Saturday, 29 September 2018

ACL(Access Control List)

ACL
====

Files and directories have permission sets for the owner of the file, the group associated with the file, and all other users for the system. However, these permission sets have limitations. For example, different permissions cannot be configured for different users. Thus, Access Control Lists (ACLs) were implemented.

The Red Hat Enterprise Linux kernel provides ACL support for the ext3 file system and NFS-exported file systems. ACLs are also recognized on ext3 file systems accessed via Samba.

Along with support in the kernel, the acl package is required to implement ACLs. It contains the utilities used to add, modify, remove, and retrieve ACL information.

The cp and mv commands copy or move any ACLs associated with files and directories.

Before using ACLs for a file or directory, the partition for the file or directory must be mounted with ACL support. If it is a local ext3 file system, it can mounted with the following command:

mount -t ext3 -o acl device-name partition

For example:

mount -t ext3 -o acl /dev/VolGroup00/LogVol02 /work

Alternatively, if the partition is listed in the /etc/fstab file, the entry for the partition can include the acl option:

LABEL=/work /work ext3 acl 1 2

If an ext3 file system is accessed via Samba and ACLs have been enabled for it, the ACLs are recognized because Samba has been compiled with the --with-acl-support option. No special flags are required when accessing or mounting a Samba share.

By default, if the file system being exported by an NFS server supports ACLs and the NFS client can read ACLs, then ACLs are utilized by the client system. To disable ACLs on NFS share when mounting it on a client, mount it with the noacl option with the command line.

SETTING ACCESS ACLS

There are two types of ACLs: access ACLs and default ACLs. An access ACL is the access control list for a specific file or directory. A default ACL can only be associated with a directory; if a file within the directory does not have an access ACL, it uses the rules of the default ACL for the directory. Default ACLs are optional.

ACLs can be configured:

Per user
Per group
Via the effective rights mask
For users not in the user group for the file

The setfacl utility sets ACLs for files and directories. Use the -m option to add or modify the ACL of a file or directory:

# setfacl -m rules files

Rules (rules) must be specified in the following formats. Multiple rules can be specified in the same command if they are separated by commas.

u:uid:perms

Sets the access ACL for a user. The user name or UID may be specified. The user may be any valid user on the system.

g:gid:perms

Sets the access ACL for a group. The group name or GID may be specified. The group may be any valid group on the system.

m:perms

Sets the effective rights mask. The mask is the union of all permissions of the owning group and all of the user and group entries.

o:perms

Sets the access ACL for users other than the ones in the group for the file.

Permissions (perms) must be a combination of the characters r, w, and x for read, write, and execute.

If a file or directory already has an ACL, and the setfacl command is used, the additional rules are added to the existing ACL or the existing rule is modified.

Give read and write permissions

For example, to give read and write permissions to user alice:

# setfacl -m u:alice:rw /project/somefile

To remove all the permissions for a user, group, or others, use the -x option and do not specify any permissions:

# setfacl -x rules files

Remove all permissions

For example, to remove all permissions from the user with UID 500:

# setfacl -x u:500 /project/somefile

SETTING DEFAULT ACLS

To set a default ACL, add d: before the rule and specify a directory instead of a file name.

Setting default ACLs

For example, to set the default ACL for the /share/ directory to read and execute for users not in the user group (an access ACL for an individual file can override it):

# setfacl -m d:o:rx /share

RETRIEVING ACLS

To determine the existing ACLs for a file or directory, use the getfacl command. In the example below, the getfacl is used to determine the existing ACLs for a file.

Retrieving ACLs

# getfacl home/john/picture.png

The above command returns the following output:

# file: home/john/picture.png

# owner: john

# group: john

user::rw-

group::r--

other::r--

If a directory with a default ACL is specified, the default ACL is also displayed as illustrated below. For example, getfacl home/sales/ will display similar output:

# file: home/sales/

# owner: john

# group: john

user::rw-

user:barryg:r--

group::r--

mask::r--

other::r--

default:user::rwx

default:user:john:rwx

default:group::r-x

default:mask::rwx

default:other::r-x

Friday, 21 September 2018

How to rollback updates using yum

One of the important task of Linux system administrator is to update packages on the servers. There can be some scenarios where Linux admin apply the updates on servers but after applying updates application hosted on the server might not work properly due to incompatibility of new updates, In that case we don’t have any option but to rollback updates.

On Linux servers (RHEL & CentOS) updates are applied with yum command and updates can be rollback with “yum history command“.

# yum history
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
     8 | root <root>              | 2011-10-03 14:40 | Install        |    1   
     7 | root <root>              | 2011-09-21 04:24 | Install        |    1 ##
     6 | root <root>              | 2011-09-21 04:23 | Install        |    1 ##
     5 | root <root>              | 2011-09-16 13:35 | Install        |    1   
     4 | root <root>              | 2011-09-16 13:33 | Erase          |    1   
     3 | root <root>              | 2011-09-14 14:36 | Install        |    1   
     2 | root <root>              | 2011-09-12 15:48 | I, U           |   80   
     1 | System <unset>           | 2011-09-12 14:57 | Install        | 1025

Suppose you want to undo the changes of ID 8

To rollback use below command

# yum history undo 8

Wednesday, 19 September 2018

LVM Interview Questions

Q.What Is The Difference Between Lvm And Raid?
Ans: A RAID device is a physical grouping of disk devices in order to create a logical presentation of one device whereas LVM is a logical layer that that can be manipulated in order to create and, or expand a logical presentation of a disk device to an OS.

Q. Explain Lvm Snapshot?
Ans:LVM snapshots allow the administrator to create a new block device which presents an exact copy of a logical volume, frozen at some point in time.

Q. How You Will Check On Your Server Or System Device-mapper Is Installed Or Not?

Ans:
Check the following file:
#cat /proc/misc
if this file contains “device-mapper” term it means device mapper is installed on your system.

Q. How Are Snapshots In Lvm2 Different From Lvm1?
Ans:
In LVM2 snapshots are read/write by default, whereas in LVM1, snapshots were read only.

Q. What Is The Maximum Size Of A Single Lv?
Ans:
For 2.4 based kernels, the maximum LV size is 2TB. For 32-bit CPUs on 2.6 kernels, the maximum LV size is 16TB. For 64-bit CPUs on 2.6 kernels, the maximum LV size is 8EB.

Q. If A Volume Group Named As Vgname Already Exists But We Need To Extend This Volume Group Up To 4gb. Explain All Steps?
Ans:
Firstly, create Physical volume (/dev/sdaX, where X is the partition number) of size 4GB.
Now run following command: # vgextend vgname /dev/sdaX

Q. If A Volume Group Vgname Have 3 Pv’s (/dev/sda5, /dev/sda6, /dev/sda7) But We Want To Remove /dev/sda7 Pv From This Vgname?
Ans:
# vgreduce vgname /dev/sda7

Q. Which Command Is Used To Extend A Logical Volume?
Ans:
# lvextend -size +<addsize> /dev/<vgname>/<lvname>

resize2fs /dev/<vgname>/<lvname>

Q. What Is The Partition Type Number For Swap, Raid And Lvm?
Ans:
SWAP (82), RAID (fd) and LVM (8e)

Q. How To Add A Disk To A Volume Group?
Ans:
suppose disk is /dev/sdb
# pvcreate /dev/sdb
# vgextend <vgname> /dev/sdb

Q. How To Remove A Disk From A Volume Group?
Ans:
Syntax:

# vgreduce <vgname> <disk>
Example:
# vgreduce vgname /dev/sdb

Q. How To Backup New Lvm Data Structures?

Ans:

# vgcfgbackup /dev/vgname

Q. Is It Possible To Increase The Logical Volume On Fly?

Ans:
Yes. LVM has the feature to increase the volume without unmount it.

Q. How To Reduce The Logical Volume? Is It Possible To Reduce On Fly?

Ans:
No. we can't reduce the logical volume on fly. Here is the steps to reduce the logical volume.

Un-mount the filesystem
Run e2fsck on the volume device
Reduce the Filesystem using resize2fs
Reduce the logical Volume using lvreduce
Mount the filesystem back for production.
Q. How Do You Scan The New Lun Or Disk?

Ans:
Use "echo 1 > /sys/class/scsi_host/hostx/scan" to scan disk from newly connected SAN or DISKS and also replace the "x" with number of host id present under /sys/class/scsi_host/.

Q. How To Scan Disks For Existing Volume Group?

Ans:
Use "vgscan" to scan existing volume group from newly connected SAN or DISKS.
But we should use "pvscan" prior to executing this command.

Q. How To Scan A Logical Volume From Exising Volume Group?

Ans: lvscan

Q. How To Stop The Logical Volume? Or Deactivate The Logical Volume?

Ans: "lvchange -an /dev/vg_name/lv_name"

Q. How To Activate The Logical Volume Which Is In Deactivated State?

Ans: "lvchange -ay /dev/vg_name/lv_name".

Q. How To Disable The Volume Group? Or Deactivate The Volume Group?

Ans: "vgchange -an volume_group_name".

Q. How To Enable The Volume Group? Or Activate The Volume Group?
Ans: "vgchange -ay volume_group_name" .

Q. How Do You Find That What Are The Disks Are Used For Logical Volume Mirroring?
Ans: use "lvs -a -o +devices"

Q. What Are Steps To Perform In Order To Increase The Logical Volume On Fly?

Ans:
Extend the logical volume
Increase the Filesystem size
Verify the status using df command or lvs command.
Q. How To List The Imported Volume Groups?

Ans:Use "vgs" command to display the imported volume group.

Q. How To Create Partition From The Raw Disk ?

Ans:
Using fdisk utility we can create partitions from the raw disk.Below are the steps to create partition from the raw dsik :

fdisk /dev/hd* (IDE) or /dev/sd* (SCSI)
Type n to create a new partition
After creating partition , type w command to write the changes to the partition table.
Q. What Does Sar Provides And At Which Location Sar Logs Are Stored ?

Ans:
Sar Collect, report, or save system activity information. The default version of the sar command (CPU utilization report) might be one of the first facilities the user runs to begin system activity investigation, because it monitors major system resources. If CPU utilization is near 100 percent (user + nice + system), the workload sampled is CPUbound.

By default log files of Sar command is located at /var/log/sa/sadd file, where the dd parameter indicates the current day.

Q. How To Reduce Or Shrink The Size Of Lvm Partition ?

Ans:
Below are the logical Steps to reduce size of LVM partition :

Umount the filesystem using umount command, use resize2fs command ,
e.g resiz2fs /dev/mapper/myvgmylv 10G Now use the lvreduce command ,
e.g lvreduce L 10G /dev/mapper/myvgmylv

Above Command will shrink the size & will make the filesystem size 10GB.

Q. How To Increase The Size Of Lvm Partition ?
Ans:

Below are the Logical Steps :

Use the lvextend command (lvextend L +100M /dev/<Name of the LVM Partition> , in this example we are extending the size by 100MB.
resize2fs /dev/<Name of the LVM Partition>
check the size of partition using ‘df h’ command

Q. Why Lvm Is Required?

Ans:
LVM stands for Logical Volume Manager , to resize filesystem's size online we required LVM partition in Linux. Size of LVM partition can be extended and reduced using the lvextend & lvreduce commands respectively.

Q. How To Create Partition From The Raw Disk?
Ans:
Using fdisk utility we can create partitions from the raw disk.Below are the steps to create partition from the raw disk :

fdisk /dev/hd* (IDE) or /dev/sd* (SCSI)
Type n to create a new partition
After creating partition , type w command to write the changes to the partition table.
Q. How To Decommission/remove Lvm Completely From The Host?

Ans:
Un-mount all the logical filesystems
Remove the logical volumes using "lvremove" command.
Destroy the volume group using "vgremove" command.
Use "pvremove" command remove the physical volumes from the system.
Q. If The Vg02 Has Two Physical Volumes Called /dev/sdc/ & /dev/sdd. How Do You Remove /dev/sdd From Vg02?
Ans:
"vgreduce vg02 /dev/sdd/"

Q. Assume Volume Group "vg02" Is Already Exists. How Do You Extend The Volume Group With 50gb? Provide All The Steps With Commands?
Ans:

Get the 50GB lun from storage team.(/dev/sdd)
Create physcical volume ( # pvcreate /dev/sdd )
Extend the volume group (# vgextend vg02 /dev/sdd)
Q. How To Extent The Volume Group?
Ans:

Using "vgextend" we can increase the volume group.

Q. What Are The Steps Involved To Create The Logical Volume From Scratch?
Ans:
Create a physical volume using pvcreate command: #pvcreate /dev/sdc
Create a volume group using "vgcreate" command: #vgcreate vg02 /dev/sdc
Create a logical volume using "lvcreate" command: #lvcreate -L 100M -n vol1 vg02
Create a filesystem on logical volume using mkfs command: #mkfs -t ext4 /dev/vg02/vol1
Mount the filesystem using mount command for use: #mount -t ext4 /dev/vg02/vol1 /vol1

Q. How Are Snapshots In Lvm2 Different From Lvm1 In Redhat Linux?
Ans:LVM1 snapshots are readonly by default where LVM2 snapshots were read/write.

Q. What Is Lvmdump?

Ans:"lvmdump" is tool for LVM2 to collect the various information for diagnostic purposes.By default, it creates a tarball suitable for submission along with a problem report

Q. How To Re-create The Device Files For Lvm Volumes?

Ans:Run "vgmknodes" to recreate the LVM devices files.

Q. How To Take A Lvm Configuration Backup?

Ans:Use "vgcfgbackup vg_name" to take the latest configuration backup of volume group. The default volume group backup location is "/etc/lvm/backup" .

Q. How To Rename Volume Group? Can We Rename The Vg On Fly?

Ans:Yes. Its possible to rename the volume group on fly. But the mounted volumes will not reflect the same unless you re-mount the volume with new VG name. Need to update the /etc/fstab with new VG name to mount the volumes across the system reboot.

Q. How To See The Detailed Physical Volume Information?

Ans:Use "pvdisplay /dev/disk_name" Ex: pvdisplay /dev/sde

Q. How To See The Detailed Logical Volume Information?

Ans:Use "lvdisplay /dev/vg_name/lv_name"

Q. How To See The Detailed Volume Group Information?

Ans:Use "vgdisplay vg_name"

Q. How To List The Available Physical Volumes In Lvm?

Ans:Use "pvs" command to list the available physical volumes.

Q. How To List The Available Logical Volumes On The System?

Ans:Use "lvs" command to list the available logical volumes on the system.

how to make inactive lvm active

If any how reasons your lvm becomes active state to inative state then we need to use below commands to make lvm active.

root@server ~]# lvchange -a y mylv

[root@server ~]# mount /dev/myvg/mylv /mnt
[root@server ~]# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/yourvg/yourlv    24507776        32  24507744   1% /mnt
/dev/myvg/mylv        24507776        32  24507744   1% /mnt

Saturday, 8 September 2018

LVM

LOGICAL VOLUME

LVM:- It is a tool for logical volume management which includes allocating disks,striping,mirroring and resizing logical volumes.

With LVM, a hard drive or set of hard drives is allocated to one or more physical volumes .LVM physical volumes can be placed on other block devices which might span two or more disks.

The physical volumes are combined into logical volumes with the exception of the /boot/partition. The /boot/ partition cannot read it.If the root (/) partition is on the logical volume, create a separate /boot/ partition which is not a part of the volume group.

Physical Volume:- A physical volume (PV) is another name for a regular physical disk partition that is used or will be used by LVM.

Volume Group:- Any number of physical volumes (PVs) on different disk drives can be added together into a volume group (VG).

Logical Volume:- Volume Groups must then be subdivided into logical volumes. Each logical volumes can be individually formatted as if it were a regular linux partition. A logical volume is therefore, like a virtual partition on your virtual disk drive.

#fdisk -l
#pvdisplay (To see the physical volume)

First create the partition of individual disk then create physical volume.
Suppose you partitioned 30 GB from sdb1,sdc1,sdd1 then you can create physical volume.

# pvcreate /dev/sdb1 /dev/sdbc1 /dev/sdd1
pvcreated

#pvdisplay (It will display the pv created)

#vgcreate /dev/myvggroup /dev/sdb1 /dev/sdd1
vgcreated

#vgdisplay (It will display the vg created)

#lvcreate --name test1(Name of LV) --size 40G /dev/myvggroup

#lvdisplay (It will display the lv created)

#mkfs.ext4 /dev/myvggroup/test1

#mkdir /mylv (Make folder where you want to mount your LV)

#mount /dev/myvggroup/test1 /mylv

#cd /mylv/

#mkdir abcd
#touch 1 2 3 4

NTP SERVER TIME SYNC ISSUE

NTP ISSUE

Q:-NTP server is not synchronizing with client server. What command we will use to re sync it?

Sol:- First check NTP service and check it is sync it with client server or not with the below command.

[root@server/]#ntpq -pn

remote refid st t when poll reach delay offset jitter

========================================================================

198.168.200.3 .

▒. 16 u 53 64 0 0.000 0.000 0.000

198.168.200.4 .

▒. 16 u 52 64 0 0.000 0.000 0.000

Then we need to update the ntpdate with the below command

[root@server/]#ntpdate -u 198.168.101.2 or 198.168.102.3

After the time got sync run below command to check the sync is happening or not.

[root@server /]#ntpq -pn

remote refid st t when poll reach delay offset jitter

==============================================================================

*198.168.200.3 198.168.101.2 2 u 211 512 377 1.299 0.157 0.088

+198.168.200.4 198.168.102.3 2 u 212 512 377 1.266 0.096 1.904

LINUX GIANTS