Welcome To Red Hat Linux

Class
 How To Install RHEL -124

• Minimum system requirements for RHEL 9

∙
2 GB RAM or more
∙
1 GHz Single or multiple CPU
∙
20 GB hard disk space
• https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html
• https://developers.redhat.com/products/rhel/download
Chapter 1 : Get Started with Red Hat Enterprise Linux
• What Is Linux?

• Why Should You Learn about Linux?

• Linux is a critical technology for IT professionals to understand.
• Linux is in widespread use, worldwide. Internet users interact with Linux application and
web server systems daily, by browsing the World Wide Web and using e-commerce sites
to buy and sell products.
• Linux is in use for much more than the internet. Linux manages point-of-sale systems
and the world's stock markets, powers smart TVs and in-flight entertainment systems,
and runs most of the top 500 supercomputers in the world. Linux provides the core
technologies that power the cloud revolution and the tools to build the latest
generations of container-based microservices applications, software-based storage
technologies, and big data solutions.
• A Windows user needs to interoperate with Linux systems and applications.
• In application development, Linux commonly hosts the application and its runtime.
• In cloud computing, both private and public cloud instances use Linux as the operating
system.
• Mobile applications and Internet of Things (IoT) devices commonly run on Linux.
• When looking for new IT career opportunities, Linux skills are in high demand.
 What Makes Linux Great?
• Linux itself is open-source software.

• When people refer to "Linux," they typically mean the Linux kernel, which is the core
component of the Linux operating system.
• However, Linux is often used in conjunction with other open-source software to create
complete operating systems known as Linux distributions (distros).
• These distros typically include the Linux kernel along with various utilities, libraries, and
applications, all of which are open source.

• Some popular Linux distributions include:

 What Is Open-Source Software?
• Open-source software is software whose source code is freely available for anyone to view, modify, and distribute.
• The term "open source" refers to the availability of the source code, which is the human-readable version of A computer program written in A
programming language.

This openness allows users to:

• 1. View the Source Code: Users can access the source code to understand how the software works, how it is structured, and how it accomplishes its
tasks.

• 2.Modify the Software: Users have the freedom to modify the source code to add new features, fix bugs, optimize performance, or customize the
software to better suit their needs.

• 3.Distribute Copies: Users can distribute copies of the software, either in its original form or modified form, to others without restrictions.

• Open-source software is typically developed collaboratively in a transparent manner, often by a community of developers who contribute their time
and expertise voluntarily. This collaborative approach fosters innovation, encourages peer review, and promotes the sharing of knowledge.

• Open-source software is often distributed under licenses that ensure the software remains open and free to use, modify, and distribute. Some
common open-source licenses include the GNU General Public License (GPL), Apache License, MIT License, and BSD License.

• Examples of well-known open-source software include the Linux operating system, the Apache web server, the Mozilla Firefox web browser, the
LibreOffice productivity suite, and the WordPress content management system, among many others.
Red Hat Enterprise Linux
Ecosystem
• Red Hat Enterprise Linux (RHEL) is Red Hat's commercial production-grade Linux distribution.
• Red Hat develops and integrates open-source software into RHEL through a multistage
process.

• Red Hat participates in supporting individual open-source projects.

• It contributes code, developer time, resources, and support, and often collaborates with
developers from other Linux distributions, to improve the general quality of software for
everyone.

• Red Hat sponsors and integrates open-source projects into the community-driven Fedora
distribution. Fedora provides a free working environment to serve as a development lab and
proving ground for features to be incorporated into CentOS Stream and RHEL products.

• Red Hat stabilizes the CentOS Stream software to be ready for long-term support and
standardization, and integrates it into RHEL, the production-ready distribution.
Red Hat Enterprise Linux Ecosystem
Red Hat Enterprise Linux (RHEL) is Red Hat's commercial production-grade Linux distribution.
Red Hat develops and integrates open-source software into RHEL through a multistage process.
Chapter 2 Access the Command
Line
• Access the Command Line

• Introduction to the Bash Shell

• A command line is a text-based interface that is used to input instructions to a computer system.
• The Linux command line is provided by a program called the shell. Many shell program variants have
been developed over the years. Every user can use a different shell, but the Red Hat recommends
using the default shell for system administration.
• The default user shell in Red Hat Enterprise Linux (RHEL) is the GNU Bourne-Again Shell (bash).
• The bash shell is an improved version of the original Bourne Shell (sh) on UNIX systems.
• The shell displays a string when it is waiting for user input, called the shell prompt.
• When a regular user starts a shell, the prompt includes an ending dollar ($) character:
• [Anand@anand~]$
• A hash (#) character replaces the dollar ($) character when the shell is running as the superuser, root.
• This character indicates that it is a superuser shell, which helps to avoid mistakes that can affect the
whole system.
• [root@anand~]#
What is Shell Basics
• Commands that are entered at the shell prompt have three basic parts:
• Command to run.
• Options to adjust the behavior of the command.
• Arguments, which are typically targets of the command.

Example:
#ls is command
#-l is options
#Anand.txt is arguments
#ls –l Anand.txt
 Log in to a Local System
• A terminal is a text-based interface
to enter commands into and print
output from a computer system.
• To run the shell, you must log in to
the computer on a terminal.
 What is TTY in Linux?
• CTRL + ALT + F1 – In Red Hat Enterprise Linux 9, when the graphical environment is available, the login
Lockscreen screen typically runs on the first virtual console, which is tty1. This console hosts the
CTRL + ALT + F2 – graphical login manager, such as GDM (GNOME Display Manager) or another
Desktop Environment display manager depending on the desktop environment used.
CTRL + ALT + F3 –
TTY3 Additionally, there are typically five additional text-based login prompts available on
CTRL + ALT + F4 – virtual consoles tty2 through tty6. These consoles allow users to log in and access
TTY4 the system via a text-based interface, even if the graphical environment is not
CTRL + ALT + F5 – functioning or is not desired.
TTY5
CTRL + ALT + F6 – Users can switch between these virtual consoles using keyboard shortcuts such as
TTY6 Ctrl+Alt+F2 for tty2, Ctrl+Alt+F3 for tty3, and so on. This provides flexibility for users
who may prefer to work in a text-based environment or need to troubleshoot issues
with the graphical interface.
Log in to a Remote System

To log in to a remote system in Red Hat Enterprise Linux (RHEL), you typically use the SSH (Secure Shell) protocol.
Here's a basic guide on how to do it:
1. Open a Terminal: Open a terminal on your local machine. You can do this by searching for "Terminal" in the
applications menu or using the keyboard shortcut (often Ctrl+Alt+T).
2. SSH Command Syntax: The syntax for SSH is:
• ssh Anand@192.168.1.12
1. Replace username with your username on the remote system, and remote_host with the IP address or hostname
of the remote system.
2. Example: If your username on the remote system is user and the IP address of the remote system is
192.168.1.12 you would use the following command:
• ssh Aannd@192.168.1.12
1. Enter Password: After executing the SSH command, you'll be prompted to enter the password for the specified
user on the remote system. Type the password and press Enter. Note that as you type the password, no
characters will be displayed on the screen for security reasons.
2. Successful Login: If the username and password are correct, you'll be logged in to the remote system, and you'll
see a command prompt indicating that you're now working on the remote system.
3. Exiting: To exit the SSH session and return to your local system, simply type exit at the command prompt and
press Enter.
Log Out from a Remote System
• When you are finished with the shell and want to quit, you can choose one of several
ways to end the session. You can enter the exit command to terminate the current shell
session.
• Alternatively, finish a session by pressing Ctrl+D.
• Logout
• Exit
Access the Command Line with the Desktop
Introduction to the GNOME Desktop
Environment
• The desktop environment is the graphical user interface on a Linux system.
• GNOME 40 is the default desktop environment in Red Hat Enterprise Linux 9.
• It provides an integrated desktop for users and a unified development platform on top of a
graphical framework provided by either Wayland (by default) or the legacy X Window System.
Parts of the GNOME Shell
The elements of the GNOME Shell include the following parts, as shown in this
screen capture of the GNOME Shell in Activities overview mode:
How to Start a Terminal
• To get a shell prompt in GNOME, start a graphical terminal application such as GNOME
Terminal.
• Use one of the following methods to start a terminal:
• From the Activities overview, select Terminal from the dash, either in Favorites or with the
Show Applications button.
• Search for terminal in the search field at the top of the windows overview).
• Press the Alt+F2 key combination to open the Enter a Command and enter gnome-
• terminal.
1.Lock the Screen and Log Out
2.Lock the screen, or log out entirely, from the system menu on the far right of the top bar.
3.Power Off or Reboot the System
4.To shut down the system, from the system menu in the upper-right corner, select Power
Off/Log out > Power Off or press Ctrl+Alt+Del.
5.A window is displayed that offers the option to Cancel or confirm the Power Off action.
6. If you do not make a choice, then the system automatically shuts down after 60 seconds.
Execute Commands with the Bash
Shell
Basic Command Syntax

• The GNU Bourne-Again Shell (bash) is a program that interprets commands that the user types.
• Each string that is typed into the shell can have up to three parts:
• When you are ready to execute a command, press the Enter key.
• Type each command on a separate line.
• The command output is displayed before the following shell prompt appears.

Example:
Use the semicolon (;) as a command separator if you want to write many commands
on a single line. Semicolons belong to a group of letters known as metacharacters,
which have a unique meaning for the letter "bash." In this instance, the output of both
commands is shown prior to the subsequent shell prompt.
Combining two commands (command1 and command2) on the command line is
demonstrated in the following example.
 Write Simple Commands
• The date command displays the current date and time.
• The superuser or a privileged user can also use the date command to set the system clock.
• Use the plus sign (+) as an argument to specify a format string for the date command.
Example:
View the Contents of Files
• The cat command is one of the most simple and frequently used commands in Linux.
• Use this command to create single or multiple files, view the contents of files,
concatenate the contents from various files, and redirect contents of the file to a
terminal or to files.

• Example:
The head and tail commands display the beginning and the end of a file, respectively.
By default, these commands display 10 lines of the file, but they both have a -n option to
specify a different number of lines.
• Example:
The head and tail commands display the beginning and the end of a file,
respectively. By default, these commands display 10 lines of the file, but they
both have a -n option to specify a different number of lines.

• Example:
• [root@node1 ~]# tail /etc/passwd
• dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
• dovenull:x:971:971:Dovecot - unauthorized user:/usr/libexec/dovecot:/sbin/nologin
• tcpdump:x:72:72::/:/sbin/nologin
• admin:x:1000:1000:Admin:/home/admin:/bin/bash
• U1:x:1001:1001::/home/U1:/bin/bash
• U2:x:1002:1004::/home/U2:/bin/bash
• U3:x:1003:1005::/home/U3:/bin/bash
• U4:x:1004:1006::/home/U4:/bin/bash
• U5:x:1005:1007::/home/U5:/bin/bash
• hello:x:1006:1008::/home/hello:/bin/bash
• [root@node1 ~]#
 The wc command counts lines, words, and characters in a file. Use the -l, -w, or -c options to display only the
given number of lines, words, or characters, respectively.

• Example:
• [root@node1 ~]# wc /etc/passwd
• 58 136 3288 /etc/passwd
• [root@node1 ~]# wc -l /etc/passwd
• 58 /etc/passwd
• [root@node1 ~]# wc -w /etc/passwd
• 136 /etc/passwd
• [root@node1 ~]# wc -c /etc/passwd
• 3288 /etc/passwd
• [root@node1 ~]#
Understand Tab Completion

• With tab completion, users can quickly complete commands or file names after typing enough at
the prompt to make it unique. If the typed characters are not unique, then pressing the Tab key
twice displays all commands that begin with the typed characters.

• Example:
• Press Tab twice.
• Press Tab once.
Tab completion helps to complete file names when typing them as arguments to commands. Press
• Tab to complete as much of the file name as possible. Pressing Tab a second time causes the shell
• [user@host ~]$ pasTab+Tab
passwd paste pasuspender
• [user@host ~]$ passTab
[user@host ~]$ passwd
Changing password for user user. Current password:
 Write a Long Command on Multiple Lines
• Commands with many options and arguments can quickly become long and are
automatically wrapped by the command window when the cursor reaches the right
margin. Instead, type a long command by using more than one line for easier reading.
• Example :
• head -n 3 \
• /usr/share/dict/words \
• /usr/share/dict/linux.words
Display the Command History
• The history command displays a list of previously executed commands prefixed with a command number.
• The exclamation point character (!) is a metacharacter to expand previous commands without retyping them.
• The !number command expands to the command that matches the specified number.
• The !string command expands to the most recent command that begins with the specified string.
• #history
• Example :
• [root@node1 ~]# history
• 1 systemctl reboot
• 2 ls
• 3 ip a
• 4 touch file
• 5 ls
• 6 scp file root@192.168.1.128:
• 7 ping 192.168.1.128
• 8 reboot
• 9 ls
• 10 scp file root@192.168.1.112:
• 11 sftp root@192.168.1.112:
• 12 ip a
• 13 ping 192.168.1.112
•
Chapter 3 Manage Files from the Command Line
• Describe Linux File System Hierarchy Concepts
• The File-system Hierarchy
• The Linux system stores all files on file systems, which are organized into a single
inverted tree known as a file-system hierarchy. This hierarchy is an inverted tree
because the tree root is at the top, and the branches of directories and subdirectories
stretch below the root.
Red Hat Enterprise Linux
Directories
Absolute Paths and Relative Paths
•The path of a file or directory specifies its unique file system location.

•Absolute Paths

•It is a fully qualified name, specifying the files exact location in the file system hierarchy.

•It begins at the root (/) directory and specifies each subdirectory that must be traversed to reach the specific file.

•A path name with a forward slash (/) as the first character is an absolute path name.

•Relative Paths
•The working directory or current working directory refer to their current location.

•A relative path identifies a unique file, specifying only the path necessary to reach the file from
the working directory.

•A path name with anything other than a forward slash (/) as the first character is a relative path
name.
Relative path
•mkdir d1/d2/d3/d4 –pv (Relative path)

•mkdir: created directory 'd1' mkdir: created directory

'd1/d2' mkdir: created directory 'd1/d2/d3' mkdir:
created directory 'd1/d2/d3/d4'

•cd d1/d2/d3/d4/ (Relative path)

•#pwd

•/home/anand/d1/d2/d3/d4

•cd /home/anand/d1/d2 (Absolute path )

cp /etc/passwd
•cd ../../ (Relative path) /home/anand/d1/d2/ (Absolute path )

•#cp /etc/passwd /home/anand/d1/d2/d3/d4

 Navigate Paths in the File
• System
The pwd command displays the full path name of the current working directory for that
shell.

Use the cd command to change your shell's current working directory. If you do
not specify any arguments to the command, then it changes to your home
directory.
Touch command used
• The touch command updates the time stamp of a file to the current date and time without otherwise modifying it.

• This command is useful for creating empty files, which can be used for practice, because when
you use the touch command with a file name that does not exist, the file is created.
• [root@node1 ~]# touch Anand.txt
• [root@node1 ~]# touch Linux
• [root@node1 ~]# touch Linux.txt
• [root@node1 ~]# ls
• [root@node1 ~]# ls
• Anand.txt Dir file Linux Linux.txt
• [root@node1 ~]# ll
• total 0
• -rw-r--r--. 1 root root 0 Feb 21 15:33 Anand.txt
• drwxr-xr-x. 2 root root 6 Feb 21 11:20 Dir
• -rwxrwxrwx. 1 root root 0 Feb 21 11:03 file
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux.txt
Ls command used
• The ls command has multiple options for displaying attributes on files. The most common options are -l (long
listing format), -a (all files, including hidden files), and -R (recursive, to include the contents of all subdirectories).
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux.txt
• [root@node1 ~]# ls
• Anand.txt Dir file Linux Linux.txt
• [root@node1 ~]# ls -l
• total 0
• -rw-r--r--. 1 root root 0 Feb 21 15:33 Anand.txt
• drwxr-xr-x. 2 root root 6 Feb 21 11:20 Dir
• -rwxrwxrwx. 1 root root 0 Feb 21 11:03 file
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux.txt
• [root@node1 ~]# ls -la
• total 60
• dr-xr-x---. 11 root root 4096 Feb 21 15:34 .
• dr-xr-xr-x. 20 root root 274 Feb 20 17:32 ..
• -rw-r--r--. 1 root root 0 Feb 21 15:33 Anand.txt
• -rw-------. 1 root root 14968 Feb 21 11:58 .bash_history
• -rw-r--r--. 1 root root 18 Aug 10 2021 .bash_logout
Used tilde command
• You can also use the tilde (~) special character in combination with other commands to
facilitate the interaction with the home directory.
• [root@node1 ~]# cd /var/log/
• [root@node1 log]# ls ~
• Anand.txt Dir file Linux Linux.txt
• [root@node1 log]# ls -l ~
• total 0
• -rw-r--r--. 1 root root 0 Feb 21 15:33 Anand.txt
• drwxr-xr-x. 2 root root 6 Feb 21 11:20 Dir
• -rwxrwxrwx. 1 root root 0 Feb 21 11:03 file
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux.txt
Manage Files with Command-line Tools
• Command-line File Management
• Creating, removing, copying, and moving files and directories are common operations for a system administrator.
• Without options, some commands are used to interact with files, or they can manipulate directories with the appropriate set of
options.

• Create Directories
• The mkdir command creates one or more directories or subdirectories. It takes as an argument a list of paths to the directories that
you want to create.
• The mkdir command fails because the Video directory does not exist. If you had used the mkdir command with the -p option, then the
Video directory would be created unintentionally. The Watched subdirectory would be created in that incorrect directory.
• [root@node1 ~]# tree
• [root@node1 ~]# mkdir Anand
• [root@node1 ~]# mkdir Anand/Anand1
• [root@node1 ~]# mkdir -p Admin/Admin1

• │ └── Admin1
• ├── Anand
• │ └── Anand1
• ├── Anand.txt
• ├── Dir
• ├── file
• ├── Linux
• └── Linux.txt
Copy Files and Directories
• The cp command copies a file, and creates a file either in the current directory or in a
different specified directory.
• [root@node1 ~]# cp Anand.txt /home/admin/
• [root@node1 ~]# ls -R /home/admin/
• /home/admin/:
• Anand.txt hello myetc

• [root@node1 ~]# ls -l /home/admin/

• total 12
• -rw-r--r--. 1 root root 0 Feb 21 15:48 Anand.txt
• drwxr-xr-x. 2 root root 6 Feb 20 11:46 hello
• drwxr-xr-x. 173 root root 8192 Feb 18 21:54 myetc
 Move Files and Directories
• The mv command moves files from one location to another.
• If you think of the absolute path to a file as its full name, then moving a file is effectively
the same as renaming a file.
• The content of the files that are moved remain unchanged.
• [root@node1 ~]# ls
• Admin Anand Anand.txt Dir file Linux Linux.txt
• [root@node1 ~]# cd /home/
• [root@node1 home]# ls
• admin Admin1 hello myetc U1 U2 U3 U4 U5
• [root@node1 home]# cd
• [root@node1 ~]# mv Anand.txt /home/U1
• [root@node1 ~]# ls -l /home/U1
• total 0
• -rw-r--r--. 1 root root 0 Feb 21 15:33 Anand.txt
• [root@node1 ~]# ls
• Admin Anand Dir file Linux Linux.txt
Remove Files and Directories
• The rm command removes files. By default, rm does not remove directories.
• You can use the rm command -r or --recursive option to enable the rm command to delete
directories and their contents.
• The rm -r command traverses each subdirectory first, and individually removes their files
before removing each directory.
• [root@node1 ~]# rmdir Admin/
• rmdir: failed to remove 'Admin/': Directory not empty
• [root@node1 ~]# rm -r Admin/
• rm: descend into directory 'Admin/'? y
• rm: remove directory 'Admin/Admin1'? y
• rm: remove directory 'Admin/'? y
• [root@node1 ~]# ls
• Anand Dir file Linux Linux.txt
• [root@node1 ~]#
• [root@node1 ~]# rm -rf Anand/
• [root@node1 ~]# ls
Make Links Between Files
• Manage Links Between Files
• You can create multiple file names that point to the same file. These file names are called links. You can create
two types of links: a hard link, or a symbolic link (sometimes called a soft link).

• Create Hard Links

• Every file starts with a single hard link, from its initial name to the data on the file system.
• When you create a hard link to a file, you create another name that points to that same data.
• The new hard link acts exactly like the original file name.
• After the link is created, you cannot tell the difference between the new hard link and the original name of the
file.
• [root@node1 ~]# ls -l Linux.txt
• -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux.txt
• [root@node1 ~]# ls -il Linux.txt
• 19549514 -rw-r--r--. 1 root root 0 Feb 21 15:34 Linux.txt
• [root@node1 ~]# ln /root/Linux.txt /home/admin/
• [root@node1 home]# cd admin/
• [root@node1 admin]# ls
• Anand.txt hello Linux.txt myetc
• [root@node1 admin]# ls -il Linux.txt
• 19549514 -rw-r--r--. 2 root root 0 Feb 21 15:34 Linux.txt
• [root@node1 admin]#
Create Symbolic Links
• The ln command -s option creates a symbolic link, which is also called a "soft link". A
symbolic link is not a regular file, but a special type of file that points to an existing file
or directory.
• Symbolic links have some advantages over hard links:
• Symbolic links can link two files on different file systems.
• Symbolic links can point to a directory or special file, not just to a regular file.
• [root@node1 ~]# ln -s /root/Linux.txt /home/admin/Anand.txt1
• [root@node1 ~]# cd /home/admin/
• [root@node1 admin]# ls
• Anand.txt Anand.txt1 hello Linux.txt myetc
Match File Names with Shell Expansions
• Command-line Expansions
• The Bash shell has multiple ways of expanding a command line, including pattern
matching, home directory expansion, string expansion, and variable substitution.

• [user@host glob]$ ls a*
able alpha
[user@host glob]$ ls *a*[root@node1 ~]# A=$(date)
• [root@node1 ~]# echo $A
• Wednesday 21 February 2024 04:11:41 PM IST
• [root@node1 ~]#

• Variable Expansion
able alpha baker bravo cast charlie delta easy
• [user@host glob]$ ls [ac]*
• able alpha cast charlie
• [root@node1 ~]# echo {Sunday,Monday,Tuesday,Wednesday}
• Sunday Monday Tuesday Wednesday
Chapter 4 Get Help in Red Hat Enterprise Linux
• Introduction to the Linux Manual Pages
• Search for man Pages by Keyword
• Use the man command -k option (equivalent to the apropos command) to search for a keyword in man
pages' titles and descriptions.
• The keyword search displays as a result a list of keyword- matching man page topics with section
numbers. For example, the following command searches for man pages with the word passwd.
• [root@node1 ~]# man -k passwd
• chgpasswd (8) - update group passwords in batch mode
• chpasswd (8) - update passwords in batch mode
• fgetpwent_r (3) - get passwd file entry reentrantly
• [student@workstation ~]$ man -k boot
• binfmt.d (5)
• bootparam (7) bootup (7)
• ...output omitted...
• - Configure additional binary formats for executables at boot - introduction to boot time parameters of the Linux
kernel - System bootup process
 Examples for Output Redirection
• Simplify many routine administration tasks by using redirection. Use the previous table to
assist while considering the following examples:

Example:
[root@node1 ~]# date
Thursday 22 February 2024 03:39:09 AM IST
[root@node1 ~]# date > date.txt
[root@node1 ~]# cat date.txt
Thursday 22 February 2024 03:39:22 AM IST
[root@node1 ~]#
[root@node1 ~]# tail -n 2 /var/log/messages
>/tmp/last2lines_output.txt
[root@node1 ~]# cat /tmp/last2lines_output.txt
• Example:
• [root@node1 ~]# echo "hello" >echo.txt
• [root@node1 ~]# cat echo.txt
• hello
• [root@node1 ~]# echo "hell1" >> echo.txt
• [root@node1 ~]# echo "hell2" >> echo.txt
• [root@node1 ~]# echo "hell3" >> echo.txt
• [root@node1 ~]# echo "hell4" >> echo.txt
• [root@node1 ~]# cat echo.txt
• hello
• hell1
• hell2
• hell3
• hell4
• [root@node1 ~]#
• Example3:

[admin@node1 ~]$ find / etc -name /passwd >find_output.txt 2> find.txt

[admin@node1 ~]$ ls
Anand.txt Anand.txt1 find_output.txt find.txt hello Linux.txt myetc
[admin@node1 ~]$

[admin@node1 ~]$ find /etc -name passwd 2> find

/etc/pam.d/passwd
/etc/passwd
[admin@node1 ~]$
 Example4:

• [admin@node1 ~]$ find /etc -name passwd > /tmp/outpt.txt 2> /dev/null
• [admin@node1 ~]$ cat /tmp/outpt.txt
• /etc/pam.d/passwd
• /etc/passwd
• [admin@node1 ~]$
 • Example5:

[admin@node1 ~]$ find /etc -name passwd &> /tmp/both.txt

[admin@node1 ~]$ cat /tmp/both.txt

Example6:

[admin@node1 ~]$ find /etc -name passwd &>> /tmp/both.txt

[admin@node1 ~]$ cat /tmp/both.txt
Construct Pipelines
A pipeline is a sequence of one or more commands that are separated by the vertical
bar character (|).

A pipeline connects the standard output of the first command to the standard input of
the next command.
Pipeline Examples
The following list shows some pipeline examples:

Redirect the output of the ls command to the less command to display it on the terminal
one screen at a time.
Example1
• [admin@node1 ~]$ ls -l /usr/bin/ | less

Redirect the output of the ls command to the wc -l command, which counts the number of
received lines from ls and prints that value to the terminal.

Example:
[admin@node1 ~]$ ls -l /usr/bin/ | less

[admin@node1 ~]$ ls |wc -l

8
Redirect the output of the ls -t command to the head command to display the first 10
lines, with the final result redirected to the /tmp/first-ten-changed-files file.

Example:
• [admin@node1 ~]$ ls -t | head -n 10 > /tmp/first-ten-changed-files
• [admin@node1 ~]$ cat /tmp/first-ten-changed-files
• find
• find.txt
• find_output.txt
• Anand.txt1
• Anand.txt
• Linux.txt
• hello
• myetc
• [admin@node1 ~]$
Pipelines, Redirection, and Appending to a File
• When you combine redirection with a pipeline, the shell sets up the entire pipeline first,
and then it redirects the input/output. If you use output redirection in the middle of a
pipeline, then the output goes to the file and not to the next command in the pipeline.
• In the next example, the output of the ls command goes to the /tmp/saved-output file, and
the less command displays nothing on the terminal.

Example:
[admin@node1 ~]$ ls > /tmp/saved-output | less
[admin@node1 ~]$ cat /tmp/saved-output
Anand.txt
Anand.txt1
find
find_output.txt
find.txt
hello
Linux.txt
myetc
[admin@node1 ~]$
Pipeline Examples with the tee Command
• The tee command overcomes this limitation.
• In a pipeline, tee copies its standard input to its standard output and also redirects its
standard output to the files that are given as arguments to the command.
• If you imagine data as water that flows through a pipeline, then you can visualize tee as
a "T" joint in the pipe that directs output in two directions.
• The next example redirects the output of the ls command to the /tmp/saved-output file and
passes it to the less command, so it is displayed on the terminal one screen at a time.

If you use the tee command at the end of a pipeline, then the terminal shows the output of the
commands in the pipeline and saves it to a file at the same time.

Example
[admin@node1 ~]$ ls -l | tee /tmp/saved-output | less
[admin@node1 ~]$ cat /tmp/saved-output
total 132
-rw-r--r--. 1 root root 0 Feb 21 15:48 Anand.txt
lrwxrwxrwx. 1 root root 15 Feb 21 16:05 Anand.txt1 -> /root/Linux.txt
-rw-r--r--. 1 admin admin 1160 Feb 21 22:28 find
-rw-r--r--. 1 admin admin 0 Feb 21 22:26 find_output.txt
-rw-r--r--. 1 admin admin 116332 Feb 21 22:26 find.txt
drwxr-xr-x. 2 root root 6 Feb 20 11:46 hello
-rw-r--r--. 2 root root 0 Feb 21 15:34 Linux.txt
drwxr-xr-x. 173 root root 8192 Feb 18 21:54 myetc
If you use the tee command at the end of a pipeline, then the terminal shows the output of
the
commands in the pipeline and saves it to a file at the same time.

• Example
• [admin@node1 ~]$ ls -t | head -n 10 | tee /tmp/ten-last-changed-files
• find
• find.txt
• find_output.txt Use the tee command -a option to append the
content to a file instead of overwriting it.
• Anand.txt1 Example:
• Anand.txt
[admin@node1 ~]$ ls -l | tee -a /tmp/append-files
• Linux.txt total 132
• hello -rw-r--r--. 1 root root 0 Feb 21 15:48 Anand.txt
lrwxrwxrwx. 1 root root 15 Feb 21 16:05 Anand.txt1 ->
/root/Linux.txt
-rw-r--r--. 1 admin admin 1160 Feb 21 22:28 find
-rw-r--r--. 1 admin admin 0 Feb 21 22:26 find_output.txt
 Edit Text Files from the Shell Prompt
• Vim is an improved version of the vi editor, which is distributed with Linux and UNIX
systems. Vim is highly configurable and efficient for practiced users, including split-
screen editing, color formatting, and highlighting for editing text.

• Benefits of the Vim Editor

• When a system uses a text-only shell prompt, you should know how to use at least one
text editor for editing files.

• Get Started with Vim

• You can install the Vim editor in Red Hat Enterprise Linux by using either of two
packages. These two packages provide different features and Vim commands for editing
text-based files.
• With the vim-minimal package, you might install the vi editor with core features. This
lightweight installation includes only the core features and the basic vi command. You
can open a file for editing by using the vi command.
Vim Operating Modes
he Vim editor offers various modes of operation such as command mode, extended
command mode, edit mode, and visual mode. You should always check the current mode as
a Vim user, because keystrokes have different effects in different modes.
 The Minimum, Basic Vim Workflow
• Vim has efficient, coordinated keystrokes for advanced editing tasks. Although
considered beneficial with practice, the capabilities of Vim can overwhelm new users.
• Red Hat recommends to learn the following Vim keys and commands.
• • The u key undoes the most recent edit.
• The x key deletes a single character.
• The :w command writes (saves) the file and remains in command mode for more
editing. • The :wq command writes (saves) the file and quits Vim.
• The :q! command quits Vim, and discards all file changes since the last write.
• Visual Mode in Vim
• Visual mode is useful to highlight and manipulate text in different lines and columns. You
can enter visual modes on Vim by using the following key combinations.
• • Character mode : v
• Line mode : Shift+v • Block mode : Ctrl+v
• Character mode highlights sentences in a block of text. The word VISUAL appears at the
bottom of the screen. Press v to enter visual character mode. Shift+v enters line mode.
VISUAL LINE appears at the bottom of the screen.
• Visual block mode is perfect for manipulating data files. Press the Ctrl+v keystroke to
enter the visual block from the cursor. VISUAL BLOCK appears at the bottom of the
screen. Use the arrow keys to highlight the section to change.
 Shell Variable Usage

• With the Bash shell, you can set shell variables to help to run commands or to modify the behavior of the shell.
You can also export shell variables as environment variables, which are automatically copied to programs that
are run from that shell. You can use variables for ease of running a command with a long argument, or to apply a
common setting to commands that are run from that shell.

• Assign Values to Variables

• [root@node1 ~]# date
• Wednesday 21 February 2024 11:34:08 PM IST[root@node1 ~]# echo count
• count
• [root@node1 ~]# echo $count
• 100
• [root@node1 ~]#

• [root@node1 ~]# a=$(date)

• [root@node1 ~]# echo $a
• Wednesday 21 February 2024 11:34:24 PM IST
 Configure Bash with Shell Variables
• Some shell variables are set when Bash starts. You can modify them to adjust the shell's
behavior.
• For example, the HISTFILE, HISTFILESIZE, and HISTTIMEFORMAT shell variables affect the
shell history and the history command.
• The HISTFILE variable specifies which file to save the shell history to, and defaults to the
~/.bash_history file. The HISTFILESIZE variable specifies how many commands to save in
that file from the history.
• The HISTTIMEFORMAT variable defines the time stamp format for every command in the
history. This variable does not exist by default.
• Example
• 1022 2024-02-21 23:38:12 HISTTIMEFORMAT="%F %T "
• 1023 2024-02-21 23:38:22 history
• [root@node1 ~]# HISTTIMEFORMAT="%F %T "
• [root@node1 ~]#
• [root@node1 ~]# history
Chapter 6 Manage Local Users and Groups
Describe User and Group Concepts
• What Is a User?
• A user account provides security boundaries between different people and programs
that can run commands.
• Users have usernames to identify them to human users and for ease of working.
• Use the id command to show information about the currently logged-in user:

• Example:
• [root@node1 ~]# id
• uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-
s0:c0.c1023
• [root@node1 ~]# id admin
• uid=1000(admin) gid=1000(admin) groups=1000(admin),10(wheel)
What Is a Group?
1.A group is a collection of users that need to share access to files and other system
resources. Groups can be used to grant access to files to a set of users instead of to a single
user.
2.Each line in the /etc/group file contains information about one group.

Example
• [root@node1 ~]# cat /etc/group
• root:x:0:
• bin:x:1:
• daemon:x:2:
• sys:x:3:
• adm:x:4:
• tty:x:5:
• disk:x:6:
Primary Groups and Secondary Groups
• Every user has exactly one primary group. For local users, this group is listed by GID in the
/etc/passwd file. The primary group owns files that the user creates.
Gain Superuser Access
The Superuser
• Most operating systems have a superuser that has all power over the system.
• In Red Hat Enterprise Linux, it is the root user.
• This user has the power to override normal privileges on the file system, and you can use it to
manage and administer the system.
• For tasks such as installing or removing software, and to manage system files and directories,
users must escalate their privileges to the root user.
Switch User Accounts
• With the su command, users can switch to a different user account. If you run the su command
from a regular user account with another user account as a parameter, then you must provide
the password of the account to switch to. When the root user runs the su command, you do not
need to enter the user's password.
• Example
• [root@node1 ~]# su - admin
• Last login: Wed Feb 21 22:23:01 IST 2024 on pts/0
• [admin@node1 ~]$
Run Commands with Sudo
• For security reasons, in some cases system administrators configure the root user not to
have a valid password.
• Thus, users cannot log in to the system as root directly with a password. Moreover, you
cannot use su to get an interactive shell. In this case, you can use the sudo command to
get root access.
• dditionally, you can configure the sudo command to allow specific users to run any
command as some other user, or only some commands as that user. For example, if you
configure the sudo command to allow the user01 user to run the usermod command as
root, then you can run the following command to lock or unlock a user account:
• Example
• [root@node1 ~]# su - admin
• Last login: Wed Feb 21 22:23:01 IST 2024 on pts/0
• [admin@node1 ~]$ sudo usermod -L Admin1
• [sudo] password for admin:
• [admin@node1 ~]$ su - Admin1
• Password:
• su: Authentication failure
If a user tries to run a command as another user, and the sudo configuration does not
permit it, then bash blocks the command, logs the attempt, and sends by default an email
to the root user.

Example
• [admin@node1 ~]$ sudo tail -n 2 /var/log/secure
• Feb 22 13:13:59 node1 sudo[15160]: pam_unix(sudo:session): session opened for user root(uid=0) by
(uid=1000)
• Feb 22 13:13:59 node1 sudo[15160]: pam_unix(sudo:session): session closed for user root
• [admin@node1 ~]$
• Another benefit of sudo is to log by default all the executed commands to /var/log/secure.

• Example
• [admin@node1 ~]$ sudo tail /var/log/secure
• Feb 22 13:11:56 node1 usermod[15138]: lock user 'Admin1' password
• Feb 22 13:11:56 node1 sudo[15134]: pam_unix(sudo:session): session closed for user root
• Feb 22 13:12:17 node1 unix_chkpwd[15152]: password check failed for user (Admin1)
• Feb 22 13:12:17 node1 su[15150]: pam_unix(su-l:auth): authentication failure; logname= uid=1000 euid=0
tty=/dev/pts/0 ruser=admin rhost= user=Admin1
Configure sudo file
• The /etc/sudoers file is the main configuration file for the sudo command. To avoid problems if multiple
administrators try to edit the file at the same time, you can edit it only with the special visudo
command. The visudo editor also validates the file, to ensure no syntax errors.
• For example, the following line from the /etc/sudoers file enables sudo access for wheel group members:

Example
• # Allow root to run any commands anywhere
• root ALL=(ALL) ALL
• Hello ALL=(ALL) ALL
• ## Allows members of the 'sys' group to run networking, software,
• ## service management apps and more.
• # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
• ## Allows people in group wheel to run all commands
• %wheel ALL=(ALL) ALL
• %Hello ALL=(ALL) ALL
• ## Same thing without a password
• # %wheel ALL=(ALL) NOPASSWD: ALL
• # %Hello ALL=(ALL) NOPASSWD: ALL
 Manage Local User Accounts

• Create Users from the Command Line

• The useradd username command creates a user called username. It sets up the user's home
directory and account information, and creates a private group for the user called username.
• At this point, a valid password is not set for the account, and the user cannot log in until a
password is set.

• In Red Hat Enterprise Linux 9, the useradd command assigns new users the first free UID that
is greater than or equal to 1000, unless you explicitly specify one by using the -u option.

• The /etc/login.defs file sets some of the default options for user accounts, such as the range of
valid UID numbers and default password aging rules. The values in this file affect only newly
created user accounts. A change to this file does not affect existing users.
 Modify Existing Users from the Command
Line
• he usermod --help command displays the basic options to modify an account. Some
common options are as follows:

-a –append Use it with the -G option to add the secondary groups to the user's current set of
group memberships instead of replacing the set of secondary groups with a new set.

-c, --comment COMMENT Add the COMMENT text to the comment field.

-d, --home HOME_DIR Specify a home directory for the user account.

-g, --gid GROUP Specify the primary group for the user account.
Delete Users from the Command Line
• The userdel username command removes the username user from /etc/passwd, but leaves
the user's home directory intact.
• The userdel -r username command removes the user from /etc/passwd and deletes the
user's home directory.

[root@node1 home]# ls
admin Admin1 hello myetc U1 U2 U3 U4 U5
[root@node1 home]# userdel Admin1
[root@node1 home]# ls
admin Admin1 hello myetc U1 U2 U3 U4 U5
[root@node1 home]#
Manage Local Group Accounts
Manage Local Groups
• Several command-line tools facilitate group management. While you can use the Users
GUI utility to manage groups, Red Hat recommends to use command-line tools.
Create Groups from the Command Line
• The groupadd command creates groups. Without options, the groupadd command uses the
next available GID from the range specified by the GID_MIN and GID_MAX variables in
the /etc/login.defs file. By default, the command assigns a GID value greater than any
other existing GIDs, even if a lower value becomes available.

Example
[root@host ~]# groupadd -r group02
[root@host ~]# tail /etc/group ...output omitted... group01:x:10000:
The groupadd command -r option creates system groups. As with normal groups, system groups
group02:x:988:
use a GID from the range of listed valid system GIDs in the /etc/login.defs file.
[root@host ~]# groupadd -r group02
[root@host ~]# tail /etc/group ...output omitted... group01:x:10000:
group02:x:988:
 Modify Existing Groups from the Command Line
• The groupmod command changes the properties of an existing group. The groupmod
command -n option specifies a new name for the group.
[root@host ~]# groupmod -n group0022 group02
[root@host ~]# tail /etc/group
Notice that the group name updates to group0022 from group02. The groupmod command -g
option specifies a new GID.
[root@host ~]# groupmod -g 20000 group0022
[root@host ~]# tail /etc/group
...output omitted...
group0022:x:20000:

Notice that the GID changes to 20000 from 988.

Delete Groups from the Command

Line
The groupdel command removes groups.
[root@host ~]# groupdel group0022
Change Group Membership from the Command Line
• Themembershipofagroupiscontrolledwithusermanagement.Usetheusermod -gcommand to change a
user's primary group.

• [root@host ~]# id user02

uid=1006(user02) gid=1008(user02) groups=1008(user02)
• [root@host ~]# usermod -g group01 user02
[root@host ~]# id user02
uid=1006(user02) gid=10000(group01) groups=10000(group01)
• Use the usermod -aG command to add a user to a secondary
group.
• [root@host ~]# id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03)
[root@host ~]# usermod -aG group01 user03
[root@host ~]# id user03
uid=1007(user03) gid=1009(user03) groups=1009(user03),10000(group01)
Compare Primary and Secondary Group Membership
• A user's primary group is the group that is viewed on the user's account in the
/etc/passwd file. A user can only belong to one primary group at a time.
Temporarily Change Your Primary Group
• Only a user's primary group is used for new file creation attributes.
• However, you can temporarily switch your primary group to another group, but you can
only choose from secondary groups
to which you already belong. You might switch if you are about to create a number of
new files, manually or scripted, and want them to have a different group assigned as
owner as they are being created.

Shadow Passwords and Password Policy

• Originally, encrypted passwords were stored in the world-readable /etc/passwd file.
• This was considered adequate until dictionary attacks on encrypted passwords became
common.
• The encrypted passwords were moved to the /etc/shadow file, which only the root user can
read.
[root@host ~]# cat /etc/shadow
• Like the /etc/passwd file, each user has an entry with in the /etc/shadow file. An example
entry from the /etc/shadow file has nine colon-separated fields:
 Password Verification

• When a user tries to log in, the system looks up the entry for the user in the /etc/shadow
file, combines the salt for the user with the unencrypted typed password, and encrypts
the combination of the salt and unencrypted password with the specified hashing
algorithm.
 Configure Password Aging
• The following diagram shows the relevant password aging parameters, which
can be adjusted by using the chage command to implement a password aging
policy.
• Notice that the command name is chage which stands for "change age", and it
should not be confused with the word "change".
Example demonstrates the chage command to change the password policy of the sysadmin05
user. The command defines a minimum age (-m) of zero days, a maximum age (-M) of 90
days, a warning period (-W) of 7 days, and an inactivity period (-I) of 14 days.

[root@Anand ~]# chage -m 0 -M 90 -W 7 -I 14 Anand

[root@Anand ~]# chage -l Anand
Last password change : Mar 02, 2024
Password expires : May 31, 2024
Password inactive : Jun 14, 2024
Account expires : never
Minimum number of days between password change :0
Maximum number of days between password change : 90
Number of days of warning before password expires :7
[root@Anand ~]#
 Assume that you manage the user password policies on a Red Hat server.
The Anand user is new in the system and you want to set a custom password aging policy.
You want to set the account expiration 30 days from today.

• [root@Anand ~]# chage -E $(date -d "+30 days" +%F) Anand

• [root@Anand ~]# chage -l Anand | grep "Account expires"
• Account expires : Apr 01, 2024
• [root@Anand ~]# chage -l Anand
• Last password change : Mar 02, 2024
• Password expires : May 31, 2024
• Password inactive : Jun 14, 2024
• Account expires : Apr 01, 2024
• Minimum number of days between password change :0
• Maximum number of days between password change : 90
• Number of days of warning before password expires : 7
• [root@Anand ~]#
 Restrict Access

Example
[root@Anand ~]# usermod -L Anand
[root@Anand ~]# passwd -S Anand
Anand LK 2024-03-02 0 90 7 14 (Password locked.)
[root@Anand ~]#

[root@Anand ~]# tail /var/log/secure

Mar 2 17:47:24 Anand chage[3201]: changed password expiry for Anand

Mar 2 17:54:00 Anand gdm-password][3233]: gkr-pam: unlocked login keyring
Mar 2 17:54:20 Anand chage[3249]: changed password expiry for Anand
Mar 2 17:56:52 Anand usermod[3270]: lock user 'Anand' password
[root@Anand ~]#
 The nologin Shell
• The nologin shell acts as a replacement shell for the user accounts that are not intended
to interactively log in to the system.
• It is good security practice to disable an account from logging in to the system when the
account does not require it.
• A common solution to this situation is to set the user's login shell to /sbin/nologin.
• If the user attempts to log in to the system directly, then the nologin shell closes the
connection.
Example:
[root@Anand ~]# usermod -s /sbin/nologin Anand
[root@Anand ~]# tail /etc/passwd |grep Anand
Anand:x:1000:1000::/home/Anand:/sbin/nologin
[root@Anand ~]# su - Anand
This account is currently not available.
[root@Anand ~]#

[root@Anand ~]# usermod -s /bin/bash Anand

[root@Anand ~]# tail /etc/passwd |grep Anand
Anand:x:1000:1000::/home/Anand:/bin/bash
[root@Anand ~]#
Changing a User’s Home Directory

• [root@Anand ~]# tail /etc/passwd

• Anand:x:1000:1000::/home/:/bin/bash
• [root@Anand ~]# mkdir /cybe1
• [root@Anand ~]# usermod -m -d /cyber1/ Anand
• [root@Anand ~]# tail /etc/passwd |grep Anand
• Anand:x:1000:1000::/cyber1/:/bin/bash
• [root@Anand ~]#
chapter 7 | Control Access to Files
• Linux File-system Permissions
• File permissions control access to files. Linux file permissions are simple but flexible and
able to handle most normal permission cases.

Permission Effect on files Effect on directories

r (read)
File contents can be Contents of the directory (the file names) can be
read. listed.
File contents can be
w (write)
changed.
Any file in the directory can be created or deleted.

Files can be executed as The directory can become the current working directory. You can run the
x (execute)
commands. cd command to it, but it also requires read permission to list files there.

echo "umask 007" >> ~/.bashrc

 View File and Directory Permissions and Ownership

The ls command -l option shows detailed information about permissions and ownership:

[root@Anand ~]# ls -l Anand.txt123

-rw-rw-r--. 1 root root 0 Mar 2 2024 Anand.txt123
[root@Anand ~]#

Use the ls command -d option to show detailed information about a

directory itself, and not its contents.
[root@Anand ~]# ls -ld cyber1
-rw-rw-r--. 1 root root 104 Feb 28 18:28 cyber1
[root@Anand ~]#

The first character of the long listing is the file typ

• - is a regular file.
• d is a directory.
• l is a symbolic link.
• c is a character device file.
• b is a block device file.
• p is a named pipe file.
• s is a local socket file.
Example:

• [root@Anand ~]# ls -ld cyber1

• -rw-rw-r--. 1 root root 104 Feb 28 18:28 cyber1
• [root@Anand ~]# ls -la
• total 7004
• dr-xr-x---. 31 root root 4096 Mar 2 18:12 .
• dr-xr-xr-x. 24 root root 4096 Mar 2 18:29 ..
• -rw-rw-r--. 1 root root 7397 Feb 28 16:31 aal
• -rw-rw-r--. 1 root root 0 Mar 2 2024 Anand.txt123
 Change File and Directory Permissions

• The chmod command changes file and directory permissions from the command line.

• The chmod command can be interpreted as "change mode", because the mode of a file is
another name for file permissions.
• The chmod command takes a permission instruction followed by a list of files
or directories to change. You can set the permission instruction either symbolically or in
octal (numeric) notation.
• Change Permissions with the Symbolic Method
• Use the chmod command to modify file and directory permissions. The following example
can help you to understand the chmod command usage:
• chmod Who/What/Which file|directory
• Change Permissions with the Symbolic
Method
1.Identify the File/Directory: Determine the file or directory for which you want to change
permissions.
2.Understand Permission Symbols:
• u: User/Owner
• g: Group
• o: Other
• a: All (equivalent to ugo)
• +: Add permissions
• -: Remove permissions
• =: Set permissions explicitly, overriding existing ones
• r: Read
• w: Write
• x: Execute (for files: execute permission means the file can be run as a program; for directories:
execute permission allows access to the directory's contents)
• s: SetUID or SetGID (for files/directories)
• t: Sticky bit (for directories)
Change Permissions with the Octal Method
• You can use the chmod command to change file permissions with the octal
method instead of the symbolic method. In the following example, the #
character represents a digit.
Change Permissions with the Octal Method
• With the octal method, you can represent permissions as a 3-digit (or 4-digit, when
setting
• advanced permissions) octal number. A single octal digit can represent any single value
from 0-7. In the 3-digit octal representation of permissions, each digit stands for one
access level, from left
• to right: user, group, and other. To determine each digit:
• Start with 0.
• If you want to add read permissions for this access level, then add 4.
• If you want to add write permissions, then add 2.
• If you want to add execute permissions, then add 1.
1. Change Permissions:
1. Adding Permissions: Use + followed by the permissions you want to add.
2. Removing Permissions: Use - followed by the permissions you want to remove.
3. Setting Permissions Explicitly: Use = followed by the desired permissions.
2. Apply Changes to User/Group/Other: Specify whether you're changing permissions for the user
(owner), group, or others.
Command Syntax:
[who]: Represents the users whose permissions you want to change (u, g, o, a).
• [operator]: Specifies whether to add (+), remove (-), or set (=) permissions.
• [permissions]: Denotes the permissions to be added, removed, or set (r, w, x, s, t).
• file(s): The file or files for which you're changing permissions.

Example:[root@Anand ~]# chmod u-rwx Anand.txt123

[root@Anand ~]# ls -l Anand.txt123
----rwxr-x. 1 root root 0 Mar 2 2024 Anand.txt123

• [root@Anand ~]# chmod +x Anand.txt123

• [root@Anand ~]# ls -l Anand.txt123
• -rwxrwxr-x. 1 root root 0 Mar 2 2024 Anand.txt123
• [root@Anand ~]#
Change File and Directory User or Group Ownership
The user owns a file that it creates. By default, new files have a group ownership that is the
primary group of the user that creates the file.
In Red Hat Enterprise Linux, a user's primary group is usually a private group with only that user
as a member.
To grant access to a file based on group membership, you might need to change the group that
owns the file.
Example:
[root@Anand ~]# ls -l cyber1
-rw-rw-r--. 1 root root 104 Feb 28 18:28 cyber1
[root@Anand ~]# chown Anand cyber1
[root@Anand ~]# ls -l cyber1
-rw-rw-r--. 1 Anand root 104 Feb 28 18:28 cyber1
[root@Anand ~]# chown :Anand cyber1
[root@Anand ~]# ls -l cyber1
-rw-rw-r--. 1 Anand Anand 104 Feb 28 18:28 cyber1
[root@Anand ~]#
 The chown command -R option recursively changes the ownership of an entire directory tree.
The following command grants ownership of the Desktop directory and all files and subdirectories
within it to the Anand user:

• [root@Anand ~]# chown -R Anand Desktop/

• [root@Anand ~]# lsDesktop/
• bash: lsDesktop/: No such file or directory
• [root@Anand ~]# ls -ld Desktop/
• drwxr-xr-x. 2 Anand root 6 Feb 17 19:09 Desktop/
Special Permissions
• Special permissions are a fourth permission type in addition to the basic user, group, and other
types.
• As the name implies, special permissions provide additional access-related features beyond what
the basic permission types allow.
• This section describes the impact of special permissions, which are summarized in the table below.
• In a long listing, you can identify the sticky permissions by a lowercase t character in the place
where you would normally expect the x character (other execute permissions).
• If other does not have execute permissions, then this character is replaced by an uppercase T
Setting
character.Special Permissions
• Symbolic:setuid=u+s;setgid=g+s;sticky=o+t
• Octal : In the added fourth preceding digit; setuid = 4; setgid = 2; sticky = 1
Examples of Special permissions Add the setgid bit on the example directory by using
the
symbolic method:
[user@host ~]# chmod g+s example

Remove the setuid bit on the example directory by using the symbolic method:
[user@host ~]# chmod u-s example

Set the setgid bit and add read, write, and execute permissions for user and group,
with no
access for others, on the example directory by using the octal method:
[user@host ~]# chmod 2770 example

Remove the setgid bit and add read, write, and execute permissions for user and
group, with no access for others, on the example directory by using the octal method.
Note that you need to add an extra 0 at the beginning of the permissions value when
Default File Permissions
• On creation, a file is assigned initial permissions.
• Two things affect these initial permissions.
• The first is whether you are creating a regular file or a directory.
• The second is the current umask, which stands for user file-
creation mask.
• The umask command without arguments displays the current value of the shell's umask:
• Example:
• [root@Anand ~]# umask
• 0002
• [root@Anand ~]#
• [operator1@servera ~]$ echo "umask 007" >> ~/.bashrc
• [operator1@servera ~]$ cat ~/.bashrc
# .bashrc
Chapter 8 | Monitor and Manage Linux Processes
• Example:1

• [root@localhost ~]# ps
• PID TTY TIME CMD
• 5060 pts/0 00:00:00 bash
• 6386 pts/0 00:00:00 ps
• [root@localhost ~]# jobs
• [root@localhost ~]# ps a
• PID TTY STAT TIME COMMAND
• 3612 tty2 Ssl+ 0:00 /usr/libexec/gdm-wayland-session --register-session gnome-ses
• 3618 tty2 Sl+ 0:00 /usr/libexec/gnome-session-binary
• 5060 pts/0 Ss 0:00 bash
• 6398 pts/0 R+ 0:00 ps a
• [root@localhost ~]#
 Run Jobs in the Background
• Any command or pipeline can be started in the background by appending an
ampersand (&) character to the command.
• The Bash shell displays a job number (unique to the session) and the PID of the new
child process. Example:
• Example: [4]+ Stopped top
[root@redhatlinux1010gmail ~]# jobs
• [root@redhatlinux1010gmail ~]# sleep 1000 &
[1] Running sleep 1000 &
• [1] 8302 [2] Running sleep 1000 &
• [root@redhatlinux1010gmail ~]# sleep 1000 & [3]- Running sleep 1000 &
[4]+ Stopped top
• [2] 8307 [root@redhatlinux1010gmail ~]# ps
• [root@redhatlinux1010gmail ~]# sleep 1000 & PID TTY TIME CMD
8265 pts/0 00:00:00 bash
• [3] 8312 8302 pts/0 00:00:00 sleep
• [root@redhatlinux1010gmail ~]# top 8307 pts/0 00:00:00 sleep
8312 pts/0 00:00:00 sleep
8318 pts/0 00:00:00 top
8327 pts/0 00:00:00 ps
[root@redhatlinux1010gmail ~]#
• Example:2
• [root@anand ~]# ps
• PID TTY TIME CMD
• 6490 pts/3 00:00:00 bash
• 6529 pts/3 00:00:00 ps
• [root@localhost ~]# ps a
• PID TTY STAT TIME COMMAND
• 3612 tty2 Ssl+ 0:00 /usr/libexec/gdm-wayland-session --register-session gnome-ses
• 3618 tty2 Sl+ 0:00 /usr/libexec/gnome-session-binary
• 5060 pts/0 Ss 0:00 bash
• 6406 pts/0 S+ 0:00 vim jet
• 6407 pts/1 Ss 0:00 bash
• 6446 pts/1 S+ 0:00 vim jet1
• 6448 pts/2 Ss 0:00 bash
• 6488 pts/2 S+ 0:00 vim jet2
• 6490 pts/3 Ss 0:00 bash
• 6534 pts/3 R+ 0:00 ps a
 Use the jobs command to display the list of jobs for the
shell's session.
• Example:

• [4]+ Stopped top

• [root@redhatlinux1010gmail ~]# jobs
• [1] Running sleep 1000 &
• [2] Running sleep 1000 &
• [3]- Running sleep 1000 &
• [4]+ Stopped to

• To send a foreground process to the background, press the

keyboard-generated suspend request (Ctrl+z) in the terminal.
• bash: fg%1: command not found...
• [root@redhatlinux1010gmail ~]# fg %1
• sleep 1000
• ^Z
• [1]+ Stopped sleep 1000
• [root@redhatlinux1010gmail ~]#
In the next example, the sleep command is currently suspended and
the process state is T.
• Example:
• [root@redhatlinux1010gmail ~]# ps j
• PPID PID PGID SID TTY TPGID STAT UID TIME COMMAND
• 2158 2458 2458 2458 tty2 2458 Ssl+ 0 0:00 /usr/libexec/gdm-wayland-session --
register-session gnome-session
• 2458 2464 2458 2458 tty2 2458 Sl+ 0 0:00 /usr/libexec/gnome-session-binary
• 8247 8265 8265 8265 pts/0 8470 Ss 0 0:00 bash
• 8265 8302 8302 8265 pts/0 8470 T 0 0:00 sleep 1000
• 8265 8307 8307 8265 pts/0 8470 S 0 0:00 sleep 1000
• 8265 8312 8312 8265 pts/0 8470 S 0 0:00 sleep 1000
• 8265 8318 8318 8265 pts/0 8470 T 0 0:00 top
• 8265 8470 8470 8265 pts/0 8470 R+ 0 0:00 ps j
Use the bg command with the job ID to start running the suspended
process.
• Example:
• [root@redhatlinux1010gmail ~]# bg % 2
• [1]+ sleep 1000 &
• bash: bg: job 2 already in background
• [root@redhatlinux1010gmail ~]#
Kill Processes
• Process Control with Signals
• A signal is a software interrupt that is delivered to a process. Signals report events to an
executing program.
• Example:

• [root@redhatlinux1010gmail ~]# kill -l

• 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
• 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
• 11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
• 16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
• 21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
• 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
• 31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
• 38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
The killall command can signal multiple processes, based on their
command name.
• Example:
• [root@redhatlinux1010gmail ~]# ps aux | grep job
• root 8609 0.0 0.1 221368 1968 pts/0 S+ 18:54 0:00 grep --color=auto job
• [root@redhatlinux1010gmail ~]#
• [root@redhatlinux1010gmail ~]# kill 8302
• [1] Terminated sleep 1000
• [root@redhatlinux1010gmail ~]#
• root 8676 0.0 0.1 221368 1968 pts/0 S+ 18:56 0:00 grep --color=auto jobs
• [root@redhatlinux1010gmail ~]# ps aux | grep job
• root 8782 0.0 0.1 221368 1968 pts/0 S+ 19:15 0:00 grep --color=auto job
• [root@redhatlinux1010gmail ~]# ps aux | grep pkill
• root 8810 0.0 0.1 221368 2036 pts/0 S+ 19:16 0:00 grep --color=auto pkill
• [root@redhatlinux1010gmail ~]# pkill sleep
• [2] Done sleep 1000
• [3]- Done sleep 1000
• [root@redhatlinux1010gmail ~]#
Interpret Load Average Values
• The uptime command is one way to display the current load average.
• It prints the current time, how long the machine has been up, how many user sessions
are running, and the current load average.
• The three values for the load average represent the load over the last 1, 5, and 15
minutes. It indicates whether the system load appears to be increasing or decreasing.
• Example:
• [root@redhatlinux1010gmail ~]# uptime
• 19:18:45 up 1:40, 2 users, load average: 0.07, 0.06, 0.02
• [root@redhatlinux1010gmail ~]#

• Use the lscpu command to determine the number of CPUs that are present on a system.
Use the lscpu command to determine the number of CPUs that are present
on a system.
• Example:

• [root@redhatlinux1010gmail ~]# uptime

• 19:18:45 up 1:40, 2 users, load average: 0.07, 0.06, 0.02
• [root@redhatlinux1010gmail ~]# lscpu
• Architecture: aarch64
• CPU op-mode(s): 64-bit
• Byte Order: Little Endian
• CPU(s): 2
• On-line CPU(s) list: 0,1
• Vendor ID: Apple
• BIOS Vendor ID: Apple
• BIOS Model name: Apple Part 000 r0p0
• Model: 0
• Thread(s) per core: 1
• Core(s) per socket: 2
• Socket(s): 1
• Stepping: 0x0
• BogoMIPS: 48.00
• Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 atomics fphp asimdhp cpuid asimdrdm jscvt fcma lrcpc dcpop sha3 asimddp sha512 asimdfhm di
• t uscat ilrcpc flagm ssbs sb dcpodp flagm2 frint
Real-time Process Monitoring
• The top command displays a dynamic view of the system's processes and a summary
header followed by a process or thread list.
• TheprocessID(PID).
• The process owner user name (USER).
• Virtual memory (VIRT) is all the memory that the process uses, including the resident
set, shared libraries, and any mapped or swapped memory pages. (labeled VSZ in the ps
command.)
• Resident memory (RES) is the physical memory that the process uses, including any
resident, shared objects. (labeled RSS in the ps command.)
• Process state (S) states:
• – D = Uninterruptible Sleeping
– R = Running or Runnable
– S = Sleeping
• – T = Stopped or Traced
• – Z = Zombie
• Example: 3
• [root@anand ~]# ps a
• PID TTY STAT TIME COMMAND
• 3612 tty2 Ssl+ 0:00 /usr/libexec/gdm-wayland-session --register-session gnome-ses
• 3618 tty2 Sl+ 0:00 /usr/libexec/gnome-session-binary
• 5060 pts/0 Ss 0:00 bash
• 6406 pts/0 S+ 0:00 vim jet
• 6407 pts/1 Ss 0:00 bash
• 6446 pts/1 S+ 0:00 vim jet1
• 6448 pts/2 Ss 0:00 bash
• 6488 pts/2 S+ 0:00 vim jet2
• 6490 pts/3 Ss 0:00 bash
• 6542 pts/3 T 0:00 cat
• 6543 pts/4 Ss+ 0:00 bash
• 6603 pts/3 R+ 0:00 ps a
• Example :4
• [root@anandt ~]# ps au
• USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
• root 3612 0.0 0.3 374872 6880 tty2 Ssl+ 12:08 0:00 /usr/libexec/gdm-waylan
• root 3618 0.0 0.9 518276 16824 tty2 Sl+ 12:08 0:00 /usr/libexec/gnome-sess
• root 5060 0.0 0.3 224632 6100 pts/0 Ss 12:11 0:00 bash
• root 6406 0.0 0.3 229280 5716 pts/0 S+ 12:48 0:00 vim jet
• root 6407 0.0 0.3 224260 5644 pts/1 Ss 12:48 0:00 bash
• root 6446 0.0 0.3 229408 5764 pts/1 S+ 12:49 0:00 vim jet1
• root 6448 0.0 0.3 224260 5676 pts/2 Ss 12:49 0:00 bash
• root 6488 0.0 0.3 229408 5572 pts/2 S+ 12:49 0:00 vim jet2
• root 6490 0.0 0.3 224392 5796 pts/3 Ss 12:49 0:00 bash
• root 6542 0.0 0.0 220656 796 pts/3 T 12:52 0:00 cat
• root 6543 0.0 0.3 224260 5672 pts/4 Ss+ 12:52 0:00 bash
• root 7286 0.0 0.3 232484 5272 pts/3 S 12:55 0:00 su - node1
• node1 7287 0.0 0.3 224236 5532 pts/3 S 12:55 0:00 -bash
• node1 7323 0.0 0.0 220652 764 pts/3 S+ 12:55 0:00 cat
• root 7328 0.1 0.3 224260 5640 pts/5 Ss 12:56 0:00 bash
• root 7367 0.0 0.1 225428 3288 pts/5 R+ 12:56 0:00 ps au
• Example: 5
• [root@anand ~]# ps aux |less
• USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
• root 1 0.0 0.9 109168 16896 ? Ss 12:09 0:00 /usr/lib/systemd/systemd rhgb --switched-root --
system --deserialize 31
• root 2 0.0 0.0 0 0? S 12:09 0:00 [kthreadd]
• root 3 0.0 0.0 0 0? I< 12:09 0:00 [rcu_gp]
• root 4 0.0 0.0 0 0? I< 12:09 0:00 [rcu_par_gp]
• root 5 0.0 0.0 0 0? I< 12:09 0:00 [slub_flushwq]
• root 6 0.0 0.0 0 0? I< 12:09 0:00 [netns]
• root 8 0.0 0.0 0 0? I< 12:09 0:00 [kworker/0:0H-events_highpri]
• Example :
• [root@anand ~]# # how to used top command
• [root@anand ~]# top

• top - 13:13:55 up 1:04, 2 users, load average: 0.04, 0.06, 0.04

• Tasks: 309 total, 1 running, 308 sleeping, 0 stopped, 0 zombie
• %Cpu(s): 16.7 us, 2.8 sy, 0.0 ni, 80.6 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
• MiB Mem : 1705.8 total, 56.2 free, 1153.0 used, 599.9 buff/cache
• MiB Swap: 2048.0 total, 2028.7 free, 19.2 used. 552.8 avail Mem

• PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

• 3681 root 20 0 3978256 318328 118976 S 20.0 18.2 1:03.20 gnome-shell
• 4023 root 20 0 527792 12672 5924 S 6.7 0.7 0:01.95 ibus-daemon
• 8049 root 20 0 226116 3940 3164 R 6.7 0.2 0:00.01 top
• 1 root 20 0 109168 16896 9256 S 0.0 1.0 0:00.83 systemd
• 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
• 3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
• 4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
 How To Change Change delay from 1.0 to using to top
command
• top - 13:20:34 up 1:10, 2 users, load average: 0.04, 0.04, 0.02
• Tasks: 311 total, 1 running, 310 sleeping, 0 stopped, 0 zombie
• %Cpu(s): 1.0 us, 0.5 sy, 0.0 ni, 98.5 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
• MiB Mem : 1705.8 total, 48.6 free, 1160.4 used, 600.1 buff/cache
• MiB Swap: 2048.0 total, 2028.7 free, 19.2 used. 545.4 avail Mem
• Change delay from 1.0 to
• PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
• 3681 root 20 0 3978256 318028 118976 S 2.0 18.2 1:11.31 gnome-shell
• 1 root 20 0 109168 16896 9256 S 0.0 1.0 0:00.85 systemd
• 2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
• 3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
• 4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
• 5 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 slub_flushwq
• 6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 netns
Priority and nice values in Linux
• Priority value — The priority value is the process’s actual
• priority which is used by the Linux kernel to schedule a task.
• In Linux system priorities are 0 to 139 in which 0 to 99 for real-
• time and 100 to 139 for users.
• Nice value — Nice values are user-space values that we can use
• to control the priority of a process. The nice value range is -20 to
• +19 where -20 is highest, 0 default and +19 is lowest.
• The relation between nice value and priority is as such -
• Priorit:y_value = Nice_value + 20
• Example:
• nice -n 10 sh security.sh &
Chapter 9 | Control Services and Daemons
• Introduction to the systemd Daemon
• The systemd daemon manages the startup process for Linux, including service startup and
service management in general.
• The systemd daemon activates system resources, server daemons, and other processes
both at boot time and on a running system.

• Service Units Description

1.The systemd daemon uses units to manage different types
of objects:
• Service units have a .service extension and represent system services. You can use service
• units to start frequently accessed daemons, such as a web server.
List Service Units
• Use the systemctl command to explore the system's current state. For example, the
following command lists and paginates all currently loaded service unit

• Example:
• [root@localhost ~]# systemctl list-units --type=service
• UNIT LOAD ACTIVE SUB DESCRIPTION

• accounts-daemon.service loaded active running Accounts Service

• atd.service loaded active running Deferred execution scheduler
• auditd.service loaded active running Security Auditing Service
• avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack
• chronyd.service loaded active running NTP client/server
• colord.service loaded active running Manage, Install and Generate Color
Profiles
• crond.service loaded active running Command Scheduler
• Example:

• UNIT
• The service unit name.
• LOAD
Whether the systemd daemon properly parsed the unit's configuration and loaded the
unit into memory.
• ACTIVE
• The high-level activation state of the unit. This information indicates whether the unit
started successfully.
• SUB
• DESCRIPTION
• The short description of the unit.
Example:
[root@localhost ~]# systemctl list-units --type=service --all
[root@localhost ~]# systemctl
The systemctl command list-units option displays units that the systemd
service attempts to parse and load into memory. This option does not
display services that are installed but not enabled. You can use the systemctl
command list-unit-files option to see the state of all the installed unit files:
• Example:
• [root@localhost ~]# systemctl list-unit-files --type=service

• View Service States

• View a unit's status with the systemctl status name.type command.
• If the unit type is omitted, then the command expects a service unit with that name.

• Example:
• [root@localhost ~]# systemctl status sshd.service
• ● sshd.service - OpenSSH server daemon
• Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: enabled)
• Active: active (running) since Wed 2024-03-13 07:30:50 EST; 1h 32min left
Service Unit Information
Service States in the Output of
systemctl
Verify the Status of a Service
• The systemctl command verifies the specific states of a service.
• For example, use the systemctl command is-active option to verify whether a service unit
is active (running):
• Example:
• [root@localhost ~]# systemctl is-active sshd.service active
• active
• #systemctl is-enabled sshd.service enabled
• #systemctl is-failed sshd.service active
List Unit Dependencies
• Some services require other services to be running first, which creates dependencies on
the other services. Other services start only on demand, rather than at boot time.
• In both cases, systemd and systemctl start services as needed, whether to resolve the
dependency or to start an infrequently used service.
• Example:
• #systemctl list-dependencies sshd.service
Mask and Unmask Services
• At times, different installed services on your system might conflict with each other.
• For example, multiple methods are available to manage mail servers (the postfix and
sendmail services). Masking a service prevents an administrator from accidentally starting
a service that conflicts
with others.
• Masking creates a link in the configuration directories to the /dev/null file which prevents
the service from starting. To mask a service, use the systemctl command mask option.

• Example
• [root@localhost ~]# systemctl mask sshd
• Created symlink /etc/systemd/system/sshd.service → /dev/null.
• [root@localhost ~]#
 Then, check the state of the service by using the systemctl list-unit-
files command:
• Example
Attempting to start a masked service unit fails with the following output:
Use the systemctl unmask command to unmask the
service unit.
 Enable Services to Start or Stop at Boot
• Starting a service on a running system does not guarantee that the service automatically starts when
the system reboots.
• Similarly, stopping a service on a running system does not keep it from starting again when the
system reboots. Creating links in the systemd configuration directories enables the service to start at
boot.
• You can create or remove these links by using the systemctl command with the enable or disable option.
• Example:
Disable the service from starting automatically,
systemctl disable command,
which removes the symbolic link that was created while enabling a service.

Disabling a service does not stop the service if it is currently running.

To disable and stop a service, you can execute both the systemctl stop and systemctl
disable commands or use the equivalent systemctl disable --nowcommand.

[root@localhost ~]# systemctl is-enabled sshd.service

disabled
Chapter 10 | Configure and Secure SSH
• Describe Secure Shell
• In Red Hat Enterprise Linux, the Secure Shell, or SSH, protocol is provided via the OpenSSH
package. Systems can communicate across an unsafe network in a secure, encrypted route by using
the SSH protocol.
To establish a secure connection, authenticate as a particular user, and access an interactive shell
session on a remote machine, use the ssh command. Without launching an interactive shell, a
remote session can be started with the ssh command.
Secure Shell Examples
• executing the same user name as the active local user, you may connect in to the host's remote
server by executing the following SSH command. In this case, the remote system requests that you
authenticate using the password of the developer1 user.