Sudo (super user do) command is a program for Unix / Linux Operating Systems that allows users to run programs with the security privileges of another user (can be the superuser i.e root or any other user in the system).
The sudo utility allows users defined in the /etc/sudoers configuration file to have temporary access to run commands they would not normally note be able to. The commands can be run as user “root” or as any other user, as defined in the /etc/sudoers file. The privileged command that needs to be run must first begin with the word sudo followed by the command’s regular syntax. The user may prompted for the password depending on the configuration. Once authenticated, the necessary command can be executed depending on whether the /etc/sudoers configuration file permits the same. It also provides an audit trail of the commands and their arguments.
How to download the sudo package
You can find the package by doing a patch search in “patches & updates” section on support.oracle.com. select the platform as “Oracle Solaris on SPARC” or “Oracle Solaris on x86” and download the patches: 16920595 (for x86) and 16920591 (for SPARC).
The sudo utility is composed of the following three packages:
SUNWsudor contains configuration files, which are installed in /etc directory.
SUNWsudou contains sudo binaries and documentation.
SUNWsudoS contains source code of sudo.
Installing sudo packages
The following procedure uses SPARC platform as an example but the steps remain the same for x86 platform as well. Once you have downloaded the 3 packages from my oracle support site, place them in a temporary location. extract the packages :
# cd /tmp # gunzip sudo-1.0-sudo.sparc.tar.gz # tar xf sudo-1.0-sudo.sparc.tar
Install the packages in the order given below :
# pkgadd -d . SUNWsudor # pkgadd -d . SUNWsudou # pkgadd -d . SUNWsudoS
The /etc/sudoers file contains all the configuration details. The file can only be edited by the root user. When editing this file, use the command: visudo with no arguments. The visudo command mimics the vi editor to edit the /etc/sudoers configuration file. It is recommended that only this command be used to modify the sudoers file, as this file may not be located in the same directory on all systems. Also, this will prevents two users from editing the file at the same time and provides limited syntax checking.
Some of the most commonly used examples to understand how and which privileges can be configured via sudo are listed below.
Example 1 : run specific commands/script
The below command gives the user ‘oracle’ the privilege to run the script root.sh without the need to specify the password (NOPASSWD).
# visudo oracle ALL = NOPASSWD: /u01/app/oracle/product/10.2/root.sh
Example 2 : run all commands
To allow the uses to run all the commands without prompting for a password :
# visudo username ALL=(ALL) NOPASSWD: ALL
Example 3 : Always ask for password to run all commands
# visudo ALL ALL=(ALL) ALL
You can also define user/group aliases in the sudoers file. The /etc/sudoers file lists out many examples with explanations.
Storage requirements for servers (and applications) is constantly changing. It becomes very important to be able to allocate or deallocate space without interruption to service. This document provides some approaches to discovering new storage, without performing a reconfiguration reboot. This applies to internal and external disk drives as well as virtual disks. Most of the times the disks are detected automatically without doing anything. The devfsadmd daemon will be running in the background and constantly checking for the presence of new hardware, so often times the device will be found right away. Use below methods if the disks are still not visible in the format command.
1. SCSI disks
For any scsi attached jbod device, you can recreate the device trees “on the fly” by reloading the associated driver and re-creating the device trees. In this example, we re-create the device information for a “sd” managed SCSI disk drive in a JBOD array.
# devfsadm -i sd ## reloading associated driver # devfsadm -Cv ## re-creating device trees
Some of the Internal disks in servers use the cfgadm utility to facilitate a disk replacment. Here is an example of replacing an internal failed disk.
# cfgadm -c unconfigure c1::dsk/c1t3d0 ## used prior during removal # cfgadm -c configure c1::dsk/c1t3d0
2. SAS disks
Some SAS connected disk drives are hot swapable via the mpt driver.
# devfsadm -i mpt # devfsadm -Cv
3. iSCSI disks
Even iscsi uses the same technique.
# devfsadm -i iscsi # devfsadm -Cv
4. Fiber channel (FC) disks
Fiber Channel fabric attached devices use the cfgadm utility. In this example, lun 1 of fabric device 203400a0b82fbc5d is added to the server. The lun as seen from the output below is un-configured and needs to be configured to make it seen in the format command.
# cfgadm -al -o show_FCP_dev Ap_Id Type Receptacle Occupant Condition c2::203400a0b82fbc5d,1 disk connected unconfigured unknown # cfgadm -c configure c2::203400a0b82fbc5d,1
As a last resort you can use luxadm force_lip command to scan the new FC luns.
# luxadm -e force_lip /dev/cfg/c2 # cfgadm -o show_FCP_dev -al # devfsadm -Cv
5. Veritas volume manager
In case you are using veritas volume manager, you may have to scan the LUNs again using “vxdctl enable” to make them visible under VxVM.
# vxdctl enable
A locale is a collection of files, data and sometimes code which contain the necessary information to adapt Solaris to a specific geographical market.
A locale is essentially a “bundle”, containing information such as:
1. the messages displayed to the user (localized messages)
3. date and time formatting conventions
4. monetary conventions decimal formatting conventions
5. collation (sort) order
6. fonts and/or other writing specific information.
The default naming convention for a locale is :
for example :
Note: In Solaris, there can be several locales for a single language.
For example, French is spoken in France and in Canada, but each country has different ways of displaying monetary and time information. Therefore, there is both the fr_FR locale (French – France) as well as the fr_CA locale (French – Canada) to accomodate these different cultural conventions.
Viewing locales and locale settings
To view the current locale settings:
# locale LANG= LC_CTYPE="C" LC_NUMERIC="C" LC_TIME="C" LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL=
As you can see above currently all the locale categories are set to “C”.
To obtain the list of locales available in a system, run the following command:
# locale -a C POSIX iso_8859_1
Adding new locale
As seen above there are only 3 locales installed on the system (C, POSIX, iso_8859_1). In order to change the locale we must first get it installed from the Solaris 10 DVD. To install a new locale first find the local name you want to install from the below command :
# localeadm -lv Verbose mode Checking for installed packages. This could take a while. ..... (output ommitted for brevity) .... Checking for India region (india) (verbose mode) (c_solaris packages) package SUNWeuluf not found package SUNWinleu not found No packages found. ..... (output ommitted for brevity) ....
From the above command output, you can get all the available locale names. Suppose you want to install locale to have indian languages. First mount the Solaris ISO. and then install the locale named india using the localeadm command.
# mount -F hsfs -o ro `lofiadm -a /path/to/solaris_iso` /mnt
# localeadm -a india -d /mnt/Solaris_10/Product
To verify the newly installed locale :
# locale -a C POSIX bn_IN.UTF-8 en_IN.UTF-8 gu_IN.UTF-8 hi_IN.UTF-8 iso_8859_1 kn_IN.UTF-8 mr_IN.UTF-8 ta_IN.UTF-8 te_IN.UTF-8
Setting new locale
1. Changing locales gloablly for all users
So now if you want to set the date and time format in Inian language Hindi you can set LC_TIME locale category to hi_IN.UTF-8. This requires a reboot of the system. Edit the /etc/default/init file and set/add the LANG and LC_* variables.
# vi /etc/default/init LC_TIME=hi_IN.UTF-8
Reboot the system:
# shutdown -i6 -g0 -y
2. Setting user specific locales
Different locales can also be set for different users on the same system. To do this edit the profile of the individual user to export the specifi locales. For example,
# vi $HOME/.profile LC_TIME=hi_IN.UTF-8; export LANG
To verify the new locales set :
LANG= LC_CTYPE="C" LC_NUMERIC="C" LC_TIME=hi_IN.UTF-8 LC_COLLATE="C" LC_MONETARY="C" LC_MESSAGES="C" LC_ALL=
Check the current date, and you would see the the in the Hindi language.
There are several different ways to check the link status(up/down) in solaris. Below are several methods, with examples, to check network link status of Ethernet interfaces in Solaris. Some of the methods like dladm were not available in solaris 8 and 9. In that case we can use kstat and ndd commands.
1. Checking /var/adm/messages file for errors
Most of the times, link down messages are logged in the /var/adm/messages file. You just have to search through the file for the right error.
Sep 18 11:51:08 server1 qfe: [ID 349649 kern.notice] NOTICE: SUNW,qfe0: No response from Ethernet network : Link Down - cable problem Oct 1 08:37:06 server2 unix: SUNW,hme0: 100 Mbps full-duplex Link Up
2. Checking link status with ndd (Solaris 8 and 9)
In solaris 8 and 9, the dladm command will not work. In that case link status can be checked with the ndd command. First we need to set the instance of the specific interface we want to check.
# ndd -set /dev/ce instance 0 ### instance set to "0" checks ce0 status # ndd /dev/ce link_status 1
3. Checking link status with kstat (Solaris 8 and 9)
kstat is another useful command to check the link status. To check link status all interfaces of device driver type ce :
# kstat -p qfe:::link_up qfe:0:qfe0:link_up 1 qfe:1:qfe1:link_up 1
…or just a single instance:
# kstat -p e1000g:0::link_up e1000g:0:mac:link_up 1
4. Checking link status with dladm (Solaris 10 and 11)
Starting solaris 10, dladm command can be used which gives a more formatted output for all the network interfaces with link status and link speed as well.
# dladm show-dev e1000g0 link: up speed: 1000 Mbps duplex: full e1000g1 link: unknown speed: 0 Mbps duplex: half
For solaris 11, the command is slightly changed :
# dladm show-link LINK CLASS MTU STATE OVER net0 phys 1500 up -- net1 phys 1500 up --
or, you can also use the below command, which give more detailed information.
# dladm show-phys LINK MEDIA STATE SPEED DUPLEX DEVICE net0 Ethernet up 1000 full e1000g0 net1 Ethernet up 1000 full e1000g1
6. Checking link speed at ok prompt
On solaris SPARC systems, we can watch individual interfaces to see if they have a link. At the OBP prompt on the client, use the “watch-net-all” command to test and see the network devices.
ok> watch-net-all [email protected][email protected][email protected],1 1000 Mbps full duplex Link up Looking for Ethernet Packets. '.' is a Good Packet. 'X' is a Bad Packet. Type any key to stop. ................................................. [email protected][email protected][email protected] Timed out waiting for Autonegotiation to complete Check cable and try again Link Down [email protected][email protected][email protected][email protected],1 Timed out waiting for Autonegotiation to complete Check cable and try again Link Down [email protected][email protected][email protected][email protected] Timed out waiting for Autonegotiation to complete Check cable and try again Link Down
7. Examining RUNNING flag in ifconfig output
Another easy way to quickly check the interface link status – is to check “ifconfig -a” command output. The RUNNING flag is cleared when the link is down.
# ifconfig -a ...... e1000g0: flags=1000843[UP,BROADCAST,RUNNING mtu 1500 index 2 inet 192.168.1.25 netmask ffffff00 broadcast 192.168.1.255 ether 0:c:29:92:7b:cd ......
8. mpathd notices
If you are using IPMP, the mpathd daemon will detect NIC failures and repairs and log them in /var/adm/messages file.
"NIC failure detected on qfe0" - in.mpathd has detected that NIC qfe0 is repaired and operational "Successfully failed back to NIC qfe0 to NIC qfe1" - in.mpathd has restored network traffic back to NIC qfe0, which is now repaired and operational.
8. Checking link status with SNMP
The snmpwalk command is rarely used to find link status. But it can also be used ti query the link status of a remote host, which in some cases can be very useful. The snmp class queried here to get link status is interfaces.ifTable.
# snmpwalk -v1 -c public localhost interfaces.ifTable | egrep "Descr|OperStatus" IF-MIB::ifDescr.1 = STRING: lo0 IF-MIB::ifDescr.2 = STRING: ce0 IF-MIB::ifDescr.3 = STRING: ce1 IF-MIB::ifDescr.4 = STRING: ce2 IF-MIB::ifDescr.5 = STRING: ce3 IF-MIB::ifOperStatus.1 = INTEGER: up(1) IF-MIB::ifOperStatus.2 = INTEGER: up(1) IF-MIB::ifOperStatus.3 = INTEGER: up(1) IF-MIB::ifOperStatus.4 = INTEGER: down(2) IF-MIB::ifOperStatus.5 = INTEGER: up(1)
1. up(1), down(2)
2. ‘public’ is the default SNMP v1/v2c read community string here and can be different on your system.
3. You can run the same command against remote hostname instead of localhost.
To find a command using a keyword :
# man -k [keyword]
When you know the exact command to be used, you can use the man page for that command as :
# man [command]
There are several sections within a man page. Most commonly used sections are listed below :
|5||system configuration files|
|8||system administration commands|
So to find configuration file for ntp (which is /etc/ntp.conf), you can use :
# man -5 ntp
To display short description for a command or configuration from man database use whatis:
# whatis passwd passwd(1) - update user's authentication tokens sshpasswd(1ssl) - compute password hashes passwd(5) - password file
You can also use the -f option of man command to get the same results:
# man -f passwd
To update man database after adding any new packages:
Info command is available as part of info package and provides more detailed information than man command.
# info [command]
Documentation in /usr/share/doc
The /usr/share/doc directory stores documentation(release notes, installation guide etc.) for all packages under respective directories by the name of package.
# ls /usr/share/doc/ntp/*
The vim editor
|i||Insert text before current cursor position|
|a||Append text after current cursor position|
|A||Append text at the end of the current line|
|o||Open new line below the current line|
|O||Open new line above the current line|
Navigating in vi
|left arrow / h||move left 1 character|
|right arrow / l||more right 1 character|
|up arrow / k||move up 1 line|
|down arrow / j||move down 1 line|
|$||move to the end of current line|
|0||move to beginning of current line|
|x||delete character at current cursor position|
|dw||delete word or part of word to the right of cursor|
|dd||delete current line|
|D||Delete current line starting from the current cursor position|
Undoing and repeating
|u||undo the last command|
|. (dot)||repeat the last command|
Search and replace text
|/[string]||Search forward for string|
|?[search]||Search backward for string|
|n||Find next occurrence of string|
|N||find previous occurrence of string|
|:%s/old/new||Search and replace first occurrence of string old with string new|
|:%s/old/new/g||Search and replace all occurrence of string old with string new|
|cw||Change the word staring from current cursor position|
|r||Replace character at current cursor position|
|R||Replace/overwrite text on current line|
Copying and Pasting text
|yw||Yank the current word in buffer|
|yy||Yank the current line in buffer|
|p||Paste the yanked data below the current line|
|P||Paste the yanked data above the current line|
Saving and quiting
|:w||Write change into the file without quitting|
|:w!||write change into the file even if you are not owner of the file|
|:wq||write change into the file and quit|
|:wq!||write change into the file and quit even if you are not owner of the file|
|:q||quits when no changes are made|
|:q!||quits without saving the changes made|
Red Hat Certified System Administrator better known as RHCSA exam is one of the well-known certification exam in Linux world. I’ve tried to write together notes that I used in my preparation of RHEL 7 RHCSA. Remember that, these are not explanatory notes, but a quick cheat sheet. The post includes links to all exam objectives for the RHCSA exam.
Understand and use essential tools
- Access a shell prompt and issue commands with correct syntax.
- Use input-output redirection (>, >>, |, 2>, etc.)
- Use grep and regular expressions to analyze text.
- Access remote systems using ssh.
- Log in and switch users in multiuser targets.
- Archive, compress, unpack, and uncompress files using tar, star, gzip, and bzip2.
- Create and edit text files.
- Create, delete, copy, and move files and directories.
- Create hard and soft links.
- List, set, and change standard ugo/rwx permissions.
- Locate, read, and use system documentation including man, info, and files in /usr/share/doc.
Operate running systems
- Boot, reboot, and shut down a system normally.
- Boot systems into different targets manually.
- Interrupt the boot process in order to gain access to a system.
- Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes.
- Locate and interpret system log files and journals.
- Access a virtual machine’s console.
- Start and stop virtual machines.
- Start, stop, and check the status of network services.
- Securely transfer files between systems.
Configure local storage
- List, create, delete partitions on MBR and GPT disks.
- Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes.
- Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label.
- Add new partitions and logical volumes, and swap to a system non-destructively.
Create and configure file systems
- Create, mount, unmount, and use vfat, ext4 and xfs file systems.
- Mount and unmount CIFS and NFS network file systems.
- Extend existing logical volumes.
- Create and configure set-GID directories for collaboration.
- Create and manage Access Control Lists (ACLs).
- Diagnose and correct file permission problems.
Deploy, configure, and maintain systems
- Configure networking and hostname resolution statically or dynamically.
- Schedule tasks using at and cron.
- Start and stop services and configure services to start automatically at boot.
- Configure systems to boot into a specific target automatically.
- Install Red Hat Enterprise Linux automatically using Kickstart.
- Configure a physical machine to host virtual guests.
- Install Red Hat Enterprise Linux systems as virtual guests.
- Configure systems to launch virtual machines at boot.
- Configure network services to start automatically at boot.
- Configure a system to use time services.
- Install and update software packages from Red Hat Network, a remote repository, or from the local file system.
- Update the kernel package appropriately to ensure a bootable system.
- Modify the system bootloader.
Manage users and groups
- Create, delete, and modify local user accounts.
- Change passwords and adjust password aging for local user accounts.
- Create, delete, and modify local groups and group memberships.
- Configure a system to use an existing authentication service for user and group information.
- Configure firewall settings using firewall-config, firewall-cmd, or iptables.
- Configure key-based authentication for SSH.
- Set enforcing and permissive modes for SELinux.
- List and identify SELinux file and process context.
- Restore default file contexts.
- Use boolean settings to modify system SELinux settings.
- Diagnose and address routine SELinux policy violations.