Category: RHEL7

Permission handling in Linux

In this post we are going to see(Permission handling in Linux) how to set permission for files and directories in linux/unix.

Before set/unset permission we should check the existing permission for a file usinf ll <filename> command like below.

[root@server ~]# ll abu
-rwxrwxrwx. 1 abu root 113 Dec 11 20:22 abu

We can assign permission based on below categories and same has been display while executing ll or ls –l command.

User:    u

Group:  g

Others:  o

Numeric values used for changing/identifying the permissions:

Read:       4, r

Write:      2, w

Execute:  1, x

Command used for changing file permission:

#Chmod 655 <filename>

Example:

Command to set permission:

We are going to set permission for file abu from 777 to 755 using below command. 755 will have full permission for user, read and execute for group and others.

[root@server ~]# chmod 755 abu
[root@server ~]# ll abu
-rwxr-xr-x. 1 abu root 113 Dec 11 20:22 abu

Also will set the permissions usings characters like below.

Read:        r

Write:       w

Execute:  x

Example:

Command to set permission using characters:

In the below example going to set execute permission alone to others

[root@server ~]# ll abu1
-rwxr-xr--. 1 root abu 0 Dec 11 20:17 abu1
[root@server ~]# chmod o+x abu1
[root@server ~]# ll abu1
-rwxr-xr-x. 1 root abu 0 Dec 11 20:17 abu1

Changing ownership of a file or directory:

#Chwon user:group <filename>

example:

In below example going to change owner of the directory as lbcuser for lbc directory. User has been created already.

Note: Existing owner and group will be root.

before changing owhership:

[root@server ~]# mkdir lbc
[root@server ~]# ll | grep lbc
drwxr-xr-x. 2 root root 6 Dec 16 20:33 lbc

after changing ownership:

[root@server ~]# chown lbcuser lbc
[root@server ~]# ll | grep lbc
drwxr-xr-x. 2 lbcuser root 6 Dec 16 20:33 lbc

using chown command will change group as well like below.

Going to change group as finance.

[root@server ~]# chown :finance lbc
[root@server ~]# ll | grep lbc
drwxr-xr-x. 2 lbcuser finance 6 Dec 16 20:33 lbc

Will change the group alone using chgrp command:

[root@server ~]# mkdir lbc1
[root@server ~]# chgrp finance lbc1
[root@server ~]# ll | grep lbc1
drwxr-xr-x. 2 root finance 6 Dec 16 20:47 lbc1

 

Reference: RedHat Document

ACL in RHEL7/Cent OS 7

In this post we are going to securing files and directories using ACL in RHEL7/Cent OS 7.

In this post we are going to see how to secure files and directories using ACL.

As first step need to check kernel compatibility for ACL using below command.

[root@server ~]# grep -i acl /boot/config*
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_GENERIC_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=m
CONFIG_CEPH_FS_POSIX_ACL=y
CONFIG_CIFS_ACL=y

Above output will says that this kernel is compatible with ACL access since we could see all are marked as yes POSIX_ACL=y. 

If it is set as N. Than we need to rebuild the kernel.

Next need to install the packages.

Required packages for ACL:

acl

nfs4-acl-tools

libacl

Now install all the above three packages using yum:

Link to see how to configure yum locally click here

[root@server ~]# yum -y install nfs4-acl* acl libacl

Will assign read, write and execute permission to files and directories using ACL and will mention characters ugo/rwx  in commands for permissions respectively.

Now will see a example which will help us to understand clearly.

Create three users and one group respectively like below.

[root@server ~]# useradd lbcuser1
[root@server ~]# useradd lbcuser2
[root@server ~]# useradd lbcuser3
[root@server ~]# groupadd lbcgroup
[root@server ~]# passwd lbcuser1
Changing password for user lbcuser1.
New password:
BAD PASSWORD: The password is a palindrome
Retype new password:
passwd: all authentication tokens updated successfully.

Above screen password has been generated for only lbcuser1.Same like that need to set password for other 2 users.

Now add the lbcgroup group as secondry group for lbcuser1 and lbcuser2 users.

[root@server ~]# usermod -aG lbcgroup lbcuser1
[root@server ~]# usermod -aG lbcgroup lbcuser2

Create a directory and a file inside of that directory to assign and check permissions using acl.

[root@server ~]# mkdir /tmp/data
[root@server ~]# touch /tmp/data/testfile.txt

Now change the group as lbcgroup to the file like below.

[root@server ~]# chown :lbcgroup /tmp/data/testfile.txt
[root@server ~]# ll /tmp/data/testfile.txt
-rw-r--r--. 1 root lbcgroup 0 Dec 15 21:14 /tmp/data/testfile.txt

set the permission 770 using chmod command to the testfile.txt.

Now we can login as lbcuser1 and lbcuser2 and than will try to insert content in testfile.txt.

Sure both users can able to insert content in the file. Because, both users and files group is same(lbcgroup).

[root@server ~]# su lbcuser1
[lbcuser1@server root]$ echo "My name is lbcuser1..." > /tmp/data/testfile.txt
[lbcuser1@server root]$ exit
exit
[root@server ~]# su lbcuser2
[lbcuser2@server root]$ echo "My name is lbcuser2..." > /tmp/data/testfile.txt
[lbcuser2@server root]$ exit
exit
[root@server ~]#

and now will try to insert content as lbcuser3. It will give error. Since, its not the owner and member of lbcgroup for that file.

[root@server ~]# su lbcuser3
[lbcuser3@server root]$ echo "My name is lbcuser3..." > /tmp/data/testfile.txt
bash: /tmp/data/testfile.txt: Permission denied

So, now will provide read and write permission using ACL without adding the lbcuser3 in lbcgroup and will check it again to insert content into the file.

[root@server ~]# setfacl -R -m u:lbcuser3:rw /tmp/data/testfile.txt
[root@server ~]# su lbcuser3
[lbcuser3@server root]$ echo "My name is lbcuser3..." > /tmp/data/testfile.txt
[lbcuser3@server root]$ cat /tmp/data/testfile.txt
My name is lbcuser3...

Since we user single > symbol to redirect the echo command out into the file, its showing our last content which is “My name is lbcuser3…”

To set permission for group will use in above command where we used and groupname where we given username like below.

[root@server ~]# setfacl -R -m g:lbcgroup:rw /tmp/data/testfile.txt

To check the existing ACL permission of a file use getfacl command.

[root@server ~]# getfacl /tmp/data/testfile.txt
getfacl: Removing leading '/' from absolute path names
# file: tmp/data/testfile.txt
# owner: root
# group: lbcgroup
user::rwx
user:lbcuser3:rw-
group::rwx
mask::rwx
other::---

Same like file will set permission to directory as well.

Command to set permission for directory:

below command will help us to set read permission alone for other users which is not owner/group of the directory.

[root@server ~]# setfacl -m d:o:r /tmp/data
[root@server ~]# getfacl /tmp/data
getfacl: Removing leading '/' from absolute path names
# file: tmp/data
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r--

 

User/Group disk quota enabling in Linux/Unix

Now we are going to see how to enable User/Group disk quota enabling in Linux/Unix in this post. Sometimes we might have low space in on local disk. To avoid this will allocate disk size to Users/Groups by enabling and configuring quota in /home directory.

As a first step we should enable quota in Filesystem.

by editing and adding usrquota and grpquota in home directory entry at /etc/fstab file will enable quota.

 

[root@server ~]# vi /etc/fstab

# /etc/fstab
# Created by anaconda on Fri Nov 24 17:31:25 2017
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=2f2c635e-e5fb-4c81-823a-855a334ca04c /boot xfs defaults 0 0
/dev/mapper/rhel-swap swap swap defaults 0 0
/dev/rootvg/lv_tmp1 /home xfs defaults,usrquota,grpquota 0 0

save and exit from the file.

Now remount the filesystem using below command.

[root@server ~]# mount -o remount /home

Then check whether the quota has been enabled or not in /home mountpoint.

[root@server ~]# mount | grep /home
 /dev/mapper/rootvg-lv_tmp1 on /home type ext4 (rw,relatime,seclabel,quota,usrquota,grpquota,data=ordered)

Creating database using below command

[root@server ~]# quotacheck -cugv /home

C:     Key to create new quota file

U:     User quota

G:     Group quota

V:     Verbose mode

And now turn on the quota in /home directory using below command

[root@server ~]# quotaon /home

Now will assign quota using edquota command to User/Group

Syntax to create quota on user:

#edquota -u <username>

Syntax to create quota on group:

#edquota -g <groupname>

Will see a example of creating quota on user called abu

[root@server ~]# edquota -u abu

Now the above command will open quota file like below

Disk quotas for user abu (uid 1001):
 Filesystem                 blocks soft hard inodes soft hard
 /dev/mapper/rootvg-lv_tmp1    0   5000 6000   0      0    0

Above data has two quota limits. One is based on blocks and another one based on inode.

For block usage:

Soft:    Soft limit will warn the user if the user exceeds the limit. But, user allowed to write data in home directory till reaching the hard limit. In above example, we have provided 5000KB(nearby 5MB)

hard:    Hard limit will not allow user to write data in home directory once reached hard limit. In above example, we have provided 6000KB(6MB) as hard limit.

Will login and try to create 8MB of file using dd command to check the quota on user.

[root@server ~]# su abu
[abu@server ~]$ dd if=/dev/zero of=bgfile bs=1M count=8
dm-3: warning, user block quota exceeded.
dm-3: write failed, user block limit reached.
dd: error writing ‘bgfile’: Disk quota exceeded
6+0 records in
5+0 records out
6127616 bytes (6.1 MB) copied, 0.00498719 s, 1.2 GB/s

Command to display report on user quota:

[root@server ~]# repquota -as
*** Report for user quotas on device /dev/mapper/rootvg-lv_tmp1
Block grace time: 7days; Inode grace time: 7days
 Space limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 20K 0K 0K 2 0 0
abu +- 6000K 5000K 6000K 6days 6 0 0

Will configure grace period for the user quota. Once grace period has been reached than the soft limit will be come hard limit.

Command to create grace period:

[root@server ~]# edquota -t

Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
 Filesystem Block grace period Inode grace period
 /dev/mapper/rootvg-lv_tmp1 7days 7days

Grace period also has two types which based on blocks and inodes.

 

Thanks for reading this post.

Directory structure in Linux

We are going to see Directory structure in Linux/ Unix and what was the use of those directories.

Directory structure in Linux

/: Root

Root is a parent directory for all the directories and files.

Each and every directories and files will comes under root only.

Only root user only will do any changes in this directory.

For root user /root is the home directory and for others home directory will comes under /home

/home

All the users home directory will be created under /home to store their files. Ex: /home/user

/boot

This directory contains boot loader information.

Boot loader file contains kernel and initramfs image details.

/bin

Contains all the executable binary files which are

commands which we are using in linux/unix.

/sbin

/sbin also contains binary files like same as /bin.

But, this commands are typically used by system administrator.

/etc

Contains configuration files of all the application/programs used in Linux/Unix.

and startup scripts also stored in this location.

/dev

This directory contains all the device files and drivers as well. Like CD Drive, HDD, USB, tty

/tmp

This directory is for temporary use only. All the temps files and directories stored here  which is created by user or system.

Files will be deleted after reboot of the system.

/opt 

Stands for optional.

This directory contains applications installed which all are separate vendor.

/var

Contains all the variable files and logs and  this can be grow in future based on the usage.

Ex:  /var/log/dmesg, /var/log/secure,etc…

/mnt

This will be used to mount devices temporary purpose.

/usr

This directory contains libraries, variables, binaries. /usr/bin directory contains binary files for user level programs and /usr/sbin contains binary files foe system administrator levels.

 

 

Help command and Data Types in Python

In this post we are going to see Help command and Data Types in Python.

Use help along with command which you want need to know more that command.

Here is the example:

Below command will shows the help about print command.

[root@server ~]# python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> help ('print')

 

Data types:

  1. Numbers
  2. Strings
  3. Lists
  4. Tuple
  5. Dictionary

Numbers:

Three types of numbers data type available in Python.

Integers: 10

Floating point: 2.1, 3.45

Complex numbers: (4+1J), (3.6 – 5.4a).

Python installation in Linux/Unix

In RedHat by default python installed. We are going to see the Python installation in Linux/Unix.

First we have to prepare our system to install Python.

Preparing system:

login as root user, as its a administrator and having full privileges.

Use subscription-manager to know whether you have access to RedHat software repository or not.

[root@server ~]# subscription-manager repos --list-enabled

if you don’t see any repository enabled, than your machine not registered or not having subscription.

Now update using yum command.

[root@server ~]# yum update

Once you executed the above command with valid subscription, all the packages will get updated in your OS.

Now setup your environment:

As you aware already, we are going to use yum to install and check Python package.

Check whether python installed or not using yum.

[root@server ~]# yum list installed | grep python

If the package not installed, use below command to install python.

[root@server ~]# yum install python

above command will ask your confirmation to proceed install. Simply type  and press enter.

Once executed above command, again check whether its installed or not.

[root@server ~]# yum list installed | grep python

Use python  command to run python in interactive mode.

[root@server ~]# python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> quit()
[root@server ~]#

Finally we installed python in linux.

Creating a new filesystem in Linux/Unix

We are going to see  creating a new filesystem in Linux/Unix and especially in RHEL7.

As a first step we should know how many physical disks available in our machine and available free space in those disks.

For that we can use below commands. fdisk command will list all the physical disks with partitions and size of the disk.

[root@server ~]# fdisk -l

Disk /dev/sda: 21.5 GB, 21474836480 bytes, 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x00060f18

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 17803263 8388608 83 Linux
/dev/sda3 17803264 21997567 2097152 83 Linux
/dev/sda4 21997568 41943039 9972736 5 Extended
/dev/sda5 21999616 30388223 4194304 82 Linux swap / Solaris
/dev/sda6 30390272 41943039 5776384 8e Linux LVM

Disk /dev/sdb: 8589 MB, 8589934592 bytes, 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x1f51ec05

Device Boot Start End Blocks Id System
/dev/sdb1 2048 12584959 6291456 8e Linux LVM
/dev/sdb2 12584960 16777215 2096128 8e Linux LVM

Disk /dev/sdc: 8589 MB, 8589934592 bytes, 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

df command will list the free space in the mentioned disk

[root@server ~]# df -h /dev/sdc
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.4G 0 1.4G 0% /dev

We are going to use /dev/sdc disk, as its having free space and none FS created in this.

Use the below command to do changes and create filesystem in this disk

[root@server ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x52240e5b.

Command (m for help):

Once you executed fdisk command with disk name(/dev/sdc), you will get in to the fdisk tool to do changes and it will show like above. type ‘m’ and press enter to get to know the keys which will be helpful in this tool

[root@server ~]# fdisk /dev/sdc
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x52240e5b.

Command (m for help): m
Command action
 a toggle a bootable flag
 b edit bsd disklabel
 c toggle the dos compatibility flag
 d delete a partition
 g create a new empty GPT partition table
 G create an IRIX (SGI) partition table
 l list known partition types
 m print this menu
 n add a new partition
 o create a new empty DOS partition table
 p print the partition table
 q quit without saving changes
 s create a new empty Sun disklabel
 t change a partition's system id
 u change display/entry units
 v verify the partition table
 w write table to disk and exit
 x extra functionality (experts only)

Now we are going to create a filesystem/partition. So for that type  to create new filesystem. Once pressed enter you will get prompt to select the partition type. Select Primary.

Than provide the partition number or else just press enter to take default value.

First Sector:  Provide the sector value, from there only filesystem/partition will start.

Last Sector:  Finally we have to provide the last sector value where the filesystem/partition will get end or in number value with G(GB),M(MB),K(KB). For best practise we can use the number value with like this +4G and than press enter to complete it.

Command (m for help): n
Partition type:
 p primary (0 primary, 0 extended, 4 free)
 e extended
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-16777215, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-16777215, default 16777215): +4G
Partition 1 of type Linux and of size 4 GiB is set

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

and now type  and press enter to save the changes and quit from the fdisk.

We created partition in physical disk. Use partprobe command to affect the disk changes without restarting the machine in this session.(Note: for hardware changes system restart is must. So here specially we are using this command to avoid machine reboot)

[root@server ~]# partprobe
[root@server ~]# fdisk -l /dev/sdc

Disk /dev/sdc: 8589 MB, 8589934592 bytes, 16777216 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x61352143

Device Boot Start End Blocks Id System
/dev/sdc1 2048 8390655 4194304 83 Linux

We have to format the partition using anyone of the filesystem type(XFS, EXT4,ETX3…).

Note: if you are going to use this partition in LVM, no need to follow the further steps.

As we are using RHEL7, going to use default one which XFS to format.

Command to format the partition using XFS filesystem.

[root@server ~]# mkfs.xfs /dev/sdc1
meta-data=/dev/sdc1 isize=512 agcount=4, agsize=262144 blks
 = sectsz=512 attr=2, projid32bit=1
 = crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=1048576, imaxpct=25
 = sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
 = sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0

After formating need to create a directory to mount this and the directory will act as mount point.

[root@server ~]# mkdir /app

Finally filesystem should be mounted under the created directory to make use it.

We ahev two type in mounting filesystem.

Temporary mount: Will mount the filesystem. But, after restarting mount will be lost. Again we need to mount it.

Permanent mount:  Need to make entry in /etc/fstab file and this mount will not lost even after restarting the machine as well.

Temporary mount:

[root@server ~]# mount /dev/sdc1 /app

Permanent mount:

Open the /etc/fstab file using vi editor and provide the below entry. Save and exit from the file using :wq.

[root@server ~]# vi /etc/fstab

/dev/sdc1 /app xfs defaults 0 0

Use mount command with grep to check the filesystem whether its listing or not.

[root@server ~]# mount | grep /app
/dev/sdc1 on /app type xfs (rw,relatime,seclabel,attr2,inode64,noquota)

Successfully we created a filesystem now.

 

 

Install and managing iptables in Linux/Unix

Will see Install and managing iptables in Linux/Unix

IPTables is a firewall which comes by default with Linux/ Unix and it’s holds a bunch of rules as a chain. Below are some default chains.

INPUT – Incoming network traffic to this machine from outside.

FORWARD – Network traffic going to/  from machine to another side of this firewall.

OUTPUT – Outgoing network traffic from this machine

Rules are kept in a chain with below-mentioned action in order to do action like below.

ACCEPT – To allow incoming traffic from the outside

DROP –        Will drop the packets with no reply to sender

REJECT –     Packet will be dropped and a message sent to the sender with an appropriate message.

Check whether the iptables package installed or not using the command.

[root@server ~]# rpm -qa | grep iptables
iptables-devel-1.4.21-17.el7.x86_64
iptables-1.4.21-17.el7.x86_64
iptables-services-1.4.21-17.el7.x86_64

If the package not installed use yum to install it like below.

Note: yum package manager should be installed to use it.

[root@server ~]# yum install iptable*

Now enable the iptables permanently in this run level

[root@server ~]# systemctl enable iptables
 Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

Command to start and check the status of the iptables:

[root@server ~]# systemctl start iptables

[root@server ~]# systemctl status iptables
 ● iptables.service - IPv4 firewall with iptables
 Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
 Active: active (exited) since Sun 2017-10-29 09:20:21 IST; 5s ago
 Process: 2331 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 2331 (code=exited, status=0/SUCCESS)

Oct 29 09:20:21 server systemd[1]: Starting IPv4 firewall with ipta....
 Oct 29 09:20:21 server iptables.init[2331]: iptables: Applying firew...
 Oct 29 09:20:21 server systemd[1]: Started IPv4 firewall with iptables.
 Hint: Some lines were ellipsized, use -l to show in full.

To check default configuration of iptables use below command.

[root@server ~]# iptables -L
 Chain INPUT (policy ACCEPT)
 target prot opt source destination
 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
 ACCEPT icmp -- anywhere anywhere
 ACCEPT all -- anywhere anywhere
 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
 target prot opt source destination
 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
 target prot opt source destination

Another important command that will help to save the iptables configuration changes which we made. However, will not save the configuration changes and will lose the changes after restarting iptables/ machine.

Use the below command to save the rules changes which we made.

[root@server ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

or

[root@server ~]# iptables-save
# Generated by iptables-save v1.4.21 on Sun Oct 29 15:17:07 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [90:12391]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sun Oct 29 15:17:07 2017

Command to enable port in iptables. here we are going to enable port 80 for webserver(http) from outside to this server.

[root@server ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Command to enable port 80 to allow traffic from the server/firewall to outside in iptables.

[root@server ~]# iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT

also will enable the port to specific host in iptables. For this we can  -s  option to mention the hostname in the command like below.

enabling 80 port to allow the traffic from the node1 alone.

[root@server ~]# iptables -A INPUT -p tcp -s node1.lbcdomain.com --dport 80 -j ACCEPT

Same like above will enable the ports for specific network to limit the access. So that, traffic allowed from the machines which all are falls under this network.

[root@server ~]# iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 80 -j ACCEPT

 

Increasing LVM in xfs filesystem

We will see how to Increasing LVM in xfs filesystem in this post.

LVM is playing important role in Linux/Unix OS and it will help to increase/ reduce filesystem size in Linux/Unix OS.

We are going to see how to increase a filesystem in Linux/Unix especially in RHEL7 OS.

We can increase the filesystem in online and we no need to unmount the filesystem for this operation.

Steps to be followed in increasing filesystems:

First we need to check whether the free space available in the VG. if the required space available in the VG then will go head and extend simply using from step 4 to 6.

If there is no free space in VG, Follow the below steps.

  1. Create a filesystem and change the filesystem type from “Linux” to “Linux LVM”(8e is the id/Hex code for Linux LVM filesystem type)
  2. Create physical volume for that created filesystem.
  3. Extend the Volume Group by adding the the created PV in this VG. now you will get free/unused space in your VG. Use “vgs” command to check that.
  4. Now extend/increase the size of logical volume using “lvextend” command.
  5. Than run “xfs_growfs” command to shrink the filesystem
  6. Finally check the mount point size using “df -h <mountpoint>” and logical volume size using “lvs” command. Both size should be same after extending the filesystem as well.

In our case we are going to create a fileystem in existing physical disk unused space and than will create PV, vgextend and lvextend likewise.

Using below command will check the free spcae in our physical disk

[root@localhost ~]# df -h /dev/sdb
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.4G 0 1.4G 0% /dev

we have nearby 2GB space in existing disk.

Use below commands to create a filesystem:

[root@localhost ~]# fdisk /dev/sdb

use “n” key to create new partition and provide the required details to create it.

Use “t” key to change the filesystem type from “Linux” to “Linux LVM”

Below command will help us to check whether the filesystem created perfectly and change filesystem type. Here “/dev/sdb2” is theone which we created and changed filesystemtype.

Click here to know how to create a filesystem/partition in linux/unix

[root@localhost ~]# fdisk -l /dev/sdb

Disk /dev/sdb: 8589 MB, 8589934592 bytes, 16777216 sectors
 Units = sectors of 1 * 512 = 512 bytes
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 512 bytes / 512 bytes
 Disk label type: dos
 Disk identifier: 0x1f51ec05

Device Boot Start End Blocks Id System
 /dev/sdb1 2048 12584959 6291456 8e Linux LVM
 /dev/sdb2 12584960 16777215 2096128 8e Linux LVM

Now create physical volume using below command:

[root@localhost ~]# pvcreate /dev/sdb2
 Physical volume "/dev/sdb2" successfully created.

As next step we need to extend the VG by adding the created PV in our VG.

Before that check the size and free size of our VG like below.

[root@localhost ~]# vgs
 VG #PV #LV #SN Attr VSize VFree
 newvg 2 2 0 wz--n- 11.50g 516.00m

Extend the newvg using below command:

And check the VG size and free space after extending the VG.

[root@localhost ~]# vgextend newvg /dev/sdb2
 Volume group "newvg" successfully extended
 [root@localhost ~]# vgs
 VG #PV #LV #SN Attr VSize VFree
 newvg 3 2 0 wz--n- 13.50g 2.50g

Now we have 2.5GB free space. SO, we are going to use this free spave to extend the LV.

Use lvs command to check avilabe LV’s and find the LV name which we are going to extend now.

[root@localhost ~]# lvs
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 lv1 newvg -wi-ao---- 4.00g
 lv2 newvg -wi-a----- 7.00g

Here we are going to extend lv1

Use below command to extend the LV1:

[root@localhost ~]# lvextend -L +2G /dev/newvg/lv1
 Size of logical volume newvg/lv1 changed from 4.00 GiB (1024 extents) to 6.00 GiB (1536 extents).
 Logical volume newvg/lv1 successfully resized.

And shrink the filesystem using below command:

[root@localhost ~]# xfs_growfs /dev/newvg/lv1

Finally check the mountpoint size and lv1 size using below command. Both should be same after extending the size.

[root@localhost ~]# df -h /lvolume1
 Filesystem Size Used Avail Use% Mounted on
 /dev/mapper/newvg-lv1 6.0G 33M 6.0G 1% /lvolume1
[root@localhost ~]# lvs /dev/newvg/lv1
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 lv1 newvg -wi-ao---- 6.00g

size replicating in both check.

Successfully we extend the LV size.

 

 

 

Reducing LVM xfs format filesystem

 

In this post we are going to see Reducing LVM xfs format filesystem.

Reducing LV size on xfs fileystem is little different from reducing LV size on etx4/3/2 fileystem’s.

Follow the below steps to perform this:

1. As first step take data backup using xfsdump

2. Then unmount the fileysystem

3. Now shrink the logical volume to the required size using lvreduce command.

4. Format the filesystem using xfs format.

Note: While we reducing size over etx4/3/2 filesystems, will use resize2fs command to shrink instead of formating. So, we no need to take data backup while using etx4/3/2 filesystem for LVM.

5. Mount the filesystem again.

6. Now finally restore the data using xfsrestore command.

LVM details are below:

VG Name: newvg

LV’s: lv1, lv2. Going to use lv2 for this lab.

Use lvs command to check the size of existing LV’s

[root@localhost ~]# lvs
 LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert
 lv1 newvg -wi-ao---- 6.00g
 lv2 newvg -wi-a----- 7.00g

lv2 has been mounted under /lvolume2 mount point. Now take the backup of /lvolume2 under /tmp filesystem like below.

[root@localhost ~]#xfsdump -f /tmp/lv2.dump /lvolume2

Now unmount the filesystem using below command:

[root@localhost ~]# umount /lvolume2

Reduce or shrink the size to required size using lvreduce command:

In below example we are going to reduce the lv2 filesystem size from 7Gb to 6GB.

[root@localhost ~]# lvreduce -L -1G /dev/newvg/lv2
 WARNING: Reducing active logical volume to 6.00 GiB.
 THIS MAY DESTROY YOUR DATA (filesystem etc.)
 Do you really want to reduce newvg/lv2? [y/n]: y
 Size of logical volume newvg/lv2 changed from 7.00 GiB (1792 extents) to 6.00 GiB (1536 extents).
 Logical volume newvg/lv2 successfully resized.

Now format the filesystem using below command:

[root@localhost ~]#mkfs.xfs -f /dev/newvg/lv2

Mount the filesystem again into the /lvolume2

[root@localhost ~]#mount /dev/newvg/lv2 /lvolume2

Finally restore the backup data

[root@localhost ~]#xfsrestore -f /tmp/lv2.dump /lvolume2

 

Reference: yallalabs