Chmod commands

The UNIX chmod command is used to change the execution permissions of a UNIX file. The  chmod stands for change mode. The chmod command is based on the permissions and the chmod permissions can be assigned either by number or by a letter value.

Owner Group World Meaning
7 7 7 Read + Write + execute
6 6 6 Write + execute
5 5 5 Read + execute
4 4 4 read only
2 2 2 write only
1 1 1 Execute only
Owner (u) Group (g) World(o) Meaning
rwx rwx rwx Read + Write + execute
rw rw rw Read + Write
rx rx rx Read + execute
wx wx wx Write + execute
r r r Read only
w w w Write Only
x x x Execute only
Advertisements

How To Configure Static IP On CentOS 6

## Configure eth0
#
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
NM_CONTROLLED=”yes”
ONBOOT=yes
HWADDR=A4:BA:DB:37:F1:04
TYPE=Ethernet
BOOTPROTO=static
NAME=”System eth0″
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
IPADDR=192.168.1.44
NETMASK=255.255.255.0
## Configure Default Gateway
#
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos6
GATEWAY=192.168.1.1
## Restart Network Interface
#
/etc/init.d/network restart
## Configure DNS Server
#
# vi /etc/resolv.conf
nameserver 8.8.8.8 # Replace with your nameserver ip
nameserver 192.168.1.1 # Replace with your nameserver ip

Linux Basics – Set A Static IP On CentOS

Version 1.0

This tutorial explains the configuration of a static IP address (IPv4 and IPv6), the hostname and nameservers on CentOS. To be compatible with Desktop and Server Systems, we do the configuration on the shell.

1 Preliminary Note

Suppose you are working in a data center & your boss puts a minimal CentOS server setup & you need to configure it in the running environment. Yes it is little painstaking, but not very tough task. In my case I have a dumb CentOS server which was installed by someone in his networking environment & I want to make it functional in my static IP environment. Suppose I have a vacant IP 192.168.0.100 & I will implement it in my environment. My IP details are as follows:

IPv4

  • IP address: 192.168.0.100
  • Subnet: 255.255.255.0
  • Gateway: 192.168.0.1

IPv-6

  • IP address: 2001:db8::c0ca:1eaf
  • Netmask 64
  • Gateway 2001:db8::1ead:ed:beef

DNS resolving nameservers

  • Nameserver 1: 8.8.8.8
  • Nameserver 2: 8.8.4.4

The above values have to be adjusted for your local network enviroment. Just the FNS resolving nameservers can be used on most networks as these IP addresses belong to the public nameservers from Google.

2 Implementation

I will do a configuration file editing with the editor like vi. But you may use any other shell editor like nano or joe instead. The file name for the first network card (eth0) is /etc/sysconfig/network-scripts/ifcfg-eth0

I will first make backup of my original file as /etc/sysconfig/network-scripts/ifcfg-eth0.bak & then proceed for the changes in /etc/sysconfig/network-scripts/ifcfg-eth0

mv  /etc/sysconfig/network-scripts/ifcfg-eth0  /etc/sysconfig/network-scripts/ifcfg-eth0.bak

vi /etc/sysconfig/network-scripts/ifcfg-eth0

I will change  the file like this:

#My IP description
# IPv-4

DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT=yes
HWADDR=20:89:84:c8:12:8a
TYPE=Ethernet
BOOTPROTO=static
NAME="System eth0"
UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03
IPADDR= 2001:db8::c0ca:1eaf
NETMASK=255.255.255.0

Only the Lines IPADDR and NETMASK have to be adjusted. Do not change the other lines.

For IPv6 You just have to add the entries below:

vi /etc/sysconfig/network

[...]
NETWORKING_IPV6=yes

vi /etc/sysconfig/network-scripts/ifcfg-eth0

[...]
#IPv-6
IPV6INIT=yes
IPV6ADDR=2001:db8::c0ca:1eaf
IPV6_DEFAULTGW=2001:db8::1ead:ed:beef

3 DNS configuration

DNS can be added in the file /etc/resolv.conf

vi /etc/resolv.conf

[...]
nameserver	8.8.8.8
nameserver	8.8.4.4

You can add 2 or more namserver lines. Your system will try the other ones in case that the first nameserver is unreachable.

4 Hostname

In my case the hostname is server1.example.com to set the hostname, I will edit the /etc/hosts file:

vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.0.100   server1.example.com     server1

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

and the resolv.conf file:

vi /etc/resolv.conf

NETWORKING=yes
HOSTNAME=server1.example.com
GATEWAY=192.168.0.1
[...]

and reboot the server.

reboot

Check your hostname with the command below. The new hostname will be applied after reboot only

hostname

5 Advanced networking and virtual network interfaces

I am using CentOS Linux and I would like to  create alias for eth0:0 so that I can have multiple IP address. I will implemented by creating a file as follows:

vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

#IP Aliasing

DEVICE="eth0:0"
BOOTPROTO="static"
HWADDR=20:89:84:c8:12:8a
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR=192.168.0.108
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=8.8.8.8
DNS1=8.8.4.4

Here I have done the IP aliasing for the IP 192.168.0.108, it could vary as per your requirement.

6 Services

After any change in the networking files you need to restart the network services as follows:

/etc/init.d/network restart

After the service restart you can check the changes as:

ifconfig

The output will confirm the changes done statically. It will be almost similar like this:

root@server1:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 20:89:84:c8:12:8a
inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
inet6 addr: 2001:db8::c0ca:1eaf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
RX packets:200197 errors:0 dropped:67 overruns:0 frame:0
TX packets:69689 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:64103748 (64.1 MB)  TX bytes:14106191 (14.1 MB)

eth0:0    Link encap:Ethernet  HWaddr 20:89:84:c8:12:8a
inet addr:192.168.0.108  Bcast:192.168.0.255  Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

lo        Link encap:Local Loopback
inet addr:127.0.0.1  Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING  MTU:65536  Metric:1
RX packets:10365 errors:0 dropped:0 overruns:0 frame:0
TX packets:10365 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:875114 (875.1 KB)  TX bytes:875114 (875.1 KB)

Note Above values will differ in your case.

VNC Server on CentOS 6

This post will cover installing VNC with GNOME Desktop on a remote server running CentOS 6.

Installation has changed a bit since CentOS 5, but is still simple and straight forward.

1. Install Tigervnc Server
  1. [root@demo ~]# yum -y install tigervnc-server
2. Install X Windows and GNOME.

This used to be yum groupinstall “X Window System” “GNOME Desktop Environment”, but is now simply:

  1. yum groupinstall “X Window System” “Desktop”
3. Create a user (or use and existing user) and create VNC login.
  1. [root@demo ~]# useradd david
  2. [root@demo ~]# passwd david
  3. Changing password for user david.
  4. New password:
  5. Retype new password:
  6. passwd: all authentication tokens updated successfully.
  7. [root@demo ~]# su – david
4. Switch to the user (su – user) and issue ‘vncpasswd’ to set the VNC password
  1. [david@demo ~]$ vncpasswd
  2. Password:
  3. Verify:
  4. [david@demo ~]$
5. Start VNC using ‘vncserver :1’
  1. [david@demo ~]$ vncserver :1
  2. xauth:  creating new authority file /home/david/.Xauthority
  3. New ‘demo.domain.net:1 (david)’ desktop is demo.domain.net:1
  4. Creating default startup script /home/david/.vnc/xstartup
  5. Starting applications specified in /home/david/.vnc/xstartup
  6. Log file is /home/david/.vnc/demo.domain.net:1.log
  7. [david@demo ~]$
6. Stop VNC using using ‘vncserver -kill :1’
  1. [david@demo ~]$ vncserver -kill :1
7. Setting resolution:

In /etc/sysconfig/vncservers, add a line for each user.

NOTE: if you if you need to install Oracle software, use geometry 1024×768.

You can also do this via the shell using: vncserver :1 -geometry 1024×768 -depth xx

  1. # The VNCSERVERS variable is a list of display:user pairs.
  2. #
  3. # Uncomment the lines below to start a VNC server on display :2
  4. # as my ‘myusername’ (adjust this to your own).  You will also
  5. # need to set a VNC password; run ‘man vncpasswd’ to see how
  6. # to do that.  
  7. #
  8. # DO NOT RUN THIS SERVICE if your local area network is
  9. # untrusted!  For a secure way of using VNC, see this URL:
  10. # http://kbase.redhat.com/faq/docs/DOC-7028
  11. # Use “-nolisten tcp” to prevent X connections to your VNC server via TCP.
  12. # Use “-localhost” to prevent remote VNC clients connecting except when
  13. # doing so through a secure tunnel.  See the “-via” option in the
  14. # `man vncviewer’ manual page.
  15. # VNCSERVERS=”2:myusername”
  16. # VNCSERVERARGS[2]=”-geometry 800×600 -nolisten tcp -localhost”
  17. VNCSERVERS=“1:david”
  18. VNCSERVERARGS[1]=“-geometry 1024×768”

For multiple users, simply add the user to the VNCSERVERS list and add a VNCSERVERARGS[x] entry.

So for three users:

  1. VNCSERVERS=“1:david 2:bill 3:john”
  2. VNCSERVERARGS[1]=“-geometry 1024×768”
  3. VNCSERVERARGS[2]=“-geometry 1024×768”
  4. VNCSERVERARGS[3]=“-geometry 640×480”
8. Open the port for the user, in this case 5801.
  1. -A INPUT -m state –state NEW -m tcp -p tcp –dport 5801 -j ACCEPT

Save and restart IP Tables (/etc/init.d/iptables save | restart)

9. Connect using VNC Viewer with IP:1

10. You should now be connected to your CentOS desktop

CentOS Wiki: VNC ( Virtual Network Computing )

How to Enable or Disable Root login via SSH

This post will cover how to enable (or disbale) Root login via SSH.

It’s always best practice that any machine on the internet not allow direct Root login via SSH.

To allow Root to log in, we need to update our sshd_config file located at /etc/ssh/sshd_config.

To update this file, we need to switch over to Root:

  1. [admin@blanche ~]$ su root
  2. Password:
  3. [root@blanche ~]#

Go to the /ect/ssh directory:

  1. [root@blanche ~]# cd /etc/ssh
  2. [root@blanche ssh]#

Now, let’s edit our sshd_config file using vi:

  1. [root@blanche ssh]# vi sshd_config

Look for the following section (about 1/3 of the way down):

  1. #LoginGraceTime 2m
  2. PermitRootLogin no

Hit “i” to insert and then change the value for PermitRootLogin from no to yes.

Hit Escape and then :wq! to save changes and close the file.

Finally, still as Root, we need to restart SSHD using /etc/init.d/sshd restart.

  1. [root@blanche ssh]# /etc/init.d/sshd restart
  2. Stopping sshd:                                             [  OK  ]
  3. Starting sshd:                                             [  OK  ]

Exit your session, open a new terminal and confirm you are now able to login as Root:

  1. login as: root
  2. root@blanche’s password:
  3. Last login: Mon Jun 28 16:21:53 2010
  4. [root@blanche ~]#

To prevent Root log in, simply set to (or change to) PermitRootLogin no in your sshd_config

Bookmark and Share

Frequently used OS (Linux/Solaris/AIX) Command for DBA

As a DBA you need to use frequent OS command or alt least how to query the OS and its hardware. Usually we do it before fresh install upgrade, migrate of database/operating system. Here is some of the useful frequently used day to day OS command for DBA.
To find and delete files older than N number of days:
find . -name ‘*.*’ -mtime +[N in days] -exec rm {} \;
Example : find . -mtime +5 -exec rm {} \;
The above command is specially useful to delete log, trace, tmp file
To list files modified in last N days:
find . -mtime – -exec ls -lt {} \;
Example: find . -mtime +3 -exec ls -lt {} \;1
The above command will find files modified in last 3 days
To sort files based on Size of file:
ls -l | sort -nk 5 | more
useful to find large files in log directory to delete in case disk is full
To find files changed in last N days :
find -mtime -N –print
Example: find -mtime -2 -print
To find CPU & Memory detail of linux:
cat /proc/cpuinfo (CPU)
cat /proc/meminfo (Memory)
Linux: cat /proc/cpuinfo|grep processor|wc -l
HP: ioscan -fkn -C processor|tail +3|wc -l
Solaris: psrinfo -v|grep “Status of processor”|wc –l
psrinfo -v|grep “Status of processor”|wc –l
lscfg -vs|grep proc | wc -l
To find if Operating system in 32 bit or 64 bit:
ON Linux: uname -m
On 64-bit platform, you will get: x86_64 and on 32-bit patform , you will get:i686
On HP: getconf KERNEL_BITS
On Solaris: /usr/bin/isainfo –kv
On 64-bit patform, you will get: 64-bit sparcv9 kernel modules and on 32-bit, you will get: 32-bit sparc kernel modules. For solaris you can use directly: isainfo -v
If you see out put like: “32-bit sparc applications” that means your O.S. is only 32 bit but if you see output like “64-bit sparcv9 applications” that means youe OS is 64 bit & can support both 32 & 64 bit applications.
To find if any service is listening on particular port or not:
netstat -an | grep {port no}
Example: netstat -an | grep 1523
To find Process ID (PID) associated with any port:
This command is useful if any service is running on a particular port (389, 1521..) and that is run away process which you wish to terminate using kill command
lsof | grep {port no.} (lsof should be installed and in path)
How to kill all similar processes with single command:
ps -ef | grep opmn |grep -v grep | awk ‘{print $2}’ |xargs -i kill -9 {}
Locating Files under a particular directory:
find . -print |grep -i test.sql
To remove a specific column of output from a UNIX command:
For example to determine the UNIX process Ids for all Oracle processes on server (second column)
ps -ef |grep -i oracle |awk ‘{ print $2 }’
Changing the standard prompt for Oracle Users:
Edit the .profile for the oracle user
PS1=”`hostname`*$ORACLE_SID:$PWD>”
Display top 10 CPU consumers using the ps command:
/usr/ucb/ps auxgw | head -11
Show number of active Oracle dedicated connection users for a particular ORACLE_SID
ps -ef | grep $ORACLE_SID|grep -v grep|grep -v ora_|wc -l
Display the number of CPU’s in Solaris:
psrinfo -v | grep “Status of processor”|wc -l
Display the number of CPU’s in AIX:
lsdev -C | grep Process|wc -l
Display RAM Memory size on Solaris:
prtconf |grep -i mem
Display RAM memory size on AIX:
First determine name of memory device: lsdev -C |grep mem
then assuming the name of the memory device is ‘mem0’ then the command is: lsattr -El mem0
Swap space allocation and usage:
Solaris : swap -s or swap -l
Aix : lsps -a
Total number of semaphores held by all instances on server:
ipcs -as | awk ‘{sum += $9} END {print sum}’
View allocated RAM memory segments:
ipcs -pmb
Manually deallocate shared memeory segments:
ipcrm -m ”
Show mount points for a disk in AIX:
lspv -l hdisk13
Display occupied space (in KB) for a file or collection of files in a directory or sub-directory:
du -ks * | sort -n| tail
Display total file space in a directory:
du -ks .
Cleanup any unwanted trace files more than seven days old:
find . *.trc -mtime +7 -exec rm {} \;
Locate Oracle files that contain certain strings:
find . -print | xargs grep rollback
Locate recently created UNIX files:
find . -mtime -1 -print
Finding large files on the server:
find . -size +102400 -print
Crontab Use:
To submit a task every Tuesday (day 2) at 2:45PM
45 14 2 * * /opt/oracle/scripts/tr_listener.sh > /dev/null 2>&1
To submit a task to run every 15 minutes on weekdays (days 1-5)
15,30,45 * 1-5 * * /opt/oracle/scripts/tr_listener.sh > /dev/null 2>&1
To submit a task to run every hour at 15 minutes past the hour on weekends (days 6 and 0)
15 * 0,6 * * opt/oracle/scripts/tr_listener.sh > /dev/null 2>&1
For more related Linux/Solaris Basic command click on the link: Basic Linux/Solaris Command

Basic Linux Command for Beginners

The purpose of this document is to understand the Basic Linux command in a fast or simple way. It assumes that we have very little exposure of Linux command.

If we are familiar with DOS command then it is easy to understand Linux command with the following differences:

  1. In Linux/UNIX, commands and filenames are case sensitive, meaning that typing “EXIT” instead of the proper “exit” is a mistake.
  2. In DOS, the forward-slash “/” is the command argument delimiter, while the backslash “\” is a directory separator. In Linux/UNIX, the “/” is the directory separator, and the “\” is an escape character.
  3. The DOS world uses the “eight dot three” filename convention, meaning that all files followed a format that allowed up to 8 characters in the filename, followed by a period (“dot”), followed by an option extension, up to 3 characters long (e.g. FILENAME.TXT). In UNIX/Linux, there is no such thing as a file extension. Periods can be placed at any part of the filename, and “extensions” may be interpreted differently by all programs, or not at all.

cat

Display the contents of a text file on the screen. For example: cat contact.txt would display the file we created in the previous section.

tail -f

Display the last few lines of a text file, and then output appended data as the file grows (very useful for following log files!). Example: tail -f /var/log/messages

top

Displays CPU processes in a full-screen GUI. A great way to see the activity on your computer in real-time. Type “Q” to quit.

echo

Display text on the screen. Mostly useful when writing shell scripts. For example: echo “Hello World”

find

It can be used to search for files matching certain patterns, as well as many other types of searches. example: find . -name \*mp3. This example starts searching in the current directory “.” and all subdirectories, looking for files with “mp3” at the end of their names.

locate

A quick way to search for files anywhere on the file system. For example, you can find all files and directories that contain the name “oracle” by typing: locate oracle

which

Shows the full path of shell commands found in your path. For example, if you want to know exactly where the “grep” command is located on the filesystem, you can type “which grep”. The output should be something like: /bin/grep

cp, mv

First one Copies a file from one location to another. Example: cp mp3files.txt /tmp (copies the mp3files.txt file to the /tmp directory) and second one moves a file to a new location, or renames it. Example: mv mp3files.txt /tmp (copy the file to /tmp, and delete it from the original location)

rm

Delete a file. Example: rm /tmp/mp3files.txt

mkdir, rmdir

First one Make Directory. Example: mkdir /tmp/myfiles/ and second one Remove Directory. Example: rmdir /tmp/myfiles/

ls

List all files in the current directory, in column format For example: ls /usr/bin/d* This command list all files whose names begin with the letter “d” in the /usr/bin directory.

cat /proc/cpuinfo, cat /proc/meminfo

Display information about CPU and Memory usage

uname -a

Prints system information to the screen (kernel version, machine type, etc.)

ps

Lists currently running process (programs).

more, less

First command Display a file, or program output one page at a time and second one is the improved replacement of first one allows you to move backward as well as forward. Example: ls -la | more

grep

Search for a pattern in a file or program output. For example, to find out which TCP network port is used by the “nfs” service, you can do this: grep .nfs. /etc/services. This looks for any line that contains the string “nfs” in the file “/etc/services” and displays only those lines.

su

It allows you to switch to another user account temporarily. Example: su Shahid, su – (Switch to root, and log in with root’s environment)

“history”

It shows your complete command history.

chmod

To change file access permission.

Note: Press (CTRL-R) and then type any portion of a recent command. It will search the commands for you, and once you find the command you want, just press ENTER.

Help: When you are struck and needing help with a Linux command just press “-h” or “help”

Example:  grep  — help (built in help)

Example: man ls (get the help on ls) or man man (a manual about how to use the manual)

Example: info df (load information page)

For more frequently used OS Command for DBA click on the link: Frequently used OS (Linux/Solaris/AIX) Command for DBA

Do not invoke SQL*Plus with a password On UNIX and Linux platforms.

Most of us sometimes start SQL * Plus with a password on UNIX and Linux platforms without knowing security threat.

For example, an application user connects SQL * Plus by passing username and password on Unix/Linux Server.

$ sqlplus apps/apps@proddb

Here the sqlplus command parameters are very much available for viewing by all operating system users on the same host computer; as a result, password entered on the command line could be exposed to other users, as below.

$ ps -efgrep sqlplus
oracle 14490 2190 0 16:31:53 pts/5 0:00 sqlplus apps/apps@proddb
oracle 14493 14491 0 16:32:01 pts/5 0:00 grep sqlplus

So, there might be a chance for an intruder to know the user id and password, and can connect to the database using that credentials.

Then, following is the secure and best way of connecting SQL * Plus where the password is not exposed on the command line.

$ sqlplus apps@proddb
Enter password: ****

Or, even not to expose the username and connecting string.

$ sqlplus
Enter user-name: apps@proddb
Enter password: ****

Or

$ sqlplus /nolog
SQL> connect apps@proddb
Enter password: ****

And also, do not use the password while invoking Export/Import Utility using exp/imp command line, and for any other command line utilities which you think the password will be exposed to others.

On Microsoft Windows, the command recall feature (the Up arrow) remembers user input across command invocations.

For example, if you use the CONNECT APPS/password notation in SQL*Plus, exit, and then press the Up arrow to repeat the CONNECT command, the command recall feature discloses the connect string and shows the password. So, it is advice *NOT* to pass the password while connecting to SQL * Plus on windows as well.

UNIX Useful Commands

1) Find whether OS is 64/32 Bit Kernel in UNIX.

uname -a

2) Find free physical memory in UNIX.

free -m

3) Find CPU details in UNIX.

cat /proc/cpuinfo

4) Find files modified within specific time.

find . -mtime -3 (modified less than 3days ago)

5) command used to alter file permissions.

chmod 777 abc.txt

6) Command used to reset the Ownership.

chown oracle:dba abc.txt

7) command used to set, or reset, the users login password.

Passwd username

8) Kill specific process in UNIX.

Kill -9 processid

9) Command used for display last given lines of a file.

tail -n alert_PROD.log

10) Command used for intall a rpm package.

rpm -ivh packagename.rpm

11) Command used to querry about any rpm package

rpm -q packagename

12) Command to Check the server up time

uptime

13) Command to check the file versions

strings -a <filename> |grep ‘$Header’

14) Command will keep ‘n’ number of days files and remove rest of file.

find . -mtime +n -exec rm  {} \; &

15) Basic commands for  vi editor

i   :- insert before cursor.

l   : insert begining of the line.

a  :- append after the cursor.

A  :- Append at the end of the line.

o :- insert a blank line below the cursor.

O :- insert a blank line above the cursor position.

h :- from current position one char towards left .

I :- from current position one char towards right.

j :- from current position one line towards down.

k :- from current position one line towards up.

Shift+g  :- go to end of the file.

Shift+:1 :- go to top of the file.

dd –> delete the ful line.

:q! —> closing the file without saving any changes.

:wq! –> save the changes and force close.

:w –> to save the changes without closing the file.

Make operating system user non expiry

Many times proper functioning of application demands that the account/password of the OS (Linux/UNIX) user which owns the application should not expire.

chage is the OS command by which we can control the number of days between password changes and the date of the last password change.

The chage command is restricted to the root user, except for the -l option, which may be used by an unprivileged user to determine when the password or account is due to expire.

Let us make password of ‘oracle’ OS user account as non-expiry.

1) CHECK THE CURRENT STATUS OF USER

2) CHANGE AND MAKE IT NON-EXPIRY

# chage -m -1 -M -1 -I -1 -E -1 oracle

Where:

[-m mindays]
[-M maxdays]
[-d lastday]
[-I inactive]
[-E expiredate]
[-W warndays]

3) VERIFY

[root@rclnperp20 ~]# chage -l oracle