How to change host name in CentOS / REHL

In CentOS /RHEL 7, we have 3 host names:

1. Static host name a.k.a. kernel host name, is initialized from /etc/hostname file at boot time so to change it you can simply enter the new name in this file. 

2. Transient host name, is a temporary host name assigned by a DHCP server or such a program. 

Note: static and transient host names follow the same rules as Internet domain FQDNs so for example you can not use space character in these host names. 

3. Pretty host name, is a free-style form name that you can put on the computer such as "Behnam's Server"

hostnamectl is a new command in CentOS 7 which allows you to view or change the host name. To change all 3 kind of host names at the same time, enter:

# hostnamectl set-hostname www.pournader.com

Another way to change the host name is using nmcli or nmtui:

#nmtui

And you will face such an interactive and easy-to-use text user interface:

Note: You do not have to reboot the machine to activate permanent host name change. Just log out and log in again to see the new host name in the prompt. 

If you want to change just one type of the host name simply specify the type of host name as below:

# hostnamectl --static set-hostname www.pournader.com

To clear a particular host name and let it revert to its default:

# hostnamectl --transient set-hostname ""

If you run version 6 or 5 of CentOS / RHEL, steps are totally different. You should do the following:

a. Use hostname command to change the host name:

# hostname www.pournader.com

b. Open /etc/sysconfig/network and edit HOSTNAME value to what you want to put on the host. 

c. Open /etc/hosts and add the appropriate line. Actually this step is not necessary. Also you can do in CentOS / RHEL 7 if you want. 

d. restart network service:

# service network restart

Note: Do not assume by doing the above-mentioned steps your machine becomes available in Windows network. If you want your machine advertise its name on the Windows network, you have to install and configure Samba package and set netbios name directive in Samba configuration file. Consult this post to configure Samba on CentOS / RHEL 7. 

The easier solution might be adding your host name and its IP to the DNS server.

Notes about Administrator Users in CentOS/RHEL 7

1. To prevent users from logging in directly as root, including yourself!, you can set the root's shell in /etc/passwd file to /sbin/nologin. 

2. To limit access of users to run su command is adding administrators to an admin group entitled "wheel":

# usermod -G wheel behnam

Then we need to only allow these admin users to run su. So edit the PAM config file for su which is located at /etc/pam.d/su. You should open /etc/pam.d/su file and uncomment the following line by removing the hash mark:

  auth           required        pam_wheel.so use_uid

3. Only the users listed in /etc/sudoers file can to use the sudo command. 

Note: Each successful authentication by sudo will be logged to /var/log/messages and the command issued by the user will be logged logged to /var/log/secure logfile. 

The main advantage of the sudo is that different users can access to only specific commands based on their permissions. You can edit /etc/sudoers by using visudo command to do this. 

For example to give a user full privileges, enter visudo and add the following line in the user privilege section:

  behnam ALL=(ALL) ALL

It means now behnam can use sudo command from any host and can execute any command. 

Or by adding the following line to sudoers file in /etc

  %users localhost=/sbin/systemctl shutdown -r now

Any user can run /sbin/systemctl shutdown -r now as long as it is entered through the console.

In CentOS, sudo stores the sudoer's password for just 5 minutes. If you use it during this period. it will not prompt for a password. This setting can be changed by adding the following line to the sudoers file in /etc:

  Defaults    timestamp_timeout=value

Setting the value to 0 causes sudo to require a password every time. 

Very important: If a user account with sudoer's privilege is compromised, the attacker/cracker can use sudo to open a new shell with full rights by typing the following command: 

# sudo /bin/bash

Opening such a shell as root in such cases gives the attacker/cracker administrative access for ever! 

Sharing a folder for different users to work on files on a CentOS/RHEL Linux machine

Task: We have a group of people who need to work on files in a shared directory. We need to set permissions for the shared folder and avoiding file permissions conflict. 

# mkdir /opt/bp-project
# groupadd bp-project
# chgrp bp-project /opt/bp-project
# chmod 2775 /opt/bp-project

Now all members of the bp-project group can create and edit files in /opt/bp-project/. Now the root or other admin users should not go ahead and change file permissions every time the users create new files. 

As you see, the group permission in changed from rwx to rws by using 2775 permission on our file. "s" is a special permission flag indicates the setgid. It also can represent setuid if it shows in the file permission section.  

setuid is usable just for executable files, when we set such a permission on an executable file it runs as the user who owns the file (instead of the user who invoked the executable file).

Note: You can put setuid flag on not executable files but it will be showed as S. The capital S informs you that this setting is probably wrong because the setuid bit is useless if the file is not executable.

Octal digit 4 represents setuid and 2 is for setgid so in the above screenshot, abc.txt file has 4744 and the bp-project directory has 2775. 

Note: If you set setuid for a directory it will be ignored by Linux. 

For more information about setuid consult Wikipedia entry.