AutoFS and Mounting in Linux/Redhat/CentOS

echo “AutoFS – Automatic FS system Mounting – Dec 26th, 2017 by Sayed”

check if Autofs installed or not
yum list installed | grep autofs

I just installed; hence it is there
you can install with yum -y install autofs

944 yum -y install autofs

then you can enable autofs
946 systemctl status autofs
947 systemctl start autofs
948 systemctl enable autofs

enable – will start this service at reboot/system start

AutoFS in general does not use /etc/fstab
AutoFS uses /etc/mtab file
Also, AutoFS has some files under /etc and starting with auto. You can also define which file will contain the mounting mapping. the file that will act like /etc/fstab for autofs

AutoFS has direct mapping and indirect mapping
let’s see some files under /etc for autofs

955 ls /etc/auto*

The files

/etc/auto.direct /etc/autofs.conf /etc/autofs_ldap_auth.conf /etc/auto.master /etc/auto.misc /etc/auto.net /etc/auto.smb /etc/auto.master.d:

I saw to use /etc/auto.master for configuring which file will do the mapping for direct mounting.
I saw to use /etc/auto.misc for configuring which file will do the mapping for indirect mounting for AutoFS.

One more config file is under: /etc/sysconfig/autofs

961 cat /etc/sysconfig/autofs

the content
#
# Init system options
#
# If the kernel supports using the autofs miscellanous device
# and you wish to use it you must set this configuration option
# to “yes” otherwise it will not be used.
#
USE_MISC_DEVICE=”yes”
#
# Use OPTIONS to add automount(8) command line options that
# will be used when the daemon is started.
#
#OPTIONS=””
#

For mounting NFS i.e. remote/network file-systems/folders – we can use the regular mounting i.e. /etc/fstab and mount command. However, that is kinda manual. We can mount NFS using AutoFS that will be automatic mount

We use AutoFS for LDAP clients to auto mount Users’ home directories. We just configure, then the mounting happens automatically. You remember that getent passwd user-name mounted the remote users’ home directory into local system. we used /etc/auto.master to tell that auto.guests will have the mounting configurations. then on /etc/auto.guests file – we configured that users’ home directories will be mounted on /home/guests. you can check our notes on LDAP client configuration

979 cat /etc/auto.master
980 vim /etc/auto.master

we added the following line on /etc/auto.master
/etc/auto.guests /etc/auto.direct

it just tells that AutoFS will consult /etc/auto.guests file for direct mapping

984 vim /etc/auto.guests
we added the following line on /etc/auto.guests
/home/guests 192.168.1.15:/nfsrh

it just tells remote /nfsrh will be automatically mounted to /home/guests
you can try to restart autofs

989 systemctl restart autofs

Indirect Map
indirectly mounted points are only visible when accessed
automatically mounts shares under one common parent directory
each indirect map put only one entry in the mtab file
local and indirect maps cannot exist in the same parent directory
for indirect mapping – you use /etc/auto.misc file

On File Systems and Linux Commands (Redhat/CentOs/Fedora)

echo “Dec 26th, 2017, Sayed Ahmed, Justetc Technologies”

On file Systems – Target Audience: Technical People. Software Developers and System/Network Administrators or DevOps  (or wanna be)

/ and /boot are the default Linux file systems

you can also configure /home, /opt, /var, /tmp, /usr as separate file systems or can make these as part of the / file systems.

/ and /boot are mandatory

The advantages of having separate file systems (and/or partitions) for different purpose (/var, /usr) are: you can independently manage them, extend them or reduce them as required. Can implement restriction on users who can access which file system. do repair and maintenance activities separatel

Types of file systems: ext2, ext3, ext4, xfs (default for Redhat 7), btrfs, vfat, iso9660, BIOS Boot, EFI System Partitions, NFS, AutoFS, CIFS (Common Internet File Systems)

AutoFS: NFS based auto mount. You can use this for LDAP Client configuration. Check our LDAP Notes.

xfs_repair : repair xfs file system devices

813 File System Administration Commands
814 dumpe2fs
815 dumpe2fs /dev/sdb
816 lsblk
817 dumpe2fs /dev/sdb
818 dumpe2fs /dev/sdc1
819 dumpe2fs /dev/sda

820 e2fsck /dev/sdb
821 e2fsck /dev/sda

823 lsblk
824 mkfs.ext2 /dev/sdb
825 mkfs.ext2 /dev/sdc1

826 e2fsck /dev/sdc1
827 e2fsck is for ext2 file system. ext2 will be removed soon. ext2 is deprecated on RHEL 7.
828 fsck.ext2 /dev/sdc1
829 fsck.xfs /dev/sda

830 xfs_repair /dev/sda
831 dumpe2fs, e2fsck, e2label, mke2fs, resize2fs, tune2fs, mkfs.xfs, xfs_admin, xfs_growfs, xfs_info, xfs_repair, mkfs.vfat, blkid, df, du, findmnt, fuser, mount, umout – some file system related linux commands

835 man e2label
836 e2label – Change the label on an ext2/ext3/ext4 filesystem
837 SYNOPSIS
838 e2label device [ new-label ]
839 DESCRIPTION
840 e2label will display or change the filesystem label on the ext2, ext3, or ext4 filesystem located on device.

841 man mke2fs
mke2fs is used to create an ext2, ext3, or ext4 filesystem, usually in a disk partition. device is the special file corresponding to the device (e.g /dev/hdXX). blocks-count is the number of blocks on the device. If omitted, mke2fs automagically figures the file system size. If called as mkfs.ext3 a journal is created as if the -j option was specified.

man resize2fs
The resize2fs program will resize ext2, ext3, or ext4 file systems. It can be used to enlarge or shrink an unmounted file system located
on device. If the filesystem is mounted, it can be used to expand the size of the mounted filesystem, assuming the kernel supports on-line
resizing. (As of this writing, the Linux 2.6 kernel supports on-line resize for filesystems mounted using ext3 and ext4.).

849 man tune2fs
tune2fs allows the system administrator to adjust various tunable filesystem parameters on Linux ext2, ext3, or ext4 filesystems. The cur‐rent values of these options can be displayed by using the -l option to tune2fs(8) program, or by using the dumpe2fs(8) program.

852 man mkfs.xfs
mkfs.xfs constructs an XFS filesystem by writing on a special file using the values found in the arguments of the command line. It is invoked automatically by mkfs(8) when it is given the -t xfs option.

855 man xfs_admin
xfs_admin uses the xfs_db(8) command to modify various parameters of a filesystem.
Devices that are mounted cannot be modified. Administrators must unmount filesystems before xfs_admin or xfs_db(8) can convert parameters.
A number of parameters of a mounted filesystem can be examined and modified using the xfs_growfs(8) command.

859 man xfs_growfs
xfs_growfs expands an existing XFS filesystem (see xfs(5)). The mount-point argument is the pathname of the directory where the filesystem is mounted. The filesystem must be mounted to be grown (see mount(8)). The existing contents of the filesystem are undisturbed, and the added space becomes available for additional file storage.

863 man xfs_info
xfs_info is equivalent to invoking xfs_growfs with the -n option (see discussion below).

865 man xfs_repair
xfs_repair repairs corrupt or damaged XFS filesystems (see xfs(5)). The filesystem is specified using the device argument which should be the device name of the disk partition or volume containing the filesystem. If given the name of a block device, xfs_repair will attempt to find the raw device associated with the specified block device and will use the raw device instead. Regardless, the filesystem to be repaired must be unmounted, otherwise, the resulting filesystem may be inconsistent or corrupt.

870 man mkfs.vfat
mkfs.fat is used to create an MS-DOS filesystem under Linux on a device (usually a disk partition). device is the special file correspond‐ing to the device (e.g /dev/hdXX). block-count is the number of blocks on the device. If omitted, mkfs.fat automatically determines the filesystem size.

874 man blkid
The blkid program is the command-line interface to working with the libblkid(3) library. It can determine the type of content (e.g. filesystem or swap) that a block device holds, and also the attributes (tokens, NAME=value pairs) from the content metadata (e.g. LABEL or UUID fields).

878 man df
df displays the amount of disk space available on the file system containing each file
name argument. If no file name is given, the space available on all currently mounted file systems is shown. Disk space is shown in 1K blocks by default, unless the environment variable POSIXLY_CORRECT is set, in which case 512-byte blocks are used.

882 df
883 du

884 man du
du – Summarize disk usage of each FILE, recursively for directories.

886 man findmnt
findmnt will list all mounted filesytems or search for a filesystem. The findmnt command is able to search in /etc/fstab, /etc/mtab or /proc/self/mountinfo. If device or mountpoint is not given, all filesystems are shown.

889 findmnt

890 man fuser
fuser displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access:
c current directory.
e executable being run.
f open file. f is omitted in default display mode.
F open file for writing. F is omitted in default display mode.
r root directory.
m mmap’ed file or shared library.

899 man mount
mount command – All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the filesystem found on some device to the big file tree. Conversely, the umount(8) command will detach it again.

903 man umount
umount – The umount command detaches the file system(s) mentioned from the file hierarchy.
You can customize mount operation by giving some parameters and options such as async: allow async I/O operation, acl: to support ACL (facl: getfacl, setfacl), users: allow all users to mount exec:noexec: permit/deny execution of binary files, ro:read only suid/nosuid: allow/disallow setuid operation user/nouser: allow/disallow a normal user to mount the file system remount: remount an already existing filesystem,

_netdev: network connectivity is a must before mounting, owner: allow the file system owner to mount dev/nodev: allow/disallow device files on the file system, defaults: accept all defaults (async, auto, dev, exec, nouser, rw, suid), auto: support auto mounting when -a option is used for mount command

note: mount -a will mount all filesystems mentioned in /etc/fstab
umount -a : everything mentioned in fstab will be unmounted. provided auto was there for the mount operation. auto is default parameter for mount command

blkid : gives you UUID for partitions/file systems. you can use UUID in /etc/fstab – usually is a good practice. because if you use /dev/sda /dev/sdb in the /etc/fstab – that might not work always because that can change depending on what storage device to add or remove to the system.
909 blkid
910 xfs_admin -u
911 xfs_admin -u /dev/sda
912 xfs_admin -u /dev/sda1
913 xfs_admin -u /dev/sdc1
914 xfs_admin -u device/partition : will also give UUID for that partition

915 blkid /dev/sdb
916 blkid /dev/sdc1
917 blkid
918 you can also create a label for a partition/file-system and use that in the /etc/fstab file
919 xfs_admin -l /dev/sdc1
920 xfs_admin -l /dev/sda
921 lsblk

926 lsblk
927 df -h
to create a label: xfs_admin -L testpartition /dev/sdc1
929 xfs_admin -L testpartition /dev/sdc1
930 then you can use testpartition in the /etc/fstab file

xfs_admin : -l shows label, -L creates label

932 cat /etc/fstab
933 the default format in the /etc/fstab file
934 /dev/mapper/cl-root / xfs defaults 0 0

device   mount-point file-system defaults/options-you-want(auto, rw, defaults, async) dump-or-not-for-dump-command scan-sequence-for-fsck

UUID and Label cab be used for the device/first parameter on /etc/fstab file

941 vim /etc/fstab
examples:

/dev/mapper/cl-root / xfs defaults 0 0

UUID=45213437-3dcf-4ee7-b6b7-26c37e2a82d7 /boot xfs defaults 0 0

/dev/mapper/cl-swap swap swap defaults 0 0

/dev/sdb1 /mnt ext2 defaults 0 0

947 df -h: disk free : check usage
948 df -h

partiton exercise
950 parted /dev/sdb mklabel msdos
951 parted /dev/sdb mkpart 1 101MB
952 parted /dev/sdb mkpart primary 1 101MB
953 parted /dev/sdb print
954 parted /dev/sdb mkpart primary 101 201MB
955 parted /dev/sdb print

956 mke2fs -t ext3 /dev/sdb2
957 mkfs.xfs /dev/sdb1

958 blkid
959 xfs_admin -L testlabel /dev/sdb1

960 vim /etc/fstab
961 mkdir -p /disks/sdb1

962 mount -a
963 vim /etc/fstab
964 mount -a
965 blkid
966 vim /etc/fstab
967 mount -a
968 umount -a
969 mount -a
970 cat /etc/fstab

971 example of using label on /etc/fstab
972 LABEL=”testlabel” /disks/sdb1 xfs defaults 0 1

973 xfs_repair /dev/sdb1

974 umount /dev/sdb1
975 xfs_repair /dev/sdb1
976 xfs_repair : requires the file system to be unmounted

you can use nfs-utils to mount/unmount remote file systems
978 yum -y install nfs-utils
979 mkdir /disks/nfs-pc2

the format in the /etc/fstab file can be
981 192.168.10.15:/folder/fs-to-share-remotely /disks/nfs-pc2 nfs _netdev 0 0

check that I used: nfs as the file system
For options: I used _netdev because this is network devie and network connectivity is a must for this mounting operation

to mount cd-drive on redhat/centos/fedora
985 mount /dev/sr0 /mnt
df -h can show you the cdrom device. for me it was: /dev/sr0

987 df -h
you could use -t with mount command to give file system. However, for CD the default works fine
for NFS to mount using commands

mount -t nfs 192.168.1.15:/folder-or-fs-to-share-remotely /mount-point-on-our-system-like-/disks/nfs/pc2-share

you can also mount samba file system as well

Users and Groups management in Linux (Redhat/CentOS/Fedora)

Target Audience: Technical people who knew or already know (to some extent) – just wanna review

Yes, from my history

622 echo “dec 25th, 2017 – sayed”

User and password related files

623 cat /etc/passwd
624 cat /etc/shadow
625 cat /etc/group
626 cat /etc/gshadow

There are some backup files for them as well
629 cat /etc/passwd-
630 cat /etc/group-
631 cat /etc/shadow-
632 cat /etc/shadow-
633 cat /etc/gshadow-

try to understand the format of the passwd, shadow, and group files

passwd file format: userid: password – or password space holder:user id: group id: comments: user home directory: user shell

shadow file format: userid : encrypted password: password last changed in timestamp format: min days – min days the password must be ket before changing: max days – max days the current password can be kept: warn days – user will get warning to change password: inactive days – how many inactive days allowed: disable days – account expiry date: not used field – kept for future use

cat /etc/group

format for /etc/group file: group name: password place holder: group id: group members – comma seprated

cat /etc/gshadow

gshadow file format: group name: encrypted group password: group admins: group members

why group password? when we want to restrict users to  assign them to the groups

cat /etc/login.defs
647 vim /etc/login.defs
648 /etc/login.defs : defines default values for users and groups – some of these values are used at the time of user and group creation and modifications – i.e. some values are taken from this file (when not specified at creation/modification time)

649 pwck checks for integrity among user/permission related files
650 pwck
651 grpck

653 vipw -> passwd file: lock for others and read-only for others. admins use this command

655 cat /etc/sudoers
656 users or groups can be defined in /etc/sudoers file who can run commands with su or sudo
657 vim /etc/sudoers

658 su user1 (switch user)
659 usermod -G wheel user1  (assign users to groups)
660 user1 is added to wheel group. wheel is a sudo group
661 su user1

Graphical user management tool:

662 system-config-users

663 managing groups
664 groupadd, groupmod, groupdel
665 groupadd -g 5000 linuxadm
666 groupadd -o -g 5000 sales
667 groupmod -n mgmt sales
668 groupmod -g 6000 linuxadm
669 usermod -a -G linuxadm user1

672 id user1
673 su user1
674 groupdel mgmt
675 gpasswd -> add admins to groups, group password assign/change, add users to groups and similar
676 gpasswd -A user1, user20new linuxadm

681 gpasswd -a user20new, user1 linuxadm

684 su user20new

Needed some adjustments for the user: user20new, it was locked,  shell was assigned to /sbin/nologin
685 usermod -U user20new (unlock user)
686 gpasswd -a user20new, user1 linuxadm
687 grep user20new /etc/passwd
688 usermod -s /bin/sh user20new
689 gpasswd -a user20new, user1 linuxadm
690 grep user20new /etc/passwd
691 cat /etc/passwd
692 usermod -s /bin/bash user20new
693 su user20new

694 gpasswd -a user20new, user1 linuxadm
696 su – user20new
697 su user1
699 su –

713 vipw
714 ls /etc/passwd.edit
715 pwck
716 grpchk
717 grpck
719 vigr
720 vigr -s

//enable disable shadow files

721 pwconv
722 cat /etc/passwd
723 pwunconv
724 cat /etc/passwd
725 pwunconv : do not use shadow file : move passwords back to passwd file
726 pwconv
727 cat /etc/passwd
728 grpconv
729 grpunconv
730 cat /etc/gshadow
731 cat /etc/group
732 grpconv
733 cat /etc/gshadow

cat in the above lines was to check – if the changes wee done or not

734 user related commands: useradd, usermod, userdel, chage, passwd
735 cat /etc/default/useradd
736 cat /etc/login.defs

See defaults
738 useradd -D
739 change default user home directory location
740 useradd -D -b /usr/home
741 useradd -D
742 useradd -D -b /home
743 useradd -D
744 useradd -D -b /usr/home

745 grep ^# /etc/login.defs
746 grep -v ^# /etc/login.defs
747 grep -v ^# /etc/login.defs > show-lines-from-login.defs-that-does-not-start-with-#–comment lines will not be shown
748 grep -v ^# /etc/login.defs | grep -v ^$
749 grep -v ^# /etc/login.defs
750 grep -v ^# /etc/login.defs | grep -v ^$

751 useradd user2
752 mkdir -p /usr/home
753 useradd user2
754 useradd user20
755 passwd user20
756 cd /etc; grep user20 passwd shadow group gshadow
757 useradd -u 5000 -g 5000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
758 useradd -u 5000 -g 1000 -m -d /home/user30 -k /etc/skel -s /bin/bash user30
759 create user with no login: just point shells to no login
760 useradd -s /sbin/nologin user40
761 su – user40
762 su user40

changing: min days, max days, expiry, and password

763 passwd -n 7 -x 28 -w 8 user20
764 chage -l user20
765 chage -m 10 -M 30 -W 7 -E 2017-12-31 user30
766 chage -l user30

767 modifying users
768 usermod -u 2000 -m -d /home/user20new -s /sbin/nologin -l user20new user20
769 grep user20new /etc/passwd
770 chage -l user30
771 chage -l user20
772 chage -l user20new
773 chage -d 0 -m 5 -E -1 user30
774 chage -l user30

775 lock a user
776 usermod -L user20
777 usermod -L user20new

778 userdel -r user30
781 usermod -U user20new

782 su user1
784 usermod -U user20new

//assign users to groups

785 gpasswd -a user20new linuxadm
786 gpasswd -a user1 linuxadm

787 useradd user4
788 passwd user4
789 gpasswd -M user4 linuxadm

791 cat /etc/group
792 gpasswd -M : replace existing group members with the new user assigned
793 set group password
794 gpasswd linuxadm
795 groups
796 su user4

800 su user4
801 newgrp the user can execute this to change primary group

802 important shell startup files : /etc/bashrc /etc/profile /etc/profile.d

598 echo “dec 24th, 2017”
599 echo “NTP Client”
600 yum list ntp
601 yum list installed |grep ntp

602 To activate ntp
603 yum -y install ntp system-config-date
604 cat /etc/ntp.conf
605 grep ^server /etc/ntp.conf

606 systemctl restart ntpd
607 systemctl enable ntpd
608 systemctl start ntpd

609 ntpq -p

612 nmtui
613 ip addr

619 system-config-date
620 system-config-authentication

echo “Dec 24th, 2017”
532 echo “Basic Networking in Linux”
533 hostname
534 uname -a
535 uname -n
536 cat /etc/hostname
537 nmcli general hostname
538 changing hostname temporarily
539 hostname server10.example.com
540 for permanent change
541 hostnamectl set-hostname server100.example.com
542 or change /etc/hostname file
543 vim /etc/hostname
544 restart systemctl
545 systemctl restart systemd-hostnamed
546 systemctl restart systemd-hostnamed.service
547 echo “IPV4 addresses”
548 ip addr
549 cat /etc/protocols
550 ip neighbor
551 yum install arp*
552 cat /etc/services
553 cat /etc/protocols
554 ip neighbor
555 interface configuration files
556 cat /etc/sysconfig/network-scripts/
557 ll /etc/sysconfig/network-scripts/
558 ll /etc/sysconfig/network-scripts/ifcfg-*
559 you can change parameters for the interface config files
560 ll /etc/sysconfig/network-scripts/ifcfg-ens33
561 cat /etc/sysconfig/network-scripts/ifcfg-ens33
562 name and IP conversion. /etc/hosts – DNS is the system to do this.
563 interface stop and start
564 ifdown ens33; ifup ens33
565 cat /etc/default/grub
566 it used to be eth0 eth1, now default is ens
567 you can change that using some config changes
568 ip
569 nm-connection-editor
570 nm-connection-editor is graphical nmtui is text based – not command line but text based interface
571 nmtui is command line based. nmtui is text-based interface based
572 nmcli
573 nmcli device show
574 nm-connection-editor
586 to set ipv4 address – one example

589 ip addr add 192.168.0.111/24 broadcast 192.168.0.255 dev ens33
590 ip addr
591 ip addr add 192.168.0.111/24 broadcast 192.168.0.255 dev eth1
592 ls
593 systemctl status NetworkManager
594 nmcli con show
595 nmcli dev status
596 exit
597 history

TCP Wrappers in Linux/CentOS/Redhat/Fedora

yum info tcp_wrappers

yum install tcp_wrappers-devel.x86_64
506 reboot
507 ifdown ens33
508 ifup ens33
509 yum install tcp_wrappers-devel.x86_64
510 yum -y install tcp_wrappers-devel.x86_64
511 ls /var/ftp/pub/Packages/
512 ls /etc/yum.repos.d/local.repo
513 vim /etc/yum.repos.d/local.repo
514 systemctl status vsftpd
515 systemctl start vsftpd
516 systemctl enable vsftpd
517 yum -y install tcp_wrappers-devel.x86_64
518 cat /etc/hosts.allow
519 cat /etc/hosts.deny
520 two config files as above. hosts.allow will be consulted first and then hosts.deny is consulted
521 the format of the file content: service: user@source pc
522 service examples: All, All Except, sshd, vsftpd, sshd. multiple services can be given in one line with commas
523 user@source pc examples can be: All, just an IP, 192.168.1.1 Local, subnet: 192.168.0.0/24, network address with except host like: 192.168.0 except 192.168.0.25. multiple host can be given – comma separated. user1@192.168.1.1
524 the above content will serve the purpose of the file. if the content is found on the allow file – that services and user and pc will be allowed. if the content is written in the .deny file – corresponding user, service, pc will be denied
525 exit
526 history