Linux Lab 2006
Over the course of the two hours, you will:
- Install Linux
- Configure security
- Configure Samba
- add yourself as a user
- map a windows drive to your share from the Windows machines
in the lab (using your Eservices Login).
- Configure Apache
- create a home page
- create a php page
- access it
There are three choices for Red Hat Linux distributions
This lab will use Centos 4.3.
It is available from a Centos
CentOS provides a very fast, one CD server install image. It is an ISO
file that you can burn to a CD. On a reasonably fast machine, installation
takes 8-15 minutes.
- Red Hat Enterprise Linux (RHEL)
- pros - stable - supported - each version is supported for 2-4 years
- cons - costs $50/year
- Fedora Core Linux
- pros - free - bleeding edge development - supported by ITC - they can
back it up to tape. They provide a HTTP install site
- cons - changes rapidly - a version only lasts for 6-9 months before it
is replaced with a newer version
- CentOS Linux
- pros - free - a clone of RHEL - stable - each version lasts as long as
the RHEL version - compiled and configured from RH source -
can be backed up to tape as long as it is a RHEL clone -
They provide a one CDROM install disk for servers - This server
install disks only installs to 1.2 GB.
- cons - support is provided only from the user community. UVa has such
Samba Features and Benefits
Two men were walking down a dusty road, when one suddenly kicked
up a small red stone. It hurt his toe and lodged in his sandal.
He took the stone out and cursed it with a passion and fury befitting
his anguish. The other looked at the stone and said,
"This is a garnet.
I can turn that into a precious gem and some day it will make a princess
The moral of this tale: Two men, two very different perspectives
regarding the same stone. Like it or not, Samba is like that stone.
Treat it the right way and it can bring great pleasure, but if you
are forced to use it and have no time for its secrets, then it can
be a source of discomfort.
Samba started out as a project that sought to provide interoperability
for MS Windows 3.x clients with a UNIX server. It has grown up a lot
since its humble beginnings and now provides features and functionality
fit for large-scale deployment. It also has some warts. In sections
like this one, we tell of both.
-- From the Official SAMBA
CentOS Version 4 Server Installation
Press the Enter key
Screen 2 - CD Found - Skip Test
Screen 3 -
X SERVER (GUI) Starts
Screen 4 - Welcome
Screen 5 - Use Defaults
Screen 6 - Use Defaults
Screen 7 Disk Setup - Change default
Select Manual Method - Disk Druid
Screen 8 - Disk Druid GUI
Delete the NTFS partition by highlighting it and then
clicking on the DELETE button.
Then set up these partitions:
|/boot||ext3 || 100 MB||Yes |
|n.a. ||swap ||1000 MB||No |
|/ ||ext3 ||10000 MB||No |
|/home||ext3 ||20000 MB||No |
|/data||ext3 ||20000 MB||No |
Screen 9 - boot loader - Use Defaults
Screen 10 - Network - Use Defaults
Screen 11 - Firewall - Change Defaults
Leave Firewall On but DISABLE SELINUX
Screen 12 - More Languages - Use Defaults
Screen 13 - Time Zone - Use Defaults
Screen 14 - Root Password
Screen 15 - Package Installation - Use Defaults
Screen 16 - GO!!!
The first thing to do after logging on as root
Run YUM to install the KDE Window manager
- type "yum install kdebase"
- Start your browser and pull up this URL:
- On your KDE Desktop, click on "Start->System Settings->Users and Groups"
to add yourself as a user. Use the Unix Uid assigned to you
by UVa. Find this by going to blue unix and typing
whois rtg2t (but use your email ID not mine).
- When done logout from the root account
- Login as yourself
Learn how to open an xterm window to get a command line prompt:
click on start -> run command
IN this window type "su -" to get root admin rights. Use this admin window
for the next section on Security Changes.
Security Changes made as root user
Add a new line at the end:
sshd: 128.143.46. 128.143.47. 128.143.2.
Install all patches
Normally, at this time, you would type
and install all relevant patches. This is important for overall
security. We will defer that because it will take too long for this
lab. Normally, it MUST be done before turning off the firewall.
Turn off Firewall
# sample smb.conf file for this lab
# use your own name for the workgroup and netbios name ex: Fred_Flintstone
workgroup = myname
netbios name = myname
# SAMBA doesn't use hosts.allow for access. You can limit it to this
# building with the next line
hosts allow = 128.143.46. 128.143.47. 127.0.0.1
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
comment = Home Directories
browseable = no
writable = yes
comment = group data storage
directory mask = 0770
create mask = 0770
browseable = yes
writable = yes
comment = Network Logon Service
path = /home/netlogon
writable = no
share modes = no
browseable = no
guest ok = no
Start SAMBA with
Create a Projects directory under /data
Type these commands (read about the chmod, chgrp and mkdir commands
when you can) to create a project directory that all samba users have
write access to:
chmod 6770 projects
chgrp users projects
Now anyone who is a valid SAMBA user and is in the default group
"users" can create, modify, and delete files in /data/projects. They
also cannot arbitrarily put files or directories in /data. That is reserved
for the admin users. This keeps the top level shared directory clean.
just need to map this "share" as described below in the section "TEST
SAMBA from Windows".
[root@newton root]# chkconfig --list | grep on | sort
acpid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off
apmd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
autofs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:off 3:on 4:on 5:on 6:off
microcode_ctl 0:off 1:off 2:off 3:on 4:on 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nfslock 0:off 1:off 2:off 3:on 4:on 5:on 6:off
portmap 0:off 1:off 2:off 3:on 4:on 5:on 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rawdevices 0:off 1:off 2:off 3:on 4:on 5:on 6:off
rpcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
rpcidmapd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
rpcsvcgssd 0:on 1:off 2:off 3:on 4:off 5:on 6:on
sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
smb 0:off 1:off 2:off 3:on 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xfs 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
Edit Services with system-config-services
Edit Services with ntsysv
Nightly Patches with YUM
Edit /etc/cron.daily/yum.cron using text editor nano
/usr/bin/yum -R 10 -e 0 -d 0 -y update yum
/usr/bin/yum -R 120 -e 0 -d 0 -y update
tail /var/log/yum.log | mail -s YUM.your.pc email@example.com
This runs yum every night and sends you an email.
Set Quotas for a volume
Add A User
useradd -g 100 -u 1378 rtg2t
1378 is your own UVa unix uid number.
100 is the default group ID for the "users" group
substitute your UVa email ID for rtg2t
smbpasswd -a rtg2t
setquota rtg2t 4000000 4100000 0 0 /home
rtg2t - the user affected
4000000 means 4 million blocks or 4 Gigabytes space for space soft limit
4100000 is the hard limit
0 is the soft limit for the number of files
0 is the hard limit for the number of files
/home is the volume affected for this user
I could not find a GUI for setting quotas......
or use system-config-users
TEST SAMBA from Windows
Use the Windows Network Wizard
to find the shares or.....
On a Windows PC, open a cmd window and type:
net use h: \\128.143.46.xx\rtg2t
net use i: \\128.143.46.xx\data
where xx is the end of your IP. Find your IP by typing
on your Linux account:
which prints something like:
eth0 Link encap:Ethernet HWaddr 00:0B:DB:92:9B:DA
inet addr:188.8.131.52 Bcast:184.108.40.206 Mask:255.255.0.0
inet6 addr: 2002:808f:23c4:4:20b:dbff:fe92:9bda/64 Scope:Global
inet6 addr: fec0::4:20b:dbff:fe92:9bda/64 Scope:Site
inet6 addr: fe80::20b:dbff:fe92:9bda/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:111098470 errors:0 dropped:0 overruns:0 frame:0
TX packets:111783140 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:436643027 (416.4 Mb) TX bytes:901386291 (859.6 Mb)
Base address:0xece0 Memory:fe8e0000-fe900000
Edit /etc/httpd/conf/httpd.conf with nano
This moves the HTTP documents to the /home device
# AllowOverride FileInfo AuthConfig Limit
# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
# Order allow,deny
# Allow from all
# Order deny,allow
# Deny from all
AllowOverride FileInfo AuthConfig Limit
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Allow from all
Deny from all
This permits each user to have web space under /home/yourid/public_html
Permissions are set with:
chmod 710 /home/yourid
chgrp apache /home/yourid/
chmod -R 6750 /home/yourid/public_html
chgrp -R apache /home/yourid/public_html
TEST Your Web Server
Type echo test personal web > /home/yourid/public_html/index.html
Type echo test main web > /home/www/html/index.html
Go to the URL:
where xx is the last part of your Linux IP address
GUI or non-GUI at boot
Set in /etc/inittab on the line
Integration with WinXP and Win2k
This is an advanced topic that you all can do if there is time.
If you have a group of users and a group of PC's that need to share files,
SAMBA has an easy solution.
Summary: Everyone can login from any PC and map their network drives.
is a good list of things to check for Linux servers.
Anyone with physical access to your server can steal your data.
When you get the GRUB menu, you can hit the E key to edit the Linux boot
command and boot to single user mode and create a new super user account.
I will demonstrate this before you leave. These PC's in this lab
(MEC 215) are pretty safe. This is how much armor it takes to
physically lock down a server.