Configuring Local Storage and File System in Linux System Administration

Slide Note
Embed
Share

This module focuses on LUKS-Encrypted File Systems in Linux, detailing their design, benefits, and how to mount, unmount, and remove them securely. LUKS provides a secure standard for hard disk encryption, supporting multiple keys/passphrases and enabling effective passphrase revocation. Learn how to manage LUKS-encrypted file systems seamlessly using various methods.

yahya
yahya Follow

Uploaded on Jul 18, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Linux System Administration and Configuration Module Name: Configuring Local Storage and File System

  2. LUKS-Encrypted File Systems LUKS-Encrypted file systems LUKS is the standard for Linux hard disk encryption. It provides a standard on-disk-format. It facilitates compatibility among distributions. It provides secure management of multiple user passwords. It stores all setup necessary setup information in the partition header, enabling the user to transport or migrate his data seamlessly. 2

  3. LUKS-Encrypted File Systems Design LUKS was designed according to TKS1, a template design developed in TKS1 for secure key setup. LUKS closely reassembles the structure recommended in the TKS1 paper, but also adds meta data for cipher setup management and LUKS also supports for multiple keys/passphrases. 3

  4. LUKS-Encrypted File Systems Why LUKS? Compatibility via standardization. Secure against low entropy attacks Support for multiple keys. Effective passphrase revocation. Free. 4

  5. LUKS-Encrypted File Systems Mount, unmount, and use LUKS-encrypted file systems To mount a LUKS-encrypted file system by its mounting point in the /etc/fstab file (here /vol), type: To mount a LUKS-encrypted file system by its LUKS name (here vol), type: To unmount a LUKS-encrypted file system by its mounting point in the /etc/fstab file (here /vol), type: 5

  6. LUKS-Encrypted File Systems To unmount a LUKS-encrypted file system by its LUKS name (here vol), type: To remove a LUKS-encrypted file system, follow these steps. Unmount the LUKS file system (here /vol): Close the LUKS logical volume 6

  7. LUKS-Encrypted File Systems Remove the logical volume: Remove the file where the passphrase is stored (here /root/luks.key): Edit the /etc/crypttab and /etc/fstab files and remove the entries associated with the LUKS logical volume (here vol). 7

  8. Access Control List Access Control List Files and directories have permission sets for the owner of the file, the group associated with the file, and all other users for the system. However, these permission sets have limitations. For example, different permissions cannot be configured for different users. Thus, Access Control Lists (ACLs) were implemented. 8

  9. Access Control List The Red Hat Enterprise Linux kernel provides ACL support for the ext3 file system and NFS- exported file systems. ACLs are also recognized on ext3 file systems accessed via Samba. Along with support in the kernel, the acl package is required to implement ACLs. It contains the utilities used to add, modify, remove, and retrieve ACL information. The cp and mv commands copy or move any ACLs associated with files and directories. 9

  10. LUKS-Encrypted File Systems Mounting File Systems Before using ACLs for a file or directory, the partition for the file or directory must be mounted with ACL support. If it is a local ext3 file system, it can mounted with the following command: For example: 10

  11. Access Control List Alternatively, if the partition is listed in the /etc/fstab file, the entry for the partition can include the acl option: If an ext3 file system is accessed via Samba and ACLs have been enabled for it, the ACLs are recognized because Samba has been compiled with the with-acl-support option. No special flags are required when accessing or mounting a Samba share. 11

  12. Access Control List NFS By default, if the file system being exported by an NFS server supports ACLs and the NFS client can read ACLs, ACLs are utilized by the client system. To disable ACLs on NFS shares when configuring the server, include theno_acl option in the /etc/exports file. To disable ACLs on an NFS share when mounting it on a client, mount it with the no_acl option via the command line or the /etc/fstab. 12

  13. Access Control List Setting Access ACLs There are two types of ACLs: access ACLs and default ACLs. An access ACL is the access control list for a specific file or directory. A default ACL can only be associated with a directory; if a file within the directory does not have an access ACL, it uses the rules of the default ACL for the directory. Default ACLs are optional. 13

  14. Access Control List ACLs can be configured: 1. Per user 2. Per group 3. Via the effective rights mask 4. For users not in the user group for the file The setfacl utility sets ACLs for files and directories. Use the -m option to add or modify the ACL of a file or directory: 14

  15. Access Control List Rules must be specified in the following formats. Multiple rules can be specified in the same command if they are separated by commas. u:uid:perms Sets the access ACL for a user. The user name or UID may be specified. The user may be any valid user on the system. g:gid:perms Sets the access ACL for a group. The group name or GID may be specified. The group may be any valid group on the system. 15

  16. Access Control List m:perms Sets the effective rights mask. The mask is the union of all permissions of the owning group and all of the user and group entries. o:perms Sets the access ACL for users other than the ones in the group for the file. 16

  17. Access Control List Permissions (perms) must be a combination of the characters r, w and x for read, write, and execute. If a file or directory already has an ACL, and the setfacl command is used, the additional rules are added to the existing ACL or the existing rule is modified. 17

  18. Access Control List Example: Give read and write permissions For example, to give read and write permissions to user andrius: To remove all the permissions for a user, group, or others, use the -x option and do not specify any permissions: 18

  19. Access Control List Example: Remove all permissions For example, to remove all permissions from the user with UID 500: 19

  20. Access Control List Setting Default ACLs To set a default ACL, add d: before the rule and specify a directory instead of a file name. Example. Setting default ACLs To set the default ACL for the /share/ directory to read and execute for users not in the user group (an access ACL for an individual file can override it): 20

  21. Access Control List Retrieving ACLs To determine the existing ACLs for a file or directory, use the getfacl command. In the example below, the getfacl is used to determine the existing ACLs for a file. Example . Retrieving ACLs 21

  22. Access Control List The above command returns the following output: 22

  23. Access Control List If a directory with a default ACL is specified, the default ACL is also displayed as illustrated below. For example, getfact home/sales/ will display similar output: 23

  24. Access Control List Archiving File Systems With ACLs By default, the dump command now preserves ACLs during a backup operation. When archiving a file or file system with tar, use the acls option to preserve ACLs. Similarly, when using cp to copy files with ACLs, include the --preserve=mode option to ensure that ACLs are copied across too. In addition, the -a option of cp also preserves ACLs during a backup along with other information such as timestamps, SELinux contexts, and the like. For more information about dump, tar, or cp, refer to their respective man pages. 24

  25. Access Control List The star utility is similar to the tar utility in that it can be used to generate archives of files; however, some of its options are different. Command Line Options for star for a listing of more commonly used options. For all available options, refer to manstar. The star package is required to use this utility. 25

  26. Access Control List Option Description -c Creates an archive file. -n Do not extract the files; use in conjunction with -x to show what extracting the files does. Replaces files in the archive. The files are written to the end of the archive file, replacing any files with the same path and file name. -r -t Displays the contents of the archive file. Updates the archive file. The files are written to the end of the archive if they do not exist in the archive, or if the files are newer than the files of the same name in the archive. This option only works if the archive is a file or an unblocked tape that may backspace. -u 26

  27. Access Control List Option Description Extracts the files from the archive. If used with -U and a file in the archive is older than the corresponding file on the file system, the file is not extracted. -x -help Displays the most important options. -xhelp Displays the least important options. Do not strip leading slashes from file names when extracting the files from an archive. By default, they are stripped when files are extracted. When creating or extracting, archives or restores any ACLs associated with the files and directories. -/ -acl 27

  28. Access Control List Compatibility with Older Systems If an ACL has been set on any file on a given file system, that file system has the ext_attr attribute. This attribute can be seen using the following command: 28

  29. Access Control List A file system that has acquired the ext_attr attribute can be mounted with older kernels, but those kernels do not enforce any ACLs which have been set. Versions of the e2fsck utility included in version 1.22 and higher of the e2fsprogs package (including the versions in Red Hat Enterprise Linux 2.1 and 4) can check a file system with The ext_attr attribute. Older versions refuse to check it. 29

  30. Access Control List Self Assessment Question 13. ACL stands for ______________. a) ACCESS control list b) ACCESS check list c) Audit control list d) Audit check list Answer: ACCESS control list 30

  31. Access Control List Self Assessment Question 14. Which one of the given command would be used to view a description of the tar utility including the options available for use? a) more tar b) grep tar c) man tar d) help tar Answer: man tar 31

  32. Access Control List Self Assessment Question 15. _________ type of file system is used for accessing remote systems. a) Ext2 b) Hpfs c) Swap d) nfs Answer: nfs 32

  33. Access Control List Self Assessment Question 16. _________ directory contains the devices. a) /dev b) /etc c) /bin d) /log Answer: /dev 33

  34. Access Control List Self Assessment Question 17. _________ is a graphical tool for modifying partitions. a) parted b) fdsik c) gparted d) graphpart Answer: gparted 34

  35. Access Control List Self Assessment Question 18. _________ is the latest file system supported by RHEL v7. a) jfs b) ext4 c) ext2 d) ntfs Answer: jfs 35

  36. Access Control List Self Assessment Question 18. _________ the system after modifying the partition. a) Reboot b) Logout c) Init 2 d) Both (a) & (b) Answer: Reboot 36

  37. Access Control List Self Assessment Question 19. _________ is used to mark active partition. a) * b) # c) $ d) Both (a) & (b) Answer: * 37

  38. Access Control List Self Assessment Question 20. _________ is Logical Volume Manager. a) lvm b) LoVgr c) LMV d) Both (a) & (b) Answer: LMV 38

  39. Access Control List Self Assessment Question 21. _________ file contains the information of mounted file system. a) /etc/fstab b) /etc/fs c) /etc/blog d) /etc/sys Answer: /etc/fstab 39

  40. Access Control List Self Assessment Question 22. Which one of the given command is used for mounting? a) mnt b) mount c) mot d) lnt Answer: mount 40

  41. Access Control List Self Assessment Question 23. _________ command is used for unmounting. a) mnt b) umount c) mot d) lnt Answer: umount 41

  42. Access Control List Self Assessment Question 24. _________ command is used for listing the mounted file system. a) nnt -l b) mount -l c) lot -o d) lntr Answer: mount -l 42

  43. Access Control List Self Assessment Question 25. _________ command is used for formatting with efs file system. a) mke2fs b) mofs c) lotfs d) lfs Answer: mke2fs 43

  44. Configuring Local Storage and File System Assignment General Instructions: Please answer the below set of questions. These set of questions are meant for testing unit 3. The answers should be clear, legible and well presented. Illustrate your answers with suitable examples wherever necessary. Please quote sources (if any) of data, images, facts etc. 1. 2. 3. 4. 5. 6. 7. Define Partition and different types of Partitions. List any five parted commands along with their description. What is LVM? Mention the three basic concepts of LVM. Describe the procedures for creating, mounting and unmounting ext2, ext3 and ext4 filesystems. What is LUKS and why is it used? How to mount and de-encrypt a LUKS encrypted partition to recover files? Explain the basic concept of ACL. 44

  45. Configuring Local Storage and File System Summary The RHEL supports MBR and does not supports MBR. 1 The partition information can be displayed using fdisk l /dev/HDD_number . 2 The mke2fs command is used for formatting with ext file system. After modifying the partition table we have to reboot the system to read new partition table. 3 4 The latest file system supported by RHEL is jfs . 5 The /etc/fstab file contains the partition to be mounted during booting. 6 The mount command supports rich variety of file system. 7 The unmount command is used for unmounting the file system. 8 All the memory devices are valuable under /dev directory. The gpart tool can be used for modifying the partition and supports graphics. 9 45

  46. Configuring Local Storage and File System Document Links Topics URL Notes An introduction to Disk Partitions Creating Partitions in RHEL7 https://access.redhat.com/documentation/en- us/red_hat_enterprise_linux/5/html/installation_ guide/ch-partitions-x86 This link gives an introduction to Disk Partitions https://codingbee.net/tutorials/rhcsa/rhcsa- creating-partitions This link explains creation of partitions. This link will help create and remove physical volume, assign physical volume to volume groups, create and delete logical volume This link helps differentiate between ext2, ext3, ext4 https://www.certdepot.net/sys-manage-physical- volumes-volume-groups-and-logical-volumes/ LVM ext2 vs ext3 vs ext4 https://www.thegeekstuff.com/2011/05/ext2-ext3- ext4/?utm_source=feedburner https://access.redhat.com/documentation/en- us/red_hat_enterprise_linux/5/html/deployment _guide/sect-using_the_mount_command- mounting Mounting a file system This link explains creation, mounting and unmounting of the filesystems 46

  47. Configuring Local Storage and File System (Continued) Document Links Topics URL Notes This link explains details about Logical Volume Manager LUKS https://guardianproject.info/code/luks/ Mount, encrypted filesystems unmount -LUKS https://www.certdepot.net/sys-mount- unmount-luks-encrypted-file-systems/ In this link, you will learn about mounting and unmounting LUKS encryption https://access.redhat.com/documentatio n/en- us/red_hat_enterprise_linux/7/html/syst em_administrators_guide/ch- access_control_lists This link explains about Access Control List and its application ACL 47

  48. Configuring Local Storage and File System Video Links Topics URL Notes Creating & formatting partitions Using fdisk https://www.youtube.com/watch?v=5 kVAzxTwy5Q This video explains about partition creation & formatting. https://www.youtube.com/watch?v=A8 ITr5ZpzvA This video explains about the mounting and unmounting Linux Filesystem. Mount, unmount This video explains about the file system management. Linux File system Management https://www.youtube.com/watch?v=Pb kgiO0YLxc 48

  49. Configuring Local Storage and File System E - Book Links Topics URL Storage Administration Guide RHEL 6 https://access.redhat.com/documentation/en- us/red_hat_enterprise_linux/6/html/storage_administration_guide/index Storage Administration Guide RHEL 7 https://access.redhat.com/documentation/en- us/red_hat_enterprise_linux/7/html/storage_administration_guide/index https://books.google.co.in/books?id=T2ZUmSJSm2IC&pg=PT56&lpg=PT56&dq=sam% 27s+red+Hat+linux+administration+guide&source=bl&ots=NKtsfD3Eji&sig=qblR4nabt zKmc1qmaYqwq3OwuUk&hl=en&sa=X&ved=0ahUKEwiQv_q20cPbAhVTXisKHd- XA7kQ6AEIWDAI#v=onepage&q=sam's%20red%20Hat%20linux%20administration%2 0guide&f=false Red Hat Enterprise Linux Administration 49

  50. 50

Related


Introduction to Linux System Administration

Introduction to Linux System Administration

herbert
Understanding Linux Services and Internals

Understanding Linux Services and Internals

savanna
Linux Course Overview and Content for Digital Library Training

Linux Course Overview and Content for Digital Library Training

cassian
Tutorial: Installing Hadoop 3.3 on Windows 10 and Setting Up Linux Subsystem

Tutorial: Installing Hadoop 3.3 on Windows 10 and Setting Up Linux Subsystem

tassilo
Understanding Tape Storage: LTO and LTFS Overview

Understanding Tape Storage: LTO and LTFS Overview

felicia
Introduction to Linux Shell Scripting

Introduction to Linux Shell Scripting

mariyah
Understanding TCP/IP Networking Tools in Linux Administration

Understanding TCP/IP Networking Tools in Linux Administration

abraxas
Various Structures for Seed Storage and Improved Rural Storage Methods

Various Structures for Seed Storage and Improved Rural Storage Methods

theodora
Introduction to Linux Command Line

Introduction to Linux Command Line

rogue
Stack Based Attacks in Linux (an intro)

Stack Based Attacks in Linux (an intro)

adley
Understanding UNIX and Linux Operating Systems

Understanding UNIX and Linux Operating Systems

eluned
HPE Nimble Storage Solutions: Starter Kits Promotion

HPE Nimble Storage Solutions: Starter Kits Promotion

avarose
IGU Gas Storage Committee 2022-23 Meeting Highlights

IGU Gas Storage Committee 2022-23 Meeting Highlights

soul
Introduction to Linux Shell for CSE 374 Course

Introduction to Linux Shell for CSE 374 Course

bronwyn
Implementation of File System in Operating Systems

Implementation of File System in Operating Systems

raina
Understanding Distributed File Systems

Understanding Distributed File Systems

henley
Understanding Filesystems: A Comprehensive Overview

Understanding Filesystems: A Comprehensive Overview

enid
Understanding File System Interface in Operating Systems

Understanding File System Interface in Operating Systems

arnav
Overview of Mass Storage Systems in Computer Engineering

Overview of Mass Storage Systems in Computer Engineering

conner
Advancing Innovation and Technologies in Gas Storage Operations

Advancing Innovation and Technologies in Gas Storage Operations

xerxes
New Storage Requirements for Lithium Batteries in International Fire Code

New Storage Requirements for Lithium Batteries in International Fire Code

reid
International Workshop on Offshore CO2 Storage: Goals, Expectations, Logistics

International Workshop on Offshore CO2 Storage: Goals, Expectations, Logistics

tova
Understanding Linux User Capabilities and Namespace Management

Understanding Linux User Capabilities and Namespace Management

esa
Fall 2014 Pre-Administration Webinar for Georgia High School Graduation Test

Fall 2014 Pre-Administration Webinar for Georgia High School Graduation Test

judas

More Related Content

Understanding Domain Name Service (DNS) in Linux Network Administration
Understanding Domain Name Service (DNS) in Linux Network Administration
Understanding File System Performance and Optimization Techniques
Understanding File System Performance and Optimization Techniques
Introduction to Bash Shell Programming
Introduction to Bash Shell Programming
Review of Energy Storage Systems for Sustainable Decision-Making
Review of Energy Storage Systems for Sustainable Decision-Making
Efficient Rekeying for Encrypted Deduplication Storage
Efficient Rekeying for Encrypted Deduplication Storage
Local Government Advisory Committee and Local Leadership Workgroup Collaboration
Local Government Advisory Committee and Local Leadership Workgroup Collaboration
Building Linux Boot Files with Templates for Multiple SoC Projects
Building Linux Boot Files with Templates for Multiple SoC Projects
Understanding Magnetic Disks and Disk Controllers in Computer Memory Hierarchy
Understanding Magnetic Disks and Disk Controllers in Computer Memory Hierarchy
Advancements in Arduino Core API with Zephyr and Linux for IoT Systems
Advancements in Arduino Core API with Zephyr and Linux for IoT Systems
Understanding Dump and Restore for Backups on OpenBSD and Ubuntu Linux
Understanding Dump and Restore for Backups on OpenBSD and Ubuntu Linux
Introduction to Archiving and Backup Tools in Linux
Introduction to Archiving and Backup Tools in Linux
Data Storage, Backup, and Security Essentials
Data Storage, Backup, and Security Essentials
Understanding Linux Process Scheduling and Priorities
Understanding Linux Process Scheduling and Priorities
Understanding CP and MV Commands in Unix/Linux
Understanding CP and MV Commands in Unix/Linux
Step-by-Step Guide to Installing VMD Software and Using Linux Commands
Step-by-Step Guide to Installing VMD Software and Using Linux Commands
Electrical Energy Storage Systems
Electrical Energy Storage Systems
Understanding Sequential Logic Circuits in Digital Systems
Understanding Sequential Logic Circuits in Digital Systems
Design Considerations for Storage Tanks
Design Considerations for Storage Tanks
Understanding Market Trends for Storage Virtualization
Understanding Market Trends for Storage Virtualization
Instalasi Linux Debian
Instalasi Linux Debian
Understanding AARCH64 Linux Kernel Memory Management
Understanding AARCH64 Linux Kernel Memory Management
Understanding File Concepts in Operating Systems
Understanding File Concepts in Operating Systems
Understanding VSAM: A Comprehensive Overview for Assembler Programmers
Understanding VSAM: A Comprehensive Overview for Assembler Programmers
Understanding File Extraction Methods: Tech Skills 201 Overview
Understanding File Extraction Methods: Tech Skills 201 Overview