Booting process in RHEL7/ Cent OS 7

Will see the Booting process in RHEL7/ CentOS 7 in this post. It’s very important to know the booting process for all operating system. It will help us to troubleshoot the booting issues.

We are going to see about RHEL / Cent OS 7 booting process.

Below are booting stages:


BIOS stands for basic input output system.

It will do a POST (Power on self-test) to check system hardware.

And it will search, load and execute MBR  in memory(Master Boot Recorder).


MBR Stands for Master boot recorder.

MBR will be available in first 512 bytes of the boot drive. In this 512 bytes 446 bytes contains boot loader information, in 64 bytes contains partition table information available and remaining 2 bytes for MBR validation check. Boot drive will be anything like Hard disk, Pendrive, Floppy.

MBR will search and load the GRUB2 boot loader in memory and control moved to the bootloader.

GRUB2 Bootloader:

GRUB stands for Grand Unified Bootloader.

GRUB will be the default boot loader in RHEL7.

GRUB configuration file is available in this path: /boot/grub2/grub.cfg. Editing this file directly is not advisable.

GRUB file configuration:

# cat /etc/default/grub
GRUB_CMDLINE_LINUX=" crashkernel=auto rhgb quiet net.ifnames=0"

To change these configuration settings will edit this /etc/default/grub file.

Once modified have to execute the below command to make this change affect in the main configuration file (/boot/grub2/grub.cfg).

# grub2-mkconfig –o /boot/grub2/grub.cfg

grub has kernel image(vmlinuz) and initramfs image details.

grub will search and load the kernel image into memory and it will extract the initramfs image contents into memory based filesystem which is called tmpfs.

initramfs stands for initial ramdisk

initial ramdisk will load the block devices (HDD, CD, Floppy, etc). So that it will find the exact root filesystem and will mount it. Till mounting this exact root filesystem, initramfs will act as a temporary root filesystem.

kernel mounts the initramfs image as two-stage boot process.

Will use the lsinitrd command to view initramfs content.


Kernel will start systemd process and PID is 1 for this, as this will be the first process.

root 1 0 0 02:10 ? 00:00:02 /usr/lib/systemd/systemd --switched-root --system --deserialize 23


Systemd will be the first process.

This process will read the /etc/systemd/system/ file to determine the default system target. The system target file defines the services which is started by systemd.

Systemd will bring the system based on the system target runlevel and perform system initialization process such as hostname, network settings, initializing SELinux, Printing welcome banner and mounting all filesystems.




Configuring LDAP based authentication in RHEL7

WHat is LDAP?

LDAP: Light weight Directory Access Protocol

This authentication will allow client machine to access any centralized   data/service from different places.

Keeping services/data centralized is very simple to maintain and Grant/Deny permission centrally.


Installing Openldap:

[[email protected] ~]# yum -y install openldap*


Make sure that SELinux should not deny LDAP. So for that we have to enable the below Boolean values in both server and client.

[[email protected] ~]# setsebool -P allow_ypbind=0 authlogin_nsswitch_use_ldap=0

Now enable ldap permanently in this session and start the ldap service

[[email protected]rver ~]# systemctl enable slapd
[[email protected] ~]# systemctl start slapd

Since ldap service is running ldap user should be the owner for /var/lib/ldap directory. By default this will be modified by root user as its administrator.
So, we have to change owner and group as ldap user. Before that make a copy of configuration file for slapd into /var/lib/ldap with the DB_CONFIG name.

Note: slapd configuration file will be available under /usr/share/openldap-servers/DB_CONFIG.example


[[email protected] ~]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
cp: overwrite ‘/var/lib/ldap/DB_CONFIG’? y

Now change the owenr as ldap user recursively to that directory.


[[email protected] ~]# chown -R ldap:ldap /var/lib/ldap


Now set password for ldap admin use and take a copy of create password for future use.

[[email protected] ~]# slappasswd
New password:
Re-enter new password:


LDAP configuration files are available under /etc/openldap/slapd.d/.
We need to update the “olcSuffix” and “olcRootDN” varialbles.

olcSuffix: Its domain for the LDAP Server to provided the information.
olcRootDN: This is administrator user entry who has all the permission to do operation like root (Root Distinguished Name)

olcRootPW: Password of above user.


Above entries should be updated in /etc/openldap/slapd.d/cn=config/olcDatabase={2}hdb.ldif file.
Note: Updating the entries manually is nont adviseable. So, we are going to create a ldif file and update it using ldapmodify command.


Now creare ldaprootpasswd.ldif file with following contents:

[[email protected] cn=config]# vi db.ldif

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=lbcdomain,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: cn=ldapadm,dc=lbcdomain,dc=com

dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: {SSHA}Kp/mCASZRf/dBKNHKOxg4O5lEt7vyiRB

save and exit.

once file created with above content execute the below command

[[email protected] cn=config]# ldapmodify -Y EXTERNAL -H ldapi:/// -f db.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

[[email protected] cn=config]#


Do changes in /etc/openldap/slapd.d/cn=config/olcDatabase={1}monitor.ldif file to restrict monitor access to only ldap root user.


[[email protected] ~]# vi monitor.ldif

dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="cn=ldapadm,dc=lbcdomain,dc=com" read by * none


save and exit from the file.

once created file with above content send configuration to ldap server by usinf ldapmodify command.


[[email protected] cn=config]# ldapmodify -Y EXTERNAL -H ldapi:/// -f monitor.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifying entry "olcDatabase={1}monitor,cn=config"

[[email protected] cn=config]#


Creating LDAP Certificate:

now will create certifiate and private key with ldap server self signed by using below command in /etc/openldap/certs/ directory

[[email protected] cn=config]# openssl req -new -x509 -nodes -out /etc/openldap/certs/lbcdomainldapcert.pem -keyout /etc/openldap/certs/lbcdomainldapkey.pem -days 365
Generating a 2048 bit RSA private key
writing new private key to '/etc/openldap/certs/lbcdomainldapkey.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Tamilnadu
Locality Name (eg, city) [Default City]:Chennai
Organization Name (eg, company) [Default Company Ltd]:Linux Book Center
Organizational Unit Name (eg, section) []:Linux Book Center
Common Name (eg, your name or your server's hostname) []:Server
Email Address []:[email protected]


Now change the ownership and group to key files.

[[email protected] cn=config]# chown -R ldap:ldap /etc/openldap/certs/*.pem

[[email protected] certs]# ll | grep pem
-rw-r--r--. 1 ldap ldap 1480 Aug 15 11:32 lbcdomainldapcert.pem
-rw-r--r--. 1 ldap ldap 1708 Aug 15 11:32 lbcdomainldapkey.pem


Create certs.ldif file to configure LDAP to use secure communication using self signed certificates.

[[email protected] certs]# vi certs.ldif

dn: cn=config
changetype: modify
replace: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/certs/lbcdomainldapcert.pem

dn: cn=config
changetype: modify
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/certs/lbcdomainldapkey.pem

oncefile created import the certificate configuration by usging below ldapmodify command

[[email protected] certs]# ldapmodify -Y EXTERNAL -H ldapi:/// -f certs.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifying entry "cn=config"

modifying entry "cn=config"

[[email protected] certs]#


Use the below command to verify the configuration:

[[email protected] certs]# slaptest -u
5992a281 UNKNOWN attributeDescription "CHANGETYPE" inserted.
5992a281 UNKNOWN attributeDescription "REPLACE" inserted.
5992a281 is_entry_objectclass("olcDatabase={2}hdb,cn=config,cn=config", "2.16.840.1.113730.3.2.6") no objectClass attribute
5992a281 is_entry_objectclass("olcDatabase={1}monitor,cn=config,cn=config", "2.16.840.1.113730.3.2.6") no objectClass attribute
config file testing succeeded

LDAP Database creation:

Sample configuration file will be available in /var/lib/ldap  file. Copy the sample file and change the file permission.

[[email protected] certs]# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
[[email protected] certs]# chown ldap:ldap /var/lib/ldap/*

Add cosine ans nis LDAP schemas

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif


[[email protected] certs]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
adding new entry "cn=cosine,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
 additional info: olcAttributeTypes: Duplicate attributeType: "0.9.2342.19200300.100.1.2"


[[email protected] certs]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
adding new entry "cn=nis,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
 additional info: olcAttributeTypes: Duplicate attributeType: ""
[[email protected] certs]# ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
adding new entry "cn=inetorgperson,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
 additional info: olcAttributeTypes: Duplicate attributeType: "2.16.840.1.113730.3.1.1"


Now create ldif file for our domain

[[email protected] certs]# vi base.ldif

dn: dc=lbcdomain,dc=com
dc: lbcdomain
objectClass: top
objectClass: domain

dn: cn=ldapadm ,dc=lbcdomain,dc=com
objectClass: organizationalRole
cn: ldapadm
description: LDAP Manager

dn: ou=People,dc=lbcdomain,dc=com
objectClass: organizationalUnit
ou: People

dn: ou=Group,dc=lbcdomain,dc=com
objectClass: organizationalUnit
ou: Group

Now build the directory structure

[[email protected] certs]# ldapadd -x -W -D "cn=ldapadm,dc=lbcdomain,dc=com" -f base.ldif
Enter LDAP Password:
adding new entry "dc=lbcdomain,dc=com"
ldap_add: Already exists (68)


We configured LDAP server and now will use ldap credentials to access centralized data/ service like NFS share.


What is SELinux?

SELinux stands for Security-Enhanced Linux. Its set of security modules/policies are going to apply on machine to increase the overall security of the server.In this modules has been loaded into kernel
while accessing files/services which improves security. This was came with RHEL5 and its more secure comparing to PAM and initd.

Models in SELinux:

In this model policy has been enforced. It will enforce the policy strictly.

In this model SELinux will give warning, if SELinux policy settings breached.

In this model SELinux totally is disabled.

Levels in SELinux:
SELinux uses two levels.
Targeted – Targeted processes/services are protected by SELinux
Mls – Multi level security protection

Command to check the SELinux status:

[[email protected] ~]#getenforce

Output will be “enabled” or “disbaled”

Command to check SELinux status in simplified way:

[[email protected] ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28


Command to check SELinux status in detailed:

[[email protected] ~]# sestatus -b
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

Policy booleans:
abrt_anon_write off
abrt_handle_event off
abrt_upload_watch_anon_write on
antivirus_can_scan_system off
antivirus_use_jit off
auditadm_exec_content on
authlogin_nsswitch_use_ldap off
authlogin_radius off
authlogin_yubikey off
awstats_purge_apache_log_files off
boinc_execmem on
cdrecord_read_content off
cluster_can_network_connect off
cluster_manage_all_files off
cluster_use_execmem off
cobbler_anon_write off

How to disbale SELinux?

Using two ways will disable SELinux.

1. To disbale permanently will edit the /etc/selinux/config file and change the status from
enforce to disbaled


2. To disbale temporarily execute the below command

 #echo 0 > /selinux/enforce


 #setenforce 0

How to enable SELinux?

Same like above will enable SELinux using two ways

1. To enable permanently will edit the /etc/selinux/config file and change the status from
disbaled to enforce

2. To enable temporarily execute the below command

 #echo 1 > /selinux/enforce


 #setenforce 1


Command to list all the modules:

[[email protected] ~]# semodule -l

Command to enable a module:

in below command use -v  key to show what this command was doing.

[[email protected] ~]# semodule -v -e application
Attempting to enable module 'application':
Ok: return value of 0.
Committing changes:
Ok: transaction number 0.

Command to disable a module:

[[email protected] ~]# semodule -v -d application
Attempting to disable module 'application':
Ok: return value of 0.
Committing changes:


Linux Basic Commands: ls, mkdir, rm, cd, pwd, cat, touch

ls  command will list all files and directory.

[[email protected] ~]# ls Downloads ks.cfg Pictures Templates
file25 localhost Public

ls -a will list all including hidden files.

[[email protected] ~]# ls -a
. chandu forloop1 Music sedfile
.. .config numbers server .cshrc hst.txt output .ssh
abu data .ICEauthority output1 tcp.txt

mkdir command will help us to create a directory.

[[email protected] ~]# mkdir test

To delete a directory use rm -rf command with directory name.

[[email protected] ~]# rm -rf test

cd <dir_name> command will change to named directory.

[[email protected] ~]# cd data

cd ~ command will change to home directory of current user.

[[email protected] ~]# cd ~
[[email protected] ~]# pwd

cd .. command will change to parent directory of present working directory.

[[email protected] ~]# cd ..
[[email protected] /]# pwd

pwd command will print present working directory

[[email protected] etc]# pwd

rm  command will remove file and it will ask for user confirmation.


[[email protected] ~]# rm file1
rm: remove regular empty file ‘file1’? y

To delete a file without user confirmation will use  -f  option.

[[email protected] ~]# rm -f file1

will use vi editor, cat and touch to create files. touch command will create empty files.

[[email protected] ~]# touch file1

will explain about vi editor in next post, because we have multiple operation to explain in vi editor and now will see cat command operations.

creating and reading file using cat command:

After entering your content to the file, press enter to go next line and then press  ctrl+c  to save and exit from the file.

For reading a file use cat <filename> syntax like below mentioned.

[[email protected] ~]# cat > file2
This is a test file
[[email protected] ~]# cat file2
This is a test file

use the below command to append one file content to another file. In this method it will not remove the existing contents from the file and it will just copy next to the last line.

Even if we doesn’t have file3, it will create automatically and copy the file2 content to the file3

[[email protected] ~]# cat file2 >> file3

using below command will copy the content from two file and will paste it in a single file. to paste the content in existing file use >> symbol instead of >, it will help to paste the two files content without deleting or modifying existing content.

[[email protected] ~]# cat file2 file3 > file4


How to perform kickstart installation for Linux ?

What is Kickstart installation?

Kick start installation is unattended installation, where we can install the operating system
without fully seated in front of system till completing the installation.

Here we need to create a kickstart configuration file which contains all the details like,
Language, Timezone, Network details, Partition details, Package details, etc…

1. Creating a Kickstart configuration File

by default kickstart configuration file will be available in /root directory with the name of anaconda-ks.cfg in linux machine which is already installed. by editing this file will create new kickstart file for our requirement. But comparing to this method will create kickstart file in Graphical mode which will be very easier way.

GUI mode should be working in our machine to create kickstart file in Graphical utility.

Login the server in Graphical mode as root user and issue the below command to open the kickstart file configuration window.

[[email protected] ~]# system-config-kickstart

will get a window now to configure new kickstart file.

Using above window we need provide the required details in each section by selecting the option which is available in left pane.

Basic Configuration:

Default and keyboard Layout Language, Time Zone, Root password, Architecture and Reboot option after installation the Operating system.

Installation Method:

Whether its going to be a new installation or upgrade and which source we are going to use for OS media.

Boot Loader Option:

Its advisable to use “Install new boot loader” option.

Partition Information: 

Depends on your requirement you can create partitions or you may leave it to create automatically by the OS.

Network Configuration:

Based on your requirement you can provide static or DHCP IP’s and you should select the adapter first for that.

Authentication, Firewall Configuration & Display Configuration:

You may leave it by default. If you have any specific reason you can select the option.

Package Selection:

Here we need to provide what type of server you are going to install. Like, Web server,  Minimal package, DNS Server, Application Server, etc…

By default it will be minimal only.

Pre and Post Installation Script:

You may leave it.

After creating file use file-> save option to save the configuration. Here i’m saving this file under /root  with  ks.cfg name.

If you are going to create same configuration Operating system you can open the existing file which is available in you machine under /root directory.

2. Verifying the Kickstart File

After created the kickstart configuration file will verify using below command. We should install the package called ypkickstart to run the command.

ksvalidator command will help to verify the created kickstart file

[[email protected] ~]# yum install ypkickstart

[[email protected] ~]# ksvalidator /root/ks.cfg

3. Making the Kickstart File Available

Now i’m going to use http service to access created kickstart file through network for unattended  installation.

Simply install httpd package and start the service in remote machine where we are going to kept kickstart file.

Then copying created kickstart file from /root to /var/www/html/kickstart/  which is default location where the pages available to access using http service on browser.

[[email protected] ~]# yum install httpd
[[email protected] ~]# systemctl start httpd
[[email protected] ~]# cp /root/ks.cfg /var/www/html/kickstart/

4. Making the Installation Source Available

This section is pointing that which source of OS media we are going to use for this installation. We can use Local media, NFS, HTTP, HTTPS, FTP.

For Local media installation simply will use OS media or OS image file, if we are going to install in Virtual Machine and for other options OS image will be placed in remote machine and will be accessed using anyone of mentioned protocol.

In our case going to install in VMWare using Local media(OS Image file) source with kickstart file, which will be placed in remote machine and going to use http service to access kickstart file.

5. Starting the Kickstart Installation

Now start the virtual machine which is create in VMWare and interrupt by pressing Tab  key in keyborad and will get the screen like below.

Now insert the below entry to mention the kickstart file http location like below.


Then press enter to begin the installation.

Configuring bonding on RHEL7 step by step

What is ?

Two or more than that network adapters in corporate with single logical network pipe.

Logical network interface work as master and physical network interfaces are work as slave.

IP Address is assigned to  logical interface instead of assigning physical interfaces.

Logical interface only will work on connecting any internal/external network traffic.

It has several modes of operations based on behavior.


  1. Round robin
  2. Active backup
  3. XOR
  4. Broadcast


  1. Better throughput
  2. Load balancing
  3. Fault tolerance

Issue ip a command to check available interfaces in server.

in my server, i have two insterfaces called enp0s3  and enp0s8

Using mobprobe command load the bonding kernel if its not loaded already.

[[email protected] ~]# modprobe bonding

To check whether the bonding driver in kernel  use the modinfo command and that will list the details like below once its loaded.

[[email protected] ~]# modinfo bonding
 filename: /lib/modules/3.10.0-514.el7.x86_64/kernel/drivers/net/bonding/bonding.ko
 author: Thomas Davis, [email protected] and many others
 description: Ethernet Channel Bonding Driver, v3.7.1
 version: 3.7.1
 license: GPL
 alias: rtnl-link-bond
 rhelversion: 7.3
 srcversion: B664145ACFBCC961505C750
 intree: Y
 vermagic: 3.10.0-514.el7.x86_64 SMP mod_unload modversions

Create a file called ifcfg-bond0 which will work as logical interface in bonding using vi editor with below mentioned settings under /etc/sysconfig/network-scripts

[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-bond0

 BONDING_OPTS="mode=5 miimon=100"


save and exit from the file.

now the bond0 logical interface has been created and have to set the slave interface by following below steps.

in our case already we have two interfaces called enp0s3 and enp0s8. for the same configuration file also already there under /etc/sysconfig/network-scripts with below name’s



edit the above two files using vi editor and make entry for MASTER and SLAVE. Set the MASTER=bond0 and SLAVE=Yes for the both interface configuration files like below.

[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s3



[[email protected] ~]# vi /etc/sysconfig/network-scripts/ifcfg-enp0s8




Now use ifdown and ifup command to bring down and bring up the bond0 interface.

[[email protected] ~]# ifdown bond0
../network: line 2: NETWORKING: command not found
Device 'bond0' successfully disconnected.
[[email protected] ~]# ifup bond0
../network: line 2: NETWORKING: command not found
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)


Then check the ip of bond0 to confirm whether our bonding has been working or not.

[[email protected] ~]# ip a | grep bond0
6: bond0: <NO-CARRIER,BROADCAST,MULTICAST,MASTER,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
 inet brd scope global bond0


We configured bonding successfully. Now will communicate from remote server to this server using bond0 interface ip address (

Thanks for your support 🙂

User and Group Management in Linux/Unix

User and Group Management in Linux/Unix

We are going to see User and Group Management in Linux/Unix in this post.

 /etc/passwd   ->  This file contains all the users details.

[[email protected] ~]# more /etc/passwd

/etc/passwd file has all the user details with some parameters.

Here i’m taking root user details to explain with details.


root – User name

x – Password

0 – User ID

0 – Group ID

Root – Comments/ User description

/root – Home directory

/bin/bash  – shell

Home directory and Group will be created with the same name of user, once we created a user.

Command to create user:

Useradd <username>

adduser <username>


[[email protected] ~]# useradd anand

[[email protected] ~]# adduser anand

Command to delete user account:

deluser <username>

[[email protected] ~]# userdel anand

The above command will delete a user but will not delete home directory of the user.

Command to delete a user account with home directory:

Use option -r to delete user with home directory.

[[email protected] ~]# userdel –r deepak

Use id command to know whether a user available in system and if the user exist, it will display User ID, Group ID and Primary group and Secondary group details.

[[email protected] ~]# id abu
uid=1000(abu) gid=1011(Technology) groups=1011(Technology),1012(DBcheck)

Command to add secondary group to a user:

[[email protected] ~]# usermod –G Technology abu

Command to change primary group:

[[email protected] ~]# usermod –g Technology abu

Customizing home directory:

by default home directory will be created under /home for all the users. We can set some other directory as home directory as well.

we have two options to change the home directory.

  1. we can edit /etc/passwd file using vi editor to change the home directory
  2. Using usermod command will change home directory

Changing home directory by editing /etc/passwd  file

[[email protected] ~]# vi /etc/passwd

Command to change home directory:

[[email protected] ~]# usermod -m -d /testuser testuser

-m:    option to move the home directory

-d:      option to mention the home directory

Assigning expiry date to user:

Command to check expiry details for a user

[[email protected] ~]# chage -l testuser
Last password change : May 27, 2017
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

Command to set expiry date for a user:

[[email protected] ~]# usermod --expiredate=2017-07-20 testuser

Again will check whether the expire date has been set or not.

[[email protected] ~]# chage -l testuser
Last password change : May 27, 2017
Password expires : never
Password inactive : never
Account expires : Jul 20, 2017
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

We successfully set expire date for testuser.

Group Management:

Group is used to manage more than one users without touching the each and every user alone.

Group is created based on the Team on an organization.

All the group details available in /etc/group file, once we created a group.

[[email protected] ~]# more /etc/group

Using Groupadd command will create group

[[email protected] ~]# groupadd Technology


NFS Server Configuration RHEL 7 / Cent OS 7

Using NFS server will share the files/ Directories over the network.
Using this service will install operating system and access the remote server directory/file to read/write files and will share the file/directory to other machines.

Required Package:


Installing NFS packages:

Use the below command to install all the required packages in one shot.

#yum install nfs*


Check whether the packages are installed by executing below command

[[email protected] ~]# rpm -qa | grep nfs

Important configuration files:

/etc/exports :                This file contains which all are exported to remote                                                                 machines 
/etc/host.allow :           Daemon/ Client which matches the entry available in                                                        this file, will be granted access.
/etc/host.deny :           Access is denied for daemon/ client which matches in                                                     this file.
/etc/fstab :                      Will mount the shared directories/ filesystems                                                                   permanently using this file.
/etc/sysconfig/nfs:  Will manage the nfs port using this file.

Services which need to be enabled and started:

rpcbind  service
nfs-server  service

Command to enable the services:

#systemctl enable rpcbind
#systemctl enable nfs-server

[[email protected] ~]# systemctl enable rpcbind
[[email protected] ~]# systemctl enable nfs-server
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/nfs-server.service.

Command to start the services:

#systemctl start rpcbind
#systemctl start nfs-server

[[email protected] ~]# systemctl start nfs-server

[[email protected] ~]# systemctl start rpcbind

create directory for sharing:

[[email protected] ~]# mkdir /nfshare

set the all permission to all

#chmod 777 /nfshare

Now share the directory using NFS by mentioning the directory details in /etc/exports file

#vi /etc/exports


save and exit from the file

Now use the below command to make it available in network as a shared directory

[[email protected] ~]# exportfs -r

Enable the services permanently in firewall in this session

[[email protected] ~]# firewall-cmd --permanent --zone public --add-service  mountd
[[email protected] ~]# firewall-cmd --permanent --zone public --add-service rpc-bind
[[email protected] ~]# firewall-cmd --permanent --zone public --add-service nfs

reload the firewall  changes and make effect in this session by executing below command

[[email protected] ~]# firewall-cmd --reload


Now all the configuration has been done in server side and have to check and mount the shared directory in client machine.

showmount command will help us to list the directory which is shared from remote machine.

[[email protected] ~]# showmount -e
Export list for
/nfshare *

Now we need to mount the shared directory in client. Before that we should create a directory to use that as a mount point.

[[email protected] ~]# mkdir /nfsmount

Mount the directory temporarily

#mount  /nfsmount

Mount permanently by editing /etc/fstab file and make entry

#vi /etc/fstab /nfsmount nfs rw,sync 0 0

save and exit from the file.

unmount the directory because we mounted temporarily before restart and after restart issue mount to check whether the shared directory is listing or not. If its not listing then there is an issue with entry in /etc/fstab file.

#umount /nfsmount

Restart the client and check using mount command

[[email protected] ~]# mount | grep /nfsmount on /nfsmount type nfs (rw,sync,vers=4,addr=,clientaddr=

Configuring SAMBA Server in RHEL7/ Cent OS 7

We are going to learn how to configure SAMBA Server in RHEL7 / Cent OS  7. Its used to share file and printer sharing over the network.

Now a days its used as Domain controller like Windows Active Directory.

Will integrate SAMBA Server with Windows Domain as a Primary domain controller or as a domain member.

Operating System:  RHEL7
Host Name:   server
IP Address: /

Port numbers for Samba server :
  1. smbd: This is for file and printer sharing services
  2. nmbd:  This is for NetBIOS to IP Address service and Mapping NetBIOS Compluter Name to the TCP/IP IP Addresses.
Installing SAMBA Server:
#yum install y samba sambacommons cupslibs policycoreutilspython sambaclient
Below command will install all the packages which is required for samba server configuration.
 [[email protected] ~]# yum install -y samba
Create directory for sharing:
[[email protected] ~]# mkdir /sharedir
Create a new group called samba
#groupadd samba
 [[email protected] ~]# groupadd samba

change the group and permission for the directory which we are going to share using samba

[[email protected] ~]# chgrp -R samba /sharedir
[[email protected] ~]# chmod -R 777 /sharedir

check for the existing group and permission details for the directory.

[[email protected] ~]# ll / | grep sharedir
drwxrwxrwx. 2 root samba 6 Nov 11 08:59 sharedir
Now change the group and permission for the directory

Now again check for the group and permission for the directory and it’s changed.

Create a new user called test and add it to our newly created group which is called samba. Then set the samba password for the user.

[[email protected] ~]# useradd smbuser
[[email protected] ~]# usermod -G samba smbuser
[[email protected] ~]# smbpasswd -a smbuser
New SMB password:
Retype new SMB password:
Added user smbuser.
For samba default configuration file is /etc/samba/smb.conf 

We are going to edit this configuration file. Before that its advisable to take backup of configuration file.

#cp -p /etc/samba/smb.conf  /etc/samba/smb.conf.bkp

now we will edit the smb.conf file

[[email protected] ~]# vi /etc/samba/smb.conf
make the below entries at end of line.
Comment:   This will explain the operation what we are doing like sharing directory or sharing printer.
Path:           We are going to share a directory. So, here we should mention the directory with absolute path
Valid users:  Here we can mention the users and groups who has permission to access this directory.
Writeable:    i am giving yes, because i need read and write both permission.
browseable:  If you want to access the shared things using browser, we can make it as yes
Public:          We are not going to share this directory for all users. So, we should use no option.
 comment = shared-directory
 path = /sharedir
 valid users = smbuser, @samba
 writeable = yes
 browseable = yes
 read only = no
 inherit acls = Yes

In the same smb.conf  file we should add our interface name and IP Address to allow the network in samba server.

And one more entry is very important that we need to mention our windows machines workgroup name. First we will use default one. If the windows machines are falling under different workgroup name. Then we have to change the workgroup name in this configuration file.


We can add the services in /etc/services file.

[[email protected] ~]# vi /etc/services
netbios-ns 137/tcp # netbios name service
netbios-ns 137/udp # netbios name service
netbios-dgm 138/tcp # netbios datagram service
netbios-dgm 138/udp # netbios datagram service
netbios-ssn 139/tcp # netbios session service
netbios-ssn 139/udp # netbios session service

Now start the samba service and enable the service permanently on this run level.

[[email protected] ~]# systemctl start smb.service
[[email protected] ~]# systemctl enable smb.service
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/smb.service.

Same like that start and enable nmb service.

#systemctl start nmb.service
#systemctl enable nmb.service

 Add the firewall rule to allow the samba service via firewall.
In RHEL 7 firewall has been shipped from iptables to firewalld.

[[email protected] ~]# systemctl start firewalld
[[email protected] ~]# firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="" service name="samba" log prefix="samba" level="info" limit value="1/m" accept'
[[email protected] ~]# systemctl enable firewalld Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/ to /usr/lib/systemd/system/firewalld.service.

Then reload the firewall configuration using below command

[[email protected] ~]# firewall-cmd --reload

Now all the configuration has been completed and will check in windows machine whether the samba is working well or not.

Connecting SAMBA server from linux  client machine.

samba client should be installed in linux client machine.

Package: samba-client-4.4.4-9.el7.x86_64

#yum install samba-client*

[[email protected] ~]# smbclient -L -U test

-L :    This option will list the shared directories :  IP Address of samba server
-U :  Option to mention the user name next to this which has access to this shared directory.

Output should be like below

Accessing via samba console:

#smbclient // -U test

above command will help you to show the content of shared directory and to do operations over their.

We successfully configure SAMBA server. Thanks for the support. 

Configuring DHCP Server in RHEL7/ Cent OS 7

DHCP – Dynamic host configuration protocol

We are going to configure DHCP Server in RHEL7

It’s a network protocol used to assign IP’s to the client dynamically over the network.

DHCP Workflow:

Required Package installation:

#yum install dhcp

Now we should assign a insterface in DHCPDARGS in /etc/sysconfig/dhcpd

 [[email protected] ~]# vi /etc/sysconfig/dhcpd

After installing package it will create one empty configuration file /etc/dhcp/dhcpd.conf  and we have one sample configuration file under /usr/share/doc/dhcp-4.2.15/dhcpd.conf.exmaple.

So as first, append the content from example file to original file using cat command.

[[email protected] ~]# cat /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example >> /etc/dhcp/dhcpd.conf

Open the configuration file to configure DHCP Server:

First will give basic configuration which will be common for your network.

[[email protected] ~]# vi /etc/dhcp/dhcpd.conf

Make the below entries 

 option domain-name "";
 option domain-name-servers;
 default-lease-time 600;
 max-lease-time 7200;
 log-facility local7;

Now make subnet details in same configuration file.

subnet netmask {
 option routers;
 option subnet-mask;
 option domain-search "";
 option domain-name-servers;
 option time-offset -18000; # Eastern Standard Time

Optional(To reserve IP for a dhcp client machine) :

If you wan to assign a static IP to a client using DHCP service, use the below command.

host station1 {
 option host-name "";
 hardware ethernet 00:12:2A:2B:3C:AB;

Restart the dhcp service now to complete the DHCP server configuration.

[[email protected] ~]# systemctl restart dhcp
To check dhcp we should login in client machine which is in same network physically and edit the interface configuration file to make dhcp ip assigned.
#vi /etc/sysconfig/network-scripts/ifcfg-eth0
 change the entry for BOOTPROTO as dhcp




Save and quit.
Now restart the network service.
 #service network restart
now check for the ip and it should be assigned in between 192. 168.1.50 to
DHCP Configuration has been done.
Do practice well. All the best.