/pre>\n<p>where,<\/p>\n<ol>\n<li><code>[Group name]<\/code>\u00a0is the name of group.<\/li>\n<li>Does this group use a group password? (An \u201c<strong>x<\/strong>\u201d means no).<\/li>\n<li><code>[GID]<\/code>: same as in\u00a0<code>\/etc\/passwd<\/code>.<\/li>\n<li><code>[Group members]<\/code>: a list of users, separated by commas, that are members of each group.<\/li>\n<\/ol>\n<p>After adding an account, at anytime, you can edit the user\u2019s account information using\u00a0<strong>usermod<\/strong>, whose basic syntax is:<\/p>\n<pre># usermod [options] [username]\r\n<\/pre>\n<p><strong>Read Also<\/strong>:<br \/>\n<a href=\"https:\/\/www.tecmint.com\/add-users-in-linux\/\" target=\"_blank\" rel=\"noopener\">15 \u2018useradd\u2019 Command Examples<\/a><br \/>\n<a href=\"https:\/\/www.tecmint.com\/usermod-command-examples\/\" target=\"_blank\" rel=\"noopener\">15 \u2018usermod\u2019 Command Examples<\/a><\/p>\n<h6>EXAMPLE 1: Setting the expiry date for an account<\/h6>\n<p>If you work for a company that has some kind of policy to enable account for a certain interval of time, or if you want to grant access to a limited period of time, you can use the\u00a0<code>--expiredate<\/code>\u00a0flag followed by a date in\u00a0<strong>YYYY-MM-DD<\/strong>\u00a0format. To verify that the change has been applied, you can compare the output of<\/p>\n<pre># chage -l [username]\r\n<\/pre>\n<p>before and after updating the account expiry date, as shown in the following image.<\/p>\n<div id=\"attachment_12019\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Change-User-Account-Information.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12019\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Change-User-Account-Information.png\" alt=\"Change User Account Information\" width=\"574\" height=\"309\" aria-describedby=\"caption-attachment-12019\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12019\" class=\"wp-caption-text\">Change User Account Information<\/p>\n<\/div>\n<h6>EXAMPLE 2: Adding the user to supplementary groups<\/h6>\n<p>Besides the primary group that is created when a new user account is added to the system, a user can be added to supplementary groups using the combined\u00a0<strong>-aG<\/strong>, or\u00a0<strong>\u2013append<\/strong>\u00a0<strong>\u2013groups<\/strong>\u00a0options, followed by a comma separated list of groups.<\/p>\n<h6>EXAMPLE 3: Changing the default location of the user\u2019s home directory and \/ or changing its shell<\/h6>\n<p>If for some reason you need to change the default location of the user\u2019s home directory (other than\u00a0<strong>\/home\/username<\/strong>), you will need to use the\u00a0<strong>-d<\/strong>, or\u00a0<strong>\u2013home<\/strong>\u00a0options, followed by the absolute path to the new home directory.<\/p>\n<p>If a user wants to use another shell other than bash (for example,\u00a0<strong>sh<\/strong>), which gets assigned by default, use\u00a0<strong>usermod<\/strong>\u00a0with the\u00a0<strong>\u2013shell<\/strong>\u00a0flag, followed by the path to the new shell.<\/p>\n<h6>EXAMPLE 4: Displaying the groups an user is a member of<\/h6>\n<p>After adding the user to a supplementary group, you can verify that it now actually belongs to such group(s):<\/p>\n<pre># groups [username]\r\n# id [username]\r\n<\/pre>\n<p>The following image depicts\u00a0<strong>Examples 2<\/strong>\u00a0through\u00a0<strong>4<\/strong>:<\/p>\n<div id=\"attachment_12020\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Adding-User-to-Supplementary-Group.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12020\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Adding-User-to-Supplementary-Group-620x121.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Adding-User-to-Supplementary-Group-620x121.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Adding-User-to-Supplementary-Group.png 746w\" alt=\"Adding User to Supplementary Group\" width=\"620\" height=\"121\" aria-describedby=\"caption-attachment-12020\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12020\" class=\"wp-caption-text\">Adding User to Supplementary Group<\/p>\n<\/div>\n<p>In the example above:<\/p>\n<pre># usermod --append --groups gacanepa,users --home \/tmp --shell \/bin\/sh tecmint\r\n<\/pre>\n<p>To remove a user from a group, omit the\u00a0<code>--append<\/code>\u00a0switch in the command above and list the groups you want the user to belong to following the\u00a0<code>--groups<\/code>\u00a0flag.<\/p>\n<h6>EXAMPLE 5: Disabling account by locking password<\/h6>\n<p>To disable an account, you will need to use either the\u00a0<strong>-L<\/strong>\u00a0(lowercase L) or the\u00a0<strong>\u2013lock<\/strong>\u00a0option to lock a user\u2019s password. This will prevent the user from being able to log on.<\/p>\n<h6>EXAMPLE 6: Unlocking password<\/h6>\n<p>When you need to re-enable the user so that he can log on to the server again, use the\u00a0<strong>-U<\/strong>\u00a0or the\u00a0<strong>\u2013unlock<\/strong>\u00a0option to unlock a user\u2019s password that was previously blocked, as explained in\u00a0<strong>Example 5<\/strong>\u00a0above.<\/p>\n<pre># usermod --unlock tecmint\r\n<\/pre>\n<p>The following image illustrates\u00a0<strong>Examples 5<\/strong>\u00a0and\u00a0<strong>6<\/strong>:<\/p>\n<div id=\"attachment_12021\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Lock-Unlock-User-Account.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12021\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Lock-Unlock-User-Account-620x240.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Lock-Unlock-User-Account-620x240.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Lock-Unlock-User-Account.png 638w\" alt=\"Lock Unlock User Account\" width=\"620\" height=\"240\" aria-describedby=\"caption-attachment-12021\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12021\" class=\"wp-caption-text\">Lock Unlock User Account<\/p>\n<\/div>\n<h6>EXAMPLE 7: Deleting a group or an user account<\/h6>\n<p>To delete a group, you\u2019ll want to use\u00a0<strong>groupdel<\/strong>, whereas to delete a user account you will use\u00a0<strong>userdel<\/strong>\u00a0(add the\u00a0<strong>\u2013r<\/strong>switch if you also want to delete the contents of its home directory and mail spool):<\/p>\n<pre># groupdel [group_name]        # Delete a group\r\n# userdel -r [user_name]       # Remove user_name from the system, along with his\/her home directory and mail spool\r\n<\/pre>\n<p>If there are files owned by\u00a0<strong>group_name<\/strong>, they will not be deleted, but the group owner will be set to the\u00a0<strong>GID<\/strong>\u00a0of the group that was deleted.<\/p>\n<h3>Listing, Setting and Changing Standard ugo\/rwx Permissions<\/h3>\n<p>The well-known\u00a0<a href=\"https:\/\/www.tecmint.com\/ls-interview-questions\/\" target=\"_blank\" rel=\"noopener\">ls command<\/a>\u00a0is one of the best friends of any system administrator. When used with the\u00a0<strong>-l<\/strong>\u00a0flag, this tool allows you to view a list a directory\u2019s contents in long (or detailed) format.<\/p>\n<p>However, this command can also be applied to a single file. Either way, the first 10 characters in the output of\u00a0<code>ls -l<\/code>\u00a0represent each file\u2019s attributes.<\/p>\n<p>The first char of this\u00a0<strong>10-character<\/strong>\u00a0sequence is used to indicate the file type:<\/p>\n<ol>\n<li><b>\u2013<\/b>\u00a0(hyphen): a regular file<\/li>\n<li><b>d<\/b>: a directory<\/li>\n<li><b>l<\/b>: a symbolic link<\/li>\n<li><b>c<\/b>: a character device (which treats data as a stream of bytes, i.e. a terminal)<\/li>\n<li><b>b<\/b>: a block device (which handles data in blocks, i.e. storage devices)<\/li>\n<\/ol>\n<p>The next nine characters of the file attributes, divided in groups of three from left to right, are called the file mode and indicate the read (<strong>r<\/strong>), write(<strong>w<\/strong>), and execute (<strong>x<\/strong>) permissions granted to the file\u2019s owner, the file\u2019s group owner, and the rest of the users (commonly referred to as \u201c<strong>the world<\/strong>\u201d), respectively.<\/p>\n<p>While the read permission on a file allows the same to be opened and read, the same permission on a directory allows its contents to be listed if the execute permission is also set. In addition, the execute permission in a file allows it to be handled as a program and run.<\/p>\n<p>File permissions are changed with the\u00a0<strong>chmod<\/strong>\u00a0command, whose basic syntax is as follows:<\/p>\n<pre># chmod [new_mode] file\r\n<\/pre>\n<p>where\u00a0<strong>new_mode<\/strong>\u00a0is either an octal number or an expression that specifies the new permissions. Feel free to use the mode that works best for you in each case. Or perhaps you already have a preferred way to set a file\u2019s permissions \u2013 so feel free to use the method that works best for you.<\/p>\n<p>The octal number can be calculated based on the binary equivalent, which can in turn be obtained from the desired file permissions for the owner of the file, the owner group, and the world.The presence of a certain permission equals a power of 2 (r=22, w=21, x=20), while its absence means 0. For example:<\/p>\n<div id=\"attachment_12028\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/File-Permissions.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12028\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/File-Permissions.png\" alt=\"File Permissions\" width=\"532\" height=\"95\" aria-describedby=\"caption-attachment-12028\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12028\" class=\"wp-caption-text\">File Permissions<\/p>\n<\/div>\n<p>To set the file\u2019s permissions as indicated above in octal form, type:<\/p>\n<pre># chmod 744 myfile\r\n<\/pre>\n<p>Please take a minute to compare our previous calculation to the actual output of\u00a0<code>ls -l<\/code>\u00a0after changing the file\u2019s permissions:<\/p>\n<div id=\"attachment_12023\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Long-List-Format.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12023\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Long-List-Format.png\" alt=\"Long List Format\" width=\"373\" height=\"108\" aria-describedby=\"caption-attachment-12023\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12023\" class=\"wp-caption-text\">Long List Format<\/p>\n<\/div>\n<h6>EXAMPLE 8: Searching for files with 777 permissions<\/h6>\n<p>As a security measure, you should make sure that files with\u00a0<strong>777<\/strong>\u00a0permissions (read, write, and execute for everyone) are avoided like the plague under normal circumstances. Although we will explain in a later tutorial how to more effectively locate all the files in your system with a certain permission set, you can -by now- combine\u00a0<strong>ls<\/strong>\u00a0with\u00a0<strong>grep<\/strong>\u00a0to obtain such information.<\/p>\n<p>In the following example, we will look for file with\u00a0<strong>777<\/strong>\u00a0permissions in the\u00a0<strong>\/etc<\/strong>\u00a0directory only. Note that we will use pipelining as explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/file-and-directory-management-in-linux\/\" target=\"_blank\" rel=\"noopener\">Part 2: File and Directory Management<\/a>\u00a0of this\u00a0<strong>RHCSA<\/strong>\u00a0series:<\/p>\n<pre># ls -l \/etc | grep rwxrwxrwx\r\n<\/pre>\n<div id=\"attachment_12024\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Find-All-777-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12024\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Find-All-777-Files-620x184.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Find-All-777-Files-620x184.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Find-All-777-Files.png 963w\" alt=\"Find All Files with 777 Permission\" width=\"620\" height=\"184\" aria-describedby=\"caption-attachment-12024\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12024\" class=\"wp-caption-text\">Find All Files with 777 Permission<\/p>\n<\/div>\n<h6>EXAMPLE 9: Assigning a specific permission to all users<\/h6>\n<p>Shell scripts, along with some binaries that all users should have access to (not just their corresponding owner and group), should have the execute bit set accordingly (please note that we will discuss a special case later):<\/p>\n<pre># chmod a+x script.sh\r\n<\/pre>\n<p><strong>Note<\/strong>: That we can also set a file\u2019s mode using an expression that indicates the owner\u2019s rights with the letter\u00a0<code>u<\/code>, the group owner\u2019s rights with the letter\u00a0<code>g<\/code>, and the rest with\u00a0<code>o<\/code>. All of these rights can be represented at the same time with the letter\u00a0<code>a<\/code>. Permissions are granted (or revoked) with the\u00a0<code>+<\/code>\u00a0or\u00a0<code>-<\/code>\u00a0signs, respectively.<\/p>\n<div id=\"attachment_12025\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Set-Execute-Permission-on-File.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12025\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Set-Execute-Permission-on-File.png\" alt=\"Set Execute Permission on File\" width=\"402\" height=\"106\" aria-describedby=\"caption-attachment-12025\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12025\" class=\"wp-caption-text\">Set Execute Permission on File<\/p>\n<\/div>\n<p>A long directory listing also shows the file\u2019s owner and its group owner in the first and second columns, respectively. This feature serves as a first-level access control method to files in a system:<\/p>\n<div id=\"attachment_12026\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Check-File-Owner-and-Group.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12026\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Check-File-Owner-and-Group.png\" alt=\"Check File Owner and Group\" width=\"511\" height=\"141\" aria-describedby=\"caption-attachment-12026\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12026\" class=\"wp-caption-text\">Check File Owner and Group<\/p>\n<\/div>\n<p>To change file ownership, you will use the\u00a0<strong>chown<\/strong>\u00a0command. Note that you can change the file and group ownership at the same time or separately:<\/p>\n<pre># chown user:group file\r\n<\/pre>\n<p><strong>Note<\/strong>: That you can change the user or group, or the two attributes at the same time, as long as you don\u2019t forget the colon, leaving user or group blank if you want to update the other attribute, for example:<\/p>\n<pre># chown :group file              # Change group ownership only\r\n# chown user: file               # Change user ownership only\r\n<\/pre>\n<h6>EXAMPLE 10: Cloning permissions from one file to another<\/h6>\n<p>If you would like to \u201c<strong>clone<\/strong>\u201d ownership from one file to another, you can do so using the\u00a0<strong>\u2013reference<\/strong>\u00a0flag, as follows:<\/p>\n<pre># chown --reference=ref_file file\r\n<\/pre>\n<p>where the owner and group of\u00a0<strong>ref_file<\/strong>\u00a0will be assigned to file as well:<\/p>\n<div id=\"attachment_12027\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Clone-File-Ownership.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12027\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Clone-File-Ownership.png\" alt=\"Clone File Ownership\" width=\"513\" height=\"148\" aria-describedby=\"caption-attachment-12027\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12027\" class=\"wp-caption-text\">Clone File Ownership<\/p>\n<\/div>\n<h3>Setting Up SETGID Directories for Collaboration<\/h3>\n<p>Should you need to grant access to all the files owned by a certain group inside a specific directory, you will most likely use the approach of setting the\u00a0<strong>setgid<\/strong>\u00a0bit for such directory. When the\u00a0<strong>setgid<\/strong>\u00a0bit is set, the effective\u00a0<strong>GID<\/strong>\u00a0of the real user becomes that of the group owner.<\/p>\n<p>Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the\u00a0<strong>setgid<\/strong>\u00a0bit is set on a directory, newly created files inherit the same group as the directory, and newly created subdirectories will also inherit the\u00a0<strong>setgid<\/strong>\u00a0bit of the parent directory.<\/p>\n<pre># chmod g+s [filename]\r\n<\/pre>\n<p>To set the\u00a0<strong>setgid<\/strong>\u00a0in octal form, prepend the number\u00a0<strong>2<\/strong>\u00a0to the current (or desired) basic permissions.<\/p>\n<pre># chmod 2755 [directory]\r\n<\/pre>\n<h3>Conclusion<\/h3>\n<p>A solid knowledge of\u00a0<strong>user and group management<\/strong>, along with standard and special Linux permissions, when coupled with practice, will allow you to quickly identify and troubleshoot issues with file permissions in your\u00a0<strong>RHEL 7<\/strong>\u00a0server.<\/p>\n<p>I assure you that as you follow the steps outlined in this article and use the system documentation (as explained in\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-reviewing-essential-commands-system-documentation\/\" target=\"_blank\" rel=\"noopener\">Part 1: Reviewing Essential Commands &amp; System Documentation<\/a>\u00a0of this series) you will master this essential competence of system administration.<\/p>\n<p>Feel free to let us know if you have any questions or comments using the form below.<\/p>\n<h1 class=\"post-title\">RHCSA Series: Editing Text Files with Nano and Vim \/ Analyzing text with grep and regexps \u2013 Part 4<\/h1>\n<p>Every system administrator has to deal with text files as part of his daily responsibilities. That includes editing existing files (most likely configuration files), or creating new ones. It has been said that if you want to start a holy war in the Linux world, you can ask sysadmins what their favorite text editor is and why. We are not going to do that in this article, but will present a few tips that will be helpful to use two of the most widely used text editors in RHEL 7:\u00a0<strong>nano<\/strong>\u00a0(due to its simplicity and easiness of use, specially to new users), and\u00a0<strong>vi\/m<\/strong>\u00a0(due to its several features that convert it into more than a simple editor). I am sure that you can find many more reasons to use one or the other, or perhaps some other editor such as\u00a0<strong>emacs<\/strong>\u00a0or\u00a0<strong>pico<\/strong>. It\u2019s entirely up to you.<\/p>\n<div id=\"attachment_12059\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Learn-Nano-and-vi-Editors.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12059\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Learn-Nano-and-vi-Editors-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Learn-Nano-and-vi-Editors-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Learn-Nano-and-vi-Editors-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Learn-Nano-and-vi-Editors.png 720w\" alt=\"Learn Nano and vi Editors\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-12059\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12059\" class=\"wp-caption-text\">RHCSA: Editing Text Files with Nano and Vim \u2013 Part 4<\/p>\n<\/div>\n<h3>Editing Files with Nano Editor<\/h3>\n<p>To launch\u00a0<strong>nano<\/strong>, you can either just type\u00a0<strong>nano<\/strong>\u00a0at the command prompt, optionally followed by a\u00a0<strong>filename<\/strong>\u00a0(in this case, if the file exists, it will be opened in edition mode). If the file does not exist, or if we omit the filename, nano will also be opened in edition mode but will present a blank screen for us to start typing:<\/p>\n<div id=\"attachment_12046\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Editor.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12046\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Editor-620x201.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Editor-620x201.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Editor.png 739w\" alt=\"Nano Editor\" width=\"620\" height=\"201\" aria-describedby=\"caption-attachment-12046\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12046\" class=\"wp-caption-text\">Nano Editor<\/p>\n<\/div>\n<p>As you can see in the previous image,\u00a0<strong>nano<\/strong>\u00a0displays at the bottom of the screen several functions that are available via the indicated shortcuts (<strong>^<\/strong>, aka caret, indicates the\u00a0<strong>Ctrl<\/strong>\u00a0key). To name a few of them:<\/p>\n<ol>\n<li><strong>Ctrl + G<\/strong>: brings up the help menu with a complete list of functions and descriptions:Ctrl + X: exits the current file. If changes have not been saved, they are discarded.<\/li>\n<li><strong>Ctrl + R<\/strong>: lets you choose a file to insert its contents into the present file by specifying a full path.<\/li>\n<\/ol>\n<div id=\"attachment_12047\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Help.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12047\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Help-423x450.png\" sizes=\"auto, (max-width: 423px) 100vw, 423px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Help-423x450.png 423w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Help.png 537w\" alt=\"Nano Editor Help Menu\" width=\"423\" height=\"450\" aria-describedby=\"caption-attachment-12047\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12047\" class=\"wp-caption-text\">Nano Editor Help Menu<\/p>\n<\/div>\n<ol>\n<li><strong>Ctrl + O<\/strong>: saves changes made to a file. It will let you save the file with the same name or a different one. Then press Enter to confirm.<\/li>\n<\/ol>\n<div id=\"attachment_12048\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Save-Changes.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12048\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Nano-Save-Changes.png\" alt=\"Nano Editor Save Changes Mode\" width=\"344\" height=\"76\" aria-describedby=\"caption-attachment-12048\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12048\" class=\"wp-caption-text\">Nano Editor Save Changes Mode<\/p>\n<\/div>\n<ol>\n<li><strong>Ctrl + X<\/strong>: exits the current file. If changes have not been saved, they are discarded.<\/li>\n<li><strong>Ctrl + R<\/strong>: lets you choose a file to insert its contents into the present file by specifying a full path.<\/li>\n<\/ol>\n<div id=\"attachment_12049\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Insert-File-Content.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12049\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Insert-File-Content.png\" alt=\"Nano: Insert File Content to Parent File\" width=\"335\" height=\"86\" aria-describedby=\"caption-attachment-12049\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12049\" class=\"wp-caption-text\">Nano: Insert File Content to Parent File<\/p>\n<\/div>\n<p>will insert the contents of\u00a0<strong>\/etc\/passwd<\/strong>\u00a0into the current file.<\/p>\n<ol>\n<li><strong>Ctrl + K<\/strong>: cuts the current line.<\/li>\n<li><strong>Ctrl + U<\/strong>: paste.<\/li>\n<li><strong>Ctrl + C<\/strong>: cancels the current operation and places you at the previous screen.<\/li>\n<\/ol>\n<p>To easily navigate the opened file, nano provides the following features:<\/p>\n<ol>\n<li><strong>Ctrl + F and Ctrl + B<\/strong>\u00a0move the cursor forward or backward, whereas Ctrl + P and Ctrl + N move it up or down one line at a time, respectively, just like the arrow keys.<\/li>\n<li><strong>Ctrl + space and Alt + space<\/strong>\u00a0move the cursor forward and backward one word at a time.<\/li>\n<\/ol>\n<p>Finally,<\/p>\n<ol>\n<li><strong>Ctrl + _ (underscore)<\/strong>\u00a0and then entering X,Y will take you precisely to Line X, column Y, if you want to place the cursor at a specific place in the document.<\/li>\n<\/ol>\n<div id=\"attachment_12050\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Column-Numbers.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12050\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Column-Numbers.png\" alt=\"Navigate to Line Numbers in Nano\" width=\"375\" height=\"84\" aria-describedby=\"caption-attachment-12050\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12050\" class=\"wp-caption-text\">Navigate to Line Numbers in Nano<\/p>\n<\/div>\n<p>The example above will take you to\u00a0<strong>line 15<\/strong>,\u00a0<strong>column 14<\/strong>\u00a0in the current document.<\/p>\n<p>If you can recall your early Linux days, specially if you came from Windows, you will probably agree that starting off with nano is the best way to go for a new user.<\/p>\n<h3>Editing Files with Vim Editor<\/h3>\n<p><strong>Vim<\/strong>\u00a0is an improved version of\u00a0<strong>vi<\/strong>, a famous text editor in Linux that is available on all POSIX-compliant *nix systems, such as RHEL 7. If you have the chance and can install vim, go ahead; if not, most (if not all) the tips given in this article should also work.<\/p>\n<p>One of vim\u2019s distinguishing features is the different modes in which it operates:<\/p>\n<ol>\n<li><strong>Command mode<\/strong>\u00a0will allow you to browse through the file and enter commands, which are brief and case-sensitive combinations of one or more letters. If you need to repeat one of them a certain number of times, you can prefix it with a number (there are only a few exceptions to this rule). For example, yy (or Y, short for yank) copies the entire current line, whereas 4yy (or 4Y) copies the entire current line along with the next three lines (4 lines in total).<\/li>\n<li><strong>In ex mode<\/strong>, you can manipulate files (including saving a current file and running outside programs or commands). To enter ex mode, we must type a colon (:) starting from command mode (or in other words, Esc + :), directly followed by the name of the ex-mode command that you want to use.<\/li>\n<li><strong>In insert mode<\/strong>, which is accessed by typing the letter i, we simply enter text. Most keystrokes result in text appearing on the screen.<\/li>\n<li>We can always enter command mode (regardless of the mode we\u2019re working on) by pressing the Esc key.<\/li>\n<\/ol>\n<p>Let\u2019s see how we can perform the same operations that we outlined for\u00a0<strong>nano<\/strong>\u00a0in the previous section, but now with\u00a0<strong>vim<\/strong>. Don\u2019t forget to hit the Enter key to confirm the vim command!<\/p>\n<p>To access vim\u2019s full manual from the command line, type\u00a0<strong>:help<\/strong>\u00a0while in command mode and then press\u00a0<strong>Enter<\/strong>:<\/p>\n<div id=\"attachment_12053\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/vim-Help-Menu.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12053\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/vim-Help-Menu.png\" alt=\"vim Edito Help Menu\" width=\"507\" height=\"397\" aria-describedby=\"caption-attachment-12053\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12053\" class=\"wp-caption-text\">vim Edito Help Menu<\/p>\n<\/div>\n<p>The upper section presents an index list of contents, with defined sections dedicated to specific topics about\u00a0<strong>vim<\/strong>. To navigate to a section, place the cursor over it and press\u00a0<strong>Ctrl + ]<\/strong>\u00a0(closing square bracket). Note that the bottom section displays the current file.<\/p>\n<p><strong>1.<\/strong>\u00a0To save changes made to a file, run any of the following commands from command mode and it will do the trick:<\/p>\n<pre>:wq!\r\n:x!\r\nZZ (yes, double Z without the colon at the beginning)\r\n<\/pre>\n<p><strong>2.<\/strong>\u00a0To exit discarding changes, use\u00a0<strong>:q!<\/strong>. This command will also allow you to exit the help menu described above, and return to the current file in command mode.<\/p>\n<p><strong>3.<\/strong>\u00a0Cut\u00a0<strong>N<\/strong>\u00a0number of lines: type\u00a0<strong>Ndd<\/strong>\u00a0while in command mode.<\/p>\n<p><strong>4.<\/strong>\u00a0Copy\u00a0<strong>M<\/strong>\u00a0number of lines: type\u00a0<strong>Myy<\/strong>\u00a0while in command mode.<\/p>\n<p><strong>5.<\/strong>\u00a0Paste lines that were previously cutted or copied: press the\u00a0<strong>P<\/strong>\u00a0key while in command mode.<\/p>\n<p><strong>6.<\/strong>\u00a0To insert the contents of another file into the current one:<\/p>\n<pre>:r filename\r\n<\/pre>\n<p>For example, to insert the contents of\u00a0<code>\/etc\/fstab<\/code>, do:<\/p>\n<div id=\"attachment_12054\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Insert-Content-vi-Editor.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12054\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Insert-Content-vi-Editor.png\" alt=\"Insert Content of File in vi Editor\" width=\"140\" height=\"57\" aria-describedby=\"caption-attachment-12054\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12054\" class=\"wp-caption-text\">Insert Content of File in vi Editor<\/p>\n<\/div>\n<p><strong>7.<\/strong>\u00a0To insert the output of a command into the current document:<\/p>\n<pre>:r! command\r\n<\/pre>\n<p>For example, to insert the date and time in the line below the current position of the cursor:<\/p>\n<div id=\"attachment_12055\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Insert-Time-and-Date-in-vi-Editor.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12055\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Insert-Time-and-Date-in-vi-Editor.png\" alt=\"Insert Time an Date in vi Editor\" width=\"160\" height=\"61\" aria-describedby=\"caption-attachment-12055\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12055\" class=\"wp-caption-text\">Insert Time an Date in vi Editor<\/p>\n<\/div>\n<p>In another article that I wrote for, (<a href=\"https:\/\/www.tecmint.com\/vi-editor-usage\/\" target=\"_blank\" rel=\"noopener\">Part 2 of the LFCS series<\/a>), I explained in greater detail the keyboard shortcuts and functions available in vim. You may want to refer to that tutorial for further examples on how to use this powerful text editor.<\/p>\n<h3>Analyzing Text with Grep and Regular Expressions<\/h3>\n<p>By now you have learned how to create and edit files using\u00a0<strong>nano<\/strong>\u00a0or\u00a0<strong>vim<\/strong>. Say you become a text editor ninja, so to speak \u2013 now what? Among other things, you will also need how to search for regular expressions inside text.<\/p>\n<p>A regular expression (also known as \u201c<strong>regex<\/strong>\u201d or \u201c<strong>regexp<\/strong>\u201c) is a way of identifying a text string or pattern so that a program can compare the pattern against arbitrary text strings. Although the use of regular expressions along with grep would deserve an entire article on its own, let us review the basics here:<\/p>\n<p><strong>1.<\/strong>\u00a0The simplest regular expression is an alphanumeric string (i.e., the word \u201c<strong>svm<\/strong>\u201d) or two (when two are present, you can use the\u00a0<strong>|<\/strong>\u00a0(<strong>OR<\/strong>) operator):<\/p>\n<pre># grep -Ei 'svm|vmx' \/proc\/cpuinfo\r\n<\/pre>\n<p>The presence of either of those two strings indicate that your processor supports virtualization:<\/p>\n<div id=\"attachment_12056\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Regular-Expression-Example.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12056\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Regular-Expression-Example.png\" alt=\"Regular Expression Example\" width=\"296\" height=\"126\" aria-describedby=\"caption-attachment-12056\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12056\" class=\"wp-caption-text\">Regular Expression Example<\/p>\n<\/div>\n<p><strong>2.<\/strong>\u00a0A second kind of a regular expression is a range list, enclosed between square brackets.<\/p>\n<p>For example,\u00a0<code>c[aeiou]t<\/code>\u00a0matches the strings cat, cet, cit, cot, and cut, whereas\u00a0<code>[a-z]<\/code>\u00a0and\u00a0<code>[0-9]<\/code>\u00a0match any lowercase letter or decimal digit, respectively. If you want to repeat the regular expression\u00a0<strong>X<\/strong>\u00a0certain number of times, type\u00a0<code>{X}<\/code>\u00a0immediately following the regexp.<\/p>\n<p>For example, let\u2019s extract the\u00a0<strong>UUIDs<\/strong>\u00a0of storage devices from\u00a0<code>\/etc\/fstab<\/code>:<\/p>\n<pre># grep -Ei '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o \/etc\/fstab\r\n<\/pre>\n<div id=\"attachment_12057\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Extract-String-from-a-File.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12057\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Extract-String-from-a-File-620x95.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Extract-String-from-a-File-620x95.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Extract-String-from-a-File.png 669w\" alt=\"Extract String from a File in Linux\" width=\"620\" height=\"95\" aria-describedby=\"caption-attachment-12057\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12057\" class=\"wp-caption-text\">Extract String from a File<\/p>\n<\/div>\n<p>The first expression in brackets\u00a0<code>[0-9a-f]<\/code>\u00a0is used to denote lowercase hexadecimal characters, and\u00a0<code>{8}<\/code>\u00a0is a quantifier that indicates the number of times that the preceding match should be repeated (the first sequence of characters in an\u00a0<strong>UUID<\/strong>\u00a0is a 8-character long hexadecimal string).<\/p>\n<p>The parentheses, the\u00a0<code>{4}<\/code>\u00a0quantifier, and the hyphen indicate that the next sequence is a 4-character long hexadecimal string, and the quantifier that follows\u00a0<code>({3})<\/code>\u00a0denote that the expression should be repeated 3 times.<\/p>\n<p>Finally, the last sequence of 12-character long hexadecimal string in the UUID is retrieved with\u00a0<code>[0-9a-f]{12}<\/code>, and the\u00a0<strong>-o<\/strong>\u00a0option prints only the matched (non-empty) parts of the matching line in\u00a0<strong>\/etc\/fstab<\/strong>.<\/p>\n<p><strong>3.<\/strong>\u00a0POSIX character classes.<\/p>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"center\" bgcolor=\"#999999\" height=\"25\"><b>Character Class<\/b><\/td>\n<td align=\"center\" bgcolor=\"#999999\"><b>Matches\u2026<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:alnum:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any alphanumeric [a-zA-Z0-9] character<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:alpha:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any alphabetic [a-zA-Z] character<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:blank:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Spaces or tabs<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:cntrl:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any control characters (ASCII 0 to 32)<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:digit:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any numeric digits [0-9]<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:graph:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any visible characters<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:lower:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any lowercase [a-z] character<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:print:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any non-control characters<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:space:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any whitespace<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:punct:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any punctuation marks<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:upper:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any uppercase [A-Z] character<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[[:xdigit:]]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any hex digits [0-9a-fA-F]<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" bgcolor=\"#FFFFFF\" height=\"21\">\u00a0[:word:]<\/td>\n<td align=\"left\" bgcolor=\"#FFFFFF\">\u00a0Any letters, numbers, and underscores [a-zA-Z0-9_]<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>For example, we may be interested in finding out what the used\u00a0<strong>UIDs<\/strong>\u00a0and\u00a0<strong>GIDs<\/strong>\u00a0(refer to\u00a0<a href=\"https:\/\/www.tecmint.com\/file-and-directory-management-in-linux\/\" target=\"_blank\" rel=\"noopener\">Part 2<\/a>\u00a0of this series to refresh your memory) are for real users that have been added to our system. Thus, we will search for sequences of 4 digits in\u00a0<strong>\/etc\/passwd<\/strong>:<\/p>\n<pre># grep -Ei [[:digit:]]{4} \/etc\/passwd\r\n<\/pre>\n<div id=\"attachment_12058\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Search-For-String-in-File.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12058\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Search-For-String-in-File.png\" alt=\"Search For a String in File\" width=\"516\" height=\"77\" aria-describedby=\"caption-attachment-12058\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12058\" class=\"wp-caption-text\">Search For a String in File<\/p>\n<\/div>\n<p>The above example may not be the best case of use of regular expressions in the real world, but it clearly illustrates how to use\u00a0<strong>POSIX<\/strong>\u00a0character classes to analyze text along with\u00a0<strong>grep<\/strong>.<\/p>\n<h3>Conclusion<\/h3>\n<p>In this article we have provided some tips to make the most of\u00a0<strong>nano<\/strong>\u00a0and\u00a0<strong>vim<\/strong>, two text editors for the command-line users. Both tools are supported by extensive documentation, which you can consult in their respective official web sites (links given below) and using the suggestions given in\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-reviewing-essential-commands-system-documentation\/\" target=\"_blank\" rel=\"noopener\">Part 1<\/a>\u00a0of this series.<\/p>\n<h4>Reference Links<\/h4>\n<p><a href=\"http:\/\/www.nano-editor.org\/\" target=\"_blank\" rel=\"noopener\">http:\/\/www.nano-editor.org\/<\/a><br \/>\n<a href=\"https:\/\/www.vim.org\/\" target=\"_blank\" rel=\"noopener\">http:\/\/www.vim.org\/<\/a><\/p>\n<h1 class=\"post-title\">RHCSA Series: Process Management in RHEL 7: Boot, Shutdown, and Everything in Between \u2013 Part 5<\/h1>\n<p>We will start this article with an overall and brief revision of what happens since the moment you press the\u00a0<strong>Power<\/strong>\u00a0button to turn on your\u00a0<strong>RHEL 7<\/strong>\u00a0server until you are presented with the login screen in a command line interface.<\/p>\n<div id=\"attachment_12273\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Process.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12273\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Process-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Process-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Process-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Process.png 720w\" alt=\"RHEL 7 Boot Process\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-12273\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12273\" class=\"wp-caption-text\">Linux Boot Process<\/p>\n<\/div>\n<p>Please note that:<\/p>\n<p><strong>1.<\/strong>\u00a0the same basic principles apply, with perhaps minor modifications, to other Linux distributions as well, and<br \/>\n<strong>2.<\/strong>\u00a0the following description is not intended to represent an exhaustive explanation of the boot process, but only the fundamentals.<\/p>\n<h3>Linux Boot Process<\/h3>\n<p><strong>1.<\/strong>\u00a0The\u00a0<strong>POST<\/strong>\u00a0(Power On Self Test) initializes and performs hardware checks.<\/p>\n<p><strong>2.<\/strong>\u00a0When the\u00a0<strong>POST<\/strong>\u00a0finishes, the system control is passed to the first stage boot loader, which is stored on either the boot sector of one of the hard disks (for older systems using BIOS and MBR), or a dedicated (U)EFI partition.<\/p>\n<p><strong>3.<\/strong>\u00a0The first stage boot loader then loads the second stage boot loader, most usually\u00a0<strong>GRUB<\/strong>\u00a0(<strong>GRand Unified Boot Loader<\/strong>), which resides inside\u00a0<strong>\/boot<\/strong>, which in turn loads the kernel and the initial RAM\u2013based file system (also known as\u00a0<strong>initramfs<\/strong>, which contains programs and binary files that perform the necessary actions needed to ultimately mount the actual root filesystem).<\/p>\n<p><strong>4.<\/strong>\u00a0We are presented with a splash screen that allows us to choose an operating system and kernel to boot:<\/p>\n<div id=\"attachment_12268\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Screen.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12268\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Screen-620x317.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Screen-620x317.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/RHEL-7-Boot-Screen.png 708w\" alt=\"RHEL 7 Boot Screen\" width=\"620\" height=\"317\" aria-describedby=\"caption-attachment-12268\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12268\" class=\"wp-caption-text\">Boot Menu Screen<\/p>\n<\/div>\n<p><strong>5.<\/strong>\u00a0The kernel sets up the hardware attached to the system and once the root filesystem has been mounted, launches process with\u00a0<strong>PID 1<\/strong>, which in turn will initialize other processes and present us with a login prompt.<\/p>\n<p><strong>Note<\/strong>: That if we wish to do so at a later time, we can examine the specifics of this process using the\u00a0<a href=\"https:\/\/www.tecmint.com\/dmesg-commands\/\" target=\"_blank\" rel=\"noopener\">dmesg command<\/a>\u00a0and filtering its output using the tools that we have explained in previous articles of this series.<\/p>\n<div id=\"attachment_12269\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Login-Screen-Process-PID.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12269\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Login-Screen-Process-PID-620x272.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Login-Screen-Process-PID-620x272.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Login-Screen-Process-PID.png 847w\" alt=\"Login Screen and Process PID\" width=\"620\" height=\"272\" aria-describedby=\"caption-attachment-12269\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12269\" class=\"wp-caption-text\">Login Screen and Process PID<\/p>\n<\/div>\n<p>In the example above, we used the well-known\u00a0<strong>ps command<\/strong>\u00a0to display a list of current processes whose parent process (or in other words, the process that started them) is\u00a0<strong>systemd<\/strong>\u00a0(the system and service manager that most modern Linux distributions have switched to) during system startup:<\/p>\n<pre># ps -o ppid,pid,uname,comm --ppid=1\r\n<\/pre>\n<p>Remember that the\u00a0<strong>-o<\/strong>\u00a0flag (short for\u00a0<strong>\u2013format<\/strong>) allows you to present the output of\u00a0<strong>ps<\/strong>\u00a0in a customized format to suit your needs using the keywords specified in the\u00a0<strong>STANDARD FORMAT SPECIFIERS<\/strong>\u00a0section in\u00a0<strong>man ps<\/strong>.<\/p>\n<p>Another case in which you will want to define the output of\u00a0<strong>ps<\/strong>\u00a0instead of going with the default is when you need to find processes that are causing a significant CPU and \/ or memory load, and sort them accordingly:<\/p>\n<pre># ps aux --sort=+pcpu              # Sort by %CPU (ascending)\r\n# ps aux --sort=-pcpu              # Sort by %CPU (descending)\r\n# ps aux --sort=+pmem              # Sort by %MEM (ascending)\r\n# ps aux --sort=-pmem              # Sort by %MEM (descending)\r\n# ps aux --sort=+pcpu,-pmem        # Combine sort by %CPU (ascending) and %MEM (descending)\r\n<\/pre>\n<div id=\"attachment_12270\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/ps-command-output.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12270\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/ps-command-output-620x136.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/ps-command-output-620x136.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/ps-command-output-1024x224.png 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/ps-command-output.png 1059w\" alt=\"Customize ps Command Output\" width=\"620\" height=\"136\" aria-describedby=\"caption-attachment-12270\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12270\" class=\"wp-caption-text\">Customize ps Command Output<\/p>\n<\/div>\n<h3>An Introduction to SystemD<\/h3>\n<p>Few decisions in the Linux world have caused more controversies than the adoption of\u00a0<strong>systemd<\/strong>\u00a0by major Linux distributions. Systemd\u2019s advocates name as its main advantages the following facts:<\/p>\n<p><strong>Read Also:<\/strong>\u00a0<a href=\"https:\/\/www.tecmint.com\/systemd-replaces-init-in-linux\/\" target=\"_blank\" rel=\"noopener\">The Story Behind \u2018init\u2019 and \u2018systemd\u2019<\/a><\/p>\n<p><strong>1.<\/strong>\u00a0Systemd allows more processing to be done in parallel during system startup (as opposed to older\u00a0<strong>SysVinit<\/strong>, which always tends to be slower because it starts processes one by one, checks if one depends on another, and then waits for daemons to launch so more services can start), and<\/p>\n<p><strong>2.<\/strong>\u00a0It works as a dynamic resource management in a running system. Thus, services are started when needed (to avoid consuming system resources if they are not being used) instead of being launched without a valid reason during boot.<\/p>\n<p><strong>3.<\/strong>\u00a0Backwards compatibility with\u00a0<strong>SysVinit<\/strong>\u00a0scripts.<\/p>\n<p><strong>Systemd<\/strong>\u00a0is controlled by the\u00a0<strong>systemctl<\/strong>\u00a0utility. If you come from a\u00a0<strong>SysVinit<\/strong>\u00a0background, chances are you will be familiar with:<\/p>\n<ol>\n<li>the\u00a0<strong>service<\/strong>\u00a0tool, which -in those older systems- was used to manage SysVinit scripts, and<\/li>\n<li>the\u00a0<a title=\"chkconfig command in linux\" href=\"https:\/\/www.tecmint.com\/chkconfig-command-examples\/\" target=\"_blank\" rel=\"noopener\">chkconfig<\/a>\u00a0utility, which served the purpose of updating and querying runlevel information for system services.<\/li>\n<li><strong>shutdown<\/strong>, which you must have used several times to either restart or halt a running system.<\/li>\n<\/ol>\n<p>The following table shows the similarities between the use of these legacy tools and\u00a0<strong>systemctl<\/strong>:<\/p>\n<table border=\"0\" cellspacing=\"0\">\n<tbody>\n<tr>\n<td align=\"left\" bgcolor=\"#B7B7B7\" height=\"25\"><b>Legacy tool<\/b><\/td>\n<td align=\"left\" bgcolor=\"#B7B7B7\"><b>Systemctl equivalent<\/b><\/td>\n<td align=\"left\" bgcolor=\"#B7B7B7\"><b>Description<\/b><\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" height=\"21\">service name start<\/td>\n<td align=\"left\">systemctl start name<\/td>\n<td align=\"left\">Start name (where name is a service)<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"21\">service name stop<\/td>\n<td align=\"left\">systemctl stop name<\/td>\n<td align=\"left\">Stop name<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" height=\"21\">service name condrestart<\/td>\n<td align=\"left\">systemctl try-restart name<\/td>\n<td align=\"left\">Restarts name (if it\u2019s already running)<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"21\">service name restart<\/td>\n<td align=\"left\">systemctl restart name<\/td>\n<td align=\"left\">Restarts name<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" height=\"21\">service name reload<\/td>\n<td align=\"left\">systemctl reload name<\/td>\n<td align=\"left\">Reloads the configuration for name<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"21\">service name status<\/td>\n<td align=\"left\">systemctl status name<\/td>\n<td align=\"left\">Displays the current status of name<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" height=\"23\">service \u2013status-all<\/td>\n<td align=\"left\">systemctl<\/td>\n<td align=\"left\">Displays the status of all current services<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"21\">chkconfig name on<\/td>\n<td align=\"left\">systemctl enable name<\/td>\n<td align=\"left\">Enable name to run on startup as specified in the unit file (the file to which the symlink points). The process of enabling or disabling a service to start automatically on boot consists in adding or removing symbolic links inside the \/etc\/systemd\/system directory.<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" height=\"21\">chkconfig name off<\/td>\n<td align=\"left\">systemctl disable name<\/td>\n<td align=\"left\">Disables name to run on startup as specified in the unit file (the file to which the symlink points)<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"21\">chkconfig \u2013list name<\/td>\n<td align=\"left\">systemctl is-enabled name<\/td>\n<td align=\"left\">Verify whether name (a specific service) is currently enabled<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" height=\"23\">chkconfig \u2013list<\/td>\n<td align=\"left\">systemctl \u2013type=service<\/td>\n<td align=\"left\">Displays all services and tells whether they are enabled or disabled<\/td>\n<\/tr>\n<tr>\n<td align=\"left\" height=\"23\">shutdown -h now<\/td>\n<td align=\"left\">systemctl poweroff<\/td>\n<td align=\"left\">Power-off the machine (halt)<\/td>\n<\/tr>\n<tr class=\"alt\">\n<td align=\"left\" height=\"23\">shutdown -r now<\/td>\n<td align=\"left\">systemctl reboot<\/td>\n<td align=\"left\">Reboot the system<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Systemd<\/strong>\u00a0also introduced the concepts of units (which can be either a service, a mount point, a device, or a network socket) and targets (which is how systemd manages to start several related process at the same time, and can be considered -though not equal- as the equivalent of runlevels in\u00a0<strong>SysVinit-based<\/strong>\u00a0systems.<\/p>\n<h3>Summing Up<\/h3>\n<p>Other tasks related with process management include, but may not be limited to, the ability to:<\/p>\n<h6>1. Adjust the execution priority as far as the use of system resources is concerned of a process:<\/h6>\n<p>This is accomplished through the\u00a0<strong>renice<\/strong>\u00a0utility, which alters the scheduling priority of one or more running processes. In simple terms, the scheduling priority is a feature that allows the kernel (present in versions\u00a0<strong>=&gt; 2.6<\/strong>) to allocate system resources as per the assigned execution priority (aka niceness, in a range from\u00a0<strong>-20<\/strong>\u00a0through\u00a0<strong>19<\/strong>) of a given process.<\/p>\n<p>The basic syntax of\u00a0<strong>renice<\/strong>\u00a0is as follows:<\/p>\n<pre># renice [-n] priority [-gpu] identifier\r\n<\/pre>\n<p>In the generic command above, the first argument is the priority value to be used, whereas the other argument can be interpreted as process\u00a0<strong>IDs<\/strong>\u00a0(which is the default setting), process group IDs, user IDs, or user names. A normal user (other than root) can only modify the scheduling priority of a process he or she owns, and only increase the niceness level (which means taking up less system resources).<\/p>\n<div id=\"attachment_12271\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Process-Scheduling-Priority.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12271\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Process-Scheduling-Priority-620x98.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Process-Scheduling-Priority-620x98.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Process-Scheduling-Priority-1024x162.png 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Process-Scheduling-Priority.png 1237w\" alt=\"Renice Process in Linux\" width=\"620\" height=\"98\" aria-describedby=\"caption-attachment-12271\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12271\" class=\"wp-caption-text\">Process Scheduling Priority<\/p>\n<\/div>\n<h6>2. Kill (or interrupt the normal execution) of a process as needed:<\/h6>\n<p>In more precise terms, killing a process entitles sending it a signal to either finish its execution gracefully (<strong>SIGTERM=15<\/strong>) or immediately (<strong>SIGKILL=9<\/strong>) through the\u00a0<a title=\"Kill or Pkill Commands in Linux\" href=\"https:\/\/www.tecmint.com\/how-to-kill-a-process-in-linux\/\" target=\"_blank\" rel=\"noopener\">kill or pkill commands<\/a>.<\/p>\n<p>The difference between these two tools is that the former is used to terminate a specific process or a process group altogether, while the latter allows you to do the same based on name and other attributes.<\/p>\n<p>In addition,\u00a0<strong>pkill<\/strong>\u00a0comes bundled with\u00a0<strong>pgrep<\/strong>, which shows you the PIDs that will be affected should pkill be used. For example, before running:<\/p>\n<pre># pkill -u gacanepa\r\n<\/pre>\n<p>It may be useful to view at a glance which are the\u00a0<strong>PIDs<\/strong>\u00a0owned by\u00a0<strong>gacanepa<\/strong>:<\/p>\n<pre># pgrep -l -u gacanepa\r\n<\/pre>\n<div id=\"attachment_12272\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Find-PIDs-of-User.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12272\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/03\/Find-PIDs-of-User.png\" alt=\"Find PIDs of User\" width=\"305\" height=\"107\" aria-describedby=\"caption-attachment-12272\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12272\" class=\"wp-caption-text\">Find PIDs of User<\/p>\n<\/div>\n<p>By default, both\u00a0<strong>kill<\/strong>\u00a0and\u00a0<strong>pkill<\/strong>\u00a0send the\u00a0<strong>SIGTERM<\/strong>\u00a0signal to the process. As we mentioned above, this signal can be ignored (while the process finishes its execution or for good), so when you seriously need to stop a running process with a valid reason, you will need to specify the\u00a0<strong>SIGKILL<\/strong>\u00a0signal on the command line:<\/p>\n<pre># kill -9 identifier               # Kill a process or a process group\r\n# kill -s SIGNAL identifier        # Idem\r\n# pkill -s SIGNAL identifier       # Kill a process by name or other attributes \r\n<\/pre>\n<h3>Conclusion<\/h3>\n<p>In this article we have explained the basics of the\u00a0<strong>boot process<\/strong>\u00a0in a\u00a0<strong>RHEL 7<\/strong>\u00a0system, and analyzed some of the tools that are available to help you with managing processes using common utilities and systemd-specific commands.<\/p>\n<p>Note that this list is not intended to cover all the bells and whistles of this topic, so feel free to add your own preferred tools and commands to this article using the comment form below. Questions and other comments are also welcome.<\/p>\n<h1 class=\"post-title\">RHCSA Series: Using \u2018Parted\u2019 and \u2018SSM\u2019 to Configure and Encrypt System Storage \u2013 Part 6<\/h1>\n<p>In this article we will discuss how to set up and configure local system storage in\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>using classic tools and introducing the\u00a0<strong>System Storage Manager<\/strong>\u00a0(also known as\u00a0<strong>SSM<\/strong>), which greatly simplifies this task.<\/p>\n<div id=\"attachment_12446\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-and-Encrypt-System-Storage.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12446\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-and-Encrypt-System-Storage-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-and-Encrypt-System-Storage-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-and-Encrypt-System-Storage-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-and-Encrypt-System-Storage.png 720w\" alt=\"Configure and Encrypt System Storage\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-12446\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12446\" class=\"wp-caption-text\">RHCSA: Configure and Encrypt System Storage \u2013 Part 6<\/p>\n<\/div>\n<p>Please note that we will present this topic in this article but will continue its description and usage on the next one (Part 7) due to vastness of the subject.<\/p>\n<h3>Creating and Modifying Partitions in RHEL 7<\/h3>\n<p>In RHEL 7,\u00a0<b>parted<\/b>\u00a0is the default utility to work with partitions, and will allow you to:<\/p>\n<ol>\n<li>Display the current partition table<\/li>\n<li>Manipulate (increase or decrease the size of) existing partitions<\/li>\n<li>Create partitions using free space or additional physical storage devices<\/li>\n<\/ol>\n<p>It is recommended that before attempting the creation of a new partition or the modification of an existing one, you should ensure that none of the partitions on the device are in use (<code>umount \/dev\/partition<\/code>), and if you\u2019re using part of the device as swap you need to disable it (<code>swapoff -v \/dev\/partition<\/code>) during the process.<\/p>\n<p>The easiest way to do this is to boot\u00a0<strong>RHEL<\/strong>\u00a0in\u00a0<strong>rescue mode<\/strong>\u00a0using an installation media such as a\u00a0<strong>RHEL 7<\/strong>installation\u00a0<strong>DVD<\/strong>\u00a0or\u00a0<strong>USB<\/strong>\u00a0(<strong>Troubleshooting<\/strong>\u00a0<strong>\u2192<\/strong>\u00a0<strong>Rescue a Red Hat Enterprise Linux system<\/strong>) and Select\u00a0<strong>Skip<\/strong>\u00a0when you\u2019re prompted to choose an option to mount the existing Linux installation, and you will be presented with a command prompt where you can start typing the same commands as shown as follows during the creation of an ordinary partition in a physical device that is not being used.<\/p>\n<div id=\"attachment_12425\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/RHEL-7-Rescue-Mode.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12425\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/RHEL-7-Rescue-Mode-488x450.png\" sizes=\"auto, (max-width: 488px) 100vw, 488px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/RHEL-7-Rescue-Mode-488x450.png 488w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/RHEL-7-Rescue-Mode.png 515w\" alt=\"RHEL 7 Rescue Mode\" width=\"488\" height=\"450\" aria-describedby=\"caption-attachment-12425\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12425\" class=\"wp-caption-text\">RHEL 7 Rescue Mode<\/p>\n<\/div>\n<p>To start\u00a0<strong>parted<\/strong>, simply type.<\/p>\n<pre># parted \/dev\/sdb\r\n<\/pre>\n<p>Where\u00a0<code>\/dev\/sdb<\/code>\u00a0is the device where you will create the new partition; next, type\u00a0<strong>print<\/strong>\u00a0to display the current drive\u2019s partition table:<\/p>\n<div id=\"attachment_12426\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-New-Partition.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12426\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-New-Partition.png\" alt=\"Creat New Partition\" width=\"501\" height=\"209\" aria-describedby=\"caption-attachment-12426\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12426\" class=\"wp-caption-text\">Creat New Partition<\/p>\n<\/div>\n<p>As you can see, in this example we are using a virtual drive of\u00a0<strong>5 GB<\/strong>. We will now proceed to create a\u00a0<strong>4 GB<\/strong>primary partition and then format it with the\u00a0<strong>xfs<\/strong>\u00a0filesystem, which is the default in\u00a0<strong>RHEL 7<\/strong>.<\/p>\n<p>You can choose from a variety of file systems. You will need to manually create the partition with\u00a0<strong>mkpart<\/strong>\u00a0and then format it with\u00a0<strong>mkfs.fstype<\/strong>\u00a0as usual because\u00a0<strong>mkpart<\/strong>\u00a0does not support many modern filesystems out-of-the-box.<\/p>\n<p>In the following example we will set a label for the device and then create a primary partition\u00a0<code>(p)<\/code>\u00a0on\u00a0<code>\/dev\/sdb<\/code>, which starts at the\u00a0<strong>0%<\/strong>\u00a0percentage of the device and ends at\u00a0<strong>4000 MB<\/strong>\u00a0(<strong>4 GB<\/strong>):<\/p>\n<div id=\"attachment_12427\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Label-Partition.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12427\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Label-Partition.png\" alt=\"Set Partition Name in Linux\" width=\"488\" height=\"294\" aria-describedby=\"caption-attachment-12427\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12427\" class=\"wp-caption-text\">Label Partition Name<\/p>\n<\/div>\n<p>Next, we will format the partition as\u00a0<strong>xfs<\/strong>\u00a0and print the partition table again to verify that changes were applied:<\/p>\n<pre># mkfs.xfs \/dev\/sdb1\r\n# parted \/dev\/sdb print\r\n<\/pre>\n<div id=\"attachment_12428\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Format-Partition-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12428\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Format-Partition-in-Linux.png\" alt=\"Format Partition in Linux\" width=\"605\" height=\"360\" aria-describedby=\"caption-attachment-12428\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12428\" class=\"wp-caption-text\">Format Partition as XFS Filesystem<\/p>\n<\/div>\n<p>For older filesystems, you could use the\u00a0<strong>resize<\/strong>\u00a0command in parted to resize a partition. Unfortunately, this only applies to ext2, fat16, fat32, hfs, linux-swap, and reiserfs (if libreiserfs is installed).<\/p>\n<p>Thus, the only way to resize a partition is by deleting it and creating it again (so make sure you have a good backup of your data!). No wonder the default partitioning scheme in\u00a0<strong>RHEL 7<\/strong>\u00a0is based on\u00a0<strong>LVM<\/strong>.<\/p>\n<p>To remove a partition with\u00a0<strong>parted<\/strong>:<\/p>\n<pre># parted \/dev\/sdb print\r\n# parted \/dev\/sdb rm 1\r\n<\/pre>\n<div id=\"attachment_12429\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-Partition-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12429\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-Partition-in-Linux-620x383.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-Partition-in-Linux-620x383.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-Partition-in-Linux.png 644w\" alt=\"Remove Partition in Linux\" width=\"620\" height=\"383\" aria-describedby=\"caption-attachment-12429\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12429\" class=\"wp-caption-text\">Remove or Delete Partition<\/p>\n<\/div>\n<h3>The Logical Volume Manager (LVM)<\/h3>\n<p>Once a disk has been partitioned, it can be difficult or risky to change the partition sizes. For that reason, if we plan on resizing the partitions on our system, we should consider the possibility of using\u00a0<strong>LVM<\/strong>\u00a0instead of the classic partitioning system, where several physical devices can form a volume group that will host a defined number of logical volumes, which can be expanded or reduced without any hassle.<\/p>\n<p>In simple terms, you may find the following diagram useful to remember the basic architecture of\u00a0<strong>LVM<\/strong>.<\/p>\n<div id=\"attachment_12430\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/LVM-Diagram.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12430\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/LVM-Diagram-620x313.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/LVM-Diagram-620x313.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/LVM-Diagram.png 744w\" alt=\"Basic Architecture of LVM\" width=\"620\" height=\"313\" aria-describedby=\"caption-attachment-12430\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12430\" class=\"wp-caption-text\">Basic Architecture of LVM<\/p>\n<\/div>\n<h4>Creating Physical Volumes, Volume Group and Logical Volumes<\/h4>\n<p>Follow these steps in order to set up\u00a0<strong>LVM<\/strong>\u00a0using classic volume management tools. Since you can expand this topic reading the\u00a0<a title=\"RHEL 7 LVM Configuration\" href=\"https:\/\/www.tecmint.com\/create-lvm-storage-in-linux\/\" target=\"_blank\" rel=\"noopener\">LVM series on this site<\/a>, I will only outline the basic steps to set up LVM, and then compare them to implementing the same functionality with SSM.<\/p>\n<p><strong>Note<\/strong>: That we will use the whole disks\u00a0<code>\/dev\/sdb<\/code>\u00a0and\u00a0<code>\/dev\/sdc<\/code>\u00a0as\u00a0<strong>PVs<\/strong>\u00a0(<strong>Physical Volumes<\/strong>) but it\u2019s entirely up to you if you want to do the same.<\/p>\n<p><strong>1.<\/strong>\u00a0Create partitions\u00a0<code>\/dev\/sdb1<\/code>\u00a0and\u00a0<code>\/dev\/sdc1<\/code>\u00a0using\u00a0<strong>100%<\/strong>\u00a0of the available disk space in\u00a0<strong>\/dev\/sdb<\/strong>\u00a0and\u00a0<strong>\/dev\/sdc<\/strong>:<\/p>\n<pre># parted \/dev\/sdb print\r\n# parted \/dev\/sdc print\r\n<\/pre>\n<div id=\"attachment_12437\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-New-Partitions.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12437\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-New-Partitions.png\" alt=\"Create New Partitions\" width=\"494\" height=\"362\" aria-describedby=\"caption-attachment-12437\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12437\" class=\"wp-caption-text\">Create New Partitions<\/p>\n<\/div>\n<p><strong>2.<\/strong>\u00a0Create\u00a0<strong>2<\/strong>\u00a0physical volumes on top of\u00a0<code>\/dev\/sdb1<\/code>\u00a0and\u00a0<code>\/dev\/sdc1<\/code>, respectively.<\/p>\n<pre># pvcreate \/dev\/sdb1\r\n# pvcreate \/dev\/sdc1\r\n<\/pre>\n<div id=\"attachment_12432\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-Physical-Volumes.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12432\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-Physical-Volumes.png\" alt=\"Create Two Physical Volumes\" width=\"408\" height=\"86\" aria-describedby=\"caption-attachment-12432\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12432\" class=\"wp-caption-text\">Create Two Physical Volumes<\/p>\n<\/div>\n<p>Remember that you can use\u00a0<strong>pvdisplay \/dev\/sd{b,c}1<\/strong>\u00a0to show information about the newly created\u00a0<strong>PVs<\/strong>.<\/p>\n<p><strong>3.<\/strong>\u00a0Create a\u00a0<strong>VG<\/strong>\u00a0on top of the\u00a0<strong>PV<\/strong>\u00a0that you created in the previous step:<\/p>\n<pre># vgcreate tecmint_vg \/dev\/sd{b,c}1\r\n<\/pre>\n<div id=\"attachment_12438\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-Volume-Group.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12438\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-Volume-Group.png\" alt=\"Create Volume Group in Linux\" width=\"399\" height=\"59\" aria-describedby=\"caption-attachment-12438\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12438\" class=\"wp-caption-text\">Create Volume Group<\/p>\n<\/div>\n<p>Remember that you can use\u00a0<strong>vgdisplay tecmint_vg<\/strong>\u00a0to show information about the newly created\u00a0<strong>VG<\/strong>.<\/p>\n<p><strong>4.<\/strong>\u00a0Create three logical volumes on top of\u00a0<strong>VG tecmint_vg<\/strong>, as follows:<\/p>\n<pre># lvcreate -L 3G -n vol01_docs tecmint_vg\t\t[<strong>vol01_docs \u2192 3 GB<\/strong>]\r\n# lvcreate -L 1G -n vol02_logs tecmint_vg\t\t[<strong>vol02_logs \u2192 1 GB<\/strong>]\r\n# lvcreate -l 100%FREE -n vol03_homes tecmint_vg\t[<strong>vol03_homes \u2192 6 GB<\/strong>]\t\r\n<\/pre>\n<div id=\"attachment_12439\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-Logical-Volumes.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12439\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Create-Logical-Volumes.png\" alt=\"Create Logical Volumes in LVM\" width=\"509\" height=\"121\" aria-describedby=\"caption-attachment-12439\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12439\" class=\"wp-caption-text\">Create Logical Volumes<\/p>\n<\/div>\n<p>Remember that you can use\u00a0<strong>lvdisplay tecmint_vg<\/strong>\u00a0to show information about the newly created\u00a0<strong>LVs<\/strong>\u00a0on top of\u00a0<strong>VG tecmint_vg<\/strong>.<\/p>\n<p><strong>5.<\/strong>\u00a0Format each of the logical volumes with\u00a0<strong>xfs<\/strong>\u00a0(do NOT use xfs if you\u2019re planning on shrinking volumes later!):<\/p>\n<pre># mkfs.xfs \/dev\/tecmint_vg\/vol01_docs\r\n# mkfs.xfs \/dev\/tecmint_vg\/vol02_logs\r\n# mkfs.xfs \/dev\/tecmint_vg\/vol03_homes\r\n<\/pre>\n<p><strong>6.<\/strong>\u00a0Finally, mount them:<\/p>\n<pre># mount \/dev\/tecmint_vg\/vol01_docs \/mnt\/docs\r\n# mount \/dev\/tecmint_vg\/vol02_logs \/mnt\/logs\r\n# mount \/dev\/tecmint_vg\/vol03_homes \/mnt\/homes\r\n<\/pre>\n<h4>Removing Logical Volumes, Volume Group and Physical Volumes<\/h4>\n<p><strong>7.<\/strong>\u00a0Now we will reverse the\u00a0<strong>LVM<\/strong>\u00a0implementation and remove the\u00a0<strong>LVs<\/strong>, the\u00a0<strong>VG<\/strong>, and the\u00a0<strong>PVs<\/strong>:<\/p>\n<pre># lvremove \/dev\/tecmint_vg\/vol01_docs\r\n# lvremove \/dev\/tecmint_vg\/vol02_logs\r\n# lvremove \/dev\/tecmint_vg\/vol03_homes\r\n# vgremove \/dev\/tecmint_vg\r\n# pvremove \/dev\/sd{b,c}1\r\n<\/pre>\n<p><strong>8.<\/strong>\u00a0Now let\u2019s install\u00a0<strong>SSM<\/strong>\u00a0and we will see how to perform the above in\u00a0<strong>ONLY 1 STEP!<\/strong><\/p>\n<pre># yum update &amp;&amp; yum install system-storage-manager\r\n<\/pre>\n<p>We will use the same names and sizes as before:<\/p>\n<pre># ssm create -s 3G -n vol01_docs -p tecmint_vg --fstype ext4 \/mnt\/docs \/dev\/sd{b,c}1\r\n# ssm create -s 1G -n vol02_logs -p tecmint_vg --fstype ext4 \/mnt\/logs \/dev\/sd{b,c}1\r\n# ssm create -n vol03_homes -p tecmint_vg --fstype ext4 \/mnt\/homes \/dev\/sd{b,c}1\r\n<\/pre>\n<p>Yes!\u00a0<strong>SSM<\/strong>\u00a0will let you:<\/p>\n<ol>\n<li>initialize block devices as physical volumes<\/li>\n<li>create a volume group<\/li>\n<li>create logical volumes<\/li>\n<li>format LVs, and<\/li>\n<li>mount them using only one command<\/li>\n<\/ol>\n<p><strong>9.<\/strong>\u00a0We can now display the information about\u00a0<strong>PVs<\/strong>,\u00a0<strong>VGs<\/strong>, or\u00a0<strong>LVs<\/strong>, respectively, as follows:<\/p>\n<pre># ssm list dev\r\n# ssm list pool\r\n# ssm list vol\r\n<\/pre>\n<div id=\"attachment_12440\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Display-LVM-Information.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12440\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Display-LVM-Information-620x391.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Display-LVM-Information-620x391.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Display-LVM-Information.png 844w\" alt=\"Check Information of PVs, VGs, or LVs\" width=\"620\" height=\"391\" aria-describedby=\"caption-attachment-12440\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12440\" class=\"wp-caption-text\">Check Information of PVs, VGs, or LVs<\/p>\n<\/div>\n<p><strong>10.<\/strong>\u00a0As we already know, one of the distinguishing features of LVM is the possibility to\u00a0<strong>resize<\/strong>\u00a0(expand or decrease) logical volumes without downtime.<\/p>\n<p>Say we are running out of space in\u00a0<strong>vol02_logs<\/strong>\u00a0but have plenty of space in\u00a0<strong>vol03_homes<\/strong>. We will resize\u00a0<strong>vol03_homes<\/strong>\u00a0to\u00a0<strong>4 GB<\/strong>\u00a0and expand\u00a0<strong>vol02_logs<\/strong>\u00a0to use the remaining space:<\/p>\n<pre># ssm resize -s 4G \/dev\/tecmint_vg\/vol03_homes\r\n<\/pre>\n<p>Run\u00a0<strong>ssm<\/strong>\u00a0list pool again and take note of the free space in\u00a0<strong>tecmint_vg<\/strong>:<\/p>\n<div id=\"attachment_12441\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Check-LVM-Free-Space.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12441\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Check-LVM-Free-Space.png\" alt=\"Check Volume Size\" width=\"446\" height=\"100\" aria-describedby=\"caption-attachment-12441\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12441\" class=\"wp-caption-text\">Check Volume Size<\/p>\n<\/div>\n<p>Then do:<\/p>\n<pre># ssm resize -s+1.99 \/dev\/tecmint_vg\/vol02_logs\r\n<\/pre>\n<p><strong>Note<\/strong>: that the plus sign after the\u00a0<code>-s<\/code>\u00a0flag indicates that the specified value should be added to the present value.<\/p>\n<p><strong>11.<\/strong>\u00a0Removing logical volumes and volume groups is much easier with ssm as well. A simple,<\/p>\n<pre># ssm remove tecmint_vg\r\n<\/pre>\n<p>will return a prompt asking you to confirm the deletion of the\u00a0<strong>VG<\/strong>\u00a0and the\u00a0<strong>LVs<\/strong>\u00a0it contains:<\/p>\n<div id=\"attachment_12442\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-LV-VG.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12442\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-LV-VG-620x147.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-LV-VG-620x147.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Remove-LV-VG.png 752w\" alt=\"Remove Logical Volume and Volume Group\" width=\"620\" height=\"147\" aria-describedby=\"caption-attachment-12442\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12442\" class=\"wp-caption-text\">Remove Logical Volume and Volume Group<\/p>\n<\/div>\n<h3>Managing Encrypted Volumes<\/h3>\n<p><strong>SSM<\/strong>\u00a0also provides system administrators with the capability of managing encryption for new or existing volumes. You will need the\u00a0<strong>cryptsetup<\/strong>\u00a0package installed first:<\/p>\n<pre># yum update &amp;&amp; yum install cryptsetup\r\n<\/pre>\n<p>Then issue the following command to create an encrypted volume. You will be prompted to enter a\u00a0<strong>passphrase<\/strong>to maximize security:<\/p>\n<pre># ssm create -s 3G -n vol01_docs -p tecmint_vg --fstype ext4 --encrypt luks \/mnt\/docs \/dev\/sd{b,c}1\r\n# ssm create -s 1G -n vol02_logs -p tecmint_vg --fstype ext4 --encrypt luks \/mnt\/logs \/dev\/sd{b,c}1\r\n# ssm create -n vol03_homes -p tecmint_vg --fstype ext4 --encrypt luks \/mnt\/homes \/dev\/sd{b,c}1\r\n<\/pre>\n<p>Our next task consists in adding the corresponding entries in\u00a0<strong>\/etc\/fstab<\/strong>\u00a0in order for those logical volumes to be available on boot. Rather than using the device identifier (<strong>\/dev\/something<\/strong>).<\/p>\n<p>We will use each\u00a0<strong>LV\u2019s UUID<\/strong>\u00a0(so that our devices will still be uniquely identified should we add other logical volumes or devices), which we can find out with the\u00a0<strong>blkid<\/strong>\u00a0utility:<\/p>\n<pre># blkid -o value UUID \/dev\/tecmint_vg\/vol01_docs\r\n# blkid -o value UUID \/dev\/tecmint_vg\/vol02_logs\r\n# blkid -o value UUID \/dev\/tecmint_vg\/vol03_homes\r\n<\/pre>\n<p>In our case:<\/p>\n<div id=\"attachment_12443\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Logical-Volume-UUID.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12443\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Logical-Volume-UUID.png\" alt=\"Find Logical Volume UUID\" width=\"515\" height=\"177\" aria-describedby=\"caption-attachment-12443\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12443\" class=\"wp-caption-text\">Find Logical Volume UUID<\/p>\n<\/div>\n<p>Next, create the\u00a0<strong>\/etc\/crypttab<\/strong>\u00a0file with the following contents (change the\u00a0<strong>UUIDs<\/strong>\u00a0for the ones that apply to your setup):<\/p>\n<pre>docs UUID=ba77d113-f849-4ddf-8048-13860399fca8 none\r\nlogs UUID=58f89c5a-f694-4443-83d6-2e83878e30e4 none\r\nhomes UUID=92245af6-3f38-4e07-8dd8-787f4690d7ac none\r\n<\/pre>\n<p>And insert the following entries in\u00a0<strong>\/etc\/fstab<\/strong>. Note that\u00a0<strong>device_name<\/strong>\u00a0(<strong>\/dev\/mapper\/device_name<\/strong>) is the mapper identifier that appears in the first column of\u00a0<strong>\/etc\/crypttab<\/strong>.<\/p>\n<pre># Logical volume vol01_docs:\r\n\/dev\/mapper\/docs    \t\/mnt\/docs   \text4\tdefaults    \t0   \t2\r\n# Logical volume vol02_logs\r\n\/dev\/mapper\/logs    \t\/mnt\/logs   \text4\tdefaults    \t0   \t2\r\n# Logical volume vol03_homes\r\n\/dev\/mapper\/homes    \t\/mnt\/homes   \text4\tdefaults    \t0   \t2\r\n<\/pre>\n<p>Now\u00a0<strong>reboot<\/strong>\u00a0(<strong>systemctl reboot<\/strong>) and you will be prompted to enter the\u00a0<strong>passphrase<\/strong>\u00a0for each\u00a0<strong>LV<\/strong>. Afterwards you can confirm that the mount operation was successful by checking the corresponding mount points:<\/p>\n<div id=\"attachment_12444\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Verify-LV-Mount-Points.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12444\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Verify-LV-Mount-Points-620x367.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Verify-LV-Mount-Points-620x367.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Verify-LV-Mount-Points.png 727w\" alt=\"Verify Logical Volume Mount Points\" width=\"620\" height=\"367\" aria-describedby=\"caption-attachment-12444\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12444\" class=\"wp-caption-text\">Verify Logical Volume Mount Points<\/p>\n<\/div>\n<h3>Conclusion<\/h3>\n<p>In this tutorial we have started to explore how to set up and configure system storage using classic volume management tools and\u00a0<strong>SSM<\/strong>, which also integrates filesystem and encryption capabilities in one package. This makes SSM an invaluable tool for any sysadmin.<\/p>\n<p>Let us know if you have any questions or comments \u2013 feel free to use the form below to get in touch with us!<\/p>\n<h1 class=\"post-title\">RHCSA Series: Using ACLs (Access Control Lists) and Mounting Samba \/ NFS Shares \u2013 Part 7<\/h1>\n<p>In the last article (<a title=\"Configure and Encrypt System Storages in Linux\" href=\"https:\/\/www.tecmint.com\/rhcsa-exam-create-format-resize-delete-and-encrypt-partitions-in-linux\/\" target=\"_blank\" rel=\"noopener\">RHCSA series Part 6<\/a>) we started explaining how to set up and configure local system storage using\u00a0<strong>parted<\/strong>\u00a0and\u00a0<strong>ssm<\/strong>.<\/p>\n<div id=\"attachment_12830\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-ACLs-and-Mounting-NFS-Samba-Shares.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12830\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-ACLs-and-Mounting-NFS-Samba-Shares-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-ACLs-and-Mounting-NFS-Samba-Shares-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-ACLs-and-Mounting-NFS-Samba-Shares-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Configure-ACLs-and-Mounting-NFS-Samba-Shares.png 720w\" alt=\"Configure ACL's and Mounting NFS \/ Samba Shares\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-12830\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12830\" class=\"wp-caption-text\">RHCSA Series:: Configure ACL\u2019s and Mounting NFS \/ Samba Shares \u2013 Part 7<\/p>\n<\/div>\n<p>We also discussed how to create and mount encrypted volumes with a password during system boot. In addition, we warned you to avoid performing critical storage management operations on mounted filesystems. With that in mind we will now review the most used file system formats in\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>\u00a0and then proceed to cover the topics of mounting, using, and\u00a0<strong>unmounting<\/strong>\u00a0both manually and automatically network filesystems (<strong>CIFS<\/strong>\u00a0and\u00a0<strong>NFS<\/strong>), along with the implementation of access control lists for your system.<\/p>\n<h5>Prerequisites<\/h5>\n<p>Before proceeding further, please make sure you have a\u00a0<strong>Samba<\/strong>\u00a0server and a\u00a0<strong>NFS<\/strong>\u00a0server available (note that\u00a0<strong>NFSv2<\/strong>\u00a0is no longer supported in\u00a0<strong>RHEL 7<\/strong>).<\/p>\n<p>During this guide we will use a machine with\u00a0<strong>IP 192.168.0.10<\/strong>\u00a0with both services running in it as server, and a\u00a0<strong>RHEL 7<\/strong>\u00a0box as client with IP address\u00a0<strong>192.168.0.18<\/strong>. Later in the article we will tell you which packages you need to install on the client.<\/p>\n<h3>File System Formats in RHEL 7<\/h3>\n<p>Beginning with\u00a0<strong>RHEL 7<\/strong>,\u00a0<strong>XFS<\/strong>\u00a0has been introduced as the default file system for all architectures due to its high performance and scalability. It currently supports a maximum filesystem size of\u00a0<strong>500 TB<\/strong>\u00a0as per the latest tests performed by Red Hat and its partners for mainstream hardware.<\/p>\n<p>Also,\u00a0<strong>XFS<\/strong>\u00a0enables\u00a0<b>user_xattr<\/b>\u00a0(extended user attributes) and\u00a0<b>acl<\/b>\u00a0(POSIX access control lists) as default mount options, unlike ext3 or ext4 (ext2 is considered deprecated as of RHEL 7), which means that you don\u2019t need to specify those options explicitly either on the command line or in\u00a0<strong>\/etc\/fstab<\/strong>\u00a0when mounting a XFS filesystem (if you want to disable such options in this last case, you have to explicitly use\u00a0<b>no_acl<\/b>\u00a0and\u00a0<b>no_user_xattr<\/b>).<\/p>\n<p>Keep in mind that the extended user attributes can be assigned to files and directories for storing arbitrary additional information such as the mime type, character set or encoding of a file, whereas the access permissions for user attributes are defined by the regular file permission bits.<\/p>\n<h4>Access Control Lists<\/h4>\n<p>As every system administrator, either beginner or expert, is well acquainted with regular access permissions on files and directories, which specify certain privileges (<strong>read<\/strong>,\u00a0<strong>write<\/strong>, and\u00a0<strong>execute<\/strong>) for the owner, the group, and \u201cthe world\u201d (all others). However, feel free to refer to\u00a0<a title=\"How to Manage Users and Groups in RHEL 7\" href=\"https:\/\/www.tecmint.com\/rhcsa-exam-manage-users-and-groups\/\" target=\"_blank\" rel=\"noopener\">Part 3 of the RHCSA series<\/a>\u00a0if you need to refresh your memory a little bit.<\/p>\n<p>However, since the standard\u00a0<strong>ugo\/rwx<\/strong>\u00a0set does not allow to configure different permissions for different users,\u00a0<strong>ACLs<\/strong>\u00a0were introduced in order to define more detailed access rights for files and directories than those specified by regular permissions.<\/p>\n<p>In fact,\u00a0<strong>ACL-defined<\/strong>\u00a0permissions are a superset of the permissions specified by the file permission bits. Let\u2019s see how all of this translates is applied in the real world.<\/p>\n<p><strong>1.<\/strong>\u00a0There are two types of\u00a0<strong>ACLs<\/strong>:\u00a0<strong>access ACLs<\/strong>, which can be applied to either a specific file or a directory), and\u00a0<strong>default ACLs<\/strong>, which can only be applied to a directory. If files contained therein do not have a ACL set, they inherit the default ACL of their parent directory.<\/p>\n<p><strong>2.<\/strong>\u00a0To begin, ACLs can be configured per user, per group, or per an user not in the owning group of a file.<\/p>\n<p><strong>3.<\/strong>\u00a0<strong>ACLs<\/strong>\u00a0are set (and removed) using\u00a0<strong>setfacl<\/strong>, with either the\u00a0<strong>-m<\/strong>\u00a0or\u00a0<strong>-x<\/strong>\u00a0options, respectively.<\/p>\n<p>For example, let us create a group named\u00a0<strong>tecmint<\/strong>\u00a0and add users\u00a0<strong>johndoe<\/strong>\u00a0and\u00a0<strong>davenull<\/strong>\u00a0to it:<\/p>\n<pre># groupadd tecmint\r\n# useradd johndoe\r\n# useradd davenull\r\n# usermod -a -G tecmint johndoe\r\n# usermod -a -G tecmint davenull\r\n<\/pre>\n<p>And let\u2019s verify that both users belong to supplementary group\u00a0<strong>tecmint<\/strong>:<\/p>\n<pre># id johndoe\r\n# id davenull\r\n<\/pre>\n<div id=\"attachment_12822\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Verify-Users.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12822\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Verify-Users.png\" alt=\"Verify Users\" width=\"609\" height=\"100\" aria-describedby=\"caption-attachment-12822\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12822\" class=\"wp-caption-text\">Verify Users<\/p>\n<\/div>\n<p>Let\u2019s now create a directory called playground within\u00a0<strong>\/mnt<\/strong>, and a file named\u00a0<strong>testfile.txt<\/strong><strong>\u00a0inside. We will set the group owner to\u00a0tecmint\u00a0and change its default\u00a0ugo\/rwx\u00a0permissions to\u00a0770\u00a0(read, write, and execute permissions granted to both the owner and the group owner of the file):<\/strong><\/p>\n<pre># mkdir \/mnt\/playground\r\n# touch \/mnt\/playground\/testfile.txt\r\n# chmod 770 \/mnt\/playground\/testfile.txt\r\n<\/pre>\n<p>Then switch user to\u00a0<strong>johndoe<\/strong>\u00a0and\u00a0<strong>davenull<\/strong>, in that order, and write to the file:<\/p>\n<pre>echo \"My name is John Doe\" &gt; \/mnt\/playground\/testfile.txt\r\necho \"My name is Dave Null\" &gt;&gt; \/mnt\/playground\/testfile.txt\r\n<\/pre>\n<p>So far so good. Now let\u2019s have user\u00a0<strong>gacanepa<\/strong>\u00a0write to the file \u2013 and the write operation will fail, which was to be expected.<\/p>\n<p>But what if we actually need user\u00a0<strong>gacanepa<\/strong>\u00a0(who is not a member of group\u00a0<strong>tecmint<\/strong>) to have write permissions on\u00a0<strong>\/mnt\/playground\/testfile.txt?<\/strong>\u00a0The first thing that may come to your mind is adding that user account to group\u00a0<strong>tecmint<\/strong>. But that will give him write permissions on\u00a0<strong>ALL<\/strong>\u00a0files were the write bit is set for the group, and we don\u2019t want that. We only want him to be able to write to\u00a0<strong>\/mnt\/playground\/testfile.txt<\/strong>.<\/p>\n<pre># touch \/mnt\/playground\/testfile.txt\r\n# chown :tecmint \/mnt\/playground\/testfile.txt\r\n# chmod 777 \/mnt\/playground\/testfile.txt\r\n# su johndoe\r\n$ echo \"My name is John Doe\" &gt; \/mnt\/playground\/testfile.txt\r\n$ su davenull\r\n$ echo \"My name is Dave Null\" &gt;&gt; \/mnt\/playground\/testfile.txt\r\n$ su gacanepa\r\n$ echo \"My name is Gabriel Canepa\" &gt;&gt; \/mnt\/playground\/testfile.txt\r\n<\/pre>\n<div id=\"attachment_12823\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/User-Permissions.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12823\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/User-Permissions-620x200.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/User-Permissions-620x200.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/User-Permissions.png 719w\" alt=\"Manage User Permissions\" width=\"620\" height=\"200\" aria-describedby=\"caption-attachment-12823\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12823\" class=\"wp-caption-text\">Manage User Permissions<\/p>\n<\/div>\n<p>Let\u2019s give user\u00a0<strong>gacanepa<\/strong>\u00a0read and write access to\u00a0<strong>\/mnt\/playground\/testfile.txt<\/strong>.<\/p>\n<p>Run as root,<\/p>\n<pre># setfacl -R -m u:gacanepa:rwx \/mnt\/playground\r\n<\/pre>\n<p>and you\u2019ll have successfully added an\u00a0<strong>ACL<\/strong>\u00a0that allows\u00a0<strong>gacanepa<\/strong>\u00a0to write to the test file. Then switch to user\u00a0<strong>gacanepa<\/strong>\u00a0and try to write to the file again:<\/p>\n<pre>$ echo \"My name is Gabriel Canepa\" &gt;&gt; \/mnt\/playground\/testfile.txt\r\n<\/pre>\n<p>To view the\u00a0<strong>ACLs<\/strong>\u00a0for a specific file or directory, use\u00a0<strong>getfacl<\/strong>:<\/p>\n<pre># getfacl \/mnt\/playground\/testfile.txt\r\n<\/pre>\n<div id=\"attachment_12824\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Check-ACL-of-File.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12824\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Check-ACL-of-File.png\" alt=\"Check ACLs of Files\" width=\"444\" height=\"212\" aria-describedby=\"caption-attachment-12824\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12824\" class=\"wp-caption-text\">Check ACLs of Files<\/p>\n<\/div>\n<p>To set a\u00a0<strong>default ACL<\/strong>\u00a0to a directory (which its contents will inherit unless overwritten otherwise), add\u00a0<strong>d:<\/strong>\u00a0before the rule and specify a directory instead of a file name:<\/p>\n<pre># setfacl -m d:o:r \/mnt\/playground\r\n<\/pre>\n<p>The ACL above will allow users not in the owner group to have read access to the future contents of the\u00a0<strong>\/mnt\/playground<\/strong>\u00a0directory. Note the difference in the output of\u00a0<strong>getfacl \/mnt\/playground<\/strong>\u00a0before and after the change:<\/p>\n<div id=\"attachment_12825\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Set-Default-ACL-in-Linux.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-12825\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Set-Default-ACL-in-Linux-620x195.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Set-Default-ACL-in-Linux-620x195.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Set-Default-ACL-in-Linux.png 720w\" alt=\"Set Default ACL in Linux\" width=\"620\" height=\"195\" aria-describedby=\"caption-attachment-12825\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12825\" class=\"wp-caption-text\">Set Default ACL in Linux<\/p>\n<\/div>\n<p><a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/Storage_Administration_Guide\/ch-acls.html\" target=\"_blank\" rel=\"noopener\">Chapter 20 in the official RHEL 7 Storage Administration Guide<\/a>\u00a0provides more ACL examples, and I highly recommend you take a look at it and have it handy as reference.<\/p>\n<h4>Mounting NFS Network Shares<\/h4>\n<p>To show the list of NFS shares available in your server, you can use the\u00a0<strong>showmount<\/strong>\u00a0command with the\u00a0<strong>-e<\/strong>option, followed by the machine name or its IP address. This tool is included in the\u00a0<strong>nfs-utils<\/strong>\u00a0package:<\/p>\n<pre># yum update &amp;&amp; yum install nfs-utils\r\n<\/pre>\n<p>Then do:<\/p>\n<pre># showmount -e 192.168.0.10\r\n<\/pre>\n<p>and you will get a list of the available NFS shares on\u00a0<strong>192.168.0.10<\/strong>:<\/p>\n<div id=\"attachment_12826\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Mount-NFS-Shares.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12826\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Mount-NFS-Shares.png\" alt=\"Check Available NFS Shares\" width=\"343\" height=\"99\" aria-describedby=\"caption-attachment-12826\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12826\" class=\"wp-caption-text\">Check Available NFS Shares<\/p>\n<\/div>\n<p>To mount NFS network shares on the local client using the command line on demand, use the following syntax:<\/p>\n<pre># mount -t nfs -o [options] remote_host:\/remote\/directory \/local\/directory\r\n<\/pre>\n<p>which, in our case, translates to:<\/p>\n<pre># mount -t nfs 192.168.0.10:\/NFS-SHARE \/mnt\/nfs\r\n<\/pre>\n<p>If you get the following error message: \u201c<strong>Job for rpc-statd.service failed. See \u201csystemctl status rpc-statd.service\u201d and \u201cjournalctl -xn\u201d for details.<\/strong>\u201d, make sure the\u00a0<strong>rpcbind<\/strong>\u00a0service is enabled and started in your system first:<\/p>\n<pre># systemctl enable rpcbind.socket\r\n# systemctl restart rpcbind.service\r\n<\/pre>\n<p>and then\u00a0<strong>reboot<\/strong>. That should do the trick and you will be able to mount your NFS share as explained earlier. If you need to mount the NFS share automatically on system boot, add a valid entry to the\u00a0<strong>\/etc\/fstab<\/strong>\u00a0file:<\/p>\n<pre>remote_host:\/remote\/directory \/local\/directory nfs options 0 0\r\n<\/pre>\n<p>The variables\u00a0<strong>remote_host<\/strong>,\u00a0<strong>\/remote\/directory<\/strong>,\u00a0<strong>\/local\/directory<\/strong>, and options (which is optional) are the same ones used when manually mounting an NFS share from the command line. As per our previous example:<\/p>\n<pre>192.168.0.10:\/NFS-SHARE \/mnt\/nfs nfs defaults 0 0\r\n<\/pre>\n<h4>Mounting CIFS (Samba) Network Shares<\/h4>\n<p><strong>Samba<\/strong>\u00a0represents the tool of choice to make a network share available in a network with *nix and Windows machines. To show the Samba shares that are available, use the\u00a0<strong>smbclient<\/strong>\u00a0command with the\u00a0<strong>-L<\/strong>\u00a0flag, followed by the machine name or its IP address. This tool is included in the\u00a0<strong>samba-client\u00a0<\/strong>package:<\/p>\n<p>You will be prompted for root\u2019s password in the remote host:<\/p>\n<pre># smbclient -L 192.168.0.10\r\n<\/pre>\n<div id=\"attachment_12827\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Check-Samba-Shares.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-12827\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/04\/Check-Samba-Shares.png\" alt=\"Check Samba Shares\" width=\"516\" height=\"367\" aria-describedby=\"caption-attachment-12827\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-12827\" class=\"wp-caption-text\">Check Samba Shares<\/p>\n<\/div>\n<p>To mount Samba network shares on the local client you will need to install first the\u00a0<strong>cifs-utils<\/strong>\u00a0package:<\/p>\n<pre># yum update &amp;&amp; yum install cifs-utils\r\n<\/pre>\n<p>Then use the following syntax on the command line:<\/p>\n<pre># mount -t cifs -o credentials=\/path\/to\/credentials\/file \/\/remote_host\/samba_share \/local\/directory\r\n<\/pre>\n<p>which, in our case, translates to:<\/p>\n<pre># mount -t cifs -o credentials=~\/.smbcredentials \/\/192.168.0.10\/gacanepa \/mnt\/samba\r\n<\/pre>\n<p>where smbcredentials:<\/p>\n<pre>username=gacanepa\r\npassword=XXXXXX\r\n<\/pre>\n<p>is a hidden file inside root\u2019s home (<strong>\/root\/<\/strong>) with permissions set to\u00a0<strong>600<\/strong>, so that no one else but the owner of the file can read or write to it.<\/p>\n<p>Please note that the\u00a0<strong>samba_share<\/strong>\u00a0is the name of the Samba share as returned by\u00a0<strong>smbclient -L<\/strong>\u00a0remote_host as shown above.<\/p>\n<p>Now, if you need the Samba share to be available automatically on system boot, add a valid entry to the\u00a0<strong>\/etc\/fstab<\/strong>\u00a0file as follows:<\/p>\n<pre>\/\/remote_host:\/samba_share \/local\/directory cifs options 0 0\r\n<\/pre>\n<p>The variables\u00a0<strong>remote_host<\/strong>,\u00a0<strong>\/samba_share<\/strong>,\u00a0<strong>\/local\/directory<\/strong>, and options (which is optional) are the same ones used when manually mounting a Samba share from the command line. Following the definitions given in our previous example:<\/p>\n<pre>\/\/192.168.0.10\/gacanepa \/mnt\/samba\tcifs credentials=\/root\/smbcredentials,defaults 0 0\r\n<\/pre>\n<h3>Conclusion<\/h3>\n<p>In this article we have explained how to set up\u00a0<strong>ACLs<\/strong>\u00a0in Linux, and discussed how to mount\u00a0<strong>CIFS<\/strong>\u00a0and\u00a0<strong>NFS<\/strong>network shares in a\u00a0<strong>RHEL 7<\/strong>\u00a0client.<\/p>\n<p>I recommend you to practice these concepts and even mix them (go ahead and try to set ACLs in mounted network shares) until you feel comfortable. If you have questions or comments feel free to use the form below to contact us anytime. Also, feel free to share this article through your social networks.<\/p>\n<h1 class=\"post-title\">RHCSA Series: Securing SSH, Setting Hostname and Enabling Network Services \u2013 Part 8<\/h1>\n<p>As a system administrator you will often have to log on to remote systems to perform a variety of administration tasks using a terminal emulator. You will rarely sit in front of a real (physical) terminal, so you need to set up a way to log on remotely to the machines that you will be asked to manage.<\/p>\n<p>In fact, that may be the last thing that you will have to do in front of a physical terminal. For security reasons, using\u00a0<strong>Telnet<\/strong>\u00a0for this purpose is not a good idea, as all traffic goes through the wire in unencrypted, plain text.<\/p>\n<p>In addition, in this article we will also review how to configure network services to start automatically at boot and learn how to set up network and hostname resolution statically or dynamically.<\/p>\n<div id=\"attachment_13223\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Secure-SSH-Server-and-Enable-Network-Services.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13223\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Secure-SSH-Server-and-Enable-Network-Services-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Secure-SSH-Server-and-Enable-Network-Services-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Secure-SSH-Server-and-Enable-Network-Services-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Secure-SSH-Server-and-Enable-Network-Services.png 720w\" alt=\"RHCSA: Secure SSH and Enable Network Services\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-13223\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13223\" class=\"wp-caption-text\">RHCSA: Secure SSH and Enable Network Services \u2013 Part 8<\/p>\n<\/div>\n<h3>Installing and Securing SSH Communication<\/h3>\n<p>For you to be able to log on remotely to a\u00a0<strong>RHEL 7<\/strong>\u00a0box using\u00a0<strong>SSH<\/strong>, you will have to install the\u00a0<strong>openssh<\/strong>,\u00a0<strong>openssh-clients<\/strong>\u00a0and\u00a0<strong>openssh-servers<\/strong>\u00a0packages. The following command not only will install the remote login program, but also the secure file transfer tool, as well as the remote file copy utility:<\/p>\n<pre># yum update &amp;&amp; yum install openssh openssh-clients openssh-servers\r\n<\/pre>\n<p>Note that it\u2019s a good idea to install the server counterparts as you may want to use the same machine as both client and server at some point or another.<\/p>\n<p>After installation, there is a couple of basic things that you need to take into account if you want to secure remote access to your SSH server. The following settings should be present in the\u00a0<code>\/etc\/ssh\/sshd_config<\/code>file.<\/p>\n<p><strong>1.<\/strong>\u00a0Change the port where the sshd daemon will listen on from\u00a0<strong>22<\/strong>\u00a0(the default value) to a high port (<strong>2000<\/strong>\u00a0or greater), but first make sure the chosen port is not being used.<\/p>\n<p>For example, let\u2019s suppose you choose port\u00a0<strong>2500<\/strong>. Use\u00a0<a title=\"Check Network Ports in Linux\" href=\"https:\/\/www.tecmint.com\/20-netstat-commands-for-linux-network-management\/\" target=\"_blank\" rel=\"noopener\">netstat<\/a>\u00a0in order to check whether the chosen port is being used or not:<\/p>\n<pre># netstat -npltu | grep 2500\r\n<\/pre>\n<p>If\u00a0<strong>netstat<\/strong>\u00a0does not return anything, you can safely use port\u00a0<strong>2500<\/strong>\u00a0for sshd, and you should change the Port setting in the configuration file as follows:<\/p>\n<pre>Port 2500\r\n<\/pre>\n<p><strong>2.<\/strong>\u00a0Only allow\u00a0<strong>protocol 2<\/strong>:<\/p>\n<pre>Protocol 2\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a0Configure the authentication timeout to 2 minutes, do not allow root logins, and restrict to a minimum the list of users which are allowed to login via ssh:<\/p>\n<pre>LoginGraceTime 2m\r\nPermitRootLogin no\r\nAllowUsers gacanepa\r\n<\/pre>\n<p><strong>4.<\/strong>\u00a0If possible, use key-based instead of password authentication:<\/p>\n<pre>PasswordAuthentication no\r\nRSAAuthentication yes\r\nPubkeyAuthentication yes\r\n<\/pre>\n<p>This assumes that you have already created a key pair with your user name on your client machine and copied it to your server as explained here.<\/p>\n<ol>\n<li><a href=\"https:\/\/www.tecmint.com\/ssh-passwordless-login-using-ssh-keygen-in-5-easy-steps\/\">Enable SSH Passwordless Login<\/a><\/li>\n<\/ol>\n<h3>Configuring Networking and Name Resolution<\/h3>\n<p><strong>1.<\/strong>\u00a0Every system administrator should be well acquainted with the following system-wide configuration files:<\/p>\n<ol>\n<li><strong>\/etc\/hosts<\/strong>\u00a0is used to resolve names\u00a0<strong>&lt;&#8212;&gt;<\/strong>\u00a0IPs in small networks.<\/li>\n<\/ol>\n<p>Every line in the\u00a0<code>\/etc\/hosts<\/code>\u00a0file has the following structure:<\/p>\n<pre>IP address - Hostname - FQDN\r\n<\/pre>\n<p>For example,<\/p>\n<pre>192.168.0.10\tlaptop\tlaptop.gabrielcanepa.com.ar\r\n<\/pre>\n<p><strong>2.<\/strong>\u00a0<code>\/etc\/resolv.conf<\/code>\u00a0specifies the IP addresses of DNS servers and the search domain, which is used for completing a given query name to a fully qualified domain name when no domain suffix is supplied.<\/p>\n<p>Under normal circumstances, you don\u2019t need to edit this file as it is managed by the system. However, should you want to change DNS servers, be advised that you need to stick to the following structure in each line:<\/p>\n<pre>nameserver - IP address\r\n<\/pre>\n<p>For example,<\/p>\n<pre>nameserver 8.8.8.8\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a03.\u00a0<code>\/etc\/host.conf<\/code>\u00a0specifies the methods and the order by which hostnames are resolved within a network. In other words, tells the name resolver which services to use, and in what order.<\/p>\n<p>Although this file has several options, the most common and basic setup includes a line as follows:<\/p>\n<pre>order bind,hosts\r\n<\/pre>\n<p>Which indicates that the resolver should first look in the nameservers specified in\u00a0<code>resolv.conf<\/code>\u00a0and then to the\u00a0<code>\/etc\/hosts<\/code>\u00a0file for name resolution.<\/p>\n<p><strong>4.<\/strong>\u00a0<code>\/etc\/sysconfig\/network<\/code>\u00a0contains routing and global host information for all network interfaces. The following values may be used:<\/p>\n<pre>NETWORKING=yes|no\r\nHOSTNAME=value\r\n<\/pre>\n<p>Where value should be the Fully Qualified Domain Name (FQDN).<\/p>\n<pre>GATEWAY=XXX.XXX.XXX.XXX\r\n<\/pre>\n<p>Where\u00a0<strong>XXX.XXX.XXX.XXX<\/strong>\u00a0is the IP address of the network\u2019s gateway.<\/p>\n<pre>GATEWAYDEV=value\r\n<\/pre>\n<p>In a machine with multiple NICs,\u00a0<strong>value<\/strong>\u00a0is the gateway device, such as\u00a0<strong>enp0s3<\/strong>.<\/p>\n<p><strong>5.<\/strong>\u00a0Files inside\u00a0<code>\/etc\/sysconfig\/network-scripts<\/code>\u00a0(network adapters configuration files).<\/p>\n<p>Inside the directory mentioned previously, you will find several plain text files named.<\/p>\n<pre>ifcfg-name\r\n<\/pre>\n<p>Where name is the name of the NIC as returned by\u00a0<strong>ip link show<\/strong>:<\/p>\n<div id=\"attachment_13215\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-IP-Address.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13215\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-IP-Address-620x83.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-IP-Address-620x83.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-IP-Address.png 826w\" alt=\"Check Network Link Status\" width=\"620\" height=\"83\" aria-describedby=\"caption-attachment-13215\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13215\" class=\"wp-caption-text\">Check Network Link Status<\/p>\n<\/div>\n<p>For example:<\/p>\n<div id=\"attachment_13216\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Network-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13216\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Network-Files.png\" alt=\"Network Files\" width=\"412\" height=\"111\" aria-describedby=\"caption-attachment-13216\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13216\" class=\"wp-caption-text\">Network Files<\/p>\n<\/div>\n<p>Other than for the\u00a0<strong>loopback<\/strong>\u00a0interface, you can expect a similar configuration for your NICs. Note that some variables, if set, will override those present in\u00a0<code>\/etc\/sysconfig\/network<\/code>\u00a0for this particular interface. Each line is commented for clarification in this article but in the actual file you should avoid comments:<\/p>\n<pre>HWADDR=08:00:27:4E:59:37 # The MAC address of the NIC\r\nTYPE=Ethernet # Type of connection\r\nBOOTPROTO=static # This indicates that this NIC has been assigned a static IP. If this variable was set to dhcp, the NIC will be assigned an IP address by a DHCP server and thus the next two lines should not be present in that case.\r\nIPADDR=192.168.0.18\r\nNETMASK=255.255.255.0\r\nGATEWAY=192.168.0.1\r\nNM_CONTROLLED=no # Should be added to the Ethernet interface to prevent NetworkManager from changing the file.\r\nNAME=enp0s3\r\nUUID=14033805-98ef-4049-bc7b-d4bea76ed2eb\r\nONBOOT=yes # The operating system should bring up this NIC during boot\r\n<\/pre>\n<h3>Setting Hostnames<\/h3>\n<p>In\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>, the\u00a0<strong>hostnamectl<\/strong>\u00a0command is used to both query and set the system\u2019s hostname.<\/p>\n<p>To display the current hostname, type:<\/p>\n<pre># hostnamectl status\r\n<\/pre>\n<div id=\"attachment_13218\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-System-hostname.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13218\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-System-hostname.png\" alt=\"Check System hostname in CentOS 7\" width=\"524\" height=\"213\" aria-describedby=\"caption-attachment-13218\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13218\" class=\"wp-caption-text\">Check System Hostname<\/p>\n<\/div>\n<p>To change the hostname, use<\/p>\n<pre># hostnamectl set-hostname [new hostname]\r\n<\/pre>\n<p>For example,<\/p>\n<pre># hostnamectl set-hostname cinderella\r\n<\/pre>\n<p>For the changes to take effect you will need to restart the\u00a0<strong>hostnamed<\/strong>\u00a0daemon (that way you will not have to log off and on again in order to apply the change):<\/p>\n<pre># systemctl restart systemd-hostnamed\r\n<\/pre>\n<div id=\"attachment_13219\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Set-System-Hostname.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13219\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Set-System-Hostname.png\" alt=\"Set System Hostname in CentOS 7\" width=\"525\" height=\"431\" aria-describedby=\"caption-attachment-13219\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13219\" class=\"wp-caption-text\">Set System Hostname<\/p>\n<\/div>\n<p>In addition,\u00a0<strong>RHEL 7<\/strong>\u00a0also includes the\u00a0<strong>nmcli<\/strong>\u00a0utility that can be used for the same purpose. To display the hostname, run:<\/p>\n<pre># nmcli general hostname\r\n<\/pre>\n<p>and to change it:<\/p>\n<pre># nmcli general hostname [new hostname]\r\n<\/pre>\n<p>For example,<\/p>\n<pre># nmcli general hostname rhel7\r\n<\/pre>\n<div id=\"attachment_13220\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/nmcli-command.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13220\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/nmcli-command.png\" alt=\"Set Hostname Using nmcli Command\" width=\"360\" height=\"111\" aria-describedby=\"caption-attachment-13220\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13220\" class=\"wp-caption-text\">Set Hostname Using nmcli Command<\/p>\n<\/div>\n<h3>Starting Network Services on Boot<\/h3>\n<p>To wrap up, let us see how we can ensure that network services are started automatically on boot. In simple terms, this is done by creating symlinks to certain files specified in the\u00a0<strong>[Install]<\/strong>\u00a0section of the service configuration files.<\/p>\n<p>In the case of\u00a0<strong>firewalld<\/strong>\u00a0(<strong>\/usr\/lib\/systemd\/system\/firewalld.service<\/strong>):<\/p>\n<pre>[Install]\r\nWantedBy=basic.target\r\nAlias=dbus-org.fedoraproject.FirewallD1.service\r\n<\/pre>\n<p>To enable the service:<\/p>\n<pre># systemctl enable firewalld\r\n<\/pre>\n<p>On the other hand, disabling firewalld entitles removing the symlinks:<\/p>\n<pre># systemctl disable firewalld\r\n<\/pre>\n<div id=\"attachment_13221\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Enable-Service-at-System-Boot.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13221\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Enable-Service-at-System-Boot-620x86.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Enable-Service-at-System-Boot-620x86.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Enable-Service-at-System-Boot.png 911w\" alt=\"Enable Service at System Boot\" width=\"620\" height=\"86\" aria-describedby=\"caption-attachment-13221\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13221\" class=\"wp-caption-text\">Enable Service at System Boot<\/p>\n<\/div>\n<h3>Conclusion<\/h3>\n<p>In this article we have summarized how to install and secure connections via\u00a0<strong>SSH<\/strong>\u00a0to a\u00a0<strong>RHEL<\/strong>\u00a0server, how to change its name, and finally how to ensure that network services are started on boot. If you notice that a certain service has failed to start properly, you can use\u00a0<strong>systemctl status -l [service]<\/strong>\u00a0and\u00a0<strong>journalctl -xn<\/strong>\u00a0to troubleshoot it.<\/p>\n<p>Feel free to let us know what you think about this article using the comment form below. Questions are also welcome. We look forward to hearing from you!<\/p>\n<h1 class=\"post-title\">RHCSA Series: Installing, Configuring and Securing a Web and FTP Server \u2013 Part 9<\/h1>\n<p>A web server (also known as a\u00a0<strong>HTTP<\/strong>\u00a0server) is a service that handles content (most commonly web pages, but other types of documents as well) over to a client in a network.<\/p>\n<p>A FTP server is one of the oldest and most commonly used resources (even to this day) to make files available to clients on a network in cases where no authentication is necessary since FTP uses\u00a0<strong>username<\/strong>\u00a0and\u00a0<strong>password<\/strong>without encryption.<\/p>\n<p>The web server available in\u00a0<strong>RHEL 7<\/strong>\u00a0is version\u00a0<strong>2.4<\/strong>\u00a0of the Apache HTTP Server. As for the FTP server, we will use the Very Secure Ftp Daemon (aka\u00a0<strong>vsftpd<\/strong>) to establish connections secured by TLS.<\/p>\n<div id=\"attachment_13235\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Install-Configure-Secure-Apache-FTP-Server.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13235\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Install-Configure-Secure-Apache-FTP-Server.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Install-Configure-Secure-Apache-FTP-Server.png 720w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Install-Configure-Secure-Apache-FTP-Server-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Install-Configure-Secure-Apache-FTP-Server-520x245.png 520w\" alt=\"Configuring and Securing Apache and FTP Server\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-13235\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13235\" class=\"wp-caption-text\">RHCSA: Installing, Configuring and Securing Apache and FTP \u2013 Part 9<\/p>\n<\/div>\n<p>In this article we will explain how to install, configure, and secure a web server and a FTP server in RHEL 7.<\/p>\n<h3>Installing Apache and FTP Server<\/h3>\n<p>In this guide we will use a RHEL 7 server with a static IP address of\u00a0<strong>192.168.0.18\/24<\/strong>. To install Apache and VSFTPD, run the following command:<\/p>\n<pre># yum update &amp;&amp; yum install httpd vsftpd\r\n<\/pre>\n<p>When the installation completes, both services will be disabled initially, so we need to start them manually for the time being and enable them to start automatically beginning with the next boot:<\/p>\n<pre># systemctl start httpd\r\n# systemctl enable httpd\r\n# systemctl start vsftpd\r\n# systemctl enable vsftpd\r\n<\/pre>\n<p>In addition, we have to open ports\u00a0<strong>80<\/strong>\u00a0and\u00a0<strong>21<\/strong>, where the web and ftp daemons are listening, respectively, in order to allow access to those services from the outside:<\/p>\n<pre># firewall-cmd --zone=public --add-port=80\/tcp --permanent\r\n# firewall-cmd --zone=public --add-service=ftp --permanent\r\n# firewall-cmd --reload\r\n<\/pre>\n<p>To confirm that the web server is working properly, fire up your browser and enter the IP of the server. You should see the test page:<\/p>\n<div id=\"attachment_13229\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Confirm-Apache-Web-Server.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13229\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Confirm-Apache-Web-Server-620x239.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Confirm-Apache-Web-Server-620x239.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Confirm-Apache-Web-Server-1024x394.png 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Confirm-Apache-Web-Server.png 1130w\" alt=\"Confirm Apache Web Server\" width=\"620\" height=\"239\" aria-describedby=\"caption-attachment-13229\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13229\" class=\"wp-caption-text\">Confirm Apache Web Server<\/p>\n<\/div>\n<p>As for the ftp server, we will have to configure it further, which we will do in a minute, before confirming that it\u2019s working as expected.<\/p>\n<h3>Configuring and Securing Apache Web Server<\/h3>\n<p>The main configuration file for\u00a0<strong>Apache<\/strong>\u00a0is located in\u00a0<code>\/etc\/httpd\/conf\/httpd.conf<\/code>, but it may rely on other files present inside\u00a0<code>\/etc\/httpd\/conf.d<\/code>.<\/p>\n<p>Although the default configuration should be sufficient for most cases, it\u2019s a good idea to become familiar with all the available options as described in the\u00a0<a title=\"Apache Documentation\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/\" target=\"_blank\" rel=\"noopener\">official documentation<\/a>.<\/p>\n<p>As always, make a backup copy of the main configuration file before editing it:<\/p>\n<pre># cp \/etc\/httpd\/conf\/httpd.conf \/etc\/httpd\/conf\/httpd.conf.$(date +%Y%m%d)\r\n<\/pre>\n<p>Then open it with your preferred text editor and look for the following variables:<\/p>\n<ol>\n<li><strong>ServerRoot<\/strong>: the directory where the server\u2019s configuration, error, and log files are kept.<\/li>\n<li><strong>Listen<\/strong>: instructs Apache to listen on specific IP address and \/ or ports.<\/li>\n<li><strong>Include<\/strong>: allows the inclusion of other configuration files, which must exist. Otherwise, the server will fail, as opposed to the IncludeOptional directive, which is silently ignored if the specified configuration files do not exist.<\/li>\n<li><strong>User and Group<\/strong>: the name of the user\/group to run the httpd service as.<\/li>\n<li><strong>DocumentRoot<\/strong>: The directory out of which Apache will serve your documents. By default, all requests are taken from this directory, but symbolic links and aliases may be used to point to other locations.<\/li>\n<li><strong>ServerName<\/strong>: this directive sets the hostname (or IP address) and port that the server uses to identify itself.<\/li>\n<\/ol>\n<p>The first security measure will consist of creating a dedicated user and group (i.e.\u00a0<strong>tecmint<\/strong>\/<strong>tecmint<\/strong>) to run the web server as and changing the default port to a higher one (<strong>9000<\/strong>\u00a0in this case):<\/p>\n<pre>ServerRoot \"\/etc\/httpd\"\r\nListen 192.168.0.18:9000\r\nUser tecmint\r\nGroup tecmint\r\nDocumentRoot \"\/var\/www\/html\"\r\nServerName 192.168.0.18:9000\r\n<\/pre>\n<p>You can test the configuration file with.<\/p>\n<pre># apachectl configtest\r\n<\/pre>\n<p>and if everything is\u00a0<strong>OK<\/strong>, then restart the web server.<\/p>\n<pre># systemctl restart httpd\r\n<\/pre>\n<p>and don\u2019t forget to enable the new port (and disable the old one) in the firewall:<\/p>\n<pre># firewall-cmd --zone=public --remove-port=80\/tcp --permanent\r\n# firewall-cmd --zone=public --add-port=9000\/tcp --permanent\r\n# firewall-cmd --reload\r\n<\/pre>\n<p>Note that, due to\u00a0<strong>SELinux<\/strong>\u00a0policies, you can only use the ports returned by<\/p>\n<pre># semanage port -l | grep -w '^http_port_t'\r\n<\/pre>\n<p>for the web server.<\/p>\n<p>If you want to use another port (i.e. TCP port\u00a0<strong>8100<\/strong>), you will have to add it to\u00a0<strong>SELinux<\/strong>\u00a0port context for the\u00a0<strong>httpd<\/strong>service:<\/p>\n<pre># semanage port -a -t http_port_t -p tcp 8100\r\n<\/pre>\n<div id=\"attachment_13231\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Add-Apache-Port-to-SELinux-Policies.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13231\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Add-Apache-Port-to-SELinux-Policies-620x97.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Add-Apache-Port-to-SELinux-Policies-620x97.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Add-Apache-Port-to-SELinux-Policies.png 699w\" alt=\"Add Apache Port to SELinux Policies\" width=\"620\" height=\"97\" aria-describedby=\"caption-attachment-13231\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13231\" class=\"wp-caption-text\">Add Apache Port to SELinux Policies<\/p>\n<\/div>\n<p>To further secure your Apache installation, follow these steps:<\/p>\n<p><strong>1.<\/strong>\u00a0The user Apache is running as should not have access to a shell:<\/p>\n<pre># usermod -s \/sbin\/nologin tecmint\r\n<\/pre>\n<p><strong>2.<\/strong>\u00a0Disable directory listing in order to prevent the browser from displaying the contents of a directory if there is no\u00a0<strong>index.html<\/strong>\u00a0present in that directory.<\/p>\n<p>Edit\u00a0<code>\/etc\/httpd\/conf\/httpd.conf<\/code>\u00a0(and the configuration files for virtual hosts, if any) and make sure that the\u00a0<strong>Options<\/strong>\u00a0directive, both at the top and at Directory block levels, is set to\u00a0<strong>None<\/strong>:<\/p>\n<pre>Options None\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a0Hide information about the web server and the operating system in HTTP responses. Edit\u00a0<code>\/etc\/httpd\/conf\/httpd.conf<\/code>\u00a0as follows:<\/p>\n<pre>ServerTokens Prod \r\nServerSignature Off\r\n<\/pre>\n<p>Now you are ready to start serving content from your\u00a0<strong>\/var\/www\/html<\/strong>\u00a0directory.<\/p>\n<h3>Configuring and Securing FTP Server<\/h3>\n<p>As in the case of Apache, the main configuration file for\u00a0<strong>Vsftpd<\/strong>\u00a0<code>(\/etc\/vsftpd\/vsftpd.conf)<\/code>\u00a0is well commented and while the default configuration should suffice for most applications, you should become acquainted with the documentation and the man page\u00a0<code>(man vsftpd.conf)<\/code>\u00a0in order to operate the ftp server more efficiently (I can\u2019t emphasize that enough!).<\/p>\n<p>In our case, these are the directives used:<\/p>\n<pre>anonymous_enable=NO\r\nlocal_enable=YES\r\nwrite_enable=YES\r\nlocal_umask=022\r\ndirmessage_enable=YES\r\nxferlog_enable=YES\r\nconnect_from_port_20=YES\r\nxferlog_std_format=YES\r\nchroot_local_user=YES\r\nallow_writeable_chroot=YES\r\nlisten=NO\r\nlisten_ipv6=YES\r\npam_service_name=vsftpd\r\nuserlist_enable=YES\r\ntcp_wrappers=YES\r\n<\/pre>\n<p>By using\u00a0<code>chroot_local_user=YES<\/code>, local users will be (by default) placed in a chroot\u2019ed jail in their home directory right after login. This means that local users will not be able to access any files outside their corresponding home directories.<\/p>\n<p>Finally, to allow ftp to read files in the user\u2019s home directory, set the following\u00a0<strong>SELinux<\/strong>\u00a0boolean:<\/p>\n<pre># setsebool -P ftp_home_dir on\r\n<\/pre>\n<p>You can now connect to the ftp server using a client such as\u00a0<strong>Filezilla<\/strong>:<\/p>\n<div id=\"attachment_13232\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FTP-Connection.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13232\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FTP-Connection-620x330.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FTP-Connection-620x330.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FTP-Connection.png 779w\" alt=\"Check FTP Connection\" width=\"620\" height=\"330\" aria-describedby=\"caption-attachment-13232\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13232\" class=\"wp-caption-text\">Check FTP Connection<\/p>\n<\/div>\n<p>Note that the\u00a0<code>\/var\/log\/xferlog<\/code>\u00a0log records downloads and uploads, which concur with the above directory listing:<\/p>\n<div id=\"attachment_13233\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Monitor-FTP-Download-Upload.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13233\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Monitor-FTP-Download-Upload-620x61.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Monitor-FTP-Download-Upload-620x61.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Monitor-FTP-Download-Upload.png 863w\" alt=\"Monitor FTP Download and Upload\" width=\"620\" height=\"61\" aria-describedby=\"caption-attachment-13233\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13233\" class=\"wp-caption-text\">Monitor FTP Download and Upload<\/p>\n<\/div>\n<p><strong>Read Also<\/strong>:\u00a0<a title=\"Limit FTP Network Bandwidth \" href=\"https:\/\/www.tecmint.com\/manage-and-limit-downloadupload-bandwidth-with-trickle-in-linux\/\" target=\"_blank\" rel=\"noopener\">Limit FTP Network Bandwidth Used by Applications in a Linux System with Trickle<\/a><\/p>\n<h3>Summary<\/h3>\n<p>In this tutorial we have explained how to set up a web and a ftp server. Due to the vastness of the subject, it is not possible to cover all the aspects of these topics (i.e. virtual web hosts). Thus, I recommend you also check other excellent articles in this website about\u00a0<a title=\"Apache Topics\" href=\"https:\/\/www.google.com\/cse?cx=partner-pub-2601749019656699:2173448976&amp;ie=UTF-8&amp;q=virtual+hosts&amp;sa=Search&amp;gws_rd=cr&amp;ei=Dy9EVbb0IdHisASnroG4Bw#gsc.tab=0&amp;gsc.q=apache\" target=\"_blank\" rel=\"noopener\">Apache<\/a>.<\/p>\n<h1 class=\"post-title\">RHCSA Series: Yum Package Management, Automating Tasks with Cron and Monitoring System Logs \u2013 Part 10<\/h1>\n<p>In this article we will review how to install, update, and remove packages in\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>. We will also cover how to automate tasks using\u00a0<strong>cron<\/strong>, and will finish this guide explaining how to locate and interpret system logs files with the focus of teaching you why all of these are essential skills for every system administrator.<\/p>\n<div id=\"attachment_13335\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Yum-Package-Management-Cron-Job-Log-Monitoring-Linux.jpg\"><img decoding=\"async\" class=\"size-medium wp-image-13335\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Yum-Package-Management-Cron-Job-Log-Monitoring-Linux.jpg\" sizes=\"(max-width: 720px) 100vw, 720px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Yum-Package-Management-Cron-Job-Log-Monitoring-Linux.jpg 720w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Yum-Package-Management-Cron-Job-Log-Monitoring-Linux-620x293.jpg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Yum-Package-Management-Cron-Job-Log-Monitoring-Linux-520x245.jpg 520w\" alt=\"Yum Package Management Cron Jobs Log Monitoring Linux\" aria-describedby=\"caption-attachment-13335\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13335\" class=\"wp-caption-text\">RHCSA: Yum Package Management, Cron Job Scheduling and Log Monitoring \u2013 Part 10<\/p>\n<\/div>\n<h3>Managing Packages Via Yum<\/h3>\n<p>To install a package along with all its dependencies that are not already installed, you will use:<\/p>\n<pre># yum -y install package_name(s)\r\n<\/pre>\n<p>Where\u00a0<strong>package_name(s)<\/strong>\u00a0represent at least one real package name.<\/p>\n<p>For example, to install\u00a0<strong>httpd<\/strong>\u00a0and\u00a0<strong>mlocate<\/strong>\u00a0(in that order), type.<\/p>\n<pre># yum -y install httpd mlocate\r\n<\/pre>\n<p><strong>Note<\/strong>: That the letter\u00a0<strong>y<\/strong>\u00a0in the example above bypasses the confirmation prompts that yum presents before performing the actual download and installation of the requested programs. You can leave it out if you want.<\/p>\n<p>By default,\u00a0<strong>yum<\/strong>\u00a0will install the package with the architecture that matches the OS architecture, unless overridden by appending the package architecture to its name.<\/p>\n<p>For example, on a\u00a0<strong>64 bit<\/strong>\u00a0system,\u00a0<strong>yum install package<\/strong>\u00a0will install the\u00a0<strong>x86_64<\/strong>\u00a0version of package, whereas\u00a0<strong>yum install package.x86<\/strong>\u00a0(if available) will install the\u00a0<strong>32-bit<\/strong>\u00a0one.<\/p>\n<p>There will be times when you want to install a package but don\u2019t know its exact name. The\u00a0<strong>search all<\/strong>\u00a0or\u00a0<strong>search<\/strong>options can search the currently enabled repositories for a certain keyword in the package name and\/or in its description as well, respectively.<\/p>\n<p>For example,<\/p>\n<pre># yum search log\r\n<\/pre>\n<p>will search the installed repositories for packages with the word log in their names and summaries, whereas<\/p>\n<pre># yum search all log\r\n<\/pre>\n<p>will look for the same keyword in the package description and\u00a0<strong>url<\/strong>\u00a0fields as well.<\/p>\n<p>Once the search returns a package listing, you may want to display further information about some of them before installing. That is when the\u00a0<strong>info<\/strong>\u00a0option will come in handy:<\/p>\n<pre># yum info logwatch\r\n<\/pre>\n<div id=\"attachment_13327\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Search-Package-Information.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13327\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Search-Package-Information-620x211.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Search-Package-Information-620x211.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Search-Package-Information.png 961w\" alt=\"Search Package Information\" width=\"620\" height=\"211\" aria-describedby=\"caption-attachment-13327\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13327\" class=\"wp-caption-text\">Search Package Information<\/p>\n<\/div>\n<p>You can regularly check for updates with the following command:<\/p>\n<pre># yum check-update\r\n<\/pre>\n<p>The above command will return all the installed packages for which an update is available. In the example shown in the image below, only\u00a0<strong>rhel-7-server-rpms<\/strong>\u00a0has an update available:<\/p>\n<div id=\"attachment_13328\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-For-Updates.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13328\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-For-Updates.png\" alt=\"Check For Package Updates\" width=\"405\" height=\"76\" aria-describedby=\"caption-attachment-13328\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13328\" class=\"wp-caption-text\">Check For Package Updates<\/p>\n<\/div>\n<p>You can then update that package alone with,<\/p>\n<pre># yum update rhel-7-server-rpms\r\n<\/pre>\n<p>If there are several packages that can be updated,\u00a0<strong>yum update<\/strong>\u00a0will update all of them at once.<\/p>\n<p>Now what happens when you know the name of an executable, such as\u00a0<strong>ps2pdf<\/strong>, but don\u2019t know which package provides it? You can find out with\u00a0<code>yum whatprovides \u201c*\/[executable]\u201d<\/code>:<\/p>\n<pre># yum whatprovides \u201c*\/ps2pdf\u201d\r\n<\/pre>\n<div id=\"attachment_13329\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Find-Package-Information.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13329\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Find-Package-Information.png\" alt=\"Find Package Belongs to Which Package\" width=\"455\" height=\"235\" aria-describedby=\"caption-attachment-13329\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13329\" class=\"wp-caption-text\">Find Package Belongs to Which Package<\/p>\n<\/div>\n<p>Now, when it comes to removing a package, you can do so with\u00a0<strong>yum remove package<\/strong>. Easy, huh? This goes to show that yum is a complete and powerful package manager.<\/p>\n<pre># yum remove httpd\r\n<\/pre>\n<p><strong>Read Also:<\/strong>\u00a0<a href=\"https:\/\/www.tecmint.com\/20-linux-yum-yellowdog-updater-modified-commands-for-package-mangement\/\" target=\"_blank\" rel=\"noopener\">20 Yum Commands to Manage RHEL 7 Package Management<\/a><\/p>\n<h3>Good Old Plain RPM<\/h3>\n<p><strong>RPM<\/strong>\u00a0(aka\u00a0<strong>RPM Package Manager<\/strong>, or originally\u00a0<strong>RedHat Package Manager<\/strong>) can also be used to install or update packages when they come in form of standalone\u00a0<code>.rpm<\/code>\u00a0packages.<\/p>\n<p>It is often utilized with the\u00a0<code>-Uvh<\/code>\u00a0flags to indicate that it should install the package if it\u2019s not already present or attempt to update it if it\u2019s installed\u00a0<code>(-U)<\/code>, producing a verbose output\u00a0<code>(-v)<\/code>\u00a0and a progress bar with hash marks\u00a0<code>(-h)<\/code>\u00a0while the operation is being performed. For example,<\/p>\n<pre># rpm -Uvh package.rpm\r\n<\/pre>\n<p>Another typical use of\u00a0<strong>rpm<\/strong>\u00a0is to produce a list of currently installed packages with code&gt;rpm -qa (short for query all):<\/p>\n<pre># rpm -qa\r\n<\/pre>\n<div id=\"attachment_13330\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Query-All-RPM-Packages.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13330\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Query-All-RPM-Packages.png\" alt=\"Query All RPM Packages\" width=\"365\" height=\"251\" aria-describedby=\"caption-attachment-13330\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13330\" class=\"wp-caption-text\">Query All RPM Packages<\/p>\n<\/div>\n<p><strong>Read Also:<\/strong>\u00a0<a href=\"https:\/\/www.tecmint.com\/20-practical-examples-of-rpm-commands-in-linux\/\" target=\"_blank\" rel=\"noopener\">20 RPM Commands to Install Packages in RHEL 7<\/a><\/p>\n<h3>Scheduling Tasks using Cron<\/h3>\n<p>Linux and other Unix-like operating systems include a tool called\u00a0<strong>cron<\/strong>\u00a0that allows you to schedule tasks (i.e. commands or shell scripts) to run on a periodic basis. Cron checks every minute the\u00a0<strong>\/var\/spool\/cron<\/strong>\u00a0directory for files which are named after accounts in\u00a0<strong>\/etc\/passwd<\/strong>.<\/p>\n<p>When executing commands, any output is mailed to the owner of the\u00a0<strong>crontab<\/strong>\u00a0(or to the user specified in the\u00a0<strong>MAILTO<\/strong>\u00a0environment variable in the\u00a0<strong>\/etc\/crontab<\/strong>, if it exists).<\/p>\n<p>Crontab files (which are created by typing\u00a0<strong>crontab -e\u00a0<\/strong>and pressing\u00a0<strong>Enter<\/strong>) have the following format:<\/p>\n<div id=\"attachment_13331\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Crontab-Format.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13331\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Crontab-Format.png\" alt=\"Crontab Entries\" width=\"477\" height=\"231\" aria-describedby=\"caption-attachment-13331\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13331\" class=\"wp-caption-text\">Crontab Entries<\/p>\n<\/div>\n<p>Thus, if we want to update the local file database (which is used by locate to find files by name or pattern) every second day of the month at\u00a0<strong>2:15 am<\/strong>, we need to add the following\u00a0<strong>crontab<\/strong>\u00a0entry:<\/p>\n<pre>15 02 2 * * \/bin\/updatedb\r\n<\/pre>\n<p>The above crontab entry reads, \u201c<strong>Run \/bin\/updatedb on the second day of the month, every month of the year, regardless of the day of the week, at 2:15 am<\/strong>\u201d. As I\u2019m sure you already guessed, the star symbol is used as a wildcard character.<\/p>\n<p>After adding a cron job, you can see that a file named root was added inside\u00a0<strong>\/var\/spool\/cron<\/strong>, as we mentioned earlier. That file lists all the tasks that the\u00a0<strong>crond<\/strong>\u00a0daemon should run:<\/p>\n<pre># ls -l \/var\/spool\/cron\r\n<\/pre>\n<div id=\"attachment_13332\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-All-Cron-Jobs.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13332\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-All-Cron-Jobs.png\" alt=\"Check All Cron Jobs\" width=\"373\" height=\"112\" aria-describedby=\"caption-attachment-13332\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13332\" class=\"wp-caption-text\">Check All Cron Jobs<\/p>\n<\/div>\n<p>In the above image, the current user\u2019s crontab can be displayed either using cat\u00a0<strong>\/var\/spool\/cron\/root<\/strong>\u00a0or,<\/p>\n<pre># crontab -l\r\n<\/pre>\n<p>If you need to run a task on a more fine-grained basis (for example, twice a day or three times each month), cron can also help you to do that.<\/p>\n<p>For example, to run \/<strong>my\/script<\/strong>\u00a0on the 1st and\u00a0<strong>15th<\/strong>\u00a0of each month and send any output to\u00a0<strong>\/dev\/null<\/strong>, you can add two\u00a0<strong>crontab<\/strong>\u00a0entries as follows:<\/p>\n<pre>01 00 1 * * \/myscript &gt; \/dev\/null 2&gt;&amp;1\r\n01 00 15 * * \/my\/script &gt; \/dev\/null 2&gt;&amp;1\r\n<\/pre>\n<p>But in order for the task to be easier to maintain, you can combine both entries into one:<\/p>\n<pre>01 00 1,15 * *  \/my\/script &gt; \/dev\/null 2&gt;&amp;1\r\n<\/pre>\n<p>Following the previous example, we can run\u00a0<strong>\/my\/other\/script<\/strong>\u00a0at\u00a0<strong>1:30 am<\/strong>\u00a0on the first day of the month every three months:<\/p>\n<pre>30 01 1 1,4,7,10 * \/my\/other\/script &gt; \/dev\/null 2&gt;&amp;1\r\n<\/pre>\n<p>But when you have to repeat a certain task every \u201c<strong>x<\/strong>\u201d minutes, hours, days, or months, you can divide the right position by the desired frequency. The following\u00a0<strong>crontab<\/strong>\u00a0entry has the exact same meaning as the previous one:<\/p>\n<pre>30 01 1 *\/3 * \/my\/other\/script &gt; \/dev\/null 2&gt;&amp;1\r\n<\/pre>\n<p>Or perhaps you need to run a certain job on a fixed frequency or after the system boots, for example. You can use one of the following string instead of the five fields to indicate the exact time when you want your job to run:<\/p>\n<pre>@reboot    \tRun when the system boots.\r\n@yearly    \tRun once a year, same as 00 00 1 1 *.\r\n@monthly   \tRun once a month, same as 00 00 1 * *.\r\n@weekly    \tRun once a week, same as 00 00 * * 0.\r\n@daily     \tRun once a day, same as 00 00 * * *.\r\n@hourly    \tRun once an hour, same as 00 * * * *.\r\n<\/pre>\n<p><strong>Read Also:<\/strong>\u00a0<a href=\"https:\/\/www.tecmint.com\/11-cron-scheduling-task-examples-in-linux\/\" target=\"_blank\" rel=\"noopener\">11 Commands to Schedule Cron Jobs in RHEL 7<\/a><\/p>\n<h3>Locating and Checking Logs<\/h3>\n<p>System logs are located (and rotated) inside the\u00a0<strong>\/var\/log<\/strong>\u00a0directory. According to the Linux Filesystem Hierarchy Standard, this directory contains miscellaneous log files, which are written to it or an appropriate subdirectory (such as\u00a0<strong>audit<\/strong>,\u00a0<strong>httpd<\/strong>, or\u00a0<strong>samba<\/strong>\u00a0in the image below) by the corresponding daemons during system operation:<\/p>\n<pre># ls \/var\/log\r\n<\/pre>\n<div id=\"attachment_13333\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Linux-Log-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13333\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Linux-Log-Files-620x112.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Linux-Log-Files-620x112.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Linux-Log-Files.png 722w\" alt=\"Linux Log Files Location\" width=\"620\" height=\"112\" aria-describedby=\"caption-attachment-13333\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13333\" class=\"wp-caption-text\">Linux Log Files Location<\/p>\n<\/div>\n<p>Other interesting logs are\u00a0<a title=\"Troubleshoot Linux System Logs\" href=\"https:\/\/www.tecmint.com\/dmesg-commands\/\" target=\"_blank\" rel=\"noopener\">dmesg<\/a>\u00a0(contains all messages from kernel ring buffer), secure (logs connection attempts that require user authentication), messages (system-wide messages) and wtmp (records of all user logins and logouts).<\/p>\n<p>Logs are very important in that they allow you to have a glimpse of what is going on at all times in your system, and what has happened in the past. They represent a priceless tool to troubleshoot and monitor a Linux server, and thus are often used with the\u00a0<code>tail -f command<\/code>\u00a0to display events, in real time, as they happen and are recorded in a log.<\/p>\n<p>For example, if you want to display\u00a0<strong>kernel-related<\/strong>\u00a0events, type the following command:<\/p>\n<pre># tail -f \/var\/log\/dmesg\r\n<\/pre>\n<p>Same if you want to view access to your web server:<\/p>\n<pre># tail -f \/var\/log\/httpd\/access.log\r\n<\/pre>\n<h3>Summary<\/h3>\n<p>If you know how to efficiently manage packages, schedule tasks, and where to look for information about the current and past operation of your system you can rest assure that you will not run into surprises very often. I hope this article has helped you learn or refresh your knowledge about these basic skills.<\/p>\n<p>Don\u2019t hesitate to drop us a line using the contact form below if you have any questions or comments.<\/p>\n<h1 class=\"post-title\">RHCSA Series: Firewall Essentials and Network Traffic Control Using FirewallD and Iptables \u2013 Part 11<\/h1>\n<p>In simple words, a\u00a0<strong>firewall<\/strong>\u00a0is a security system that controls the incoming and outgoing traffic in a network based on a set of predefined rules (such as the packet destination \/ source or type of traffic, for example).<\/p>\n<div id=\"attachment_13421\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Control-Network-Traffic-Using-Firewall.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13421\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Control-Network-Traffic-Using-Firewall-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Control-Network-Traffic-Using-Firewall-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Control-Network-Traffic-Using-Firewall-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Control-Network-Traffic-Using-Firewall.png 720w\" alt=\"Control Network Traffic with FirewallD and Iptables\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-13421\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13421\" class=\"wp-caption-text\">RHCSA: Control Network Traffic with FirewallD and Iptables \u2013 Part 11<\/p>\n<\/div>\n<p>In this article we will review the basics of\u00a0<strong>firewalld<\/strong>, the default dynamic firewall daemon in\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>, and\u00a0<strong>iptables<\/strong>\u00a0service, the legacy firewall service for Linux, with which most system and network administrators are well acquainted, and which is also available in\u00a0<strong>RHEL 7<\/strong>.<\/p>\n<h3>A Comparison Between FirewallD and Iptables<\/h3>\n<p>Under the hood, both\u00a0<strong>firewalld<\/strong>\u00a0and the\u00a0<strong>iptables<\/strong>\u00a0service talk to the\u00a0<strong>netfilter<\/strong>\u00a0framework in the kernel through the same interface, not surprisingly, the iptables command. However, as opposed to the iptables service, firewalld can change the settings during normal system operation without existing connections being lost.<\/p>\n<p><strong>Firewalld<\/strong>\u00a0should be installed by default in your RHEL system, though it may not be running. You can verify with the following commands (<strong>firewall-config<\/strong>\u00a0is the user interface configuration tool):<\/p>\n<pre># yum info firewalld firewall-config\r\n<\/pre>\n<div id=\"attachment_13412\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Information.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13412\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Information-620x397.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Information-620x397.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Information.png 759w\" alt=\"Check FirewallD Information\" width=\"620\" height=\"397\" aria-describedby=\"caption-attachment-13412\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13412\" class=\"wp-caption-text\">Check FirewallD Information<\/p>\n<\/div>\n<p>and,<\/p>\n<pre># systemctl status -l firewalld.service\r\n<\/pre>\n<div id=\"attachment_13413\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Status.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13413\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Status-620x184.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Status-620x184.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-FirewallD-Status.png 654w\" alt=\"Check FirewallD Status\" width=\"620\" height=\"184\" aria-describedby=\"caption-attachment-13413\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13413\" class=\"wp-caption-text\">Check FirewallD Status<\/p>\n<\/div>\n<p>On the other hand, the\u00a0<strong>iptables<\/strong>\u00a0service is not included by default, but can be installed through.<\/p>\n<pre># yum update &amp;&amp; yum install iptables-services\r\n<\/pre>\n<p>Both daemons can be started and enabled to start on boot with the usual\u00a0<strong>systemd<\/strong>\u00a0commands:<\/p>\n<pre># systemctl start firewalld.service | iptables-service.service\r\n# systemctl enable firewalld.service | iptables-service.service\r\n<\/pre>\n<p><strong>Read Also:<\/strong>\u00a0<a href=\"https:\/\/www.tecmint.com\/manage-services-using-systemd-and-systemctl-in-linux\/\" target=\"_blank\" rel=\"noopener\">Useful Commands to Manage Systemd Services<\/a><\/p>\n<p>As for the configuration files, the iptables service uses\u00a0<code>\/etc\/sysconfig\/iptables<\/code>\u00a0(which will not exist if the package is not installed in your system). On a RHEL 7 box used as a cluster node, this file looks as follows:<\/p>\n<div id=\"attachment_13414\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Iptables-Rules.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13414\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Iptables-Rules-620x351.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Iptables-Rules-620x351.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Iptables-Rules.png 638w\" alt=\"Iptables Firewall Configuration\" width=\"620\" height=\"351\" aria-describedby=\"caption-attachment-13414\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13414\" class=\"wp-caption-text\">Iptables Firewall Configuration<\/p>\n<\/div>\n<p>Whereas firewalld store its configuration across two directories,\u00a0<code>\/usr\/lib\/firewalld<\/code>\u00a0and\u00a0<code>\/etc\/firewalld<\/code>:<\/p>\n<pre># ls \/usr\/lib\/firewalld \/etc\/firewalld\r\n<\/pre>\n<div id=\"attachment_13415\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Firewalld-configuration.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13415\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Firewalld-configuration.png\" alt=\"FirewallD Configuration\" width=\"538\" height=\"129\" aria-describedby=\"caption-attachment-13415\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13415\" class=\"wp-caption-text\">FirewallD Configuration<\/p>\n<\/div>\n<p>We will examine these configuration files further later in this article, after we add a few rules here and there. By now it will suffice to remind you that you can always find more information about both tools with.<\/p>\n<pre># man firewalld.conf\r\n# man firewall-cmd\r\n# man iptables\r\n<\/pre>\n<p>Other than that, remember to take a look at\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-reviewing-essential-commands-system-documentation\/\" target=\"_blank\" rel=\"noopener\">Reviewing Essential Commands &amp; System Documentation \u2013 Part 1<\/a>of the current series, where I described several sources where you can get information about the packages installed on your\u00a0<strong>RHEL 7<\/strong>\u00a0system.<\/p>\n<h3>Using Iptables to Control Network Traffic<\/h3>\n<p>You may want to refer to\u00a0<a href=\"https:\/\/www.tecmint.com\/configure-iptables-firewall\/\" target=\"_blank\" rel=\"noopener\">Configure Iptables Firewall \u2013 Part 8<\/a>\u00a0of the\u00a0<strong>Linux Foundation Certified Engineer<\/strong>\u00a0(<strong>LFCE<\/strong>) series to refresh your memory about\u00a0<strong>iptables<\/strong>\u00a0internals before proceeding further. Thus, we will be able to jump in right into the examples.<\/p>\n<h6>Example 1: Allowing both incoming and outgoing web traffic<\/h6>\n<p>TCP ports\u00a0<strong>80<\/strong>\u00a0and\u00a0<strong>443<\/strong>\u00a0are the default ports used by the Apache web server to handle normal (<strong>HTTP<\/strong>) and secure (<strong>HTTPS<\/strong>) web traffic. You can allow incoming and outgoing web traffic through both ports on the\u00a0<strong>enp0s3<\/strong>interface as follows:<\/p>\n<pre># iptables -A INPUT -i enp0s3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT\r\n# iptables -A OUTPUT -o enp0s3 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT\r\n# iptables -A INPUT -i enp0s3 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT\r\n# iptables -A OUTPUT -o enp0s3 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT\r\n<\/pre>\n<h6>Example 2: Block all (or some) incoming connections from a specific network<\/h6>\n<p>There may be times when you need to block all (or some) type of traffic originating from a specific network, say\u00a0<strong>192.168.1.0\/24<\/strong>\u00a0for example:<\/p>\n<pre># iptables -I INPUT -s 192.168.1.0\/24 -j DROP\r\n<\/pre>\n<p>will drop all packages coming from the\u00a0<strong>192.168.1.0\/24<\/strong>\u00a0network, whereas,<\/p>\n<pre># iptables -A INPUT -s 192.168.1.0\/24 --dport 22 -j ACCEPT\r\n<\/pre>\n<p>will only allow incoming traffic through port\u00a0<strong>22<\/strong>.<\/p>\n<h6>Example 3: Redirect incoming traffic to another destination<\/h6>\n<p>If you use your\u00a0<strong>RHEL 7<\/strong>\u00a0box not only as a software firewall, but also as the actual hardware-based one, so that it sits between two distinct networks, IP forwarding must have been already enabled in your system. If not, you need to edit\u00a0<code>\/etc\/sysctl.conf<\/code>\u00a0and set the value of\u00a0<strong>net.ipv4.ip_forward<\/strong>\u00a0to\u00a0<strong>1<\/strong>, as follows:<\/p>\n<pre>net.ipv4.ip_forward = 1\r\n<\/pre>\n<p>then save the change, close your text editor and finally run the following command to apply the change:<\/p>\n<pre># sysctl -p \/etc\/sysctl.conf\r\n<\/pre>\n<p>For example, you may have a printer installed at an internal box with\u00a0<strong>IP 192.168.0.10<\/strong>, with the\u00a0<strong>CUPS<\/strong>\u00a0service listening on port\u00a0<strong>631<\/strong>\u00a0(both on the print server and on your firewall). In order to forward print requests from clients on the other side of the firewall, you should add the following iptables rule:<\/p>\n<pre># iptables -t nat -A PREROUTING -i enp0s3 -p tcp --dport 631 -j DNAT --to 192.168.0.10:631\r\n<\/pre>\n<p>Please keep in mind that\u00a0<strong>iptables<\/strong>\u00a0reads its rules sequentially, so make sure the default policies or later rules do not override those outlined in the examples above.<\/p>\n<h3>Getting Started with FirewallD<\/h3>\n<p>One of the changes introduced with\u00a0<strong>firewalld<\/strong>\u00a0are\u00a0<strong>zones<\/strong>. This concept allows to separate networks into different zones level of trust the user has decided to place on the devices and traffic within that network.<\/p>\n<p>To list the active zones:<\/p>\n<pre># firewall-cmd --get-active-zones\r\n<\/pre>\n<p>In the example below, the\u00a0<strong>public zone<\/strong>\u00a0is active, and the\u00a0<strong>enp0s3<\/strong>\u00a0interface has been assigned to it automatically. To view all the information about a particular zone:<\/p>\n<pre># firewall-cmd --zone=public --list-all\r\n<\/pre>\n<div id=\"attachment_13416\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/View-FirewallD-Zones.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13416\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/View-FirewallD-Zones.png\" alt=\"List all FirewallD Zones\" width=\"446\" height=\"227\" aria-describedby=\"caption-attachment-13416\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13416\" class=\"wp-caption-text\">List all FirewallD Zones<\/p>\n<\/div>\n<p>Since you can read more about\u00a0<strong>zones<\/strong>\u00a0in the\u00a0<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/Security_Guide\/sec-Using_Firewalls.html\" target=\"_blank\" rel=\"noopener\">RHEL 7 Security guide<\/a>, we will only list some specific examples here.<\/p>\n<h6>Example 4: Allowing services through the firewall<\/h6>\n<p>To get a list of the supported services, use.<\/p>\n<pre># firewall-cmd --get-services\r\n<\/pre>\n<div id=\"attachment_13417\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/List-All-Supported-Services.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13417\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/List-All-Supported-Services-620x116.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/List-All-Supported-Services-620x116.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/List-All-Supported-Services.png 640w\" alt=\"List All Supported Services\" width=\"620\" height=\"116\" aria-describedby=\"caption-attachment-13417\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13417\" class=\"wp-caption-text\">List All Supported Services<\/p>\n<\/div>\n<p>To allow\u00a0<strong>http<\/strong>\u00a0and\u00a0<strong>https<\/strong>\u00a0web traffic through the firewall, effective immediately and on subsequent boots:<\/p>\n<pre># firewall-cmd --zone=MyZone --add-service=http\r\n# firewall-cmd --zone=MyZone --permanent --add-service=http\r\n# firewall-cmd --zone=MyZone --add-service=https\r\n# firewall-cmd --zone=MyZone --permanent --add-service=https\r\n# firewall-cmd --reload\r\n<\/pre>\n<p>If code&gt;\u2013zone is omitted, the default zone (you can check with\u00a0<strong>firewall-cmd \u2013get-default-zone<\/strong>) is used.<\/p>\n<p>To remove the rule, replace the word add with remove in the above commands.<\/p>\n<h6>Example 5: IP \/ Port forwarding<\/h6>\n<p>First off, you need to find out if masquerading is enabled for the desired zone:<\/p>\n<pre># firewall-cmd --zone=MyZone --query-masquerade\r\n<\/pre>\n<p>In the image below, we can see that\u00a0<strong>masquerading<\/strong>\u00a0is enabled for the\u00a0<strong>external zone<\/strong>, but not for\u00a0<strong>public<\/strong>:<\/p>\n<div id=\"attachment_13418\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-masquerading.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13418\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-masquerading.png\" alt=\"Check Masquerading Status in Firewalld\" width=\"513\" height=\"73\" aria-describedby=\"caption-attachment-13418\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13418\" class=\"wp-caption-text\">Check Masquerading Status<\/p>\n<\/div>\n<p>You can either enable masquerading for public:<\/p>\n<pre># firewall-cmd --zone=public --add-masquerade\r\n<\/pre>\n<p>or use masquerading in\u00a0<strong>external<\/strong>. Here\u2019s what we would do to replicate\u00a0<strong>Example 3<\/strong>\u00a0with\u00a0<strong>firewalld<\/strong>:<\/p>\n<pre># firewall-cmd --zone=external --add-forward-port=port=631:proto=tcp:toport=631:toaddr=192.168.0.10\r\n<\/pre>\n<p>And don\u2019t forget to reload the firewall.<\/p>\n<p>You can find further examples on\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-series-install-and-secure-apache-web-server-and-ftp-in-rhel\/\" target=\"_blank\" rel=\"noopener\">Part 9<\/a>\u00a0of the RHCSA series, where we explained how to allow or disable the ports that are usually used by a web server and a ftp server, and how to change the corresponding rule when the default port for those services are changed. In addition, you may want to refer to the firewalld wiki for further examples.<\/p>\n<p><strong>Read Also:<\/strong>\u00a0<a href=\"https:\/\/www.tecmint.com\/firewalld-rules-for-centos-7\/\" target=\"_blank\" rel=\"noopener\">Useful FirewallD Examples to Configure Firewall in RHEL 7<\/a><\/p>\n<h3>Conclusion<\/h3>\n<p>In this article we have explained what a\u00a0<strong>firewall<\/strong>\u00a0is, what are the available services to implement one in\u00a0<strong>RHEL 7<\/strong>, and provided a few examples that can help you get started with this task. If you have any comments, suggestions, or questions, feel free to let us know using the form below. Thank you in advance!<\/p>\n<h1 class=\"post-title\">RHCSA Series: Automate RHEL 7 Installations Using \u2018Kickstart\u2019 \u2013 Part 12<\/h1>\n<p>Linux servers are rarely standalone boxes. Whether it is in a datacenter or in a lab environment, chances are that you have had to install several machines that will interact one with another in some way. If you multiply the time that it takes to install\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>\u00a0manually on a single server by the number of boxes that you need to set up, this can lead to a rather lengthy effort that can be avoided through the use of an unattended installation tool known as\u00a0<strong>kickstart<\/strong>.<\/p>\n<p>In this article we will show what you need to use\u00a0<strong>kickstart<\/strong>\u00a0utility so that you can forget about babysitting servers during the installation process.<\/p>\n<div id=\"attachment_13511\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Automatic-Kickstart-Installation-of-RHEL-7.jpg\"><img decoding=\"async\" class=\"size-medium wp-image-13511\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Automatic-Kickstart-Installation-of-RHEL-7.jpg\" sizes=\"(max-width: 720px) 100vw, 720px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Automatic-Kickstart-Installation-of-RHEL-7.jpg 720w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Automatic-Kickstart-Installation-of-RHEL-7-620x293.jpg 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Automatic-Kickstart-Installation-of-RHEL-7-520x245.jpg 520w\" alt=\"Automatic Kickstart Installation of RHEL 7\" aria-describedby=\"caption-attachment-13511\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13511\" class=\"wp-caption-text\">RHCSA: Automatic Kickstart Installation of RHEL 7<\/p>\n<\/div>\n<h4>Introducing Kickstart and Automated Installations<\/h4>\n<p><strong>Kickstart<\/strong>\u00a0is an automated installation method used primarily by Red Hat Enterprise Linux (and other Fedora spin-offs, such as CentOS, Oracle Linux, etc.) to execute unattended operating system installation and configuration. Thus, kickstart installations allow system administrators to have identical systems, as far as installed package groups and system configuration are concerned, while sparing them the hassle of having to manually install each of them.<\/p>\n<h3>Preparing for a Kickstart Installation<\/h3>\n<p>To perform a kickstart installation, we need to follow these steps:<\/p>\n<p><strong>1.<\/strong>\u00a0<strong>Create a Kickstart file<\/strong>, a plain text file with several predefined configuration options.<\/p>\n<p><strong>2.<\/strong>\u00a0<strong>Make the Kickstart file available on removable media, a hard drive or a network location<\/strong>. The client will use the\u00a0<strong>rhel-server-7.0-x86_64-boot.iso<\/strong>\u00a0file, whereas you will need to make the full ISO image (<strong>rhel-server-7.0-x86_64-dvd.iso<\/strong>) available from a network resource, such as a HTTP of FTP server (in our present case, we will use another RHEL 7 box with IP\u00a0<strong>192.168.0.18<\/strong>).<\/p>\n<p><strong>3.<\/strong>\u00a0<strong>Start the Kickstart installation<\/strong><\/p>\n<p>To create a kickstart file, login to your\u00a0<strong>Red Hat Customer Portal<\/strong>\u00a0account, and use the\u00a0<a href=\"https:\/\/access.redhat.com\/labs\/kickstartconfig\/\" target=\"_blank\" rel=\"noopener\">Kickstart configuration tool<\/a>\u00a0to choose the desired installation options. Read each one of them carefully before scrolling down, and choose what best fits your needs:<\/p>\n<div id=\"attachment_13504\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-Configuration-Tool.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13504\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-Configuration-Tool-620x212.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-Configuration-Tool-620x212.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-Configuration-Tool-1024x349.png 1024w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-Configuration-Tool.png 1190w\" alt=\"Kickstart Configuration Tool\" width=\"620\" height=\"212\" aria-describedby=\"caption-attachment-13504\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13504\" class=\"wp-caption-text\">Kickstart Configuration Tool<\/p>\n<\/div>\n<p>If you specify that the installation should be performed either through\u00a0<strong>HTTP<\/strong>,\u00a0<strong>FTP<\/strong>, or\u00a0<strong>NFS<\/strong>, make sure the firewall on the server allows those services.<\/p>\n<p>Although you can use the Red Hat online tool to create a kickstart file, you can also create it manually using the following lines as reference. You will notice, for example, that the installation process will be in\u00a0<strong>English<\/strong>, using the latin american keyboard layout and the America\/Argentina\/San_Luis time zone:<\/p>\n<pre>lang en_US\r\nkeyboard la-latin1\r\ntimezone America\/Argentina\/San_Luis --isUtc\r\nrootpw $1$5sOtDvRo$In4KTmX7OmcOW9HUvWtfn0 --iscrypted\r\n#platform x86, AMD64, or Intel EM64T\r\ntext\r\nurl --url=http:\/\/192.168.0.18\/\/kickstart\/media\r\nbootloader --location=mbr --append=\"rhgb quiet crashkernel=auto\"\r\nzerombr\r\nclearpart --all --initlabel\r\nautopart\r\nauth --passalgo=sha512 --useshadow\r\nselinux --enforcing\r\nfirewall --enabled\r\nfirstboot --disable\r\n%packages\r\n@base\r\n@backup-server\r\n@print-server\r\n%end\r\n<\/pre>\n<p>In the online configuration tool, use\u00a0<strong>192.168.0.18<\/strong>\u00a0for HTTP Server and\u00a0<code>\/kickstart\/tecmint.bin<\/code>\u00a0for HTTP Directory in the Installation section after selecting HTTP as installation source. Finally, click the\u00a0<strong>Download<\/strong>button at the right top corner to download the kickstart file.<\/p>\n<p>In the kickstart sample file above, you need to pay careful attention to.<\/p>\n<pre>url --url=http:\/\/192.168.0.18\/\/kickstart\/media\r\n<\/pre>\n<p>That directory is where you need to extract the contents of the DVD or ISO installation media. Before doing that, we will mount the ISO installation file in\u00a0<strong>\/media\/rhel<\/strong>\u00a0as a loop device:<\/p>\n<pre># mount -o loop \/var\/www\/html\/kickstart\/rhel-server-7.0-x86_64-dvd.iso \/media\/rhel\r\n<\/pre>\n<div id=\"attachment_13505\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Mount-RHEL-ISO-Image.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13505\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Mount-RHEL-ISO-Image-620x49.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Mount-RHEL-ISO-Image-620x49.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Mount-RHEL-ISO-Image.png 778w\" alt=\"Mount RHEL ISO Image\" width=\"620\" height=\"49\" aria-describedby=\"caption-attachment-13505\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13505\" class=\"wp-caption-text\">Mount RHEL ISO Image<\/p>\n<\/div>\n<p>Next, copy all the contents of\u00a0<strong>\/media\/rhel<\/strong>\u00a0to\u00a0<strong>\/var\/www\/html\/kickstart\/media<\/strong>:<\/p>\n<pre># cp -R \/media\/rhel \/var\/www\/html\/kickstart\/media\r\n<\/pre>\n<p>When you\u2019re done, the directory listing and disk usage of\u00a0<strong>\/var\/www\/html\/kickstart\/media<\/strong>\u00a0should look as follows:<\/p>\n<div id=\"attachment_13506\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-media-Files.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13506\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-media-Files-620x82.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-media-Files-620x82.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-media-Files.png 826w\" alt=\"Kickstart Media Files\" width=\"620\" height=\"82\" aria-describedby=\"caption-attachment-13506\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13506\" class=\"wp-caption-text\">Kickstart Media Files<\/p>\n<\/div>\n<p>Now we\u2019re ready to kick off the kickstart installation.<\/p>\n<p>Regardless of how you choose to create the kickstart file, it\u2019s always a good idea to check its syntax before proceeding with the installation. To do that, install the\u00a0<strong>pykickstart<\/strong>\u00a0package.<\/p>\n<pre># yum update &amp;&amp; yum install pykickstart\r\n<\/pre>\n<p>And then use the\u00a0<strong>ksvalidator<\/strong>\u00a0utility to check the file:<\/p>\n<pre># ksvalidator \/var\/www\/html\/kickstart\/tecmint.bin\r\n<\/pre>\n<p>If the syntax is correct, you will not get any output, whereas if there\u2019s an error in the file, you will get a warning notice indicating the line where the syntax is not correct or unknown.<\/p>\n<h3>Performing a Kickstart Installation<\/h3>\n<p>To start, boot your client using the\u00a0<strong>rhel-server-7.0-x86_64-boot.iso<\/strong>\u00a0file. When the initial screen appears, select\u00a0<strong>Install Red Hat Enterprise Linux 7.0<\/strong>\u00a0and press the\u00a0<strong>Tab<\/strong>\u00a0key to append the following stanza and press\u00a0<strong>Enter<\/strong>:<\/p>\n<pre># inst.ks=http:\/\/192.168.0.18\/kickstart\/tecmint.bin\r\n<\/pre>\n<div id=\"attachment_13507\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-Kickstart-Installation.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13507\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-Kickstart-Installation-620x304.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-Kickstart-Installation-620x304.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-Kickstart-Installation.png 635w\" alt=\"RHEL Kickstart Installation\" width=\"620\" height=\"304\" aria-describedby=\"caption-attachment-13507\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13507\" class=\"wp-caption-text\">RHEL Kickstart Installation<\/p>\n<\/div>\n<p>Where\u00a0<strong>tecmint.bin<\/strong>\u00a0is the kickstart file created earlier.<\/p>\n<p>When you press\u00a0<strong>Enter<\/strong>, the automated installation will begin, and you will see the list of packages that are being installed (the number and the names will differ depending on your choice of programs and package groups):<\/p>\n<div id=\"attachment_13508\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-Automatic-Installation.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13508\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Kickstart-Automatic-Installation.png\" alt=\"Automatic Kickstart Installation of RHEL 7\" width=\"441\" height=\"235\" aria-describedby=\"caption-attachment-13508\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13508\" class=\"wp-caption-text\">Automatic Kickstart Installation of RHEL 7<\/p>\n<\/div>\n<p>When the automated process ends, you will be prompted to remove the installation media and then you will be able to boot into your newly installed system:<\/p>\n<div id=\"attachment_13509\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-7.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13509\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-7-620x189.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-7-620x189.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/RHEL-7.png 670w\" alt=\"RHEL 7 Boot Screen\" width=\"620\" height=\"189\" aria-describedby=\"caption-attachment-13509\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13509\" class=\"wp-caption-text\">RHEL 7 Boot Screen<\/p>\n<\/div>\n<p>Although you can create your kickstart files manually as we mentioned earlier, you should consider using the recommended approach whenever possible. You can either use the online configuration tool, or the\u00a0<strong>anaconda-ks.cfg<\/strong>\u00a0file that is created by the installation process in root\u2019s home directory.<\/p>\n<p>This file actually is a kickstart file, so you may want to install the first box manually with all the desired options (maybe modify the logical volumes layout or the file system on top of each one) and then use the resulting\u00a0<strong>anaconda-ks.cfg<\/strong>\u00a0file to automate the installation of the rest.<\/p>\n<p>In addition, using the online configuration tool or the\u00a0<strong>anaconda-ks.cfg<\/strong>\u00a0file to guide future installations will allow you to perform them using an encrypted root password out-of-the-box.<\/p>\n<h3>Conclusion<\/h3>\n<p>Now that you know how to create kickstart files and how to use them to automate the installation of Red Hat Enterprise Linux 7 servers, you can forget about babysitting the installation process. This will give you time to do other things, or perhaps some leisure time if you\u2019re lucky.<\/p>\n<p>Either way, let us know what you think about this article using the form below. Questions are also welcome!<\/p>\n<p><strong>Read Also<\/strong>:\u00a0<a href=\"https:\/\/www.tecmint.com\/multiple-centos-installations-using-kickstart\/\" target=\"_blank\" rel=\"noopener\">Automated Installations of Multiple RHEL\/CentOS 7 Distributions using PXE and Kickstart<\/a><\/p>\n<h1 class=\"post-title\">RHCSA Series: Mandatory Access Control Essentials with SELinux in RHEL 7 \u2013 Part 13<\/h1>\n<p>During this series we have explored in detail at least two access control methods: standard\u00a0<strong>ugo<\/strong>\/<strong>rwx<\/strong>permissions (<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-manage-users-and-groups\">Manage Users and Groups \u2013 Part 3<\/a>) and access control lists (<a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-configure-acls-and-mount-nfs-samba-shares\/\">Configure ACL\u2019s on File Systems \u2013 Part 7<\/a>).<\/p>\n<div id=\"attachment_13765\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/SELinux-Control-File-System-Access.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13765\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/SELinux-Control-File-System-Access-620x277.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/SELinux-Control-File-System-Access-620x277.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/SELinux-Control-File-System-Access.png 798w\" alt=\"RHCSA Exam: SELinux Essentials and Control FileSystem Access\" width=\"620\" height=\"277\" aria-describedby=\"caption-attachment-13765\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13765\" class=\"wp-caption-text\">RHCSA Exam: SELinux Essentials and Control FileSystem Access<\/p>\n<\/div>\n<p>Although necessary as first level permissions and access control mechanisms, they have some limitations that are addressed by\u00a0<strong>Security Enhanced Linux<\/strong>\u00a0(aka\u00a0<strong>SELinux<\/strong>\u00a0for short).<\/p>\n<p>One of such limitations is that a user can expose a file or directory to a security breach through a poorly elaborated\u00a0<strong>chmod<\/strong>\u00a0command and thus cause an unexpected propagation of access rights. As a result, any process started by that user can do as it pleases with the files owned by the user, where finally a malicious or otherwise compromised software can achieve root-level access to the entire system.<\/p>\n<p>With those limitations in mind, the\u00a0<strong>United States National Security Agency<\/strong>\u00a0(<strong>NSA<\/strong>) first devised\u00a0<strong>SELinux<\/strong>, a flexible mandatory access control method, to restrict the ability of processes to access or perform other operations on system objects (such as files, directories, network ports, etc) to the least permission model, which can be modified later as needed. In few words, each element of the system is given only the access required to function.<\/p>\n<p>In\u00a0<strong>RHEL 7<\/strong>,\u00a0<strong>SELinux<\/strong>\u00a0is incorporated into the kernel itself and is enabled in\u00a0<strong>Enforcing<\/strong>\u00a0mode by default. In this article we will explain briefly the basic concepts associated with\u00a0<strong>SELinux<\/strong>\u00a0and its operation.<\/p>\n<h3>SELinux Modes<\/h3>\n<p>SELinux can operate in three different ways:<\/p>\n<ol>\n<li><strong>Enforcing<\/strong>: SELinux denies access based on SELinux policy rules, a set of guidelines that control the security engine.<\/li>\n<li><strong>Permissive<\/strong>: SELinux does not deny access, but denials are logged for actions that would have been denied if running in enforcing mode.<\/li>\n<li><strong>Disabled<\/strong>\u00a0(self-explanatory).<\/li>\n<\/ol>\n<p>The\u00a0<code>getenforce<\/code>\u00a0command displays the current mode of SELinux, whereas\u00a0<code>setenforce<\/code>\u00a0(followed by a\u00a0<strong>1<\/strong>\u00a0or a\u00a0<strong>0<\/strong>) is used to change the mode to\u00a0<strong>Enforcing<\/strong>\u00a0or\u00a0<strong>Permissive<\/strong>, respectively, during the current session only.<\/p>\n<p>In order to achieve persistence across logouts and reboots, you will need to edit the\u00a0<code>\/etc\/selinux\/config<\/code>file and set the SELINUX variable to either\u00a0<strong>enforcing<\/strong>,\u00a0<strong>permissive<\/strong>, or\u00a0<strong>disabled<\/strong>:<\/p>\n<pre># getenforce\r\n# setenforce 0\r\n# getenforce\r\n# setenforce 1\r\n# getenforce\r\n# cat \/etc\/selinux\/config\r\n<\/pre>\n<div id=\"attachment_13645\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Set-SELinux-Mode.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13645\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Set-SELinux-Mode-620x139.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Set-SELinux-Mode-620x139.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Set-SELinux-Mode.png 835w\" alt=\"Set SELinux Mode\" width=\"620\" height=\"139\" aria-describedby=\"caption-attachment-13645\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13645\" class=\"wp-caption-text\">Set SELinux Mode<\/p>\n<\/div>\n<p>Typically you will use\u00a0<strong>setenforce<\/strong>\u00a0to toggle between SELinux modes (enforcing to permissive and back) as a first troubleshooting step. If SELinux is currently set to\u00a0<strong>enforcing<\/strong>\u00a0while you\u2019re experiencing a certain problem, and the same goes away when you set it to\u00a0<strong>permissive<\/strong>, you can be confident you\u2019re looking at a SELinux permissions issue.<\/p>\n<h3>SELinux Contexts<\/h3>\n<p>A SELinux context consists of an access control environment where decisions are made based on SELinux user, role, and type (and optionally a level):<\/p>\n<ol>\n<li>A SELinux user complements a regular Linux user account by mapping it to a SELinux user account, which in turn is used in the SELinux context for processes in that session, in order to explicitly define their allowed roles and levels.<\/li>\n<li>The concept of role acts as an intermediary between domains and SELinux users in that it defines which process domains and file types can be accessed. This will shield your system against vulnerability to privilege escalation attacks.<\/li>\n<li>A type defines an SELinux file type or an SELinux process domain. Under normal circumstances, processes are prevented from accessing files that other processes use, and and from accessing other processes, thus access is only allowed if a specific SELinux policy rule exists that allows it.<\/li>\n<\/ol>\n<p>Let\u2019s see how all of that works through the following examples.<\/p>\n<h6>EXAMPLE 1: Changing the default port for the sshd daemon<\/h6>\n<p>In\u00a0<a href=\"https:\/\/www.tecmint.com\/rhcsa-series-secure-ssh-set-hostname-enable-network-services-in-rhel-7\/\" target=\"_blank\" rel=\"noopener\">Securing SSH \u2013 Part 8<\/a>\u00a0we explained that changing the default port where\u00a0<strong>sshd<\/strong>\u00a0listens on is one of the first security measures to secure your server against external attacks. Let\u2019s edit the\u00a0<code>\/etc\/ssh\/sshd_config<\/code>\u00a0file and set the port to\u00a0<strong>9999<\/strong>:<\/p>\n<pre>Port 9999\r\n<\/pre>\n<p>Save the changes, and restart sshd:<\/p>\n<pre># systemctl restart sshd\r\n# systemctl status sshd\r\n<\/pre>\n<div id=\"attachment_13646\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Change-SSH-Port.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13646\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Change-SSH-Port-620x192.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Change-SSH-Port-620x192.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Change-SSH-Port.png 642w\" alt=\"Change SSH Port\" width=\"620\" height=\"192\" aria-describedby=\"caption-attachment-13646\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13646\" class=\"wp-caption-text\">Restart SSH Service<\/p>\n<\/div>\n<p>As you can see, sshd has failed to start. But what happened?<\/p>\n<p>A quick inspection of\u00a0<code>\/var\/log\/audit\/audit.log<\/code>\u00a0indicates that sshd has been denied permissions to start on port\u00a0<strong>9999<\/strong>\u00a0(SELinux log messages include the word \u201c<strong>AVC<\/strong>\u201d so that they might be easily identified from other messages) because that is a reserved port for the\u00a0<strong>JBoss Management<\/strong>\u00a0service:<\/p>\n<pre># cat \/var\/log\/audit\/audit.log | grep AVC | tail -1\r\n<\/pre>\n<div id=\"attachment_13647\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Inspect-SSH-Logs.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13647\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Inspect-SSH-Logs-620x55.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Inspect-SSH-Logs-620x55.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Inspect-SSH-Logs.png 863w\" alt=\"Inspect SSH Logs\" width=\"620\" height=\"55\" aria-describedby=\"caption-attachment-13647\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13647\" class=\"wp-caption-text\">Inspect SSH Logs<\/p>\n<\/div>\n<p>At this point you could disable\u00a0<strong>SELinux<\/strong>\u00a0(but don\u2019t!) as explained earlier and try to start\u00a0<strong>sshd<\/strong>\u00a0again, and it should work. However, the\u00a0<strong>semanage<\/strong>\u00a0utility can tell us what we need to change in order for us to be able to start sshd in whatever port we choose without issues.<\/p>\n<p>Run,<\/p>\n<pre># semanage port -l | grep ssh\r\n<\/pre>\n<p>to get a list of the ports where SELinux allows sshd to listen on.<\/p>\n<div id=\"attachment_13648\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/SELinux-Permission.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-13648\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/SELinux-Permission-620x211.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/SELinux-Permission-620x211.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/SELinux-Permission.png 660w\" alt=\"Semanage Tool\" width=\"620\" height=\"211\" aria-describedby=\"caption-attachment-13648\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13648\" class=\"wp-caption-text\">Semanage Tool<\/p>\n<\/div>\n<p>So let\u2019s change the port in\u00a0<code>\/etc\/ssh\/sshd_config<\/code>\u00a0to Port\u00a0<strong>9998<\/strong>, add the port to the\u00a0<strong>ssh_port_t context<\/strong>, and then restart the service:<\/p>\n<pre># semanage port -a -t ssh_port_t -p tcp 9998\r\n# systemctl restart sshd\r\n# systemctl is-active sshd\r\n<\/pre>\n<div id=\"attachment_13649\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Semenage-Add-Port.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13649\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Semenage-Add-Port.png\" alt=\"Semanage Add Port\" width=\"473\" height=\"92\" aria-describedby=\"caption-attachment-13649\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13649\" class=\"wp-caption-text\">Semanage Add Port<\/p>\n<\/div>\n<p>As you can see, the service was started successfully this time. This example illustrates the fact that SELinux controls the TCP port number to its own port type internal definitions.<\/p>\n<h6>EXAMPLE 2: Allowing httpd to send access sendmail<\/h6>\n<p>This is an example of SELinux managing a process accessing another process. If you were to implement\u00a0<a href=\"https:\/\/www.tecmint.com\/protect-apache-using-mod_security-and-mod_evasive-on-rhel-centos-fedora\/\" target=\"_blank\" rel=\"noopener\">mod_security and mod_evasive along with Apache in your RHEL 7<\/a>\u00a0server, you need to allow\u00a0<strong>httpd<\/strong>\u00a0to access\u00a0<strong>sendmail<\/strong>\u00a0in order to send a mail notification in the wake of a\u00a0<strong>(D)DoS<\/strong>\u00a0attack. In the following command, omit the\u00a0<strong>-P<\/strong>\u00a0flag if you do not want the change to be persistent across reboots.<\/p>\n<pre># semanage boolean -1 | grep httpd_can_sendmail\r\n# setsebool -P httpd_can_sendmail 1\r\n# semanage boolean -1 | grep httpd_can_sendmail\r\n<\/pre>\n<div id=\"attachment_13650\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Allow-Apache-to-Send-Mails.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13650\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Allow-Apache-to-Send-Mails.png\" alt=\"Allow Apache to Send Mails\" width=\"598\" height=\"110\" aria-describedby=\"caption-attachment-13650\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13650\" class=\"wp-caption-text\">Allow Apache to Send Mails<\/p>\n<\/div>\n<p>As you can tell from the above example,\u00a0<strong>SELinux boolean<\/strong>\u00a0settings (or just booleans) are true \/ false rules embedded into SELinux policies. You can list all the booleans with\u00a0<code>semanage boolean -l<\/code>, and alternatively pipe it to grep in order to filter the output.<\/p>\n<h6>EXAMPLE 3: Serving a static site from a directory other than the default one<\/h6>\n<p>Suppose you are serving a static website using a different directory than the default one (<code>\/var\/www\/html<\/code>), say\u00a0<strong>\/websites<\/strong>\u00a0(this could be the case if you\u2019re storing your web files in a shared network drive, for example, and need to mount it at\u00a0<strong>\/websites<\/strong>).<\/p>\n<p><strong>a).<\/strong>\u00a0Create an\u00a0<strong>index.html<\/strong>\u00a0file inside\u00a0<strong>\/websites<\/strong>\u00a0with the following contents:<\/p>\n<pre>&lt;html&gt;\r\n&lt;h2&gt;SELinux test&lt;\/h2&gt;\r\n&lt;\/html&gt;\r\n<\/pre>\n<p>If you do,<\/p>\n<pre># ls -lZ \/websites\/index.html\r\n<\/pre>\n<p>you will see that the\u00a0<strong>index.html<\/strong>\u00a0file has been labeled with the\u00a0<strong>default_t SELinux<\/strong>\u00a0type, which Apache can\u2019t access:<\/p>\n<div id=\"attachment_13651\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-File-Permssion.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13651\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/Check-File-Permssion.png\" alt=\"Check SELinux File Permission\" width=\"542\" height=\"36\" aria-describedby=\"caption-attachment-13651\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13651\" class=\"wp-caption-text\">Check SELinux File Permission<\/p>\n<\/div>\n<p><strong>b).<\/strong>\u00a0Change the\u00a0<strong>DocumentRoot<\/strong>\u00a0directive in\u00a0<code>\/etc\/httpd\/conf\/httpd.conf<\/code>\u00a0to\u00a0<strong>\/websites<\/strong>\u00a0and don\u2019t forget to update the corresponding Directory block. Then, restart Apache.<\/p>\n<p><strong>c).<\/strong>\u00a0Browse to\u00a0<code>http:\/\/&lt;web server IP address&gt;<\/code>, and you should get a 503 Forbidden HTTP response.<\/p>\n<p><strong>d).<\/strong>\u00a0Next, change the label of\u00a0<strong>\/websites<\/strong>, recursively, to the\u00a0<strong>httpd_sys_content_t<\/strong>\u00a0type in order to grant Apache read-only access to that directory and its contents:<\/p>\n<pre># semanage fcontext -a -t httpd_sys_content_t \"\/websites(\/.*)?\"\r\n<\/pre>\n<p><strong>e).<\/strong>\u00a0Finally, apply the SELinux policy created in\u00a0<strong>d):<\/strong><\/p>\n<pre># restorecon -R -v \/websites\r\n<\/pre>\n<p>Now restart Apache and browse to\u00a0<code>http:\/\/&lt;web server IP address&gt;<\/code>\u00a0again and you will see the html file displayed correctly:<\/p>\n<div id=\"attachment_13652\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/08part13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-13652\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/05\/08part13.png\" alt=\"Verify Apache Page\" width=\"203\" height=\"99\" aria-describedby=\"caption-attachment-13652\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-13652\" class=\"wp-caption-text\">Verify Apache Page<\/p>\n<\/div>\n<h3>Summary<\/h3>\n<p>In this article we have gone through the basics of\u00a0<strong>SELinux<\/strong>. Note that due to the vastness of the subject, a full detailed explanation is not possible in a single article, but we believe that the principles outlined in this guide will help you to move on to more advanced topics should you wish to do so.<\/p>\n<p>If I may, let me recommend two essential resources to start with: the\u00a0<a href=\"https:\/\/www.nsa.gov\/research\/selinux\/index.shtml\" target=\"_blank\" rel=\"nofollow noopener\">NSA SELinux page<\/a>\u00a0and the\u00a0<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/SELinux_Users_and_Administrators_Guide\/part_I-SELinux.html\" target=\"_blank\" rel=\"noopener\">RHEL 7 SELinux User\u2019s and Administrator\u2019s<\/a>\u00a0guide.<\/p>\n<p>Don\u2019t hesitate to let us know if you have any questions or comments.<\/p>\n<h1 class=\"post-title\">RHCSA Series: Setting Up LDAP-based Authentication in RHEL 7 \u2013 Part 14<\/h1>\n<p>We will begin this article by outlining some\u00a0<strong>LDAP<\/strong>\u00a0basics (what it is, where it is used and why) and show how to set up a LDAP server and configure a client to authenticate against it using\u00a0<strong>Red Hat Enterprise Linux 7<\/strong>\u00a0systems.<\/p>\n<div id=\"attachment_14022\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/setup-ldap-server-and-configure-client-authentication.png\"><img decoding=\"async\" class=\"size-medium wp-image-14022\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/setup-ldap-server-and-configure-client-authentication.png\" sizes=\"(max-width: 720px) 100vw, 720px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/setup-ldap-server-and-configure-client-authentication.png 720w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/setup-ldap-server-and-configure-client-authentication-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/setup-ldap-server-and-configure-client-authentication-520x245.png 520w\" alt=\"Setup LDAP Server and Client Authentication\" aria-describedby=\"caption-attachment-14022\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14022\" class=\"wp-caption-text\">RHCSA Series: Setup LDAP Server and Client Authentication \u2013 Part 14<\/p>\n<\/div>\n<p>As we will see, there are several other possible application scenarios, but in this guide we will focus entirely on\u00a0<strong>LDAP-based<\/strong>\u00a0authentication. In addition, please keep in mind that due to the vastness of the subject, we will only cover its basics here, but you can refer to the documentation outlined in the summary for more in-depth details.<\/p>\n<p>For the same reason, you will note that I have decided to leave out several references to man pages of LDAP tools for the sake of brevity, but the corresponding explanations are at a fingertip\u2019s distance (<strong>man ldapadd<\/strong>, for example).<\/p>\n<p>That said, let\u2019s get started.<\/p>\n<h5>Our Testing Environment<\/h5>\n<p>Our test environment consists of two\u00a0<strong>RHEL 7<\/strong>\u00a0boxes:<\/p>\n<pre><strong>Server<\/strong>: 192.168.0.18. <strong>FQDN<\/strong>: rhel7.mydomain.com\r\n<strong>Client<\/strong>: 192.168.0.20. <strong>FQDN<\/strong>: ldapclient.mydomain.com\r\n<\/pre>\n<p>If you want, you can use the machine installed in\u00a0<a href=\"https:\/\/www.tecmint.com\/automatic-rhel-installations-using-kickstart\/\" target=\"_blank\" rel=\"noopener\">Part 12: Automate RHEL 7 installations<\/a>\u00a0using Kickstart as client.<\/p>\n<h4>What is LDAP?<\/h4>\n<p><strong>LDAP<\/strong>\u00a0stands for\u00a0<strong>Lightweight Directory Access Protocol<\/strong>\u00a0and consists in a set of protocols that allows a client to access, over a network, centrally stored information (such as a directory of login shells, absolute paths to home directories, and other typical system user information, for example) that should be accessible from different places or available to a large number of end users (another example would be a directory of home addresses and phone numbers of all employees in a company).<\/p>\n<p>Keeping such (and more) information centrally means it can be more easily maintained and accessed by everyone who has been granted permissions to use it.<\/p>\n<p>The following diagram offers a simplified diagram of\u00a0<strong>LDAP<\/strong>, and is described below in greater detail:<\/p>\n<div id=\"attachment_14012\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Diagram.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-14012\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Diagram.png\" alt=\"LDAP Diagram\" width=\"372\" height=\"208\" aria-describedby=\"caption-attachment-14012\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14012\" class=\"wp-caption-text\">LDAP Diagram<\/p>\n<\/div>\n<p>Explanation of above diagram in detail.<\/p>\n<ol>\n<li>An\u00a0<strong>entry<\/strong>\u00a0in a LDAP directory represents a single unit or information and is uniquely identified by what is called a Distinguished Name.<\/li>\n<li>An\u00a0<strong>attribute<\/strong>\u00a0is a piece of information associated with an entry (for example, addresses, available contact phone numbers, and email addresses).<\/li>\n<li>Each attribute is assigned one or more\u00a0<strong>values<\/strong>\u00a0consisting in a space-separated list. A value that is unique per entry is called a Relative Distinguished Name.<\/li>\n<\/ol>\n<p>That being said, let\u2019s proceed with the server and client installations.<\/p>\n<h3>Installing and Configuring a LDAP Server and Client<\/h3>\n<p>In\u00a0<strong>RHEL 7<\/strong>, LDAP is implemented by\u00a0<strong>OpenLDAP<\/strong>. To install the server and client, use the following commands, respectively:<\/p>\n<pre># yum update &amp;&amp; yum install openldap openldap-clients openldap-servers\r\n# yum update &amp;&amp; yum install openldap openldap-clients nss-pam-ldapd\r\n<\/pre>\n<p>Once the installation is complete, there are some things we look at. The following steps should be performed on the server alone, unless explicitly noted:<\/p>\n<p><strong>1.<\/strong>\u00a0Make sure\u00a0<strong>SELinux<\/strong>\u00a0does not get in the way by enabling the following\u00a0<strong>booleans<\/strong>\u00a0persistently, both on the server and the client:<\/p>\n<pre># setsebool -P allow_ypbind=0 authlogin_nsswitch_use_ldap=0\r\n<\/pre>\n<p>Where\u00a0<strong>allow_ypbind<\/strong>\u00a0is required for LDAP-based authentication, and\u00a0<strong>authlogin_nsswitch_use_ldap<\/strong>\u00a0may be needed by some applications.<\/p>\n<p><strong>2.<\/strong>\u00a0Enable and start the service:<\/p>\n<pre># systemctl enable slapd.service\r\n# systemctl start slapd.service\r\n<\/pre>\n<p>Keep in mind that you can also disable, restart, or stop the service with\u00a0<a href=\"https:\/\/www.tecmint.com\/manage-services-using-systemd-and-systemctl-in-linux\/\" target=\"_blank\" rel=\"noopener\">systemctl<\/a>\u00a0as well:<\/p>\n<pre># systemctl disable slapd.service\r\n# systemctl restart slapd.service\r\n# systemctl stop slapd.service\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a0Since the\u00a0<strong>slapd<\/strong>\u00a0service runs as the ldap user (which you can verify with\u00a0<strong>ps -e -o pid,uname,comm | grep slapd<\/strong>), such user should own the\u00a0<strong>\/var\/lib\/ldap<\/strong>\u00a0directory in order for the server to be able to modify entries created by administrative tools that can only be run as root (more on this in a minute).<\/p>\n<p>Before changing the ownership of this directory recursively, copy the sample database configuration file for\u00a0<strong>slapd<\/strong>\u00a0into it:<\/p>\n<pre># cp \/usr\/share\/openldap-servers\/DB_CONFIG.example \/var\/lib\/ldap\/DB_CONFIG\r\n# chown -R ldap:ldap \/var\/lib\/ldap\r\n<\/pre>\n<p><strong>4.<\/strong>\u00a0Set up an OpenLDAP administrative user and assign a password:<\/p>\n<pre># slappasswd\r\n<\/pre>\n<p>as shown in the next image:<\/p>\n<div id=\"attachment_14013\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Set-LDAP-Admin-Password.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-14013\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Set-LDAP-Admin-Password.png\" alt=\"Set LDAP Admin Password\" width=\"319\" height=\"94\" aria-describedby=\"caption-attachment-14013\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14013\" class=\"wp-caption-text\">Set LDAP Admin Password<\/p>\n<\/div>\n<p>and create an\u00a0<strong>LDIF<\/strong>\u00a0file (<strong>ldaprootpasswd.ldif<\/strong>) with the following contents:<\/p>\n<pre>dn: olcDatabase={0}config,cn=config\r\nchangetype: modify\r\nadd: olcRootPW\r\nolcRootPW: {SSHA}PASSWORD\r\n<\/pre>\n<p>where:<\/p>\n<ol>\n<li><strong>PASSWORD<\/strong>\u00a0is the hashed string obtained earlier.<\/li>\n<li><strong>cn=config<\/strong>\u00a0indicates global config options.<\/li>\n<li><strong>olcDatabase<\/strong>\u00a0indicates a specific database instance name and can be typically found inside\u00a0<strong>\/etc\/openldap\/slapd.d\/cn=config<\/strong>.<\/li>\n<\/ol>\n<p>Referring to the theoretical background provided earlier, the\u00a0<code>ldaprootpasswd.ldif<\/code>\u00a0file will add an entry to the LDAP directory. In that entry, each line represents an attribute: value pair (where dn, changetype, add, and olcRootPW are the attributes and the strings to the right of each colon are their corresponding values).<\/p>\n<p>You may want to keep this in mind as we proceed further, and please note that we are using the same Common Names\u00a0<code>(cn=)<\/code>\u00a0throughout the rest of this article, where each step depends on the previous one.<\/p>\n<p><strong>5.<\/strong>\u00a0Now, add the corresponding LDAP entry by specifying the\u00a0<strong>URI<\/strong>\u00a0referring to the ldap server, where only the protocol\/host\/port fields are allowed.<\/p>\n<pre># ldapadd -H ldapi:\/\/\/ -f ldaprootpasswd.ldif \r\n<\/pre>\n<p>The output should be similar to:<\/p>\n<div id=\"attachment_14014\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Configuration.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-14014\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Configuration.png\" alt=\"LDAP Configuration\" width=\"571\" height=\"127\" aria-describedby=\"caption-attachment-14014\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14014\" class=\"wp-caption-text\">LDAP Configuration<\/p>\n<\/div>\n<p>and import some basic LDAP definitions from the\u00a0<code>\/etc\/openldap\/schema<\/code>\u00a0directory:<\/p>\n<pre># for def in cosine.ldif nis.ldif inetorgperson.ldif; do ldapadd -H ldapi:\/\/\/ -f \/etc\/openldap\/schema\/$def; done\r\n<\/pre>\n<div id=\"attachment_14015\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Definitions.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-14015\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Definitions-620x181.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Definitions-620x181.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Definitions.png 1023w\" alt=\"LDAP Definitions\" width=\"620\" height=\"181\" aria-describedby=\"caption-attachment-14015\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14015\" class=\"wp-caption-text\">LDAP Definitions<\/p>\n<\/div>\n<p><strong>6.<\/strong>\u00a0Have LDAP use your domain in its database.<\/p>\n<p>Create another\u00a0<strong>LDIF<\/strong>\u00a0file, which we will call\u00a0<code>ldapdomain.ldif<\/code>, with the following contents, replacing your domain (in the Domain Component dc=) and password as appropriate:<\/p>\n<pre>dn: olcDatabase={1}monitor,cn=config\r\nchangetype: modify\r\nreplace: olcAccess\r\nolcAccess: {0}to * by dn.base=\"gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth\"\r\n  read by dn.base=\"cn=Manager,<strong>dc=mydomain<\/strong>,dc=com\" read by * none\r\n\r\ndn: olcDatabase={2}hdb,cn=config\r\nchangetype: modify\r\nreplace: olcSuffix\r\nolcSuffix: <strong>dc=mydomain<\/strong>,dc=com\r\n\r\ndn: olcDatabase={2}hdb,cn=config\r\nchangetype: modify\r\nreplace: olcRootDN\r\nolcRootDN: cn=Manager,<strong>dc=mydomain<\/strong>,dc=com\r\n\r\ndn: olcDatabase={2}hdb,cn=config\r\nchangetype: modify\r\nadd: olcRootPW\r\nolcRootPW: {SSHA}PASSWORD\r\n\r\ndn: olcDatabase={2}hdb,cn=config\r\nchangetype: modify\r\nadd: olcAccess\r\nolcAccess: {0}to attrs=userPassword,shadowLastChange by\r\n  dn=\"cn=Manager,<strong>dc=mydomain<\/strong>,dc=com\" write by anonymous auth by self write by * none\r\nolcAccess: {1}to dn.base=\"\" by * read\r\nolcAccess: {2}to * by dn=\"cn=Manager,dc=mydomain,dc=com\" write by * read\r\n<\/pre>\n<p>Then load it as follows:<\/p>\n<pre># ldapmodify -H ldapi:\/\/\/ -f ldapdomain.ldif\r\n<\/pre>\n<div id=\"attachment_14016\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Domain-Configuration.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-14016\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Domain-Configuration.png\" alt=\"LDAP Domain Configuration\" width=\"511\" height=\"257\" aria-describedby=\"caption-attachment-14016\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14016\" class=\"wp-caption-text\">LDAP Domain Configuration<\/p>\n<\/div>\n<p><strong>7.<\/strong>\u00a0Now it\u2019s time to add some entries to our LDAP directory. Attributes and values are separated by a colon\u00a0<code>(:)<\/code>in the following file, which we\u2019ll name\u00a0<code>baseldapdomain.ldif<\/code>:<\/p>\n<pre>dn: dc=mydomain,dc=com\r\nobjectClass: top\r\nobjectClass: dcObject\r\nobjectclass: organization\r\no: mydomain com\r\ndc: mydomain\r\n\r\ndn: cn=Manager,dc=mydomain,dc=com\r\nobjectClass: organizationalRole\r\ncn: Manager\r\ndescription: Directory Manager\r\n\r\ndn: ou=People,dc=mydomain,dc=com\r\nobjectClass: organizationalUnit\r\nou: People\r\n\r\ndn: ou=Group,dc=mydomain,dc=com\r\nobjectClass: organizationalUnit\r\nou: Group\r\n<\/pre>\n<p>Add the entries to the LDAP directory:<\/p>\n<pre># ldapadd -x -D cn=Manager,dc=mydomain,dc=com -W -f baseldapdomain.ldif\r\n<\/pre>\n<div id=\"attachment_14017\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Add-LDAP-Domain-Configuration.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-14017\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Add-LDAP-Domain-Configuration.png\" alt=\"Add LDAP Domain Attributes and Values\" width=\"580\" height=\"174\" aria-describedby=\"caption-attachment-14017\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14017\" class=\"wp-caption-text\">Add LDAP Domain Attributes and Values<\/p>\n<\/div>\n<p><strong>8.<\/strong>\u00a0Create a LDAP user called\u00a0<strong>ldapuser<\/strong>\u00a0(<strong>adduser ldapuser<\/strong>), then create the definitions for a LDAP group in\u00a0<code>ldapgroup.ldif<\/code>.<\/p>\n<pre># adduser ldapuser\r\n# vi ldapgroup.ldif\r\n<\/pre>\n<p>Add following content.<\/p>\n<pre>dn: cn=Manager,ou=Group,dc=mydomain,dc=com\r\nobjectClass: top\r\nobjectClass: posixGroup\r\ngidNumber: 1004\r\n<\/pre>\n<p>where\u00a0<strong>gidNumber<\/strong>\u00a0is the GID in\u00a0<strong>\/etc\/group<\/strong>\u00a0for ldapuser) and load it:<\/p>\n<pre># ldapadd -x -W -D \"cn=Manager,dc=mydomain,dc=com\" -f ldapgroup.ldif\r\n<\/pre>\n<p><strong>9.<\/strong>\u00a0Add a LDIF file with the definitions for user ldapuser (<code>ldapuser.ldif<\/code>):<\/p>\n<pre>dn: uid=ldapuser,ou=People,dc=mydomain,dc=com\r\nobjectClass: top\r\nobjectClass: account\r\nobjectClass: posixAccount\r\nobjectClass: shadowAccount\r\ncn: ldapuser\r\nuid: ldapuser\r\nuidNumber: 1004\r\ngidNumber: 1004\r\nhomeDirectory: \/home\/ldapuser\r\nuserPassword: {SSHA}fiN0YqzbDuDI0Fpqq9UudWmjZQY28S3M\r\nloginShell: \/bin\/bash\r\ngecos: ldapuser\r\nshadowLastChange: 0\r\nshadowMax: 0\r\nshadowWarning: 0\r\n<\/pre>\n<p>and load it:<\/p>\n<pre># ldapadd -x -D cn=Manager,dc=mydomain,dc=com -W -f ldapuser.ldif\r\n<\/pre>\n<div id=\"attachment_14018\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-User-Configuration.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-14018\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-User-Configuration-620x117.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-User-Configuration-620x117.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-User-Configuration.png 663w\" alt=\"LDAP User Configuration\" width=\"620\" height=\"117\" aria-describedby=\"caption-attachment-14018\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14018\" class=\"wp-caption-text\">LDAP User Configuration<\/p>\n<\/div>\n<p>Likewise, you can delete the user entry you just created:<\/p>\n<pre># ldapdelete -x -W -D cn=Manager,dc=mydomain,dc=com \"uid=ldapuser,ou=People,dc=mydomain,dc=com\"\r\n<\/pre>\n<p><strong>10.<\/strong>\u00a0Allow communication through the firewall:<\/p>\n<pre># firewall-cmd --add-service=ldap\r\n<\/pre>\n<p><strong>11.<\/strong>\u00a0Last, but not least, enable the client to authenticate using LDAP.<\/p>\n<p>To help us in this final step, we will use the\u00a0<strong>authconfig<\/strong>\u00a0utility (an interface for configuring system authentication resources).<\/p>\n<p>Using the following command, the home directory for the requested user is created if it doesn\u2019t exist after the authentication against the LDAP server succeeds:<\/p>\n<pre># authconfig --enableldap --enableldapauth --ldapserver=rhel7.mydomain.com --ldapbasedn=\"dc=mydomain,dc=com\" --enablemkhomedir --update\r\n<\/pre>\n<div id=\"attachment_14019\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Client-Configuration.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-14019\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Client-Configuration-620x241.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Client-Configuration-620x241.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/LDAP-Client-Configuration.png 629w\" alt=\"LDAP Client Configuration\" width=\"620\" height=\"241\" aria-describedby=\"caption-attachment-14019\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14019\" class=\"wp-caption-text\">LDAP Client Configuration<\/p>\n<\/div>\n<h3>Summary<\/h3>\n<p>In this article we have explained how to set up basic authentication against a LDAP server. To further configure the setup described in the present guide, please refer to\u00a0<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/System_Administrators_Guide\/ch-Directory_Servers.html\" target=\"_blank\" rel=\"noopener\">Chapter 13 \u2013 LDAP Configuration<\/a>\u00a0in the RHEL 7 System administrator\u2019s guide, paying special attention to the security settings using TLS.<\/p>\n<p>Feel free to leave any questions you may have using the comment form below.<\/p>\n<h1 class=\"post-title\">RHCSA Series: Essentials of Virtualization and Guest Administration with KVM \u2013 Part 15<\/h1>\n<p>If you look up the word virtualize in a dictionary, you will find that it means \u201c<strong>to create a virtual (rather than actual) version of something<\/strong>\u201d. In computing, the term virtualization refers to the possibility of running multiple operating systems simultaneously and isolated one from another, on top of the same physical (hardware) system, known in the virtualization schema as\u00a0<strong>host<\/strong>.<\/p>\n<div id=\"attachment_14320\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/RHCSA-Part15.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-14320\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/RHCSA-Part15-620x293.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/RHCSA-Part15-620x293.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/RHCSA-Part15-520x245.png 520w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/RHCSA-Part15.png 720w\" alt=\"KVM Virtualization Basics and KVM Guest Administration\" width=\"620\" height=\"293\" aria-describedby=\"caption-attachment-14320\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14320\" class=\"wp-caption-text\">RHCSA Series: Essentials of Virtualization and Guest Administration with KVM \u2013 Part 15<\/p>\n<\/div>\n<p>Through the use of the virtual machine monitor (also known as\u00a0<strong>hypervisor<\/strong>), virtual machines (referred to as\u00a0<strong>guests<\/strong>) are provided virtual resources (i.e. CPU, RAM, storage, network interfaces, to name a few) from the underlying hardware.<\/p>\n<p>With that in mind, it is plain to see that one of the main advantages of virtualization is cost savings (in equipment and network infrastructure and in terms of maintenance effort) and a substantial reduction in the physical space required to accommodate all the necessary hardware.<\/p>\n<p>Since this brief how-to cannot cover all virtualization methods, I encourage you to refer to the documentation listed in the summary for further details on the subject.<\/p>\n<p>Please keep in mind that the present article is intended to be a starting point to learn the basics of virtualization in\u00a0<strong>RHEL 7<\/strong>\u00a0using\u00a0<a href=\"http:\/\/www.linux-kvm.org\/page\/Main_Page\" target=\"_blank\" rel=\"noopener\">KVM<\/a>\u00a0(Kernel-based Virtual Machine) with command-line utilities, and not an in-depth discussion of the topic.<\/p>\n<h3>Verifying Hardware Requirements and Installing Packages<\/h3>\n<p>In order to set up virtualization, your CPU must support it. You can verify whether your system meets the requirements with the following command:<\/p>\n<pre># grep -E 'svm|vmx' \/proc\/cpuinfo\r\n<\/pre>\n<p>In the following screenshot we can see that the current system (with an\u00a0<strong>AMD<\/strong>\u00a0microprocessor) supports virtualization, as indicated by\u00a0<strong>svm<\/strong>. If we had an Intel-based processor, we would see\u00a0<strong>vmx<\/strong>\u00a0instead in the results of the above command.<\/p>\n<div id=\"attachment_14318\" class=\"wp-caption aligncenter\">\n<p><a href=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Check-KVM-Support.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-medium wp-image-14318\" src=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Check-KVM-Support-620x111.png\" sizes=\"auto, (max-width: 620px) 100vw, 620px\" srcset=\"https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Check-KVM-Support-620x111.png 620w, https:\/\/www.tecmint.com\/wp-content\/uploads\/2015\/06\/Check-KVM-Support.png 728w\" alt=\"Check KVM Support\" width=\"620\" height=\"111\" aria-describedby=\"caption-attachment-14318\" data-lazy-loaded=\"true\" \/><\/a><\/p>\n<p id=\"caption-attachment-14318\" class=\"wp-caption-text\">Check KVM Support<\/p>\n<\/div>\n<p>In addition, you will need to have virtualization capabilities enabled in the firmware of your host (<strong>BIOS<\/strong>\u00a0or\u00a0<strong>UEFI<\/strong>).<\/p>\n<p>Now install the necessary packages:<\/p>\n<ol>\n<li><strong>qemu-kvm<\/strong>\u00a0is an open source virtualizer that provides hardware emulation for the KVM hypervisor whereas qemu-img provides a command line tool for manipulating disk images.<\/li>\n<li><strong>libvirt<\/strong>\u00a0includes the tools to interact with the virtualization capabilities of the operating system.<\/li>\n<li><strong>libvirt-python<\/strong>\u00a0contains a module that permits applications written in Python to use the interface supplied by libvirt.<\/li>\n<li><strong>libguestfs-tools<\/strong>: miscellaneous system administrator command line tools for virtual machines.<\/li>\n<li><strong>virt-install<\/strong>: other command-line utilities for virtual machine administration.<\/li>\n<\/ol>\n<pre># yum update &amp;&amp; yum install qemu-kvm qemu-img libvirt libvirt-python libguestfs-tools virt-install\r\n<\/pre>\n<p>Once the installation completes, make sure you start and enable the\u00a0<strong>libvirtd<\/strong>\u00a0service:<\/p>\n<pre># systemctl start libvirtd.service\r\n# systemctl enable libvirtd.service\r\n<\/pre>\n<p>By default, each virtual machine will only be able to communicate with the rest in the same physical server and with the host itself. To allow the guests to reach other machines inside our LAN and also the Internet, we need to set up a bridge interface in our host (say\u00a0<strong>br0<\/strong>, for example) by,<\/p>\n<p><strong>1.<\/strong>\u00a0adding the following line to our main NIC configuration (most likely\u00a0<code>\/etc\/sysconfig\/network-scripts\/ifcfg-enp0s3<\/code>):<\/p>\n<pre>BRIDGE=br0\r\n<\/pre>\n<p><strong>2.<\/strong>\u00a0creating the configuration file for\u00a0<strong>br0<\/strong>\u00a0(<code>\/etc\/sysconfig\/network-scripts\/ifcfg-br0<\/code>) with these contents (note that you may have to change the IP address, gateway address, and DNS information):<\/p>\n<pre>DEVICE=br0\r\nTYPE=Bridge\r\nBOOTPROTO=static\r\nIPADDR=192.168.0.18\r\nNETMASK=255.255.255.0\r\nGATEWAY=192.168.0.1\r\nNM_CONTROLLED=no\r\nDEFROUTE=yes\r\nPEERDNS=yes\r\nPEERROUTES=yes\r\nIPV4_FAILURE_FATAL=no\r\nIPV6INIT=yes\r\nIPV6_AUTOCONF=yes\r\nIPV6_DEFROUTE=yes\r\nIPV6_PEERDNS=yes\r\nIPV6_PEERROUTES=yes\r\nIPV6_FAILURE_FATAL=no\r\nNAME=br0\r\nONBOOT=yes\r\nDNS1=8.8.8.8\r\nDNS2=8.8.4.4\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a0finally, enabling packet forwarding by making, in\u00a0<code>\/etc\/sysctl.conf<\/code>,<\/p>\n<pre>net.ipv4.ip_forward = 1\r\n<\/pre>\n<p>and loading the changes to the current kernel configuration:<\/p>\n<pre># sysctl -p\r\n<\/pre>\n<p>Note that you may also need to tell\u00a0<strong>firewalld<\/strong>\u00a0that this kind of traffic should be allowed. Remember that you can refer to the article on that topic in this same series (<a href=\"https:\/\/www.tecmint.com\/firewalld-vs-iptables-and-control-network-traffic-in-firewall\/\" target=\"_blank\" rel=\"noopener\">Part 11: Network Traffic Control Using FirewallD and Iptables<\/a>) if you need help to do that.<\/p>\n<h3>Creating VM Images<\/h3>\n<p>By default, VM images will be created to\u00a0<code>\/var\/lib\/libvirt\/images<\/code>\u00a0and you are strongly advised to not change this unless you really need to, know what you\u2019re doing, and want to handle SELinux settings yourself (such topic is out of the scope of this tutorial but you can refer to\u00a0<strong>Part 13<\/strong>\u00a0of the RHCSA series:\u00a0<a href=\"https:\/\/www.tecmint.com\/selinux-essentials-and-control-filesystem-access\/\" target=\"_blank\" rel=\"noopener\">Mandatory Access Control Essentials with SELinux<\/a>\u00a0if you want to refresh your memory).<\/p>\n<p>This means that you need to make sure that you have allocated the necessary space in that filesystem to accommodate your virtual machines.<\/p>\n<p>The following command will create a virtual machine named\u00a0<code>tecmint-virt01<\/code>\u00a0with 1 virtual CPU, 1 GB (=1024 MB) of RAM, and 20 GB of disk space (represented by\u00a0<code>\/var\/lib\/libvirt\/images\/tecmint-virt01.img<\/code>) using the\u00a0<strong>rhel-server-7.0-x86_64-dvd.iso<\/strong>\u00a0image located inside\u00a0<strong>\/home\/gacanepa\/ISOs<\/strong>\u00a0as installation media and the\u00a0<strong>br0<\/strong>\u00a0as network bridge:<\/p>\n<pre># virt-install \\\r\n--network bridge=br0\r\n--name tecmint-virt01 \\\r\n--ram=1024 \\\r\n--vcpus=1 \\\r\n--disk path=\/var\/lib\/libvirt\/images\/tecmint-virt01.img,size=20 \\\r\n--graphics none \\\r\n--cdrom \/home\/gacanepa\/ISOs\/rhel-server-7.0-x86_64-dvd.iso\r\n--extra-args=\"console=tty0 console=ttyS0,115200\"\r\n<\/pre>\n<p>If the installation file was located in a HTTP server instead of an image stored in your disk, you will have to replace the\u00a0<strong>\u2013cdrom<\/strong>\u00a0flag with\u00a0<strong>\u2013location<\/strong>\u00a0and indicate the address of the online repository.<\/p>\n<p>As for the\u00a0<strong>\u2013graphics<\/strong>\u00a0none option, it tells the installer to perform the installation in text-mode exclusively. You can omit that flag if you are using a GUI interface and a VNC window to access the main VM console. Finally, with\u00a0<strong>\u2013extra-args<\/strong>\u00a0we are passing kernel boot parameters to the installer that set up a serial VM console.<\/p>\n<p>The installation should now proceed as a regular (real) server now. If not, please review the steps listed above.<\/p>\n<h3>Managing Virtual Machines<\/h3>\n<p>These are some typical administration tasks that you, as a system administrator, will need to perform on your virtual machines. Note that all of the following commands need to be run from your host:<\/p>\n<p><strong>1.<\/strong>\u00a0List all VMs:<\/p>\n<pre># virsh list --all\r\n<\/pre>\n<p>From the output of the above command you will have to note the\u00a0<strong>Id<\/strong>\u00a0for the virtual machine (although it will also return its name and current status) because you will need it for most administration tasks related to a particular VM.<\/p>\n<p><strong>2.<\/strong>\u00a0Display information about a guest:<\/p>\n<pre># virsh dominfo [VM Id]\r\n<\/pre>\n<p><strong>3.<\/strong>\u00a0Start, restart, or stop a guest operating system:<\/p>\n<pre># virsh start | reboot | shutdown [VM Id]\r\n<\/pre>\n<p><strong>4.<\/strong>\u00a0Access a VM\u2019s serial console if networking is not available and no X server is running on the host:<\/p>\n<pre># virsh console [VM Id]\r\n<\/pre>\n<p><strong>Note<\/strong>\u00a0that this will require that you add the serial console configuration information to the\u00a0<code>\/etc\/grub.conf<\/code>\u00a0file (refer to the argument passed to the\u00a0<strong>\u2013extra-args<\/strong>\u00a0option when the VM was created).<\/p>\n<p><strong>5.<\/strong>\u00a0Modify assigned memory or virtual CPUs:<\/p>\n<p>First, shutdown the guest:<\/p>\n<pre># virsh shutdown [VM Id]\r\n<\/pre>\n<p>Edit the VM configuration for RAM:<\/p>\n<pre># virsh edit [VM Id]\r\n<\/pre>\n<p>Then modify<\/p>\n<pre>&lt;memory&gt;[Memory size here without brackets]&lt;\/memory&gt;\r\n<\/pre>\n<p>Restart the VM with the new settings:<\/p>\n<pre># virsh create \/etc\/libvirt\/qemu\/tecmint-virt01.xml\r\n<\/pre>\n<p>Finally, change the memory dynamically:<\/p>\n<pre># virsh setmem [VM Id] [Memory size here without brackets]\r\n<\/pre>\n<p>For CPU:<\/p>\n<pre># virsh edit [VM Id]\r\n<\/pre>\n<p>Then modify<\/p>\n<pre>&lt;cpu&gt;[Number of CPUs here without brackets]&lt;\/cpu&gt;\r\n<\/pre>\n<p>For further commands and details, please refer to\u00a0<strong>table 26.1<\/strong>\u00a0in Chapter 26 of the RHEL 5 Virtualization guide (that guide, though a bit old, includes an exhaustive list of virsh commands used for guest administration).<\/p>\n<h3>SUMMARY<\/h3>\n<p>In this article we have covered some basic aspects of virtualization with\u00a0<strong>KVM<\/strong>\u00a0in\u00a0<strong>RHEL 7<\/strong>, which is both a vast and a fascinating topic, and I hope it will be helpful as a starting guide for you to later explore more advanced subjects found in the official\u00a0<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/Virtualization_Getting_Started_Guide\/index.html\" target=\"_blank\" rel=\"noopener\">RHEL virtualization<\/a>\u00a0getting started and\u00a0<a href=\"https:\/\/access.redhat.com\/documentation\/en-US\/Red_Hat_Enterprise_Linux\/7\/html\/Virtualization_Deployment_and_Administration_Guide\/index.html\" target=\"_blank\" rel=\"noopener\">deployment \/ administration guides<\/a>.<\/p>\n<p>In addition, you can refer to the preceding articles in\u00a0<a href=\"https:\/\/www.tecmint.com\/install-and-configure-kvm-in-linux\/\" target=\"_blank\" rel=\"noopener\">this KVM series<\/a>\u00a0in order to clarify or expand some of the concepts explained here.<\/p>\n<p><a href=\"https:\/\/www.tecmint.com\/rhcsa-exam-reviewing-essential-commands-system-documentation\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>RHCSA Series: Reviewing Essential Commands &amp; System Documentation \u2013 Part 1 RHCSA\u00a0(Red Hat Certified System Administrator) is a certification exam from Red Hat company, which provides an open source operating system and software to the enterprise community, It also provides support, training and consulting services for the organizations. RHCSA Exam Preparation Guide RHCSA\u00a0exam is the &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.appservgrid.com\/paw92\/index.php\/2019\/04\/03\/rhcsa-red-hat-certified-system-administrator\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;RHCSA (Red Hat Certified System Administrator)&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-13526","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13526","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/comments?post=13526"}],"version-history":[{"count":1,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13526\/revisions"}],"predecessor-version":[{"id":13527,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/posts\/13526\/revisions\/13527"}],"wp:attachment":[{"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/media?parent=13526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/categories?post=13526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appservgrid.com\/paw92\/index.php\/wp-json\/wp\/v2\/tags?post=13526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}