Run Levels in Linux

A run level is a state of init and the whole system that defines what system services are operating. Run levels are identified by numbers. Some system administrators use run levels to define which subsystems are working, e.g., whether X is running, whether the network is operational, and so on.

◉ Whenever a LINUX system boots, firstly the init process is started which is actually responsible for running other start scripts which mainly involves initialization of you hardware, bringing up the network, starting the graphical interface.

◉ Now, the init first finds the default runlevel of the system so that it could run the start scripts corresponding to the default run level.

◉ A runlevel can simply be thought of as the state your system enters like if a system is in a single-user mode it will have a runlevel 1 while if the system is in a multi-user mode it will have a runlevel 5.

◉ A runlevel in other words can be defined as a preset single digit integer for defining the operating state of your LINUX or UNIX-based operating system. Each runlevel designates a different system configuration and allows access to different combination of processes.

The important thing to note here is that there are differences in the runlevels according to the operating system. The standard LINUX kernel supports these seven different runlevels :

◉ 0 – System halt i.e the system can be safely powered off with no activity.3

◉ 1 – Single user mode.

◉ 2 – Multiple user mode with no NFS(network file system).

◉ 3 – Multiple user mode under the command line interface and not under the graphical user interface.

◉ 4 – User-definable.

◉ 5 – Multiple user mode under GUI (graphical user interface) and this is the standard runlevel for most of the LINUX based systems.

◉ 6 – Reboot which is used to restart the system.

By default most of the LINUX based system boots to runlevel 3 or runlevel 5.

In addition to the standard runlevels, users can modify the preset runlevels or even create new ones according to the requirement. Runlevels 2 and 4 are used for user defined runlevels and runlevel 0 and 6 are used for halting and rebooting the system.

Obviously the start scripts for each run level will be different performing different tasks. These start scripts corresponding to each run level can be found in special files present under rc sub directories.

At /etc/rc.d directory there will be either a set of files named rc.0, rc.1, rc.2, rc.3, rc.4, rc.5 and rc.6, or a set of directories named rc0.d, rc1.d, rc2.d, rc3.d, rc4.d, rc5.d and rc6.d.
For example, run level 1 will have its start script either in file /etc/rc.d/rc.1 or any files in the directory /etc/rc.d/rc1.d.

Changing runlevel

init is the program responsible for altering the run level which can be called using telinit command.

For example, to change a runlevel from 3 to runlevel 5 which will actually allow the GUI to be started in multi-user mode the telinit command can be used as :

/*using telinit to change
runlevel from 3 to 5*/

telinit 5

NOTE : The changing of runlevels is a task for the super user and not the normal user that’s why it is necessary to be logged in as super user for the successful execution of the above telinit command or you can use sudo command as :

// using sudo to execute telinit
sudo telinit 5

The default runlevel for a system is specified in /etc/initab file which will have an entry id : 5 : initdefault if the default runlevel is set to 5 or will have an entry id : 3 : initdefault if the default runlevel is set to 3.

Need for changing the runlevel

◉ There can be a situation when you may find trouble in logging in in case you don’t remember the password or because of the corrupted /etc/passwd file (have all the user names and passwords), in this case the problem can be solved by booting into a single user mode i.e runlevel 1.

◉ You can easily halt the system by changing the runlevel to 0 by using telinit 0.

Continue reading

Run commands as root with sudo

Introduction

Linux follows the very tough permission model. A root user can do anything but normal user has no permissions. To run any command, they need to ask for permissions from the superuser. The easy and common way to grant administrative privileges to non-root users is, a user can use su command and temporarily become the root but users must know the root’s password. In corporate world this is very dangerous because all the privileges of root are granted to any user, who can do anything. For

Example –

[userA@rhel7 ~]$ su -
Password:

It’s asking for the password of superuser.

To overcome above mentioned risk, sudo command comes in trend. It allows a user to run a command as a root or as any other user after providing the user’s own password for authentication. These information are defined in the /etc/sudoers file. Before describing “sudo” command I want to talk a bit about visudo

What is visudo

visudo is a command to edit configuration file for sudo command located at /etc/sudoers.You should not edit this file directly with normal editor, always use visudo for safety and security. Eiditing /etc/sudoers file requires superuser’s privileges.

visudo command cannot allow to edit /etc/sudoers file simultaneously by just locking the file and if someone tries to access the same it will get a message to try later.

[root@rhel7 ~]# visudo
visudo: /etc/sudoers busy, try again later

It also checks the syntax of edits and provide basic sanity checks which are very helpful. If it identifies any error, then visudo won’t allow to save the file with edits.

Set rules in sudoers file

A common question arises in everyone’s mind, how we define the rules in sudoers file? So, before editing it’s better to understand the existing configuration which defines which users can run what software on which machines. Syntax of pre-defined rule is given below –

root    ALL=(ALL:ALL) ALL

This allows root to run any command anywhere.Meaning of this line is –

username    hosts=(users:groups)    commands

ALL means, the user can run all commands on all hosts, as all users and groups. So, root has all the privileges to run any command as any user or group.

Let considered an example and provide ALL power to userA as root.

userA   ALL=(ALL:ALL)   ALL

If you wish to use command without password then use PASSWD parameter –

userA    ALL(ALL:ALL)    NOPASSWD:ALL

In below example userA only start, stop and restart the “httpd” service

userA   ALL=(root)      /usr/bin/systemctl, /usr/sbin/httpd start stop restart

User can check wether the command is working or not. Then follow the below procedure to check

[root@rhel7 ~]# su - userA
Last login: Thu Sep 13 15:01:18 EDT 2018 on pts/0
[userA@rhel7 ~]$ sudo -u root systemctl stop httpd
[sudo] password for userA:
[userA@rhel7 ~]$

Note – We can also use vim with visudo.

export VISUAL=vim; visudo

Using nano with visudo

export VISUAL=nano; visudo

Assign privileges to a group

You can asign similar privileges to multiple users just by making a group them. There is one predefined group is in sudoers file. Members of this group can use sudo to run any commands as any user, including superuser. We can add users to this group. It is normally configured like –

%wheel  ALL=(ALL)       ALL

Use command to add user in wheel group –

usermod -aG wheel username

Continue reading