Special Permissions

Special Permissions

1. Umask: The default permissions are defined by umask. Default permissions for directories are 777 minus umask value and for files are same without execute permission.

Predefined umask for root user is 022. That mean files will have permission of 644 and directories will have of 755.

And umask for all other user’s is 002. That mean files will have permission of 664 and directories will have of 775.

The umask global configuration is stored in “/etc/bashrc” file. The umask value for other all user’s mention in line number 9 and for root user’s mention in line number 11. To change umask local configuration we can edit the “~/.bashrc” file in particular user’s home directory.

# vi /home/user_name/.bashrc

umask 027                (Enter a new line at bottom in this file)

We can change umask temporarily with the command is:

# umask  <umask_value>

For permanently change the global umask value:

# vi /etc/bashrc

8 if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then

9 umask 002        (For all other local users)

10 else

11 umask 022       (For root user)

12 fi

To view the current umask value:

# umask

2. SUID: SUID stand for Set User ID. It is set on the executable file of the owner. SUID set runs with the ownership of the program owner. That is, if you own an executable, and another person issues the executable, then it runs with your permission and not his. The default is that a program runs with the ownership of the person executing the binary.

3. SGID: SGID stand for Set Group ID. Files created in directory with SGID set have group affiliation of the group directory. The SGID bit is the same as of SUID, only the case is that it runs with the permission of the group. Another use is it can be set on folders,making nay files or folders created inside the SGID set folder to have a common group ownership.

4. Sticky Bit: Files in the directory with sticky bit set can be only removed by the owner or root user. Sticky bit was used on executables in linux (which was used more often)so that they would remain in the memory more time after the initial execution, hoping they would be needed in the near future. But since today we have more sophisticated memory accessing techniques and the bottleneck related to primary memory is diminishing, the sticky bit is not used today for this. Instead, it is used on folders, to imply that a file or folder created inside a stickybit-enabled folder could only be deleted by the creator itself. A nice implementation of sticky bit is the /tmp folder,where every user has write permission but only users who own a file can delete them. Remember files inside a folder which has write permission can be deleted even if the file doesn't have write permission. The sticky bit comes useful here.

ZEN

Zen Virtualizations

            The Xen virtualization provide multiple virtual server on one linux system.

            Daemons:

1.    xend

2.    xendomains

Requirements:

1.    YUM

            Install the required packages for Zen Server:

# yum install xen                                        (Install 7 packages)

            1.   xen                                               2.   SDL

            3.   bridge-utils                                  4.   libvirt

            5.   libvirt-python                               6.   python-virtinst

            7.   xen-libs

# yum install virt-manager                       (Install 2 packages)

            1.   virt-manager                                2.   Gnome-python-gnomekeyring

# yum install vnc

# yum install kernel-xen

            Reboot the system after installing all above required packages. During rebooting press arrow key for pause the kernel screen and select “xen” kernel line, and press enter key. This is the new kernel line appeared after installing xen kernel packages.

# ps –ef | grep xend                                   (For checking xen service running or not)

            Preparation for Creating Virtual Machine:

1.    Share the “/var/ftp/pub/” directory with NFS. The “/var/ftp/pub/” is the directory which contains the installation media.

# vi /etc/exports

                  /var/ftp/pub/         *(rw,sync)

# chkconfig nfs on

# service nfs restart

2.    Create a new partition about 5GB for creating virtual machine and mount it. For example reate a new partition “/dev/sda3”, and create a new directory “/new”. Mount the /dev/sda3 on /new directory. After that create a new file (any file name) in the /new directory.

# mount /dev/sda3 /new

# touch /new/virtual

           

# virt-manager                                             (It open GUI environment for configuring xen)

            Select Local Xen host > Connect. The virtual machine manager is open. Click on file > New Machine > Forward. Type your desired virtual system name (System1) > Forward. Select Paravirtualized > Forward. Enter the NFS installation media path (nfs:192.168.1.3:/var/ftp/pub/) in Install media URL. Where 192.168.1.3 is the NFS server IP address. Select Simple File and locate the newly created file “/new/virtual” > Open > Forward. Select Memory and CPU > Forward. Finish.

            The virtual machine now begin to start.

VNC

Virtual Network Console (VNC)

           

VNC is a graphical desktop sharing system that uses the RFB (Remote Frame Buffer) protocol to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.

VNC is platform-independent – a VNC viewer on one operating system may connect to a VNC server on the same or any other operating system. There are clients and servers for many GUI-based operating systems and for Java. Multiple clients may connect to a VNC server at the same time.VNC provide graphical console to the remote users.

            Configuration file: /root/.vnc/xstartup

Configure VNC (Server Side):

First Mount the Linux CD Rom.

# rpm –ivh - -force vncserver + <tab>

# setup                                                                   (Disable firewall)

# chkconfig vncserver on

# chkconfig - - list vncserver

# vncpasswd root                                            (Set VNC password for Root user)

# vncserver                                                   (Note the running session number.)

# vi /root/.vnc/xstartup                                    (Remove # sine except first line.)

     Esc. :wq!

# vncserver

           

            Access VNC Server with session number (Client Side): By the help of VNC Viewer we can access VNC Server remotely.

            On VNC Viewer, Enter Server IP with Session number

            192.168.10.44:3                               (Here 3 is the session number)

            Enter VNC password

           

Access VNC Server with port number: We can also access the VNC server with it port number with changing some configurations.

Change VNC server port number:

# vi /usr/bin/vncserver

            Go to line no. 125 and change the port number and remove display number then save and exit the file. The default port number is 5900.
            # $vncPort = 5900 + $displayNumber;
            $vncPort = 5900;

# vi /etc/sysconfig/vncservers

            Go to line no. 20, uncomment this line and change username “root”.

            VNCSERVERS=“1:root”

# service vncserver restart

Access VNC Server with port number (Client Side): By the help of VNC Viewer we can access VNC Server remotely.

            On VNC Viewer, Enter Server IP with Port number

            192.168.10.44:5900                                    (Here 5900 is the VNC port number)

            Enter VNC password

Telnet

Telnet

            Telnet is a terminal program for TCP/IP network. It is use for remote login. It works on port number 23.

Configuration file:

1.            /etc/xinetd.d/telnet

# yum install telnet-server

# chkconfig --list telnet

# chkconfig telnet on

# ps –ef | grep telnet

# service xinetd restart

Note: Disable Firewall and SELinux in Firewall Setting.

Login through Telnet: Open terminal in UNIX OS or open MS DOS in Windows OS and follow bellow instructions.

1.         In UNIX OS:-

# telnet 192.168.1.3                        (IP of Telnet Server)

login: nilesh                                     (Enter user name)

password:                                        (Enter user password)

[nilesh@server ~]$

2.         In Windows OS:-

C:\> telnet 192.168.1.3                   (IP of Telnet Server)

login: nilesh                                     (Enter user name)

password:                                        (Enter user password)

[nilesh@server ~]$

Sudo

Sudo

            Super User Do. The command SUDO permit a user with proper permission to execute the command as the Super User or other user the file /etc/sudoers control the SUDO access, editor and syntax checker.

# vi sudo ß fired for edit the file of SUDO configuration sudo is easy to configure.

1. For allow all root permissions to Sudo user.

# vi /etc/sudoers

:se nu                                             = Go to line no 78 and add users after root.

            76 root, nilesh    ALL=(ALL)       ALL

            :wq!

# su – nilesh

[nilesh@host ~]$ sudo su –                   =Enter user password.

2. For allow fire specified command to Sudo users.

# vi /etc/sudoers

:se nu              = Go to line no 20 copy(yy) it and paste(p) below this line

and create user alias.

            20 # User_Alias ADMINS = jsmith, mikem

21 User_Alias USER = nilesh

Bellow line no 24 add a new line and create command alias.

24 ## Command Aliases

25 Cmnd_Alias CMD = /usr/sbin/useradd, /usr/bin/passwd

Esc

:$                                           = For go to end of this file write in a new line for set value.

            97 USER ALL=CMD

:wq!

After that the nilesh user can able to run useradd and passwd commands.

# su – nilesh

[nilesh@host ~]$ sudo /usr/sbin/useradd kumar

[nilesh@host ~]$ sudo /usr/bin/passwd kumar

SSH

SSH (Secure Shell)

SSH (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine.  It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP ports can also be forwarded over the secure channel.

Run the command

# ssh-keygen –t dsa

Then press three time enter, after press three time enter, generate two keys.

i) id-dsa = it is private key,              ii) id-dsa.pub = it is public key

Now go to client side computer and follow below steps

# mkdir /root/.ssh                           (Create a directory of .ssh in /root)

# touch authorized_keys                (Create a file in .ssh directory)

Then again go to server side and run the          

# scp /root/.ssh/id-dsa.pub root@ip add.of client:/root/.ssh/authorized_keys

Write yes and enter

            Now check firewall setting of both side server & client

            Now run the command                              

# ssh- ip add of client/ server

Ctrl+D                                              (Fire for end the session)

Samba

Configuration of Samba Web Server

          Samba use the Simple Mail Protocol (SMP) to share files & printer across a network connection. SAMBA is useful if you have a network of both Windows and Linux machine SAMBA allow file & printers shared by all the systems in a network to share files between Linux machine NFS is used while to share file & printers between Linux & Window. Samba used CISF share. CISF (Common Interface File System) is a file system and protocol.

            Configuration File: The default configuration files allow user to view their home directories as a SAMBA share. It also shares all printers configured for the system as samba share printers.

1.    /etc/samba/smb.conf

2.    /etc/samba/smbpasswd           (Samba user’s passwd file)

Services:

1.    smb

# yum install system-config-samba      (Install 2 required packages of Samba)

1.    system-config-samba

2.    samba

# system-config-samba                         (For graphically configuration)

# chkconfig - -list smb

# chkconfig smb on

            Add user for samba access if does not user exist.

# smbpasswd –a <user_name>            (Enter samba user’s password twice)

# service smb restart

Windows Side:

            Go to the Windows system > Go to Run and enter “\\<IP of UNIX system>”

            \\192.168.1.3

            Enter Samba user name

            Enter Samba user’s password

NTP

Network Time Protocol (NTP)

            NTP Server is used for Synchronizes the system's clock to client.

Configuration file:

            1.         /etc/ntp.conf

            Configure NTP (Server Side):

# vi /etc/ntp.conf

            Do the following changes…

            Line no. 3      copy and paste below this line and provide # in line no. 3

            Line no. 4      Edit similar like below

restrict <IP of Server> netmask <subnet mask> nomodify notrap

Ex.-     3

4 restrict <192.168.10.3> netmask <255.255.255.0> nomodify notrap

            Esc. :wq!

# service ntpd restart

# chkconfig - - list ntpd

# chkconfig ntpd on

# chkconfig ntpd restart

            Configure NTP (Client Side):-

# service ntpd restart

# ntpdate –b <IP of server>

# service ntpd stop

# service ntpd start

# ntpq -p                                                       (For query of synchronization)

Auto FS

Auto FS

Client Side:

# vi /etc/auto.master          (In this file do changes in line no. 10)

/home             /etc/auto.home          nobrowse

Esc :wq

            (Here “/home” is the shared directory)

# vi /etc/auto.home

*                      ServerIP:/shared directory/&          (Shared for all user)

username      ServerIP:/shared directory/username       (Shared for particular user)

Ex:-

*                      192.168.1.3:/home/&           or

nilesh 192.168.1.3:/home/nilesh

Esc :wq

#chkconfig - -list autofs

# service autofs restart

Server Side:

# vi /etc/exports

/home             *(rw,sync)

Esc :wq

# service autofs restart

# service nfs restart

The Network Information Service (NIS) provides a simple network lookup service consisting of databases and processes.

At first you need to define the NIS master server which contains all source files for the various maps like /etc/passwd, /etc/group or /etc/hosts. The NIS server process ypserv needs to be run on this host. The ypserv daemon is typically activated at system startup. There could be more hosts running ypserv, this one are called "slaves". They get their maps from the master server. If a slave goes down, it will miss updates from the master.

On other machines using the NIS services as client, you have to run ypbind. ypbind must run on every machine which has NIS client processes; ypserv may or may not be running on the same node, but must be running somewhere on the network. For normal users, you need the yp-tools. This package provide tools for communication with ypbind, ypset and ypwhich, tools for accessing the NIS maps, ypcat, ypmatch and yppoll, and tools for changing NIS user information, ypchfn, ypchsh and yppasswd.

The ypserv package implements fully NIS master/slave support and is compatible to the version from SUN. The YP V2 protocol is complete implemented, YP V1 only partially. ypbind-mt implements a multi-threaded ypbind daemon, which is compatible to the SUN ypbind protocol version 1 and 2. Version 3 is not supported, since the protocol is not publically available. The yp-tools supports only the YP and ypbind protocol version 2.

The main ftp site for the Linux NIS source collection is ftp://ftp.kernel.org/pub/linux/utils/net/NIS/. You will always find there the latest versions and patches, since this WWW page isn't always up to date. Please look there at first if one of the links on this pages are not longer valid or if you have other problems with the software. You will find a list of mirrors of ftp.kernel.org at http://www.kernel.org/mirrors/

NIS

NIS (Network Information Service)

Network Information Service or Server. It provides information about the network users. It is just like as Domain Controller in Windows Server.

            It store account related information, group related information, authentication and password account history.

Configuration files:

            Requirements:

1.    YUM

2.    DHCP

3.    DNS

Install the following RPM’s on the server end:

# yum install ypserv

# yum install ypbind

# yum install yp-tools

# yum install portmap

# yum install make

1. Edit “/etc/sysconfig/network” file and add a new line after third line “NISDOMAIN=server_name”

Ex:-

NETWORKING=yes

NETWORKING_IPV6=yes

HOSTNAME=server.linux.com

NISDOMAIN=linux.com

2. Configure Domain name:

# domainname linux.com             (For temporary)

# vi /etc/domainname                    (For permanent)

linux.com

Esc:wq

3. Entry in Securenets file

# vi /var/yp/securenets

255.255.255.255      127.0.0.1

255.255.255.0           192.168.1.0

Esc:wq

Note: Restart the PC for configures this Domain, after restart the PC run below commands.

# service portmap restart

# chkconfig --list portmap

# chkconfig portmap on

# service ypserv restart

# chkconfig --list ypserv

# chkconfig ypserv on

            Edit “/var/yp/Makefile”

# vi /var/yp/Makefile                       (For open the Makefile)

Assign line no through :se nu then go to line no. 109 through :109, In this line after the netid get all to the new line and set it as comment with # sign.

109 all:  passwd group hosts rpc services netid

110         # protocols mail \

Making NIS Master Server:

# usr/lib/yp/ypinit –m

            Ctrl+D

# service portmap restart

# service ypserv restart

# service yppasswdd restart

            Verify the services through...

# ps -ef | grep yp

            Show the NIS maps:

# ypwhich -m

Client Side Configuration:

1. Install the following packages on the client end:

            ypbind

            yp-tools

            authconfig

            authconfig-gtk

            portmap

2. Connect with NIS Domain Server

# system-config-authentication

            Enable NIS Domain

                        NIS Domain  linux.com

                        NIS Server     server.linux.com

            Check on authentication tab and see the default settings. Also check option tab for default settings.

3. For Testing:

# ypwhich

            server.linux.com                   (The name of NIS Server will appear)

# ypcat passwd                              (Show all NIS user database)