CST8177 Assignment 08
CentOS: User and Group Management, disks and partitions, rsync, single-user, rescue

Ian! D. Allen – www.idallen.com

Winter 2015 - January to Apil 2015 - Updated 2015-04-03 02:59 EDT

1 Due Date and Deliverables

Do not print this assignment on paper!

2 Purpose of this Assignment

Do not print this assignment on paper! On paper, you cannot follow any of the hyperlink URLs that lead you to hints and course notes relevant to answering a question.

  1. Manage Users, individual and bulk.
  2. Move the /home directory to its own partition.
  3. Use rsync to transfer and back up files.
  4. Use single-user mode.
  5. Use the Rescue CD.

3 Introduction and Overview

This is an overview of how you are expected to complete this assignment. Read all the words before you start working.

For full marks, follow these directions exactly.

  1. Complete the Tasks listed below.
  2. Verify your own work before running the Checking Program.
  3. Run the Checking Program to help you find errors.
  4. Submit the output of the Checking Program to Blackboard before the due date.
  5. READ ALL THE WORDS to work effectively and not waste time.

3.1 Save your work

You will create some minimal file system structure in your HOME directory on the CLS.

Most work will involve changes in your own Linux Virtual Machine running Centos 6.6. You can use the Checking Program to check your work as you go. You can check your work with the Checking Program as often as you like before you submit your final mark.

When you are finished, leave the files and directories in place on both the CLS and your own CentOS Virtual Machine as part of your deliverables. Do not delete any assignment work until after the term is over! Assignments may be re-marked at any time on the CLS; you must have your term work available on the CLS right until term end.

3.2 The Source Directory

All references to the “Source Directory” below are to the CLS directory ~idallen/cst8177/15w/assignment08/ and that name starts with a tilde character ~ followed by a user name with no intervening slash. The leading tilde indicates to the shell that the pathname starts with the HOME directory of the account idallen (seven letters).

You do not have permission to list the names of all the files in the Source Directory, but you can access any files whose names you already know.

3.3 Searching the course notes on the CLS

The previous term’s course notes are available on the Internet here: CST8207 GNU/Linux Operating Systems I. All the notes files are also on the CLS. You can learn about how to read and search these files using the command line on the CLS under the heading Copies of the CST8207 course notes near the bottom of the page Course Linux Server.

3.4 Review of CST8207 account management

Review your work from CST8207 GNU/Linux Operating Systems I:

3.5 Review of CST8207 partitioning and filesystems

Review your work from CST8207 GNU/Linux Operating Systems I:

3.6 Backup and Recovery on CentOS

  1. Take a snapshot of your virtual machine before you begin each section of this lab so that you can recover back to the snapshot if needed.
    • You can delete the unused snapshots if everything works well.
    • CentOS snapshots are very small and fast compared to your Windows snapshots; you can save lots of them.
  2. Are you keeping an external backup copy of all your coursework (including your virtual machines) somewhere? You should be!

3.7 Use a remote login, not the VMware console

I recommend that once you have booted your CentOS VM, you connect to it and work using a remote login session (e.g. ssh or PuTTY) where copy-and-paste works and where you can have multiple simultaneous connections into the VM. The VMware console is not friendly.

If you can’t get an SSH (PuTTY or ssh) connection working into your Linux VM, see the Network Diagnostics page.

Note that SSH sessions (and whatever you are doing inside them) do not survive across a VMware suspend. Make sure you save your editor files and exit your SSH session before you pause or suspend your virtual machine. (Editor sessions that run inside the VMware console do survive across suspend and resume, since they don’t depend on a network connection.)

Advanced users may look into the various virtual terminal programs such as tmux and screen that do allow you to suspend and resume your sessions even from a remote login.

4 TasksIndexup to index

4.1 CentOS: Snapshot

  1. Complete your CentOS Install and Configure.

  2. Before you begin this assignment, create a snapshot of your CentOS Virtual Machine.

    • Enter a comment explaining where and when you took this snapshot.
    • You can restore back to this snapshot if anything goes wrong.

4.2 Set Up – On The CLS

  1. Do a Remote Login to the Course Linux Server (CLS) from any existing computer, using the host name appropriate for whether you are on-campus or off-campus.

  2. Make the CLS directory ~/CST8177-15W/Assignments/assignment08

4.3 CentOS: Set Up – The Base Directory on CentOS

  1. In your own sysadmin account in your CentOS Virtual Machine, also make the CentOS directory ~/CST8177-15W/Assignments/assignment08 (the same hierarchy as you have already made on the CLS).

This CentOS assignment08 directory in your sysadmin account is the Base Directory for all pathnames in this assignment. Store your CentOS files and answers below in this sysadmin Base Directory.

Run the Fetch and Checking Program to verify your work so far.

4.4 CentOS: Creating a few new users “by hand”

You will use the standard account management tools to create a few ordinary (non-admin) accounts, just as you did last term. You will force password expiry so that the users must change their passwords when they first log in.

  1. Log in to your CentOS system administration account, if necessary, and obtain root shell privileges using the sudo command, if necessary.

    • Your shell prompt should change from $ to include the # character that indicates root privileges.
    • Make sure you have the full root PATH that includes /sbin

  2. Type whoami or id to confirm that you are the root user.

  3. Take a VMware snapshot that you can return to if things go wrong.

    • Enter a comment explaining where and when you took this snapshot.

  4. Create three new users by running the appropriate command three times:

    1. Usernames: user001, user002, user003
    2. Full Names (GECOS comment field): User One, User Two, User Three
    3. Verify that the new accounts appear in the password file and that the HOME directories all exist.
    4. Note that the new accounts have been given default hidden files from the /etc/skel/ directory.

  5. Set different, good initial passwords for the three users.

  6. Force these users to change their password upon first login.

    • Search the lecture slides for how to force passwd change on login.

  7. Set their HOME directory permissions to be as follows:

    • the owner can do everything
    • group can search and read but not write
    • other users can do nothing (no permissions)

Run the Fetch and Checking Program to verify your work so far.

4.5 CentOS: Create many more users in bulk

Few organizations create users manually. The batch newusers command (RTFM) can read a text file and create user accounts in bulk. In this section, you will be creating a text file suitable for input to the newusers command, then using newusers to quickly create almost a hundred new accounts.

  1. Log in to your CentOS system administration account, if necessary.

    • Exit from the root shell, if you are running as root.

  2. Type whoami or id to confirm that you are not running as root.

  3. Take a VMware snapshot that you can return to if things go wong.

    • Enter a comment explaining where and when you took this snapshot.

  4. On CentOS, create your Base Directory in which you will create the files and scripts resulting from the following tasks. (You already did this on the CLS; now do it here on CentOS.)

userlist.csv

  1. Copy the file userlist.csv from the Source Directory on the CLS to your CentOS Base Directory.
    1. Read about using the scp command in Unix/Linux SCP Command.
    2. Use the “preserves modification times” option to the scp command.
    3. You may find it useful to create an alias in your accounts that always uses the “preserve” option when you type the scp command name.
      • You may already have a similar alias defined for the cp command.
      • Make sure you define and save the alias on both the CLS and CentOS.

Imagine that the userlist.csv file was given to you from the Human Resources department by someone who created it with a spreadsheet.

Examine this file, and notice that it is in Colon-Separated-Value format. It is 98 lines: a header line and a username and a real name for each of 97 new users that need an account on your system.

The file contains five fields, separated by colons (:). Read the header line to know what the five fields are. (A real spreadsheet export would be separated by commas, but we’re making it easier for you.)

We need to create a text file suitable for batch input to the newusers command. Every line in the file we give to newusers must have the correct format: it must have the userid at the start and the seven colon-separated fields described at the top of the newusers man page.

The file given to us only has five fields, and it has a poor password set for all the accounts. We need to fix this file before we can feed it to the newsers command.

Note: If you read all the words in this section before you start working, you will save yourself some file copying by using one command pipeline (no temporary files needed) instead.

userlist.newusers

  1. Create a new file called userlist.newusers based on userlist.csv, but make the following changes.

    1. Copy the userlist.csv file into the new file userlist.newusers.

    2. The first line in userlist.csv is a header line, not a user to be created; the first line must be deleted. Use a command to read the file, remove the first (header) line, and write a temporary output file. The temporary output file should be only 97 lines long. (Hints: What command shows the last 97 lines of a file? That same command has a syntax to “print beginning with the Kth item from the start of each file” which allows you to skip the first line without knowing how many lines are in the file. Don’t use the number 97, since it might change in future.)

    3. Move the temporary output file to be the userlist.newusers file.

      • The file should now have only 97 lines in it.
      • Make sure the header line is gone.

    4. Use sed to read the new file and on every line insert the two colon characters that correspond to the location of the missing pw_uid and pw_gid fields needed by newusers, and write a temporary output file. For example, use sed to change this line:

      user066:password:User 066:/home/user066:/bin/bash

      to this line with two more colon characters in the right place:

      user066:password:::User 066:/home/user066:/bin/bash

      on all 97 lines. (This is a one-expression sed substitution.) (Hint: You can’t simply change a colon to three colons. Use some fixed context around your expression, to select the correct colon to change.)

    5. Move the temporary output file to be the userlist.newusers file.

      • Verify that every line now has seven colon-separated fields, with three colons right after the password field.
      • There should still be exactly 97 lines in the file.

    6. All the seven fields in the file are acceptable except the pw_passwd field that currently contains password, which is not a good default password for all these accounts. RTFM to see how the pw_passwd field is used by newusers.

      • Use sed to read the new file and on every line change the pw_passwd field from the dummy value password to a single, common password that all of these new users will get. You choose the new password. (This is not very secure, but it’s the best you can do without writing a more complex script.)
      • Do not choose any obvious password such as password.
      • To make this change, use an invocation of the sed command to read this file and change the word password to the password that you made up, redirecting the output of the sed command to a temporary output file.

    7. Move the temporary output file to be the userlist.newusers file.

    8. Verify that your output file is 97 lines (no header line) and the only field that has changed in each line is the new password field.

      • Every line should contain your new password in the pw_passwd field position.

convert_userlist.sh

  1. Realize that the above three edits could be done as one pipeline that reads the original userlist.csv file, and makes each of the above three changes using filters. With a pipeline, no temporary files are needed.

    • Write this command pipeline and when it is working, remove all the file names and put the commands in a script named convert_userlist.sh. With file names removed, the script should act as a “filter” and read standard input and write standard output, so that you can type:

      $ ./convert_userlist.sh <userlist.csv >userlist.newusers

    Hints: The script file will contain two or three commands (which might inclue tail and sed and maybe another sed) separated by pipe characters. If you RTFM, you can combine the two sed commands into one sed command with two expressions, or perhaps even into one single expression that does both edits at the same time. Remove all file names from the script, so that the script reads standard input and writes to standard output, as shown above. Do not put file names in the script.

  2. Verify that the userlist.newusers file created by your script contains 97 lines and 194 words, with seven fields per line, with good passwords.

  3. Use sudo to run the newusers command with this file to create all of these 97 new users.

  4. Make sure all the new users and HOME directories exist:

    • Should have account entries and HOME directories for user001 through user100
    • Use pipelines to select and count the accounts in the password, group, and shadow files. Do they all exist?
    • Use pipelines to select and count the account HOME directories. Do they all exist?
    • Note that these accounts do NOT have hidden files copied from /etc/skel/ in them. Only useradd copies these files.

Run the Fetch and Checking Program to verify your work so far.

4.6 CentOS: Management of the bulk users

This reviews the account management commands you learned above and in your previous term. Links to previous term notes and worksheets are given above under Review of CST8207 account management. None of the items below require you to text-edit any system files using a text editor. Actions can be performed using the correct account management commands. Most account management commands will require root permissions to run.

  1. Make sure you have correctly followed all the above steps, including using the newusers command to create 97 accounts. Verify that you have created all the users and HOME directories for accounts user001 through user100 before continuing.

  2. Use a system admin command to create a new group called common.

    • Do NOT edit the group file! Use the correct system admin command.
    • Do NOT make this a system group. It is a normal group.
    • Verify the change by looking in the group file.

  3. Use a system admin command to add users User 004 and User 005 to the common group.

    • Do NOT edit the group file! Use the correct system admin command.
    • Verify the change by looking in the group file.

/home/common

  1. Create a directory called /home/common owned by your sysadmin user, and group-owned by the new common group.

  2. Change the permissions on /home/common so that your sysadmin user can read/write/search, members of the common group can read/write/search, and it is not accessible in any way to other users.

/home/common/README

  1. Become User 004 without using a password (using your sysadmin powers)
    • As User 004 create a file /home/common/README containing the text:
      This common directory is for members of the common group.
    • Make the file group-writeable
    • Put the file in the common group you just created.
    • Note the permissions on the file when you create it.
    • Make sure you change only the group and group permissions of this file.
    • Do not remove any existing permissions on the file.
    • Exit from this user004 shell to revert back to your superuser-self.
  2. Become User 005, and ensure that as user005 you can edit the file /home/common/README and change the text “for members” to “for all members”.
    • If you can’t edit and save this file, fix the group and group permissions.
    • Exit from this user005 shell to revert back to your superuser-self.
  3. Become User 006 and ensure that as user006 you have no access to the /home/common/ directory.
    • Exit from this user006 shell to revert back to your superuser-self.
  4. Use a sysadmin command to change the “real name” (GECOS/comment field) of User 005 to: CommonUser 005
    • Do NOT edit the file! Use the correct system admin command.
    • Verify the change by looking in the password file.
  5. Lock the password for User 006 and User 007.
    • Do NOT edit the file! Use the correct system admin command.
    • Verify the change by looking in the shadow file.
  6. Change the shell for User 008 and User 009 to /bin/sh.
    • Do NOT edit the group file! Use the correct system admin command.
    • Verify the change by looking in the password file.
  7. Use the correct command to delete the accounts for User 010 and User 011 without deleting their HOME directories.
    • Verify the change by looking in the password file.
    • Make sure their HOME directories still exist in the file system. (Note what ls tells you about the file owner now!)
    • The group entries for these accounts may also continue to exist.
  8. Use the correct command to delete the user010 and user011 groups, if they are still present on your machine.
    • Do not edit the group file! Use the correct system command.
    • You may see an error about removing the shadow group entry, because the newusers command did not create shadow group entries. Ignore the error – the groups don’t exist in the group shadow file.
  9. Delete the accounts for User 012 and User 013 using the option that also deletes the HOME directory at the same time.
    • Verify the change by looking in the password file.
    • Make sure their HOME directories are gone from the file system.
    • The group entries for these accounts will also be deleted.

None of the items above require you to text-edit any system files using a text editor. Actions can be performed using the correct account management commands. Most account management commands will require root permissions to run. Do not text-edit the system files!

Run the Fetch and Checking Program to verify your work so far.

4.7 CentOS: Add a second disk to your VM: sdb

You will add a second hard disk to your CentOS Virtual Machine, and partition it. The procedure for adding a hard disk to an actual physical computer is different only in the steps that take place while the machine is powered off. Any step carried out while the machine is running would be the same for physical machines as it is for virtual machines. The console of a physical machine is its actual keyboard and monitor, but in the case of a VM, the console is the VMware window of the machine.

Most of the system admin commands in this assignment access the raw disk and will require you to prefix the actual command name with sudo to gain root permissions (unless you are in single-user mode and therefore running everything as root). If you get “permission denied” errors, you forgot to use sudo.

  1. If your CentOS Virtual Machine is not already powered off, login and use the correct command to power off the virtual machine.

    • Never user the VMware Power Off button to kill power!
    • Never unplug a running Linux machine!

  2. With your CentOS machine still powered off, use the VMware Settings menu for your CentOS VM to add to your VM a virtual 10GB hard disk, accepting defaults for everything except the size. (You did similar work in CST8207 adding a VMware disk; review the notes.)

  3. After adding the new disk, power on your VM, then login as your system administrator user.

  4. Ensure the /proc/partitions file contains the second disk you added.

    • Verify that there is a second disk of the correct size:
      • The size of your second drive should be 10485760.
      • Divide: 10485760/1024/1024 to confirm the number of gigabytes.
    • Verify that no partitions are listed for the second disk.
    • If you have any sdb1 or sdb2 or other sdb partitions, this is not a new disk with no partition table. Get help.
    • Note the three-letter device name of the second disk.

partitions_before.txt

  1. When the second disk is correct, copy /proc/partitions to file partitions_before.txt in your CentOS sysadmin Base Directory (6 lines, 20 words).
    • Remember: all files should be kept under your sysadmin Base Directory on CentOS for marking.

sd_all.txt

  1. Verify that the three-letter device name for the second disk also exists under the /dev directory. Put a long (ls -l) listing of all names under /dev that start with the first two letters of the new disk name into file sd_all.txt in your Base Directory.
    • Do not change your current directory.
    • Use the absolute pathnames for the device names.
    • No pipeline or other complex command is needed.
    • The output should show the absolute paths of two disks, and two partitions in the first disk: 4 lines, 40 words.
    • Hint: GLOB Patterns

Advanced Usage: If you need to add a disk to a machine that is powered on (and you can’t afford to reboot the machine), a modern Linux kernel can find the disk if you tell it to re-scan the SCSI host bus containing the new disk, something like this (the exact host number may difer):
echo "- - -" >/sys/class/scsi_host/host2/scan
If the scan is successful, running dmesg will show the new disk being found and you will see the device appear under /dev/. You can use this as an alternative to shutting down and rebooting.

Run the Fetch and Checking Program to verify your work so far.

4.8 CentOS: Viewing and Creating Partitions: fdisk

  1. First, you must have added a new 10GB hard drive in VMware and rebooted, as described above. Log in to the machine.

  2. Run (always with root privileges) fdisk -cul /dev/sdb and make sure you see Disk /dev/sdb: 10.7 GB with no errors and no partitions listed under it.

    $ sudo fdisk -cul /dev/sdb
Disk /dev/sdb: 10.7 GB, 10737418240 bytes

    If you don’t see 10.7 GB, then shut down, delete the disk, recreate the disk, and reboot until your 10GB disk install works.

Make sure you only change things on this new sdb disk in this section! The sda disk is your Linux ROOT disk; if you damage it you will need to recover back to your snapshot. Make sure you have a snapshot to go back to!

  1. In the man page for the fdisk command, locate and make a note of two option letters:
    • The option to “Switch off DOS-compatible mode. (Recommended)”
    • The option to “give sizes in sectors instead of cylinders”
  2. Run the command fdiskdevicename, where devicename is the absolute path of the device corresponding to the new disk under /dev. This will start the fdisk program, just as you did in CST8207 Fdisk Command.
    1. As fdisk starts, read the WARNING about DOS-compatible mode.
    2. This is a serious warning. Quit the fdisk program.
    3. Re-run fdisk command, this time inserting the two option letters you found in the man page. (Keep the same device name.)
    4. The WARNING about DOS-compatible mode should be gone when you start fdisk with those two options. Always use these two options on CentOS. (Other versions of fdisk use these options as defaults.)
    5. You may see another Warning about an invalid flag; ignore it.
    6. Inside fdisk, display the partition table and verify that the disk you are working on is the 10GiBi disk with no partition table.

If you don’t know the difference between a power-of-two MebiByte and a power-of-ten Megabyte, read up on Binary Prefixes. The fdisk program can create partitions using either MebiBytes (e.g. using syntax +500M) or Megabytes (e.g. using syntax +500MB). We always want power-of-two MebiBytes (e.g. +500M) in this assignment.

  1. Inside fdisk use the command to display the partition table and verify that the disk you are working on is the 10GiBi (10.7 GB) disk with no partition table. Use fdisk commands to partition the new disk as follows:
    1. First, make sure the new disk has no partitions configured. If you see partitions, you are using fdisk on the wrong disk. Make sure you use fdisk on the new disk device name!
    2. Create a 500 megabyte (MebiByte) primary partition as Partition 1:
      • Notice that one of the options for specifying the last cylinder of a partition is +sizeM where size is the number of MebiBytes.
      • Use suffix M and not MB so that you create power-of-two MeBi bytes instead of power-of-ten Mega bytes.
      • Don’t use the MB suffix in this assignment, since that creates power-of-ten Megabytes. We always want power-of-two MebiBytes in this assignment.
    3. Create an extended partition as Partition 2, consuming the rest of the disk.
    4. Create a 400 megabyte (Mebibyte) logical partition.
    5. Create another logical partition consuming the rest of Partition 2.
    6. Display your in-memory partition table before you save it. It should have four partitions.
    7. Save your changes.
    8. Notice whether fdisk tells you as it quits whether you need to reboot for the new partition table to take effect. Do what it says.

partitions_after.txt

  1. Copy the new version of /proc/partitions (showing the new partitions you just created) to partitions_after.txt in your sysadmin Base Directory.
    • Also note that the new partitions now appear as devices under the /dev directory.

partitions_diff.txt

  1. Use the diff command to find the differences between the old and new partitions_{before,after}.txt and redirect the results to partitions_diff.txt in your sysadmin Base directory.

  2. Examine the differences file, and verify that your new partitions are the only differences. You should see four additional lines in the new partition file, corresponding to the four partitions you created:

    6a7,10
>    8       17     512000 sdb1
>    8       18          1 sdb2
>    8       21     409600 sdb5
>    8       22    9561088 sdb6

If your numbers differ, perhaps you forgot to use the fdisk options that turn off DOS-compatibility mode and switch to using sectors instead of cylinders, or perhaps you used MB instead of M when creating the partitions. Delete and start over.

Run the Fetch and Checking Program to verify your work so far.

4.9 CentOS: Migrate the /home directory to its own filesystem

You will create an ext4 filesystem on the primary partition of the new hard disk. Then, in single user mode, you will migrate the contents of the /home directory to that new filesystem. You will configure the /etc/fstab so that the new filesystem will be automatically mounted on /home, with the option for giving the users disk space quotas.

4.9.1 Install software packages

  1. Install the lsof package. RTFM to see what it does.

4.9.2 Make a new file system

  1. Take a snapshot of your CentOS VM.

fdisk.txt

  1. Run the command file -s /dev/somedevice to check the type of the device special file somedevice that corresponds to your new primary partition on your new disk. Because it has nothing on it, you should see nothing but unknown data:

    /dev/sdb1: data

    Put the above output into file fdisk.txt in your sysadmin Base Directory. The file will contain one line.

  2. Create an ext4 filesystem on the only primary partition on the new disk.

  3. After creating the filesystem, again check the type of the device that corresponds to your new primary partition on your new second disk. It should show an ext4 filesystem that is not active:

    Linux rev 1.0 ext4 filesystem data (extents) ...

    Append the above output to file fdisk.txt in your sysadmin Base Directory. The file will contain two lines.

  4. Also use file -s to check the type of file system in the first partition of the first disk. This first partition of the first disk has an active (in use) ext4 filesystem. Note the warning “needs journal recovery” indicating this filesystem is open and being modified:

    Linux rev 1.0 ext4 filesystem data (needs journal recovery) ...

    Append the above output to file fdisk.txt in your sysadmin Base Directory. The file will contain three lines.

  5. Also check the type of the second partition of the first disk. It will say that it is not an ext4 filesystem.

    Append the above output to file fdisk.txt in your sysadmin Base Directory. The file will contain four lines.

The fdisk.txt file should contain four lines.

Run the Fetch and Checking Program to verify your work so far.

4.9.3 Back up /home first

You are about to make a copy of all the files in the /home directory.

  • You will take the system down to single-user mode so that nobody is logged in and using any of the files you are going to copy. Normally you would give the users a few hours notice, but since you know nobody is using your machine you will shut down to maintenance mode now.
  • Moving all the HOME directories is a serious operation, and a simple mistake could wipe out the entire /home directory. On a real system, you would run a full back-up before you attempted this. We don’t have a back-up system running on CentOS, but since the /home is small, we can create a tar archive back-up file.

  1. Close down any remote login sessions you are running into your CentOS machine. Exit all PuTTY and SSH connections. These connections will not work when you shut down to single-user, but they could leave processes running that might interfere with moving the /home directory.

  2. From the console (the actual VMware window, not a remote PuTTY or an SSH login that will be disconnected) take the system down to single user mode using shutdown now to do so. (Do not halt the machine!)

    • Review shutting down to single user in CST8207 Booting and GRUB.
    • You will see the message Telling INIT to go to single-user mode.
    • Verify that you are in single-user mode by running the command that displays the system’s runlevel, which should show 1 S
    • Type whoami and confirm that you are always the root user when running in single-user mode. Be careful!

home.tar.gz

  1. Create a compressed tar archive of /home and save it under the HOME directory of the root account (which is not the ROOT directory) using the name home.tar.gz and use file to confirm that it is a compressed file:

    home.tar.gz: gzip compressed data, from Unix, last modified: ...

    The archive should contain everything under the /home directory.

    • A tar index should list over 130 pathnames, including almost 100 directories created by the newusers command in a previous assignment.
    • The compressed tarball will be less than 15K bytes, since most of /home is empty directories or duplicate files.

(You will check the validity of the home.tar.gz file at the end of this task when you move it into your Base Directory.)

4.9.4 Copy the files

You will copy the files in /home to the new partition. First record the file names so you can make sure the copy works:

home_before.txt

  1. Record a recursive, sorted listing of all of the pathnames of your /home directory using find /home | sort and redirecting the output to a file named home_before.txt in root’s home directory. Your file should contain more than 130 lines, one for each pathname in the /home directory.

  2. Ensure no processes are using the /home directory or any files under it, with lsof +D /home

    • Because /home is not yet a mount point, you need to use the +D option to include every directory under /home.
    • The command should give you no output if no process is using any file or directory under the /home directory.
    • Make sure there is no output! You are going to move /home.
    • If there are any processes using /home, you probably forgot to exit all remote sessions before going into single-user mode. Kill all the processes that are using /home.
    • (If the lsof command isn’t found, you missed an earlier step. Exit single-user to multi-user, install the package, and return to single-user.)

You must finish correctly the remaining steps in this section before you reboot, or your sysadmin account will be missing its HOME directory and you will get an error message about that when you log in. You must completely finish the remaining steps in this section correctly to regain log-in access to your sysadmin files in your HOME directory. Do not shut down or reboot your machine in this section, since the reboot will cause the /home directory to unmount and all your HOME directories, including the one for your sysadmin account, won’t work. You might want to take another snapshot here before you continue.

You can safely use VMware to PAUSE or SUSPEND your CentOS VM in the middle of this work, just don’t shut it down and reboot until you finish this section.

/old_home

  1. You know from lsof that nothing is using the /home directory. Rename the existing /home directory to /old_home
    • Your sysadmin HOME directory is now invalid, since everything under /home has been renamed and is therefore missing.
    • Do not shut down or reboot your machine until you finish this section! See the warning above.

/home

  1. Re-create a new empty /home directory that will be used as a mount point for the new filesystem you just created, above.

  2. Mount onto the empty /home directory the new 500 MB ext4 filesystem that you created earlier. (Review the mount command in CST8207 Partitions and File Systems.)

    • If successful, you will see EXT4-fs (sdb1): mounted filesystem....

  3. Run the mount command and confirm that you can see /dev/sdb1 mounted on the /home directory. Do not proceed until this is true:

    /dev/sdb1 on /home type ext4 (rw)

    The df -h command will also show /dev/sdb1 mounted on /home, with approximately these sizes:

    Filesystem  Size  Used  Avail  Use% Mounted on
/dev/sdb1   477M  2.3M   449M    1% /home

  4. Verify that there is a lost+found directory under /home now, because /home is now a file system mount point instead of just a plain directory. Do not accidentally delete this directory, or else the system won’t have a place to put orphan files! (If you delete it, read the man page for the mklost+found(8) command and recreate it.)

  5. Use the copy command with the archive option to copy the contents of the old /old_home directory to the new 500 MB /home filesystem.

    • Make sure that you copy the contents of /old_home into /home and do not copy the name /old_home in to /home!
    • After the copy, look inside /home and confirm that you do not see the old_home directory name there.
    • Make sure you do not delete the lost+found directory inside /home.

home_after.txt

  1. Record the list of all pathnames in /home again, in the same way, sorted, except redirect the output into a new file home_after.txt also in root’s home directory.

home_diff.txt

  1. Record the differences between the two home_{before,after}.txt files, in a file named home_diff.txt also in root’s home directory. (The files should differ by exactly one line; the new HOME directory has one additional directory in it that wasn’t in the original. We’ve already told you what its name is.)

  2. Add a record to the system fstab file so the new /home filesystem is mounted automatically, with default options and added quota options for both users (usrquota) and groups (grpquota).

    • Review CST8207 Partitions and File Systems for the format of fstab.
    • Use one (1) for the fifth field (dump or archive flag).
    • Use two (2) for the sixth field (fsck pass number). (RTFM for fstab and note that using pass number 1 is reserved for the ROOT file system.)

  3. Use the mount command with the remount option to remount the /home filesystem. The remount will use the new options given in fstab

    • See man mount and look for the remount section under the -o flag (options).
    • If the mount command doesn’t read the new quota options from fstab, then you are specifying both the device and the mount point to the mount command, which means it won’t read the file to get the new options. Don’t do it that way.
    • If the mount command has other errors, do not continue. Fix it!

  4. Use the mount command to verify that /home is now remounted with the two quota options that you set in fstab:

    /dev/sdb1 on /home type ext4 (rw,usrquota,grpquota)

  5. Verify that your sysadmin HOME directory is now valid:

    • Use su with the --login option to log in to your sysadmin account. If this fails (home directory not found), restore from a snapshot and try again.
    • Verify that all the files, dates, and owners in your sysadmin account are exactly the same as they were before moving /home.
    • If your sysadmin HOME directory is missing or has files owned by root, do not continue. Fix it!
    • Exit your sysadmin shell and return to the single-user root shell.

  6. In your single-user root shell, unmount /home and then mount it again, relying on the fstab to provide the device name and file system options:

    # umount /home  ;  mount /home  ;  mount

    You should see no errors, and mount should show /home mounted with the same two quota options again.

4.9.5 Tidy up

At this point you have verified that the new /home directory is working. Your system could be safely shut down and rebooted, but let’s clean up first.

  1. Return from single-user to runlevel 3 by typing exit at the single-user shell. The system will boot multi-user into the default run level.

  2. Log in using your account (you may use SSH again) and verify that you are in runlevel 3 by running the command that displays the system’s runlevel.

    • If your sysadmin HOME directory is missing, you skipped some steps above. Do not continue. Restore from a snapshot and try again.

  3. Normally, you would remove the /old_home directory, and everything beneath it to free up space on the / filesystem, reaping the rewards of moving the /home directory to its own filesystem; however, leave the /old_home directory in place for marking purposes. Do not remove /old_home.

  4. Move into your sysadmin Base directory the tarball and all of the *.txt files you created in the home directory for root, and then change the owner and group of those files from root to yourself (your sysadmin user whose name is of the form abcd0001).

    • You may try, and fail, to use a shell GLOB pattern to move these files with sudo. Why? (Hint: Who is running the shell that is doing the GLOB expansion before executing sudo?)

Run the Fetch and Checking Program to verify your work so far.

4.10 CentOS: Practice with rsync

The rsync command is an intelligent form of copy command that only transfers data if the data isn’t already there. You will practice using rsync between your CentOS VM and its loop-back network adapter, which we will call the Backup machine (even though it’s really the same machine). A trivial change to the remote host name lets you transfer files to any machine on the Internet that lets you run rsync.

The modern rsync command uses an underlying SSH protocol to actually transfer the data, so any configuration you have done for SSH (such as private keys, host aliases, or SSH agents) applies to rsync as well.

4.10.1 Create a backup account and directory

  1. Take a snapshot of your CentOS VM. You can never have too many snapshots.

  2. Log in to CentOS as your sysadmin account.

/mnt/disk02

  1. Make an ext4 file system on the first logical partition of your second disk and create a system fstab entry that mounts it on the new directory /mnt/disk02 (that you will have to create).
    • Use the default options plus noatime in the fstab entry.
    • Turn on backups (field 5) and set the pass number to 3 (field 6).
  2. Mount the disk02 file system and then check the mount to make sure it has the noatime option listed: type ext4 (rw,noatime)

/mnt/disk02/backup

  1. Create a new system account named backup with these options:
    1. The account should be a system account with a HOME directory
      • Remember the options needed to create a system account with a HOME directory. (Your sysadmin account used the same options when you created it. Check your shell history for the command you used!)
    2. The GECOS (comment) field should be set to be Backup Account
    3. The HOME directory should be set to be /mnt/disk02/backup
      • You need to look up the option to do this; you have not yet used it this term (but did use it last term).
  2. Give the new backup account a really short password (because you will be typing it a lot in this assignment).

    • Tip: The root user can give an account a “too short” password if you persist by typing it multiple times:

      $ sudo passwd backup
Changing password for user backup.
New password: 
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is a palindrome
Retype new password: 
passwd: all authentication tokens updated successfully.
  3. Verify your new backup account:
    1. Make sure this works without error: ssh backup@localhost id
      • The uid and gid shown should be less than UID_MIN and GID_MIN in /etc/login.defs
    2. Make sure this works without error: ssh backup@localhost pwd
      • The directory printed should be /mnt/disk02/backup
    3. Make sure this works without error: ssh backup@localhost df .
      • Note the “dot” at the end of the line.
      • The output must show that the backup account HOME directory is on the first logical partition of your second disk, which is mounted on /mnt/disk02
      • Under Mounted on you must see /mnt/disk02 and if not, go back a few steps and mount it again.

4.10.2 Install the rsync package and test it

  1. Have you taken a snapshot recently?

  2. Install the rsync package.

  3. Make sure this works without error: ssh backup@localhost df .

    • Note the “dot” at the end of the line.
    • The output must show that the backup account HOME directory is on the first logical partition of your second disk, which is mounted on /mnt/disk02
    • Under Mounted on you must see /mnt/disk02 and if not, go back a few steps and mount it again.

  4. As a simple test, use rsync to transfer a single file to the Backup machine using the standard three archive, verbose, and hard-links rsync options as follows:

    $ date >foo
$ rsync -avH foo backup@localhost:

    1. Note the trailing colon (:) character after the host name in the destination pathname! Since nothing follows the colon, the same file name will be used in the HOME directory on the remote machine. (If you forget the colon, rsync will create a local file with that name; this is not what we want.)

    2. The three options -avH are standard sysadmin use for this command and are almost always used, just as sysadmin must always use the -p option to both cp and scp to preserve modes and times.

    3. You should see: sent 121 bytes received 31 bytes

    4. Confirm that the HOME directory of the backup account now contains an exact copy of file foo

      • Recall that the HOME directory of the backup account is not under the usual /home directory. Look in the right place.

    5. Confirm that the foo file in the backup account has exactly the same time and date as the one in your own account:

      $ sudo diff foo /mnt/disk02/backup/foo
$ sudo ls -l foo /mnt/disk02/backup/foo

    The output of ls must show identical sizes, times, and dates. See your instructor if you can’t get this one-file transfer working.

  5. Repeat the exact same rsync command with the same foo file.

    1. You should see: sent 49 bytes received 12 bytes
    2. No file data will transfer, since the file is already there.
    3. The bytes exchanged are due to the rsync protocol.

  6. Touch foo and repeat the same rsync again.

    1. You should see: sent 92 bytes received 37 bytes
    2. Only the date of the file needed to be changed; the data is the same.

  7. Redirect a new date into foo and repeat the same rsync again.

    1. You should again see: sent 121 bytes received 31 bytes
    2. The whole file had to be sent again because the data changed.

  8. Remove the foo file and reverse the rsync to restore a local copy from the remote Backup machine:

    $ rm foo
$ rsync -avH backup@localhost:foo .
    1. Note the trailing colon (:) character after the host name in the source pathname, followed by a relative pathname!
    2. Note the use of dot (.) at the end to copy into the current directory as a destination pathname! The same file name will be used in the current directory.
    3. The three options -avH are standard sysadmin use for this command and are almost always used, just as you must always use the -p option to both cp and scp to preserve modes and times.
    4. You should see: sent 30 bytes received 122 bytes
    5. Confirm that the file foo is restored into the current directory.

The rsync command only does the least amount of work needed to make the remote file or directory the same as the local one (or vice-versa).

4.10.3 Optional: Create an SSH host alias

This section is optional. Typing backup@localhost is too much work. We can shorten that.

  1. If necessary, create directory .ssh in your sysadmin account HOME directory and remove all permissions for group or other.

.ssh/config

  1. Put the following four lines into file config in the above .ssh directory:

    Host backup back bk b
    Hostname localhost
    HostKeyAlias localhost
    User backup

  2. Remove all permissions for group or other from the config file.

  3. From your sysadmin account, try out the new SSH Host alias using any ssh command:

    $ ssh backup id
CentOS release 6.6 (Final)
CST8177-15W idallen@idallen.ca
backup@localhost's password: 
uid=497(backup) gid=497(backup) groups=497(backup)

    You can use the shorter aliases, too. Try any of these:

    $ ssh backup id
$ ssh back id
$ ssh bk id
$ ssh b id

  4. Now try these; all should work using the above SSH Host aliases:

    $ rsync -avH foo backup:
$ rsync -avH foo back:
$ rsync -avH foo bk:
$ rsync -avH foo b:
$ rsync -avH b:foo .

You can now use the short SSH host and user alias b: instead of typing backup@localhost: as either a source or destination host name.

4.10.4 Back up your HOME directory

  1. Use rsync with the standard three sysadmin options to send your entire HOME directory to the Backup machine under remote directory test1.

    1. Always use the relative path on the remote machine.

    2. Use rsync with the added dry-run option so that you can see what pathnames are being copied. When the pathnames look correct (see below), remove the dry-run option.

    3. You may use the optional SSH host alias b: as part of the destination pathname, if you created it above, otherwise you need to use the full backup@localhost: name.

    4. As noted in your rsync course notes (12-sshkeys_yum_rsync.pdf), be careful how you specify the source pathname for your HOME directory. You must ensure that every local file /home/abcd0001/foo transfers to the Backup machine HOME directory as test1/foo and not as abcd0001/test1/foo. If rsync displays pathnames that begin with your userid, such as this:

      sending incremental file list
created directory test1
abcd0001/
abcd0001/.bash_history
[...etc...]

      then your source pathname is NOT correct. If you are not using the dry-run option, you have to remove the abcd0001 directory from the backup account and re-read your rsync course notes (12-sshkeys_yum_rsync.pdf). The pathnames transferred should look similar to this:

      sending incremental file list
created directory test1
./
.bash_history
[...etc...]

      Only when the pathnames look correct should you remove the rsync dry-run option and actually transfer the files.

    5. Make sure there is no extra abcd0001 directory under the test1 directory in the backup account HOME directory.

    6. Compare a local file and a backed-up file to make sure they are the same, including the time and date:

      $ pwd ; echo ~backup
/home/abcd0001/CST8177-15W/Assignments/assignment08
/mnt/disk02/backup
$ sudo diff do.sh ~backup/test1/CST8177-15W/Assignments/assignment08/do.sh
$ sudo ls -l do.sh ~backup/test1/CST8177-15W/Assignments/assignment08/do.sh

      Make sure the files are exactly the same. The output of ls must show identical sizes, times, and dates.

rsync_home_test1.txt

  1. Put the exact rsync command line you used above into file rsync_home_test1.txt in your sysadmin Base Directory.

  2. Test that you can restore an existing file from the Backup machine to the /tmp directory on the local machine. Compare the tmp copy to the original file. The two files should be exactly the same, including the time and date:

    $ rsync -avH backup@localhost:test1/CST8177-15W/Assignments/assignment08/do.sh /tmp/foo
$ diff /tmp/foo ~/CST8177-15W/Assignments/assignment08/do.sh
$ ls -l /tmp/foo ~/CST8177-15W/Assignments/assignment08/do.sh
    • You may use the optional SSH host alias b: in the source pathname, if you created it above.
    • Pick some other existing file name if you don’t have assignment08/do.sh
    • If rsync says failed: No such file or directory then verify that the file exists where you think it should be under the test1 directory in the backup HOME directory.
    • Make sure the files are exactly the same. The output of ls must show identical sizes, times, and dates.

  3. Repeat the exact same rsync command to the test1 directory that you did in Step 1 above and that you saved in the rsync_home_test1.txt file:

    1. You can re-type the command line, or use shell history, or you can simply tell the shell to run the command in the file: sh rsync_home_test1.txt
    2. Always use the relative path on the remote machine.
    3. Almost no file data will transfer, since almost all the files are already there. (Your .bash_history file and the new rsync_home_test1.txt file should be the only files that have changed.)
    4. Look for a speedup is line at the bottom of the rsync verbose output that tells you how much faster it was to compare files and not have to transfer any of the files that were already there.

  4. Change to your sysadmin Base Directory. (Perhaps you are already there?)

  5. In your sysadmin Base Directory, touch your existing rsync_home_test1.txt file and repeat the full HOME directory backup again.

    • Again, note that only one or two files are selected for transfer.

rsync_base_test1.txt

  1. In your sysadmin Base Directory copy rsync_home_test1.txt to the new file rsync_base_test1.txt

  2. Use a new rsync command line with the dry-run option to attempt to update just the current sysadmin Base Directory (not your whole HOME directory) to the corresponding remote sysadmin directory on the Backup machine.

    • Always use the relative path on the remote machine.

    • The source pathname to rsync must be simply . (the current, sysadmin Base Directory) not your HOME directory.

    • If you get the command correct, rsync will propose to update only one single file to the remote machine – the new rsync_base_test1.txt file.

      sending incremental file list
./
rsync_base_test1.txt

sent 463 bytes  received 18 bytes  962.00 bytes/sec
total size is 28770  speedup is 59.81 (DRY RUN)

    • If rsync proposes to transfer all the pathnames in the current directory, then you have the destination directory wrong.

  3. When rsync with the dry-run option says only one file will be updated from this sysadmin Base Directory to the remote sysadmin directory, remove the dry-run option and update the Backup machine with the current directory.

    • Only the one file should transfer between the two base directories.

rsync_base_test1.txt

  1. Put the exact rsync command line you used into file rsync_base_test1.txt in your sysadmin Base Directory.

  2. Remove just the one file rsync_base_test1.txt from the remote sysadmin Base Directory as backed up under the test1 directory in the Backup account, like this:

    $ sudo rm ~backup/test1/CST8177-15W/Assignments/assignment08/rsync_base_test1.txt

    If you get an error message, you have the pathname wrong or else you didn’t do the previous rsync correctly to back up the file.

  3. From your sysadmin Base Directory repeat the exact same base-directory-only rsync command that you saved in the rsync_base_test1.txt file: sh rsync_base_test1.txt

    • Always use the relative path on the remote machine.
    • Exactly one file should transfer: rsync_base_test1.txt

Since rsync can transfer a lot of files in a very short time, always do a dry-run rsync before doing the real thing, just to make sure that you have the pathnames correct! As it says in the rsync course notes (12-sshkeys_yum_rsync.pdf), the source pathname syntaxes foo and foo/. are NOT the same, and it’s usually foo/. that you want to use as a source pathname! Always use the dry-run option first!

Run the Fetch and Checking Program to verify your work so far.

4.10.5 Optional: Using rsync to other machines

You can probably see that using rsync to send files to another machine is simply a matter of choosing the remote userid and machine name for the SSH login:

$ date >foo
$ rsync -avH foo backup@localhost:
$ rsync -avH foo abcd0001@cst8177.idallen.ca:

Of course, you need an SSH account on the remote machine, and rsync (and the underlying SSH protocol) must be installed there.

Tip: You might choose to back up your CentOS sysadmin account HOME directory to a backup directory in your account on the CLS every now and then.

Warning: An incorrect use of rsync to the CLS can overwrite important files on the CLS. Some rsync options may even delete files. Always use the dry-run option to see what rsync proposes before actually letting rsync do the transfer.

4.11 CentOS: Boot into single user mode

If you find yourself locked out of a Linux machine, and you have access to the console, booting into single user mode will will often not require a password, and in single-user mode you can change passwords or perform various other repair tasks. (Some systems do password-protect single-user mode, in which case you would need to boot a “live” or “rescue” CD to reset your root password.)

  1. Use the correct command to reboot your CentOS VM, and when you see the GNU GRUB menu and the 30-second countdown timer, halt the GRUB countdown by pressing the space bar or an arrow key.

  2. Use GRUB to edit your boot options so you boot into single user mode. (Refer to last term’s CST8207 Booting and GRUB.)

  3. Verify that you are in single user mode: when you issue the command runlevel, the output should be either N S or unknown

  4. Note that you are running as root and can change the password of any user in single-user mode, including the root password.

ps_auxww.txt

  1. Put the output of the command ps auxww into a file named ps_auxww.txt in your sysadmin Base Directory, and change the ownership and group of this file to your ordinary sysadmin user. (Don’t leave root-owned files in ordinary user accounts!)

  2. Exit this single-user shell, which will allow the system to boot into the default runlevel.

  3. Log in (using SSH if possible) and verify you’re in the default runlevel by issuing the runlevel command.

    • You should see: S 3

Run the Fetch and Checking Program to verify your work so far.

4.12 CentOS: Boot into rescue mode

If you find a Linux machine is unbootable, and you have console access, you may be able to rescue it by booting the machine from a “Live CD”. You will use the CentOS installation DVD to boot into “rescue” mode, which is a “Live CD” mode.

  1. Shut down or power down your CentOS VM gracefully using the proper command.

  2. Attach the CentOS Installation ISO image file to your VMware virtual DVD drive, connect it, and make sure it will be connected at Power On. (You did exactly this when you first installed CentOS.)

  3. Access the VMware Settings for your Virtual Machine and increase the RAM to at least 1024MB. (The installer and Rescue mode needs more RAM for the graphics than the server-style CentOS machine.)

  4. Boot into the VMware BIOS of your virtual machine, as follows:

    1. On VMware Workstation 7.x and later, to enter the BIOS setup for the guest operating system, click VM > Power > Power On to BIOS
    2. On VMware Fusion, or an earlier version of VMware Workstation:
      • Shut down the virtual machine.
      • Go to where the virtual machine is stored on your host O/S.
      • Make a backup of the VMware *.vmx file.
      • Add this line to the end of the *.vmx file to give a longer pause on the VMware BIOS screen: bios.bootDelay = "60000"
      • Reboot your virtual machine and you should have 60 seconds to use the correct key to enter the VMware BIOS menu.

  5. In the VMware BIOS menu, use the keyboard to change the “Boot” settings so that the CD/DVD drive is before the hard disk in the boot order, if it isn’t already.

  6. Save and Exit the VMware BIOS. The machine should boot from the virtual CD/DVD drive that contains the CentOS installation ISO image file. You should see the familiar Welcome to CentOS installation menu and a 60-second countdown timer:

    CentOS 6 Welcome

    If you boot into your regular CentOS on your hard disk, then you didn’t set up either the Boot menu or the CD/DVD device correctly. Wait until the machine has finished booting, log in, shut it down and try again.

  7. On the Welcome to CentOS screen, use the arrow keys to select the item Rescue installed system. Boot it by pressing Enter.

  8. Follow the instructions on the screen, choosing the defaults for everything except for networking. Do not enable networking.

    1. You do not need to enable networking – choose No

    2. Use Continue (not Read-Only) for your Linux Rescue installation, since we need to write on the file system.

    3. If it says it can’t mount your disk under /mnt/sysimage, see the Rescue CD Appendix I.

      CentOS 6 Rescue Sysimage

    4. When it says Your system has been mounted under write down the directory under /mnt that will be used to mount and access your Linux installation.

    5. At the three-item menu that starts with shell Start shell, choose the first item (start a shell). It will give you a root shell prompt in a black console screen of the Rescue system.

  9. When you finally have a bash root prompt, type hostname and then cat the password file to see that this is not your own CentOS system running. It is the Rescue system, with its own Rescue machine name and Rescue password file.

    • If you see your CentOS machine name or password file, you didn’t boot from the Rescue CD. Shut down and try again.

  10. Running df in this Rescue CD will confirm that your CentOS ROOT partition /dev/sda1 is now mounted on directory /mnt/sysimage and your CentOS HOME partition /dev/sdb1 is mounted on directory /mnt/sysimage/home

    • You should see 9 lines, 5 of which are /mnt/sysimage file systems.
    • See Rescue CD Appendix I to mount these file systems manually, if the Rescue CD is unable to do it automatically.
    • Get help if this is not true!
CentOS 6 Rescue df

livecd_df.txt

  1. Redirect the full output of df (all 10 lines) to the file livecd_df.txt in your sysadmin Base Directory in your mounted CentOS system.
    • Use the correct path to your sysadmin Base Directory on its current mount point. (The correct path to your sysadmin Base Directory is NOT under /home when mounted on the Rescue CD! Read all the words above.)
  2. Run ls -l on all the HOME directories in the HOME partition (which is NOT currently mounted under /home) and note that all the accounts have numeric owners and groups.
    • Even your own sysadmin HOME directory shows a numeric owner and group in the output of ls -l.
    • Exam question: Why are all these HOME directories showing as numbers instead of userids when viewed from the Rescue CD?

livecd_passwd.txt

  1. Save a copy of the LiveCD’s password file, preserving timestamps, permissions, etc., to the file livecd_passwd.txt in your sysadmin Base Directory in your mounted CentOS system.
    • Use the correct path to your sysadmin Base Directory on its current mount point. (The correct path to your sysadmin Base Directory is NOT under /home when mounted on the Rescue CD! Read all the words above.)
    • Since this is the Rescue CD, none of your aliases are defined. Make sure you use the right option to the copy command.
    • The sum of your livecd_passwd.txt file should be 63933 2
  2. The owner and group of the livecd files you just copied into your sysadmin directory is currently root.
    • Try (and fail) to change the file to be owned by your CentOS system admin account user name.
    • The command will say your sysadmin userid doesn’t exist: chown: invalid user: 'abcd0001'
    • Exam question: Why did the chown fail when run from the Rescue CD?
    • Why is your sysadmin userid invalid (doesn’t exist) in the Rescue CD environment?
  3. Run the command chroot /mnt/sysimage
    • This starts a root shell running with /mnt/sysimage (your hard disk CentOS ROOT) as its ROOT directory, instead of the Rescue CD ROOT.
    • As long as you remain in this chroot shell, the /mnt/sysimage directory will used as be actual ROOT directory named /.
    • Now when you cat the password file, you will see the password file relative to the new chroot ROOT directory, which is your CentOS ROOT directory, so you see your CentOS password file, not the LiveCD password file.
    • If you don’t see your own CentOS password file, get help.
  4. Run the df command now and note the familiar list of file systems, with sda1 mounted on the ROOT and sdb1 mounted on /home, etc.
    • The chroot command hides the /mnt/sysimage mount point and makes it look like the real ROOT directory as long as we stay in this chroot shell.

All programs you run from this chroot shell will behave as if they used your CentOS file system as the ROOT. The file name /etc/passwd now refers to your CentOS password file, not the Rescue CD password file.

You could fix a broken MBR with the command grub-install at this point, or do any other repairs to your CentOS Linux file system.

  1. In the chroot shell you are running, pathnames work as if your CentOS machine were running. Everything works as expected.

    • Confirm that you can now see your two livecd_*.txt files in your usual CentOS sysadmin Base Directory using its usual path with respect to the usual CentOS ROOT directory:

      # cd ~abcd0001/CST8177-15W/Assignments/assignment08
# ls -l livecd_passwd.txt livecd_df.txt

    (Always use your own sysadmin userid in these assignments, never the place-holder userid abcd0001.) Note that the above files in your account are still owned by root.

  2. Change the owner and group of the livecd_*.txt files to your system admin account user name. The command will succeed this time.

    • Exam question: Why did the chown succeed in the chroot shell but fail in the Rescue CD shell before using chroot?

  3. Exit the chroot shell. You will return back to the Rescue CD shell and prompt.

  4. Run the df command again in this Rescue CD shell and note how everything again appears mounted under /mnt/sysimage

  5. At the Rescue CD root shell prompt, try to use the usual command to shut down and halt the machine safely. Do not use VMware Power Off!

    1. The command will fail: shutdown: Unable to shutdown system
    2. Exit the Rescue CD root shell and return to the three-itme Rescue CD text menu.
    3. Use the arrow keys to select: reboot Reboot from the menu.
    4. When the machine reboots and you again see the blue Welcome to CentOS 6.6 screen, use the VM -> Power -> Power Off menu to power off the system without starting CentOS.
      • You can safely use VMware to power off a machine before any hard-disk operating system (e.g. CentOS) starts.
      • Never power off a running CentOS machine!

  6. With the machine powered off:

    1. Go to the VMware VM Settings, Hardware CD/DVD tab, under Device Status, and un-check Connect at power on.
    2. On the same screen, take the ISO file out of the virtual CD/DVD drive by switching the Connection back to Use a physical drive.
    3. Save the settings so that you do NOT boot again from the Rescue ISO image file.
    4. Go to the Hardware Memory settings and reduce the memory back to 256MB to make live snapshots quick and small.
    5. Save the settings.

  7. Power on your CentOS VM. You should see a familiar GNU GRUB menu from your hard disk CentOS installation.

    • If you end up booting the CD/DVD again, use the VMware menu to disconnect it. Reboot or choose Boot from local drive.

  8. When your CentOS has rebooted, log back in as your system admin account (using SSH if possible, since it’s nicer than the console).

  9. Change the ownership and group to you of any remaining root owner or group files anywhere in your CentOS system admin account. (If you’ve done your work carefully, there should be nothing owned by root.)

    • System administrators often scan home directories, looking for root-owned files as an indication that someone has broken into the system. Don’t leave root-owned files in your own CentOS sysadmin account.
    • NOTE: The Checking Program does create root files in your CLS assignment directories. This is intentional: don’t delete these!

Run the Fetch and Checking Program to verify your work so far.

4.13 When you are done

That is all the tasks you need to do.

Log in to the CLS and submit your mark from the CLS following the Checking Program instructions below.

Read your CLS Linux EMail and remove any messages that may be waiting. See Reading eMail for help.

Optional: Keeping your main configuration snapshots, remove any intermediate snapshots you no longer require, to free up disk space. - Be careful not to remove your current work!

5 Checking, Marking, and Submitting your Work

See CentOS Remote Checking, Marking, and Submitting your Work.

6 Rescue CD Appendix I

Use this Appendix if the Rescue CD tells you it can’t mount your system under /mnt/sysimage and tells you to do it manually. We will also mount some useful /dev directories) so that chroot works.

First, use the Rescue CD menus to get to a root shell prompt.

At the Rescue CD root shell prompt, mount these five file systems:

# mount /dev/sda1 /mnt/sysimage
# mount -o bind /dev /mnt/sysimage/dev
# mount -t tmpfs /dev/tmpfs /mnt/sysimage/dev/shm
# mount /dev/sdb1 /mnt/sysimage/home
# mount /dev/sdb5 /mnt/sysimage/mnt/disk02

The output of df should now be 9 lines, with five lines including the above five /mnt/sysimage file systems.

Author: 
| Ian! D. Allen  -  idallen@idallen.ca  -  Ottawa, Ontario, Canada
| Home Page: http://idallen.com/   Contact Improv: http://contactimprov.ca/
| College professor (Free/Libre GNU+Linux) at: http://teaching.idallen.com/
| Defend digital freedom:  http://eff.org/  and have fun:  http://fools.ca/

Plain Text - plain text version of this page in Pandoc Markdown format

Campaign for non-browser-specific HTML   Valid XHTML 1.0 Transitional   Valid CSS!   Creative Commons by nc sa 3.0   Hacker Ideals Emblem   Author Ian! D. Allen