linux - dianaclarke/openstack-notes GitHub Wiki
- Turn the effing beep off! In
/etc/inputrc:
set bell-style none
- 30 days from now:
$ date -d +30days
Mon Nov 16 16:22:32 CST 2015
- Expansion:
$ mv foo.patch foo_$(date +%F).patch
$ ls foo*
foo_2015-10-17.patch
$ touch foo_{1..3}
$ ls foo*
foo_1 foo_2 foo_3
- Redirection:
$ ./foo.sh 2> stderr.txt
$ ./foo.sh &> both.txt (these are equivalent)
$ ./foo.sh > both.txt 2>&1 (these are equivalent)
- Files involved in user and group management:
/etc/login.defs (uid/gid ranges, password expiry config, etc)
/etc/passwd (uid to user mapping, home dir, shell)
/etc/group (gid to group mapping)
/etc/sudoers (sudo config)
/etc/shadow (hashed password, password expiry, etc)
/etc/skel/ (files to copy to home dirs on user creation)
- Commands to manage users and groups:
# id diana
# passwd diana
# useradd diana
# groupadd -g 5000 developers
# usermod -aG wheel diana
# groupmod -n old_name new_name
# userdel -r diana (-r removes home dir too)
# groupdel developers
- Password ageing & account expiry:
# chage -l diana (list current settings)
# chage -d 0 diana (force password change on next login)
# chage -M 14 diana (force password change every 2 weeks)
# chage -E 2015-07-15 diana (expire account on a certain day)
# usermod -L -e 1 diana (lock and expire a user account)
- File permissions:
$ chown diana:developers foo.txt
$ chmod 774 foo.txt
$ chmod ug+rw,o+r foo.txt
$ chmod a+rwx,o-wx foo.txt
$ sudo chmod 1777 /tmp
-
Directory permissions:
-
r: required to list the contents of a directory -
w: required to add/delete files in a directory -
x: required to change into a directory
-
-
Special permissions (replaces the
xslot in listings) -
setuid (
4oru+s)- files: executes as file's owner
- directories: no effect
- good for commands that need to edit files owned by root:
$ ls -l /usr/bin/passwd
-rwsr-xr-x. 1 root root 27864 Aug 17 2014 /usr/bin/passwd
- example: (if the user does not have
xthen setuid will beSrather thans)
$ chmod u+s foo.sh
$ ls -l foo.sh
-rwsrwxr--. 1 diana diana 0 Oct 17 18:09 foo.sh
- setgid (
2org+s)- files: executes as file's group
- directories: group of new file set to the directory's group
- good for shared folders
- example:
$ chmod g+s foo.sh
$ ls -l foo.sh
-rwxrwsr--. 1 diana diana 0 Oct 17 18:09 foo.sh
- sticky bit (
1oro+t)- files: no effect
- directories: users with write can only delete files that they own
- good for
/tmp - example:
$ sudo chmod o+t /tmp
$ ls -ld /tmp
drwxrwxrwt. 12 root root 280 Oct 17 18:16 /tmp
- New file/dir permission masking:
-
umaskchanges only last for the terminal session - default permissions for a new file:
666, minus theumask - default permissions for a new dir:
777, minus theumask - places
umaskmight be set:/etc/bashrc/etc/profile~/.bashrc~/.back_profile
-
$ umask (what they can't have)
0002
$ umask -S (what they can have)
u=rwx,g=rwx,o=rx
$ touch foo.txt
$ ls -l foo.txt
-rw-rw-r--. 1 diana diana 0 Oct 17 18:43 foo.txt
$ mkdir music
$ ls -ld music
drwxrwxr-x. 2 diana diana 4096 Oct 17 18:47 music
- Jobs (
jobs,fg,bg):
$ ./eclipse &
[1] 6851
$ jobs
[1]+ Running ./eclipse &
$ fg %1
./eclipse
^Z
[1]+ Stopped ./eclipse
$ jobs
[1]+ Stopped ./eclipse
$ bg %1
[1]+ ./eclipse &
$ jobs
[1]+ Running ./eclipse &
- Killing processes (
kill,killall,pkill,pgrep):
$ kill 13131 (kill process with pid 13131)
$ killall firefox (kill all firefox processes)
$ pgrep -l diana (list all processes owned by diana)
$ pkill -u diana (kill all processes owned by diana)
$ pkill -P 24242 (kill all children of pid 24242)
- Services:
- If the
Loadedstatus isenabled, the service will start at boot.
- If the
$ systemctl status sshd
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
Active: active (running) since Thu 2015-09-24 21:32:56 EDT; 3 weeks
Main PID: 1300 (sshd)
CGroup: /system.slice/sshd.service
└─1300 /usr/sbin/sshd -D
$ systemctl (list running services)
$ systemctl stop sshd
$ systemctl start sshd
$ systemctl restart sshd
$ systemctl reload sshd (reload service configuration)
$ systemctl disable sshd (do not start on boot)
$ systemctl enable sshd (start on boot)
$ systemctl mask sshd (service will no longer start)
$ systemctl unmask sshd (removes `/dev/null` symbolic link)
$ systemctl list-dependencies sshd
sshd.service
├─sshd-keygen.service
└─basic.target
├─iptables.service
├─sockets.target
│ ├─cups.socket
...
- Key-based authentication:
- public key (
id_rsa.pub) should be644 - private key (
id_rsa) should be600 - public key needs to be appended to
~/.ssh/authorized_keyson the remote system
- public key (
$ ssh-keygen
$ ls -l ~/.ssh/
-rw-------. 1 diana diana 1675 Oct 6 11:39 id_rsa
-rw-r--r--. 1 diana diana 405 Oct 6 11:39 id_rsa.pub
-rw-r--r--. 1 diana diana 265 Oct 6 11:42 known_hosts
$ ssh-copy-id user@host
$ ssh user@host <command> (just execute a command remotely)
$ ssh user@host
-
Configuring ssh:
- edit
/etc/ssh/sshd_configandsystemctl restart sshd
- edit
-
require key-based authentication
PasswordAuthentication no
- don't allow root to login
PermitRootLogin no
- only allow root to login with ssh keys
PermitRootLogin without-password
- Archives:
- By default, the
umaskis subtracted during an extract (use thepoption to override). - If extracted by root,
tarwill try to preserve the users and groups. -
-p, --preserve-permissions: extract information about file permissions (default for superuser) - Compression types
-
-z(gzip) -
-j(bzip2) -
-J(xz)
-
- By default, the
$ tar cvzf foo.tar.gz /etc
$ tar tvzf foo.tar.gz /etc (table of contents)
$ tar xvzf foo.tar.gz /etc
- Copying files:
$ scp foo.txt [email protected]:/etc/
$ scp [email protected]:/etc/foo.txt .
-
Syncing files:
- you can rsync 2 local dirs (doesn't always need to be remote)
-v, --verbose-
-a, --archive: archive mode -
-H, --hard-links: preserve hard links -
-n, --dry-run: perform a trial run with no changes made
$ rsync -av /var/log/ /tmp
$ rsync -av [email protected]:/var/log /tmp
- Disk space:
$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 2.0G 0 2.0G 0% /dev
tmpfs 2.0G 228K 2.0G 1% /dev/shm
tmpfs 2.0G 1.2M 2.0G 1% /run
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/mapper/fedora-root 18G 6.8G 9.5G 42% /
tmpfs 2.0G 104K 2.0G 1% /tmp
/dev/sda1 477M 106M 342M 24% /boot
tmpfs 396M 16K 396M 1% /run/user/42
tmpfs 396M 24K 396M 1% /run/user/1000
$ sudo du -h /var/log
12K /var/log/rabbitmq
4.0K /var/log/glusterfs
43M /var/log/mariadb
1.4M /var/log/httpd
4.0K /var/log/sssd
...
- Repositories & packages:
$ rpm -q python
python-2.7.5-18.el7_1.1.x86_64
$ rpm -q python -i (more info)
Name : python
Version : 2.7.5
Release : 18.el7_1.1
Architecture: x86_64
Install Date: Mon 14 Sep 2015 12:33:26 PM EDT
$ rpm -q python -l (list files)
/usr/bin/pydoc
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/share/doc/python-2.7.5
/usr/share/doc/python-2.7.5/LICENSE
/usr/share/doc/python-2.7.5/README
/usr/share/man/man1/python.1.gz
/usr/share/man/man1/python2.1.gz
/usr/share/man/man1/python2.7.1.gz
$ rpm -q python -l (list files)
/usr/bin/pydoc
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/share/doc/python-2.7.5
/usr/share/doc/python-2.7.5/LICENSE
/usr/share/doc/python-2.7.5/README
/usr/share/man/man1/python.1.gz
/usr/share/man/man1/python2.1.gz
/usr/share/man/man1/python2.7.1.gz
$ rpm -q python --changelog
$ rpm -q -p foo.rpm (query uninstalled rpm by filename using -p)
$ sudo yum install foo
$ sudo yum list foo
$ sudo yum update foo
$ sudo yum remove foo
$ /etc/yum.conf (yum configuration)
$ ls /etc/yum.repos.d
google-chrome.repo google-talkplugin.repo redhat.repo rhel7-csb-stage.repo
$ yum repolist
repo id repo name status
google-chrome google-chrome 2
google-talkplugin google-talkplugin 1
repolist: 3
$ yum list java*
Installed Packages
java-1.7.0-openjdk.x86_64 1:1.7.0.85-2.6.1.2.el7_1 @production-rhel-x86_64-workstation-7
java-1.7.0-openjdk-headless.x86_64 1:1.7.0.85-2.6.1.2.el7_1 @production-rhel-x86_64-workstation-7
javamail.noarch 1.4.6-8.el7 @RHEL7-csb-updates/7.0
javapackages-tools.noarch 3.4.1-6.el7_0 @RHEL7-csb-updates/7.0
$ yum info java-1.7.0-openjdk
Installed Packages
Name : java-1.7.0-openjdk
Arch : x86_64
Epoch : 1
Version : 1.7.0.85
Release : 2.6.1.2.el7_1
Size : 493 k
Repo : installed
From repo : production-rhel-x86_64-workstation-7
Summary : OpenJDK Runtime Environment
URL : http://openjdk.java.net/
License : ASL 1.1 and ASL 2.0 and GPL+ and GPLv2 and GPLv2 with exceptions and LGPL+ and LGPLv2 and
: MPLv1.0 and MPLv1.1 and Public Domain and W3C
Description : The OpenJDK runtime environment.
$ sudo yum history
ID | Command line | Date a | Action | Altere
-------------------------------------------------------------------------------
8 | install -y libvirt libvi | 2015-10-16 07:02 | I, U | 20
7 | install -y scsi-target-u | 2015-10-16 07:02 | Install | 2
6 | install -y httpd mod_wsg | 2015-10-16 07:01 | Install | 1
5 | install -y mariadb-serve | 2015-10-16 06:47 | Install | 5
4 | install -y rabbitmq-serv | 2015-10-16 06:47 | Install | 23
3 | install -y libffi-devel | 2015-10-16 06:46 | Install | 7
2 | install -y iptables-serv | 2015-10-16 06:46 | Install | 1
1 | install -y bridge-utils | 2015-10-16 06:44 | I, U | 90
$ sudo yum history info 5
$ sudo yum history undo 5
- Syslog:
- Standard log locations:
/var/log/messages (most syslog messages)
/var/log/secure (security & auth related logs)
/var/log/maillog (mail server related logs)
/var/log/cron (cron job logs)
/var/log/boot.log (system boot logs)
- Rules for log message routing:
/etc/rsyslog.conf
/etc/rsyslog.d/
- Example rule:
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
- Make a new rule and test it with
logger:
# echo "*.debug /var/log/messages-debug" > /etc/rsyslog.d/debug.conf
# cat /etc/rsyslog.d/debug.conf
*.debug /var/log/messages-debug
# systemctl restart rsyslog
# logger -p user.debug "testing debug messages"
- Systemd Journal:
- stored in
/run/log/, cleared after reboot - or persisted in
/var/log/journal
- stored in
# journalctl
Oct 21 17:14:21 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
Oct 21 17:14:21 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000100000000-0x000000013fffffff] usable
Oct 21 17:14:21 localhost.localdomain kernel: NX (Execute Disable) protection: active
Oct 21 17:14:21 localhost.localdomain kernel: SMBIOS 2.4 present.
Oct 21 17:14:21 localhost.localdomain kernel: DMI: Red Hat KVM, BIOS 0.5.1 01/01/2011
Oct 21 17:14:21 localhost.localdomain kernel: Hypervisor detected: KVM
# journalctl -p err (error logs and higher)
# journalctl -p warning (warning logs and higher)
# journalctl -b (since last boot)
# journalctl -b 1 (previous boot)
# journalctl --since today
# journalctl --since 2015-10-25 --until 2015-10-26
# journalctl _PID=668
# journalctl -o verbose (shows all the meta tags you can query)
- Date & Time:
$ timedatectl (lists current settings)
$ timedatectl list-timezones
# timedatectl set-timezone America/Toronto
# timedatectl set-time 11:00:00
# timedatectl set-time "2013-01-01"
# timedatectl set-ntp false
# tzselect (helps you select a timezone)
# cat /etc/chrony.conf (time sync config)
# systemctl restart chronyd
- Mounting:
# blkid
/dev/vda1: UUID="11111111-2222-3333-444444444" TYPE="xfs"
# mount /dev/vda1 /mnt/mydata
- or -
# mount UUID="11111111-2222-3333-444444444" /mnt/mydata
# lsof /mnt/mydata
# umount /mnt/mydata
- Links:
- if you remove the original file, the hardlink still exists
$ ls -la hello.txt
-rw-rw-r--. 1 diana diana 6 Nov 26 16:31 hello.txt
$ ln hello.txt hardlink.txt
$ ln -s hello.txt symlink.txt
$ ls -la hello.txt
-rw-rw-r--. 2 diana diana 6 Nov 26 16:31 hello.txt
$ ls -la hardlink.txt
-rw-rw-r--. 2 diana diana 6 Nov 26 16:31 hardlink.txt
$ ls -la symlink.txt
lrwxrwxrwx. 1 diana diana 9 Nov 26 17:09 symlink.txt -> hello.txt
- Locating files
$ updatedb (update the locate db, updated daily by cron)
$ locate foo (will match partial filenames)
$ locate -i foo (case insensitive)
$ locate -n 5 foo (only show 5 results)
- TODO:
- clean up formatting
- finish typing up all my notes