Linux Storage
		Next

Linux Storage

Paul Cobbaut

2015-05-24

Table of Contents

I. file security

1. standard file permissions

file ownership

user owner and group owner
listing user accounts
chgrp
chown

list of special files

permissions

rwx
three sets of rwx
permission examples
setting permissions (chmod)
setting octal permissions
umask
mkdir -m
cp -p

practice: standard file permissions

solution: standard file permissions

2. advanced file permissions

sticky bit on directory
setgid bit on directory
setgid and setuid on regular files
setuid on sudo
practice: sticky, setuid and setgid bits
solution: sticky, setuid and setgid bits

3. access control lists

acl in /etc/fstab
getfacl
setfacl
remove an acl entry
remove the complete acl
the acl mask
eiciel

4. file links

inodes

inode contents
inode table
inode number
inode and file contents

about directories

a directory is a table
. and ..

hard links

creating hard links
finding hard links

II. disk management

5. disk devices

terminology

platter, head, track, cylinder, sector
ide or scsi
ata
scsi
block device
solid state drive

device naming

ata (ide) device naming
scsi device naming

discovering disk devices

fdisk
dmesg
/sbin/lshw
/sbin/lsscsi
/proc/scsi/scsi

erasing a hard disk

advanced hard disk settings

practice: hard disk devices

solution: hard disk devices

6. disk partitions

about partitions

primary, extended and logical
partition naming

discovering partitions

fdisk -l
/proc/partitions
parted and others

partitioning new disks

recognising the disk
opening the disk with fdisk
empty partition table
create a new partition
display the new partition

about the partition table

master boot record
partprobe
logical drives

GUID partition table

labeling with parted

partitioning with parted

practice: partitions

solution: partitions

7. file systems

about file systems

man fs
/proc/filesystems
/etc/filesystems

common file systems

ext2 and ext3
creating ext2 and ext3
ext4
xfs
vfat
iso 9660
udf
swap
gfs
and more...
/proc/filesystems

putting a file system on a partition

tuning a file system

checking a file system

practice: file systems

solution: file systems

8. mounting

mounting local file systems

mkdir
mount
/etc/filesystems
/proc/filesystems
umount

displaying mounted file systems

mount
/proc/mounts
/etc/mtab
df
df -h
du

from start to finish

permanent mounts

/etc/fstab
mount /mountpoint

securing mounts

ro
noexec
nosuid
noacl

mounting remote file systems

smb/cifs
nfs
nfs specific mount options

practice: mounting file systems

solution: mounting file systems

9. troubleshooting tools

lsof
fuser
chroot
iostat
iotop
vmstat
practice: troubleshooting tools
solution: troubleshooting tools

10. introduction to uuid's

about unique objects
tune2fs
uuid
uuid in /etc/fstab
uuid as a boot device
practice: uuid and filesystems
solution: uuid and filesystems

11. introduction to raid

hardware or software

raid levels

raid 0
jbod
raid 1
raid 2, 3 and 4 ?
raid 5
raid 6
raid 0+1
raid 1+0
raid 50
many others

building a software raid5 array

do we have three disks?
fd partition type
verify all three partitions
create the raid5
/proc/mdstat
mdadm --detail
removing a software raid
further reading

practice: raid

solution: raid

12. logical volume management

introduction to lvm

problems with standard partitions
solution with lvm

lvm terminology

physical volume (pv)
volume group (vg)
logical volume (lv)

example: using lvm

example: extend a logical volume

example: resize a physical Volume

example: mirror a logical volume

example: snapshot a logical volume

verifying existing physical volumes

lvmdiskscan
pvs
pvscan
pvdisplay

verifying existing volume groups

vgs
vgscan
vgdisplay

verifying existing logical volumes

lvs
lvscan
lvdisplay

manage physical volumes

pvcreate
pvremove
pvresize
pvchange
pvmove

manage volume groups

vgcreate
vgextend
vgremove
vgreduce
vgchange
vgmerge

manage logical volumes

lvcreate
lvremove
lvextend
lvrename

practice : lvm

solution : lvm

13. iSCSI devices

iSCSI terminology
iSCSI Target in RHEL/CentOS
iSCSI Initiator in RHEL/CentOS
iSCSI target on Debian
iSCSI target setup with dd files
ISCSI initiator on ubuntu
using iSCSI devices
iSCSI Target RHEL7/CentOS7
iSCSI Initiator RHEL7/CentOS7
practice: iSCSI devices
solution: iSCSI devices

14. introduction to multipathing

install multipath
configure multipath
network
start multipathd and iscsi
multipath list
using the device
practice: multipathing
solution: multipathing

III. backup management

15. backup

About tape devices

SCSI tapes
IDE tapes
mt

About dd
Create a CDROM image
Create a floppy image
Copy the master boot record
Copy files
Image disks or partitions
Create files of a certain size
CDROM server example

split

practice: backup

IV. mysql database

16. introduction to sql using mysql

installing mysql

accessing mysql

Linux users
mysql client application
~/.my.cnf
the mysql command line client

mysql databases

listing all databases
creating a database
using a database
access to a database
deleting a database
backup and restore a database

mysql tables

listing tables
creating a table
describing a table
removing a table

mysql records

creating records
viewing all records
updating records
viewing selected records
primary key in where clause ?
ordering records
grouping records
deleting records

joining two tables

inner join
left join

mysql triggers

using a before trigger
removing a trigger

V. Introduction to Samba

17. introduction to samba

verify installed version

.rpm based distributions
.deb based distributions

installing samba

.rpm based distributions
.deb based distributions

documentation

samba howto
samba by example

starting and stopping samba

samba daemons

nmbd
smbd
winbindd

the SMB protocol

brief history
broadcasting protocol
NetBIOS names
network bandwidth

practice: introduction to samba

18. getting started with samba

/etc/samba/smb.conf

smbd -b
the default smb.conf
minimal smb.conf
net view
long lines in smb.conf
curious smb.conf
man smb.conf

/usr/bin/testparm

syntax check smb.conf
testparm -v
testparm -s

/usr/bin/smbclient

smbclient looking at Samba
smbclient anonymous
smbclient with credentials

/usr/bin/smbtree

server string

Samba Web Administration Tool (SWAT)

practice: getting started with samba

solution: getting started with samba

19. a read only file server

Setting up a directory to share

configure the share

smb.conf [global] section
smb.conf [share] section

restart the server

verify the share

verify with smbclient
verify on windows

a note on netcat

practice: read only file server

solution: read only file server

20. a writable file server

set up a directory to share
share section in smb.conf
configure the share
test connection with windows
test writing with windows
How is this possible ?
practice: writable file server
solution: writable file server

21. samba first user account

creating a samba user
ownership of files
/usr/bin/smbpasswd
/etc/samba/smbpasswd
passdb backend
forcing this user
practice: first samba user account
solution: first samba user account

22. samba authentication

creating the users on Linux

creating the users on samba

security = user

configuring the share

testing access with net use

testing access with smbclient

verify ownership

common problems

NT_STATUS_BAD_NETWORK_NAME
NT_STATUS_LOGON_FAILURE
usernames are (not) case sensitive

practice : samba authentication

solution: samba authentication

23. samba securing shares

security based on user name

valid users
invalid users
read list
write list

security based on ip-address

hosts allow
hosts deny

security through obscurity

hide unreadable
browsable

file system security

create mask
force create mode
security mask
force security mode
inherit permissions

practice: securing shares

solution: securing shares

24. samba domain member

changes in smb.conf

workgroup
security mode
Linux uid's
winbind use default domain
[global] section in smb.conf
realm in /etc/krb5.conf
[share] section in smb.conf

joining an Active Directory domain

winbind

adding winbind to nsswitch.conf
starting samba and winbindd

wbinfo

verify the trust
list all users
list all groups
query a user

getent

file ownership

practice : samba domain member

25. samba domain controller

about Domain Controllers

Windows NT4
Windows 200x
Samba 3
Samba 4

About security modes

security = share
security = user
security = domain
security = ads
security = server

About password backends

[global] section in smb.conf

security
os level
passdb backend
preferred master
domain logons
domain master
[global] section

netlogon share

other [share] sections

Users and Groups

tdbsam

about computer accounts

local or roaming profiles

Groups in NTFS acls

logon scripts

practice: samba domain controller

26. a brief look at samba 4

Samba 4 alpha 6

VI. Appendix

A. License

Index

List of Tables

1.1. Unix special files
1.2. standard Unix file permissions
1.3. Unix file permissions position
1.4. Octal permissions
5.1. ide device naming
5.2. scsi device naming
6.1. primary, extended and logical partitions
6.2. Partition naming
13.1. iSCSI Target and Initiator practice
13.2. iSCSI Target and Initiator practice