Yearly Archives: 2017

How to mount ISO file in Linux?

Leave a reply

Learn how to mount ISO disk image in Linux. ISO image file mounts using a loop device and iso9660 filesystem type enabling users to access data within as a normal mount point. 

Many software distributions come on Compact Disc CD media. Since physical CD is difficult to maintain over the course of years, many people prefer to have an ISO image of discs. Also, it’s feasible to use such ISO file quicker on the server where native disc drive is absent. It’s quick to copy ISO file on the server and mount it rather than searching for a USB disk drive, connecting, identifying it on the server, and then using the disc in it.

In this post, we will be seeing how to mount ISO file in Linux to access data in it. It’s a very short procedure of a couple of commands and ISO file’s data will be available to you like any other data mount point.

Step 1.

First, we need to create a mount point directory on which ISO will be mounted. Preferable it should be under /mnt structure.

# mkdir /mnt/iso

Now, copy ISO to the server using FTP or SCP. Let’s say we have copied test.iso in /tmp directory.

Step 2.

Mount ISO file on /mnt/iso mount point using mount command using the loop device. The loop device is a pseudo-device that accesses the file as a block device. Since mount command deals with block devices and not files, we are using a loop option here.

# mount -o loop /tmp/test.iso /mnt/iso
mount: you must specify the filesystem type

Here you can see an error that we haven’t specified file system to mount. Proceed with specifying the iso9660 file system. iso9660 file system uses for CD/DVD ROM file structures.

#  mount -o loop -t iso9660  /tmp/test.iso /mnt/iso

Using the above command with filesystem iso9660 and loop device we successfully mounted ISO file. You can verify it with df command and viewing content of ISO file.

# df -h
Filesystem            Size  Used Avail Use% Mounted on
/tmp/test.iso          82K   82K     0 100% /mnt/iso

# cd /mnt/iso
# ll
total 22
-r-xr-xr-x. 1 root root 12246 Dec 19 13:50 CPU_iowait.xlsx
-r-xr-xr-x. 1 root root  9357 Dec 19 13:53 RAM.xlsx

You can un-mount this ISO with simple unmount command. Unless you unmount it, ISO file will be in use by this mount and throws warnings if you try to work with it.

# unmount /mnt/iso
Its 100.

Its a century! Celebrating 100 posts!

Leave a reply

Here we are on the 100th block! Kerneltalks journey of 4 months reaching a milestone of 100 posts! Crawling web of Linux, Unix & scripts for the goodness of sysadmin!

And here we are!!!! on 100th post!!!!

kerneltalks.com was registered in Oct 2016, to take a journey of kerneltalks.blogspot.com further into wider space. In 3-4 months of the span, KT has grown to 100 posts database of Linux, Unix, and Script related stuff. We have observed 40K pageviews in this period and a continuously growing organic search number!

There were a couple of technology enhancements done to run KT smoothly and give an awesome reading experience to all its readers.

KT started getting feedback, questions from its readers over email. Social branding is one of the aspects KT just started and advancing at a low pace day by day. As of today, KT having 377 fans on its Facebook page, 5 Google+ followers, 15 Twitter followers, 19 Feed readers, and 28 email subscribers. Totaling 444 social followers. Although these numbers look pretty small they are growing and yes they are not paid ones!

KT also gained a leap in Alexa ranking. Currently its ranked 4,00,728th popular website in the world and 33,529th in India. If you are into blogging and know what is Alexa, you definitely love these numbers!

I hope the same continuity in the future and would like to see these numbers greatly raised when KT reaches 200 posts milestone! Till then, have a good time! Happy surfing!!

HPUX: APA configuration testing script

Leave a reply

Small APA configuration testing script which will automate checking and verifying your Auto Port aggregation configuration in the HPUX server.

In the past, we have seen the configuration of Auto Port Aggregation in HPUX which explains what is APA and what is the purpose of using APA in your setup. In another post, we learned how to test APA if working perfectly or not. In this post, I will be sharing a script that I coded to automate this APA test.

Do not run this script on running live production. Since testing APA involves disabling of NIC.

Also, make a note that you need to run this script in normal terminal login and not on the server console. Since if the APA test fails you will lose server connectivity on primary NIC IP address. It is recommended to keep a continuous ping session on to IP address (configured on APA) to make sure that you monitor connectivity during the whole APA test. I have also explained the use of this continuous ping in manual APA test post.

Script code :

Execute this script on your own risk!

See below the APA configuration testing script. Save the below code in apa_test.sh file on your server. Execute script with root privileges using sh apa_test.sh or ./apa_test.sh command. Make sure executable permissions are set for the file.

Sample output :

******* APA Configuration Check *******
Caution !! Do not run this script from console

APA group : 900
IP	  : 10.10.5.2
Lan PPA	  : 0

APA group : 900
IP	  : 10.10.5.2
Lan PPA	  : 1

APA is working normally!

Write us suggestions/feedback/corrections in comments.

Auto port aggregation APA configuration in HPUX

Leave a reply

Learn APA configuration in HPUX. Auto port aggregation logic is similar to network teaming in Linux. Used for network card hardware-level redundancy.

APA stands for Auto Port aggregation. It is software i.e. operating system level configuration which offers NIC (Network Interface Card also referred to as LAN card) redundancy. We have already briefed about APA in this post, refer to the first paragraph.

Also read : Network bonding-teaming in Linux

Let’s run down to configuration steps for APA in HPUX in failover group mode.

Step 1.

You need to have teaming software installed on your system. The Teaming (Auto PORT Aggregation) application is inbuild in HP-UX 11i  V2 EOE. If not you can download it from the HP software repository and install it on your HPUX server.

Step 2.

Make sure your primary network interface card (NIC) is configured with a proper IP address, mask, and gateway.  Use netstat -in command.

# ioscan -funC lan 

Class I H/W Path Driver S/W State H/W Type Description 
=================================================================== 
lan 1 1/1/0 gelan CLAIMED INTERFACE HP A4926A PCI 1000Base-SX Adapter
/dev/gelan4

Let’s assume we have identified lan1 as a secondary NIC for our config. lan0 being the primary one.

Secondly, identify your second NIC which can be used as secondary card in APA configuration (Use ioscan -fnClan command). Make sure this card is connected to a different network switch, configured with the same VLAN as primary on the network end, and is physical does not reside in the same hardware module of primary NIC. This ensures high availability in case of network, switch, or card hardware failure.

To confirm both cards have same network reachability (i.e. on same VLAN) use below command :

# linkloop -i PPA_pri StationAddr_sec

# linkloop -i 1  0x00108323463C 
Link connectivity to LAN station: 0x00108323463C 
-- OK 

---- failure output means no connectivity----
Link connectivity to LAN station: 0x00108323463C 
error: get_msg2 getmsg failed, errno = 4 
-- FAILED 
frames sent : 1 
frames received correctly : 0 
reads that timed out : 1

where station address is MAC (can be obtained from lanscan output) and PPA number is lan0, lan1 number. Try in both ways. using MAC of primary and PPA of secondary and vice versa to make sure you have connectivity between both cards. If you get shown failed error then those two cards cant be used in APA config together.

Step 3.

Edit configuration file /etc/rc.config.d/hp_apaportconf and mention interface names (lan0 and lan1 in our case) like below:

HP_APAPORT_INTERFACE_NAME[0]=lan0
HP_APAPORT_CONFIG_MODE[0]=LAN_MONITOR

HP_APAPORT_INTERFACE_NAME[1]=lan1
HP_APAPORT_CONFIG_MODE[1]=LAN_MONITOR

Step 4.

Start APA services.

# /sbin/init.d/hpapa start
/sbin/init.d/hpapa started.
         Please be patient. This may take about 40 seconds.
         HP_APA_DEFAULT_PORT_MODE = MANUAL
         /usr/sbin/hp_apa_util -S 0 LAN_MONITOR
         /usr/sbin/hp_apa_util -S 1 LAN_MONITOR
         /sbin/init.d/hpapa Completed successfully.

# /sbin/init.d/hplm start

Step 5.

Now, we will create a LAN configuration file that can be applied later to both NIC to make them aware they are working in a group under the same IP umbrella. lanqueryconf command creates ASCII file at /etc/lanmon/lanconfig.ascii

# lanqueryconf -s 

# more /etc/lanmon/lanconfig.ascii
NODE_NAME teststation 
POLLING_INTERVAL 10000000 
DEAD_COUNT 3 
FAILOVER_GROUP lan900 
STATIONARY_IP 10.10.2.5 
PRIMARY lan0 5 
STANDBY lan1 3

See the content of this ASCII file. It has node name, polling interval (microseconds, default is 10 sec). The dead count is the number of polling packets missed to consider failure and initiate failover (default is 3). The failover group is lan name which will be visible systemwide. lan900 will have our primary NIC address and lan0, lan1 will work together as lan900. IP is IP taken up by lan900. lan0 will be treated as primary NIC and lan1 as standby. Number 5,3 denotes priorities of respective NIC.

You can make changes in this file if you dont want to go with default values.

Step 6.

The above file is generated for admin to edit if any changes required. After that, the file will be checked for integrity and then can be applied to APA configuration like below :

# lancheckconf
Reading ASCII file /etc/lanmon/lanconfig.ascii
Verification of input file /etc/lanmon/lanconfig.ascii is complete.
 
# lanapplyconf
Reading ASCII file /etc/lanmon/lanconfig.ascii
Creating Fail-Over Group lan900
Updated binary file /etc/lanmon/lanconfig

Here lan900 is created and you APA is complete.

Step 7.

Now you can see lan0 and lan1 vanish from lanscan -q output and instead lan900 appeared with 0 and 1 as its members.

# lanscan -q 
2 
3 
900 0 1 
901

You can verify that lan900 will have an IP address which was configured on primary NIC lan0 before configuration (in netstat -in output).

You can even test if APA failover is happening correctly.  Follow this testing procedure to make sure your APA works properly. Sometimes lan900 won’t appear and you need to restart your system. The rebooting system takes up a new APA configuration and you will able to see lan900 in action.

If there is more than one APA configured on the system then it will follow the series of lan901, lan902, and so on.

What is umask value? How to set it up?

Leave a reply

Learn everything about umask value. What is umask value? What is the best default umask? How to set it up in Linux and Unix? & How to calculate umask?

One of the basic topics in learning Linux or Unix is umask value. UMASK is a user file/directory permission mask value and is 4 digits octal value! Whenever a user creates a file or directory kernel grants it some by default permissions. Those are base permissions. For file, it’s 666 (i.e. rw-rw-rw) means read, write to all (owner, group, others), and for directory its 777 (i.e. rwxrwxrwx) means read, write, execute to all.

Here user mask plays its role. The user permission mask is the octal value that is used to determine file/directory permission when they are created by the user. Umask value subtracted bitwise from base permissions and final permission is determined for newly created files and directories.

How to calculate umask?

For example, if umask value is 0022 then newly created files will have permission 0666-0022=0644 (i.e. rw-r–r–) means read to all and write to the owner only. There are plenty of combinations can be used depending on your requirement. You can refer below calculation table for determining your expected umask value:

umask value (Bit from left to right)For whomFile base permissionDirectory base permission
1st00
2ndOwner67
3rdGroup67
4thOthers67

So, you need to decide which final permission you want on newly created file and directories. Once that is finalized you can have reverse calculation with 666 & 777 and decide your umask value.

Read also : What is ulimit value?

What is best default umask?

Below are few standard best default umask values which can be used :

umask valueFinal File permissionFinal directory permissionUseful for
022644755 Normal user. Others have read access only
002664775 Group usage. Only group members has access
077600700 Complete privacy. No other user can access your data

How to setup umask in Linux/Unix?

umask value can be set up using simple command umask followed by its value. But, this value will be set only for that current active shell session.

# umask 022
# touch testfile
# ll
total 0
-rw-r--r--. 1 root root 0 Feb  1 01:03 testfile

# umask 077
# touch testfile1
# ll
total 0
-rw-------. 1 root root 0 Feb  1 01:04 testfile1


Observe in the above output that file permissions defer when we set different umask values.

To set this up permanently, define this command in the login profiles of users. /etc/profile value can be overridden by the user’s own profile which executes after that. For all systemwide users define it /etc/profile or /etc/bashrc file. For user-specific values, define them in  ~/.profile (Korn / Bourne shell) ~/.cshrc file (C shells), ~/.bash_profile (Bash shell) these shell specific profiles in their home directories.

You need to open a specific profile with vi editors and append umask <value> line at the end.

Setup umask with permission 

If you are not good at remembering numbers and want to avoid octal notation, then you can define umask with permission letters too. Syntex will be as below :

# umask u=rwx,g=,o=

# ll
total 0
-rw-------. 1 root root 0 Feb  1 01:12 testfile3

Here, we set umask with defining permissions at the user, group, and owner level (500). Notice that there is no space in between but permissions are separated by commas.

Why and how to disable SELinux in your Linux distro

Leave a reply

Learn how to disable SELinux in most of the Linux distro. Understand what is SELinux; why and when you require to disable it. 

You may have come across many app/tools or utility configurations on Linux like FTP when its stated to disable SELinux. You do it and your config runs smoothly. Have you ever wondered what is this SELinux thing? We are going to discuss this in this post!

SELinux is a short form of Security-Enhanced Linux. It’s a set of modules that implement access control policies in the kernel. To disable all this policy enforcement, we disable SELinux. These access control policies might interfere and won’t let your app/utility etc work properly. This is why we see disabling SELinux steps in configurations. Vendors like Red Hat strongly recommends using ‘Permissive mode’ rather than completely disabling SELinux.

SELinux exists to secure your server! Do not disable it unless you have a good reason or you know what you are doing.

SELinux modes:

There are three modes defined in SELinux config files.

  1. Enforcing: Always enforce policies
  2. Permissive: Prints warning messages rather than actually enforcing policies
  3. Disabled: All SELinux policies disabled.

Its always to go with permissive mode if you are troubleshooting some system/app/utility behavior. So that it will give you a proper picture if SELinux really coming in your way and if you should permanently disable it or not.

Current SELinux mode can be checked using below command :

# getenforce
Permissive

Here SELinux is running in permissive mode.

How to disable SELinux temporarily :

Disabling SELinux permanently using the config file method (explained below) needs a reboot. If you want to avoid downtime then you can turn it into permissive mode temporarily using below method :

# echo 0 > /selinux/enforce
OR
# setenforce 0

Setting enforce file with value 0 makes it permissive. Turning it to 1 makes SELinux enforcing.

How to disable SELinux permanently:

SELinux has its own configuration file located at /etc/selinux/config. Here you can state SELINUX=disabled. But this file change needs a reboot to take effect. Here you can even choose permissive mode we talked about earlier.

# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Save file changes and reboot the system. Once rebooted you can see SELinux status using getenforce command.

This method works on RHEL, CentOS, Fedora, Ubuntu.

SELinux mode selection from GRUB:

You can even decide which mode SELinux starts with system boot. Edit /boot/grub/grub.conf file and appending  entry selinux=0 or selinux=1 in kernel line like below:

# cat /boot/grub/grub.conf
---- output clipped -----
splashimage=(hd0)/boot/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux (2.6.32-431.29.2.el6.x86_64)
        root (hd0)
        kernel /boot/vmlinuz-2.6.32-431.29.2.el6.x86_64 ro root=LABEL=/ rhgb quite selinux=0  
        initrd /boot/initramfs-2.6.32-431.29.2.el6.x86_64.img

Disabling SELinux for specific service:

Disabling SELinux for specific services also possible. So you can keep it in enforcing mode and only disable for your required services. You need to use setsebool command and feed it with service name nad required value like below.

# setsebool httpd_disable_trans 0

This sets its permissive mode for httpd services. Make a note that, you need to restart related service after disabling/enabling SELinux for it.

FTP server configuration steps in RHEL 6

Leave a reply

Step by step configuration guide for setting up the FTP server in RHEL6. FTP server is useful for small scale file sharing between cross-OS platforms.

FTP (file transfer protocol) is one of the famous methods to get centralized file storage on a low scale. FTP server implementation mainly is done to enable users to upload files in a centralized location. Many vendors have their FTP servers running where sysadmins upload logs when any case investigation is in progress with the vendor. This is almost a common thing in the life of sysadmin working in Corporate infrastructure.

In this post, we are going to see step by step configuring the FTP server in the RHEL server. Setting up FTP server can be staged in below parts :

  1. Installing necessary packages
  2. Starting up services
  3. Setting up users
  4. Testing

1. Installing necessary packages :

We need to have a very secure ftp, rpcbind and xinetd services installed on the server. You can check them if they are installed using the below command :

# rpm -qa | grep -i vsftpd
vsftpd-2.2.2-21.el6.x86_64

# rpm -qa | grep -i xinetd
xinetd-2.3.14-40.el6.x86_64

# rpm -qa | grep -i rpcbind
rpcbind-0.2.0-12.el6.x86_64

If they are not installed, install them with below command (Make sure you have YUM configured on your server.):

#  yum install vsftpd rpcbind xinetd y
Loaded plugins: amazon-id, rhui-lb, security
Setting up Install Process
No package y available.
Resolving Dependencies
--> Running transaction check
---> Package rpcbind.x86_64 0:0.2.0-11.el6 will be updated
---> Package rpcbind.x86_64 0:0.2.0-12.el6 will be an update
---> Package vsftpd.x86_64 0:2.2.2-21.el6 will be installed
---> Package xinetd.x86_64 2:2.3.14-40.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================================================
 Package                           Arch                             Version                                     Repository                                                  Size
=================================================================================================================================================================================
Installing:
 vsftpd                            x86_64                           2.2.2-21.el6                                rhui-REGION-rhel-server-releases                           155 k
 xinetd                            x86_64                           2:2.3.14-40.el6                             rhui-REGION-rhel-server-releases                           122 k
Updating:
 rpcbind                           x86_64                           0.2.0-12.el6                                rhui-REGION-rhel-server-releases                            51 k

Transaction Summary
=================================================================================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 328 k
Is this ok [y/N]: y
Downloading Packages:
(1/3): rpcbind-0.2.0-12.el6.x86_64.rpm                                                                                                                    |  51 kB     00:00
(2/3): vsftpd-2.2.2-21.el6.x86_64.rpm                                                                                                                     | 155 kB     00:00
(3/3): xinetd-2.3.14-40.el6.x86_64.rpm                                                                                                                    | 122 kB     00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                            1.1 MB/s | 328 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 2:xinetd-2.3.14-40.el6.x86_64                                                                                                                                 1/4
  Installing : vsftpd-2.2.2-21.el6.x86_64                                                                                                                                    2/4
  Updating   : rpcbind-0.2.0-12.el6.x86_64                                                                                                                                   3/4
  Cleanup    : rpcbind-0.2.0-11.el6.x86_64                                                                                                                                   4/4
  Verifying  : rpcbind-0.2.0-12.el6.x86_64                                                                                                                                   1/4
  Verifying  : vsftpd-2.2.2-21.el6.x86_64                                                                                                                                    2/4
  Verifying  : 2:xinetd-2.3.14-40.el6.x86_64                                                                                                                                 3/4
  Verifying  : rpcbind-0.2.0-11.el6.x86_64                                                                                                                                   4/4

Installed:
  vsftpd.x86_64 0:2.2.2-21.el6                                                           xinetd.x86_64 2:2.3.14-40.el6

Updated:
  rpcbind.x86_64 0:0.2.0-12.el6

Complete!

Once installed, make them start at every boot with chkconfig configurations.

2. Starting up service :

After installation is over, stop iptables firewall and turn SELinux into permissive mode, to ensure FTP functions well.

# service  iptables  stop
ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]
# setenforce 0

Now start services one by one and check if they are running.

# service vsftpd start
Starting vsftpd for vsftpd:    [ OK ]
# service xinetd start
Starting xinetd:               [ OK ]
# service rpcbind status
rpcbind (pid 4855) is running...

3. Setting up users:

Users which are listed in file /etc/vsftpd/ftpusers are not allowed to access FTP server. Hence if you want to disable FTP access of any user, you need to put that username in this file. For security reasons, the root account is by default exist in this file i.e. not allowed to FTP.

# cat  /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown

For testing, create a new user on the system. Login to the server from a new terminal with this new user. Create some test files in its home directory.

Bonus tip: You can even edit the welcome banner message the user sees after logging into FTP server. Edit “ftpd_banner=Welcome to blah FTP service.” line under /etc/vsftpd/vsftpd.conf file.

4. Testing:

Now, access the FTP server from a windows machine using the command prompt. Once successfully logged in using the above-created test user, you will be able to see the file created in the above step and even you will be able to download it!

C:/> ftp 10.10.15.2
Connected to 10.10.15.2.
220 (vsFTPd 2.2.2)
User (10.10.15.2:(none)): testuser
Password:
230 Login successful.
ftp>
ftp>dir
200 PORT command successful. Consider using PASV.
-rw-rw-r--      1   501   502     42 Jan 18 12:08  file1
226 Directory send OK.
ftp: 63 bytes received in 0.00Seconds 63000.00Kbytes/sec.

You can run get, put FTP commands, and verify full functionality! You have successfully configured a secure FTP server on Linux!

Difference between LVM and LVM2: Linux interview question explained

Leave a reply

Post stating point-wise differences between LVM and LVM2 explained. This is one of the frequently asked questions for the Linux interview.

One of the frequently asked Linux interview questions is ‘what is the difference between LVM and LVM2?’ to which most of the candidate’s flanks. In this article, we will be discussing this question.

First of all, what is LVM? LVM is a logical volume manager. It is a widely used volume manager in Linux and Unix like VxVM (Veritas volume manager). As a sysadmin, you must be knowing all tasks which can be done in LVM but not a theoretical question like the difference between LVM and LVM2.

LVM and LVM2 are two different versions of LVM. Obviously, LVM2 being the latest. Their differences can be identified in terms of their functions, services offered, availability, etc. Let’s see one by one :

Availability :

LVM is available in most of the famous distributions like HPUX, Redhat, Suse, etc. LVM2 is available only kernel version 2.6.9 and above like RHEL4 and later. You can even build LVM modules as per your kernel (if its not available in your distributions). Setup information can be found here.

Compatibility :

LVM2 has backward compatibility with LVM. It has the same command modules and infrastructure like LVM with enhanced features. LVM being the previous version don’t have compatibility with LVM2 features.

Size limits :

Different size limits are increased in the new LVM2. The maximum file system/device size was capped to 2TB in LVM whereas its 16TB(32-bit CPU) & 8EB (64 bit CPU) in LVM2.

Max LV and PV were 255 in LVM. In LVM2 it has no limit (snippet from vgcreate manpage below).

 -l, --maxlogicalvolumes MaxLogicalVolumes
              Sets the maximum number of logical volumes allowed in this  vol-
              ume  group.  The setting can be changed with vgchange.  For vol-
              ume groups with metadata in lvm1 format, the limit  and  default
              value  is  255.   If  the metadata uses lvm2 format, the default
              value is 0 which removes this  restriction:  there  is  then  no
              limit.

 -p, --maxphysicalvolumes MaxPhysicalVolumes
              Sets  the  maximum number of physical volumes that can belong to
              this volume group.  The setting can be  changed  with  vgchange.
              For  volume  groups  with metadata in lvm1 format, the limit and
              default value is 255.  If the metadata  uses  lvm2  format,  the
              value  0  removes  this restriction: there is then no limit.

Extra features :

LVM2 is bundled with below extra features over LVM :

  1. Volume mirroring support
  2. Shared volume support with GFS
  3. Transnational metadata for fast recovery
  4. Cluster suite failover supported
  5. Striped volume expansion

This sums up the difference between LVM and LVM2 versions. Write to us in comments if you have corrections/suggestions.

Recover forgotten root password in RHEL with screenshots

1 Reply

Learn how to recover forgotten root password in Linux RHEL. Step by step procedure to reset the root password by booting system in single-user mode.

There are many times when we set the root password too complex and later on forgot it. Many people used to work on consoles with no timeout values. In such cases, when they logged out of the console or reboot system, they most of the times forgot the root password to log in.

So it becomes extremely important to have one more account with root privileges on the system. Normally in corporate environments, they do keep such 2-3 accounts so that forgetting root password shouldn’t stop operations. But like in test environments or labs sometimes these practice is not followed and it becomes necessary to know how to recover forgotten root password.

A root password can not be recovered once forgotten! It can only be reset to new value! Now the question is if you don’t know the root password how will you reset it when you won’t able to login in the first place. The answer is the single-user mode!

Yes, to reset root password (when you forgot it) you need to boot the server into single-user mode. Why single user mode? Simple single user mode boots and present your root prompt without any requirement to log in! Simple eh? So resetting forgotten root password follows simple steps :

  1. Edit boot kernel path with single-user mode parameter (GRUB)
  2. Boot kernel into single user mode
  3. Reset root password
  4. Get into normal multi-user run-level

Lets see all these steps below with screenshots :

1. Edit boot kernel path

Restart server with the power button and halt the boot process by pressing any key when you see press any key to interrupt boot message on the console.

If you have installed more than one OS on your system, you will see more than one entries in the above screen. Use arrow keys to select (highlight) your kernel. If your bootloader is protected with password then press “p” you will be asked for a password if not then just press enter. After entering the password or pressing enter, you will be presented with the next screen:

Here, press the “e” key to edit the selected entry. You will be presented with a kernel line selection screen like below.

Select the kernel line and press “e” again to edit that entry. Now on new screen append letter S or single at end of the line so instruct the kernel to boot into single-user mode.

2. Boot kernel into single user mode

After typing above entry, press ‘enter’ key to save and you will back to the previous screen. Select kernel and press “b” to boot this edited kernel. That’s it! your server is booting in a single-user mode which will give you access to the system without the need of login.

Observe that, you haven’t asked for a password, and you are presented with root prompt!

3. Reset root password

Do I have to write anything for it? You have a root prompt already! go change your root password like you normally do.

# passwd root

Changing password for user root.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

You can also check here that you are in single-user mode by checking run level with who command.

4. Get into multi user mode

You can do it by rebooting the system. But you need to go through all the above steps again and remove the single user mode entry you made previously. Or else the server will boot into again single-user mode.

Or you can simply type “init 3” to change your run-level from single to multi-user mode!

You have successfully reset the forgotten root password to a new one. Keep a new password in a safe place and don’t forget again! Since forgetting takes your almost 10-20 mins of downtime.

How to extend the file system online in LVM

Leave a reply

Learn how to extend the file system or logical volume in LVM under HPUX and Linux without any downtime. Grow your mount point capacity without impacting users.

“Extend file system” is of the common task every Linux Unix sysadmin face in his life. Insufficient capacity planning during deploying systems, un-foreseen grown data, improper data rotation techniques can lead to mount points reaching their capacity limits. A quick solution is to grow those mount point’s total size to get some breathing space till you finalize on final solution about data management.

Extending file system is actually extending related logical volume and then growing FS over it. There are few pre-requisite you should consider before attempting for file system extension.

Pre-requisite :

  1. You have free PE available in the respective Volume group. (check using vgdisplay)
  2. If not, you must have free disk/LUN which can be added to that VG
  3. In case of old HPUX versions, online JFS must be installed (check using swlist)

How to do it :

Let’s start with the case: We have /data (/dev/vg01/lvol01) mount point of 1024MB in vg01 volume group which needs to be extended by 500MB.

Now, as per the pre-requisite, we should have free PE available in vg01. You can verify it by checking the “free PE” field in vgdisplay output. If it’s a non-zero number then you have some PE available to use. You need to calculate how much free space exists in VG. For that check “PE size” in vgdisplay output, multiply it with the number of PEs, the resulting number is MBs you have free in VG. You can extend your file system by this many MB sizes.

Suppose, you don’t have free PE in vg01 then you need to add a new disk or LUN to system. Once detected, you need to add it vg01 using vgextend command. Once your vg01 is extended with new disk/LUN, you will see free PE in vgdisplay output.

For quick reference –

# vgextend <vg_name> <pv_name>

Now you verified and confirmed, you have 500MB free in VG. Proceed to extend the logical volume of /data mount point i.e. /dev/vg01/lvol01 using lvextend command.

# lvextend -L 1524 /dev/vg01/lvol1
Logical volume "/dev/vg01/lvol1" has been successfully extended.
Volume Group configuration for /dev/vg01 has been saved in /etc/lvmconf/vg01.conf

Existing 1024+500Mb hence 1524 in command.

Now your logical volume is extended to the desired size. Still, you won’t be able to see this space growth in mount point size. You need to extend the file system as well for that.

In HPUX, you can use fsadm command (size to be specified in KB) like below :

# fsadm -b 1560576 /data

In RHEL6 you can use resize2fs command like :

root@kerneltalks # resize2fs /dev/vg01/lvol01
resize2fs 1.43-WIP (20-Jun-2013)
Filesystem at /dev/vg01/lvol01 is mounted on /data; on-line resizing required
old_desc_blocks = 320, new_desc_blocks = 384
The filesystem on /dev/vg01/lvol01 is now 1610612736 blocks long.

Here, it will grow with maximum size of lvol hence size is not specified.

In RHEL7, for XFS filesystem :

# xfs_growfs /data -D size

where size is in system block (depends on your config). If you don’t specify size (-D) then it grows to the maximum available size of lvol. So in our case, we don’t need to specify size. Check all xfs commands here.

Final check :

You are done! Check mount point new size in bdf (HPUX) or df -h (Linux) output. Note that we haven’t stopped access to apps/users to the mount point in question. This means the entire operation was done online without any downtime or impacting users.