Pages

Saturday, June 16, 2012

Download packages using yum without Installation


How to download packages using yum without applying them?

We can download packages or updates using yum downloadonly plugin without actually installing them to the system. Below steps can be followed for that.
Install yum-downloadonly package.
# yum install yum-downloadonly
Create a directory to download packages to.
# mkdir /tmp/downloadonly
# Run yum in the downloadonly mode.
# yum --downloadonly --downloaddir=/tmp/downloadonly packagename
The above command wouldn't install package, but would just download the it to /tmp/downloadonly directory. This is the best method to download packages using yum. Command "yumdownloader" provided through "yum-utils" can also be used to download specific single packages.

Thanks,
Kuldeep Sharma

Prevent automatic volume group activatation at boot time


How to prevent automatic volume group activatation at boot time?

Platform :

  • Red Hat Enterprise Linux
  • lvm
  • Resolution
    In /etc/lvm/lvm.conf file add
    volume_list = [ "vg1" ]  
    
    Which means only vg1 out of may vg's is activated at the time of booting. Other vg's will remain deactivated.
    Root Cause
    -- snip from /etc/lvm/lvm.conf --
    # If volume_list is defined, each LV is only activated if there is a
    # match against the list.
    # "vgname" and "vgname/lvname" are matched exactly.
    # "@tag" matches any tag set in the LV or VG.
    # "@*" matches if any tag defined on the host is also set in the LV or VG
    #
    # volume_list = [ "vg1", "vg2/lvol1", "@tag1", "@*" ]

    Thanks,
    Kuldeep Sharma

    Which access modes/flags a file was opened by an application


    How to find out with which access modes/flags a file was opened by an application?


    Issue :

    We want to find out that with which access modes/flags a file was opened by as application?

    Platform :

    Red Hat Enterprise Linux(RHEL) All versions and its Supportive like Fedora, Centos etc.

    Resolution:

    The command lsof +f g can be used to see the access modes/flags of all open handles. The command lsof +f g  can be used to see the access modes/flags of handles opened by a specific process id.
    An example output:
    COMMAND    PID      USER   FD      TYPE         FILE-FLAG             DEVICE SIZE/OFF       NODE NAME
    [...]
    init         1      root    0u      CHR             RW,LG                1,3      0t0       3649 /dev/null
    init         1      root    1u      CHR             RW,LG                1,3      0t0       3649 /dev/null
    init         1      root    2u      CHR             RW,LG                1,3      0t0       3649 /dev/null
    init         1      root    3r     FIFO                ND                0,8      0t0       6911 pipe
    init         1      root    4w     FIFO              W,ND                0,8      0t0       6911 pipe
    [...]
    rsyslogd  1082      root    1w      REG   W,AP,LG,0x80000              252,3      360      11046 /var/log/messages
    rsyslogd  1082      root    2w      REG   W,AP,LG,0x80000              252,3     2041      11018 /var/log/cron
    rsyslogd  1082      root    3r      REG        LG,0x80000                0,3        0 4026532037 /proc/kmsg
    rsyslogd  1082      root    4w      REG   W,AP,LG,0x80000              252,3      199      11066 /var/log/secure
    [...]
    auditd    1414      root    5w      REG      W,AP,NFLK,LG              252,3    76199      10526 /var/log/audit/audit.log
    auditd    1414      root    6u     unix                RW 0xffff88003b728080      0t0       9906 socket
    auditd    1414      root    8u      REG                RW                0,9        0       3647 anon_inode
    [...]
    
    The file flag abbreviations in column FILE-FLAG are explained in the manpage of lsof, accessable via man lsof. An excerpt:
                           AIO       asynchronous I/O (e.g., FAIO)
                           AP        append
                           ASYN      asynchronous I/O (e.g., FASYNC)
                           [...]
                           CR        create
                           [...]
                           EX        open for exec
                           EXCL      exclusive open
                           FSYN      synchronous writes
                           [...]
                           NB        non-blocking I/O
                           NBDR                             NBF       n-buffering in effect
                           NC        no cache
                           [...]

    Root Cause
    Files can be opened by applications with several access modes (i.e. O_WRONLY, or O_RDWR) and flags (i.e. O_CREAT, O_EXCL or O_NOCTTY).


    Completely disable a RHEL user account


    How to completely disable a RHEL user account?

    Issue
    We would like to know the correct way to disable all remote access to an account. Clearly, "passwd -l" (and by the same token, "usermod -L") is insufficient because that will not impact authentication by SSH public key (or other PAM modules other than pam_unix that may be enabled).
    Additionally, changing the shell to /bin/false or /sbin/nologin is unsatisfactory since this only affects interactive logins.
    Environment
    • Red Hat Enterprise Linux (RHEL) 3, 4, 5, 6
    Resolution
    Expiring the account via the chage utility (e.g. "chage -E 1 " will disable all access methods that use pam authentication.
    Root Cause
    Changing the shell (eg to /bin/false) is not recommended because this will only prevent interactive shell sessions for the user; since (eg) ssh port-forwarding does not require a shell (when invoked with -N option), changing the shell will not prevent users from getting authenticated and starting port forwarding.
    Likewise, simply using the old "passwd -l" or "usermod -L" methods of locking accounts only blocks authentication that uses the password stored in the local passwd file. Since other authentication methods are becoming more and more popular (most notably, ssh public key authentication), this method is clearly unacceptable.
    Making the account expired vua "chage -E" will block all access methods that use PAM authentication.

    !Hope this will Help
    Kuldeep Sharma