Monday, October 27, 2014

How to Increase Swap Space Size in Linux System



Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. While swap space can help machines with a small amount of RAM, it should not be considered a replacement for more RAM. Swap space is located on hard drives, which have a slower access time than physical memory.
To check swap status, use:
# swapon –s
     Or
# free –h

Swap partition
A swap partition can be created with most GNU/Linux partitioning tools (e.g. fdisk, cfdisk). Swap partitions are typically designated as type 82, however it is possible to use any partition type as swap.
To set up a Linux swap area, the mkswap command is used. For example: 
#mkswap /dev/sda2
 
The mkswap utility generates an UUID for the partition by default
, use the -U flag in case you want to specify custom UUID:
 
#mkswap -U custom_UUID /dev/sda2
 
To enable the device for paging:
 
# swapon /dev/sda2
 
To enable this swap partition on boot, add an entry to fstab: 
vi /etc/fstab
/dev/sda2    swap    swap    defaults   0  0
 
:wq

Swap file

As an alternative to creating an entire partition, a swap file offers the ability to vary its size on-the-fly, and is more easily removed altogether. This may be especially desirable if disk space is at a premium (e.g. a modestly-sized SSD).

Swap file creation

As root use fallocate to create a swap file the size of your choosing (M = Megabytes, G = Gigabytes) (dd can also be used but will take longer). For example, creating a 512 MB swap file: 

#dd  if=/dev/zero   of=/swapfile  bs=1M   count=512
 
# chmod 600 /swapfile
 
After creating the correctly sized file, format it to swap:
 
#mkswap /swapfile
 
Activate the swap file:
 
# swapon /swapfile
 
Finally, edit fstab to add an entry for the swap file:
 
vi /etc/fstab
/swapfile    swap    swap    defaults   0  0
 
:wq 
 

Remove swap file

To remove a swap file, the current swap file must be turned off.
As root

# swapoff -a
 
Remove swap file: 

# rm -f /swapfile

 
 
 
 
 
 
 




at No comments:
Labels:

Friday, October 24, 2014

how to configure scp in linux?



Secure copy or SCP is a means of securely transferring  computer files between a local host and a remote host or between two remote hosts. It is based on the  Secure Shell (SSH) protocol.

Package name: openssh-server
Service : sshd
Port no:22
Configure file:/etc/ssh/sshd_config
Logs:/var/log/secure

SCP

The scp command allows you to copy files over ssh connections. This is pretty useful if you want to transport files between computers, for example to backup something. The scp command uses the ssh command and they are very much alike. However, there are some important differences.

The scp command can be used in three* ways: to copy from a (remote) server to your computer, to copy from your computer to a (remote) server, and to copy from a (remote) server to another (remote) server. In the third case, the data is transferred directly between the servers; your own computer will only tell the servers what to do. These options are very useful for a lot of things that require files to be transferred, so let’s have a look at the syntax of this command

[root@linux~]$ scp examplefile yourusername@yourserver:/home/yourusername/

You can also copy a file (or multiple files) from the (remote) server to your own computer. Let’s have a look at an example of that:

[root@linux~]$ scp yourusername@yourserver:/home/yourusername/examplefile .

You probably already guessed that the following command copies a file from a (remote) server to another (remote) server:

[root@linux~]$ scp yourusername@yourserver:/home/yourusername/examplefile yourusername2@yourserver2:/home/yourusername2/

Install

Yum install openssh-server

Checking

rpm –qa openssh-server

Service on

Chkconfig sshd on
Service sshd restart

Examples

Copy the file "foobar.txt" from a remote host to the local host

$ scp your_username@remotehost.edu:foobar.txt /some/local/directory

Copy the file "foobar.txt" from the local host to a remote host

$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy the directory "foo" from the local host to a remote host's directory "bar"


$ Scp  -r  foo your_username@remotehost.edu:/some/remote/directory/bar

Copy the file "foobar.txt" from remote host "rh1.edu" to remote host "rh2.edu"


$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \
your_username@rh2.edu:/some/remote/directory/

Copying the files "foo.txt" and "bar.txt" from the local host to your home directory on the remote host

$ scp foo.txt bar.txt  your_username@remotehost.edu:~

Copy the file "foobar.txt" from the local host to a remote host using port 2264
$ scp -P 2264 foobar.txt  your_username@remotehost.edu:/some/remote/directory



at No comments:
Labels:

Wednesday, October 22, 2014

advanced file permissions sticky bit , setuid, setgid

sticky bit on directory

You can set the sticky bit on a directory to prevent users from removing files that
they do not own as a user owner. The sticky bit is displayed at the same location as the x permission for others. The sticky bit is represented by a t (meaning x is also there) or a T (when there is no x for others).

root@Linux:~# mkdir /project55
root@Linux:~# ls -ld /project55
drwxr-xr-x 2 root root 4096 Feb 7 17:38 /project55
root@Linux:~# chmod +t /project55/
root@Linux:~# ls -ld /project55
drwxr-xr-t 2 root root 4096 Feb 7 17:38 /project55
root@Linux:~#

The sticky bit can also be set with octal permissions, it is binary 1 in the first of four triplets.

root@Linux:~# chmod 1775 /project55/
root@Linux:~# ls -ld /project55
drwxrwxr-t 2 root root 4096 Feb 7 17:38 /project55
root@Linux:~#

You will typically find the sticky bit on the /tmp directory.

root@barry:~# ls -ld /tmp
drwxrwxrwt 6 root root 4096 2009-06-04 19:02 /tmp
setgid bit on directory

setgid can be used on directories to make sure that all files inside the directory are owned by the group owner of the directory. The setgid bit is displayed at the same location as the x permission for group owner. The setgid bit is represented by an s (meaning x is also there) or a S (when there is no x for the group owner). As this example shows, even though root does not belong to the group proj55, the files created by root in /project55 will belong to proj55 since the setgid is set.

root@Linux:~# groupadd proj55
root@Linux:~# chown root:proj55 /project55/
root@Linux:~# chmod 2775 /project55/
root@Linux:~# touch /project55/fromroot.txt
root@Linux:~# ls -ld /project55/
drwxrwsr-x 2 root proj55 4096 Feb 7 17:45 /project55/
root@Linux:~# ls -l /project55/
total 4
-rw-r--r-- 1 root proj55 0 Feb 7 17:45 fromroot.txt
root@Linux:~#

You can use the find command to find all setgid directories.
paul@laika:~$ find / -type d -perm -2000 2> /dev/null
/var/log/mysql
/var/log/news
/var/local
...
setgid and setuid on regular files

These two permissions cause an executable file to be executed with the permissions of the file owner instead of the executing owner. This means that if any user executes a program that belongs to the root user, and the setuid bit is set on that program, then the program runs as root. This can be dangerous, but sometimes this is good for security.

Take the example of passwords; they are stored in /etc/shadow which is only readable by root. (The root user never needs permissions anyway.)

root@Linux:~# ls -l /etc/shadow
-r-------- 1 root root 1260 Jan 21 07:49 /etc/shadow

Changing your password requires an update of this file, so how can normal non-root
users do this? Let's take a look at the permissions on the /usr/bin/passwd.

root@Linux:~# ls -l /usr/bin/passwd
-r-s--x--x 1 root root 21200 Jun 17 2005 /usr/bin/passwd

When running the passwd program, you are executing it with root credentials.
You can use the find command to find all setuid programs.

paul@laika:~$ find /usr/bin -type f -perm -04000
/usr/bin/arping
/usr/bin/kgrantpty
/usr/bin/newgrp
/usr/bin/chfn
/usr/bin/sudo
/usr/bin/fping6
/usr/bin/passwd
/usr/bin/gpasswd
...
In most cases, setting the setuid bit on executables is sufficient. Setting the setgid bit will result in these programs to run with the credentials of their group owner.


at No comments:
Labels:

Tuesday, October 21, 2014

how to add group in linux

Users can be listed in groups. Groups allow you to set permissions on the group level instead of having to set permissions for every individual user. Every Unix or Linux distribution will have a graphical tool to manage groups. Novice users are advised to use this graphical tool. More experienced users can use command line tools to manage users.

groupadd

Groups can be created with the groupadd command. The example below shows the
creation of five (empty) groups.

root@linux:~# groupadd tennis
root@linux:~# groupadd football
root@linux:~# groupadd snooker
root@linux:~# groupadd formula1
root@linux:~# groupadd salsa

/etc/group

Users can be a member of several groups. Group membership is defined by the /etc/group file.

root@linux:~# tail  -5  /etc/group
tennis:x:1006:
football:x:1007:
snooker:x:1008:
formula1:x:1009:
salsa:x:1010:
root@linux:~#

The first field is the group's name. The second field is the group's (encrypted) password (can be empty). The third field is the group identification or GID. The fourth field is the list of members, these groups have no members.

usermod

Group membership can be modified with the useradd or usermod command.

root@linux:~# usermod -a -G tennis inge
root@linux:~# usermod -a -G tennis katrien
root@linux:~# usermod -a -G salsa katrien
root@linux:~# usermod -a -G snooker sandra
root@linux:~# usermod -a -G formula1 annelies
root@linux:~# tail -5 /etc/group
tennis:x:1006:inge,katrien
football:x:1007:
snooker:x:1008:sandra
formula1:x:1009:annelies
salsa:x:1010:katrien
root@linux:~#

Be careful when using usermod to add users to groups. By default, the usermod command will remove the user from every group of which he is a member if the group is not listed in the command! Using the -a (append) switch prevents this behaviour.

groupmod

You can change the group name with the groupmod command.

root@linux:~# groupmod -n darts snooker
root@linux:~# tail -5 /etc/group
tennis:x:1006:inge,katrien
football:x:1007:
formula1:x:1009:annelies
salsa:x:1010:katrien
darts:x:1008:Sandra

groupdel

You can permanently remove a group with the groupdel command.
root@linux:~# groupdel tennis
root@linux:~#

groups

A user can type the groups command to see a list of groups where the user belongs to.
[harry@Linux ~]$ groups
harry sports
[harry@Linux ~]$

gpasswd

You can delegate control of group membership to another user with the gpasswd command. In the example below we delegate permissions to add and remove group members to serena for the sports group. Then we su to serena and add harry to the sports group.

[root@Linux ~]# gpasswd -A serena sports
[root@Linux ~]# su - serena
[serena@Linux ~]$ id harry
uid=516(harry) gid=520(harry) groups=520(harry)
[serena@Linux ~]$ gpasswd -a harry sports
Adding user harry to group sports
[serena@Linux ~]$ id harry
uid=516(harry) gid=520(harry) groups=520(harry),522(sports)
[serena@Linux ~]$ tail -1 /etc/group
sports:x:522:serena,venus,harry
[serena@Linux ~]$

Group administrators do not have to be a member of the group. They can remove themselves from a group, but this does not influence their ability to add or remove members.

[serena@Linux ~]$ gpasswd -d serena sports
Removing user serena from group sports
[serena@Linux ~]$ exit
Information about group administrators is kept in the /etc/gshadow file.

[root@Linux ~]# tail -1 /etc/gshadow
sports:!:serena:venus,harry
[root@Linux ~]#

To remove all group administrators from a group, use the gpasswd command to set an empty administrators list.
[root@Linux ~]# gpasswd -A "" sports
at No comments:
Labels:
Subscribe to: Posts (Atom)