Lista poslednjih: 16, 32, 64, 128 poruka.

Moje RHCE notes. Za Linux pocetnike - podsetnik.

[es] :: Linux :: Moje RHCE notes. Za Linux pocetnike - podsetnik.

[ Pregleda: 2606 | Odgovora: 4 ] > FB > Twit

Postavi temu Odgovori


Pretraga teme: Traži
Markiranje Štampanje RSS

Đorđe Đokanović
IT Support Engineer II

Član broj: 90589
Poruke: 672


+92 Profil

icon Moje RHCE notes. Za Linux pocetnike - podsetnik.24.08.2010. u 19:08 - pre 168 meseci
ACL - Access Control Lists

Prvo mora da se u fstab doda

LABEL=/home             /home                   ext3    defaults,acl    0 0

ili na nekom drugom mount point-u.


mount -o remount -o acl LABEL=/home

da vidimo trenutni ACL na /home/folderu

getfacl /home/djordje

sada treba da podesiti prvo acl za folder u kom je file

setfacl -m user:djordje:r-x /home/djordje

setfacl -m mask:r-x /home/djordje

maska je vazna jer ona dozvoljava svima sa acl liste odredjeni pristup, kako smo je vec podesili.

Da objasnim malo ovo

Imamo folder test, gde je useru(root) dozvoljeno rwx, grupu i other su oduzeta sva prava.

drwx------   3 root root 4096 Aug 24 08:22 test

Izlistacemo ACL

getfacl test

# file: test
# owner: root
# group: root

Sada dozvolimo useru djordje da pristupi folderu

setfacl -m u:djordje:rx test/

namestimo masku samo read

setfacl -m m:r test/

dobijamo sledeci ACL na test

getfacl test
# file: test
# owner: root
# group: root
user:djordje:r-x                #effective:r--

U ovoj situaciji i pored rx premisija za usera djordje on ne moze da pristupi folderu zbog effective premisije maske!

For example, to give read and write permissions to user andrius:

setfacl -m u:andrius:rw /project/somefile

For example, to remove all permissions from the user with UID 500:

setfacl -x u:500 /project/somefile


To set a default ACL, add d: before the rule and specify a directory instead of a file name.

For example, to set the default ACL for the /share/ directory to read and execute for users not in the user group (an access ACL for an individual file can override it):

setfacl -m d:o:rx /share


setfacl -m u::rx,g::rw,m:---,u:djordje:rw dir

:: izmedju usera i prava znaci da se odnose na sve usere
da se izbrise dafault

setfacl -k dir



ide samo na particije znaci podesi se u fstab
/dev/VolGroup00/LogVol00 /                       ext3    defaults,grpquota,usrquota        1 1

posle promene a mora i remount (mount -o remount /home) ako je / onda mora restart

zatim izvrsite sledecu komandu

quotacheck -avcm

zatim dodeljumemo koliko prostora moze svako da koristi

edquota user_name

edquota -t
(grace period za soft, posle toga ne user ne moze nista da dodaje nego mora da obrise nesto da bi oslobodio prostor)
repquota -s /
("/" je mout na kom je namestena quota, ova komanda ce izlistati kvote za sve usere na mount pointu)

edquota -up bora aleksa vesna
(ovo ce da iskopira quota settings bore na aleksu i vesnu)



se koristi za izmenu ovog file




cd              -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
nfs             -fstype=nfs
project         -fstype=ext3 :/dev/sdb1        (to mount localfilesystem)
samba           -fstype=cifs,username=djordje,password=djordje ://


//     /root/samba     cifs    username=djordje,password=djordje 0 0 /root/nfs          nfs     soft,timeo=300 0 0

Vrlo je vazno da se zapamti tacan format za automount i fstab, ovo "://" nije "//" ili ":/", ukoliko pogresimo jednostavno se to nece mountovati.




ako hocemo da stavimo sifru


zatim u grub.conf

will lok like:

password --md5 copy-of-the-output

Da se ukuca sifra u Grub, pritisnite "p"
komande u grub.conf

grub> find (hd0,0)/grub/grub.conf
(i menjamo ovu drugu "0" redom dok ne dobijemo pravu particiju)

komande redom

kernel vmlinuz (tab za complete)
initrd (tab za complete)


LVs , VGs , PVs

Krenucemo redom. Imamo disk/particije sdb1 i sdc1

Prvo kreiramo Phisical Volumes

pvcreate /dev/sdc1
pvcreate /dev/sdb1


kada kreiramo 2 ili vise physical volume onda kreiramo

Volume group

vgcreate imekojehocemozagrupu /dev/sdc1 /dev/sdb1

mozemo da dodajemo nove particije na VG

vgextend imegrupe /dev/sdf1 (recimo)

onda kreiramo logical volumes u grupi koje posle mozemo da formatiramo kao obicne diskove (zise, type..)

lvcreate -l number_of_pes imegrupe -n logvol(imeparticije)

ili sa odgovarajucom velicinom

lvcreate -L 200m imegrupe -n flex

da vidimo sta imamo i gde se nalazi LV i GV


onda kreiramo filesistem za logilac volume

mkfs -t ext3 /dev/prvagrupa/logvol

vgreduce --removemissing VolGroup00

da dodamo novi prostor

lvextend -L+2M /putanja_koju_vidimo_sa_lvscan

resize2fs /putanja_koju_vidimo_sa_lvscan

( ako ovo nece onda mora umount pa e2fsck -f /putanja_koju_vidimo_sa_lvscan)


zatim u fstab mozemo da kucamo
LABEL=/home/mj /home/mj ext3 defaults 1 2

ali da bi ovo koristili moramo da naprvimo label za isti

e2label /dev/prvagrupa/logvol /home/mj

ili u fstab umesto





9. Apache

rpm -q httpd

rpm -q mod_ssl

da se instalira





main config file



document root za website je


uglavnom se kreiraju diretorijumi za odredjene domene


mkdir /var/www/virtuallab.internal


alias za bilo koji folder a u folderu treba da se nalazi index.html, index.htm ...

alias /www.virtuallab.middle /var/www/virtuallab.middle (ne mora isto ime da vude sa folderom)

<VirtualHost www.virtuallab.middle>
ServerName www.virtuallab.middle
DocumentRoot "/var/www/virtuallab.middle"
ServerAdmin [email protected]
ErrorLog logs/virtuallab.external-error_log (napravimo ove file)
CustomLog logs/virtuallab.external-access_log common (napravimo ove file)

<Directory "/var/www/virtuallab.middle">
# Order deny,allow (if we set up order allow,deny access is denied by default)
# Allow from all
AuthType Basic
AuthName "Unesite svoju Sifru."
AuthUserFile /etc/httpd/webpass
require valid-user

htpasswd -c /etc/httpd/webpass djordje (-c kreira file user_pass)


SAmo djordju useru dozvoliti pristup

Require user djordje (ovo isto ide u DIRECOTRY continer)

DA se regulise pristup grupi dodaju se ovi :

AuthGroupFile /etc/httpd/webgroups (naravimo ovaj fle Ime_grupe: user1 user2 ..)
Require group Design



access_log error_log

SELINUX (man httpd_selinux)

chcon -R -u system_u /var/virtuallab
chcon -R -t httpd_sys_content_t /var/virtuallab


kad dodamo ovo
ServerAlias vituallab.external www2.virtuallab.external


<NameVirtualHost *:443>


Ako koristimo .htaccess file moramo u Directory container da ubacimo opciju

AllowOverride Options

A inace htaccess se smesta u web directory


Everthing HAS TO BE accesible by user apache!

10. Named

instalira se

yum install bind
yum install system-config-bind


zatim ici na system-config-bind

onda snimiti default i to je up and running cahing onliy server (to se recrusive=yes)

ovaj ce generisati named.conf u /etc/named.conf

chkconfig named on


kada kreiramo novu zonu svi fileovi ce biti u /var/named

ako hocemo drugu lokaciju mora da se specificira tacno


port je UDP 53


11. Network mix

ovo znaci da kad se zeli komunicirati sa 12.14.543.32 uvek ide preko

route add -host 12.14.543.32 gw (na primer)
route del 12.14.543.32 (samo adresa koja se bise je dovoljna)


kada hocemo da komuniciramo sa celim subnet

route add -net 12.14.543.0 netmask gw


dig informacije o serverima (primer:dig MX)

netstat -antu -c(za refresh svake sekunde) | less ( za procese ukljucujuci tcp i udp)

65535 portova postoji

-s | less (statistical information about tcp stack)

-l (listening)

-r routing table isto kao i "route")

Kompjuteri nikad nece slati zahteve ispod porta 1024 =, uvek je taj port veci ka poru na racunaru koji je uglavnom ispod 1024.


nmap -v -O -sS -p 22


w ko je logovan trenutno
who -a (preciznija je za vreme logovanja u minut)
last (govori o login/logout usera) i koliko je puta system restart)

/etc/issue kernel i os informacije
/etc/motd (informacija koja se ispisuje kad s eneko loguje )
rdesktop -g 550x450 za remote desktop

12. Nfs



/temp_dir *(rw,sync,no_root_squash)
/temp_dir *.virtuallab.internal(ro,sync)

no_root_squash (remote root users will not be treated as a root once they connect to the server)

onda mount

remote ip

mount -t nfs /local_dir/

showmount -e (da se vidi shareovano)




da nfs share bude permanent

/etc/fstab /home nfs rw,soft,timeo=100 0 0


Primer za auto.misc

nfs_centos1 -rw,soft,intr centos1:/nfs_homes/home

/etc/ ime_servera


after changes in /etc/exports

exportfs -a (za sve)
exportfs -r (procitaj sta je"r") kada dodamo dir run this command da se dodaju u shares


2049 TCP/UDP

rpcinfo -p

onda gledamo 4 deamon

locked (TCP)
locked (UDP)
mountd (TCP)
statd (TCP)

Da se staticki konfigurisu portovi.

/etc/sysconfig/nfs (da se odkomentuju svi portovi koje koristi - mogu i da s epromene po zelji)

U suprotnom portovi se menjaju random kad se restart!
support to write access

setsebool -P nfs_export_all_rw 1

fstab line /home/vesna/nfs_home nfs rw,soft,intr 0 0

Host acces se regulise u /etc/exports
User Acces preko acl!




edit /etc/yp.conf

domain domain_name server server_name
chkconfig ypbind on

edit /etc/nsswitch.conf

passwd: files nis
shadow: fils nis
group: files nis

man ypbind_selinux

setsebool -P allow_ypbind 1



we need
openldap-clients, openldap, nss_ldap

da se konfigurise klijent treba da se modifikuje ldap.conf na dva mesta




base dc=example,dc=com
URI ldap:// (zameniti 127 sa ip ldap servera a examplesa imenom domena)


14. NTP



ovi da se comment out

#restrict default kod nomodify notrap nopeer noquery
#restrict -6 default kod nomodify notrap nopeer noquery
#restrict -6 ::1



odnosno svi restrict - comment out


izbrise se

nopeer noquery

dodajes servere

server ip/server_name

kad hoces da bude server onda se aktivira ovaj restrict za odredjeni subnet

restrict mask nomodify notrap

SElinux da se iskljuci za ntp

setsebool -P ntpd_disable_trans 1

chkconfig ntpd on


ntpq -np (to query status of time sync) no "n" da vidmo imena servera

ntpq -n (interactive mode)
ntpdate -u (za update)

PORT 123


15. PAM

knjiga 305

cd /usr/share/doc/pam-


moduli su


applications are PAM aware, tako da samo aktiviramo pam i on radi

PAM moze da disable access userma shodno vremenu, password expiration, ili lista restricted usera

ako ne moze da seloguje user treba proveriti

/var/log/secure da vidmo dal PAM zabranjuje????

.so fileovi


e /etc/pam.d/ su deamons koji mogu da se kontrolisu preko conf file-ova u /etc/security, a u same deamons ubacujemo .so file:


account required /lib/security/

ciji je config file u /etc/security/access.conf




recmo da zabranimo bori da se loguje koristeci sshd

a onda u


account required

15.4 Custom PAM Example

This example limits who can use SSH based on a list of users.

1. In /etc/pam.d/sshd, add the following line:

auth required /lib/security/ onerr=fail item=user sense=allow file=/etc/sshd_users

The above will allow a user to login via sshd if they are listed in the /etc/sshd_users file. The options specified have the following meanings:

* onerr=fail - If an error occurs (file specified isn't found, or an improperly formatted entry is found in the file), fail this test. This will deny the user access via sshd. The other possible option for "onerr" is "succeed".

* item=user - This states that we are testing or verifying the user's login name.

* sense=allow - This means that if the user is found in the file specified, this test succeeds. This will allow the user access if all other PAM tests succeed as well. The other possible option for "sense" is "deny".

* file=/etc/sshd_users - This specifies the file that will contain the list of users (one per line) that are allowed to access sshd.

15.5 Time Based Restrictions

These examples will limit the login times of certain users. See /etc/security/time.conf for more information/examples. In order to place time restrictions on user logins, the following must be placed in /etc/pam.d/login:

account required /lib/security/

The remaining lines should be placed in /etc/security/time.conf.

1. Only allow user steve to login during on weekdays between 7 am and 5 pm.


2. Allow users Bilbo & Frodo to login on all days between 8 am and 5 pm except for Sunday.


If a day is specified more than once, it is unset. So in the above example, Sunday is specified twice (Al = All days, Su = Sunday). This causes it to be unset, so this rule applies to all days except Sunday.

15.6 Access Based Restrictions

/etc/security/access.conf can be used to restrict access by terminal or host. The following must be placed in /etc/pam.d/login in order for these examples to work:

account required /lib/security/

1. Deny steve login access on all terminals except for tty1:

-:steve:ALL EXCEPT tty1

2. Users in the group jedi are only allowed to login from a local terminal:


3. Allow user gandalf to only login from a trusted server:

-:gandalf:ALL EXCEPT


/lib/security/ account required
/lib/security/ auth required
/lib/security/ account required
/lib/security/ auth required use_uid (limiting use of su za wheel group)


16. Postfix malo


#myhostname = host.domain.tld
#myorigin =$mydomain
inet_interfaces = all
mynetworks =,


/etc/aliases (se dodaje za redirect)

username: username01, username 02
groupname: username01, username 02, othergroupname


alternatives --config mta (da se odabere default mail agent)


17. Kvote

prvo se dad u fstab



zatim se remount ta particija

mount -o remount,rw /home
mount -o remount / (Primeri)


1mb = 1000 u edquota soft i hard



zatim se run

quotacheck -cugm /home (ova komanda nam pravi dva file aquota.user i ovi fileovi bi trebaloda budu u root-u particije za koju smo aktivirali )

edquota -t djordje (za grace period)


edquota -u djordje

da se uzme kao template quota za user djordje i podesi za sotale

edquota -up djordje bora vesna aleksa adriana


quota za grupe

edquota -g djordje



soft - limit that can be exceededfor certain number of days or grace period

hard - they can never exceed hard limit


repquota -a (da izlista sve usere i quote - lepota :-)


18. RAID

RAID 0 koristi oba diska da pise po njima ne obezbedjuje data redudancy (ako jedan rikne ide sve u ku***)

RAID 1 mirroring izmedju 2 ili vise diskova

RAID 4 (requires 3 or more disks) jedan sluzi kao parity disk ostala dva za podatke, obezbedjena data redudancy

RAID 5 (requires 3 or more disks) slicno kao RAID 4 ali se parity nformacije pisu na svm diskovma , obezbedjena data redudancy

RAID 6 (requires 4 or more disks) two levels of parity, 2 moguda riknu i podaci da budu sigurni


da se vidi poostojeci RAID

cat /proc/mdstat

to find more about array

mdadm --detail /dev/md0 (il md1 ili koji vec)


da se kreira RAID

mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sdd1 /dev/sde1 (od ova 2 diska)


remove disk from raid

mdadm --verbose /dev/md0 -f /dev/sdd1 -r /dev/sdd1

add partition to RAID array

mdadm --verbose /dev/md0 -a /dev/sdd1


then it is necessary to create the /etc/raidtab file


zatm se formatira RADI devixce

mkfs.ext3 /dev/md0


19. Samba

instaliraju se

samba-swat (alat za upravljanje)

Dodavanje user-a

smbpasswd –a user_name

zatim dodati usere u /etc/samba/smbusers

onda u /etc/xinetd.d/swat se podesi disable=no

onda idemo na http://localhost:901


napravimo share ....

onda na

service smb start (automatski startuje i nmb)




Selinux je objasnjeno u OBAVEZNO!!!!!!!!!!!!!

man samba_selinux OBAVEZNO!!!!!!!!!!!!!

Kada se share novi folder ide ova komanda da mu se obezbedi pristup

chcon -t samba_share_t putanja_foldera
semanage fcontext -a -t samba_share_t "putanja_foldera(/.*)?" (ovo da bude permanent change)
restorecon -R -v putanja_foldera (da se apply promena)

da mogu useri da koriste

chmod +s /sbin/mount.cifs


mount.cifs // /root/test2 -o username=djordje


chmod 1777 putanja_foldera

(svi mogu da pisu u folder ali samo mozes da izbrises folder koji si ti napravio ne tudje)
testparm (da se tesrita samba za greske u syntax)

Samba client

smbclient -L centos1 -U aleksa (da se vide share-ovi na centos1 user djordje)

da ove dve komande napravimo exectuable

chmod +s /sbin/mount.cifs
chmod +s /sbin/umount.cifs

onda isprobamo

automount za directory sa linux i 2003

sa kog mount lokalni folder

mount.cifs //server2003/Test_Share /proba_mount -o username=djordje%sifra
umount.cifs proba_mount


onda mozemo
da ubacimo linije u .bashrc (odredjenog usera)
.bash_logout (istog usera)

To mount a Samba share to be mounted when a Linux system comes up after reboot edit the
/etc/fstab file and put entry as follows for your Windows/Samba share:

//ntserver/share /mnt/samba cifs username=username,password=password 0 0

GUI system/prefrences/more prefrences/sessions i add isto /sbin/mount.cifs ....



In the /etc/services file you will find a few lines that refer to Samba services

netbios-ns 137/udp # NetBIOS Name Service
netbios-dgm 138/udp # NetBIOS Datagram Service
netbios-ssn 139/tcp # NetBIOS Session Service
microsoft-ds 445/tcp # Microsoft Directory Service

-A RH-Firewall-1-INPUT -p udp -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT

host access u /etc/smb.conf
user acess takodje u smb.conf

20. Selinux

Privremena promena selinux

To se into passive(premisive) mode

echo 0 >/selinux/enforce

You'll need to be logged in as root, and in the sysadm_r role:
newrole -r sysadm_r

To enforce mode

echo 1 >/selinux/enforce

setenforce 1 | 0 isto ko ovo gore sa echo
getenforce da se vidi da koji je!


videti koji je mod

cat /etc/selinux/config


Stalna promena


SELINUX=enforcing ili SELINUX=permissive


brzi switch

echo 0 >/selinux/enforce (permissive)

echo 1 >/selinux/enforce (enforce)


You may never need to relabel an entire file system. This usually occurs only when labeling a file system for SELinux for the first time, or when switching between different kinds of policy, such as going from the targeted to the strict policy.

There is one good method for relabeling the file system. You may also hear about two other methods, both of which are not recommended. Here they are in order:

The best and cleanest method to relabel is to let init do it for you on boot.

touch /.autorelabel

By allowing the relabeling to occur early in the reboot process, you ensure that applications have the right labels when they are started and that they are started in the right order. If you relabel a live file system without rebooting, you may have processes running under the incorrect context. Making sure all the daemons are restarted and running in the right context can be difficult.

It is possible to relabel a live file system using fixfiles, or to relabel based on the RPM database:

fixfiles relabel
fixfiles -R packagename restore


21. Sendmail


ovi trebaju da budu install



mail is stored


aliases are in

/etc/aliases i /etc/aliases.db


/etc/mail (ovaj nikad da se ne dira) (ovaj treba da se modifikuje jer je makro pa ce on da napravi

i oako hocemo da menjamo ovaj .mc samo izbacimo 'dnl' na pocetku i promenimo sta vec hocemo



Ovo treba da se promeni

dnl # DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl da se komentuje ili promeni u odgovarajuci IP

zatim da starrujemo macro

m4 /etc/mail/ > /etc/mail/

zatim u access file u /etc/mail/access

ubacimo CONNECT:192.168.1 RELAY


makemap hash /etc/mail/access.db < /etc/mail/access


zatim local-host-names

tu se ubacuje domain

virtuallab.internal (recimo)_______________________________________________________________________________

/etc/mail/virtusertable (sadrzi mapping btween smtp and local user names)

[email protected] djordje
[email protected] aleksa

kada promenimo mora komanda

makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable

For example, if you want all email addressed to any account to be delivered to <[email protected]>, you need to add a line to the virtusertable file: [email protected]

Then, to add this new information to the virtusertable.db file, execute makemap hash /etc/mail/virtusertable < /etc/mail/virtusertable as root. This will create a new virtusertable.db that contains the new configuration.


Command line koricsenje

sendmail -v username

pisemo stavec

pa ctrl+d

/etc/mail/local-host-names (sadrzi domen koji senadmail handle)

u /etc/aliases

pera-zdera: root, djordje

ovo posle svake promene

newaliases (updates newaliases.db)


IPtables port 25 TCP

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT


alternatives --config mta (da se odabere default mail agent)


domaintable je za redirect domain


virtusertable (redirect mail lokalnog usera na neki drugi mail)

vesna@CeClean [email protected]


POP3 - port 110
IMAP - port 143
SMTP - port 25
HTTP - port 80
Secure SMTP (SSMTP) - port 465
Secure IMAP (IMAP4-SSL) - port 585
IMAP4 over SSL (IMAPS) - port 993
Secure POP3 (SSL-POP) - port 995


22. Squid


Doda se u conf file

acl local_net src
http_access allow local_net


file executable se nalazi u



port je default 3128 TCP

moze da se otvori port

moze i

iptables -t nat PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 3128



setsebool -P squid_connect_any 1



squid -z (da se kreira squid chache dir)


chkconfig squid on


Blokirati odredjenu rec u url

acl porn_block url_regex -i porn
http_access deny porn_block


acl work_days time M T W H F 14:20-14:37
http_access deny work_days


22. SSH

scp file_name user@ip: (default root)


ssh-keygen -t dsa
ssh-keygen -t rsa

napravi se file authorized_keys

iskopirati dva pub i presnimiti u /root/.ssh (ili koji vec user)



known_hosts se moze iskopira u /etc/ssh/ssh_known_host da bude za sve (global accesible dir)


man sshd_config (config file)


Port forwarding

ssh -L

zatim sve sto se na lokalu obrati na 8080 ide na linuxcbt

http://localhost:8080 port bound to

ovo slusa samo lokalno na zahteve

za ceo subnet znaci i spolja

ssh -g -L

port ce u ovom slucaju biti boundovan za - sve ip


port 22



23. TCP Wrappers



In the following example from a hosts.allow file, all hosts are allowed to connect to all services except


In the another example from a hosts.allow file, clients from the 192.168.0.x network can use all services except for FTP:

ALL EXCEPT vsftpd: 192.168.0.


It is also possible to specify a facility using the severity option. The following example logs any SSH connection attempts by hosts from the domain to the local0 facility with a priority of alert:

sshd : : severity local0.alert


24. Malo User sdministration

useradd -c "Proba" username
usermod -option username (usermod -G PrvaGrupa,DrugaGrua username)
userdel -option username

usermod -e 2009-16-06 username
chage username -M 2 (maximum number of days for one passwd)

chpasswd < file (username:passsword)
passwd username
groupadd groupname
groupdel groupname
groups username (list all the gruops user exists)
chmod u,g,o,-+rwx

Premmisions for Directories

execute u atributu - to enter dir

chown username.groupname file/directory
newgrp groupname ( i kada se prebais u grupu sve se automatsk podesava za tu grupu)


gpasswd -A user groupname (tada user moze da kontolise ko ce da bude u grupi ko ne)
gpasswd -a username groupname (da taj userdoda usere u grupu)
gpasswd -d username groupname (da se izbrise iz grupe)

usermod -e 07/06/2009 vesna


25. Change Desktop from Gnome to Kde

Open /etc/sysconfig/desktop file:
# vi /etc/sysconfig/desktop

Set DESKTOP variable to kde:


26. Cron

/etc/crontab (main conf file)

da se ecituje crontab

crontab -e

editovati za posebnog usera

crontab -u username -e

da file/script bude exetuable

chmod +x

every userthat creates cron entry will have a file in


ako napravimo u /etc/

cron.allow (samo userima koji su ovde je dozvoljeno da naprave cron entry)

-l da vidimo koji zadaci su zadati


je prakticno backup za cron (jel ako se restart sistem pa posle anacron proverava i startuje sa odredjenim delay)


at now

zatim at da startuje script

at> putanja do scripte

at now, at 21:21, at midnight, atq (da se vidi que)

ctrl+d izlaz iz at

batch (isto ko at ali kad sistem nije zauzet onda se start)

minute, hour, day of the month, month, day of the week

* * * * *

27. VsFTpd

cd /etc/vsftpd/vsftpd.conf


default directory

/var/ftp (ovde idu anonymous, ostali kad se loguju idu u svoje home directory)

da testiramo ftp

ftp localhost (ili ip)

user anonymous
pass [email protected] (samo da bude format email)


lcd (local directory)
!lcd (da se lista lokalno)


log file

xinetd i vsftpd


kopiramo ovaj file u /etc/xinet.d/vsftpd

promeniti na disable da se ne bi startovao, jer ce da ga startuje xinetd

zatim se treba da se stopira vsftpd da ne bi se kosile sa xinetd

u vsftpd.conf moramo da komentujemo #listen

moramo da uputimo xinetd da koristi vsftpd.conf (ln -s /etc/vsftpd/vsftpd.conf .) u /etc/pravimo

zatim restartujemo xinetd


set up download speed, ubaciti posle listen=

anon_max_rate=10000 (za anonymous 10000bytes=10k/s)
local_max_rate=15000 (lokalni)


restrict IP addresses that can access - ovo moze i preko TCP wrapers



then go /etc/ i touch vsftpd.banned_emails (inace ovo je default file koji vsftpd.conf pretrazuje)

samo redjas email jedan za drugim
zanimljive komande

max_per_ip= max nubmer of conection from one ip

SELinux issue

/usr/sbin/setsebool -P ftp_home_dir=1 (allow to change user dir for ordinary users)
Useri se kontrolisu preko ftpusers i user_list file-ova u /etc/vsftpd/

host access preko TCP Wrapers



Vazno - Gledaj Cesto (tako se meni zove file)

kad se doda disk u Vmvare da se scanira za hardware changes za hard disk
echo "- - -" > /sys/class/scsi_host/host#/scan (broj hosta je u pomenutom dir)

i onda da vidimo

fdisk -l
chmod g+s folder/file (da bude executable)
chmod uog-s folder/file (da se skine executable)


cat /etc/services (spisak srvisa i odgovarajucih portova)

Samo primer. sjajno, da vidis razliku izmedju dva ili vise file, u ovom slucaju vidis koje portove zauzima servis samba)

# service smb stop
# netstat -ln > netstat-ln-smb.before
# service smb start
# netstat -ln > netstat-ln-smb.after
# diff netstat-ln-smb.*


rucno dodavanje da se vide po imenu bez BIND

ip [tab] ime_kompjutera centos1


da vidmo dal service radi

ps -aux | grep ime_servisa

koprati dir home sa svim poddirektorijumima u current dir

cp -r /home/ .
date -s "05/15/2009 18:35" podesavanje vremena i datuma

find /dirtolook -name *.txt recimo

find -amin -10 (za sve fileove kojima je pristupljeno pre 10 minuta) + posle 10 min, samo 10 tacno minuta



sed 's/djordje/abrahim/g' sed_test > sed_output (da djordje zamenimao sa abrahim u sed_test i output u file sed_output)


tail -n20 messages (pretrazuje messages dvadeset zadnjih 20 linija)
tail -f imefilea (gleda log u realnom vremenu)


/etc/sysconfig (vazan folder za sistemska podesavanja ) keyoard, clok, iptables, network, static-routes, /etc/sysconfig/network-scripts/ifcfg-eth0, system-config-securitylevel (lista sve otvorene portove iz firewall inace je GUI)


kill -9 procesid ubija :)


Secure copy

scp user@host:remote-path local-path

scp -r [email protected]:~/tutorial ~/ (za ceo dir koristi se "-r")

cat /root/install.log (sta je instalirano)

/var/log/dmesg (o memoriji, cpu, a lot of nformation at boot time)


export PATH


kad se napravi user kreira se linija u

da bi sifru konvertovali u /etc/passwd i gpasswd

pwconv username
pwunconv username



free (komanda) koliko ima free memorije


da e napravi novi SWAP file

dd if=/dev/zero of=/swapfile bs=1024 count=1024
mkswap /swapfile
swapon /swapfile

nece da bude tu posle restart - mora da se ubaci u fstab

reread fstab
mount -a

env lista sve varijable
vrijable podesavamo

export TERM=vt100
export PATH=$PATH:/dir_za_path



xfs (xorg-x11-xfs-1.0.2-4.i386.rpm paket za eventualno --force install)
je vazan za X11 (GU) da se startuje. Config file je u /etc/X11/fs/config. Proveriti dal postoji ...
dal je startivan servic chkconfi --list xfs

system-config display se nalazi u /etc/X11/xorg.config

fontovi /usr/share/X11/fonts/misc

log file /var/log/Xorg.0.log

da se podesi env DISPLAY

export DISPLAY=localhost:0.0


export DISPLAY=:0.0


DA se doda virtuelna IP adresa na adapteru

ifconfig eth0 add



Example to create a 1GB file:

dd if=/dev/zero of=file_1GB bs=1024 count=1000
dd if=/dev/zero of=file_1GB bs=4096 count=250
dd if=/dev/zero of=file_1GB bs=2048 count=500

Example to create a 2GB file:

dd if=/dev/zero of=file_2GB bs=2048 count=1000
dd if=/dev/zero of=file_2GB bs=1024 count=2000

Example to create a 512MB file:

dd if=/dev/zero of=file_512MB bs=1024 count=500
dd if=/dev/zero of=file_1GB bs=512 count=1000

AWK za sve usere uid veci od 500

awk -F: '{if ($3>=500 && $3<=1000) print}' /etc/passwd | cut -d: -f1


Nesto Administracije

mkfs za (create, edit, move, rename partition)
fdisk (create, edit, move, rename partition)
fsck (no running at mounted systems)

df (filsystems, space, mounted)

du (disk usage)
du --max-depth=1 -h
cp -ar /home/* /root/test (sve fajlove i direktorijume)

To preserve the Ownerships of the files while copying it to some other location you can use the -pR switch as below:

cp -pR /path/of the/source /path/of the/destination

scp postojeci_folder [email protected]:/root/ (-r se koristi ako je folder)
symbolic link

ln -s fileOrFolderpostojeci novifile (soft moze da ide preko razlicitih diskova, hard ne moze)

grep '\<50.\>' /etc/group (da izlista sve koji imaju 50 i jos jedan broj -500, 501, . se koristi umesto asteriksa)


watch comand (svake dve sekunde komanda startuje opet)


rpm -ivh za instalaciju
rpm -Uvh instalira ako ne postoji i update
rpm -Fvh samo refresh-update


ntsysv (moze da se on/off procesi ali samo za current runlevel)



tar -cvzf ime_file.tar.gz /directory_to_tar /more_directory (kad se radi i gzip bez "z" samo tar)

tar -cvpf ime_file.tar --newer 16jun09 /directory_to_tar /another_directory

to see through tar

tar -tvpf ime_file.tar | less




#protocols - imap imaps pop3 pop3s (ostavimo koji nam trebaju)

#listen =

#ssl_disable = no (dve negacije znaci DA)


#ssl_cert_file =
#ssl_key_file =

Moguce da nam zatreba da koristmo


u suprotnom dovecotu ce biti problem sa userima koji nemaju home dir


Napravimo sertifikate

prvo izbrisemo generisane sertifikate




zatim napravimo sertifikate




995 ssl


Ima toga jos, ali je nepregledno do bola... Ovo mi je kao malo organizovano. Moze da sluzi kao podsetnik kad se sprema RHCE.


[Ovu poruku je menjao Machiavelli... dana 26.08.2010. u 17:32 GMT+1]
Having an idea is like being in a nutshell, but exchanging idea and collaborate
others is like being in infinite ocean of knowledge.

Veruj u sebe. Ako ti neces, ko hoce?!

„Bolje živeti 100 godina kao milioner, nego sedam dana u bedi.“
Odgovor na temu

System Administrator

Član broj: 14552
Poruke: 257

+3 Profil

icon Re: Moje RHCE notes. Za Linux pocetnike - podsetnik.25.08.2010. u 11:44 - pre 167 meseci
Cini mi se da text ima nekih gresaka, nisam stigao da procitam ceo ali ovo sto sam preleteo nasao sam u ACL-u i SELinux-u greske.
Tako da ne uzimajte ovo bas kao apsolutnu istinu.
Odgovor na temu

Đorđe Đokanović
IT Support Engineer II

Član broj: 90589
Poruke: 672


+92 Profil

icon Re: Moje RHCE notes. Za Linux pocetnike - podsetnik.25.08.2010. u 13:14 - pre 167 meseci
Sigurno ima gresaka, ovo samo moze da posluzi kao podsetnik ne kao neki definite guide. Ako nesto nije jasno ili nije tacno, ispravicu.
Having an idea is like being in a nutshell, but exchanging idea and collaborate
others is like being in infinite ocean of knowledge.

Veruj u sebe. Ako ti neces, ko hoce?!

„Bolje živeti 100 godina kao milioner, nego sedam dana u bedi.“
Odgovor na temu

Đorđe Đokanović
IT Support Engineer II

Član broj: 90589
Poruke: 672


+92 Profil

icon Re: Moje RHCE notes. Za Linux pocetnike - podsetnik.25.08.2010. u 19:03 - pre 167 meseci
U narednih par dana cu lepo da formatiram ceo post i proverim sve, tako da ce biti sve 100% ispravno, ako se ipak zalomi neka greska javite da ispravim.
Having an idea is like being in a nutshell, but exchanging idea and collaborate
others is like being in infinite ocean of knowledge.

Veruj u sebe. Ako ti neces, ko hoce?!

„Bolje živeti 100 godina kao milioner, nego sedam dana u bedi.“
Odgovor na temu

Srđan Pavlović
Specijalna Edukacija i Rehabilitacija MNRO
Vojvodina, Bačka Palanka

Član broj: 139340
Poruke: 5571


+382 Profil

icon Re: Moje RHCE notes. Za Linux pocetnike - podsetnik.25.08.2010. u 22:10 - pre 167 meseci
Hvala Djordje, moze biti korisno nekome. Ako uspes
malo da ih dodatno uoblicis i sredis, jos bolje ;)
Odgovor na temu

[es] :: Linux :: Moje RHCE notes. Za Linux pocetnike - podsetnik.

[ Pregleda: 2606 | Odgovora: 4 ] > FB > Twit

Postavi temu Odgovori

Lista poslednjih: 16, 32, 64, 128 poruka.