LAB 02 - Terminals, directories, files, general config, users, groups, ownership, ACLs

From JaxHax
Jump to: navigation, search

Virtual Terminals vs GUI Terminals

Virtual terminals or TTYs are accessed by <alt> F2 - F6, or if you are in X: <ctrl><alt> F2 - F6, X runs on the F1 terminal

GUI terminals come in a variety of flavors. GNOME Terminal is the one installed by the default desktop option and is a good option in the CentOS environment.

Terminals start with the Bash shell by default (or different if your user's shell is non-default)

Directory manipulation and file/directory permissions

Relative paths vs Absolute paths:
if in the directory /home/dan and looking at the file or directory named foo (/home/dan/foo)
foo or ./foo is the relative path, as it is relative to where you are in the filesystem
/home/dan/foo is the absolute path, as it is NOT relative to where you are in the filesystem

Directory structure navigation and manipulation:

[dan@test01 ~]$ ls ## get a directory listing, currently in ~ directory, which means home for user dan or /home/dan
Desktop  Documents  Downloads  Music  Pictures  Public  Templates  Videos
[dan@test01 ~]$ ls -lh ## gets a long listing, human readable (the sizes)
total 32K
## mode | hardlinks | owner | group | size | modified date | name ## see defn below
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Desktop
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Documents
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Downloads
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Music
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Pictures
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Public
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Templates
drwxr-xr-x. 2 dan dan 4.0K Nov 14 12:40 Videos
[dan@test01 ~]$ mkdir lab02 ## make a directory named lab02
[dan@test01 ~]$ ls -ld lab02 ## get a ls -l on the actual directory lab02 opposed to its contents which you could get by doing ls -l
drwxrwxr-x. 2 dan dan 4096 Nov 14 14:18 lab02
[dan@test01 ~]$ cd lab02 ## change directory to lab02
[dan@test01 lab02]$ pwd ## check out where we are, now in lab02
/home/dan/lab02
[dan@test01 lab02]$ ls -al ## get a new full listing, note the . (current directory /home/dan/lab02) and .. (parent directory /home/dan)
total 8
drwxrwxr-x.  2 dan dan 4096 Nov 14 14:18 .
drwx------. 22 dan dan 4096 Nov 14 14:18 ..
[dan@test01 lab02]$ mkdir -p foo/bar ## mkdir with the parent option, makes foo/bar
[dan@test01 lab02]$ ls -R ## get a recursive ls
.: ## here is the stuff that resides in the current directory
foo
 
./foo: ## here is a listing of the directory we created, notice the bar directory under it
bar
 
./foo/bar: ## here is the bar directory, also created with the mkdir -p, note that it is empty

chmod octals: each number in the octal (as used above) have a definition, the command is as such: chmod (a)(b)(c) file: (a) is the user (b) is the group (c) is the other users on the system the numbers associated with this are 0 - 7 and are compiled as such: r (Read) = value of 4 w (Write) = value of 2 x (eXecute) = value of 1 so a number of 7 would be r+w+x, a value of 5 would yeild r+x but not w

Definition of directory listing terms:

  • Mode:

This is the dwrxrwxrwx+ section which we will break up to 1(d) 2(rwx) 3(rwx) 4(rwx) 5(+)
1: this is the file definition, d = directory, c = character device, b = block device, - = file
2: this is the user section, r = read, w = write, x = execute
3: this is the group section, r = read, w = write, x = execute
4: this is the other section (everyone not defined by user/group), r = read, w = write, x = execute
5: this is the extended attribute section, + means you have extended attributes.

  • Hardlinks:

Hardlinks are the number of filesystem links that point at a particular data node, so the 2's you see mean there are two links, for a directory it would be the parent marker (such as /home/dan/foo) and then the self-referencing . inside the directory (/home/dan/foo/.), as you add directories, this number will go up, you can also make hardlinks, which will be discussed later.

  • Owner:

This is the user that owns the directory or file

  • Group:

This is the group that owns the directory of file

  • Size:

In the example above, the -h allows for human readable, and thus will pick the most appropriate size category (P/T/G/M/K/B) and display the size of the file or directory.

  • Modified date:

This is the last time that the file or directory has been changed

  • Name:

This is the name of the directory or file

Additional information on filesystem permissions

File listing, creation, investigation, overwriting, appending, removing, editing, ownership, ACLs, umask

Creating files and modifying modes and system umask:

[dan@test01 lab02]$ touch file  ## to create a file, you can simply 'touch' it, or redirect something to a file that does not exist and it gets created
[dan@test01 lab02]$ ls -lha ## again, listing, long, human readable, all
total 12K
drwxrwxr-x.  3 dan dan 4.0K Nov 14 15:54 .
drwx------. 22 dan dan 4.0K Nov 14 14:18 ..
-rw-rw-r--.  1 dan dan    0 Nov 14 15:54 file  ## notice that the file and the directory have different modes, files have -1 to all umask calls
drwxrwxr-x.  3 dan dan 4.0K Nov 14 14:18 foo
[dan@test01 lab02]$ umask ## lets change the umask and check out what happens
0002
[dan@test01 lab02]$ umask 0027 ## umasks are subtractions of modes, so 0777 changes to 0775 in the previous setting, and 0750 in the new one defined here
[dan@test01 lab02]$ umask ## check that it has changed
0027
[dan@test01 lab02]$ touch file2 ## touch a new file
[dan@test01 lab02]$ ls -lh
total 4.0K
-rw-rw-r--. 1 dan dan    0 Nov 14 15:54 file
-rw-r-----. 1 dan dan    0 Nov 14 15:56 file2 ## notice that file2 is different then file 1, because the umask was different when it was created
drwxrwxr-x. 3 dan dan 4.0K Nov 14 14:18 foo
[dan@test01 lab02]$ chmod 755 file2 ## now lets change file2 to 755
[dan@test01 lab02]$ ls -lh
total 4.0K
-rw-rw-r--. 1 dan dan    0 Nov 14 15:54 file
-rwxr-xr-x. 1 dan dan    0 Nov 14 15:56 file2 ## note that it changed
drwxrwxr-x. 3 dan dan 4.0K Nov 14 14:18 foo

Overwriting, appending content to files:

[dan@test01 lab02]$ echo "this is example output" > file2 ## this is an example of a redirect, putting contents into a file (new or existing).  A single > overwrites
[dan@test01 lab02]$ cat file2 ## cat or concatenate will output the contents of a file, be cautious, it will display binary files and garbage up your terminal.
this is example output
[dan@test01 lab02]$ echo "this is different output" > file2 ## an example of overwrite
[dan@test01 lab02]$ cat file2
this is different output
[dan@test01 lab02]$ echo "append content" >> file2 ## >> will append to the file, below we can see it appending to the file we've been overwriting
[dan@test01 lab02]$ cat file2
this is different output
append content

Removing or zeroing files:

[dan@test01 lab02]$ rm file ## the rm or 'remove' command will remove a file, note below that file is gone
[dan@test01 lab02]$ ls -lh
total 8.0K
-rwxr-xr-x. 1 dan dan   40 Nov 14 15:57 file2
drwxrwxr-x. 3 dan dan 4.0K Nov 14 14:18 foo
[dan@test01 lab02]$ > file2 ## a single redirect will overwrite file2 with nothing, notice the size difference between the ls before and after this statement.
[dan@test01 lab02]$ ls -lh
total 4.0K
-rwxr-xr-x. 1 dan dan    0 Nov 14 16:04 file2
drwxrwxr-x. 3 dan dan 4.0K Nov 14 14:18 foo

Filesytem ACLs:

[dan@test01 lab02]$ getfacl file2 ## filesystem ACLs or facl is a way of modifing extended atributes to files, getfacl allows us to see the current ACL settings
# file: file2
# owner: dan
# group: dan
user::rwx
group::r-x
other::r-x
[dan@test01 lab02]$ setfacl -m u:ronnie:rwx file2 ## setfacl allows us to, in this case, modify the ACL, and give user 'ronnie' special permissions, in this case rwx
[dan@test01 lab02]$ getfacl file2 ## and here we can see the change has taken effect
# file: file2
# owner: dan
# group: dan
user::rwx
user:ronnie:rwx ## right here
group::r-x
mask::rwx
other::r-x

Core configuration file area and important files

  • /etc/passwd:

This file has user data and is one of the most important files on the machine. It contains user data (demonstrated below) but does not contain the password (unlike what it's name suggests. The password used to be contained in this file but as trust of users diminished, it was moved to the shadow file, which is protected from users prying eyes. Anyone on the system is able to read, but not write to, /etc/passwd
Line below is an example user line in the /etc/passwd file with a description below it.
testuser:x:502:502:Test User is a LUser:/home/testuser:/bin/bash

testuser this is the user's username
x this is where the password used to be stored, the x signifies to look at the shadow file for this data
502 (first one) UID or User ID, the number the user is associated with, the filesystem knows the user as a number and references this file for displaying it in say ls -l
502 (second one) GID or Group ID, the number the group is associated with, the filesystem knows this group as a number and references /etc/group for displaying the friendly name
Test User is a LUser Comment - say fun things about the user, many times like in GDM (gnome display manager, the thing that proceeds the desktop login) will display this as the user's full name
/home/testuser User's Home directory - where the user puts all their stuff, even settings
/bin/bash User's Shell - can be many things, /bin/bash, /bin/sh, /bin/ksh, /bin/csh, /bin/mud, /bin/false (the last one is special, will not let the user login via ssh or start a shell)


  • /etc/shadow:

This file has hashed user password data and is associated to the passwd file by default. Example line below: testuser:$6$96Ri9Zc7$wOVSuIxp8/ep1NlUwp/UHYLaeGVWWoONZgvrHdWzDT27elDQW1sAcK1uK0YeZsLb1No8IMfCXpxhaXjVuuxBz1:16023:0:99999:7:::

testuser username of user
$6$96Ri9Zc7$wOVSuIxp8/ep1NlUwp/UHYLaeGVWWoONZgvrHdWzDT27elDQW1sAcK1uK0YeZsLb1No8IMfCXpxhaXjVuuxBz1 user's password (encrypted)
16023 last time password was changed (days since 1/1/1970)
0 minimum number of days between password changes
99999 maximum number of days the password is valid until the user is forced to change
7 number of days before password expiration that the user gets a warning
blank number of days after a password expires the account is disabled
blank number of days since 1/1/1970 that the account is disabled (for absolute dates)


  • /etc/group:

The group file defines groups. Groups are collections of users that may share permissions on files, programs, or other content.
testuser:x:502:

testuser name of the group
x generally unused, password for the group and can be stored encrypted
502 GID or Group ID, number associated with this group on the filesystem
blank secondary group user list, users listed here have this not as their primary, but secondary groups and can inherit its privilages


  • /etc/hosts:

This file is the local definition to host entries
10.10.10.10 servername.example.com servername alias

10.10.10.10 ip of machine you are defining, can be local box, or any other box.
servername.example.com if defining localhost server, usually wise do put the FQDN (fully qualified domain name) as the first entry

the machine will take this as it's name if it is the ip assigned to the name

servername usually nice to give the short name of the server as well, so you can just talk to it using the name instead of the FQDN
alias you can string other names, for instance if your building a website, you can put this as your localhost or some alternate ip so you can test the build and action of the webserver/website


  • /etc/nsswitch.conf:

This file configures the name service, associated with /etc/hosts and /etc/resolv.conf, in RHCSA level material, you will not need to edit this file but it will be explained in lab.


  • /etc/resolv.conf:

This file contains the DNS (Domain Name Server) server IPs as well as domain information and search information

domain example.com
search foo.example.com bar.example.com example.com
nameserver xx.xx.xx.xx
nameserver xx.xx.xx.xx
domain example.com this is the domain that you server resides on
search foo... these are the search domains, if you say `ping server1`, it would search for server1.foo.example.com, server1.bar.example.com and server1.example.com before returning failure
nameserver xx.xx.xx.xx these are your DNS servers provided by your local network, DNS should always use 2 servers by design, but is not 100% necessary, but you should still specify 2


  • /etc/sysconfig directory:

This directory has configuration files that deal with RedHat tools and configuration assistance items and will be discussed in short in the lab.

[root@test01 sysconfig]# ls
atd         console    init              iptables-config  netconsole       ntpdate        sandbox                 system-config-firewall.old
auditd      crond      ip6tables         iptables.old     network          raid-check     saslauthd               system-config-users
authconfig  firstboot  ip6tables-config  kernel           networking       readonly-root  selinux                 udev
cbq         grub       ip6tables.old     keyboard         network-scripts  rsyslog        sshd                    wpa_supplicant
clock       i18n       iptables          modules          ntpd             samba          system-config-firewall

User Group association

Users are associated on the filesystem and to the kernel in the way of a UID or User ID, which you have seen in the /etc/passwd and /etc/shadow file explanation above

Groups are associated on the filesystem and to the kernel in the way of a GID or Group ID, which you have seen in the /etc/group file explanation above