Linux from Scratch

#head -n num /directory/filename = for see only the starting 10 lines

#tail -n num /dir/filename= for last 10 lines
#tty = its a terminal
#cat /proc/cpuinfo = for info of cpuinfo
#lscpu = num of cpu listing
#cat /proc/meminfo = for memory info
#dmidecode = for all hardware info
#dmidecode -t product = for info of product details
#ls -li = i is idone number
#alias cls=clear = it alias the cmnd fr ex cls for clear screen

#ls -lh - h for human readale

#stat filname = for all info about the filename
#man = is used for info about command
#uptime = Load averege info
#cat > test1 = to create file & ctrl+d for save the file
#cat >> filename for append the file
#less & more- filename = for short line for read the file.
#rm -rf = for delete the everything without asking anything
#rm for delete file
#rm -i for interectly
#rm -ri for recorsivly
#cat filename | sort -r | tr 'a-z' 'A-Z'= for sorting the name & tranfering the
small alpha to Caps Alpha

In vi editor :w filename_bkp&timestamp for backup that file

#last cmmnd used for all info about loged in loggout reebooted server shudown
server details
#last |grep reeboot = for details about server rebboted
# who -b = for details about last time server booted

User Administrator
#useradd= for add user
#id = for check the which user ,group your are in
#gdisk - used for create partitions
#cat /etc/login.defs- this is the configuration file
#id - used for define user identification
root user id always 0 uid gid
system user id btewn 1-999
normal user id is frm 1000 to 60000
for customizing user identifier
# vi /etc/login.dfs & edit the user identifier
if you create a user bydefault group also create that is primary group , if you
have already have group you can add as a secondary group upto 15.

when you create a new user using useradd name that time in /etc/skell there is 3
file that /.bash_logout /.bash_profile /.bashrc coppied to the new user file & when
you logout the user /.bash_out file will excute & for login /.bash_profile
& /.bashrc file will excute
#etc/default/useradd - skell direct will visible & you can modify this file as you
want
#useradd -c "comment " username - for to add commnet while creating the user
/etc/passwd- stores username:X-password stored in shadow
file:UID:GID:commnent:/home-directory:/bin/bash
/etc/shadow- stores user password username:wjhdkjllwkqplpqwlsp-encrepted
passwd:passwd login date from 1970 to till date:how many time passwd change:maximum
paswwd change : passwd expire warning
/etc/group - stores username:group
#hostnamectl set-hostname - set hostname permanent
#dmidecode -s -for String keyword (for -s to check all the hardware related cmnd)
#grep filename /etc/paswd - to check password deatils
#chage -l username - to check policy of user
# which cmmnd - to check path of that cmmnd
#userdel for delete the user
#userdel -r username for delete user with respective directory
#groupadd for add group
#usermod -aG group username - for add in user to secondary group
#usermod -ag group usrname - for add user in primary group
#gpasswd -d username group - removing user from groups
#groupdel group name - to delete group
#useradd -d /directory/filename -u 1011 -c"comment" -m hp - for user creation with
customise.
for -m for mask, -c for comment, -u for uid.
#chown group:user: /directory/filename - for modify the user details 0r group
#chmod permission /directoy/username- for permision for that perticular
dir/filename
to change user directory #usermod -d directory to chnge user

without useradd commnd we can creating the user with the help of #vi /etc/passwd &
add the user parameters
create directory using mkdir -p /home/filename
#pwck - update pasword file
#pwconv - update group file
#grpck - update shadow file
than password chge the user using commnd paswwd username
#passwd -p username - for check status of user
#passwd -l lock
#passwd -u unlock
#passwd -d for remove pasword
#usermod -s for change the shell of the user
#chage -m 2 username(sajib) - for user cannot change paswd betwn 2days
#chage -E 12/31/2024 username for expire account
#chgrp groupname directory - to add directory in new group (fr ex: #chgrp sales
prod) sales is group & prod is directory.
#ls -ld - to check user details

chage --maxdays 365 <user>--- for password change

sudo chage --inactive 30 testuser--- for inactive

*NO EXEC Permission set on /dev/shm*

To set the noexec option on the /dev/shm partition in Suse Linux, edit the
/etc/fstab file, locate the line for /dev/shm, and add noexec to the mount options,
then remount the partition.
Here's a step-by-step guide:
1. Open the /etc/fstab file:
Code

sudo nano /etc/fstab

2. Locate the line for /dev/shm:
You'll likely find a line that looks similar to this (the tmpfs part might vary):
Code
 none /dev/shm tmpfs defaults 0 0
3. Modify the mount options:
Change the line to include noexec, nodev, and nosuid:
Code

none /dev/shm tmpfs defaults,noexec,nodev,nosuid 0 0

4. Save the changes:
Press Ctrl + X, then Y to save and exit the editor.
5. Remount /dev/shm:
Code

sudo mount -o remount,noexec,nodev,nosuid /dev/shm

Explanation:
/dev/shm:
This is a special filesystem used for shared memory, which can be vulnerable if
misconfigured.
noexec:
This mount option prevents the execution of programs from files within the /dev/shm
directory, enhancing security.
nodev:
This prevents the creation of special files (like character or block devices)
within the filesystem.
nosuid:
This prevents set-user-ID and set-group-ID bits from being applied to files in the
filesystem.
mount -o remount:
This command remounts the specified filesystem with the new options without
rebooting.

Permissions
chmod for change permission

ACL(Access control list)

#setfacl -m u:username:permision(rwx)/directory/filename - to only allow to
perticular user to access the particular file or directory without adding to that
group or without providing the rwx permission to others .
#getfacl username - to check permission of that user
#setfacl -R -m u:username:permision(rwx)/directory/filename - -R for recorsivly
means all apply to all
#setfacl -x u:username:permision(rwx)/directory/filename - to remove the special
permission
Stickybit - if i used stickybit i cannot remove or delete the others file but i
can access the file & i can remove my own file not for others
for applying stickybit 1 for apply or +t
for remove -t or 0
for ex #chmod 1777 /directory/filename

chattr filename - if you apply the chattr coomnd to the file even root also not
can remove that file
#chattr +i filename to apply chattr
#chattr -i- to remove

USID is used for normal user can access the Sbin Commnd (special cmmnd)
#chmod u+s sbin commnd for normal user or #chmod 4770 /usr/sbin/fdisk (chmod u+s
/usr/sbin/fdisk - u is normal user, s is suid, /usr/sbin/fdisk is sbin cmmnd path)-
for apply usid

SETGUID
#chmod u-s sbin cmmd or chmod 0775 /usr/sbin/fdisk for remove usid
#chmod g+s , or chmod 277 directory/file- used to if sales is a group & 4to5 users
are there, if anyone can create the file the automatically the file of the group
become sales thats y we use cmmnd #chmod g+s /tmp/prod(g for group, s for guid,
dirctory )

continue 4th video 55826 : 1:18:00

for provide sudo permission for perticular sbin cmmnd for normal user we need to
add permission in the sudoers file - #vi /etc/sudoers
than in allow root to run any cmmnd - add user & ALL= commnd path (for ex.
/usr/sbin/fdi

https://knowledge.broadcom.com/external/article/322249 - for vCenter certification

renew process

ADDING SUDO USER ACCESS:

1. Add the user to the wheel group:
Open a terminal and log in as root or a user with sudo privileges.
Use the following command, replacing username with the actual username:
Code

sudo usermod -a -G wheel username

sudo: Executes the command with root privileges.

usermod: Modifies user account information.
-a: Appends the user to the specified group.
-G wheel: Specifies the group to add the user to (in this case, wheel).
username: The name of the user to add to the group.
2. Verify the sudo configuration:
Open the /etc/sudoers file using visudo (a secure editor for sudo configuration).
Code

sudo visudo

Comment out the line: # ALL ALL=(ALL) ALL. This line allows anyone to use sudo with
any command as any user, which is generally not desired. Add a # at the beginning
of the line to comment it out.
Uncomment the line: # %wheel ALL=(ALL) ALL. This line allows users in the wheel
group to use sudo with any command as any user. Remove the # at the beginning of
the line to uncomment it.
Save the file: Press Ctrl+X, then Y to save and exit.
3. Test sudo access:
Log out and log back in as the user you added to the wheel group.
Try running a command with sudo, for example: sudo ls -l /root.
You should be prompted for the user's password, not the root password.
To grant a user sudo privileges in Linux, add them to the sudo group using the
usermod command: sudo usermod -aG sudo <username>.
Here's a more detailed explanation:
Understanding sudo:
The sudo command allows users to execute commands with elevated privileges,
effectively acting as the root user for specific tasks.
The sudo group:
Most Linux distributions use a group called sudo to manage users who have sudo
privileges.
Adding a user to the sudo group:
Log in as a user with sudo privileges: You'll need to be logged in as a user who
already has sudo access to perform this action.
Use the usermod command:
Open a terminal.
Type the following command, replacing <username> with the actual username of the
user you want to grant sudo access to:
Code

sudo usermod -aG sudo <username>

sudo: Executes the command with root privileges.
usermod: Modifies user account information.
-aG: Appends the user to the specified group (in this case, the sudo group).
sudo: The name of the group to which the user will be added.
<username>: The name of the user to be added to the sudo group.
Verify the user's group membership: You can verify that the user has been added to
the sudo group by using the groups command: groups <username>.
Testing sudo access:
Switch to the new user: Use the su command to switch to the user you just granted
sudo privileges: su - <username>.
Try a command that requires sudo: For example, try listing the contents of the root
directory: sudo ls /root.
If prompted for a password and the command executes successfully, the user now has
sudo access .
Example:
Let's say you want to grant sudo privileges to a user named "alex".
Log in as a user with sudo privileges.
Open a terminal.
Run the following command:
Code

sudo usermod -aG sudo alex

Verify that "alex" is in the sudo group:
Code

groups alex
Switch to the user "alex" and try a sudo command:
Code

su - alex
sudo ls /root