TIP 1:
cpio works like tar, only better.
STEP 1 (Create two directories with data ../dir1 an ../dir2)
mkdir -p ../dir1
mkdir -p ../dir2
cp /etc/*.conf ../dir1/.
cp /etc/*.cnf ../dir2/.
Which will backup all your cnf and conf files.
STEP 2 (Piping the files to tar)
cpio works like tar but can take input
from the "find" command.
$ find ../dir1/ | cpio -o --format=tar > test.tar
or
$ find ../dir1/ | cpio -o -H tar > test2.tar
Same command without the ">"
$ find ../dir1/ | cpio -o --format=tar -F test.tar
or
$ find ../dir1/ | cpio -o -H tar -F test2.tar
Using append
$ find ../dir1/ | cpio -o --format=tar -F test.tar
or
$ find ../dir2/ | cpio -o --format=tar --append -F test.tar
STEP 3 (List contents of the tar file)
$ cpio -it < test.tar
or
$ cpio -it -F test.tar
STEP 4 (Extract the contents)
$ cpio -i -F test.tar
TIP 2:
Working with tar. The basics with encryption.
STEP 1 (Using the tar command on the directory /stuff)
Suppose you have a directory /stuff
To tar everything in stuff to create a ".tar" file.
$ tar -cvf stuff.tar stuff
Which will create "stuff.tar".
STEP 2 (Using the tar command to create a ".tar.gz" of /stuff)
$ tar -czf stuff.tar.gz stuff
STEP 3 (List the files in the archive)
$ tar -tzf stuff.tar.gz
or
$ tar -tf stuff.tar
STEP 4 (A way to list specific files)
Note, pipe the results to a file and edit
$ tar -tzf stuff.tar.gz > mout
Then, edit mout to only include the files you want
$ tar -T mout -xzf stuff.tar.gz
The above command will only get the files in mout.
Of couse, if you want them all
$ tar -xzf stuff.tar.gz
STEP 5 (ENCRYPTION)
$ tar -zcvf - stuff|openssl des3 -salt -k secretpassword |
dd of=stuff.des3
This will create stuff.des3...don't forget the password you
put in place of secretpassword. This can be done
interactively as
well.
$ dd if=stuff.des3 |openssl des3 -d -k secretpassword|tar
zxf -
NOTE: above there is a "-" at the end... this will
extract everything.
TIP 3:
Creating a Virtual File System and Mounting it with a Loopback
Device.
STEP 1 (Construct a 10MB file)
$ dd if=/dev/zero of=/tmp/disk-image count=20480
By default dd uses block of 512 so the size will be 20480*512
STEP 2 (Make an ext2 or ext3 file system) -- ext2 shown here.
$ mke2fs -q
or if you want ext3
$ mkfs -t ext3 -q /tmp/disk-image
yes, you can even use reiser, but you'll need to create a bigger
disk image. Something like "dd if=/dev/zero
of=/tmp/disk-image count=50480".
$ mkfs -t reiserfs -q /tmp/disk-image
Hit yes for confirmation. It only asks this because it's a file
STEP 3 (Create a directory "virtual-fs" and mount. This has to be
done as root)
$ mkdir /virtual-fs
$ mount -o loop=/dev/loop0 /tmp/disk-image /virtual-fs
SPECIAL NOTE: if you mount a second device you will have to
increase the
loop count: loop=/dev/loop1, loop=/dev/loop2,
... loop=/dev/loopn
Now it operates just like a disk. This virtual filesystem
can be mounted
when the system boots by adding the following to the
"/etc/fstab" file. Then,
to mount, just type "mount /virtual-fs".
/tmp/disk-image /virtual-fs ext2
rw,loop=/dev/loop0 0 0
STEP 4 (When done, umount it)
$ umount /virtual-fs
SPECIAL NOTE: If you are using Fedora core 2, in the /etc/fstab
you can take
advantage of acl properties for this mount. Note the acl
next to the
rw entry. This is shown here with ext3.
/tmp/disk-image /virtual-fs ext3
rw,acl,loop=/dev/loop1 0 0
Also, if you are using Fedora core 2 and above, you can
mount the file
on a cryptoloop.
$ dd if=/dev/urandom of=disk-aes count=20480
$ modprobe loop
$ modprobe cryptoloop
$ modprobe aes
$ losetup -e aes /dev/loop0 disk-aes
$ mkfs -t ext2 /dev/loop0
$ mount -o loop,encryption=aes disk-aes <mount point>
If you do not have Fedora core 2, then, you can build
the kernel from source
with some of the following options (not complete, yet)
reference:
http://cvs.sourceforge.net/viewcvs.py/cpearls/cpearls/src/posted_on_sf/acl/ehd.pdf?rev=1.1&view=log
Cryptographic API Support (CONFIG_CRYPTO)
generic loop cryptographic (CONFIG_CRYPTOLOOP)
Cryptographic ciphers (CONFIG_CIPHERS)
Enable one or more ciphers (CONFIG CIPHER .*)
such as AES.
HELPFUL INFORMATION: It is possible to bind mount partitions, or
associate the
mounted partition to a directory name.
# mount --bind /virtual-fs /home/mchirico/vfs
Also, if you want to see what filesystems are currently
mounted, "cat" the
file "/etc/mtab"
$ cat /etc/mtab
Also see TIP 91.
TIP 4:
Setting up 2 IP address on "One" NIC. This example is on ethernet.
STEP 1 (The settings for the initial IP address)
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.99.255
IPADDR=192.168.1.155
NETMASK=255.255.252.0
NETWORK=192.168.1.0
ONBOOT=yes
STEP 2 (2nd IP address: )
$ cat /etc/sysconfig/network-scripts/ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
BROADCAST=192.168.99.255
IPADDR=192.168.1.182
NETMASK=255.255.252.0
NETWORK=192.168.1.0
ONBOOT=yes
SUMMARY Note, in STEP 1 the filename is "ifcfg-eth0", whereas in
STEP 2 it's "ifcfg-eth0:1" and also not the matching
entries for "DEVICE=...". Also, obviously, the
"IPADDR" is different as well.
TIP 5:
Sharing Directories Among Several Users.
Several people are working on a project in "/home/share"
and they need to create documents and programs so that
others in the group can edit and execute these documents
as needed. Also see (TIP 186) for adding existing users
to groups.
$ /usr/sbin/groupadd share
$ chown -R root.share /home/share
$ /usr/bin/gpasswd -a <username> share
$ chmod 2775 /home/share
$ ls -ld /home/share
drwxrwsr-x 2 root share 4096 Nov 8 16:19
/home/share
^---------- Note the s bit, which was set with the
chmod 2775
$ cat /etc/group
...
share:x:502:chirico,donkey,zoe
... ^------- users are added to this group.
The user may need to login again to get access. Or, if the user
is currently
logged in, they can run the following command:
$ su - <username>
Note, the above step is recommended over "newgrp - share" since
currently
newgrp in FC2,FC3, and FC4 gets access to the group but the umask
is not
correctly formed.
As root you can test their account.
$ su - <username> "You need to '-' to pickup thier
environment '$ su - chirico' "
Note: SUID, SGID, Sticky bit. Only the left most octet is
examined, and "chmod 755" is used
as an example of the full command. But, anything else could
be used as well. Normally
you'd want executable permissions.
Octal digit Binary value Meaning
Example usage
0 000 all cleared
$ chmod 0755 or chmod 755
1 001 sticky
$ chmod 1755
2 010 setgid
$ chmod 2755
3 011 setgid, sticky
$ chmod 3755
4 100 setuid
$ chmod 4755
5 101 setuid, sticky
$ chmod 5755
6 110 setuid, setgid
$ chmod 6755
7 111 setuid, setgid, sticky
$ chmod 7755
A few examples applied to a directory below. In the first example
all users in the group can
add files to directory "dirA" and they can delete their own
files. Users cannot delete other
user's files.
Sticky bit:
$ chmod 1770 dirA
Below files created within the directory have the group ID of the
directory, rather than that
of the default group setting for the user who created the file.
Set group ID bit:
$ chmod 2755 dirB
Regards.
B.Sadhiq
