How to create restricted user in Linux

Introduction

Restricted users are made to run only specific commands allowed by the administrator to execute in terminal. So in order to restrict user following is the procedure.

Step 1: Copy bash shell

Copy bash shell from /bin/bash and paste it as new restricted bash shell.

# cp /bin/bash /bin/rbash
# chmod o+x /bin/rbash

Step 2: Create rbash shell user

# useradd -s /bin/rbash testuser
# mkdir /home/testuser/commands
# passwd testuser
# chown testuser:testuser /home/testuser/commands/

Step 3: Assign specific commands

# cp /usr/bin/free /home/testuser/commands/
# cp /usr/bin/grep /home/testuser/commands/
# chmod 755 /home/testuser/commands/free
# chmod 755 /home/testuser/commands/top

Step 4: Update user profile


# cd ~testuser/
# vi .bash_profile
PATH=$HOME/commands

How to create repository in Redhat 7 Linux

Introduction

Repository is database of application installation and up-gradation of packages which are available on different Linux distributions. The packages of distros are available on official websites or you can extract them from official CD/DVD. We can easily install, upgrade or delete packages from repository.

Step 1: Mount ISO from DVD or Folder

In order to create repository, first mount ISO image from Official DVD or download it from given websites.

# cd /root
# mount -o loop RHEL-7.0 Server.x86_64-dvd.iso /mnt/	(For Redhat 7)
# mount -r -t iso9660 -o loop -v rhel-server-6.4-x86_64-dvd.iso /mnt	(For Redhat 6)

Step 2: Create Repository

To create repository follow the following steps.

# cd /etc/yum.repos.d/
# vi rhel7.repo
[rhel7]
name=Redhat
baseurl=file:///mnt/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Step 3: Install Packages

Install Packages using yum command.

# yum clean all
# yum install ftp httpd gcc

How to create FTP user and assign quota in Solaris

Introduction

File Transfer Protocol(FTP) is a network protocol used for the transfer of files between a client and server on network.

Step 1: Create User

First create FTP user by using following method.

# useradd test
# passwd test

Step 2: Create FTP user Directory

Make a directory in ftpdata folder

# cd /ftpdata/
# ls -l
# mkdir test
# chown test:staff test

Step 3: How to assign quota for FTP User in Solaris

In order to assign quota to FTP user below is the method.

# zfs create ftpdata/test
# zfs set quota=50M ftpdata/test

Thanks, all done 🙂

How to install snmp in Redhat 7/CentOS 7

Introduction

SNMP stands for Simple Network Management Protocol. It is a protocol used to monitor servers. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.\

Step 1: Install SNMP

# yum install -y net-snmp net-snmp-utils
# cd /etc/snmp
# cp -p snmpd.conf snmpd.conf.dist
# echo "rocommunity public">snmpd.conf
# echo "syslocation here" >>snmpd.conf
# echo "syscontact root@localhost" >>snmpd.conf
# systemctl enable snmpd && systemctl start snmpd
# snmpwalk -v 1 -c public -O e 127.0.0.1
SNMPv2-MIB::sysDescr.0 = STRING: Linux rhel7.example.com 3.10.0-54.0.1.el7.x86_64 #1 SMP Tue Nov 26 16:51:22 EST 2013 x86_64
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
...

How to Install TOP package in Solaris 10

Step-1: PreRequisites

For installation of top, download the following package.

# wget http://www.sunfreeware.com/sparc/10/top-3.6.1-sol10-sparc-local.gz

Step-2: Extract Zip File

Extract top package using below command.

# gunzip top-3.6.1-sol10-sparc-local.gz

Step-3: Installation

Install and configure top package as given below:

# pkgadd -d top-3.6.1-sol10-sparc-local

The following packages are available:
  1  SMCtop     top
                (sparc) 3.6.1

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 

Processing package instance  from 

top(sparc) 3.6.1
LeFebvre et al

The selected base directory  must exist before
installation is attempted.

Do you want this directory created now [y,n,?,q] y
Using  as the package base directory.
## Processing package information.
## Processing system information.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.
## Checking for setuid/setgid programs.

Installing top as 

## Installing part 1 of 1.
/usr/local/bin/sparcv7/top
/usr/local/bin/sparcv9/top
/usr/local/bin/top
/usr/local/doc/top/Changes
/usr/local/doc/top/FAQ
/usr/local/doc/top/INSTALL
/usr/local/doc/top/LICENSE
/usr/local/doc/top/README
/usr/local/doc/top/Y2K
/usr/local/man/man1/top.1
[ verifying class  ]

Installation of  was successful.

Set Default Path

Set the default path of top command in user’s profile.

#echo $PATH
/usr/sbin:/usr/bin 
#vi ~.profile
PATH=/usr/sbin:/usr/bin:/usr/local/bin

How to Install Raid 1 in Solaris 10

# format
Searching for disks...done

AVAILABLE DISK SELECTIONS:
       0. c1t0d0 
          /pci@1f,0/pci@1/scsi@8/sd@0,0
       1. c1t1d0 
          /pci@1f,0/pci@1/scsi@8/sd@1,0
Specify disk (enter its number): ^Z

# prtvtoc /dev/dsk/c1t0d0s2 > c1t0d0s2.vtoc
# fmthard -s c1t0d0s2.vtoc /dev/rdsk/c1t1d0s2
# df -kh
# metadb -a -c 3 -f c1t0d0s7 c1t1d0s7
# umount /export/home
# metadb -a -c 3 -f c1t0d0s7 c1t1d0s7
# umount /export/home0
# metadb -a -c 3 -f c1t0d0s7 c1t1d0s7
# metainit -f d11 1 1 c1t0d0s0
# metainit -f d12 1 1 c1t1d0s0
# metainit d10 -m d11
# metaroot d10
# metainit -f  d21 1 1 c1t0d0s1
# metainit -f  d22 1 1 c1t1d0s1
# metainit d20 -m d21
# metastat | grep %
# vi /etc/vfstab
#device         device          mount           FS      fsck    mount   mount
#to mount       to fsck         point           type    pass    at boot options
#
fd      -       /dev/fd fd      -       no      -
/proc   -       /proc   proc    -       no      -
/dev/dsk/c1t0d0s1       -       -       swap    -       no      -
/dev/md/dsk/d10 /dev/md/rdsk/d10        /       ufs     1       no      -
#/dev/dsk/c1t0d0s7      /dev/rdsk/c1t0d0s7      /export/home    ufs     2       yes     -
#/dev/dsk/c1t1d0s7      /dev/rdsk/c1t1d0s7      /export/home0   ufs     2       yes     -
/devices        -       /devices        devfs   -       no      -
sharefs -       /etc/dfs/sharetab       sharefs -       no      -
ctfs    -       /system/contract        ctfs    -       no      -
objfs   -       /system/object  objfs   -       no      -
swap    -       /tmp    tmpfs   -       yes     -

How to Install TightVNC viewer in Linux

Introduction

TightVNC is a cross-platform free and open-source remote desktop software application.

Step 1: xStartup Installation

In order to install TightVNC, first install “X Window System” as prerequisites.

# yum groupinstall "X Window System" "Desktop"
# yum -y install tigervnc-server xorg-x11-fonts-Type1

Step 2: Configuration

Edit the TightVNC configuration file and set the geometry according to your monitor screen.

# vi /etc/sysconfig/vncservers
VNCSERVERS="1:test"
VNCSERVERARGS[1]="-geometry 1280x1024"

Step 3: Create User

Create test user so that user is able to view the GUI accordingly.

# useradd test
# passwd test
# su - test
# vncpasswd

Step 4: Start VNC Server

Start VNC Server, it will open the session against the users so that users are able to view the Graphical User Interface and enjoy.

# /etc/init.d/vncserver start
Shutting down VNC server: [  OK  ]
Starting VNC server: 1:test 
New 'test:1 (test)' desktop is test:1

Starting applications specified in /home/test/.vnc/xstartup
Log file is /home/test/.vnc/test:1.log

[  OK  ]
# chkconfig vncserver on

How to create IPMP in Solaris 11

Introduction

This article is aimed to give a walk through of how to create a Ldom in SUN/SPARC M6-32 machines. It provides a complete step to step procedure from scratch to the end.

Pre-requisites

Following steps should be taken care of before creating a Logical Domain.

# ipadm
NAME              CLASS/TYPE STATE        UNDER      ADDR
lo0               loopback   ok           --         --
   lo0/v4         static     ok           --         127.0.0.1/8
   lo0/v6         static     ok           --         ::1/128
net0              ip         ok           --         --
   net0/v4        static     ok           --         172.21.20.100/24
# ipadm delete-ip net0
# ipadm delete-ip net1
# ipadm create-ip net0
# ipadm create-ip net1
   
# ipadm create-ipmp ipmp0
# ipadm add-ipmp -i net0 -i net1 ipmp0
# ipadm create-addr -T static -a 172.21.100.20/26 ipmp0/v4

How to Create LDOM

Introduction

This article is aimed to give a walkthrough of how to create a Ldom in SUN/SPARC M6-32 machines. It provides a complete step to step procedure from scratch to the end.

Pre-requisites

Following steps should be taken care of before creating a Logical Domain.

• Identify requirements for creating a “Ldom” on Primary domain of M6-32 i.e CPU, Memory, Hostname & IP.
• Root login required for this procedure.
• Map a disk from storage for Operating System Installation. (Follow disk mapping SOP if required)

Login to Primary domain with Root use

Login via SSH on Primary domain of M6-32 on which you have planned to create the Logical domain. Make sure that you are logged in as a ROOT user, as all actions will required ROOT access. In my case I will create an LDOM on KLP4 control domain.

Once logged in please take a list of LDOMs that are already created so that you do not create two LDOMs with one name.

root@KLP4-CD # ldm list
NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME
primary active -n-cv- UART 64 100G 0.2% 0.2% 173d 21h

Now we will add the LDOM as per our requirement.

root@KLP4-CD # ldm add-domain TEST_LDOM

Once added please print the list again to see if the required LDOM has been added successfully.

root@KLP4-CD # ldm list
NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME
primary active -n-cv- UART 64 100G 0.2% 0.2% 173d 21h
TEST_LDOM inactive ------

As shown above the “TEST_LDOM” has been added successfully and is still inactive as we have only added a LDOM and has not started anything on it. So let’s proceed further.

Once the LDOM is added we can now assign CPUs & Memory as per our requirement by using the following commands.

root@KLP4-CD # ldm add-vcpu 8 TEST_LDOM
root@KLP4-CD # ldm add-memory 20G TEST_LDOM

I have now assigned 1 CPU with 8 cores means 8 Virtual CPUs to this LDOM and 20GB of physical memory. Let’s confirm it by printing the list of LDOMs again.

root@KLP4-CD # ldm list
NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME
primary active -n-cv- UART 64 100G 0.2% 0.2% 173d 21h
TEST_LDOM inactive ------ 8 20G

As you can see that LDOM now have 8 VCPUs and 20GB of memory as we assigned earlier so let us move further and assign the disk from Storage that we have created for Operating System installation.

root@KLP4-CD # ldm add-vdsdev mpgroup=MPd2 /dev/dsk/c4t50060E80166D5C23d2s2 VC00E@primary-vds0
root@KLP4-CD # ldm add-vdsdev mpgroup=MPd2 /dev/dsk/c3t50060E80166D5C35d2s2 VC00E@secondary-vds1

Above command contains Multi Pathing groups and Disk names along with controllers from both Primary & Secondary domains and LDEV ID that is assigned to the disk for Operating System installation.
Once the disk is added to both Primary & Secondary paths we can now assign the disk for the particular LDOM we want by using the following command.

root@KLP4-CD # ldm add-vdisk id=0 ID-VC00E VC00E@primary-vds0 TEST_LDOM

Once the disk adding procedure is complete we will have to add Virtual Switches / VLANs information that will be allowed for this LDOM.
To add VLANs for TEST_LDOM please use the following command.

root@KLP4-CD # ldm add-vnet pvid=202 vid=30,69,204,205,206 linkprop=phys-state id=0 vnet0 primaryaggr0-vsw0 TEST_LDOM

You also need to set AUTOBOOT as false so that the Domain doesn’t stuck at BOOT prompt when restarted.

root@KLP4-CD # ldm set-var auto-boot?\=false TEST_LDOM

Let us now bind the TEST_LDOM for the confirmation of assigned sources by using the following command.

root@KLP4-CD # ldm bind TEST_LDOM

Operating System installation

Mount the ISO image for Solaris 10 u11 to the LDOM for intial installation by using the following command.

root@KLP4-CD # ldm add-vdsdev /export/home/admin/sol-10-u11-ga-sparc-dvd.iso ISO@primary-vds0
root@KLP4-CD # ldm add-vdisk ISO ISO@primary-vds0 TEST_LDOM

The current status of LDOM after binding it to the PDOM should be as below.

root@KLP4-CD # ldm list
NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME
primary active -n-cv- UART 64 100G 0.2% 0.2% 173d 22h
TEST_LDOM bound ------ 5023 8 20G

Once we can see the status as BOUND we are good to start Operating System Installation on this TEST_LDOM by using the following command.

root@KLP4-CD # ldm start TEST_LDOM; telnet localhost 5023

The output will be as follows:
LDom TEST_LDOM started
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

Connecting to console "TEST_LDOM" in group "TEST_LDOM" ....
Press ~? for control options ..
NOTICE: Entering OpenBoot.
NOTICE: Fetching Guest MD from HV.
NOTICE: Starting additional cpus.
NOTICE: Initializing LDC services.
NOTICE: Probing PCI devices.
NOTICE: Finished PCI probing.

SPARC T5-8, No Keyboard
Copyright (c) 1998, 2014, Oracle and/or its affiliates. All rights reserved.
OpenBoot 4.36.1, 20.0000 GB memory available, Serial #83439719.
Ethernet address 0:14:4f:f9:30:67, Host ID: 84f93067.
Then we need to set the boot device so that Operating system can be installed.
{0} ok setenv auto-boot? true
auto-boot? = true
{0} ok
{0} ok
{0} ok
{0} ok devalias
iso /virtual-devices@100/channel-devices@200/disk@1
id-vc00e /virtual-devices@100/channel-devices@200/disk@0
vnet0 /virtual-devices@100/channel-devices@200/network@0
net /virtual-devices@100/channel-devices@200/network@0
disk /virtual-devices@100/channel-devices@200/disk@0
virtual-console /virtual-devices/console@1
name aliases
{0} ok
{0} ok
{0} ok
{0} ok setenv boot-device id-vc00e
boot-device = id-vc00e
{0} ok
{0} ok
Now we can BOOT the LDOM from ISO by using the following command on OK Prompt.
{0} ok boot iso
Boot device: /virtual-devices@100/channel-devices@200/disk@1 File and args:
SunOS Release 5.10 Version Generic_147147-26 64-bit
Copyright (c) 1983, 2013, Oracle and/or its affiliates. All rights reserved.
Configuring devices.
Using RPC Bootparams for network configuration information.
Attempting to configure interface vnet0...
Skipped interface vnet0
.
.
.
.
.
.
.
.
.
.
.
Keyboard Layout
qqqqqqqqqqqqqqqqqqqqqqqqq
^ [ ] Slovak
x [ ] Slovenian
x [ ] Spanish
x [ ] Swedish
x [ ] Swiss-French
x [ ] Swiss-German
x [ ] Taiwanese
x [ ] TurkishF
x [ ] TurkishQ
x [ ] UK-English
- [X] US-English

qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
USB keyboard
Creating new rsa public/private host key pair
Creating new dsa public/private host key pair

test_ldom console login: Jun 10 15:40:11 test_ldom sendmail[1537]: My unqualified host name (test_ldom) unknown; sleeping for retry
Jun 10 15:40:11 test_ldom sendmail[1526]: My unqualified host name (test_ldom) unknown; sleeping for retry
Jun 10 15:41:11 test_ldom sendmail[1526]: unable to qualify my own domain name (test_ldom) -- using short name
Jun 10 15:41:11 test_ldom sendmail[1537]: unable to qualify my own domain name (test_ldom) -- using short name

test_ldom console login: root
Password:
Jun 10 16:08:48 test_ldom login: ROOT LOGIN /dev/console
Oracle Corporation SunOS 5.10 Generic Patch January 2005
#
#
# bash
bash-3.2#
bash-3.2#
bash-3.2# df -h
Filesystem size used avail capacity Mounted on
/dev/dsk/c0d0s0 24G 5.3G 18G 23% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 32G 696K 32G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/platform/sun4v/lib/libc_psr/libc_psr_hwcap3.so.1
24G 5.3G 18G 23% /platform/sun4v/lib/libc_psr.so.1
/platform/sun4v/lib/sparcv9/libc_psr/libc_psr_hwcap3.so.1
24G 5.3G 18G 23% /platform/sun4v/lib/sparcv9/libc_psr.so.1
fd 0K 0K 0K 0% /dev/fd
/dev/dsk/c0d0s3 20G 112M 19G 1% /var
swap 32G 32K 32G 1% /tmp
swap 32G 40K 32G 1% /var/run
/dev/dsk/c0d0s4 20G 20M 19G 1% /export/home

Current status of LDOM in “ldm list” should be as below

root@KLP4-CD # ldm list
NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME
primary active -n-cv- UART 64 100G 0.5% 0.5% 173d 23h
TEST_LDOM active -n---- 5023 8 20G 0.3% 0.3% 32m

That’s it. Our new LDOM is ready to be used as a production machine.