Categories
RHCE 7 Study Guide

How to set Immutable Sticky bit with Chattr command

This tutorial explains Chattr command append (a) and immutable (i) attributes in detail with arguments and operation (read, copy, append, move, hard link & soft link). Learn how to delete a file secured with i attribute, remove a attribute, set/unset/list a and i attribute step by step with practical examples.

Since Linux is a multiuser networking operating system where several users access files or directories simultaneously, there is always a chance of deleting critical files or directories accidently or intentionally. The chattr command provides a better way to deal with this situation. The chattr command sets attributes on critical files or directories. Once attributes are set, accesses will be granted based on attributes instead of files or directories’ actual permission.

As we have already learned from previous parts of this tutorial, every file or directory have three types of permission (read, write and execute) for three types of user (owner, group and other). If attributes are not set, access will be granted based on this permission set, but if attributes are set, this permission set will be ignored while processing access request. In this tutorial we will learn the types of attribute and the way they are set on files or directories in detail with examples.

This tutorial is the last part of our article “Learn how to manage file permission in Linux step by step with examples”. You can read other parts of this article here.

Linux file permission explained in easy language

This tutorial is the first part of this article. It explains how to read the Linux file permission step by step with examples.

Chmod command in linux explained with example

This tutorial is the second part of this article. It explains how to set and manage file attributes and permission with chmod command in Linux from both symbolic and octal methods.

How to change default umask permission

This tutorial is the third part of this article. It explains how to change the default umask permission temporary and permanently.

Chattr Command Attributes; append and immutable



The chattr command supports several attribute, most of them are less significant and rarely used in file system management. For initial stage only two attributes are important; append and immutable.

Before we understand append and immutable attributes in details, let’s have a quick look on two important commands that are used to manage and list the attributes.

chattr command

This command is used to set or unset the attributes. This command uses following syntax.

#chattr [operator] [attribute flag] [filename]

In above command,

chattr: – This is the main command.

Operator: – There are three operators; + (add), – (remove) and = (keep). The operator ‘+’ causes the selected attributes to be added to the existing attributes of the files; ‘-’ causes them to be removed; and ‘=’ causes them to be the only attributes that the files have.

attribute flag: – This is an attribute which we want to upate.

filename: – This is the name of file which attribute we want to change.

lsattr command

This command is used to list the attribute of file or directory. This command uses following syntax.

#lstattr [File or directory]

In above command,

lsattr:- This is the main command.

[File or directory]:- The name of file or directory which attribute we want to list.

Now we know the both necessary commands used in managing and listing the attribute, let’s have some practical examples to understand attribute in detail.

How to set / unset / list a (append) attribute (Practical Example)



Append (a) attribute is used to control the file operation. If this attribute is set, file can only be appended. Regardless how much permission a user have, he cannot perform other file operations (such as move, edit or delete) except append operation.

To understand it practically, let’s create a directory /demo and a test file test-file under this directory.

make directory in linux

The /demo directory will be used to explain and perform all examples used in this tutorial. If you are following this tutorial with system, you should consider deleting this directory once you are finished with all exercises. This way, you can understand this concept without changing anything in existing file system.

Before we assign any attribute to this file, let’s check the default owner and attributes.

lsattr command

As we can see in above output, root is the owner and no attribute is set so far. Let’s add a (append) attribute on this file and verify again that attribute is added successfully.

chattr append attribute

As above output shows a (append) attribute has been set successfully. Now all classical file permission will be overruled by append attribute.

Regardless how much permission a user have, he will be able to perform the file operations allowed by append attribute only. To see it in action, let’s perform all regular file operations one by one.

Delete operation

chattr linux example

Edit operation

linux chattr example

Move or Rename operation

linux append attribute example

Hard link operation

chattr command example

Append operation

linux chattr command example

Read operation

chattr linux command example

Copy operation

chattr a flag example

Soft link operation

chattr soft link example

Following table summarize the test result from above outputs.

Allowed File Operation Denied File Operation
Read Edit
Append Rename or Move
Copy Delete
Soft link Hard link

In copy or soft link operation, attributes are not inherited from source file.

lsattr command

As we can see in above output, append attribute is not copied with the content of file. Since destination files are not protected with append attribute, they can be deleted as normal files.

chattr flag

How to remove a (append) attribute

To remove an attribute, following command is used.

#chattr –[attribute] [file name]

Following figure illustrates the example of removing append attribute.

remove a flag chattr command

Once attribute is removed, file can be deleted as a regular file.

remove a flag chattr example

How to set / unset / list i (immutable) attribute (Practical Example)

The immutable attribute can also be managed in the same way as we managed the append attribute. Let’s create another file named dummy-file in directory demo and set immutable on it.

chattr set i flag

Let’s perform all regular file operations again to see what action is permitted while immutable bit is set on file.

Delete operation

chattr i flag testing

Edit operation

immutable flag example linux

Append operation

i flag append testing

Move/rename operation

immutable bit testing linux

Hard link operation

linux chattr i flag testing

Read operation

i attribute read testing

Copy operation

chattr i flag copy testing

Soft link operation

linux i flag chattr command testing

Following table summarize the test result from above outputs.

Allowed File Operation Denied File Operation
Read Edit
Copy Rename or Move
Soft link Delete
Hard link
Append

As we know, a copied or soft link file does not inherit any attribute from parent; it can be removed as a regular file.

lsattr command

How to delete a file secured with i (immutable) attribute

To delete a file secured with immutable bit, we first have to remove immutable flag or attribute. Once attribute is removed, file can be deleted as a regular file.

remove i flag

Key points
  • Both append and immutable bits are used to protect a file or directory from accidently delete or update.
  • Both attributes provide same security features except i (immutable) bit does not allow append operation while a (append) bit does.
  • Both attributes allow read, copy and soft link operation.
  • A file created by copy or soft link operation does not inherit any attribute form source file.
  • The chattr and lsattr commands are provided by e2fsprogs package which is pre-installed in all modern Linux distributions.
  • Only root user (or user who has root privilege) can set immutable flag.
  • Directories can also be secured with attributes. Same command and attribute flag are used for directories also.
  • To set or remove a flag on all files or directories in a directory, –R option is used.

Chattr Command Attributes

Attribute Flag Description
A If this attribute is set, atime record of file is not modified.
a (append) If this attribute is set, file can be appended only.
c If this attribute is set, file will be automatically compressed by kernel
C This attribute will protract copy-on-write update on file
d If this attribute is set, file will be excluded from backup when the dump program is run.
D If this attribute is set on directory, the changes will be written to disk synchronously.
e This attribute indicates that the file is using extents for mapping the blocks on disk.
E This attribute is used by the experimental compression patches to indicate that a compressed file has a compression error.
h This attribute indicates that file is storing its blocks in units of the file system block size instead of in units of sectors.
i (immutable) File with this attribute cannot be modified, deleted, renamed, linked or appended. Only super user can set or clear this attribute.
I This attribute indicate that a directory is being indexed using hashed trees.
j With this attribute data will be written to journal before written to the file itself.
N This attribute indicates that the file has stored inline, within the inode itself.
s If this attribute is set, file is marked as deleted and its blocks are zeroed and written back to the disk.
S When a file with S attribute set is modified, the changes are written to disk synchronously.
t A file with this attribute does not have a partial block fragment at the end of the file merged with other files which file system supports tail-merging.
T A directory with this attribute will be deemed to be the top of the directory hierarchies for the purpose of the 0rlov block allocator.
u When a file with this attribute is deleted, its contents are saved.
X This attribute is used by the experimental compression patches to indicate that the raw contents of a compressed file can be accessed directly.
Z This attribute is used by the experimental compression patches to indicate a compressed file id is dirty.

That’s all for this tutorial. In next tutorial we will learn another Linux topic in detail.

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

How to change Default Umask Permission in Linux

This tutorial explains how Umask permissions, settings and values are defined through (login shell & non-login) in detail. Learn how to change default umask settings (777, 755, 644, 0222, etc.) globally (for all users), locally (for individual user) temporarily and permanently step by step with examples.

When we create a new file or directory, shell automatically assigns the default permission to it.
Default permission is the subtraction of umask permission and pre-defined initial permission.

Default permission = pre-defined initial permission – umask permission
  • The pre-defined initial permissions for files and directories are 666 and 777 respectively.
  • The default umask permissions for root user and remaining users are 0022 and 0002 respectively.
  • The pre-defined initial permissions are fixed and cannot be changed. The default umask permissions are flexible and can be updated as per requirement.
  • Umask permissions are also known as umask values or umask setting. All these words (umask permissions, umask values and umask setting) are used to represent the four numeric variables which are used to calculate the default permissions.

This tutorial is the third part of our article “Learn how to manage file permission in Linux step by step with examples”. You can read other parts of this article here.

Linux File permission Explained in Easy Language

This tutorial is the first part of this article. It explains how to read the Linux file permission step by step with examples.

Chmod command in Linux Explained

This tutorial is the second part of this article. It explains how to set and manage file attributes and permission with chmod command in Linux from both symbolic and octal methods.

How to set immutable sticky bit

This tutorial is the last part of this article. It explains how to set immutable or sticky bit in Linux including how to set append attribute.



Without any change in default umask permissions, all files created by user root will get 644 (666 – 022) permissions and all directories will get 755 (777-022) permissions.

default file permission linux

First bit (0) in default umask values represents a special permission (SUID, SGID or Sticky bit) which cannot be affected by umask. Since umask cannot affect this permission, it always uses a value zero (0) as the placeholder value in this field. A value zero (0) means, ignore it while calculating the default permissions. We will learn special permission in detail with examples in last part of this tutorial.

To understand it more clearly, let’s access Shell prompt from user root and create a new file and directory. Check the permissions of both file and directory with ls –l command.

umask example ls -l command

As we can see in above figure, by default file created by user root gets 644 permissions and directory gets 755 permissions.

In symbolic notation 644 stands for permissions; user (read and write) group (read) other (read) and 755 stands for permissions; user (read, write and execute) group (read and execute) other (read and execute).

How to change the default umask values



Umask values can be changed temporary or permanently. Temporary change will apply only in current shell session.
Once user is logged out, umask values will be restored to original values. Permanent change is done in configuration files,
it does not affect from system reboot.

Changing umask values temporary

To change umask values temporary, following command is used.

#umask [new values]

For example to change default umask values to 777, following command is used.

#umask 777

Let’s understand it with an example.

Create six directories named dir1, dir2, dir3, dir4, dir5 and dir6 with six different umask values;
default, 777, 000, 111, 222 and 444 respectively.

Create one directory named test-dir and one file named test-file in each directory to compare the umask effect on files and directories.

Default umask 022 and umask 777

default umask setting 0022

Umask 000 and Umask 111

umask 111

Umask 222 and umask 444

umask 444

In above example we changed umask values six times and each time we created one file and directory to see the effect
of umask permissions on default permissions.

Change in umask values will affect the default permissions of files and directories which will be created after the change.
It does not change the default permissions of existing files and directories. To understand it more clearly, let’s list all directories again.

umask default file testing

As we can see in above output each time we changed the umask setting, it affected the files and directories which were created after the change.

Changing umask values permanently

Linux is a multiuser network operating system where same Shell is being accessed by several users.
To provide a customized version of same Shell to everyone (user, script or process), a layer is
inserted between actual shell and end user. In this layer several configuration files are used to
create a user specific environment. Permanent umask setting is also configured in this layer. Based on requirement,
umask setting can be configured in multiple levels. In order to configure umask setting correctly, we have to understand
how shell is being accessed. A shell can be accessed in two ways; login and non-login.

Login shell

This is the shell environment which user receives just after the login. It provides a customized interface to interact with system.
It takes input command from user and display the result on standard output device. The command prompt which user receives just after the
login is example of login shell.

Non-login shell

This is the additional Shell interface which user accesses from login shell to perform a specific task.
Since it is accessed from a login shell, it inherits all customized properties of parent (logged in) shell. But at
the same time it is also a separate shell which allows us to override the default properties. Any terminal which we open in
GUI to execute the command is the example of non-login shell.

Based on targeted user and shell access type, permanent umask setting can be configured in four files.

umask permanent setting config file

Configuration file Type of setting Targeted user When applied Shell access type
/etc/profile Default setting All users including root While user login Login shell
/etc/bashrc Default setting All users including root While user access additional shell Non-login shell
/etc/profile.d/umask.sh Custom setting All users including root While user login and while user access additional shell. Both Login shell and non-login shell
/home/[user-name]/.bashrc Custom setting Individual user While individual user login and access additional shell Both Login shell and non-login shell

Custom setting always overrides the default setting. Default setting will be used only if custom setting is not configured.

Let’s take an example to understand how all these work at shell prompt.

Access the shell prompt from user root and create a regular user account.

create normal user linux

Check the default umask setting of user root and user regularuser

linux umask setting

As we can see in above output, default umask setting is 022 and 002 for user root and user regularuser respectively.

Let’s figure out which file is used to define this setting.

umask setting config files

By default umask setting for login shell and non-login shell is same. To understand which set of umask permissions is used we have
to understand the type of shell.

How did we access the shell is the answer of which set of umask setting is used.

Did we supply the username and password to access the above shell? No, we accessed this shell from a right click menu.

right click desktop menu linux

Since we did not supply the user name and password to access this shell, it would be considered as non-login shell.
For non-login shell /etc/bashrc file is used.

Let’s take an example of login shell. Open two separate consoles (by pressing Alt+Ctrl+F2 and Alt+Ctrl+F3 keys combination)
and login from user root and user regularuser respectively. Check the umask setting which both users receive.

umask setting testing

How to change the system default umask setting

Switch back to GUI (by pressing Alt+Ctrl+F1 keys combination) and take the backup of both configuration files.

backup default umask config file

Now change the default umask setting in /etc/bashrc file as listed below

For regular user, set it to 444 (old value 002)
For root user, set it to 555 (old value 022)

/etc/bashrc file umask setting

We changed umask setting in /etc/bashrc file which control the non-login shell. To test where this change is applied,
let’s check umask setting again. Change cannot be applied in running terminal; we have to access the other terminal for testing.
Open another terminal and test umask setting for both users. Use su command to switch the user account.

umask setting bashrc file testing

As we can see in above output, umask values have been changed.

Tips

The su (switch user) command is used to access the non-login shell. Even though it switches user account after authenticating user
name and password, it cannot be considered as a login shell. A shell will be considered as a login shell only when it is accessed
through the console (such as tty prompt or gui login screen) or a protocol which is used for remote login (such as SSH, FTP, etc.).

Since we only changed /etc/bashrc file which control non-login umask permissions, the umask permissions for login shell should not be changed.

To confirm it, access two TTY consoles (use Alt+Ctrl+F4 and Alt+Ctrl+F5 keys combinations) and login from user root and user regularuser.

umask example testing bashrc file

As above output confirms, umask permissions are not changed for login shell.

Switch back to GUI console and update umask permissions in /etc/profile file.

For root user set it to 222
For regular user set it to 111

Linux umask setting testing

Re-login from both users (root and regularuser) in their respective consoles and check the default umask permissions.

umask setting testing

As above output confirms, umask permissions have been changed. Since this time we changed the file which controls login shell,
a non-login shell should not be affected. To confirm it, switch back to GUI console and close the opened terminal.
Access new terminal and check umask permissions for both users again.

umask permission testing

As we can see in above output, umask permissions in non-login shell are not changed.

When we changed /etc/bashrc file, the umask permissions for non-login shell were changed but umask
permissions for login shell remained unchanged. Just like this, when we changed /etc/profile file, the umask permissions for
login shell were changed but umask permissions for login shell remained unchanged.

How to override default umask setting

If we want to use the separate umask permissions for both login and non-login shells then we have to
update the associated files individually. But if we want to use the same umask permissions for both (login shell and non-login shell)
then we can use shell override feature. The /etc/profile.d/ directory is used to define the override values.
Before we practice with this feature lets restore the default configuration files back.

restore default backup file

Now create a script file in /etc/profile.d directory with desired umask permissions.

umask script file

Close the opened terminal and open a new terminal and check the default umask permissions for both users.

umask setting testing

Above output confirms that umask permissions for non-login shell have been updated.

In console logout from logged in users. Login again and check the default umask permissions.

umask setting overide testing

As we can see in above output, umask permissions for login shell are also updated.

In above example we configured same umask permissions for all users. But if it requires, we can also configure
separate umask permissions for root user and remaining users.

To configure separate umask values, open two terminals. In first terminal open /etc/bashrc file and in second terminal
open /etc/profile.d/umask.sh file. Remove umask values from /etc/profile.d/umask.sh file which we configured in previous step.

umask setting configuration

Copy the directives which assign umask setting from /etc/bashrc file and paste in /etc/profile.d/umask.sh file

umask setting updated

To test the umask setting, configure following values and save the file and close the terminal.

For root, set it to 456
For remaining users, set it to 123

umask setting configured

Reopen the terminal and test the umask setting for both users.

umask testing gui

Switch to opened consoles and logout from both users. Login again and check the umask setting.

umask testing console

Individual umask permissions

Umask setting configured in any /etc/ sub-directory is known as global umask setting. Global setting affects all users.
If we want to configure the umask setting only for a specific user then we have to use the local umask setting.
Umask setting configured in user’s home directory is known as local umask setting. In home directory
.bashrc file is used to configure the local umask setting.

Configuring individual user umask permissions

Before we configure the local umask setting, remove the custom script file which we created in previous step.
Switch to user’s home directory and open .bashrc file and add following line in the end of the file

umask [values]

Save the file and check the umask setting.

Following figure illustrates above practice step by step.

umask local setting

Default umask permissions for home directory

When we add a new user, a home directory for that user is also being created. If umask setting in /etc/login.defs file is
configured then
the default permissions for home directory would be calculated based on these setting.

Let’s understand it practically.

  • Backup the /etc/login.defs file and open it for editing
  • Update the umask setting and save the file
  • Add a new user and check the default permissions of home directory
  • Restore the original configuration file back

Following figure illustrates above process step by step

umask setting login defs

Umask permissions configured in /etc/login.defs apply only on newly created home directories.

Key points
  • If umask setting is configured in .bashrc file, user will always receive umask setting from this file regardless whatever setting is configured in other files.
  • If umask setting is not configured in .bashrc file then /etc/profile.d/umask.sh file is used.
  • The file name umask.sh is an indicative name only. You can choose any descriptive name for script file. The script file must be placed in /etc/profile.d directory.
  • If umask setting is neither configured in .bashrc nor in /etc/profile.d/umask.sh then default configuration files are used.
  • Default configuration files are /etc/profile and /etc/bashrc for login shell and non-login shell respectively.

That’s all for this part. In next part of this tutorial we will learn how to configure the special permission in detail with examples.

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

How to use Chmod command in Linux Explained with Examples

This tutorial explains chmod command symbolic notation (r, w, x, a) and octal notation (0, 1, 2, 4) in detail with chmod command arguments and options. Learn how chmod command is used to manage Linux permission levels (user, group and other) and types (read, write and execute) step by step with practical examples.

Permission levels and types

Each file and directory has three permission levels (user, group and other) and three types of permission (read, write and execute) in each level. These levels and types define who can do what with a particular object (file or directory). Permission levels and types are always mapped in following sequence.

User (Read, Write, Execute), Group (Read, Write, Execute) and Other (Read, Write, Execute)

This tutorial is the second part of our article “Learn how to manage file permission in Linux step by step with examples”. You can read other parts of this article here.

Linux File Permission Explained in Easy Language

This tutorial is the first part of this article. It explains how to read the Linux file permission step by step with examples.

How to change default umask permission in Linux

This tutorial is the third part of this article. It explains how to change the default umask permission temporary and permanently.

How to set Immutable Sticky bit in Linux

This tutorial is the last part of this article. It explains how to set immutable or sticky bit in Linux including how to set append attribute.

At shell prompt, symbols are used for permission levels and types instead of their full name. Following table explains relationship between permission levels and types with associated symbols.

linux permission level and type

If a hyphen sign is used in any type field then that level does not have that type of permission.



To view, what permission type is set in each permission level; the ls –l command is used.

ls -l command explained

Object User permission group permission other permission
test-dir read, write and execute read and execute read and execute
test-file read and write read read

To learn more about how to read linux file permission, see the first part of this tutorial.

Chmod command explained

The chmod command is used to modify the permission types for files and directories. It works identically for both files and directories. It means same command is used to update the permission types for both files and directories.

Chmod command accepts arguments in two notations; symbolic and octal. In symbolic notation arguments are supplied in symbolic form while in octal notation arguments are supplied in octal form.

Chmod command symbolic notation



In symbolic notation following syntax is used.

#chmod [permission level] [+/-] [permission type] object

In above command: –

chmod: – This is the main command.

[permission level]: – The permission level (user, group or other) which we want to update.

[+/-] :- The plus (+)sign is used to add the permission while the minus (-)sign is used to remove the permission.

[permission type]: – The permission type (read, write or execute ) which we want to update.

object: – The object which permission type we want to update.

Chmod command practical example

Create a test file named test-file and note down its default permission.
Now run following commands to see how chmod command changes permission type in supplied level (as first argument).

Command Description
chmod u+x test-file Add execute permission for user on test-file
chmod g+wx test-file Add write and execute permission for group on test-file
chmod o+wx test-file Add write and execute permission for other on test-file
chmod o-rwx test-file Remove read, write and execute permission for other on test-file
chmod g-rwx test-file Remove read, write and execute permission for group on test-file
chmod o-rwx test-file Remove read, write and execute permission for user on test-file

To verify the effect, use ls –l command after of each command.

Following figure illustrates above commands.

chmod command

To specify the multiple combinations of permission levels and types, use comma (,) to separate each combination from other.
For example, following command uses two combinations; first adds write permission for group while second removes execute permission for other.

 #chmod w+g,x-o test-file

Let’s take one more example. Add read, write and execute permission for user, read and write permission for group and execute permission for other.

chmod command linux example

If permission level is omitted, permission type will be changed for all three levels.

For example, in following command read permission will be added for all three levels; user, group and other.

#chmod +r test-file

Above command should not be used to update the permission types on all levels. If we want to update the same permission
types on all three levels then we should use letter a (symbol of all) to represent all permission levels.

Following command shows the correct way to use above command.

#chmod a+r test-file

Let’s test both ways to update all permissions.

Linux chmod command example

As we can see in above output, when we omitted permission level, it did not work as excepted.
It skipped write permission for group and other in both cases; add and remove.

But when we used letter a (which stands for user, group and other collectively) in permission level field, it worked as excepted. It updated all permission types correctly for all permission levels.

When we omit permission level, chmod command updates permission types on all levels excluding umask bits which have value except zero.

Before we understand this concept in more detail, let’s understand how chmod command works in octal notation.

Chmod command octal notation

In octal notation we use numbers instead of symbols for permission types. This notation assigns a unique number to each permission type.

Permission Type Symbolic Value Octal Value Permission on file Permission on directory
Read r 4 Can read the file Can list the directory
write w 2 Can write in file Can create new file or directory in directory.
Execute x 1 Can execute the file Can navigate through the directory
No permission 0 Cannot do anything Cannot do anything

Unlike symbolic notation where three fields are available in each level, in octal notation there is only one field available in each level.

To update multiple permission types, we have to sum all octal values.

Symbolic notation Octal notation Permission Type
r 4 Read permission
w 2 Write permission
x 1 Execute permission
rw 6 (4+2) Read and write permission
rwx 7 (4+2+1) Read, write and execute permission
r-x 5 (4+0+1) Read and execute permission
r– 4 (4+0+0) Read permission
-wx 3 (0+2+1) Write and execute permission
0 (0+0+0) No permission

Let’s take some examples to understand octal notation in detail.

chmod command octal notation

Unlike symbolic notation, octal notation does not have any symbol or value for permission levels.

For permission level, it depends on the standard sequence; user, group and other. If we omit the any permission level, it will update permission levels in reverse order while assuming 0 in omitted filed.

Command which you type Command which shell runs Description
chmod 0 test-file chmod 000 test-file remove all permissions from all levels
chmod 7 test-file chmod 007 test-file remove all permissions from user and group and add read, write and execute (4+2+1 = 7) permission for others
chmod 57 test-file chmod 057 test-file remove all permission form user and add read and execute permission for group and read, write and execute permission for other
chmod 457 test-file chmod 457 test-file add read permission for user, read and write permission for group and read, write and execute permission for other

chmod-octal-notation-example

In symbolic notation we skipped following topic.

If we omit permission levels, permission types will be updated for all levels excluding umask bits which have value except zero.

Let’s understand this topic in detail now.

When we create a file or directory first time, shell automatically assigns default permission to it based on umask permission. The umask permission is a reference permission that is used to calculate the default permission.

Next part of this tutorial explains umask permission in detail with examples. This part only explains how (on) umask bits affect the chmod command if we omit the permission level in symbolic notation.

To view umask permission, following command is used.

umask command

In umask permission first bit has no meaning. After excluding it next three bits represent permission types for user, group and other respectively.
We only need to look for a value (other than zero) in second, third and fourth field.

Let’s take an example to understand this more clearly.

Suppose user root updates the permission types of file named new-file with symbolic notation without specifying permission levels,
now understand how this will be processed.

Default umask file permission for root user is 0022.

Umask bit 0 0 2 2
permission level user group other

In above permission, only group and other have value other than zero. Both group and other have value 2 which
represent write permission in octal notation. So if root user omits permission levels, permission type will be updated for all levels excluding
write permission for group and other.

Following figure explains this example as shell prompt.

chmod command example

If we just want to know the final permissions or permission which will be excluded if we skip the permission level in symbolic notation, we can use –S option with umask command.

umask -s command

Key points
  • Each file and directory in Linux has three permission levels; user, group and other. Each permission level has three types of permission; read, write and execute.
  • Permission levels and permission types are always mapped in same sequence; user (read, write and execute), group (read, write and execute) and other (read, write and execute).
  • Chmod command is used to change the permission types for any object.
  • Chmod command supports two types of notations; symbolic and octal.
  • In symbolic notation symbols are used for permission levels (u for user, g for group and o for other) and permission types (r for read, w for write and x for execute).
  • In octal notation numbers are used for permission types (4 for read, 2 for write and 1 for execute). Octal notation does not use any symbol or number for permission levels. For permission levels it depends on standard sequence (user, group and other).
  • If we omit permission level in symbolic notation, permission type will be updated on all levels except the umask bits which have value other than zero.
  • To update same permission type in all levels, symbol a (stands for all) is used in symbolic notation.
  • If we skip permission level in octal notation, shell will automatically append value zero in missing permission level field before processing it.

That’s all for this part. In next part of this article, we will understand umask permission in detail with example.

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

How to Configure Squid Server in Linux

This tutorial explains how to configure Squid Proxy server in Linux step by step with practical example. Learn how to use Squid proxy server to allow or deny hosts to access the internet, control what users can access from internet and cache already viewed contents for faster internet access speed in detail.

Proxy servers operate as an intermediary between a local network and Internet. Requests from local clients for web services can be handled by the proxy server. Squid is a high-performance HTTP and FTP caching proxy server. It is also known as a Web proxy cache. As it stores data from frequently used Web pages and files, it can often give your users the data they need without their systems having to look to the Internet.

From squid web proxy server you can control what should be access on your network from internet. It could be act as a filter that could filter everything from porn site to advertise , videos.

In our example we will configure squid web proxy server and filter sites and deny permission to specific host from accessing internet.

Configure squid web proxy server

squid rpm is required to configure squid web proxy server check it for install if not found install it.

sqid rpm

check the hostname and ip address of server it will be use in editing of squid.conf

hostname

Main Squid configuration file is squid.conf in the /etc/squid/ directory. This file contains over 4000 lines in , but only a few are active by default. Most of this file is filled with comments that describe most directives and associated options. To make editing easier use show line numbers options and locate desire tag from line number. We suggest you not to cram line number use them only to locate the desire tag as a simple enter can change the number of all lines in file.

open /etc/squid/squid.conf for editing

vi squid.conf

show hidden line with : set nu option on vi command mode

You need to add three lines to the squid.conf file in the /etc/squid/ directory before activating Squid



First editing is about hostname locate visible_hostname tag near about line no 2835

visible_hostname tag

Go in the end of this tag near about line no and add the hostname which you have checked in pervious command

visible hostname

By default squid works on port no 3128 but can change this. Port tag is located near line no 73

port number tag

For our example we using the default port.

Next editing is to create access control list. Access control tag is located near the line no 2226

access control tag

We will create three access list.

  • First to block host with ip address 192.168.1.7 from accessing internet.
  • Second to block a particular site.
  • Third to allow our lab network for accessing internet.

Go in the end of access control tag near about line 2410 and create access list as show here

access list tag in squid.conf

Final editing is to implement whatever access list you have configured in access list tag go to http access tag near line no 2482

http access tag

In the end of this tag near line no 2529 apply the configured access list

http access

Be very careful about the order of access list alway put http_access deny all line in the end of all line. Whatever access list defined below the http_access deny all line will never be checked.

You have made necessary changed in squid.conf now save it and return to command prompt.

We have created a access list web_deny to filter the web traffic. We have set http_access deny web_deny tag in squid.conf. Now you can add the url of those websites in this file which you want block.

Now create /etc/squid/web_deny file.

vi web_deny

for testing purpose in our example we are blocking www.google.com

editing in web deny

you can add any sites url in this file which you want to block.

You have completed all necessary steps now start the squid service.

service squid restart

Squid client configuration

On client set the ip configuration. Set proxy servers ip 192.168.1.3 to default getway and dns server ip on client system.

ip setting

Now open the web browser and set the port number and ip address of proxy server in connection tab

internet explorer setting

If you can successful retrieve website mean squid is working correctly

web page

Now try to open www.google.com

deny web access

Now go system which ip address is 192.168.1.7 and try to access after doing same setting

deny host in squid

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

Linux File Permission Explained in Easy Language

This tutorial explains Linux permission levels (owner, group & other) and permission types (read, write & execute) in detail with examples including how to change the ownership of file and directory (with chown and chgrop command) and read the applied permissions on an object from output of ls –l command step by step.

Basic concepts of Linux file permission

Just like other operating system, Linux also protects resources with a set of permissions.
These permissions define how a user should be allowed to access the resources.
A user is anyone who accesses the resource such as user account, system process or application.
A resource is an object which is being accessed by user such as file, directory or device.

Each object has three levels of permissions; user owner permissions, group owner permissions and other permissions.
These permissions define how user, group and others can access that object respectively. In order to understand these permissions, we first need to understand user owner, group owner and others.

  • User owner is the user who created that object or designated as user owner by actual owner or root user.
  • Group owner is the primary group of user owner or designated group by actual owner or root user.
  • All remaining users and groups are considered as others.

Let’s take an example, user vikarm whose primary group is developer created a file named config.
In this example, file config is the object, user vikarm is the user owner, group developer is the group owner and rests are the others.
So, whatever permission file config has in owner, group and other fields will apply on vikarm (user),
developer (group) and remaining (others) respectively.

This tutorial is the first part of our article “Learn how to manage file permission in Linux step by step with examples”. You can read other parts of this article here.

How to use chmod command in Linux Explained with Examples

This tutorial is the second part of this article. It explains how to set and manage file attributes and permission with chmod command in Linux from both symbolic and octal methods.

How to change default umask permission in Linux

This tutorial is the third part of this article. It explains how to change the default umask permission temporary and permanently.

How to set immutable bit with chattr command

This tutorial is the last part of this article. It explains how to set immutable or sticky bit in Linux including how to set append attribute.

How to read default file permission



As we know, each object has three permission levels; user (owner), group (owner) and others. Each permission level has three types of permission; read, write and execute. Permission levels and types are always mapped in following sequence.

User (Read, Write, Execute), Group (Read, Write, Execute) and Other (Read, Write, Execute)

At shell prompt, symbols are used for permission levels and types instead of their full name.
Following table explains relationship between permission levels and types with associated symbols.

linux permission and types

If a hyphen sign is used in any type field then that level does not have that type of permission.

Let’s take one more example to understand permission levels and types in more detail.

User Sanjay created a file named record. The primary group of user Sanjay is Account. The group Account has two members;
Sanjay and Krishna. Permission on file record is assigned as rwx in user level, rw- in group level and r– in other level.

linux file permisison example

Permission in user level is set to rwx, which means who is the owner of this file can read (r), write (w) and execute (x) this file. In this example, owner of this file is Sanjay, so he can read, write and execute this file.

Permission in group level is set to rw-, which means anyone who is the member of Account group can read (r) and write (w) this file but he cannot execute this file. A hyphen (-) sign means there is no permission set in that particular field. In this case, hyphen sign is used in last place which represents execute permission. In this example, user Krishna belongs to group Account which means he can read and write this file but he cannot execute this file.

Permission in others level is set to r–, which means all remaining users can only read this file. They cannot write or execute this file.



Let’s take a practical example to understand how all this work at shell prompt.

  • Accesses shell prompt from user root and create a group named rhcelab.
  • Create a new user named test-owner.
  • Use group rhcelab as the primary group for user test-owner.
  • Switch account to user test-owner.
  • Move in home directory.
  • Create a directory named test-dir.
  • Create a file named test-file.
  • Run ls –l command.

Following figure illustrates above steps.

file permission example

The output of ls –l command provides detailed information about permission.
It has six fields; permission types, hard links, user owner, group owner, last modified date with time and name of object.

ls -l output explained

Permission Type: – This field has eleven sub fields. Each field represents a special meaning in permission.

First field shows whether the object is a directory or a file. If there is a letter d in this field then object is the directory.
If there is a hyphen sign in this field then the object is a file. Permission type works in different way for files and directories.

Permission Type File Directory
Read Can view the content of file Can view the content of directory
Write Can write content in file Can make new file or directory in directory
Execute Can execute the content of file Can navigate through the directory

Next nine fields show the assigned permission types (read, write and execute) in each level (user, group and other).

ls -l command output

Object User permission Group permission Others permission
test-dir read, write and execute read and execute read and execute
test-file read and write read read

Last field shows a special type of permission which we will understand in detail with examples in last part of this tutorial.

Hard links: – Number of hard links this object has.

User owner: – User owner of this object.

Group owner: – Group owner of this object.

Date with time: – Last modified time with date.

Name: – Name of object.

How shell checks file permission

How much a user has permission on object (file or directory) is determined in following order.

  • If he is the owner of object, permissions which are set in user owner field will be applied.
  • If he is the member of group, permissions which are set in group owner field will be applied.
  • If he is neither the owner of file nor the member of group, permissions which are set in other field will be applied.

Owner, group and other are always checked in same sequence. Once a match is found, further levels are ignored.

  • If you are the owner of object, group and other field permission will never be checked for you.
  • If you are not the owner of object then group field permission will be checked.
  • If you are the member of group owner, other field permission will never be checked for you.
  • If you are neither the owner of file nor the member of group, other field permission will be checked for you.

To understand how shell checks file permission more clearly, let’s extend pervious example.

Exit from user test-owner and run following commands.

chmod example

The chmod command is used to change the permission types. Second part of this article explains how to configure and
manage the file permission in detail with example.

We have changed default permissions. Following table lists new permissions.

Object User owner group owner other
test-dir read, write and execute read and execute execute
test-file read and write and execute read and execute

Testing user owner file permission

User test-owner has all permissions on file. He should be able to read, write and execute the file. Let’s it check out.

Switch to user test-owner and change directory to /home/test-owner.

Run following command to test the write permission.

#cat > test-file
echo “hello”

Use Ctrl+d key combination to save and exit from this file.

If user is able to write the file, it means he has the write permission.

Run following command to test the read permission.

#cat test-file

If user can read the contents of file then he has the read permission.

Run following command to test the execute permission.

#./test-file

While testing write permission, we wrote a simple command in file which prints hello word on terminal.
In output of above command you should get hello word on terminal.

If user can run above command then he has execute permission.

Testing user owner directory permission

User test-owner also has all permissions on directory. He should be able to list, write and navigate through the directory. Let’s it check out.

Run following command to test the execute permission.

#cd test-dir

If user is allowed to change the directory then he has execute permission.

Run following command to test the write permission.

#mkdir test-owner-dir

If user can create new directory then he has the write permission

Run following command to test the read permission.

#ls

If user can list the content of directory then he has the read permission.

Following figure illustrates both testing

chmod command testing

Testing group owner file and directory permission

Exit from test-owner user and switch to user test-group.
The user test-group belongs to the group rhcelab which is the primary group of owner.
Group owner has read and execute rights on both objects. Being a group member, user test-group should be able to read and execute both
objects but he should not be able to write any object.

Let’s test all permission types one by one, as we have just done from test-owner user account.

linux chmod example

As output shows user test-group is unable to perform write action while he is allowed to perform read and execute action on both objects.

Testing other owner file and directory permission

In this example, other has no permission on file test-file and read permission on directory test-dir.
To test these permissions, we need a user who is neither the owner of object nor belongs to the primary group of owner who owns the object.
For this purpose create a separate account “test-other” and exit
from user “test-group” and switch to user “test-other”.
Now test all permissions step by step.

chmod command example

As above output confirms that user test-other is only able to navigate through the test-dir directory. He is unable to perform any other tasks.

How to change ownership of file and directory

As we have learned, owner and group are the primary objects while working with file permission. Both have their own dedicate field in file permission. Whatever permission is set in their respective field defines what they can do with that object. If we change the owner or group of a file, new owner or group will automatically receive the assigned permission.

Let’s take an example. User sanjay is the owner of file named data. User has read, write and execute permission on file.
If we change the owner of file from sanjay to mike, user mike will get read, write and execute permission on file.

To understand it more clearly let’s take a practical example.

Accesses shell prompt from root user again and add two user accounts; maya and mini.

useradd linux

Add a group named webdeveloper and add both users in it. Create a folder webproject and view its default permissions.

groupadd linux example

When a user creates file or directory, shell automatically applies default ownership on it.
In default ownership, user who creates the object (file or directory) is considered as user owner and the primary group of user owner is considered as the group owner of object.

In this example user root (whose primary group is also root) created the directory webproject, so user root becomes the
user owner and group root becomes the group owner.

Can you figure out what permissions user maya and mini have on directory webproject?

Since user maya and user mini are neither the owner of directory nor belong to the primary group of owner,
they will be considered as other and other has –x permission on directory. As we know –x permission for directory means they
can navigate through this directory but they cannot list or create the content in this directory.

linux permission example

To change the ownership, following command is used.

#chown [New-owner] [object]

In this command New-owner is the name of new user or group and object is the name of file or directory which ownership we want to change.

Since same command is used to change the ownership of both user and group, a dot (.) or colon ( : ) is used in front of the group name.

Changing user ownership

Let’s change the user ownership to user maya and test all permissions again from both users.

linux file permission testing

As we can see in above output, user maya now has owner permission while user mini still has other permission.

Changing group ownership

Now change the group ownership to group webdeveloper and test all permissions again.
To test other permission, use any user account which is not the member of group owner.

chomod command example

As we can see in above output, being a member of webdeveloper group user mini got r-w permission on directory webproject this time.

Changing both user and group ownership with single command

We can specify both user owner name and group owner name in single command.

chgrp command example

There are two important rules which we have to follow while updating both ownerships in single command.

  • Never put a space between user owner name and group owner name. If you do, second name will be treated as an object (name of file or directory).
  • Always put a dot (.) or colon (:) in front of the group name. If you omit it, group owner name will be treated a user owner name.

Changing ownership recursively

The –R option is used to change the ownership recursively.

chmod -r option

chgrp command

If we only want to change the group ownership, we can also use chgrp command instead of chown command.

chgrp command syntax
#chgrp [New group name] [object]

Since this command is used to change group owner only, it does not need any dot (.) or colon (:) in front of the group name.

This command also supports –R option to change permission recursively.

chgrp command -r option

Key points
  • Each file and directory in Linux has three permission levels which define how users can access it. These levels are user, group and others.
  • Each permission level has three types of permission; read, write and execute. Permission type defines what a user can do with a particular object.
  • What permission types are set in each level for any object can be viewed with ls –l command.
  • First field in output of ls –l command shows the mapping of permission levels and permission types.
  • Permission level and permission types are always mapped in user (rwx)group(rwx)other(rwx) sequence. If any level does not have any specific type of permission then a hyphen sign is used in that place to show the negative permission.
  • Same permission type has different meaning for file and directory.
  • When we change the ownership of any object, all associated permissions are also changed. Only root user or the owner of that object can change the ownership.
  • The chown command is used to change the ownership of file and directory. It can change both user and group ownership.
  • The chgrp command is also used to change ownership of file and directory. It only changes group ownership. It cannot change user ownership.

That’s all for this part. In next part of this article we will learn how to configure and manage file permissions step by step with examples.

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

How to configure DNS Server in Linux

This tutorial explains how to configure DNS server in RedHat Linux step by step with practical example. Learn how to configure DNS Server (Master, Slave, Caching-only and Forwarding-only), DNS Zone (Forward and Reverse), DNS lookup, Chroot DNS environment and DNS clients in detail.

A DNS server, or name server, is used to resolve an IP address to a hostname or vice versa.

You can set up four different types of DNS servers:

  • A master DNS server for your domain(s), which stores authoritative records for your domain.
  • A slave DNS server, which relies on a master DNS server for data.
  • A caching-only DNS server, which stores recent requests like a proxy server. It otherwise refers to other DNS servers.
  • A forwarding-only DNS server, which refers all requests to other DNS servers.

Before configuring BIND to create a DNS server, you must understand some basic DNS concepts.

The entire hostname with its domain such as server.example.com is called a fully qualified domain name (FQDN). The right-most part of the FQDN such as .com or .net is called the top level domain, with the remaining parts of the FQDN, which are separated by periods, being sub-domains.

These sub-domains are used to divide FQDNs into zones, with the DNS information for each zone being maintained by at least one authoritative name server.

The authoritative server that contains the master zone file, which can be modified to update DNS information about the zone, is called the primary master server, or just master server.

The additional name servers for the zone are called secondary servers or slave servers. Secondary servers retrieve information about the zone through a zone transfer from the master server or from another secondary server. DNS information about a zone is never modified directly on the secondary server

chroot features

chroot feature is run named as user named, and it also limit the files named can see. When installed, named is fooled into thinking that the directory /var/named/chroot is actually the root or / directory. Therefore, named files normally found in the /etc directory are found in /var/named/chroot/etc directory instead, and those you would expect to find in /var/named are actually located in /var/named/chroot/var/named.

The advantage of the chroot feature is that if a hacker enters your system via a BIND exploit, the hacker\’s access to the rest of your system is isolated to the files under the chroot directory and nothing else. This type of security is also known as a chroot jail.

Configure dns server



In this example we will configure a dns server and will test from client side.

For this example we are using three systems one linux server one linux clients and one window clients.

bind and caching-nameserver rpm is required to configure dns. check them for install if not found install them.

rpm

set hostname to server.example.com and ip address to 192.168.0.254

set hostname and ipaddress

main configuration file for dns server is named.conf. By default this file is not created in
/var/named/chroot/etc/ directory. Instead of named.conf a sample file /var/named/chroot/etc/named.caching-nameserver.conf is created. This file is use to make a caching only name server. You can also do editing in this file after changing its name to named.conf to configure master dns server or you can manually create a new named.conf file.

In our example we are creating a new named.conf file

vi named

We are using bind\’s chroot features so all our necessary files will be located in chroot directory.
Set directory location to /var/named. Further we will set the location of forward zone and reverse
lookup zone
files.

Do editing exactly as shown here in image

named.conf

save this file with :wq and exit

Configure zone file

We have defined two zone files example.com.zone for forward zone and 0.168.192.in-addr.arpa for reverse zone.
These files will be store in /var/named/chroot/var/named/ location. We will use two sample files for creating these files.

Change directory to /var/named/chroot/var/named and copy the sample files to name
which we have set in named.conf

copy sample files

Now open forward zone file example.com.zone

example.com.zone

By default this file will look like this

forward look up zone file

Change this file exactly as shown in image below

forward lookup zone

Now open reverse lookup zone file 0.168.192.in-addr.arpa

reverse lookup zone

By default this file will look like this

reverse lookup zone

Change this file exactly as shown in image below

reverse lookup zone file configured

Now changed the ownership of these zone files to named group

chgrp

Now start the named service

service named restart

If service restart without any error means you have successfully configured master name server.

Configure dns slave server

For this example we are using three systems one linux server one linux clients and one window clients.

We have configured master DNS server with ip address of 192.168.0.254 and hostname server.example.com on linux server. Now we will configure slave DNS server on linux clients

To configure slave DNS server go on client1 system.

First test connectivity from dns server by ping commands and check necessary rpm. bind and caching-nameserver rpm is required to configure dns. check them for install if not found install them.

rpm

set hostname to client1 and ip address to 192.168.0.1 And create a new named.conf file

named.conf

We are using bind\’s chroot features so all our necessary files will be located in chroot directory. Set directory location to /var/named. As we are configuring slave server so we need not to define the location of zone database files. Zone database file can be created and modified only on master server. A slave server only copied it\’s from master server.

Do editing exactly as shown here in image in named.conf

named.conf

save this file with :wq and exit

Now restart the named service. It should be start without any error.

service named restart

Congratulation you have configured both Master and client DNS server. Now we will configure dns client and test it with dns server.

Configure Window DNS Client

Now go on windows xp system and test connectivity from DNS server. And set DNS ip address in LAN card properties.

ip address on window system

Now go on commands prompt and ping from other client by name to test dns.

ping from dns server

Alternately You can also verify DNS server by nslookup command

nslookup

Test also by pinging server from name

ping server

Configure Linux DNS clients

RHCE Exam question Dig Server.example.com, Resolve to successfully through DNS Where DNS server is 192.168.0.254.

RHCE Exam question2

Your System is configured in 192.168.0.0/24 Network and your nameserver is 192.168.0.254. Make successfully resolve to server.example.com.

On command line interface you don\’t have any options to set DNS ip in network configuration window. IP of DNS server can be set from /etc/resolv.conf file. Each nameserver line represents a DNS server, and the search line specifies domain names to try if only the first part of a hostname is used. For example, if just the name client1 is used as a hostname, client1. example.com will also be tried if the /etc/resolv.conf file is configured as shown in image below on the system.

To set DNS ip open /etc/resolv.conf file

vi resolv.conf

set nameserver ip to 192.168.0.254 and search option to example.com

resolv.conf

After saving /etc/resolv.conf file restart the network service

dig server.example.com to test dns server

dig server.example.com

now verify by pinging to other client from name

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

How to manage disk quota in Linux step by step

This tutorial explains how to configure disk quota in Linux step by step with practical examples. Learn basic concepts of disk quota (Soft limit, Hard limit, Grace period, Block Size and Inode Number) and Linux disk quota management commands (quotacheck, edquota, quota, repquota, quotaoff and quotaon) in detail.

Basic concepts of disk quota

If you are the only person who uses the disk, there is no need to implement quota at all. But if there are multiple users who use the same disk,
quotas are the best ways to control the individual users from monopolizing entire disk space. A user limited by disk quotas cannot use additional
disk space beyond his limit. For example suppose there are four users; user a, user b, user c and user d. Without quota any user can use
entire disk space, leaving no space for other users. This situation is very common in shared environment such as web hosting, ISPs, file server, ftp server etc. But if disk quota is enabled, no user can use disk space beyond his limit.

linux disk quota example

LAB Setup for disk quota practice

Although we can use a regular partition for practice, but if possible I suggest you to use a separate disk and create partition in that disk.
If linux is installed in virtual system, you can add an additional disk for practice.
If linux is installed in physical system, you can use a USB stick for practice.

To learn how to add an additional disk in system and create partitions in that disk see the following tutorial
which explains this process step by step with examples.
Manage Linux disk partition with Fdisk command

For this tutorial, I assume that you have a separate partition or a partition which does not contain any important user data.

lsblk command

During this practice we will execute commands which will overwrite exiting data with null characters. So make sure the partition you are going to use for practice does not contain any important user data.

We also need some user accounts and one group account to simulate the shared environment. Let’s create four user accounts for practice.

useradd command

Create a group quotatest and add user c and user d in that group.

groupadd command

Quota functionality is provided by quota package. To check whether this package is
installed or not, use following commands

#rpm –qa quota

or

#yum list quota

For this tutorial, I assume that quota package is installed.

rpm -qa quota

To learn, how to install a package use following tutorials which explain how to install and manage packages in linux step by step.
How to configure yum Repository in Linux
RPM command in Linux Explained

That’s all setup we need for disk quota practice. Before we learn how to configure disk quota practically,
let’s understand two terms associated with disk quota.

Block Size and Inode Number



We can configure disk quotas for individual user or group based on block size or inode number.
A file has two types of data; user data and metadata. The user data is the data which we create in file.
The metadata is the data which system creates for file. Metadata includes important information about file such as file type,
attributes, permission, UID, GID, file size, last access, last modification, location of file in hard disk etc.
Metadata is stored in inode table. Each file stored in disk has its unique entry in inode
table that is used to store the metadata information about that file.

If we want to control the size of files, we would configure the quota based on block size.
If we want to control the number of files, we would configure the quota based on inode number.
To control both, we would configure quota based on both block size and inode number.

It is highly recommended to configure quota based on both block size and inode number. If we skip any one method, a malicious user may use that method to abuse the system. Let’s understand it with some examples.

Situation 1 (Quota is configured only based on block size)

1GB quota is configured based on block size for user a. Since quota for inode number is not configured, user can create files until entire 1GB space is not filled up. To abuse this system user can create relatively small size files. For example if he keeps file size only 1Kb, he can create 1000000 files (1 GB = 1000000Kb). 1000000 files means, 1000000 entries in inode table. This way only with 1GB space a user can make inode table unstable.

Situation 2 (Quota is configured only based on inode table)

100 inode numbers are configured as inode quota for user a. Since quota for block size is not configured, user can create 100 files (no matter how big or small in size they are). To abuse this system, user can create large size files. For example he can create a file of 1Tb in size. Yep, you read it right. Linux supports very big size files. For instance ext4 file system supports 16Tib individual file size. It means if disk is formatted with ext4 file system, we can create a single file of 16TiB in size. This way only 1 inode number is sufficient to fill up the entire disk space.

Situation 3 (Quota is configured on both block size and inode number)

1GB block size and 100 inode numbers are configured as quotas for user a. Since both block size and inode numbers are configured,
user cannot abuse this system. No matter how small files in size he creates, he is not allowed to create more than 100 files. Just like this,
no matter how big file in size he creates, he is not allowed to use more than 1GB disk space. As soon as 100 files are created,
inode quota will block him from creating new file. Same way as soon as 1 GB space is consumed, block size quota will block him from
using additional disk space. This way, if both block size and inode numbers are configured, user will not able to cheat the system.

How to configure the disk quota

Disk quota can be configured in four steps

  1. Enable quota
  2. Remount file system
  3. Create quota files
  4. Configure quota policy

Let’s understand each step in details

Enabling quota

Linux uses /etc/fstab configuration file to mount all partitions in file system at boot time.
This file contains all necessary information about the partition such as partition location at disk, mount point,
attributes and other control options which are required to mount a partition. Each entry in this file has six fields.

default fstab file linux

Number Filed Description
1 What to mount Device which we want to mount. We can use device name, UUID and label in this filed to represent the device.
2 Where to mount The directory in main Linux File System where we want to mount the device.
3 File system File system type of device.
4 Options Mount options which control the mount process. To enable user quota add usrquota option and to enable group quota add grpquota option.
5 Dump support To enable the dump on this device use 1. Use 0 to disable the dump.
6 Automatic check Whether this device should be checked while mounting or not. To disable use 0, to enable use 1 (for root partition) or 2 (for all partitions except root partition).

In order to enable user quota, we have to add usrquota option in fourth field. Just like it,
to enable group quota, we have to add grpquota option in fourth field. Let’s enable both quotas for partition /dev/sdb1.

Following figure illustrates updated /etc/fstab file

updated fstab file

Any changes made in /etc/fstab file will not apply until next time system reboots.
This is also applies on the disk quota options which we have recently added in this file.
We have two choices here; either restart the system or remount the associated partition.
Wherever possible we should always choose the first option. But in several situations immediate restart is not possible.
In that case we can use second option.

Remounting file system

If partition is not used by any process, we can remount it with following command.

#mount –o remount [partition]

Following figure illustrate this operation

remount partition

If partition is remounted without any error or warning, use mount | grep [partition] command to confirm that quota options are successfully applied.

grep mount command

Some common reasons which trigger errors here are typing mistake in fstab file, mount point unavailable, file system is not formatted and wrong partition is selected. If there is any error, correct that before moving in next step.



Creating quota files

In third step we will run following command.

#quotacheck –cug [partition where quota is enabled]

This command will create necessary files for quota. Let’s understand this command in detail.

quotacheck :- This command is used to check the quota implementation in partition.

c :- This option is used to create the quota files in specified partition.

u :- This option is used to check the user quota.

g :- This option is used to check the group quota.

Basically this command will check quota entries in specified partition. If aquota.user and aquota.group files are not available in
specified partition, it will create them.

quotacheck -cug

We need to run above command only once for each partition where we want to configure the disk quota.

Once necessary files are created, following command is used to sync the disk quota database table with current disk usages.

# quotacheck -avug

In this command

a :- This option is used to check all quota enabled partitions

v :- This option is used to print real time updates as command proceeds

u :- This option is used to check user disk quota information

g :- This option is used to check group disk quota information

quotacheck -auvg

aquota.user and aquota.group files are used to store quota configuration values for user and group respectively. Quota database keeps track of disk usage. How much space is allowed to a particular user is configured in aquota.user file while how much space has been used by that user is tracked in quota database table. aquota.user and aquota.group both are binary files which mean we cannot read or write them directly.

Configuring quota policies

To configure quota policies, we have to define three values; soft limit, hard limit and grace period.

Soft limit: – This limit is flexible. User or group is allowed to cross this limit temporary.

Hard limit: – This is fixed limit. User or group is not allowed to cross this limit.

Grace period: – This is the time period in which user or group is allowed to use additional space beyond the soft limit.

To understand quota policies practically, let\’s create some dummy requirements.

User /Group Block Size Soft Limit Block Size Hard Limit Grace period Inode Soft Limit Inode Hard limit Grace period
a 100Mb 200Mb 2 Minutes 10 10 Nil
b 200Mb 200Mb Nil 10 20 5 hours
quotatest 1000Mb 1500Mb 1 Day 100 150 5 days

Nil: – If both soft limit and hard limit are same, there is no need to configure this value.

To configure quota edqota command is used. To configure quota for user a use following command

#edquota a

Above command will open user quota configuration file.

default edquota

This file has seven columns

Column Name Description
1 Filesystem Partition where this quota will apply
2 blocks Number of blocks currently used by this user
3 soft Soft block size limit for user
4 hard Hard block size limit for user
5 inodes Number of inodes currently used by this user
6 soft Soft inodes limit for user
7 hard hard inodes limit for user

Let’s update this file

edquota user a

Default block size is 1Kb. (1block = 1Kb).

Following same way, configure the quota limit for user b

edquota user b

Group quota is also defined in same manner. By default edquota command is used to set quota for users.
To set quota for group we have to use –g option with this command. Let’s define group quota for group quotatest.

edquota group

By default grace period is set to seven days. It means user or group will be able to use resources
(block size or inodes after soft limit) till seven days. After seven days they will be denied to use any additional resources.
We can adjust grace period as per our requirement.

To set grace period for user, use following command

edquota -T [username]

To set grace period for group, use following command

edquota -T -g [groupname]

To adjust global grace period, use following command

edquota -T

Following figure illustrates default configuration file.

defualt grace period file

To define quota time period valid time units are days, hours, minutes and seconds.

Let’s configure grace period for user a

edquota -T a

Following same way configure grace period for user b

edquta -T b

Configure grace period for group quotatest

edquta -T group

Never put space between value and unit for example “5 days” will be wrong entry, correct entry will be “5days”.
A space between value and unit or undefined value will generate edquota cannot read individual grace time from file error message.

Finally enable quota with following command

qutaon commnad

Testing disk quota

To verify disk quota setup, we can use following commands.

Command Description
quota [user name] To view quota uses by user
quota –g [group name] To view quota uses by group
repquota –a To view quota uses by all users and groups

System cannot generate quota reports, until user or group use the resources. If users or groups haven’t used any block size or inode number, we will get following message.

Disk quotas for user [name] uid : none

Above message indicates that particular user or group has not used any quota resources (block size or inode) to display.

disk quotas for user none error

Let’s create three directories and make user a, user b and group quotatest owner of them respectively.

mkdir chown command

Quota configuration testing from user a

User a is allowed 100Mb disk space. He is also allowed to use additional 100Mb space for 2 minutes. He can create maximum 10 files or directories in this space.

To test this configuration switch to user a and change directory to /rchelab.

switch user

Now list the content and switch to user-a directory and create 5 directories and 4 files

mkdir touch command

If files or directories name are supplied in {} bracket,
they will be processed individually. The {} brackets is used to create multiple files or directories with single command.

As per our setup user a is allowed maximum 10 indoes and as above output shows, he has been used all allowed indoes.
So he should not be able to create any new file or directory now. Let’s test this restriction

mkdir fail disk quota execeed

As we can see in above output user a is not allowed to create any additional file or directory beyond his limit (10 inodes). This restriction confirms that our inodes quota configuration is properly setup and working as expected.

Now we will test block size configuration. Block size configuration has two limits; soft 100Mb and hard 200Mb. Soft limit can be extended for two minutes. Let’s create a dummy data file to utilize all space defined in soft limit.

dd command

I used dd command to copy the 95Mb null bytes in f1 file.

As we can see in above output user a is allowed to add any length of data in file until he remains under the soft limit.
Before we test the soft limit and grace period, open an another terminal and check the current uses of user a

quota execeeds

As we can see in above output user a has been used all allowed inodes. So far block size is concerned, he still has 2629 blocks (100000 – 97304) available under his soft limit.

Did you notice there is no value listed in grace period field while we configured this value also?

Grace period is just like a timer which will start only when soft limit is crossed and user still has 2629 blocks in his soft limit. To see it practically, let’s cross the soft limit

soft limit crossed user a

As we can see in above output as soon as user crossed the soft limit, grace period timer started.
User is allowed to use additional space until this timer keeps running. Once timer is stopped he will be dined from using any additional space. Right now user still has 51496 (200000-148504) blocks available, before it reaches to hard limit. Let’s use additional 10Mb space.

grace period disk quota linux

As we can see in above output grace period timer is running and hard limit is not crossed, so additional 10Mb space is allowed. Now let the grace period expire and try to use additional 10Mb space from remaining space.

grace period expired disk quota

As we can see in above output user is not allowed to use additional space even he has 41256 (200000-158744) blocks available. To use this remaining 41256 blocks he also needs time in grace period which is already expired.

disk quota grace period example

Key points
  • If soft limit and hard limit are same, grace period is not required.
  • If soft limit and hard limit are different, grace period is required.
  • Soft limit must be configured lower than hard limit.
  • As soon as user crosses his soft limit grace period timer starts.
  • User is allowed to use additional space (hard limit – soft limit) until grace period timer is running.
  • Once grace period is expired, user is not allowed to use additional space.
  • Grace period timer will be removed automatically once user brings his consumption below the soft limit.

Quota configuration testing from user b

User b is allowed 200Mb block size and 20 indoes with soft limit 10 inodes and 5 hours grace period. Since both soft and hard limits are
same for block size, grace period is not configured.

We can test this setup with following steps.

Block size testing

Switch to user b and change directory to /rhcelab/user-b.

Create a file of 195Mb in size with following command

#dd if=/dev/zero of=/rhcelab/user-b/file1 count=195 bs=1M

Exit from user b and verify block size quota uses with following command

#quota b

Switch to user b again and try to create a file 10Mb in size with following command

#dd if=/dev/zero of=/rhcelab/user-b/file2 count=10 bs=1M

If this time user is denied, block size quota configuration is setup correctly.
If user is allowed to create this file, block size quota configuration is not setup properly.

Inodes number testing

Switch to user b and change directory to /rhcelab/user-b

Create 10 directories with following command

#mkdir {d1,d2,d2,d4,d5,d6,d7,d8}

Exit from user b and verify inodes quota uses with following command

#quota b

Switch to user b again and try to create one more directory with following command

#mkdir d9

User should be allowed to create directory but this time he should get disk quota exceeds warning message.

Exit from user b and check inodes number quota again

#quota b

If grace period timer for inode number is started, inodes quota is setup correctly.

I have already explained all commands used in above steps while testing with user a. If require, you can use them for reference.

Quota configuration testing from group quotatest

The group quotatest has soft limit 1000Mb and hard limit 1500Mb with grace period of 1 day for block size.
For inodes it has soft limit of 100 inodes and hard limit of 150 inodes with 5 days grace period.

Before you start testing from group, make sure that user c and d are the members of group and group has proper permission on testing folder.

group permission for disk quota

Switch to user c and create a file (800Mb in size) and a directory. In directory creates 80 empty files with following command.

#touch test_{1..80}.txt

Verify files and directories with ls command.

mkdir touch command

Exit from user c and verify quota limit.

ls command

Now login from user d and create a file 400Mb in size to cross the soft limit of block size.
To cross the soft limit of indoes create 30 empty directories. As soon as user would cross the soft limit,
he should get warning message for related quota limit.

quota used by user d

Exit from user d and view the quota uses for group. Grace period timer should be started for both limits.

quota grace period example

Above output confirms that grace period for group quota is also configured successfully.

Important commands for quota management

Command Description
quotacheck This command is used to check quota implementation and update quota database from file system. This command is also used to create aquota.user and aquota.group files, if they are not created manually.
edquota This command is used to configure quota values for user and group.
quota This command is used to view the quota uses for specific user or group.
repquota This command is used to view the quota uses for all users and group.
quotaoff This command is used to turnoff quota temporary.
quotaon This command is used to enable quota again if it is disabled.

In this tutorial we learned common file system disk management step by step with examples.
Usually this process should work on maximum file systems; however some file systems such as xfs have their own quota management tools.
So if this approach does not work as expected, please check the manual page of corresponding file system to figure out, how that particular
file system works with disk quota.

That’s all for this tutorial. In next tutorial I will explain another linux topic in details with examples.

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

How to Configure Printer Server in Linux

This tutorial explains how to configure Printer Server in Linux step by step with practical examples. Learn how to install, configure, share, test and use printer in Linux including a basic overview of CUPS (Common UNIX Printing System) and IPP (Internet Printing Protocol) in detail.

Linux uses the Common UNIX Printing System, also known as CUPS. CUPS uses the Internet Printing Protocol (IPP) to allow local printing and print sharing. The /etc/cups/ directory stores all the configuration files for printing. However, these files can be easily managed with the Printer Configuration Tool in Linux.

Exam question Raw (Model) printer named printer1 is installed and shared on 192.168.0.254. You should install the shared printer on your PC to connect shared printer using IPP Protocols.

Exam question Raw printer named printerx where x is your station number is installed and shared on server1.example.com. Install the shared printer on your PC to connect shared printer using IPP Protocols. Your server is 192.168.0.254.

Before you can use any printer, you first have to install it on a Linux system on your network. To start the Printer Configuration Tool, go to the System menu on the top panel and select Administration, Printing or execute the command system-config-printer.

printer path

If no printers are available for the system, only the Server Settings view is available for selection. If local printers are configured, a Local Printers menu will available.

Install new printer

click New Printer on the toolbar.

new printer

In the dialog window that appears, accept the default queue name or change it to a short, descriptive name that begins with a letter and does not contain spaces. Then select printer from list and click on forward and click on finsh.

spool directories

When your system prints a file, it makes use of special directories called spool directories. The location of the spool directory is obtained from the printer\’s entry in its configuration file. On Linux, the spool directory is located at /var/spool/cups under a directory with the name of the printer.

print job

A print job is a file to be printed. When you send a file to a printer, a copy of it is made and placed in a spool directory set up for that printer.

classes

CUPS features a way to let you select a group of printers to print a job instead of selecting just one. That way, if one printer is busy or down, another printer can be automatically selected to perform the job. Such groupings of printers are called classes. Once you have installed your printers, you can group them into different classes.

Once you have successfully installed local printer it will show in right pane. and in left pane you can see all administrative options.

printer option

  • To view shared printer on other system Tick mark on first option
  • To share locally attached printer tick mark on second option
  • To allow remote administration of this printer check mark on third option

Tick mark on appropriate option and click on apply

share printer from server

configure window clients

Go on window system and ping from printer server and open internet explorer and give the ip address of server with printer port 631

internet explorer

This will launch CUPS web application click on manage printer

manage printer

now you will see the shared printer on server click on print test page

print test page

A test page will be send on printer server copy this url of printer

copy url

click on start button select printer and fax and click on
add new printer
. this will launch add new printer wizard click next on welcome screen and
select network printer

network printer

On this screen select internet printer and paste the url which you copied from internet explorer

internet printer

Install appropriate driver from list or use have disk option you have drive cd and click next. On next screen set this printer defaults and click on next and finish.

set defaults

Remote administration of print server

Go on linux system and ping from server and click on printing from administration
menu

printer path

Now click on go to server

go to printer server

Now give print server ip address

ip address of print server

It will take few minute to connect from server depending on network speed

connecting

Now give root password to connect printer server

root password

you can see all print administrative Manu in right pane Once you have connected with sever

print server options

configure Linux clients

Go on linux system and ping from server and click on printing from administration menu

printer path

Now click on new printer

new printer

Click on forward In the next New Printer screen, select the type of connection to internet printing protocols and in hostname give server ip and printer name in printername

select ipp

select the appropriate model. If multiple drivers are available, select the one most appropriate for your configuration.
If you do not want to choose the default and click forward and finish. The main Printer Configuration window
should now include the name of your printer.

make default

To print test page click on print test page and a test page will send to print server

print test page

Managing Printers from the Command-Line

The lpadmin command enables you to perform most printer administration tasks from the command-line.

lpadmin

lpc To view all known queues

lpr To send print requests to any local print queue

lpq To see the print queue

lprm To delete the jobs of your choice use it with the job number

lp To print any file.

lpadmin

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

How to Configure RAID in Linux Step by Step Guide

This tutorial explains how to view, list, create, add, remove, delete, resize, format, mount and configure RAID Levels (0, 1 and 5) in Linux step by step with practical examples. Learn basic concepts of software RAID (Chunk, Mirroring, Striping and Parity) and essential RAID device management commands in detail.

RAID stands for Redundant Array of Independent Disks. There are two types of RAID; Hardware RAID and Software RAID.

Hardware RAID

Hardware RAID is a physical storage device which is built from multiple hard disks. While connecting with system all disks appears as a single SCSI disk in system. From system points of view there is no difference between a regular SCSI disk and a Hardware RAID device. System can use hardware RAID device as a single SCSI disk.

Hardware RAID has its own independent disk subsystem and resources. It does not use any resources from system such as power, RAM and CPU. Hardware RAID does not put any extra load in system. Since it has its own dedicate resources, it provides high performance.

Software RAID

Software RAID is a logical storage device which is built from attached disks in system. It uses all resources from system. It provides slow performance but cost nothing. In this tutorial we will learn how to create and manage software RAID in detail.

This tutorial is the last part of our article “Linux Disk Management Explained in Easy Language with Examples”. You can read other parts of this article here.

Linux Disk Management Tutorial

This is the first part of this article. This part explains basic concepts of Linux disk management such as BIOS, UEFI, MBR, GPT, SWAP, LVM, RAID, primary partition, extended partition and Linux file system type.

Manage Linux Disk Partition with fdisk Command

This is the second part of this article. This part explains how to create primary, extended and logical partitions from fdisk command in Linux step by step with examples.

Manage Linux Disk Partition with gdisk Command

This is the third part of this article. This part explains how to create GPT (GUID partition table) partitions from gdisk command in Linux step by step with examples.

Linux Disk Management with parted command

This is the fourth part of this article. This part explains how to create primary, extended, logical and GPT partitions from parted command in Linux step by step with examples.

How to create SWAP partition in Linux

This is the fifth part of this article. This part explains how to create swap partition in Linux with examples including basic swap management tasks such as how to increase, mount or clear swap memory.

Learn how to configure LVM in Linux step by step

This is the sixth part of this article. This part explains basic concepts of LVM in detail with examples including how to configure and manage LVM in Linux step by step.

Basic concepts of RAID



A RAID device can be configured in multiple ways. Depending on configuration it can be categorized in ten different levels. Before we discuss RAID levels in more detail, let’s have a quick look on some important terminology used in RAID configuration.

Chunk: – This is the size of data block used in RAID configuration. If chunk size is 64KB then there would be 16 chunks in 1MB (1024KB/64KB) RAID array.

Hot Spare: – This is the additional disk in RAID array. If any disk fails, data from faulty disk will be migrated in this spare disk automatically.

Mirroring: – If this feature is enabled, a copy of same data will be saved in other disk also. It is just like making an additional copy of data for backup purpose.

Striping: – If this feature is enabled, data will be written in all available disks randomly. It is just like sharing data between all disks, so all of them fill equally.

Parity: – This is method of regenerating lost data from saved parity information.

Different RAID levels are defined based on how mirroring and stripping are required. Among these levels only Level 0, Level1 and Level5 are mostly used in Red Hat Linux.

RAID Level 0

This level provides striping without parity. Since it does not store any parity data and perform read and write operation simultaneously, speed would be much faster than other level. This level requires at least two hard disks. All hard disks in this level are filled equally. You should use this level only if read and write speed are concerned. If you decide to use this level then always deploy alternative data backup plan. As any single disk failure from array will result in total data loss.

RAID Level 1

This level provides parity without striping. It writes all data on two disks. If one disk is failed or removed, we still have all data on other disk. This level requires double hard disks. It means if you want to use 2 hard disks then you have to deploy 4 hard disks or if you want use one hard disk then you have to deploy two hard disks. First hard disk stores original data while other disk stores the exact copy of first disk. Since data is written twice, performance will be reduced. You should use this level only if data safety is concerned at any cost.

RAID Level 5

This level provides both parity and striping. It requires at least three disks. It writes parity data equally in all disks. If one disk is failed, data can be reconstructed from parity data available on remaining disks. This provides a combination of integrity and performance. Wherever possible you should always use this level.

If you want to use hardware RAID device, use hot swappable hardware RAID device with spare disks. If any disk fails, data will be reconstructed on the first available spare disk without any downtime and since it is a hot swappable device, you can replace failed device while server is still running.

If RAID device is properly configured, there will be no difference between software RAID and hardware RAID from operating system’s point of view. Operating system will access RAID device as a regular hard disk, no matter whether it is a software RAID or hardware RAID.

Linux provides md kernel module for software RAID configuration. In order to use software RAID we have to configure RAID md device which is a composite of two or more storage devices.

How to configure software RAID step by step

For this tutorial I assume that you have un-partitioned disk space or additional hard disks for practice. If you are following this tutorial on virtual software such as VMware workstation, add three additional hard disks in system. To learn how to add additional hard disk in virtual system, please see the first part of this tutorial. If you are following this tutorial on physical machine, attach an additional hard disk. You can use a USB stick or pen drive for practice. For demonstration purpose I have attached three additional hard disks in my lab system.

Each disk is 2GB in size. We can list all attached hard disks with fdisk –l command.

fdisk -l command

We can also use lsblk command to view a structured overview of all attached storage devices.

lsblk command

As we can see in above output there are three un-partitioned disks available with each of 2G in size.

The mdadm package is used to create and manage the software RAID. Make sure it is installed before we start working with software RAID.
To learn how to install and manage package in linux see the following tutorials

How to configure YUM Repository in RHEL
RPM Command Explained with Example

For this tutorial I assume that mdadm package is installed.

rpm -qa mdadm

Creating RAID 0 Array

We can create RAID 0 array with disks or partitions. To understand both options we will create two separate RAID 0 arrays;
one with disks and other with partitions. RAID 0 Array requires at least two disks or partitions. We will use /dev/sdc and /dev/sdd disk to create
RAID 0 Array from disks. We will create two partitions in /dev/sdb and later use them to create another RAID 0 Array from partitions.

To create RAID 0 Array with disks use following command

#mdadm --create --verbose /dev/[ RAID array Name or Number] --level=[RAID Level] --raid-devices=[Number of storage devices] [Storage Device] [Storage Device]

Let’s understand this command in detail

mdadm:- This is the main command

–create:- This option is used to create a new md (RAID) device.

–verbose:- This option is used to view the real time update of process.

/dev/[ RAID array Name or Number]:- This argument is used to provide the name and location of RAID array. The md device should be created under the /dev/ directory.

–level=[RAID Level]:- This option and argument are used to define RAID level which want to create.

–raid-devices=[Number of storage devices]:- This option and argument are used to specify the number of storage devices or partitions which we want to use in this device.

[Storage Device]:- This option is used to specify the name and location of storage device.

Following command will be used to create a RAID 0 array from disks /dev/sdc and /dev/sdd with md0 name.

mdadm create raid array

To verify the array we can use following command

cat /proc/mdstat command

Above output confirms that RAID array md0 has been successfully created from two disks (sdd and sdc) with RAID level 0 configurations.

Creating RAID 0 Array with partitions



Create a 1GiB partition with fdisk command

fdisk create new partition

By default all partitions are created as Linux standard. Change partition type to RAID and save the partition. Exit from fdisk utility and run partprobe command to update the run time kernel partition table.

fdisk command change partition type

To learn fdisk command and its sub-command in detail please see the second part of this tutorial which explains how to create and manage partitions with fdisk command step by step.

Let’s create one more partition but this time use parted command.

create new partition with parted

To learn parted command in detail please sees the fourth part of this tutorial which explains how to manage disk with parted command step by step.

We have created two partitions. Let’s build another RAID (Level 0) array but this time use partitions instead of disks.

Same command will be used to create RAID array from partitions.

madam create command

When we use mdadm command to create a new RAID array, it puts its signature on provided device or partition.
It means we can create RAID array from any partition type or even from a disk which does not contain any partition at all. So which partition
type we use here is not important, the important point which we should always consider is that partition should not contain any
valuable data. During this process all data from partition will be wiped out.

Creating File system in RAID Array

We cannot use RAID array for data storage until it contains a valid file system. Following command is used to create a file system in array.

#mkfs –t [File system type] [RAID Device]

Let’s format md0 with ext4 file system and md1 with xfs file system.

format md device

RAID 0 Arrays are ready to use. In order to use them we have to mount them somewhere in Linux file system.
Linux file system (primary directory structure) starts with root (/) directory and everything goes under it or its subdirectories.
We have to mount partitions somewhere under this directory tree. We can mount partitions temporary or permanently.

Temporary mounting RAID 0 Array

Following command is used to mount the array temporary.

#mount [what to mount] [where to mount]

Mount command accepts several options and arguments which I will explain separately in another tutorial. For this tutorial this basic syntax is sufficient.

what to mount :- This is the array.

where to mount :- This is the directory which will be used to access the mounted resource.

Once mounted, whatever action we will perform in mounted directory will be performed in mounted resources. Let’s understand it practically.

  • Create a mount directory in / directory
  • Mount /dev/md0 array
  • List the content
  • Create a test directory and file
  • List the content again
  • Un-mount the /dev/md0 array and list the content again
  • Now mount the /dev/md1 array and list the content
  • Again create a test directory and file. Use different name for file and directory
  • List the content
  • Un-mount the /dev/md1 array and list the content again

Following figure illustrates this exercise step by step

temporary mount

As above figure shows whatever action we performed in mount directory was actually performed in respective array.

Temporary mount option is good for array which we access occasionally. If we access array on regular basis then this approach will not helpful.
Each time we reboot the system all temporary mounted resources are get un-mounted automatically. So if we have an array which is going to be used regularly, we should mount it permanently.

Mounting RAID Array permanently

Each resource in file system has a unique ID called UUID. When mounting an array permanently we should use UUID instead of its name. From version 7, RHEL also uses UUID instead of device name.

The UUID stands for Universally Unique Identifier. It is a 128-bit number, expressed in hexadecimal (base 16) format.

If you have a static environment, you may use device name. But if you have dynamic environment, you should always use UUID. In dynamic environment device name may change each time when system boot. For example we attached an additional SCSI disk in system; it will be named as /dev/sdb. We mounted this disk permanently with its device name. Now suppose someone else removed this disk and attached new SCSI disk in the same slot. New disk will also be named as /dev/sdb. Since name of old disk and new disk is same, new disk will be mounted at the place of old disk. This way, device name could create a serious problem in dynamic environment. But this issue can solve with UUID. No matter how we attach the resource with system, its UUID will remain always fix.

If you have static environment, you may consider device name to mount the resource. But if you have dynamic environment, you should always use UUID.

To know the UUID of all partitions we can use blkid command. To know the UUID of a specific partition we have to use its name as argument with this command.

blkid command

Once we know the UUID, we can use it instead of device name. We can also use copy and paste option to type the UUID.

  • Use blkid command to print the UUID of array.
  • Copy the UUID of array.
  • Use mount command to mount the array. Use paste option instead of typing UUID.

Following figure illustrates above steps

temporary mount with uuid command

When system boots, it looks in /etc/fstab file to find out the devices (partitions, LVs, swap or array) which need to be
mount in file system automatically. By default this file has entry for those partitions, logical volumes and swap space which were
created during the installation. To mount any additional device (Array) automatically we have to make an entry for that device in
this file. Each entry in this file has six fields.

default fstab file

Number Filed Description
1 What to mount Device which we want to mount. We can use device name, UUID and label in this filed to represent the device.
2 Where to mount The directory in main Linux File System where we want to mount the device.
3 File system File system type of device.
4 Options Just like mount command we can also use supported options here to control the mount process. For this tutorial we will use default options.
5 Dump support To enable the dump on this device use 1. Use 0 to disable the dump.
6 Automatic check Whether this device should be checked while mounting or not. To disable use 0, to enable use 1 (for root partition) or 2 (for all partitions except root partition).

Let’s make some directories to mount the arrays which we have created recently

mkdir command

Take the backup of fstab file and open it for editing

etc/fstab backup

Make entries for arrays and save the file.

fstab entries

For demonstration purpose I used both device name and UUID to mount the partitions.
After saving always check the entries with mount –a command. This command will mount everything listed in
/etc/fstab file. So if we made any mistake while updating this file, we will get an error as the output of this command.

If you get any error as the output of mount –a command, correct that before rebooting the system.
If there is no error, reboot the system.

mount -a command

The df –h command is used to check the available space in all mounted partitions. We can use this command to verify that all partitions are mounted correctly.

df -h command

Above output confirms that all partitions are mounted correctly. Let’s list the both RAID devices.

list md device

How to delete RAID Array

We cannot delete a mounted array. Un-mount all arrays which we created in this exercise

umount command

Use following command to stop the RAID array

#mdadm --stop /dev/[Array Name]

mdstop command

Remove the mount directory and copy the original fstab file back.

If you haven’t taken the backup of original fstab file, remove all entries from this file which you made.

restore fstab file

Finally reset all disks used in this practice.

dd command linux

The dd command is the easiest way to rest the disk. Disk utilities store their configuration parameters in super block.
Usually super block size is defined in KB so we just overwritten the first 10MB space with null bytes in each disk. To learn dd command in detail, see the fifth part of this tutorial which explains this command in detail.

Now reboot the system and use df –h command again to verify that all RIAD devices which we created in this exercise are gone.

df -h command

How to create RAID 1 and RAID 5 array

We can create RAID 1 or RAID 5 array by following same procedure. All steps and commands will be same except the mdadm –create command. In this command you have to change the RAID level, number of disks and location of associated disks.

To create RAID 1 array from /dev/sdd and /dev/sdb disks use following command

raid 1 array create

To create RAID 1 array from /dev/sdb1 and /dev/sdb2 partitions use following command

raid 1 partition

You may get metadata warning if you have used same disks and partitions to create RAID array previously
and that disks or partitions still contain metadata information. Remember we cleaned only 10Mb starting space leaving remaining space untouched.
You can safely ignore this message or can clean the entire disk before using them again.

To create RAID 5 array from /dev/sdb, /dev/sdc and /dev/sdd disks use following command.

raid 5 from disks

RAID 5 Configuration requires at least 3 disks or partitions. That’s why we used three disks here.

To create RAID 5 array from /dev/sdb1, /dev/sdb2 and /dev/sdb3 partitions use following command

raid 5 from partition

To avoid unnecessary errors always rest disks before using them in new practice.

So far in this tutorial we have learnt how to create, mount and remove RAID array. In following section we will learn how to manage and troubleshoot a RAID Array. For this section I assume that you have at least one array configured. For demonstration purpose I will use last configured (RAID 5 with 3 partitions) example. Let’s create file system in this array and mount it.

temporary mount md device

Let’s put some dummy data in this directory.

dummy data

I redirected the manual page of ls command in /testingdata/manual-of-ls-command file. Later, to verify that file contains actual data I used wc command which counts line, word and characters of file.

How to view the detail of RAID device

Following command is used to view the detailed information about RAID device.

#mdadm --detail /dev/[RAID Device Name]

This information includes RAID Level, Array size, used sized from total available size, devices used in creating this Array, devices currently used, spare devices, failed devices, chunk size, UUID of Array and much more.

mdadm detial

How to add additional disk or partition in RIAD

There are several situations where we have to increase the size of RAID device for example a raid device might be filled up with data or a disk form Array might be failed. To increase the space of RAID device we have to add additional disk or partition in existing Array.

In running example we used /dev/sdb disk to create three partitions. The /dev/sdc and /dev/sdd are still available to use.
Before we add them in this Array make sure they are cleaned. Last time we used dd command to clean the disks.
We can use that command again or use following command

#mdadm --zero-superblock /dev/[Disk name]

To check a disk whether it contains superblock or not we can use following command

#mdadm --examine /dev/[Disk name]

Following figure illustrates the use of both commands on both disks

mdadm exiamne

Now both disks are ready for RAID Array. Following command is used to add additional disk in existing array.

#mdadm --manage /dev/[RAID Device] --add /dev/[disk or partition]

Let’s add /dev/sdc disk in this array and confirm the same.

mdadm add aditional space

Right now this disk has been added as a spare disk. This disk will not be used until any disk fails from existing array or we manually force RAID to use this disk.

If any disk fails and spare disks are available, RAID will automatically select the first available spare disk to replace the faulty disk. Spare disks are the best backup plan in RAID device.

For backup we will add another disk in array, let’s use this disk to increase the size of array. Following command is used to grow the size of RAID device.

#mdadm --grow --raid-devices=[Number of Device] /dev/[RAID Device]

RAID arranges all devices in a sequence. This sequence is built from the order in which disks are added in array. When we use this command RAID will add next working device in active devices.

Following figure illustrates this command

mdadm grow array

As we can see in above output disk has been added in array and the size of array has been successfully increased.

Removing faulty device

If spare device is available, RAID will automatically replace the faulty device with spare device. End user will not see any change. He will be able to access the data as usual. Let’s understand it practically.

Right now there is no spare disk available in array. Let’s add one spare disk.

mdadm command spare disk

When a disk fails, RAID marks that disk as failed device. Once marked, it can be removed safely. If we want to remove any working device form array for maintenance or troubleshooting purpose, we should always mark that as a failed device before removing. When a device is marked as failed device, all data from failed device is reconstructed in working devices.

To mark a disk as failed device following command is used.

#mdadm --manage --set-faulty /dev/[Array Name] /dev/[Faulty Disk]

We recently increased the size of this array. So before doing this practice let’s verify once again that array still contains the valid data.

wc command

As above output confirms that array still contains valid data. Now let’s mark a device /dev/sdc as faulty device from array and confirm the operation.

mdadm set faulty disk

As above output confirms that device sdc which is number four in array sequence has been marked as failed [F] device.

As we know if spare disk is available, it will be used as the replacement of faulty device automatically. No manual action is required in this process. Let’s confirm that spare disk has been used as the replacement of faulty disk.

mdadm remove faulty device

Finally let’s verify that data is still present in array.

verify data

Above output confirms that array still contains valid data.

That’s all for this tutorial.

Full Version EX300 Dumps

Try EX300 Dumps Demo

Categories
RHCE 7 Study Guide

Learn How to Configure LVM in Linux step by step

This tutorial explains how to view, list, create, add, remove, format, mount, resize and delete Physical Volume, Volume Group and Logical Volumes in Linux step by step with practical examples. Learn fundamental and basic concepts of LVM, LVM management and essential LVM commands in detail.

Basic concepts of LVM

LVM stands for Logical Volume Manager. LVM is the modern way to manage the storage devices. Traditionally a hard disk is partitioned as per requirement and each partition is formatted with supported file system.

Linux LVM Example

We have already learned this approach in detail with examples in previous parts of this article.

This tutorial is the sixth part of our article “Linux Disk Management Explained in Easy Language with Examples”. You can read other parts of this article here.

Linux Disk Management Tutorial

This is the first part of this article. This part explains basic concepts of Linux disk management such as BIOS, UEFI, MBR, GPT, SWAP, LVM, RAID, primary partition, extended partition and Linux file system type.

Manage Linux Disk Partition with fdisk Command

This is the second part of this article. This part explains how to create primary, extended and logical partitions from fdisk command in Linux step by step with examples.

Manage Linux Disk Partition with gdisk Command

This is the third part of this article. This part explains how to create GPT (GUID partition table) partitions from gdisk command in Linux step by step with examples.

Linux Disk Management with parted command

This is the fourth part of this article. This part explains how to create primary, extended, logical and GPT partitions from parted command in Linux step by step with examples.

How to create SWAP partition in Linux

This is the fifth part of this article. This part explains how to create swap partition in Linux with examples including basic swap management tasks such as how to increase, mount or clear swap memory.

How to configure RAID in Linux Step by Step Guide

This is the last part of this article. This part explains basic concepts of RAID in detail with examples including how to configure and manage software RAID in Linux step by step.

This traditional approach puts several limitations on partition and file system such as we cannot add additional space in a partition which is filled up with data vice versa we cannot shrink extra space from a partition which is merely used.

LVM not only addresses all these issues but also provides several other advantages such as data snapshot which allows us to revert in previous stage if there is any failure. Let’s learn how LVM is different from classical disk management concept.

Unlike classical approach where file system is created in fixed partition, LVM creates file system in flexible logical volume. Since logical volumes are flexible in nature, we can add additional disk space in a volume which is filled up or we can shrink a volume which is merely used and has a plenty of free space. LVM works in three layers.

lvm logical layers

Bottom layer is built from available disk space. We can use any storage device for disk space for example we can use a partition form
disk or can use an entire disk. This layer is known as physical volume.

Middle layer is the group of all physical volumes. This layer is known as volume group.

Top layer creates logical partition from volume group. These logical partitions are known as logical volume.

Linux LVM example

Let’s understand each layer in more details.

Physical volume



As we know physical volume is created from all available disk space. We can use any disk, RAID array, SAN disks or even a partition for disk space. When we add a disk or partition in physical volume, LVM constructs a data structures in it including a label and metadata information. The label includes information about UUID, device size and pointers. LVM stores label and metadata information in two places (in starting and in ending sectors of the device). To list all available physical volumes we can use pvs command.

pvs command

To get more detailed information about physical volume we can either use –v option with pvs command or can use pvdisplay command separately.

pvs -v command

As we can see in above output there is only one physical volume (/dev/sda2) available at this time. To view the synthetic overview of current storage configuration we can also use lsblk command.

lsblk command

As above output shows currently there are four SCSI disks (sda, sdb, sdc and sdd) attached with system. From them only sda disk is used for partitions. There are two partitions in sda; sda1 and sda2. Both partitions are created as Linux standard partition. First partition is used to store the boot partition while second partition is used to create a physical volume (/dev/sda2). Further three logical volumes (rhel-root, rhel-swap and rhel-home) are created from physical volume (/dev/sda2).

How to create a new physical volume



For this tutorial I assume that you have either non-partitioned disk space or have a separate disk for exercise. If you are using virtual program (such as VMware or Virtual Box) for the practice, I suggest you to add three new virtual hard disks. To learn how to add new virtual disk in VMware please see the first part of this tutorial.

For this exercise I have added three additional virtual disks in our system. Each disk is 2GB in size. We can list all attached hard disks with fdisk –l command.

fdisk -l

We will use two MBR partitions, two GPT partitions and one whole disk to create the physical volume.

I used three disks to demonstrate how different utilities are used to create LVM partitions. You do not need to have the same number of hard disks to follow this tutorial or to create the physical volume. You can even use a single partition to create the physical volume.

Creating 1GiB LVM partition with parted

Create a 1GiB MBR primary partition and set its type to LVM with following steps.

  • Run parted /dev/sdd command. This command will initiate parted command on /dev/sdd disk.
  • Use mklab command with msdos value to set the type of disk to MBR.
  • Use mkpart command to create a 1GiB partition.
  • Use set command with lvm on value to change the partition type to lvm.

Following figure illustrates above steps

create partition with parted command

To learn parted command and its sub command in detail see the fourth part of this article which explains parted command in detail with examples.

Creating 1 GiB LVM partition with fdisk command

Create a 1GiB logical partition and set its type to LVM with following command

  • Run fdisk /dev/sdd command to initiate fdisk utility.
  • Type n and press Enter key to create new partition.
  • Since logical partition can be created only in extended partition, we have to create extended partition first.
    Type e and press Enter key to create to extended partition.
  • Type 4 and press Enter key to put the extended partition in last at partition table.
  • Press Enter key to keep the default starting sector.
  • Type +1G and press Enter key to assign 1GiB space in this partition.
  • Type n again to create logical partition
  • Keep default logical partition number
  • Keep default starting sector and press Enter key
  • Keep default ending sector to assign all space in this partition and press Enter key

Following figure illustrates above steps

fdisk logical partition

At this time partition is marked as Linux Standard Type. Let’s change its type to LVM.

  • Type t and press Enter key
  • Type partition number which partition type we want to change
  • Type 8e and press Enter key
  • Type w to save the change and exit from fdisk

fdisk logical partition

Second part of this article explains fdisk command and its sub command in detail with examples.

Creating 1GiB LVM partition with gdisk command

Create a 1GiB GPT partition and set its type to LVM with following command

  • Run gdisk /dev/sdc command to initiate gdisk command.
  • Type n to create new partition
  • Keep default partition number
  • Use default starting point
  • Use +1G to assign 1GiB space in this partition
  • Type 8e00 to set partition type as LVM partition
  • Type p to verify the creation of partition

Following figure illustrate above steps

gdisk lvm partition

Use w command to save the changes, when asked type y to confirm the changes.

gdisk save partition

Second part of this article explains gdisk and its sub command in detail with examples.

Let’s create one more GPT partition with remaining space in /dev/sdc disk

create partition with gdisk command

Finally run parprobe command to update the kernel about this disk configuration change.

partprobe command

Let’s summaries what we have prepared so far for physical volumes

LVM device Disk Type LVM device Type Partition Type
/dev/sdb Blank Whole Disk None
/dev/sdc1 GPT GPT Partition Linux LVM
/dev/sdc2 GPT GPT Partition Linux Standard
/dev/sdd1 MBR Primary Partition Linux LVM
/dev/sdc5 MBR Logical Partition Linux LVM

We can use lsblk command again to verify the above configuration

lsblk command

That’s all setup we need to create the physical volume.

I created above configuration to explain how different disk utilities mark a partition which will be used in LVM. A partition with LVM marking can be added directly in volume group by skipping physical volume. I will explain this method in some other tutorial. For this tutorial I am following standard procedure where you must have to create physical volume before creating volume group. When we create physical volume by following standard procedure, the partition type marking (8e, 8e00, lvm set on) or hard disk type (GPT or MBR) do not make any difference. For LVM they all are the equal source of free space. The only thing which you should consider is that LVM cleans the source of space before putting its own label in it. It is just like formatting a disk or partition before using it, once formatted all data will be wiped out from it.

How to create LVM physical volume

Following command is used to create the LVM physical volume from available LVM devices.

#pvcreate –v [LVM devices]

pvcreate command

We can use pvs command again to verify the creation of physical volumes.

pvsdisplay command

Volume Group

Volume group is the second layer in LVM structure. It is built upon the physical layer. Basically volume group is the group of physical volumes. We can add physical volume in existing volume group or can create a new volume group for physical volume.

Following command is used to create a new volume group.

#vgcreate [volume group name] [physical volume name]

vgcreate command

To explain how to add a new physical volume in existing volume group I skipped one physical volume in above example.

To add a new physical volume in existing volume group following command is used

vgcreate command

To verify the creation of volume group we can use vgdisplay command

vgdisplay command

While creating a new volume group, LVM automatically divides all available space into smaller logical pieces known as Physical Extent.
A PE is the smallest unit which can be allocated in logical volume. Default size of a PE is 4MB.

Logical Volume

This is the third and last layer in LVM. Logical volumes are just like regular partitions but have more advance features in comparison with regular partitions. A logical volume can be resized as per requirement. Unlike a regular partition which cannot be expanded outside the disk, a logical volume can be expanded in multiple disks.

Following command is used to create a new logical volume.

 #lvcreate –n [LV Name] –L [LV Size] [VG Name from which LV will create] 

lvcreate command

If command detects any file system signature, it will confirm the action before creating the logical volume. Accept the change by typing y here.

Let’s create two more logical volumes

lvcreate command

We can verify the creation of Logical Volume with lvs command

lvcreate command

We cannot use a logical volume until it has a valid file system. A file system creates necessary data structure in logical volume for files and directories.

Formatting Logical Volumes

Following command is used to format a logical volume.

#mkfs –t [File System] /dev/[VG Name form which logical volume is created]/[LV name] 

Formatting logical volume lv01rhcetest with ext3 file system

formatting logial volume with ext3

Formatting logical volume lv02rhcetest with ext4 file system

formatting with ext4

Formatting logical volume lv03rhcetest with xfs file system

fromatting with xfs file system

Logical volumes are ready to use. In order to use them we have to mount them somewhere in Linux file system. Linux file system (primary directory structure) starts with root (/) directory and everything goes under it or its subdirectories. We have to mount logical volumes somewhere under this directory tree. We can mount logical volumes temporary or permanently.

Temporary mounting LV (Logical volume)

Following command is used to mount the partition temporary.

#mount [what to mount] [where to mount]

Mount command accepts several options and arguments which I will explain separately in another tutorial. For this tutorial this basic syntax is sufficient.

what to mount :- This is the partition.

where to mount :- This is the directory which will be used to access the mounted resource.

Once mounted, whatever action we will perform in mounted directory will be performed in mounted resources. Let’s understand it practically.

  • Create a mount directory in / directory
  • Mount /dev/vg01rhcetest/lv01rhcetest logical volume
  • List the content
  • Create a test directory and file
  • List the content again
  • Un-mount the /dev/vg01rhcetest/lv01rhcetest logical volume and list the content again
  • Now mount the /dev/vg02rhcetest/lv02rhcetest logical volume and list the content
  • Again create a test directory and file. Use different name for file and directory
  • List the content
  • Un-mount the /dev/vg02rhcetest/lv02rhcetest logical volume and list the content again

Following figure illustrates this exercise step by step

temporary mounting logical volume

As above figure shows whatever action we performed in mount directory was actually performed in respective logical volumes.

Temporary mount option is good for logical volumes which we access occasionally. If we access LV on regular basis then this approach will
not helpful. Each time we reboot the system all temporary mounted resources are get un-mounted automatically.
So if you have a LV which is going to be used regularly, mount it permanently.

Mounting logical volume permanently

Each resource in file system has a unique ID called UUID. When mounting a LV permanently we should use UUID instead of its name. From version 7, RHEL also uses UUID instead of device name.

The UUID stands for Universally Unique Identifier. It is a 128-bit number, expressed in hexadecimal (base 16) format.

If you have a static environment, you may use device name. But if you have dynamic environment, you should always use UUID. In dynamic environment device name may change each time when system boot. For example we attached an additional SCSI disk in system; it will be named as /dev/sdb. We mounted this disk permanently with its device name. Now suppose someone else removed this disk and attached new SCSI disk in the same slot. New disk will also be named as /dev/sdb. Since name of old disk and new disk is same, new disk will be mounted at the place of old disk. This way, device name could create a serious problem in dynamic environment. But this issue can solve with UUID. No matter how we attach the resource with system, its UUID will remain always fix.

If you have static environment, you may consider device name to mount the partition. But if you have dynamic environment, you should always use UUID.

To know the UUID of all partitions we can use blkid command. To know the UUID of a specific partition we have to use its name as argument with this command.

blkid command

Once we know the UUID, we can use it instead of device name. We can also use copy and paste option to type the UUID.

  • Use blkid command with LV name to print the UUID of partition.
  • Copy the UUID of LV.
  • Use mount command to mount the LV. Use paste option instead of typing UUID.

Following figure illustrates above steps

mount partition through uuid

When system boots, it looks in /etc/fstab file to find out the devices (partitions, LVs or swap)
which need to be mount in file system automatically. By default this file has entry for those partitions,
logical volumes and swap space which were created during the installation. To mount any additional LV (Logical Volume)
automatically we have to make an entry for that LV in this file. Each entry in this file has six fields.

default fstab file

Number Filed Description
1 What to mount Device which we want to mount. We can use device name, UUID and label in this filed to represent the device.
2 Where to mount The directory in main Linux File System where we want to mount the device.
3 File system File system type of device.
4 Options Just like mount command we can also use supported options here to control the mount process. For this tutorial we will use default options.
5 Dump support To enable the dump on this device use 1. Use 0 to disable the dump.
6 Automatic check Whether this device should be checked while mounting or not. To disable use 0, to enable use 1 (for root partition) or 2 (for all partitions except root partition).

Let’s make some directories to mount the LVs which we have created recently

mkdir rhacelab

Take the backup of fstab file and open it for editing

vim etc/fstab file

Make entries for logical volumes and save the file.

fstab uuid entry

For demonstration purpose I used both device name and UUID to mount the logical volumes. After saving always check the entries with mount –a command. This command will mount everything listed in /etc/fstab file. So if we made any mistake while updating this file, we will get an error as the output of this command.

If you get any error as the output of mount –a command, correct that before rebooting the system. If there is no error, reboot the system.

mount command

The df –h command is used to check the available space in all mounted partitions. We can use this command to verify that all partitions are mounted correctly.

df -h command

Above output confirms that we have successfully mounted all partitions.

Resizing Logical Volume

As I mentioned in starting of this tutorial logical volumes are flexible in nature. It means we can resize them easily. Following command is used to add additional space in LV.

#lvresize –L +[Space which we want to add] –r /dev/[VG where LV is created]/[LV Name]

Let’s fill-up the one LV with some dummy data to simulate the situation where LV is filled up with data. We can use dd command to copy the null bytes from zero device file to a test file located in LV.

dd command

To understand dd command in detail, see the third part of this article.

As we can see in above output LV (lv03) is running out the space. Let’s extend it by adding 1GB additional space.

lv resize

Additional space will be taken from volume group. So make sure you have sufficient free space in volume group.
You can use vgdisplay or vgs command to view the available free space in volume group.
If require, you can add additional space in volume group with vgextend command.
If file system supports, you can shrink a logical volume which has additional free space.
The ext3 and ext4 file system support shrink operation while the xfs file system does not support shrink operation.

Same command is used to shrink the extra space from logical volume except the sign of size. To reduce the size we have to use (minus) sign instead of + (plus) sign.

#lvresize –L -[Space which we want to reduce] –r /dev/[VG where LV is created]/[LV Name]

This command will work only if file system supports. For example xfs file system does not support shrink option.

xfs lv reszie fail

The ext file system supports both options.

ext lvm reszie

How to delete logical volumes

We cannot delete a mounted logical volume. Un-mount all logical volumes which we created in this exercise

umount partition

Use following command to remove logical volume

#lvremove –f [Use if want to remove LV with permission]  /dev/[VG Name where LV was created]/[LV Name]

lvremove command

Once all logical volumes removed we can safely remove volume group with following command

#vgremove [VG name]

vgremove

After removing volume group use following command to remove LVM signature from physical volumes.

#pvremove [PV names]

pvremove command

Finally remove the mount directory and copy the original fstab file back.

If you haven’t taken the backup of original fstab file, remove all entries from this file which you made.

resotre fstab

Now reboot the system and use df –h command again to verify that all partitions which we created in this exercise are gone.

df -h command

LVM command cheat sheet

You may associate LVM commands with their functions. LVM structure builds with three layers Physical Volumes (pv),
Volume Group (vg) and Logical Volume (lv).
Usually commands used to manage the layer starts with respective initials for example commands used to manage the physical volume starts with pv.
Now merge initial with operation to get the command.

Layer Initial Operation Command Description
Physical Layer pv s (Show) pvs List all physical volume.
Volume Group vg s (Show) vgs List all volume group
Logical Volume lv s (Show) lvs List all logical volume
Physical Layer pv create pvcreate Create physical volume from supplied disk or partition
Volume Group vg create vgcreate Create volume group from specified physical volume
Logical Volume lv create lvcreate Create logical volume from specified volume group
Physical Layer pv display pvdisplay Display physical volume
Volume Group vg display vgdisplay Display volume group
Logical Volume lv display lvdisplay Display logical volume
Physical Layer pv resize pvresize Resize a physical volume
Volume Group vg resize vgresize Resize a volume group
Logical Volume lv resize lvresize Resize a logical volume
Physical Layer pv remove pvremove Remove a disk or partition from LVM
Volume Group vg remove vgremove Remove volume group
Logical Volume lv remove vgremove Remove a logical volume
  • You can use –f switch in command to perform an action without confirmation.
  • You can use –v switch to print real time action in output.

That’s all for this part. In next part we will learn how to create and manage RAID Array.

Full Version EX300 Dumps

Try EX300 Dumps Demo