Linux Introduction: 1.1. Open Source and Free Software

Linux Administration – Introducttion Page 1 of 167
1. Linux Introduction
Linux is a modern, flexible, and mature operating system. Although it started life on the Intel platform, it has since
been ported to many other platforms such as Amiga, DEC Alpha, Apple Power PC, Sun workstations, and others.
Linux boasts many other features:
Multitasking - Linux is a true preemptive multitasking operating system. All processes run independently of
each other and leave processor management to the kernel.
Networking - Linux supports a multitude of networking protocols.
Interoperability - Linux can interoperate with Windows 9x/NT/NT 2000, Novell, Mac, and most other versions
of UNIX.
Multi-user - Linux can handle multiple users simultaneously logged on to one machine.
Advanced memory management Traditional UNIX systems used swapping to manage memory, where the entire
memory structure of a program was written to disk when the system began running low on memory. Linux uses
paging, a method that intelligently allocates memory, when system memory is running low, by prioritizing memory
tasks. Linux currently supports up to 64GB of RAM.
POSIX support POSIX defines a minimum interface for UNIX-type operating systems. Linux currently supports
POSIX 1003.1. This ensures that POSIX-compliant UNIX programs will port easily to Linux.
Multiple file systems Linux must be installed on Extended 2 Linux-formatted partitions, but if certain other OS file
systems already exist on the same host, Linux will support several of these file system formats as well, including
DOS/Windows, OS/2, and Novell. This is just another interoperability feature provided by Linux.
1.1. Open Source and Free Software

All Linux distributions are based on the same idea: Take the Linux kernel and surround it with freely available
software to create a usable operating system. Red Hat Linux 7.0 used Linux kernel 2.2, while version 9 uses
kernel 2.4. Red Hat Software continuously evolves their distribution by using the most current, stable kernel as
well as the latest available software for each of its distributions.
1.1.1. History
Although Linux came into being in 1991, it can trace its lineage back much further. In 1969, a Bell Labs
programmer named Ken Thompson invented the UNIX operating system. Around the same time, another
programmer, Dennis Ritchie, was working on a new computer language called C. By 1974, the two had rewritten
UNIX in the C language, and ported it to several different machines. It is this combination of UNIX and C that
Linux owes much of its heritage to.
UNIX and C are at the heart of Linux and the Open Source movement. While languages such as Purl, Python,
Java, and others make the headlines today, far more lines of open source code have been written than any other
single language.
Though many of these programs have been ported to other operating systems, such as Windows NT, UNIX and
UNIX-like operating systems have benefited from Open Source software the most.
Linux
In 1991, a student at Helsinki University in Finland posted this message to the Usenet group comp.os.minix:
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)
Newsgroups: comp.os.minix
Subject: Gcc-1.40 and a posix-question
Message-ID: <1991Jul3.100050.9886@klaava.Helsinki.FI>
Date: 3 Jul 91 10:00:50 GMT
Hello netlanders,
Due to a project I'm working on (in minix), I'm interested in the posix
standard definition. Could somebody please point me to a (preferably)
machine-readable format of the latest posix rules? Ftp-sites would be
nice.
It was followed up a few months later with this post:
www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

info@wilshiresfot.com Ph: 2761-2214 / 6677-2214 / 6452-6173 Ver: 1
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)

Newsgroups: comp.os.minix
Subject: What would you like to see most in minix?
Summary: small poll for my new operating system
Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI>
Date: 25 Aug 91 20:57:08 GMT
Organization: University of Helsinki
The student, of course, was Linus Torvalds. Linus had just purchased a (then) state-of-the-art 386 PC, and
wanted, among other things, to learn how it worked. The MS-DOS operating system was too limiting, and
immediately discounted. At the time, he had been using another UNIX-like operating system called Minix, a
microkernel-based teaching operating system. Minix had many limitations, however, so Linus set about writing a
new operating system that did not suffer the limitations of MS-DOS and Minix.
Linus was by no means the first person to come up with the idea of a free UNIX-like operating system. Several
years earlier The Free Software Foundation, headed by Richard M. Stallman, announced a kernel called The
HURD. Unfortunately, efforts on this new kernel faltered, and it wasn't until 1996 that a stable version of The
HURD was available. William and Lynne Jolitz in 1991 were also busy porting Berkeley UNIX, BSD, to the Intel
platform.
But Linux was quickly propelled to the front of the pack by the large army of programmers from all across the
world, who all pitched in their expertise for the Linux kernel. Instead of the project becoming chaotic and
unmanageable, Linux actually benefited from the large number of coders and testers, and nearly instant feedback
every time a new kernel was released, which was often? At times, several versions of Linux were released in a
single day. A few years after development had begun on Linux, it was a full-featured, stable operating system.
Today, the Linux kernel is developed the same as it was in the beginning. Programmers across the globe
collaborate on discussion groups and e-mail lists to work on the Linux kernel. Most are not paid for their efforts,
doing it instead from a sense of community that binds Linux developers.
1.2. GPL and Open Source Licenses

The terms “Free” and “Open Source” software are commonly used to mean the same thing. While the differences
are subtle, they are very important.
Free Software
Free software is the term typically used to refer to software that has been released under the GNU Public
License, or GPL. The GPL (also called Copyleft) was designed with the philosophy that all software should be
free. Not free as in zero prices, but free as in open. As the Free Software Foundation's Richard Stallman puts it in
his essay “The GNU Operating System and the Free Software Movement.”
The term "Free software" is sometimes misunderstood-it has nothing to do with price. It is about freedom. To clear
up some of the confusion, the following is the definition of Free software. A program is Free software for users if:
You have the freedom to run the program, for any purpose.
You have the freedom to modify the program to suit your needs. (To make this freedom effective in
practice, you must have access to the source code, since making changes in a program without having
the source code is exceedingly difficult.)
You have the freedom to redistribute copies, either gratis or for a fee.
You have the freedom to distribute modified versions of the program, so the community can benefit from your
improvements.
Since "free" refers to freedom, not to price, there is no contradiction between selling copies and Free software. In
fact, the freedom to sell copies is crucial: collections of Free software sold on CD-ROMs are important for the
community, and selling them is an important way to raise funds for Free software development. Therefore, a
program that people are not free to include on these collections is not Free software
1.3. About Linux

You hear people talking about Linux all the time. But you also probably hear about the "Red Hat" Linux
distribution, and names like SuSE, Caldera, Debian, Slackware, and others. Are they all Linux?

Recall that Linux is the operating system kernel. That is, Linux is the very heart of the operating system. However,
like all operating systems, to be useful, Linux has to have utilities and programs to do the actual work. This is
where distributions come in.
All of the Linux distributions run the Linux kernel. But after that, the distributions vary from each other to some
degree. For example, the Slackware distribution looks and feels much like Berkeley UNIX, whereas the SuSE
distribution is much more System V'ish. Red Hat Linux tends to fall somewhere in between but is leaning toward
System V more and more with each new release.
1.4. Current Support for Networking Services

Linux was built from the start to be a network operating system. This may seem obvious now, but consider that in
1991 nobody knew how important networking and the Internet would be to modern-day computing. This gives
Linux a big edge in terms of network stability and integration.
Today, Linux supports the networking protocols
Protocol Description
TCP/IP This is the protocol used by the Internet, and on most local networks
IP Version 6 This is the protocol that will eventually replace IP version 4 on the Internet.
AppleTalk The protocol used for Apple computers to communicate with each other.
CCITT X.25 Packet Layer The X.25 networking protocol.
Acorn Econet/AUN An older protocol, used by Acorn computers to access file and print servers.
IPX The Novell networking protocol, used to access Novell file and print servers.
1.5. Flexibility of Open Source Software

Much ado has been made about Free and Open Source software, but what do you really get that you can't get
from closed operating systems such as Microsoft Windows?
StabilityWhen a version of an open source program is released on the Internet, there is a large peer review of the
source code. With so many people looking at the code, there's a much better chance somebody will see a bug,
and even offer a correction. This type of peer review just isn't possible in the closed source world.
ModificationsIn a closed source environment, you're at the mercy of the vendor. If you want or need a feature, you
can submit a request for features, and only hope the vendor will agree with you. If not, you're stuck. With open
source, you have the source code, and you can add the features yourself, if need be. Or, you can hire a
programmer to make the changes for you. Many times, you can post a message to the appropriate Usenet
newsgroup saying "Gee, it sure would be nice if program Foo could do this." Sometimes somebody will have a
patch written within a couple days that does just what you want.
SupportThere are literally thousands of open source advocates out there on newsgroups and e-mail lists who can
answer your questions when you need help. Best of all, it's free. Contrast this with the big money you throw to the
closed source vendors, who may or may not be able to help you. And if you really feel the need to pay for support,
there are several companies out there now providing 24/7 technical support for Linux.

Linux Administration - Distribution Comparision Page 4 of 167
2. The Linux Distribution Comparison

Linux is started taking the world of computers by storm. Corporate greed, insane legal licensing and constant
Windows vulnerabilities are starting to take its toll on the general computing population, and many are looking for
an alternative. For some Linux is the answer.
The Linux Operating System is very different than proprietary Operating Systems. Linux has a community based
development model where many people, organizations and businesses jointly develop the software. With this
style of development, there is no one entity that controls everything, but because of this, it is quite difficult to build
a coherent system that will run on personal computers. This is where distributions come in.
Distributions are complete Linux Systems that are built by companies or organizations to aid in the support and
installation of the Linux Operating System. Distributions take care of all of the rudimentary tasks of building the
system, such as building and testing the software, providing technical support and to provide security updates and
bug fixes, etc.
There are all types of distributions available, from ones that are very user friendly to advanced ones that allow you
to build your system from the source code. We will cover the most popular intermediate Linux distributions
available today, RedHat Linux Fedora Linux, RedHat Enterprise Linux, Mandrake Linux, Suse Linux, Debian
GNU/Linux, Slackware Linux and Caldera OpenLinux. Intermediate distributions give the user plenty of control
and choice over their system, yet provide easy to use tools to administer and maintain their system.
There is no one distribution that will perfectly fit into everyone’s needs. Each one has its own strengths and
weaknesses which will vary from person to person. This article covers all the major advantages (and
disadvantages) each of these distributions have to offer and hopefully give you enough information to help you
correctly choose which Linux Distribution is right for your computer.
2.1 Red Hat Linux

For many, the name Red Hat www.redhat.com epitomises Linux, as it is probably the best-known Linux company
in the world. Founded in 1994, Red Hat, Inc. has only recently started showing signs of profitability, due to
services rather than the distribution itself. Yet, Red Hat Linux is a first choice for many professionals and is likely
to be a major player for a long time. They wisely resisted any rapid expansion plans during the dot-com boom
times in 1998 - 1999, concentrating on their core business. This type of prudent management, if continued, is
likely to guarantee stability and dependability.
What is so special about Red Hat Linux? It is a curious mix of conservative and leading-edge packages put
together on top of many knowledge-intensive utilities developed in-house. The packages are not the most up-to-
date; once a new beta version is announced, the package versions are frozen, except for security updates. The
result is a well-tested and stable distribution, the beta program and a bug reporting facility are open to public and
there is a great spirit on the public mailing lists. Many mission-critical servers around the world run Red Hat Linux.
One other reason for Red Hat's success is the variety of popular services the company offers. The software
packages are easy to update via Red Hat Network, a free repository of software and valuable information. A vast
range of support services is available through the company and, while not always cheap, you are virtually assured
of an excellent support by highly skilled support personnel. The company has even developed a certification
program to further popularize its distribution - the RHCE (Red Hat Certified Engineer) training and examination
are now available in most parts of the world. All these factors have contributed to the fact that Red Hat is now a
recognized brand name in the IT industry.
2.1.1 Fedora Linux

Fedora Linux was started by Redhat Linux in September 2003 as a community based open development
Operating System based on the Redhat Linux distribution. The Redhat distribution was first released in October
1994 and has progressed to one of the most popular Linux Distributions available today.
2.1.2 RedHat Enterprise Linux

Red Hat Enterprise Linux creates a reliable, secure, high-performance platform designed for today’s commercial
environments—with capabilities that match or surpass those of proprietary operating systems. Sold in a family of
four products that span client systems to the largest servers, Red Hat Enterprise Linux delivers a consistent
application, management, and user environment.

Red Hat Enterprise Linux is the corporate Linux standard, already at work running some of the world’s largest
commercial, government, and academic institutions. For any deployment—from the desktop to the datacenter—
Red Hat Enterprise Linux delivers unmatched performance and cost savings, and the freedom of open source
technology. Following is a figure describes RedHat’s Network:
Figure: RedHat Network
Server Solutions:
Red Hat Enterprise Linux AS (Advanced Server):
Red Hat Enterprise Linux AS is the top-of-the-line server operating system solution. Supporting the largest
servers, it is the ultimate solution for large departmental and datacenter server deployments.
Red Hat Enterprise Linux ES (Enterprise Server):
Red Hat Enterprise Linux ES is the perfect server operating system solution for the majority of today's business
computing needs – suitable for systems ranging from the edge-of-network to medium-scale departmental
deployments.
Client Solutions:
Red Hat Enterprise Linux WS (Work Station) and Desktop:
Red Hat Enterprise Linux WS is the desktop/client partner for Enterprise Linux AS and Enterprise Linux ES. Red
Hat Enterprise Linux WS is ideal for all desktop deployments, including office productivity applications, S/W
development environments, and targeted ISV client applications. When configured as a headless workstation,
Enterprise Linux WS is also ideally suited for use as a compute node in a High Performance Computing (HPC)
environment.
Red Hat Enterprise Linux products are based on the same core kernel, libraries, and utilities, and also share the
same major package sets. However, because Red Hat Enterprise Linux WS and Red Hat Desktop are not
designed for use in server environments, there are some differences between family members in terms of their
server package sets.
Recommended Red Hat Enterprise Red Hat Enterprise Red Hat Enterprise Red Hat Desktop

product: Linux AS Linux ES Linux WS

Common usages Databases, ERP, Small-medium Technical, Personal
CRM, applications web, file, and print virtualization, productivity: mail,
configurations trading, power user document
processing,
browsing, instant
messaging;
software
development
Includes desktop Yes Yes Yes Yes
applications
Supported by Yes Yes Yes Yes
leading ISV
applications
Certified on leading Yes Yes Yes Yes
OEM hardware
Includes dedicated Yes Yes No No
server packages
Web and phone- Yes No No No
based
comprehensive
support 24x7
- 1 year Red Hat
Network
Supports X86 Yes Yes Yes Yes
systems (Intel
Pentium Pro, AMD
Athlon, or
compatible), Intel
EM64T, and
AMD64 systems
Supports Itanium Yes Yes Yes No
systems
Supports IBM Yes No No No
zSeries, POWER
series, and S/390
series systems
2.1.3 Red Hat Enterprise Linux system configuration limits

The following table lists some Red Hat Enterprise Linux 3 supported system and software limits. This table will be
updated as additional qualification and testing is completed.
These minimum and maximum system configuration limits identify the technical capabilities of the Red Hat
Enterprise Linux technology.
Note: Following chart doesn’t apply to Red Hat Enterprise Linux WS and Desktop
Minimum Maximum Comments

X86 Memory: 256MB 64GB Maximum varies with chosen kernel; Red Hat Enterprise
Linux ES supports up to 8GB
CPUs: 1 (300MHz, 16 16 physical CPUs or 8 Hyperthreaded CPUs; AMD K6
i686) (i586) is not supported, Red Hat Enterprise Linux WS and
ES support up to 2 physical CPUs (4 Hyperthreaded)
CPUs per system

Itanium2 * Memory: 512MB 96GB 96Gb applies to HP Integrity systems. Maxmimum memory
for Intel Tiger-based systems is 32GB
CPUs: 1 8 Red Hat Enterprise Linux WS for Itanium supports up to 2
CPUs per system
AMD64 Memory: 512MB 16GB
CPUs: 1 4 Red Hat Enterprise Linux WS for AMD64 supports up to 2
CPUs per system
File system size 800MB 1TB Quoted minimum is for a custom installation. Sparse files
can be up to 4TB
2.2. Mandrake Linux

Mandrake Linux was first started in 1998 as a custom built Redhat Linux distribution. The company that releases
Mandrake Linux, Mandrakesoft, is a publicly traded company in France. More recently Mandrakesoft has just
gotten out of bankruptcy and looks to continue to be a very strong Linux Distribution contender
Mandrake Linux was created with the goal of making Linux easier to use for everyone. At that time, Linux was
already well-known as a powerful and stable operating system that demanded strong technical knowledge and
extensive use of the "command line"; Mandrake saw this as an opportunity to integrate the best graphical desktop
environments and contribute its own graphical configuration utilities and quickly became famous for setting the
standard in ease-of-use and functionality.
With this innovative approach, Mandrake offers all the power and stability of Linux to both individuals and
professional users in an easy-to-use and pleasant environment. Thousands of new users are discovering Linux
each and every day and finding it a complete replacement for their previous operating system. Linux as a server
or workstation has no reason to be jealous of any other more established operating systems.
The GPL license (General Public License) governs the development and redistribution of Mandrake Linux. This
license provides everyone the right to copy, distribute, examine, modify and improve the system as long as the
results of these modifications are returned to the community. It is this development model that allows
Mandrakelinux Linux to collect the best ideas from developers & users from across the globe to result in a rich
variety of techniques and solutions.
2.3 SuSE Linux

Suse Linux was started in 1992, and was the first "real" commercial Linux vendor to appear. Suse is a very strong
Linux Distributor, especially in Germany and other European countries. In January of 2004, Novell acquired Suse,
and another Linux company, Ximian. Suse Linux Professional 9.1, which was released in May 2004, is the first
release since Novell acquired Suse Linux.
SuSE www.suse.com is another company with the desktop focus, not very different from Mandrake in this
respect. The distribution has received positive reviews for its installer and configuration tools, called Yast,
developed by SuSE's own developers. The documentation, which comes with the boxed product, has repeatedly
been labeled as the most complete, thorough and usable by far. Linux Journal has recently awarded SuSE Linux
7.3 the "Product of the Year" title. The distribution has achieved a dominant market share in German speaking
and some Eastern European countries.
However, SuSE has been suffering from lack of profitability, having been forced to close down their offices in the
USA and reduce staff - due to high cost of development in Germany. Also, SuSE's development takes place
completely behind closed doors and no public betas are provided for testing. The release cycle is more frequent
(SuSE released three versions in 2001) and they have a policy of not making the software available for download
long after the boxed versions are in stores. Even so, SuSE does not provide ISO images of their distribution,
relying on packaged software for the vast majority of their user base.
2.4 Debian GNU/Linux

Debian GNU/Linux www.debian.org is a completely non-commercial project; perhaps the purest form of the ideals
that started the free software movement. Hundreds of volunteer developers from all over the world contribute to
the project, which is well managed and strict, assuring a quality distribution known as Debian.

At any time during the development process, there are three branches in the main directory tree - "stable",
"testing" and "unstable", the last of which is often referred to as "sid". When a new version of a package appears,
it is placed in the unstable branch for first testing. If it passes, the package moves to the testing branch, which
undergoes rigorous testing lasting many months. This branch is only declared stable after a very thorough testing.
As a result of this, the distribution is possibly the most stable and reliable, albeit not the most up-to-date, suitable
for deployment on servers.
Debian's other main claim to fame is the reputation for being hard to install, unless the user has intimate
knowledge about the computer's hardware. Compensating this failing is "apt-get", a convenient installer for
Debian packages. Many Debian users joke that their installer is so bad, because they only need it once - as soon
as Debian is up and running, all future updates of any scale can be accomplished via the apt-get utility. Take it
from a person who has tried many distributions - once you have experienced the dependency headaches while
installing software on any RPM-based distribution, you will stare in absolute disbelief at the painless and
convenient process of installing and upgrading your Debian packages. You might even think that you have just
entered paradise...
2.5 Slackware Linux

Slackware www.slackware.com is one of the oldest distributions around and it is very popular among experienced
Linux users. It offers no bells and whistles, sticking with a text-based installer and no graphical configuration tools.
Where other distributions tried hard to develop easy-to-use front ends for many common utilities, Slackware offers
no hand-holding and everything is still done through configuration files. Because of this, Slackware is not
recommended to novice users.
Nevertheless, Slackware has a magic appeal to many users. It is extremely stable and secure - very suitable for
server deployment. Experienced Linux administrators find that the distribution is less buggy as it uses most
packages in their pristine forms and without too many in-house enhancement which have a potential to introduce
new bugs. Releases are infrequent although up-to-date packages are always available for download after the
official release. Slackware is a fine distribution for those who are interested in deeper knowledge of Linux
internals.
Perhaps the best characteristic of this distribution I have heard is this: If you need help with your Linux box, find a
Slackware user. He is more likely to fix the problem than a user familiar with any other distribution.
2.6 Caldera OpenLinux

Caldera www.caldera.com has been through bad times in the last few months, suffering from severe drops in
share prices and being forced to reduce staff. They have released a version of OpenLinux in July 2001,
surrounded in enormous controversy. The company has introduced "per-seat licensing" for business users,
requiring users to purchase a separate license for every workstation or server installed. This unprecedented move
drew lots of criticism and prompted many users to switch to another distribution.
Caldera OpenLinux 3.1 is still available for non-commercial use as a free download. The reviews have been
positive, branding the distribution as easy-to-install and very stable, suitable for heavy development work. It lacks
the Gnome desktop environment and associated libraries, which means that some excellent GTK+ based
applications, such as Galeon or Gnumeric, are not available.
Note: Linux is actually only the kernel of a complete system. Many contributors like to call a complete Linux
system a GNU/Linux system. The GNU stands for GNU's Not Unix (a recursive acronym) and is the system first
started by Richard Stallman, then later developed with the coordination of the Free Software Foundation. The
whole name idea is to get the point of freedom across when you discuss the operating system.
2.7. Top 6 Distributions

This is difficult to determine, since Linux distributions are often unable to determine their own sales figures due to
the multiple installation models, and lack of strict 'per-seat' licensing. However, the popular www.distrowatch.com
site lists features of 90 major Linux distributions, with 'interest counts' (based on page requests for each of the
distributions).
We also took the 20 most popular distributions according to Distrowatch, and using the 'link:' feature of Google,
determined the number of in-pointing links to each distribution's web site (i.e. number of sites that link to each
distribution's homepage). This helped to validate the findings of Distrowatch.
The results were as follows:
Distribution Rank from Distrowatch Rank from Google Combined Ranking

Mandrake 1 3 =1
Redhat 2 2 =1
Debian 3 1 =1
SuSE 4 6 =4
Slackware 5 5 =4
Caldera/SCO 6 4 5
2.7.1 Evaluation Criteria and Description

Evaluation of these distributions according to the following categories, We do not give a 'good', 'bad' rating, we
merely list the qualities of each distribution.
Criterion Reason
Organization structure / Funding in the Open Source world is especially difficult following 'dot-com'
description of company collapse. Many mergers, some distributions and companies have closed. Mergers,
structure etc. Any recent or while possibly helping the market in the long-run, could give
intended major changes.
Ease of installation The installation process is the first thing the end-user will normally see. The feel of
process, is it graphically this process gives a good clue to what the distribution things of their target market.
based? Some are graphical and need only a few mouse clicks, some require the skills of a
system administrator.
Is the entire distribution If parts are non-open source, few developers outside the company itself (if
itself open source? corporate) would be willing to fix / enhance. For totally open source distributions,
there will always be a migration path – if the company producing a excellent
product goes under, someone else will take up that product.
Any insistence of 'per seat' Per seat licensing means that the vendor of the distribution tries to insist on a
licensing? payment for every seat using that distribution (similar to the current Microsoft
licensing model).
Target market of distribution Different distributions have widely differing target markets – the Linux world is
extremely diverse.
Support for adding bug Users need the ability to upgrade for security fixes and new hardware. Whether
fixes and extra hardware this is free, and how easy to do, varies widely.
support.
License fee. If a license fee is required or recommended for the distribution, what is the fee,
and what are the benefits.
2.7.2 Organizational Structure

Mandrake A large public company, based in France. Some minor reports of financial
problems, reasonable levels of sales growth. No indications of any likely merger
activity.
Redhat A large US based limited company. Over $US100M in the bank, most secure of all
Linux distributions.
Debian Not a for-profit company, a collection of developers, expenses paid by donations.
Some suspicions in the community that Debian is becoming less popular.
SuSE Commercial company, based in Germany. Some changes in that they are merging
some development to become part of UnitedLinux.
Slackware Another non-commercial distribution, centered around a few dedicated individuals,
with a variety of other contributors.

Caldera/SCO Relatively large public US based company, involved in Linux as well as other non-
Linux software. Some changes in that they are merging some development to
become part of UnitedLinux. May 2003 update : Caldera/SCO now neither
distribute nor support Linux
2.7.3 Ease of Installation Process

Distribution Comments
Mandrake Very well respected installer, graphical, questions are mainly non-technically
worded.
Redhat Graphical installer, easy to use.
Debian Text based installer, lots of options.
SuSE Graphical, easy to use.
Slackware Text based, said to have steep learning curve.
Caldera/SCO Easy to use, but text based.
2.7.4 Commitment to Open Source

Mandrake Yes, they are committed to open source and donate time to popular applications.
Redhat Same as Mandrake.
Debian Committed to keeping everything open source:
SuSE Everything except 'YAST', the system setup tool. This has caused some
controversy. Now part of UnitedLinux : see Caldera.
Slackware Everything is open source.
Caldera/SCO Some open source community concerns that binaries under UnitedLinux binaries
may not be freely distributable, only sources will be. UnitedLinux keen to play
down any concerns they are not fully open source. Many in the industry believe
Caldera treads a fine line on the edge of breaking the spirit of the GPL licensing
agreement.
2.7.5 Per Seat Licensing

Mandrake Possible to get security updates, online support etc without per-seat license.
License just makes support faster.
Redhat No per seat licensing requirement.
Debian Cost-free (donations suggested).
SuSE Maintenance utility requires a per seat license, but SuSE keen to deny reports that
their entire product could change to per-seat licensing now that they are part of
UnitedLinux.
Slackware Cost-free.
Caldera/SCO Per seat, a fact that is quite unpopular with the Linux community.

2.7.6 Target Market

Mandrake Said to be one of the easier to use Linux distributions for desktop users, however,
default KDE (desktop) requires some relearning for previous Windows users.
Redhat Traditionally Redhat concentrated on the server market, but now they are also
promoting the desktop market. Same comments about KDE as for Mandrake.
Debian Debian is said to be hard to learn, more suited for experienced Linux users.
SuSE Quite similar to Mandrake – easy, but not optimized to be like Windows.
Slackware Same as Debian.
Caldera/SCO The cheapest 'workstation' product targets software developers not 'normal' users.
2.7.7 Software Upgrades / Support

Mandrake Even non-registered users have access to security upgrades, dedicated site.
Redhat Automatic update agent.
Debian Software support is okay, but installation method is text-only.
SuSE Automatic update facility (this is the non-GPL part of SuSE).
Slackware No automated update, users are expected to manually select their own updates
from a website.
Caldera/SCO Automatic update facility.
2.7.8 License Fee

Mandrake $US25 - if you want support.
Redhat Desktop and WS $US40.
RH Enterprise: AS $ US 1499 (for Standard Edn) and $ US 2499 (Premium Edn)
RH Enterprise: ES $ US 400 (for Standard Edn) and $ US 500 (Premium Edn)
Debian Cost-free (donations suggested).
SuSE $US40 or US$80 (some users say $US40 product does not have some commonly
required features).
Slackware Cost-free (donations suggested).
Caldera/SCO $US99 per user.
Conclusion
The Linux world has surprising variety. There are distributions made to look like Windows, distributions that only a
system administrator could install, and everything in between. There are business models everywhere between
‘it’s all free, please donated' And that's just the top 6 distributions. Take a look at www.distrowatch.com,
check out some of the smaller distributions, and you'll find an even more diverse world.

Linux Administration – Installation Page 12 of 167
3. Linux Installation
3.1 Hardware Requirements
The following information represents the minimum hardware requirements necessary to successfully install Red
Hat Linux 9:
- Minimum: Pentium-class
- Recommended for text-mode: 200 MHz Pentium-class or better
- Recommended for graphical: 400 MHz Pentium II or better
Hard Disk Space (NOTE: Additional space will be required for user data):
Personal Desktop
A personal desktop installation, including a graphical desktop environment, requires at least 1.7GB of free space.
Choosing both the GNOME and KDE desktop environments requires at least 1.8GB of free disk space.
Workstation
A workstation installation, including a graphical desktop environment and software development tools, requires at
least 2.1GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 2.2GB of
free disk space.
Server
A server installation requires 850MB for a minimal installation without X (the graphical environment), at least
1.5GB of free space if all package groups other than X are installed, and at least 5.0GB to install all packages
including the GNOME and KDE desktop environments.
Custom
A Custom installation requires 475MB for a minimal installation and at least 5.0GB of free space if every package
is selected.
Memory: -
Minimum for text-mode: 64MB
Minimum for graphical: 128MB
Recommended for graphical: 192MB
Note that the compatibility/availability of other hardware components (such as video and network cards) may be
required for specific installation modes and/or post-installation usage. For more information about hardware
compatibility, see the Red Hat Linux Hardware Compatibility List at http://hardware.redhat.com/hcl/
Before you begin a Red Hat Linux installation, you need to know what the purpose of the machine will be. Will it
be a development workstation? An FTP? A Web server? Or will it be a database server? Each of these examples
requires a different configuration.
3.2 Planning the Installation

Before any software can be installed, the computer has to be able to recognize the hardware it will be using. The
installation process will ask you about your hardware, so have this data ready before you start.
You should know the make and model number for each of the following pieces of hardware, if you have them:
SCSI controllers
Network interface cards (NIC)
Video cards
Sound cards
Packages to Be Installed

Red Hat Linux comes conveniently bundled with an array of pre-configured software packages. Most likely, you
will not need to install all of these packages, and for security reasons (or office policy) it is a good idea not to.
Your boss might not appreciate the office network being used to serve personal Web pages from each
employee's installation of an Apache Web server. Also, every computer on your network doesn't need to run the
innd network news service.
Limit the packages you install to only the ones you need. If other packages are required later, they can be
installed easily enough with the rpm tool.
Partitioning the Drive

It is recommended that you make several partitions when preparing your hard drive to install Linux. This is a good
idea for various reasons. First, Red Hat Linux runs two filesystems: a Linux native filesystem, and a Linux swap
space. Second, if you want to install Red Hat Linux and another operating system on the same computer, you will
have to create separate partitions for each.
Stability and Security

The Linux native filesystem is usually divided among many hard drive partitions. The recommended configuration
is a separate partition for each of these directories: /, /usr, /tmp, /var, and /home as well as separate partitions for
corporate data, database services, and even the Web and FTP sites if they are expected to be large.
Partitioning the hard drive in this manner keeps system, application, and user files isolated from each other. This
aids in protecting the file space that the Linux kernel and the rest of your applications use. Files cannot grow
across partitions. Therefore, an application that uses huge amounts of disk space, such as a newsgroup server,
will not be able to use up all of the disk space needed by the Linux kernel. Another advantage is that if a bad spot
develops on the hard drive, it will be easier to restore a single partition than the entire system. Stability is
improved.
Security, also, is improved. Multiple partitions give you the ability to mount some filesystems as read-only. For
example, if there is no reason for any user (even root) to write to the /usr directory, mounting that partition as
read-only will help protect those files from being tampered with.
While there are many incentives to partitioning your disk space, it might not be desirable for you. For single-user
systems, or where disk space is scarce, a simpler filesystem layout would be called for. For example, if the /var
directory is on its own partition of 300MB, only 100MB might be used. That makes 200MB of wasted disk space.
As of RH 7.x, both the web and ftp document roots have been added to /var. These may add additional disk
space requirements for /var.
Currently, there is no easy way to resize Linux partitions. Therefore, a lot of careful consideration should be put
into whether you want to partition your disk space, and how to do it.
3.3 How Much Space Is Required?

You should size your Linux partitions according to your needs and the function of the computer. For example, a
mail server will require more space for the /var directory because the mail spool resides in /var/spool/mail. You
may even want to create a separate partition just to accommodate /var/spool/mail.
Example: File Server

If the Linux system you are installing is to be a file server, then your filesystem could look something like the
following:
Filesystem Size (MB) Mounted on
/dev/sda1 400 /
/dev/sda5 2000 /var
/dev/sda6 300 /usr
/dev/sda7 60 Swap space
/dev/sda8 1000 /home

/dev/sda9 3000 /home/shared
Linux Swap Space

Normally, Linux can use a maximum 4GB of swap space. This 4GB can be spread over a maximum of eight
partitions. Note that each swap partition is restricted to a maximum of 2GB.
There is no authoritative formula for deciding how much swap space should be made, but you can make an
estimate based on the typical UNIX rule of thumb, swap space should be two to three times the amount of RAM.
Disk space is very cheap compared to RAM.
BIOS Limits
Be aware that some computers, built before 1998, may have a BIOS (Basic Input/Output System) that, at bootup
(under DOS), limits access to hard disks beyond their 1024 cylinder. A common effect of this problem is your
computer's inability to see any partitions past the first 512MB of disk space at boot time. If this limitation affects
your computer, do not place any bootable partitions after this barrier or the BIOS will not be able to access them
and your Linux operating system will not be able to load.
3.4 Partitioning Naming Conventions

UNIX is notorious for creating weird file names for hardware, and no one standard has been used by all the UNIX
versions. Linux, meanwhile, has been using a simple standard for disk drives: disk device names have three
letters, then a number. The first letter identifies the controller type (h is for IDE/EIDE, s is for SCSI). The second
letter is d for disk, the third letter is for the sequential disk controller starting with “a.” This means the first IDE
drive would be hda, the next would be hdb, then hdc and hdd. The partitions are numbered starting from 1, but
due to the DOS world, they may not be sequential, depending on how they were created. Under this rule, the
partitions would be /dev/hda1, /dev/hda2, /dev/hda3, .../dev/hda16 for the first IDE drive, then
/dev/hdb1.../dev/hda16 for the second drive, and so one
For SCSI drives, the name is sda for the first disk on the first controller. The partitions are /dev/sda1, /dev/sda2...
/dev/sda15 (only 15 maximum partitions with SCSI, whereas IDE can have 16). The second disk on the same
SCSI controller would be sdaa {1, 2, 15}, and so on. The second controller would have sdb{1-15} for the first disk,
then sdba{1-15} for the second disk on the second controller, and so on. In RH 7.x, there are 2048 configured
SCSI devices. The number of disks and partitions already configured depends on the version and distribution of
Linux.
3.5 Install Options

The Red Hat Linux installation program has the ability to test the integrity of the installation media. It works with
the CD, DVD, hard drive ISO, and NFS ISO installation methods. Red Hat recommends that you test all
installation media before starting the installation process, and before reporting any installation-related bugs (many
of the bugs reported are actually due to improperly-burned CDs). To use this test, type linux mediacheck at the
boot: prompt.
While most present-day computers are able to start the installation process by booting directly from the first Red
Hat Linux distribution CD, some hardware configurations require the use of a boot diskette. If your hardware
requires a boot diskette, you should be aware of the following change.
Red Hat Linux 9 uses a different boot diskette layout than previous releases of Red Hat Linux. There is now a
single boot diskette image file (bootdisk.img) that is used to boot all systems requiring a boot diskette.
If you are performing anything other than an installation from an IDE or USB device, you will be asked to insert a
driver diskette created from one of the following image files:
- drvnet.img - For network installations
- drvblock.img - For SCSI installations
- pcmciadd.img - For PCMCIA installations
As with previous releases of Red Hat Linux, these image files can be found in the images directory on the first
installation CD.

Also in the images/ directory is the boot.iso file. This file is an ISO image that can be used to boot the Red Hat
Linux installation program. It is a handy way to start network-based installations without having to use multiple
diskettes. To use boot.iso, your computer must be able to boot from its CD-ROM drive, and its BIOS settings must
be configured to do so. You must then burn boot.iso onto a recordable/rewriteable CD-ROM.
The rescue mode environment (accessed by booting with the "linux rescue" boot-time command) has been
enhanced. Numerous requested utilities have been added, and there is now support for activating network
interfaces. Commands needed for SCSI tape support are also available. Please test this environment and send
us your feedback.
The Red Hat Linux installation program now detects existing Red Hat products on your system, and will prompt
you to select the product you would like to upgrade. You will also have the option of performing a complete re-
installation of the system instead of upgrading. Please report any problems you may experience with this new
feature.
If the contents of your /etc/redhat-release file have been changed from the default, your Red Hat Linux
installation may not be found when attempting an upgrade to Red Hat Linux 9.
You can relax some of the checks against this file by entering the following at the boot: prompt:
boot: linux upgradeany
Use the upgradeany option only if your existing Red Hat Linux installation was not detected.
isolinux is now used for booting the Red Hat Linux installation CD. If you have problems booting from the CD, you
can write the images/bootdisk.img image to a diskette
During a graphical installation, you can now press SHIFT-Print Screen and a screenshot of the current installation
screen will be taken. These are stored in the following directory:
/root/anaconda-screenshots/
The screenshots can be accessed once the newly-installed system is rebooted.
The parted disk partition manipulation program has been upgraded to version 1.6.
Users of Red Hat Linux 6.2 that want to upgrade their system to Red Hat Linux 9 must first have all errata
updates applied before starting the upgrade process. The most straightforward way to accomplish this is to use
Red Hat Network. A Red Hat Linux 6.2 system that is not completely up-to-date will not upgrade successfully to
Red Hat Linux 9.
Text mode installations using a serial terminal work best when the terminal supports UTF-8. Under UNIX and
Linux, Kermit supports UTF-8. For Windows, Kermit '95 works well. Non-UTF-8 capable terminals will work as
long as only English is used during installation. An enhanced serial display can be used by passing "utf8" as a
boot-time option to the installation program. For example:
boot:linux console=ttyS0 utf8

Linux Administration - Boot Loaders Page 16 of 167
4. Boot Loaders
Before Red Hat Linux can run, it must be loaded into memory by a special program called a boot loader. A
boot loader usually exists on the system's primary hard drive (or other media device) and has the sole
responsibility of loading the Linux kernel with its required files or (in some cases) other operating systems into
memory.
4.1 Boot Loaders and System Architecture

Each architecture capable of running Red Hat Linux uses a different boot loader. For example, the Alpha
architecture uses the aboot boot loader, while the Itanium architecture uses the ELILO boot loader.
GRUB
GNU Grand Unified Boot loader or GRUB is a program which enables the user to select which installed
operating system or kernel to load at system boot time. It also allows the user to pass arguments to the kernel.
GRUB and the x86 Boot Process

This section discusses in more detail the specific role GRUB plays when booting an x86 system. For an look at
the overall boot process.
GRUB loads itself into memory in the following stages:
The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR. The
primary boot loader exists on less than 512 bytes of disk space within the MBR and is capable of loading either
the Stage 1.5 or Stage 2 boot loader.
The Stage 1.5 boot loader is read into memory by the Stage 1 boot loader, if necessary. Some hardware requires
an intermediate step to get to the Stage 2 boot loader. This is sometimes true when the /boot partition is above
the 1024 cylinder head of the hard drive or when using LBA mode. The Stage 1.5 boot loader is found either on
the /boot partition or on a small part of the MBR and the /boot partition.
The Stage 2 or secondary boot loader is read into memory. The secondary boot loader
displays the GRUB menu and command environment. This interface allows you to select which operating system
or Linux kernel to boot, pass arguments to the kernel, or look at system parameters, such as available RAM.
The secondary boot loader reads the operating system or kernel and initrd into memory. Once GRUB determines
which operating system to start, it loads it into memory and transfers control of the machine to that operating
system.
The boot method used to boot Red Hat Linux is called the direct loading method because the boot loader
loads the operating system directly. There is no intermediary between the boot loader and the kernel.
The boot process used by other operating systems may differ. For example, Microsoft's DOS and Windows
operating systems, as well as various other proprietary operating systems, are loaded using a chain loading
boot method. Under this method, the MBR points to the first sector of the partition holding the operating system.
There it finds the files necessary to actually boot that operating system. GRUB supports both direct and chain-
loading boot methods, allowing it to boot almost any operating system.
Warning: During installation, the Microsoft's DOS and Windows installation program completely overwrites the
MBR, destroying any existing boot loader. If creating a dual-boot system, it is best to install the Microsoft
operating system first.
4.1.1 Features of GRUB

GRUB contains a number of features that make it preferable to other boot loaders available for the x86
architecture. Below is a partial list of some of the more important features:
GRUB provides a true command-based, pre-OS environment on x86 machines. This affords the
user maximum flexibility in loading operating systems with certain options or gathering information about the
system. For years, many non-x86 architectures have employed pre-OS environments that allow system booting

from a command line. While some command features are available with LILO and other x86 boot loaders, GRUB
is more feature rich.
Important: GRUB supports Logical Block Addressing (LBA) mode. LBA places the addressing
conversion used to find files in the hard drive's firmware, and is used on many IDE and all SCSI hard devices.
Before LBA, boot loaders could encounter the 1024-cylinder BIOS limitation, where the BIOS could not find a file
after that cylinder head of the disk. LBA support allows GRUB to boot operating systems from partitions beyond
the 1024-cylinder limit, so long as the system BIOS supports LBA mode. Most modern BIOS revisions support
LBA mode.
GRUB can read ext2 partitions. This functionality allows GRUB to access its configuration file,
/boot/grub/grub.conf, every time the system boots, eliminating the need for the user to write a new version of the
first stage boot loader to MBR when configuration changes are made. The only time a user would need to reinstall
GRUB on the MBR is if the physical location of the /boot partition is moved on the disk.
Installing GRUB
If GRUB was not installed during the Red Hat Linux installation process it can be installed afterward. Once
installed, it automatically becomes the default boot loader. Before installing GRUB, make sure to use the latest
GRUB package available or use the GRUB package from the Red Hat Linux installation CD-ROMs. For
instructions on installing packages, see the chapter titled Package Management with RPM in the Red Hat
Linux Customization Guide.
Once the GRUB package is installed, open a root shell prompt and run the command /sbin/grubinstall <
location>, where < location> is the location that the GRUB Stage 1 boot loader should be installed.
The following command installs GRUB to the MBR of the master IDE device on the primary IDE
bus: /sbin/grub-install /dev/had The next time the system boots, the GRUB graphical boot loader menu
will appear before the kernel loads into memory.
GRUB Terminology
One of the most important things to understand before using GRUB is how the program refers to devices, such as
hard drives and partitions. This information is particularly important when configuring GRUB to boot multiple
operating systems.
Device Names
Suppose a system has more than one hard drive. The first hard drive of the system is called (hd0) by GRUB. The
first partition on that drive is called (hd0,0), and the fifth partition on the second hard drive is called (hd1,4). In
general, the naming convention for file systems when using GRUB breaks down in this way:
(<type-of-device><bios-device-number>, <partition-number>)
The parentheses and comma are very important to the device naming conventions. The
<type-of-device> refers to whether a hard disk (hd) or floppy disk (fd) is being specified.
The <bios-device-number> is the number of the device according to the system's BIOS, starting
with 0. The primary IDE hard drive is numbered 0, while the secondary IDE hard drive is numbered 1. The
ordering is roughly equivalent to the way the Linux kernel arranges the devices by letters, where the a in hda
relates to 0, the b in hdb relates to 1, and so on.
Note: GRUB's numbering system for devices starts with 0, not 1. Failing to make this distinction is one of the
most common mistakes made by new GRUB users.
The <partition-number> relates to the number of a specific partition on a disk device. Like the
<bios-device-number>, the partition numbering starts at 0. While most partitions are specified
by numbers, if a system uses BSD partitions, they are signified by letters, such as a or c.
GRUB uses the following rules when naming devices and partitions:
It does not matter if system hard drives are IDE or SCSI. All hard drives start with hd. Floppy disks start with fd.

To specify an entire device without respect to its partitions, leave off the comma and the partition number. This is
important when telling GRUB to configure the MBR for a particular disk. For example, (hd0) specifies the MBR on
the first device and (hd3) specifies the MBR on the fourth device.
If a system has multiple drive devices, it is very important to know the drive boot order set in the BIOS. This is
rather simple to do if a system has only IDE or SCSI drives, but if there is a mix of devices, it can become
confusing.
4.1.2 File Names and Blocklists

When typing commands to GRUB involving a file, such as a menu list to use when allowing the
booting of multiple operating systems, it is necessary to include the file immediately after specifying
the device and partition.
A sample file specification to an absolute file name is organized as follows:
(<type-of-device><bios-device-number>,<partition-number>) /path/to/file
Most of the time, a user will specify files by the directory path on that partition, plus the file name. It is also
possible to specify files to GRUB that do not actually appear in the file system, such as a chain loader that
appears in the first few blocks of a partition. To specify these files, you must provide a blocklist, which tells GRUB,
block by block, where the file is located in the partition, since a file can be comprised of several different sets of
blocks, there is a specific way to write blocklists. Each file's section location is described by an offset number of
blocks and then a number of blocks from that offset point, and the sections are put together in a comma-delimited
order.
The following is a sample blocklist:
0+50,100+25,200+1
This blocklist tells GRUB to use a file that starts at the first block on the partition and uses blocks 0 through 49,
99 through 124, and 199.
Knowing how to write blocklists is useful when using GRUB to load operating systems that use chain loading,
such as Microsoft Windows. It is possible to leave off the offset number of blocks if starting at block 0. As an
example, the chain loading file in the first partition of the first hard drive would have the following name:
(hd0,0)+1
The following shows the chainloader command with a similar blocklist designation at the GRUB command line
after setting the correct device and partition as root:
chainloader +1
4.1.3 GRUB's Root File System

Some users are confused by the use of the term "root file system" with GRUB. It is important to remember that
GRUB's root file system has nothing to do with the Linux root file system. The GRUB root file system is the root
partition for a particular device. GRUB uses this information to mount the device and load files from it.
With Red Hat Linux, once GRUB has loaded its root partition (which equates to the /boot partition and contains
the Linux kernel), the kernel command can be executed with the location of the kernel file as an option. Once the
Linux kernel boots, it sets the root file system Linux users are familiar with. The original GRUB root file system
and its mounts are forgotten; they only existed to boot the kernel file.
GRUB Interfaces
GRUB features three interfaces, which provide different levels of functionality. Each of these interfaces allows
users to boot the Linux kernel or other operating systems.
The interfaces are as follows:
Menu Interface
If GRUB was automatically configured by the Red Hat Linux installation program, this is the interface shown by
default. A menu of operating systems or kernels preconfigured with their own boot commands are displayed as a
list, ordered by name. Use the arrow keys to select an option other than the default selection and press the [Enter]
key to boot it. Alternatively, a timeout period is set, so that GRUB will start loading the default option. Press the [e]
key to enter the entry editor interface or the [c] key to load a command line interface.
Menu Entry Editor Interface

To access the menu entry editor, press the [e] key from the boot loader menu. The GRUB commands for that
entry are displayed here, and users may alter these command lines before booting the operating system by
adding a command line ([o] inserts a new line after the current line and [O] inserts a new line before it), editing
one ([e]), or deleting one ([d]).
After all changes are made, the [b] key executes the commands and boots the operating system. The [Esc] key
discards any changes and reloads the standard menu interface. The [c] key loads the command line interface.
Command Line Interface

The command line interface is the most basic of the GRUB interfaces, but it is also the one that grants the most
control. The command line makes it possible to type any relevant GRUB commands followed by the [Enter] key to
execute them. This interface features some advanced shell-like features, including [Tab] key completion, based
on context, and [Ctrl] key combinations when typing commands, such as [Ctrl]-[a] to move to the beginning of a
line, and [Ctrl]-[e] to move to the end of a line. In addition, the arrow, [Home], [End], and [Delete] keys work as
they do in the bash shell.
Order of the Interfaces

When GRUB loads its second stage boot loader, it first searches for its configuration file. Once found, it builds a
menu list and displays the menu interface.
If the configuration file cannot be found, or if the configuration file is unreadable, GRUB loads the command line
interface, allowing the user to type commands to complete the boot process.
If the configuration file is not valid, GRUB prints out the error and asks for input. This helps the user see precisely
where the problem occurred. Pressing any key reloads the menu interface, where it is then possible to edit the
menu option and correct the problem based on the error reported by GRUB. If the correction fails, GRUB reports
an error and reloads the menu interface.
4.1.4 GRUB Commands

GRUB allows a number of useful commands in its command line interface. Some of the commands accept
options after their name; these options should be separated from the command and other options on that line by
space characters.
The following is a list useful commands:
boot - Boots the operating system or chain loader that has been previously specified and loaded.
chainloader <file-name> - Loads the specified file as a chain loader. To grab the file at the first sector of
the specified partition, use +1 as the file's name.
displaymem - Displays the current use of memory, based on information from the BIOS. This is useful to
determine how much RAM a system has prior to booting it.
initrd <file-name> - Enables users to specify an initial RAM disk to use when booting. An initrd is
necessary when the kernel needs certain modules in order to boot properly, such as when the root partition is
formatted with the ext3 file system.
install <stage-1> <install-disk> <stage-2> p <config-file> - Installs GRUB to the system
MBR.
When using the install command the user must specify the following:

<stage-1> - Signifies a device, partition, and file where the first boot loader image can be found, such as
(hd0,0)/grub/stage1.
<install-disk> - Specifies the disk where the stage 1 boot loader should be installed, such as (hd0).
<stage-2> -Passes to the stage 1 boot loader the location of the stage 2 boot loader is located, such as
(hd0,0)/grub/stage2.
p <config-file> - This option tells the install command to look for the menu configuration file specified by
<config-file>. An example of a valid path to the configuration file is
(hd0,0)/grub/grub.conf.
Warning: The install command will overwrite any other information in the MBR. If executed, any information
(other than GRUB information) that is used to boot other operating systems, will be lost.
kernel <kernel-file-name> <option-1> <option-N> - Specifies the kernel file to load from GRUB's
root file system when using direct loading to boot the operating system. Options can follow the kernel command
and will be passed to the kernel when it is loaded.
For Red Hat Linux, an example kernel command looks like the following:
kernel /vmlinuz root=/dev/hda5
This line specifies that the vmlinuz file is loaded from GRUB's root file system, such as (hd0,0). An option is also
passed to the kernel specifying that when loading the root file system for the Linux kernel, it should be on hda5,
the fifth partition on the first IDE hard drive. Multiple options may be placed after this option, if needed.
root <device-and-partition> - Configures GRUB's root partition to be a specific device and partition,
such as (hd0,0), and mounts the partition so that files can be read.
rootnoverify <device-and-partition> - Performs the same functions as the root command but does
not mount the partition.
Commands other than these are available. Type info grub for a full list of commands.
4.1.5 GRUB Menu Configuration File

The configuration file (/boot/grub/grub.conf), which is used to create the list of operating systems to boot in
GRUB's menu interface, essentially allows the user to select a pre-set group of commands to execute.
Special Configuration File Commands
The following commands can only be used in the GRUB menu configuration file:
color <normal-color> <selected-color> - Allows specific colors to be used in the menu, where two
colors are configured as the foreground and background. Use simple color names, such as red/black. For
example:
color red/black green/blue
default <title-name> - The default entry title name that will be loaded if the menu interface times out.
fallback <title-name> - If used, the entry title name to try if first attempt fails.
hiddenmenu - If used, prevents the GRUB menu interface from being displayed, loading the default entry when
the timeout period expires. The user can see the standard GRUB menu by pressing the [Esc] key.
password <password> - If used, prevents a user who does not know the password from editing the entries
for this menu option.
Optionally, it is possible to specify an alternate menu configuration file after the password <password>
command. In this case, GRUB will restart the second stage boot loader and use the specified alternate
configuration file to build the menu. If an alternate menu configuration file is left out of the command, then a user
who knows the password is allowed to edit the current configuration file.
timeout - If used, sets the interval, in seconds, before GRUB loads the entry designated by the default
command.

splashimage - Specifies the location of the splash screen image to be used when GRUB boots.
title - Sets a title to be used with a particular group of commands used to load an operating system. The
hash mark (#) character can be used at the beginning of a line to place comments in the menu configuration file.
4.1.6 Configuration File Structure

The GRUB menu interface configuration file is /boot/grub/grub.conf. The commands to set the global preferences
for the menu interface are placed at the top of the file, followed by the different entries for each of the operating
systems or kernels listed in the menu.
The following is a very basic GRUB menu configuration file designed to boot either Red Hat Linux and Microsoft
Windows 2000:
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
# section to load linux
title Red Hat Linux (2.4.18-5.47)
root (hd0,0)
kernel /vmlinuz-2.4.18-5.47 ro root=/dev/sda2
initrd /initrd-2.4.18-5.47.img
# section to load Windows 2000
title windows
rootnoverify (hd0,0)
chainloader +1
This file tells GRUB to build a menu with Red Hat Linux as the default operating system and sets it to autoboot
after 10 seconds. Two sections are given, one for each operating system entry, with commands specific to the
system disk partition table.
Note: The default is specified as a number. This refers to the first title line GRUB comes across. If you want
windows to be the default, change the default=0 to default=1.
4.2 LILO
LILO is an acronym for the LInux LOader and has been used to boot Linux on x86 systems for many years.
Although GRUB is now the default boot loader, some users prefer to use LILO because it is more familiar to them
and others use it out of necessity, since GRUB may have trouble booting some hardware.
4.2.1 LILO and the x86 Boot Process

This section discusses in detail the specific role LILO plays when booting an x86 system. For a detailed look at
the overall boot process. LILO loads itself into memory almost identically to GRUB, except it is only a two stage
loader.
1. The Stage 1 or primary boot loader is read into memory by the BIOS from the MBR2. The primary boot loader
exists on less than 512 bytes of disk space within the MBR. It only loads the Stage 2 boot loader and passes disk
geometry information to it.
2. The Stage 2 or secondary boot loader is read into memory. The secondary boot loader displays the Red Hat
Linux initial screen. This screen allows you to select which operating system or Linux kernel to boot.
3. The Stage 2 boot loader reads the operating system or kernel and initrd into memory. Once LILO determines
which operating system to start, it loads it into memory and hands control of the machine to that operating system.
Once the Stage 2 boot loader is in memory, LILO displays the initial Red Hat Linux screen with the different
operating systems or kernels it has been configured to boot. By default, if Red Hat Linux is the only operating
system installed, linux will be the only available option. If the system has multiple processors there will be a linux-
up option for the single processor kernel and a linux option for the multiple processor (SMP) kernel. If LILO is
configured to boot other operating systems, those boot entries also appear on this screen.

The arrow keys allow a user to highlight the desired operating system and the [Enter] key begins the boot
process. To access a boot: prompt, press [Ctrl]-[X].
4.2.2 LILO versus GRUB

In general, LILO works similarly to GRUB except for three major differences:
It has no interactive command interface.
It stores information about the location of the kernel or other operating system it is to load on the MBR.
It cannot read ext2 partitions.
The first point means the command prompt for LILO is not interactive and only allows one command with
arguments.
The last two points mean that if you change LILO's configuration file or install a new kernel, you must rewrite the
Stage 1 LILO boot loader to the MBR by using the following command:
/sbin/lilo -v -v
This method is more risky than the method used by GRUB because a misconfigured MBR leaves the system
unbootable. With GRUB, if the configuration file is erroneously configured, it will default to its command line
interface where the user can boot the system manually.
Options in /etc/lilo.conf
The LILO configuration file is /etc/lilo.conf. The /sbin/lilo commands use this file to determine what
information to write to the MBR.
The /etc/lilo.conf file is used by the /sbin/lilo command to determine which operating system or kernel to load
and where it should be installed.
A sample /etc/lilo.conf file looks like this:
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
lba32
default=linux
image=/boot/vmlinuz-2.4.0-0.43.6
label=linux
initrd=/boot/initrd-2.4.0-0.43.6.img
read-only
root=/dev/hda5
other=/dev/hda1
label=dos
This example shows a system configured to boot two operating systems: Red Hat Linux and DOS. Next is a more
detailed look at the lines of this file:
boot=/dev/had-Instructs LILO to install itself on the first hard disk of the first IDE controller.
map=/boot/map - Locates the map file. In normal use, this should not be modified.
install=/boot/boot - Instructs LILO to install the specified file as the new boot sector. In normal use, this
should not be altered. If the install line is missing, LILO will assume a default of /boot/boot.b as the file to be used.
prompt - Instructs LILO to show you whatever is referenced in the message line. While it is not
recommended that you remove the prompt line, if you do remove it, you can still access a prompt by holding down
the [Shift] key while your machine starts to boot.
timeout=50 - Sets the amount of time that LILO will wait for user input before proceeding with booting the
default line entry. This is measured in tenths of a second, with 50 as the default.

message=/boot/message - Refers to the screen that LILO displays to let you select the operating system or
kernel to boot.
lba32 - Describes the hard disk geometry to LILO. Another common entry here is linear. You should not change
this line unless you are very aware of what you are doing. Otherwise, you could put your system in an unbootable
state.
default=linux - Refers to the default operating system for LILO to boot as seen in the options listed below
this line. The name linux refers to the label line below in each of the boot options.
image=/boot/vmlinuz-2.4.0-0.43.6 - Specifies which Linux kernel to boot with this particular boot option.
label=linux - Names the operating system option in the LILO screen. In this case, it is also the name referred
to by the default line.
initrd=/boot/initrd-2.4.0-0.43.6.img - Refers to the initial ram disk image that is used at boot time to
actually initialize and start the devices that makes booting the kernel possible. The initial ram disk is a collection of
machine-specific drivers necessary to operate a SCSI card, hard drive, or any other device needed to load the
kernel. You should never try to share initial ram disks between machines.
read-only - Specifies that the root partition (see the root line below) is read-only and cannot be altered during
the boot process.
root=/dev/hda5 - Specifies which disk partition to use as the root partition.
other=/dev/hda1- Specifies the partition containing DOS.

Linux Administration - Linux Boot Process Page 24 of 167
5. Linux Boot Process

An important and powerful aspect of Red Hat Linux is the open, user-configurable method it uses for starting the
operating system. Users are free to configure many aspects of the boot process, including specifying the
programs launched at boot-time. Similarly, system shutdown gracefully terminates processes in an organized and
configurable way, although customization of this process is rarely required.
Understanding how the boot and shutdown processes work not only allows customization of Red Hat Linux, but
also makes it easier to troubleshoot problems related to starting or shutting down the system.
The Boot Process
Below are the basic stages of the boot process for an x86 system:
1. The system BIOS checks the system and launches the first stage boot loader on the MBR of the primary hard
disk.
2. The first stage boot loader loads itself into memory and launches the second stage boot loader from the /boot/
partition.
3. The second stage boot loader loads the kernel into memory, which in turn loads any necessary modules and
mounts the root partition read-only.
4. The kernel transfers control of the boot process to the /sbin/init program.
5. The /sbin/init program loads all services and user-space tools, and mounts all partitions listed in /etc/fstab.
6. The user is presented with a login prompt for the freshly booted Linux system.
7. Because configuration of the boot process is more common than the customization of the shutdown process.
A Detailed Look at the Boot Process
The beginning of the boot process varies depending on the hardware platform being used. However, once the
kernel is found and loaded by the boot loader, the default boot process is identical across all architectures.
The BIOS
When an x86 computer is booted, the processor looks at the end of system memory for the Basic Input/Output
System or BIOS program and runs it. The BIOS controls not only the first step of the boot process, but also
provides the lowest level interface to peripheral devices. For this reason it is written into read-only, permanent
memory and is always available for use.
Other platforms use different programs to perform low-level tasks roughly equivalent to those of the BIOS on an
x86 system. For instance, Itanium-based computers use the Extensible Firmware Interface (EFI) Shell, while
Alpha systems use the SRM console.
Once loaded, the BIOS tests the system, looks for and checks peripherals, and then locates a valid device with
which to boot the system. Usually, it checks any diskette drives and CD-ROM drives present for bootable media,
then, failing that, looks to the system's hard drives.
5.1 Init, and Shutdown

order of the drives searched while booting is controlled with a setting in BIOS, and it looks on the master IDE
device on the primary IDE bus. The BIOS then loads into memory whatever program is residing in the first sector
of this device, called the Master Boot Record or MBR. The MBR is only 512 bytes in size and contains machine
code instructions for booting the machine, called a boot loader, along with the partition table. Once the BIOS finds
and loads the boot loader program into memory, it yields control of the boot process to it.
5.1.1 Linux Run levels

Mode/Run Level Directory Run Level Description

0 /etc/rc.d/rc0.d Halt
1 /etc/rc.d/rc0.d Single-user mode
2 /etc/rc.d/rc0.d Not used (user-definable)
3 /etc/rc.d/rc0.d Full multi-user mode (No GUI)
4 /etc/rc.d/rc0.d Not used (user-definable)
5 /etc/rc.d/rc0.d Full multi-user mode (With GUI)
6 Reboot
The Boot Loader

Once the second stage boot loader is in memory, it presents the user with the Red Hat Linux initial, graphical
screen showing the different operating systems or kernels it has been configured to boot. On this screen a user
can use the arrow keys to choose which operating system or kernel they wish to boot and press [Enter]. If no key
is pressed, the boot loader will load the default selection after a configurable period of time has passed.
Note: If Symmetric Multi-Processor (SMP) kernel support is installed, there will be more than one option present
the first time the system is booted. In this situation, LILO will display linux, which is the SMP kernel, and linux-up,
which is for single processors. GRUB displays Red Hat Linux (kernelversion-smp), which is the SMP kernel, and
Red Hat Linux (kernel-version), which is for single processors.
If any problems occur using the SMP kernel, try selecting the non-SMP kernel upon rebooting.
Once the second stage boot loader has determined which kernel to boot, it locates the corresponding kernel
binary in the /boot/ directory. The kernel binary is named using the following format
/boot/vmlinuz-kernel-version (where kernel-version corresponds to the kernel Version specified in the
boot loader's settings).
The boot loader then places the appropriate initial RAM disk image, called an initrd, into memory. The kernel to
load drivers necessary to boot the system uses the initrd. This is particularly important if SCSI hard drives are
present or if the systems use the ext3 file system.
Warning: Do not remove the /initrd/ directory from the file system for any reason. Removing this directory will
cause the system to fail with a kernel panic error message at boot time.Once the kernel and the initrd image are
loaded into memory, the boot loader hands control of the boot process to the kernel.
Boot Loaders for Other Architectures

Once the Red Hat Linux kernel loads and hands off the boot process to the init command, the same sequence of
events occurs on every architecture. So the main difference between each architecture's boot processes is in the
application used to find and load the kernel.
For example, the Alpha architecture uses the aboot boot loader, while the Itanium architecture uses the LILO boot
loader.
The Kernel
When the kernel is loaded, it immediately initializes and configures the computer's memory and configures the
various hardware attached to the system, including all processors, I/O subsystems, and storage devices. It then
looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and
loads all necessary drivers. Next, it initializes virtual devices related to the file system, such as LVM or software
RAID before unmounting the initrd disk image and freeing up all the memory the disk image once occupied.
The kernel then creates a root device, mounts the root partition read-only, and frees any unused memory. At this
point, the kernel is loaded into memory and operational. However, since there are no user applications that allow
meaningful input to the system, not much can be done with it. In order to set up the user environment, the kernel
executes the /sbin/init program.
5.2 System startup script /etc/rc.d/rc.sysinit

This script does all of the major system setup and initialization. Here is a step-by-step rundown of the process that
occurs when the script is run:

1. Checks for a /etc/sysconfig/network script. If it is there, the system runs it. Otherwise, it turns networking off
and sets your hostname to “localhost.”
2. Executes /etc/rc.d/init.d/functions. This file sets up some basic functions that the rest of the scripts use.
(Example: The boot daemon failure/success messages.)
3. Sets the loglevel.
4. Loads the keymap. If you have specified a default keyman file in /etc/sysconfig/console/default.kmap it will use
that, otherwise it will use /etc/sysconfig/keyboard.
5. Loads the system fonts.
6. Activates all swap partitions specified in the /etc/fstab file.
7. Sets up your hostname and your NIS domain name.
8. Runs fsck to check your filesystem if necessary. If fsck fails, it will drop you to a shell and unmount the drives
so you can work on repairing them.
9. Sets up ISA Plug-and-Play devices.
10. Remounts the root files system as read-write.
11. Checks quotas on the root partition.
All modules will now be loaded. Note that the sound and midi modules will be loaded if there is an alias listed as
sound or midi in the /etc/modules.conf. If your system requires a different module, you may need to edit the
/etc/modules.conf file.
12. Checks for a /etc/raidtab file and loads all raid devices.
13. Checks your file systems with fsck again.
14. Mounts the rest of the file systems listed in the fstab.
15. Turns quota support on if /sbin/quotaon exists and is executable.
16. Sets the system clock. It will run /etc/sysconfig/clock if it exists.
17. Initializes swap space.
18. Initializes serial ports.
19. Loads SCSI tape module if a SCSI tape was detected.
20. Reads the /etc/sysconfig/desktop file for a preferred X11 Display Manager and sets a link file as
/etc/X11/prefdm.
21. Finally it dumps the kernel ring buffer (Boot messages) to /var/log/dmesg.
Important Files:
/var/log/boot.log
/var/log/messages
/var/log/dmesg
System shutdown and rebooting

The "init" command will allow you to change the current runlevel.
Halt / Shutdown The System
[root@skynet tmp]# init 0
Reboot The System

5.2.1 Controlling the boot time services using “chkconfig”

Most RedHat packages place a startup script in the directory /etc/init.d and place symbolic links (pointers) to
this script in the appropriate /etc/rc.d/rc.X directory. The typical home/SOHO user doesn't have to be a scripting /
symbolic linking guru to make sure everything works right because RedHat / RedHat comes with a nifty utility
called "chkconfig" to do it for you.
Use this command to get a full listing of packages listed in /etc/init.d and the runlevels at which they will be "on" or
"off"
[root@skynet tmp]# chkconfig --list
keytable 0:off 1:on 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off
kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off
wlan 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
random 0:off 1:off 2:on 3:on 4:on 5:on 6:off
...
Chkconfig Examples
You can use chkconfig to change runlevels for particular packages. Here we see Sendmail will start with a regular
startup at runlevel 3 or 5. Let's change it so that Sendmail doesn't startup at boot.
Use Chkconfig To Get A Listing Of Sendmail's Current Startup Options
[root@skynet tmp]# chkconfig --list | grep mail
[root@skynet tmp]#
Switch Off Sendmail Starting Up In Levels 3 and 5

[root@skynet tmp]# chkconfig --level 35 sendmail off
Doublecheck That Sendmail Will Not Startup

sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@skynet tmp]#
Turn it back on again
[root@skynet tmp]# chkconfig --level 35 mail on
[root@skynet tmp]#
Note: We can also use the command line tool “setup” to control the services at boot time and GUI tool redhat-
config-services.
5.2.2 The “service” command

After when the system is up and running we can start/stop/restart and see the status of service using “service”
command as follows:
[root@skynet tmp]# service <name of the service> start/stop/restart/status

Eg:To see the status of a service

[root@skynet tmp]#service nfs status
service nfs is running with pid 485….
To stop and start a service
[root@skynet tmp]#service nfs restart
Stoping service nfs [OK]
Starting service nfs [OK]

Linux Administration - File System Page 29 of 167
6. Linux File System

6.1 Ex2 and Ext3 FIlesystem
Ext2
The origins of Ext2 go back to the early days of Linux history. Its predecessor, the Extended File System, was
implemented in April 1992 and integrated in Linux 0.96c. The Extended File System underwent a number of
modifications and, as Ext2, became the most popular Linux file system for years. With the creation of journaling
file systems and their astonishingly short recovery times, Ext2 became less important.
Solidity
Being quite an “old-timer”, Ext2 underwent many improvements and was heavily tested. This may be the reason
why people often refer to it as rock-solid. After a system outage when the file system could not be cleanly
unmounted, e2fsck starts to analyze the file system data. Metadata is brought into a consistent state and pending
files or data blocks are written to a designated directory (called lost+found). In contrast to journaling file systems,
e2fsck analyzes the entire file system and not just the recently modified bits of metadata. This takes significantly
longer than checking the log data of a journaling file system. Depending on file system size, this procedure can
take half an hour or more. Therefore, it is not desirable to choose Ext2 for any server that needs high availability.
Yet, as Ext2 does not maintain a journal and uses significantly less memory, it is sometimes faster than other file
systems.
Easy Upgradability
The code for Ext2 is the strong foundation on which Ext3 could become a highly-acclaimed next-generation file
system. Its reliability and solidity were elegantly combined with the advantages of a journaling file system.
Ext3
Ext3 was designed by Stephen Tweedie. In contrast to all other “next-generation” file systems, Ext3 does not
follow a completely new design principle. It is based on Ext2. These two file systems are very closely related to
each other. An Ext3 file system can be easily built on top of an Ext2 file system. The most important difference
between Ext2 and Ext3 is that Ext3 supports journaling. In summary, Ext3 has three major advantages to offer:
Easy and Highly Reliable Upgrades from Ext2
As Ext3 is based on the Ext2 code and shares its on-disk format as well as its metadata format, upgrades from
Ext2 to Ext3 are incredibly easy. Unlike transitions to other journaling file systems, such as ReiserFS, JFS, or
XFS, which can be quite tedious (making backups of the entire file system and recreating it from scratch), a
transition to Ext3 is a matter of minutes. It is also very safe, as the recreation of an entire file system from scratch
might not work flawlessly. Considering the number of existing Ext2 systems that await an upgrade to a journaling
file system, you can easily figure out why Ext3 might be of some importance to many system administrators.
Downgrading from Ext3 to Ext2 is as easy as the upgrade. Just perform a clean unmount of the Ext3 file system
and remount it as an Ext2 file system.
Reliability and Performance
Other journaling file systems follow the “metadata-only” journaling approach. This means your metadata will
always be kept in a consistent state but the same cannot be automatically guaranteed for the file system data
itself. Ext3 is designed to take care of both metadata and data. The degree of “care” can be customized. Enabling
Ext3 in the data=journal mode offers maximum security (i.e., data integrity), but can slow down the system as
both metadata and data are journaled. A relatively new approach is to use the data=ordered mode, which ensures
both data and metadata integrity, but uses journaling only for metadata. The file system driver collects all data
blocks that correspond to one metadata update. These blocks are grouped as a “transaction” and will be written to
disk before the metadata is updated. As a result, consistency is achieved for metadata and data without
sacrificing performance. A third option to use is data=writeback, which allows data to be written into the main file
system after its metadata has been committed to the journal. This option is often considered the best in
performance. It can, however, allow old data to reappear in files after crash and recovery while internal file system
integrity is maintained. Unless you specify something else, Ext3 is run with the data=ordered default.
Until recently (RedHat 7.1 and earlier), the Ext2 filesystem has been the Linux default. Ext2 is a technological
miracle. Low fragmentation, redundant enough to be reliably regenerated on error yet diskspace efficient, fast,
and adaptable. But when the computer is rebooted or powered off without correctly shutting down, Ext2

filesystems are placed in an error state. When the computer comes back up, the user is confronted with some
mildly confusing, and very intimidating, messages and choices.
Journalized filesystems are made to eliminate such error messages. The Ext3 filesystem is an Ext2 filesystem
with a journal file and some filesystem driver additions making the filesystem journalized.
tune2fs -j command, which is the primary command for converting from Ext2 to Ext3, is safe to run even on
writeable mounted partitions. However, when possible, I run the command on unmounted or read-only mounted
partitions. It might be superstitious, but I feel that is playing it safe. Nevertheless, when confronted with situations
making unmounting difficult, I run the command on writeable mounted partitions.
Note: From RedHat Linux 7.2 onwards Ext3 is used as the default File system.
Converting from Ext2 to Ext3

[root@skynet tmp]# tune2fs -j /dev/hda10
To list the partition information
[root@skynet tmp]#fdisk -l
Disk /dev/hdb: 80.0 GB, 80026361856 bytes
255 heads, 63 sectors/track, 9729 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/hda1 * 1 13 104391 83 Linux
/dev/hda2 14 144 1052257+ 83 Linux
/dev/hda3 145 398 2040255 82 Linux
/dev/hda3 145 398 2040255 82 Linux swap
/dev/hda4 399 913 4136737+ 5 Extended
/dev/hda5 399 844 3582463+ 83 Linux
/dev/hda6 845 913 554211 83 Linux
6.2 Preparing Partitions on Disks

What is a partition?
Partitioning is a means to divide a single hard drive into many logical drives. A partition is a contiguous set of
blocks on a drive that are treated as an independent disk. A partition table is an index that relates sections of the
hard drive to partitions.
Constraints
Partitions must not overlap. This will cause data corruption.
There should not be any gap between adjacent partitions. While this is not harmful, you are wasting
precious disk space by leaving space between partitions.
Partitions cannot be moved but they can be resized and copied using special software.
6.2.1 Device Naming Convention

By convention, IDE drives will be given device names /dev/hda to /dev/hdd. Hard Drive A(/dev/hda) is the first
drive and Hard Drive C /dev/hdc) is the third.
IDE controller naming convention
drive name drive controller drive number
/dev/hda 1 1
/dev/hdb 1 2
/dev/hdc 2 1

/dev/hdd 2 2
A typical PC has two IDE controllers, each of which can have two drives connected to it. For example, /dev/hda is
the first drive (master) on the first IDE controller and /dev/hdd is the second (slave) drive on the second controller
(the fourth IDE drive in the computer).
SCSI drives follow a similar pattern; they are represented by 'sd' instead of 'hd'. The first partition of the second
SCSI drive would therefore be /dev/sdb1. In the table above, the drive number is arbitraily chosen to be 6 to
introduce the idea that SCSI ID numbers do not map onto device names under linux.
Table 4. SCSI Drives

drive name drive controller drive number partition type partition number
/dev/sda1 1 6 primary 1
6.2.3 Adding a New Partition

1. The first Linux step in adding a new disk is to partition it in preparation of adding a filesystem to it. This is done
with the fdisk command followed by the name of the disk. In our case we want to run fdisk on the /dev/hdb disk.
[root@skynet tmp]# fdisk /dev/hdb
The number of cylinders for this disk is set to 9729. There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) Software that runs at boot time (e.g., old versions of LILO)
2) Booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
2. Just to make sure we're on the correct device, issue the "p" command to print all the known partitions on the
disk. In this case there are none which is good.
Command (m for help): p
3. The fdisk "m" command will give you a print a small help manual of valid commands. You will see that "n" is the
command to add a new partition. We'll add a new primary partition, number "1" and use the defaults to make the
partition occupy the entire disk.
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-9729, default 1):<RETURN>
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-9729, default 9729):
4. The print command will now show that you have successfully created the partition.

/dev/hdb1 1 9726 78148161 83 Linux
5. Changes won't be made to the disk's partition table until you use the "w" command to "write", or save the
changes. When finished, the "q" command will allow you to exit.
Command (m for help): w
Command (m for help): q
6.2.2 Verify the New Partition

[root@skynet tmp]#fdisk -l /dev/hdb
Now create the File system mke2fs
[root@skynet tmp]#mke2fs /dev/hdb1
6.3 Managing Swap Space

Swap space is a generic term for disk storage used to increase the amount of apparent memory available on the
system. Under Linux, swap space is used to implement paging, a process whereby memory pages (a page is
4096 bytes on Intel systems; this value can differ on other architectures) are written out to disk when physical
memory is low and read back into physical memory when needed. The process by which paging works is rather
involved, but it is optimized for certain cases. The virtual memory subsystem under Linux allows memory pages to
be shared between running programs.
6.3.1 Creating Swap Space

The first step in adding additional swap is to create a file or partition to host the swap area. If you wish to
create an additional swap partition, you can create the partition using the fdisk utility, as described above.
To create a swap file, you'll need to open a file and write bytes to it equaling the amount of swap you wish to add.
One easy way to do this is with the dd command. For example, to create an 8-MB swap file, you can use the
command:
dd if=/dev/zero of=/swap bs=1024 count=8192
This will write 8192 blocks (8 MB) of data from /dev/zero to the file/swap. (/dev/zerois a special device in which
read operations always return null bytes. It's something like the inverse of/dev/null.) After creating a file of this
size, it's a good idea to use the sync command to sync the filesystems in case of a system crash.
Use the mkswap command to "format" the swap area. For example, for the swap file created in the previous
example, you would use the command:
mkswap -c /swap 8192
If the swap area is a partition, you would substitute the name of the partition (such as /dev/hda3) and the size of
the partition, also in blocks.
mkswap –c /dev/hda3
Enabling the Swap Space

In order for the new swap space to be utilized, you must enable it with the swapon command. For example, after
creating the previous swap file and running mkswap and sync, we could use the command:
swapon /swap
If you are using a new swap partition, you can enable it with a command such as:
swapon /dev/hda3

Add the entirs /etc/fstab file so that swap gets enabled each time we booting the systemcontains the entries:
# device directory type options fsck options
/dev/hda3 none swap sw 0 0
/swap swap swap defaults 0 0
Disabling Swap Space

As is usually the case, undoing a task is easier than doing it. To disable swap space, simply use the command:
swapoff <device>
swapoff /dev/hda3
(or)
swapoff /swap
To list swap details use:
free
or
swapon -s

Linux Administration - Linux File System Hiierarchy (FHS) Page 34 of 167
7. Overview of Linux File System Hierarchy Standard (FHS)

Red Hat is committed to the Filesystem Hierarchy Standard (FHS), a collaborative document that defines the
names and locations of many files and directories.
The FHS document is the authoritative reference to any FHS-compliant file system, but the standard leaves many
areas undefined or extensible. This section is an overview of the standard and a description of the parts of the file
system not covered by the standard.
Compliance with the standard means many things, but the two most important are compatibility with other
compliant systems and the ability to mount a /usr/ partition as read-only because it contains common
executables and should not be changed by users. Since the /usr/ directory is mounted read-only, it can be
mounted from the CD-ROM or from another machine via a read-only NFS mount.
7.1 FHS Organization

The directories and files noted here are small subsets of those specified by the FHS document. Refer to the latest
FHS document for the most complete information.
The /dev/ Directory

The /dev/ directory contains file system entries which represent devices that are attached to the system. These
files are essential for the system to function properly.
The /etc/ Directory

The /etc/ directory is reserved for configuration files that are local to the machine. No binaries are to be put in
/etc/. Any binaries that were once located in /etc/ should be placed into /sbin/ or possibly /bin/.
The X11/ and skel/ directories are subdirectories of the /etc/ directory:
/etc
|- X11/
|- skel/
The /etc/X11/ directory is for X11 configuration files such as XF86Config. The /etc/skel/ directory is for
"skeleton" user files, which are used to populate a home directory when a user is first created.
The /lib/ Directory

The /lib/ directory should contain only those libraries that are needed to execute the binaries in /bin/ and
/sbin/. These shared library images are particularly important for booting the system and executing commands
within the root file system.
The /mnt/ Directory

The /mnt/ directory is for temporarily mounted file systems, such as CD-ROMs and fioppy disks.
The /opt/ Directory

The /opt/ directory provides storage for large, static application software packages. A package placing files in
the /opt/ directory creates a directory bearing the same name as the package. This directory in turn holds files
that otherwise would be scattered throughout the file system, giving the system administrator an easy way to
determine the role of each file within a particular package.
For example, if sample is the name of a particular software package located within the /opt/ directory, then all
of its files could be placed within directories inside the /opt/sample/ directory, such as /opt/sample/bin/
for binaries and /opt/sample/man/ for manual pages.

Large packages that encompass many different sub-packages, each of which accomplish a particular task, also
go within the /opt/ directory, giving that large package a standardized way to organize itself. In this way, our
sample package may have different tools that each go in their own subdirectories, such as
/opt/sample/tool1/ and /opt/sample/tool2/, each of which can have their own bin/, man/, and other
similar directories.
The /proc/ Directory

The /proc/ directory contains special files that either extract information from or send information to the kernel.
Due to the great variety of data available within /proc/ and the many ways this directory can be used to
communicate with the kernel, an entire chapter has been devoted to the subject.
The /sbin/ Directory

The /sbin/ directory is for executables used only by the root user. The executables in /sbin/ are only used
to boot and mount /usr/ and perform system recovery operations. The FHS says:
"/sbin typically contains files essential for booting the system in addition to the binaries in /bin. Anything
executed after /usr is known to be mounted (when there are no problems) should be placed in /usr/sbin.
Local-only system administration binaries should be placed into /usr/local/sbin."
At a minimum, the following programs should be in /sbin/:
arp, clock,
getty, halt,
init, fdisk,
fsck.*, grub,
ifconfig, lilo,
mkfs.*, mkswap,
reboot, route,
shutdown, swapoff,
swapon, update
The /usr/ Directory

The /usr/ directory is for files that can be shared across a whole site. The /usr/ directory usually has its own
partition, and it should be mountable read-only. At minimum, the following directories should be subdirectories of
/usr/:
/usr
|- bin/
|- dict/
|- doc/
|- etc/
|- games/
|- include/
|- kerberos/
|- lib/
|- libexec/
|- local/
|- sbin/
|- share/
|- src/
|- tmp -> ../var/tmp/
|- X11R6/
The bin/ directory contains executables, dict/ contains non-FHS compliant documentation pages, etc/
contains system-wide configuration files, games is for games, include/ contains C header files, kerberos/
contains binaries and much more for Kerberos, and lib/ contains object files and libraries that are not designed
to be directly utilized by users or shell scripts. The libexec/ directory contains small helper programs called by
other programs, sbin/ is for system administration binaries (those that do not belong in the /sbin/ directory),
share/ contains files that are not architecture specific, src/ is for source code, and X11R6/ is for the X Window
System (XFree86 on Red Hat Linux).
The /usr/local/ Directory

The FHS says: "The /usr/local hierarchy is for use by the system administrator when installing software
locally. It needs to be safe from being overwritten when the system software is updated. It may be used for
programs and data that are shareable among a group of hosts, but not found in /usr."
The /usr/local/ directory is similar in structure to the /usr/ directory. It has the following subdirectories,
which are similar in purpose to those in the /usr/ directory:
/usr/local
|- bin/
|- doc/
|- etc/
|- games/
|- include/
|- lib/
|- libexec/
|- sbin/
|- share/
|- src/
The /var/ Directory

Since the FHS requires Linux to mount /usr/ read-only, any programs that write log files or need spool/ or
lock/ directories should write them to the /var/ directory. The FHS states /var/ is for: "...variable data files.
This includes spool directories and files, administrative and logging data, and transient and temporary files."
Below are some of the directories which should be subdirectories of the /var/ directory:
/var
|- account/
|- arpwatch/
|- cache/
|- crash/
|- db/
|- empty/
|- ftp/
|- gdm/
|- kerberos/
|- lib/
|- local/
|- lock/
|- log/
|- mail -> spool/mail/
|- mailman/
|- named/
|- nis/
|- opt/
|- preserve/
|- run/
|- spool/
|- anacron/
|- at/
|- cron/
|- lpd/
|- mail/
|- mqueue/
|- rwho/
|- samba/
|- squid/
|- tmp/
|- yp/

System log files such as messages/ and lastlog/ go in the /var/log/ directory. The /var/lib/rpm/
directory also contains the RPM system databases. Lock files go in the /var/lock/ directory, usually in
directories particular for the program using the file. The /var/spool/ directory has subdirectories for various
systems that need to store data files.
7.1.2. /usr/local/ in Red Hat Linux

In Red Hat Linux, the intended use for the /usr/local/ directory is slightly different from that specified by the
FHS. The FHS says that /usr/local/ should be where software that is to remain safe from system software
upgrades is stored. Since system upgrades from under Red Hat Linux performed safely with the rpm command
and graphical Package Management Tool application, it is not necessary to protect files by putting them in
/usr/local/. Instead, the /usr/local/ directory is used for software that is local to the machine.
For instance, if the /usr/ directory is mounted as a read-only NFS share from a remote host, it is still possible to
install a package or program under the /usr/local/ directory.
7.2. Special File Locations

Red Hat Linux extends the FHS structure slightly to accommodate special files. Most files pertaining to the Red
Hat Package Manager (RPM) are kept in the /var/lib/rpm/ directory.
The /var/spool/up2date/ directory contains files used by Red Hat Update Agent, including RPM header
information for the system. This location may also be used to temporarily store RPMs downloaded while updating
the system.
Another location specific to Red Hat Linux is the /etc/sysconfig/ directory. This directory stores a variety of
configuration information. Many scripts that run at boot time use the files in this directory.
Finally, one more directory worth noting is the /initrd/ directory. It is empty, but is used as a critical mount
point during the boot process.
The sysconfig Directory
The /etc/sysconfig/ directory is where a variety of system configuration files for Red Hat Linux are stored. Here we
will outline some of the files found in the /etc/sysconfig/ directory. The information here is not intended to be
complete, as many of these files have a variety of options that are only used in very specific or rare
circumstances.
7.3 Files in the /etc/sysconfig/ Directory

The following files are normally found in the /etc/sysconfig/ directory:
|- amd
|- apmd
|- arpwatch
|- authconfig
|- cipe
|- clock
|- desktop
|- dhcpd
|- firstboot
|- gpm
|- harddisks
|- hwconf
|- i18n
|- identd
|- init
|- ipchains
|- iptables
|- irda
|- keyboard
|- kudzu
|- mouse

|- named
|- netdump
|- network
|- ntpd
|- pcmcia
|- radvd
|- rawdevices
|- redhat-config-securitylevel
|- redhat-config-users
|- redhat-logviewer
|- samba
|- sendmail
|- soundcard
|- spamassassin
|- squid
|- tux
|- ups
|- vncservers
|- xinetd
Note: If some of the files listed are not present in the /etc/sysconfig/ directory, then the corresponding
program may not be installed.

Linux Administration - Desktop Environments Page 39 of 167
8. Linux Desktop Enviornments

A desktop environment (or window manager) is the graphic environment that you use to interface with your
computer. One of the most common "desktop environments" is the explorer interface on Microsoft Windows,
where you have a start menu, desktop icons, etc. Within Linux each desktop environment has its own interface,
as well as system menu, login managers and developer tools. One advantage you have with Linux is that you
have a choice on what desktop environment you use.
Today, there are two major desktop environments that populate the majority of Linux desktop installations,
GNOME and KDE. There are other Window managers available, but unless you run Linux on older hardware,
GNOME and KDE are by far the most popular desktop environments available.
8.1 GNOME
Fedora Linux is the only distribution here to include the latest 2.6 series of the GNOME Desktop. The biggest
change from the 2.4 series to the 2.6 series is that nautilus uses a "spatial" interface instead of the standard
browser type interface. The good news is that the "spatial" interface speeds up nautilus. It is reminiscent of the
way older Microsoft Windows Explorers would always "open in new window" by default. Maybe if it could be
configured to use the same window I would like it, but I guess that is what makes it "spatial"
.
Fedora's default GNOME Desktop
Overall Fedora and RedHat’s implementation of GNOME seems relatively stable, but not as stable as the 2.4
series. The interface is "themed" away from the default GNOME look into a theme that is called BlueCurve. The
BlueCurve look is a nice looking theme that includes new Window Decorations, Colors and Icons. The desktop is
also rearranged from the default GNOME look, you no longer have the top panel, and the bottom panel is overly
large for GNOME. If you remember how GNOME 1.x series looked, this is very similar.
Mandrake utilizes a very standard GNOME 2.4 series desktop. The only real change is the inclusion of a new
theme called Galaxy, and a customized "start menu" to allow organized access to applications across the different
Desktop Environments.

Mandrake's default GNOME Desktop

Suse Linux also includes the GNOME 2.4 series desktop. Unlike Mandrake though, it is somewhat customized,
but in such a way that you don't notice it right away. Most of the customizations come from Ximian's work on the
GNOME desktop, which makes sense because Novell also acquired Ximian as well as Suse.
The biggest change is the inclusion of Ximian's patches to GTK. Because of the this, most of the dialog boxes are
tweaked a little allowing for a better user experience. There are also small changes, such as Ximian's Industrial
theme being the default look.

Suse's default GNOME Desktop
8.2 KDE
RedHat’s Linux's implementation of KDE strays drastically from the default KDE desktop from KDE.org. The
desktop is themed in such a way to look exactly like Fedora's GNOME desktop. Unfortunately in its default state,
the desktop is extremely not user friendly. An example is there is no easy way to open a file manager on the
Desktop, Taskbar or Menus. The only way to open a file manager is to go through the menus and find the
Konqueror web browser and once the program launches, you must hit the home icon which will bring you to the
home directory. I guess if you didn't know that Konqueror also doubles as a file manager you would be out of luck
when it came to a file manager.
If you prefer the default KDE desktop from KDE.org, it is nearly impossible to get there with Fedora's
implementation. Fedora really needs a nice wizard on startup that would ask you which theme to use for KDE, the
Bluecurve (Fedora's) theme or the default KDE theme.

Fedora's default KDE Desktop
Mandrake's KDE desktop is very clean, but generic looking. Mandrake's changes mostly just include a
customized "start menu", the Galaxy theme and various other settings that are changed from a default KDE
installation, such as double-clicking to launch a file instead of a single click.
Mandrake's default KDE Desktop

Suse's KDE desktop is the most polished of these three distributions. It is also the desktop that is the most similar
to a default KDE desktop from KDE.org.

Suse's default KDE Desktop

Suse's changes includes a customized "start menu", as well as customized applets, such as applets for hardware
control, the dialup Internet Connection and Power Management applets.

Linux Administration – Account Management Page 44 of 167
9. Linux Accout Management

9.1 Managing User Accounts
Managing user accounts and groups is an essential part of system administration within an organization. But to do
this effectively, a good system administrator must first understand what user accounts and groups are and how
they work.
The primary reason for user accounts is to verify the identity of each individual using a computer system. A
secondary (but still important) reason for user accounts is to permit the per-individual tailoring of resources and
access privileges.
Resources can include files, directories, and devices. Controlling access to these resources is a large part of a
system administrator's daily routine; often the access to a resource is controlled by groups. Groups are logical
constructs that can be used to cluster user accounts together for a common purpose. For example, if an
organization has multiple system administrators, they can all be placed in one system administrator group. The
group can then be given permission to access key system resources. In this way, groups can be a powerful tool
for managing resources and access
Who Is The Super User?
The super user with unrestricted access to all system resources and files is the user named "root". You will need
to log in as user root to add new users to your Linux box
9.1.2 Passwds
In more formal terms, a password provides a means of proving the authenticity of a person's claim to be the user
indicated by the username. The effectiveness of a password-based authentication scheme relies heavily on
several aspects of the password:
The secrecy of the password
The resistance of the password to guessing
The resistance of the password to a brute-force attack
Weak Passwords
Weak password fails one of these three tests:
It is secret
It is resistant to being guessed
It is resistant to a brute-force attack
Password Aging
Password aging is a feature (available in many operating systems) that sets limits on the time that a given
password is considered valid. At the end of a password's lifetime, the user is prompted to enter a new password,
which can then be used until, it too, expires.
The key question regarding password aging that many system administrators face is that of the password lifetime.
What should it be?
There are two diametrically-opposed issues at work with respect to password lifetime:
User convenience
Security
On one extreme, a password lifetime of 99 years would present very little (if any) user inconvenience. However, it
would provide very little (if any) security enhancement.
9.1.3 Files Controlling User Accounts and Groups

The following section documents the files in the /etc/ directory that store user and group information under Red
Hat Linux.
/etc/passwd
The /etc/passwd file is world-readable and contains a list of users, each on a separate line. On each line is a
colon delimited list containing the following information:
Username — The name the user types when logging into the system.
Password — Contains the encrypted password (or an x if shadow passwords are being used — more on this
later).
User ID (UID) — The numerical equivalent of the username which is referenced by the system and
applications when determining access privileges.
Group ID (GID) — The numerical equivalent of the primary group name which is referenced by the system
and applications when determining access privileges.
GECOS — Named for historical reasons, the GECOS field is optional and is used to store extra information (such
as the user's full name). Multiple entries can be stored here in a comma delimited list. Utilities such as finger
access this field to provide additional user information.
Note: GECOS stands for General Electric Comprehensive Operating Supervisor
Home directory — The absolute path to the user's home directory, such as /home/juan/.
Shell — The program automatically launched whenever a user logs in. This is usually a command interpreter
(often called a shell). Under Red Hat Linux, the default value is /bin/bash. If this field is left blank, /bin/sh is
used. If it is set to a non-existent file, then the user will be unable to log into the system.
Here is an example of a /etc/passwd entry:

root:x:0:0:root:/root:/bin/bash
This line shows that the root user has a shadow password, as well as a UID and GID of 0. The root user has /root/
as a home directory, and uses /bin/bash for a shell.
For more information about /etc/passwd, see the passwd(5) man page
/etc/shadow
The /etc/shadow file is readable only by the root user and contains password (and optional password aging
information) for each user. As in the /etc/passwd file, each user's information is on a separate line. Each of
these lines is a colon delimited list including the following information:
Username — The name the user types when logging into the system. This allows the login application to retrieve
the user's password (and related information).
Encrypted password — The 13 to 24 character password. The password is encrypted using either the crypt(3)
library function or the md5 hash algorithm. In this field, values other than a validly-formatted encrypted or hashed
password are used to control user logins and to show the password status. For example, if the value is ! or *, the
account is locked and the user is not allowed to log in. If the value is !! a password has never been set before
(and the user, not having set a password, will not be able to log in).
Date password last changed — The number of days since January 1, 1970 (also called the epoch) that the
password was last changed. This information is used in conjunction with the password aging fields that follow.
Number of days before password can be changed — The minimum number of days that must pass
before the password can be changed.
Number of days before a password change is required — The number of days that must pass before the
password must be changed.
Number of days warning before password change — The number of days before password expiration
during which the user is warned of the impending expiration.
Number of days before the account is disabled — The number of days after a password expires
before the account will be disabled.

Date since the account has been disabled — The date (stored as the number of days since the
epoch) since the user account has been disabled.
A reserved field — A field that is ignored in Red Hat Linux.
Here is an example line from /etc/shadow:
juan:$1$.QKDPc5E$SWlkjRWexrXYgc98F.:12825:0:90:5:30:13096:
This line shows the following information for user juan:
The password was last changed February 11, 2005
There is no minimum amount of time required before the password can be changed
The password must be changed every 90 days
The user will get a warning five days before the password must be changed
The account will be disabled 30 days after the password expires if no login attempt is made
The account will expire on November 9,2005
For more information on the /etc/shadow file, see the shadow (5) man page.
/etc/group
The /etc/group file is world-readable and contains a list of groups, each on a separate line. Each line is a four
field, colon delimited list including the following information:
Group name — The name of the group. Used by various utility programs as a human-readable identifier for the
group.
Group password — If set, this allows users that are not part of the group to join the group by using the newgrp
command and typing the password stored here. If a lower case x is in this field, then shadow group passwords
are being used.
Group ID (GID) — The numerical equivalent of the group name. It is used by the operating system and
applications when determining access privileges.
Member list — A comma delimited list of the users belonging to the group.
Here is an example line from /etc/group:
general:x:502:juan,shelley,bob
This line shows that the general group is using shadow passwords, has a GID of 502, and that juan, shelley, and
bob are members.
For more information on /etc/group, see the group(5) man page.
/etc/gshadow
The /etc/gshadow file is readable only by the root user and contains an encrypted password for each group, as
well as group membership and administrator information. Just as in the /etc/group file, each group's
information is on a separate line. Each of these lines is a colon delimited list including the following information:
Group name — The name of the group. Used by various utility programs as a human-readable identifier for the
group.
Encrypted password — The encrypted password for the group. If set, non-members of the group can join the
group by typing the password for that group using the newgrp command. If the value of this field is !, then no user
is allowed to access the group using the newgrp command. A value of !! is treated the same as a value of ! —
however, it also indicates that a password has never been set before. If the value is null, only group members can
log into the group.
Group administrators — Group members listed here (in a comma delimited list) can add or remove group
members using the gpasswd command.
Group members — Group members listed here (in a comma delimited list) are regular, non-administrative
members of the group.
Here is an example line from /etc/gshadow:

general:!!:shelley:juan,bob
This line shows that the general group has no password and does not allow non-members to join using the
newgrp command. In addition, shelley is a group administrator, and juan and bob are regular, non-administrative
members.
9.2 User Management Commands

The following table describes some of the more common command line tools used to create and manage user
accounts and groups:
Application Function
/usr/sbin/useradd Adds user accounts. This tool is also used to specify primary and secondary group
membership.
/usr/sbin/userdel Deletes user accounts.
/usr/sbin/usermod Edits account attributes including some functions related to password aging. For more
fine-grained control, use the passwd command. usermod is also used to specify
primary and secondary group membership.
passwd Sets passwords. Although primarily used to change a user's password, it also controls
all aspects of password aging.
/usr/sbin/chpasswd Reads in a file consisting of username and password pairs, and updates each users'
password accordingly.
chage Changes the user's password aging policies. The passwd command can also be used
for this purpose.
Chfn Changes the user's GECOS information.
chsh Changes the user's default shell
/usr/sbin/groupadd Adds groups, but does not assign users to those groups. The useradd and usermod
programs should then be used to assign users to a given group.
/usr/sbin/groupdel Deletes groups.
/usr/sbin/groupmod Modifies group names or GIDs, but does not change group membership. The useradd
and usermod programs should be used to assign users to a given group.
gpasswd Changes group membership and sets passwords to allow non-group members who
know the group password to join the group. It is also used to specify group
administrators.
/usr/sbin/grpck Checks the integrity of the /etc/group and /etc/gshadow files.
File Permission Applications

File permissions are an integral part of managing resources within an organization. The following table describes
some of the more common command line tools used for this purpose.
Application Function
chgrp Changes which group owns a given file.
chmod Changes access permissions for a given file. It is also capable of assigning special
permissions.
chown Changes a file's ownership (and can also change group).

Home Directories
Another issue facing system administrators is whether or not users should have centrally-stored home directories.
The primary advantage of centralizing home directories on a network-attached server is that if a user logs into any
machine on the network, they will be able to access the files in their home directory.
The disadvantage is that if the network goes down, users across the entire organization will be unable to get to
their files. In some situations (such as organizations that make widespread use of laptops), having centralized
home directories may not be desirable. But if it makes sense for your organization, deploying centralized home
directories can make a system administrator's life much easier.
Adding Users
Adding users takes some planning, read through the steps below before starting:
Arrange your list of users into groups by function. In this example there are three groups "marketing", "production"
and "accounts".
Marketing Production Accounts
Paul Alice Accounts
Jane Derek Sales
Add the Linux groups to your server:
[root@skynet tmp]# groupadd marketing
[root@skynet tmp]# groupadd production
[root@skynet tmp]# groupadd accounts
Add the Linux users, assign them to their respective groups
[root@skynet tmp]# useradd -g marketing paul
[root@skynet tmp]# useradd -g marketing jane
[root@skynet tmp]# useradd -g production derek
[root@skynet tmp]# useradd -g production alice
[root@skynet tmp]# useradd -g accounts accounts
[root@skynet tmp]# useradd -g accounts sales
If you don't specify the group with the "-g", RedHat / RedHat Linux will create a group with the same name as the
user you just created. When each new user first logs in, they will be prompted for their new permanent password.
Note: The /etc/login.defs file contains useradd command defaults for user aging, home directory and
password policy.
Each user's personal directory will be placed in the /home directory. The directory name will be the same as their
user name.
[root@skynet tmp]# ll /home
drwxr-xr-x 2 root root 12288 Jul 24 20:04 lost+found
drwx------ 2 accounts accounts 1024 Jul 24 20:33 accounts
drwx------ 2 alice production 1024 Jul 24 20:33 alice
drwx------ 2 derek production 1024 Jul 24 20:33 derek
drwx------ 2 jane marketing 1024 Jul 24 20:33 jane
drwx------ 2 paul marketing 1024 Jul 24 20:33 paul
drwx------ 2 sales accounts 1024 Jul 24 20:33 sales
Changing Passwords
You'll need to create passwords for each account. This is done with the "passwd" command. You will be
prompted once for your old password and twice for the new one.
User "root" changing the password for user "paul"
[root@skynet root]# passwd paul
Changing password for user paul.
New password:
Retype new password:

passwd: all authentication tokens updated successfully.

[root@skynet root]#
Users may wish to change their passwords at a future date. Here is how unprivileged user "paul" would change
his own password.
[paul@skynet paul]$ passwd
Changing password for paul
Old password: your current password
Enter the new password (minimum of 5, maximum of 8 characters)
Please use a combination of upper and lower case letters and numbers.
New password: your new password
Re-enter new password: your new password
Password changed.
Delete Users
The userdel command is used. The "-r" flag removes all the contents of the user's home directory
[root@skynet tmp]# userdel -r paul
How to Tell the groups to which a user belongs? Use the "groups" command with the username as the argument
[root@skynet root]# groups paul
paul : marketing
[root@skynet root]#
Setup User Aging

[root@skynet root]#chage –l paul
[root@skynet root]#chage –I 5 –m 10 –M 20 –W 15 –E 06/23/05
[root@skynet root]#chage –l paul
Here in the above example: -I is number of days a user can remain inactive
-m minimum no. of days before a user can change his password from the current day.
-M Maximum no. of days a user can keep his password from the current day.
-W will receive a warning to change his/her password from the current day
-E password expiry date i.e June 23rd 2005
Important Files
/etc/passwd, /etc/shadow
/etc/login.defs
/etc/skel, /etc/bashrc, /etc/profile
9.3 Setting Up Quotas

9.3.1 Understanding Disk Quotas
Quotas are used to limit a user's or a group of users' ability to consume disk space. This prevents a small group
of users from monopolizing disk capacity and potentially interfering with other users or the entire system. Disk
quotas are often used by ISPs, Web Hosting companies, on FTP sites, or on corporate file servers to ensure
continued availability of their systems. Users can compromise availability by uploading files to the point of filling a
file system (by default, there is nothing stopping this from happening). Once the file system is full, other users are
effectively denied upload access to the disk (a denial of service). If the file system that fills is the root file system
(/), this could also result in system instability or even a crash.
There are two limitations you can set up to manage disk consumption. You can limit the number of inodes a user
may have, and you can also limit the number of disk blocks a user's files may consume. Linux uses one inode for
each file a user has on a file system. Setting a maximum on the number of inodes a user may consume prevents

a user from creating an excessive number of files. By limiting the number of disk blocks a user may consume, you
limit the total amount of storage a user may have regardless of how many files they may have (i.e., either a small
number of large files, or a large number of small files).
We can use the following commands and their associated man pages:
quotaon /fs Enables quotas for the /fs file system.
quotaoff Disables quota tracking.
edquota name Edits the quota settings for user name. Can also be used to set defaults.
quota Allows users to see their current resource consumption and limits.
repquota Generates a report of disk consumption by all users for a quota-enabled file system.
quotacheck Scans a file system
9.3.2 Settingup and configuring the Quotas

Enter Single User Mode As we'll need to remount the /home filesystem it's best to ensure that no other users or
processes are using it. This is best achieved by entering single user mode from the console. This may be
unnecessary if you are certain that you're the only user on the system.
Entering single user mode will automatically log off all users and stop cron jobs. It is best to do this after hours in
a business environment. Here is a quick procedure to do this:
1. Use the "who" command to see who's logged in. If there are any, besides yourself, send a message informing
them that the system is about to shutdown with the "wall" command.
[root@skynet tmp]# who
root pts/0 Nov 6 14:46 (192-168-1-242.my-site.com)
bob pts/0 Nov 6 12:01 (192-168-1-248.my-site.com)
bunny pts/0 Nov 6 16:25 (192-168-1-250.my-site.com)
[root@skynet tmp]# wall The system is shutting down now!
Broadcast message from root (pts/0) (Sun Nov 7 15:04:27 2004):
The system is shutting down now!
2. The next step is to log into the VGA console and enter single user mode.
Edit your /etc/fstab File
The /etc/fstab file lists all the partitions that need to be auto-mounted when the system boots. You have to alert
Linux that quotas are enabled on the filesystem by editing the /etc/fstab file and modifying the options for the
/home directory. You'll need to add the usrquota option. In case you forget the name, the usrquota option is
mentioned in the fstab man pages.
Old fstab
LABEL=/home /home ext3 defaults 1 2
New fstab
LABEL=/home /home ext3 defaults,usrquota 1 2
Remount The Filesystem

Editing the /etc/fstab file isn't enough, Linux needs to reread the file to get its instructions for /home. This can
be done using the mount command with the "-o remount" qualifier.
[root@skynet tmp]# mount -o remount /home
Get Out Of single user mode

Return to your original run state by using either the "init 3" or "init 5" commands. Continue to the next step once
the system is back to its normal state.
Create The Partition Quota Configuration Files
The topmost directory of the filesystem needs to have an aquota.user file (Defines quotas by user) and/or a
aquota.group file (Defines quotas by group). The man page for "quota" lists them at the bottom.
In this case we'll just enable "per user " quotas.
[root@skynet tmp]# touch /home/aquota.user
[root@skynet tmp]# chmod 600 /home/aquota.user
9.3.3 Initialize The Quota Table

Editing the /etc/fstab file and remounting the file system only alerted Linux to the fact that the filesystem has quota
capabilities. You have to generate a quota table, separate from the aquota files, which lists all the current
allocations for each user on the file system. This table will then be automatically and transparently updated each
time a file is modified. Linux compares the values in this table with the quota limitations the systems administrator
has placed in the aquota files and will use this to determine whether the user has rights to having increased disk
usage.
The table initialization is done using the quotacheck command. You'll get an error the first time you enter the
command as Linux will realize that the aquota file wasn't created using one of the quota commands.
[root@skynet tmp]# quotacheck -vagum
quotacheck: WARNING - Quotafile /home/aquota.user was probably truncated. Can't save quota settings...
quotacheck: Scanning /dev/hda3 [/home] done
quotacheck: Checked 185 directories and 926 files
Edit The User's Quota Information
Now we need to edit the user's quota information. This is done with the edquota command which allows you to
selectively edit a portion of the aquota.user file on a per user basis.
[root@skynet tmp]# edquota -u mp3user
The command will invoke the vi editor which will allow you to edit a number of fields.
Disk quotas for user mp3user (uid 503):
Filesystem blocks soft hard inodes soft hard
/dev/hda3 24 0 0 7 0 0
Blocks: The amount of space in 1K blocks the user is currently using.

Inodes: The number of files the user is currently using.
Soft Limit: The maximum blocks/inodes a quota user may have on a partition. The role of a soft limit changes if
grace periods are used. When this occurs, the user is only warned that their soft limit has been exceeded. When
the grace period expires, the user is barred from using additional disk space or files. When set to zero, limits are
disabled.
Hard Limit: The maximum blocks/inodes a quota user may have on a partition when a grace period is set.
Users may exceed a soft limit, but they can never exceed their hard limit.
In the example below we limit user mp3user to a maximum of 5 MB of data storage on /dev/hda3 (/home).
Disk quotas for user mp3user (uid 503):
Filesystem blocks soft hard inodes soft hard
/dev/hda3 24 5000 0 7 0 0
Testing
Linux checks the total amount of disk space a user uses each time a file is accessed and compares it against the
values in the quota file. If the values are exceeded, depending on the configuration, then Linux will prevent the
creation of new files or the expansion of existing files to use more disk space.

9.4 Other Quota Topics

Creating disk quotas frequently isn't enough you also have to manage the process by reviewing the quota needs
of each user and adjusting them according to the policies of your company. You'll also need to make Linux scan
its hard disks periodically to check for exceeded quotas. This section describes the most common quota
management activities you'll need to undertake.
Editing Grace Periods
The "edquota -t" command sets the grace period for each filesystem. Like the edquota command, it invokes
the vi editor.
The grace period is a time limit before the soft limit is enforced for a quota enabled file system. Time units of
seconds, minutes, hours, days, weeks and months can be used. This is what you'll see with the command
"edquota -t":
Note: There should be no spaces between the number and the unit of time measure. Therefore in this example,
"7days" is correct and "7 days" is wrong.
[root@skynet tmp]# edquota -t
Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
Filesystem Block grace period Inode grace period
/dev/hda3 7days 7days
9.4.1 Editing Group Quotas

Editing quotas on a per group basis can be done similarly with the "edquota -g" command.
Getting Quota Reports. The repquota command lists quota usage limits of all users on the system. Here is an
example.
[root@skynet tmp]# repquota /home
*** Report for user quotas on device /dev/hda3
Block grace time: 7days; Inode grace time: 7days
Block limits File limits

User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 52696 0 0 1015 0 0
...
...
mp3user -- 24 0 0 7 0 0
9.5 Using Sudo

9.5.1 What is SUDO?
SUDO feature in RedHat Linux is similer to RBAC in Solaris. The sudo utility allows users defined in the
/etc/sudoers configuration file to have temporary access to run commands they would not normally be able to
due to file permission restrictions. The commands can be run as user "root" or as any other user defined in the
/etc/sudoers configuration file.
The privileged command you want to run must first begin with the word "sudo" followed by the command's regular
syntax. When running the command with the sudo prefix, you will be prompted for your regular password before it
is executed. You may run other privileged commands using sudo within a five minute period without being re-
prompted for a password. All commands run as sudo are logged in the log file /var/log/messages.

9.5.2 Example Using sudo

In this example, user "bob" attempts to view the contents of the /etc/sudoers file, which is an action that normally
requires privileged access. Without sudo, the command fails.
[bob@skynet bob]$ more /etc/sudoers
/etc/sudoers: Permission denied
[bob@skynet bob]$
Bob tries again using sudo and his regular user password and is successful
[bob@skynet bob]$ sudo more /etc/sudoers
Password:
The details of configuring and installing sudo will be covered in later sections.
The visudo command

"visudo" is a text editor that mimics the "vi" editor that is used to edit the /etc/sudoers configuration file. It is not
recommended that you use any other editor to modify your sudo parameters as the sudoers file isn't located in the
same directory on all versions of Linux. "visudo" uses the same commands as the "vi" text editor. "visudo" must
run as user "root" and should have no arguments as seen below.
[root@aqua tmp]# visudo
The /etc/sudoers File
The /etc/sudoers file contains all the configuration and permission parameters needed for sudo to work. There are
a number of guidelines that need to be followed when editing it with visudo.
Format Of The /etc/sudoers File:
usernames/group servername = (usernames command can be run as) command
Some guidelines when editing this file:

Groups are the same as user groups and are differentiated from regular users by a % at the beginning. The Linux
user group "users" would be represented by %users. You can have multiple usernames per line separated by
commas Multiple commands can be separated by commas too. Spaces are considered part of the command. The
keyword "ALL" can mean all usernames, groups, commands and servers.
If you run out of space on a line, you can end it with a "\" and continue on the next line. Sudo assumes that the
sudoers file will be used network wide, and therefore offers the option to specify the names of servers which will
be using it in the "servername" position. In most cases, the file is used by only one server and the keyword "ALL"
will suffice for the server name.
The NOPASSWD keyword provides access without you being prompted for your password
Simple /etc/sudoers Examples

Here are some simple examples of how to do many commonly required tasks using the sudo utility.
Using Aliases In The sudoers File
Sometimes you'll need to assign random groupings of users from various departments very similar sets of
privileges. The sudoers file allows users to be grouped according to function with the group then being assigned a
nickname or "alias" which is used throughout the rest of the file. Groupings of commands can also be assigned
aliases too.
In the example below, users "peter", "bob" and "bunny" and all the users in the "operator" group are made part of
the user alias "ADMINS". All the command shell programs are then assigned to the command alias "SHELLS".
Users ADMINS are then denied the option of running any SHELLS commands and su.
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, \
/usr/bin/ksh, /usr/local/bin/tcsh, \

/usr/bin/rsh, /usr/local/bin/zsh
User_Alias ADMINS = peter, bob, bunny, %operator

ADMINS ALL = !/usr/bin/su, !SHELLS
This attempts to ensure that users don't permanently "su" to become root, or enter command shells that bypass
sudo's command logging. It doesn't prevent them from copying the files to other locations to be run. The
advantage of this is that it helps to create an audit trail, but the restrictions can only be enforced as part of the
company's overall security policy.
Other Examples
You can view a comprehensive list of /etc/sudoers file options by issuing the command "man sudoers".

Linux Administration – RedHat Package Management Page 55 of 167
10. Red Hat Package Manager (RPMs)

10.1 Introduction
One of the mundane, yet necessary, duties a Systems Administrator faces is software management. Applications
and patches come and go. After months or years of adding, upgrading, and removing software applications, it's
hard to tell just what's on a system, what version a software package is, and what other applications it depends
on. Outdated files often wind up laying around because nobody's quite sure what they belong to. Worse, you may
install a new software package only to find it has overwritten a crucial file from a currently installed package. The
Red Hat Package Manager (RPM) was designed to eliminate these problems. With RPM, software is managed in
discrete “packages,” a collection of the files that make up the software, and instructions for adding, removing, and
upgrading those files. RPM also makes sure you never lose configuration files by backing up existing ones before
overwriting. RPM also tracks which version of an application is currently installed on your system.
A key feature of RPM is that filenames can be specified in Uniform Resource Locator (URL) format. For example,
if you know that the package foo.rpm is on the FTP server ftp.rpmdownloads.com, in the /pub directory, you can
specify that filename as ftp://ftp.rpmdownloads.com/pub/fee.rpm.RPM is smart enough to log on to the FTP server
anonymously and pull down the file. You can also use the format
ftp://<username>:<password>@hostname:<port>/path/to/remote/package/file.rpm, where <username> and
<password> are the username and password you need to log on to this system non-anonymously, and <port>
specifies a nonstandard port used on the remote machine. You may use these formats anywhere a filename is
called for in RPM.
10.2 What Is a Package?

In the generic sense, a package is a container. It includes the files needed to accomplish a certain task, such as
the binaries, configuration, and documentation files in a software application. It also includes instructions on how
and where these files should be installed, and how the installation should be accomplished. A package also
includes instructions on how to uninstall itself. RPM packages are often identified by filenames that usually consist
of the package name, the version, the release, and the architecture for which they were built. For example, the
package penguin-3.26.i386.rpm indicates this is the (fictional) Penguin Utilities package, version 3, release 26.
i386 indicates it has been compiled for the Intel architecture. Note that although this is the conventional method of
naming RPM packages, the actual package name, version, and architecture information are read from the
contents of the file by RPM, not the filename. You could rename the file blag.rpm, but it would still install as
penguin-3.26.i386.rpm.
10.2.1 What Is RPM?

At the heart of RPM is the RPM database. This database tracks where each file in a package is located, its
version, and much more. The RPM also maintains an MD5 checksum of each file. Checksums are used to
determine if a file has been modified, which comes in handy if you need to verify the integrity of one or more
packages. The RPM database makes adding, removing, and upgrading packages easy, because RPM knows
which files to handle, and where to put them.
RPM also takes care of conflicts between packages. For example, if package X, which has already been installed,
has a configuration file called /etc/someconfig, and you attempt to install a new package, Y, which wants to install
the same file, RPM will manage this conflict by backing up your previous configuration file before the new file is
written. The workhorse of the RPM system is the program rpm. rpm is the “driver” responsible for maintaining the
RPM databases. Of rpm's 10 modes of operation, we will cover the four most common: query, install, upgrade,
and remove
10.3.1 Listing Installed RPMs

The rpm -qa command will list all the packages installed on your system
[root@skynet tmp]# rpm -qa
perl-Storable-1.0.14-15
smpeg-gtv-0.4.4-9
e2fsprogs-1.27-9
libstdc++-3.2-7

audiofile-0.2.3-3
...
...
[root@skynet tmp]#
You can also pipe the output of this command through the grep command if you are interested in only a specific
package. In this example we are looking for all packages containing the string "ssh" in the name, regardless of
case ("-i" meaning ignore case)
[root@skynet tmp]# rpm -qa | grep -i ssh
openssh-server-3.4p1-2
openssh-clients-3.4p1-2
openssh-askpass-gnome-3.4p1-2
openssh-3.4p1-2
openssh-askpass-3.4p1-2
Note: You could use the "rpm -q package-name" command to find an installed package as it is much faster than
using grep and the "-qa" switch, but you have to have an exact package match. If you are not sure of the package
name and its capitalization, then the method above is probably more suitable.
10.3.2 Listing Files Associated With RPMs

Sometimes you'll find yourself installing software which terminates with an error requesting the presence of
particular file. In many cases the installation program doesn't state the RPM package in which the file can be
found. It is therefore important to be able to determine the origin of certain files, by listing the contents for RPMs in
which you suspect the files may reside.
10.3.4 Listing Files For Already Installed RPMs

This can be useful if you have to duplicate a working server that is already in a production environment.
Sometimes the installation of an application fails on the new server due to the lack of a file that resides on the old
one. In this case you need to know which RPM on the old server contains the file.
You can use the "-ql" qualifier to list all the files associated with an installed RPM. In this example we test to make
sure that the NTP package is installed using the"-q" qualifier, then we use the "-ql" qualifier to get the file listing.
[root@skynet tmp]# rpm -q ntp
ntp-4.1.2-0.rc1.2
[root@skynet tmp]# rpm -ql ntp
/etc/ntp
/etc/ntp.conf
/etc/ntp/drift
/etc/ntp/keys
...
...
[root@skynet tmp]#
/usr/share/doc/ntp-4.1.2/rdebug.htm
/usr/share/doc/ntp-4.1.2/refclock.htm
/usr/share/doc/ntp-4.1.2/release.htm
/usr/share/doc/ntp-4.1.2/tickadj.htm
[root@skynet tmp]#
10.2 Managing RPMs (install, re-install, upgrade, erase etc.)

Installing RPMs
The rpm -i command will install a package. The package name given must match that listed in the rpm -qa
command as the version of the package is important. -v is used for verbose output and -h shows the process of
installation as # (hashes)
[root@skynet tmp]# rpm -ivh package-name.rpm
Preparing... ###########################################
[100%]
Installing.. ###########################################
[100%]

Installing RPM without checking for dependency

[root@skynet tmp]# rpm -ivh --nodeps package-name.rpm
Re-installing RPM
[root@skynet tmp]# rpm –ivh -–replacepkgs pkgname.rpm
Upgrading RPMs
The rpm -U command will upgrade a package.
[root@skynet tmp]# rpm -Uvh package-name.rpm
Uninstalling RPMs
The rpm -e command will erase an installed package. The package name given must match that listed in the rpm
-qa command as the version of the package is important.
[root@skynet tmp]# rpm -e package-name.rpm

Linux Administration – Networking Page 58 of 167
11. Linux Networking

11.1 Configuring Your NIC's IP Address
It is very important be very familiar with all the steps needed to configure IP addresses on a NIC card. Website
shopping cart applications frequently need an additional IP address dedicated to them, you may need to add a
secondary NIC interface to your server to handle data backups and last but not least, you may just to play around
with the server to test your skills.
This section will show you how to do the most common server IP activities with the least amount of headaches.
11.1.1 Determining Your IP Address

Most modern PCs come with an ethernet port. When Linux is installed, this device is called "eth0". You can
determine the IP address of this device with the "ifconfig" command.
[root@skynet tmp]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0x1820
lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX bytes:82644 (80.7 Kb) TX bytes:82644 (80.7 Kb)
wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5

inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX bytes:4676853 (4.4 Mb) TX bytes:43209032 (41.2 Mb)
Interrupt:11 Memory:c887a000-c887b000
wlan0:0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5

inet addr:192.168.1.99 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:11 Memory:c887a000-c887b000
In this example, eth0 has no IP address as this box is using wireless interface wlan0 as its main NIC. Interface
wlan0 has an IP address of 192.168.1.100 and a subnet mask of 255.255.255.0
If there are conflicts, you may need to refer to the manual for the offending device to try to determine ways to
either use another interrupt or memory I/O location.
11.1.2 Changing Your IP Address

If you wanted, you could give this eth0 interface an IP address using the ifconfig command.
[root@skynet tmp]# ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
The "up" at the end of the command activates the interface. To make this permanent each time you boot up you'll
have to add this command in your /etc/rc.d/rc.local file.

RedHat Linux also makes life a little easier with interface configuration files located in the
/etc/sysconfig/network-scripts directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1
... etc. You can place your IP address information in these files which are then used to auto-configure your NICs
when Linux boots.
11.1.3 network-scripts File Formats :

[root@skynet tmp]# cd /etc/sysconfig/network-scripts
[root@skynet network-scripts]# less ifcfg-eth0
DEVICE=eth0
IPADDR=192.168.1.100
NETMASK=255.255.255.0
BOOTPROTO=static
ONBOOT=yes
#
# The following settings are optional
#
BROADCAST=192.168.1.255
NETWORK=192.168.1.0
[root@skynet tmp]# cd /etc/sysconfig/network-scripts

[root@skynet network-scripts]# less ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
As you can see eth0 will be activated on booting as the parameter ONBOOT has the value "yes" and not "no".
The default RedHat/RedHat installation will include the "broadcast" and "network" options in the network-scripts
file. These are optional. Once you change the values in the configuration files for the NIC you'll have to deactivate
and activate it for the modifications to take effect. The ifdown and ifup commands can be used to do this.
[root@skynet network-scripts]# ifdown eth0
[root@skynet network-scripts]# ifup eth0
11.2 Multiple IP Addresses On A Single NIC

In the previous "determining your IP address" section you may have noticed that there were two wireless
interfaces. One's named wlan0 and the other wlan0:0. Interface wlan0:0 is actually a "child" of interface wlan0, a
virtual sub-interface also known as an "IP alias". IP aliasing is one of the most common ways of creating multiple
IP addresses associated with a single NIC. Aliases have the name format "parent-interface-name:X", where "X"
is the sub-interface number of your choice.
The process for creating an IP alias is very similar to the steps outlined for the real interface in the previous
"changing your IP address" section. This can be seen below:
1. First ensure the "parent" real interface exists
2. Verify that no other IP aliases with the same name exists with the name you plan to use. In this we want to
create interface wlan0:0
3. Create the virtual interface with the ifconfig command
[root@skynet tmp]# ifconfig wlan0:0 192.168.1.99 \
netmask 255.255.255.0 up
4.You should also create a /etc/sysconfig/network-scripts/ifcfg-wlan0:0 file so that the aliases will all be managed
automatically with the ifup and ifdown commands. Here is a sample configuration:
DEVICE=wlan0:0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.99
NETMASK=255.255.255.0
The commands to activate and deactivate the alias interface would therefore be:

[root@skynet tmp]# ifup wlan0:0

[root@skynet tmp]#ifdown wlan0:0
Note: Shutting down the main interface also shuts down all its aliases too. Aliases can be shutdown
independently of other interfaces.
How To Activate / Shutdown Your NIC
The ifup and ifdown commands can be used respectively to activate and deactivate a NIC interface. You must
have an ifcfg file in the /etc/sysconfig/network-scripts directory these commands to work. Here is an
example for interface eth0:
[root@skynet tmp]# ifdown eth0
[root@skynet tmp]# ifup eth0
11.2.1 Viewing Your Current Routing Table

The netstat -nr command will provide the contents of the touting table. Networks with a gateway of 0.0.0.0 are
usually directly connected to the interface. As no gateway is needed to reach your own directly connected
interface then an address of 0.0.0.0 seems appropriate.
In this example there are two gateways, the default and one to 255.255.255.255 which is usually added on DHCP
servers. Server skynet is a DHCP server in this case.
[root@skynet tmp]# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
255.255.255.255 0.0.0.0 255.255.255.255 UH 40 0 0 wlan0
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 wlan0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 40 0 0 wlan0
In this example, there are multiple gateways handling traffic destined for different networks on different interfaces.
11.3 Convert Your Linux Server Into A Router

Router / firewall appliances that provide basic Internet connectivity for a small office or home network are
becoming more affordable every day, but when budgets are tight you may seriously want to consider modifying an
existing Linux server to do the job.
11.3.1 Configuring IP Forwarding

For your Linux server to become a router, you have to enable packet forwarding. In simple terms packet
forwarding lets packets flow through the Linux box from one network to another. The Linux kernel configuration
parameter to activate this named net.ipv4.ip_forward and can be found in the file /etc/sysctl.conf. Remove the "#"
from the line related to packet forwarding.
Before
# Disables packet forwarding
net.ipv4.ip_forward=0
After
# Enables packet forwarding
net.ipv4.ip_forward=1
This will only enable it when you reboot at which time Linux will create a file in one of the subdirectories of the
special RAM memory based /proc filesystem. To activate the feature immediately you have to force Linux to read
the /etc/sysctl.conf file with the sysctl command using the "-p" switch. Here is how it's done:
[root@skynet tmp] sysctl -p
sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
kernel.sysrq = 0

kernel.core_uses_pid = 1
Configuring Your /etc/hosts File
The /etc/hosts file is just a list of IP addresses and their corresponding server names. Your server will typically
check this file before referencing DNS, if the name is found with a corresponding IP address then DNS won't be
queried at all. Unfortunately, if the IP address for that host changes, you'll have to also update the file. This may
not be much of a concern for a single server, but can become laborious if it has to be done companywide. For
ease of management, it is often easiest to limit entries in this file to just the loopback interface, and also the
server's own host name, and use a centralized DNS server handle most of the rest. Sometimes you may not be
the one managing the DNS server and in such cases it may be easier to add a quick /etc/hosts file entry till the
centralized change can be made.
192.168.1.101 sys1
In the example above server "sys1" has an IP address of 192.168.1.101. You can access 192.168.1.101 using
the "ping", "telnet" or any other network aware program by referring to it as "sys1" Here is an example using the
"ping" to see if "sys1" is alive and well on the network.
[root@skynet tmp]# ping sys1
PING zero (192.168.1.101) 56(84) bytes of data.
64 bytes from sys1 (192.168.1.101): icmp_seq=0 ttl=64 time=0.197 ms
64 bytes from sys1 (192.168.1.101): icmp_seq=1 ttl=64 time=0.047 ms
--- sys1 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 2017ms
rtt min/avg/max/mdev = 0.034/0.092/0.197/0.074 ms, pipe 2
You can also add "aliases" to the end of the line which will allow you to refer to the server using other names.
Here we have set it up so that "sys1" can also be accessed using the names "tiny" and "sun20".
192.168.1.101 sys1 tiny sun20
You should never have an IP address more than once in this file as Linux will only use the values in the first entry
it finds.
192.168.1.101 sys1 # (Wrong)
192.168.1.101 tiny # (Wrong)
192.168.1.101 sun20 # (Wrong)
11.4 Setting Up A Telnet Server

Telnet server RPM's filename usually starts with the word "telnet-server" followed by a version number like this:
telnet-server-0.17-28.i386.rpm. this packages located in 3rd cd.
o Telnet is installed disabled RedHat Linux. If you want to enable Telnet then edit the file /etc/xinetd.d/telnet and
set the disable parameter to "no".
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
}
o You’ll then have to restart xinetd for the new settings to take effect.
[root@skynet tmp]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]

Starting xinetd: [ OK ]
[root@skynet tmp]#
Now you are ready to use telnet.
11.5 Setting up rsh and rlogin

rsh server RPM's filename usually starts with the word "rsh-server" followed by a version number like this: rsh-
server-0.17-28.i386.rpm. this packages located in 3rd cd.
rsh and rlogin are disabled in RedHat Linux by deafult. If you want to enable rsh and rlogin then edit the file
/etc/xinetd.d/rsh and /etc/xinetd.d/rlogin, set the disable parameter to "no". just like we’ve done
for Telnet server (see above)
disable = no
You'll then have to restart xinetd for the new settings to take effect.
[root@skynet tmp]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
Now rsh and rlogin are ready to use. Just create .rhosts under user’s home directory which contains trusted Host
name and IP address (or name of trusted Host)
Eg:[root@skynet tmp]# vi /root/.rhosts
200.200.0.2 root
wq!
Here in this example we trust the host 200.200.0.2 and the user root on 200.200.0.2.
11.6 Configuring an FTP server

Introduction
The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers
over the Internet or LAN.
FTP relies on a pair of TCP ports to get the job done. It operates in two connection channels:
FTP Control Channel, TCP Port 21: All commands you send and the ftp server's responses to those
commands will go over the control connection, but any data sent back (such as "ls" directory lists or
actual file data in either direction) will go over the data connection.
FTP Data Channel, TCP Port 20: This port is used for all subsequent data transfers between the client
and server.
Anonymous FTP:
Anonymous FTP is the choice of Web sites that need to exchange files with numerous unknown remote users.
Common uses include downloading software or software updates and uploading diagnostic information or
files etc.
Unlike regular FTP where you login with a preconfigured Linux username and password, anonymous FTP
requires only a username of anonymous and your email address for the password. Once logged in to a VSFTPD
(very Secure File transfer protocol) server, you automatically have access to only the default anonymous FTP
directory (/var/ftp in the case of VSFTPD) and all its subdirectories.
Install and Configure

Install VSFTPD
Most RedHat and Fedora Linux software products are available in the RPM format. When searching for the file,
remember that the VSFTPD RPM's filename usually starts with the word vsftpd followed by a version number,
as in: vsftpd-1.2.1-5.i386.rpm.

Start VSFTPD service

You can start, stop, or restart VSFTPD after booting by using these commands:
[root@skynet tmp]# service vsftpd start
[root@skynet tmp]# service vsftpd stop
[root@skynet tmp]# service vsftpd restart
To configure VSFTPD to start at boot you can use the chkconfig command.
[root@skynet tmp]# chkconfig vsftpd on
You have to restrict FTP access to certain users by adding them to the list of users in the
/etc/vsftpd.ftpusers and /etc/vsftpd.userlist file. The VSFTPD package creates this file with a
number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt
passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these
entries remain and add new entries for additional security
Edit the /etc/vsftpd.userlist and /etc/vsftpd.ftpusers and mention the DENY users list. If you
want to allow any user including root just comment out or remove that particular user’s entry from both of the
files.
Now you can try doing ftp from the remote machine.
[root@skynet_1 tmp]# ftp 192.168.1.100
Connected to 192.168.1.100 (192.168.1.100)
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (192.168.1.100:root): user1
331 Please specify the password.
Password:
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
To view and download a copy of the VSFTPD RPM located on the FTP server skynet.
ftp> ls
227 Entering Passive Mode (192,168,1,100,35,173)
150 Here comes the directory listing.
-rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm
226 Directory send OK.
ftp> get vsftpd-1.1.0-1.i386.rpm vsftpd-1.1.0-1.i386.rpm.tmp

local: vsftpd-1.1.0-1.i386.rpm.tmp remote: vsftpd-1.1.0-1.i386.rpm
227 Entering Passive Mode (192,168,1,100,44,156)
150 Opening BINARY mode data connection for vsftpd-1.1.0-1.i386.rpm (76288
bytes).
226 File send OK.
76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec)
ftp> exit
221 Goodbye.
Note: You can ? (question mark) to list all the available commands at ftp prompt.
We can alos perform FTP downloads and uploads by using a GUI tool “gftp”. Type the command “gftp” at a
graphical console and you can simply drag and drop the files from remote machine’s window to the local one. See
the figure below:

Figure:gftp
In the above figure left window has the Local files and right window shows the Remote ftp server
skynet.wilshiresoft.com's files. You can drag and drop the files between windows or you can select
individual files and then use the Arrow buttons to upload or download.

Linux Administration – Network File System (NFS) Page 65 of 167
12. NFS
12.1 NFS Operational Overview
Linux data storage disks contain files stored in filesystems with a standardized directory structure. New disks are
added by attaching, or "mounting", the directories of their filesystems to a directory of an already existing
filesystem. This in effect makes the new hard disk transparently appear to be a sub directory of the file system to
which it is attached.
NFS was developed to allow a computer system to access directories on remote computers by mounting them on
a local filesystem as if they were just like a local disk. The systems administrator on the NFS server has to define
the directories that need to be activated or "exported" for access by the NFS clients, and administrators on the
clients need to define both the NFS server and the subset of its exported directories to use.
General NFS Rules
There are some general rules that need to be followed when configuring NFS.
1. You can only export directories beneath the "/" directory.
2. You cannot export a subdirectory of a directory that has already been exported. The exception being when the
subdirectory is on a different physical device. Likewise you cannot export the parent of a subdirectory unless it is
on a separate device too.
3. You can only export local file systems.
12.2 Important NFS Daemons

NFS isn't a single program, but a suite of interrelated programs that work together to get the job done.
Portmap
This is the primary daemon upon which all the others rely. Portmap is manages connections for applications that
use the RPC specification. By default portmap listens to TCP port 111 on which an initial connection is made. This
is then used to negotiate a range of TCP ports, usually above port 1024, to be used for subsequent data
transfers.
Portmap needs to be run on both the NFS server and client.
NFS
Starts the RPC processes needed to serve shared NFS file systems. The NFS daemon only needs to be run on
the NFS server.
NFSlock
Used to allow NFS clients to lock files on the server via RPC processes. The NFSlock daemon needs to be run on
both the NFS server and client.
NetFS
Allows RPC processes run on NFS clients to mount NFS filesystems on the server. The NFSlock daemon only
needs to be run on the NFS client.
12.3 Configuring NFS on The Server

Both the NFS server and NFS client will have to have parts of the NFS package installed and running. The server
will need portmap, nfs and nfslock operational and have a correctly configured /etc/exports file. Here's how to do
it.
12.3.1 The /etc/exports File

This is the main NFS configuration file and consists of two columns. The first column lists the directories you want
to make available to the network. The second column has two parts. The first part lists the networks or DNS

domains that can get access to the directory, the second part lists NFS options in brackets. In the case below we
have provided:
Read only access to the /data/files directory to all networks
Read/write access to the /home directory from all servers on the 192.168.1.0 /24 network, that is all addresses
from 192.168.1.0 to 192.168.1.255
Read/write access to the /data/test directory from servers in the my-site.com DNS domain
Read/write access to the /data/database directory from a single server 192.168.1.203.
In all cases we have used the "sync" option to ensure that file data cached in memory is automatically written to
the disk after the completion of any disk data copying operation.
#/etc/exports
/data/files *(ro,sync)
/home 192.168.1.0/24(rw,sync)
/data/test *.my-site.com(rw,sync)
/data/database 192.168.1.203/32(rw,sync)
Once you have configured your /etc/exports file, you'll need to activate the settings, but first you'll have to make
sure NFS is running correctly.
Starting NFS on the Server
Configuring an NFS server is straightforward with the easy to follow steps outlined below.
1. Use the chkconfig command to configure the required NFS and RPC portmap daemons to start at boot. You
will also have to activate NFS file locking to reduce the risk of corrupted data.
[root@skynet tmp]# chkconfig --level 35 nfs on
[root@skynet tmp]# chkconfig --level 35 nfslock on
[root@skynet tmp]# chkconfig --level 35 portmap on
2. Use the init scripts in the /etc/init.d directory to start the NFS and RPC portmap daemons. In the examples
below we're using the "start" option, but when needed, you can also stop and restart the processes with the "stop"
and "restart" options.
[root@skynet tmp]# service portmap start
[root@skynet tmp]# service nfs start
[root@skynet tmp]# service nfslock start
12.4 Configuring NFS on The Client

NFS configuration on the client requires you to start the NFS application; create a directory on which to mount the
NFS server's directories that we exported via the /etc/exports file; and finally to mount the NFS server's directory
on your local directory or "mount point". Here's how to do it all.
12.4.1 Starting NFS on the Client

1. Use the chkconfig command to configure the required NFS and RPC portmap daemons to start at boot. You
will also have to activate NFS file locking to reduce the risk of corrupted data.
[root@skynet tmp]# chkconfig --level 35 netfs on
[root@skynet tmp]# chkconfig --level 35 nfslock on
[root@skynet tmp]# chkconfig --level 35 portmap on
2. Use the init scripts in the /etc/init.d directory to start the NFS and RPC portmap daemons. In the examples
below we're using the "start" option, but when needed, you can also stop and restart the processes with the "stop"
and "restart" options.


[root@skynet tmp]# service netfs start
12.4.2 Making NFS Mounting Permanent

In most cases, users want their NFS directories to be permanently mounted. This requires an entry in the
/etc/fstab file in addition to the creation of the "mount point directory" as seen below.
The /etc/fstab File
The /etc/fstab file lists all the partitions that need to be auto-mounted when the system boots. Therefore you need
to edit the /etc/fstab file if you need the NFS directory to be made permanently available to users on the NFS. In
this case we're mounting the /data/files directory on server "skynet" (IP address 192.16801.100) as an NFS type
filesystem using the local /mnt/nfs mount point directory.
#/etc/fstab
#Directory Mount Point Type Options Dump FSCK
192.168.1.100:/data/files /mnt/nfs nfs soft,nfsvers=2 0 0
In this example we used the "soft" and "nfsvers" options, Table 30-1 outlines these and other useful NFS
mounting options you may want to use. Use the NFS man pages for more details.
Manually Mounting NFS File Systems
If you don't want a permanent NFS mount, then you can use the "mount" command without the /etc/fstab entry to
gain access only when necessary. This is a manual process, but an automated process can be seen in the
automounter section.
In this case we're mounting the /data/files directory as an NFS type filesystem on the /mnt/nfs mount point. The
NFS server is "skynet" whose IP address is 192.168.1.100.
Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is
completed,
[root@skynet tmp]# mkdir /mnt/nfs
[root@skynet tmp]# ls /mnt/nfs
[root@skynet tmp]# mount -t nfs 192.168.1.100:/data/files /mnt/nfs
[root@skynet tmp]# ls /mnt/nfs
ISO ISO-RedHat kickstart RedHat
12.4.3 Activating Modifications To The /etc/exports File

You can force your system to re-read the /etc/exports file by restarting NFS. In a non production environment this
may cause disruptions when an exported directory suddenly disappears without prior notification to users. Here
are some methods you can use to update and activate the file with the least amount of inconvenience to others.
New Exports File
When no directories have yet been exported to NFS, then the "exportfs -a" command is used as seen below.
[root@skynet tmp]# exportfs -a
Adding A Shared Directory To An Existing Exports File
When adding a shared directory you can use the "exportfs -r" command to export only the new entries.
[root@skynet tmp]# exportfs -r
12.4.4 Deleting, Moving Or Modifying A Share

Removing an exported directory from the /etc/exports file requires work on both the NFS client and server. The
steps are as follows.
1. Unexport the mount point directoty on the NFS client using the "umount" command. In this case we're
unmounting the /mnt/nfs mount point.
[root@skynet tmp]# umount /mnt/nfs

Note: You may also need to edit the /etc/fstab file of any entries related to the mount point if you want to make
the change permanent even after rebooting.
2. Comment out the corresponding entry in the NFS server's /etc/exports file and reload the modified file as seen
below.
[root@skynet tmp]# exportfs -ua
The showmount Command
When run on the server, the "showmount -a" command will list all the currently exported directories. It will also
show a list of NFS clients accessing the server, in this case one client is with an IP address of 192.168.1.102.
[root@skynet tmp]# showmount -a
All mount points on skynet:
*:/home
192.168.1.102:*

Linux Administration – Network Information System (NIS) Page 69 of 167
13. Centralized Logins Using NIS

13.1 Introduction to NIS
Network Information Services (NIS) allows you to create user accounts that can be shared across all systems on
your network. The user account is created only on the NIS server. NIS clients download the necessary username
and password data from the NIS server to verify each user login.
An advantage of NIS is that users only need to change their passwords on the NIS server, instead of every
system on the network. This makes NIS popular in computer training labs, distributed software development
projects or any other situation where groups of people have to share many different computers.
The disadvantage is that NIS doesn't encrypt the username/password information sent to the clients with each
login and all users have access to the encrypted passwords stored on the NIS server. A detailed analysis of NIS
security is beyond the scope of this book, but I would suggest that you restrict its use to highly secure networks or
networks where access to non NIS networks is highly restricted.
13.2 Configuring The NFS Server for NIS

Here are the steps to configure the NFS server in this scenario:
Edit the /etc/exports file to allow NFS mounts of the /home directory with read/write access.
/home *(rw,sync)
Let NFS read the /etc/exports file for the new entry and make /home available to the network with the exportfs
command.
Make sure the required NFS, NFS lock and port mapper daemons are both running and configured to start after
the next reboot.
[root@skynet tmp]# chkconfig nfslock on
[root@skynet tmp]# chkconfig nfs on
[root@skynet tmp]# chkconfig portmap on
Starting portmapper: [ OK ]
Starting NFS statd: [ OK ]
[root@skynet tmp]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@skynet tmp]#
13.2.1 Configuring The NFS Client for NIS

You'll also need to configure the NFS clients to mount their /home directories on the NFS server.
The procedure below will archive the /home directory. In a production environment in which the /home directory
would be actively used, you'd have to force the users to log off, backup the data, restore it to the NFS server and
then follow the steps below. As this is a lab environment, these prerequisites won't be necessary.
1. Make sure the required netfs, NFS lock and port mapper daemons are both running and configured to start
after the next reboot.
[root@skynet tmp]# chkconfig nfslock on
[root@skynet tmp]# chkconfig netfs on
[root@skynet tmp]# service netfs start
Mounting other filesystems: [ OK ]

Starting NFS statd: [ OK ]
2. Keep a copy of the old /home directory, and create a new directory /home on which we'll mount the NFS
server's directory.
[root@skynet tmp]# mv /home /home.save
[root@skynet tmp]# mkdir /home
[root@skynet tmp]# ll /
...
...
drwxr-xr-x 1 root root 11 Nov 16 20:22 home
drwxr-xr-x 2 root root 4096 Jan 24 2003 home.save
...
3. Make sure you can mount skynet's /home directory on the new /home directory we just created. Unmount it
once everything looks correct.
[root@skynet tmp]# mount 192.168.1.100:/home /home/
[root@skynet tmp]# ls /home
ftpinstall nisuser quotauser skynet www
[root@skynet tmp]# umount /home
4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting
information whenever the /home directory is accessed. After five minutes, autofs will unmount the directory.
#/etc/auto.master
/home /etc/auto.home --timeout 600
5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long
to view on your screen, you can add a "\" at the end to continue on the next line.
#/etc/auto.home
* -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \
192.168.1.100:/home:&
6. Start autofs and make sure it will start after the next reboot with the chkconfig command.
[root@skynet tmp]# chkconfig autofs on
[root@skynet tmp]# service autofs restart
Stopping automount:[ OK ]
Starting automount:[ OK ]
Note: After doing this, you won't be able to see the contents of the /home directory on skynet as user "root". This
is because by default NFS activates the root squash feature which disables this user from having privileged
access to directories on remote NFS servers. We'll be able to test this later once NIS is configured.
All newly added Linux users will now be assigned a home directory under the new remote /home directory. This
scheme will make the users feel their home directories are local, when in reality they are automatically mounted
and accessed over your network.
13.3 Configuring The NIS Server

In the early days, NIS was called "Yellow Pages". The developers had to change the name after a copyright
infringement lawsuit, yet many of the key programs associated with NIS have kept their original names beginning
with "yp".
Edit Your /etc/sysconfig/network File

You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. In the case below, we've called
the domain "NIS-HOME_NETWORK".
#/etc/sysconfig/network

NISDOMAIN="DESTINY.COM"
Edit Your /etc/yp.conf File

NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file
/etc/yp.conf to list the domain's NIS server as being the server itself or "localhost".
# /etc/yp.conf - ypbind configuration file
ypserver 127.0.0.1
Start The Key NIS Server Related Daemons
Start the necessary NIS daemons in the /etc/init.d directory and use the chkconfig command to ensure they start
after the next reboot.
13.3.1 Required NIS Server Daemons

portmap The foundation RPC daemon upon which NIS runs.
yppasswdd Lets users change their passwords on the NIS server from NIS clients
ypserv Main NIS server daemon
ypbind Main NIS client daemon
ypxfrd Used to speed up the transfer of very large NIS maps
[root@skynet tmp]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@skynet tmp]# service ypserv start
Setting NIS domain name DESTINY.COM: [ OK ]
Starting YP server services: [ OK ]
[root@skynet tmp]# chkconfig yppasswdd on
[root@skynet tmp]# chkconfig ypserv on
13.3.2 Initialize Your NIS Domain

Now that you have decided on the name of the NIS domain, you'll have to use the ypinit command to create the
associated authentication files for the domain. You will be prompted for the name of the NIS server, which in this
case is "skynet".
With this procedure, all non privileged accounts will automatically be accessible via NIS.
[root@skynet tmp]# /usr/lib/yp/ypinit -m
At this point, we have to construct a list of the hosts which will run NIS
servers. skynet is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
next host to add: skynet
next host to add:
The current list of NIS servers looks like this:
skynet
Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/DESTINY.COM/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/DESTINY.COM'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/DESTINY.COM'
skynet has been set up as a NIS master server.
Now you can run ypinit -s skynet on all slave server.
Note: Make sure portmapper is running before doing this or you'll get errors
like the one below. You will have to delete the /var/yp/DESTINY.COM directory
and restart portmapper, yppasswd and ypserv before you'll be able to do this
again successfully.
failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating
group.bygid...
Start The ypbind and ypxfrd Daemons
You can now start the ypbind and the ypxfrd daemons now that the NIS domain files have been created.
[root@skynet tmp]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server.
[root@skynet tmp]# service ypxfrd start
Starting YP map server: [ OK ]
[root@skynet tmp]# chkconfig ypbind on
[root@skynet tmp]# chkconfig ypxfrd on
13.4 Managing NIS server

Adding New NIS Users
New NIS users can be created by logging into the NIS server and creating the new user account. In this case we'll
create a user account called "nisuser" and give it a new password. Once this is complete, you will then have to
update the NIS domain's authentication files by executing the make command in the /var/yp directory.
This procedure will make all NIS enabled, non privileged accounts become automatically accessible via NIS, not
just newly created ones. It will also export all the user's characteristics stored in the /etc/passwd and /etc/group
files such as the login shell, the user's group and home directory.
[root@skynet tmp]# useradd -g users nisuser
[root@skynet tmp]# passwd nisuser
Changing password for user nisuser.
New password:
[root@skynet tmp]# cd /var/yp
[root@skynet yp]# make
gmake[1]: Entering directory `/var/yp/DESTINY.COM'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/DESTINY.COM'
You can check to see if the user's authentication information has been updated by using the ypmatch command
which should return the user's encrypted password string.
[root@skynet tmp]# ypmatch nisuser passwd
nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/::504:100::/home/nisuser:/bin/bash

13.5 Configuring The NIS Client

Now that the NIS server has been configured, it's time to configure the NIS clients. There are a number of related
configuration files that you'll need to edit to get it to work. The procedure can be seen below:
Run authconfig
The authconfig program will automatically configure your NIS files after prompting you for the IP address and
domain of the NIS server.
[root@skynet tmp]# authconfig
Once finished, it should create a /etc/yp.conf file that defines, amongst other things, the IP address of the NIS
server for a particular domain. It will also edit the /etc/sysconfig/network file to define the NIS domain to which the
NIS client belongs.
# /etc/yp.conf - ypbind configuration file
domain DESTINY.COM server 192.168.1.100
#/etc/sysconfig/network
NISDOMAIN=DESTINY.COM
The authconfig program also updates the /etc/nisswitch.conf file which lists
the order in which certain data sources should be searched for name lookups
like those in DNS, LDAP and NIS. Here we can see where NIS entries have been
added for the important login files.
#/etc/nisswitch.conf
passwd: files nis
shadow: files nis
group: files nis
Note: A sample NIS nsswitch.conf file can also be located in the /usr/share/doc/yp-tools* directory
Start The NIS Client Related Daemons
Start the ypbind NIS client, yppasswd and portmap daemons in the /etc/init.d directory and use the chkconfig
command to ensure they start after the next reboot. Remember to use the "rpcinfo" command to ensure they are
running correctly.
[root@skynet tmp]# service ypbind start
Binding to the NIS domain:
Listening for an NIS domain server.
[root@skynet tmp]# service yppasswdd start
Starting YP passwd service: [ OK ]
[root@skynet tmp]# chkconfig ypbind on

[root@skynet tmp]# chkconfig yppasswdd on
Test NIS Access To The NIS Server

You can run the ypcat, ypmatch and getent commands to make sure communication
to the server is correct.
[root@skynet tmp]# ypcat passwd
nisuser:$1$Cs2GMe6r$1hohkyG7ALrDLjH1:505:100::/home/nisuser:/bin/bash
quotauser:!!:503:100::/home/quotauser:/bin/bash
ftpinstall:$1$8WjAVtes$SnRh9S1w07sYkFNJwpRKa.:502:100::/:/bin/bash
www:$1$DDCi/OPI$hwiTQ.L0XqYJUk09Bw.pJ/:504:100::/home/www:/bin/bash
skynet:$1$qHni9dnR$iKDs7gfyt..BS9Lry3DAq.:501:100::/:/bin/bash
[root@skynet tmp]# ypmatch nisuser passwd

nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
[root@skynet tmp]# getent passwd nisuser

nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash

Possible sources of error would include:

Incorrect authconfig setup resulting in errors in the /etc/yp.conf, /etc/sysconfig/network and /etc/nsswitch.conf files
Failure to run the ypinit command on the NIS server NIS not being started on the NIS server or client. Poor
routing between the server and client, or the existence of a firewall that's blocking traffic
Try to eliminate these areas as sources of error and refer to the syslog /var/log/messages file on the client and
server for entries that may provide additional clues.
Test Logins Via The NIS Server
You should next try to test a remote login once your basic NIS functionality testing is complete. Failures in this
area could be due to firewalls blocking telnet or SSH access and the telnet and SSH server process not being
started on the clients.
Logging In Via Telnet
Try logging into the NIS client via telnet if it is enabled
[root@skynet tmp]# telnet 192.168.1.201
Trying 192.168.1.201...
Connected to 192.168.1.201.
Escape character is '^]'.
Red Hat Linux release 9 (Shrike)
Kernel 2.4.20-6 on an i686
login: nisuser
Password:
Last login: Sun Nov 16 22:03:51 from 192-168-1-100.simiya.com
Changing Your NIS Passwords
You should also test to make sure your users can change their NIS passwords from the NIS clients with the
yppasswd command.
Users Changing Their Own Passwords

Users can change their passwords by logging into the NIS server and issuing the yppasswd command.
[nisuser@skynet nisuser]$ yppasswd
Changing NIS account information for nisuser on skynet.my-site.com.
Please enter old password:
Changing NIS password for nisuser on skynet.my-site.com.
Please enter new password:
Please retype new password:
The NIS password has been changed on skynet.my-site.com.

Linux Administration – DNS Page 75 of 167
14. DNS
14.1 Introduction to DNS
Before we begin, it is best to understand a few foundation concepts in DNS on which the rest of the document is
built.
DNS Domains
Everyone in the world has a first name and a last or "family" name. DNS is similar in that a family of websites can
be closely described as being a "domain". For example the domain wilshiresoft.com has a number of production
such as www.wilshiresoft.com and mail.wilshiresoft.com for the web and mail servers respectively.
BIND
BIND is an acronym for the "Berkeley Internet Name Domain" project which maintains the DNS related software
suite that runs under Linux. The most well known program in BIND is "named", the daemon that responds to DNS
queries from remote machines.
DNS Clients
A DNS client doesn't store DNS information; it always has to refer to a DNS server to get it. The only DNS
configuration file for a DNS client is the /etc/resolv.conf file which defines the IP address of the DNS server it
should use. You shouldn't need to configure any other files.
You can learn more about the /etc/resolv.conf file in the sections that follow.
Authoritative DNS Servers
Authoritative servers provide the definitive information for your DNS domain such as the names of servers and
websites in it. They are the "last word" in information related to your domain.
14.2 Basic DNS Testing of DNS Resolution

DNS resolution maps a fully qualified domain name (FQDN), such as www.wilshiresoft.com, to an IP address.
This is also known as a "forward lookup". The reverse is also true. DNS is also capable of determining the fully
qualified domain name associated with an IP address in what is unsurprisingly called a "reverse lookup".
It is possible to have many different websites mapping to a single IP address but the reverse isn't true, an IP
address can map to only one FQDN. This means that forward and reverse entries frequently won't match. The
reverse DNS entries are usually the responsibility of the ISP hosting your site, so it is quite common for the
reverse lookup to resolve to the ISP's domain. This isn't an important factor for most small sites, but some
eCommerce applications require matching entries to operate correctly. You may have to ask your ISP to make a
custom DNS change to correct this.
There are a number of commands you can use do these lookups. The first one is "host" which is set to replace
the older "nslookup" command.
The Host Command
The host command will accept arguments that are either the fully qualified domain name or the IP address of the
server when providing results as we see below.
Forward Lookup Example
[root@skynet tmp]# host www.wilshiresoft.com
www.wilshiresoft.com has address 200.200.0.1
[root@skynet tmp]#
Reverse Lookup Example
[root@skynet tmp]# host 200.200.0.1
0.200.200.in-addr.arpa domain name pointer 200.200.0.1.wilshiresoft.com
As you can see, the forward and reverse entries don't match. The reverse entry matches the entry of the ISP.
The nslookup Command

The nslookup command tends to be more verbose than the host command providing the IP addresses of the DNS
servers that provided it with its information. Unlike the host command, the nslookup command is available to
Windows PCs.
Forward Lookup Example
[root@skynet tmp]# nslookup www.wilshiresoft.com
Server: 200.200.0.1
Address: 200.200.0.1#53
Non-authoritative answer:
Name: www.wilshiresoft.com
Address: 200.200.0.1
Reverse Lookup Example
[root@skynet tmp]# nslookup 65.115.71.34
Server: 200.200.0.1
Address: 200.200.0.1#53
14.4 Configuring DNS

Install The BIND Packages
When searching for the file, remember that the BIND RPM's filename usually starts with the word "bind" followed
by a version number like this: bind-9.2.2.P3-9.i386.rpm.
Start the BIND service
You can use the chkconfig command to get BIND configured to start at boot:
[root@skynet tmp]# chkconfig named on
To start/stop/restart BIND after booting
[root@skynet tmp]# service named start
[root@skynet tmp]# service named stop
[root@skynet tmp]# service named restart
Note: Remember to restart the BIND process every time you make a change to the configuration file for the
changes to take effect on the running process.
14.3 The /etc/resolv.conf File

This file is used by DNS clients (servers not running BIND) to determine both the location of their DNS server and
the domains to which they belong. It generally has two columns, the first contains a keyword and the second
contains the desired value(s) separated by commas. A list of keywords can be found in the following Table
Keywords In /etc/resolv.conf
Keyword Value
nameserver IP address of your DNS nameserver. There should be only one entry per
"nameserver" keyword. If there is more than one nameserver, you'll need to have
multiple "nameserver" lines.
Domain The local domain name to be used by default. If the server is
wstsun1.wilshiresoft.com, then the entry would just be wilshiresoft.com
Search If you refer to another server just by its name without the domain added on, DNS on
your client will append the server name to each domain in this list and do an
nslookup on each to get the remote servers' IP address. This is a handy time saving
feature to have so that you can refer to servers in the same domain by only their
servername without having to specify the domain. The domains in this list must
separated by spaces.

Here is a sample configuration in which:

Nameserver, 200.200.0.1 provide DNS name resolution.
search wilshiresoft.com
nameserver 200.200.0.1
Configuring Nameserver
The named.conf file
The main DNS configuration is kept in the /etc/named.conf file which is used to tell BIND where to find the
configuration files for each domain you own. There are usually two zone areas in this file:
Forward zone file definitions which list files to map domains to IP addresses
Reverse zone file definitions which list files to map IP addresses to domains
In this example the forward zone for www.wilshiresoft.com is being set up by placing the following entries at the
bottom of the named.conf file. The zone file is named wilshiresoft.zone and, though not explicitly stated, the file
wilshiresoft.zone should be located in the default directory of /var/named/chroot/var/named in Fedora Core and in
/var/named in RedHat 9 and older.
zone "wilshiresoft.com" {
type master;
notify no;
allow-query { any; };
file "wilshiresoft.zone";
};
Note: The "allow-query" directive defines the networks that are allowed to query your DNS server for information
on any zone. For example, to limit queries to only our 200.200.0.0 network, you could modify the directive to state
allow-query { 200.200.0.0/24; };
The reverse zone definition below is an example of a named.conf for a reverse zone file named 200-200-0.zone
for the 200.200.0.0/24 network.
zone "0.200.200.in-addr.arpa" {
type master;
notify no;
file "200-200-0.zone";
};
Note: the reverse order of the IP address in the zone section is important as is the fact that only the first three
octets of the IP address are represented.
Configuring The Zone Files
There are a number of things to keep in mind when configuring DNS zone files. In all zone files, you can place a
comment at the end of any line by inserting a semi-colon ";" character then typing in the text of your comment.
By default, your zone files are located in the directory /var/named or /var/named/chroot/var/named.
Each zone file contains a variety of records (e.g. SOA, NS, MX, A and CNAME) which govern different areas of
BIND. Each will be explained later with examples.
Time to Live Value

Caching DNS servers cache the responses to their queries from authoritative DNS servers. The authoritative
servers not only provide the DNS answer but the valid lifetime or time to live (TTL) of the information. The
purpose of a TTL is to reduce the number of DNS queries the authoritative DNS server has to answer. If the TTL
is set to three days, then caching servers will use the original stored response for this length of time before
making the query again. The TTL value for the zone is usually the very first entry in the zone file. In the example
below, it is set to three days.

$TTL 3D
Note: BIND recognizes a number of suffixes for time related values. A "D" signifies days, a "W" signifies weeks
and an "H" signifies hours. In the absence of a suffix, BIND assumes the value is in seconds.
DNS Resource Records
The rest of the records in a zone file are usually BIND resource records. They define the nature of the DNS
information in your zone files that's presented to querying DNS clients. They all have the general format:
Name Class Type Data
There are different types of record for mail (MX), forward lookups (A), reverse lookups (PTR), aliases (CNAME)
and overall zone definitions (SOA). The data portion is formatted according to the record "type" and may consist
of several values separated by spaces. Similarly, the "name" is also subject to interpretation based on this factor.
The formatting and use of each type of record will be discussed in sections to follow.
The SOA Record
The very first resource record is the Start of Authority (SOA) record which contains general administrative and
control information about the domain. It has the following format:
Name Class Type Name-Server Email-Address Serial-No Refresh Retry Expiry Minimum-TTL
The record can be long, and will sometimes wrap around on your screen. For the sake of formatting, you insert
"new line" characters between the fields as long as you insert at the beginning and end of the insertion to alert
BIND that part of the record will straddle multiple lines. You can also add comments to the end of each new line
separated by a semicolon when you do this. Here is an example:
@ IN SOA wstsun1.wilshiresoft.com. hostmaster.wilshiresoft.com. (
2004100801 ; serial #
4H ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
So in this example, the primary name server has been defined as "wstsun1.wilshiresoft.com" with a contact email
address of "hostmaster@wilshiresoft.com". The serial number is "2004100801" with refresh, retry, expiry and
minimum values of 4 hours, 1 hour, 1 week and 1 day respectively.
Like the SOA record, the NS, MX, A, PTR and CNAME records each occupy a single line with a very similar
general format.
Sample Forward Zone File
Now that the key elements of a zone file have been described, it's time to examine a working example for the
domain wilshiresoft.com.
;
@ IN SOA wstsun1.wilshiresoft.com. hostmaster.wilshiresoft.com. (
200211152 ; serial#
3600 ; refresh, seconds
3600 ; retry, seconds
3600 ; expire, seconds
3600 ) ; minimum, seconds
;
NS www ; Inet Address of nameserver

wstsun1 A 200.200.0.1
wstsun2 A 200.200.0.2
wstsun3 A 200.200.0.3
server CNAME wstsun1
Notice that in this example:
Server wstsun1.wilshiresoft.com is the name server for wilshiresoft.com. In corporate environments there may be
a separate name server for this purpose. Primary name servers are more commonly called "wstsun1" and
secondary name servers "wstsun2".

The minimum TTL value ($TTL) is 3 days therefore remote DNS caching servers will store learned DNS
information from your zone for 3 days before flushing it out of their caches.
The MX record for wilshiresoft.com points to the server named mail.wilshiresoft.com
Sample Reverse Zone File
Now we need to make sure that we can do an nslookup query on all our home network's PCs and get their correct
IP addresses. This is very important if you are running a mail server on your network as sendmail typically will
only relay mail from hosts whose IP addresses resolve correctly in DNS. NFS, which is used in network based file
access, also requires valid reverse lookup capabilities.
This is an example of a zone file for the 200.200.0.x network. All the entries in the first column refer to the last
octet of the IP address for the network, so the IP address 200.200.0.1 points to the name
wstsun1.wilshiresoft.com.
Notice how the main difference between forward and reverse zone files is that the reverse zone file only has PTR
and NS records. Also the PTR records cannot have CNAME aliases.
;
; Zone file for 200.200.0.x
;
$TTL 3D
@ IN SOA www.wilshiresoft.com. hostmaster.wilshiresoft.com. (
200303301 ; serial number
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
NS www ; Nameserver Address
;
1 PTR wstsun1.wilshiresoft.com.
Loading Your New Configuration Files
Here are the steps you need to follow to load your new configuration files. Make sure your file permissions and
ownership are OK in the /var/named directory.
[root@skynet tmp]# cd /var/named
[root@wstsun1 named]# ll
total 6
-rw-r--r-- 1 named named 195 May 3 2005 localhost.zone
-rw-r--r-- 1 named named 2769 May 3 2005 named.ca
-rw-r--r-- 1 named named 433 May 3 2005 named.local
-rw-r--r-- 1 root root 763 May 2 16:23 wilshiresoft.zone
[root@wstsun1 named]# chown named *
[root@wstsun1 named]# chgrp named *
[root@wstsun1 named]# ll
total 6
-rw-r--r-- 1 named named 195 May3 2005 localhost.zone
-rw-r--r-- 1 named named 2769 May 3 2005 named.ca
-rw-r--r-- 1 named named 433 May 3 2005 named.local
-rw-r--r-- 1 named named 763 May 2 16:23 wilshiresoft.zone
The configuration files above will not be loaded until you issue the following command to restart the named
process that controls DNS.
Note: (Make sure to increment your configuration file serial number before doing this).
[root@skynet tmp]# /etc/init.d/named restart
Last, but not least, take a look at the end of your /var/log/messages file to make sure there are no errors.
Make sure your /etc/hosts and /etc/resolv.conf file is correctly updated. And test your configuration with nslookup
and dig commands.

Note: We can also use the redhat-config-bind GUI tool to configure DNS, but it’s not recommended.

Linux Administration – DHCP Page 81 of 167
15.DHCP/Bootp
DHCP (Dynamic Host Configuration Protocol) and bootp are protocols that allow a client machine to obtain
network information (such as an IP number) from a server. Many organizations are starting to use dynamic host
control because it simplifies and centralizes network administration.
15.1 DHCP Operational Overview

As with most network services there is a server side and a client side to DHCP. The examples use the DHCPd
daemon on the server side, and the pump (is a client program) executable on the client side. There are other
packages available, but these binaries are the ones installed with Red Hat by default.
Provides dynamic configuration and network information to hosts.
IP address.
DNS servers.
Netbios name servers.
Gateways.
Domain name.
Only one DHCP server per network segment.
Uses broadcast packets to retrieve information.
Superset of bootp.
Can answer requests from bootp clients.
Install the DHCP package dhcp-3.0.1rc14-1.i386.rpm (available in 3rd CD of RedHat9 distribution).
15.2 the /etc/dhcpd.conf File

When DHCP starts it reads the file /etc/dhcpd.conf. It uses the commands here to configure your network. Many
RPM packages don't automatically install a /etc/dhcpd.conf file, but you can find a sample copy of dhcpd.conf in
the following directory which you can always use as a guide.
/usr/share/doc/dhcp-<version-number>/dhcpd.conf.sample
Copy the sample dhcpd.conf file to the /etc directory and then edit it. Here is the command to do the copying for
the version 3.0p11 RPM file:
[root@skynet tmp]# cp /usr/share/doc/dhcp-3.0pl1/dhcpd.conf.sample \
/etc/dhcpd.conf
Here is a quick explanation of the dhcpd.conf file: Most importantly, there must be a "subnet" section for each
interface on your Linux box.
ddns-update-style interim #
ignore client-updates #
subnet 200.200.0.0 netmask 255.255.255.0 {
# The range of IP addresses the server
# will issue to DHCP enabled PC clients
# booting up on the network
range 200.200.0.201 200.200.0.220;
# Set the amount of time in seconds that
# a client may keep the IP address
default-lease-time 86400;
max-lease-time 86400;
# Set the default gateway to be used by
# the PC clients
option routers 200.200.0.1;
# Don't forward DHCP requests from this

# NIC interface to any other NIC
# interfaces
option ip-forwarding off;
# Set the broadcast address and subnet mask

# to be used by the DHCP clients
option broadcast-address 200.200.0.255;

option subnet-mask 255.255.255.0;
# Set the DNS server to be used by the
# DHCP clients
option domain-name-servers 200.200.0.1;

# Set the NTP server to be used by the
# DHCP clients
option nntp-server 200.200.0.1;
# If you specify a WINS server for your Windows clients,
# you need to include the following option in the dhcpd.conf file:
option netbios-name-servers 200.200.0.1;
}
#
# List an unused interface here
#
subnet 200.200.2.0 netmask 255.255.255.0 {
}
There many more options statements you can use to configure DHCP. These include telling the DHCP clients
where to go for services such as finger and IRC. Check the dhcp-options man page after you do your install. The
command to do this follows:
[root@skynet tmp]# man dhcp-options
Lease Database
On the DHCP server, the file /var/lib/dhcp/dhcpd.leases stores the DHCP client lease database. This file should
not be modified by hand. DHCP lease information for each recently assigned IP address is automatically stored in
the lease database. The information includes the length of the lease, to whom the IP address has been assigned,
the start and end dates for the lease, and the MAC address of the network interface card that was used to retrieve
the lease.
All times in the lease database are in Greenwich Mean Time (GMT), not local time.
The lease database is recreated from time to time so that it is not too large. First, all known leases are saved in a
temporary lease database. The dhcpd.leases file is renamed dhcpd.leases~ and the temporary lease database is
written to dhcpd.leases.
The DHCP daemon could be killed or the system could crash after the lease database has been renamed to the
backup file but before the new file has been written. If this happens, the dhcpd.leases file does not exist, but it is
required to start the service. Do not create a new lease file. If you do, all old leases are lost which causes many
problems. The correct solution is to rename the dhcpd.leases~ backup file to dhcpd.leases and then start the
daemon.
15.2.1 Start the DHCP services

Use the chkconfig command to get DHCP configured to start at boot:
[root@skynet tmp]# chkconfig dhcpd on
Use the /etc/init.d/dhcpd script to start/stop/restart DHCP after booting
[root@skynet tmp]# /etc/init.d/dhcpd start
[root@skynet tmp]# /etc/init.d/dhcpd stop
[root@skynet tmp]# /etc/init.d/dhcpd restart
Remember to restart the DHCP process every time you make a change to the conf file for the changes to take
effect on the running process. You also can test whether the DHCP process is running with the following
command, you should get a response of plain old process ID numbers:

[root@skynet tmp]# pgrep dhcpd

Finally, always remember to set your PC to get its IP address via DHCP.
15.3 Configuring Linux Clients To Use DHCP

Linux NIC cards can be configured to dynamically get their IP addresses from a DHCP server by editing the
interface scripts in the /etc/sysconfig/network-scripts directory.
Here is an example shows how to configure the DHCP client:
[root@skynet tmp]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
bootproto=dhcp
wq!
Here bootproto=dhcp tells the system to get an IP address from the DHCP server during the boot time#
We can also get an IP address from DHCP server by using following command:
[root@skynet tmp]# dhclient

Linux Administration – Apache Web Server Page 84 of 167
16. Apache Web Server

16.1 Introduction - What is Apache
The Apache web server project is more than just a piece of software. The Apache web server is the best, and
most preferred, HTTP server software in use on the Internet today, and it was written entirely as a volunteer
project, by volunteer programmers, in their spare time. That, in itself, is astonishing. That is, it is to people that are
not familiar with the Open Source methodology, and Open Source projects like Linux, Perl, Sendmail, and a
variety of others. The interesting thing about these volunteer-written, free software packages is that most of us,
and our businesses, rely heavily on them, whether we are aware of it or not.
The WWW
The Internet has been around for a long time. More than 30 years now. But for most of that time, it was entirely
the domain of geeks and hobbyists. The main reason for this was that it was hard to use.
In 1991, Tim Berners-Lee developed something that he called the World Wide Web, while working at CERN. His
purpose was to give quick and easy access to documents for geographically distributed people collaborating on
projects. Along with a lot of help from the standards community (and, notably, Roy Fielding), they defined HTTP,
HTML, URLs, and the other necessary components of making the Web a reality. He then went off, and with the
help of colleagues around the world, communicating via email, developed the CERN web server, and a simple
Web client, which he dubbed a ``browser.'' The name came about because there was very little of real value on
the Web at that time, and all you ever really did was browse. Ironic that the name stuck!
NCSA
As more and more people got involved in the project, it was several Universities that contributed to the project the
most. From very early on, one of the front-runners was the National Center for Supercomupting Activities (NCSA)
at the University of Illinois at Urbana Champaign (UIUC). NCSA started working on the NCSA HTTPd (HyperText
Transfer Protocol Daemon). Although that project is not active any more, you can still see the web site of the
project at <http://hoohoo.ncsa.uiuc.edu/> It still contains a wealth of information, most of which is still relevant,
because the standards have not changed much in 8 years.
Rob McCool wrote the original code for the NCSA HTTPd, and this code was distributed without charge to the
community, for them to use, with the understanding that if they fixed bugs, or added features, that they would then
contribute them back to Rob to put into future versions.
The Apache Server
When Rob left the project, it left a problem. There were still a lot of people using his code, and actively making
patches to the code, but there was no longer anyone collecting those patches.
In 1995, Brian Behlendorf and a small group of other developers started collecting these patches in a central
repository. Brian got some space donated on a server, and set up a CVS tree so that developers could check in
patches. And in April of 1995, they released the first official release (Version 0.6.2), which was given the name
Apache, because it was `à patchy server''.
The Apache Group, as they were known at that time, had no formal organizational structure, never met,
communicated only over email, and worked entirely in their free time, on a volunteer basis. Early the next year,
Apache passed NCSA as the most widely used server on the Internet, and is now used on more than 60% of all
web servers on the Internet.
Apache's architecture
Since the 1.0 release of Apache (December 1, 1995) Apache has has a modular design. The core of the server is
very light-weight, and all other functions are implemented as modules that plug in to the core. This means that
you can keep the size of the executable down by leaving out functionality that you don't need. It also means that if
there is some functionality missing that you do need, you can write your own custom module to plug into the core.
16.2. Configuring Apache

The configuration file used by Apache is /etc/httpd/conf/httpd.conf. Like most Linux applications you have to
restart Apache before changes to the configuration file will take effect. Examples of how to configure this file will
follow.
16.2.1 Configure the /etc/httpd/conf/httpd.conf file

The httpd.conf file is the main configuration file for the Apache web server. A lot options exist, and it's important to
read the documentation that comes with Apache for more information on different settings and parameters. The
following configuration example is a minimal working configuration file for Apache, with SSL support. Also, it's
important to note that we only comment the parameters that relate to security and optimization, and leave all the
others to your own research.
Edit the httpd.conf file, vi /etc/httpd/conf/httpd.conf and add/change:
### Section 1: Global Environment
#
ServerType standalone
ServerRoot "/etc/httpd"
PidFile /var/run/httpd.pid
ResourceConfig /dev/null
AccessConfig /dev/null
Timeout 300
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 15
MinSpareServers 16
MaxSpareServers 64
StartServers 16
MaxClients 512
MaxRequestsPerChild 100000
### Section 2: 'Main' server configuration

#
Port 80
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
User www
Group www
ServerAdmin admin@wilshire.com
ServerName www.wilshire.com
DocumentRoot "/home/httpd/wst"
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/home/httpd/wst">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Files .pl>
Options None
AllowOverride None

Order deny,allow
Deny from all
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.htm index.html index.php index.php3 default.html
index.cgi
</IfModule>
#<IfModule mod_include.c>
#Include conf/mmap.conf
#</IfModule>
UseCanonicalName On
<IfModule mod_mime.c>
TypesConfig /etc/httpd/conf/mime.types
</IfModule>
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/httpd/error_log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-
Agent}i\"" combined
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/access_log combined env=!gif-image
ServerSignature Off
<IfModule mod_alias.c>
ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/"
<Directory "/home/httpd/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</IfModuleGT;
<IfModule mod_mime.c>
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddType application/x-tar .tgz

</IfModule>
ErrorDocument 500 "The server made a boo boo.

ErrorDocument 404 http://192.168.1.1/error.htm
ErrorDocument 403 "Access Forbidden -- Go away.
<IfModule mod_setenvif.c>
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-
1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
</IfModule>
### Section 3: Virtual Hosts

#
<IfDefine SSL>

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl .crl
</IfDefine>
<IfModule mod_ssl.c>
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
SSLRandomSeed startup builtin

SSLRandomSeed connect builtin
SSLLog /var/log/httpd/ssl_engine_log
SSLLogLevel warn
</IfModule>
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot "/home/httpd/wst"
ServerName www.wilshire.com
ServerAdmin admin@wilshire.com
ErrorLog /var/log/httpd/error_log
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLCACertificatePath /etc/ssl/certs
SSLCACertificateFile /etc/ssl/certs/ca.crt
SSLCARevocationPath /etc/ssl/crl
SSLVerifyClient none
SSLVerifyDepth 10
SSLOptions +ExportCertData +StrictRequire

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SetEnvIf Request_URI \.gif$ gif-image
CustomLog /var/log/httpd/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!gif-image
</VirtualHost>
</IfDefine>
This tells httpd.conf file to set itself up for this particular configuration setup with:
ServerType standalone
The option ServerType specifies how Apache should run on the system. You can run it from the super-server
inetd, or as standalone daemon. It's highly recommended to run Apache in standalone type for better
performance and speed.
ServerRoot "/etc/httpd"
The option ServerRoot specifies the directory in which the configuration files of the Apache server lives. It allows
Apache to know where it can find its configuration files when it starts.
PidFile /var/run/httpd.pid
The option PidFile specifies the location where the server will record the process id of the daemon when it starts.
This option is only required when you configure Apache in standalone mode.
ResourceConfig /dev/null

The option ResourceConfig specifies the location of the old srm.conf file that Apache read after it finished reading
the httpd.conf file. When you set the location to /dev/null, Apache allows you to include the content of this file in
httpd.conf file, and in this manner, you have just one file that handles all your configuration parameters for
simplicity.
Timeout 300
The option Timeout specifies the amount of time Apache will wait for a GET, POST, PUT request and ACKs on
transmissions. You can safely leave this option on its default values.
KeepAlive On
The option KeepAlive, if set to On, specifies enabling persistent connections on this web server. For better
performance, it's recommended to set this option to On, and allow more than one request per connection.
MaxKeepAliveRequests 0
The option MaxKeepAliveRequests specifies the number of requests allowed per connection when the KeepAlive
option above is set to On. When the value of this option is set to 0 then unlimited requests are allowed on the
server. For server performance, it's recommended to allow unlimited requests.
KeepAliveTimeout 15
The option KeepAliveTimeout specifies how much time, in seconds, Apache will wait for a subsequent request
before closing the connection. The value of 15 seconds is a good average for server performance.
MinSpareServers 16
The option MinSpareServers specifies the minimum number of idle child server processes for Apache, which is
not handling a request. This is an important tuning parameter regarding the performance of the Apache web
server. For high load operation, a value of 16 is recommended by various benchmarks on the Internet.
MaxSpareServers 64
The option MaxSpareServers specifies the maximum number of idle child server processes for Apache, which is
not handling a request. This is also an important tuning parameter regarding the performance of the Apache web
server. For high load operation, a value of 64 is recommended by various benchmarks on the Internet.
StartServers 16
The option StartServers specifies the number of child server processes that will be created by Apache on start-up.
This is, again, an important tuning parameter regarding the performance of the Apache web server. For high load
operation, a value of 16 is recommended by various benchmarks on the Internet.
MaxClients 512
The option MaxClients specifies the number of simultaneous requests that can be supported by Apache. This too
is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a
value of 512 is recommended by various benchmarks on the Internet.
MaxRequestsPerChild 100000
The option MaxRequestsPerChild specifies the number of requests that an individual child server process will
handle. This too is an important tuning parameter regarding the performance of the Apache web server.
User www
The option User specifies the UID that Apache server will run as. It's important to create a new user that has
minimal access to the system, and functions just for the purpose of running the web server daemon.
Group www
The option Group specifies the GID the Apache server will run as. It's important to create a new group that has
minimal access to the system and functions just for the purpose of running the web server daemon.
DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi
The option DirectoryIndex specifies the files to use by Apache as a pre-written HTML directory index. In other
words, if Apache can't find the default index page to display, it'll try the next entry in this parameter, if available.
To improve performance of your web server it's recommended to list the most used default index pages of your
web site first.

Include conf/mmap.conf
The option Include specifies the location of other files that you can include from within the server configuration
files httpd.conf. In our case, we include the mmap.conf file located under /etc/httpd/conf directory. This file
mmap.conf maps files into memory for faster serving.
HostnameLookups Off
The option HostnameLookups, if set to Off, specifies the disabling of DNS lookups. It's recommended to set this
option to Off in order to save the network traffic time, and to improve the performance of your Apache web server.
16.3.1 Where To Put Your Web Pages

All the statements that define the features of each web site are grouped together inside their own VirtualHost
section or "container" in the httpd.conf file. The most commonly used statements or "directives" inside a
VirtualHost container would be:
"servername" which defines the name of the website managed by the VirtualHost container. This is only needed
in "Named Virtual Hosting" as I'll explain below.
"DocumentRoot" which defines the directory in which the web pages for the site can be found.
By default, Apache will search the DocumentRoot directory for an index or "home" page named index.html. So for
example, if you have a servername of www.my-site.com with a DocumentRoot directory of
/home/www/site1/, Apache will display the contents of the file /home/www/site1/index.html when you
enter http://www.my-site.com in your browser.
Some editors like Microsoft FrontPage will create files with an ".htm", not ".html" extension. This isn't usually a
problem if all your HTML files have hyperlinks pointing to files ending in ".htm" as FrontPage does.
The problem occurs with Apache not recognizing the topmost index.htm page. The easiest solution is to create a
symbolic link ("shortcut" for Windows users) called index.html pointing to the file index.htm. This will then allow
you to edit/copy the file index.htm with index.html being updated automatically. You'll almost never have to worry
about index.html and Apache again!
In the example below we create a symbolic link to index.html in the /home/www/site1 directory.
[root@skynet tmp]# cd /home/www/site1
[root@skynet site1]# ln -s index.htm index.html
[root@skynet site1]# ll index.*
-rw-rw-r-- 1 root root 48590 Jun 18 23:43 index.htm
lrwxrwxrwx 1 root root 9 Jun 21 18:05 index.html ->
index.htm
The "l" at the very beginning of the index.html entry signifies a link and
the "->" the link target.
The Default File Location

By default, Apache expects to find all its web page files in the /var/www/html/ directory with a generic
DocumentRoot statement at the beginning of httpd.conf. The examples will use the /home/www directory to
illustrate how you can place them in other locations successfully.
File Permissions And Apache
Apache will display web as long as they are world readable. You have to make sure you make all the files and
sub-directories in your DocumentRoot have the correct permissions.
It is a good idea to have the files owned by a non privileged user so that web developers can do updates to
the files using FTP or SCP without requiring the root password.
In the example below we do this by:
1. Creating a user with a home directory of /home/www.
2. Recursively changing the file ownership permissions of the /home/www directory and all its sub-directories.

3. Changing the permissions on the /home/www directory to 755 which will allow all users, including the Apache's
httpd daemon, to read the files inside.
[root@skynet tmp]# useradd -g users www
[root@skynet tmp]# chown -R www:users /home/www
[root@skynet tmp]# chmod 755 /home/www
Now we test for the new ownership with the "ll" command.
[root@skynet tmp]# ll /home/www/site1/index.*
-rw-rw-r-- 1 www users 48590 Jun 25 23:43 index.htm
lrwxrwxrwx 1 www users 9 Jun 25 18:05 index.html ->
index.htm
[root@skynet tmp]#
Note: It is also a good practice to FTP or SCP new files to your web server as this new user. This will make all
the transferred files automatically have the correct ownership.
If you browse your website after configuring Apache and get a "permissions" error on your screen, then your files
or directories under your DocumentRoot most likely have incorrect permissions.
Appendix II has a short script <http://www.siliconvalleyccie.com/linux-hn/appendix.htm> that you can use to
recursively set the file permissions in a directory to match those expected by Apache.
You may also have to use the "Directory" directive to make Apache serve the pages once the file permissions
have been correctly set. If you have your files in the default /home/www directory then this second step becomes
unnecessary.
16.3.2 Named Virtual Hosting

You can make your web server host more than one site per IP address by using Apache's "named virtual hosting"
feature. The NameVirtualHost directive in the /etc/httpd/conf/httpd.conf file is used to tell Apache the IP addresses
which will participate in this feature.
The <VirtualHost> containers in the file then tell Apache where it should look for the web pages used on each
web site. You must specify the IP address for which each <VirtualHost> container applies.
Named Virtual Hosting Example
In the case below, the server is configured to provide content on 97.158.253.26. Notice that within each
<VirtualHost> container you specify the primary website domain name for that IP address with the ServerName
directive. The directory where the index page for that site is located is defined with the DocumentRoot directive.
You can also list secondary domain names which will serve the same content as the primary ServerName using
the ServerAlias directive.
Apache will search for a perfect match of NameVirtualHost, <VirtualHost> and ServerName when making a
decision as to which content to send to the remote user's web browser. If there is no match, then Apache will use
the first <VirtualHost> in the list that matches the target IP address of the request.
This is why we have placed a "*" <VirtualHost> at the very beginning which will be used for all other web
queries.
NameVirtualHost 97.158.253.26
<VirtualHost *>
Default Directives. (In other words, not site #1 or site #2)
</VirtualHost>
<VirtualHost 97.158.253.26>
servername www.my-site.com
Directives for site #1
</VirtualHost>
servername www.my-other-site.com
Directives for site #2
</VirtualHost>
Be careful with using "*" in other containers. A <VirtualHost> with a specific IP address will always get higher
priority than a <VirtualHost> statement with a "*" intended to cover the same IP address, even if the

ServerName directive doesn't match. To get consistent results, try to limit the use of your "*" <VirtualHost>
statements to the beginning of the list to cover any other IP addresses your server may have.
You can also have multiple NameVirtualHost directives, each with a single IP address, in cases where your web
server has more than one IP address
IP Based Virtual Hosting
The other virtual hosting option is to have one IP address per website which is also known as IP based virtual
hosting. In this case you will NOT have a NameVirtualHost directive for the IP address, and you must only have a
single <VirtualHost> container per IP address.
Example IP Virtual Hosting : Single Wild Card
In this example, Apache listens on all interfaces, but gives the same content. Apache will display the content in
the first <VirtualHost *> directive even if you add another right after it. Apache also seems to enforce the single
<VirtualHost> container per IP address requirement by ignoring any ServerName directives you may use inside it.
<VirtualHost *>
DocumentRoot /home/www/site1
</VirtualHost>
Example IP Virtual Hosting : Wild Card and IP addresses
In this example, Apache listens on all interfaces, but gives different content for addresses 97.158.253.26 and
97.158.253.27. Web surfers will get the "site1" content if they try to access the web server on any of its other IP
addresses.
<VirtualHost *>
</VirtualHost>
</VirtualHost>
</VirtualHost>
[root@skynet tmp]# service httpd restart
The Apache Error Log Files
The /var/log/httpd/error_log file is a good source for error information. Unlike the /var/log/httpd/access_log file,
there is no standardized formatting.
The /var/log/httpd/error_log file also is the location where CGI script errors are written. Many times CGI scripts will
fail with a blank screen on your browser, the /var/log/httpd/error_log file will most likely have the cause of the
problem.

Linux Administration – Sharing Resources Using SAMBA Page 92 of 167
17. Sharing Resources Using SAMBA

17.1 Introduction
Samba is a suite of utilities that allows your Linux box to share files and other resources such as printers with
Windows boxes. Either configuration will allow everyone at home to have their own logins on all the home
windows boxes while having their files on the Linux box appear to be located on a new Windows drive shared
access to printers on the Linux box shared files accessible only to members of their Linux user group.
17.2. Configuring SAMBA

Install the SAMBA
[root@skynet tmp]# rpm -ivh samba-client-3.0.0-15.i386.rpm
Start SAMBA service
You can configure Samba to start at boot time using the chkconfig command:
[root@skynet tmp]# chkconfig smb on
You can start/stop/restart Samba after boot time using the smb initialization script as in the examples below:
[root@skynet tmp]# service smb start
[root@skynet tmp]# service smb stop
[root@skynet tmp]# service smb restart
Note: Unlike many Linux packages, Samba does not need to be restarted after changes have been made to its
configuration file, as it is read after the receipt of every client request.
You can test whether the smb process is running with the pgrep command; you should get a response of plain old
process ID numbers:
[root@skynet tmp]# pgrep smb
The Samba Configuration File
The /etc/samba/smb.conf file is the main configuration file you'll need to edit. It is split into five main sections.
File Format - smb.conf
[global]
General Samba configuration parameters
[printers]
Used for configuring printers
[homes]
Defines treatment of user logins
[netlogon]
A share for storing logon scripts.
(Not created by default.)
[profile]
A share for storing domain logon information such as "favorites" and desktop icons. You can edit this file by
hand, or more simply through Samba's SWAT web interface.
17.3 Configuring SWAT (Samba Web Administration Tool)

Samba has a web based configuration tool called SWAT that allows you configure your smb.conf file without you
needing to remember all the formatting. Each SWAT screen is actually a form that covers a separate section of
the smb.conf file into which you fill in the desired parameters. For ease of use, each parameter box has its own
online help.

17.3.1 Basic SWAT Setup

You must always remember that SWAT edits the smb.conf file but also strips out any comments you may have
manually entered into it beforehand. The original Samba smb.conf file has many worthwhile comments in it and
should be saved as a reference before proceeding with SWAT which will remove them. For example, you could
save the original file with the name /etc/samba/smb.conf.original as seen below.
[root@skynet tmp]# cp /etc/samba/smb.conf /etc/samba/smb.conf.original
As you can see, using SWAT requires some understanding of the smb.conf file parameters because it eliminates
these comments. It is therefore always good practice to become familiar with the most important options in this file
before proceeding with SWAT.
SWAT doesn't encrypt your login password. This may be a security concern in a corporate environment. Because
of this, you may want to create a Samba administrator user that has no root privileges and/or only enable SWAT
access from the GUI console or localhost.
service swat
{
port = 901
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
only_from = localhost
}
The formatting of the file is fairly easy to understand, especially as there are only two entries of interest. The
"disable" parameter must be set to "no" to accept connections.
Therefore to activate SWAT the

The default configuration only allows SWAT web access from the VGA console as user "root" on port 901 with the
Linux root password. This means you'll have to enter "http://127.0.0.0:901" in your browser to get the login
screen.
You can make SWAT accessible from other servers by adding IP address entries to the only_from parameter of
the SWAT configuration file. Here's an example of an entry to allow connections only from 192.168.1.3 and
localhost. Notice there are no commas between the entries.
only_from = localhost 192.168.1.3
Therefore in this case you can also configure Samba on your Linux server "Skynet" IP with address
192.168.1.100 from PC 192.168.1.3 using the URL http://192.168.1.100:901.
Remember that most firewalls don't allow TCP port 901 trough their filters. You may have to adjust your rules for
this traffic to pass.
Controlling SWAT
As with all xinetd controlled applications, the chkconfig command will automatically modify the "disable" field
accordingly in the configuration file and activate the change.
Activating SWAT
[root@skynet tmp] chkconfig swat on
Deactivating SWAT
[root@skynet tmp] chkconfig swat off
Add Users To Your Samba Domain

Adding users to a domain has three broad phases. The first is adding a Linux user on the Samba server, the
second is creating a Samba smbpasswd that maps to the Linux user created previously, and final step is to map a
Windows drive letter to the user's Linux home directory. This is all outlined below:
Adding The Users In Linux
First go through the process of adding users in Linux just like you would normally do. Passwords won't be
necessary unless you want the users to log in to the Samba server via Telnet or SSH.
Create the user
[root@skynet tmp]# useradd -g 100 peter
Give them a Linux Password
This is only necessary if the user needs to log into the Samba server directly.
[root@skynet tmp]# passwd peter
Changing password for user peter.
New password:
Mapping The Linux Users To An smbpassword
Next you need to create Samba domain login passwords for the user
[root@skynet tmp]#/usr/bin/smbpasswd -a username password
The "-a" switch adds the user to the /etc/smbpasswd file. Use a generic password then have users change it
immediately from their workstation the usual way.
Remember the smbpasswd sets the Windows Domain login password for a user. This is different from the Linux
login password to log into the Samba box.
Create The Directory And User Group
1. Create a new Linux group marketing:
[root@skynet tmp]# /usr/sbin/groupadd marketing
2. Create a new directory for the group's files. If one user is designated as the leader, you might want to change
the chown statement to make them owner
[root@skynet tmp]# mkdir /home/parent-files
[root@skynet tmp]# chgrp marketing /home/parent-files
[root@skynet tmp]# chmod 0770 /home/parent-files
3. Next add the group members to the new group. For instance, let's add user "father" to the group.
[root@skynet tmp]# /usr/sbin/usermod -G marketing father
4. /etc/samba/smb.conf file should have an entry like this at the end:
# Marketing Shared Area
[only-marketing]
path = /home/parent-files
valid users = @marketing
Now simply restart the smb service and access the share from windows machine.
18. KICKSTART (Network Based Linux Inst over the NFS)

18.1 Introduction

RedHat Linux allows you to install the operating system over the network using a Kickstart server. It is
comparatively much faster than using CDs and the whole install process can be automated.
What are Kickstart Installations?
Many system administrators would prefer to use an automated installation method to install Red Hat Linux on
their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system
administrator can create a single file containing the answers to all the questions that would normally be asked
during a typical Red Hat Linux installation.
Kickstart files can be kept on single server system and read by individual computers during the installation. This
installation method can support the use of a single kickstart file to install Red Hat Linux on multiple machines,
making it ideal for network and system administrators.
What is required to perform Kickstart Installation?
Kickstart installations can be performed using a local CD-ROM, a local hard drive, or via NFS, FTP, or HTTP.
To use kickstart, you must:
Create a kickstart file.
Create a boot diskette with the kickstart file or make the kickstart file available on the network.
Make the installation tree available.
Start the kickstart installation.
18.2 Setting up the Installation Server

Basic Preparation
In this example we are going to set up a kickstart server that will be used in RedHat Liniux 9 installations. All the
necessary files will be placed in the /network-install directory.
18.2.1 Create the Installation Directories

We'll first create the directories /network-install and /network-install/kickstart in which we will place the necessary
files.
[root@skynet tmp]# mkdir -p /network-install/kickstart
Copy the Files
The NFS kickstart method all require the base set of RedHat files to be installed on the kickstart server. Here's
how to do it:
1. Mount your first RedHat CD ROM.
[root@skynet tmp]# mount /dev/cdrom /mnt/cdrom
[root@skynet tmp]# cp –r /mnt/cdrom/RedHat /network-install/
[root@skynet /]# eject
2. Mount the Second CD ROM and copy all the RPMS
[root@skynet /]# cp –r /mnt/cdrom/RedHat/RPMS/* /network-install/RedHat/RPMS/
3. Mount the Third CD ROM and copy all the RPMS
[root@skynet /]# cp –r /mnt/cdrom/RedHat/RPMS/* /network-install/RedHat/RPMS/
18.2.3 Setup Your NFS Server

The steps for setting up an NFS server are more complicated.
1. Create a /etc/exports file with the following entry in it. You must use tabs, not spaces between the entries
/network-install *(ro,sync)
Make sure that the portmap, nfs, nfslock and netfs daemons are all running to create an NFS server. The startup
scripts for these are found in the /etc/init.d directory.

Run the exportfs command to add this directory to the NFS database of network available directories. You should
also add this command to your /etc/rc.local file so that this is repeated after every reboot.
[root@skynet tmp]# exportfs –ra
[root@skynet tmp]# service nfs restart
[root@skynet tmp]# showmount –e ## (this command should not show any RPC
errors)
18.2.4 Setup DNS and DHCP servers.

Note : See later chapters for configuring DHCP and DNS for Kickstart
18.2.5 Create Kickstart Configuration Files

The kickstart file is a simple text file, containing a list of items, each identified by a keyword. You can create it by
editing a copy of the sample.ks file found in the RH-DOCS directory of the Red Hat Linux Documentation CD,
using the Kickstart Configurator application, or writing it from scratch. The Red Hat Linux installation program also
creates a sample kickstart file based on the options that you selected during installation. It is written to the file
/root/anaconda-ks.cfg. You should be able to edit it with any text editor or word processor that can save
files as ASCII text.
You can also create a customized kickstart configuration file by using the "ksconfig (or) redhat-config-
kickstart" command from a GUI console. It will bring up a menu from which you can select all your installation
options. When finished, you save the configuration with the filename of your choice.
18.3 Kickstart Configurator

Kickstart Configurator allows you to create a kickstart file using a graphical user interface, so that you do not have
to remember the correct syntax of the file.
To use Kickstart Configurator, you must be running the X Window System. To start Kickstart Configurator, select
the Main Menu Button (on the Panel) => System Tools => Kickstart, or type the command
/usr/sbin/redhat-config-kickstart.
As you are creating a kickstart file, you can select File => Preview at any time to review your current selections.
1. Basic Configuration:
Choose the language to use during the installation and as the default language after installation from the
Language menu. (See the figure below)
Select the system keyboard type from the Keyboard menu.
Choose the mouse for the system from the Mouse menu. If No Mouse is selected, no mouse will be configured. If
Probe for Mouse is selected, the installation program tries to auto-detect the mouse. Probing works for most
modern mice.
And go through the othe options such as Time Zone, Language, and Reboot system after
installation etc.
Enter the desired root password for the system in the Root Password text entry box. To save the password as
an encrypted password in the file, select Encrypt root password.
Basic Configuration:

If the encryption option is selected, when the file is saved, the plain text password that you typed will be encrypted
and written to the kickstart file. Do not type an already encrypted password and select to encrypt it.
2. Installation Method:
The Installation Method screen allows you to choose whether to perform a new installation or an upgrade.
If you choose upgrade, the Partition Information and Package Selection options will be disabled. They are not
supported for kickstart upgrades.
Also choose the opropriate kickstart installation to perform from this screen. You can choose from the following
options: CD-ROM, NFS, HTTP or Hard Drive. In our example we are going to perform over the NFS so choose
NFS.
3. Boot Loader Options:

You have the option of installing GRUB or LILO as the boot loader. Its recommended that you choose defaults i.e
install a boot loader, Use GRUB for the boot loader and Install Boot loader on
Master Boot Record MBR. See the following figure:
4. Creating Partitions:
To create a partition, click the Add button. The Partition Options window shown in following figure. Choose
mount point, file system type, and partition size for the new partition.
In the Additional Size Options section, choose to make the partition a fixed size, up to a chosen size, or
fill the remaining space on the hard drive. If you selected swap as the file system type, you can select to
have the installation program create the swap partition with the recommended size instead of specifying a
size.
Force the partition to be created as a primary partition.

Create the partition on a specific hard drive. For example, to make the partition on the first IDE hard disk
(/dev/hda), specify hda as the drive. Do not include /dev in the drive name.
Use an existing partition. For example, to make the partition on the first partition on the first IDE hard disk
(/dev/hda1), specify hda1 as the partition. Do not include /dev in the partition name.
Format the partition as the chosen file system type.
5. Network Configuration:

For each Ethernet card on the system, click Add Network Device and select the network device and network type
of the device. Select eth0 as the network device for the first Ethernet card, select eth1 for the second Ethernet
card, and so on.
6. Authentication:
In the Authentication section, select whether to use shadow passwords and MD5 encryption for user
passwords. These options are highly recommended and chosen by default.
The Authentication Configuration options allow you to configure the following methods of authentication: NIS,
LDAP, Kerberos 5, Hesiod, SMB, and Name Switch Cache.
7. Firewall Configuration:
The Firewall Configuration window is identical to the screen in the Red Hat Linux installation program and
the Security Level Configuration Tool, with the same functionality.
Note: It is strongly recommended that you choose Firewall Configuration as Disabled. RedHat recommends that
you configure the firewall settings manually after the installation. See Chapter 20 IPTABLES for more information.
8. X Configuration:
The first step in configuring X is to choose the default color depth and resolution. Select them from their
respective pull down menus. Be sure to specify a color depth and resolution that is compatible with the video card
and monitor for the system.
9. Package Selection:
The Package Selection window allows you to choose which package groups to install. There are also
options available to resolve and ignore package dependencies automatically. Currently, Kickstart
Configurator does not allow you to select individual packages.
10. Pre-Installation Script
You can add commands to run on the system immediately after the kickstart file has been parsed and before the
installation begins. If you have configured the network in the kickstart file, the network is enabled before this
section is processed. To include a pre-installation script, type it in the text area.
11. Post-Installation Script
You can also add commands to execute on the system after the installation is completed. If the network is
properly configured in the kickstart file, the network is enabled, and the script can include commands to access
resources on the network. To include a post-installation script, type it in the text area.
Now save the settings under /network-install/kickstart/ks.cfg.
You may want to then edit the configuration file and comment out certain parameters that may change from
system to system with ”#". These could include things like the system's name and IP address. During the kickstart
process you will be prompted for these unspecified values.
Configuring the Filename Automatically
1. Place your kickstart file in the /network-install/kickstart directory.
2. Edit your /etc/dhcpd.conf file and add the following lines to the section for the interface that will be serving
DHCP IP addresses.
filename "/network-install/kickstart/ks.cfg";
next-server 192.168.1.100
Note: Here 192.168.1.100 is the Kickstart server’s IP address. If you don’t setup this in /etc/dhcpd.conf file
then the installation client will ask you for the location of the Kickstart server and method of installation.
3. Now on the client side insert the boot floppy or CD into the kickstart client and at the boot: prompt
type in the following command:
boot: linux ks
Kickstart will first search for a configuration file named ks.cfg on either the boot CD / floppy. It will then
automatically attempt to get a DHCP IP address and see if the DHCP server will specify a configuration file.

Kickstart will then use NFS to get both the configuration file and the installation files. The rest should be
automatic.

Linux Administration – SQUID Proxy Page 101 of 167
19. SQUID Proxy server

19.1 Introduction to SQUID
Two important goals of squid are to:
Reduce Internet bandwidth charges
Limit access to the Web to only authorized users.
Users configure their web browsers to use the Squid proxy server instead of going to the web directly. The Squid
server then checks its web cache for the web information requested by the user. It will return any matching
information that finds in its cache, and if not, it will go to the web to find it on behalf of the user. Once it finds the
information, it will populate its cache with it and also forward it to the user's web browser.
As you can see, this reduces the amount of data accessed from the web. Another advantage is that you can
configure your firewall to only accept HTTP web traffic from the Squid server and no one else. Squid can then be
configured to request usernames and passwords for each user that users its services. This provides simple
access control to the Internet.
Install the Squid package from the 3rd CD of RedHat9 distribution.
Note: Before we configure a PROXY server its compulsory that you configure Internet connection either by using
a Leased line or by using PPP Dial-out server. If the ISP connection we have is a Leased line or Cable
connection, simply configure /etc/resolv.conf with your ISP’s DNS <domain name> and nameserver <IP
addresses>. In case you are using a modem Dial-out server to connect to the ISP, use kppp Dial-out configuration
GUI utility.
19.2 Configuring SQUID

Start the SQUID service
Use the chkconfig to configure Squid to start at boot:
[root@skynet tmp]# chkconfig squid on
Use the service command can be used to start/stop/restart Squid after booting
[root@skynet tmp]# service squid start
[root@skynet tmp]# service squid stop
[root@skynet tmp]# service squid restart
You can test whether the Squid process is running with the following command, you should get a response of
plain old process ID numbers:
[root@skynet tmp]# pgrep squid
19.2.1 The /etc/squid/squid.conf File

The main Squid configuration file is squid.conf which we'll discuss in detail in following sections.
Activating Configuration Changes
Like most Linux applications, Squid needs to be restarted in order for changes to the configuration file can take
effect.
The Visible Host Name
Note: Older versions of Squid will fail to start if you don't give your server a hostname. You can set this with the
"visible_hostname" parameter in /etc/squid/squid.conf. Here we set it to the real name of our server "wstsun1".
visible_hostname wstsun1

19.2.2 Access Control Lists

You can limit users' ability to browse the Internet with access control lists (ACLs). Each ACL line defines a
particular type of activity, such as an access time or source network, they are then linked to an http_access
statement that tells squid whether or not to deny or allow traffic that matches the ACL.
Here are some guide lines that may be helpful:
Squid matches each web access request it receives by checking the http_access list from top to bottom. If it finds
a match, it enforces the "allow" or "deny" statement and stops reading further. You will have to be careful not to
place a "deny" statement in the list that blocks a similar "allow" statement below it. The final http_access
statement denies everything, so it is best to place new http_access statements above it.
Squid has a minimum required set of ACL statements in the ACCESS_CONTROL section of the squid.conf file. It
is best to put new customized entries right after this list to make the file easier to read.
19.2.3 Restricting Web Access by Time

Access control lists can be created with time parameters. Here are some quick examples. Remember to restart
Squid for the changes to take effect.
Only Allow Business Hour Access from the Home Network
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
#
# Add this at the top of the http_access section of squid.conf
#
http_access allow home_network business_hours
Only Allow Access In The Morning
#
#
acl mornings time 08:00-12:00
#
#
http_access allow mornings
Restricting Web Access By IP Address

You can create an access control list (ACL) that restricts web access to users on certain networks. In this case
we're creating an ACL that defines our home network of 192.168.1.0.
#
#
acl home_network src 192.168.1.0/255.255.255.0
You will also have to add a corresponding http_access statement that allows
traffic that matches the ACL.
#
#
http_access allow home_network
Remember to restart Squid for the changes to take effect.
[root@skynet tmp]# service squid restart

19.2.4 Configure the Web Browsers to Use Your Squid Server

If you don't have a firewall that supports redirection then you'll need to:
Configure your firewall to only accept HTTP Internet access from the Squid server
Configure your PC browser's proxy server settings manually to use the squid server using the following
methods:
Internet Explorer
Here's how to make these changes using Internet Explorer.
1. Click on the "Tools" item on the menu bar of the browser.
2. Click on "Internet Options"
3. Click on "Connections"
4. Click on "LAN Settings"
5. Configure with the address and TCP port (3128 default) used by your Squid server.
Mozilla / Netscape
Here's how to make these changes using Mozilla.
Click on the "Edit" item on the menu bar of the browser.
1. Click on "Preferences"
2. Click on "Advanced"
3. Click on "Proxies"
4. Configure with the address and TCP port (3128 default) used by your Squid server under "Manual Proxy
Configuration"

Linux Administration – IPTABLES Page 104 of 167
20. IPTABLES (Netfilter)

20.1 What is iptables?
Originally, the most popular firewall / NAT package running on Linux was ipchains but it had a number of
shortcomings. The Netfilter <http://www.netfilter.org/> organization decided to create a new product called
iptables in order to rectify this and developed these improvements and more:
The iptables application has better integration with the Linux kernel with the capability of loading iptables specific
kernel modules designed for improved speed and reliability.
iptables does "stateful" packet inspection. This means that the firewall keeps track of each connection passing
through it and in certain cases will view the contents of data flows in an attempt to anticipate the next action of
certain protocols. This is an important feature in the support of active FTP and DNS as well as many other
network services.
iptables can filter packets by MAC address and the values of the flags in the TCP header. This is helpful in
preventing attacks using malformed packets and in restricting access from locally attached servers to other
networks in spite of what their IP addresses are.
There have been improvements in system logging which now provides the option of adjusting the level of detail of
the reporting.
Network address translation has been improved and new support for transparent integration with web proxy
programs such as Squid has been incorporated into the product.
The new rate limiting feature helps iptables to block some types of denial of service (DoS) attacks
20.1.1 Overview
Note: 2.4 and above kernels only.
Many benefits over ipchains:
Connection Tracking.
Rate Limiting.
Many more filtering options: All TCP flags, MAC address user, etc.
Improved logging.
Format
iptables [table] [action] [chain] [options]
[target]
iptables -t filter -A INPUT -m state --state NEW -p tcp -s
12.168.1.0/24 -j ACCEPT
Capabilities
Table - Specifies which table the chain applies to: nat, filter, or mangle/
Action –Action to be taken on specified n/w or host.
Chains - 5 Built-in chains. Names capitalized unlike IPCHAINS.
# Filter Table:
INPUT - All packets entering an interface that are destined for a local process use this chain.
FORWARD - Only packets routed from one interface to another pass through this chain.
OUTPUT - All packets leaving an interface that originated from a local process use these chains.
# Nat Table:
PREROUTING - Rules in this chain occur before it is determined whether the packet will use the INPUT or
FORWARD chain. Destination NAT (DNAT) is configured using this chain.
POSTROUTING - Rules in this chain occur after the OUTPUT and FORWARD chains. Source NAT (SNAT) is
configured using this chain.
Options
-i = Input interface (eth0, eth1, lo)
-o = Output interface (eth0, eth1, lo)
-p = Protocol (udp,tcp,icmp, or the protocol number)
-s = Source address of packet (192.168.1.20, 192.168.1.0/24, etc.)
-d = Same as -s, only for the destination address
-m = Specify an extension module to load (e.g. -m state). This must be the
first option specified if it is used
--sport = Source port
--dport = Destination port
Targets
# 3 Default Targets
DROP = DROP the packet without returning an indication that it was dropped to the source
ACCEPT = Accept the packet
<CHAIN> = A user defined chain
# Additional Targets provided by modules:
LOG = Log the packet
REJECT = Reject the packet and send the source a user defined response (defaults to an icmp error message)
Connection Tracking
Requires state module (-m state).
Packet STATES:
NEW = A new connection
ESTABLISHED = Packet is part of an existing connection
RELATED = Packet is related to an existing connection (e.g. ICMP error messages)
INVALID = Packet doesn't belong to any other connection
Tracking FTP Connections:
Because of the nature of the FTP protocol, tracking ftp connections requires a special kernel module:
ip_conntrack_ftp. If you wish to use NAT with ftp connection tracking, you must also load the ip_nat_ftp kernel
module
Install Iptables iptables-1.2.9-1.0.i386.rpm package from 3rd CD of RedHat distribution.
Start iptables service
You can start/stop/restart iptables after booting by using the following commands:
[root@skynet tmp]# service iptables start
[root@skynet tmp]# service iptables stop
[root@skynet tmp]# service iptables restart
To get iptables configured to start at boot you can use the chkconfig command.
[root@skynet tmp]# chkconfig iptables on
IPTABLES Examples
# Set the default Policies to DENY

iptables -P INPUT DENY
iptables -P OUTPUT DENY
iptables -P FORWARD DENY
# Allow all incoming tcp connections on interface eth0 to port 80 (www)
iptables -A INPUT -i eth0 -p tcp -s 0.0.0.0 --sport 1024: --dport 80 -j
ACCEPT
# We must also allow packets back out in order for the connection to work since we aren't using connection
tracking
[root@skynet tmp]#iptables -A OUTPUT -o eth0 -p tcp --sport 80 -d 0.0.0.0 --
dport 1024: -j ACCEPT
# Allow outgoing connections to all ports, and use connection #tracking so we don't have to create rules to allow
us to receive the packets coming back.
[root@skynet tmp]#iptables -A OUTPUT -m state –state NEW,ESTABLISHED,RELATED
-o eth0 -p tcp --sport 1024: -j ACCEPT
[root@skynet tmp]#iptables -A INPUT -m state –state ESTABLISHED,RELATED -i
eth0 -p tcp --dport 1024: -j ACCEPT
# Allow external access to our DNS services, and keep state on the connection.
[root@skynet tmp]#iptables -A INPUT -m state –state NEW,ESTABLISHED,RELATED -
i eth0 -p udp --dport 53 -j ACCEPT
[root@skynet tmp]#iptables -A OUTPUT -m state –state ESTABLISHED,RELATED
-o eth0 -p udp --sport 53 -j ACCEPT
# Redirect all incoming traffic that hits port 8080 to port 80 on a web server in our internal LAN
[root@skynet tmp]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -
j DNAT --to 192.168.1.10:80
# Allow ICMP echo requests, but limit them to 1 per second. A burst of 3 will allow a burst of up to 3 ICMP
packets before the rate limiting kicks in.
[root@skynet tmp]#iptables -A INPUT -i eth0 -p icmp -s-icmp-type 8 -m state -
-state NEW,ESTABLISHED -m limit --limit 1/s --limit-burst 3 -j ACCEPT
[root@skynet tmp]#iptables -A OUTPUT -o eth0 -p icmp -m state --state
ESTABLISHED -j ACCEPT
Status Messages
[root@skynet tmp]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
[root@skynet tmp]#
Saving iptable Scripts

The "service iptables save" command will permanently save the iptables configuration in the
/etc/sysconfig/iptables file. When the system reboots, the iptables-restore program reads the
configuration and makes it the active configuration.
The format of the /etc/sysconfig/iptables file is slightly different from that of the scripts shown in this
document. The initialization of built in chains is automatic and the string "iptables" is omitted from the rule
statements.

Linux Administration – Linux Resorce Monitoring Page 107 of 167
21. Linux Resource Monitoring

21.1 Resource Monitoring Commands
Red Hat Linux comes with a variety of resource monitoring tools. While there are more than those listed here,
these tools are representative in terms of functionality. The tools are:
free
top (and GNOME System Monitor, a more graphically oriented version of top)
vmstat
The Sysstat suite of resource monitoring tools
Let us look at each one in more detail.
free
The free command displays system memory utilization. Here is an example of its output:
total used free shared
buffers cached
Mem: 255508 240268 15240 0 7592 86188
-/+ buffers/cache: 146488 109020
Swap: 530136 26268 503868
The Mem: row displays physical memory utilization, while the Swap: row displays the utilization of the system
swap space, and the -/+ buffers/cache: row displays the amount of physical memory currently devoted to system
buffers.
Since free by default only displays memory utilization information once, it is only useful for very short-term
monitoring, or quickly determining if a memory-related problem is currently in progress. Although free has the
ability to repetitively display memory utilization figures via its -s option, the output scrolls, making it difficult to
easily see changes in memory utilization.
A better solution than using free -s would be to run free using the watch command. For example, to display
memory utilization every two seconds (the default display interval), use this command:
[root@skynet tmp]#watch free
The watch command issues the free command every two seconds, after first clearing the screen. This makes it
much easier to see how memory utilization changes over time, as it is not necessary to scan continually scrolling
output. You can control the delay between updates by using the -n option, and can cause any changes between
updates to be highlighted by using the -d option, as in the following command
[root@skynet tmp]#watch -n 1 -d free
top
While free displays only memory-related information, the top command does a little bit of everything. CPU
utilization, process statistics, memory utilization — top does it all. In addition, unlike the free command, top's
default behavior is to run continuously; there is no need to use the watch command. Here is a sample display:
11:13am up 1 day, 31 min, 5 users, load average: 0.00, 0.05, 0.07

89 processes: 85 sleeping, 3 running, 1 zombie, 0 stopped
CPU states: 0.5% user, 0.7% system, 0.0% nice, 98.6% idle
Mem: 255508K av, 241204K used, 14304K free, 0K shrd, 16604K buff
Swap: 530136K av, 56964K used, 473172K free 64724K cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND
8532 ed 16 0 1156 1156 912 R 0.5 0.4 0:11 top
1520 ed 15 0 4084 3524 2752 S 0.3 1.3 0:00 gnome-

terminal
1481 ed 15 0 3716 3280 2736 R 0.1 1.2 0:01 gnome-
terminal
1560 ed 15 0 11216 10M 4256 S 0.1 4.2 0:18 emacs
1 root 15 0 472 432 416 S 0.0 0.1 0:04 init
2 root 15 0 0 0 0 SW 0.0 0.0 0:00 keventd
3 root 15 0 0 0 0 SW 0.0 0.0 0:00 kapmd
4 root 34 19 0 0 0 SWN 0.0 0.0 0:00
ksoftirqd_CPU0
5 root 15 0 0 0 0 SW 0.0 0.0 0:00 kswapd
6 root 25 0 0 0 0 SW 0.0 0.0 0:00 bdflush
7 root 15 0 0 0 0 SW 0.0 0.0 0:00 kupdated
8 root 25 0 0 0 0 SW 0.0 0.0 0:00 mdrecoveryd
12 root 15 0 0 0 0 SW 0.0 0.0 0:00 kjournald
91 root 16 0 0 0 0 SW 0.0 0.0 0:00 khubd
576 root 15 0 712 632 612 S 0.0 0.2 0:00 dhcpcd
The display is divided into two sections. The top section contains information related to overall system status —
uptime, load average, process counts, CPU status, and utilization statistics for both memory and
swap space. The lower section displays process-level statistics, the exact nature of which can be controlled while
top is running.
The GNOME System Monitor — A Graphical top

If you are more comfortable with graphical user interfaces, the GNOME System Monitor may be more to your
liking. Like top, the GNOME System Monitor displays information related to overall system status, process counts,
memory and swap utilization, and process-level statistics.
However, the GNOME System Monitor goes a step further by also including graphical representations of CPU,
memory, and swap utilization, along with a tabular disk space utilization listing. Here is an example of the
GNOME System Monitor's Process Listing display:

The GNOME System Monitor Process Listing Display

Additional information can be displayed for a specific process by first clicking on the desired process and then
clicking on the More Info button.
To view the CPU, memory, and disk usage statistics, clicks on the System Monitor tab.
vmstat
For a more concise view of system performance, try vmstat. Using this resource monitor, it is possible to get an
overview of process, memory, swap, I/O, system, and CPU activity in one line of numbers:
procs memory swap io system
cpu
r b w swpd free buff cache si so bi bo in cs us
sy id
1 0 0 0 524684 155252 338068 0 0 1 6 111 114 10
3 87
The process-related fields are:
r — The number of runnable processes waiting for access to the CPU
b — The number of processes in an uninterruptible sleep state
w — The number of processes swapped out, but runnable
The memory-related fields are:
swpd — The amount of virtual memory used
free — The amount of free memory
buff — The amount of memory used for buffers
cache — The amount of memory used as page cache
The swap-related fields are:
si — The amount of memory swapped in from disk
so — The amount of memory swapped out to disk
The I/O-related fields are:
bi — Blocks sent to a block device
bo— Blocks received from a block device
The system-related fields are:
in — The number of interrupts per second
cs — The number of context switches per second
The CPU-related fields are:
us — The percentage of the time the CPU ran user-level code
sy — The percentage of the time the CPU ran system-level code
id — The percentage of the time the CPU was idle
When vmstat is run without any options, only one line is displayed. This line contains averages, calculated from
the time the system was last booted.
However, most system administrators do not rely on the data in this line, as the time over which it was collected
varies. Instead, most administrators take advantage of vmstat's ability to repetitively display resource utilization
data at set intervals. For example, the command vmstat 1 displays one new line of utilization data every second,
while the command vmstat 1 10 displays one new line per second, but only for the next ten seconds.
In the hands of an experienced administrator, vmstat can be used to quickly determine resource utilization and
performance issues. But to gain more insight into those issues, a different kind of tool is required — a tool capable
of more in-depth data collection and analysis.
pstree
Gives a hierarchical structure of all currently running processs:

21.2 The proc File System

The Linux kernel has two primary functions: to control access to physical devices on the computer and to
schedule when and how processes interact with these devices. The /proc/ directory contains a hierarchy of
special files which represent the current state of the kernel -allowing applications and users to peer into the
kernel's view of the system.
Within the /proc/ directory, one can find a wealth of information detailing the system hardware and any
processes currently running. In addition, some of the files within the /proc/ directory tree can be manipulated
by users and applications to communicate configuration changes to the kernel.
A Virtual File System

Under Linux, all data are stored as files. Most users are familiar with the two primary types of files: text and
binary. But the /proc/ directory contains another type of file called a virtual file. It is for this reason that /proc/
is often referred to as a virtual file system.
These virtual files have unique qualities. Most of them are listed as zero bytes in size and yet when one is viewed,
it can contain a large amount of information. In addition, most of the time and date settings on virtual files refiect
the current time and date, indicative of the fact they are constantly updated. Virtual files such as
/proc/interrupts, /proc/meminfo, /proc/mounts, and /proc/partitions provide an up-to-the-
moment glimpse of the system's hardware. Others, like /proc/filesystems and the /proc/sys/ directory
provide system configuration information and interfaces.
For organizational purposes, files containing information on a similar topic are grouped into virtual directories and
sub-directories. For instance, /proc/ide/ contains information for all physical IDE devices. Likewise, process
directories contain information about each running process on the system.
Viewing Virtual Files
By using the cat, more, or less commands on files within the /proc/ directory, users can immediately access
an enormous amount of information about the system.
For example, to display the type of CPU a computer has, type cat /proc/cpuinfo to receive output similar to
the following:

processor : 0
vendorfiid : AuthenticAMD
cpu family : 5
model : 9
model name : AMD-K6(tm) 3D+ Processor
stepping : 1
cpu MHz : 400.919
cache size : 256 KB
fdivfibug : no
hltfibug : no
f00ffibug : no
comafibug : no
fpu : yes
fpufiexception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6fimtrr
bogomips : 799.53
When viewing different virtual files in the /proc/ file system, some of the information is easily understandable
while some is not human-readable. This is in part why utilities exist to pull data from virtual files and display it in a
useful way. Examples of these utilities include lspci, apm, free, and top.
As a general rule, most virtual files within the /proc/ directory are read only. However, some can be used to
adjust settings in the kernel. This is especially true for files in the /proc/sys/ subdirectory.
21.2.1 Top-level Files in the proc File System

Below is a list of some of the more useful virtual files in the top-level of the /proc/ directory.
Note: In most cases, the content of the files listed in this section will not be the same on your machine. This is
because much of the information is specific to the hardware on which Red Hat Linux is running.
/proc/cmdline
This file shows the parameters passed to the kernel at the time it is started. A sample /proc/cmdline file looks
like this:
ro root=/dev/hda2
This tells us that the kernel is mounted read-only (signified by (ro)) off of the second partition on the first IDE
device (/dev/hda2).
/proc/cpuinfo
This virtual file identifies the type of processor used by your system. The following is an example of
the output typical of /proc/cpuinfo:
processor : 0
vendorfiid : AuthenticAMD
cpu family : 5
model : 9
model name : AMD-K6(tm) 3D+ Processor
stepping : 1
cpu MHz : 400.919
cache size : 256 KB
fdivfibug : no
hltfibug : no
46 Chapter 5. The proc File System
f00ffibug : no
comafibug : no
fpu : yes
fpufiexception : yes
cpuid level : 1
wp : yes

flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6fimtrr
bogomips : 799.53
processor - Provides each processor with an identifying number. On systems that have one processor, there
will be only a 0.
cpu family - Authoritatively identifies the type of processor you have in the system. For an Intel-based system,
place the number in front of "86" to determine the value. This is particularly helpful for those attempting to identify
the architecture of an older system such as a 586, 486, or 386. Because some RPM packages are compiled for
each of these particular architectures, this value also helps users determine which packages to install.
model name - Displays the common name of the processor, including its project name.
cpu MHz - Shows the precise speed in megahertz for the processor to the thousandth decimal point.
cache size - Displays the amount of level 2 memory cache available to the processor.
flags - Defines a number of different qualities about the processor, such as the presence of a fioating point unit
(FPU) and the ability to process MMX instructions.
/proc/devices
This file displays the various character and block devices currently configured (not include devices whose
modules are not loaded). Below is a sample output from this file:
Character devices:
1 mem
2 pty
3 ttyp
4 ttyS
5 cua
7 vcs
10 misc
14 sound
29 fb
36 netlink
128 ptm
129 ptm
136 pts
137 pts
162 raw
254 iscsictl
Block devices:
1 ramdisk
2 fd
3 ide0
9 md
22 ide1
/proc/filesystems
This file displays a list of the file system types currently supported by the kernel. Sample output from a generic
/proc/filesystems looks similar to this:
nodev rootfs
nodev bdev
nodev proc
nodev sockfs
nodev tmpfs
nodev shm
nodev pipefs
ext2
nodev ramfs
iso9660
nodev devpts

ext3
nodev autofs
nodev binfmtfimisc
The first column signifies whether the file system is mounted on a block device. Those beginning with nodev are
not mounted on a device. The second column lists the names of the file systems supported. The mount
command cycles through these file systems listed here when one is not specified as an argument.
/proc/interrupts
This file records the number of interrupts per IRQ on the x86 architecture. A standard /proc/interrupts looks
similar to this:
CPU0
0: 80448940 XT-PIC timer
1: 174412 XT-PIC keyboard
2: 0 XT-PIC cascade
8: 1 XT-PIC rtc
10: 410964 XT-PIC eth0
12: 60330 XT-PIC PS/2 Mouse
14: 1314121 XT-PIC ide0
15: 5195422 XT-PIC ide1
NMI: 0
ERR: 0
For a multi-processor machine, this file may look slightly different:

CPU0 CPU1
0: 1366814704 0 XT-PIC timer
1: 128 340 IO-APIC-edge keyboard
2: 0 0 XT-PIC cascade
8: 0 1 IO-APIC-edge rtc
12: 5323 5793 IO-APIC-edge PS/2 Mouse
13: 1 0 XT-PIC fpu
16: 11184294 15940594 IO-APIC-level Intel EtherExpress Pro 10/100 Ethernet
20: 8450043 11120093 IO-APIC-level megaraid
30: 10432 10722 IO-APIC-level aic7xxx
31: 23 22 IO-APIC-level aic7xxx
NMI: 0
ERR: 0
The first column refers to the IRQ number. Each CPU in the system has its own column and its own number of
interrupts per IRQ. The next column reports the type of interrupt, and the last column contains the name of the
device that is located at that IRQ.
Each of the types of interrupts seen in this file, which are architecture-specific, mean something a little different.
For x86 machines, the following values are common:
XT-PIC- This is the old AT computer interrupts.
IO-APIC-edge - The voltage signal on this interrupt transitions from low to high, creating an edge, where the
interrupt occurs and is only signaled once. This kind of interrupt, as well as the
IO-APIC- level interrupt, are only seen on systems with processors from the 586 family and higher.
IO-APIC-level - Generates interrupts when its voltage signal goes high until the signal goes low again.

Linux Administration – Backups Page 114 of 167
22. Backups
22.1 Introduction
Backups have two major purposes:
To permit restoration of individual files
To permit wholesale restoration of entire file systems
The first purpose is the basis for the typical file restoration request: a user accidentally deletes a file and asks that
it be restored from the latest backup. The exact circumstances may vary somewhat, but this is the most common
day-to-day use for backups.
The second situation is a system administrator's worst nightmare: for whatever reason, the system administrator
is staring at hardware that used to be a productive part of the data center. Now, it is little more than a lifeless
chunk of steel and silicon. The thing that is missing is all the software and data you and your users have
assembled over the years. Supposedly everything has been backed up. The question is: has it? And if it has, can
yourestore it?
22.2 Different Data: Different Backup Needs

The pace at which data changes is crucial to the design of a backup procedure. There are two reasons for this:
A backup is nothing more than a snapshot of the data being backed up. It is a reflection of that data at a
particular moment in time.
Data that changes infrequently can be backed up infrequently, while data that changes often must be
backed up more frequently.
System administrators that have a good understanding of their systems, users, and applications should be able to
quickly group the data on their systems into different categories. However, here are some examples to get you
started:
Operating System
This data normally only change during upgrades, the installation of bug fixes, and any site-specific modifications
Application Software
This data changes whenever applications are installed, upgraded, or removed.
Application Data
This data changes as frequently as the associated applications are run. Depending on the specific application and
your organization, this could mean that changes take place second-by-second or once at the end of each fiscal
year.
User Data
This data changes according to the usage patterns of your user community. In most organizations, this means
that changes take place all the time.
Based on these categories (and any additional ones that are specific to your organization), you should have a
pretty good idea concerning the nature of the backups that are needed to protect your data.
22.3 Types of Backups

If you were to ask a person that was not familiar with computer backups, most would think that a backup was just
an identical copy of all the data on the computer. In other words, if a backup was created Tuesday evening, and
nothing changed on the computer all day Wednesday, the backup created Wednesday evening would be identical
to the one created on Tuesday.
While it is possible to configure backups in this way, it is likely that you would not. To understand more about this,
we must first understand the different types of backups that can be created. They are:
Full backups

Incremental backups
Differential backups
22.3.1 Full Backups

The type of backup that was discussed at the beginning of this section is known as a full backup. A full backup is
a backup where every single file is written to the backup media. As noted above, if the data being backed up
never changes, every full backup being created will be the same.
That similarity is due to the fact that a full backup does not check to see if a file has changed since the last
backup; it blindly writes everything to the backup media whether it has been modified or not.
This is the reason why full backups are not done all the time — every file is written to the backup media. This
means that a great deal of backup media is used even if nothing has changed. Backing up 100 gigabytes of data
each night when maybe 10 megabytes worth of data has changed is not a sound approach; that is why
incremental backups were created.
22.3.2 Incremental Backups

Unlike full backups, incremental backups first look to see whether a file's modification time is more recent than its
last backup time. If it is not, the file has not been modified since the last backup and can be skipped this time. On
the other hand, if the modification date is more recent than the last backup date, the file has been modified and
should be backed up.
Incremental backups are used in conjunction with a regularly-occurring full backup (for example, a weekly full
backup, with daily incrementals).
The primary advantage gained by using incremental backups is that the incremental backups run more quickly
than full backups. The primary disadvantage to incremental backups is that restoring any given file may mean
going through one or more incremental backups until the file is found. When restoring a complete file system, it is
necessary to restore the last full backup and every subsequent incremental backup.
In an attempt to alleviate the need to go through every incremental backup, a slightly different approach was
implemented. This is known as the differential backup.
22.3.3 Differential Backups

Differential backups are similar to incremental backups in that both backup only modified files. However,
differential backups are cumulative — in other words, with a differential backup, once a file has been modified it
continues to be included in all subsequent differential backups (until the next, full backup, of course).
This means that each differential backup contains all the files modified since the last full backup, making it
possible to perform a complete restoration with only the last full backup and the last differential backup.
Like the backup strategy used with incremental backups, differential backups normally follow the same approach:
a single periodic full backup followed by more frequent differential backups.
The effect of using differential backups in this way is that the differential backups tend to grow a bit over time
(assuming different files are modified over the time between full backups). This places differential backups
somewhere between incremental backups and full backups in terms of backup media utilization and backup
speed, while often providing faster single-file and complete restorations (due to fewer backups to search/restore).
Given these characteristics, differential backups are worth careful consideration.
22.4. Backup Media

We have been very careful to use the term "backup media" throughout the previous sections. There is a reason
for that. Most experienced system administrators usually think about backups in terms of reading and writing
tapes, but today there are other options.
At one time, tape devices were the only removable media devices that could reasonably be used for backup
purposes. However, this has changed. In the following sections we look at the most popular backup media, and
review their advantages as well as their disadvantages.

Tape
Tape was the first widely-used removable data storage medium. It has the benefits of low media cost and
reasonably-good storage capacity. However, tape has some disadvantages — it is subject to wear, and data
access on tape is sequential in nature.
These factors mean that it is necessary to keep track of tape usage (retiring tapes once they have reached the
end of their useful life), and that searching for a specific file on tape can be a lengthy proposition.
On the other hand, tape is one of the most inexpensive mass storage media available, and it has a long history of
reliability. This means that building a good-sized tape library need not consume a large part of your budget, and
you can count on it being usable now and in the future.
Disk
In years past, disk drives would never have been used as a backup medium. However, storage prices have
dropped to the point where, in some cases, using disk drives for backup storage does make sense.
The primary reason for using disk drives as a backup medium would be speed. There is no faster mass storage
medium available. Speed can be a critical factor when your data center's backup window is short, and the amount
of data to be backed up is large.
But disk storage is not the ideal backup medium, for a number of reasons:
Disk drives are not normally removable.
Disk drives are expensive
Disk drives are fragile. Even if you spend the extra money for removable disk drives, their fragility can be
a problem.
Disk drives are not archival media.
Network
By itself, a network cannot act as backup media. But combined with mass storage technologies, it can serve quite
well. For instance, by combining a high-speed network link to a remote data center containing large amounts of
disk storage, suddenly the disadvantages about backing up to disks mentioned earlier are no longer
disadvantages.
By backing up over the network, the disk drives are already off-site, so there is no need for transporting fragile
disk drives anywhere. With sufficient network bandwidth, the speed advantage you can get from backing up to
disk drives is maintained.
However, this approach still does nothing to address the matter of archival storage (though the same "spin off to
tape after the backup" approach mentioned earlier can be used). In addition, the costs of a remote data center
with a high-speed link to the main data center make this solution extremely expensive. But for the types of
organizations that need the kind of features this solution can provide, it is a cost they gladly pay.
22.5 Red Hat Linux-Specific Information (applies to all versions)

There is little about the general topic of disasters and disaster recovery that has a direct bearing on any specific
operating system. After all, the computers in a flooded data center will be inoperative whether they run Red Hat
Enterprise Linux or some other operating system. However, there are parts of Red Hat Linux that relate to certain
specific aspects of disaster recovery; these are discussed in this section.
22.5.1 Software Support

As a software vendor, Red Hat does have a number of support offerings for its products, including Red Hat Linux.
You are using the most basic support tool right now by reading this manual. Documentation for Red Hat Linux is
available on the Red Hat Linux Documentation CD (which can also be installed on your system for fast access), in
printed form.
Self support options are available via the many mailing lists hosted by Red Hat (available at
<https://listman.redhat.com/mailman/listinfo/>). These mailing lists take advantage of the combined knowledge of

Red Hat's user community; in addition, many lists are monitored by Red Hat personnel, who contribute as time
permits. Other resources are available from Red Hat's main support page at
<http://www.redhat.com/apps/support/>.
More comprehensive support options exist; information on them can be found on the Red Hat website.
22.5.2 Backup Utilities

Red Hat Linux comes with several different programs for backing up and restoring data. By themselves, these
utility programs do not constitute a complete backup solution. However, they can be used as the nucleus of such
a solution.
tar
The tar utility is well known among UNIX system administrators. It is the archiving method of choice for sharing
ad-hoc bits of source code and files between systems. The tar implementation included with Red Hat Enterprise
Linux is GNU tar, one of the more feature-rich tar implementations.
Using tar, backing up the contents of a directory can be as simple as issuing a command similar to the following:
tar cf /mnt/backup/home-backup.tar /home/
This command creates an archive file called home-backup.tar in /mnt/backup/. The archive contains the contents
of the /home/ directory.
The resulting archive file will be nearly as large as the data being backed up. Depending on the type of data being
backed up, compressing the archive file can result in significant size reductions. The archive file can be
compressed by adding a single option to the previous command:
tar czf /mnt/backup/home-backup.tar.gz /home/
cpio
The cpio utility is another traditional UNIX program. It is an excellent general-purpose program for moving data
from one place to another and, as such, can serve well as a backup program.
The behavior of cpio is a bit different from tar. Unlike tar, cpio reads the names of the files it is to process via
standard input. A common method of generating a list of files for cpio is to use programs such as find whose
output is then piped to cpio:
find /home/ | cpio -o > /mnt/backup/home-backup.cpio
This following command creates a cpio archive file (containing the everything in /home/) called home-backup.cpio
and residing in the /mnt/backup/ directory.
find /home/ -atime +365 | cpio -o > /mnt/backup/home-backup.cpio
AMANDA
AMANDA (The Advanced Maryland Automatic Network Disk Archiver) is a client/server based backup application
produced by the University of Maryland. By having a client/server architecture, a single backup server (normally a
fairly powerful system with a great deal of free space on fast disks and configured with the desired backup device)
can back up many client systems, which need nothing more than the AMANDA client software.
This approach to backups makes a great deal of sense, as it concentrates those resources needed for backups in
one system, instead of requiring additional hardware for every system requiring backup services. AMANDA's
design also serves to centralize the administration of backups, making the system administrator's life that much
easier.
The AMANDA server manages a pool of backup media and rotates usage through the pool in order to ensure that
all backups are retained for the administrator-dictated retention period. All media is pre-formatted with data that

allows AMANDA to detect whether the proper media is available or not. In addition, AMANDA can be interfaced
with robotic media changing units, making it possible to completely automate backups.
In operation, AMANDA is normally scheduled to run once a day during the data center's backup window. The
AMANDA server connects to the client systems and directs the clients to produce estimated sizes of the backups
to be done. Once all the estimates are available, the server constructs a schedule, automatically determining the
order in which systems are to be backed up.
Once the backups actually start, the data is sent over the network from the client to the server, where it is stored
on a holding disk. Once a backup is complete, the server starts writing it out from the holding disk to the backup
media. At the same time, other clients are sending their backups to the server for storage on the holding disk.
This results in a continuous stream of data available for writing to the backup media. As backups are written to the
backup media, they are deleted from the server's holding disk.
Once all backups have been completed, the system administrator is emailed a report outlining the status of the
backups, making review easy and fast.
Should it be necessary to restore data, AMANDA contains a utility program that allows the operator to identify the
file system, date, and file name(s). Once this is done, AMANDA identifies the correct backup media and then
locates and restores the desired data. As stated earlier, AMANDA's design also makes it possible to restore data
even without AMANDA's assistance, although identification of the correct media would be a slower, manual
process.
dump/restore
The dump and restore programs are Linux equivalents to the UNIX programs of the same name. As such,
many system administrators with UNIX experience may feel that dump and restore are viable candidates for a
good backup program under Red Hat Enterprise Linux. However, one method of using dump can cause
problems.
The dump(8) and restore(8) commands have traditionally been used on the BSD systems to backup and
restore filesystems. Dump backups a filesystem as a whole into an `àrchive'', and restore retrieves files from it.
Although the archive may be created as a regular file on a regular filesystem, it is usually stored on an external
backup device such as a magnetic tape. Some features are implemented in dump to support such devices.
22.6 Working with “dump/restore”

The “dump” handles a physical filesystem as an archiving target and the restore command usually uses the
archive to restore the filesystem as it was dumped. Each file is managed by the i-node number and, basically,
dump cannot exclude specific files from the archive.
Dump is indeed a simplistic and primitive tool, but it does come with a brilliant feature for incremental archiving. It
identifies newly created or modified files after the previous backup and efficiently stores them to an archive very
fast.
For example, suppose a file `foo' was backed up during the last archiving and removed afterwards. On the next
incremental archiving, dump puts the record in the archive as `there used to be a file foo, but it was removed'. If
you use tar for your regular incremental backup tasks and attempt a full restoration one day, you may run out of
the disk space by trying to restore a large number of files that had already been removed. With dump, you will
never face such a problem.
In summary, it would be fair to say cpio, tar or afio is suitable for archiving specific files or directories.
Note: Dump is suitable for archiving whole filesystems and is Not Recommended for Mounted File Systems!
Tape Device files

The Linux kernel provides the drivers for the tape devices. Please build the proper driver for your device when
compiling your kernel. You may also use loadable module, if you prefer.
Then, check the device files.
% ls -l /dev/*st[0-9]

crw-rw-rw- 1 root disk 9, 128 Oct 5 1995 /dev/nst0

crw-rw---- 1 root disk 9, 129 Oct 5 1995 /dev/nst1
crw-rw-rw- 1 root disk 9, 0 Oct 5 1995 /dev/st0
crw-rw---- 1 root disk 9, 1 Oct 5 1995 /dev/st1
There should be two kinds of device files: /dev/nst? and /dev/st? (if not, make them with MAKEDEV
command). st? are `àuto-rewind'' devices, which rewind the tape after the command is invoked to the driver, and
nst? are ``no-rewind'' devices. Which to use is your choice, but I prefer the no rewind ones. In this document,
/dev/nst0 is used as the target device. When the target device is chosen, you may want to create the symlink to it
named ``/dev/tape''. With this, you can omit the device name on the command lines of mt and others.
% cd /dev; ln -s nst0 tape
If you intend to use the tape drive for the backup only, you should consider limiting the access to it. To do this,
remove the read/write permissions for Òthers'. In the above example, the first tape drive is accessible to normal
users, and the second drive is backup purposes only, to which the access is prohibited except for the owner and
the users belonging to the `disk' group.
22.6.1 Making backups with dump

USAGE: dump òption' `parameter' `filesystem'
- Options
0-9 : dump level
B : number of records per volume
b : blocksize per record (KB)
h : dump level below which the nodump attribute affects
f : output file (tape)
d : tape density
n : notify to the operator
s : tape length
u : update /etc/dumpdates
T : specify the date to record in /etc/dumpdates
W : print the filesystems to be dumped with marks
w : print the filesystems which need to be dumped
- parameters
Specify the parameters corresponding to the options in sequence. For example, if the option is ``sbf'', the
following parameters should be the order: dump sbf `tape length' `blocksize' `filesystem' òutput file'
- filesystem
mount point or a device name of the filesystem to dump
It's interesting to use the dump backup program if you want to take advantage of its several levels of backup
procedures. Given below is a procedure to have a longer backup history and to keep both the backup and restore
times to a minimum. In the following example, we assume that the backup is written to a tape drive named
/dev/st0 and we backup the home directory /home of our system.
It is important to always start with a level 0 backup, for example:
[root@skynet] /# dump -0u -f /dev/st0 /home
DUMP: Date of this level 0 dump: Fri Jan 28 21:25:12 2000
DUMP: Date of last level 0 dump: the epoch
DUMP: Dumping /dev/sda6 (/home) to /dev/st0
DUMP: mapping (Pass I) [regular files]
DUMP: mapping (Pass II) [directories]
DUMP: estimated 18582 tape blocks on 0.48 tape(s).
DUMP: Volume 1 started at: Fri Jan 28 21:25:14 2000
DUMP: dumping (Pass III) [directories]
DUMP: dumping (Pass IV) [regular files]
DUMP: DUMP: 18580 tape blocks on 1 volume(s)
DUMP: finished in 4 seconds, throughput 4645 KBytes/sec
DUMP: Volume 1 completed at: Fri Jan 28 21:25:18 2000
DUMP: Volume 1 took 0:00:04
DUMP: Volume 1 transfer rate: 4645 KB/s

DUMP: level 0 dump on Fri Jan 28 21:25:12 2000

DUMP: DUMP: Date of this level 0 dump: Fri Jan 28 21:25:12 2000
DUMP: DUMP: Date this dump completed: Fri Jan 28 21:25:18 2000
DUMP: DUMP: Average transfer rate: 4645 KB/s
DUMP: Closing /dev/st0
DUMP: DUMP IS DONE
-0 to -9 is the backup level option you want to use, the u option means to update the file /etc/dumpdates after
a successful dump, the -f option to write the backup to file
The file may be a special device file like /dev/st0, a tape drive, /dev/rsd1c, a disk drive Finally, you must
specify what you want to backup. In our example, it is the /home directory /home.
The full backup should be done at set intervals, say once a month, and on a set of fresh tapes that are saved
forever. With this kind of procedure, you will have 12 tapes for 12 months that handle histories and changes of
your system for one year. Later, you can copy the 12 tape backups onto a different computer designated to keep
all yearly backups for a long time and be able to reuse them, 12 tapes, to repeat the procedure for a new year.
22.6.2 Restoring files with “restore” command

The restore command performs the inverse function of dump(8). It restores files or file systems from backups
made with dump. A full backup of a file system may be restored, and subsequent incremental backups layered on
top of it. Single files and directory sub-trees may be restored from full, or partial backups. You have a number of
possibile commands and options to restore backed up data with the dump program. Below, detailed is a
procedure that uses the full potential of the restore program with the most options possible. It is also done in
interactive mode.
In an interactive restoration of files from a dump, the restore program provides a shell like interface that allows the
user to move around the directory tree selecting files to be extracted, after reading in the directory information
from the dump. The following is what we will see if we try to restore our /home directory:
First of all, with the following command we must move to the partition file system where we want to restore our
backup. This is required, since the interactive mode of the restore program will restore our backups from the
current partition file system where we have executed the restore command.
[root@skynet] /# cd /home
To restore files from a dump in interactive mode, use the following command:
[root@skynet /home]# restore -i -f /dev/st0
restore >
A prompt will appear in your terminal, to list the current, or specified, directory. Use the ls command as shown
below:
restore > ls
.:
admin/ lost+found/ named/ quota.group quota.user accounts/
restore >
To change the current working directory to the specified one, use the cd commands. In our example, we change
to accounts directory, as shown below:
restore > cd accounts
restore > ls
./accounts:
.Xdefaults .bash_logout .bashrc
.bash_history .bash_profile Personal/
restore >
To add the current directory or file to the list of files to be extracted, use the add command. If a directory is
specified, then it and all its descendents are added to the extraction list as shown below:
restore > add Personal/
Files that are on the extraction list are prepended with a * when they are listed by the ls command:
restore > ls ./accounts:

.Xdefaults .bash_logout .bashrc

.bash_history .bash_profile *Personal/
To delete the current directory or specified argument from the list of files to be extracted, use the delete
command. If a directory is specified, then all its descendents including itself are deleted from the extraction list, as
shown below:
restore > cd Personal/
restore > ls
./accounts/Personal:
*Ad?le_Nakad.doc *Overview.doc
*BIMCOR/ *Resume/
*My Webs/ *SAMS/
*Contents.doc *Templates/
*Divers.doc *bruno universite.doc
*Linux/ *My Pictures/
restore > delete Resume/

restore > ls
./accounts/Personal:
*Ad?le_Nakad.doc *Overview.doc
*BIMCOR/ Resume/
*My Webs/ *SAMS/
*Contents.doc *Templates/
*Divers.doc *bruno universite.doc
*Linux/ *My Pictures/
The most expedient way to extract most of the files from a directory is to add the directory to the extraction list
and then delete those files that are not needed.
To extract all files in the extraction list from the dump, use the extract command. Restore will ask which volume
the user wishes to mount. The fastest way to extract a few files is to start with the last volume and work towards
the first volume, as shown below:
restore > extract
You have not read any tapes yet.
Unless you know which volume your file(s) are on you should start
with the last volume and work towards the first.
Specify next volume #: 1
set owner/mode for '.'? [yn] y
To exit from the interactive restore mode after you have finished extracting your directories or files, use the quit
command as shown below.
/sbin/restore > quit
Other methods of restoration exist with the dump program, consult the man page of dump for more information.
Further documentation, for more details, there are man pages you can read:
dump(8)and restore(8).
22.7 Managing the tape “mt” Command

The mt command is a utility to manipulate tape drives. With mt, you can rewind/forward/position the tape, as well
as check the drive status. It is a must-have tool if you want to use dump/restore with tape drives. If possible, it is a
good idea to prepare a tape for training purposes, and practice around with it. Some commands of mt are drive-
dependent, so please read the manual carefully to know which commands are available for your drive.
mt Operations

Insert a tape (for practice purpose, if possible) into your drive. After the tape has been loaded, let us confirm the
tape status. mt status command can be used to do this. Here is an example:
% mt status
SCSI 1 tape drive:
File number=0, block number=0.
Tape block size 1024 bytes. Density code 0x0 (default).
Soft error count since last status=0
General status bits on (41010000):
BOT ONLINE IM_REP_EN
First of all, look at the bottom line. This means that the drive has a tape loaded, and the status BOT indicates that
the drive head is at the beginning of the tape. Next word "ONLINE" indicates that the tape drive is ready to be
operated (by mt). The drive status must be "ONLINE" before read / write operations. Next, see the third line. It
shows that the current file number is zero. File number zero corresponds to the beginning of the tape, and is
incremented as passing the End-Of-File (EOF) marks on the tape.
Normally, you don't have to set tape density and tape block size parameters, because these will be automatically
set to suit your drive. If you want to read/write the tape on other OS's also, you may want to set these parameters
explicitly for portability. If your drive supports compression feature and you want to use it, you have to pass the
"compression" flag explicitly to the drive by mt.
These hardware specific parameters are strongly dependent on the drive you use. Please refer to the mt(1)
manual page (items on defsetblk, setblk, defcompression, datcompression and compression), and the manual of
your drive.
If "mt status" outputs an error message as follows, chances are that the link /dev/tape doesn't point to the device
file of your drive correctly.
/dev/nst0: No such device or address
In this case, try other tape-device files by -f option. After finding the right one, fix the link to point to it.
Now you can try writing some files to your tape. Create a directory for practice in an appropriate place. Generate
six dummy files (from file-01 to file-06) by touch command.
(tcsh)% foreach num (01 02 03 04 05 06)
foreach? touch file-$num
foreach? end
(tcsh)% ls -l
-rw-r--r-- 1 fuku users 0 Nov 21 01:10 file-01
Then, write these files to the tape with tar, one by one.
% tar cf /dev/tape file-01
If you see no errors, it should have worked. Let's see mt status.
% mt status
SCSI 1 tape drive:


EOF ONLINE IM_REP_EN
Looks fine. Since one EOF mark has been written on the tape, the file number is incremented by one. Because
/dev/tape is /dev/nst0 in this case, which is no rewind device, the head position is at the EOF of the file just
written. And the drive is ready to write next data.
Then write rest of the files at once.

(tcsh)% foreach num (02 03 04 05 06)
foreach? tar cf /dev/tape file-$num
foreach? end
Again, confirm the status.
% mt status
SCSI 1 tape drive:
All files have been properly written. The drive head position is at the end of the files just written, as shown in
below figure.
It is important to know that each file consists of two parts, a file content and the EOF mark. If you write a file
successfully, these two parts are generated automatically. When reading the file, set the tape head at the EOF of
the previous file so that you can read the file from the first block. And if you want to add a file to the tape, you
must set the head at the EOF of the last file in this tape. In other words, the EOF mark of the file is also a start
position of the next file. If you write data from middle of some file, of course you will lose whole contents of it.
As the next practice, let's read a certain file from the tape which contains multiple files sequentially. Firstly,
consider extracting file-03 from the tape to which we just wrote six files. You have to move the head to where the
target file is recorded. This can be done as shown below. First, rewind the tape completely, and then go to the
proper position.
% mt rewind

file-03 is written at the position of file number 2. Now the head is at the beginning of this tape (BOT), so you have
to skip two EOFs to go to file-03.
% mt fsf 2
mt fsf command skips specified numbers of EOFs and goes to the starting block of the next file. fsf 2 means that
the head should be moved to the starting position of the file, which is two files ahead of the current position.
% mt fsf 2
% mt status
SCSI 1 tape drive:
Status says that the head is at the EOF of the file number 2 (where the file-02 is archived), and is also the starting
point of file-03. Let's look the content of this file by tar:
% tar tf /dev/nst0
file-03
It is file-03, as expected. Let's see tape status.
% mt status
SCSI 1 tape drive:
ONLINE IM_REP_EN
Note that EOF is not shown in this status. Tar program usually reads an archive until its own "end of file" mark,
and stops. This "end of file" is DIFFERENT from the EOF of the tape.

In figure-6, F (blue mark) is the tar's "end of file" mark. Note that this is still within the recorded block of the file. If
you try to read next block from this position, tar immediately finds EOF mark and silently quits without reading any
files. If you want to read the next file, do this command:
% mt fsf
to skip one EOF mark. Please remember this behavior, since it is slightly confusing.
Let's consider how to read the archive which has file-03 again, after you did "mt fsf" and the head is now at the
EOF mark of it. The answer is searching the tape backward until the second EOF mark will be found. That is the
beginning of this file.
To do this, type:
% mt bsfm 2
bsfm is an extended command of mt, and some old mt doesn't implement it. In that case, you will have to use bsf
and fsf in sequence to achieve the desired operation. The detail is somewhat cumbersome so it is omitted here.
You can go to the EOF of the last file by mt eod command. However, this command might not work with certain
drives, so you should test it beforehand. Even if it doesn't work, you can do the same by "fsf" command if you
know how many files are written in this tape by logging your operations.
Finally, rewind the tape and eject it. This operation also depends on the kind of your drive, but usually the
following command works:
% mt offline
Then the tape is rewinded if necessary, and ejected from the drive.

Linux Administration – Printers Page 126 of 167
23. Printers
Printers and Printing
Printers are an essential resource for creating a hard copy — a physical depiction of data on paper — version of
documents and collateral for business, academic, and home use. Printers have become an indispensable
peripheral in all levels of business and institutional computing.
This chapter discusses the various printers available and compares their uses in different computing
environments. It then describes how printing is supported by Red Hat Enterprise Linux.
23.1. Types of Printers

Like any other computer peripheral, there are several types of printers available. Some printers employ
technologies that mimic manual typewriter-style functionality, while others spray ink on paper, or use a laser to
generate an image of the page to be printed. Printer hardware interfaces with a PC or network using parallel,
serial, or data networking protocols. There are several factors to consider when evaluating printers for
procurement and deployment in your computing environment.
The following sections discuss the various printer types and the protocols that printers use to communicate with
computers.
23.1.1. Printing Considerations

There are several aspects to factor into printer evaluations. The following specifies some of the most common
criteria when evaluating your printing needs.
Function
Evaluating your organizational needs and how a printer services those needs is the essential criteria in
determining the right type of printer for your environment. The most important question to ask is "What do we
need to print?" Since there are specialized printers for text, images, or any variation thereof, you should be certain
that you procure the right tool for your purposes.
For example, if your requirements call for high-quality color images on professional-grade glossy paper, it is
recommended you use a dye-sublimation or thermal wax transfer color printer instead of a laser or impact printer.
Conversely, laser or inkjet printers are well-suited for printing rough drafts or documents intended for internal
distribution (such high-volume printers are usually called workgroup printers). Determining the needs of the
everyday user allows administrators to determine the right printer for the job.
Other factors to consider are features such as duplexing — the ability to print on both sides of a piece of paper.
Traditionally, printers could only print on one side of the page (called simplex printing). Most lower-end printer
models today do not have duplexing by default (they may, however, be capable of a manual duplexing method
that requires the user to flip the paper themselves). Some models offer add-on hardware for duplexing; such add-
ons can drive one-time costs up considerably. However, duplex printing may reduce costs over time by reducing
the amount of paper used to print documents, thus reducing the cost of consumables — primarily paper.
Another factor to consider is paper size. Most printers are capable of handling the more common paper sizes:
letter — (8 1/2" x 11")
A4 — (210mm x 297mm)
JIS B5 — (182mm x 257mm)
legal — (8 1/2" x 14")
If certain departments (such as marketing or design) have specialized needs such as creating posters or banners,
there are large-format printers capable of using A3 (297mm x 420mm) or tabloid (11" x 17") paper sizes. In
addition, there are printers capable of even larger sizes, although these are often only used for specialized
purposes, such as printing blueprints.
Additionally, high-end features such as network modules for workgroup and remote site printing should also be
considered during evaluation.

Cost
Cost is another factor to consider when evaluating printers. However, determining the one-time cost associated
with the purchase of the printer itself is not sufficient. There are other costs to consider, such as consumables,
parts and maintenance, and printer add-ons.
As the name implies, consumables is a general term used to describe the material used up during the printing
process. Consumables primarily take the form of media and ink.
The media is the material on which the text or image is printed. The choice of media is heavily dependent on the
type of information being printed.
23.6. Printer Languages and Technologies

Before the advent of laser and inkjet technology, impact printers could only print standard, justified text with no
variation in letter size or font style. Today, printers are able to process complex documents with embedded
images, charts, and tables in multiple frames and in several languages, all on one page. Such complexity must
adhere to some format conventions. This is what spurred the development of the page description language (or
PDL) — a specialized document formatting language specially made for computer communication with printers.
Over the years, printer manufacturers have developed their own proprietary languages to describe document
formats. However, such proprietary languages applied only to the printers that the manufacturers created
themselves. If, for example, you were to send a print-ready file using a proprietary PDL to a professional press,
there was no guarantee that your file would be compatible with the printer's machines. The issue of portability
came into question.
Xerox® developed the Interpress™ protocol for their line of printers, but full adoption of the language by the rest
of the printing industry was never realized. Two original developers of Interpress left Xerox and formed Adobe®, a
software company catering mostly to electronic graphics and document professionals. At Adobe, they developed
a widely-adopted PDL called PostScript™, which uses a markup language to describe text formatting and image
information that could be processed by printers. At the same time, the Hewlett-Packard ® Company developed
the Printer Control Language™ (or PCL) for use in their ubiquitous laser and inkjet printer lines. PostScript and
PCL are now widely adopted PDLs and are supported by most printer manufacturers.
PDLs work on the same principle as computer programming languages. When a document is ready for printing,
the PC or workstation takes the images, typographical information, and document layout, and uses them as
objects that form instructions for the printer to process. The printer then translates those objects into rasters, a
series of scanned lines that form an image of the document (called Raster Image Processing or RIP), and prints
the output onto the page as one image, complete with text and any graphics included. This work-flow makes
printing documents of any complexity uniform and standard, resulting in little or no variation in printing from one
printer to the next. PDLs are designed to be portable to any format, and scalable to fit different paper sizes.
23.7. Networked Versus Local Printers

Depending on organizational needs, it may be unnecessary to assign one printer to each member of your
organization. Such overlap in expenditure can eat into allotted budgets, leaving less capital for other necessities.
While local printers attached via a parallel or USB cables to every workstation are an ideal solution for the user, it
is usually not economically feasible.
Printer manufacturers have addressed this need by developing departmental (or workgroup) printers. These
machines are usually durable, fast, and have long-life consumables. Workgroup printers usually are attached to a
print server, a standalone device (such as a reconfigured workstation) that handles print jobs and routes output to
the proper printer when available. More recent departmental printers include built-in or add-on network interfaces
that eliminate the need for a dedicated print server.
The Printer Configuration Tool allows users to configure a printer in Red Hat Linux. This tool helps maintain the
printer configuration file, print spool directories, and print filters.
Starting with version 9 and Fedora, Red Hat Linux defaults to the CUPS printing system. The previous default
printing system, LPRng is still provided. If the system was upgraded from a previous Red Hat Linux version that
used LPRng, the upgrade process did not replace LPRng with CUPS; the system will continue to use LPRng.

If a system was upgraded from a previous Red Hat Linux version that used CUPS, the upgrade process
preserved the configured queues, and the system will continue to use CUPS. The Printer Configuration Tool
configures both the CUPS and LPRng printing system, depending on which one the system is configured to use.
When you apply changes, it configures the active printing system.
To use the Printer Configuration Tool you must have root privileges. To start the application, select Main Menu
Button (on the Panel) => System Settings => Printing, or type the command redhat-
config-printer.
This command automatically determines whether to run the graphical or text based version depending on whether
the command is executed in the graphical X Window System environment or from a text-based console.
You can also force the Printer Configuration Tool to run as a text-based application by using the command
redhat-config-printer-tui from a shell prompt.
Important
Do not edit the /etc/printcap file or the files in the /etc/cups/ directory. Each time the printer daemon (lpd
or cups) is started or restarted, new configuration files are dynamically created. The files are dynamically created
when changes are applied with Printer Configuration Tool as well.
If you are using LPRng and want to add a printer without using the Printer Configuration Tool, edit the
/etc/printcap.local file. The entries in /etc/printcap.local are not displayed in the Printer
Configuration Tool but are read by the printer daemon. If you upgraded your system from a previous version of
Red Hat Linux, your existing configuration file was converted to the new format used by this application. Each
time a new configuration file is generated, the old file is saved as /etc/printcap.old.
If you are using CUPS, the Printer Configuration Tool does not display any queues or shares not configured using
the Printer Configuration Tool; however, it will not remove them from the configuration files.
23.8 Printer Configuration

The following types of print queues can be configured:
Locally-connected a printer attached directly to the computer through a parallel or USB port.
Networked UNIX (LPD) a printer attached to a different UNIX system that can be accessed over a TCP/IP
network (for example, a printer attached to another Red Hat Linux system running LPD on the network).
Figure1: Printer Configuration Tool

Networked Windows (SMB) a printer attached to a different system which is sharing a printer over a SMB
network (for example, a printer attached to a Microsoft Windowsô machine).
Networked Novell (NCP) a printer attached to a different system which uses Novell's NetWare network
technology.
Important
If you add a new print queue or modify an existing one, you must apply the changes to them to take effect.
Clicking the Apply button saves any changes that you have made and restarts the printer daemon. The changes

are not written to the configuration file until the printer daemon is restarted. Alternatively, you can choose Action
=> Apply.
Adding a Local Printer
To add a local printer, such as one attached through a parallel port or USB port on your computer, click the New
button in the main Printer Configuration Tool window to display the window in following Figure2. Click Forward to
proceed.
Figure2: Adding a Printer
In the window shown below Figure3, enter a unique name for the printer in the Name text field. The printer name
cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-),
and underscores (fi). Optionally, enter a short description for the printer, which can contain spaces.
Figure3: Selecting a Queue Name
After clicking Forward, Figure4 appears. Select Locally-connected from the Select a queue type menu, and select
the device. The device is usually /dev/lp0 for a parallel printer or /dev/usb/lp0 for a USB printer. If no devices
appear in the list, click Rescan devices to rescan the computer or click Custom device to specify it manually. Click
Forward to continue.

Figure4. Adding a Local Printer

The next step is to select the type of printer. Go to Selecting the Printer Model and Finishing to continue.
Adding a Remote UNIX (LPD) Printer
To add a remote UNIX printer, such as one attached to a different Linux system on the same network, click the
New button in the main Printer Configuration Tool window. The window shown in Figure2 will appear. Click
Forward to proceed.
In the window shown in Figure3, enter a unique name for the printer in the Name text field. The printer name
Select Networked UNIX (LPD) from the Select a queue type menu, and click Forward.
Figure5. Adding a Remote LPD Printer

Text fields for the following options appear:
Server The hostname or IP address of the remote machine to which the printer is attached. Queue The remote
printer queue. The default printer queue is usually lp. Click Forward to continue. The next step is to select the type
of printer.
Adding a Samba (SMB) Printer
To add a printer which is accessed using the SMB protocol (such as a printer attached to a Microsoft Windows
system), click the New button in the main Printer Configuration Tool window. The window shown in Figure2 will
appear. Click Forward to proceed.
In the window shown in Figure3, enter a unique name for the printer in the Name text field. The printer name

Select Networked Windows (SMB) from the Select a queue type menu, and click Forward. If the printer is
attached to a Microsoft Windows system, choose this queue type.
Figure6. Adding a SMB Printer

As shown in Figure6, SMB shares are automatically detected and listed. Click the arrow beside each share name
to expand the list. From the expanded list, select a printer.
If the printer you are looking for does not appear in the list, click the Specify button on the right. Text fields for the
following options appear:
Workgroup The name of the Samba workgroup for the shared printer
Server The name of the server sharing the printer
Share The name of the shared printer on which you want to print. This name must be the same name
defined as the Samba printer on the remote Windows machine.
User name The name of the user you must log in as to access the printer. This user must exist on the
Windows system, and the user must have permission to access the printer. The default user name is
typically guest for Windows servers, or nobody for Samba servers.
Password The password (if required) for the user specified in the User name field.
Click Forward to continue. The Printer Configuration Tool then attempts to connect to the shared printer. If the
shared printer requires a username and password, a dialog window appears prompting you to provide a valid
username and password for the shared printer. If an incorrect share name is specified, you can change it here as
well. If a workgroup name is required to connect to the share, it can be specified in this dialog box. This dialog
window is the same as the one shown when the Specify button is clicked.
Warning If you require a username and password, they are stored unencrypted in files only readable by root and
lpd. Thus, it is possible for others to learn the username and password if they have root access. To avoid this, the
username and password to access the printer should be different from the username and password used for the
user's account on the local Red Hat Linux system. If they are different, then the only possible security
compromise would be unauthorized use of the printer. If there are file shares from the server, it is recommended
that they also use a different password than the one for the print queue.
Selecting the Printer Model and Finishing
After selecting the queue type of the printer, the next step is to select the printer model.
You will see a window similar to Figure7. If it was not auto-detected, select the model from the list. The printers
are divided by manufacturers. Select the name of the printer manufacturer from the pulldown menu. The printer
models are updated each time a different manufacturer is selected. Select the printer model from the list.

Figure7. Selecting a Printer Model

The recommended print driver is selected based on the printer model selected. The print driver processes the
data that you want to print into a format the printer can understand. Since a local printer is attached directly to
your computer, you need a print driver to process the data that is sent to the printer.
If you are configuring a remote printer (IPP, LPD, SMB, or NCP), the remote print server usually has its own print
driver. If you select an additional print driver on your local computer, the data is filtered multiple times and is
converted to a format that the printer can not understand.
To make sure the data is not filtered more than once, first try selecting Generic as the manufacturer and Raw
Print Queue or Postscript Printer as the printer model. After applying the changes, print a test page to try out this
new configuration. If the test fails, the remote print server might not have a print driver configured. Try selecting a
print driver according to the manufacturer and model of the remote printer, applying the changes, and printing a
test page.
Confirming Printer Configuration
The last step is to confirm your printer configuration. Click Apply to add the print queue if the settings are correct.
Click Back to modify the printer configuration.
Click the Apply button in the main window to save your changes and restart the printer daemon. After applying the
changes, print a test page to ensure the configuration is correct.
Printing a Test Page

After you have configured your printer, you should print a test page to make sure the printer is functioning
properly. To print a test page, select the printer that you want to try out from the printer list, then select the
appropriate test page from the Test pulldown menu. If you change the print driver or modify the driver options, you
should print a test page to test the different configuration.
Figure8. Test Page Options

Modifying Existing Printers

To delete an existing printer, select the printer and click the Delete button on the toolbar. The printer is removed
from the printer list. Click Apply to save the changes and restart the printer daemon. To set the default printer,
select the printer from the printer list and click the Default button on the toolbar. The default printer icon appears
in the Default column of the default printer in the list.
After adding the printer(s), the settings can be edited by selecting the printer from the printer list and clicking the
Edit button. The tabbed window shown in Figure9 is displayed. The window contains the current values for the
selected printer. Make any necessary changes, and click OK. Click Apply in the main Printer Configuration Tool
window to save the changes and restart the printer daemon.
Figure9. Editing a Printer
Queue Name
To rename a printer or change its short description, change the value in the Queue name tab. Click OK to return
to the main window. The name of the printer should change in the printer list. Click Apply to save the change and
restart the printer daemon.
Queue Type
The Queue type tab shows the queue type that was selected when adding the printer and its settings. The queue
type of the printer can be changed or just the settings. After making modifications, click OK to return to the main
window. Click Apply to save the changes and restart the printer daemon. Depending on which queue type is
chosen, different options are displayed. Refer to the appropriate section on adding a printer for a description of
the options.
Printer Driver
The Printer driver tab shows which print driver is currently being used. If it is changed, click OK to return to the
main window. Click Apply to save the change and restart the printer daemon.
Driver Options
The Driver Options tab displays advanced printer options. Options vary for each print driver. Common options
include:
Send Form-Feed (FF) should be selected if the last page of the print job is not ejected from the printer (for
example, the form feed light fiashes). If this does not work, try selecting
Send End-of-Transmission (EOT) instead. Some printers require both Send Form-Feed (FF) and Send Endof-
Transmission (EOT) to eject the last page. This option is only available with the LPRng printing system.

Send End-of-Transmission (EOT) should be selected if sending a form-feed does not work. Refer to Send Form-
Feed (FF) above. This option is only available with the LPRng printing system.
Assume Unknown Data is Text should be selected if the print driver does not recognize some of the data sent to
it. Only select this option if there are problems printing. If this option is selected, the print driver assumes that any
data that it can not recognize is text and attempts to print it as text. If this option is selected along with the Convert
Text to Postscript option, the print driver assumes the unknown data is text and then converts it to PostScript.
This option is only available with the LPRng printing system.
Prerender Postscript should be selected if characters beyond the basic ASCII set are being sent to the printer but
they are not printing correctly (such as Japanese characters). This option prerenders non-standard PostScript
fonts so that they are printed correctly.
If the printer does not support the fonts you are trying to print, try selecting this option.
For example, select this option to print Japanese fonts to a non-Japanese printer.
Extra time is required to perform this action. Do not choose it unless problems printing the correct fonts exist. Also
select this option if the printer can not handle PostScript level This option converts it to PostScript level 1
GhostScript pre-filtering allows you to select No pre-filtering, Convert to PS level 1, or Convert to PS level 2 in
case the printer can not handle certain PostScript levels. This option is only available if the PostScript driver is
used with the CUPS printing system.
Convert Text to Postscript is selected by default. If the printer can print plain text, try unselecting his when printing
plain text documents to decrease the time it takes to print. If the CUPS printing ystem is used, this is not an option
because text is always converted to PostScript.
Page Size allows the paper size to be selected. The options include US Letter, US Legal, A3, andA4. Effective
Filter Locale defaults to C.
Media Source defaults to Printer default. Change this option to use paper from a different tray. To modify the
driver options, click OK to return to the main window. Click Apply to save the change and restart the printer
daemon.
Saving the Configuration File

When the printer configuration is saved using the Printer Configuration Tool, the application creates its own
configuration file that is used to create the files in the /etc/cups directory (or the /etc/printcap file that lpd
reads). You can use the command line options to save or restore the Printer Configuration Tool file. If the
/etc/cups directory or the /etc/printcap file is saved and restored to the same locations, the printer configuration
is not be restored because each time the printer daemon is restarted, it creates a new /etc/printcap file from
the special Printer Configuration Tool configuration file.
When creating a backup of the system's configuration files, use the following method to save the printer
configuration files. If the system is using LPRng and custom settings have been added in the
/etc/printcap.local file, it should be saved as part of the backup system as well.
To save your printer configuration, type this command as root:
/usr/sbin/redhat-config-printer-tui --Xexport > settings.xml
Your configuration is saved to the file settings.xml.
If this file is saved, it can be used to restore the printer settings. This is useful if the printer configuration is
deleted, if Red Hat Linux is reinstalled, or if the same printer configuration is needed on
Printer Configuration
multiple systems. The file should be saved on a different system before reinstalling. To restore the configuration,
type this command as root:
/usr/sbin/redhat-config-printer-tui --Ximport < settings.xml
If you already have a configuration file (you have configured one or more printers on the system already) and you
try to import another configuration file, the existing configuration file will be overwritten. If you want to keep your

existing configuration and add the configuration in the saved file, you can merge the files with the following
command (as root):
/usr/sbin/redhat-config-printer-tui --Ximport --merge < settings.xml
Your printer list will then consist of the printers you configured on the system as well as the printers you imported
from the saved configuration file. If the imported configuration file has a print queue with the same name as an
existing print queue on the system, the print queue from the imported file will override the existing printer.
After importing the configuration file (with or without the merge command), you must restart the printer daemon. If
you are using CUPS, issue the command:
/sbin/service cups restart
If you are using LPRng, issue the command:
/sbin/service lpd restart
Command Line Configuration

If you do not have X installed and you do not want to use the text-based version, you can add a printer via the
command line. This method is useful if you want to add a printer from a script or in the %post section of a kickstart
installation.
Adding a Local Printer

To add a printer:
redhat-config-printer-tui --Xadd-local options
Options:
--device=node
(Required) The device node to use For example, /dev/lp0
--make=make
(Required) The IEEE 1284 MANUFACTURER string or the printer manufacturer's name as in the foomatic
database if the manufacturer string is not available
--model=model
(Required) The IEEE 1284 MODEL string or the printer model listed in the foomatic database if the model string is
not available.
--name=name
(Optional) The name to be given to the new queue. If one is not given, a name based on the device node (such as
ìlp0î) will be used.
If you are using CUPS as the printing system (the default), after adding the printer, use the following command to
start/restart the printer daemon:
#service cups restart
If you are using LPRng as the printing system, after adding the printer, use the following command to start/restart
the printer daemon:
#service lpd restart
Removing a Local Printer
A printer queue can also be removed via the command line.
As root, to remove a printer queue:
redhat-config-printer-tui --Xremove-local options
Options:
--device=node
(Required) The device node used such as /dev/lp0.

--make=make
(Required) The IEEE 1284 MANUFACTURER string, or (if none is available) the printer manufacturer's name as
in the foomatic database
--model=model
(Required) The IEEE 1284 MODEL string, or (if none is available) the printer model as listed in the foomatic
database. If you are using the CUPS printing system (the default), after removing the printer from the Printer
Configuration Tool configuration, restart the printer daemon for the changes to take effect:
#service cups restart
If you are using the LPRng printing system, after removing the printer from the Printer Configuration Tool
configuration, restart the printer daemon for the changes to take effect:
If you are using CUPS, have removed all printers, and do not want to run the printer daemon anymore, execute
the following command:
#service cups stop
If you are using LPRng, have removed all printers, and do not want to run the printer daemon anymore, execute
the following command:
#service lpd stop
Managing Print Jobs

When you send a print job to the printer daemon, such as printing text file from Emacs or printing an image from
The GIMP, the print job is added to the print spool queue. The print spool queue is a list of print jobs that have
been sent to the printer and information about each print request, such as the status of the request, the username
of the person who sent the request, the hostname of the system that sent the request, the job number, and more.
If you are running a graphical desktop environment, click the Printer Manager icon on the panel to start the
GNOME Print Manager as shown in Figure10.
Figure10. GNOME Print Manager

It can also be started by selecting Main Menu Button (on the Panel) => System Tools => Print Manager.
To change the printer settings, right-click on the icon for the printer and select Properties. The Printer
Configuration Tool is then started.
Double-click on a configured printer to view the print spool queue as shown in Figure11

Figure11 List of Print Jobs

To cancel a specific print job listed in the GNOME Print Manager, select it from the list and select dit => Cancel
Documents from the pulldown menu.
If there are active print jobs in the print spool, a printer notification icon might appears in the Panel otification Area
of the desktop panel as shown in Figure10. Because it probes for active print jobs every five seconds, the icon
might not be displayed for short print jobs.
Figure10:
Clicking on the printer notification icon starts the GNOME Print Manager to display a list of current print jobs. Also
located on the Panel is a Print Manager icon. To print a file from Nautilus, browse to the location of the file and
drag and drop it on to the Print Manager icon on the Panel. The window shown in Figure12 is displayed. Click OK
to start printing the file.
Figure12. Print Verification Window

To view the list of print jobs in the print spool from a shell prompt, type the command lpq. The last few lines will
look similar to the following:
Example of lpq output
Rank Owner/ID Class Job Files Size Time
active user@localhost+902 A 902 sample.txt 2050 01:20:46
Sharing a Printer
The Printer Configuration Tool's ability to share configuration options can only be used if you are using the CUPS
printing system. Allowing users on a different computer on the network to print to a printer configured for your
system is called sharing the printer. By default, printers configured with the Printer Configuration Tool are not
shared.
To share a configured printer, start the Printer Configuration Tool and select a printer from the list. Then select
Action => Sharing from the pulldown menu.
Note: If a printer is not selected, Action => Sharing only shows the system-wide sharing options normally
shown under the General tab. On the Queue tab, select the option to make the queue available to other users.
Figure13. Queue Options
After selecting to share the queue, by default, all hosts are allowed to print to the shared printer. Allowing all
systems on the network to print to the queue can be dangerous, especially if the system is directly connected to
the Internet. It is recommended that this option be changed by selecting the
All hosts entry and clicking the Edit button to display the window shown in Figure14.
If you have a firewall configured on the print server, it must be able to send and receive connections on the
incoming UDP port, 631. If you have a firewall configured on the client (the computer sending the print request), it
must be allowed to send and accept connections on port 631.
Figure14. Allowed Hosts

The General tab configures settings for all printers, including those not viewable with the Printer Configuration
Tool. There are two options:

Figure15. System-wide Sharing Options

Automatically find remote shared queues Selected by default, this option enables IPP browsing, which means
that when other machines on the network broadcast the queues that they have, the queues are automatically
added to the list of printers available to the system; no additional configuration is required for a printer found from
IPP browsing. This option does not automatically share the printers configured on the local system.
Sharing a Printer with LPRng

If you are running the LPRng printing system, sharing must be configured manually. To allow systems on the
network to print to a configured printer on a Red Hat Linux system, use the following steps:
1. Create the file /etc/accepthost. In this file, add the IP address or hostname of the system
that you want to allow print access to, with one line per IP or hostname.
2. Uncomment the following line in /etc/lpd.perms:
ACCEPT SERVICE=X REMOTEHOST= < /etc/accepthost
3. Restart the daemon for the changes to take effect:
Switching Print Systems
To switch printing systems, run the Printer System Switcher application. Start it by selecting the Main Menu
Button (on the Panel) => System Settings => More System Settings => Printer System
Switcher, or type the command redhat-switch-printer at a shell prompt (for example, in an XTerm or
GNOME terminal).
The program automatically detects if the X Window System is running. If it is running, the program starts in
graphical mode as shown in Figure16. If X is not detected, it starts in a text-based mode.
To force it to run in as a text-based application, use the command redhat-switch-printer-nox.
Select either the LPRng or the CUPS printing system. In Red Hat Linux 9, CUPS is the default. If you only have
one printing system installed, it is the only option shown.
If you select OK to change the printing system, the selected print daemon is enabled to start at boot time, and the
unselected print daemon is disabled so that it does not start at boot time.

Figure16 Printer System Switcher

The selected print daemon is started, and the other print daemon is stopped; thus making the changes take place
immediately.
Additional Resources
To learn more about printing on Red Hat Linux, refer to the following resources.
Installed Documentation
man printcap The manual page for the /etc/printcap printer configuration file.
map lpr The manual page for the lpr command that allows you to print files from the command line.
man lpd The manual page for the LPRng printer daemon.
man lprm The manual page for the command line utility to remove print jobs from the LPRng spool queue.
man mpage The manual page for the command line utility to print multiple pages on one sheet of paper.
man cupsd The manual page for the CUPS printer daemon.
man cupsd.conf The manual page for the CUPS printer daemon configuration file.
man classes.conf The manual page for the class configuration file for CUPS.

Linux Administration – Upgrading Linux Kernel Page 141 of 167
24.Upgrading the RedHat Linux Kernel

Typical reasons for upgrading the kernel
You have installed newer hardware that wasn't previously supported.
Drivers for the hardware you do have are updated and you need to use them.
Most Important: Security holes have been found in earlier kernels and are fixed in the latest kernel
New and common 2.6 kernel code features

The Linux 2.6 Kernel contains the following common features:
0(1) Scheduler - Allows more processes and improved response time.
Block I/O - Asynchronous I/O layer improvements and enhancements.
Memory management enhancements - Provides more capacity for swapping systems.
SMP scalability enhancements - Performance improvements by lock contention reduction.
New threading model (NPTL) - Kernel assisted threading allows increased speed for multithreaded
applications.
IPv6, IPsec additional features - Allows for cryptographic security at network protocol level and enables
crypto exploitation for z990.
New file system/volume manager features - XA (external attributes), management, and security
improvements for the Samba server.
Per-CPU optimizations - Performance improvement by lock contention reduction.
Constraint relief - Support for more than 32 CPUs.
Kernel preemption support - Provides enhanced time sharing within one Linux image for certain types of
workloads.
Note: This feature is turned off on distributions.
New device driver interface - Device information is now kept in sysfs (/sys) and device configuration is
only available through sysfs. procfs (/proc) is still available, but its use for device driver information is
deprecated. Device numbers have been replaced with bus IDs.
ePoll - Provides fast and more efficient I/O processing on multiple file descriptors. This addition provides
improved scalability for systems running Domino®.
Access control lists.
Extended attributes.
24.1 Upgrading Kernel Step By Step

STEP1
Most Important: Security holes have been found in earlier kernels and are fixed in the latest kernel
This practical assumes that you have a fully functional 2.4 kernel setup in place. The specific version (2.4.8 or
2.4.22-1.2115.nptl or what not) is not important. Also, though this upgrade deals with 2.4.x to 2.6.6, the exact
same steps should apply to 2.6.x as and when they come out. Since there are interface changes between 2.4.x
and 2.6.x, the upgrade is slightly more tedious that upgrading within the same branch.
The Machine on which we are going to upgrade the kernel is with following Hardware configuration PIV 2Ghz
processor,512Mb RAM, 40Gb Hd and installed with RedHat Linux 9 Shrike OS.
Note: On the slower machine kernel upgrading process takes quite long. So be patient!
STEP2
The upgrade requires a few modifications to various config files. Just to be safe, it would be a good idea to copy
these files to a safe location so that reverting back to your existing setup is easy. The files are:
/etc/rc.sysinit
/etc/init.d/halt
/etc/fstab
STEP3

Download the latest version of modutils-tools from the following site

http://www.kernel.org/pub/linux/kernel/people/rusty/modules/ or or Install all the developer related tools by using
redhat-config-packages. The modutils package contains versions of modprobe, insmod, rmmod etc. required
because of the reimplementation of the in-kernel module loader in 2.6. However, these tools are backward
compatible so things will still work in your 2.4 setup after you install it.
STEP4
Download the latest kernel, here we are using linux-2.6.6.tar.bz2 uncompress and unzip it.It is
recommended that you copy the kernel to /home/kernel/src/
#mkdir –p /home/kernel/src
#cp linux-2.6.0.tar.bz2 /home/kernel/src
# cd /home/kernel/src
# bunzip2 -c linux-2.6.0.tar.bz2 | tar -xv
# cd /home/kernel/src/linux-2.6.6
STEP5
Copy the appropriate /usr/src/linux-2.4/configs [kernel-2.4.20-i686.config] to .config in whatever
directory you are installing. In our case it's /home/src/kernel/linux-2.6.3
cp /usr/src/linux-2.4/configs/kernel-2.4.20-i686.config \
/home/src/kernel/linux-2.6.6/.config
Note: If the /usr/src/linux-2.4 dose not exists, probably you don’t have linux-source-2.4.20 package
installed. You can install this package from 2nd and 3rd CD of RedHat 9 distribution. Use redhat-config-packages
and install the Kernel Development section of packages or simply use rpm command to install the package.
STEP6
Assuming you copied the appropriate kernel-2.4 config to .config, run the following which will run through
necessary questions for the 2.6 kernel. This command will backup the current kernel settings and adds to the new
one we are about to build.
oldconfig will read the defaults from an existing .config and rewrite necessary links and files. Use this option
if you've made minor changes to source files or need to script the rebuild process. Note that oldconfig will only
work within the same major version of the kernel.
#make oldconfig
The above command preserves most settings and will prompt you only for new items. You can also use “make
xconfig” command which brings up GUI window asking you to setup all the parameters that you want to enable
or disable. You can alos use “make menuconfig” which brings up a TUI
See the following figure:
#make xconfig

Figure: make xconfig
Note: Run only one of the above commands.

STEP7
This is very important. Make sure you're .config has the following in it CONFIG_EXT3_FS=y You'll run into the
error if you leave this =m instead of =y:
vi /home/src/kernel/linux-2.6.6/.config
CONFIG_EXT3_FS=y
Edit the Makefile and add changes to the Extraversion as desired. Patches will update these values as well.
#vi /home/src/kernel/linux-2.6.3/Makefile
VERSION = 2
PATCHLEVEL = 6
SUBLEVEL = 3
EXTRAVERSION = -custom_ker-6
Here we are just adding our own name (-custom_ker-6) to the kernel’s extra version.
STEP 8:
Build the Kernel Image
Building the bzImage takes substatially long time based on your system performance. On a Pentium III with
128Mb RAM took almost 45 minutes to build the kernel Image.
#make bzImage
If everything went correctly then the new kernel should exist in ./arch/$ARCH/boot. For example, on IA32
systems we can verify this with:
#ls -l arch/i686/boot
STEP 9:
There is one more step needed for the build process, however. You have created the kernel, but now you need to
create all the loadable modules if you have them configured. Be aware that typical distribution kernels tend to
have almost every feature installed, plus a few others for good measure. These can typically take an hour or so to
build. The stock kernels are somewhat leaner by default and take, on average, 25 minutes to compile. To build
the modules we run:
#make modules
STEP 10:
Again, lots of messages will scroll by on the screen. Here also the 2.6.x series is less talkative, outputting only
summary information. Once the modules are built they can be installed. To install the modules run:
#make modules_install

STEP 11:
Now it’s the time to install our new kernel. Simply run the make install command. It should automatically
update the GRUB boot loader configuration file /boot/grub/grub.conf, create initial ram disk image
(/boot/initrd-2.6.6-custom_ker-6) and place the new kernel (/boot/vmlinuz-2.6.6-
custom_ker-6) under /boot directory.
#make install
STEP 12 (CHECKING EVERYTHING):
Check the following:
The new image file should be installed on boot and there should be sym link to it. Latest kernel is 2.6.3-
custom_ker-6, and I got the "-custom_ker-6" from the values I put in the Makefile, see the following:
ls –l /boot
vmlinuz -> vmlinuz-2.6.3-custom_ker-6
System.map -> System.map-2.6.3-custom_ker-6
/boot/grub/grub.conf Should have been automatically updated from make.
In /boot/grub/grub.conf change "default=0" to boot with the new kernel. Here's an example of
grub.conf:
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making
# NOTICE: You have a /boot partition.
#boot=/dev/hda
default=0
timeout=10
splashimage=(hd0,2)/grub/splash.xpm.gz
title Red Hat Linux (2.6.3-custom_ker-6)
root (hd0,2)
kernel /vmlinuz-2.6.3-custom_ker-6 ro root=LABEL=/
initrd /initrd-2.6.3-custom_ker-6.img
You added the mount command for sys in /etc/rc.sysinit
CONFIG_EXT3_FS=y was used in the .config
Run /sbin/lsmod or cat /proc/modules to make sure a 2.4 kernel module wasn't forgotten. Also
look at "#cat /proc/iomem"
Lastly: reboot the system tryout the new kernel. Use the uname –r command to see the current kernel version.
#uname –r
2.6.6-custom_ker

Linux Administration – Dumb Terminal Page 145 of 167
25. Configuring Dumb Terminal

In a corporate environment with large numbers of Linux servers racked in data centers it’s not easy and affordable
to provide a Monitor (console) to each one of the server. Instead we can use a Dumb Terminal to connect to the
server by using one of its COM port. In this chapter we will see how to connect to a Linux from a dumb terminal.
Preparing To Go “Headless”
One of the advantages of this method is that you don't need a keyboard either. Unfortunately your BIOS
may halt the system during the Power On Self Test (POST) if it doesn't detect a keyboard. Make sure you
disable this feature in the BIOS setup of your PC before proceeding. This feature can usually be found on
the very first screen under the “Halt On” option.
You will also need to make sure that you have activated your COM ports in your BIOS settings.
For non-modem connectivity (PC to PC) connect a NULL modem cable to the COM port you want to test,
connect the other end to the client PC running "Hyperterm" or whatever terminal emulation software you
are using. One popular Linux equivalent to Hyperterm is “minicom”.
Configuration Steps
In RedHat Linux, the COM1 and COM2 ports are controlled by a program called "agetty", but "agetty" usually
isn't activated when you boot up unless its configuration file /etc/inittab is modified. In other versions of Linux,
"agetty" may be called just plain "getty". Here is a table that lists the physical ports to their equivalent Linux
device names.
Port Linux "agetty"

Device Name
COM1 ttyS0
COM2 ttys1
The following lines added to /etc/inittab will configure your COM ports for terminal access:
# Run COM1 and COM2 gettys in standard runlevels
S0:235:respawn:/sbin/agetty -L 9600 ttyS0 vt100
S1:235:respawn:/sbin/agetty -L 9600 ttyS1 vt100
Warning: The system will HANG if one of ttyS0 or ttyS1 is connected to Mouse or other devices are using the
particular port. In such case check the back panel of the system, find the proper port and mention only that
particular port in /etc/inittab i.e either ttyS0 or ttyS1. If the mouse is PS/2 type or both the ports are not
in use then there shouldn’t be any problem.
The next step is to restart the "init" process to re-read /etc/inittab
[root@skynet tmp]# init q
Now you need to configure the terminal client such “as Hyperterm” to match the speed settings in /etc/inittab.
Connect the console / modem cable between the client and your Linux box. Hit "enter" a couple times and you
see something like this:
Red Hat Linux release 9 (Shrike)
Kernel 2.4.18-14 on an i686
skynet login:
Note: By default, user "root" will not be able to log in from a terminal. To do this you'll have to edit the
/etc/securetty file which contains the device names of tty lines on which root is allowed to login. Just add
ttyS0 and ttyS1 to the list if you need this access.

Linux Administration – Software RAID Page 146 of 167
26. Software RAID

The main goal of using Redundant Arrays of Inexpensive Disks (RAID) is to either improve disk data performance
and/or provide data redundancy.
RAID can be handled either by the operating system software or it may be implemented via a purpose built RAID
disk controller card without having to configure the operating system at all. This chapter will explain how to
configure the software RAID schemes supported by RedHat / Enterprise/ Fedora Linux.
26.1 RAID Types

26.1.1 RAID 0
With RAID 0 the RAID controller tries to evenly distribute data across all disks in the RAID set.
RAID 0 aims to accommodate large file systems spread over multiple devices with no data redundancy. The
advantage of RAID 0 is data access speed. A file that is spread over four disks can be read four times as fast.
You should also be aware that RAID 0 is often called "striping".
RAID 0 can accommodate disks of unequal sizes. When RAID runs out of "striping space" on the smallest device,
it then continues the striping using the available space on the remaining drives. When this occurs, the data
access speed is lower for this portion of data as the total number of RAID drives available is reduced. It is for this
reason that RAID 0 is best used with equal sized drives.
Following figure illustrates the data allocation process in RAID 0.
26.1.2 RAID 1
With RAID 1, data is cloned on a duplicate disk. This RAID method is therefore frequently called "disk mirroring".
A good analogy would be telling two people the same story so that if one forgets some of the details you can ask
the other one to remind you.
When one of the disks in the RAID set fails, the other one continues to function. When the failed disk is replaced,
the data is automatically cloned to the new disk from the surviving disk. RAID 1 also offers the possibility of using
a "hot standby" spare disk which will be automatically cloned in the event of a disk failure on any of the primary
RAID devices.

RAID 1 offers data redundancy, without the speed advantages of RAID 0. A disadvantage of software based
RAID 1 is that the server has to send data twice to be written to each of the mirror disks. This can saturate data
busses and CPU utilization. With a hardware based solution, the server CPU sends the data to the RAID disk
controller once, and the disk controller then duplicates the data to the mirror disks. This makes RAID capable disk
controllers the preferred solution when implementing RAID 1.
A limitation of RAID 1 is that the total RAID size in Gigabytes is equal to that of the smallest disk in the RAID set.
Unlike RAID 0, the extra space on the larger device isn't used.
Following figure illustrates the data allocation process in RAID 1.
26.1.3 RAID 5
RAID 5 improves on RAID 4 by striping the parity data between all the disks in the RAID set, This avoids the
parity disk bottleneck while maintaining many of the speed features of RAID 0 and the redundancy of RAID 1.
Like RAID 4, RAID 5 can only survive the loss of a single disk. Linux RAID 5 requires a minimum of three disks /
partitions.
Specially built hardware based RAID disk controllers are available for both IDE and SCSI drives. They usually
have their own BIOS, so you can configure them right after your system's the power on self test (POST).
Hardware based RAID is transparent to your operating system, the hardware does all the work.
If hardware RAID isn't available then you should be aware of these basic guidelines to follow when setting up
software RAID.
Followinf figure illustrates the data allocation process in RAID 5.

Before You Start
26.2 SCSI and IDE

26.2.1 IDE Drives
Following are IDE disks limitations:
The total length of an IDE cable can only be a few feet long which generally limits their use to small home
systems.
IDE drives do not "hot swap". You cannot replace them while your system is running.
Only two devices can be attached per controller.
The performance of the IDE bus can be degraded by the presence of a second device on the cable.
The failure of one drive on an IDE bus often causes the malfunctioning of the second device. This can be
fatal if you have two IDE drives of the same RAID set attached to the same cable.
It is for these reasons that it is recommended to use only one IDE drive per controller when using RAID,
especially in a corporate environment.
26.2.2 SCSI Drives

SCSI hard disks have a number of features that make them more attractive for RAID use.
SCSI controllers are more tolerant of disk failures. The failure of a single drive is less likely to disrupt the
remaining drives on the bus.
SCSI cables can be several meters long, making them suitable for data center applications.
Much more than two devices may be connected to a SCSI cable bus. It can accommodate 7 (single-
ended SCSI) or 15 (all other SCSI types) devices.
Some models of SCSI devices support "hot swapping" which allows you to replace them while the system
is running.
However SCSI drives tend to be more expensive than IDE drives.
Software RAID Partitions Or Entire Disks?

It is generally a not a good idea to share RAID configured partitions with non RAID partitions. The reason for this
is obvious as a disk failure could still incapacitate a system.
If you decide to use RAID, all the partitions on each RAID disk should be part of a RAID set.
Backup Your System First
Software RAID creates the equivalent of a single RAID virtual disk drive made up of all the underlying regular
partitions used to create it. You will have to format this new RAID device before your Linux system will be able to
store files on it. This will cause all the old data on the underlying RAID partitions to be lost.
It is best to backup the data on these and any other partitions on the disk drive on which you want implement
RAID. A mistake could unintentionally corrupt valid data.
26.3 Configure RAID In Single User Mode

As you will be modifying the disk structure of your system you should also consider configuring RAID while your
system is running in single user mode from the VGA console. This will make sure that most applications and
networking will be shutdown and that all other users will not be able to access the system. This will reduce the risk
of data corruption during the exercise.
26.3.1 Configuring Software RAID

Configuring RAID using Fedora Linux requires a number of steps that need to be followed carefully. In our
example we'll be configuring RAID 5 using a system with three pre-partitioned hard disks. Make sure you
create these partitions on SCSI Disk array. The partitions to be used will be:
/dev/sdb1
/dev/sdc1
/dev/sdd1
You'll need to adapt the various stages outlined below to your particular environment.
RAID Partitioning
You will first need to identify two or more partitions, each on a separate disk. If you are doing RAID 0 or RAID 5,
the partitions should be of approximately the same size, as in this scenario, RAID will limit the extent of data
access on each partition to an area no larger than that of the smallest partition in the RAID set.
Determining Available Partitions
Use the "fdisk -l" command to view all the mounted and unmounted filesystems available on your system.
Prepare The Partitions With FDISK
You have to change each partition in the RAID set to be of type FD (Linux raid autodetect). This can be
done using fdisk. Here is an example using /dev/sdb1
[root@skynet tmp]# fdisk /dev/sdb
The number of cylinders for this disk is set to 8355.

There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help):
Use FDISK Help
We now use the fdisk "m" command to get some help
Command (m for help): m
...
...

p print the partition table

q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
...
...
Command (m for help):
Set The ID Type To FD
Partition /dev/sdb1 is the 1st partition on disk /dev/hde. We now modify its "type" using the "t" command and then
specifying the partition number and type code. We also use the "L" command to get a full listing of ID types in
case we forget.
Command (m for help): t
Partition number (1-5): 1
Hex code (type L to list codes): L
...
...
...
16 Hidden FAT16 61 SpeedStor a9 NetBSD f2 DOS
secondary
17 Hidden HPFS/NTF 63 GNU HURD or Sys ab Darwin boot fd Linux raid
auto
18 AST SmartSleep 64 Novell Netware b7 BSDI fs fe LANstep
1b Hidden Win95 FA 65 Novell Netware b8 BSDI swap ff BBT
Hex code (type L to list codes): fd
Changed system type of partition 1 to fd (Linux raid autodetect)
Make Sure The Change Occurred
Use the "p" command to get the new proposed partition table
Disk /dev/hde: 4311 MB, 4311982080 bytes


/dev/sdb1 1 4088 2060320+ fd Linux raid autodetect
/dev/sdb2 4089 5713 819000 83 Linux
Save The Changes
Use the "w" command to permanently save the changes to disk /dev/hde.
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or
resource busy.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
[root@skynet tmp]#
The error above will occur if any of the other partitions on the disk is mounted.
Repeat For The Other Partitions
Seps for changing the IDs for /dev/sdc1 and /dev/sdd1 are very similar.

Edit the RAID Configuration File

The Linux RAID configuration file is /etc/raidtab. Templates for this file may be found in the
/usr/share/doc/raidtools* directory and explanation of the various parameters can be viewed with the
command "man raidtab".
General Guidelines
When configuring RAID 5 a "parity-algorithm" setting must be used.
The "raid-disk" parameters for each partition in the /etc/raidtab file are numbered starting at "0". For
example, if you have four partitions for RAIN, they would be numbered 0, 1, 2 & 3.
For RAID levels 1, 4 and 5 /etc/raidtab "persistent-superblock" must be set to "1" in order for the RAID
autodetect feature (partition type FD) to work.
For all RAID versions, "persistent-superblock" must be set to "0"
In our example:
We configure RAID 5 on using each of the desired partitions on the 3 disks (sdb1, sdc1 sdd1). The set of 3
RAID disks will be called /dev/md0.
#
# sample raiddev configuration file
# 'old' RAID0 array created with mdtools.
#
raiddev /dev/md0
raid-level 5
nr-raid-disks 3
persistent-superblock 1
chunk-size 32
parity-algorithm left-symmetric
device /dev/sdb1
raid-disk 0
device /dev/sdc1
raid-disk 1
device /dev/sdd1
raid-disk 2
26.3.2 Create the RAID Set

The mkraid command creates the RAID set by reading the /etc/raidtab file. In this case we want to create the
logical RAID device /dev/md0
[root@skynet tmp]# mkraid /dev/md0
analyzing super-block
disk 0: /dev/sdb1, 104391kB, raid superblock at 104320kB
disk 1: /dev/sdc1, 104391kB, raid superblock at 104320kB
disk 2: /dev/sdd1, 104391kB, raid superblock at 104320kB
Confirm RAID Is Correctly Inititalized
The /proc/mdstat file provides the current status of all RAID devices. Confirm that the initialization is finished
by inspecting the file and making sure that there are no initialization related messages.
[root@skynet tmp]# cat /proc/mdstat
Personalities : [raid5]
read_ahead 1024 sectors
md0 : active raid5 sdd1[2] sdb1[1] sdc1[0]
4120448 blocks level 5, 32k chunk, algorithm 3 [3/3] [UUU]
unused devices: <none>
Format The New RAID Set

Your new RAID device will now have to be formatted. In the example below:
We use the "-j" qualifier to ensure that a journaling file systems is created.
A block size of 4KB (4096 bytes) is used with each chunk being comprised of 8 blocks. It is very important
that the "chunk-size" parameter in the /etc/raidtab file match the value of the block size multiplied by
the stride value in the command below. Note: If the values don't match, then you will get parity errors.
[root@skynet tmp]# mke2fs -j -b 4096 -R stride=8 /dev/md0
mke2fs 1.32 (09-Nov-2002)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
516096 inodes, 1030160 blocks
51508 blocks (5.00%) reserved for the super user
First data block=0
32 block groups
32768 blocks per group, 32768 fragments per group
16128 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736
Writing inode tables: done

Creating journal (8192 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 26 mounts or

180 days, whichever comes first. Use tune2fs -c or -i to override.
Load The RAID Driver For The New RAID Set

The next step is make the Linux operating system fully aware of the RAID set by loading the driver for the new
RAID set using the raidstart command.
[root@skynet tmp]# raidstart /dev/md0
Create A Mount Point For The RAID Set
The next step is to create a mount point for /dev/md0. In this case we'll create one called /mnt/raid
[root@skynet mnt]# mkdir /mnt/raid
Edit The /etc/fstab File
The /etc/fstab file lists all the partitions that need to be mounted when the system boots.
Add an Entry for the RAID set

We'll now add an entry for the /dev/md0 device. Here is an example of a line that could be used:
/dev/md0 /mnt/raid ext3 defaults 1 2
Note: It is very important that you DO NOT use labels in the /etc/fstab file for RAID devices, just use the real
device name such as "/dev/md0". On startup, the /etc/rc.d/rc.sysinit script checks the /etc/fstab file for
device entries that match RAID set names in the /etc/raidtab file. It will not automatically start the RAID set driver
for the RAID set if it doesn't find a match. Device mounting then occurs later on in the boot process. Mounting a
RAID device that doesn't have a loaded driver can corrupt your data giving the error below.
Mount The New RAID Set
The mount command can now be used to mount the RAID set.
Using the automount feature

The mount command's "-a" flag will cause Linux to mount all the devices in the /etc/fstab file that have
automounting enabled (default) and that are also not already mounted.
[root@skynet tmp]# mount -a
Manually Mounting the RAID Set
You can also mount the device manually.
[root@skynet tmp]# mount /dev/md0 /mnt/raid
Check The Status Of The New RAID

The /proc/mdstat file provides the current status of all the devices. When the raid driver is stopped, the file has
very little information as seen below
[root@skynet tmp]# raidstop /dev/md0
More information, including the partitions of the RAID set, is provided once the driver is loaded using the raidstart
command.
[root@skynet tmp]# raidstart /dev/md0
md0 : active raid5 sdd1[2] sdb1[1] sdc1[0]
4120448 blocks level 5, 32k chunk, algorithm 3 [3/3] [UUU]

Linux Administration – Glossary Page 154 of 167
Glossary of Common Linux Terms

(A)
Account Name – Same as Login ID, User ID, or User Name. The name assigned to a user on a UNIX/Linux
system. Multiple users can be set up on a system with unique account names, each with varying access
(permission) levels. After Linux installation, account names are assigned by the Superuser, or root operator.
Awk – (Aho, Weinberger, and Kernighan) – A programming language useful for its pattern matching syntax, and
often used for data retrieval and data transformation. A GNU version is called Gawk.
APM (Advanced Power Management) – An industry standard for allowing the system processor and various
components to enter power-saving modes, including suspend, sleep and off. APM software is especially important
for mobile devices, because it saves battery power.
Archive – A single large file containing multiple files, usually compressed to save storage space. Often created
to facilitate transferring between computers. Popular archival formats include ARJ, TAR, ZIP and ZOO. Also, to
create such an archive file.
(B)
Background Process – A program that is running without user input. A number of background processes can
be running on a multitasking operating system, such as UNIX/Linux, while the user is interacting with the
foreground process (for example, data entry). Some background processes–daemons, for example–never require
user input. Others are merely in the background temporarily while the user is busy with the program presently
running in the foreground.
Bash – (Bourne Again SHell) – An enhanced version of the Bourne Shell. (Also, see Korn Shell.)
BDF Fonts – A variety of bitmapped fonts for the X Window System. (Also, see PostScript Fonts and TrueType
Fonts.)
Bin – A directory containing executable programs, primarily binary files.
Binaries – Source code that has been compiled into executable programs. In the UNIX/Linux world, some
software is distributed as source code only; other packages include both source and binaries; still others are
distributed only in binary format.
Bootstrap – is using a much smaller initial program to load in the desired program (which is
usually an operating system).
Boot Disk – A diskette (floppy) containing enough of an operating system (such as Linux) to
boot up (start) the computer and run some essential programs from the command line. This
may be necessary if the system was rendered non-bootable for some reason. A boot disk can
be used to partition and format the hard drive, restore the Master Boot Record, or copy
specific files, among other things.
Bot – Short for Robot. A program designed to search for information on the Internet with little human intervention.
Bourne Shell – A popular command line shell offering many advantages over the DOS command prompt. (Also,
see Bash and Korn Shell.)
BSD – (Berkeley Software Distribution) UNIX – UNIX distribution from University of California at Berkeley (Also,
see FreeBSD.)
Bzip2 – A newer file compression program for UNIX/Linux, providing smaller file sizes than Gzip
(C)
CGI (Common Gateway Interface) – Used on Web servers to transmit data between scripts and/or
applications and then return the data to the Web page or browser. CGI scripts are often created using the Perl
language, and can generate dynamic Web content (including e-commerce shopping baskets, discussion groups,
survey forms, current news, etc.).

CHS – (Cylinder/Head/Sector) – Disk information required by FDISK during partitioning. Client – A machine that
requests services (e-mail, for example) from a server.
CLU – (Command Line Utility) – A program that is run from a command line session, or shell, such as Tar or
Mkdir
Cluster – A network of workstations (PCs or other) running Linux. (Also, see Beowulf.)
Command Line Interface (CLI) – A full-screen or windowed text-mode session where the user executes
programs by typing in commands with or without parameters. The CLI displays output text from the operating
system or program and provides a command prompt for user input.
Compiler – A program used to turn programming source code into an executable program.
Console Application – A command line program that does not require (or perhaps even
offer) a graphical user interface to run.
Cron – A Linux daemon that executes specified tasks at a designated time or interval.
CSV – Comma Separated Value file contains the values in a table as a series of ASCII text lines organized so
that each column value is separated by a comma from the next column's value and each row starts a new line.
CUPS – Common Unix Printing System provides a portable printing layer for UNIX and linux based operating
systems
(D)
Daemon – A background process of the operating system that usually has root security level permission. A
daemon usually lurks in the background until something triggers it into activity, such as a specific time or date,
time interval, receipt of e-mail, etc.
Desktop – The operating system user interface, which is designed to represent an office esk with objects on it.
Rather than physical telephones, lamps, in/out baskets, etc., the perating system desktop uses program and data
icons, windows, taskbars, and the like. here are many different desktop environments available for Linux,
including KDE, NOME, and X11, that can be installed by a user. (Also, see GUI, Window manager and X Window
System.)
Device Driver – A program that serves as an intermediary between the operating system nd a device (ports,
drives, monitors, printers, etc.) defining to the operating system what apabilities the device has and translating the
operating system commands into nstructions the device understands.
Distribution – A packaging of the Linux kernel (core) with various user interfaces, utilities, drivers, and other
software into a user deliverable. Often available as a free download or in a low-cost CD-ROM package. Popular
distributions include Caldera OpenLinux, CoreLinux, Debian, Red Hat, Slackware, SuSE, TurboLinux and others.
(E)
Emacs (Editing with MACroS) – A popular text editor.
Enlightenment – One of several user interfaces (window managers). For more on fterStep, go to
www.afterstep.org. (Also, see AfterStep, GNOME, KDE and X Window system.)
Elm – was a popular e-mail program for users of Unix or linux based operating systems that runs in a cmd line
mode (like reading email in DOS).
Errata – Redhat has lots of this stuff
EXT2 – Extended File System Version 2 is probably the most widely used filesystem in the Linux community. It
provides standard Unix file semantics and advanced features. Moreover, thanks to the optimizations included in
the kernel code, it is robust and offers excellent performance.
EXT3 – Extended File System Version 3 Ext3 support the same features as Ext2, but includes also Journaling. A
journaling file system uses a separate area called a log or journal. Before metadata changes are actually
performed, they are logged to this separate area. The operation is then performed. If the system crashes during
the operation, there is enough information in the log to "replay" the log record and complete the operation.

(F)
File System – A set of programs that tells an operating system how to access and nterpret the contents of a
disk or tape drive, or other storage medium. Common file reparing Today for Linux Tomorrow systems include:
FAT and FAT-32 (DOS/Windows), HPFS (OS/2), NFS, NTFS (Windows NT/2000), and others.
Filter – A program that reads data (from a file, program output or command line entry) as input, processes it
according to a set of predefined conditions (for example, sorted lphabetically) and outputs the processed data.
Some filters include Awk, Grep, Sed and sort.
Finger – A UNIX/Linux command that provides information about users that are logged on.
Foreground Process – In a multitasking operating system, such as UNIX/Linux, the foreground process is the
program that the user is interacting with at the present time (for example, data entry). Different programs can be
in the foreground at different times, as the user jumps between them. In a tiered windowing environment, it is the
topmost window.
FreeBSD – (Free Berkeley Software Distribution) – Similar to Linux in that it includes many GNU programs and
runs many of the same packages as Linux. However, some kernel functions are implemented differently. (Also,
see BSD UNIX.)
FTP – (File Transfer Protocol) – A method of transferring files to and from other computers–often software
repositories.
(G)
GCC – (GNU C Compiler) – A high-quality C compiler governed by the GPL.
GIMP – (GNU Image Manipulation Program) – A popular image editor/paint program for Linux.
GNOME (GNU Network Object Model Environment) – One of several user interfaces (window managers) for
Linux, built with Gtk. For more on GNOME, go to www.gnome.org. (Also, see AfterStep, Enlightenment, KDE and
X Window System.)
GNU – (GNU is Not Unix) Project – An effort of the Massachusetts Institute of Technology (MIT) Free Software
Foundation (FSF) to develop and promote alternatives to proprietary UNIX implementations. GNU software is
licensed under the GPL.
GNU/Linux – Same as Linux. So-called because many of the components included in a Linux distribution are
GNU tools.
GPL – (GNU General Public License) – A common usage and redistribution license. Visit
www.linuxdoc.org/LDP/gs/app-gpl/node1.html to see a copy of the GPL agreement.
Grep – (Global Regular Expression and Print) – A tool that searches files for a string of text and outputs any line
that contains the pattern
Grub – A linux bootloader is the first software program that runs when a computer starts. It is responsible for
loading and transferring control to the operating system kernel software. The kernel then starts the rest of the
operating system.
Gtk/Gtk+ – (GIMP ToolKit) – A powerful, fast open source graphics library for the X window System on
UNIX/Linux, used by programmers to create buttons, menus and other graphical objects. (Also, see GNOME,
Motif and Qt.)
GUI (Graphical User Interface) – The collection of icons, windows, and other onscreen graphical images that
provide the user’s interaction with the operating system. (Also, see Desktop and Window manager.)
Gzip – (GNU zip) – The original file compression program for UNIX/Linux. Recent versions produce files with a
.gz extension. (A .z or .Z extension indicates an older version of Gzip.) Compression is used to compact files to
save storage space and reduce transfer time. (When combined with Tar, the resulting file extensions may be .tgz,
.tar.gz or .tar.Z.)
(H)

Home Directory – The directory the user is placed in after logging on.
HTML – (Hyper Text Markup Language) – The standard markup language for designing Web pages. Markup
“tags,” or formatting commands, allow the Web page designer to specify highlighting, position graphics, create
hyperlinks, etc.
HTTP – (Hyper Text Transport Protocol) – The set of guidelines created for requesting and sending HTML-based
Web pages.
(I)
Init – The first process to run immediately after the operating system loads. It starts the system in single-user
mode or spawns a shell to read the startup files, and opens ports designated as login ports.
IRC Internet relay chat. A older system of chatting online using the Internet. These can be more like the wild west
days since there is usally little to no direct control or moderation of these.
(J)
Java® – An object-oriented programming language developed by Sun Microsystems® to be operating system
independent. Java is often used on Web servers. Java applications and applets are sometimes offered as
downloads to run on users’ systems. Java programming can produce applications, or smaller Java “applets.” Java
is a somewhat simplified version of the C++ language, and is normally interpreted rather than compiled.
Java Applets – Small Java programs that are embedded in a Web page and run within a browser, not as a
stand-alone application. Applets cannot access some resources on the local computer, such as files and serial
devices (modems, printers, etc.), and generally cannot communicate with other computers across a network.
JavaBeans – component architecture for the Java language. JavaBeans components are called Beans.
JavaScript – A cross-platform World Wide Web scripting language, vaguely related to Java. It can be used as a
server-side scripting language, as an embedded language in server-parsed HTML, and as an embedded
language for browsers.
JDK – (Java Development Kit) – A Java programming toolkit from Sun, IBM or others, available for UNIX/Linux
and other operating systems.
JFS – (Journaled/Journaling File System) – A file system that includes built-in backup/recovery capabilities.
Changes to the index are written to a log file before the changes take effect so that if the index is corrupted (by a
power failure during the index write, for example), the index can be rebuilt from the log, including the changes.
JVM – (Java Virtual Machine) – A Java runtime environment, required for the running of Java programs, which
includes a Java interpreter. A different JVM is required for each unique operating system (Linux, OS/2, Windows
98, etc.), but any JVM can run the same version of a Java program.
(K)
KDE – (K Desktop Environment) – One of several user interfaces (window managers) for Linux, built with Qt. For
more on KDE, go to www.kde.org. (Also, see AfterStep, Enlightenment, GNOME and X Window System.)
Kernel – The core of the operating system, upon which all other components rely. The kernel manages such
tasks as low-level hardware interaction and the sharing of resources, including memory allocation, input/output,
security, and user access.
Korn Shell – An enhanced version of the Bourne Shell, including extensive scripting support and command line
editing. It supports many scripts written for the Bourne Shell. (Also, see Bash.)
(L)
LGPL (Library GPL) – A variation of the GPL that covers program libraries.
LILO – (LInux LOader) – A popular partition boot manager utility, capable of booting to operating systems other
than Linux. It is not file system-specific.

Linux – An open source UNIX-like operating system, originally begun by Linus Torvalds. “Linux” really refers to
only the operating system kernel, or core. More than 200 people have contributed to the development of the Linux
kernel. The rest of a Linux distribution consists of various utilities, device drivers, applications, a user interface
and other tools that generally can be compiled and run on other UNIX operating systems as well.
Lindows – is a low-cost commercial Linux-based operating system with a user interface similar to the latest
Microsoft Windows operating system. Although Lindows is proprietary and is not open source like Linux, Lindows
is less expensive than Windows XP.
LISA – (Lisp-based Intelligent Software Agents) is a production-rule system heavily influenced by JESS (Java
Expert System Shell). It has at its core a reasoning (artifical intelligence) engine based on the Rete pattern
matching algorithm. LISA also provides the ability to reason over ordinary CLOS objects.
Log – To store application or system messages or errors. Also, a file that holds this information.
Lynx – A popular non-graphical (text-based) Web browser.
(M)
Macro – A set of instructions stored in an executable form. Macros may be applicationspecific (such as a
spreadsheet or word processing macro that performs specific steps within that program) or general-purpose (for
example, a keyboard macro that types in a user ID when Ctrl-U is pressed on the keyboard).
Man – The UNIX/Linux command for reading online manual pages.
MBR (Master Boot Record) – The first physical sector on a bootable disk drive. The place where the system
BIOS looks when the computer is first booted, to determine which partition is currently active (bootable), before
reading that partition’s first (boot) sector and booting from the partition.
Mesa – An implementation of the OpenGL (Open Graphics Library) API (Application Programming Interface). It
provides standard guidelines and a toolset for writing 2D and 3D hardware-assisted graphics software.
MIME (Multipurpose Internet Mail Exchange) – A communications protocol that allows text e-mail messages to
include non-textual (graphics, video or audio, for example) data.
Motif – A powerful proprietary graphics library for UNIX/Linux, developed by the Open Software Foundation
(OSF) and used by programmers to create buttons, menus and other graphical objects for the X Window System.
Mozilla – was Netscape Communication's nickname for Navigator, its Web browser, and, more recently, the
name of an open source public collaboration aimed at making improvements to Navigator.
Mount – Identify a disk drive to the file system before use.
Multitasking – The ability of an operating system to run more than one program, or task, at a time. A
cooperative multitasking OS, like Windows 95/98, requires one application to voluntarily free up resources upon
request so another application can use it. A preemptive multitasking OS, such as UNIX/Linux, Windows NT/2000
or OS/2, frees up resources when ordered to by the operating system, on a time-slice basis, or a priority basis, so
that one application is unable to hog resources when they are needed by another program.
Multithreading – The ability of an operating system to concurrently run programs that have been divided into
subcomponents, or threads. Multithreading, when done correctly, offers better utilization of processors and other
system resources. Multithreaded programming requires a multitasking/multithreading operating system, such as
UNIX/Linux, Windows NT/2000 or OS/2, capable of running many programs concurrently. A word processor can
make good use of multithreading, because it can spell check in the foreground while saving to disk and sending
output to the system print spooler in the background.
(N)
NFS (Network File System) – A file system that allows the sharing of files across a network or the Internet.
(O)
Object-Oriented – A software development methodology that offers the programmer standard reusable
software modules (components), rather than requiring the developer to write custom programming code each
time. Using standard components reduces development time (because the writing and testing of those

components has already been done by other programmers), and ensures a standard look and feel for programs
using the same components.
OO – See Object-Oriented.
Open Source – A somewhat ambiguous term that refers to software that is released with its source code. The
fact that the source code is provided does not necessarily mean that users can modify and redistribute the source
code. The term is sometimes used interchangeably with “free software,” although they are not always the same.
OSS (Open Sound System) – A device driver for accessing sound cards and other audio devices under
UNIX/Linux. It evolved from the Linux Sound Driver, and supports most popular audio chips and adapters.
OSS (Open Source Software) – See Open Source.
(P)
PAM (Pluggable Authentication Modules) – A replaceable user authentication module for system security, which
allows programs to be written without knowing which authentication scheme will be used. This allows a module to
be replaced later with a different module without requiring rewriting the software.
Panel – The name for the Linux equivalent of the Windows Taskbar.
Partition – A contiguous section of a disk drive that is treated by the operating system as a physical drive. Thus,
one disk drive can have several drive letters assigned to it.
PCF fonts – A variety of bitmapped fonts to be used with the X Window System.
PD – See Public Domain.
PDF (Portable Document Format) files – Binary files created with Adobe Acrobat or other programs capable of
producing output in this format. Used for producing operating system-independent documents, which can be
viewed using Acrobat Reader or other programs, including Web browsers equipped with an Acrobat Reader plug-
in.
Perl (Practical Extraction and Report Language) – A common scripting/programming language. It is often used
on UNIX/Linux Web servers for generating CGI scripts.
PGP (Pretty Good Privacy) – A high-security, public-key data encryption program for UNIX/Linux and other
operating systems.
PHP is a script language and interpreter that is freely available and used primarily on Linux Web servers.
Piping Symbol – The | keyboard character (the Shift-Backslash character above the Enter key on a typical 101-
key keyboard). It is often used to feed the output from one command or program to another. For example, history |
grep mcopy sends the contents of the .bash_history file (via the history command) to the grep program, searching
for the string “mcopy”. (Also, see Append Symbol and Redirection Symbol.)
Pine is a program for Internet News & Email - is a tool for reading, sending, and managing electronic messages.
PL file extension for a perl script
Port/Ported/Porting – The process of taking a program written for one operating system platform and
modifying it to run on another OS with similar functionality. There is generally little or no attempt to customize the
program to take advantage of the unique capabilities of the new operating system, as opposed to optimizing an
application for a specific operating system.
Portable – A term referring to software that is designed to be use on more than one operating system with only
minor modifications and recompilation.
POSIX (Portable Operating System Interface for uniX) – A set of programming interface standards governing
how to write application source code so that the applications are portable between operating systems. POSIX is
based on UNIX and is the basis for the X/Open specification of The Open Group.
PostScript – A page description language developed by Adobe Systems that tells a printer how to display text
or graphics on a printed page.
PostScript Fonts – A wide variety of fonts that can be used with OS/2, MS Windows and the X Window System.
Font files include those with .afm, .pfa and .pfb extensions. Sometimes called Adobe Type 1 fonts, or ATM

(Adobe Type Manager) fonts. PostScript fonts typically require a PostScript-compatible printer. (Also, see BDF
Fonts and TrueType Fonts.)
Process – An executing program. (Also, see Multitasking and Multithreading.) Public Domain – Software that is
available to be used and modified by anyone, for any purpose, and may even be incorporated for distribution in
commercial software. Public domain software is not copyrighted, and no rights are retained by the author.
Public Key Encryption – A method of data encryption that involves two separate keys: a public key and a
private key. Data encrypted with the public key can be decrypted only with the private key and vice versa.
Typically, the public key is published and can be used to encrypt data sent to the holder of the private key, and
the private key is used to sign ata.
Python – An object-oriented p-code programming language.
(Q)
Qt – A powerful, fast open source graphics library for the X Window System on UNIX/Linux, which is used by
programmers to create buttons, menus, and other graphical objects. (Also, see Gtk/Gtk+ and KDE.)
Queue – (Sometimes incorrectly spelled Que.) A list of tasks awaiting execution, as in “the print queue.”
Qmail – is one of the more popular email servers also called a SMTP server
(R)
RAID (Redundant Array of Independent/Inexpensive Disks/Devices) – A method of providing data redundancy,
improved performance and/or quick data recoverability from disk crashes, by spreading or duplicating data across
multiple disk drives. Commonly used RAID types include RAID 0 (Data Striping), RAID 1 (Disk Mirroring) and
RAID 5 (Striping with Distributed Parity). RAID configurations typically require SCSI disk drives (not IDE/EIDE)
and may require identical drives (same capacity, brand, etc.). RAID arrays appear to the operating system as a
single device.
RC File – A script file containing the startup instructions for a program (an application or even the operating
system). The file, to be executed automatically when the operating system is started, contains a list of instructions
(commands or other scripts) to run.
RCS (Revision Control System) – A suite of programs that controls shared access to files in a group environment
and tracks text file changes. Generally used for maintaining programming source code modules.
Rdev – A utility for obtaining information about a Linux system. It is used to query and set the image root device,
the video mode, the swap device and a RAM disk.
Redirection Symbol – The > keyboard character. It is often used to send the output from a
command to a text file. For example, ls -a > output.txt sends the current directory list to a file
called output.txt. Repeating the command will replace the content of the file with new data.
(Also, see Append Symbol and Piping Symbol.)
RFS (Remote File Sharing) – A program that lets the user access files on another computer as if they were on
the user’s system.
Root Operator – The user ID with authority to perform all system-level tasks. (Also called Superuser)
Root Window – The underlying session in which the Linux desktop runs.
RPM (RPM Package Manager) – A packaging and installation tool for Internet downloads, included with some
Linux distributions. It produces files with a .RPM extension. Similar to Dpkg.
(S)
Script – A set of commands stored in a file. Used for automated, repetitive, execution.
Session – A complete interaction period between the user and the operating system, from login to logoff.

Shareware – A form of commercial software, where it is offered as “try before you buy”. If the customer
continues to use the product after a short trial period, they are required to pay a specified, usually nominal, fee.
(Also, see Open Source and Public Domain.)
Shell – A text-mode window containing a command line interface to the operating system.
Shell Prompt – The user input area of a shell. Whereas in a DOS shell the command prompt is designated by a
Greater Than (>) symbol, in Linux it is usually a Percent (%) symbol, Dollar sign ($) or other special character,
depending on the shell used.
Shell Script – A script designed to be run automatically when a shell is started.
SHTTP (Secure Hyper Text Transport Protocol) – A secure, encrypted version of HTTP used for financial
transactions and other private information sent via the Internet.
Slash (/) – The symbol used in file pathnames, instead of the backslash (\) used in the DOS/Windows and OS/2
operating systems.
Source Code – Programming commands in their raw state as input by a programmer. Some programming
languages allow the commands to be executed on the fly by a program interpreter. Other languages require the
commands to be compiled into executable programs (binaries) before they can be used. In the UNIX/Linux world,
some software is distributed as source code only; other packages include both source and binaries; still others
are distributed in binary format only.
SPAM – Unsolicited email. Currently it is estimated that world wide over 50% of all email is SPAM
Spool (Simultaneous Peripheral Operation On-Line) – To send data to a program that queues up the information
for later use (for example, the print spooler).
SQL (Structured Query Language) – The language used for manipulating records and fields (rows and columns)
in a relational database. Sometimes erroneously pronounced “sequel”.
Steganography – The practice of hiding one piece of information within another. One example is putting an
invisible digital watermark in a digitized photograph.
String – A sequence of characters, as in a “search string.”
Superuser – Usually synonymous with root operator.
Swap – To temporarily move data (programs and/or data files) from random access
memory to disk storage (swap out), or back (swap in), to allow more programs and data to be processed than
there is physical memory to hold it. Also called Virtual Memory.
Swap Space – Where swapped data is temporarily stored on disk. Linux uses a dedicated disk partition for swap
space, rather than a specific swap file.
Symbolic link – An alias or shortcut to a program or file.
Sync – To force all pending input/output to the disk drive.
Syslog – The UNIX/Linux System Logger, where all system messages or errors are stored.
(T)
Tag – A command in a markup language, such as HTML, to display information in a certain way, such as bold,
centered or using a certain font.
Tar (Tape ARchive) – A file packaging tool included with UNIX/Linux for the purpose of assembling a collection of
files into one combined file for easier archiving. It was originally designed for tape backup, but today can be used
with other storage media. When run by itself, it produces files with a .tar extension. When combined with Gzip, for
data compression, the resulting file extensions may be .tgz, .tar.gz or .tar.Z.
Tarball – A file created by the Tar utility, containing one or more other archived and, optionally, compressed
files.
TeX – A popular macro-based text formatter. The basis for other such formatters, including LaTeX and teTeX.
TFTP (Trivial File Transfer Protocol) – A simplified version of FTP without authentication or many other basic
features of FTP.

Thread – A small piece of programming that acts as an independent subset of a larger program, also called a
“process”. A multithreaded program can run much faster than a monolithic, or single-threaded, program because
several, or even many, different tasks can be performed concurrently, rather than serially (sequentially). Also,
threads within a single application can share resources and pass data back and forth between themselves.
Time-sharing – A method of allowing multiple users to share a processor by allocating each user a portion of
the processor resources on a timed basis and rotating each user’s processes within those time segments. (Also,
see Multitasking.)
Torvalds, Linus – The original creator of the Linux kernel in 1991, holder of the Linux copyright, and currently
still the coordinator of the Linux development project.
Touch – A command that changes the date/time stamp of a file without affecting the contents.
TrueType Fonts – A wide variety of fonts designed to be printer-independent, unlike PostScript fonts available
for the Apple Macintosh and Windows. Not commonly used with UNIX/Linux. (Also, see BDF Fonts and
PostScript Fonts.)
Tux – The name of the fictional Linux penguin mascot.
(U)
UNIX – UNIX began as a proprietary operating system developed by Bell Laboratories in the 1960s. It eventually
spawned a number of mutually incompatible commercial versions from such companies as Apple (Mac OS X),
Digital (Digital UNIX), Hewlett-Packard (HPUX), IBM (AIX®), NeXT (NeXTSTEP) and others.
UUCP – A set of programs and protocols that have become the basis for a worldwide network of UNIX computers
named after the UNIX to UNIX Copy Program.
(V)
Virtual Desktop – A method for expanding the user’s workspace beyond the boundaries of the computer
screen. The desktop may be scrollable left and right, up and down, as if a larger desktop were positioned behind
the glass screen and moved around to reveal icons, windows and other objects that were “off-stage,” or out of
view. Alternatively, as with the KDE desktop, multiple buttons may be available, each of which displays an area of
desktop equal to the size of the glass screen and which can each contain different objects.
Virtual Machine – Virtual Machines (VMs) are features of central processor chips that isolate an area of
memory from the rest of the system. Because operating systems and applications run in a “protected mode”
environment, if a program freezes in one Virtual Machine it will not affect the operation of the programs and
operating systems running outside of that Virtual Machine.
Virtual Memory – The process of using a portion of disk space as a temporary storage area for memory
synonymous with Swap.
VRML (Virtual Reality Modeling Language) – A primarily Web-based language used for 3D effects (such as
building walk-throughs).
(W)
Widget – A graphical user interface programming object (button, scrollbar, radio button, etc.) for the X Window
System. (Also, see X Window System.)
Window Manager – The graphical user interface (GUI) that runs on top of X Window to provide the user with
windows, icons, taskbars and other desktop objects.
Wine – is a Windows compatibility layer. Wine does not require Microsoft Windows, as it is a completely
alternative implementation consisting of 100% Microsoft-free code, but it can optionally use native system DLLs if
they are available. This is what you would use if you wanted to run a windows program on a linux machine
WineX – is the equivilant of wine except it main strength is the ability to play games designed for Windows
Working Directory – Another name for the current directory, or the directory in which the user is currently
working.

Workspace – Another name for the Root Window, or Desktop.

Wrapper – A program used to start another program.
(X)
X Window System – A graphical windowing environment for UNIX. The underlying programming required by
many user interfaces (Also, see Desktop, Window Manager and XFree86.)
X11 – Version 11 of the X Window System.
XDM (X Display Manager) – User-friendly login front end for the X Window System. Often used in a cyber café or
campus environment where users who are not familiar with UNIX need occasional access.
XFree86 – A version of the X Window System for Linux. Used by GNOME, KDE and other Linux user
interfaces/window managers.
XHTML (extensible Hyper Text Markup Language) – An enhanced version of HTML that supports programmer-
defined extensions like XML.
Ximian - was a company that provided open source desktop applications for Linux and UNIX based on the
GNOME platform.
XML (eXtensible Markup Language) – A powerful new markup language for designing Web pages; an alternative
to the older HTML, allowing programmers to define their own markup tags, or formatting commands.
(Y)
Y (why) – Y not? I needed something to go here….
YaST – Yest another Setup Tool same funciton and purpose as linuxconf. See linuxconf for more information.
(Z)
Zip – A popular form of file compression/archiving available on many operating system
Platforms, including DOS/Windows, OS/2 and UNIX/Linux. Popular tools include
PKZip/PKUnzip and Zip/Unzip. Not to be confused with the Iomega Zip disk, this is a removable storage
device. (Confusingly, a zipped file can be stored on a Zip disk—or not. They are unrelated.) Zipped files will have
a .zip extension.
Zone – An area of a network under administrative or other control. In a name server configuration, a domain can
be a zone. Zones can be further subdivided into subzones, each having its own administrators and servers.
Zoo – A format for compression and archiving available for UNIX/Linux. Files packaged this way sport a .zoo file
extension.

Linux Administration – Index Page i
INDEX
1. Linux Introduction ...............................................................................................................................1
1.1. Open Source and Free Software ............................................................................................................. 1
1.1.1. History ............................................................................................................................................. 1
1.2. GPL and Open Source Licenses ............................................................................................................. 2
1.3. About Linux ............................................................................................................................................ 2
1.4. Current Support for Networking Services ................................................................................................. 3
1.5. Flexibility of Open Source Software ......................................................................................................... 3
2. The Linux Distribution Comparison....................................................................................................4
2.1 Red Hat Linux.......................................................................................................................................... 4
2.1.1 Fedora Linux..................................................................................................................................... 4
2.1.2 RedHat Enterprise Linux.................................................................................................................... 4
Server Solutions: ................................................................................................................................... 5
Client Solutions:..................................................................................................................................... 5
2.1.3 Red Hat Enterprise Linux system configuration limits.......................................................................... 6
2.2. Mandrake Linux ...................................................................................................................................... 7
2.3 SuSE Linux.............................................................................................................................................. 7
2.4 Debian GNU/Linux................................................................................................................................... 7
2.5 Slackware Linux ...................................................................................................................................... 8
2.6 Caldera OpenLinux.................................................................................................................................. 8
2.7. Top 6 Distributions.................................................................................................................................. 8
2.7.1 Evaluation Criteria and Description .................................................................................................... 9
2.7.2 Organizational Structure.................................................................................................................... 9
2.7.3 Ease of Installation Process............................................................................................................. 10
2.7.4 Commitment to Open Source........................................................................................................... 10
2.7.5 Per Seat Licensing .......................................................................................................................... 10
2.7.6 Target Market ................................................................................................................................. 11
2.7.7 Software Upgrades / Support........................................................................................................... 11
2.7.8 License Fee .................................................................................................................................... 11
3. Linux Installation............................................................................................................................... 12
3.1 Hardware Requirements ........................................................................................................................ 12
3.2 Planning the Installation ......................................................................................................................... 12
3.3 How Much Space Is Required? .............................................................................................................. 13
3.4 Partitioning Naming Conventions............................................................................................................ 14
3.5 Install Options........................................................................................................................................ 14
4. Boot Loaders ..................................................................................................................................... 16
4.1 Boot Loaders and System Architecture................................................................................................... 16
4.1.1 Features of GRUB........................................................................................................................... 16
4.1.2 File Names and Blocklists................................................................................................................ 18
4.1.3 GRUB's Root File System................................................................................................................ 18
4.1.4 GRUB Commands .......................................................................................................................... 19
4.1.5 GRUB Menu Configuration File........................................................................................................ 20
4.1.6 Configuration File Structure ............................................................................................................. 21
4.2 LILO...................................................................................................................................................... 21
4.2.1 LILO and the x86 Boot Process ....................................................................................................... 21
4.2.2 LILO versus GRUB ......................................................................................................................... 22
5. Linux Boot Process ........................................................................................................................... 24
5.1 Init, and Shutdown ................................................................................................................................. 24
5.1.1 Linux Run levels.............................................................................................................................. 24
5.2 System startup script /etc/rc.d/rc.sysinit .................................................................................................. 25
5.2.1 Controlling the boot time services using “chkconfig”.......................................................................... 27
Chkconfig Examples ............................................................................................................................ 27
5.2.2 The “service” command................................................................................................................... 27
6. Linux File System .............................................................................................................................. 29
6.1 Ex2 and Ext3 FIlesystem........................................................................................................................ 29
6.2 Preparing Partitions on Disks ................................................................................................................. 30
6.2.1 Device Naming Convention ............................................................................................................. 30
6.2.3 Adding a New Partition .................................................................................................................... 31
6.2.2 Verify the New Partition ................................................................................................................... 32

Linux Administration – Index Page ii
6.3 Managing Swap Space .......................................................................................................................... 32

6.3.1 Creating Swap Space...................................................................................................................... 32
7. Overview of Linux File System Hierarchy Standard (FHS) ............................................................... 34
7.1 FHS Organization .................................................................................................................................. 34
The /dev/ Directory............................................................................................................................... 34
The /etc/ Directory................................................................................................................................ 34
The /lib/ Directory................................................................................................................................. 34
The /mnt/ Directory .............................................................................................................................. 34
The /opt/ Directory ............................................................................................................................... 34
The /proc/ Directory ............................................................................................................................. 35
The /sbin/ Directory.............................................................................................................................. 35
The /usr/ Directory ............................................................................................................................... 35
The /usr/local/ Directory ....................................................................................................................... 36
The /var/ Directory ............................................................................................................................... 36
7.1.2. /usr/local/ in Red Hat Linux............................................................................................................. 37
7.2. Special File Locations ........................................................................................................................... 37
7.3 Files in the /etc/sysconfig/ Directory........................................................................................................ 37
8. Linux Desktop Enviornments............................................................................................................ 39
8.1 GNOME ................................................................................................................................................ 39
8.2 KDE ...................................................................................................................................................... 41
9. Linux Accout Management................................................................................................................ 44
9.1 Managing User Accounts ....................................................................................................................... 44
9.1.2 Passwds............................................................................................................................................. 44
9.1.3 Files Controlling User Accounts and Groups .................................................................................... 44
/etc/passwd ......................................................................................................................................... 45
/etc/shadow ......................................................................................................................................... 45
/etc/group ............................................................................................................................................ 46
/etc/gshadow ....................................................................................................................................... 46
9.2 User Management Commands............................................................................................................... 47
Adding Users........................................................................................................................................... 48
Changing Passwords ............................................................................................................................... 48
Delete Users ........................................................................................................................................... 49
Setup User Aging................................................................................................................................. 49
9.3 Setting Up Quotas ................................................................................................................................. 49
9.3.1 Understanding Disk Quotas ............................................................................................................. 49
9.3.2 Settingup and configuring the Quotas .............................................................................................. 50
9.3.3 Initialize The Quota Table................................................................................................................ 51
9.4 Other Quota Topics................................................................................................................................ 52
9.4.1 Editing Group Quotas...................................................................................................................... 52
9.5 Using Sudo............................................................................................................................................ 52
9.5.1 What is SUDO?............................................................................................................................... 52
9.5.2 Example Using sudo ....................................................................................................................... 53
The visudo command............................................................................................................................... 53
Simple /etc/sudoers Examples ................................................................................................................. 53
10. Red Hat Package Manager (RPMs).................................................................................................. 55
10.1 Introduction.......................................................................................................................................... 55
10.2 What Is a Package? ............................................................................................................................. 55
10.2.1 What Is RPM?............................................................................................................................... 55
10.3.1 Listing Installed RPMs ................................................................................................................... 55
10.3.2 Listing Files Associated With RPMs ............................................................................................... 56
10.3.4 Listing Files For Already Installed RPMs ........................................................................................ 56
10.2 Managing RPMs .................................................................................................................................. 56
11. Linux Networking............................................................................................................................. 58
11.1 Configuring Your NIC's IP Address ....................................................................................................... 58
11.1.1 Determining Your IP Address......................................................................................................... 58
11.1.2 Changing Your IP Address ............................................................................................................ 58
11.1.3 network-scripts File Formats : ........................................................................................................ 59
11.2 Multiple IP Addresses On A Single NIC................................................................................................. 59
11.2.1 Viewing Your Current Routing Table .............................................................................................. 60
11.3 Convert Your Linux Server Into A Router .............................................................................................. 60
11.3.1 Configuring IP Forwarding ............................................................................................................. 60
11.4 Setting Up A Telnet Server................................................................................................................... 61

Linux Administration – Index Page iii
11.5 Setting up rsh and rlogin ...................................................................................................................... 62

11.6 Configuring an FTP server ................................................................................................................... 62
12. NFS .................................................................................................................................................. 65
12.1 NFS Operational Overview................................................................................................................... 65
12.2 Important NFS Daemons...................................................................................................................... 65
12.3 Configuring NFS on The Server............................................................................................................ 65
12.3.1 The /etc/exports File...................................................................................................................... 65
12.4 Configuring NFS on The Client ............................................................................................................. 66
12.4.1 Starting NFS on the Client ............................................................................................................. 66
12.4.2 Making NFS Mounting Permanent ................................................................................................. 67
12.4.3 Activating Modifications To The /etc/exports File ............................................................................ 67
12.4.4 Deleting, Moving Or Modifying A Share.......................................................................................... 67
13. Centralized Logins Using NIS.......................................................................................................... 69
13.1 Introduction to NIS ............................................................................................................................... 69
13.2 Configuring The NFS Server for NIS..................................................................................................... 69
13.2.1 Configuring The NFS Client for NIS................................................................................................ 69
13.3 Configuring The NIS Server.................................................................................................................. 70
13.3.1 Required NIS Server Daemons...................................................................................................... 71
13.3.2 Initialize Your NIS Domain ............................................................................................................. 71
13.4 Managing NIS server ........................................................................................................................... 72
13.5 Configuring The NIS Client................................................................................................................... 73
14. DNS.................................................................................................................................................. 75
14.1 Introduction to DNS.............................................................................................................................. 75
14.2 Basic DNS Testing of DNS Resolution.................................................................................................. 75
14.4 Configuring DNS.................................................................................................................................. 76
14.3 The /etc/resolv.conf File ....................................................................................................................... 76
15.DHCP/Bootp...................................................................................................................................... 81
15.1 DHCP Operational Overview ................................................................................................................ 81
15.2 the /etc/dhcpd.conf File ........................................................................................................................ 81
15.2.1 Start the DHCP services................................................................................................................ 82
15.3 Configuring Linux Clients To Use DHCP............................................................................................... 83
16. Apache Web Server ......................................................................................................................... 84
16.1 Introduction - What is Apache............................................................................................................... 84
16.2. Configuring Apache............................................................................................................................. 84
16.2.1 Configure the /etc/httpd/conf/httpd.conf file..................................................................................... 85
16.3.1 Where To Put Your Web Pages ..................................................................................................... 89
16.3.2 Named Virtual Hosting................................................................................................................... 90
17. Sharing Resources Using SAMBA .................................................................................................. 92
17.1 Introduction.......................................................................................................................................... 92
17.2. Configuring SAMBA ............................................................................................................................ 92
17.3 Configuring SWAT (Samba Web Administration Tool) ........................................................................... 92
17.3.1 Basic SWAT Setup........................................................................................................................ 93
18. KICKSTART (Network Based Linux Inst over the NFS)................................................................... 94
18.1 Introduction.......................................................................................................................................... 94
18.2 Setting up the Installation Server .......................................................................................................... 95
18.2.1 Create the Installation Directories .................................................................................................. 95
18.2.3 Setup Your NFS Server ................................................................................................................. 95
18.2.4 Setup DNS and DHCP servers. ..................................................................................................... 96
18.2.5 Create Kickstart Configuration Files ............................................................................................... 96
18.3 Kickstart Configurator........................................................................................................................... 96
19. SQUID Proxy server....................................................................................................................... 101
19.1 Introduction to SQUID ........................................................................................................................ 101
19.2 Configuring SQUID ............................................................................................................................ 101
19.2.1 The /etc/squid/squid.conf File ...................................................................................................... 101
19.2.2 Access Control Lists.................................................................................................................... 102
19.2.3 Restricting Web Access by Time.................................................................................................. 102
19.2.4 Configure the Web Browsers to Use Your Squid Server................................................................ 103
20. IPTABLES (Netfilter) ...................................................................................................................... 104
20.1 What is iptables? ............................................................................................................................... 104
20.1.1 Overview..................................................................................................................................... 104
Capabilities........................................................................................................................................ 104
Packet STATES:................................................................................................................................ 105

Linux Administration – Index Page iv
IPTABLES Examples ......................................................................................................................... 105

Saving iptable Scripts......................................................................................................................... 106
21. Linux Resource Monitoring........................................................................................................... 107
21.1 Resource Monitoring Commands........................................................................................................ 107
free ....................................................................................................................................................... 107
top ........................................................................................................................................................ 107
The GNOME System Monitor — A Graphical top .................................................................................... 108
vmstat ................................................................................................................................................... 109
pstree.................................................................................................................................................... 109
21.2 The proc File System....................................................................................................................... 110
21.2.1 Top-level Files in the proc File System ..................................................................................... 111
22. Backups......................................................................................................................................... 114
22.1 Introduction........................................................................................................................................ 114
22.2 Different Data: Different Backup Needs .............................................................................................. 114
22.3 Types of Backups .............................................................................................................................. 114
22.3.1 Full Backups ............................................................................................................................... 115
22.3.2 Incremental Backups................................................................................................................... 115
22.3.3 Differential Backups .................................................................................................................... 115
22.4. Backup Media................................................................................................................................... 115
Tape ..................................................................................................................................................... 116
Disk....................................................................................................................................................... 116
Network................................................................................................................................................. 116
22.5 Red Hat Linux-Specific Information (applies to all versions)................................................................. 116
22.5.1 Software Support ........................................................................................................................ 116
22.5.2 Backup Utilities ........................................................................................................................... 117
tar ..................................................................................................................................................... 117
cpio ................................................................................................................................................... 117
AMANDA........................................................................................................................................... 117
dump/restore ..................................................................................................................................... 118
22.6 Working with “dump/restore”............................................................................................................... 118
22.6.1 Making backups with dump.......................................................................................................... 119
22.6.2 Restoring files with “restore” command ........................................................................................ 120
22.7 Managing the tape “mt” Command...................................................................................................... 121
23. Printers .......................................................................................................................................... 126
23.1. Types of Printers............................................................................................................................... 126
23.1.1. Printing Considerations............................................................................................................... 126
Function ............................................................................................................................................ 126
Cost .................................................................................................................................................. 127
23.6. Printer Languages and Technologies................................................................................................. 127
23.7. Networked Versus Local Printers....................................................................................................... 127
23.8 Printer Configuration .......................................................................................................................... 128
Printing a Test Page .......................................................................................................................... 132
Modifying Existing Printers ................................................................................................................. 133
Queue Name ..................................................................................................................................... 133
Queue Type....................................................................................................................................... 133
Printer Driver ..................................................................................................................................... 133
Driver Options.................................................................................................................................... 133
Saving the Configuration File.............................................................................................................. 134
Printer Configuration .......................................................................................................................... 134
Command Line Configuration ............................................................................................................. 135
Managing Print Jobs .......................................................................................................................... 136
Sharing a Printer................................................................................................................................ 138
Sharing a Printer with LPRng ............................................................................................................. 139
24.Upgrading the RedHat Linux Kernel............................................................................................... 141
24.1 Upgrading Kernel Step By Step .......................................................................................................... 141
25. Configuring Dumb Terminal .......................................................................................................... 145
26. Software RAID ............................................................................................................................... 146
26.1 RAID Types ....................................................................................................................................... 146
26.1.1 RAID 0........................................................................................................................................ 146
26.1.2 RAID 1........................................................................................................................................ 146
26.1.3 RAID 5........................................................................................................................................ 147
26.2 SCSI and IDE .................................................................................................................................... 148
Linux Administration – Index Page v
26.2.1 IDE Drives .................................................................................................................................. 148

26.2.2 SCSI Drives ................................................................................................................................ 148
26.3 Configure RAID In Single User Mode.................................................................................................. 149
26.3.1 Configuring Software RAID.......................................................................................................... 149
Edit the RAID Configuration File ......................................................................................................... 151
General Guidelines ............................................................................................................................ 151
26.3.2 Create the RAID Set.................................................................................................................... 151
Format The New RAID Set................................................................................................................. 151
Check The Status Of The New RAID .................................................................................................. 153
Glossary of Common Linux Terms ..................................................................................................... 154


Linux Introduction: 1.1. Open Source and Free Software

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux Introduction: 1.1. Open Source and Free Software

Uploaded by

Copyright:

Available Formats

Linux Administration – Introducttion Page 1 of 167

1.1. Open Source and Free Software

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds)

1.2. GPL and Open Source Licenses

1.3. About Linux

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

1.4. Current Support for Networking Services

CCITT X.25 Packet Layer The X.25 networking protocol.

1.5. Flexibility of Open Source Software

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

2. The Linux Distribution Comparison

2.1 Red Hat Linux

2.1.1 Fedora Linux

2.1.2 RedHat Enterprise Linux

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

Figure: RedHat Network

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

product: Linux AS Linux ES Linux WS

2.1.3 Red Hat Enterprise Linux system configuration limits

Minimum Maximum Comments

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

2.2. Mandrake Linux

2.3 SuSE Linux

2.4 Debian GNU/Linux

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

2.5 Slackware Linux

2.6 Caldera OpenLinux

2.7. Top 6 Distributions

Distribution Rank from Distrowatch Rank from Google Combined Ranking

2.7.1 Evaluation Criteria and Description

2.7.2 Organizational Structure

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

2.7.3 Ease of Installation Process

2.7.4 Commitment to Open Source

2.7.5 Per Seat Licensing

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

2.7.6 Target Market

2.7.7 Software Upgrades / Support

2.7.8 License Fee

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

3.2 Planning the Installation

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

Partitioning the Drive

Stability and Security

3.3 How Much Space Is Required?

Example: File Server

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

/dev/sda9 3000 /home/shared

Linux Swap Space

3.4 Partitioning Naming Conventions

3.5 Install Options

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

4.1 Boot Loaders and System Architecture

GRUB and the x86 Boot Process

4.1.1 Features of GRUB

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

www.wilshiresoft.com Wilshire Software Technologies Rev Dt: 15-Oct-08

4.1.2 File Names and Blocklists

4.1.3 GRUB's Root File System

Menu Entry Editor Interface

Command Line Interface