Some Sample Configuration Items you Could Do
First log in using the graphical interface.
Press, "alt-ctrl-F2" - This give you a text terminal. You are still running at init level 5.
Login as "root"
Type "init 3"
Now, if you wanted to you could set your PCs up (manually) to have a static IP address. We'll also go over another way to change your default keyboard settings.
Below is a sample static IP. You should adjust these numbers based on your classroom's network. Your instructor will give you this information if needed.
To create a static IP address do:
cd /etc/sysconfig/network-scripts/In this file we're going to specify data for your eth0 network device. We'll turn off the use of DHCO for this device as well:
vi ifcfg-eth0
USERCTL=no PEERDNS=yes DEVICE=eth0 BOOTPROTO=none ONBOOT=yes TYPE=Ethernet IPADDR=192.188.58.xx NETMASK=255.255.255.224 GATEWAY=192.188.58.65 NETWORK=192.188.58.64 BROADCAST=192.188.58.95
Where it says "xx" use your machine's address.
If you want to change your keyboard to work in terminals do the following:
vi /etc/sysconfig/keyboardIn this file change the line that reads 'KEYTABLE="us"' to 'KEYTABLE="uk"' - Save the file (:wq), and, next:
service keytable onNow you would have an UK english keyboard.
1.) Partitions
First login as your user:
Now, in a terminal/shell let's look at the partitions. Type:
dfWhat difference did you see between "df" and "df -h". And, where do you see how much swap you have?
df -h
cat /etc/swapsYou might imagine that the "top" command uses the interface to /proc/swaps for some of the information it displays. We'll talk about /proc a bit later.
top ("q" to exit)
If you wish to see the stat of your partitions there are two graphical tools for this. First, like vi, the most common tool, but a bit difficult to use is "fdisk" - To use this type:
sudo fdiskTo view your partition table press "p".
The fdisk, and soon cfdisk, are privileged commands. They must be run as root. If you have cfdisk installed it's a bit easier to use.
2.) Mounting filesystems
First see what you have in /etc/fstab (and, why do we use "cat" and not "more" or "less"?).
cat /etc/fstabNow, spend some time reading about what's in this file:
man fstabNow we'll use the power of Linux to create a file system and to mount it as we wish. First we are going to create an ISO image (ISO9660 that can be burnt to a compact disc). Just to note, this is a contrived exercise. We are using the commadn "mkisofs" for this. If you read "man mkisofs" you'll see it's quite involved:
man mount
man fs
cd /usr/srcThe command will take a bit to finish. When it's done we are going to create a place where we can mount the newly created filesystem and view it:
mkisofs -o /tmp/kernel-2.6.5-1.358.iso -v -l -L -allow-lowercase linux-2.6.5-1.358
sudo mkdir /mnt/kernelNow go to /mnt/kernel and see what's there. All the files and directories that exist (and are still there) in /usr/src/linux-2.6.5-1.358 are visible, but they are under /mnt/kernel, but they are really in the file /tmp/kernel-2.6.5.1-358, that really represents an ISO9660 filesystem which is the standard for compact discs... It's a pretty neat trick.
ls /mnt/kernel (should be nothing)
mount -o loop /tmp/kernel-2.6.5-1.358.iso /mnt/kernel
What happens if you always want the files in /tmp/kernel-2.6.5-1.358 to be available? This is a common trick. For instance, if you have multiple CD images (like Fedora Core 2 with 4 CDs) that you want visible to an FTP server you can simply mount them to an FTP directory or directories for quick access...
Now to make it so that this file system is always available you have to place an entry for it in the /etc/fstab file that describe how to moun the file /tmp/kernel-2.6.5-1.358 every time your machine start. The format of /etc/fstab looks a bit complicated, but there is a trick. Look at the entries in /etc/mtab... Here you'll find the format you need for /etc/fstab. So, do this:
cat /etc/mtabAnd, copy the texto:
/tmp/kernel-2.6.5-1.358.iso /mnt/kernel iso9660 rw,loop=/dev/loop0 0 0and place it at the end of the file /etc/fstab. Don't place it at the top as it's necessary to have the partitions that have your mount point (/mnt/kernel) mounted before you try to mount your ISO image file.
If you want to make sure that the format is correct in /etc/fstat run the command:
mount -aWhich mounts everything in /etc/fstab and verifies the format as well. Use the command "df" or "df -h" to see how your partition appears to your system.
3.) Permissions and files*
*Reference: Shah, Steve, "Linux Administration: A Beginner's Guide", 2nd. ed., Osborne press, New York, NY.
If you look at files in a directory using "ls -al" you will see the permissions that each file and directory has. Here's an example:
drwxrwxr-x 3 hervey hervey 4096 Feb 25 09:49 directory -rwxr--r-- 12 hervey hervey 4096 Feb 16 05:02 file2
The column on the left is what is important. You can imagine it like this:
Type User Group World links owner group size date hour name d rwx rwx r-x 3 hervey hervey 4096 Feb 25 09:49 directory - rwx r r 12 hervey hervey 4096 Feb 16 05:02 file2
Thus, the directory has access r (read), w (write), and x (eXecute) for the user, group, and for the world it has read (r) and execute (x). The file "file2" has a bit less access with only read (r) permitted for the world (all users on the system) and read for the group "hervey" as well.
To change permissionsn you use the "chmod" command. chmod uses an octal (base 8) system to configure permissions, or you can use a different form specifying one column of permissions at a time:
Permissions have values like this:
Letter Permission Value R Read 4 W Write 2 X Execute 1
Thus, you can give permission to a file using the sum of the columns for each type of permission you wish to give. Here's an example:
Lettter Permission Value --- None 0 r-- Read only 4 rw- Read and write 6 rwx Read, write, and execute 7 r-x Read and execute 5 --x Execute 1
This is one column. Thus, to give all the combinations you need a table like this:
Permission Numeric Description
equivalent
-rw------- 600 owner has read and write permission.
-rw-r--r-- 644 owner has read and write permission
group and world have read permission
-rw-rw-rw- 666 everyone (owner, group, world) have
read and write permission (dangerous).
-rwx------ 700 owner has read, write, and execute permission.
-rwxr-xr-x 755 owner has reasd, write, and execute permission.
rest of the world has read and execute permission.
(typical for web pages, or 644).
-rwxrwxrwx 777 everyone has full access (read, write, execute).
-rwx--x--x 711 owner has read, write, and execute permission.
group and world have execute permission.
drwx------ 700 only the owner has access to this directory and
all directories require an "x" be present.
drwxr-xr-x 755 ownerhas all access to the directory. everyone else
can see contents of the directory.
drwx--x--x 711 everyone can read the files in the directory, but
you have to know the names because it's not readable.
Now let's practice with permissions. As a normal user do:
cd (what does the "cd" command by itself do?)In spite of the fact that the file has no write permission for the owner, the owner can still change the permissions on the file.
echo "test file" > read.txt
chmod 444 read.txt
chmod 744 read.txtOr, you can do this using this form of chmod:
chmod u+w read.txtThe forms of chmod to add permissions, if you don't use numbers are:
chmod u+r, chmod u+w, chmod u+x
chmod g+r, chmod g+w, chmod g+x
chmod a+r, chmod a+w, chmod a+x
Note that "a+4 is for the world. The "a" is for "all".
Now change the file so that the owner cannot read it, but they can write to the file:
chmod u-r read.txtOr, you can do something like this:
chmod 344 read.txtYou've probably noticed that you can use the "-" to remove permissions as well.
Finally, the concept that when you execute a file, normally, it executes with the permissions of the person who runs the command. For example, if the user "angela" types "netstat", the program "netstat" runs with their privileges. But, if you need that netstat always runs with permissions of the owner of the file, or of the group that the file belongs to, then you can configure the "SetUID" (SUID) or the "SetGID" (SGID) bits. One does this with the "chmod" command. And, careful with this as it can be a bad idea from a security viewpoint.
To do this add a "4" to the chmod octal setting to set the SUID bit, and a "2" to set the SGID bit.
For example you could do:
chmod 4755 /bin/netstatNaturally you would have to be root to do this, or use the "sudo" command.
And, to set the SGID it would be:
chmod 2755 /bin/netstatAfter you do the command "sudo chmod 4755 /bin/netstat" the file permissions look like this:
-rwsr-xr-x 1 root root 85240 Feb 11 2003 /bin/netstat
Note the "s" in the owner column.
And, after the command "sudo chmod 2755 /bin/nestat" looks like this.
-rwxr-sr-x 1 root root 85240 Feb 11 2003 /bin/netstat
Note the "s" in the group column.
4.) Using /etc/hosts
If you look in the file /etc/hosts (cat /etc/hosts) you will that the name "localhost" and "localhost.localdomain" are connected to the IP address 127.0.0.1. This is a standard convention for IP networks. In our classroom we have a server with an IP address (to be given in clasee), but we don't have a name for it (yet). Thus, in order to access this box (for example, to get an RPM using ftp) you have to type the machine's IP address each time. We can use the /etc/hosts file to make our lives a bit easier during the week. We'll just name our server "noc" for (Network Operations Center). So, in our /etc/hosts file is you add a line that reads like this:
("nnn.nnn.nnn.nnn" is the IP address of our server). Note that it's not necessary, in this case, to include the full domain name. So, now instead of typing something like:nnn.nnn.nnn.nnn noc noc
lynx 192.188.58.126to see the server in the classroom you can just type:
lynx noc
5.) Modules
This is short, but it's good to know. You can manipulate modules that support hardware that are loaded in memory. For example, to see what's loaded do:
lsmodAnd, if you wish to eliminate a module from memory you use "rmmod". If you are experimenting with modules and a new piece of hardware you can use the "insmod" command as well.
First look in the file /etc/modprobe.conf, and after read about this file (man modprobe.conf).
Fedora Core 2 has an updated modules system that comes with kernel version 2.6. For instance, module definitions now reside in /etc/modprobe.conf instead of /etc/modules.conf.
Hervey Allen