Category: Linux

How to shrink an LVM Logical Volume

Since shrinking is not supported on these file systems, you cannot reduce the size of a logical volume that houses a GFS2 or XFS file system.

The lvreduce command typically warns about potential data loss and requests confirmation. In some circumstances, such as when the logical volume is inactive, or the —resizefs option is not used, you may not see these confirmation prompts, so you shouldn’t rely on them to prevent data loss. It should be noted that the —test option of the lvreduce command does not examine the file system or test the filesystem; thus, using it does not show whether the operation is safe.

Use the following command to find the name of the logical volume that you want to shrink.

# lvs

The disk must be unmounted to do a lvreduce. Hence this must be done while the disk is idle. To ensure data integrity, perform a filesystem check after that.

# umount /dev/vg0/lv_data
# e2fsck -f /dev/vg0/lv_data

CentOS 5 only: Resize the existing filesystem to 80Gb (ie: 100Gb – 20Gb = 80Gb).

# resize2fs /dev/vg0/lv_data 80G

Centos 6, 7 only: Resize the logical volume.

# lvreduce -r -L 80G /dev/vg0/lv_data

On CentOS 5, use lvreduce as follows.

# lvreduce -L 80G /dev/vg0/lv_data

Mount the LV logical volume as follows.

# mount /dev/vg0/lv_data

There is currently 20G of free space in the volume group. The 20G free space can then be used to build a new logical volume using lvcreate.

How to change log files permissions in bind?

The umask settings are passed down from the parent process to the BIND process. This means that the permissions for all files made by BIND can be restricted.

You need to change the systemd unit file so that “others” can’t read, write, or run any files made by BIND.

Create a directory for drop-ins in /etc/systemd/system/named.service.d:

[root@centos7 ~]# mkdir /etc/systemd/system/named.service.d/

Set the UMask option to 007 in the /etc/systemd/system/named.service.d/umask.conf configuration file. Create a new file if it does not exist. This will make sure that other people can’t read log files, journal files, and other files. The configuration file should have the following.

[Service]
UMask=0007

Instruct systemd to reload information about services.

[root@centos7 ~]# systemctl daemon-reload

Verify that the drop-in was discovered.

[root@centos7 ~]# systemctl status named
named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
Drop-In: /etc/systemd/system/named.service.d
└─umask.conf
...

This will ensure that other users can’t read log files, journal files, and other files.

[root@centos7 ~]# ls -l /var/named/data/
total 4
-rw-rw----. 1 named named 2039 sep 9 10:34 named.run

For CentOS 5 and 6, add the following line to /etc/sysconfig/named to make sure “others” can’t read, write, or run any files made by BIND:

umask 0007

This will make sure that log files, but also any journal files and other are not readable by others.

[root@centos6 ~]# ls -l /var/named/data/
total 4
-rw-rw----. 1 named named 2039 sep 9 10:34 named.run