linux - dianaclarke/openstack-notes GitHub Wiki

Linux Study Notes

  • Turn the effing beep off! In /etc/inputrc:
set bell-style none
  • 30 days from now:
$ date -d +30days
Mon Nov 16 16:22:32 CST 2015
  • Expansion:
$ mv foo.patch foo_$(date +%F).patch
$ ls foo*
foo_2015-10-17.patch

$ touch foo_{1..3}
$ ls foo*
foo_1	foo_2	foo_3
  • Redirection:
$ ./foo.sh 2> stderr.txt 
$ ./foo.sh &> both.txt          (these are equivalent)
$ ./foo.sh > both.txt 2>&1      (these are equivalent)
  • Files involved in user and group management:
/etc/login.defs                 (uid/gid ranges, password expiry config, etc) 
/etc/passwd                     (uid to user mapping, home dir, shell)
/etc/group                      (gid to group mapping)
/etc/sudoers                    (sudo config)
/etc/shadow                     (hashed password, password expiry, etc)
/etc/skel/                      (files to copy to home dirs on user creation)
  • Commands to manage users and groups:
# id diana
# passwd diana
# useradd diana
# groupadd -g 5000 developers
# usermod -aG wheel diana
# groupmod -n old_name new_name
# userdel -r diana              (-r removes home dir too)
# groupdel developers
  • Password ageing & account expiry:
# chage -l diana               (list current settings)
# chage -d 0 diana             (force password change on next login)
# chage -M 14 diana            (force password change every 2 weeks)
# chage -E 2015-07-15 diana    (expire account on a certain day)
# usermod -L -e 1 diana        (lock and expire a user account)
  • File permissions:
$ chown diana:developers foo.txt
$ chmod 774 foo.txt
$ chmod ug+rw,o+r foo.txt
$ chmod a+rwx,o-wx foo.txt
$ sudo chmod 1777 /tmp
  • Directory permissions:

    • r: required to list the contents of a directory
    • w: required to add/delete files in a directory
    • x: required to change into a directory
  • Special permissions (replaces the x slot in listings)

  • setuid (4 or u+s)

    • files: executes as file's owner
    • directories: no effect
    • good for commands that need to edit files owned by root:
$ ls -l /usr/bin/passwd 
-rwsr-xr-x. 1 root root 27864 Aug 17  2014 /usr/bin/passwd
  • example: (if the user does not have x then setuid will be S rather than s)
$ chmod u+s foo.sh
$ ls -l foo.sh 
-rwsrwxr--. 1 diana diana 0 Oct 17 18:09 foo.sh
  • setgid (2 or g+s)
    • files: executes as file's group
    • directories: group of new file set to the directory's group
    • good for shared folders
    • example:
$ chmod g+s foo.sh
$ ls -l foo.sh 
-rwxrwsr--. 1 diana diana 0 Oct 17 18:09 foo.sh
  • sticky bit (1 or o+t)
    • files: no effect
    • directories: users with write can only delete files that they own
    • good for /tmp
    • example:
$ sudo chmod o+t /tmp
$ ls -ld /tmp
drwxrwxrwt. 12 root root 280 Oct 17 18:16 /tmp
  • New file/dir permission masking:
    • umask changes only last for the terminal session
    • default permissions for a new file: 666, minus the umask
    • default permissions for a new dir: 777, minus the umask
    • places umask might be set:
      • /etc/bashrc
      • /etc/profile
      • ~/.bashrc
      • ~/.back_profile
$ umask                        (what they can't have)
0002
$ umask -S                     (what they can have)
u=rwx,g=rwx,o=rx

$ touch foo.txt
$ ls -l foo.txt 
-rw-rw-r--. 1 diana diana 0 Oct 17 18:43 foo.txt

$ mkdir music
$ ls -ld music
drwxrwxr-x. 2 diana diana 4096 Oct 17 18:47 music
  • Jobs (jobs, fg, bg):
$ ./eclipse &
[1] 6851
$ jobs
[1]+  Running                 ./eclipse &
$ fg %1
./eclipse
^Z
[1]+  Stopped                 ./eclipse
$ jobs
[1]+  Stopped                 ./eclipse
$ bg %1
[1]+ ./eclipse &
$ jobs
[1]+  Running                 ./eclipse &
  • Killing processes (kill, killall, pkill, pgrep):
$ kill 13131                   (kill process with pid 13131)
$ killall firefox              (kill all firefox processes)
$ pgrep -l diana               (list all processes owned by diana)
$ pkill -u diana               (kill all processes owned by diana)
$ pkill -P 24242               (kill all children of pid 24242)
  • Services:
    • If the Loaded status is enabled, the service will start at boot.
$ systemctl status sshd
sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled)
   Active: active (running) since Thu 2015-09-24 21:32:56 EDT; 3 weeks
 Main PID: 1300 (sshd)
   CGroup: /system.slice/sshd.service
           └─1300 /usr/sbin/sshd -D
$ systemctl                    (list running services)
$ systemctl stop sshd
$ systemctl start sshd
$ systemctl restart sshd
$ systemctl reload sshd        (reload service configuration)
$ systemctl disable sshd       (do not start on boot)
$ systemctl enable sshd        (start on boot)
$ systemctl mask sshd          (service will no longer start)
$ systemctl unmask sshd        (removes `/dev/null` symbolic link)
$ systemctl list-dependencies sshd
sshd.service
├─sshd-keygen.service
└─basic.target
  ├─iptables.service
  ├─sockets.target
  │ ├─cups.socket
  ...
  • Key-based authentication:
    • public key (id_rsa.pub) should be 644
    • private key (id_rsa) should be 600
    • public key needs to be appended to ~/.ssh/authorized_keys on the remote system
$ ssh-keygen
$ ls -l ~/.ssh/
-rw-------. 1 diana diana 1675 Oct  6 11:39 id_rsa
-rw-r--r--. 1 diana diana  405 Oct  6 11:39 id_rsa.pub
-rw-r--r--. 1 diana diana  265 Oct  6 11:42 known_hosts
$ ssh-copy-id user@host

$ ssh user@host <command>      (just execute a command remotely)
$ ssh user@host
  • Configuring ssh:

    • edit /etc/ssh/sshd_config and systemctl restart sshd
  • require key-based authentication

PasswordAuthentication no
  • don't allow root to login
PermitRootLogin no
  • only allow root to login with ssh keys
PermitRootLogin without-password
  • Archives:
    • By default, the umask is subtracted during an extract (use the p option to override).
    • If extracted by root, tar will try to preserve the users and groups.
    • -p, --preserve-permissions: extract information about file permissions (default for superuser)
    • Compression types
      • -z (gzip)
      • -j (bzip2)
      • -J (xz)
$ tar cvzf foo.tar.gz /etc
$ tar tvzf foo.tar.gz /etc     (table of contents)
$ tar xvzf foo.tar.gz /etc
  • Copying files:
$ scp foo.txt [email protected]:/etc/
$ scp [email protected]:/etc/foo.txt .
  • Syncing files:

    • you can rsync 2 local dirs (doesn't always need to be remote)
    • -v, --verbose
    • -a, --archive: archive mode
    • -H, --hard-links: preserve hard links
    • -n, --dry-run: perform a trial run with no changes made
$ rsync -av /var/log/ /tmp
$ rsync -av [email protected]:/var/log /tmp
  • Disk space:
$ df -h
Filesystem               Size  Used Avail Use% Mounted on
devtmpfs                 2.0G     0  2.0G   0% /dev
tmpfs                    2.0G  228K  2.0G   1% /dev/shm
tmpfs                    2.0G  1.2M  2.0G   1% /run
tmpfs                    2.0G     0  2.0G   0% /sys/fs/cgroup
/dev/mapper/fedora-root   18G  6.8G  9.5G  42% /
tmpfs                    2.0G  104K  2.0G   1% /tmp
/dev/sda1                477M  106M  342M  24% /boot
tmpfs                    396M   16K  396M   1% /run/user/42
tmpfs                    396M   24K  396M   1% /run/user/1000
$ sudo du -h /var/log
12K     /var/log/rabbitmq
4.0K    /var/log/glusterfs
43M     /var/log/mariadb
1.4M    /var/log/httpd
4.0K    /var/log/sssd
...
  • Repositories & packages:
$ rpm -q python
python-2.7.5-18.el7_1.1.x86_64

$ rpm -q python -i             (more info)
Name        : python
Version     : 2.7.5
Release     : 18.el7_1.1
Architecture: x86_64
Install Date: Mon 14 Sep 2015 12:33:26 PM EDT

$ rpm -q python -l             (list files)
/usr/bin/pydoc
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/share/doc/python-2.7.5
/usr/share/doc/python-2.7.5/LICENSE
/usr/share/doc/python-2.7.5/README
/usr/share/man/man1/python.1.gz
/usr/share/man/man1/python2.1.gz
/usr/share/man/man1/python2.7.1.gz

$ rpm -q python -l             (list files)
/usr/bin/pydoc
/usr/bin/python
/usr/bin/python2
/usr/bin/python2.7
/usr/share/doc/python-2.7.5
/usr/share/doc/python-2.7.5/LICENSE
/usr/share/doc/python-2.7.5/README
/usr/share/man/man1/python.1.gz
/usr/share/man/man1/python2.1.gz
/usr/share/man/man1/python2.7.1.gz

$ rpm -q python --changelog
$ rpm -q -p foo.rpm            (query uninstalled rpm by filename using -p)
$ sudo yum install foo
$ sudo yum list foo
$ sudo yum update foo
$ sudo yum remove foo
$ /etc/yum.conf                (yum configuration)

$ ls /etc/yum.repos.d
google-chrome.repo  google-talkplugin.repo  redhat.repo  rhel7-csb-stage.repo

$ yum repolist
repo id             repo name           status
google-chrome       google-chrome       2
google-talkplugin   google-talkplugin   1
repolist: 3
$ yum list java*
Installed Packages
java-1.7.0-openjdk.x86_64            1:1.7.0.85-2.6.1.2.el7_1    @production-rhel-x86_64-workstation-7
java-1.7.0-openjdk-headless.x86_64   1:1.7.0.85-2.6.1.2.el7_1    @production-rhel-x86_64-workstation-7
javamail.noarch                      1.4.6-8.el7                 @RHEL7-csb-updates/7.0               
javapackages-tools.noarch            3.4.1-6.el7_0               @RHEL7-csb-updates/7.0          

$ yum info java-1.7.0-openjdk
Installed Packages
Name        : java-1.7.0-openjdk
Arch        : x86_64
Epoch       : 1
Version     : 1.7.0.85
Release     : 2.6.1.2.el7_1
Size        : 493 k
Repo        : installed
From repo   : production-rhel-x86_64-workstation-7
Summary     : OpenJDK Runtime Environment
URL         : http://openjdk.java.net/
License     : ASL 1.1 and ASL 2.0 and GPL+ and GPLv2 and GPLv2 with exceptions and LGPL+ and LGPLv2 and
            : MPLv1.0 and MPLv1.1 and Public Domain and W3C
Description : The OpenJDK runtime environment.
$ sudo yum history
ID     | Command line             | Date a | Action | Altere
-------------------------------------------------------------------------------
     8 | install -y libvirt libvi | 2015-10-16 07:02 | I, U           |   20   
     7 | install -y scsi-target-u | 2015-10-16 07:02 | Install        |    2   
     6 | install -y httpd mod_wsg | 2015-10-16 07:01 | Install        |    1   
     5 | install -y mariadb-serve | 2015-10-16 06:47 | Install        |    5   
     4 | install -y rabbitmq-serv | 2015-10-16 06:47 | Install        |   23   
     3 | install -y libffi-devel  | 2015-10-16 06:46 | Install        |    7   
     2 | install -y iptables-serv | 2015-10-16 06:46 | Install        |    1   
     1 | install -y bridge-utils  | 2015-10-16 06:44 | I, U           |   90   

$ sudo yum history info 5
$ sudo yum history undo 5
  • Syslog:
    • Standard log locations:
/var/log/messages              (most syslog messages)
/var/log/secure                (security & auth related logs)
/var/log/maillog               (mail server related logs)
/var/log/cron                  (cron job logs)
/var/log/boot.log              (system boot logs)
  • Rules for log message routing:
/etc/rsyslog.conf
/etc/rsyslog.d/
  • Example rule:
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none      /var/log/messages
  • Make a new rule and test it with logger:
# echo "*.debug  /var/log/messages-debug" > /etc/rsyslog.d/debug.conf
# cat /etc/rsyslog.d/debug.conf 
*.debug    /var/log/messages-debug
# systemctl restart rsyslog
# logger -p user.debug "testing debug messages"
  • Systemd Journal:
    • stored in /run/log/, cleared after reboot
    • or persisted in /var/log/journal
# journalctl
Oct 21 17:14:21 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
Oct 21 17:14:21 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000100000000-0x000000013fffffff] usable
Oct 21 17:14:21 localhost.localdomain kernel: NX (Execute Disable) protection: active
Oct 21 17:14:21 localhost.localdomain kernel: SMBIOS 2.4 present.
Oct 21 17:14:21 localhost.localdomain kernel: DMI: Red Hat KVM, BIOS 0.5.1 01/01/2011
Oct 21 17:14:21 localhost.localdomain kernel: Hypervisor detected: KVM
# journalctl -p err            (error logs and higher)
# journalctl -p warning        (warning logs and higher)
# journalctl -b                (since last boot)
# journalctl -b 1              (previous boot)
# journalctl --since today
# journalctl --since 2015-10-25 --until 2015-10-26
# journalctl _PID=668
# journalctl -o verbose        (shows all the meta tags you can query)
  • Date & Time:
$ timedatectl                  (lists current settings)
$ timedatectl list-timezones
# timedatectl set-timezone America/Toronto
# timedatectl set-time 11:00:00
# timedatectl set-time "2013-01-01"
# timedatectl set-ntp false
# tzselect                     (helps you select a timezone)
# cat /etc/chrony.conf         (time sync config)
# systemctl restart chronyd
  • Mounting:
# blkid
/dev/vda1: UUID="11111111-2222-3333-444444444" TYPE="xfs"

# mount /dev/vda1 /mnt/mydata
    - or -
# mount UUID="11111111-2222-3333-444444444" /mnt/mydata

# lsof /mnt/mydata
# umount /mnt/mydata
  • Links:
    • if you remove the original file, the hardlink still exists
$ ls -la hello.txt 
-rw-rw-r--. 1 diana diana 6 Nov 26 16:31 hello.txt

$ ln hello.txt hardlink.txt
$ ln -s hello.txt symlink.txt

$ ls -la hello.txt 
-rw-rw-r--. 2 diana diana 6 Nov 26 16:31 hello.txt

$ ls -la hardlink.txt 
-rw-rw-r--. 2 diana diana 6 Nov 26 16:31 hardlink.txt

$ ls -la symlink.txt 
lrwxrwxrwx. 1 diana diana 9 Nov 26 17:09 symlink.txt -> hello.txt
  • Locating files
$ updatedb                     (update the locate db, updated daily by cron)
$ locate foo                   (will match partial filenames)
$ locate -i foo                (case insensitive)
$ locate -n 5 foo              (only show 5 results)
  • TODO:
    • clean up formatting
    • finish typing up all my notes
⚠️ **GitHub.com Fallback** ⚠️