How to create YUM repository on a RHEL Server :
1. Insert and then mount the cdrom as /media
# mount /dev/cdrom /media
2. Create a directory called /myrepo
# mkdir /myrepo
3. Copy all the RPMs from the cd to the local directory
# cp /media/Packages/*.rpm /myrepo
4. Copy the xml file from the CD to the local directory
# cp /media/Server/repodata/6b21fc619d1eccd6fb49237c666f0ce4c68f-comps-rhel-Server.xml /myrepo
5. Create a YUM repository based on the cdrom. This can be done by creating the below file.
# cat > /etc/yum.repos.d/myrepo
[myrepo]
name=rhel6
baseurl=file:///media
enabled=1
gpgcheck=0
^d
Now you can install any rpm using yum command which will install the software from /media ie., your cdrom
6. Install createrepo rpm ( including its dependents)
# yum install createrepo
7. Create a local repository
# cd /myrepo
# createrepo -g 96b21fc619d1eccd6fb49237c666f0ce4c68f-comps-rhel-Server.xml -x /myrepo
8. Finally you have to change the below file
/etc/yum.repos.d/myrepo :
[myrepo]
name=rhel6
baseurl=file:///media
enabled=1
gpgcheck=0
9. Now you have finished creating a local repository on your server.
You can install any individual rpm or groups by just invoking yum command.
Here are few commands to show different ways to use yum command:
1. To install an individual rpm and also install its dependents
# yum install package-name
2. To install a group of rpms
# yum groupinstall group-name
3. To list all the packages available in the repository
# yum list
4. To list only the packages that are installed
# yum list installed
5. To list all the groups available in the repository
# yum grouplist
6. To display information of a group of packages
# yum groupinfo group-name
7. To display information of a package
# yum info package-name
8. To uninstall a package
# yum remove package-name
9. To uninstall a group of packages
# yum groupremove group-name
10. To update a package
# yum update package-name
11. To update a group of packages
# yum update group-name
12. To search for a package using a keyword
# yum search keyword
13. To know which package a file belongs to
# yum provides /usr/bin/screen
14. To list your current (enabled) yum repositories
# yum repolist
15. To list all yum repositories
# yum repolist all
Few other info,
yum conf file: /etc/yum.conf
yum repo file: /etc/yum.repos.d/
You still have a lot to learn about YUM. So keep reading.
Sunday, December 2, 2012
Wednesday, August 1, 2012
Access Control List
Access Control List (ACL) is a list of permissions attached to a file or directory.
Pre-Requisite:
To set ACL for any file or directory, the underlying filesystem should be ACL enabled which you have to mention while mounting the filesystem.
To make it permanent, you need to edit /etc/fstab and add "acl" under options field for the specific filesystem.
Ex:
LABEL=/data /data ext3 defaults,acl 1 2
After modifying the /etc/fstab file, you have to remount the filesystem.
# mount -o remount /data
Now we can start setting the ACL on any file or directory located under /data filesystem.
To set full permission for a user on /data,
# setfacl -m u:user1:rwx /data
To set only read/execute permission for a user on /data/file1,
# setfacl -m u:user1:r-x /data/file1
To set full permission for dba group on /data/oracle directory,
# setfacl -m g:dba:rwx /data/oracle
To set full permission to user1 and group1 on /data directory,
# setfacl -m u:user1:rwx,g:group1:rwx /data
To revoke the ACL for a user on /data,
# setfacl -x u:user1 /data
To view the current ACL values on /data,
# getfacl /data
To revoke write access for all users and groups on a file,
# setfacl -m m::rx /data/file1
Above command will set the mask value as "r-x".
To copy the acl of one file to another,
# getfacl file1 | setfacl --set-file=- file2
You can also use the below method to copy the acl rights between files.
$ getfacl /data/file1 > acls.txt
$ setfacl -f acls.txt /data/file2
Pre-Requisite:
To set ACL for any file or directory, the underlying filesystem should be ACL enabled which you have to mention while mounting the filesystem.
To make it permanent, you need to edit /etc/fstab and add "acl" under options field for the specific filesystem.
Ex:
LABEL=/data /data ext3 defaults,acl 1 2
After modifying the /etc/fstab file, you have to remount the filesystem.
# mount -o remount /data
Now we can start setting the ACL on any file or directory located under /data filesystem.
To set full permission for a user on /data,
# setfacl -m u:user1:rwx /data
To set only read/execute permission for a user on /data/file1,
# setfacl -m u:user1:r-x /data/file1
To set full permission for dba group on /data/oracle directory,
# setfacl -m g:dba:rwx /data/oracle
To set full permission to user1 and group1 on /data directory,
# setfacl -m u:user1:rwx,g:group1:rwx /data
To revoke the ACL for a user on /data,
# setfacl -x u:user1 /data
To view the current ACL values on /data,
# getfacl /data
To revoke write access for all users and groups on a file,
# setfacl -m m::rx /data/file1
Above command will set the mask value as "r-x".
To copy the acl of one file to another,
# getfacl file1 | setfacl --set-file=- file2
You can also use the below method to copy the acl rights between files.
$ getfacl /data/file1 > acls.txt
$ setfacl -f acls.txt /data/file2
Friday, July 20, 2012
User and Group Management in Redhat Linux
Here are some configuration files which you should be familiar.
/etc/passwd :
Contains the database of information of all the users.
The format of the file is
username:password:uid:gid:gecos:directory:shell
/etc/shadow :
The actual password of every user is stored in /etc/shadow, indicated by an x in the password field.
As /etc/passwd is readable by all users, storing even encrypted passwords in it makes password guessing easier.
However, /etc/shadow is more secure because it is readable only by programs that run with root privileges, such as login and passwd.
Here is a sample line from /etc/shadow
johny:$1$EmRh1cmZ$gkXY30H43D7NtpQXjm9F01:11589:0:99999:7:::
It contains the following fields,
- The account name
- The account’s encrypted password
- The number of days since 1 January 1970 that the password was last changed
- The number of days permitted before the password can be changed
- The number of days after which the password must be changed
- The number of days before the password expires that the user is warned
- The number of days after the password expires before the account is disabled
- The number of days since 1 January 1970 after which the account is disabled
- Reserved for future use
/etc/group :
Contains the database of information of all the groups.
The format of the file is
groupname:password:gid:userlist
where
groupname is the name of the group
- password is an optional field containing the encrypted group password
- gid is the numeric group ID number
- userlist is a comma-separated list of the user account names that comprise the group
For ex,
finance:x:507:jacob,maylyn,nancy
Now lets see some commands,
Q. To create a user account with default settings,
# useradd jacob
In this case,
the home directory will be /home/jacob,
shell will be bash
uid will be the next unused UID
Q. To show the default values taken while creating a user account,
# useradd -D
Q. To set a password for the newly created user account,
# passwd jacob
Q. To change the gecos(description) of a user account,
# usermod -c "Jacob Oyden" jacob
Q. To delete a user account
# userdel jacob
Q. To delete a user account along with its home directory,
# userdel -r jacob
Q. To create a group for finance department,
# groupadd finance
Q. To create a group in a specific guid,
# groupadd -g 1000 finance
Q. To delete a group,
# groupdel finance
Q. To lock a user account,
# passwd -l jacob
Q. To unlock a user account,
# passwd -u jacob
Q. To change the user name of an existing user account,
# usermod -l joyden jacob
above command change the username from jacob to joyden.
Q. To change the 'uid' of a user account,
# usermod -u 1023 jacob
Above command will also update all files and directories rooted in the user’s home directory automatically to the new UID, but any files outside of the user’s home directory must be altered manually.
Q. To show the user account expiry information,
# chage -l jacob
Q. To change user account expiry information,
# chage jacob
Q. To list all the shells (or you can refer the file /etc/shells for the available shells),
# chsh -l
Q. To change the shell of a user,
# chsh jacob
/etc/passwd :
Contains the database of information of all the users.
The format of the file is
username:password:uid:gid:gecos:directory:shell
/etc/shadow :
The actual password of every user is stored in /etc/shadow, indicated by an x in the password field.
As /etc/passwd is readable by all users, storing even encrypted passwords in it makes password guessing easier.
However, /etc/shadow is more secure because it is readable only by programs that run with root privileges, such as login and passwd.
Here is a sample line from /etc/shadow
johny:$1$EmRh1cmZ$gkXY30H43D7NtpQXjm9F01:11589:0:99999:7:::
It contains the following fields,
- The account name
- The account’s encrypted password
- The number of days since 1 January 1970 that the password was last changed
- The number of days permitted before the password can be changed
- The number of days after which the password must be changed
- The number of days before the password expires that the user is warned
- The number of days after the password expires before the account is disabled
- The number of days since 1 January 1970 after which the account is disabled
- Reserved for future use
/etc/group :
Contains the database of information of all the groups.
The format of the file is
groupname:password:gid:userlist
where
groupname is the name of the group
- password is an optional field containing the encrypted group password
- gid is the numeric group ID number
- userlist is a comma-separated list of the user account names that comprise the group
For ex,
finance:x:507:jacob,maylyn,nancy
Now lets see some commands,
Q. To create a user account with default settings,
# useradd jacob
In this case,
the home directory will be /home/jacob,
shell will be bash
uid will be the next unused UID
Q. To show the default values taken while creating a user account,
# useradd -D
Q. To set a password for the newly created user account,
# passwd jacob
Q. To change the gecos(description) of a user account,
# usermod -c "Jacob Oyden" jacob
Q. To delete a user account
# userdel jacob
Q. To delete a user account along with its home directory,
# userdel -r jacob
Q. To create a group for finance department,
# groupadd finance
Q. To create a group in a specific guid,
# groupadd -g 1000 finance
Q. To delete a group,
# groupdel finance
Q. To lock a user account,
# passwd -l jacob
Q. To unlock a user account,
# passwd -u jacob
Q. To change the user name of an existing user account,
# usermod -l joyden jacob
above command change the username from jacob to joyden.
Q. To change the 'uid' of a user account,
# usermod -u 1023 jacob
Above command will also update all files and directories rooted in the user’s home directory automatically to the new UID, but any files outside of the user’s home directory must be altered manually.
Q. To show the user account expiry information,
# chage -l jacob
Q. To change user account expiry information,
# chage jacob
Q. To list all the shells (or you can refer the file /etc/shells for the available shells),
# chsh -l
Q. To change the shell of a user,
# chsh jacob
Subscribe to:
Posts (Atom)