Documente Academic
Documente Profesional
Documente Cultură
cover
Linux System
Administration I:
Implementation
(Course Code QLX03)
Student Exercises
ERC 3.1
Trademarks
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AIX® DB2® Domino™
Hummingbird® Lotus® OS/2®
PS/2® XT™
Windows and Windows NT are trademarks of Microsoft Corporation in the United States,
other countries, or both.
Intel and Pentium are trademarks of Intel Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Linux is a registered trademark of Linus Torvalds in the United States and other countries.
Other company, product and service names may be trademarks or service marks of others.
The information contained in this document has not been submitted to any formal IBM test and is distributed on an “as is” basis without
any warranty either express or implied. The use of this information or the implementation of any of these techniques is a customer
responsibility and depends on the customer’s ability to evaluate and integrate them into the customer’s operational environment. While
each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will
result elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk.
© Copyright International Business Machines Corporation 2001, 2004. All rights reserved.
This document may not be reproduced in whole or in part without the prior written permission of IBM.
Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is subject to restrictions
set forth in GSA ADP Schedule Contract with IBM Corp.
V2.0
Student Exercises
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
AIX® DB2® Domino™
Hummingbird® Lotus® OS/2®
PS/2® XT™
Windows and Windows NT are trademarks of Microsoft Corporation in the United States,
other countries, or both.
Intel and Pentium are trademarks of Intel Corporation in the United States, other countries,
or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Linux is a registered trademark of Linus Torvalds in the United States and other countries.
Other company, product and service names may be trademarks or service marks of others.
© Copyright IBM Corp. 2001, 2004 Exercise 1. Physical Planning and Maintenance 1-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Performing power and air conditioning calculations
__ 1. Go around the room and check the power rating of all electrical equipment in the
room. Calculate the total amount of power required. How many different electrical
circuits would you need at least to support all equipment in the room running at full
power? Don’t forget to add some extra capacity for future upgrades, the janitors
vacuum cleaner and so forth.
__ 2. Now calculate how many tons of air conditioning you need to cool the classroom.
Don’t forget to add additional cooling capacity for all people in the room. (Do not
perform calculations for windows and such; this is beyond the scope of this class.)
END OF EXERCISE
Required Materials
To complete this exercise, you will need the following:
• A set of network install diskettes for your distribution
• The IP address and NFS export name of the install server
Your instructor will provide you with this.
© Copyright IBM Corp. 2001, 2004 Exercise 2. Advanced Linux Installation 2-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty Do not make partitions larger than the size indicated, since we will need free,
unpartitioned space in other exercises.
Click Next. If you get a popup window that some values are less than what Fedora
suggests, ignore this.
__ 15. The next screen will allow you to set up your boot loader. Accept all defaults and
click Next.
__ 16. Check to see if the network parameters are correct. Then click Next.
__ 17. Do not configure any firewall rules, by selecting No firewall. Click Next.
__ 18. Do not select any additional language support. Click Next.
__ 19. Now select your Time Zone, then click Next.
__ 20. For convenience in the class, set the root password to ibmlnx. Click Next.
__ 21. Now you will have to choose which packages to install. Select the “Minimal”
installation profile (bottom of the list). (We will install additional package groups
later.)
Click Next.
__ 22. Note the location of the log file: /tmp/install.log and click Next.
__ 23. Fedora will now format the filesystems and install Fedora Core 2. This may take
anywhere from one to 15 minutes, depending on the number of packages to install,
the network bandwidth available and the speed of the computer.
While installing, you can see what is going on in detail by switching to the third
virtual terminal with Ctrl-Alt-F3. Switch back with Alt-F7. Also take a look at other
virtual screens (1 through 6).
__ 24. Your installation is now complete. Remove the diskette from the drive and click Exit
to reboot your system.
© Copyright IBM Corp. 2001, 2004 Exercise 2. Advanced Linux Installation 2-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
GNOME Desktop
KDE (K Desktop Environment)
Legacy Software Development
Network Servers
Development Tools
Note that these package groups names need to be typed exactly like they
appear in the Fedora/base/comps.xml file on Fedora Core CD1 (which is
copied onto the install server)
• Two user accounts need to be created called tux1 and tux2, with full name
“Tux the Penguin (1)” and “Tux the Penguin (2)”, and their password identical
to their username.
The anaconda-ks.cfg file should now look like this:
install
nfs --server=10.0.0.1 --dir=/export/fedora2
lang en_US.UTF-8
langsupport --default en_US.UTF-8 en_US.UTF-8
keyboard us
xconfig --resolution 1024x768 --depth 24
network --device eth0 --bootproto dhcp
rootpw ibmlnx
firewall --disabled
selinux --disabled
authconfig --enableshadow --enablemd5
timezone Europe/Amsterdam
bootloader
clearpart --all
part /boot --fstype ext3 --size=100
part /usr --fstype ext3 --size=4000
part / --fstype ext3 --size=500
part /var --fstype ext3 --size=250
part /home --fstype ext3 --size=250
part /tmp --fstype ext3 --size=250
part swap --size=256
%packages
@ Printing Support
@ X Window System
@ GNOME Desktop
@ KDE (K Desktop Environment)
@ Legacy Software Development
@ Network Servers
%post
adduser -c “Tux the Penguin (1)” tux1
echo tux1 | passwd --stdin tux1
adduser -c “Tux the Penguin (2)” tux2
echo tux2 | passwd --stdin tux2
__ 27. Ask your instructor what to do with the kickstart file. There are two options:
i. Put the kickstart file on a blank floppy, which your instructor will provide.
» # mount /mnt/floppy
» # cp anaconda-ks.cfg /mnt/floppy/ks.cfg
» # umount /mnt/floppy
ii. Upload the file, under your own name, to the instructor server.
» # scp anaconda-ks.cfg 10.0.0.1:/export/kickstart/<yourname>.cfg
__ 28. Reboot your system. When the system boots from CD, make sure that you start a
kickstart install.
» # reboot
» When the boot prompt appears, start a kickstart install:
boot: linux ks=floppy
- OR -
boot: linux ks=nfs:10.0.0.1:/export/kickstart/<yourname>.cfg
» Wait for your system to start the installation. The instructor will probably start
the next lecture once all systems have successfully started their kickstart
installation.
__ 29. When the installation is finished, click Reboot.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 2. Advanced Linux Installation 2-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty All partitions, except the swap partition, should be formatted as ext3.
Do not make partitions larger than the size indicated, since we will need free,
unpartitioned space in other exercises.
Click Next. If you get a popup window that some values are less than what Red Hat
suggests, ignore this.
__ 15. The next screen will allow you to set up your boot loader. Accept all defaults and
click Next.
__ 16. Check to see if the network parameters are correct. Then click Next.
__ 17. Do not configure any firewall rules, by selecting No firewall. Click Next.
__ 18. Do not select any additional language support. Click Next.
__ 19. Now select your Time Zone, then click Next.
__ 20. For convenience in the class, set the root password to ibmlnx. Click Next.
__ 21. Select Customize the set of packages to be installed.
__ 22. Select the Minimal installation profile (bottom of the list). (We will install additional
package groups later.)
Click Next.
__ 23. Note the location of the log file: /tmp/install.log and click Next.
__ 24. Red Hat will now format the filesystems and install Red Hat Enterprise Linux. This
may take anywhere from one to 15 minutes, depending on the number of packages
to install, the bandwidth available and the speed of the computer.
While installing, you can see what is going on in detail by switching to the third
virtual terminal with Ctrl-Alt-F3. Switch back with Alt-F7. Also take a look at other
virtual screens (1 through 6).
__ 25. Your installation is now complete. Remove the diskette from the drive and click Exit
to reboot your system.
© Copyright IBM Corp. 2001, 2004 Exercise 2. Advanced Linux Installation 2-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty
%packages
@ Printing Support
@ X Window System
@ GNOME Desktop Environment
@ KDE Desktop Environment
@ Legacy Software Development
@ Network Servers
@ Development Tools
%post
adduser -c “Tux the Penguin (1)” tux1
echo tux1 | passwd --stdin tux1
adduser -c “Tux the Penguin (2)” tux2
echo tux2 | passwd --stdin tux2
__ 28. Ask your instructor what to do with the kickstart file. There are two options:
i. Put the kickstart file on a blank floppy, which your instructor will provide.
» # mount /mnt/floppy
» # cp anaconda-ks.cfg /mnt/floppy/ks.cfg
» # umount /mnt/floppy
ii. Upload the file, under your own name, to the instructor server.
» # scp anaconda-ks.cfg 10.0.0.1:/export/kickstart/<yourname>.cfg
__ 29. Reboot your system. When the system boots from CD, make sure that you start a
kickstart install.
» # reboot
» When the boot prompt appears, start a kickstart install:
boot: linux ks=floppy
- OR -
boot: linux ks=nfs:10.0.0.1:/export/kickstart/<yourname>.cfg
» Wait for your system to start the installation. The instructor will probably start
the next lecture once all systems have successfully started their kickstart
installation.
__ 30. When the installation is finished, click Reboot.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 2. Advanced Linux Installation 2-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty __ 20. Review the installation settings, and make the following changes:
• Partitioning: Partition your system so that you will get the following
partitions:
- A / (root) partition of 500 MB
- A /usr partition of 4000 MB
- A /boot partition of 100 MB
- A /home partition of 250 MB
- A /tmp partition of 250 MB
- A /var partition of 250 MB
- A /opt partition of 1000 MB
- A swap partition of 256 MB
The easiest way to accomplish this is to click on the Partitioning header, then
select Create custom partition setup and then select Custom partitioning - for
experts. You can then delete all existing partitions and create new ones.
Make sure /boot is the first partition you create!
All partitions should be formatted as ReiserFS, except for the swap partition.
Do not make partitions larger than indicated, since we will need free,
unpartitioned space in the rest of this course.
When fully done, click Next.
• Software: Only install a Minimum Graphical System (without KDE).
When done, click Accept.
__ 21. Click Yes, install at the pop-up warning.
__ 22. SuSE will now format the filesystems and install SuSE Linux. This may take
anywhere from one to 15 minutes, depending on the number of packages to install,
the bandwidth available and the speed of the computer.
While installing, you can see what is going on in detail by switching to the third
virtual terminal with Ctrl-Alt-F3. Switch back with Alt-F7. Also take a look at other
virtual screens (1 through 6).
__ 23. SuSE will automatically reboot during the installation. This is normal and the
installation process will continue automatically. You don’t have to touch the keyboard
at all.
__ 24. Enter the password for the root user. For convenience in class, use ibmlnx.
__ 25. Check your network configuration and adjust if necessary.
__ 26. Skip the internet test. Click Next.
__ 27. Select Stand-Alone Machine and click Next.
© Copyright IBM Corp. 2001, 2004 Exercise 2. Advanced Linux Installation 2-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty Make sure the root password is set to ibmlnx. (Note: this is hidden far within the
menu structure. Go to Security and Users; Edit and create users. Click Configure
and Set Filter to System Users. You can now click on Edit to modify the root
account.)
Add two user accounts, tux1 and tux2, with full names Tux the Penguin (1) and Tux
the Penguin (2), and passwords identical to their username.
Last, make sure that “confirm installation” (within System; General Options) is set to
No.
__ 36. Save the autoyast configuration file using your own surname as filename, and make
sure to add the extension xml. Then exit yast.
__ 37. Take a look at the autoyast configuration file. Do you recognize the configuration
choices you made?
» # less name.xml
__ 38. Ask your instructor what to do with the kickstart file. There are two options:
i. Put the autoyast file on a blank floppy, which your instructor will provide.
» # mount /media/floppy
» # cp <yourname>.xml /media/floppy/
» # umount /media/floppy
ii. Upload the file to the instructor server.
» # scp <yourname>.xml 10.0.0.1:/export/autoyast/
__ 39. Reboot your system. When the system boots from CD, make sure you start an
autoyast install.
» # reboot
» Insert the bootdisk floppy.
» When the system boots, select Installation. As boot options, specify
something along the lines of:
autoyast=nfs://10.0.0.1/export/autoyast/yourname.xml
install=nfs://10.0.0.1/export/suse90
(all this on one line!)
Note that if your system has multiple network adapters, you might also need
to add something along the lines of
insmod=eepro100 netdevice=eth0
to the boot options line.
» Wait for your system to start the installation. The instructor will probably start
the next lecture once all systems have successfully started their autoyast
installation.
© Copyright IBM Corp. 2001, 2004 Exercise 2. Advanced Linux Installation 2-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
If the installation fails with a complaint that certain filesystems are not large enough,
then you have most likely specified “250” instead of “250M” as the filesystem size.
It’s easiest to fix this error in the autoyast XML file directly, instead of going through
yast2 autoyast again.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 3. Startup and Shutdown 3-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
The LILO boot loader
Do this exercise only if your distribution uses LILO.
__ 1. Log in as root.
__ 2. Open the /etc/lilo.conf file and view the contents. Add a line which tells lilo to display
the message file /boot/lilo.msg file before the boot:-prompt. If there are any other
message lines, remove them.
__ 3. Create the file /boot/lilo.msg and add some explanation about the different boot
options.
__ 4. Run lilo in test mode to verify whether /etc/lilo.conf is correct.
__ 5. If there were no errors, run lilo for real. If you are unsure, have your instructor take a
look at the /etc/lilo.conf file.
__ 6. Now reboot your system and watch the lilo prompt. Use the shutdown command to
perform the reboot.
Uempty The default runlevel can be altered to configure your system for your situation. In this
exercise, we will set the default to 5, so that you will get a graphical login prompt.
Note however that, depending on your hardware, kickstart or autoyast may not have
configured X correctly. So we need to test and, if needed, configure X first.
__ 12. Start X with the X command. (This only starts the XFree86 server.) If X comes up
correctly (black or grey background with an X-shaped mouse cursor, nothing more,
nothing less), stop the X server with Ctrl-Alt-Backspace and continue with the next
step. If X does not come up correctly, run system-config-display (Fedora),
redhat-config-xfree86 (Red Hat) or sax2 (SuSE) to configure X.
__ 13. Edit the file /etc/inittab so that the default runlevel will be 5.
__ 14. Reboot your system, this time using Ctrl-Alt-Delete.
__ 15. When LILO or GRUB appears, do nothing. After five to ten seconds, LILO or GRUB
should automatically boot your default operating system.
__ 16. When the graphical login prompt appears, switch to the first virtual terminal. Then
switch back to VT 7.
__ 17. Log in as root, then start a terminal screen.
Configuring Services
__ 18. Make a long list of files in the directories /etc/rc.d/rc3.d, /etc/rc.d/rc4.d, /etc/rc.d/rc5.d
and /etc/rc.d/init.d.
__ 19. Create a list of services with chkconfig, and check its output with the output from
the previous commands.
__ 20. Verify that the portmap service is enabled in your current runlevel. Disable this
service, then check the symbolic links in /etc/rc.d/rc5.d again.
__ 21. Check whether the portmap daemon is currently running. Then reboot the system.
__ 22. Log in and check whether the portmap daemon is running now.
__ 23. Enable the portmap service again, and start the service manually.
© Copyright IBM Corp. 2001, 2004 Exercise 3. Startup and Shutdown 3-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
__ 27. Document any changes that you made in appendix A of this exercises guide.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 3. Startup and Shutdown 3-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty Note however that, depending on your hardware, kickstart or autoyast may not have
configured X correctly. So we need to test and, if needed, configure X first.
__ 12. Start X with the X command. (This only starts the XFree86 server.) If X comes up
correctly (black or grey background with an X-shaped mouse cursor, nothing more,
nothing less), stop the X server with Ctrl-Alt-Backspace and continue with the next
step. If X does not come up correctly, run system-config-display (Fedora),
redhat-config-xfree86 (Red Hat) or sax2 (SuSE) to configure X.
» #X
If X comes up correctly (you’ll see a black or grey screen with an X-shaped
mouse cursor), then exit X with Ctrl-Alt-Backspace. Otherwise, start
system-config-display (Fedora), redhat-config-xfree86 (Red Hat) or sax2
(SuSE). You need to do this in runlevel 3, so run init 3 first.
__ 13. Edit the file /etc/inittab so that the default runlevel will be 5.
» # vi /etc/inittab
» Change the line
id:3:initdefault:
» into
id:5:initdefault:
__ 14. Reboot your system, this time using Ctrl-Alt-Delete.
» <Ctrl-Alt-Delete>
__ 15. When LILO or GRUB appears, do nothing. After five to ten seconds, LILO or GRUB
should automatically boot your default operating system.
__ 16. When the graphical login prompt appears, switch to the first virtual terminal. Then
switch back to VT 7.
» <Ctrl-Alt-F1>
» You should see a text-based login prompt. (If you see a lot of X messages,
press Enter once. This is caused by the X server sending its output to tty1.)
» <Alt-F7>
» You should be back at the graphical login screen.
__ 17. Log in as root, then start a terminal screen.
» Login: root
» Password: ibmlnx
» When logged in, click the terminal icon.
Configuring Services
__ 18. Make a long list of files in the directories /etc/rc.d/rc3.d, /etc/rc.d/rc4.d, /etc/rc.d/rc5.d
and /etc/rc.d/init.d.
» # ls -l /etc/rc.d/rc3.d
© Copyright IBM Corp. 2001, 2004 Exercise 3. Startup and Shutdown 3-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
» # ls -l /etc/rc.d/rc4.d
» # ls -l /etc/rc.d/rc5.d
__ 19. Create a list of services with chkconfig, and check its output with the output from
the previous commands.
» # chkconfig --list
__ 20. Verify that the portmap service is enabled in your current runlevel. Disable this
service, then check the symbolic links in /etc/rc.d/rc5.d again.
» # chkconfig --list portmap
» # chkconfig portmap off
» # chkconfig --list portmap
» # ls -l /etc/rc.d/rc5.d
__ 21. Check whether the portmap daemon is currently running. Then reboot the system.
» fedora/redhat# service portmap status
suse# rcportmap status
» # reboot
__ 22. Log in and check whether the portmap daemon is running now.
» Login: root
» Password: ibmlnx
» fedora/redhat# service portmap status
suse# rcportmap status
__ 23. Enable the portmap service again, and start the service manually.
» # chkconfig portmap on
» # chkconfig --list portmap
» fedora/redhat# service portmap start
suse# rcportmap start
Uempty » On a SuSE system, type the root password ibmlnx to get a root prompt.
__ 25. Look at the list of running processes.
» # ps ax
__ 26. Reboot the system.
» # reboot
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 3. Startup and Shutdown 3-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
© Copyright IBM Corp. 2001, 2004 Exercise 4. System Administration Tools 4-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Working with the system administration tool
__ 1. Start the system administration tool that came with your distribution.
__ 2. Browse the menu structure of your system administration tool to get a feel for the
location of various configuration items.
END OF EXERCISE
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 4. System Administration Tools 4-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Retrieving information about installed packages
__ 1. Make a list of all packages that are installed on the system.
__ 2. Find out which package installed the /etc/inittab file.
__ 3. List the information of that package.
__ 4. List all files in that package.
__ 5. Verify whether all files in that package are still the same. Which file has changed and
in what respect? Why?
Installing packages
__ 6. Create a directory /mnt/install. Mount the installation directory from the installation
server on /mnt/install. List all the package files that are available on the install
server.
Note: If you can’t mount the installation directory from the installation server, then
check whether the portmap daemon is running, and check whether you do not have
any iptables rules that prevent NFS mounts.
__ 7. Add the public key from the distribution to your keyring.
__ 8. Verify that the package xsnow is not installed. Verify the package on the CD, and
install it. Then verify that it installed, and list the files in the package. You can also
execute xsnow, but note that KDE blocks the visual effects of xsnow.
Note: Distributions change, and xsnow might not be included on your CD. In that
case, use another entertaining X application, such as xearth, xjewel, xhangman or
xbill.
__ 9. Deinstall the xsnow package.
Creating RPMs
Uempty __ 11. Check with your instructor if the file hello-1.0.tar.gz is available somewhere on the
network and download it into /root. If it is available, then go to the next step. If it is
not available, you need to create it yourself. In that case, create a directory
/root/hello-1.0 and create the following files in it:
hello.c:
#include <stdio.h>
main()
{
printf("Hello, World!\n");
}
Makefile:
all: hello
hello: hello.c
gcc -o hello hello.c
install: hello
install -d $(DESTDIR)/usr/bin/hello
install -s -m 0755 -o root -g root hello $(DESTDIR)/usr/bin/hello
clean:
rm -f hello
Note: The lines containing commands are indented with a TAB, not with spaces!
README:
(c) Copyright IBM 2004
This program is licensed under the GPL.
This program prints the text "Hello, World!" on your screen. This is an
excellent way to start your day - some people even consider it better
than getting a random fortune cookie every morning!
__ 16. Start the RPM install stage and watch the results.
__ 17. Create the binary RPM and watch the results.
__ 18. Create the source RPM and watch the results.
END OF EXERCISE
Installing packages
__ 6. Create a directory /mnt/install. Mount the installation directory from the installation
server on /mnt/install. List all the package files that are available on the install
server.
Note: If you can’t mount the installation directory from the installation server, then
check whether the portmap daemon is running, and check whether you do not have
any iptables rules that prevent NFS mounts.
» # mkdir /mnt/install
» # mount server:directory /mnt/install
» # cd /mnt/install
» # find . -name "*.rpm" -print
__ 7. Add the public key from the distribution to your keyring.
» fedora/redhat# rpm --import RPM-GPG-KEY*
suse# gpg --import pubring.gpg
__ 8. Verify that the package xsnow is not installed. Verify the package on the CD, and
install it. Then verify that it installed, and list the files in the package. You can also
execute xsnow, but note that KDE blocks the visual effects of xsnow.
Note: Distributions change, and xsnow might not be included on your CD. In that
case, use another entertaining X application, such as xearth, xjewel, xhangman or
xbill.
» # xsnow
» # rpm -q xsnow
» # rpm -K xsnow-version.rpm
» # rpm -ivh xsnow-version.rpm
» # rpm -qil xsnow
» # xsnow
__ 9. Deinstall the xsnow package.
» # rpm -e xsnow
Creating RPMs
__ 11. Check with your instructor if the file hello-1.0.tar.gz is available somewhere on the
network and download it into /root. If it is available, then go to the next step. If it is
not available, you need to create it yourself. In that case, create a directory
/root/hello-1.0 and create the following files in it:
hello.c:
#include <stdio.h>
main()
{
printf("Hello, World!\n");
}
Makefile:
all: hello
Uempty
hello: hello.c
gcc -o hello hello.c
install: hello
install -d $(DESTDIR)/usr/bin/hello
install -s -m 0755 -o root -g root hello $(DESTDIR)/usr/bin/hello
clean:
rm -f hello
Note: The lines containing commands are indented with a TAB, not with spaces!
README:
(c) Copyright IBM 2004
This program is licensed under the GPL.
This program prints the text "Hello, World!" on your screen. This is an
excellent way to start your day - some people even consider it better
than getting a random fortune cookie every morning!
%description
This program prints the text "Hello, World!" on your screen.
This is an excellent way to start your day - some people even
consider it better than getting a random fortune cookie every
morning!
%prep
%setup
%build
make
%install
make install DESTDIR=${RPM_BUILD_ROOT}
%files
%doc README
/usr/bin/hello
__ 14. Start the RPM prep stage and watch the results.
» fedora/redhat# rpmbuild -bp /usr/src/redhat/SPECS/hello.spec
suse# rpmbuild -bp /usr/src/packages/SPECS/hello.spec
» fedora/redhat# ls -lR /usr/src/redhat/BUILD
suse# ls -lR /usr/src/packages/BUILD
» # ls -lR /var/tmp/hello-1.1
__ 15. Start the RPM build stage and watch the results.
» fedora/redhat# rpmbuild -bp /usr/src/redhat/SPECS/hello.spec
suse# rpmbuild -bc /usr/src/packages/SPECS/hello.spec
» fedora/redhat# ls -lR /usr/src/redhat/BUILD
suse# ls -lR /usr/src/packages/BUILD
END OF EXERCISE
Exercise Instructions
Configuring XFree86
Do this section only if your distribution uses XFree86 (RHEL 3, SuSE 9.0).
__ 1. If you are in a runlevel that automatically starts X, switch to a runlevel that does not
start X. If you started X manually, stop it.
__ 2. Make a backup copy of the XF86Config file.
__ 3. Try to configure your XF86Config file using redhat-config-xfree86 (Red Hat) or SaX
(SuSE). If redhat-config-xfree86 or SaX yields a sufficiently good XF86Config file
(test this with startx), then make a backup of this file called
XF86Config.redhat-config-xfree86 or XF86Config.sax2.
__ 4. Try to configure your XF86Config file using XFree86 -configure. If XFree86
-configure yields a sufficiently good XF86Config file (test this with startx), then make
a backup of this file called /etc/X11/XF86Config.XFree86.
__ 5. Select the XF86Config file that worked the best for you and rename it to
/etc/X11/XF86Config. Then, start X or switch to the runlevel that starts X for you.
Configuring Xorg
Do this section only if your distribution uses Xorg (Fedora Core 2).
__ 6. If you are in a runlevel that automatically starts X, switch to a runlevel that does not
start X. If you started X manually, stop it.
__ 7. Make a backup copy of the xorg.conf file.
__ 8. Try to configure your xorg.conf file using system-config-display (Fedora). If
system-config-display yields a sufficiently good xorg.conf file (test this with startx),
then make a backup of this file called xorg.conf.system-config-display.
__ 9. Try to configure your xorg.conf file using Xorg -configure. If Xorg -configure yields a
sufficiently good xorg.conf file (test this with startx), then make a backup of this file
called /etc/X11/xorg.conf.xorg.
__ 10. Select the xorg.conf file that worked the best for you and rename it to
/etc/X11/xorg.conf. Then, start X or switch to the runlevel that starts X for you.
Running Applications
For an application to run in an X environment, it needs to be ready for it. Most applications
that start with an “x” are. You can run them directly. Applications that are not X enabled, can
be run from an “xterm” window. An xterm window emulates an ordinary terminal in an X
environment.
Uempty __ 11. In X, start an xterm from one of the window manager's menus. In Linux, the xterm is
sometimes also known as xterm, kterm or something else ending in -term. Try to run
some commands from this window.
__ 12. There are several ways of starting applications within X. One is from the window
manager's menus, which we already did. Another is from the command line from an
xterm window. Try that out: In the xterm window, run the command xterm &. You will
see a new xterm window appear.
__ 13. Another way of starting an application is from a real terminal window. Note that X
started in virtual terminal number 7, so we can still access number 1 through 6. Not
with Alt-F1 this time however, but with Ctrl-Alt-F1. Try that out. To switch back, use
Alt-F7.
__ 14. Switch to a virtual window where you have an ordinary command line prompt. If
necessary, log in as root.
__ 15. Run xterm. You will see an error message: Can't open display. What happened is
that the application wanted to contact the X-Server, but there was no information in
the environment about which X-Server to contact. This information is normally
stored in the $DISPLAY environment variable.
__ 16. Do an echo $DISPLAY in this window. Also do an echo $DISPLAY in an xterm
window.
__ 17. Switch back to the true terminal and set the display variable with: export
DISPLAY=127.0.0.1:0.0.. Now restart the xterm application. There should not be
any error messages.
__ 18. Switch to the X screen and note that you started an extra xterm window.
__ 23. Go back to your own system and enter the command xhost + This will enable
incoming connections.
__ 24. Go back to the system of your fellow student and retry the xterm command. This
time it should succeed.
__ 25. In your graphical screen you should see a new xterm. Try the hostname command
in this screen to verify that the xterm application is actually running on the other
system.
__ 26. Close the xterm and do an xhost -.
__ 27. Now try to open another xterm from your partners system, but this time use xauth
authentication.
Note: this only works if your systems hostname has been set properly and can be
resolved through DNS.
Uempty
Documenting your changes
__ 33. Document any changes that you made in appendix A of this exercises guide.
END OF EXERCISE
Configuring Xorg
Do this section only if your distribution uses Xorg (Fedora Core 2).
__ 6. If you are in a runlevel that automatically starts X, switch to a runlevel that does not
start X. If you started X manually, stop it.
» # init 3
__ 7. Make a backup copy of the xorg.conf file.
» # cp /etc/X11/xorg.conf /etc/X11/xorg.conf.bak
Running Applications
For an application to run in an X environment, it needs to be ready for it. Most applications
that start with an “x” are. You can run them directly. Applications that are not X enabled, can
be run from an “xterm” window. An xterm window emulates an ordinary terminal in an X
environment.
__ 11. In X, start an xterm from one of the window manager's menus. In Linux, the xterm is
sometimes also known as xterm, kterm or something else ending in -term. Try to run
some commands from this window.
__ 12. There are several ways of starting applications within X. One is from the window
manager's menus, which we already did. Another is from the command line from an
xterm window. Try that out: In the xterm window, run the command xterm &. You will
see a new xterm window appear.
» # xterm &
__ 13. Another way of starting an application is from a real terminal window. Note that X
started in virtual terminal number 7, so we can still access number 1 through 6. Not
with Alt-F1 this time however, but with Ctrl-Alt-F1. Try that out. To switch back, use
Alt-F7.
» <Ctrl-Alt-F1>
» <Alt-F7>
__ 14. Switch to a virtual window where you have an ordinary command line prompt. If
necessary, log in as root.
» <Ctrl-Alt-F1>
» Login: root
» Password: ibmlnx
__ 15. Run xterm. You will see an error message: Can't open display. What happened is
that the application wanted to contact the X-Server, but there was no information in
the environment about which X-Server to contact. This information is normally
stored in the $DISPLAY environment variable.
» # xterm
__ 16. Do an echo $DISPLAY in this window. Also do an echo $DISPLAY in an xterm
window.
» # echo $DISPLAY
» <Alt-F7>
» # echo $DISPLAY
__ 17. Switch back to the true terminal and set the display variable with: export
DISPLAY=127.0.0.1:0.0.. Now restart the xterm application. There should not be
any error messages.
» <Ctrl-Alt-F1>
» # export DISPLAY=:0.0
» # xterm &
__ 18. Switch to the X screen and note that you started an extra xterm window.
» <Alt-F7>
Uempty __ 21. Set the display variable to point to your own screen. The command for that will look
like this: export DISPLAY=1.2.3.4:0.0, where 1.2.3.4 is your own IP-address.
» $ export DISPLAY=1.2.3.4:0.0
__ 22. Now try to start an xterm. You should get an error message: could not open display.
This is a safety feature of X: it does not automatically accept incoming connections.
» $ xterm &
__ 23. Go back to your own system and enter the command xhost + This will enable
incoming connections.
» # xhost +
__ 24. Go back to the system of your fellow student and retry the xterm command. This
time it should succeed.
» $ xterm &
__ 25. In your graphical screen you should see a new xterm. Try the hostname command
in this screen to verify that the xterm application is actually running on the other
system.
» # hostname
__ 26. Close the xterm and do an xhost -.
» # xhost -
__ 27. Now try to open another xterm from your partners system, but this time use xauth
authentication.
Note: this only works if your systems hostname has been set properly and can be
resolved through DNS.
» On your own system:
# xauth extract xauthfile hostname:0.0
» Transfer the xauthfile to the other machine, for instance using
# scp xauthfile root@otherhost:xauthfile
» On the other host:
$ xauth merge xauthfile
$ xterm -display hostname:0.0
__ 28. Make all necessary changes to the configuration file of your favorite login manager
to enable remote logins. Then restart your login manager by switching to runlevel 3
and then to runlevel 5 again.
To determine the display manager you’re running:
» # ps ax | grep dm
For xdm:
» # init 3
» # cd /etc/X11/xdm
» # vi Xaccess
Uncomment the line which only has an '*' on it. (This is done already on
SuSE.)
» # vi xdm-config
Comment out (with a “!”) the last line that specifies
“DisplayManager.requestPort: 0”.
» # init 5
For kdm:
» # init 3
» fedora/redhat# cd /etc/kde/kdm
suse# cd /etc/opt/kde3/share/config/kdm
» # vi kdmrc
In the [Xdmcp] section, change Enable=false to Enable=true
» fedora/redhat# vi Xaccess
Uncomment the line which only has an ‘*’ on it.
» # init 5
For gdm:
» # init 3
» fedora/redhat# cd /etc/X11/gmd
suse# cd /etc/opt/gnome2/gdm
» # vi gdm.conf
In the [xdmcp] section, change Enable=false to Enable=true
» # init 5
__ 29. Start a second X-server, this time telling X to get its login manager from your partner
system.
» # X -query <hostname> :1
__ 30. Stop the second session and start it again, but do an indirect broadcast for a login
manager. You should get a chooser which allows you to login to any system running
a display manager on the network.
» # X -indirect <hostname> :1
Uempty __ 31. If time permits, then perform step 22 and 23 again, but this time use Xnest to start
an X server within your current X environment. (Note: you might need to install
Xnest first.
» fedora# rpm -ivh /mnt/install/Fedora/RPMS/xorg-x11-Xnest-version. rpm
redhat# rpm -ivh /mnt/install/RedHat/RPMS/XFree86-Xnest-version.rpm
suse# rpm -ivh /mnt/install/suse/i586/XFree86-Xnest-version.rpm
» # Xnest -query <hostname> :1
» # Xnest -indirect <hostname> :1
__ 32. If time permits, run this section again, but with another display manager (xdm, kdm
or gdm). To select the display manager, do the following:
On a Fedora/Red Hat system, modify the file /etc/sysconfig/desktop so that the
DISPLAYMANAGER variable is set to “GNOME”, “KDE” or “XDM”.
On a SuSE system, modify the file /etc/sysconfig/displaymanager so that the
DISPLAYMANAGER variable is set to “gdm”, “kdm” or “xdm”. (Note: on a SuSE
system, gdm is not installed, even if you choose the GNOME package group.)
» fedora/redhat# vi /etc/sysconfig/desktop
Set the file to look like one of the three lines below:
DISPLAYMANAGER=”GNOME”
DISPLAYMANAGER=”KDE”
DISPLAYMANAGER=”XDM”
» suse# rpm -ivh /mnt/install/suse/i586/gdm2-version.rpm
» suse# vi /etc/sysconfig/displaymanager
Modify the DISPLAYMANAGER line so that it looks like one of the three lines
below:
DISPLAYMANAGER=”gdm”
DISPLAYMANAGER=”kdm”
DISPLAYMANAGER=”xdm”
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 7. Kernel Compilation and Configuration 7-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Installing the kernel sources
__ 1. Install the kernel sources from the distribution media.
Uempty __ 7. To avoid conflicts with the current kernel version, change the “EXTRAVERSION” on
the fourth line of /usr/src/linux/Makefile to “-LX03”.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 7. Kernel Compilation and Configuration 7-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty __ 7. To avoid conflicts with the current kernel version, change the “EXTRAVERSION” on
the fourth line of /usr/src/linux/Makefile to “-LX03”.
» # vi Makefile
Change the fourth line so that it reads:
EXTRAVERSION = -LX03
© Copyright IBM Corp. 2001, 2004 Exercise 7. Kernel Compilation and Configuration 7-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
image (/boot/vmlinuz) is the second, with another label. Save /etc/lilo.conf and run
lilo.
» # vi /boot/lilo.msg
Add for instance:
Press C for the current Linux kernel
or O for the older but stable kernel.
» # vi /etc/lilo.conf
Add the following stanza to the file, obviously modified for your situation:
image=/boot/bzImage-2.4.20-LX03
label=C
initrd=/boot/initrd-2.4.20-LX03.img
root=/dev/hda5
read-only
» # lilo -v
__ 14. If your boot loader is GRUB, then edit the /boot/grub/menu.lst file and add an extra
stanza for your new kernel.
» # vi /boot/grub/menu.lst
» Add the following stanza:
title New Kernel
root (hd0,0)
kernel /bzImage-2.4.20-LX03 ro root=/dev/hda5
initrd /initrd-2.4.20-LX03.img
Note that your kernel version number, /boot and root filesystem may be
different!
__ 15. Reboot your system. See if the new kernel boots and verify that it is indeed your new
kernel. Check the messages on your screen with Shift-PgUp or browse through
/var/log/messages. If there are any errors you might have done something wrong
during configuration. If there is time, try again. If there is no time left, reboot using
the older kernel.
» # shutdown -r now
» After reboot:
# uname -a
# cat /proc/version
# tail -200 /var/log/messages | less
END OF EXERCISE
Notice
The unit Character Devices does not include any exercises because
the hardware required to do any exercises will most likely not be
available in most classrooms. This page is here to keep unit numbers
and exercise numbers synchronized.
© Copyright IBM Corp. 2001, 2004 Exercise 8. Character Devices, PCMCIA, and USB 8-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
© Copyright IBM Corp. 2001, 2004 Exercise 9. Block Devices, RAID, and LVM 9-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Notice
In this unit we are going to create and use various block devices. Block devices as such are
not really useful though, until you create a filesystem in there. For this, we are going to use
the mke2fs command to create a filesystem, and the mount command to mount them.
These commands will be covered in-depth in the next unit.
Uempty __ 13. Reboot your system and then try to mount the partition again. Does this work?
__ 14. Unmount the partition you just mounted.
© Copyright IBM Corp. 2001, 2004 Exercise 9. Block Devices, RAID, and LVM 9-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
__ 24. Create a volume group vg00, consisting of only the first two LVM partitions. Use a
PE size of 4 MB.
__ 25. Create a logical volume lv00 of 50 MB in the volume group vg00.
__ 26. Format the logical volume with the mke2fs command. Create a mount point
/mnt/lv00 and mount the logical volume. Then run the df command to see how much
space is available.
__ 27. Use the various LVM commands to retrieve information about the physical volumes,
the volume group and the logical volumes.
__ 28. Take a look at the files that were created in /etc/lvmconf. Can you read these files?
__ 29. Add the third and fourth LVM partitions to the volume group vg00, and migrate all
data onto these physical volumes. Then reduce the volume group so that the
volume group only contains the third and fourth partition. Do you need to unmount
the /dev/vg00/lv00 logical volume first?
__ 30. Add the first two LVM partitions back to your volume group, and create three more
logical volumes in this volume group, called lv01 through lv03. Each logical volume
needs to be 50 MB as well. We will need these in the next exercise.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 9. Block Devices, RAID, and LVM 9-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
If you installed your system correctly, then you should have at least 450 MB in unpartitioned
space left. We're going to create three partitions in here, 150 MB each, which are going to
be used in the subsequent exercises.
__ 8. Start the fdisk program and create four additional partitions. The partition size
should be 150 MB each. Save the partition table to disk.
Write down the partition numbers you created, because you’ll be using these in the
rest of this exercise.
» # fdisk /dev/hda
» Command (m for help): p
» Command (m for help): n
» First cylinder (mmm-nnn, default mmm): mmm
» Last cylinder or +size or +sizeM or +sizeK (mmm-nnn, default nnn): +150M
» Command (m for help): n
» First cylinder (mmm-nnn, default mmm): mmm
» Last cylinder or +size or +sizeM or +sizeK (mmm-nnn, default nnn): +150M
» Command (m for help): n
» First cylinder (mmm-nnn, default mmm): mmm
» Last cylinder or +size or +sizeM or +sizeK (mmm-nnn, default nnn): +150M
» Command (m for help): n
» First cylinder (mmm-nnn, default mmm): mmm
» Last cylinder or +size or +sizeM or +sizeK (mmm-nnn, default nnn): +150M
» Command (m for help): p
» Command (m for help): w
Note: From this point on, the hints will assume that the partitions you created
are, respectively, /dev/hda9, /dev/hda10 and /dev/hda11. Make sure you
don’t accidently overwrite other partitions if your newly created partitions are
numbered differently.
__ 9. Pay particular attention to the output of the fdisk command. Depending on
circumstances, it might mention The kernel still uses the old table. The new table will
be used at the next reboot. In this case, reboot your system.
» # reboot
__ 10. Format the first of the four partitions with the mke2fs command. Create a
mountpoint /mnt/partition and mount this partition on this mountpoint.
» # mke2fs /dev/hda9
» # mkdir /mnt/partition
» # mount /dev/hda9 /mnt/partition
__ 11. Run the df command to see how much space is available on these partitions.
» # df
__ 12. Copy some files onto these partitions and verify that they are indeed there.
» # cp /etc/passwd /mnt/partition/passwd
© Copyright IBM Corp. 2001, 2004 Exercise 9. Block Devices, RAID, and LVM 9-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
raid-level linear
nr-raid-disks 4
nr-spare-disks 0
persistent-superblock 1
chunk-size 4
device /dev/hda9
raid-disk 0
device /dev/hda10
raid-disk 1
device /dev/hda11
raid-disk 2
device /dev/hda12
raid-disk 3
Save the file
» # mkraid /dev/md0
» # mkraid -f /dev/md0
» (Read the warning carefully)
» # mkraid --really-force /dev/md0
» # mke2fs /dev/md0
» # mkdir /mnt/raid
» # mount /dev/md0 /mnt/raid
» # df
Write down how much space the /mnt/raid filesystem has.
» # cat /proc/mdstat
» # umount /mnt/raid
» # raidstop /dev/md0
__ 18. Modify the /etc/raidtab file so that the four partitions now form a raid-0 volume.
Initialize the raid array and create a filesystem on it. Mount the filesystem on
/mnt/raid again. Then run the df command to find out how much space this partition
has and check the status of the array again. Then unmount the partition and stop the
raid volume.
» # vi /etc/raidtab
» Edit the file so that it now looks like this:
raiddev /dev/md0
raid-level 0
nr-raid-disks 4
nr-spare-disks 0
persistent-superblock 1
chunk-size 4
device /dev/hda9
raid-disk 0
device /dev/hda9
raid-disk 0
device /dev/hda10
raid-disk 1
device /dev/hda11
raid-disk 2
device /dev/hda12
spare-disk 0
Save the file
© Copyright IBM Corp. 2001, 2004 Exercise 9. Block Devices, RAID, and LVM 9-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
» # mkraid /dev/md0
» # mkraid -f /dev/md0
» # mkraid --really-force /dev/md0
» # mke2fs /dev/md0
» # mount /dev/md0 /mnt/raid
» # df
Write down how much space the /mnt/raid filesystem has.
» # cat /proc/mdstat
Repeat this command until the volume is synchronized.
» # raidsetfaulty /dev/md0 /dev/hda9
» # raidsetfaulty /dev/md0 /dev/hda10
» # cat /proc/mdstat
Repeat this command until the volume is synchronized.
» # raidsetfaulty /dev/md0 /dev/hda11
» # cat /proc/mdstat
» # raidhotremove /dev/md0 /dev/hda9
» # raidhotremove /dev/md0 /dev/hda10
» # raidhotremove /dev/md0 /dev/hda11
» # raidhotadd /dev/md0 /dev/hda9
» # raidhotadd /dev/md0 /dev/hda10
» # raidhotadd /dev/md0 /dev/hda11
» # cat /proc/mdstat
Repeat this command until the volume is synchronized again. Can you
determine which of the partitions is the primary, which are backups and which
is spare?
» # umount /mnt/raid
» # raidstop /dev/md0
__ 20. Now modify the /etc/raidtab file so that the three partitions form a raid-5 volume.
Initialize the raid array and create a filesystem on it. Mount the filesystem on
/mnt/raid again. Then run the df command to find out how much space this partition
has. Set one disk in the raid array to faulty, and watch the raid array recover itself
using the spare disk. Then unmount the partition and stop the raid volume.
» # vi /etc/raidtab
» Modify the file so that it looks like this:
raiddev /dev/md0
raid-level 5
nr-raid-disks 3
nr-spare-disks 1
persistent-superblock 1
chunk-size 4
device /dev/hda9
raid-disk 0
device /dev/hda10
Uempty raid-disk 1
device /dev/hda11
raid-disk 2
device /dev/hda12
spare-disk 0
Save the file
» # mkraid /dev/md0
» # mkraid -f /dev/md0
» # mkraid --really-force /dev/md0
» # mke2fs /dev/md0
» # mount /dev/md0 /mnt/raid
» # df
Write down how much space the /mnt/raid filesystem has.
» # cat /proc/mdstat
Repeat this command until the volume is synchronized.
» # raidsetfaulty /dev/md0 /dev/hda9
» # cat /proc/mdstat
Repeat this command until the volume is synchronized.
» # raidsetfaulty /dev/md0 /dev/hda10
» # cat /proc/mdstat
» # raidhotremove /dev/md0 /dev/hda9
» # raidhotremove /dev/md0 /dev/hda10
» # raidhotadd /dev/md0 /dev/hda9
» # raidhotadd /dev/md0 /dev/hda10
» # cat /proc/mdstat
Repeat this command until the volume is synchronized again. Can you
determine which of the partitions are used, and which is spare?
» # umount /mnt/raid
» # raidstop /dev/md0
__ 21. Remove the /etc/raidtab file.
» # rm -f /etc/raidtab
© Copyright IBM Corp. 2001, 2004 Exercise 9. Block Devices, RAID, and LVM 9-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Uempty » If your screen is messed up, use the reset command to restore it to working
order.
__ 29. Add the third and fourth LVM partitions to the volume group vg00, and migrate all
data onto these physical volumes. Then reduce the volume group so that the
volume group only contains the third and fourth partition. Do you need to unmount
the /dev/vg00/lv00 logical volume first?
» # vgextend vg00 /dev/hda11
» # vgextend vg00 /dev/hda12
» # pvmove /dev/hda9 /dev/hda11
» # pvmove /dev/hda10 /dev/hda12
» # vgreduce vg00 /dev/hda9 /dev/hda10
» # vgdisplay vg00
You don’t have to unmount logical volumes while migrating
__ 30. Add the first two LVM partitions back to your volume group, and create three more
logical volumes in this volume group, called lv01 through lv03. Each logical volume
needs to be 50 MB as well. We will need these in the next exercise.
» # vgextend vg00 /dev/hda9 /dev/hda10
» # lvcreate -L 50M -n lv01 vg00
» # lvcreate -L 50M -n lv02 vg00
» # lvcreate -L 50M -n lv03 vg00
© Copyright IBM Corp. 2001, 2004 Exercise 9. Block Devices, RAID, and LVM 9-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
__ 34. If you have a 2.6 kernel with encryption enabled (Fedora Core 2), then create a
filesystem in /var/tmp/filesystem again, but this time make sure the filesystem is
encrypted. You will have to use losetup for this. Check again if you can read the file
with strings and grep.
» # modprobe loop blowfish cryptoloop
» # losetup -e blowfish /dev/loop0 /var/tmp/filesystem
Type a password when asked for. For convenience, you can use ibmlnx but
you don’t have to.
» # mke2fs /dev/loop0
» # mount /dev/loop0 /mnt/loop
» # cp /etc/passwd /mnt/loop
» # umount /mnt/loop
» # losetup -d /dev/loop0
» # strings /var/tmp/filesystem | grep root
__ 35. Mount the encrypted /var/tmp/filesystem again, but this time without using losetup.
Check if you can read the passwd file, then unmount the filesystem again.
» # mount -o loop,encryption=blowfish /var/tmp/filesystem /mnt/loop
Type the password when asked for.
» # cat /mnt/loop/passwd
» # umount /mnt/loop
END OF EXERCISE
Exercise Instructions
Installing tools
__ 1. Make sure that all utilities for ext2/ext3, ReiserFS and JFS are installed. Also check
kernel support for each of these filesystems. Not all distributions include all utilities
by default, and not all distributions include support for all filesystems in their stock
kernel.
Utilities for ext2/ext3 are contained in the e2fsprogs RPM (Fedora/Red Hat/SuSE).
Utilities for ReiserFS are contained in the reiserfs-utils RPM (Fedora) and reiserfs
RPM (SuSE). RHEL3 does not include ReiserFS support.
Utilities for JFS are contained in the jfsutils RPM (Fedora/Red Hat/SuSE).
To determine kernel support, look in /lib/modules/version/kernel/fs.
Uempty __ 14. Issue the sync command to ensure that all data is written to disk. Wait five seconds,
then turn off your computer with the power off button. (Do NOT do a proper
shutdown!) Turn on your computer and watch the boot messages. Which filesystem
was checked the fastest?
__ 28. Set the soft limit of users tux1 and tux2 to 4 Megabyte, and the hard limit to 5
Megabyte.
__ 29. On another virtual terminal, log in as tux1 and create 5 files of one Megabyte each.
Watch what happens.
__ 30. Still logged in as tux1, check the quota.
__ 31. Switch back to your root session and check the quota of all users.
END OF EXERCISE
__ 11. Issue the mount and df commands to see the mounted filesystems. Can you see
how much space the journals are taking? Also, list the root directory of the mounted
filesystems. Are the journals visible?
» # mount
» # df
» # df -i
» # cd /mnt/lv00
» # ls -la
» # cd /mnt/lv01
» # ls -la
» # cd /mnt/lv02
» # ls -la
» # cd /mnt/lv03
» # ls -la
__ 12. Create some files and/or directories on these mounted filesystems.
» # cd /mnt/lv00
» # touch testfile0
» # mkdir testdir0
» # cd /mnt/llv01
» # touch testfile1
» # mkdir testdir1
» # cd /mnt/lv02
» # touch testfile2
» # mkdir testdir2
» # cd /mnt/lv03
» # touch testfile3
» # mkdir testdir3
Uempty shutdown!) Turn on your computer and watch the boot messages. Which filesystem
was checked the fastest?
» # sync
__ 16. Log in as root. Verify that /bin/gzip, /bin/gunzip and /bin/zcat indeed have the same
inode number.
» Login: root
» Password: (Enter your password)
» # ls -li /bin/gzip /bin/gunzip /bin/zcat
__ 17. Go to /root and create a file named one, using vi. Put some text in the file, so that
you can identify that file for yourself.
» # cd /root
» # vi one
__ 18. Verify the filename and the contents.
» # ls -li one
» # cat one
__ 19. Now create a second link to the file (a second filename) named two. Verify the
filename and the contents.
» # ln one two
» # ls -li one two
» # cat two
__ 20. Delete the file one.
» # rm one
__ 21. Verify the filename and contents of two. Note that the link count has dropped.
» # ls -li two
» # cat two
__ 22. Create a third link, called three, in the / directory. It should again point to the original
file. Verify the filename and contents of this file.
» # cd /
» # ln /root/two three
» # ls -li three
» # cat three
__ 23. Now try to create a fourth link on one of the filesystems you just created.
» # cd /mnt/linux1
» # ln /root/two four
This command should fail.
__ 24. Create a symbolic link from /root/two to /mnt/lv00/four. Read the manual page for ln
if necessary. Verify the name and contents of the file.
» # cd /mnt/lv00
» # ln -s /root/two four
» # ls -li four
» # cat four
Uempty __ 25. Now delete /root/two, and verify the contents of both /tmp/three and /mnt/lv00/four.
» # rm /root/two
» # ls -li /three /mnt/lv00/four
» # cat /three
» # cat /mnt/lv00/four
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 11. Memory Management 11-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
If you have more than 128 Megabytes of memory
In this exercise we are going to look at memory management in Linux. As part of this
exercise we are going to exhaust the available memory. Experience has shown that if you
have more than 128 Megabytes of memory, that parts of this exercise will take too long.
(Yes, there is a disadvantage to having a lot of memory!) Therefore we are going to limit the
amount of memory that Linux detects to 128 Megabytes, just for this exercise.
__ 1. Reboot Linux
__ 2. If you use LILO, and the lilo boot:-prompt appears, start Linux and specify
mem=128M as startup parameter. If you use GRUB, modify the kernel line so that
the mem=128M parameter is added.
Using top
__ 3. Start top and identify the different pieces of information:
• The time, the up time, the number of users and the load information on the
first line.
• The number of processes on the second line.
• The CPU breakdown on the third line.
• The real memory breakdown on the fourth line
• The swap space breakdown on the fifth line
• The processes (sorted by CPU-time) on the next lines.
Verify that Linux detected only 128 Megabytes.
__ 4. top will automatically refresh itself after 10 seconds. To increase this to one second
enter the command s1.
__ 5. top will by default not show the amount of swap space used by each processes. To
show this amount too, call up the Field Order screen with the f command, and
enable the swap space display.
__ 6. To sort processes in a different order use the M, P or T command.
__ 7. Leave top running in a separate window.
© Copyright IBM Corp. 2001, 2004 Exercise 11. Memory Management 11-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
of cached data decrease, and maybe see some processes already being swapped
out.
__ 18. Now start usemem with about 80% of your memory and watch what happens.
__ 19. Stop usemem and watch what happens. Note that processes swapped out will not
automatically be swapped in as soon as memory comes available. They will be
swapped in when needed.
__ 20. Disable your swap space with swapoff and watch what happens.
__ 21. Enable swap space again and run usemem with about 90% of the total amount of
memory (real + swap). If you exhaust your real memory, and exhaust the swap
space you will see that usemem is automatically killed when it tries to allocate even
more memory.
END OF EXERCISE
Using top
__ 3. Start top and identify the different pieces of information:
• The time, the up time, the number of users and the load information on the
first line.
• The number of processes on the second line.
• The CPU breakdown on the third line.
• The real memory breakdown on the fourth line
• The swap space breakdown on the fifth line
• The processes (sorted by CPU-time) on the next lines.
Verify that Linux detected only 128 Megabytes.
» # top
__ 4. top will automatically refresh itself after 10 seconds. To increase this to one second
enter the command s1.
» s1
__ 5. top will by default not show the amount of swap space used by each processes. To
show this amount too, call up the Field Order screen with the f command, and
enable the swap space display.
»f
» On Red Hat, press o. On Fedora/SuSE, press p.
» <Enter>
__ 6. To sort processes in a different order use the M, P or T command.
»M
© Copyright IBM Corp. 2001, 2004 Exercise 11. Memory Management 11-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
»P
»T
__ 7. Leave top running in a separate window.
© Copyright IBM Corp. 2001, 2004 Exercise 11. Memory Management 11-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
If you suddenly need more swap space on a running system but you have no more empty
partitions to spare you can use swap files. Using swap files however is less efficient than
swap partitions, so use this only in an emergency. It is even possible to put your swapfile
on an NFS-mounted directory, but there are easier ways of bringing down a network.
__ 22. First, find a filesystem where you have room for a large swapfile (at least 64 MB
free). Locate a suitable directory on this filesystem.
» # df
» In the hints, we will assume that /var has enough space and use
/var/tmp/swapspace as swapfile.
__ 23. Create the large file to be used as swapfile.
» # dd if=/dev/zero of=/var/tmp/swapspace bs=1M count=64
__ 24. Convert this file into a swapfile.
» # mkswap /var/tmp/swapspace
__ 25. Activate it.
» # swapon /var/tmp/swapspace
__ 26. Go to your top window and check whether the swap space has increased. Also view
the /proc/swaps file. What, do you think, is the meaning of the Priority field, and why
is this different from the swap partition? Now try the usemem command that failed
last time again.
» # cat /proc/swaps
» # usemem 300
__ 27. Add the swap file to your /etc/fstab file so that it is activated next time you reboot
» # vi /etc/fstab
Add the following line:
/var/tmp/swapspace swap swap defaults 0 0
__ 28. Reboot your system to make sure that you are working with the correct amount of
memory again.
» # reboot
END OF EXERCISE
Notice
The unit Linux on IBM eServer does not include any exercises
because the hardware required to do any exercises will most likely not
be available in most classrooms. This page is here to keep unit
numbers and exercise numbers synchronized.
© Copyright IBM Corp. 2001, 2004 Exercise 12. Linux on IBM eServer 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Working with cron and at
In this exercise we are only going to work with cron and at. We won't be working with
Anacron since that will take a day to get the first job started (and Anacron is not included in
SuSE anyway), and we won't be working with batch because it is dependent on the load of
the system, and it is too hard to reliably create a situation where batch can be
demonstrated, given the wide range of configurations on which this course needs to run.
__ 1. Log in to Linux as root at VT one. Log in as tux1 at VT two.
__ 2. Go to VT one (where root is logged in).
__ 3. Check if the daemons necessary for scheduling are running.
__ 4. View the contents of you crontab file. Where are the crontab files for the users
stored?
__ 5. List the contents of the /var/spool/cron and /var/spool/at directories. What do you
see?
__ 6. Edit your crontab file: Make sure that your system runs the df command every five
minutes.
__ 7. Check the contents of the /var/spool/cron directory again. What do you see now?
__ 8. Start a job that will run in 10 minutes. The command that should be executed in 10
minutes is who. At what time will the command run according to at?
__ 9. Check if there are at jobs listed in the contents of the /var/spool/at directory. What do
you see?
__ 10. Look at the contents of the file. What do you see?
__ 11. Enter the next command:
• # at 9am
• at> ps aux
• at> <CTRL-D>
When will this command run?
__ 12. Switch to the VT where tux1 is logged in.
__ 13. Look at the crontab file of tux1.
__ 14. Make a crontab file for tux1 that executes the ls $HOME | wc -l command every
hour. Check if the crontab file for tux1 exists afterwards.
__ 15. Remove the crontab file.
__ 16. Switch back to the VT one. Set up the cron daemon so that tux1 isn't allowed to use
crond anymore.
__ 17. Go to VT two and try to create a crontab file again. What happened?
Uempty __ 18. As root, check your mail. What kind of mail did you receive?
__ 19. Remove the crontab files of root. (Do not use the rm command.)
__ 20. Take a look at the system crontab files and directories.
END OF EXERCISE
» redhat# vi /etc/cron.deny
suse# vi /var/spool/cron/deny
» Add tux1 to this file
__ 17. Go to VT two and try to create a crontab file again. What happened?
» <ALT-F2>
» $ crontab -e
» $ crontab -l
» You got an error message stating that you are not allowed to use crontab.
__ 18. As root, check your mail. What kind of mail did you receive?
» <ALT-F1>
» # mail
» The mail you see is the output of the crond daemon containing the output of
the commands you started with your crontab file and the atd daemon.
__ 19. Remove the crontab files of root. (Do not use the rm command.)
» # crontab -r
__ 20. Take a look at the system crontab files and directories.
» # less /etc/crontab
» # less /etc/cron.d/*
» # ls -l /etc/cron.hourly
» # ls -l /etc/cron.daily
» # ls -l /etc/cron.weekly
» # ls -l /etc/cron.monthly
END OF EXERCISE
Required Materials
For this exercise you will need the following:
• One blank, formatted floppy disk.
Introduction
In these exercises, you will back up and restore a filesystem as well as
individual files. Some exercises may cover some options and
techniques that may be in the student notes but not necessarily
covered in the instructor's presentation. Refer back to the unit notes,
check the hints in the Exercise Instructions With Hints section, or read
the appropriate man pages.
© Copyright IBM Corp. 2001, 2004 Exercise 14. Backup and Restore 14-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Using tar
__ 1. Check the man pages for the discussed backup commands: tar, cpio.
__ 2. Create in your /home directory three subdirectories, called subdir1, subdir2 and
subdir3, and create five files, called testfilex, in each subdirectory.
__ 3. Create an extra logical volume in your volume group. Name this logical volume
“backuplv”. Its size should be about 10 Megabytes.
__ 4. Use the tar command to back up your /home directory to the partition you just
created.
__ 5. Verify the contents of the backup you just created.
__ 6. Delete your /home/subdirn directories and all the files init.
__ 7. Restore the backup you created.
__ 8. Produce a list (/tmp/1daytar.list) of all the files in /home that were accessed in the
last day.
__ 9. Create an incremental backup using the tar command.
__ 10. Restore the backup you created in the previous step.
Using cpio
__ 11. Produce a list /tmp/todaycpio.list of all the files in /home that were modified in the
last day.
__ 12. Create an incremental backup using cpio. Use the same partition you used earlier.
__ 13. Restore the backup you created in the previous exercise.
Using dump
__ 14. Verify that dump is installed. If not, install it.
__ 15. Dump the /home filesystem to the backup partition.
__ 16. Write down the dates of all files in /home/subdir*. Update all files in /home/subdir1
and make an incremental backup to floppy disk.
__ 17. See what files are dumped to the backup LV and the floppy disk.
__ 18. Unmount the /home filesystem and reformat it. Then restore both dumps in the
correct order. Verify that the dates on the files are correct.
Documenting your changes
__ 19. Document any changes that you made in appendix A of this exercises guide.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 14. Backup and Restore 14-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Using cpio
__ 11. Produce a list /tmp/todaycpio.list of all the files in /home that were modified in the
last day.
» # find /home -mtime -1 -print > /tmp/todaycpio.list
__ 12. Create an incremental backup using cpio. Use the same partition you used earlier.
» # cat /tmp/todaycpio.list | cpio -ov > /dev/vg00/backuplv
__ 13. Restore the backup you created in the previous exercise.
» # cpio -iduvm < /dev/vg00/backuplv
Using dump
__ 14. Verify that dump is installed. If not, install it.
» # which dump
» redhat# rpm -ivh /mnt/install/RedHat/RPMS/dump-version.i386.rpm
suse# rpm -ivh /mnt/install/suse/i586/dump-version.i386.rpm
__ 15. Dump the /home filesystem to the backup partition.
» # dump -0 -u -f /dev/vg00/backuplv /home
__ 16. Write down the dates of all files in /home/subdir*. Update all files in /home/subdir1
and make an incremental backup to floppy disk.
» # cd /home
» # ls -lR subdir*
» # cd /home/subdir1
» # touch *
» # ls -lR
» # cd /
» # dump -1 -u -f /dev/fd0 /home
__ 17. See what files are dumped to the backup LV and the floppy disk.
» # restore -t -f /dev/vg00/backuplv
» # restore -t -f /dev/fd0
__ 18. Unmount the /home filesystem and reformat it. Then restore both dumps in the
correct order. Verify that the dates on the files are correct.
» # mount | grep /home
Remember the device name.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 14. Backup and Restore 14-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
© Copyright IBM Corp. 2001, 2004 Exercise 15. User Administration 15-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
User environment
__ 1. Log out every user.
__ 2. Log in as root at VT 1 and as tux1 at VT 2.
__ 3. Look at the following files:
• /etc/profile
• /etc/bashrc (Fedora/Red Hat) or /etc/bash.bashrc (SuSE)
• $HOME/.bash_profile (Fedora/Red Hat) or $HOME/.profile (SuSE)
• $HOME/.bashrc
• $HOME/.bash_logout (Fedora/Red Hat only)
What do these file do in your system? What information can be found in there?
User administration
These hints describe the command line tools. Don't forget that you also have the
system administration tools to do user and group administration.
__ 4. List all users defined in your system at this moment.
__ 5. Does every user have a password?
__ 6. As root using the command line, add a user with the username tux3 and full name
“Tux the Penguin (3)”.
__ 7. Look at the contents of /etc/shadow. What is the password of the new user?
__ 8. Give tux3 the password “penguin3”. Then take a look at the /etc/shadow file again.
__ 9. List the contents of the /etc/passwd- file. What is stored in this file?
__ 10. What is the login group of the user you added?
__ 11. Add the group penguins to the system.
__ 12. Place the user tux3 in the group penguins.
__ 13. Locate this change in /etc/group
__ 14. What is the syntax of the group file?
__ 15. Which users are specified in the last field of the /etc/group file?
Uempty __ 17. As root create the /etc/motd file. Write in this file your system name and the name of
the OS you are using.
__ 18. As tux1 log out and log in again. Look at the information shown on your screen.
__ 19. Create the file .hushlogin as tux1 in your home directory.
__ 20. Log out and then log in. Again look at the information showing up on your screen.
Did you notice any difference with the output from step 16?
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 15. User Administration 15-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
User administration
These hints describe the command line tools. Don't forget that you also have the
system administration tools to do user and group administration.
__ 4. List all users defined in your system at this moment.
» # cat /etc/passwd
- OR -
# getent passwd
__ 5. Does every user have a password?
» # cat /etc/shadow
- OR -
# getent shadow
» The * and !! in the password field mean that the user has no password.
Uempty __ 6. As root using the command line, add a user with the username tux3 and full name
“Tux the Penguin (3)”.
» <ALT-F1>
» # useradd -m -c “Tux the Penguin (3)” tux3
__ 7. Look at the contents of /etc/shadow. What is the password of the new user?
» # cat /etc/shadow
The password for this user is “!!”, which means “no password assigned”.
__ 8. Give tux3 the password “penguin3”. Then take a look at the /etc/shadow file again.
» # passwd tux3
» New password: penguin3
» Re-enter new password: penguin3
» # cat /etc/shadow
__ 9. List the contents of the /etc/passwd- file. What is stored in this file?
» # cat /etc/passwd-
» This file is a backup of /etc/passwd. Whenever you change your /etc/passwd
with the proper tools, the old password file is copied to passwd-. This means
that passwd- always contains your user administration as it was before the
last change.
__ 10. What is the login group of the user you added?
» # cat /etc/passwd
» Remember the GID you see for this user
» # cat /etc/group | grep GID
» The first word on the line is the login group of the user.
__ 11. Add the group penguins to the system.
» # groupadd penguins
__ 12. Place the user tux3 in the group penguins.
» # usermod -G penguins tux3
__ 13. Locate this change in /etc/group
» # cat /etc/group
__ 14. What is the syntax of the group file?
» Group name:Password field:Group ID:Group members
__ 15. Which users are specified in the last field of the /etc/group file?
» The users how have the specific group as their secondary group. Users who
have the group as their login group don't show up in this field.
© Copyright IBM Corp. 2001, 2004 Exercise 15. User Administration 15-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
__ 16. As root modify the /etc/issue file. Write in this file that the system is for authorized
users only. Remove all distribution and kernel information.
» # vi /etc/issue
This system is for authorized users only.
__ 17. As root create the /etc/motd file. Write in this file your system name and the name of
the OS you are using.
» # vi /etc/motd
Welcome to this system which is running Linux!
__ 18. As tux1 log out and log in again. Look at the information shown on your screen.
» <ALT-F2>
» exit
» Log in again.
» You should see the information you put in /etc/issue and /etc/motd.
__ 19. Create the file .hushlogin as tux1 in your home directory.
» # touch .hushlogin
__ 20. Log out and then log in. Again look at the information showing up on your screen.
Did you notice any difference with the output from step 16?
» # exit
» Log in again.
» You don't see the information in /etc/motd any more.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 16. User-Level Security 16-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Security Logs
__ 1. Log out as root.
__ 2. Try to log in as root but use a wrong password.
__ 3. Try to log in as a non existing user (for instance: teacher).
__ 4. Log in as root with the correct password.
__ 5. Look at the contents of the following files and try to find the records of step 2, 3 and
4.
• /var/log/lastlog
• /var/log/messages
• /var/log/secure (Fedora/Red Hat only)
• /var/log/wtmp
• /var/run/utmp
__ 6. At virtual terminal 2 log in as tux1 and at virtual terminal 3 as tux2.
__ 7. Look as root at what users are currently logged on. Look also at the contents of
/var/log/wtmp.
__ 8. Log out as user tux2.
__ 9. As root find the last times that user tux1 and tux2 logged in. Also list the users that
logged in at virtual terminal 1.
__ 10. As tux1 check what groups you are a member of.
File Permissions
__ 11. Log in as root at VT 1 (if you're not already logged on as root at VT 1). Be sure that
tux1 is logged in at VT 2 and tux2 at VT 3.
__ 12. As root check if the SUID is set. Then remove the SUID bit from /usr/bin/passwd.
Be sure to leave the execute permissions in place.
__ 13. As tux1 run the passwd command. Answer all the questions and watch the output.
What is the error message and why did you get this message?
__ 14. Set the SUID bit again on /usr/bin/passwd and try to change the password now.
__ 15. As tux1 make a directory in your home directory with the name exercise. In this
directory make a file with df > df.out.
Set the permissions on df.out as rwx------ (700) and make your home directory
readable and executable for group members and others.
Uempty __ 16. As tux2 try to open df.out and read the contents of the file. Did you succeed? Also
try to add an extra line to df.out.
__ 17. As tux1 set the permissions on df.out as rwxr--r- (744).
__ 18. As tux2, try to open the file again. Did you succeed this time?
__ 19. As tux2, try to alter the file. Do you succeed?
__ 20. As tux1 set the permissions on df.out as rwxrwxrwx (777).
__ 21. As tux2, try to write to the file again. Did you succeed this time?
__ 22. Can you remove df.out? Why or why not? Is the data in df.out safe with these
permissions set on the file?
__ 23. As tux1 set the permissions on your exercise directory as rwxrwxrwx.
__ 24. As tux2 try to remove df.out. Is this possible and why is it or why not?
Team directories
__ 25. As root, create a team directory, /groups/penguins, for all members of the penguins
group.
__ 26. Check which users are currently member of the penguins group.
__ 27. As tux1, try to create and view files in the /groups/penguins directory. Does this
work?
__ 28. As tux3, try to create and view files in the /groups/penguins directory. Does this
work?
__ 29. Add tux1 and tux2 to the penguins group. Then try to create and delete files in the
/groups/penguins directory again. Also, try to modify files created by other users in
the same group. Does this work?
Explanation: On a Red Hat system, User Private Groups are used by default.
Among other things, this means that the default umask is 022, which leads to the
default rw-rw-r-- permissions on a file. This allows any other user in the same group
(penguins in this case) to modify the file.
On a SuSE system, User Private Groups are not used by default. This means that
the default umask is 002, which leads to the default rw-r--r-- permissions on a file.
This does not allow other users in the same group to modify the file. However,
because of the write permissions on the directory, tux3 is allowed to delete the file
owned by tux1 and replace it with a file owned by tux3. That’s what vi does
automatically in this case.
© Copyright IBM Corp. 2001, 2004 Exercise 16. User-Level Security 16-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Security Files
__ 38. As tux2, look at the content of the following files:
• /etc/passwd
• /etc/group
• /etc/profile
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 16. User-Level Security 16-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
» # last tux2
» # last tty1
__ 10. As tux1 check what groups you are a member of.
» <ALT-F2>
» # groups
File Permissions
__ 11. Log in as root at VT 1 (if you're not already logged on as root at VT 1). Be sure that
tux1 is logged in at VT 2 and tux2 at VT 3.
» <ALT-F1> Log in as root (if necessary).
» <ALT-F2> Log in as tux1 (if necessary).
» <ALT-F3> Log in as tux2
__ 12. As root check if the SUID is set. Then remove the SUID bit from /usr/bin/passwd.
Be sure to leave the execute permissions in place.
» <ALT-F1>
» # ls -l /usr/bin/passwd
» # chmod -s /usr/bin/passwd
- or -
# chmod 755 /usr/bin/passwd
» # ls -l /usr/bin/passwd
__ 13. As tux1 run the passwd command. Answer all the questions and watch the output.
What is the error message and why did you get this message?
» <ALT-F2>
» $ passwd
» The error you get is “Passwd: Permission denied” or “passwd: Authentication
failure”. The passwd command will give you this error message because
without the SUID bit passwd is not allowed to write information in /etc/passwd
or /etc/shadow. So it can't store your new passwd.
__ 14. Set the SUID bit again on /usr/bin/passwd and try to change the password now.
» <ALT-F1>
» # chmod u+s /usr/bin/passwd
- or -
# chmod 4555 /usr/bin/passwd
» # ls -l /usr/bin/passwd
» <ALT-F2>
» $ passwd
You should now be able to change the password.
__ 15. As tux1 make a directory in your home directory with the name exercise. In this
directory make a file with df > df.out.
Uempty Set the permissions on df.out as rwx------ (700) and make your home directory
readable and executable for group members and others.
» <ALT-F2>
» $ mkdir exercise
» $ df > exercise/df.out
» $ chmod u=rwx,go= exercise/df.out
- or -
$ chmod 700 exercise/df.out
» $ chmod go+rx /home/tux1
- or -
$ chmod 755 /home/tux1
__ 16. As tux2 try to open df.out and read the contents of the file. Did you succeed? Also
try to add an extra line to df.out.
» <ALT-F3>
» $ more ~tux1/exercise/df.out
» No, you don't have to permissions to read the file. You are not the owner of
the file and you are not a member of the tux1 group, so the other permissions
are in effect for you.
__ 17. As tux1 set the permissions on df.out as rwxr--r- (744).
» <ALT-F2>
» $ chmod go+r exercise/df.out
- or -
$ chmod 744 exercise/df.out
__ 18. As tux2, try to open the file again. Did you succeed this time?
» <ALT-F3>
» $ more ~tux1/exercise/df.out
» Yes because now you have the read permission.
__ 19. As tux2, try to alter the file. Do you succeed?
» <ALT-F3>
» $ vi ~tux1.exercise/df.out
» Make some changes to the file, then try to save it. This will not work because
you don't have write permissions.
» Quit vi with :q!
__ 20. As tux1 set the permissions on df.out as rwxrwxrwx (777).
» <ALT-F1>
» $ chmod ugo=rwx exercise/df.out
- or -
$ chmod 777 exercise/df.out
__ 21. As tux2, try to write to the file again. Did you succeed this time?
© Copyright IBM Corp. 2001, 2004 Exercise 16. User-Level Security 16-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
» <ALT-F3>
» vi ~tux1/exercise/df.out
» Make some changes, then try to save the file.
» This time you can change the contents of the file because you have the write
permission.
__ 22. Can you remove df.out? Why or why not? Is the data in df.out safe with these
permissions set on the file?
» $ rm ~tux1/exercise/df.out
» You may not remove the file. You can't remove the file because you don't
have the correct permissions on the directory. To be able to delete a file, you
need to have the write permission on a directory.
» No the data in df.out is not safe. Because every user in the system has the
write permission, every user has the right to edit the file (add or delete
information).
__ 23. As tux1 set the permissions on your exercise directory as rwxrwxrwx.
» <ALT-F2>
» $ chmod ugo=rwx ~tux1/exercise
- or -
$ chmod 777 ~tux1/exercise
__ 24. As tux2 try to remove df.out. Is this possible and why is it or why not?
» <ALT-F3>
» $ rm ~tux1/exercise/df.out
» You can remove the file even if it is not your file. With the write permission on
directories, you grant users the right to create and remove files in that
directory.
Team directories
__ 25. As root, create a team directory, /groups/penguins, for all members of the penguins
group.
» <ALT-F1>
» # mkdir -p /groups/penguins
» # chgrp penguins /groups/penguins
» # chmod 2770 /groups/penguins
__ 26. Check which users are currently member of the penguins group.
» # grep penguins /etc/group
__ 27. As tux1, try to create and view files in the /groups/penguins directory. Does this
work?
» <Alt-F2>
» $ cd /groups/penguins
Uempty » This command will fail, since tux1 is not a member of the penguins group.
__ 28. As tux3, try to create and view files in the /groups/penguins directory. Does this
work?
» <Alt-F4>
» Login: tux3
» Password: penguin3
» $ cd /groups/penguins
» $ touch testfile
» $ ls -l testfile
» $ rm testfile
__ 29. Add tux1 and tux2 to the penguins group. Then try to create and delete files in the
/groups/penguins directory again. Also, try to modify files created by other users in
the same group. Does this work?
» <Alt-F1>
» # usermod -G penguins tux1
- OR -
# gpasswd -a tux1 penguins
» # usermod -G penguins tux2
- OR -
# gpasswd -a tux2 penguins
» <Alt-F2>
» $ cd /groups/penguins
Note: It might be necessary to log out first and then log in again for this to
work.
» $ vi testfile
Add some lines of text.
» $ ls -l testfile
Write down the permissions
» <Alt-F4>
» $ cd /groups/penguins
» $ vi testfile
Add some lines of text. Then try to save this file. Does this work? Can you
explain this?
Explanation: On a Red Hat system, User Private Groups are used by default.
Among other things, this means that the default umask is 022, which leads to the
default rw-rw-r-- permissions on a file. This allows any other user in the same group
(penguins in this case) to modify the file.
On a SuSE system, User Private Groups are not used by default. This means that
the default umask is 002, which leads to the default rw-r--r-- permissions on a file.
This does not allow other users in the same group to modify the file. However,
because of the write permissions on the directory, tux3 is allowed to delete the file
© Copyright IBM Corp. 2001, 2004 Exercise 16. User-Level Security 16-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
owned by tux1 and replace it with a file owned by tux3. That’s what vi does
automatically in this case.
Security Files
__ 38. As tux2, look at the content of the following files:
• /etc/passwd
• /etc/group
• /etc/profile
» <ALT-F3>
» $ vi /etc/passwd
» $ vi /etc/group
» $ vi /etc/profile
» Notice that an ordinary user has the right to view these important file. This file
should be readable for all users in the system.
END OF EXERCISE
© Copyright IBM Corp. 2001, 2004 Exercise 16. User-Level Security 16-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Exercise Instructions
Configuring logging
__ 1. Look at the file /etc/syslog.conf and try to find out to which files the logging actually
goes. Take a look at these files as well.
__ 2. Try to log in as a valid user (for instance, tux1) but with an invalid password, an try to
log in as an invalid user. Then view the log entries.
__ 3. Change the /etc/syslog.conf file and make sure that everything that has to do with
authentication is logged in /var/log/secure. Then restart the syslog daemon.
__ 4. Again, try to log in as a valid user but with an invalid password, and try to log in as
an invalid user. Then view the log entries again.
END OF EXERCISE
END OF EXERCISE
Introduction
These exercises are designed for you to become familiar with adding
and managing printers and queues. In the area of printing there are
many commands that can be used to do the same thing. In many of
these cases we have provided only one command method. If you are
already comfortable with certain UNIX commands for handling print
activities, like submitting a print job, please feel free to use that
command.
Exercise Instructions
Note
If there are no printers available in the classroom, you cannot do these exercises.
CUPS
__ 1. Ask your instructor for printer details.
__ 2. Start the CUPS printer daemon and make sure it is started on system boot.
__ 3. Start a browser and enter the location “http://localhost:631”. Log in as root and
configure your printer.
__ 4. Select the printer and print a test page.
__ 5. Submit a file to the printer using the lpr command and see if the page is printed.
END OF EXERCISE
CUPS
__ 1. Ask your instructor for printer details.
__ 2. Start the CUPS printer daemon and make sure it is started on system boot.
» fedora/redhat# service cups restart
suse# rccups restart
» # chkconfig cups on
__ 3. Start a browser and enter the location “http://localhost:631”. Log in as root and
configure your printer.
» # konqueror
- or -
# mozilla
- or -
# galeon
» Enter “http://localhost:631” or “http://127.0.0.1:631” as location.
Note: Some browsers and/or distributions automatically configure proxies or
socks servers. If your browser refuses to connect, then check if all proxies or
socks servers are disabled.
» Click on “Administration”, and log in as root.
» Go to “Manage Printers” and click on “Add Printer”. When asked for a
username and password, enter “root” and your root password.
» Go through the different “Add new printer” screens, and configure a printer
name, location, description, device, make and model.
» Select the printer and go to “Configure Printer”. Select the correct paper size
and look for any options that you might need to modify.
__ 4. Select the printer and print a test page.
__ 5. Submit a file to the printer using the lpr command and see if the page is printed.
» # lpr -P <printer> /etc/passwd
END OF EXERCISE
Required Materials
To complete this exercise, you will need the following:
• A bootable network install diskette, which allows you to start the
rescue mode.
Exercise Instructions
The Linux Rescue Mode
__ 1. Change your /etc/inittab file so that runlevel 6 is the default runlevel.
__ 2. Insert your Linux boot CD into the drive and reboot the system.
__ 3. When the boot:-prompt appears, start the rescue mode.
__ 4. Depending on the rescue mode and medium used, you may or may not get
questions about:
• Language to be used
• Keyboard type
• Mouse type
• Network adapter to be used
• Boot protocol to be used (or static IP addressing)
• NFS server to be used.
All these questions need to be answered the same way as when you installed the
system.
__ 5. Some rescue modes will give you the option to automatically attempt to find an
existing Linux installation and mount it. Do not allow this since we want to go
through this process manually.
__ 6. On a Fedora/Red Hat system, you will now get a command prompt. On a SuSE
system, you need to log in first as root, without a password.
__ 7. Check whether the device /dev/hda exists. If not, create the device node for your
hard disk
__ 8. Make a list of all partitions on your hard disk and create device nodes for them if
these don’t exist.
__ 9. Perform a filesystem check on all partitions that contain a filesystem.
Note: The partition table contains the partition id, which is used by fsck to determine
the filesystem type, and thus which fsck.* variant to invoke.
__ 10. If you have LVM volumes, perform a vgscan to scan for volume groups, and
activate all volume groups that were found.
Note: Some distributions (Red Hat, SuSE) include the actual, individual LVM tools,
while others (Fedora) include an all-in-one tool lvm, which acts as a sort of subshell
but allows you to type the exact same commands.
__ 11. Make a list of all logical volumes in the volume group(s), and check all logical
volumes that contain a filesystem.
__ 12. Create a directory /mnt/sysimage and mount your root filesystem on it.
Uempty Note: On Fedora/Red Hat you can use e2label to determine which filesystem is your
root partition. On SuSE, there is no way to easily determine which partition is your
root partition. So you will need to use your documentation to find out which partition
is your root partition.
__ 13. Perform a chroot to the root filesystem.
__ 14. Mount all other partitions as well.
Note: If you mount /proc manually first, then you can use the mount -a command to
mount all other filesystems automatically.
__ 15. Change the /etc/inittab file and set the default runlevel to three.
__ 16. Unmount all filesystems and leave the chrooted shell. Then unmount the root
filesystem and exit the rescue mode.
__ 17. Remove the rescue media and wait until your system reboots. Was the rescue
attempt successful?
END OF EXERCISE
END OF EXERCISE
System location:
Processor(s):
Keyboard type:
© Copyright IBM Corp. 2001, 2004 Appendix A. Hardware Configuration Sheet A-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Sound adapter
Other devices:
© Copyright IBM Corp. 2001, 2004 Appendix A. Hardware Configuration Sheet A-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Student Exercises
Change log
Date, time, name Change performed
backpg
Back page
®