Setting up a Red Hat Enterprise Linux Server

Welcome
Did you know that Linux was developed by a 21 year old college student as part of a
hobby? Fast forward a couple of decades, and here we are. Linux comes in hundreds of
versions, and it's widely used. I'm Sandy Toner, and much like that college student in
Helsinki, I’m a Linux enthusiast. I'm excited to share with you the knowledge and
skills necessary to manage a Red Hat Enterprise Linux server. In this course, we'll cover
installing GNU/Linux, working and configuring the operating system, and managing
system administration.
Working through this course will give you exposure to both the graphical interface, as
well as the command line interface. We'll explore system tools and utilities that support
efficient management of the system. Since the course will focus on Red Hat Enterprise
Linux version 7,there's something new for everyone, even if you've used Linux
before. Get ready to join the global movement to Linux. Set your brain standard input to
this course, and let's get started.

What you should know

For this course, it's valuable to have a working knowledge of computer
administration. As you explore how Linux can be configured, a basic understanding of
concepts like networking and disk management will help you to manage your system
efficiently.

Using what you know about Linux

In this video, Red Hat Enterprise Linux Basics: Using What You Know about Linux, we’ll
review information about Linux operating systems in general. Linux is an operating
system, so like other operating systems that you probably used, it's basically just
software that communicates between the hardware elements of your system. Linus
Torvalds, from University of Helsinki, created Linux based on Unix, and released it in the
1990s. Torvalds wanted to allow for the development community to be able to add
programs and crowd source applications.
This community-focused development, or open source model, is one way that Linux is
different than other operating systems. Open source can mean a few different
things. So let me clarify. What I mean here by open source is that the operating system
design is accessible for open public development. Linux operating systems can be
used to do a lot of different personal or business functions. They can examine,
troubleshoot, or recover information from other systems, like in digital forensics. They
can host a web site, store and protect media or personal artifacts.
They can also be used to manage enterprise information systems. Linux comes in
various distributions, or distros, for short. Each distro is a kernel packaged with a
specific collection of applications and software utilities. The subtle difference is, in the
distros, reflect the capabilities or requirements of a niche community of users. Let's look
at the example of the fervid video game user community, which is traditionally had a
hard time using Linux alone as a platform to play games. There's now a specific distro
called Steam OS that was developed for the custom specifications this group needs so
they can have a gaming platform on Linux.
Generally, Linux distributions can be downloaded for free, burned onto portable
storage, and installed on any device. A typical Linux distribution comes with a Linux
kernel, tools and libraries, applications, additional software, documentation, and a
desktop environment. In this video, we'll focus on Red Hat Enterprise Linux. In addition
to the typical Linux bundle, this enterprise version comes with a license support
relationship, and Red Hat sponsored updates. If you don't intend to use a support
license, Red Hat Enterprise Linux may not be the best distro for your needs.
With so many distributions to pick from, a lot of people are confused about how they
relate to each other. Are they the same company? Is one a derivative of another? Let's
take a closer look at three popular distributions - Fedora, Red Hat, and CentOS. Fedora
is a company-run distro offered by Red Hat, focused on quick releases of new features
and functionalities. Fedora is free, and it is sponsored by Red Hat, the company, but it's
actively developed by a community of developers, in this case, Red Hat developers, for
the most part.
It's best for developers and admins with good researching skills because it doesn't
require license support. Then we have Red Hat Enterprise Linux. It's the enterprise
version of the operating system based on the progress in the Fedora project. It has
slower releases and comes with support, which isn't free. In fact, in order to have
access to the updates and releases, you must have an active subscription. Red Hat
Enterprise Linux takes technologies developed via the Fedora project, and packages
them into a reliable and more stable commercial product.
Red Hat Enterprise Linux is better for an enterprise environment, or any commercial
services that are going to be in production and needs stability. Finally, let's talk about
CentOS. CentOS is the community run version of the enterprise operating system. It's
pretty much identical, but it's free. Patches and updates come from the community, as
opposed to Red Hat, the company. Similar to Fedora, it can take time to research a
solution, or even wait for the community to develop a solution or resolve a problem.
There's so many distributions. How do you figure out what distribution to work with? The
criteria you come up with should reflect what you need to do and who will be using
it. You're gonna wanna ask yourself questions, like what is it for? Am I planning for a
commercial or non-commercial use? Do I have a budget? Is my main focus for the
operating system security, usability, portability, or stability? What device am I going to
run the operating system on? Does it need to be supported on multiple types of
hardware, or platform specific? What am I gonna use the operating system for? Will it
be general purpose? Am I using it for monitoring or computer forensics? You're also
gonna wanna look at who is it for.
What level of technical acuity does the user need to have? Am I going to need to
address the needs of the geographically dispersed user base? And do users rely
heavily on media exchange, or the use of the latest tool sets? In this video, we talked
about Linux in general. In the next video, we'll take a look at some introductory
information specifically about Red Hat Enterprise Linux.

Learning the RHEL environment

In this video, Red Hat Enterprise Linux Basics, learning the Red Hat Enterprise Linux
environment, we'll cover basic elements of Linux and some specific new features in Red
Hat Enterprise Linux version seven. The Linux operating system is made up of a kernel
and programs, which come with the Red Hat Enterprise Linux support
package. Elements new to version seven include an updated kernel, and plenty of new
programs. The kernel is the very core of the system. It interacts directly with the
underlying hardware.
It manages processes, as well as assigns memory, handles networking and accesses
the file system. The kernel prevents anyone from accessing the hardware
directly, forcing everyone to use the tools it provides. System programs use the
kernel to implement services required from an operating system. Application programs
include software like a text editor. System application programs run on top of the kernel,
in user mode. User mode has no access to system hardware or kernel code. Since
programs run in user mode, they need to use system libraries to access kernel
functions for the system's low level tasks.
The kernel hides low level hardware details from system and application programs for
safety. Now let's talk about some of the elements in Linux that are found in Red Hat
Enterprise Linux. Red Hat Enterprise Linux has a boot loader. This is a program that
loads the operating system when the computer is turned on. Red Hat Enterprise Linux
seven is distributed with GNU, Grand Unified Boot Loader, GRUB version two. Using
GRUB 2, the user can select an operating system or kernel to be loaded at system boot
time.
And also, if necessary, an admin can pass arguments to the kernel before the operating
system is loaded. Red Hat Enterprise Linux has a service startup and management
tool. In previous versions of the Red Hat Enterprise operating system, this was handled
with in it scripts that coordinated part of the boot process and configured the
environment for the user. Now service startup and management is system d. System d
replaces the init scripts with a robust management system that has neat features, but
adds a lot of complexity.
So, good thing you have a service option. If you're working with the Red Hat Enterprise
Linux system that you didn't install yourself, it would be helpful to find out what release
you're working with. Let me show you the command to bring up that information. We'll
start by entering the cat command at the command line. The cat command displays the
contents of a file on your screen. Next we'll add an argument. The argument is gonna
tell the cat command where to look for the content. The Red Hat release information is
located at /etc/redhat-release.
When you've entered the cat command, and the argument that indicates the Red Hat
release file, hit enter. This will show you the current release. I'm working with Red Hat
Enterprise Linux Server release 7.2 In parentheses you'll see the code name for this
release. Red Hat seven now uses the XFS file system, which can scale up to 500
terabytes. Since this operating system is intended for a large enterprise, scalability is
bound to be a top priority. Now let's look at some Red Hat Enterprise Linux 7
improvements.
First, Red Hat Enterprise Linux has a new tool for performance management. This is the
performance co-pilot. It handles system-wide performance monitoring, recording, and
analysis. Tools are included to then process and collect data. It also offers an API for
importing and exporting data. Red Hat Enterprise Linux version seven includes MariaDB
as the default database. Let me give you an idea of how this open storage database
came about. Most people have heard of the MySQL database, right? The developer of
MySQL used the code base and made improvements to create MariaDB.
Version seven of this operating system also offers something new called Docker, the
application virtualization technology. Docker has containers that isolate application
programs from the system, and from each other so they can be moved, and still run as
expected. Another improvement to Red Hat Enterprise Linux 7 is that it's a little more
Windows-friendly. This version improves the way Red Hat Enterprise Linux cooperates
with active directory. Realm automates the discovery of AD, and there are also better
trust relationships across realms.
Finally, Red Hat Enterprise Linux 7 has improvements to security, like a more dynamic
firewall. What makes the firewall better is that it doesn't have to be stopped in order to
change its rules. This will allow an administrator to respond more efficiently to threats by
putting new rules into place, as needed. In this video we looked at some of the common
Linux features that come with Red Hat Enterprise Linux, in addition to some of the
version seven improvements. In the next video, we'll cover the knowledge, skills, and
abilities necessary to be a Red Hat Enterprise Linux administrator.

Preparing to be a RHEL sys admin

In this chapter, Red Hat Enterprise Linux Basics: Preparing to Be a System
Administrator, we'll talk about who uses Linux and some of the skills required to perform
the professional role of the Red Hat Enterprise Linux Systems Administrator. Linux is
popular among programmers and developers. So what makes the Linux operating
system attractive and continuously relevant? Well it works on different types of
hardware in the same way. The Linux kernel and application program support their
installation on any kind of hardware platform.
Another reason developers like it is because most of the included software is free and
open source, made available both as compiled binaries and in source code
form allowing for changes to the original software. Linux is a multi-user, multi-
programming system. That means that multiple users can access system resources and
multiple applications can run at the same time. It's now pretty robust after several
revisions and numerous professional development communities working on it. With the
support that comes with Red Hat Enterprise Linux, it's now an option for more than just
expert developers.
Working with Linux requires firing commands for the system to process and act
upon. So Red Hat Enterprise Linux Administrators spend a lot of time at the command
line. The operating system also offers a console in both textual and graphical
formats. As an administrator, you'll likely spend more time using the command line. So
in this video, we'll mostly type commands in a shell on a terminal opened in the
console. Sys Admins are usually at the frontline of protecting IT resources. Red Hat
Enterprise Linux comes with security features that help you secure work station and the
network.
You can evaluate risks and apply controls. While there are many security features
available, it takes a forward thinking admin to use the available tools to create a security
program that meets the needs of that unique implementation. A Red Hat Enterprise
Linux Sys Admin will work with a variety of different stakeholders from information
owners or asset owners to end users, requirements analysts and project
managers. Given the support that comes with the Red Hat Enterprise license, most Sys
Admins will also need to be familiar with Red Hat support resources.
Some people think the developers work in a vacuum, but in most cases, this is not
true. Given that the source code for Linux is freely available and brings together a die-
hard community that collaborates on the development, there's a lot of social interaction
and collaboration that a Red Hat Enterprise Linux Sys Admin can engage in. In this
video, we talked about the primary audience for Linux and some of the skills they need
to cultivate in order to work as a Sys Admin. For example, command line skills and
professional collaboration.
In the next video, we'll cover the key knowledge skills and abilities necessary to be a
Red Hat Enterprise Linux Administrator.

Working as a RHEL administrator

In this video, Red Hat Enterprise Linux Basics: Working as a Red Hat Enterprise Linux
Administrator, we'll look at the tasks that are commonly associated with systems
administration. Admin jobs are different everywhere, and they can vary greatly
depending on the infrastructure and the size and budget of the IT team. Even with the
lengthy list of other duties as assigned that most admins have, there are many
commonalities among admin jobs. Most administrators are responsible for
managing and configuring software components and services.
They need to establish network connections and setup firewall access. They'll also
monitor and manage processes. They'll manage file systems and secure files. They'll
work with users and groups, and they'll review the system logs. Beyond the typical
responsibilities of a sys admin, they'll also be called upon to provide technical
guidance about the operating system and its implementation. Sys admins need to
understand how servers, operating systems, storage devices, and networks function.
Another aspect of the Red Hat Enterprise Linux's Admin job often means
troubleshooting problems, creating documentation, and serving on a configuration
management board, or mentoring entry-level team members in the efficient use of Red
Hat Enterprise Linux. Sys admins are often called upon to drive technical innovation and
efficiency in infrastructure operations via automation. Red Hat Enterprise Linux Version
7 has a lot of new features for automation, so even for a veteran Linux user, there's
something new to learn.
Red Hat Enterprise Linux 7 is moving towards a systems management design that uses
automation and self-repair instead of using alarms and inconsistent human
intervention. In this course, many chapters have a final video dedicated to reviewing
Red Hat Enterprise Linux Sys Admin tasks. These can be competencies sys admin
tasks that are not covered in previous videos. They sometimes also include a tip to help
you achieve system administration efficiency. The most important thing you need to
remember when studying to become or working as a Red Hat Enterprise Linux Systems
Administrator is that you have support.
Usually with Linux, an admin needs to be great at troubleshooting and looking up
documentation in order to manage maintenance and operations. With Red Hat
Enterprise Linux 7, the service contract obviates the need for extensive problem-
analysis skills, but it's better to still have a problem-savvy sys admin on the customer
portal working an issue. Sys admins need to be highly efficient. There is no use
reinventing the wheel when it comes to managing Red Hat Enterprise Linux. The less
the administrator can rely on support and can adopt best practices, they'll be able to
maintain operational efficiency.
In the next chapter, we'll begin to download and install Red Hat Enterprise Linux 7.

Planning the network

In this chapter, Red Hat Enterprise Linux Basics: Planning a Red Hat Enterprise Linux
Installation, we'll take a look at some factors you need to consider before you download
and install your Red Hat Enterprise Linux operating system. We'll cover download
options, and some system planning considerations. In this course, we'll be installing Red
Hat Enterprise Linux Version Seven on a virtual machine. In preparation for our
installation, I downloaded Virtual Box. In order to get started, we'll need to download
installation media from Red Hat Enterprise Linux customer portal.
From the download page, you'll see the option for a minimal boot ISO, or a binary
DVD. Let's take a look at the customer portal so you can see what I'm talking
about. This is the download page for Red Hat Enterprise Linux in the customer portal. If
I scroll down to the bottom here, you’ll see that you can download a Red Hat Enterprise
Linux 7.2 boot ISO, or a Red Hat Enterprise Linux 7.2 binary DVD. We're gonna use the
binary DVD ISO image to boot and perform the entire installation without additional
package repositories.
If you're good at building, or otherwise working with repositories, you can use the boot
ISO image. While it can be used to boot the installation program, it requires adding
package repositories and quite a bit more legwork. At the top of the download
page, you'll see that you have a product variant drop down menu, as well as the version
and the architecture. We’re gonna go with the default, Red Hat Enterprise Linux
server, the latest version 7.2, and the X86 architecture.
When you're figuring out which variant is best for your needs, you can check out
www.redhat.com, Linux Platforms Enterprise Linux Technologies. You're also gonna
wanna have an idea of the software packages that you're gonna want to install. During
the installation process, you'll be able to select a pre-defined set of packages, called a
base environment. It's pretty valuable before you begin your install to have an idea of
what you need in your environment. Some of the options you'll have include a minimal
base environment, which includes a basic set of software packages.
You can have a server type base environment. This will set you up with
infrastructure, storage, and web content packages. You can also choose the host base
environment. This will set you up for virtualization. Keep in mind that only one software
environment can be selected at installation time. Once your base environment is
selected, you can select add-on packages to round out your installation
environment. When planning disk space for Version Seven, Red Hat recommends ten
gigs of disk for all supported architectures.
It's important to have an idea of how you might wanna partition your drive as well. For
this course, we'll allow the installation program to initially configure partitioning, and
make changes later in the course. There's other things that you'll wanna know before
you start the installation process as well, like the plan network configuration. You're also
going to need to create at least a root user, so it's a good idea to determine the root
credentials before you start the process. In the next video, we'll begin installing Red Hat
Enterprise Linux.

Installing the network

In this video, Installing Red Hat Enterprise Linux, we'll download and install a Red Hat
Enterprise Linux Server. I'll be installing Red Hat Enterprise Linux on a virtual machine,
using Oracle's VirtualBox. But the installation process would be the same if you were
installing it on a physical device, like a USB or a server. We'll need to start by creating a
new machine. In the VirtualBox Manager, click on New in the top left. Now, we'll start by
giving your system a Name. You'll want to select the Type of operating system.
And for the Version, select Red Hat 64-bit. Since we're gonna be trying out a lot
of different system administration tasks, let's give ourselves plenty of Memory. Next,
we'll Create a virtual hard disk. For the disk type, select VDI. Choose Dynamically
allocated as the growth method. We want to have plenty of room to work with, so make
sure that you add plenty of space to the disk. We set the growth to be dynamic, so it'll
only use disk space as it actually gets filled up. Now, we've got a new VM ready to start
with.
So let's look at downloading our product. To do that, we'll need to go to the Red Hat
Customer Portal. This is the Red Hat Customer Portal. Do you have a Red Hat
account? You're definitely gonna need one to download the ISO image files of the Red
Hat Enterprise Linux 7 installation DVD from the Customer Portal. If you don't have one
yet, you can sign up. Then you can purchase your server license or obtain a free
evaluation subscription. Either way, you're gonna have to create a Red Hat account. If
you don't have a commercial license for Red Hat Enterprise Linux, you're gonna be
limited in what you can do.
Given that developers are the primary users of Linux, Red Hat recently started to offer a
few of their commercial products under a new, free developer subscription. It comes
bundled with a Red Hat Enterprise Linux Server and development tools. From the
Customer Portal, select, from the Customer Portal, select Product & Services at the
top, and choose Red Hat Enterprise Linux. From the Red Hat Enterprise Linux
page, click on the green box that says, Download Latest Red Hat Enterprise Linux
Server.
At the top of the download page, you can select your Product Variant, the Version that
you want to work with, and your system Architecture. To find the download
images, scroll to the bottom of the page. For my installation, I'll download the Binary
DVD. Click the Download Now button. You can see in the download bar, at the bottom
of the browser, that my download has started. I'll go ahead and exit out of this bar. Now
that we've downloaded the ISO image from the Customer Portal, we're gonna need to
put is somewhere, like a DVD.
You could also create a bootable USB drive. You can place it on a server to prepare for
a network installation. Or you can place it on a hard drive to use the drive as an
installation source. That's what we're going to do. I placed the download image on a
hard drive. So we're almost ready to go. Now, let's go back to VirtualBox to install Red
Hat Linux on our new machine. Select the virtual machine that you want to work
with, and click on the green Start arrow. First, we'll have to select our installation
source. Browse for your image, open it, and click Start.
When your VM boots up, you'll have a couple of options. I'm gonna select Install Red
Hat Enterprise Linux 7.2. You can also test your media before beginning the
install. Whether or not you skip the media test is really up to you. Consider whether or
not you're booting from media that’s a trusted source. Next, you'll see the Red Hat
Enterprise Linux welcome screen. Here you can select the language you want to use
during the installation process. English comes selected by default. When you've made
your selection, scroll to the bottom of the screen, and click Continue.
Next, you'll see the installation graphical user interface, or GUI. In this GUI, there's a
variety of settings to configure. At the top, you have your Localization options. To
change the date and time, click on Date & Time. When you've selected your time
zone, click on Done at the top left. We’re gonna do a very minimal install, and we're
gonna go ahead and configure some of these settings once we have the operating
system up and running. There are a couple of selections that we're gonna make before
install. One of them is the Base Environment.
For this course, we're gonna use Server with a GUI as our Base Environment. Once
you've selected your Base Environment, to the right, you can select additional
packages to augment your environment. When you finish with your selection, click on
Done at the top of the screen. Before you can move forward and begin installation, you
need to address any error messages that you're getting. Let's select our System
options, and see if there's any changes we can make. I'm gonna go ahead, and select
Automatically configure partitioning. But I am going to add that I would like to make
additional space available.
If you decide for Encryption, you'll have to set a passphrase. When you finish with your
installation destination selections, click Done at the top of the screen. Now that I've
made some selections, I can scroll down to the bottom of the screen, and you'll see that
my Begin Installation button is available. You're gonna need to provide a root password
as well. Make sure that it's something that you can remember and something that's
secure. To set your root password, click on Root Password. When you've selected a
password and entered it twice, go ahead and click Done at the top left of the screen.
You also have the option to create a user account. We'll go ahead and create a user,
even though we'll be able to create additional user accounts once we've set up the
operating system. When you finish entering your user details, click on Done at the top
left of the screen. You now have a root password set and one user created. The
installation may take some time. Once your installation is complete, click on Reboot to
restart your VM. Since we selected Server with GUI in the Base Environment
option, when you've completed the install and reboot, the system will automatically
boot to a graphic user interface.
In this video, we downloaded and installed Red Hat Enterprise Linux in a virtual
machine. In the next video, we'll connect to our new installation, both using the
command line and the graphical user interface.

Connecting to your installation

In this video, we'll log into our new operating system. We can communicate with the
operating system in two ways. With the graphical user interface, the GUI, or using the
command line interface, the CLI. Because we selected the server with GUI base
environment, the first we boot, it will default to the GUI. From the VirtualBox manager,
go ahead and start the operating system. Select the virtual machine and click
Start. Let's start by logging into the GUI. You'll need the account information we created
during install.
We're gonna start off by logging into the root account. This account is used to manage
the system and do things like change configurations, add or remove users, so on and so
forth. To log in to the account, enter root at the login prompt. Next the enter the
password at the prompt and hit Sign In. Since this is the first time we've logged into our
operating system, we have to make some additional selections. First, select the
language you wanna use then select your keyboard layout. When you've confirmed
those selections, click on Start Using RedHat Enterprise Linux Server.
Let's take a minute to look around the GUI. It looks much like you would expect. You
can access the file structure, you can run applications. Most end users in other
operating systems generally only use the GUI. Given that the command line interface is
more efficient when executing commands, a system administrator will spend much more
time there. In order to switch, to boot from the command line, we need to open a
terminal. You can do this by selecting Applications in the top left of the screen and click
on Terminal. Now we need to execute the following command as root.
We'll talk more about command line syntax later on in this course. In order to change so
that the operating system will boot to the command line, we need to type the following
command. First start with system CTL. Set-default multi-user. Target. Go ahead and hit
Enter. Now type exit. Now let's try and reboot the machine to see if it'll boot from the
command line.
In the top right of the screen, click on the power option, and select Restart. Since we're
going to boot to the command line, instead of seeing a graphical user interface for the
password prompt, you'll be prompted for your login at the command line. This time
instead of using the root password, let's use the other account we created. First enter
your username and click Enter. Next you'll want to enter the password. Now you should
see the login prompt from the command line.
If you look at the system prompt, it tells you two things. It tells you first who you're
logged in as. In my case it's s toner and it'll also tell you what your machine is. In this
case, it's local host. If you named your machine something else during the installation
process, your custom name may appear here. Now that we've logged in from another
user account, let's see the impact on the command prompt. In the next chapter, we'll
work on some basic commands. For now, let's power off the system from the command
line. First you want to type in systemctl and then power off.
Click Enter. This will alert system D, then power off the machine. In this video, we
started off using the graphical user interface and then switched it to boot from the
command line interface. In the next chapter, we'll delve into using more commands.

Registering to your installation

In this video, we'll register our newly-installed operating system. In order to get updates,
patches, and have access to the Red Hat Package Manager, you'll need to register your
system. You can register your installation with the Red Hat Customer Portal
Subscription Manager. You can do this in the graphical user interface, the GUI, or at the
command line interface, the CLI. We selected the server with GUI based
environment, so the first time we booted up the machine it started to the GUI. I'm going
to show you how to find the subscription manager in the GUI, but I'll also show you how
to connect to the subscription manager using the command line interface.
Let's get started. To find the subscription manager, you have a couple of options. First,
you can click on the applications drop-down, select System Tools, and you can
select the subscription manager. I'm currently logged in as a user, so in order to access
the subscription manager, I'm going to need to authenticate its root. If you look at the
top right of the subscription manager window, there should be a register button. It'll be
on the My Installed Products tab. Click the button to get started.
Now I'm going to show you another way to access the subscription manager through the
command line interface. First we need to open a terminal. Go to your applications folder
and select Terminal. At the command line, type subscription dash manager dash
gui. Again, this will prompt you for the root password. Entering this command will open
up the same graphical subscription manager. Another way to register from the
subscription manager is to click the system drop-down menu and select Register.
This will open up the system registration window. We're going to work through this
process a little more, and then I'll cancel out of this and show you how to register
completely through the command line. We want to register with the Customer
Portal Subscription Management Service. This should appear by default. It has the host
name subscription.rhn.redhat.com. Once you've selected your subscription service, go
ahead and click Next. Here, you're going to need to enter your credentials for the Red
Hat Customer Portal.
Once you've entered your credentials, you can go ahead and click Register. I'm going to
close out of the subscription manager so I can show you how to register using the
command line. Let me show you another way to open a terminal. Before we clicked in
the applications drop-down menu. You can also right-click, and select open
terminal. We're going to use the subscription manager register command, followed by
your credentials, to log in to the Red Hat Customer Portal. You need to type,
subscription dash manager space register.
You're going to follow this with a dash dash username, then enter your username for the
portal. Once you've listed your user name, you need to add dash dash password, and
enter your password. Once you've entered your personal credentials, go ahead and
click enter. Again, because we're in a regular user account, we're going to have to enter
the root password, just like we did to open up the subscription manager in the
GUI. When your system has been registered, an ID will be displayed.
To view the subscriptions that you already have enabled, you can type subscription
dash manager space list. Let's give that a try. To view this list you'll have to enter the
root password again. The results show that we have installed Red Hat Enterprise Linux
Server, version 7.2.The status details indicate that it's not a valid subscription. That's
because I'm currently using an evaluation license. In the next chapter, we'll start to
navigate around the operating system, use the command line, and practice with Vim, a
text editor.
Examining the RHEL OS
In this chapter we'll examine our new installation more closely using the console. To get
started let's talk about the most common working environment for a Linux admin, the
shell. The shell is where commands to the os are entered by the user. There are
actually lots of shells included in your Red Hat Enterprise Linux System, but bash is the
default. Bash is a common shell used across several of the Linux versions. We will be
using bash but there are other shell programs that can be installed in a Linux
system. Some examples of other shells are dash, which is a less complicated and faster
version than bash, tcsh which incorporates some c programming, and zch which
incorporates elements from korn shell, bash, and ctsh.
Now over to our new operating system. We'll start by logging in. I'm gonna log in with a
simple user account. The shell prompt usually shows your user name and the name of
the machine followed by a dollar sign. This is where you type commands. When you
see it on the screen it means that the computer is ready and waiting user input. Before
we start let's talk a little bit about the syntax of a Linux command. The command syntax
can vary. The simplest way to use most commands is to type the command at the
prompt and hit enter.
Let's start with a command to see what machine you're on. To run this command just
type host name and press enter. Now let's double check the user that's currently logged
in. You can do this by typing the who am I command. Now let's see the same
information using a different command. The id command provides more detailed
information about the current user than who am I. Let's run the id command with two
options. First, type the command id. Next, add the options, type a dash followed by the
option characters.
In our case we're gonna run the id command with the options u and n. The u option will
make sure that the output includes only the identification for the current owner of the
session. The n option tells the system to present the id as the username. I made a
mistake in typing the command. This is a good opportunity to show you how to retype a
command without actually having to type it. If you hit the up arrow button while at the
command prompt your last command will appear.
Now let's try this again now that I've added the important dash for the option. Again it
showed me the same information as the who am I command but I used a different
command and added options. In addition to the command in some cases you can also
add an argument. If you run a command against a file, you would type the
command and use the file name as the argument. For example, if you run a change to a
specific directory you would use the cd command to change directory and then use the
target directory as your argument.
First I'll enter the cd command. Next, I'm gonna enter the target directory as my
argument. I can tell that that command executed successfully because my command
prompt now includes the home directory. There's another way that you can figure
out what directory you're currently in. A directory is part of a Linux file system and we'll
talk about elements of the file system in greater detail in another video. When you first
log on to a Linux system the working directory is set to your home directory.
From anywhere in the Linux command line you can type pwd, or print working
directory, to find out your current location. Now that we know we're in our home
directory, let's run another command to see what else there is. Type ls to list other files
within the same directory and hit enter. You might notice that as I type in different
commands the results will show in different colors. Usually those colors indicate
different file types. Given that it can be configured differently from system to system, the
color of each file type can be configured by an administrator.
That being said, the color of a file may not mean what you think it means unless you
verify. With our recent commands we've verified our current directory and we've looked
at what else is in that directory. Now, let's move again to another directory. Again, we're
gonna type the command cd slash usr. You can see that in the command prompt the
change to directory is present. I'll just verify this again by running the pwd
command, print working directory. You can see that we've now changed to another
directory.
For the Linux command line there is a ton of commands. The best way to get
comfortable at the bash command line interface is to use it frequently. Practice
navigating and working with the directory hierarchy and file structure. In the next video
we'll work with more commands.

Executing basic commands

In this video, Red Hat Enterprise Linux, we'll take a look at executing more
commands. We'll practice autocomplete, history, redirection and using pipes. Let's start
by going to the command line of our operating system. I've already logged in. First, let's
take a look at autocomplete. Using this feature can speed up your execution of
commands and can help you find commands, variables and file names quickly. If you
start typing a file name at the command line and hit Tab, it should complete the program
path or file name.
Let's try it with Desktop. Type desktop and hit Tab. If there's only one option, it will
complete the command. If there's a few, it will show the options. If nothing happens,
click Tab again and you'll see a list of possibilities. You can see how this might speed up
your search. When you're at the command line, you can scroll through the command
history by using the up and down arrows. That will let you scroll through commands that
have recently been issued. There’s another way to do this as well. It's called the history
command. Let's try it now to see the commands that our user has been entering.
Type in history and hit Enter. You can see that it shows a list of commands. Each
command is numbered. To execute a specific command from the history output, type an
exclamation point, or bang, followed by the number of the command as listed in the
output. Here, I'll re-execute command number three. Command number three was the
hostname command. And you can see that it provided me with my host name. You can
also refer to a command by how long ago it was run. So let's run whatever command
was typed four commands ago.
To do this, you'll hit the exclamation mark or bang. You'll hit the dash and the number
four, for four commands ago. The command that was issued four commands ago was
actually the history command. So it gave us the same output. When working at the
command line, it's valuable to have a variety of different ways to revisit a command that
you recently entered, whether or not you want to re-run the command or maybe adjust
it, add an option or an argument. There's a way to re-run your previous command by
just pressing two characters. If you type two exclamation points or bang bang, it'll
display the recent command.
Again, the most recent command was the history command, so we're seeing the same
output. The command line interface also allows you to combine commands, to create
super commands. These include input and output redirectors and pipes. The command
line interface also allows you to combine commands to create super commands. These
include input and output redirectors and pipes. Basically, with redirection, you can take
any command and you can change either where its input is coming from or where its
output is going. You can use less than, greater than, and the pipe symbol to do this.
Let's talk a little bit more about redirection. The results of a command are usually
executed to standard output, which by default is the display monitor. When you use the
ls or list command, the output displays on the monitor. Let's try to redirect the standard
input to a file instead of the monitor. To do this, we'll use the ls command. To change
the standard output, we'll use the greater than symbol. Since we want the output written
to a file, let's add an argument for a file named dir_contents.txt.
Now I'll hit Enter. You can see that nothing happened. Usually, when you run the ls
command, the output goes to your monitor. Given that we've redirected the
output, we're not going to see anything in the display, since the output of this ls was
directed to a file. In order to see the list that we just created in this file, let's use the cat
command. Usually, cat concatenates files and prints content to a standard output, the
monitor. Let's give it a try. First we'll type in the cat command, c-a-t.
Next, we're going to give it the argument. We want the cat command to act upon the
dir_contents.txt file. Now I'll hit Enter. This shows us the contents of the file. Let's
suppose that you want to create a text file quickly. Here's one way to do this. Again,
we'll use the cat command. Start by typing c-a-t. Next, we're going to want to redirect
the output. We'll add a name for the new file, then start typing the first line. When you're
done, press Control+D to exit the file.
You should now have a file named Sentence in the same directory with the sentence
you wrote. Let's give it a try. We can show what's in the current directory by using the ls
command. Here, you can see that not only do we have dir_contents.txt, but we also
have the new sentence file that we just created using the cat command. Much like the
monitor is the default output, the default input is your keyboard. The default input can
also be redirected. So why would you want to redirect the input from the keyboard to
something else? You might want a file to be the input for a command that normally
wouldn't accept a file as an option.
This redirecting of input is done using the less symbol. Input redirection is not used as
often as output redirection, but it's still pretty valuable when you have some kind of file
and you need to use some kind of command on that file. Let's take a look at an
example. Here, I've given a command. The command is mail and the argument is
girlfriend. That would be the user. This command would start the mail program with the
contents of the file named my_proposal_letter as the input. Finally, let's talk about pipes.
The pipe takes the output from the command on the left and directs it to the command
on the right. For example, let's say you want to see the content of a really long
directory. You can show the output of a lengthy list one page at a time. Let's try the ls
command again. This time, we're going to use some options on the ls command and
then redirect the output of that command to the input of another command using the
pipe. Start by typing l-s. Add a dash and add the options l-a.
The A means all files, even hidden ones. And the dash L includes more list
details. Now, let's use our pipe. For some keyboards, this symbol will appear as a
broken pipe, but it should function the same. Now we'll want to enter another
command. We're going to use the less command. Less allows for page-by-page text
viewing, so it's a little easier to run through. When you've written your command, your
options, the pipe symbol and the less command, go ahead and hit Enter. The results of
the command were used by the ls command to then display a list of what's in your
directory in an easy page-by-page text viewing format.
Now, let's look at an example of a super command, something that we can do with
pipes. We’re going to use our employee contact list. Take a look at the command at the
top of the screen. First, the command cat. Then we've got our text file, a contact
list.txt. There's a pipe followed by the sort command, another pipe, followed by the uniq
command and another pipe followed by the lpr. So let's take a look at what this
command is asking the system to do. First, the output of the cat command on the
contact list file gets sorted.
Then, the output of that sorted list goes to the uniq command, where all the duplicates
are removed. Finally, the lpr command sends the output to the printer. As a Red Hat sys
admins,using pipes to create super commands will help you work at the command line
more efficiently. In the next video, we'll edit files using the VIM text editor.

Editing files with Vim

In this chapter, we'll take a look at Vim. Vim is a text editor. So you use it to work with
text files. To open a file with Vim, use the file name as the argument. We'll start by
entering the Vim command. Now, we need to enter an argument. We'll use the sentence
file we created in a previous video. When I hit enter at the end of the argument, it
opened up my text file. You can see at the top is the sentence that I entered when I
created the file. We're gonna cover two Vim modes: command and insert.
First, the command mode. Everything that is typed in this mode, some people call it
normal mode, is interpreted as commands. When you enter Vim, you'll be in command
mode. You can also use search and navigation commands that let you move around
your file. You need to remember that when you're in command mode, you can't insert
text without first issuing an insert or a pen command. In command mode, I can use the
arrows to navigate around my text. In order to change something, I'm gonna have to
enter insert mode. To do this, type I.
Now, you can see at the bottom left of the screen, it says insert. Now, I can insert
texts. A lot of people find it really tedious to move in and out of Vim modes to navigate
and make changes. The more practice you get using Vim, the more proficient you'll
become. Now that we've made changes to our text file using Vim, let's exit the
program. If you're in edit mode, you need to hit escape to go back into normal, or
command mode. You can see when I hit escape, in the bottom left hand corner, it no
longer says Insert.
You'll need to start by typing a colon. If you want to save or write the changes, you can
type colon W. If you want to quit the text editor, but not save or write any changes, you
can use colon Q or colon Q bang, also known as an exclamation mark. If you want to
save and quit, which is what we're gonna do, you type colon W Q, colon, write, quit. You
can also save or write it to a new file name, by typing colon W and then entering the
new file name as an argument.
After I typed in colon W Q and hit enter, I am back at the command prompt. In this
video, we took a quick look at the Vim text editor. I showed you how to navigate around
the text in command mode and also make changes and insert text in insert mode. In the
next video, we'll use the command line to search for help.

Finding help
In this video, we'll practice some different ways to find help at the command line.Bash
allows users to run hundreds of commands, so it's practically impossible to know every
command and all the different ways each command can be used. One way to get help is
to use the help option. From the shell prompt, you can type the command, followed by
dash help, to see a summary of that command. Let's try this with the Wget
command. Wget is a command line utility that downloads files over a network. First, we'll
type the command, then we'll add a dash h or dash help option, and hit enter.
You can see that the help pages are pretty extensive. Let's try this again. This time we'll
do the same thing, we'll run the help option on the Wget command, but we'll take the
output of that and we'll pipe it over to a less command so we can see the output in an
easier to read, page by page format. To do this, we'll run the same command that we
just ran. Instead of typing it out, I can just hit the arrow key, upward. Now we'll want to
add a pipe. On some keyboards, the pipe will appear as a broken pipe.
It'll still complete the same function. Next we're going to want to add the L-E-S-S, or less
command. Now hit enter. You can see that this is a lot easier to read. To exit out of this
output, hit Q. Now you're back at the command prompt. Let's look at another way to get
information about command usage. We can use something called the man pages. Even
the most veteran Red Hat Enterprise Linux sysadmin will still use the valuable
command manual page. The most useful sections of the man page are Section 1, that
has commands, Section 5, that has file formats and convention, and Section 8, that has
sysadmin commands.
Let's say you know what you're looking for. You want to find the manual page on the
man command. We'll start with the man command, and we'll also use the man
command as the argument. When you hit enter, it'll open up the manual page for the
man command. To exit out, hit Q. That'll take you back to your command prompt. Let's
say that you want to search the man pages by keyword, because you're not really
sure what command you're looking for. To do this, you can type the man command, add
a dash k argument for keyword, and then write the word.
The output will show you all the man pages that include the keyword help. In the next
chapter we'll start exploring user and group management.

Reviewing RHEL admin essential tasks

Red Hat Enterprise Linux administrators spend a lot of time working with text files. I
mentioned before that there are a lot of Linux commands and some tend to have
overlap in their functionality. In this video, we'll take a look at a few more
commands that are indispensable for a system's administrator. Let's look at another
way to read the contents of files. In a previous video, we used the cat command. Let's
issue the cat command on the /etc/password file, which is usually pretty big. I'm logged
in as root so at the command prompt, I’m gonna type in 'cat' followed by my
argument, '/etc/ p-s-s-w-d'.
That's a pretty large file. Now let's look at some commands that will read the file
contents in a very specific way. First, we're gonna look at the head and tail
commands. These will show you the first ten lines or the last ten lines of a file. Let's start
off with tail. Type 'tail' into the command line, followed by the directory and file. The
results of the tail command show only the last ten lines in the file. Now let's try and do
the opposite. This time, we're gonna type the head command to look at the beginning of
a file, but we're also gonna add an option.
If you add the option '-n' and provide a number of the lines you wanna see, you can
change the default ten lines to whatever you want. I'm gonna go ahead and type '-n' and
'5' because I only wanna see five lines in the /etc/passwd file. Don't forget to add your
argument. Running this command showed us the first five lines of the /etc/passwd
file. Now let's talk about another command. We're gonna look at the sort command. This
will allow you to sort the results in alphabetical order.
Let's go ahead and run the same command that we started with, cat /etc/passwd, but
this time, we're gonna pipe the results of that command into a sort command. The
results show us the entire file, sorted in alphabetical order. By default, this command will
sort in alphabetical order, but you have options to change that. For example, if you use
the -n option with the sort command you can sort in numerical order. Now let's use a
combination of these commands.
I wanna look at the top 5 lines, so I'm gonna use the head command, and since I only
wanna look at the top 5 lines, I'm gonna use the -n option and list 5. Now I'm gonna take
the output of this command and again, pipe it to sort. If you look at the results from this
command, you have the first five lines starting with 'adm' then 'bin' then 'd', then 'l', then
'r'. Now let's try working with another command. We're gonna work with grep. Grep
stands for general regular expression parser.
It searches files for specific patterns or expressions. This can help you locate
something even when you don't exactly know what you're searching for. Let's give it a
try. First, type 'grep' in your command line. Then, you're gonna issue your pattern. I'm
gonna look for 'opera'. Now you need to put an argument of where you wanna look for
this pattern. We're gonna use the same etc file. Here you can see that the pattern we're
looking for is highlighted in the results.
Now let's try something a little bit different. In the last command, we looked for the
pattern 'opera'. This would've found that pattern anywhere in the file, so if it's at the
beginning of a word or in the middle of the word, it'll still show up in your results. Now,
let's run the same command a little bit differently. We'll start with grep but we're gonna
use the '-w', or whole word option. This looks for the whole word that you put in
quotes. We're gonna look for the string 'opera' again, but this time it's not gonna show
us this pattern in the middle of a word.
It will only show us the pattern if it's the entire word. It needs to match exactly. Make
sure to add the argument at the end of the command so grep knows where to look. You
can see this time, I didn't pull up any results. Let's change it a little bit. Let's run the
same command, but instead of only looking for 'opera', we're gonna look for the entire
word 'operator'. Let's see if this gives us different results. The results show that using
the -w option did find the whole word pattern 'operator'.
The grep utility can be pretty efficient when it's used with its different options. There's
also an option to tell grep what not to look for. If you add the -v option to grep, it will
show you lines that do not contain the regular expression in quotes. Let's give that a
try. First, type grep and use the -v option. This time we're gonna look for the same
pattern. Finally, you need to provide the argument to tell grep where to look. Now let's
take a look at the results from the /etc/passwd file that shows everything that does not
contain the pattern 'operator'.
You can see that's pretty extensive, but if you look carefully in the results, you're not
gonna find the term 'operator' anywhere. In the next chapter, we'll start exploring user
and group management.

Working with users

In this chapter, we'll look at some different user types and examine user management
permissions. Given that Red Hat Enterprise Linux is an enterprise-level, multi-user
operating system, even if you adjust that app a practice installation, but particularly for
security reasons, you're going to want to have more than one user. In a Red Hat
Enterprise Linux environment, you generally have two types of users. First, you have
your privileged user account or your root account. This includes system
administration and all device tasks that directly access devices.
You also have an unprivileged user account. This is for all activity that doesn't require
elevated privileges. Now let's log in to our system as root, and take a look at a
command that will help us locate some user account information. First, we'll log in as
root. User account information is located at /etc/ password. This file contains one line for
each user account. We’re going to use the cat command to dump the contents on the
screen. So first, type cat.
For the argument to the cat command, we're going use /etc/ P-A-S-S-W-D and hit
Enter. That's a lot of information. There's one line for each user account, and each line
has seven fields delimited by colons. If you look at the last line here, you'll see the user
account for stoner. There’s a lot of information that you can get from this file. For
example, each user gets assigned a unique numerical identifier called a user ID or a
UID.
It's the same with each new group, only it's called a group ID or a GID. There may be
better ways to look at this information that'll help you focus on specifically what you're
looking for. Check out the challenge for this chapter to see how to look at the same
information but really only highlight one or two of the fields. Now, let's take a look at
permissions. Each file and directory on your system is assigned access
rights. Permissions are written for the user, group, and for world. World is like a global
permission. The syntax is in that order, first user, then group, then world.
For each permission group, you can stipulate whether they can read, write, or execute
the file. In the example on the top, you can see that the user can read, write, and
execute. The group can read, write, and execute, and the world permission is also set to
read, write, and execute. That’s very unlikely for everyone to have permission to do
everything. So let's take a look at another example. Let's say the file had permissions to
allow everybody to read, but only the user could write and execute. The permission
would look like this. You can see the user still has read, write, and execute
permission, but the group only has read.
They do not have the write and execute permission, and the world permission is also
set to read only. To see permissions for a file, we can use the ls command. Let's go
back to our operating system and give this a try. Using ls with the -l option shows file or
directory, size, modified date and time, file or folder name, the owner of the file, and its
permission, which is what we're looking for. Go ahead and type ls -l at the command
line. Now we need to give it an argument.
Let's use \bin\bash. Hit Enter. So you can see I've gotten an error message here. Let's
take a look at this error message. It says, "cannot access binbash: No such file or
directory." We know that /bin is actually a directory. I'm going to take a look at the
command that I've just fired. Clearly, there's an error there. I think I've found my error. I
have the wrong type of slash. So I'll go ahead and use the up-arrow key to pull that
command back up, and then I'll fix my slashes, /bin/bash.
Now I'll run the command again. The lsd tells show that the file bin bash is owned by
root. The super user here has the right to read, write, and execute this file. You can also
see that the file is owned by the group root, and they can also read and execute this
file. But if you look carefully, they can't write to this file. Everybody else can execute this
file. Let's take a closer look at the math behind permissions. The computer thinks of
permission settings as a series of bits. It looks complicated, but it's actually pretty
simple.
Here's how it works. If you look at the top set of permissions, each permission given is
listed by a number one. So for the top set, both the user, group, and world have the
read, write, and execute permission. For each set, they receive all three permissions, so
you have three sets of one for each group. Now let's look at the second example. In the
second example, the user, the group, and world can read and write but not
execute. This translates as 110 110 110 for each type of permission.
Now let's look at something a little different. What do you think the third permission line
means? In the third example, the read, write, and execute permission is available for the
user, but the group and world have no permissions. That means for the first set of three
digits, you have 111, and then for the group and world, you have three sets of
zeroes. Now in order to start using permissions at the command line, we're going to
need a tidy way to enter this into our command line. So let's take a look at how this
happens. When you're looking at, for example, the user permissions, if the user has
read, write, and execute, their permission set translates as 111, and in binary, that's the
number seven.
Let's say the user has only read and write permission, so their three digit set is going to
appear as 110, which translates as six. Let's say they only have, for example, read and
execute permission. This would be 101, which translates as five. Let's say, for
example, that they've only got the read permission. That would translate as 100, and in
binary, that would be four. Now that we've minimized each set of permissions, user,
group, and world, as a single digit, you have a pretty convenient way of expressing the
possible permission settings.
When a user creates a file, they default to the owner and group owner of that file. The
file owner can be changed only by root, and access permissions can be changed by
both the root user and the file owner. Let's go back to the command line. You can use
the C-H-O-W-N command to change ownership of a file. This will allow a user to change
not only the user but also group ownership of a file. When a user creates a file, they
default to the owner and group owner of that file. The file owner can be changed only by
root, so let's log in as root.
First, let's find a file that we want to work with. I'm going to work with a file in the stoner
home directory. First let's take a look at the current permissions. To do that, we'll type ls
-l like we did earlier in this video, and then we need to put the direction. Given that I'm
logged in as root, I'm going to need to put the absolute path name. Path names are
something that we'll cover in another video in this course. My argument's going to
read /home/stoner/ and then the file name.
I know that there's a file in this directory that starts with D-I-R, but I'm not sure exactly
what the file name was. So I'll go ahead and type dir and hit Tab. It completed the file
name for me. Now hit Enter to see the file permissions. We can see here that the user
permission allows to read and write but not execute. We can see that the group
permission also allows to read and write but not execute. Now the world permission
here is only set to read. Another thing that you'll notice is that the group is owned by a
user called newbie, while the group ownership is set to stoner.
We're going to go ahead and change this permission so that the owner is also
stoner. To do that, we'll use the C-H-O-W-N command. This command allows the
user to change the user or group ownership of a file. Let's go ahead and type C-H-O-W-
N at the command line. Next, we're going to need to put the user that we want to
change the ownership to. For this, I'll add the user stoner. Now, we need to add the
argument of the actual file. Given that I'm in root, I need to use the absolute path name
like I did above.
I'll go ahead and start typing that, and to complete it, I'll hit Tab. You can see I hit Tab
once and nothing happened, so if I hit Tab again, it shows me all of the files that I might
be looking for. I've narrowed it down to the dir_contents.txt file. So I'll go ahead and fill
that in. Now we've changed the ownership. So let's look back at the permissions to see
the change we've made. Given that we've already used this command, I can just use
the up-arrow twice to list the permissions. Here you can see the only change made to
the permissions is that the user owner is now stoner as well as the group owner.
We can use the chmod command to actually change the permissions on a file. For
example, if we wanted to see that this same file has read and write permissions for the
owner but wanted to keep the file private from others, we could use the following
command. We'll type in first C-H-M-O-D. Then we need to put the six digit string for
permissions. We talked about that earlier in this video. Since we want to have read and
write permissions for the owner, the first digit is going to be a six. Given that we don't
want to have any rights for the group or the world, the following two digits are zero,
zero.
Next, we need to put the directory and file name. Go ahead and hit Enter. Now let's take
a look at the permission for this file again and see what changes we've made. Now you
can see at the very beginning of the results, the permission string looks different. We've
removed the read, write and the read permissions from the group and from the world. In
the next video, we'll explore how unprivileged user accounts can use heightened
privileges.

Employing heightened privileges

In this chapter we'll talk about using heightened permissions when logged in as an
unprivileged user. For security reasons you probably want to limit privileged user access
to your system. As an administrator there'll be times when you need to log in as an
unprivileged user but run some programs or access information that requires elevated
permissions. In Red Hat you can do that using s u or the super user account. S u's the
simplest way to change the ownership of a login session to root or any other user.
A major benefit of using s u or su is that a record is kept of it's usage in a system
log, typically slash var, slash log, slash messages. You can execute a command
prefaced with su to open a subshell for root commands. The operating system assumes
that in the absence of a username the user wants to change to a root session. So if you
type s u with no argument it's really like typing s u root. You'll be prompted for the root
password. Let's try to super user command in our operating system.
First I need to log in as an unprivileged user. I'll use my s toner account. The prompt
usually tells you who's logged in and to what. You can see that my account, s toner is
logged in at local host. Let's look at how that changes when you type in s u. Remember
when you use this command you're going to have to enter the root password. Now you
can see my command line prompt says root at local host followed by s toner. To exit
from su type exit.
Now let's take a look at how this works. We're back to our regular command prompt with
our unprivileged account. The root directory, or the home directory for the root
user usually can't be viewed by ordinary users. You'll normally get an error message if
you're logged in by an ordinary user and you run the command l s slash root. Let's give
it a try. Hm, permission denied. Now let's try and run that same command as a super
user. It looks like I've made a mistake here. Let's bring up my last command to see if we
can figure out what I did.
So I used s u to preface my command but I didn't enter a password. So let's try this
again and we'll just start by typing s u. This time instead of leaving it blank, I'm gonna
specify the user. Then I add the user password. Now I'm logged in as a super user, let's
run the command again. This time I can actually see the contents of the root home
directory. Now to exit out of this super user I'm going to type exit at the command
line. Now we're gonna look at another way to use elevated privileges as an unprivileged
user.
Sudo or s u d o works a little differently than s u. It allows an unprivileged user to run
specific commands with administrative permissions. Users have to be listed in the slash
etsy, slash sudoers configuration file in order to use the sudo command. Another thing
that makes this different is that the commands are run in the user shell, not in a root
shell. The sudo command requires that users authenticate with their own password and
not the root password itself. Once our user's been authenticated a time stamp is
recorded.
This is useful when the system administrator needs to delegate authority to certain
users or groups of users to run specific or all commands as root but doesn't want to dole
out the root password. It also provides an audit trail of the commands and their
arguments. But unlike s u it requires some setup in the sudoers configurations file. Let's
go back to the command line and see if we can add a new user to the list of users that
can execute sudo. First, we'll have to log in as root.
Now we need to run slash user, slash s bin, slash visudo to add or remove users from
the sudo configuration list. To do this type sudo followed by slash u s r, slash s b i
n, slash v i s u d o. This brings up the sudoer configuration file. Now we need to find
where the list of users that can use sudo is located. If you look at the top of the screen
here, you can see that root is the only permission here.
Let's add a line to allow another user, s toner, to also use the sudo command. To get
started we're gonna want to place the cursor at the next line and type the letter I to
insert text. Now, we need to add in the user name. I'm gonna add the user s toner. Now
that I've completed my line, I'll go ahead and hit escape to exit insert mode and type
colon w q to write and quit to this file.
Now I'm gonna log in as s toner to try out the sudo command. First I'll need to log off
from the root account, and log in as the s toner user. Now we're gonna try and run a
command that we'd normally wouldn't have permissions for as an unprivileged
user. Let's try l s root. An unprivileged user normally wouldn't have access to view the
root home directory. You can see here that permission is denied. Now let's try and
access the same directory prefaced by sudo.
You can see that I have to enter the password for the user s toner and not the root
password. This time it showed me the directory contents. Typically the user can use
sudo without retyping a password for a short period of time. By default, that's about five
minutes, but it is a configurable variable in the sudoers file. To be able to continue using
sudo commands without entering a password you can add the dash v option. The v is
for validate. By running sudo with the dash v option, a user can update the cache
credentials without running a command.
Each successful authentication using the sudo command is logged in the file slash var,
slash log, slash messages. And the command issued, along with the issuers
username is logged into the file, slash var, slash log, slash secure. Now here's just a
best practice tip. Given that sudo requires that you use your own password and keeps a
log just as su, it's a better practice in a multi-user system to set up the sudo
configuration file and have users that need elevated privileges use sudo instead of su.
This way you don't have to share passwords between users. And if you ever need to
stop a user from having root access or access to any other account, you won't have to
change the root password. You can just remove them from the sudo configuration
file. In the next video, we'll add users and groups.

Creating user accounts

In this chapter, we'll create user accounts. We'll also modify and delete them. These are
pretty common administrative tasks. We'll also take a look at working with groups. First,
we need to log in as root. Go ahead and enter your login credentials. We're gonna start
by running the ID command to see user and group IDs. Type ID at the command line
and hit enter. There's a subtle change in Redhat Enterprise Linux Version 7, in that the
default rage for IDs is a bit different than in earlier releases.
Before, the number rage for user ID or UID was 1 through 499. That was used for
system users and higher values for normal users. The default rage for system users is
now 1 to 999.Now let's add a new user to the system. Type useradd at the command
prompt. We're gonna go ahead and add an option here, dash m, this will create the
home directory if it doesn't already exist. After the option, we're gonna add the argument
of the new username.
Before we go any further, let's go ahead and add a password to this user. OK, we went
ahead and added a password and had to confirm the password. Once we retyped the
password, we received a message that all authentication tokens had been updated
successfully. So we've now added a new user and we've also assigned them a
password. In a similar way, the following commands modify and delete a user. Instead
of using useradd, to modify you would use usermod. If you want to delete a user, you
would use userdel.
Let's go ahead and delete the user we just created. So now we've deleted that
user. We're gonna try to use the usermod command. If you use the dash U option for
the usermod command, it lets you unlock the user account. Depending on your user
base, being able to remove a password lock might come in handy. First, at the
command line, type usermod. Then we add the option dash capital U followed by the
username. Adding a new group is similar.
It updates the slash etc slash group file. First, type the following at a shell prompt. To
add a group, you want to use the command groupadd. Then you're gonna follow it with
the group name. Now that we added this group, let's check the slash etc slash group
file to see if we see it in there. First I'll type in cat slash etc slash group. You can see, at
the very bottom, the most recent groups and users that I added.
The very last entry is the group not cool, which I just added. Another way to look this up
is using the grep command. You can type in grep, the name of the group, followed by
the location, slash etc slash group. This will also show you the same results but we're
really focusing just on the one group here. Like the user management command, you
would use a similar syntax to modify the group. We're gonna use groupmod to change
the name of the group.
Here we're gonna use the dash N option, which means the name of the group will be
changed. That's the type of modification we're using. So start off by typing
groupmod. Next you need to add the dash N option. First we're gonna add the target
name for the group followed by the current name of the group. Now, let's rerun some of
our commands to see if that change has been made. Looking in the etc group file, you
can see that the last entry has changed from not cool to awesome.
In the next video, we'll take a closer look at admin tasks that are associated with user
and group management.

Reviewing RHEL admin user and group tasks

In this chapter, we've looked at permissions, user accounts, and various commands that
are valuable when working with users in groups. Now, let's take all of the things we've
learned and put them together to complete a pretty common task for a system
administrator. An admin will often be asked to create a group for each major project in
an organization. Then, assign people to the group when they need access to that
project's files. Let’s take a look at how to do this. We know that usually when a user
creates a file within a directory, it's owned by them. Now let's look at how a user can
create a file within a directory, for example, a project directory that's then owned by a
specific group that owns that directory.
Sounds a little confusing, so let's break it down step by step. Let's say a group of people
need to work on files, that are specific to an IT project. The first thing that we're gonna
need to do, is create the directory. Then, we'll go ahead a make sure the group
numbers are trusted to modify the content of the files in this directory. Let's start by
making a directory. Type "mkdir", this is the command to make a new directory. For the
argument, we'll have to tell it where to go. We're gonna put it in the opt directory and
we're gonna call it "IT project".
Now that we've made this directory, let's go ahead and add the IT project group to the
system. To do this, we'll use the "group add" command. So, now we've created the
directory, and we've also added the group to the system. Now we need to associate the
contents of the directory, with the IT project group. For this we'll use the "c-h-o-w-n"
command. Type "c-h-o-w-n root", followed by a colon, and the name of the group.
Then we need to put the location of the directory. We're almost done. Now we need to
allow users in the group to create files within that directory. To do so, we're gonna use
the "chmod". At this point, all of the members of the IT project group can create and edit
files in the "/opt/itproject" directory, without the administrator having to change file
permissions every time new users write new files. Let's go in and check our work.
First, let's make sure that we actually created the group "IT project". To do that, we'll run
the command "cat/etc/group", the most recent entry should be at the very bottom. There
you can see that we added the IT project group. Now, let's see if we can find the IT
project directory. First, we'll need to change directories, but to be sure where we are,
let's go ahead and usethe "print working" directory command. We're in the root home
directory. Let's change that to the opt directory.
We're gonna use the "CD" or "change directory" command, followed by "/opt". Now, let's
take a look in opt to see if we can find our IT project directory. To do this, we're gonna
use the "ls" command to list the contents. You can see here, that our IT project directory
is located in the opt directory. Now that we've got everything set up, don't forget to add
a new member to your group. To add users to the IT project group, we're gonna use the
"usermod" command.
We're not using the "useradd" command because we're gonna be adding existing users
to this group. So type in "usermod", we're gonna use the options "-a-G", the "-a" stands
for "append", and the "-G" stands for "groups". Next we need to select a group. We want
to add members to the IT project group. Finally, your gonna add the user name for the
person your adding to this group. I'm gonna add the "stoner" user. As the administrator,
your gonna have to work with users in groups quite a bit.
There's a lot of different things that you can do with users in groups. In the next chapter,
we're gonna start working more closely with the Lennox File system.

Learning the file system hierarchy

In this chapter, we'll work with files and directories in the file system hierarchy. Linux is a
file-oriented operating system. Most files are just files, like text files, executable files or
programs. They are referred to as regular files and they contain normal data. For the
most part, everything you see in Red Hat Enterprise Linux Version Seven is a file, but
there are some exceptions. There's also directories. These are files that are really lists
of other files. There’s also special files. These are mechanism used for input and output.
Most of these are generally found in the Dev Directory. There's also links. A link makes
a file or directory visible in multiple parts of the system's file hierarchy. There's also
sockets, or domain sockets. This is a special type of file similar to a TCP slash IP
socket providing inner-process networking protected by the file system's access
control. Finally, there's also named pipes. These act more or less like sockets. It's a way
for processors to communicate with each other without using network socket semantics.
Now that we've looked at the file types, let's go in and create a file. We're gonna need to
go to our Command prompt. First, we'll log in. You can create new files either with
applications, like with Vim, the text editor we explored in a previous video in this
course. You can also use the command touch, which creates and empty file that you
can use to add text or data. To create a file with touch, simply type the following at the
shell prompt. Start with touch. Then you're gonna need to put the name of the new file
as the argument.
Now let's look for our file. When I list the results of the current directory, you can see my
new awesome file in the top row. Did you know that in Linux you can have hidden
files? A hidden file starts with a period and it can only be seen when adding the dash
A or all option to the LS command. Let's create a hidden file with the touch
command and then see if we can locate it. Again, we're gonna start with the touch
command. This time, because we want it to be a hidden file, we're gonna practice the
file name with a period.
Now I'm gonna run the LS command again and see if we can see the file. If you look
carefully here, the first file we created OSMfile.txt is present, but we can't see the other
file. Let's run the LS command again with the dash A option to see all of the hidden
files. Now you can see it's given us some more results. If you look carefully in the third
row, in the fourth column, you'll see the hidden file that we created that starts with a
period followed by moreOSM.txt.
As a systems administrator, you'll work with files quite a bit. Like so many other Linux
features, there's a variety of ways to manipulate files and directories. Let's practice
another file management command. Copy. An admin uses this command to organize
their files. The command for copy is CP. Type CP to the command prompt. Next, you
need to put the source. What are you copying? I want to copy the hidden file that I just
created and move it somewhere else. So I'm gonna type in the file name. Remember, it
starts with a period because it's a hidden file.
The last argument is the destination. Where is it that you want to copy this file to? I want
to copy it to the S toner home directory. Let's go look in this directory to see if we can
find the file I just copied. We're gonna us the LS command, but remember, we need to
use the dash A option to be able to see this file. The results show us the contents of the
slash home, slash S toner directory. If you look on the bottom row, my hidden file
.moreOSM.txt is now in this directory.
Working with the Linux file system, you'll also encounter directories. Like I mentioned
earlier, directories are really just a list of files. In the next video, we'll talk about some of
the important default directories available in most Linux distributions. For now, let's look
at moving around in directories. The last command I ran, I was looking for the
contents of the slash home, slash S toner directory. Now, I'm gonna move to that
directory. First, to change directories, type the command CD. The argument is your
destination directory.
Now you can see that my prompt changed a little bit. Now that I'm in the slash home,
slash S toner directory, I can just run the LS dash A command and I don't need to
provide the destination. This should show me the same results as I saw above. If you
just type in CD with no target destination, it'll take you to your login directory. You can
see that I've changed back out of the slash home, slash S toner directory. Just to verify,
I'm gonna use the PWD command, print working directory, to verify where I am.
Since I'm currently logged in as root, typing CD by itself took me to the root home
directory. Let's take a look at what's in this directory. I'll start by typing the LS
command. Now I'm gonna change directories back to the slash home, slash S toner
directory. Now, let me show you another way to move from one directory to
another. This time, we're gonna type CD for change directory, followed by two
periods. This command tells your system to go up in the directory immediately above
the one in which you're currently working.
You can see that I went from the S toner directory, up one to the dash home directory. If
you wanna go up two directories, you would type CD period, period, slash, period,
period. Now let's look at a way to go right to your system's root directory. To do this,
type CD, for change directory, and just put a slash. If you wanna go to the home
directory of the root, you need to type CD slash root.
Another important concept for a systems administrator is that of path names. A
pathname tells you where your target is. It can be either absolute or relative. First we'll
talk about absolute pathnames. An absolute path requires you to know and type the
complete path. The complete absolute path starts with a single forward slash to show
the target relative to the root directory, and that includes all the sub-directories until the
actual file. Since it shows the entire path, the absolute pathname will always work.
Sometimes it's a lot of work to put in all the details, so developers will use a relative
pathname. Using a absolute pathname shows the file in relation to the current
directory. In this case, only the path from the current directory to the target file is
needed, so it can be much shorter. To show the relative path for the same file if you are
in the dash home directory, you can see that it's a bit shorter. The absolute pathname
starts with a slash in the home directory. If you're already in the home directory, you can
use the relative pathname that starts with the developer directory slash dev.txt file.
Both the absolute pathname and the relative pathname displayed here are the
same. You can use the absolute pathname from anywhere because it shows the path
from the root directory all the way to the file. To use the absolute pathname, you need to
be in the slash home directory. In the next video, we'll work with devices mounted to a
file system.
Working with files and directories
In this video, we'll take a closer look at the file system. The Linux file system consists of
a single hierarchy, starting from the root directory. Like I mentioned in a previous
video, a directory is really just a list of files. As an administrator, you'll need to familiarize
yourself with the directories in a Linux system. If you've worked with other distributions,
you're in luck. Red Hat Enterprise Linux Version 7 has your basic default
directories seen in most Linux operating system distributions. Here's a list of some of
the common directories.
We'll go through and I'll give you an idea of what they're typically used for. Let's start
with root, that's at the very top. Every single file and directory starts from the root
directory. Only the root user has right privileges under this directory. Please note that
'/root' is the root users home directory which is not the same as just '/'. Now let's take a
look at the directories under root. First, to the far left we have '/bin'. These are user
binaries. They contain binary executables.
Some of the common Linux commands that we've been using are located under this
directory. For example, ls, ping, and grep. The next directory, '/sbin', are system
binaries. They also contain binary executables. The Linux commands located under this
directory are typically used by a system administrator for system maintenance
purposes. For example, this is where you'll find IP tables or f disc. The next directory is
'/etc'. These are configuration files.
They contain configuration files that are required by all programs. The next directory is
'/dev'. These are device files. These include terminal services, USB, or any other device
attached to the system. The next directory is the '/proc'. This is process information. It
contains information about system processes. The next directory is '/var'. These are
variable files. The contents of these feels are expected to fluctuate in size, like your
system log files or email.
The next directory is the '/tmp'. These are temporary files. These are temporary files
created by the system or by users. It's important to remember that files under this
directory are deleted when the system gets rebooted. The last directory on this page is
the '/usr'. These are user programs. This will contain binaries, libraries, documentation,
and source code for second level programs. These are some more directories. Much
like the directories we've already talked about they're all on the same level.
We're gonna start with the '/home' directory. These are home directories for all users to
store their personal files. Next is the '/boot' directory. These are boot loader files. For
example, your grab files are located under '/boot'. Grab two is the Red Hat Enterprise
Linux boot loader. We’ll talk more about that in another video. Next we have your
'/lib'. These are system libraries. They contain library files that support the binaries
located under '/bin' and '/sbin'.
We also have the '/opt' for optional add on applications. This will contain add on
applications from vendors. Next we have the '/mnt'. This is the mount directory where
sys admins can mount file systems. Then we have '/media'. This is for removable media
devices. It's like a temporary mount directory for removable devices. Finally we have
'/srv'. This is service data. It contains server specific services related data. If you want to
read more about the Linux file system in Red Hat Enterprise Linux version 7, you can
get a good description of the file system hierarchy standard from the man pages.
To locate this information, you're gonna type the 'man' command followed by '7', the
version, and 'hier', h-i-e-r, for hierarchy. This will give you a description of the file system
hierarchy. To exit out of the man pages, hit 'q' to quit. This will take you back to the
command prompt. The file system hierarchy in Linux can be distributed over several
devices, just like disc partitions are logical volumes. These devices get mounted onto
the file system by an administrator.
A file system can be mounted on your Linux system interactively or automatically at
startup. Let’s see if we can get some information about mounted devices. To do this
we're gonna type the command 'mount'. This command will give you details about all of
the mounted devices. It basically dumps out onto the screen the contents of the '/proc',
'/mounts' file. This is usually a lot of information. Let's try another command. Type
'findmnt'.
The output of this command will show you the mounts and their relationships. It's
typically a bit easier to read than the mount output. The 'findmnt' command displays the
target mount point, the sourced device, the file system type, and the relevant mount
options. 'Findmnt' lifts the file systems in a hierarchical fashion. To display the
information as a list, you need to use the '-l' option. Let's try and run that. The output of
this command with the '-l' option provides the same results in an easy to read list.
Another command you might find valuable when examining devices mounted on the file
system will show you the available disc space on the device. Type 'df' and we're gonna
add the options '-Th'. The 'df' command will show disc space for all system mounts. The
option '-T' will show the file system used on each mount and the '-h' option will show the
disc space in a way that you'll be able to read. If you don't add the '-h' option, you'll end
up looking at kibibytes.
The results of the 'df' command will provide not only the name of the file system, but
also the size, how much space is used, how much space is still available, the
percentage of space usage, and where the file system is mounted. In the next
video, we'll look more closely at partitioning.

Partitioning and disk management

In this video, we'll take a look at partitioning. A disk can be used either as a simple
entity or broken up into one or more partitions. A partition table is a structure that
shows the partition organization. Some operating systems install everything onto one
partition, but there are advantages to having several partitions. In Red Hat Enterprise
Linux version seven, there are two partition schemes you can use. Either MBR or
GPT. Let's start by examining MBR, or master boot record.
MBR partitions are managed by the F disk command. These days, physical disks grow
in size pretty quickly, so MBR has certain limitations that can be a problem. The two
main issues are that MBR can't create more than four primary partitions from one
disk. Even though you can extend the partitions up to 15. Even more important than
that, is that you can't partition the disk with more than two terabytes. Now let's look at
the other partition scheme option, GPT, which stands for GUID partitioning table.
The GPT is part of the unified extensible firmware interface, or UEFI specification. Using
GPT eliminates the limitations on number of partitions and it also ensures support for
larger partitions, all the way up to nine zetabytes. Which you can imagine is pretty
valuable in an enterprise environment. Unlike MBR, it's a list of partitions with no boot
loader logic. We're gonna use the parted utility to manipulate hard disk partitions. Let's
go over to the command line.
Go ahead and type parted, parted, into the command line to start the partage
utility. You'll notice that your command prompt has changed, now you're at the parted
prompt. You're gonna wanna use the print command to view all the available partitions
in the selected hard disk. The print command also displays hard disk properties. One of
the properties you can see in the print results is the partition table. This device is set up
with a GPT partition table. It's a good idea, before creating the partition, to execute a
print command to view the current layout.
This will help you set partition boundaries that don't overlap. Now, if you wanna see a
list of all disks and partitions, you type print all. To start working on a disk, you need to
select that disk. You can type select and the disk name. We're gonna use
/dev/sda. Now, let's issue another print command. Make part, or mkpart, is a
command used to create partitions with a start and end disk location. Let's go ahead
and add a partition to this disk.
We'll start with the make part command. Type mkprt into the parted prompt and hit
enter. It's gonna ask us for a partition name, we'll call this swap. Now it wants to know
the file system type. We're gonna use the default for Red Hat Enterprise Linux seven,
which is ext4. Now it wants to know your start location. I'm gonna go ahead and start at
the number one. Finally, it wants to know the end point. For this example, I'm gonna
select 99 and hit enter.
Now, to see the new partition we've created, let's run the print command again. In the
results, line item one is our new partition. Now let me show you how to remove the
partition. In order to remove the partition, you need to know the partition number. This is
where it's useful to run a print command first. You can see the partition we just
created is listed as number one. To remove this partition, type rm in the parted
command, followed by a space and the partition number. Then hit enter.
Now let's run the print command again. You can see the partition we created named
swap, has now been removed. To exit the parted prompt, type quit and hit enter. This
will take you back to the command line. In the next video, we'll review system
administration of the Red Hat Enterprise Linux file system.
Using file management tools
In this chapter, we'll work with file management tools like fdisk and gdisk. The fdisk file
management tool is an interface that lets you divide a master boot record disk in to
regions of space on which you can mount file systems. First let's view all the fdisk
commands. At the command prompt, type fdisk command M. This will show you all of
your different options to use with fdisk. Now let's see what partitions there are. To view
existingdisk partitions, type fdisk-l, this usage is at the top of the screen, second line
down.
This shows you a list of partition tables. The results appear in the following output
columns. First you have your device. The device column indicates the Linux partition
name. Then you have the boot column. This contains an asterisk that indicates an
active partition. That's followed by the start and end columns. Giving the start and end
cylinder numbers of the partition. Next you have the blocks column that gives the size of
the partition in 1,024 byte blocks. It also provides the ID and system columns to specify
the type of partition.
The ID is the hexicode and the system is its description. Now let's use fdisk to look for a
specific disk. Again we'll start by typing fdisk. Then we need to add the argument for the
target disk. We're gonna use /dev/sda. Now we've entered the fdisk prompt. From here,
we can use p to print a partition table and to create a new partition. D to delete a
partition. Q to quit without saving any changes. Or W, to write the new partition table
and exit.
Let's use P to print the partition table. Now before we exit fdisk, let's print the
partition table using the P option with fdisk. To exit the fdisk prompt, type Q. Now from a
regular command line prompt, type fdisk-p. This prints the partition table. Now let's
check out another utility. We’re gonna look at gdisk. Gdisk is a similar disk management
tool that's used with the GPT partitioning tables.
Just like we did with MBR, let's start by listing the existing partitions. Type gdisk-l and
then as the argument use the disk location. This prompt listed the existing
partitions. Now let's select the partition to work with. We're gonna type gdisk followed by
the disk location. Now we're in the gdisk prompt. From here, we can type N to make a
new partition.
We can use P to print the table. We could use W to write the partition to the disk. If you
decide you just wanna exit, just type Q. I'll type P to print the table. Now to exit the gdisk
prompt, I'll type Q and not save any of the changes I made. In this video, we talked
about two file management tools, the fdisk and the gdisk. In the previous video, we
talked about using the parted command. In the next video, we'll explore disk
management a little bit more.
Reviewing RHEL administrator file management tasks
In this chapter we talked about the file system in disc management. In addition to what
we've already discussed system administrators will find themselves using access control
lists. We took a look at file permissions earlier. Users and groups might also need to
access a file or directory even when they're not owners or a member of the group who
has ownership of that file or directory. This is where access control lists come in. There
are two types of access control lists. Access ACLs and Default ACLs. An access ACL is
the access control listfor a specific file or directory.
A default ACL can only be associate with a directory. If a file within the directory does
not have its own access ACL it uses the rules of the parent default ACL for that
directory. Default ACLs are optional. ACLs can be configured either per user or per
group. The set FACL utility sets ACLs for files and directories. Let's take a look at how
this works. I'm currently logged in as root, the set FACL utility sets ACLS for files and
directories.
To set a permission for a file use by user use the set FACL command. First we'll type in
set FACL. Next we're going to use the dash m option, which stands for modify file
system. The next part provides information about the user, location and then file
name. I'm going to add the s toner user to this ACL. I also want to get, rewrite and
execute permissions. Finally I have to add the destination file.
Now let's take a look at the permissions for this file. To do that we'll use the ls
command with a dash l option and the file name. When an ACL has been set for a
file, the file string is followed by a plus sign. You can do the same for groups. I'm going
to create a new file to work with. Because I'm logged in as root the file will be saved to
the root home directory. Let's take a look at the file permissions before we set the group
ACL. We'll do this using the ls command with the dash l option and the file name.
Here you can see there's no ACL set because there's no plus sign after the permission
string. Now let's set a group ACL. To set the group ACL start with the set FACL
command. Again we're going to use the dash m option to modify the file system. Now
instead of providing user information we're going to add group information including the
name of the group and the group permissions we want to give them. We'll do g: the
name of the group, and the permissions we want to give them.
Finally we have to add the file name. Let's take another look at the file permissions for
this file.There's now a plus sign at the end of the permission string. You can also use
this command to remove all the permission for user group or others using the dash x
option. Keep in mind that when you do this you're not going to specify any
permissions because you're removing everything. First let's create a file. Now let's
check out the file's permissions.
Now that we've listed the permissions for the privy.txt file let's take a look at the ACL. To
do this type getfacl into the command prompt followed by the file name. This shows you
the file the owner the group as well as the users listed in the ACL. Now let's remove all
permissions from this file. To do this we're going to use the setfacl command with a
dash b option. There was something wrong with the command I typed in so it gave me a
usage tip.
It looks like what I'm missing here is my file name so let's try it again. Looks good, now
let's take a look at the ACL for this file again. You can see now that the user: stoner:
permissions is no longer part of this ACL. In the next chapter we'll spend some more
time configuring our new operating system.

Configuring system files

In this video, we'll configure an Apache server, an open-source web server
developed by The Apache Software Foundation. To configure an Apache server, we'll
need to install the software, find the Document Root parameter in the configuration
file, and also create some web server content. We're gonna need the Apache web
server httpd package. I'm already logged in as root. I'm gonna use the yum
command. This is the primary tool for managing Red Hat Enterprise Linux RPM
Software Packages.
Start by typing "yum" into the command line followed by "search httpd." That looks like
what we're looking for, now we need to install it. At the command line, type "yum install
httpd."Before you finish the download, you'll get a prompt to confirm the package
details. Hit "y" and "enter." We got a complete message, so we're good to go. Now,
we're gonna need to start the service. To do this, we're gonna use our "systemctl"
command, "start", and "httpd".
Now, let's check on the service. To do that, we'll issue a similar command, so I'm just
gonna hit the up arrow. But instead of "start," I want "status." Looks like we're good to
go. Httpd is running. Now that we've downloaded the software, we need to move to the
next step. We need to find the Document Root parameter in the main configuration
file. This parameter tells us where the Apache web server is looking for the web
content. The configuration file is found at "/etc/httpd/conf/httpd.conf." Let's scroll through
this file to see if we can find the Document Root.
I'm gonna use the cat command to dump the contents of this file onto the display. In
case you didn't get the location when I just read it, I'm gonna type the location as the
argument to the cat command, "/etc/httpd/conf/httpd.conf." This configuration file can be
kind of lengthy, so let's go ahead and pipe the output of this command to the less
command, which will allow usto page through the results.
Since we piped the output of the cat command to less, I can scroll through this page by
using the downward arrow. We found the DocumentRoot parameter. We'll wanna make
a note of this, it's listed at "/var/www/html." Apache will display the index.html file
within the DocumentRoot, so you need to add your content there. Let's start by going to
that directory.First, we'll have to exit the configuration file.
I typed "q" to get back to my command line prompt. Now, I'm gonna run the cd
command to change directory. For my argument, I'm gonna use "/var/www/html." If you
look at the new command prompt, you can see that I've changed directories. Now let's
look to see if there’s an index file already in here. To do that, I'm gonna type "ls." It
doesn't look like there's any contents in here, so we're gonna need to go ahead and
make one. We can use the touch command to do this.
I'll type "touch" followed by the file name. We want the file to be called index.html. When
you've got the touch command and the new file name index.html as the argument, hit
enter. Now, just to verify, let's go ahead and run the ls command again. Now we can
see our new file. Great. Let's go ahead and add some content to our file. To add content
to the file, I'll go ahead and use the vim text editor. I'll type the vim command and then
the name of the file.
You can see there's no content. I'm just gonna go ahead and write a quick message. To
exit out of vim and save my content, I'm gonna hit ":wq!" This brought me back to the
command prompt. You can see that I received a message letting me know that one line
and 43 characters were successfully written to my new file. If you're working in the
graphical user interface, the GUI, you can open up a Mozilla browser. Mozilla ships by
default. I'm gonna go ahead an install another package that will let me use a text-based
browser in the command line.
First, I need to type in my command "yum", followed by "install." The package that I'm
going to install now is called "elinks," e-l-i-n-k-s. Again, I'll need to confirm that I wanna
download this package. Alright, my package download is complete. Now, let's see if we
can view our web content. At the command line, we need to type "elinks" and then the
address. You can see behind the welcome message here, the content that I just added
to the new file that I created in my /var/www/html directory.
Using the text-based browser elinks, we're able to verify that the web server is now
available. In the next video, we'll continue to work with network configurations.

Configuring network files

In this chapter, we'll look up network configuration information. Whether you initially set
up network configuration or not, you'll likely have to monitor details like IP address, the
network mask, routing, and port availability as the system's administrator. To get
started, we'll need to be logged in as root. We're going to check out the IP utility. It's
used to validate network configuration. This utility can not only give you the same
information you would have gotten from the IF Config command, but it can also
address much more complex networking that we've seen come about in the last several
years.
To get started at the command line, type IP link. The result from this command will show
us IP link status. Now let's look at some other information like network addresses and
routing information. To look at the current network configuration, type in IP, ADDR for
address, and show. This shows the current network configuration. Now let's take a look
at routing information. To see this, you're going to type in IP, route, show.
This will show you the default router and information that's particularly useful to an
administrator, whether it's on the same network as the local IP address. Now let's take a
look at the older utility, which is still available, that's IF config. Type IF config at the
command line. Both the IF config and the IP utility display configuration information and
a number of statistics about each interface. When trying to troubleshoot network
problems as an administrator, you often have to check the availability on either local or
remote ports.
To check available ports, you can use the SS or socket statistics command. This
command shows more than the older net stat command, and it's much faster. Now
we're going to list all the connections and view the output page by page. To do that, I'll
start with the SS command and I'll type the output to less. The output contains all TCP,
UDP, and Unix socket connection details. Let's say that you just want to see the TCP
details.
To do that, we're going to use an argument with this command. To get out of the last
screen, you need to hit Q. Before I try the next command, I want to show you a quick
way to reset your command line prompt. Simply type in reset and hit enter and it should
clear the screen for you. The commands you've just run are still available if you type the
up arrow key, so we're going to do the SS command again. This time we're going to add
an option. We're going to do dash T. This will allow us to isolate just the TCP details.
You can isolate the other socket types with dash U for UDP and dash X for Unix
sockets. In the next video, we'll take a look at working with system D.

Working with systemd

In this video, we'll work with systemd. In older versions of Red Hat Enterprise Linux, we
would have worked with the init script, or the initialization script. But, in Red Hat
Enterprise Linux 7, we'll be working with systemd. This is the new service manager, and
it's based on the concept of systemd units, that keep information about system
services. Service units end up with the .service file extension, and serve a similar
purpose as the init scripts. To work with systemd, you're going to need to be root.
I'm currently logged in as root. So the first thing I want to do is list all of the currently
loaded service units. We'll start by typing systemctl into the command line. Next, we
want to add list-units. To scroll through the pages of service units, hit enter. Looks like
we currently have quite a few loaded service units. Let's say we want to display detailed
information about a particular service unit. First, we'll have to go back to the command
prompt.
To do so, hit q. We're back at the command prompt. I want to reset the screen to clean
things up a bit. At the command prompt, I'll type reset, and hit enter. Now let's see if we
can find detailed information about a specific service unit. To do that, we'll run the
systemctl command again. This time, we're going to write status, and then we'll put the
name of the service. Usually the syntax will be name.service. We're going to look for the
httpd.service.
The results show us detailed information about this service unit. For the next few
examples, I'm going to use foo.service. In the world of Linux, foo is a term that's
typically a sample variable, and doesn't have any particular meaning. When looking
through Linux documentation, or user forums, you'll find this term used a lot. Let's say
we want to start a service. To do that, you'll type systemctl, followed by start, and the
name of the service.
You can see that I got an error message, because there's really no such thing as
foo.service. To stop a service unit, you would type a similar command, but this time,
instead of start, you would type stop. Again, I'm getting an error message because I'm
typing in a variable service name that's not real. Finally, if you want to disable the
service, you would type the same command, but instead of stop, you would type
disable. Now let's see how this works with a real service unit.
Before we start, I'm going to go ahead and reset the screen. To do this, I'll type
reset into the command line, and hit enter. Now that we've tried out these
commands, with a variable service name, let's use the commands on an actual
service. We're going to use the kdump service. The service is used for backup and
recovery. To get started, let's just check the status of this service. To do that, we'll type
systemctl, status, and then we need to put the name of the service.
You can see that currently, this service is active. We're going to stop the service, and
then start it back up. To stop the service, we'll run systemctl stop kdump. To double
check that it actually stopped, let's run the status command again. In the results, you
can see that this service is currently inactive. It also shows when it was deactivated,
seven seconds ago. Let's go ahead and restart this service. To restart this service, we'll
use a slightly different command than the systemctl start service name.
We're going to use systemctl restart, and then the name of the service. I'll type
systemctl, restart, and then the service name. Now let's check the status again, to make
sure that we've restarted this service. The results show us that this service has been
reactivated. If you want to prevent a service unit that corresponds to a system
service from being automatically started at boot time, you'll type systemctl disable, and
then the service name.
Let's give that a try. If you want to enable a service to start automatically at boot
time, you'll type the same command, but instead, you'll use enable. In the next video,
we'll take a look at some more network management commands that are useful for a
Red Hat Systems Administrator.

Reviewing RHEL administrator configuration tasks

In this video, we'll take a closer look at some more network management
commands that our Red Hat Enterprise Linux Systems Administrator would use fairly
often. To start, we'll run a command, to check if a host is live. At the command line,
logged in as root, type ping. Then you're gonna need the address. I'm gonna use the
address for Google's public DNS server. That's 8.8.8.8, and I'll hit Enter. If you want to
interrupt ping, you're gonna need to use the Ctrl + C key.
That'll take you back to your command prompt. Let's say you want to look at the
information a different way. You want to display information on hosts or domains. For
this you'll type host into the command line, followed by the host or domain name. I'm
gonna try www.google.com,and hit Enter. Now let's try one more command. We're
gonna look at the traceroute command. The traceroute command is a network
diagnostic tool that shows the route packets take to a network host or destination.
First, let's verify that trace root is installed. To do this, at the command prompt, I'll type
which traceroute. Looks like we're ready to go. Now I'm gonna use the traceroute
command. This will let me check the route that packets follow to Google.com. I'll start
with traceroute, followed by the address. In the next chapter, we'll delve deeper into Red
Hat Enterprise Linux system configurations.

Configuring time services

In this chapter, we'll work with some more Red Hat Enterprise Linux system
configurations. To begin, let's look at time services. There are three Command Line
tools that can be used to configure system date and time. You have timedatectl, the
older command date, and also hwclock. First, let's work with the timedatectl utility, which
is new for Red Hat Enterprise Linux 7, and it's part of System D that we've mentioned in
some of the previous videos. To display the current date and time, along with detailed
information about the configuration of the system and hardware clock, run the
datetimectl command with no additional Command Line options.
This shows you the local and universal time, and the currently used time zone. Now let's
run the more traditional date command, date. Simply type date and hit Enter. You can
see the results are really only one line, and they're pretty easy to read. These results will
only display in local time. Let's run the date command again. This time, we'll add the --
utc or -u option. That way, we'll be able to display the time in UTC. Now let's use the
date command to set the time.
First we type in date with the -s option, and then as the argument, we're typing in the
time that we wanna set. I'm gonna use 18:45. This should set the system time to
6:45. You can see it produced the result that showed you that the time has been
changed. Now let's talk about the hwclock utility. This accesses the hardware
clock, also called the realtime clock, or RTC. The hardware clock is independent of the
operating system you use, and it'll work even when the machine is shut down.
Type the command hwclock. You can see that the time is displayed a little bit differently
than you typed the date command. We can also use the hwclock utility to see the
difference between the system time and the hardware time. To do that, we'll run the
hwclock utility again, but this time we'll add the -c option. We can see from the results
here that there's a difference between our system time and our hardware time. To exit
out of this utility, hit Control+C.
Now let's synchronize the hardware clock and the current system time. We can do this
in either direction. First, we'll set the hardware clock to the current system time. To do
that, we'll use the hwclock utility. Now add --systohc and hit Enter. Now let's run
hwclock -c again to show us the difference between the system time and hardware
time. You can see now that they've been synchronized.
If you wanna set the system time from the hardware clock, you would type in the
hwclock utility, but add --htcosys. In the next video, we'll look at viewing configuration
log files.
Configuring cron
In this video, we'll look at log file configuration. Log files are important for a systems
administrator because they contain event information about the system, like messages
about services and applications. You even get messages from the kernel. Log files can
be very useful when trying to troubleshoot a problem. They can indicate what's going
wrong in a system or how the system is reacting to input. Some log files are
controlled by a daemon called rsyslogd. The rsyslogd daemon is a replacement for
sysklogd.
It provides more filtering, quite a bit more encryption protection for the relaying of
messages, and a lot more configuration options. Let's take a look at the rsyslog
configuration file. You'll be able to find this at /etc/rsyslog.conf. To check out the
contents of this file, we'll use the cat command. As the argument, we're gonna need the
location of the file. So I'll type/etc/rsyslog.conf.
To be able to page through the results easily, we're gonna pipe the output of the cat
command into the last command. This is the rsyslog configuration file. I'm gonna scroll
down a bit until I can find the rules. You can see here I'm scrolling through global
directives. And here we go. I've gotten to our rules section. You'll see that this not only
contains the rules but also where to put the information. The second subsection under
the rules section indicates a configuration to log anything of level info or higher.
It also sets the destination of these messages to /var/log/messages. To exit the last
screen, hit q. That'll bring you back to the command prompt. The rsyslog service lets
you run a logging server. To capture logging, you're going to need to install
rsyslog. Let's go ahead and checkto see if we already have it. Depending on the base
environment that you select at install, it usually comes by default with Red Hat
Enterprise Linux setting. To see if we already have it, type systemctl.status and the
name of the service, rsyslog.
The results show us that we do have this service loaded and that it's active and
running. If you don't have this service loaded, you'll want to download the service using
the yum command. If the service is loaded but not active and running, you'll wanna use
the systemctl command with start and rsyslog to get it up and running. Now that we
know that our rsyslog server is started, let's check the contents of the destination file for
our log messages, /var/log/messages.
To do this, we'll type the tail command with a –f option. This allows us to see the last 10
entries in this file. The -f is important here. It will refresh the output as the file grows. So
if you're getting any additional messages after you've already filed the command, they'll
appended to the bottom of the list. Now we need to add, as the argument, the location
of the file. Type /var/log/messages.
Go ahead and hit enter. You can see that we have 10 results here. To exit the file, hit
control c.Now to make sure that the rsyslog service starts automatically at boot in the
future, you'll want to enter the following command. You'll use systemctl.enable and the
service name, rsyslog. The log server is now configured to receive and store log files. In
the next video, we'll configure the cron job.
Configuring an Apache server
In this video, we'll talk about the cron daemon. We use this to schedule and run
automated jobs, or tasks, in the background. First, we need to determine if the
packages are already installed on your system. To do this, we're going to use the
systemctl command. We'll want to check the status, and finally we need to add the
service name. To check the cron service, type crond.service, and hit enter. Here we can
see that the package is loaded, and it's already active.
If you don't have the service loaded, you'll need to install it. You can use the yum install
command, followed by crond.service. If you have it loaded, but it's not active, you'll want
to use the systemctl command, start, and the service name, crond.service. We looked at
how to run the systemctl commands to start and enable services in a previous
video. Now we're currently logged in as root. That's because only root can access the
main configuration file that schedules jobs.
Let's take a look at this file. To dump the contents of this file onto the screen, we're
going to use the cat command. Then we need to put the file location. The cron
configuration file is located at /etc/anacrontab. To make it easy to page through
this, we're going to go ahead and pipe this command to less. Now, let's take a look
at the first three uncommented lines in our results. The first line is SHELL, this
shows the shell environment used for running jobs.
For example, the Bash shell. Next, we have PATH. This shows the path to the
executable programs. The third line is MAILTO. This has the user name of the user who
receives the email output of the jobs. At the bottom of the crontab, it will show us
scheduled jobs. Now in contrast, users other than root can configure their own cron
tasks, using the crontab utility. The user defined crontabs are stored in one of the user's
directories, and executed as if run by the user that created them.
Since we're currently logged in as root, let's log out, and log back in as a regular
user. To exit the less screen, hit q. I'll type the logout command to log out from
root. Now I'll log back in as the regular user s-toner. Now the first thing I want to try is to
list the contents of this current user's crontab file. To do that, I'll use the command
crontab, c-r-o-n-t-a-b, with the -l option. This will list the results.
It looks like there's one cron job scheduled here. Let's take a look at the format. The first
zero indicates minutes, you can set zero to 59. The second number, five, represents the
hour. You can set this any number from zero to 23. The next number, 10, represents the
day of the month. This can be set with any number, one through 31. The next number,
two, represents the month. You can either use the numeric, one through 12, or you can
put three character abbreviations for the month.
The last number represents the day of the week. Here again, you can either use the
number zero through six, or you can provide a three character abbreviation for the days
of the week. The final bit at the end there is the command. This line will execute the find
command. It'll execute this at 5am on the 10th day of February. Now, let's see if we can
tell the contents of another user's crontab. To do this, I'll have to have elevated
privileges. I'll start off by typing in su, and then provide the root password.
Now to view the contents of another user's crontab, you use the crontab
command, followed by -u, and the username, followed by -l. It looks like this user
doesn't have a crontab set up.Let's go ahead and create another crontab for the current
user. To do that, you'll use the crontab command, followed by the -e option. This will
open up the configuration file. To edit this file, you'll need to go into edit mode, click i.
You can see at the bottom left of the screen, we're currently in edit mode. Now I'm going
to enter information for this cron service. First, I'll enter a zero, for zero minutes. Next, I'll
enter 13, that'll be 1pm. For the day of the month, I'll put 26. Now for the month, I'm
going to use an asterisk. This will make sure it happens every month. For the day of the
week, I'll go ahead and use an asterisk, as well. Now I need to enter my command. I'm
going to enter a command to automatically back up.
To do this, I'll start with the home directory, my username, followed by full-backup. Now
to exit insert mode, I'll hit esc. To save my new cron entry, I need to type a
colon, folowed by wq!, for write quit, and hit enter. You can see that it's installing my
new crontab. Now let's take a look at the new automatic task that we created. Type
crontab -l.
You can see the crontab we just added. To remove a crontab entry, you need to use the
command crontab, with the -r option. This will completely remove scheduled
jobs without confirmation from crontab. If you want to make sure that you get a
confirmation, you're going to also want to use the -i option. Let's give it a try. We'll start
with crontab, we'll enter the -i option to make sure that we can enter a confirmation, and
then we'll use the -r option to remove. You see, because we used the -i, we've got a
message here that says, "Really, you want to delete the root's crontab?" We're going to
go ahead and say no.
In the next video, we'll look at something similar that also creates automated jobs, but
only creates one at a time.

Reviewing RHEL administrator configuration tasks

In the previous video, we talked about one way to automate system tasks, the Cron
utility. In this video, we'll talk about another valuable task automating utility provided by
the ATD Service. While Cron is used to schedule reoccurring tasks, the at utility is used
to schedule a one time task at a specific time. First we need to make sure that we have
the ATD service. To do this, we'll run system CTL, status, and the name of the service,
ATD dot service.
It looks I've already got it loaded and active. If you don't have it loaded and active, you'll
want to download the package by using the YUM command. Once you've downloaded
the package, you'll need to start the service using the system's CTL, start service name,
command. We cover that in a previous chapter in this course. Red Hat Enterprise Linux
generally recommends that you configure the service to start automatically at boot, so to
do this, you'll want to use the system CTL, enable ATD dot service command.
The ATQ command is used to list the pending jobs. Type ATQ into the command line. It
doesn't look like we have any pending jobs. Since we executed the ATQ command from
the root user, it should show us all jobs that are currently pending for all users. Now let's
schedule a task. Let's say we want to shut down our system automatically at 11
o'clock. From the command prompt, you'll type AT, followed by the time. Let's say I want
to shut down at 11 p.m. Then I'll hit enter.
You can see that my prompt changed to the at prompt. Now I need to type the
command. I'll type halt followed by the enter key. To save the job, press control D. Now,
let's type the ATQ command again. You can see that this time we did receive a
result and we've got that one, and we've got that one task pending. The ATRM
command is used to remove pending jobs. Type ATRM, followed by enter. You can see
that my ATRM command didn't quite work.
It did, however, give me some tips on the usage of that command. What I'm missing is
the job number. Let's go ahead and list the jobs again to look for the job number. I've
only got one job, and you can see the number at the far left. It's the number one, so let
me go ahead and run the remove command again with the number one. Now let's list
the pending jobs. You can see that there's no entries, so we've successfully removed
that one pending job that we just created. In the next chapter, we'll review more of
system management.

Managing logs
In this chapter, we'll locate system log files. Log files can be useful when trying to
troubleshoot a problem with the system. Like looking for unauthorized login
attempts. Now I'll show you where to find the system log files. By default, there's two
login tools that coexist on your system. Some log files are controlled by a daemon
called rsyslogd. We worked with this, rsyslogd in a previous video in this course. Log
files can also be managed by the journald daemon, it's a system component.
The journald is a component of systemd, which is responsible for viewing and
management of log files. Journald is closely integrated with the rest of the system. It
supports not only various login technologies, but also acts as management for the log
files. To access the journal logs, use the command journalctl and hit Enter. I can scroll
through the logs by using the downward arrow. So I scroll through the log results
here and I want to highlight one result for you. You can see that on August 18th, about
half way down the page, you can see a log entry that indicates the Network Manager
was started.
The output of this command, is a pretty long list of log files. This includes messages
generated by system components and by users. Let's use the dash n option to
reduce the journalctl output to a number of entries. I typed q to return to the command
prompt. Now, let's re-run the same command, but this time, we'll give it a dash n
option. Keep in mind, that when no number is specified, it'll actually just give you the last
ten most recent entries.
You can see this is a little easier to read. And if you know that you're looking for
something in the log file that just happened, then you shouldn't need to really go
through all of those log entries. In the next video, we'll talk about the Red Hat Enterprise
Linux Package Manager and look at managing software.
Managing software
In this video we'll talk about the Red Hat Enterprise Linux package manager. An RPM
file also known as a package is a way of distributing software so that it can be easily
installed updated and deleted. RPM files have information about the package name, the
version and other dependency information. Yum is the most used sysadmin tool for
managing software packages from the official Red Hat software repositories, sometimes
referred to as Repos. You can also get third party repositories using yum but you'll need
to have some of the vendor information and you'll have to have set up a local repo.
A systems administrator will regularly use the yum command to install security
updates and binary packages. You need to log in as root to use the yum command. One
way that you can check if there's any pending updates is to use the command yum
space check dash update and hit enter. It doesn't look like we have any current
updates but we'll go ahead and run an update to see what happens. If you want to
update all packages and their dependencies you use yum space update without any
arguments.
In the results we received a message that says no packages marked for update. Now if
you want to update a single package you'll use the same command, yum space
update but as the argument you'll use the package name. Keep in mind that you're
going to have to run the yum command as root. So like I've said before, a Red Hat
Enterprise Linux system needs to be subscribed to the Red Hat content delivery
network. When a system is subscribed and connected a repository file is created in
the Etc yum dot repos dot d directory.
Let's switch over to that directory and and see what we can find inside. First, we'll need
to change directories. To do that we'll issue a cd command and we'll need to use our
target destination as the argument. Slash etc slash yum dot repos dot d and go ahead
and hit enter. Now you can see the command prompt changed so we know we're in the
right place. Now in order to see what's in this directory we'll use the ls command. The
results show us that we have a Red Hat dot repo.
Another way to look at the available repos is to list all of your enabled repositories. Now
that we've seen the contents of the directory, I'll go ahead and switch directories
back. First we need to download and install the epel repo. To do that we'll use the wget
command. Wget stands for web get. It's a command line utility that downloads files over
a network. For the argument we need the download link. I'm going to type in the link for
epel at the Padora Project.
When you've entered in the web address go ahead and hit enter. Now that we've got it
downloaded we'll need to install it. You can do this with the rpm command. With the
options dash IVH we'll install the package. Now we need the package name. When
you've entered the package name hit enter. Now to make sure you've downloaded and
installed the repo, let's use yum again to list all enabled repositories. To do that we'll
use the yum command followed by repo list.
Here you can see that in addition to the Red Hat Enterprise Linux 7 server
package we've also got the extra packages for Enterprise Linux 7. A valuable trick for
a Red Hat Enterprise Linux administrator is to be able to display packages not
installed via the official Red Hat network subscription repos. If you want to see all
packages not available via subscribed channels or repositories type yum space list
space extras and hit enter. We didn't receive any results which means that all of our
repos were installed with the official Red Hat network subscription repos.
Now if you want some help you can access a great yum command cheat sheet at the
Red Hat customer portal. In the next video we'll talk about managing the boot process.

Managing the boot procedure

In this video, we'll modify the boot process. Red Hat Enterprise Linux 7 comes with the
GNU Grand Unified Boot Loader, GRUB version two. Grub2 is installed on the boot
sector of your server's hard drive. GRUB2 lets you select an operating system, or
kernel, to be loaded at system boot. Generally, it doesn't need a lot of maintenance, but
you might decide to change some of the boot loader configuration, to have different
options in the boot menu .Let's start by opening the boot loader configuration file from
the command line.
Notice, I'm currently logged in as root. If you're logged in as a user that doesn't have
elevated privileges, you're going to have to use either su or sudo to be able to work with
the boot loader. Now, let's open the boot loader configuration file. To do this, we'll use
the cat command, and we need to open the file at /etc/default/grub, and hit enter. Let's
look at some of the options here. At the very top, you see GRUB_TIMEOUT. This is the
number of seconds GRUB will display the menu before booting the default option.
If you don't want users to see the boot menu, you can set this to zero, and the default
option will boot instantly, without even displaying the menu. If you want the menu to stay
up until a user selects an option, you would set this to -1. The other line here that I want
to bring your attention to is the GRUB_CMDLINE_LINUX. This line contains boot
arguments for the kernel. Take a look at the very end of the line. There's currently
nothing there. If you don't have the rhgb or the quiet options at the end of this line,
during the boot process, the kernel will display messages.
This can be really valuable for a system administrator to see what's happening during
the boot process. But for an end user, it might be a bit confusing. To change this, we're
going to need to add rhgb and the quiet option at the end of this line. Now we're just
looking at the contents of this file. What we really need to do is change some of these
variables. To do that, we're going to open the file with Vim, the text editor. We'll type vim
into the command line, and enter the file location and name. Now, I'm going to navigate
to the first line, GRUB_TIMEOUT.
To change the number, I need to go into replace mode. Let's say we only want the boot
menu up for five seconds. Now the other thing I want to change is in that
GRUB_CMDLINE_LINUX line. At the very end, I want to add rhgb, space, and
quiet. Now that I'm done editing this file, I'm going to go ahead and hit control-c. I need
to enter a wq and exclamation mark to save the changes I've made, and exit Vim.
Now just to make sure that we've made those changes, let's check out that config file
again by running the cat command. Looks like our changes have been added. Now that
we've changed the boot menu options, we need to go ahead and commit those
changes to the main configuration file, grub.cfg. Now keep in mind, this file, which is
located at /boot/grub/grub/cfg, is not meant to be edited directly. We're going to run the
grub2 -mkconfig command. This will make GRUB2 automagically write the settings from
the file that we just edited to the grub dot config file.
That's the file that's read at boot. In the command line, type grub2 -mkconfig. We want
to go ahead and redirect the output of this to the configuration file that's read at
boot. Like I mentioned, that file is at /boot/grub2/grub.cfg. Great, now let's reboot, and
we can look for the changes we made. From the command line, go ahead and type
reboot.
What we should see here is that we'll see messages from the kernel during the boot
process, and our menu that's up on the screen now should last five seconds. During
boot, you can press e, like I just did, to add some one time arguments. When you're
ready to pass those arguments to the kernel, press control-x. You can also press c to
enter the GRUB command prompt. From the GRUB command prompt, you can enter
Commands that help you troubleshoot the boot procedure.
When you're finished with the GRUB command prompt, the esc key discards any
changes, and reloads the standard menu interface. In the next chapter, we'll take a
look at another important system administration function, managing processes.

Reviewing RHEL administrator system management

tasks
In this video, we'll talk about some other monitoring commands that a Red Hat
Enterprise sysadmin will use. We'll also take a look at the system monitor tool. Now,
let's talk about the ps command. When you execute the ps command from the
command line, the system will display information about currently running processes. It
produces a static list of what's running when you execute the command. Let's take a
look. From the command line, I'm going to type ps and hit enter. Now, if you want to list
all the processes that are currently running on the system, including processes being
run by other users, type ps ax.
You can see that's a much bigger list. Now, we can't really tell from this list who's doing
what. So let's try this again. To display the owner alongside each process, you're going
to type in the command ps aux. The results here show in the first column the user that's
running that current process. If you want a list of processes that stays current, you'll
need to use a different command, the top command. The top command displays a real-
time list of processes.
This is one of the more frequently used commands on a day to day basis for a system
administrator. It also displays additional information about the system, and allows you to
perform actions like sorting the list or killing processes. Let's take a look. At the
command line, type top and hit enter. When you're in the top command, if you need to
refresh the list, you should be able to do that by hitting space bar or hitting enter. If you
want to sort the results by a specific field, type Shift + o.
Now you need to specify a field. The columns are labelled alphabetically. Select the
field letter, and then press enter. To sort by user, I'm going to select b. You can use any
key to return to the main top search results. To get out of the top results window, type
q. Now we're back at the command prompt. Let's take a look at how to find the system
monitor tool in the GUI, where we can look at process information. To open up a GUI,
type startx.
To find the application, go to the top left applications menu, from the drop-down select
System Tools, and to the right scroll down a bit and select System Monitor. This will
open up the System Monitor window. We're currently on the Processes tab. The
Processes tab of the System Monitor tool will allow you to view, search for, change the
priority of, and kill processes. The System Monitor tool defaults to show a list of
processes that are owned by the current user.
You have more options to view processes if you click on the button on the top right that
has three lines. Here you can look at active processes, all processes, and you can see
we're currently looking at our own processes. So let's take a look at active
processes. We can also select all processes. This will be a pretty big list. In the next
chapter, we'll work more with security features that are valuable for a Red Hat
Enterprise Linux systems administrator.

Learning security basics

In this video, we'll talk about Red Hat Enterprise Linux Security. In a previous video, we
talked about file permissions and access control lists. Now we're going to look at
another security mechanism, Security Enhanced Linux, or SELinux. An SELinux
hardened system will run in enforcing mode, which means that the SELinux policy is in
effect, and the things that it doesn't want to happen will not be allowed. As a system
administrator, you might find that you need to work temporarily under a more permissive
policy.
Notice I said "temporarily", because it's really not a good idea to disable
SELinux. Instead of disabling SELinux, you can temporarily run in permissive
mode. This will let SELinux continue its work, and it will log messages to system log
files without blocking any network service or protective service. This could be really
valuable to help you troubleshoot a problem. You can complete the action that causes
the problem, and then you can go to the system log files to see what kind of information
you've captured about that activity, and why it's going wrong.
You can do this either for the entire system, or just a specific element. As we've done in
previous videos, let's start by taking a look at our current SELinux mode. To do this,
we're going to type "getenforce". This is all one word. Then hit "enter". It looks like we're
currently running in permissive mode. In an in-production multiuser environment, you
want to make sure that you're running in enforcing mode. To change modes after the
system's been booted, you can use "setenforce".
To do this, type "setenforce", all one word. Now, if you want to change to enforcing
mode from here, you're going to add space, enforcing. If you are in enforcing mode and
you wanted to switch to permissive, you would type permissive here. You can also use
the number one to represent enforcing, or the number zero to represent
permissive. When you've entered "setenforce", space, "enforcing", hit "enter". Now, we
could run the getenforce command again to see the change, but I want to show you a
different way to check the status of SELinux.
Type "sestatus", and hit "enter". Here, you can see in the very first line of the result, it
shows us that SELinux status is currently enabled. Our setenforce command was
successful. Now, I've only showed you the enforcing and permissive modes of
SELinux. There is an option to disable SELinux, but I really don't recommend that. In the
next video, we'll look at implementing local security, by enforcing password best
practices among your user base.

Implementing local security

In this video, we'll focus on implementing local security by securing user based
passwords. One simple thing that you can do as an administrator is work to ensure that
your user base is getting the most out of password protection. Users should be required
to create a password and change it frequently. An important practice when creating user
accounts is to require the user to create a password the first time that they log in. Let's
take a look at how to do this. First, we're gonna create a new user. At the command
prompt, type user add, followed by the new user's username.
Now we need to create an initial password for them. To assign them a password, type
the password command, P-A-S-S-W-D followed by the username. Now we enter their
password. You'll enter the password and hit enter. Now you'll be prompted to re-type
the password. We now have a new user and they've been assigned a temporary
password. Now to require an immediate password change at login, we need to do one
more step. First type the command C-H-A-G-E, we're gonna follow that with a dash D
zero and then the user name.
This is gonna force a user's password to expire at login. Now to test this out, let's log
out as root user and try to log in as our new user. The first time they log in, they'll be
required to use the initial password that you set up. Once they've entered that initial
password, here's the prompt that requires them to change their password immediately
before they can log in. They'll have to start by typing the current password again.
Then they'll enter their new password. Now let's take a look at another way to use this
command. We'll have to log out of our unprivileged user account and log back in as
root. To specify the interval at which a user needs to change their password, we're
gonna use the same command with some different options. The interval can be set to
anything. It really depends on your organization's password policy. It can even be set to
never expire but that's not a very secure policy.
Let's say we wanna set the password change interval to 60 days, we'll type C-H-A-G-E
again, this time with a dash capital M followed by the number of days for your
interval. We're gonna go with 60. 90 is a pretty common value. In very high security
environments you might even find 30. If you wanna set this interval for a specific
user, put their username as the argument at the end of this command. I'll use the user s
toner.
Now, I mentioned before that you can also disable password expiration. To do this,
instead of entering the number of days, you would follow the dash M option with a dash
L. We've received a message that there's something wrong with the command we just
issued. So let's take a look at it again. I used the C-H-A-G-E command followed by dash
M dash L, I think that's my problem. In a Linux environment, you need to be really
careful when using lowercase L and the number one.
What I really needed to do for this command is instead of use a dash L, I needed to
make this a negative one. They look really close. Let me go ahead and run the
command again. Looks like it worked this time. Now let's use the C-H-A-G-E
command to set a password expiration warning message for the user. By default this
value is usually set to seven, so that seven days before a user's password is gonna
expire they'll start to get a warning message. Let's say we wanna change that to eight
days.
Again, we'll use the S-H-A-G-E command, this time we're gonna add the option dash
capital W. This stands for warning days. We'll follow the option with the number of
days. Let's say we want to set it to eight. Now, we need to add the specific user. We're
gonna use the same user, s toner. Now I already showed you how to have a
user change their password the first time that they log in. Let's talk about a user that
already has an account. For example, s toner.
Let's say we need to go in this user's account and do some work and after we wanna
make sure that they change their password to something secure and private. To do that,
we'll use the C-H-A-G-E command followed by the dash, lowercase D option, followed
by zero and the username as the argument. Now that we've made some changes to the
password policy for this user, let's use the C-H-A-G-E command to list the password
aging information for this specific user. To do that, type C-H-A-G-E followed by the dash
L option for list and the name of the user as the argument.
Here you can see the changes that we just made. You can see at the very bottom of the
results, the number of days of warning before the password expires is eight and not the
default seven. The minimum number of days between password change is currently set
to zero. The next time this user, s toner, logs in they're gonna have to change their
password. Now let me log out of root and log back in as the user, s toner, to show you
the password change prompt. Just like when we required a password change at first log
in for the new user, this existing user, s toner, is required to change her password the
next time she logs in.
In this video, we've talked about enhancing local security by ensuring your user base is
using password best practices. In the next video, we'll talk about FirewallD. This is the
new dynamic firewall that comes with version seven of Red Hat Enterprise Linux.
Reviewing RHEL administrator security tasks
In this video, we'll work with the new dynamic firewall that comes with Red Hat
Enterprise Linux 7, firewalld. Firewalld replaces the iptables interface. Even still, iptables
is available in Red Hat Enterprise Linux 7. Firewalld uses zones and services instead of
chain and rules. It allows for better security rules management because it allows
configuration changes to be executed without stopping the current connections. Before
we get started, let's make sure that the firewalld service is running.
To do this, we'll type systemctl followed by status and the service name firewalld, or
"firewall D," and hit Enter. Looks like this service is currently loaded and active. If you
didn't have it loaded and running, you would use the systemctl command to start and
enable the firewalld service. You can see how to do that in a previous video. Since we
know it's active and running, let's check the firewall state. To do this, type firewall-cmd,
for command, followed by --state.
That shows us that it's running. As I mentioned, firewalld uses zone management to
define levels of trust. All network traffic is divided into zones by firewalld, and the zones
are assigned rules. Network interfaces can be located in the same zone or divided into
different ones, depending on your organizational needs. Without any configuration,
everything is done by default in the public zone. Let's run a command to see what the
default zone is set to. To do this, we'll start with firewall-cmd, followed by space -- get-
default-zone.
The results show us that, like I mentioned, the default is set to public. Now let's look at
changing the default zone to internal. To do this, we'll run the firewall-cmd command
again, but instead we'll use --set-default-zone, no space, add an equal symbol, and this
is where you're going to put the default that you want to switch to. I'm going to write
internal and hit enter.
Now let's run the default zone again to see if it's changed. It looks like now we're
running on internal. Let's say you want to look at a list of zones where you've got
network interfaces assigned. To do this, you'll type firewall-cmd space dash dash get-
active-zones, with an s at the end. Now by default, the firewall-cmd command applies
only to runtime configuration.
But we can change this by using the --permanent option. This will establish a permanent
configuration. To add and activate a permanent rule, go ahead and type firewall-cmd at
the command line followed by --zone=public space --add-service equals http -- and
here's where we add permanent.
Now that we've made a change, we should really reload the firewall. To do this, you're
going to type firewall-cmd --reload. Now I wouldn't recommend disabling a firewall
permanently. But it might be useful for troubleshooting to stop the service. From root
access, the firewall can be stopped with the systemctl command by typing systemctl
stop firewalld.
Like I said, you really only want to do this temporarily. This stopped the firewall, but it
will start again after the system reboots. There's really a lot of different things that you
can do with the new firewall. To get help with this command, you type firewall-cmd --
help. This help page is going to give us a lot of results, so we'll go ahead and pipe the
output of this command to less so that we can page through the results. As you can
see, there's a lot of options here.
To get out of the less screen, hit q. Now we're back at the command prompt. In this
video we talked about working with firewalld. In the next video, we'll wrap up the
course, review what we've talked about, and talk about next steps.

Pursuing next steps

In this course we've covered how to install Red Hat Enterprise Linux version seven,
navigate around the system, and manage system administration. Learning a new
operating system is like learning a language. Immersion is the best way to continue to
develop your Linux skills. It's unsafe to practice on an Enterprise Production Server, so
you should install your own instance, and use it to master what you've learned. If an
Enterprise license is too expensive to practice with, keep in mind that you can work with
the CentOS distribution that will be free and much like Red Hat.
As you continue your Linux journey I want to remind you that there are a plethora of
resources at your disposal. Let's take a minute to look around the Customer Portal at
some of the valuable resources they offer their members. I'm currently logged in to the
Red Hat Customer Portal. Let's scan across the top to see what kinds of neat things you
can find here. The first dropdown menu, Products and Services, will give you
information about other Red Hat products. You can also get support or search the
knowledge base. You'll find plenty of documentation videos and discussions.
If you're looking to outsource some of your development or system administration you
could also find Services in this section. Now let's look at the Tools menu. Here you'll find
tools that were developed by the Red Hat engineers. They have tools for configuration,
deployment, troubleshooting, and security. You'll also be able to access plugins and the
Red Had Satellite Certificate Tool. In the Security menu you can find updates and
additional security-related resources. One of the places I go to most often is the
Community.
Here you can read discussions, blogs, learn about events, and also read stories. This is
a good place to find answers when you have a question. Linux has users worldwide,
and they comprise one of the more passionate user communities that I've ever
participated in. In addition to the Red Hat Customer Portal you can find tips and
techniques by searching the web for Linux-focused forums, articles, and tutorials. When
you're out there looking for advice, make sure to specify the distribution and version of
Linux that you're working with.
If you don't you can go pretty far down the rabbit hole with instruction that may not be
relevant. For more awesome instructional content, check out the other operating system
related courses in the library. Thank you for viewing my course. I hope you enjoyed
exploring the Red Hat Enterprise Linux Operating System with me.