Red Hat Certified System Administrator

Plan
01- installation-and-registration
02- basic-commands-and-shell-scripts
03- user-and-group-management
04- task-automation
05- service-management
06- archiving-and-compression
07- nfs-autofs
08- storage-management
09- container-management
10- baseos-appstream-repositories
11- networking
12- root-password-reset
 01- installation-and-registration
👋 In this section, we will guide you through the necessary steps to install Red Hat Enterprise Linux and register your system.
1. Create an Account on Red Hat
To begin, you need to create an account on the official Red Hat website.
Go to redhat.com and Click on "Register" and follow the instructions to create your account.
2. Register on Red Hat Developers
Next, sign up as a developer on the Red Hat Developers site to access the Red Hat Enterprise Linux image.
Go to developers.redhat.com.
Create an account or log in if you already have one.
3. Download the Red Hat Enterprise Linux Image
Download the ISO image of Red Hat Enterprise Linux from the developers site.
Visit this link to download the image.
4. Register Your System
Once Red Hat Enterprise Linux is installed, you need to register your system to access updates and software.
Open a terminal and run the following command:
subscription-manager register
 02- basic-commands-and-shell-scripts

echo "text" > file: Overwrites file content with text.

pwd: Displays the current directory path.
echo "text" >> file: Appends text to the file.
cd directory: Changes to the specified directory.
command 2> file: Sends error output to a file.
cd ..: Moves to the parent directory.
vim / nano: Edits a file using Vim or Nano.
ls: Lists files and directories in the current directory.
rmdir: Removes an empty directory.
ls -l: Lists detailed information about files and directories.
rm: Deletes a file.
ls -a: Lists all files, including hidden ones.
rm -rf: Deletes a directory recursively and forcefully.
whoami: Shows the current user’s name.
man / help: Provides information about a command.
touch file: Creates a new file.
mkdir dir: Creates a new directory. ctrl + a: Moves cursor to the beginning of the line.

mkdir -p: Creates directories recursively, including parents. ctrl + e: Moves cursor to the end of the line.

cat: Displays file content. ctrl + c: Stops a command.

echo "text": Prints text. history: Displays command history.

 03- user-and-group-management
su user: Switch to the specified user. usermod -s /sbin/nologin username: Make a user inactive.
su - user: Switch to the user and also change to their home directory. usermod -L username: Lock the account.
sudo: Run a command as root. usermod -U username: Unlock the account.
useradd [option] username: Add a user.
echo “username ALL=(ALL) ALL” >> /etc/sudoers: Grant sudo rights.
passwd username: Set the user's password.
echo “username ALL=(ALL) NOPASSWD:ALL” >> /etc/sudoers: Sudo without
useradd -M username: Add a user without creating a home directory.
password.
chage [option] username: Manage password expiry policies.
groupadd [option] groupname: Add a group.
chage -d 0 username: Force password change on next login.
groupmod [option] groupname: Modify a group.
-m: Minimum days between password changes.
-M: Maximum days before password expires. groupadd -o -g 490 groupname: Use an already existing GID.

-E: Expiration date (yyyy-mm-dd). usermod -g groupname: Set primary group.

-W: Number of warning days before expiration. usermod -G groupname: Set secondary group.
usermod [option] username: Modify user. usermod -aG groupname: Add to a secondary group.
-u: Change UID. groups username: Show user's groups.
-g: Change primary group. userdel username: Delete a user.
-G: Change secondary group(s).
userdel -r username: Delete user and their home directory.
-aG: Add to another secondary group.
groupdel groupname: Delete a group.
-c: Add a comment.
chown [options] [newowner][:newgroup] filename: Change file ownership.
-s: Change the shell.
-R: Recursively apply to directory.
-d: Change the home directory.
chown newowner filename: Change file owner.
chown :newgroup filename: Change group owner.
 04- task-automation(1)

👋 In this section, we will explore how to automate tasks using the crontab command.
The crontab command allows you to schedule tasks to run automatically at regular intervals.
Main Commands
crontab -e: to edit the crontab of the currently logged-in user.
crontab -e -u username: to edit the crontab of a specific user.
cat /etc/crontab: to view the current configuration details.
 04- task-automation (2)

Time Intervals Notes on Intervals

@hourly: every hour. x,y: x and y.
@daily: every day. x-y: from x to y.
@weekly: every week. x-y/z: from x to y with a step of z.
@monthly: every month. *: every unit.
@annually: every year. */z: every z units.
@reboot: at every system reboot.
 05- service-management (1)

SSHD Service:

In simple terms, SSH allows a user to connect securely to another computer, as if they were
physically in front of it. It uses strong encryption to secure communication between the two
machines, protecting exchanged data including credentials and commands from interception.
Note: Well-known ports: numbered from 0 to 1023, they are associated with standard services
like HTTP (port 80) and SSH (port 22)...
 05- service-management (2)
Connect to another machine via SSH using a password:
yum install openssh-server → installs the SSH server (on the
server machine).
systemctl enable sshd
sudo systemctl start sshd → start and enable the SSH service
(on the server machine).
Note: On Red Hat, every service is protected by two default
security layers: the Firewall (Firewalld) and SELinux (Security-
Enhanced Linux).

- `firewall-cmd --add-port=22/tcp --permanent` - `firewall-cmd --

reload` - `firewall-cmd --list-ports` → open SSH port for incoming
connections (on the client machine). - `ssh
username@server_ip_address` → test SSH connection (on the
client machine; user must have a password), or - `vim /etc/hosts`
`client_ip hostname` → assign a hostname to each machine’s IP
address. - `ssh user_client@hostname`
 05- service-management (3)
Connect without a password (key-based authentication):

To allow passwordless login, generate and configure SSH keys on machine B and copy
them to the server. This allows the server to recognize and authorize connections
from machine B.
ssh-keygen -t rsa → generate SSH keys (on the client machine).
ssh-copy-id user@server_machine → copy the public key to the server; adds it
to the authorized_keys file in the user's .ssh directory.
ssh user@server_machine
Connect via a port other than 22:
On the server side:
vim /etc/ssh/sshd_config Port 2222 → change the port to 2222.
semanage port -a -t ssh_port_t -p tcp 2222 → register the new port in SELinux.
firewall-cmd --permanent --add-port=2222/tcp
firewall-cmd --reload → update firewall rules.
systemctl restart sshd → restart the SSH service. On the client side:
ssh user@server_address -p 2222 → connect using the new port.
 05- service-management (4)

HTTPD Service:

The web server stores all files needed to deliver website content, including static pages and dynamic
applications. Its role is to serve files and manage interactions between the user's browser and the
website's resources. An HTTP (GET) request is like sending a command to the server to fetch a
specific file (e.g. "index.html"), and the HTTP response is the server sending back the requested
content.
 05- service-management (5)

dnf install httpd

systemctl enable --now httpd → install and enable the service.
systemctl status httpd → check that the service is active.
echo "bnj" >> /var/www/html/index.html
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload → allow HTTP and HTTPS in the firewall.
Once the web server is running and index.html is in /var/www/html, accessing the server’s IP/domain in a browser will
show its content.
dnf install curl
curl http://server_ip/index.html (If it doesn't work, try chown apache:apache /var/www/html/index.html)
Change default port (80) to a new port:
vim /etc/httpd/conf/httpd.conf Listen <new_port>
semanage port -a -t http_port_t -p tcp <new_port> → register the new port in SELinux.
firewall-cmd --permanent --add-port=<new_port>/tcp
firewall-cmd --reload
systemctl restart httpd
curl localhost:<new_port>/index.html → test the new port.
 05- service-management (6)

Change default directory /var/www/html to /var1/web/html:

vim /etc/httpd/conf/httpd.conf DocumentRoot "/var1/web/html"

<Directory "/var1/web">
AllowOverride None
Require all granted
</Directory>
<Directory "/var1/web/html">
semanage fcontext -a -t httpd_sys_content_t "/var1/web/html(/.*)?"
restorecon -R -v /var1/web/html/
echo "hello2" >> /var1/web/html/test.html
systemctl restart httpd
curl localhost/test.html or curl http://host_ip/test.html (If it doesn't work, try chown -R apache:apache /var1
 05- service-management (7)

NTP Service:

An NTP server provides accurate time to client computers on a network. It maintains precise time by regularly
syncing with atomic or GPS time sources and responds to client requests with high accuracy.
 05- service-management (7)

NTP Service:

An NTP server provides accurate time to client computers on a network. It maintains precise time by regularly
syncing with atomic or GPS time sources and responds to client requests with high accuracy.
 05- service-management (8)

On the server (to allow client access): On the client (to access the time):
dnf install chrony dnf install chrony
systemctl enable chronyd systemctl enable chronyd
systemctl start chronyd → install and start the systemctl start chronyd
service. vim /etc/chrony.conf server server_ip iburst
vim /etc/chrony.conf allow client_ip systemctl restart chronyd
systemctl restart chronyd chronyc sources -c → check synchronization
firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload
 05- service-management (9)

To enable NTP:

timedatectl set-ntp true

timedatectl
Set a time zone:
timedatectl list-timezones
timedatectl set-timezone <zone>
timedatectl
 06- archiving-and-compression(1)

👋 In this section, we will explore how to archive and

compress directories in a Red Hat Linux environment.
 06- archiving-and-compression (2)

tar -cvf archivename.tar directory → gather files into a single large file called an archive.
(Step 1)

tar -tvf archivename.tar → list the contents of an archive.

Compress the resulting large file using gzip or bzip2: (Step 2)

gzip archivename.tar → compress an archive with gzip.

gzip -d archivename.tar.gz → decompress a gzip archive.

bzip2 archivename.tar → compress an archive with bzip2.

bzip2 -d archivename.tar.bz2 → decompress a bzip2 archive.

 06- archiving-and-compression (3)

You can also perform both steps at once (archiving + compression):

tar -cvzf directory.tar.gz directory → archive and compress a directory using

gzip.

tar -cvjf directory.tar.bz2 directory → archive and compress a directory using

bzip2.

ls -lh → check the file size.

 07- nfs-autofs
File server
A computer responsible for storage so that
other computers on the same network can
access the files, via Network share: NFS
(Network share protocol in Linux).
How to use the NFS service?
The server exports the directory, then the client
mounts the NFS filesystem.
Any service has layered protection:
firewall: controlled using firewalld-cmd
(default: rules are blocked),
SELinux: controlled using the semanage
command (Security-Enhanced Linux).
 Server-side (must be root: su -):

NFS :
dnf install nfs* → install the service
systemctl enable --now nfs-server → enable & start the service
systemctl status nfs-server → check the status of the service
Configuration:
mkdir /shared_directory → create the directory to share
echo “/shared_directory @ipclient(x ,y)” > /etc/exports → configure the shared directory
x: can be ro or rw
y: can be no_root_squash or async
no_root_squash: the client’s root user retains full privileges on the shared files
root_squash (default): the client’s root privileges are limited
rw: directory is readable & writable
ro: directory is read-only
sync (default): synchronous connection; the server waits for data to be written before replying
async: server can reply before writing is completed
systemctl restart nfs-server → restart after modifying /etc/exports
semanage boolean -l | grep nfs_export_all_ro → check if NFS is allowed to export in read-only mode
semanage boolean -l | grep nfs_export_all_rw → check if NFS is allowed to export in read-write mode
setsebool -P nfs_export_all_rw=1 → allow export in rw mode
setsebool -P nfs_export_all_ro=1 → allow export in ro mode
firewall-cmd --list-all → check enabled firewall services
firewall-cmd --add-service=nfs --permanent → allow NFS through firewall
firewall-cmd --reload → apply firewall changes
exportfs -avr → export the directory
Client-side (must be root: su -):

dnf install nfs-utils → install the service

mkdir /mount_point → directory where the NFS will be mounted
mount -t nfs -o rw @ipserver:/shared_directory /mount_point → mount the
shared directory
umount /shared_directory → unmount the shared directory
echo “@ipserver:/shared_directory /mnt/mount_point nfs _netdev 0 0” >>
/etc/fstab → mount it permanently
mount -a → apply /etc/fstab
df -h → verify mount
Autofs
What is Autofs?
On-demand NFS or automatic mount of a
shared directory.
Autofs allows on-demand mounting of
filesystems such as NFS when users access
specific directories. This helps optimize
resource usage by mounting only when
needed.
Server → exports
Client → automount (uses auto.master and
auto.misc)
Use Case:
To share a home directory from the server
so the user can use it when logging in on the
client.
Server-side:
dnf install nfs*
useradd -u 2001 -b /host john → create the user's base directory
echo “/host *(rw,no_root_squash)” >> /etc/exports → export the base directory
firewall-cmd --add-service=rpc-bind --permanent
firewall-cmd --add-service=mountd --permanent
firewall-cmd --add-service=nfs --permanent or simply:
firewall-cmd --add-service={rpc-bind,nfs,mountd} --permanent
firewall-cmd --reload
exportfs -arv
Client-side:
dnf install nfs-utils
dnf install autofs → install needed packages
useradd -M -u 2001 -d /host/john john → create user without home directory
echo “/host /etc/auto.misc” >> /etc/auto.master
echo “john -rw @ipserver:/host/john” >> /etc/auto.misc
systemctl restart nfs-server
systemctl restart autofs
 08- storage-management

👋 In this section, we will explore how to

manage disks, partitions, LVM, and
Stratis in a Red Hat Linux environment.
Theory:

Partitioning: creating one or more independent storage zones.

MBR Disk Structure: maximum 4 partitions: 4 primary or 3 primary + 1 extended (which can contain multiple logical).
Example:
SATA device:
/dev/sda: first SATA disk.
/dev/sdb: second SATA disk.
/dev/sda1: first partition of the first disk.
/dev/sda2: second partition of the first disk.
File System Types: the way Linux organizes and stores its files on a device: ext2, ext3, ext4, jfs, xfs...
Mounting: integrates a file system into the directory tree; once mounted, you can navigate its files like any other directory.
SWAP partition: a temporary space on disk used to move inactive data from RAM.
Commands:

lsblk → view disks and partitions

fdisk /dev/disk then n → create a partition
mkfs.filesystem_type /dev/partition → format the partition
mkdir /mount_point → create the mount point
blkid /dev/partition → get UUID
Add to /etc/fstab:
UUID=<uuid> /mount_dir xfs defaults 0 0
mount -a → mount all entries from /etc/fstab
umount /partition
fdisk /dev/disk then d, then w → delete the partition
SWAP Partition:
fdisk /dev/disk → create partition, then t, then type 82
mkswap /dev/partition
free -m → verify
Add to /etc/fstab:
UUID=<uuid> none swap defaults 0 0
swapon -a → activate
swapoff -a → deactivate
 Logical Volume Management (LVM)

To obtain a logical volume, we must:

Have a physical volume (PV) created from a
partition.
Create a volume group (VG) from physical volumes
(PVs).
Create a logical volume.
Why? (We need an 8G volume, but we only have
partitions smaller than 8G. Solution: use the LVM
concept.) Note: By default, when we create the VG,
a small percentage will be reserved for metadata
(one PE per partition (PV)).
Commands:
Note: by default, if we create the VG a small percentage will be reserved for metadata (one PE per partition (PV))
Creation of an LV by giving you an exact size:
pvcreate /dev/partition_name → to create a physical volume.
vgcreate vg_name /dev/partition_name1 /dev/partition_name2… → to create a volume group.
lvcreate -L sizeunity -n lv_name vg_name → to create the logical volume.
Mount the logical volume:
mkdir /mount_point → create the mount point
mkfs.xfs /dev/vg_name/lv_name → to assign a filesystem: format the LV.
echo “/dev/vg_name/lv_name /mount_point xfs defaults 0 0” >> /etc/fstab then mount -a → to mount the LV.
We can also extend the LV: we can have two cases — if the VG space is sufficient, and if the VG space is insufficient.
If VG space is sufficient:
vgs → to view VG details (free size)
lvextend -r -L + /dev/group_name/lv_name → to extend the LV.
lvs → to verify
if VG space is insufficient: (extend VG then LV)
vgs → to view VG details (free size)
pvs → check if there’s a PV, otherwise create one → pvcreate /dev/partition_name.
vgextend vg_name name_free_physical_volume → to extend the VG.
lvextend -r -L + /dev/group_name/lv_name → to extend the LV. (an LV already mounted with a filesystem — -r:
to also extend the filesystem)
lvs → to verify
Creation of an LV by giving number of PEs: extent and its PE size:
vgdisplay → to view the PE
vgcreate -s <size_extent>unity name_of_grp /dev/pv_name /dev/pv_name… → to create a volume group with a
PE size of size_extent.
lvcreate -l -n name_of_lv name_of_grp → to create an LV based on the number of PEs. size of PE × number of
PE = size of LV
lvs → to verify: the size must be *<size_extent>.
Note: to delete an LV, you must unmount it (umount lvname, comment line in /etc/fstab and mount -a)
lvremove /dev/grp_name/lv_name Note: to delete a VG, vgremove grp_name
9-Container Management
 Rsyslog Container
Install required packages: dnf install podman container-tools
Create user: useradd user1, then passwd user1
Allow user processes to persist after logout: loginctl enable-linger user1
Create and set permissions on local directory: mkdir /local_path, then chown user1:user1 /local_path
SSH into the user: ssh user1@localhost
Connect to registry and pull image:
podman login registry.redhat.io
podman search rsyslog
podman pull image_url
Or for exams:
wget <dockerfile_path>
podman build -t imageName .
podman images
Run and map container:
podman run -d --name container_name -v /local_path:/container_path:Z image_id
Example: podman run -d --name rsyslog -v /local_path:/var/log:Z image_id
Display containers: podman ps
Run container as a user service (systemd):
mkdir -p /home/user1/.config/systemd/user
cd /home/user1/.config/systemd/user
podman generate systemd --name container_name --files --new
Edit the generated service file to use restart=always
Reload and enable service:
systemctl --user daemon-reload
systemctl --user enable --now service_name
After reboot: systemctl --user status service_name
Check logs as root: journalctl | grep container-rsyslog.service
 Apache Container
Launch an httpd container from the image: `registry.access.redhat.com/ubi9/httpd-24`
Requirements:
Run as rootless user webadmin
Accessible on host port 8081 (container port = 8080)
Container name: web
Map /home/webadmin/html to /var/www/html in the container
Steps:
useradd webadmin
passwd webadmin
loginctl enable-linger webadmin
mkdir /home/webadmin/html
echo 'hi' > /home/webadmin/html/index.html
chown webadmin:webadmin /home/webadmin/html /home/webadmin/html/index.html
ssh webadmin@localhost
podman pull registry.access.redhat.com/ubi9/httpd-24
podman run -d --name web -p 8081:8080 -v /home/webadmin/html:/var/www/html:Z image_id
mkdir -p ~/.config/systemd/user
cd ~/.config/systemd/user
podman generate systemd --name web --files --new
systemctl --user daemon-reload
systemctl --user enable --now container-web.service
curl localhost:8081
podman exec -it web /bin/bash
bash-5.1$ curl localhost:8080
Check container status and logs:
systemctl --user status container-web.service
podman exec -it web bash
curl localhost:8080
journalctl | grep container-web.service
 PDF Converter Container
This container runs a Python script `pdf_converter.py` to convert text files to PDFs using Podman.
Steps:
dnf install podman container-tools
useradd pod
passwd pod
mkdir -p /data/input /data/output
chown -R pod:pod /data/*
chmod -R 777 /data
chmod -R 777 /data/input /data/output
echo "file" > /data/input/file.txt
chown pod:pod /data/input/file.txt
loginctl enable-linger pod
ssh pod@localhost
wget https://raw.githubusercontent.com/sachinyadav3496/Text-To-PDF/master/pdf_converter.py
wget https://raw.githubusercontent.com/sachinyadav3496/Text-To-PDF/master/Dockerfile
podman build -t pdf .
podman run -d --name pdfconverter -v /data/input:/data/input:Z -v /data/output:/data/output:Z image_id
mkdir -p ~/.config/systemd/user
cd ~/.config/systemd/user
podman generate systemd --name pdfconverter --files --new
systemctl --user daemon-reload
systemctl --user enable --now container-pdfconverter.service
podman exec -it pdfconverter bash
ls /data/output
exit
reboot
journalctl | grep container-pdfconverter.service
 10-BaseOS & AppStream Repositories
👋 In this section, I will show you how to configure 'YUM repositories'.
Edit the repository files:

vim /etc/yum.repos.d/BaseOs.repo
[BaseOs]
name=BaseOs
baseurl=…/BaseOs
enabled=1
gpgcheck=1 (if a key URL is provided) otherwise gpgcheck=0
gpgkey=… (if a key URL is provided)

vim /etc/yum.repos.d/AppStream.repo
[AppStream]
name=AppStream
baseurl=…/AppStream
enabled=1
gpgcheck=1 (if a key URL is provided) otherwise gpgcheck=0
gpgkey=… (if a key URL is provided)

If you have created the files manually and are facing issues:
rm -rf /etc/yum.repos.d/*
 11-Networking
nmtui (Text UI for NetworkManager)

👋 In this section, we will explore how to modify some network parameters.

Change hostname: hostnamectl hostname name.example.com
Use GUI with nmtui to set the system hostname
Edit network settings with nmtui > Edit a connection > Set IPs, Gateway, DNS manually
Don't forget to deactivate and reactivate the interface afterward
nmtui
-> edit a connection -> manual settings -> apply
-> deactivate -> activate
Target (Runlevel)
systemctl isolate multi-user.target: switch to multi-user mode
systemctl isolate graphical.target: switch to graphical mode
loadkeys fr: change keyboard layout to AZERTY
Persist default target after reboot:
systemctl set-default graphical.target
systemctl set-default multi-user.target
Check current default: systemctl get-default
 Tuned (Performance Profiles)

Install tuned: dnf install tuned

See recommended profile: tuned-adm recommend
View active profile: tuned-adm active
List available profiles: tuned-adm list
Change profile: tuned-adm profile <profile>
Restart tuned service: systemctl restart tuned
Verify active profile: tuned-adm active
 12-Root Password Reset

Steps:

Add init=/bin/sh at the end of the kernel line (after the word quiet) to open a shell prompt,
cntrl+x.
Remount the filesystem in read-write mode: mount -o remount rw /
Change the root password: passwd root
Enter the new password when prompted and confirm it.
Create the SELinux relabeling file: touch /.autorelabel
Reboot the system: /usr/sbin/reboot -f