RHCSA Exam Practice
enable a repo
yum config-manager --add-repo <repo>
Set Special Permissions for a User - Use special permissions to /opt/backup/file1 so that user Andrew can read, write, and execute the file
1. # mkdir -p /opt/backup - p for collaborative directory 2. # touch /opt/backup/file1 3. # setfacl -m u:andrew:rwx /opt/backup/file1 4. # getfacl /opt/backup/file1 - to verify
Change Group Ownership *Create a collaborative directory /shared/sysusers with the following characteristics:* - group ownership of /shared/sysusers is sysusers - the directory should be readable, writeable, and accessible to members of sysusers, but not to any other user (it is understood that root has access to all files and directories on the system) - files created in /shared/sysusers automatically have group ownership set to the sysusers group
1. # mkdir -p /shared/sysusers 2. # ls -ld - to verify group creation and ownership 3. # chgrp sysusers /shared/sysusers 4. # ls -ld - again verify the change in group ownership 5. # chmod 770 /shared/sysusers 6. # ls -ld /shared/sysusers - to further verify 7. # chmod g+s /shared/sysusers/ 8. # touch /shared/sysusers/hello.txt - to verify 9. # ls -al /shared/sysusers - to verify the fie permissions and ownership
Find all Files Owned by a User - Find files in your system owned by the user andrew and copy all the files on /root/output directory
1. # mkdir /root/output 2. # find / -user andrew -exec cp -rvp {} /root/output/ \: 3. # ls -al /root/output
add secondary IPs 10.0.0.5/24 (ipv4) and fd01::100/64 (ipv6)
1. # nmcli con mod eth0 +ipv4.addresses "10.0.0.5/24" 2. # nmcli con mod eth0 +ipv6.addresses "fd01::100/64" 3. # nmcli connection show
find all files that are larger than 5MC in the /etc dir and copy them to /find/largefiles
find /etc -type f -size +5M > /find/largefiles
Configure Permissions *Copy the file /etc/fstab to /var/tmp so that:* - the file /var/tmp/fstab is owned by the root user - the file /var/tmp/fstab belongs to the group root - the file /var/tmp/fstab should not be executable by anyone - the user andrew is able to read and write /var/tmp/fstab - the user susan can neither write nor read - all other users (current or future) have the ability to read /var/tmp/fstab
1. # cp /etc/fstab /var/tmp 2. # ls -ld /var/tmp/ - to verify 3. # chmod a-x /var/tmp/fstab 4. # ls -ld /var/tmp/fstab - to verify 5. # setfacl -m u:andrew:rw /var/tmp/fstab 6. # setfacl -m u:susan:x /var/tmp/fstab 7. # ls -ld /var/tmp/fstab - to verify 8. # getfacl /var/tmp/fstab - to further verify
Cron Job - The user andrew must configure a cron job that runs daily at 15:25 local time and executes /bin/echo hello
1. # crontab -l - to check scheduled jobs 2. # cat /etc/crontab - to check formatting 3. # crontab -e 4. 25 15 * * * andrew /bin/echo "hello" 5. save and exit 6. # systemctl enable crond 7. # systemctl start crond 8. # crontab -l - to verify
Resize LVM - Resize your LVM partition to 350MiB
1. # fdisk /dev/diskname 2. n 3. p 4. Enter 5. +268M (Last sector -- we already have a LVM of 32M because of a previous question) 6. t 7. Enter 8. 8e 9. p 10. w 11. # partprobe /dev/diskname 12. # pvcreate /dev/newpartitionname 13. # pvs - to verify 14. # vgextend development /dev/newpartitionname 15. # vgs - to verify 16. # lvextend -L +268M /dev/development/engineering 17. # lvs - to verify 18. # xfs_growfs /dev/development/engineering 19. # lsblk - to verify 20. # reboot 21. # lvs - to verify
Create a LVM Partition - create LVM partitions of name: /dev/development/engineering of size 32MiB
1. # fdisk /dev/diskname 2. n 3. p 4. Enter 5. Enter 6. +100M 7. p 8. Enter 9. 8e - for Linux LVM 10. w 11. # partprobe /dev/diskname 12. # pvcreate /dev/newpartitionname 13. # pvs - to verify creation 14. # vgcreate development /dev/newpartitionname 15. # lvcreate -L 32M -n engineering development 16. # mkfs.xfs /dev/development/engineering 17. # mkdir /engineering 18. # mount /dev/development/engineering /engineering/ 19. # blkid /dev/development/engineering 20. copy the UUID output 21. # vim /etc/fstab 22. UUID=.... /engineering /xfs defaults 0 0 23. # reboot to verify - on reboot, if the system does not boot properly, select the RHEL server line, login to root, vim /etc/fstab, and comment out the newly added line. then reboot again
Change SELinux Mode - Selinux must be in enforcing mode
1. # getenforce - to check the current selinux mode 2. # setenforce 1 - set to enforcing - you could alternatively # vim /etc/sysconfig/selinux and manually change the value in the file
Search a String - search a string: root in /etc/passwd file and save it in /somefile
1. # grep root /etc/passwd > /somefile 2. # cat /somefile - to verify
Add Three Users with Distinct Permissions *Create the following users, groups, and group memberships:* - a group named sysusers - a user andrew who belongs to sysusers as a secondary group - a user susan who also belongs to sysusers as a secondary group - a user brad who does not have access to an interactive shell on the system, and who is not a member of sysusers - andrew, susan, and brad should all have the password == password
1. # groupadd sysusers 2. # useradd andrew -G sysusers 3. # passwd andrew 4. change andrew's password 5. # useradd susan -G sysusers 6. # passwd susan 7. change susan's password 8. # useradd brad -s /sbin/nologin 9. # passwd brad 10. change brad's password 11. # cat /etc/passwd - to verify 12. # grep sysusers /etc/group - to verify group membership
Configure IP Address, Gateway, and Hostname - IP: 192.168.0.10 - Gateway: 192.168.0.254 - Hostname: server1.example.com
1. # ip addr show - to view the current IP 2. # hostnamectl - to view the current hostname 3. # nmtui - to set a new hostname and new IP for the host 4. Select Edit a connection 5. Go to the internet interface (e.g.: eth0) 6. Go to IPv4 CONFIGURATION and change <Automatic> to <Manual> 7. Addresses <Add> 8. type 192.168.0.10 9. Go to Gateway 10. type 192.168.0.254 11. Go all the way down to <Ok> 12. Select <Quit> 13. # nmtui 14. Select Activate a connection 15. Select the internet interface and activate it 16. # ip addr show - to verify the IP change 17. # ip route - to verify the gateway change 18. # nmtui 19. Set system hostname 20. type server1.example.com 21. Click Ok to exit 22. # hostname - to verify hostname change 23. # reboot
Create ext4 file system partition and mount it in a directory - Your system should have a new 500MiB physical partition mounted under /mnt/new with a 500MB ext4 filesystem
1. # lsblk 2. choose unused disk 3. # fdisk /dev/diskname 4. n 5. p 6. Enter 7. Enter 8. +500M 9. Enter 10. p 11. w 12. # partprobe /dev/diskname 13. # lsblk - to verify partition creation 14. # mkfs.ext4 /dev/newpartitionname 15. # mkdir /mnt/new 16. # mount /dev/newpartitionname /mnt/new 17. # blkid /dev/newpartitionname 18. copy the UUID 19. # vim /etc/fstab 20. UUID=... /mnt/new ext4 defaults 0 0 21. # reboot
Extend a Swap Space to the Given Size - Extend swap space to 3GiB
1. # lsblk - check the swap space (assume our system has 2GB of swap space) 2. # fdisk /dev/diskname 3. n 4. p 5. Enter 6. Enter 7. +1G (last sector) 8. t 9. Enter 10. 82 - Linux swap 11. p 12. w 13. # partprobe /dev/diskname 14. # lsblk /dev/newpartname 15. # mkswap /dev/newpartname 16. copy the UUID output 17. # vim /etc/fstab 18. UUID=... swap swap defaults 0 0 19. # swapon /dev/newpartname 20. # free -m - to verify 21. # reboot 22. # free -m - to verify
Authenticate Users from LDAP *Authenticate users from LDAP Directory Servers which have:* - ServerName: server1.example.com - Base DN: dc=example,dc=com - Download certificate from: ftp://server1.example.com/pub/EXAMPLE-CA-CERT - Authenticate with users ldapuser1 with password == password - Configure autofs such that a server home directory is server1.example.com:/home/guests/ldapuser1 on /home/guests/ldapuser1
1. # yum -y install authconfig-gtk sssd autofs krb5* 2. # authconfig-gtk 3. LDAP Server: server1.example.com 4. Use TLS to encrypt connections 5. Download CA Certificate 6. Enter the given CA Certificate URL 7. Authentication Method = LDAP Password 8. Click Apply 9. # vim /etc/auto.master.d/ab.autofs 10. type this in the file: /home/guests /etc/sh.guests 11. save and exit 12. # vim /etc/sh.guests 13. type this in the file: * -rw,sync server1.example.com:/home/guests/& 14. Enter 15. on the new line, type: ldapuser1 -rw,sync server1.example.com:/home/guests/ldapuser1 16. save and exit 17. # systemctl stop autofs 18. # systemctl start autofs 19. # systemctl enable autofs 20. # getent passwd ldapuser1 - to verify 21. # su - ldapuser1 - to verify login and authentication
Reset root password
1. Before the system starts up, interrupt the boot process by pressing E 2. Go to the end of the line that starts with 'Linux16' 3. type rd.break 4. Press CTRL+X 5. type mount -o remount,rw /sysroot 6. Enter 7. type chroot /sysroot 8. type passwd root 9. Assign a new password 10. touch /.autorelabel 11. Enter 12. exit twice 13. Allow the system to reboot and then login with the new root password
configure a basic webserver that displays "Welcome to the webserver" once connected to it. ensure the firewalls allows the http/https services
1. dnf -y install httpd 2. dnf -y install firewalld 3. systemctl status firewalld 4. systemctl start firewalld 5. systemctl enable firewalld 6. firewall-cmd --add-port=80/tcp 7. systemctl status httpd 8. systemctl start httpd 9. systemctl enable httpd 10. cd /var/www/html 11. vim index.html <html> <head> Welcome to the webserver </head> </html>
create a yum repo
1. mkdir /rpms 2. copy the contents of both AppStream and BaseOS to this dir 3. cd /etc/yum.repos.d/ 4. vim Appstream.repo [AppStream] name="App Stream Repo" baseurl=file:///rpms/AppStream/ enabled=1 gpgcheck=0 :x 5. cp AppStream.repo BaseOS.repo 6. vim BaseOS.repo [BaseOS] name="Base OS Repo" baseurl=file:///rpms/BaseOS/ enabled=1 gpgcheck=0 :x 7. yum clean all 8. yum repolist 9. rpm --import RPM-GPG-KEY-redhat-release
boot into multiuser target by default and boot messages are persistent
1. systemctl get-default 2. systemctl set-default multi-user 3. cd /etc/default 4. vim grub 5. remove the "rhgb quiet" from the GRUB_CMDLINE_LINUX var
enable persistent packet forwarding
1. vim /etc/sysctl.conf net.ipv4.ip_forward=1 2. sysctl -p
