Professional Documents
Culture Documents
Linux Introduction: 1.1. Open Source and Free Software
Linux Introduction: 1.1. Open Source and Free Software
Page 1 of 167
1. Linux Introduction
Linux is a modern, flexible, and mature operating system. Although it started life on the Intel platform, it has since been ported to many other platforms such as Amiga, DEC Alpha, Apple Power PC, Sun workstations, and others. Linux boasts many other features: Multitasking - Linux is a true preemptive multitasking operating system. All processes run independently of each other and leave processor management to the kernel. Networking - Linux supports a multitude of networking protocols. Interoperability - Linux can interoperate with Windows 9x/NT/NT 2000, Novell, Mac, and most other versions of UNIX. Multi-user - Linux can handle multiple users simultaneously logged on to one machine. Advanced memory management Traditional UNIX systems used swapping to manage memory, where the entire memory structure of a program was written to disk when the system began running low on memory. Linux uses paging, a method that intelligently allocates memory, when system memory is running low, by prioritizing memory tasks. Linux currently supports up to 64GB of RAM. POSIX support POSIX defines a minimum interface for UNIX-type operating systems. Linux currently supports POSIX 1003.1. This ensures that POSIX-compliant UNIX programs will port easily to Linux. Multiple file systems Linux must be installed on Extended 2 Linux-formatted partitions, but if certain other OS file systems already exist on the same host, Linux will support several of these file system formats as well, including DOS/Windows, OS/2, and Novell. This is just another interoperability feature provided by Linux.
1.1.1. History
Although Linux came into being in 1991, it can trace its lineage back much further. In 1969, a Bell Labs programmer named Ken Thompson invented the UNIX operating system. Around the same time, another programmer, Dennis Ritchie, was working on a new computer language called C. By 1974, the two had rewritten UNIX in the C language, and ported it to several different machines. It is this combination of UNIX and C that Linux owes much of its heritage to. UNIX and C are at the heart of Linux and the Open Source movement. While languages such as Purl, Python, Java, and others make the headlines today, far more lines of open source code have been written than any other single language. Though many of these programs have been ported to other operating systems, such as Windows NT, UNIX and UNIX-like operating systems have benefited from Open Source software the most. Linux In 1991, a student at Helsinki University in Finland posted this message to the Usenet group comp.os.minix: From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: Gcc-1.40 and a posix-question Message-ID: <1991Jul3.100050.9886@klaava.Helsinki.FI> Date: 3 Jul 91 10:00:50 GMT Hello netlanders, Due to a project I'm working on (in minix), I'm interested in the posix standard definition. Could somebody please point me to a (preferably) machine-readable format of the latest posix rules? Ftp-sites would be nice. It was followed up a few months later with this post:
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 2 of 167
From: torvalds@klaava.Helsinki.FI (Linus Benedict Torvalds) Newsgroups: comp.os.minix Subject: What would you like to see most in minix? Summary: small poll for my new operating system Message-ID: <1991Aug25.205708.9541@klaava.Helsinki.FI> Date: 25 Aug 91 20:57:08 GMT Organization: University of Helsinki The student, of course, was Linus Torvalds. Linus had just purchased a (then) state-of-the-art 386 PC, and wanted, among other things, to learn how it worked. The MS-DOS operating system was too limiting, and immediately discounted. At the time, he had been using another UNIX-like operating system called Minix, a microkernel-based teaching operating system. Minix had many limitations, however, so Linus set about writing a new operating system that did not suffer the limitations of MS-DOS and Minix. Linus was by no means the first person to come up with the idea of a free UNIX-like operating system. Several years earlier The Free Software Foundation, headed by Richard M. Stallman, announced a kernel called The HURD. Unfortunately, efforts on this new kernel faltered, and it wasn't until 1996 that a stable version of The HURD was available. William and Lynne Jolitz in 1991 were also busy porting Berkeley UNIX, BSD, to the Intel platform. But Linux was quickly propelled to the front of the pack by the large army of programmers from all across the world, who all pitched in their expertise for the Linux kernel. Instead of the project becoming chaotic and unmanageable, Linux actually benefited from the large number of coders and testers, and nearly instant feedback every time a new kernel was released, which was often? At times, several versions of Linux were released in a single day. A few years after development had begun on Linux, it was a full-featured, stable operating system. Today, the Linux kernel is developed the same as it was in the beginning. Programmers across the globe collaborate on discussion groups and e-mail lists to work on the Linux kernel. Most are not paid for their efforts, doing it instead from a sense of community that binds Linux developers.
www.wilshiresoft.com info@wilshiresfot.com
Page 3 of 167
Recall that Linux is the operating system kernel. That is, Linux is the very heart of the operating system. However, like all operating systems, to be useful, Linux has to have utilities and programs to do the actual work. This is where distributions come in. All of the Linux distributions run the Linux kernel. But after that, the distributions vary from each other to some degree. For example, the Slackware distribution looks and feels much like Berkeley UNIX, whereas the SuSE distribution is much more System V'ish. Red Hat Linux tends to fall somewhere in between but is leaning toward System V more and more with each new release.
www.wilshiresoft.com info@wilshiresfot.com
Page 4 of 167
Page 5 of 167
Red Hat Enterprise Linux is the corporate Linux standard, already at work running some of the worlds largest commercial, government, and academic institutions. For any deploymentfrom the desktop to the datacenter Red Hat Enterprise Linux delivers unmatched performance and cost savings, and the freedom of open source technology. Following is a figure describes RedHats Network:
Server Solutions:
Red Hat Enterprise Linux AS (Advanced Server): Red Hat Enterprise Linux AS is the top-of-the-line server operating system solution. Supporting the largest servers, it is the ultimate solution for large departmental and datacenter server deployments. Red Hat Enterprise Linux ES (Enterprise Server): Red Hat Enterprise Linux ES is the perfect server operating system solution for the majority of today's business computing needs suitable for systems ranging from the edge-of-network to medium-scale departmental deployments.
Client Solutions:
Red Hat Enterprise Linux WS (Work Station) and Desktop: Red Hat Enterprise Linux WS is the desktop/client partner for Enterprise Linux AS and Enterprise Linux ES. Red Hat Enterprise Linux WS is ideal for all desktop deployments, including office productivity applications, S/W development environments, and targeted ISV client applications. When configured as a headless workstation, Enterprise Linux WS is also ideally suited for use as a compute node in a High Performance Computing (HPC) environment.
Red Hat Enterprise Linux products are based on the same core kernel, libraries, and utilities, and also share the same major package sets. However, because Red Hat Enterprise Linux WS and Red Hat Desktop are not designed for use in server environments, there are some differences between family members in terms of their server package sets.
Recommended
www.wilshiresoft.com info@wilshiresfot.com
Page 6 of 167
Linux WS Technical, virtualization, trading, power user Personal productivity: mail, document processing, browsing, instant messaging; software development Yes Yes
Includes desktop applications Supported by leading ISV applications Certified on leading OEM hardware Includes dedicated server packages Web and phonebased comprehensive support 24x7 - 1 year Red Hat Network Supports X86 systems (Intel Pentium Pro, AMD Athlon, or compatible), Intel EM64T, and AMD64 systems Supports Itanium systems Supports IBM zSeries, POWER series, and S/390 series systems
Yes Yes
Yes Yes
Yes Yes
Yes Yes No
Yes No No
Yes No No
Yes
Yes
Yes
Yes
Yes Yes
Yes No
Yes No
No No
www.wilshiresoft.com info@wilshiresfot.com
Page 7 of 167
Itanium2 *
Memory: CPUs:
96Gb applies to HP Integrity systems. Maxmimum memory for Intel Tiger-based systems is 32GB Red Hat Enterprise Linux WS for Itanium supports up to 2 CPUs per system
AMD64
Memory: CPUs:
Red Hat Enterprise Linux WS for AMD64 supports up to 2 CPUs per system Quoted minimum is for a custom installation. Sparse files can be up to 4TB
Page 8 of 167
At any time during the development process, there are three branches in the main directory tree - "stable", "testing" and "unstable", the last of which is often referred to as "sid". When a new version of a package appears, it is placed in the unstable branch for first testing. If it passes, the package moves to the testing branch, which undergoes rigorous testing lasting many months. This branch is only declared stable after a very thorough testing. As a result of this, the distribution is possibly the most stable and reliable, albeit not the most up-to-date, suitable for deployment on servers. Debian's other main claim to fame is the reputation for being hard to install, unless the user has intimate knowledge about the computer's hardware. Compensating this failing is "apt-get", a convenient installer for Debian packages. Many Debian users joke that their installer is so bad, because they only need it once - as soon as Debian is up and running, all future updates of any scale can be accomplished via the apt-get utility. Take it from a person who has tried many distributions - once you have experienced the dependency headaches while installing software on any RPM-based distribution, you will stare in absolute disbelief at the painless and convenient process of installing and upgrading your Debian packages. You might even think that you have just entered paradise...
Page 9 of 167
Combined Ranking =1 =1 =1 =4 =4 5
Any insistence of 'per seat' licensing? Target market of distribution Support for adding bug fixes and extra hardware support. License fee.
www.wilshiresoft.com info@wilshiresfot.com
Page 10 of 167
Caldera/SCO
Relatively large public US based company, involved in Linux as well as other nonLinux software. Some changes in that they are merging some development to become part of UnitedLinux. May 2003 update : Caldera/SCO now neither distribute nor support Linux
Slackware Caldera/SCO
www.wilshiresoft.com info@wilshiresfot.com
Page 11 of 167
Conclusion
The Linux world has surprising variety. There are distributions made to look like Windows, distributions that only a system administrator could install, and everything in between. There are business models everywhere between its all free, please donated' And that's just the top 6 distributions. Take a look at www.distrowatch.com, check out some of the smaller distributions, and you'll find an even more diverse world.
www.wilshiresoft.com info@wilshiresfot.com
Page 12 of 167
3. Linux Installation
3.1 Hardware Requirements
The following information represents the minimum hardware requirements necessary to successfully install Red Hat Linux 9: - Minimum: Pentium-class - Recommended for text-mode: 200 MHz Pentium-class or better - Recommended for graphical: 400 MHz Pentium II or better Hard Disk Space (NOTE: Additional space will be required for user data):
Personal Desktop
A personal desktop installation, including a graphical desktop environment, requires at least 1.7GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 1.8GB of free disk space.
Workstation
A workstation installation, including a graphical desktop environment and software development tools, requires at least 2.1GB of free space. Choosing both the GNOME and KDE desktop environments requires at least 2.2GB of free disk space.
Server
A server installation requires 850MB for a minimal installation without X (the graphical environment), at least 1.5GB of free space if all package groups other than X are installed, and at least 5.0GB to install all packages including the GNOME and KDE desktop environments.
Custom
A Custom installation requires 475MB for a minimal installation and at least 5.0GB of free space if every package is selected. Memory: Minimum for text-mode: 64MB Minimum for graphical: 128MB Recommended for graphical: 192MB Note that the compatibility/availability of other hardware components (such as video and network cards) may be required for specific installation modes and/or post-installation usage. For more information about hardware compatibility, see the Red Hat Linux Hardware Compatibility List at http://hardware.redhat.com/hcl/ Before you begin a Red Hat Linux installation, you need to know what the purpose of the machine will be. Will it be a development workstation? An FTP? A Web server? Or will it be a database server? Each of these examples requires a different configuration.
Page 13 of 167
Red Hat Linux comes conveniently bundled with an array of pre-configured software packages. Most likely, you will not need to install all of these packages, and for security reasons (or office policy) it is a good idea not to. Your boss might not appreciate the office network being used to serve personal Web pages from each employee's installation of an Apache Web server. Also, every computer on your network doesn't need to run the innd network news service. Limit the packages you install to only the ones you need. If other packages are required later, they can be installed easily enough with the rpm tool.
www.wilshiresoft.com info@wilshiresfot.com
Page 14 of 167
/dev/sda9
3000
/home/shared
BIOS Limits
Be aware that some computers, built before 1998, may have a BIOS (Basic Input/Output System) that, at bootup (under DOS), limits access to hard disks beyond their 1024 cylinder. A common effect of this problem is your computer's inability to see any partitions past the first 512MB of disk space at boot time. If this limitation affects your computer, do not place any bootable partitions after this barrier or the BIOS will not be able to access them and your Linux operating system will not be able to load.
www.wilshiresoft.com info@wilshiresfot.com
Page 15 of 167
Also in the images/ directory is the boot.iso file. This file is an ISO image that can be used to boot the Red Hat Linux installation program. It is a handy way to start network-based installations without having to use multiple diskettes. To use boot.iso, your computer must be able to boot from its CD-ROM drive, and its BIOS settings must be configured to do so. You must then burn boot.iso onto a recordable/rewriteable CD-ROM. The rescue mode environment (accessed by booting with the "linux rescue" boot-time command) has been enhanced. Numerous requested utilities have been added, and there is now support for activating network interfaces. Commands needed for SCSI tape support are also available. Please test this environment and send us your feedback. The Red Hat Linux installation program now detects existing Red Hat products on your system, and will prompt you to select the product you would like to upgrade. You will also have the option of performing a complete reinstallation of the system instead of upgrading. Please report any problems you may experience with this new feature. If the contents of your /etc/redhat-release file have been changed from the default, your Red Hat Linux installation may not be found when attempting an upgrade to Red Hat Linux 9. You can relax some of the checks against this file by entering the following at the boot: prompt: boot: linux upgradeany Use the upgradeany option only if your existing Red Hat Linux installation was not detected. isolinux is now used for booting the Red Hat Linux installation CD. If you have problems booting from the CD, you can write the images/bootdisk.img image to a diskette During a graphical installation, you can now press SHIFT-Print Screen and a screenshot of the current installation screen will be taken. These are stored in the following directory: /root/anaconda-screenshots/ The screenshots can be accessed once the newly-installed system is rebooted. The parted disk partition manipulation program has been upgraded to version 1.6. Users of Red Hat Linux 6.2 that want to upgrade their system to Red Hat Linux 9 must first have all errata updates applied before starting the upgrade process. The most straightforward way to accomplish this is to use Red Hat Network. A Red Hat Linux 6.2 system that is not completely up-to-date will not upgrade successfully to Red Hat Linux 9. Text mode installations using a serial terminal work best when the terminal supports UTF-8. Under UNIX and Linux, Kermit supports UTF-8. For Windows, Kermit '95 works well. Non-UTF-8 capable terminals will work as long as only English is used during installation. An enhanced serial display can be used by passing "utf8" as a boot-time option to the installation program. For example: boot:linux console=ttyS0 utf8
www.wilshiresoft.com info@wilshiresfot.com
Page 16 of 167
4. Boot Loaders
Before Red Hat Linux can run, it must be loaded into memory by a special program called a boot loader. A boot loader usually exists on the system's primary hard drive (or other media device) and has the sole responsibility of loading the Linux kernel with its required files or (in some cases) other operating systems into memory.
GRUB
GNU Grand Unified Boot loader or GRUB is a program which enables the user to select which installed operating system or kernel to load at system boot time. It also allows the user to pass arguments to the kernel.
Page 17 of 167
from a command line. While some command features are available with LILO and other x86 boot loaders, GRUB is more feature rich. Important: GRUB supports Logical Block Addressing (LBA) mode. LBA places the addressing conversion used to find files in the hard drive's firmware, and is used on many IDE and all SCSI hard devices. Before LBA, boot loaders could encounter the 1024-cylinder BIOS limitation, where the BIOS could not find a file after that cylinder head of the disk. LBA support allows GRUB to boot operating systems from partitions beyond the 1024-cylinder limit, so long as the system BIOS supports LBA mode. Most modern BIOS revisions support LBA mode. GRUB can read ext2 partitions. This functionality allows GRUB to access its configuration file, /boot/grub/grub.conf, every time the system boots, eliminating the need for the user to write a new version of the first stage boot loader to MBR when configuration changes are made. The only time a user would need to reinstall GRUB on the MBR is if the physical location of the /boot partition is moved on the disk.
Installing GRUB
If GRUB was not installed during the Red Hat Linux installation process it can be installed afterward. Once installed, it automatically becomes the default boot loader. Before installing GRUB, make sure to use the latest GRUB package available or use the GRUB package from the Red Hat Linux installation CD-ROMs. For instructions on installing packages, see the chapter titled Package Management with RPM in the Red Hat Linux Customization Guide. Once the GRUB package is installed, open a root shell prompt and run the command /sbin/grubinstall location>, where < location> is the location that the GRUB Stage 1 boot loader should be installed. The following command installs GRUB to the MBR of the master IDE device on the primary IDE bus: /sbin/grub-install /dev/had The next time the system boots, the GRUB graphical boot loader menu will appear before the kernel loads into memory. <
GRUB Terminology
One of the most important things to understand before using GRUB is how the program refers to devices, such as hard drives and partitions. This information is particularly important when configuring GRUB to boot multiple operating systems. Device Names Suppose a system has more than one hard drive. The first hard drive of the system is called (hd0) by GRUB. The first partition on that drive is called (hd0,0), and the fifth partition on the second hard drive is called (hd1,4). In general, the naming convention for file systems when using GRUB breaks down in this way: (<type-of-device><bios-device-number>, <partition-number>) The parentheses and comma are very important to the device naming conventions. The <type-of-device> refers to whether a hard disk (hd) or floppy disk (fd) is being specified. The <bios-device-number> is the number of the device according to the system's BIOS, starting with 0. The primary IDE hard drive is numbered 0, while the secondary IDE hard drive is numbered 1. The ordering is roughly equivalent to the way the Linux kernel arranges the devices by letters, where the a in hda relates to 0, the b in hdb relates to 1, and so on. Note: GRUB's numbering system for devices starts with 0, not 1. Failing to make this distinction is one of the most common mistakes made by new GRUB users. The <partition-number> relates to the number of a specific partition on a disk device. Like the <bios-device-number>, the partition numbering starts at 0. While most partitions are specified by numbers, if a system uses BSD partitions, they are signified by letters, such as a or c. GRUB uses the following rules when naming devices and partitions: It does not matter if system hard drives are IDE or SCSI. All hard drives start with hd. Floppy disks start with fd.
www.wilshiresoft.com info@wilshiresfot.com
Page 18 of 167
To specify an entire device without respect to its partitions, leave off the comma and the partition number. This is important when telling GRUB to configure the MBR for a particular disk. For example, (hd0) specifies the MBR on the first device and (hd3) specifies the MBR on the fourth device. If a system has multiple drive devices, it is very important to know the drive boot order set in the BIOS. This is rather simple to do if a system has only IDE or SCSI drives, but if there is a mix of devices, it can become confusing.
The following shows the chainloader command with a similar blocklist designation at the GRUB command line after setting the correct device and partition as root: chainloader +1
GRUB Interfaces
GRUB features three interfaces, which provide different levels of functionality. Each of these interfaces allows users to boot the Linux kernel or other operating systems. The interfaces are as follows:
Menu Interface
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 19 of 167
If GRUB was automatically configured by the Red Hat Linux installation program, this is the interface shown by default. A menu of operating systems or kernels preconfigured with their own boot commands are displayed as a list, ordered by name. Use the arrow keys to select an option other than the default selection and press the [Enter] key to boot it. Alternatively, a timeout period is set, so that GRUB will start loading the default option. Press the [e] key to enter the entry editor interface or the [c] key to load a command line interface.
Menu Entry Editor Interface To access the menu entry editor, press the [e] key from the boot loader menu. The GRUB commands for that entry are displayed here, and users may alter these command lines before booting the operating system by adding a command line ([o] inserts a new line after the current line and [O] inserts a new line before it), editing one ([e]), or deleting one ([d]). After all changes are made, the [b] key executes the commands and boots the operating system. The [Esc] key discards any changes and reloads the standard menu interface. The [c] key loads the command line interface.
Command Line Interface The command line interface is the most basic of the GRUB interfaces, but it is also the one that grants the most control. The command line makes it possible to type any relevant GRUB commands followed by the [Enter] key to execute them. This interface features some advanced shell-like features, including [Tab] key completion, based on context, and [Ctrl] key combinations when typing commands, such as [Ctrl]-[a] to move to the beginning of a line, and [Ctrl]-[e] to move to the end of a line. In addition, the arrow, [Home], [End], and [Delete] keys work as they do in the bash shell.
Order of the Interfaces When GRUB loads its second stage boot loader, it first searches for its configuration file. Once found, it builds a menu list and displays the menu interface. If the configuration file cannot be found, or if the configuration file is unreadable, GRUB loads the command line interface, allowing the user to type commands to complete the boot process. If the configuration file is not valid, GRUB prints out the error and asks for input. This helps the user see precisely where the problem occurred. Pressing any key reloads the menu interface, where it is then possible to edit the menu option and correct the problem based on the error reported by GRUB. If the correction fails, GRUB reports an error and reloads the menu interface.
When using the install command the user must specify the following:
www.wilshiresoft.com info@wilshiresfot.com
Page 20 of 167
<stage-1> - Signifies a device, partition, and file where the first boot loader image can be found, such as (hd0,0)/grub/stage1. <install-disk> - Specifies the disk where the stage 1 boot loader should be installed, such as (hd0). <stage-2> -Passes to the stage 1 boot loader the location of the stage 2 boot loader is located, such as (hd0,0)/grub/stage2. p <config-file> - This option tells the install command to look for the menu configuration file specified by <config-file>. An example of a valid path to the configuration file is (hd0,0)/grub/grub.conf.
Warning: The install command will overwrite any other information in the MBR. If executed, any information (other than GRUB information) that is used to boot other operating systems, will be lost. kernel <kernel-file-name> <option-1> <option-N> - Specifies the kernel file to load from GRUB's root file system when using direct loading to boot the operating system. Options can follow the kernel command and will be passed to the kernel when it is loaded. For Red Hat Linux, an example kernel command looks like the following: kernel /vmlinuz root=/dev/hda5 This line specifies that the vmlinuz file is loaded from GRUB's root file system, such as (hd0,0). An option is also passed to the kernel specifying that when loading the root file system for the Linux kernel, it should be on hda5, the fifth partition on the first IDE hard drive. Multiple options may be placed after this option, if needed. root <device-and-partition> - Configures GRUB's root partition to be a specific device and partition, such as (hd0,0), and mounts the partition so that files can be read. rootnoverify <device-and-partition> - Performs the same functions as the root command but does not mount the partition. Commands other than these are available. Type info grub for a full list of commands.
Page 21 of 167
splashimage - Specifies the location of the splash screen image to be used when GRUB boots. title - Sets a title to be used with a particular group of commands used to load an operating system. The hash mark (#) character can be used at the beginning of a line to place comments in the menu configuration file.
This file tells GRUB to build a menu with Red Hat Linux as the default operating system and sets it to autoboot after 10 seconds. Two sections are given, one for each operating system entry, with commands specific to the system disk partition table. Note: The default is specified as a number. This refers to the first title line GRUB comes across. If you want windows to be the default, change the default=0 to default=1.
4.2 LILO
LILO is an acronym for the LInux LOader and has been used to boot Linux on x86 systems for many years. Although GRUB is now the default boot loader, some users prefer to use LILO because it is more familiar to them and others use it out of necessity, since GRUB may have trouble booting some hardware.
www.wilshiresoft.com info@wilshiresfot.com
Page 22 of 167
The arrow keys allow a user to highlight the desired operating system and the [Enter] key begins the boot process. To access a boot: prompt, press [Ctrl]-[X].
timeout=50 - Sets the amount of time that LILO will wait for user input before proceeding with booting the default line entry. This is measured in tenths of a second, with 50 as the default.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 23 of 167
message=/boot/message - Refers to the screen that LILO displays to let you select the operating system or kernel to boot. lba32 - Describes the hard disk geometry to LILO. Another common entry here is linear. You should not change this line unless you are very aware of what you are doing. Otherwise, you could put your system in an unbootable state. default=linux - Refers to the default operating system for LILO to boot as seen in the options listed below this line. The name linux refers to the label line below in each of the boot options. image=/boot/vmlinuz-2.4.0-0.43.6 - Specifies which Linux kernel to boot with this particular boot option. label=linux - Names the operating system option in the LILO screen. In this case, it is also the name referred to by the default line. initrd=/boot/initrd-2.4.0-0.43.6.img - Refers to the initial ram disk image that is used at boot time to actually initialize and start the devices that makes booting the kernel possible. The initial ram disk is a collection of machine-specific drivers necessary to operate a SCSI card, hard drive, or any other device needed to load the kernel. You should never try to share initial ram disks between machines. read-only - Specifies that the root partition (see the root line below) is read-only and cannot be altered during the boot process. root=/dev/hda5 - Specifies which disk partition to use as the root partition. other=/dev/hda1- Specifies the partition containing DOS.
www.wilshiresoft.com info@wilshiresfot.com
Page 24 of 167
Directory
Page 25 of 167
0 1 2 3 4 5 6
Halt Single-user mode Not used (user-definable) Full multi-user mode (No GUI) Not used (user-definable) Full multi-user mode (With GUI)
The Boot Loader Once the second stage boot loader is in memory, it presents the user with the Red Hat Linux initial, graphical screen showing the different operating systems or kernels it has been configured to boot. On this screen a user can use the arrow keys to choose which operating system or kernel they wish to boot and press [Enter]. If no key is pressed, the boot loader will load the default selection after a configurable period of time has passed. Note: If Symmetric Multi-Processor (SMP) kernel support is installed, there will be more than one option present the first time the system is booted. In this situation, LILO will display linux, which is the SMP kernel, and linux-up, which is for single processors. GRUB displays Red Hat Linux (kernelversion-smp), which is the SMP kernel, and Red Hat Linux (kernel-version), which is for single processors. If any problems occur using the SMP kernel, try selecting the non-SMP kernel upon rebooting. Once the second stage boot loader has determined which kernel to boot, it locates the corresponding kernel binary in the /boot/ directory. The kernel binary is named using the following format /boot/vmlinuz-kernel-version (where kernel-version corresponds to the kernel Version specified in the boot loader's settings). The boot loader then places the appropriate initial RAM disk image, called an initrd, into memory. The kernel to load drivers necessary to boot the system uses the initrd. This is particularly important if SCSI hard drives are present or if the systems use the ext3 file system. Warning: Do not remove the /initrd/ directory from the file system for any reason. Removing this directory will cause the system to fail with a kernel panic error message at boot time.Once the kernel and the initrd image are loaded into memory, the boot loader hands control of the boot process to the kernel.
Boot Loaders for Other Architectures Once the Red Hat Linux kernel loads and hands off the boot process to the init command, the same sequence of events occurs on every architecture. So the main difference between each architecture's boot processes is in the application used to find and load the kernel. For example, the Alpha architecture uses the aboot boot loader, while the Itanium architecture uses the LILO boot loader.
The Kernel When the kernel is loaded, it immediately initializes and configures the computer's memory and configures the various hardware attached to the system, including all processors, I/O subsystems, and storage devices. It then looks for the compressed initrd image in a predetermined location in memory, decompresses it, mounts it, and loads all necessary drivers. Next, it initializes virtual devices related to the file system, such as LVM or software RAID before unmounting the initrd disk image and freeing up all the memory the disk image once occupied. The kernel then creates a root device, mounts the root partition read-only, and frees any unused memory. At this point, the kernel is loaded into memory and operational. However, since there are no user applications that allow meaningful input to the system, not much can be done with it. In order to set up the user environment, the kernel executes the /sbin/init program.
Page 26 of 167
1. Checks for a /etc/sysconfig/network script. If it is there, the system runs it. Otherwise, it turns networking off and sets your hostname to localhost. 2. Executes /etc/rc.d/init.d/functions. This file sets up some basic functions that the rest of the scripts use. (Example: The boot daemon failure/success messages.) 3. Sets the loglevel. 4. Loads the keymap. If you have specified a default keyman file in /etc/sysconfig/console/default.kmap it will use that, otherwise it will use /etc/sysconfig/keyboard. 5. Loads the system fonts. 6. Activates all swap partitions specified in the /etc/fstab file. 7. Sets up your hostname and your NIS domain name. 8. Runs fsck to check your filesystem if necessary. If fsck fails, it will drop you to a shell and unmount the drives so you can work on repairing them. 9. Sets up ISA Plug-and-Play devices. 10. Remounts the root files system as read-write. 11. Checks quotas on the root partition. All modules will now be loaded. Note that the sound and midi modules will be loaded if there is an alias listed as sound or midi in the /etc/modules.conf. If your system requires a different module, you may need to edit the /etc/modules.conf file. 12. Checks for a /etc/raidtab file and loads all raid devices. 13. Checks your file systems with fsck again. 14. Mounts the rest of the file systems listed in the fstab. 15. Turns quota support on if /sbin/quotaon exists and is executable. 16. Sets the system clock. It will run /etc/sysconfig/clock if it exists. 17. Initializes swap space. 18. Initializes serial ports. 19. Loads SCSI tape module if a SCSI tape was detected. 20. Reads the /etc/sysconfig/desktop file for a preferred X11 Display Manager and sets a link file as /etc/X11/prefdm. 21. Finally it dumps the kernel ring buffer (Boot messages) to /var/log/dmesg. Important Files: /var/log/boot.log /var/log/messages /var/log/dmesg
System shutdown and rebooting The "init" command will allow you to change the current runlevel. Halt / Shutdown The System [root@skynet tmp]# init 0 Reboot The System [root@skynet tmp]# init 6
www.wilshiresoft.com info@wilshiresfot.com
Page 27 of 167
Chkconfig Examples
You can use chkconfig to change runlevels for particular packages. Here we see Sendmail will start with a regular startup at runlevel 3 or 5. Let's change it so that Sendmail doesn't startup at boot. Use Chkconfig To Get A Listing Of Sendmail's Current Startup Options [root@skynet tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off [root@skynet tmp]#
Switch Off Sendmail Starting Up In Levels 3 and 5 [root@skynet tmp]# chkconfig --level 35 sendmail off
Doublecheck That Sendmail Will Not Startup [root@skynet tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@skynet tmp]# Turn it back on again [root@skynet tmp]# chkconfig --level 35 mail on [root@skynet tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off [root@skynet tmp]#
Note: We can also use the command line tool setup to control the services at boot time and GUI tool redhatconfig-services.
Page 28 of 167
Eg:To see the status of a service [root@skynet tmp]#service nfs status service nfs is running with pid 485. To stop and start a service [root@skynet tmp]#service nfs restart Stoping service nfs [OK] Starting service nfs [OK]
www.wilshiresoft.com info@wilshiresfot.com
Page 29 of 167
www.wilshiresoft.com info@wilshiresfot.com
Page 30 of 167
filesystems are placed in an error state. When the computer comes back up, the user is confronted with some mildly confusing, and very intimidating, messages and choices. Journalized filesystems are made to eliminate such error messages. The Ext3 filesystem is an Ext2 filesystem with a journal file and some filesystem driver additions making the filesystem journalized. tune2fs -j command, which is the primary command for converting from Ext2 to Ext3, is safe to run even on writeable mounted partitions. However, when possible, I run the command on unmounted or read-only mounted partitions. It might be superstitious, but I feel that is playing it safe. Nevertheless, when confronted with situations making unmounting difficult, I run the command on writeable mounted partitions. Note: From RedHat Linux 7.2 onwards Ext3 is used as the default File system.
www.wilshiresoft.com info@wilshiresfot.com
Page 31 of 167
/dev/hdd
A typical PC has two IDE controllers, each of which can have two drives connected to it. For example, /dev/hda is the first drive (master) on the first IDE controller and /dev/hdd is the second (slave) drive on the second controller (the fourth IDE drive in the computer). SCSI drives follow a similar pattern; they are represented by 'sd' instead of 'hd'. The first partition of the second SCSI drive would therefore be /dev/sdb1. In the table above, the drive number is arbitraily chosen to be 6 to introduce the idea that SCSI ID numbers do not map onto device names under linux.
Id
System
3. The fdisk "m" command will give you a print a small help manual of valid commands. You will see that "n" is the command to add a new partition. We'll add a new primary partition, number "1" and use the defaults to make the partition occupy the entire disk. Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-9729, default 1):<RETURN> Using default value 1 Last cylinder or +size or +sizeM or +sizeK (1-9729, default 9729):
4. The print command will now show that you have successfully created the partition. Command (m for help): p Disk /dev/hdb: 80.0 GB, 80026361856 bytes 255 heads, 63 sectors/track, 9729 cylinders
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 32 of 167
Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks /dev/hdb1 1 9726 78148161
Id 83
System Linux
5. Changes won't be made to the disk's partition table until you use the "w" command to "write", or save the changes. When finished, the "q" command will allow you to exit. Command (m for help): w Command (m for help): q
Enabling the Swap Space In order for the new swap space to be utilized, you must enable it with the swapon command. For example, after creating the previous swap file and running mkswap and sync, we could use the command: swapon /swap If you are using a new swap partition, you can enable it with a command such as: swapon /dev/hda3
www.wilshiresoft.com info@wilshiresfot.com
Page 33 of 167
Add the entirs /etc/fstab file so that swap gets enabled each time we booting the systemcontains the entries: # device /dev/hda3 /swap directory none swap type swap swap options sw defaults fsck options 0 0 0 0
Disabling Swap Space As is usually the case, undoing a task is easier than doing it. To disable swap space, simply use the command: swapoff <device> swapoff /dev/hda3 (or) swapoff /swap To list swap details use: free or swapon -s
www.wilshiresoft.com info@wilshiresfot.com
Page 34 of 167
www.wilshiresoft.com info@wilshiresfot.com
Page 35 of 167
Large packages that encompass many different sub-packages, each of which accomplish a particular task, also go within the /opt/ directory, giving that large package a standardized way to organize itself. In this way, our sample package may have different tools that each go in their own subdirectories, such as /opt/sample/tool1/ and /opt/sample/tool2/, each of which can have their own bin/, man/, and other similar directories.
Page 36 of 167
www.wilshiresoft.com info@wilshiresfot.com
Page 37 of 167
System log files such as messages/ and lastlog/ go in the /var/log/ directory. The /var/lib/rpm/ directory also contains the RPM system databases. Lock files go in the /var/lock/ directory, usually in directories particular for the program using the file. The /var/spool/ directory has subdirectories for various systems that need to store data files.
www.wilshiresoft.com info@wilshiresfot.com
Page 38 of 167
|||||||||||||||||||-
named netdump network ntpd pcmcia radvd rawdevices redhat-config-securitylevel redhat-config-users redhat-logviewer samba sendmail soundcard spamassassin squid tux ups vncservers xinetd
Note: If some of the files listed are not present in the /etc/sysconfig/ directory, then the corresponding program may not be installed.
www.wilshiresoft.com info@wilshiresfot.com
Page 39 of 167
8.1 GNOME
Fedora Linux is the only distribution here to include the latest 2.6 series of the GNOME Desktop. The biggest change from the 2.4 series to the 2.6 series is that nautilus uses a "spatial" interface instead of the standard browser type interface. The good news is that the "spatial" interface speeds up nautilus. It is reminiscent of the way older Microsoft Windows Explorers would always "open in new window" by default. Maybe if it could be configured to use the same window I would like it, but I guess that is what makes it "spatial"
. Fedora's default GNOME Desktop Overall Fedora and RedHats implementation of GNOME seems relatively stable, but not as stable as the 2.4 series. The interface is "themed" away from the default GNOME look into a theme that is called BlueCurve. The BlueCurve look is a nice looking theme that includes new Window Decorations, Colors and Icons. The desktop is also rearranged from the default GNOME look, you no longer have the top panel, and the bottom panel is overly large for GNOME. If you remember how GNOME 1.x series looked, this is very similar. Mandrake utilizes a very standard GNOME 2.4 series desktop. The only real change is the inclusion of a new theme called Galaxy, and a customized "start menu" to allow organized access to applications across the different Desktop Environments.
www.wilshiresoft.com info@wilshiresfot.com
Page 40 of 167
Mandrake's default GNOME Desktop Suse Linux also includes the GNOME 2.4 series desktop. Unlike Mandrake though, it is somewhat customized, but in such a way that you don't notice it right away. Most of the customizations come from Ximian's work on the GNOME desktop, which makes sense because Novell also acquired Ximian as well as Suse. The biggest change is the inclusion of Ximian's patches to GTK. Because of the this, most of the dialog boxes are tweaked a little allowing for a better user experience. There are also small changes, such as Ximian's Industrial theme being the default look.
www.wilshiresoft.com info@wilshiresfot.com
Page 41 of 167
8.2 KDE
RedHats Linux's implementation of KDE strays drastically from the default KDE desktop from KDE.org. The desktop is themed in such a way to look exactly like Fedora's GNOME desktop. Unfortunately in its default state, the desktop is extremely not user friendly. An example is there is no easy way to open a file manager on the Desktop, Taskbar or Menus. The only way to open a file manager is to go through the menus and find the Konqueror web browser and once the program launches, you must hit the home icon which will bring you to the home directory. I guess if you didn't know that Konqueror also doubles as a file manager you would be out of luck when it came to a file manager. If you prefer the default KDE desktop from KDE.org, it is nearly impossible to get there with Fedora's implementation. Fedora really needs a nice wizard on startup that would ask you which theme to use for KDE, the Bluecurve (Fedora's) theme or the default KDE theme.
www.wilshiresoft.com info@wilshiresfot.com
Page 42 of 167
Mandrake's KDE desktop is very clean, but generic looking. Mandrake's changes mostly just include a customized "start menu", the Galaxy theme and various other settings that are changed from a default KDE installation, such as double-clicking to launch a file instead of a single click.
Mandrake's default KDE Desktop Suse's KDE desktop is the most polished of these three distributions. It is also the desktop that is the most similar to a default KDE desktop from KDE.org.
www.wilshiresoft.com info@wilshiresfot.com
Page 43 of 167
Suse's default KDE Desktop Suse's changes includes a customized "start menu", as well as customized applets, such as applets for hardware control, the dialup Internet Connection and Power Management applets.
www.wilshiresoft.com info@wilshiresfot.com
Page 44 of 167
9.1.2 Passwds
In more formal terms, a password provides a means of proving the authenticity of a person's claim to be the user indicated by the username. The effectiveness of a password-based authentication scheme relies heavily on several aspects of the password: The secrecy of the password The resistance of the password to guessing The resistance of the password to a brute-force attack Weak Passwords Weak password fails one of these three tests: It is secret It is resistant to being guessed It is resistant to a brute-force attack Password Aging Password aging is a feature (available in many operating systems) that sets limits on the time that a given password is considered valid. At the end of a password's lifetime, the user is prompted to enter a new password, which can then be used until, it too, expires. The key question regarding password aging that many system administrators face is that of the password lifetime. What should it be? There are two diametrically-opposed issues at work with respect to password lifetime: User convenience Security On one extreme, a password lifetime of 99 years would present very little (if any) user inconvenience. However, it would provide very little (if any) security enhancement.
Page 45 of 167
/etc/passwd
The /etc/passwd file is world-readable and contains a list of users, each on a separate line. On each line is a colon delimited list containing the following information: Username The name the user types when logging into the system. Password Contains the encrypted password (or an x if shadow passwords are being used more on this later). User ID (UID) The numerical equivalent of the username which is referenced by the system and applications when determining access privileges. Group ID (GID) The numerical equivalent of the primary group name which is referenced by the system and applications when determining access privileges. GECOS Named for historical reasons, the GECOS field is optional and is used to store extra information (such as the user's full name). Multiple entries can be stored here in a comma delimited list. Utilities such as finger access this field to provide additional user information. Note: GECOS stands for General Electric Comprehensive Operating Supervisor Home directory The absolute path to the user's home directory, such as /home/juan/. Shell The program automatically launched whenever a user logs in. This is usually a command interpreter (often called a shell). Under Red Hat Linux, the default value is /bin/bash. If this field is left blank, /bin/sh is used. If it is set to a non-existent file, then the user will be unable to log into the system.
Here is an example of a /etc/passwd entry: root:x:0:0:root:/root:/bin/bash This line shows that the root user has a shadow password, as well as a UID and GID of 0. The root user has /root/ as a home directory, and uses /bin/bash for a shell. For more information about /etc/passwd, see the passwd(5) man page
/etc/shadow
The /etc/shadow file is readable only by the root user and contains password (and optional password aging information) for each user. As in the /etc/passwd file, each user's information is on a separate line. Each of these lines is a colon delimited list including the following information: Username The name the user types when logging into the system. This allows the login application to retrieve the user's password (and related information). Encrypted password The 13 to 24 character password. The password is encrypted using either the crypt(3) library function or the md5 hash algorithm. In this field, values other than a validly-formatted encrypted or hashed password are used to control user logins and to show the password status. For example, if the value is ! or *, the account is locked and the user is not allowed to log in. If the value is !! a password has never been set before (and the user, not having set a password, will not be able to log in). Date password last changed The number of days since January 1, 1970 (also called the epoch) that the password was last changed. This information is used in conjunction with the password aging fields that follow. Number of days before password can be changed The minimum number of days that must pass before the password can be changed. Number of days before a password change is required The number of days that must pass before the password must be changed. Number of days warning before password change The number of days before password expiration during which the user is warned of the impending expiration. Number of days before the account is disabled The number of days after a password expires before the account will be disabled.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 46 of 167
Date since the account has been disabled The date (stored as the number of days since the epoch) since the user account has been disabled. A reserved field A field that is ignored in Red Hat Linux. Here is an example line from /etc/shadow: juan:$1$.QKDPc5E$SWlkjRWexrXYgc98F.:12825:0:90:5:30:13096: This line shows the following information for user juan: The password was last changed February 11, 2005 There is no minimum amount of time required before the password can be changed The password must be changed every 90 days The user will get a warning five days before the password must be changed The account will be disabled 30 days after the password expires if no login attempt is made The account will expire on November 9,2005 For more information on the /etc/shadow file, see the shadow (5) man page.
/etc/group
The /etc/group file is world-readable and contains a list of groups, each on a separate line. Each line is a four field, colon delimited list including the following information: Group name The name of the group. Used by various utility programs as a human-readable identifier for the group. Group password If set, this allows users that are not part of the group to join the group by using the newgrp command and typing the password stored here. If a lower case x is in this field, then shadow group passwords are being used. Group ID (GID) The numerical equivalent of the group name. It is used by the operating system and applications when determining access privileges. Member list A comma delimited list of the users belonging to the group. Here is an example line from /etc/group: general:x:502:juan,shelley,bob This line shows that the general group is using shadow passwords, has a GID of 502, and that juan, shelley, and bob are members. For more information on /etc/group, see the group(5) man page.
/etc/gshadow
The /etc/gshadow file is readable only by the root user and contains an encrypted password for each group, as well as group membership and administrator information. Just as in the /etc/group file, each group's information is on a separate line. Each of these lines is a colon delimited list including the following information: Group name The name of the group. Used by various utility programs as a human-readable identifier for the group. Encrypted password The encrypted password for the group. If set, non-members of the group can join the group by typing the password for that group using the newgrp command. If the value of this field is !, then no user is allowed to access the group using the newgrp command. A value of !! is treated the same as a value of ! however, it also indicates that a password has never been set before. If the value is null, only group members can log into the group. Group administrators Group members listed here (in a comma delimited list) can add or remove group members using the gpasswd command. Group members Group members listed here (in a comma delimited list) are regular, non-administrative members of the group. Here is an example line from /etc/gshadow:
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 47 of 167
general:!!:shelley:juan,bob This line shows that the general group has no password and does not allow non-members to join using the newgrp command. In addition, shelley is a group administrator, and juan and bob are regular, non-administrative members.
/usr/sbin/grpck
File Permission Applications File permissions are an integral part of managing resources within an organization. The following table describes some of the more common command line tools used for this purpose. Application chgrp chmod chown Function Changes which group owns a given file. Changes access permissions for a given file. It is also capable of assigning special permissions. Changes a file's ownership (and can also change group).
www.wilshiresoft.com info@wilshiresfot.com
Page 48 of 167
Home Directories Another issue facing system administrators is whether or not users should have centrally-stored home directories. The primary advantage of centralizing home directories on a network-attached server is that if a user logs into any machine on the network, they will be able to access the files in their home directory. The disadvantage is that if the network goes down, users across the entire organization will be unable to get to their files. In some situations (such as organizations that make widespread use of laptops), having centralized home directories may not be desirable. But if it makes sense for your organization, deploying centralized home directories can make a system administrator's life much easier.
Adding Users
Adding users takes some planning, read through the steps below before starting: Arrange your list of users into groups by function. In this example there are three groups "marketing", "production" and "accounts". Marketing Production Accounts Paul Alice Accounts Jane Derek Sales Add the Linux groups to your server: [root@skynet tmp]# groupadd marketing [root@skynet tmp]# groupadd production [root@skynet tmp]# groupadd accounts Add the Linux users, assign them to their respective groups [root@skynet [root@skynet [root@skynet [root@skynet [root@skynet [root@skynet tmp]# tmp]# tmp]# tmp]# tmp]# tmp]# useradd useradd useradd useradd useradd useradd -g -g -g -g -g -g marketing paul marketing jane production derek production alice accounts accounts accounts sales
If you don't specify the group with the "-g", RedHat / RedHat Linux will create a group with the same name as the user you just created. When each new user first logs in, they will be prompted for their new permanent password. Note: The /etc/login.defs file contains useradd command defaults for user aging, home directory and password policy. Each user's personal directory will be placed in the /home directory. The directory name will be the same as their user name. [root@skynet drwxr-xr-x drwx-----drwx-----drwx-----drwx-----drwx-----drwx-----tmp]# ll /home 2 root root 2 accounts accounts 2 alice production 2 derek production 2 jane marketing 2 paul marketing 2 sales accounts 12288 Jul 24 20:04 lost+found 1024 Jul 24 20:33 accounts 1024 Jul 24 20:33 alice 1024 Jul 24 20:33 derek 1024 Jul 24 20:33 jane 1024 Jul 24 20:33 paul 1024 Jul 24 20:33 sales
Changing Passwords
You'll need to create passwords for each account. This is done with the "passwd" command. You will be prompted once for your old password and twice for the new one. User "root" changing the password for user "paul" [root@skynet root]# passwd paul Changing password for user paul. New password: Retype new password:
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 49 of 167
passwd: all authentication tokens updated successfully. [root@skynet root]# Users may wish to change their passwords at a future date. Here is how unprivileged user "paul" would change his own password. [paul@skynet paul]$ passwd Changing password for paul Old password: your current password Enter the new password (minimum of 5, maximum of 8 characters) Please use a combination of upper and lower case letters and numbers. New password: your new password Re-enter new password: your new password Password changed.
Delete Users
The userdel command is used. The "-r" flag removes all the contents of the user's home directory [root@skynet tmp]# userdel -r paul How to Tell the groups to which a user belongs? Use the "groups" command with the username as the argument [root@skynet root]# groups paul paul : marketing [root@skynet root]#
Page 50 of 167
a user from creating an excessive number of files. By limiting the number of disk blocks a user may consume, you limit the total amount of storage a user may have regardless of how many files they may have (i.e., either a small number of large files, or a large number of small files). We can use the following commands and their associated man pages: quotaon /fs Enables quotas for the /fs file system. quotaoff Disables quota tracking. edquota name Edits the quota settings for user name. Can also be used to set defaults. quota Allows users to see their current resource consumption and limits. repquota Generates a report of disk consumption by all users for a quota-enabled file system. quotacheck Scans a file system
Old fstab LABEL=/home New fstab LABEL=/home /home ext3 defaults,usrquota 1 2 /home ext3 defaults 1 2
Remount The Filesystem Editing the /etc/fstab file isn't enough, Linux needs to reread the file to get its instructions for /home. This can be done using the mount command with the "-o remount" qualifier. [root@skynet tmp]# mount -o remount /home Get Out Of single user mode
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 51 of 167
Return to your original run state by using either the "init 3" or "init 5" commands. Continue to the next step once the system is back to its normal state. Create The Partition Quota Configuration Files The topmost directory of the filesystem needs to have an aquota.user file (Defines quotas by user) and/or a aquota.group file (Defines quotas by group). The man page for "quota" lists them at the bottom. In this case we'll just enable "per user " quotas. [root@skynet tmp]# touch /home/aquota.user [root@skynet tmp]# chmod 600 /home/aquota.user
Blocks: The amount of space in 1K blocks the user is currently using. Inodes: The number of files the user is currently using. Soft Limit: The maximum blocks/inodes a quota user may have on a partition. The role of a soft limit changes if grace periods are used. When this occurs, the user is only warned that their soft limit has been exceeded. When the grace period expires, the user is barred from using additional disk space or files. When set to zero, limits are disabled. Hard Limit: The maximum blocks/inodes a quota user may have on a partition when a grace period is set. Users may exceed a soft limit, but they can never exceed their hard limit. In the example below we limit user mp3user to a maximum of 5 MB of data storage on /dev/hda3 (/home). Disk quotas for user mp3user (uid 503): Filesystem blocks soft hard /dev/hda3 24 5000 0 Testing Linux checks the total amount of disk space a user uses each time a file is accessed and compares it against the values in the quota file. If the values are exceeded, depending on the configuration, then Linux will prevent the creation of new files or the expansion of existing files to use more disk space.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
inodes 7
soft 0
hard 0
Page 52 of 167
User used soft hard grace used soft hard grace ---------------------------------------------------------------------root -52696 0 0 1015 0 0 ... ... mp3user -24 0 0 7 0 0
www.wilshiresoft.com info@wilshiresfot.com
Page 53 of 167
Some guidelines when editing this file: Groups are the same as user groups and are differentiated from regular users by a % at the beginning. The Linux user group "users" would be represented by %users. You can have multiple usernames per line separated by commas Multiple commands can be separated by commas too. Spaces are considered part of the command. The keyword "ALL" can mean all usernames, groups, commands and servers. If you run out of space on a line, you can end it with a "\" and continue on the next line. Sudo assumes that the sudoers file will be used network wide, and therefore offers the option to specify the names of servers which will be using it in the "servername" position. In most cases, the file is used by only one server and the keyword "ALL" will suffice for the server name. The NOPASSWD keyword provides access without you being prompted for your password
In the example below, users "peter", "bob" and "bunny" and all the users in the "operator" group are made part of the user alias "ADMINS". All the command shell programs are then assigned to the command alias "SHELLS". Users ADMINS are then denied the option of running any SHELLS commands and su. Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, \ /usr/bin/ksh, /usr/local/bin/tcsh, \
Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
www.wilshiresoft.com info@wilshiresfot.com
Page 54 of 167
/usr/bin/rsh, /usr/local/bin/zsh User_Alias ADMINS ADMINS = peter, bob, bunny, %operator ALL = !/usr/bin/su, !SHELLS
This attempts to ensure that users don't permanently "su" to become root, or enter command shells that bypass sudo's command logging. It doesn't prevent them from copying the files to other locations to be run. The advantage of this is that it helps to create an audit trail, but the restrictions can only be enforced as part of the company's overall security policy. Other Examples You can view a comprehensive list of /etc/sudoers file options by issuing the command "man sudoers".
www.wilshiresoft.com info@wilshiresfot.com
Page 55 of 167
Page 56 of 167
audiofile-0.2.3-3 ... ... [root@skynet tmp]# You can also pipe the output of this command through the grep command if you are interested in only a specific package. In this example we are looking for all packages containing the string "ssh" in the name, regardless of case ("-i" meaning ignore case) [root@skynet tmp]# rpm -qa | grep -i ssh openssh-server-3.4p1-2 openssh-clients-3.4p1-2 openssh-askpass-gnome-3.4p1-2 openssh-3.4p1-2 openssh-askpass-3.4p1-2 Note: You could use the "rpm -q package-name" command to find an installed package as it is much faster than using grep and the "-qa" switch, but you have to have an exact package match. If you are not sure of the package name and its capitalization, then the method above is probably more suitable.
Page 57 of 167
Installing RPM without checking for dependency [root@skynet tmp]# rpm -ivh --nodeps package-name.rpm Re-installing RPM [root@skynet tmp]# rpm ivh -replacepkgs pkgname.rpm Upgrading RPMs The rpm -U command will upgrade a package. [root@skynet tmp]# rpm -Uvh package-name.rpm Uninstalling RPMs The rpm -e command will erase an installed package. The package name given must match that listed in the rpm -qa command as the version of the package is important. [root@skynet tmp]# rpm -e package-name.rpm
www.wilshiresoft.com info@wilshiresfot.com
Page 58 of 167
The "up" at the end of the command activates the interface. To make this permanent each time you boot up you'll have to add this command in your /etc/rc.d/rc.local file.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 59 of 167
RedHat Linux also makes life a little easier with interface configuration files located in the /etc/sysconfig/network-scripts directory. Interface eth0 has a file called ifcfg-eth0, eth1 uses ifcfg-eth1 ... etc. You can place your IP address information in these files which are then used to auto-configure your NICs when Linux boots.
Page 60 of 167
[root@skynet tmp]# ifup wlan0:0 [root@skynet tmp]#ifdown wlan0:0 Note: Shutting down the main interface also shuts down all its aliases too. Aliases can be shutdown independently of other interfaces. How To Activate / Shutdown Your NIC The ifup and ifdown commands can be used respectively to activate and deactivate a NIC interface. You must have an ifcfg file in the /etc/sysconfig/network-scripts directory these commands to work. Here is an example for interface eth0: [root@skynet tmp]# ifdown eth0 [root@skynet tmp]# ifup eth0
Page 61 of 167
kernel.core_uses_pid = 1 Configuring Your /etc/hosts File The /etc/hosts file is just a list of IP addresses and their corresponding server names. Your server will typically check this file before referencing DNS, if the name is found with a corresponding IP address then DNS won't be queried at all. Unfortunately, if the IP address for that host changes, you'll have to also update the file. This may not be much of a concern for a single server, but can become laborious if it has to be done companywide. For ease of management, it is often easiest to limit entries in this file to just the loopback interface, and also the server's own host name, and use a centralized DNS server handle most of the rest. Sometimes you may not be the one managing the DNS server and in such cases it may be easier to add a quick /etc/hosts file entry till the centralized change can be made. 192.168.1.101 sys1
In the example above server "sys1" has an IP address of 192.168.1.101. You can access 192.168.1.101 using the "ping", "telnet" or any other network aware program by referring to it as "sys1" Here is an example using the "ping" to see if "sys1" is alive and well on the network. [root@skynet tmp]# ping sys1 PING zero (192.168.1.101) 56(84) bytes of data. 64 bytes from sys1 (192.168.1.101): icmp_seq=0 ttl=64 time=0.197 ms 64 bytes from sys1 (192.168.1.101): icmp_seq=1 ttl=64 time=0.047 ms --- sys1 ping statistics --2 packets transmitted, 2 received, 0% packet loss, time 2017ms rtt min/avg/max/mdev = 0.034/0.092/0.197/0.074 ms, pipe 2 You can also add "aliases" to the end of the line which will allow you to refer to the server using other names. Here we have set it up so that "sys1" can also be accessed using the names "tiny" and "sun20". 192.168.1.101 sys1 tiny sun20
You should never have an IP address more than once in this file as Linux will only use the values in the first entry it finds. 192.168.1.101 192.168.1.101 192.168.1.101 sys1 tiny sun20 # (Wrong) # (Wrong) # (Wrong)
www.wilshiresoft.com info@wilshiresfot.com
Page 62 of 167
Starting xinetd: [ OK ] [root@skynet tmp]# Now you are ready to use telnet.
Install and Configure Install VSFTPD Most RedHat and Fedora Linux software products are available in the RPM format. When searching for the file, remember that the VSFTPD RPM's filename usually starts with the word vsftpd followed by a version number, as in: vsftpd-1.2.1-5.i386.rpm.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 63 of 167
Start VSFTPD service You can start, stop, or restart VSFTPD after booting by using these commands: [root@skynet tmp]# service vsftpd start [root@skynet tmp]# service vsftpd stop [root@skynet tmp]# service vsftpd restart To configure VSFTPD to start at boot you can use the chkconfig command. [root@skynet tmp]# chkconfig vsftpd on
You have to restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd.ftpusers and /etc/vsftpd.userlist file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these entries remain and add new entries for additional security Edit the /etc/vsftpd.userlist and /etc/vsftpd.ftpusers and mention the DENY users list. If you want to allow any user including root just comment out or remove that particular users entry from both of the files. Now you can try doing ftp from the remote machine. [root@skynet_1 tmp]# ftp 192.168.1.100 Connected to 192.168.1.100 (192.168.1.100) 220 ready, dude (vsFTPd 1.1.0: beat me, break me) Name (192.168.1.100:root): user1 331 Please specify the password. Password: 230 Login successful. Have fun. Remote system type is UNIX. Using binary mode to transfer files. ftp> To view and download a copy of the VSFTPD RPM located on the FTP server skynet. ftp> ls 227 Entering Passive Mode (192,168,1,100,35,173) 150 Here comes the directory listing. -rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm 226 Directory send OK. ftp> get vsftpd-1.1.0-1.i386.rpm vsftpd-1.1.0-1.i386.rpm.tmp local: vsftpd-1.1.0-1.i386.rpm.tmp remote: vsftpd-1.1.0-1.i386.rpm 227 Entering Passive Mode (192,168,1,100,44,156) 150 Opening BINARY mode data connection for vsftpd-1.1.0-1.i386.rpm (76288 bytes). 226 File send OK. 76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec) ftp> exit 221 Goodbye. Note: You can ? (question mark) to list all the available commands at ftp prompt. We can alos perform FTP downloads and uploads by using a GUI tool gftp. Type the command gftp at a graphical console and you can simply drag and drop the files from remote machines window to the local one. See the figure below:
www.wilshiresoft.com info@wilshiresfot.com
Page 64 of 167
Figure:gftp In the above figure left window has the Local files and right window shows the Remote ftp server skynet.wilshiresoft.com's files. You can drag and drop the files between windows or you can select individual files and then use the Arrow buttons to upload or download.
www.wilshiresoft.com info@wilshiresfot.com
Page 65 of 167
12. NFS
12.1 NFS Operational Overview
Linux data storage disks contain files stored in filesystems with a standardized directory structure. New disks are added by attaching, or "mounting", the directories of their filesystems to a directory of an already existing filesystem. This in effect makes the new hard disk transparently appear to be a sub directory of the file system to which it is attached. NFS was developed to allow a computer system to access directories on remote computers by mounting them on a local filesystem as if they were just like a local disk. The systems administrator on the NFS server has to define the directories that need to be activated or "exported" for access by the NFS clients, and administrators on the clients need to define both the NFS server and the subset of its exported directories to use. General NFS Rules There are some general rules that need to be followed when configuring NFS. 1. You can only export directories beneath the "/" directory. 2. You cannot export a subdirectory of a directory that has already been exported. The exception being when the subdirectory is on a different physical device. Likewise you cannot export the parent of a subdirectory unless it is on a separate device too. 3. You can only export local file systems.
www.wilshiresoft.com info@wilshiresfot.com
Page 66 of 167
domains that can get access to the directory, the second part lists NFS options in brackets. In the case below we have provided: Read only access to the /data/files directory to all networks Read/write access to the /home directory from all servers on the 192.168.1.0 /24 network, that is all addresses from 192.168.1.0 to 192.168.1.255 Read/write access to the /data/test directory from servers in the my-site.com DNS domain Read/write access to the /data/database directory from a single server 192.168.1.203. In all cases we have used the "sync" option to ensure that file data cached in memory is automatically written to the disk after the completion of any disk data copying operation. #/etc/exports /data/files /home /data/test /data/database *(ro,sync) 192.168.1.0/24(rw,sync) *.my-site.com(rw,sync) 192.168.1.203/32(rw,sync)
Once you have configured your /etc/exports file, you'll need to activate the settings, but first you'll have to make sure NFS is running correctly. Starting NFS on the Server Configuring an NFS server is straightforward with the easy to follow steps outlined below. 1. Use the chkconfig command to configure the required NFS and RPC portmap daemons to start at boot. You will also have to activate NFS file locking to reduce the risk of corrupted data. [root@skynet tmp]# chkconfig --level 35 nfs on [root@skynet tmp]# chkconfig --level 35 nfslock on [root@skynet tmp]# chkconfig --level 35 portmap on
2. Use the init scripts in the /etc/init.d directory to start the NFS and RPC portmap daemons. In the examples below we're using the "start" option, but when needed, you can also stop and restart the processes with the "stop" and "restart" options. [root@skynet tmp]# service portmap start [root@skynet tmp]# service nfs start [root@skynet tmp]# service nfslock start
2. Use the init scripts in the /etc/init.d directory to start the NFS and RPC portmap daemons. In the examples below we're using the "start" option, but when needed, you can also stop and restart the processes with the "stop" and "restart" options.
www.wilshiresoft.com info@wilshiresfot.com
Page 67 of 167
[root@skynet tmp]# service portmap start [root@skynet tmp]# service netfs start [root@skynet tmp]# service nfslock start
In this example we used the "soft" and "nfsvers" options, Table 30-1 outlines these and other useful NFS mounting options you may want to use. Use the NFS man pages for more details. Manually Mounting NFS File Systems If you don't want a permanent NFS mount, then you can use the "mount" command without the /etc/fstab entry to gain access only when necessary. This is a manual process, but an automated process can be seen in the automounter section. In this case we're mounting the /data/files directory as an NFS type filesystem on the /mnt/nfs mount point. The NFS server is "skynet" whose IP address is 192.168.1.100. Notice how before mounting there were no files visible in the /mnt/nfs directory, this changes after the mounting is completed, [root@skynet tmp]# mkdir /mnt/nfs [root@skynet tmp]# ls /mnt/nfs [root@skynet tmp]# mount -t nfs 192.168.1.100:/data/files /mnt/nfs [root@skynet tmp]# ls /mnt/nfs ISO ISO-RedHat kickstart RedHat
Page 68 of 167
Note: You may also need to edit the /etc/fstab file of any entries related to the mount point if you want to make the change permanent even after rebooting. 2. Comment out the corresponding entry in the NFS server's /etc/exports file and reload the modified file as seen below. [root@skynet tmp]# exportfs -ua [root@skynet tmp]# exportfs -a The showmount Command When run on the server, the "showmount -a" command will list all the currently exported directories. It will also show a list of NFS clients accessing the server, in this case one client is with an IP address of 192.168.1.102. [root@skynet tmp]# showmount -a All mount points on skynet: *:/home 192.168.1.102:*
www.wilshiresoft.com info@wilshiresfot.com
Page 69 of 167
Let NFS read the /etc/exports file for the new entry and make /home available to the network with the exportfs command. [root@skynet tmp]# exportfs -a Make sure the required NFS, NFS lock and port mapper daemons are both running and configured to start after the next reboot. [root@skynet tmp]# chkconfig nfslock on [root@skynet tmp]# chkconfig nfs on [root@skynet tmp]# chkconfig portmap on [root@skynet tmp]# service portmap start Starting portmapper: [ OK ] [root@skynet tmp]# service nfslock start Starting NFS statd: [ OK ] [root@skynet tmp]# service nfs start Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] [root@skynet tmp]#
Page 70 of 167
Mounting other filesystems: [ OK ] [root@skynet tmp]# service nfslock start Starting NFS statd: [ OK ] 2. Keep a copy of the old /home directory, and create a new directory /home on which we'll mount the NFS server's directory. [root@skynet tmp]# mv /home /home.save [root@skynet tmp]# mkdir /home [root@skynet tmp]# ll / ... ... drwxr-xr-x 1 root root 11 Nov 16 20:22 home drwxr-xr-x 2 root root 4096 Jan 24 2003 home.save ... 3. Make sure you can mount skynet's /home directory on the new /home directory we just created. Unmount it once everything looks correct. [root@skynet tmp]# mount 192.168.1.100:/home /home/ [root@skynet tmp]# ls /home ftpinstall nisuser quotauser skynet www [root@skynet tmp]# umount /home
4. Start configuring autofs automounting. Edit your /etc/auto.master file to refer to file /etc/auto.home for mounting information whenever the /home directory is accessed. After five minutes, autofs will unmount the directory. #/etc/auto.master /home /etc/auto.home --timeout 600 5. Edit file /etc/auto.home to do the NFS mount whenever the /home directory is accessed. If the line is too long to view on your screen, you can add a "\" at the end to continue on the next line. * #/etc/auto.home -fstype=nfs,soft,intr,rsize=8192,wsize=8192,nosuid,tcp \ 192.168.1.100:/home:&
6. Start autofs and make sure it will start after the next reboot with the chkconfig command. [root@skynet tmp]# chkconfig autofs on [root@skynet tmp]# service autofs restart Stopping automount:[ OK ] Starting automount:[ OK ] Note: After doing this, you won't be able to see the contents of the /home directory on skynet as user "root". This is because by default NFS activates the root squash feature which disables this user from having privileged access to directories on remote NFS servers. We'll be able to test this later once NIS is configured. All newly added Linux users will now be assigned a home directory under the new remote /home directory. This scheme will make the users feel their home directories are local, when in reality they are automatically mounted and accessed over your network.
Edit Your /etc/sysconfig/network File You need to add the NIS domain you wish to use in the /etc/sysconfig/network file. In the case below, we've called the domain "NIS-HOME_NETWORK". #/etc/sysconfig/network
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 71 of 167
NISDOMAIN="DESTINY.COM"
Edit Your /etc/yp.conf File NIS servers also have to be NIS clients themselves, so you'll have to edit the NIS client configuration file /etc/yp.conf to list the domain's NIS server as being the server itself or "localhost". # /etc/yp.conf - ypbind configuration file ypserver 127.0.0.1 Start The Key NIS Server Related Daemons Start the necessary NIS daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot.
Page 72 of 167
Updating hosts.byname... Updating hosts.byaddr... Updating rpc.byname... Updating rpc.bynumber... Updating services.byname... Updating services.byservicename... Updating netid.byname... Updating protocols.bynumber... Updating protocols.byname... Updating mail.aliases... gmake[1]: Leaving directory `/var/yp/DESTINY.COM' skynet has been set up as a NIS master server. Now you can run ypinit -s skynet on all slave server. Note: Make sure portmapper is running before doing this or you'll get errors like the one below. You will have to delete the /var/yp/DESTINY.COM directory and restart portmapper, yppasswd and ypserv before you'll be able to do this again successfully. failed to send 'clear' to local ypserv: RPC: Port mapper failureUpdating group.bygid... Start The ypbind and ypxfrd Daemons You can now start the ypbind and the ypxfrd daemons now that the NIS domain files have been created. [root@skynet tmp]# service ypbind start Binding to the NIS domain: [ OK ] Listening for an NIS domain server. [root@skynet tmp]# service ypxfrd start Starting YP map server: [ OK ] [root@skynet tmp]# chkconfig ypbind on [root@skynet tmp]# chkconfig ypxfrd on
Page 73 of 167
The authconfig program also updates the /etc/nisswitch.conf file which lists the order in which certain data sources should be searched for name lookups like those in DNS, LDAP and NIS. Here we can see where NIS entries have been added for the important login files. #/etc/nisswitch.conf passwd: files nis shadow: files nis group: files nis Note: A sample NIS nsswitch.conf file can also be located in the /usr/share/doc/yp-tools* directory Start The NIS Client Related Daemons Start the ypbind NIS client, yppasswd and portmap daemons in the /etc/init.d directory and use the chkconfig command to ensure they start after the next reboot. Remember to use the "rpcinfo" command to ensure they are running correctly. [root@skynet tmp]# service portmap start Starting portmapper: [ OK ] [root@skynet tmp]# service ypbind start Binding to the NIS domain: Listening for an NIS domain server. [root@skynet tmp]# service yppasswdd start Starting YP passwd service: [ OK ] [root@skynet tmp]# chkconfig ypbind on [root@skynet tmp]# chkconfig portmap on [root@skynet tmp]# chkconfig yppasswdd on Test NIS Access To The NIS Server You can run the ypcat, ypmatch and getent commands to make sure communication to the server is correct. [root@skynet tmp]# ypcat passwd nisuser:$1$Cs2GMe6r$1hohkyG7ALrDLjH1:505:100::/home/nisuser:/bin/bash quotauser:!!:503:100::/home/quotauser:/bin/bash ftpinstall:$1$8WjAVtes$SnRh9S1w07sYkFNJwpRKa.:502:100::/:/bin/bash www:$1$DDCi/OPI$hwiTQ.L0XqYJUk09Bw.pJ/:504:100::/home/www:/bin/bash skynet:$1$qHni9dnR$iKDs7gfyt..BS9Lry3DAq.:501:100::/:/bin/bash [root@skynet tmp]# ypmatch nisuser passwd nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash [root@skynet tmp]# getent passwd nisuser nisuser:$1$d6E2i79Q$wp3Eo0Qw9nFD/:504:100::/home/nisuser:/bin/bash
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 74 of 167
Possible sources of error would include: Incorrect authconfig setup resulting in errors in the /etc/yp.conf, /etc/sysconfig/network and /etc/nsswitch.conf files Failure to run the ypinit command on the NIS server NIS not being started on the NIS server or client. Poor routing between the server and client, or the existence of a firewall that's blocking traffic Try to eliminate these areas as sources of error and refer to the syslog /var/log/messages file on the client and server for entries that may provide additional clues. Test Logins Via The NIS Server You should next try to test a remote login once your basic NIS functionality testing is complete. Failures in this area could be due to firewalls blocking telnet or SSH access and the telnet and SSH server process not being started on the clients. Logging In Via Telnet Try logging into the NIS client via telnet if it is enabled [root@skynet tmp]# telnet 192.168.1.201 Trying 192.168.1.201... Connected to 192.168.1.201. Escape character is '^]'. Red Hat Linux release 9 (Shrike) Kernel 2.4.20-6 on an i686 login: nisuser Password: Last login: Sun Nov 16 22:03:51 from 192-168-1-100.simiya.com Changing Your NIS Passwords You should also test to make sure your users can change their NIS passwords from the NIS clients with the yppasswd command.
Users Changing Their Own Passwords Users can change their passwords by logging into the NIS server and issuing the yppasswd command. [nisuser@skynet nisuser]$ yppasswd Changing NIS account information for nisuser on skynet.my-site.com. Please enter old password: Changing NIS password for nisuser on skynet.my-site.com. Please enter new password: Please retype new password: The NIS password has been changed on skynet.my-site.com.
www.wilshiresoft.com info@wilshiresfot.com
Page 75 of 167
14. DNS
14.1 Introduction to DNS
Before we begin, it is best to understand a few foundation concepts in DNS on which the rest of the document is built. DNS Domains Everyone in the world has a first name and a last or "family" name. DNS is similar in that a family of websites can be closely described as being a "domain". For example the domain wilshiresoft.com has a number of production such as www.wilshiresoft.com and mail.wilshiresoft.com for the web and mail servers respectively. BIND BIND is an acronym for the "Berkeley Internet Name Domain" project which maintains the DNS related software suite that runs under Linux. The most well known program in BIND is "named", the daemon that responds to DNS queries from remote machines. DNS Clients A DNS client doesn't store DNS information; it always has to refer to a DNS server to get it. The only DNS configuration file for a DNS client is the /etc/resolv.conf file which defines the IP address of the DNS server it should use. You shouldn't need to configure any other files. You can learn more about the /etc/resolv.conf file in the sections that follow. Authoritative DNS Servers Authoritative servers provide the definitive information for your DNS domain such as the names of servers and websites in it. They are the "last word" in information related to your domain.
Page 76 of 167
The nslookup command tends to be more verbose than the host command providing the IP addresses of the DNS servers that provided it with its information. Unlike the host command, the nslookup command is available to Windows PCs. Forward Lookup Example [root@skynet tmp]# nslookup www.wilshiresoft.com Server: 200.200.0.1 Address: 200.200.0.1#53 Non-authoritative answer: Name: www.wilshiresoft.com Address: 200.200.0.1 Reverse Lookup Example [root@skynet tmp]# nslookup 65.115.71.34 Server: 200.200.0.1 Address: 200.200.0.1#53
Domain
Search
www.wilshiresoft.com info@wilshiresfot.com
Page 77 of 167
Here is a sample configuration in which: Nameserver, 200.200.0.1 provide DNS name resolution. search wilshiresoft.com nameserver 200.200.0.1
Configuring Nameserver The named.conf file The main DNS configuration is kept in the /etc/named.conf file which is used to tell BIND where to find the configuration files for each domain you own. There are usually two zone areas in this file: Forward zone file definitions which list files to map domains to IP addresses Reverse zone file definitions which list files to map IP addresses to domains In this example the forward zone for www.wilshiresoft.com is being set up by placing the following entries at the bottom of the named.conf file. The zone file is named wilshiresoft.zone and, though not explicitly stated, the file wilshiresoft.zone should be located in the default directory of /var/named/chroot/var/named in Fedora Core and in /var/named in RedHat 9 and older. zone "wilshiresoft.com" { type master; notify no; allow-query { any; }; file "wilshiresoft.zone"; }; Note: The "allow-query" directive defines the networks that are allowed to query your DNS server for information on any zone. For example, to limit queries to only our 200.200.0.0 network, you could modify the directive to state allow-query { 200.200.0.0/24; }; The reverse zone definition below is an example of a named.conf for a reverse zone file named 200-200-0.zone for the 200.200.0.0/24 network. zone "0.200.200.in-addr.arpa" { type master; notify no; file "200-200-0.zone"; }; Note: the reverse order of the IP address in the zone section is important as is the fact that only the first three octets of the IP address are represented. Configuring The Zone Files There are a number of things to keep in mind when configuring DNS zone files. In all zone files, you can place a comment at the end of any line by inserting a semi-colon ";" character then typing in the text of your comment. By default, your zone files are located in the directory /var/named or /var/named/chroot/var/named. Each zone file contains a variety of records (e.g. SOA, NS, MX, A and CNAME) which govern different areas of BIND. Each will be explained later with examples.
Time to Live Value Caching DNS servers cache the responses to their queries from authoritative DNS servers. The authoritative servers not only provide the DNS answer but the valid lifetime or time to live (TTL) of the information. The purpose of a TTL is to reduce the number of DNS queries the authoritative DNS server has to answer. If the TTL is set to three days, then caching servers will use the original stored response for this length of time before making the query again. The TTL value for the zone is usually the very first entry in the zone file. In the example below, it is set to three days.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 78 of 167
$TTL 3D Note: BIND recognizes a number of suffixes for time related values. A "D" signifies days, a "W" signifies weeks and an "H" signifies hours. In the absence of a suffix, BIND assumes the value is in seconds. DNS Resource Records The rest of the records in a zone file are usually BIND resource records. They define the nature of the DNS information in your zone files that's presented to querying DNS clients. They all have the general format: Name Class Type Data There are different types of record for mail (MX), forward lookups (A), reverse lookups (PTR), aliases (CNAME) and overall zone definitions (SOA). The data portion is formatted according to the record "type" and may consist of several values separated by spaces. Similarly, the "name" is also subject to interpretation based on this factor. The formatting and use of each type of record will be discussed in sections to follow. The SOA Record The very first resource record is the Start of Authority (SOA) record which contains general administrative and control information about the domain. It has the following format: Name Class Type Name-Server Email-Address Serial-No Refresh Retry Expiry Minimum-TTL The record can be long, and will sometimes wrap around on your screen. For the sake of formatting, you insert "new line" characters between the fields as long as you insert at the beginning and end of the insertion to alert BIND that part of the record will straddle multiple lines. You can also add comments to the end of each new line separated by a semicolon when you do this. Here is an example: @ IN SOA wstsun1.wilshiresoft.com. hostmaster.wilshiresoft.com. ( 2004100801 ; serial # 4H ; refresh 1H ; retry 1W ; expiry 1D ) ; minimum So in this example, the primary name server has been defined as "wstsun1.wilshiresoft.com" with a contact email address of "hostmaster@wilshiresoft.com". The serial number is "2004100801" with refresh, retry, expiry and minimum values of 4 hours, 1 hour, 1 week and 1 day respectively. Like the SOA record, the NS, MX, A, PTR and CNAME records each occupy a single line with a very similar general format. Sample Forward Zone File Now that the key elements of a zone file have been described, it's time to examine a working example for the domain wilshiresoft.com. ; @ IN SOA wstsun1.wilshiresoft.com. 200211152 ; serial# 3600 ; refresh, seconds 3600 ; retry, seconds 3600 ; expire, seconds 3600 ) ; minimum, seconds ; NS www wstsun1 wstsun2 wstsun3 server A A A CNAME hostmaster.wilshiresoft.com. (
Notice that in this example: Server wstsun1.wilshiresoft.com is the name server for wilshiresoft.com. In corporate environments there may be a separate name server for this purpose. Primary name servers are more commonly called "wstsun1" and secondary name servers "wstsun2".
www.wilshiresoft.com info@wilshiresfot.com
Page 79 of 167
The minimum TTL value ($TTL) is 3 days therefore remote DNS caching servers will store learned DNS information from your zone for 3 days before flushing it out of their caches. The MX record for wilshiresoft.com points to the server named mail.wilshiresoft.com Sample Reverse Zone File Now we need to make sure that we can do an nslookup query on all our home network's PCs and get their correct IP addresses. This is very important if you are running a mail server on your network as sendmail typically will only relay mail from hosts whose IP addresses resolve correctly in DNS. NFS, which is used in network based file access, also requires valid reverse lookup capabilities. This is an example of a zone file for the 200.200.0.x network. All the entries in the first column refer to the last octet of the IP address for the network, so the IP address 200.200.0.1 points to the name wstsun1.wilshiresoft.com. Notice how the main difference between forward and reverse zone files is that the reverse zone file only has PTR and NS records. Also the PTR records cannot have CNAME aliases. ; ; Zone file for 200.200.0.x ; $TTL 3D @ IN SOA www.wilshiresoft.com. 200303301 ; serial number 8H ; refresh, seconds 2H ; retry, seconds 4W ; expire, seconds 1D ) ; minimum, seconds ; NS www ; Nameserver Address ; 1 PTR wstsun1.wilshiresoft.com. 2 PTR wstsun2.wilshiresoft.com. 3 PTR wstsun3.wilshiresoft.com. Loading Your New Configuration Files Here are the steps you need to follow to load your new configuration files. Make sure your file permissions and ownership are OK in the /var/named directory. [root@skynet tmp]# cd /var/named [root@wstsun1 named]# ll total 6 -rw-r--r-- 1 named named 195 May 3 2005 localhost.zone -rw-r--r-- 1 named named 2769 May 3 2005 named.ca -rw-r--r-- 1 named named 433 May 3 2005 named.local -rw-r--r-- 1 root root 763 May 2 16:23 wilshiresoft.zone [root@wstsun1 named]# chown named * [root@wstsun1 named]# chgrp named * [root@wstsun1 named]# ll total 6 -rw-r--r-- 1 named named 195 May3 2005 localhost.zone -rw-r--r-- 1 named named 2769 May 3 2005 named.ca -rw-r--r-- 1 named named 433 May 3 2005 named.local -rw-r--r-- 1 named named 763 May 2 16:23 wilshiresoft.zone The configuration files above will not be loaded until you issue the following command to restart the named process that controls DNS. Note: (Make sure to increment your configuration file serial number before doing this). [root@skynet tmp]# /etc/init.d/named restart Last, but not least, take a look at the end of your /var/log/messages file to make sure there are no errors. Make sure your /etc/hosts and /etc/resolv.conf file is correctly updated. And test your configuration with nslookup and dig commands.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
hostmaster.wilshiresoft.com. (
Page 80 of 167
Note: We can also use the redhat-config-bind GUI tool to configure DNS, but its not recommended.
www.wilshiresoft.com info@wilshiresfot.com
Page 81 of 167
15.DHCP/Bootp
DHCP (Dynamic Host Configuration Protocol) and bootp are protocols that allow a client machine to obtain network information (such as an IP number) from a server. Many organizations are starting to use dynamic host control because it simplifies and centralizes network administration.
Page 82 of 167
# Set the broadcast address and subnet mask # to be used by the DHCP clients option broadcast-address 200.200.0.255; option subnet-mask 255.255.255.0; # Set the DNS server to be used by the # DHCP clients option domain-name-servers 200.200.0.1; # Set the NTP server to be used by the # DHCP clients option nntp-server 200.200.0.1; # If you specify a WINS server for your Windows clients, # you need to include the following option in the dhcpd.conf file: option netbios-name-servers 200.200.0.1; } # # List an unused interface here # subnet 200.200.2.0 netmask 255.255.255.0 { } There many more options statements you can use to configure DHCP. These include telling the DHCP clients where to go for services such as finger and IRC. Check the dhcp-options man page after you do your install. The command to do this follows: [root@skynet tmp]# man dhcp-options Lease Database On the DHCP server, the file /var/lib/dhcp/dhcpd.leases stores the DHCP client lease database. This file should not be modified by hand. DHCP lease information for each recently assigned IP address is automatically stored in the lease database. The information includes the length of the lease, to whom the IP address has been assigned, the start and end dates for the lease, and the MAC address of the network interface card that was used to retrieve the lease. All times in the lease database are in Greenwich Mean Time (GMT), not local time. The lease database is recreated from time to time so that it is not too large. First, all known leases are saved in a temporary lease database. The dhcpd.leases file is renamed dhcpd.leases~ and the temporary lease database is written to dhcpd.leases. The DHCP daemon could be killed or the system could crash after the lease database has been renamed to the backup file but before the new file has been written. If this happens, the dhcpd.leases file does not exist, but it is required to start the service. Do not create a new lease file. If you do, all old leases are lost which causes many problems. The correct solution is to rename the dhcpd.leases~ backup file to dhcpd.leases and then start the daemon.
Page 83 of 167
[root@skynet tmp]# pgrep dhcpd Finally, always remember to set your PC to get its IP address via DHCP.
www.wilshiresoft.com info@wilshiresfot.com
Page 84 of 167
Page 85 of 167
The configuration file used by Apache is /etc/httpd/conf/httpd.conf. Like most Linux applications you have to restart Apache before changes to the configuration file will take effect. Examples of how to configure this file will follow.
Page 86 of 167
Order deny,allow Deny from all </Files> <IfModule mod_dir.c> DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi </IfModule> #<IfModule mod_include.c> #Include conf/mmap.conf #</IfModule> UseCanonicalName On <IfModule mod_mime.c> TypesConfig /etc/httpd/conf/mime.types </IfModule> DefaultType text/plain HostnameLookups Off ErrorLog /var/log/httpd/error_log LogLevel warn LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{UserAgent}i\"" combined SetEnvIf Request_URI \.gif$ gif-image CustomLog /var/log/httpd/access_log combined env=!gif-image ServerSignature Off <IfModule mod_alias.c> ScriptAlias /cgi-bin/ "/home/httpd/cgi-bin/" <Directory "/home/httpd/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> </IfModuleGT; <IfModule mod_mime.c> AddEncoding x-compress Z AddEncoding x-gzip gz tgz AddType application/x-tar .tgz </IfModule> ErrorDocument 500 "The server made a boo boo. ErrorDocument 404 http://192.168.1.1/error.htm ErrorDocument 403 "Access Forbidden -- Go away. <IfModule mod_setenvif.c> BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 </IfModule> ### Section 3: Virtual Hosts # <IfDefine SSL>
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 87 of 167
AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfDefine> <IfModule mod_ssl.c> SSLPassPhraseDialog SSLSessionCache SSLSessionCacheTimeout SSLMutex builtin dbm:/var/run/ssl_scache 300
file:/var/run/ssl_mutex
SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /var/log/httpd/ssl_engine_log SSLLogLevel warn </IfModule> <IfDefine SSL> <VirtualHost _default_:443> DocumentRoot "/home/httpd/wst" ServerName www.wilshire.com ServerAdmin admin@wilshire.com ErrorLog /var/log/httpd/error_log SSLEngine on SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile SSLCertificateKeyFile SSLCACertificatePath SSLCACertificateFile SSLCARevocationPath SSLVerifyClient none SSLVerifyDepth 10 /etc/ssl/certs/server.crt /etc/ssl/private/server.key /etc/ssl/certs /etc/ssl/certs/ca.crt /etc/ssl/crl
SSLOptions +ExportCertData +StrictRequire SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SetEnvIf Request_URI \.gif$ gif-image CustomLog /var/log/httpd/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!gif-image </VirtualHost> </IfDefine> This tells httpd.conf file to set itself up for this particular configuration setup with: ServerType standalone The option ServerType specifies how Apache should run on the system. You can run it from the super-server inetd, or as standalone daemon. It's highly recommended to run Apache in standalone type for better performance and speed. ServerRoot "/etc/httpd" The option ServerRoot specifies the directory in which the configuration files of the Apache server lives. It allows Apache to know where it can find its configuration files when it starts. PidFile /var/run/httpd.pid The option PidFile specifies the location where the server will record the process id of the daemon when it starts. This option is only required when you configure Apache in standalone mode. ResourceConfig /dev/null
www.wilshiresoft.com info@wilshiresfot.com
Page 88 of 167
The option ResourceConfig specifies the location of the old srm.conf file that Apache read after it finished reading the httpd.conf file. When you set the location to /dev/null, Apache allows you to include the content of this file in httpd.conf file, and in this manner, you have just one file that handles all your configuration parameters for simplicity. Timeout 300 The option Timeout specifies the amount of time Apache will wait for a GET, POST, PUT request and ACKs on transmissions. You can safely leave this option on its default values. KeepAlive On The option KeepAlive, if set to On, specifies enabling persistent connections on this web server. For better performance, it's recommended to set this option to On, and allow more than one request per connection. MaxKeepAliveRequests 0 The option MaxKeepAliveRequests specifies the number of requests allowed per connection when the KeepAlive option above is set to On. When the value of this option is set to 0 then unlimited requests are allowed on the server. For server performance, it's recommended to allow unlimited requests. KeepAliveTimeout 15 The option KeepAliveTimeout specifies how much time, in seconds, Apache will wait for a subsequent request before closing the connection. The value of 15 seconds is a good average for server performance. MinSpareServers 16 The option MinSpareServers specifies the minimum number of idle child server processes for Apache, which is not handling a request. This is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 16 is recommended by various benchmarks on the Internet. MaxSpareServers 64 The option MaxSpareServers specifies the maximum number of idle child server processes for Apache, which is not handling a request. This is also an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 64 is recommended by various benchmarks on the Internet. StartServers 16 The option StartServers specifies the number of child server processes that will be created by Apache on start-up. This is, again, an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 16 is recommended by various benchmarks on the Internet. MaxClients 512 The option MaxClients specifies the number of simultaneous requests that can be supported by Apache. This too is an important tuning parameter regarding the performance of the Apache web server. For high load operation, a value of 512 is recommended by various benchmarks on the Internet. MaxRequestsPerChild 100000 The option MaxRequestsPerChild specifies the number of requests that an individual child server process will handle. This too is an important tuning parameter regarding the performance of the Apache web server. User www The option User specifies the UID that Apache server will run as. It's important to create a new user that has minimal access to the system, and functions just for the purpose of running the web server daemon. Group www The option Group specifies the GID the Apache server will run as. It's important to create a new group that has minimal access to the system and functions just for the purpose of running the web server daemon. DirectoryIndex index.htm index.html index.php index.php3 default.html index.cgi The option DirectoryIndex specifies the files to use by Apache as a pre-written HTML directory index. In other words, if Apache can't find the default index page to display, it'll try the next entry in this parameter, if available. To improve performance of your web server it's recommended to list the most used default index pages of your web site first.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 89 of 167
Include conf/mmap.conf The option Include specifies the location of other files that you can include from within the server configuration files httpd.conf. In our case, we include the mmap.conf file located under /etc/httpd/conf directory. This file mmap.conf maps files into memory for faster serving. HostnameLookups Off The option HostnameLookups, if set to Off, specifies the disabling of DNS lookups. It's recommended to set this option to Off in order to save the network traffic time, and to improve the performance of your Apache web server.
By default, Apache will search the DocumentRoot directory for an index or "home" page named index.html. So for example, if you have a servername of www.my-site.com with a DocumentRoot directory of /home/www/site1/, Apache will display the contents of the file /home/www/site1/index.html when you enter http://www.my-site.com in your browser. Some editors like Microsoft FrontPage will create files with an ".htm", not ".html" extension. This isn't usually a problem if all your HTML files have hyperlinks pointing to files ending in ".htm" as FrontPage does. The problem occurs with Apache not recognizing the topmost index.htm page. The easiest solution is to create a symbolic link ("shortcut" for Windows users) called index.html pointing to the file index.htm. This will then allow you to edit/copy the file index.htm with index.html being updated automatically. You'll almost never have to worry about index.html and Apache again! In the example below we create a symbolic link to index.html in the /home/www/site1 directory. [root@skynet tmp]# cd /home/www/site1 [root@skynet site1]# ln -s index.htm index.html [root@skynet site1]# ll index.* -rw-rw-r-1 root root 48590 Jun 18 23:43 index.htm lrwxrwxrwx 1 root root 9 Jun 21 18:05 index.html -> index.htm The "l" at the very beginning of the index.html entry signifies a link and the "->" the link target.
The Default File Location By default, Apache expects to find all its web page files in the /var/www/html/ directory with a generic DocumentRoot statement at the beginning of httpd.conf. The examples will use the /home/www directory to illustrate how you can place them in other locations successfully. File Permissions And Apache Apache will display web as long as they are world readable. You have to make sure you make all the files and sub-directories in your DocumentRoot have the correct permissions. It is a good idea to have the files owned by a non privileged user so that web developers can do updates to the files using FTP or SCP without requiring the root password. In the example below we do this by: 1. Creating a user with a home directory of /home/www. 2. Recursively changing the file ownership permissions of the /home/www directory and all its sub-directories.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 90 of 167
3. Changing the permissions on the /home/www directory to 755 which will allow all users, including the Apache's httpd daemon, to read the files inside. [root@skynet tmp]# useradd -g users www [root@skynet tmp]# chown -R www:users /home/www [root@skynet tmp]# chmod 755 /home/www Now we test for the new ownership with the "ll" command. [root@skynet tmp]# ll /home/www/site1/index.* -rw-rw-r-1 www users 48590 Jun 25 23:43 index.htm lrwxrwxrwx 1 www users 9 Jun 25 18:05 index.html -> index.htm [root@skynet tmp]# Note: It is also a good practice to FTP or SCP new files to your web server as this new user. This will make all the transferred files automatically have the correct ownership. If you browse your website after configuring Apache and get a "permissions" error on your screen, then your files or directories under your DocumentRoot most likely have incorrect permissions. Appendix II has a short script <http://www.siliconvalleyccie.com/linux-hn/appendix.htm> that you can use to recursively set the file permissions in a directory to match those expected by Apache. You may also have to use the "Directory" directive to make Apache serve the pages once the file permissions have been correctly set. If you have your files in the default /home/www directory then this second step becomes unnecessary.
Page 91 of 167
ServerName directive doesn't match. To get consistent results, try to limit the use of your "*" <VirtualHost> statements to the beginning of the list to cover any other IP addresses your server may have. You can also have multiple NameVirtualHost directives, each with a single IP address, in cases where your web server has more than one IP address IP Based Virtual Hosting The other virtual hosting option is to have one IP address per website which is also known as IP based virtual hosting. In this case you will NOT have a NameVirtualHost directive for the IP address, and you must only have a single <VirtualHost> container per IP address. Example IP Virtual Hosting : Single Wild Card In this example, Apache listens on all interfaces, but gives the same content. Apache will display the content in the first <VirtualHost *> directive even if you add another right after it. Apache also seems to enforce the single <VirtualHost> container per IP address requirement by ignoring any ServerName directives you may use inside it. <VirtualHost *> DocumentRoot /home/www/site1 </VirtualHost> Example IP Virtual Hosting : Wild Card and IP addresses In this example, Apache listens on all interfaces, but gives different content for addresses 97.158.253.26 and 97.158.253.27. Web surfers will get the "site1" content if they try to access the web server on any of its other IP addresses. <VirtualHost *> DocumentRoot /home/www/site1 </VirtualHost> <VirtualHost 97.158.253.26> DocumentRoot /home/www/site2 </VirtualHost> <VirtualHost 97.158.253.27> DocumentRoot /home/www/site3 </VirtualHost> [root@skynet tmp]# service httpd restart The Apache Error Log Files The /var/log/httpd/error_log file is a good source for error information. Unlike the /var/log/httpd/access_log file, there is no standardized formatting. The /var/log/httpd/error_log file also is the location where CGI script errors are written. Many times CGI scripts will fail with a blank screen on your browser, the /var/log/httpd/error_log file will most likely have the cause of the problem.
www.wilshiresoft.com info@wilshiresfot.com
Page 92 of 167
www.wilshiresoft.com info@wilshiresfot.com
Page 93 of 167
The formatting of the file is fairly easy to understand, especially as there are only two entries of interest. The "disable" parameter must be set to "no" to accept connections.
Therefore to activate SWAT the The default configuration only allows SWAT web access from the VGA console as user "root" on port 901 with the Linux root password. This means you'll have to enter "http://127.0.0.0:901" in your browser to get the login screen. You can make SWAT accessible from other servers by adding IP address entries to the only_from parameter of the SWAT configuration file. Here's an example of an entry to allow connections only from 192.168.1.3 and localhost. Notice there are no commas between the entries. only_from = localhost 192.168.1.3 Therefore in this case you can also configure Samba on your Linux server "Skynet" IP with address 192.168.1.100 from PC 192.168.1.3 using the URL http://192.168.1.100:901. Remember that most firewalls don't allow TCP port 901 trough their filters. You may have to adjust your rules for this traffic to pass.
Controlling SWAT As with all xinetd controlled applications, the chkconfig command will automatically modify the "disable" field accordingly in the configuration file and activate the change. Activating SWAT [root@skynet tmp] chkconfig swat on Deactivating SWAT [root@skynet tmp] chkconfig swat off
Page 94 of 167
Adding users to a domain has three broad phases. The first is adding a Linux user on the Samba server, the second is creating a Samba smbpasswd that maps to the Linux user created previously, and final step is to map a Windows drive letter to the user's Linux home directory. This is all outlined below: Adding The Users In Linux First go through the process of adding users in Linux just like you would normally do. Passwords won't be necessary unless you want the users to log in to the Samba server via Telnet or SSH. Create the user [root@skynet tmp]# useradd -g 100 peter Give them a Linux Password This is only necessary if the user needs to log into the Samba server directly. [root@skynet tmp]# passwd peter Changing password for user peter. New password: Retype new password: passwd: all authentication tokens updated successfully. Mapping The Linux Users To An smbpassword Next you need to create Samba domain login passwords for the user [root@skynet tmp]#/usr/bin/smbpasswd -a username password The "-a" switch adds the user to the /etc/smbpasswd file. Use a generic password then have users change it immediately from their workstation the usual way. Remember the smbpasswd sets the Windows Domain login password for a user. This is different from the Linux login password to log into the Samba box. Create The Directory And User Group 1. Create a new Linux group marketing: [root@skynet tmp]# /usr/sbin/groupadd marketing 2. Create a new directory for the group's files. If one user is designated as the leader, you might want to change the chown statement to make them owner [root@skynet tmp]# mkdir /home/parent-files [root@skynet tmp]# chgrp marketing /home/parent-files [root@skynet tmp]# chmod 0770 /home/parent-files
3. Next add the group members to the new group. For instance, let's add user "father" to the group. [root@skynet tmp]# /usr/sbin/usermod -G marketing father 4. /etc/samba/smb.conf file should have an entry like this at the end: # Marketing Shared Area [only-marketing] path = /home/parent-files valid users = @marketing Now simply restart the smb service and access the share from windows machine.
Page 95 of 167
RedHat Linux allows you to install the operating system over the network using a Kickstart server. It is comparatively much faster than using CDs and the whole install process can be automated. What are Kickstart Installations? Many system administrators would prefer to use an automated installation method to install Red Hat Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical Red Hat Linux installation. Kickstart files can be kept on single server system and read by individual computers during the installation. This installation method can support the use of a single kickstart file to install Red Hat Linux on multiple machines, making it ideal for network and system administrators. What is required to perform Kickstart Installation? Kickstart installations can be performed using a local CD-ROM, a local hard drive, or via NFS, FTP, or HTTP. To use kickstart, you must: Create a kickstart file. Create a boot diskette with the kickstart file or make the kickstart file available on the network. Make the installation tree available. Start the kickstart installation.
Make sure that the portmap, nfs, nfslock and netfs daemons are all running to create an NFS server. The startup scripts for these are found in the /etc/init.d directory.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 96 of 167
Run the exportfs command to add this directory to the NFS database of network available directories. You should also add this command to your /etc/rc.local file so that this is repeated after every reboot. [root@skynet tmp]# exportfs ra [root@skynet tmp]# service nfs restart [root@skynet tmp]# showmount e ## (this command should not show any RPC errors)
See later chapters for configuring DHCP and DNS for Kickstart
Enter the desired root password for the system in the Root Password text entry box. To save the password as an encrypted password in the file, select Encrypt root password. Basic Configuration:
www.wilshiresoft.com info@wilshiresfot.com
Page 97 of 167
If the encryption option is selected, when the file is saved, the plain text password that you typed will be encrypted and written to the kickstart file. Do not type an already encrypted password and select to encrypt it. 2. Installation Method: The Installation Method screen allows you to choose whether to perform a new installation or an upgrade. If you choose upgrade, the Partition Information and Package Selection options will be disabled. They are not supported for kickstart upgrades.
Also choose the opropriate kickstart installation to perform from this screen. You can choose from the following options: CD-ROM, NFS, HTTP or Hard Drive. In our example we are going to perform over the NFS so choose NFS.
www.wilshiresoft.com info@wilshiresfot.com
Page 98 of 167
You have the option of installing GRUB or LILO as the boot loader. Its recommended that you choose defaults i.e install a boot loader, Use GRUB for the boot loader and Install Boot loader on Master Boot Record MBR. See the following figure:
4. Creating Partitions: To create a partition, click the Add button. The Partition Options window shown in following figure. Choose mount point, file system type, and partition size for the new partition. In the Additional Size Options section, choose to make the partition a fixed size, up to a chosen size, or fill the remaining space on the hard drive. If you selected swap as the file system type, you can select to have the installation program create the swap partition with the recommended size instead of specifying a size.
Force the partition to be created as a primary partition. Create the partition on a specific hard drive. For example, to make the partition on the first IDE hard disk (/dev/hda), specify hda as the drive. Do not include /dev in the drive name. Use an existing partition. For example, to make the partition on the first partition on the first IDE hard disk (/dev/hda1), specify hda1 as the partition. Do not include /dev in the partition name. Format the partition as the chosen file system type. 5. Network Configuration:
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page 99 of 167
For each Ethernet card on the system, click Add Network Device and select the network device and network type of the device. Select eth0 as the network device for the first Ethernet card, select eth1 for the second Ethernet card, and so on. 6. Authentication: In the Authentication section, select whether to use shadow passwords and MD5 encryption for user passwords. These options are highly recommended and chosen by default. The Authentication Configuration options allow you to configure the following methods of authentication: NIS, LDAP, Kerberos 5, Hesiod, SMB, and Name Switch Cache. 7. Firewall Configuration: The Firewall Configuration window is identical to the screen in the Red Hat Linux installation program and the Security Level Configuration Tool, with the same functionality. Note: It is strongly recommended that you choose Firewall Configuration as Disabled. RedHat recommends that you configure the firewall settings manually after the installation. See Chapter 20 IPTABLES for more information. 8. X Configuration: The first step in configuring X is to choose the default color depth and resolution. Select them from their respective pull down menus. Be sure to specify a color depth and resolution that is compatible with the video card and monitor for the system. 9. Package Selection: The Package Selection window allows you to choose which package groups to install. There are also options available to resolve and ignore package dependencies automatically. Currently, Kickstart Configurator does not allow you to select individual packages. 10. Pre-Installation Script You can add commands to run on the system immediately after the kickstart file has been parsed and before the installation begins. If you have configured the network in the kickstart file, the network is enabled before this section is processed. To include a pre-installation script, type it in the text area. 11. Post-Installation Script You can also add commands to execute on the system after the installation is completed. If the network is properly configured in the kickstart file, the network is enabled, and the script can include commands to access resources on the network. To include a post-installation script, type it in the text area. Now save the settings under /network-install/kickstart/ks.cfg. You may want to then edit the configuration file and comment out certain parameters that may change from system to system with #". These could include things like the system's name and IP address. During the kickstart process you will be prompted for these unspecified values. Configuring the Filename Automatically 1. Place your kickstart file in the /network-install/kickstart directory. 2. Edit your /etc/dhcpd.conf file and add the following lines to the section for the interface that will be serving DHCP IP addresses. filename "/network-install/kickstart/ks.cfg"; next-server 192.168.1.100 Note: Here 192.168.1.100 is the Kickstart servers IP address. If you dont setup this in /etc/dhcpd.conf file then the installation client will ask you for the location of the Kickstart server and method of installation. 3. Now on the client side insert the boot floppy or CD into the kickstart client and at the boot: prompt type in the following command: boot: linux ks Kickstart will first search for a configuration file named ks.cfg on either the boot CD / floppy. It will then automatically attempt to get a DHCP IP address and see if the DHCP server will specify a configuration file.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Kickstart will then use NFS to get both the configuration file and the installation files. The rest should be automatic.
www.wilshiresoft.com info@wilshiresfot.com
www.wilshiresoft.com info@wilshiresfot.com
Restricting Web Access By IP Address You can create an access control list (ACL) that restricts web access to users on certain networks. In this case we're creating an ACL that defines our home network of 192.168.1.0. # # Add this to the bottom of the ACL section of squid.conf # acl home_network src 192.168.1.0/255.255.255.0 You will also have to add a corresponding http_access statement that allows traffic that matches the ACL. # # Add this at the top of the http_access section of squid.conf # http_access allow home_network Remember to restart Squid for the changes to take effect. [root@skynet tmp]# service squid restart
www.wilshiresoft.com info@wilshiresfot.com
www.wilshiresoft.com info@wilshiresfot.com
20.1.1 Overview
Note: 2.4 and above kernels only. Many benefits over ipchains: Connection Tracking. Rate Limiting. Many more filtering options: All TCP flags, MAC address user, etc. Improved logging. Format iptables [table] [action] [chain] [options] [target] iptables -t filter -A INPUT -m state --state NEW -p tcp -s 12.168.1.0/24 -j ACCEPT
Capabilities
Table - Specifies which table the chain applies to: nat, filter, or mangle/ Action Action to be taken on specified n/w or host. Chains - 5 Built-in chains. Names capitalized unlike IPCHAINS. # Filter Table: INPUT - All packets entering an interface that are destined for a local process use this chain. FORWARD - Only packets routed from one interface to another pass through this chain. OUTPUT - All packets leaving an interface that originated from a local process use these chains.
# Nat Table:
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
PREROUTING - Rules in this chain occur before it is determined whether the packet will use the INPUT or FORWARD chain. Destination NAT (DNAT) is configured using this chain. POSTROUTING - Rules in this chain occur after the OUTPUT and FORWARD chains. Source NAT (SNAT) is configured using this chain. Options -i = Input interface (eth0, eth1, lo) -o = Output interface (eth0, eth1, lo) -p = Protocol (udp,tcp,icmp, or the protocol number) -s = Source address of packet (192.168.1.20, 192.168.1.0/24, etc.) -d = Same as -s, only for the destination address -m = Specify an extension module to load (e.g. -m state). This must be the first option specified if it is used --sport = Source port --dport = Destination port
Targets # 3 Default Targets DROP = DROP the packet without returning an indication that it was dropped to the source
ACCEPT = Accept the packet <CHAIN> = A user defined chain # Additional Targets provided by modules: LOG = Log the packet
REJECT = Reject the packet and send the source a user defined response (defaults to an icmp error message) Connection Tracking Requires state module (-m state).
Packet STATES:
NEW = A new connection ESTABLISHED = Packet is part of an existing connection RELATED INVALID = Packet is related to an existing connection (e.g. ICMP error messages) = Packet doesn't belong to any other connection
Tracking FTP Connections: Because of the nature of the FTP protocol, tracking ftp connections requires a special kernel module: ip_conntrack_ftp. If you wish to use NAT with ftp connection tracking, you must also load the ip_nat_ftp kernel module Install Iptables iptables-1.2.9-1.0.i386.rpm package from 3rd CD of RedHat distribution. Start iptables service You can start/stop/restart iptables after booting by using the following commands: [root@skynet tmp]# service iptables start [root@skynet tmp]# service iptables stop [root@skynet tmp]# service iptables restart To get iptables configured to start at boot you can use the chkconfig command. [root@skynet tmp]# chkconfig iptables on
IPTABLES Examples
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
# Set the default Policies to DENY iptables -P INPUT DENY iptables -P OUTPUT DENY iptables -P FORWARD DENY # Allow all incoming tcp connections on interface eth0 to port 80 (www) iptables -A INPUT -i eth0 -p tcp -s 0.0.0.0 --sport 1024: --dport 80 -j ACCEPT # We must also allow packets back out in order for the connection to work since we aren't using connection tracking [root@skynet tmp]#iptables -A OUTPUT -o eth0 -p tcp --sport 80 -d 0.0.0.0 -dport 1024: -j ACCEPT # Allow outgoing connections to all ports, and use connection #tracking so we don't have to create rules to allow us to receive the packets coming back. [root@skynet tmp]#iptables -A OUTPUT -m state state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --sport 1024: -j ACCEPT [root@skynet tmp]#iptables -A INPUT -m state state ESTABLISHED,RELATED -i eth0 -p tcp --dport 1024: -j ACCEPT # Allow external access to our DNS services, and keep state on the connection. [root@skynet tmp]#iptables -A INPUT -m state state NEW,ESTABLISHED,RELATED i eth0 -p udp --dport 53 -j ACCEPT [root@skynet tmp]#iptables -A OUTPUT -m state state ESTABLISHED,RELATED -o eth0 -p udp --sport 53 -j ACCEPT # Redirect all incoming traffic that hits port 8080 to port 80 on a web server in our internal LAN [root@skynet tmp]#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 j DNAT --to 192.168.1.10:80 # Allow ICMP echo requests, but limit them to 1 per second. A burst of 3 will allow a burst of up to 3 ICMP packets before the rate limiting kicks in. [root@skynet tmp]#iptables -A INPUT -i eth0 -p icmp -s-icmp-type 8 -m state -state NEW,ESTABLISHED -m limit --limit 1/s --limit-burst 3 -j ACCEPT [root@skynet tmp]#iptables -A OUTPUT -o eth0 -p icmp -m state --state ESTABLISHED -j ACCEPT Status Messages [root@skynet tmp]# service iptables status Table: filter Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@skynet tmp]#
www.wilshiresoft.com info@wilshiresfot.com
free
The free command displays system memory utilization. Here is an example of its output: total buffers cached Mem: 255508 -/+ buffers/cache: Swap: 530136 240268 146488 26268 used 15240 109020 503868 free 0 shared 7592 86188
The Mem: row displays physical memory utilization, while the Swap: row displays the utilization of the system swap space, and the -/+ buffers/cache: row displays the amount of physical memory currently devoted to system buffers. Since free by default only displays memory utilization information once, it is only useful for very short-term monitoring, or quickly determining if a memory-related problem is currently in progress. Although free has the ability to repetitively display memory utilization figures via its -s option, the output scrolls, making it difficult to easily see changes in memory utilization. A better solution than using free -s would be to run free using the watch command. For example, to display memory utilization every two seconds (the default display interval), use this command: [root@skynet tmp]#watch free The watch command issues the free command every two seconds, after first clearing the screen. This makes it much easier to see how memory utilization changes over time, as it is not necessary to scan continually scrolling output. You can control the delay between updates by using the -n option, and can cause any changes between updates to be highlighted by using the -d option, as in the following command [root@skynet tmp]#watch -n 1 -d free
top
While free displays only memory-related information, the top command does a little bit of everything. CPU utilization, process statistics, memory utilization top does it all. In addition, unlike the free command, top's default behavior is to run continuously; there is no need to use the watch command. Here is a sample display:
11:13am up 1 day, 31 min, 5 users, load average: 0.00, 0.05, 0.07 89 processes: 85 sleeping, 3 running, 1 zombie, 0 stopped CPU states: 0.5% user, 0.7% system, 0.0% nice, 98.6% idle Mem: 255508K av, 241204K used, 14304K free, 0K shrd, 16604K buff Swap: 530136K av, 56964K used, 473172K free 64724K cached PID USER 8532 ed 1520 ed
www.wilshiresoft.com info@wilshiresfot.com
PRI 16 15
NI 0 0
SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 1156 1156 912 R 0.5 0.4 0:11 top 4084 3524 2752 S 0.3 1.3 0:00 gnomeWilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
terminal 1481 ed 15 terminal 1560 ed 15 1 root 15 2 root 15 3 root 15 4 root 34 ksoftirqd_CPU0 5 root 15 6 root 25 7 root 15 8 root 25 12 root 15 91 root 16 185 root 15 186 root 15 576 root 15
0.1 0.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0
1.2 4.2 0.1 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.2
0:01 gnome0:18 0:04 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 0:00 emacs init keventd kapmd kswapd bdflush kupdated mdrecoveryd kjournald khubd kjournald kjournald dhcpcd
The display is divided into two sections. The top section contains information related to overall system status uptime, load average, process counts, CPU status, and utilization statistics for both memory and swap space. The lower section displays process-level statistics, the exact nature of which can be controlled while top is running.
www.wilshiresoft.com info@wilshiresfot.com
The GNOME System Monitor Process Listing Display Additional information can be displayed for a specific process by first clicking on the desired process and then clicking on the More Info button. To view the CPU, memory, and disk usage statistics, clicks on the System Monitor tab.
vmstat
For a more concise view of system performance, try vmstat. Using this resource monitor, it is possible to get an overview of process, memory, swap, I/O, system, and CPU activity in one line of numbers: procs cpu r b w sy id 1 0 0 3 87 memory swpd free buff cache swap si 0 so 0 bi 1 io bo 6 system in 111 cs 114 us 10
The process-related fields are: r The number of runnable processes waiting for access to the CPU b The number of processes in an uninterruptible sleep state w The number of processes swapped out, but runnable The memory-related fields are: swpd The amount of virtual memory used free The amount of free memory buff The amount of memory used for buffers cache The amount of memory used as page cache The swap-related fields are: si The amount of memory swapped in from disk so The amount of memory swapped out to disk The I/O-related fields are: bi Blocks sent to a block device bo Blocks received from a block device The system-related fields are: in The number of interrupts per second cs The number of context switches per second The CPU-related fields are: us The percentage of the time the CPU ran user-level code sy The percentage of the time the CPU ran system-level code id The percentage of the time the CPU was idle When vmstat is run without any options, only one line is displayed. This line contains averages, calculated from the time the system was last booted. However, most system administrators do not rely on the data in this line, as the time over which it was collected varies. Instead, most administrators take advantage of vmstat's ability to repetitively display resource utilization data at set intervals. For example, the command vmstat 1 displays one new line of utilization data every second, while the command vmstat 1 10 displays one new line per second, but only for the next ten seconds. In the hands of an experienced administrator, vmstat can be used to quickly determine resource utilization and performance issues. But to gain more insight into those issues, a different kind of tool is required a tool capable of more in-depth data collection and analysis.
pstree
Gives a hierarchical structure of all currently running processs:
www.wilshiresoft.com info@wilshiresfot.com
A Virtual File System Under Linux, all data are stored as files. Most users are familiar with the two primary types of files: text and binary. But the /proc/ directory contains another type of file called a virtual file. It is for this reason that /proc/ is often referred to as a virtual file system. These virtual files have unique qualities. Most of them are listed as zero bytes in size and yet when one is viewed, it can contain a large amount of information. In addition, most of the time and date settings on virtual files refiect the current time and date, indicative of the fact they are constantly updated. Virtual files such as /proc/interrupts, /proc/meminfo, /proc/mounts, and /proc/partitions provide an up-to-themoment glimpse of the system's hardware. Others, like /proc/filesystems and the /proc/sys/ directory provide system configuration information and interfaces. For organizational purposes, files containing information on a similar topic are grouped into virtual directories and sub-directories. For instance, /proc/ide/ contains information for all physical IDE devices. Likewise, process directories contain information about each running process on the system. Viewing Virtual Files By using the cat, more, or less commands on files within the /proc/ directory, users can immediately access an enormous amount of information about the system. For example, to display the type of CPU a computer has, type cat /proc/cpuinfo to receive output similar to the following:
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
processor : 0 vendorfiid : AuthenticAMD cpu family : 5 model : 9 model name : AMD-K6(tm) 3D+ Processor stepping : 1 cpu MHz : 400.919 cache size : 256 KB fdivfibug : no hltfibug : no f00ffibug : no comafibug : no fpu : yes fpufiexception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6fimtrr bogomips : 799.53 When viewing different virtual files in the /proc/ file system, some of the information is easily understandable while some is not human-readable. This is in part why utilities exist to pull data from virtual files and display it in a useful way. Examples of these utilities include lspci, apm, free, and top. As a general rule, most virtual files within the /proc/ directory are read only. However, some can be used to adjust settings in the kernel. This is especially true for files in the /proc/sys/ subdirectory.
flags : fpu vme de pse tsc msr mce cx8 pge mmx syscall 3dnow k6fimtrr bogomips : 799.53 processor - Provides each processor with an identifying number. On systems that have one processor, there will be only a 0. cpu family - Authoritatively identifies the type of processor you have in the system. For an Intel-based system, place the number in front of "86" to determine the value. This is particularly helpful for those attempting to identify the architecture of an older system such as a 586, 486, or 386. Because some RPM packages are compiled for each of these particular architectures, this value also helps users determine which packages to install. model name - Displays the common name of the processor, including its project name. cpu MHz - Shows the precise speed in megahertz for the processor to the thousandth decimal point. cache size - Displays the amount of level 2 memory cache available to the processor. flags - Defines a number of different qualities about the processor, such as the presence of a fioating point unit (FPU) and the ability to process MMX instructions. /proc/devices This file displays the various character and block devices currently configured (not include devices whose modules are not loaded). Below is a sample output from this file: Character devices: 1 mem 2 pty 3 ttyp 4 ttyS 5 cua 7 vcs 10 misc 14 sound 29 fb 36 netlink 128 ptm 129 ptm 136 pts 137 pts 162 raw 254 iscsictl Block devices: 1 ramdisk 2 fd 3 ide0 9 md 22 ide1 /proc/filesystems This file displays a list of the file system types currently supported by the kernel. Sample output from a generic /proc/filesystems looks similar to this: nodev rootfs nodev bdev nodev proc nodev sockfs nodev tmpfs nodev shm nodev pipefs ext2 nodev ramfs iso9660 nodev devpts
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
ext3 nodev autofs nodev binfmtfimisc The first column signifies whether the file system is mounted on a block device. Those beginning with nodev are not mounted on a device. The second column lists the names of the file systems supported. The mount command cycles through these file systems listed here when one is not specified as an argument. /proc/interrupts This file records the number of interrupts per IRQ on the x86 architecture. A standard /proc/interrupts looks similar to this: CPU0 0: 80448940 XT-PIC timer 1: 174412 XT-PIC keyboard 2: 0 XT-PIC cascade 8: 1 XT-PIC rtc 10: 410964 XT-PIC eth0 12: 60330 XT-PIC PS/2 Mouse 14: 1314121 XT-PIC ide0 15: 5195422 XT-PIC ide1 NMI: 0 ERR: 0 For a multi-processor machine, this file may look slightly different: CPU0 CPU1 0: 1366814704 0 XT-PIC timer 1: 128 340 IO-APIC-edge keyboard 2: 0 0 XT-PIC cascade 8: 0 1 IO-APIC-edge rtc 12: 5323 5793 IO-APIC-edge PS/2 Mouse 13: 1 0 XT-PIC fpu 16: 11184294 15940594 IO-APIC-level Intel EtherExpress Pro 10/100 Ethernet 20: 8450043 11120093 IO-APIC-level megaraid 30: 10432 10722 IO-APIC-level aic7xxx 31: 23 22 IO-APIC-level aic7xxx NMI: 0 ERR: 0 The first column refers to the IRQ number. Each CPU in the system has its own column and its own number of interrupts per IRQ. The next column reports the type of interrupt, and the last column contains the name of the device that is located at that IRQ. Each of the types of interrupts seen in this file, which are architecture-specific, mean something a little different. For x86 machines, the following values are common: XT-PIC- This is the old AT computer interrupts. IO-APIC-edge - The voltage signal on this interrupt transitions from low to high, creating an edge, where the interrupt occurs and is only signaled once. This kind of interrupt, as well as the IO-APIC- level interrupt, are only seen on systems with processors from the 586 family and higher. IO-APIC-level - Generates interrupts when its voltage signal goes high until the signal goes low again.
www.wilshiresoft.com info@wilshiresfot.com
22. Backups
22.1 Introduction
Backups have two major purposes: To permit restoration of individual files To permit wholesale restoration of entire file systems The first purpose is the basis for the typical file restoration request: a user accidentally deletes a file and asks that it be restored from the latest backup. The exact circumstances may vary somewhat, but this is the most common day-to-day use for backups. The second situation is a system administrator's worst nightmare: for whatever reason, the system administrator is staring at hardware that used to be a productive part of the data center. Now, it is little more than a lifeless chunk of steel and silicon. The thing that is missing is all the software and data you and your users have assembled over the years. Supposedly everything has been backed up. The question is: has it? And if it has, can yourestore it?
www.wilshiresoft.com info@wilshiresfot.com
Tape
Tape was the first widely-used removable data storage medium. It has the benefits of low media cost and reasonably-good storage capacity. However, tape has some disadvantages it is subject to wear, and data access on tape is sequential in nature. These factors mean that it is necessary to keep track of tape usage (retiring tapes once they have reached the end of their useful life), and that searching for a specific file on tape can be a lengthy proposition. On the other hand, tape is one of the most inexpensive mass storage media available, and it has a long history of reliability. This means that building a good-sized tape library need not consume a large part of your budget, and you can count on it being usable now and in the future.
Disk
In years past, disk drives would never have been used as a backup medium. However, storage prices have dropped to the point where, in some cases, using disk drives for backup storage does make sense. The primary reason for using disk drives as a backup medium would be speed. There is no faster mass storage medium available. Speed can be a critical factor when your data center's backup window is short, and the amount of data to be backed up is large. But disk storage is not the ideal backup medium, for a number of reasons: Disk drives are not normally removable. Disk drives are expensive Disk drives are fragile. Even if you spend the extra money for removable disk drives, their fragility can be a problem. Disk drives are not archival media.
Network
By itself, a network cannot act as backup media. But combined with mass storage technologies, it can serve quite well. For instance, by combining a high-speed network link to a remote data center containing large amounts of disk storage, suddenly the disadvantages about backing up to disks mentioned earlier are no longer disadvantages. By backing up over the network, the disk drives are already off-site, so there is no need for transporting fragile disk drives anywhere. With sufficient network bandwidth, the speed advantage you can get from backing up to disk drives is maintained. However, this approach still does nothing to address the matter of archival storage (though the same "spin off to tape after the backup" approach mentioned earlier can be used). In addition, the costs of a remote data center with a high-speed link to the main data center make this solution extremely expensive. But for the types of organizations that need the kind of features this solution can provide, it is a cost they gladly pay.
Red Hat's user community; in addition, many lists are monitored by Red Hat personnel, who contribute as time permits. Other resources are available from Red Hat's main support page at <http://www.redhat.com/apps/support/>. More comprehensive support options exist; information on them can be found on the Red Hat website.
tar
The tar utility is well known among UNIX system administrators. It is the archiving method of choice for sharing ad-hoc bits of source code and files between systems. The tar implementation included with Red Hat Enterprise Linux is GNU tar, one of the more feature-rich tar implementations. Using tar, backing up the contents of a directory can be as simple as issuing a command similar to the following: tar cf /mnt/backup/home-backup.tar /home/ This command creates an archive file called home-backup.tar in /mnt/backup/. The archive contains the contents of the /home/ directory. The resulting archive file will be nearly as large as the data being backed up. Depending on the type of data being backed up, compressing the archive file can result in significant size reductions. The archive file can be compressed by adding a single option to the previous command: tar czf /mnt/backup/home-backup.tar.gz /home/
cpio
The cpio utility is another traditional UNIX program. It is an excellent general-purpose program for moving data from one place to another and, as such, can serve well as a backup program. The behavior of cpio is a bit different from tar. Unlike tar, cpio reads the names of the files it is to process via standard input. A common method of generating a list of files for cpio is to use programs such as find whose output is then piped to cpio: find /home/ | cpio -o > /mnt/backup/home-backup.cpio
This following command creates a cpio archive file (containing the everything in /home/) called home-backup.cpio and residing in the /mnt/backup/ directory. find /home/ -atime +365 | cpio -o > /mnt/backup/home-backup.cpio
AMANDA
AMANDA (The Advanced Maryland Automatic Network Disk Archiver) is a client/server based backup application produced by the University of Maryland. By having a client/server architecture, a single backup server (normally a fairly powerful system with a great deal of free space on fast disks and configured with the desired backup device) can back up many client systems, which need nothing more than the AMANDA client software. This approach to backups makes a great deal of sense, as it concentrates those resources needed for backups in one system, instead of requiring additional hardware for every system requiring backup services. AMANDA's design also serves to centralize the administration of backups, making the system administrator's life that much easier. The AMANDA server manages a pool of backup media and rotates usage through the pool in order to ensure that all backups are retained for the administrator-dictated retention period. All media is pre-formatted with data that
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
allows AMANDA to detect whether the proper media is available or not. In addition, AMANDA can be interfaced with robotic media changing units, making it possible to completely automate backups. In operation, AMANDA is normally scheduled to run once a day during the data center's backup window. The AMANDA server connects to the client systems and directs the clients to produce estimated sizes of the backups to be done. Once all the estimates are available, the server constructs a schedule, automatically determining the order in which systems are to be backed up. Once the backups actually start, the data is sent over the network from the client to the server, where it is stored on a holding disk. Once a backup is complete, the server starts writing it out from the holding disk to the backup media. At the same time, other clients are sending their backups to the server for storage on the holding disk. This results in a continuous stream of data available for writing to the backup media. As backups are written to the backup media, they are deleted from the server's holding disk. Once all backups have been completed, the system administrator is emailed a report outlining the status of the backups, making review easy and fast. Should it be necessary to restore data, AMANDA contains a utility program that allows the operator to identify the file system, date, and file name(s). Once this is done, AMANDA identifies the correct backup media and then locates and restores the desired data. As stated earlier, AMANDA's design also makes it possible to restore data even without AMANDA's assistance, although identification of the correct media would be a slower, manual process.
dump/restore
The dump and restore programs are Linux equivalents to the UNIX programs of the same name. As such, many system administrators with UNIX experience may feel that dump and restore are viable candidates for a good backup program under Red Hat Enterprise Linux. However, one method of using dump can cause problems. The dump(8) and restore(8) commands have traditionally been used on the BSD systems to backup and restore filesystems. Dump backups a filesystem as a whole into an ``archive'', and restore retrieves files from it. Although the archive may be created as a regular file on a regular filesystem, it is usually stored on an external backup device such as a magnetic tape. Some features are implemented in dump to support such devices.
Tape Device files The Linux kernel provides the drivers for the tape devices. Please build the proper driver for your device when compiling your kernel. You may also use loadable module, if you prefer. Then, check the device files. % ls -l /dev/*st[0-9]
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
crw-rw-rwcrw-rw---crw-rw-rwcrw-rw----
1 1 1 1
5 5 5 5
There should be two kinds of device files: /dev/nst? and /dev/st? (if not, make them with MAKEDEV command). st? are ``auto-rewind'' devices, which rewind the tape after the command is invoked to the driver, and nst? are ``no-rewind'' devices. Which to use is your choice, but I prefer the no rewind ones. In this document, /dev/nst0 is used as the target device. When the target device is chosen, you may want to create the symlink to it named ``/dev/tape''. With this, you can omit the device name on the command lines of mt and others. % cd /dev; ln -s nst0 tape If you intend to use the tape drive for the backup only, you should consider limiting the access to it. To do this, remove the read/write permissions for `Others'. In the above example, the first tape drive is accessible to normal users, and the second drive is backup purposes only, to which the access is prohibited except for the owner and the users belonging to the `disk' group.
level 0 dump on Fri Jan 28 21:25:12 2000 DUMP: Date of this level 0 dump: Fri Jan 28 21:25:12 2000 DUMP: Date this dump completed: Fri Jan 28 21:25:18 2000 DUMP: Average transfer rate: 4645 KB/s Closing /dev/st0 DUMP IS DONE
-0 to -9 is the backup level option you want to use, the u option means to update the file /etc/dumpdates after a successful dump, the -f option to write the backup to file The file may be a special device file like /dev/st0, a tape drive, /dev/rsd1c, a disk drive Finally, you must specify what you want to backup. In our example, it is the /home directory /home. The full backup should be done at set intervals, say once a month, and on a set of fresh tapes that are saved forever. With this kind of procedure, you will have 12 tapes for 12 months that handle histories and changes of your system for one year. Later, you can copy the 12 tape backups onto a different computer designated to keep all yearly backups for a long time and be able to reuse them, 12 tapes, to repeat the procedure for a new year.
A prompt will appear in your terminal, to list the current, or specified, directory. Use the ls command as shown below: restore > ls .: admin/ lost+found/ restore >
named/
quota.group
quota.user
accounts/
To change the current working directory to the specified one, use the cd commands. In our example, we change to accounts directory, as shown below: restore > cd accounts restore > ls ./accounts: .Xdefaults .bash_logout .bash_history .bash_profile restore >
.bashrc Personal/
To add the current directory or file to the list of files to be extracted, use the add command. If a directory is specified, then it and all its descendents are added to the extraction list as shown below: restore > add Personal/ Files that are on the extraction list are prepended with a * when they are listed by the ls command: restore > ls ./accounts:
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
*Personal/
To delete the current directory or specified argument from the list of files to be extracted, use the delete command. If a directory is specified, then all its descendents including itself are deleted from the extraction list, as shown below: restore > cd Personal/ restore > ls ./accounts/Personal: *Ad?le_Nakad.doc *BIMCOR/ *My Webs/ *Contents.doc *Divers.doc *Linux/
restore > delete Resume/ restore > ls ./accounts/Personal: *Ad?le_Nakad.doc *BIMCOR/ *My Webs/ *Contents.doc *Divers.doc *Linux/
The most expedient way to extract most of the files from a directory is to add the directory to the extraction list and then delete those files that are not needed. To extract all files in the extraction list from the dump, use the extract command. Restore will ask which volume the user wishes to mount. The fastest way to extract a few files is to start with the last volume and work towards the first volume, as shown below: restore > extract You have not read any tapes yet. Unless you know which volume your file(s) are on you should start with the last volume and work towards the first. Specify next volume #: 1 set owner/mode for '.'? [yn] y To exit from the interactive restore mode after you have finished extracting your directories or files, use the quit command as shown below. /sbin/restore > quit Other methods of restoration exist with the dump program, consult the man page of dump for more information. Further documentation, for more details, there are man pages you can read: dump(8)and restore(8).
www.wilshiresoft.com info@wilshiresfot.com
Insert a tape (for practice purpose, if possible) into your drive. After the tape has been loaded, let us confirm the tape status. mt status command can be used to do this. Here is an example: % mt status SCSI 1 tape drive: File number=0, block number=0. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (41010000): BOT ONLINE IM_REP_EN First of all, look at the bottom line. This means that the drive has a tape loaded, and the status BOT indicates that the drive head is at the beginning of the tape. Next word "ONLINE" indicates that the tape drive is ready to be operated (by mt). The drive status must be "ONLINE" before read / write operations. Next, see the third line. It shows that the current file number is zero. File number zero corresponds to the beginning of the tape, and is incremented as passing the End-Of-File (EOF) marks on the tape.
Normally, you don't have to set tape density and tape block size parameters, because these will be automatically set to suit your drive. If you want to read/write the tape on other OS's also, you may want to set these parameters explicitly for portability. If your drive supports compression feature and you want to use it, you have to pass the "compression" flag explicitly to the drive by mt. These hardware specific parameters are strongly dependent on the drive you use. Please refer to the mt(1) manual page (items on defsetblk, setblk, defcompression, datcompression and compression), and the manual of your drive. If "mt status" outputs an error message as follows, chances are that the link /dev/tape doesn't point to the device file of your drive correctly. /dev/nst0: No such device or address In this case, try other tape-device files by -f option. After finding the right one, fix the link to point to it. Now you can try writing some files to your tape. Create a directory for practice in an appropriate place. Generate six dummy files (from file-01 to file-06) by touch command. (tcsh)% foreach num (01 02 03 04 05 06) foreach? touch file-$num foreach? end (tcsh)% ls -l -rw-r--r-1 fuku users 0 Nov 21 01:10 file-01 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-02 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-03 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-04 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-05 -rw-r--r-1 fuku users 0 Nov 21 01:10 file-06 Then, write these files to the tape with tar, one by one. % tar cf /dev/tape file-01 If you see no errors, it should have worked. Let's see mt status. % mt SCSI File Tape status 1 tape drive: number=1, block number=0. block size 1024 bytes. Density code 0x0 (default).
Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
www.wilshiresoft.com info@wilshiresfot.com
Soft error count since last status=0 General status bits on (81010000): EOF ONLINE IM_REP_EN Looks fine. Since one EOF mark has been written on the tape, the file number is incremented by one. Because /dev/tape is /dev/nst0 in this case, which is no rewind device, the head position is at the EOF of the file just written. And the drive is ready to write next data.
Then write rest of the files at once. (tcsh)% foreach num (02 03 04 05 06) foreach? tar cf /dev/tape file-$num foreach? end Again, confirm the status. % mt status SCSI 1 tape drive: File number=6, block number=0. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (81010000): EOF ONLINE IM_REP_EN All files have been properly written. The drive head position is at the end of the files just written, as shown in below figure.
It is important to know that each file consists of two parts, a file content and the EOF mark. If you write a file successfully, these two parts are generated automatically. When reading the file, set the tape head at the EOF of the previous file so that you can read the file from the first block. And if you want to add a file to the tape, you must set the head at the EOF of the last file in this tape. In other words, the EOF mark of the file is also a start position of the next file. If you write data from middle of some file, of course you will lose whole contents of it. As the next practice, let's read a certain file from the tape which contains multiple files sequentially. Firstly, consider extracting file-03 from the tape to which we just wrote six files. You have to move the head to where the target file is recorded. This can be done as shown below. First, rewind the tape completely, and then go to the proper position. % mt rewind
www.wilshiresoft.com info@wilshiresfot.com
file-03 is written at the position of file number 2. Now the head is at the beginning of this tape (BOT), so you have to skip two EOFs to go to file-03. % mt fsf 2 mt fsf command skips specified numbers of EOFs and goes to the starting block of the next file. fsf 2 means that the head should be moved to the starting position of the file, which is two files ahead of the current position. % mt fsf 2
% mt status SCSI 1 tape drive: File number=2, block number=0. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (81010000): EOF ONLINE IM_REP_EN Status says that the head is at the EOF of the file number 2 (where the file-02 is archived), and is also the starting point of file-03. Let's look the content of this file by tar: % tar tf /dev/nst0 file-03 It is file-03, as expected. Let's see tape status. % mt status SCSI 1 tape drive: File number=2, block number=10. Tape block size 1024 bytes. Density code 0x0 (default). Soft error count since last status=0 General status bits on (1010000): ONLINE IM_REP_EN Note that EOF is not shown in this status. Tar program usually reads an archive until its own "end of file" mark, and stops. This "end of file" is DIFFERENT from the EOF of the tape.
www.wilshiresoft.com info@wilshiresfot.com
In figure-6, F (blue mark) is the tar's "end of file" mark. Note that this is still within the recorded block of the file. If you try to read next block from this position, tar immediately finds EOF mark and silently quits without reading any files. If you want to read the next file, do this command: % mt fsf to skip one EOF mark. Please remember this behavior, since it is slightly confusing. Let's consider how to read the archive which has file-03 again, after you did "mt fsf" and the head is now at the EOF mark of it. The answer is searching the tape backward until the second EOF mark will be found. That is the beginning of this file.
To do this, type: % mt bsfm 2 bsfm is an extended command of mt, and some old mt doesn't implement it. In that case, you will have to use bsf and fsf in sequence to achieve the desired operation. The detail is somewhat cumbersome so it is omitted here. You can go to the EOF of the last file by mt eod command. However, this command might not work with certain drives, so you should test it beforehand. Even if it doesn't work, you can do the same by "fsf" command if you know how many files are written in this tape by logging your operations. Finally, rewind the tape and eject it. This operation also depends on the kind of your drive, but usually the following command works: % mt offline Then the tape is rewinded if necessary, and ejected from the drive.
www.wilshiresoft.com info@wilshiresfot.com
23. Printers
Printers and Printing Printers are an essential resource for creating a hard copy a physical depiction of data on paper version of documents and collateral for business, academic, and home use. Printers have become an indispensable peripheral in all levels of business and institutional computing. This chapter discusses the various printers available and compares their uses in different computing environments. It then describes how printing is supported by Red Hat Enterprise Linux.
Function
Evaluating your organizational needs and how a printer services those needs is the essential criteria in determining the right type of printer for your environment. The most important question to ask is "What do we need to print?" Since there are specialized printers for text, images, or any variation thereof, you should be certain that you procure the right tool for your purposes. For example, if your requirements call for high-quality color images on professional-grade glossy paper, it is recommended you use a dye-sublimation or thermal wax transfer color printer instead of a laser or impact printer. Conversely, laser or inkjet printers are well-suited for printing rough drafts or documents intended for internal distribution (such high-volume printers are usually called workgroup printers). Determining the needs of the everyday user allows administrators to determine the right printer for the job. Other factors to consider are features such as duplexing the ability to print on both sides of a piece of paper. Traditionally, printers could only print on one side of the page (called simplex printing). Most lower-end printer models today do not have duplexing by default (they may, however, be capable of a manual duplexing method that requires the user to flip the paper themselves). Some models offer add-on hardware for duplexing; such addons can drive one-time costs up considerably. However, duplex printing may reduce costs over time by reducing the amount of paper used to print documents, thus reducing the cost of consumables primarily paper. Another factor to consider is paper size. Most printers are capable of handling the more common paper sizes: letter (8 1/2" x 11") A4 (210mm x 297mm) JIS B5 (182mm x 257mm) legal (8 1/2" x 14") If certain departments (such as marketing or design) have specialized needs such as creating posters or banners, there are large-format printers capable of using A3 (297mm x 420mm) or tabloid (11" x 17") paper sizes. In addition, there are printers capable of even larger sizes, although these are often only used for specialized purposes, such as printing blueprints. Additionally, high-end features such as network modules for workgroup and remote site printing should also be considered during evaluation.
www.wilshiresoft.com info@wilshiresfot.com
Cost
Cost is another factor to consider when evaluating printers. However, determining the one-time cost associated with the purchase of the printer itself is not sufficient. There are other costs to consider, such as consumables, parts and maintenance, and printer add-ons. As the name implies, consumables is a general term used to describe the material used up during the printing process. Consumables primarily take the form of media and ink. The media is the material on which the text or image is printed. The choice of media is heavily dependent on the type of information being printed.
Printer manufacturers have addressed this need by developing departmental (or workgroup) printers. These machines are usually durable, fast, and have long-life consumables. Workgroup printers usually are attached to a print server, a standalone device (such as a reconfigured workstation) that handles print jobs and routes output to the proper printer when available. More recent departmental printers include built-in or add-on network interfaces that eliminate the need for a dedicated print server. The Printer Configuration Tool allows users to configure a printer in Red Hat Linux. This tool helps maintain the printer configuration file, print spool directories, and print filters. Starting with version 9 and Fedora, Red Hat Linux defaults to the CUPS printing system. The previous default printing system, LPRng is still provided. If the system was upgraded from a previous Red Hat Linux version that used LPRng, the upgrade process did not replace LPRng with CUPS; the system will continue to use LPRng.
www.wilshiresoft.com info@wilshiresfot.com
If a system was upgraded from a previous Red Hat Linux version that used CUPS, the upgrade process preserved the configured queues, and the system will continue to use CUPS. The Printer Configuration Tool configures both the CUPS and LPRng printing system, depending on which one the system is configured to use. When you apply changes, it configures the active printing system. To use the Printer Configuration Tool you must have root privileges. To start the application, select Main Menu Button (on the Panel) => System Settings => Printing, or type the command redhatconfig-printer. This command automatically determines whether to run the graphical or text based version depending on whether the command is executed in the graphical X Window System environment or from a text-based console. You can also force the Printer Configuration Tool to run as a text-based application by using the command redhat-config-printer-tui from a shell prompt. Important Do not edit the /etc/printcap file or the files in the /etc/cups/ directory. Each time the printer daemon (lpd or cups) is started or restarted, new configuration files are dynamically created. The files are dynamically created when changes are applied with Printer Configuration Tool as well. If you are using LPRng and want to add a printer without using the Printer Configuration Tool, edit the /etc/printcap.local file. The entries in /etc/printcap.local are not displayed in the Printer Configuration Tool but are read by the printer daemon. If you upgraded your system from a previous version of Red Hat Linux, your existing configuration file was converted to the new format used by this application. Each time a new configuration file is generated, the old file is saved as /etc/printcap.old. If you are using CUPS, the Printer Configuration Tool does not display any queues or shares not configured using the Printer Configuration Tool; however, it will not remove them from the configuration files.
Figure1: Printer Configuration Tool Networked Windows (SMB) a printer attached to a different system which is sharing a printer over a SMB network (for example, a printer attached to a Microsoft Windows machine). Networked Novell (NCP) a printer attached to a different system which uses Novell's NetWare network technology. Important If you add a new print queue or modify an existing one, you must apply the changes to them to take effect. Clicking the Apply button saves any changes that you have made and restarts the printer daemon. The changes
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
are not written to the configuration file until the printer daemon is restarted. Alternatively, you can choose Action => Apply. Adding a Local Printer To add a local printer, such as one attached through a parallel port or USB port on your computer, click the New button in the main Printer Configuration Tool window to display the window in following Figure2. Click Forward to proceed.
In the window shown below Figure3, enter a unique name for the printer in the Name text field. The printer name cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-), and underscores (fi). Optionally, enter a short description for the printer, which can contain spaces.
After clicking Forward, Figure4 appears. Select Locally-connected from the Select a queue type menu, and select the device. The device is usually /dev/lp0 for a parallel printer or /dev/usb/lp0 for a USB printer. If no devices appear in the list, click Rescan devices to rescan the computer or click Custom device to specify it manually. Click Forward to continue.
www.wilshiresoft.com info@wilshiresfot.com
Figure4. Adding a Local Printer The next step is to select the type of printer. Go to Selecting the Printer Model and Finishing to continue. Adding a Remote UNIX (LPD) Printer To add a remote UNIX printer, such as one attached to a different Linux system on the same network, click the New button in the main Printer Configuration Tool window. The window shown in Figure2 will appear. Click Forward to proceed. In the window shown in Figure3, enter a unique name for the printer in the Name text field. The printer name cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-), and underscores (fi). Optionally, enter a short description for the printer, which can contain spaces. Select Networked UNIX (LPD) from the Select a queue type menu, and click Forward.
Figure5. Adding a Remote LPD Printer Text fields for the following options appear: Server The hostname or IP address of the remote machine to which the printer is attached. Queue The remote printer queue. The default printer queue is usually lp. Click Forward to continue. The next step is to select the type of printer. Adding a Samba (SMB) Printer To add a printer which is accessed using the SMB protocol (such as a printer attached to a Microsoft Windows system), click the New button in the main Printer Configuration Tool window. The window shown in Figure2 will appear. Click Forward to proceed. In the window shown in Figure3, enter a unique name for the printer in the Name text field. The printer name cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-), and underscores (fi). Optionally, enter a short description for the printer, which can contain spaces.
www.wilshiresoft.com info@wilshiresfot.com
Select Networked Windows (SMB) from the Select a queue type menu, and click Forward. If the printer is attached to a Microsoft Windows system, choose this queue type.
Figure6. Adding a SMB Printer As shown in Figure6, SMB shares are automatically detected and listed. Click the arrow beside each share name to expand the list. From the expanded list, select a printer. If the printer you are looking for does not appear in the list, click the Specify button on the right. Text fields for the following options appear: Workgroup The name of the Samba workgroup for the shared printer Server The name of the server sharing the printer Share The name of the shared printer on which you want to print. This name must be the same name defined as the Samba printer on the remote Windows machine. User name The name of the user you must log in as to access the printer. This user must exist on the Windows system, and the user must have permission to access the printer. The default user name is typically guest for Windows servers, or nobody for Samba servers. Password The password (if required) for the user specified in the User name field. Click Forward to continue. The Printer Configuration Tool then attempts to connect to the shared printer. If the shared printer requires a username and password, a dialog window appears prompting you to provide a valid username and password for the shared printer. If an incorrect share name is specified, you can change it here as well. If a workgroup name is required to connect to the share, it can be specified in this dialog box. This dialog window is the same as the one shown when the Specify button is clicked. Warning If you require a username and password, they are stored unencrypted in files only readable by root and lpd. Thus, it is possible for others to learn the username and password if they have root access. To avoid this, the username and password to access the printer should be different from the username and password used for the user's account on the local Red Hat Linux system. If they are different, then the only possible security compromise would be unauthorized use of the printer. If there are file shares from the server, it is recommended that they also use a different password than the one for the print queue. Selecting the Printer Model and Finishing After selecting the queue type of the printer, the next step is to select the printer model. You will see a window similar to Figure7. If it was not auto-detected, select the model from the list. The printers are divided by manufacturers. Select the name of the printer manufacturer from the pulldown menu. The printer models are updated each time a different manufacturer is selected. Select the printer model from the list.
www.wilshiresoft.com info@wilshiresfot.com
Figure7. Selecting a Printer Model The recommended print driver is selected based on the printer model selected. The print driver processes the data that you want to print into a format the printer can understand. Since a local printer is attached directly to your computer, you need a print driver to process the data that is sent to the printer. If you are configuring a remote printer (IPP, LPD, SMB, or NCP), the remote print server usually has its own print driver. If you select an additional print driver on your local computer, the data is filtered multiple times and is converted to a format that the printer can not understand. To make sure the data is not filtered more than once, first try selecting Generic as the manufacturer and Raw Print Queue or Postscript Printer as the printer model. After applying the changes, print a test page to try out this new configuration. If the test fails, the remote print server might not have a print driver configured. Try selecting a print driver according to the manufacturer and model of the remote printer, applying the changes, and printing a test page. Confirming Printer Configuration The last step is to confirm your printer configuration. Click Apply to add the print queue if the settings are correct. Click Back to modify the printer configuration. Click the Apply button in the main window to save your changes and restart the printer daemon. After applying the changes, print a test page to ensure the configuration is correct.
www.wilshiresoft.com info@wilshiresfot.com
Queue Name
To rename a printer or change its short description, change the value in the Queue name tab. Click OK to return to the main window. The name of the printer should change in the printer list. Click Apply to save the change and restart the printer daemon.
Queue Type
The Queue type tab shows the queue type that was selected when adding the printer and its settings. The queue type of the printer can be changed or just the settings. After making modifications, click OK to return to the main window. Click Apply to save the changes and restart the printer daemon. Depending on which queue type is chosen, different options are displayed. Refer to the appropriate section on adding a printer for a description of the options.
Printer Driver
The Printer driver tab shows which print driver is currently being used. If it is changed, click OK to return to the main window. Click Apply to save the change and restart the printer daemon.
Driver Options
The Driver Options tab displays advanced printer options. Options vary for each print driver. Common options include: Send Form-Feed (FF) should be selected if the last page of the print job is not ejected from the printer (for example, the form feed light fiashes). If this does not work, try selecting Send End-of-Transmission (EOT) instead. Some printers require both Send Form-Feed (FF) and Send EndofTransmission (EOT) to eject the last page. This option is only available with the LPRng printing system.
www.wilshiresoft.com info@wilshiresfot.com
Send End-of-Transmission (EOT) should be selected if sending a form-feed does not work. Refer to Send FormFeed (FF) above. This option is only available with the LPRng printing system. Assume Unknown Data is Text should be selected if the print driver does not recognize some of the data sent to it. Only select this option if there are problems printing. If this option is selected, the print driver assumes that any data that it can not recognize is text and attempts to print it as text. If this option is selected along with the Convert Text to Postscript option, the print driver assumes the unknown data is text and then converts it to PostScript. This option is only available with the LPRng printing system. Prerender Postscript should be selected if characters beyond the basic ASCII set are being sent to the printer but they are not printing correctly (such as Japanese characters). This option prerenders non-standard PostScript fonts so that they are printed correctly. If the printer does not support the fonts you are trying to print, try selecting this option. For example, select this option to print Japanese fonts to a non-Japanese printer. Extra time is required to perform this action. Do not choose it unless problems printing the correct fonts exist. Also select this option if the printer can not handle PostScript level This option converts it to PostScript level 1 GhostScript pre-filtering allows you to select No pre-filtering, Convert to PS level 1, or Convert to PS level 2 in case the printer can not handle certain PostScript levels. This option is only available if the PostScript driver is used with the CUPS printing system. Convert Text to Postscript is selected by default. If the printer can print plain text, try unselecting his when printing plain text documents to decrease the time it takes to print. If the CUPS printing ystem is used, this is not an option because text is always converted to PostScript.
Page Size allows the paper size to be selected. The options include US Letter, US Legal, A3, andA4. Effective Filter Locale defaults to C. Media Source defaults to Printer default. Change this option to use paper from a different tray. To modify the driver options, click OK to return to the main window. Click Apply to save the change and restart the printer daemon.
Printer Configuration
multiple systems. The file should be saved on a different system before reinstalling. To restore the configuration, type this command as root: /usr/sbin/redhat-config-printer-tui --Ximport < settings.xml If you already have a configuration file (you have configured one or more printers on the system already) and you try to import another configuration file, the existing configuration file will be overwritten. If you want to keep your
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
existing configuration and add the configuration in the saved file, you can merge the files with the following command (as root): /usr/sbin/redhat-config-printer-tui --Ximport --merge < settings.xml Your printer list will then consist of the printers you configured on the system as well as the printers you imported from the saved configuration file. If the imported configuration file has a print queue with the same name as an existing print queue on the system, the print queue from the imported file will override the existing printer. After importing the configuration file (with or without the merge command), you must restart the printer daemon. If you are using CUPS, issue the command: /sbin/service cups restart If you are using LPRng, issue the command: /sbin/service lpd restart
Adding a Local Printer To add a printer: redhat-config-printer-tui --Xadd-local options Options: --device=node (Required) The device node to use For example, /dev/lp0 --make=make (Required) The IEEE 1284 MANUFACTURER string or the printer manufacturer's name as in the foomatic database if the manufacturer string is not available --model=model (Required) The IEEE 1284 MODEL string or the printer model listed in the foomatic database if the model string is not available. --name=name (Optional) The name to be given to the new queue. If one is not given, a name based on the device node (such as lp0) will be used. If you are using CUPS as the printing system (the default), after adding the printer, use the following command to start/restart the printer daemon: #service cups restart
If you are using LPRng as the printing system, after adding the printer, use the following command to start/restart the printer daemon: #service lpd restart Removing a Local Printer A printer queue can also be removed via the command line. As root, to remove a printer queue: redhat-config-printer-tui --Xremove-local options Options: --device=node
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
(Required) The device node used such as /dev/lp0. --make=make (Required) The IEEE 1284 MANUFACTURER string, or (if none is available) the printer manufacturer's name as in the foomatic database --model=model (Required) The IEEE 1284 MODEL string, or (if none is available) the printer model as listed in the foomatic database. If you are using the CUPS printing system (the default), after removing the printer from the Printer Configuration Tool configuration, restart the printer daemon for the changes to take effect: #service cups restart If you are using the LPRng printing system, after removing the printer from the Printer Configuration Tool configuration, restart the printer daemon for the changes to take effect: #service lpd restart If you are using CUPS, have removed all printers, and do not want to run the printer daemon anymore, execute the following command: #service cups stop If you are using LPRng, have removed all printers, and do not want to run the printer daemon anymore, execute the following command: #service lpd stop
Figure10. GNOME Print Manager It can also be started by selecting Main Menu Button (on the Panel) => System Tools => Print Manager. To change the printer settings, right-click on the icon for the printer and select Properties. The Printer Configuration Tool is then started. Double-click on a configured printer to view the print spool queue as shown in Figure11
www.wilshiresoft.com info@wilshiresfot.com
Figure11 List of Print Jobs To cancel a specific print job listed in the GNOME Print Manager, select it from the list and select dit => Cancel Documents from the pulldown menu. If there are active print jobs in the print spool, a printer notification icon might appears in the Panel otification Area of the desktop panel as shown in Figure10. Because it probes for active print jobs every five seconds, the icon might not be displayed for short print jobs.
Figure10: Clicking on the printer notification icon starts the GNOME Print Manager to display a list of current print jobs. Also located on the Panel is a Print Manager icon. To print a file from Nautilus, browse to the location of the file and drag and drop it on to the Print Manager icon on the Panel. The window shown in Figure12 is displayed. Click OK to start printing the file.
Figure12. Print Verification Window To view the list of print jobs in the print spool from a shell prompt, type the command lpq. The last few lines will look similar to the following: Example of lpq output Rank Owner/ID Class Job Files Size Time active user@localhost+902 A 902 sample.txt 2050 01:20:46
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Sharing a Printer
The Printer Configuration Tool's ability to share configuration options can only be used if you are using the CUPS printing system. Allowing users on a different computer on the network to print to a printer configured for your system is called sharing the printer. By default, printers configured with the Printer Configuration Tool are not shared. To share a configured printer, start the Printer Configuration Tool and select a printer from the list. Then select Action => Sharing from the pulldown menu. Note: If a printer is not selected, Action => Sharing only shows the system-wide sharing options normally shown under the General tab. On the Queue tab, select the option to make the queue available to other users.
After selecting to share the queue, by default, all hosts are allowed to print to the shared printer. Allowing all systems on the network to print to the queue can be dangerous, especially if the system is directly connected to the Internet. It is recommended that this option be changed by selecting the All hosts entry and clicking the Edit button to display the window shown in Figure14. If you have a firewall configured on the print server, it must be able to send and receive connections on the incoming UDP port, 631. If you have a firewall configured on the client (the computer sending the print request), it must be allowed to send and accept connections on port 631.
Figure14. Allowed Hosts The General tab configures settings for all printers, including those not viewable with the Printer Configuration Tool. There are two options:
www.wilshiresoft.com info@wilshiresfot.com
Figure15. System-wide Sharing Options Automatically find remote shared queues Selected by default, this option enables IPP browsing, which means that when other machines on the network broadcast the queues that they have, the queues are automatically added to the list of printers available to the system; no additional configuration is required for a printer found from IPP browsing. This option does not automatically share the printers configured on the local system.
Select either the LPRng or the CUPS printing system. In Red Hat Linux 9, CUPS is the default. If you only have one printing system installed, it is the only option shown. If you select OK to change the printing system, the selected print daemon is enabled to start at boot time, and the unselected print daemon is disabled so that it does not start at boot time.
www.wilshiresoft.com info@wilshiresfot.com
Figure16 Printer System Switcher The selected print daemon is started, and the other print daemon is stopped; thus making the changes take place immediately.
Additional Resources To learn more about printing on Red Hat Linux, refer to the following resources. Installed Documentation man printcap The manual page for the /etc/printcap printer configuration file. map lpr The manual page for the lpr command that allows you to print files from the command line. man lpd The manual page for the LPRng printer daemon. man lprm The manual page for the command line utility to remove print jobs from the LPRng spool queue. man mpage The manual page for the command line utility to print multiple pages on one sheet of paper. man cupsd The manual page for the CUPS printer daemon. man cupsd.conf The manual page for the CUPS printer daemon configuration file. man classes.conf The manual page for the class configuration file for CUPS.
www.wilshiresoft.com info@wilshiresfot.com
Download the latest version of modutils-tools from the following site http://www.kernel.org/pub/linux/kernel/people/rusty/modules/ or or Install all the developer related tools by using redhat-config-packages. The modutils package contains versions of modprobe, insmod, rmmod etc. required because of the reimplementation of the in-kernel module loader in 2.6. However, these tools are backward compatible so things will still work in your 2.4 setup after you install it. STEP4 Download the latest kernel, here we are using linux-2.6.6.tar.bz2 uncompress and unzip it.It is recommended that you copy the kernel to /home/kernel/src/ #mkdir p /home/kernel/src #cp linux-2.6.0.tar.bz2 /home/kernel/src # cd /home/kernel/src # bunzip2 -c linux-2.6.0.tar.bz2 | tar -xv # cd /home/kernel/src/linux-2.6.6 STEP5 Copy the appropriate /usr/src/linux-2.4/configs [kernel-2.4.20-i686.config] to .config in whatever directory you are installing. In our case it's /home/src/kernel/linux-2.6.3 cp /usr/src/linux-2.4/configs/kernel-2.4.20-i686.config /home/src/kernel/linux-2.6.6/.config \
Note: If the /usr/src/linux-2.4 dose not exists, probably you dont have linux-source-2.4.20 package installed. You can install this package from 2nd and 3rd CD of RedHat 9 distribution. Use redhat-config-packages and install the Kernel Development section of packages or simply use rpm command to install the package. STEP6 Assuming you copied the appropriate kernel-2.4 config to .config, run the following which will run through necessary questions for the 2.6 kernel. This command will backup the current kernel settings and adds to the new one we are about to build. oldconfig will read the defaults from an existing .config and rewrite necessary links and files. Use this option if you've made minor changes to source files or need to script the rebuild process. Note that oldconfig will only work within the same major version of the kernel. #make oldconfig The above command preserves most settings and will prompt you only for new items. You can also use make xconfig command which brings up GUI window asking you to setup all the parameters that you want to enable or disable. You can alos use make menuconfig which brings up a TUI See the following figure: #make xconfig
www.wilshiresoft.com info@wilshiresfot.com
Note: Run only one of the above commands. STEP7 This is very important. Make sure you're .config has the following in it CONFIG_EXT3_FS=y You'll run into the error if you leave this =m instead of =y: vi /home/src/kernel/linux-2.6.6/.config CONFIG_EXT3_FS=y Edit the Makefile and add changes to the Extraversion as desired. Patches will update these values as well. #vi /home/src/kernel/linux-2.6.3/Makefile VERSION = 2 PATCHLEVEL = 6 SUBLEVEL = 3 EXTRAVERSION = -custom_ker-6 Here we are just adding our own name (-custom_ker-6) to the kernels extra version. STEP 8: Build the Kernel Image Building the bzImage takes substatially long time based on your system performance. On a Pentium III with 128Mb RAM took almost 45 minutes to build the kernel Image. #make bzImage If everything went correctly then the new kernel should exist in ./arch/$ARCH/boot. For example, on IA32 systems we can verify this with: #ls -l arch/i686/boot STEP 9: There is one more step needed for the build process, however. You have created the kernel, but now you need to create all the loadable modules if you have them configured. Be aware that typical distribution kernels tend to have almost every feature installed, plus a few others for good measure. These can typically take an hour or so to build. The stock kernels are somewhat leaner by default and take, on average, 25 minutes to compile. To build the modules we run: #make modules STEP 10: Again, lots of messages will scroll by on the screen. Here also the 2.6.x series is less talkative, outputting only summary information. Once the modules are built they can be installed. To install the modules run: #make modules_install
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
STEP 11: Now its the time to install our new kernel. Simply run the make install command. It should automatically update the GRUB boot loader configuration file /boot/grub/grub.conf, create initial ram disk image (/boot/initrd-2.6.6-custom_ker-6) and place the new kernel (/boot/vmlinuz-2.6.6custom_ker-6) under /boot directory. #make install STEP 12 (CHECKING EVERYTHING): Check the following: The new image file should be installed on boot and there should be sym link to it. Latest kernel is 2.6.3custom_ker-6, and I got the "-custom_ker-6" from the values I put in the Makefile, see the following: ls l /boot vmlinuz -> vmlinuz-2.6.3-custom_ker-6 System.map -> System.map-2.6.3-custom_ker-6 /boot/grub/grub.conf Should have been automatically updated from make. In /boot/grub/grub.conf change "default=0" to boot with the new kernel. Here's an example of grub.conf: # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making # NOTICE: You have a /boot partition. #boot=/dev/hda default=0 timeout=10 splashimage=(hd0,2)/grub/splash.xpm.gz title Red Hat Linux (2.6.3-custom_ker-6) root (hd0,2) kernel /vmlinuz-2.6.3-custom_ker-6 ro root=LABEL=/ initrd /initrd-2.6.3-custom_ker-6.img You added the mount command for sys in /etc/rc.sysinit CONFIG_EXT3_FS=y was used in the .config Run /sbin/lsmod or cat /proc/modules to make sure a 2.4 kernel module wasn't forgotten. Also look at "#cat /proc/iomem"
Lastly: reboot the system tryout the new kernel. Use the uname r command to see the current kernel version. #uname r 2.6.6-custom_ker
www.wilshiresoft.com info@wilshiresfot.com
Preparing To Go Headless
One of the advantages of this method is that you don't need a keyboard either. Unfortunately your BIOS may halt the system during the Power On Self Test (POST) if it doesn't detect a keyboard. Make sure you disable this feature in the BIOS setup of your PC before proceeding. This feature can usually be found on the very first screen under the Halt On option. You will also need to make sure that you have activated your COM ports in your BIOS settings. For non-modem connectivity (PC to PC) connect a NULL modem cable to the COM port you want to test, connect the other end to the client PC running "Hyperterm" or whatever terminal emulation software you are using. One popular Linux equivalent to Hyperterm is minicom.
Configuration Steps
In RedHat Linux, the COM1 and COM2 ports are controlled by a program called "agetty", but "agetty" usually isn't activated when you boot up unless its configuration file /etc/inittab is modified. In other versions of Linux, "agetty" may be called just plain "getty". Here is a table that lists the physical ports to their equivalent Linux device names. Port COM1 COM2 Linux "agetty" Device Name ttyS0 ttys1
The following lines added to /etc/inittab will configure your COM ports for terminal access: # Run COM1 and COM2 gettys in standard runlevels S0:235:respawn:/sbin/agetty -L 9600 ttyS0 vt100 S1:235:respawn:/sbin/agetty -L 9600 ttyS1 vt100
Warning: The system will HANG if one of ttyS0 or ttyS1 is connected to Mouse or other devices are using the particular port. In such case check the back panel of the system, find the proper port and mention only that particular port in /etc/inittab i.e either ttyS0 or ttyS1. If the mouse is PS/2 type or both the ports are not in use then there shouldnt be any problem. The next step is to restart the "init" process to re-read /etc/inittab [root@skynet tmp]# init q Now you need to configure the terminal client such as Hyperterm to match the speed settings in /etc/inittab. Connect the console / modem cable between the client and your Linux box. Hit "enter" a couple times and you see something like this: Red Hat Linux release 9 (Shrike) Kernel 2.4.18-14 on an i686 skynet login: Note: By default, user "root" will not be able to log in from a terminal. To do this you'll have to edit the /etc/securetty file which contains the device names of tty lines on which root is allowed to login. Just add ttyS0 and ttyS1 to the list if you need this access.
www.wilshiresoft.com info@wilshiresfot.com
26.1.2 RAID 1
With RAID 1, data is cloned on a duplicate disk. This RAID method is therefore frequently called "disk mirroring". A good analogy would be telling two people the same story so that if one forgets some of the details you can ask the other one to remind you. When one of the disks in the RAID set fails, the other one continues to function. When the failed disk is replaced, the data is automatically cloned to the new disk from the surviving disk. RAID 1 also offers the possibility of using a "hot standby" spare disk which will be automatically cloned in the event of a disk failure on any of the primary RAID devices.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
RAID 1 offers data redundancy, without the speed advantages of RAID 0. A disadvantage of software based RAID 1 is that the server has to send data twice to be written to each of the mirror disks. This can saturate data busses and CPU utilization. With a hardware based solution, the server CPU sends the data to the RAID disk controller once, and the disk controller then duplicates the data to the mirror disks. This makes RAID capable disk controllers the preferred solution when implementing RAID 1. A limitation of RAID 1 is that the total RAID size in Gigabytes is equal to that of the smallest disk in the RAID set. Unlike RAID 0, the extra space on the larger device isn't used. Following figure illustrates the data allocation process in RAID 1.
26.1.3 RAID 5
RAID 5 improves on RAID 4 by striping the parity data between all the disks in the RAID set, This avoids the parity disk bottleneck while maintaining many of the speed features of RAID 0 and the redundancy of RAID 1. Like RAID 4, RAID 5 can only survive the loss of a single disk. Linux RAID 5 requires a minimum of three disks / partitions. Specially built hardware based RAID disk controllers are available for both IDE and SCSI drives. They usually have their own BIOS, so you can configure them right after your system's the power on self test (POST). Hardware based RAID is transparent to your operating system, the hardware does all the work. If hardware RAID isn't available then you should be aware of these basic guidelines to follow when setting up software RAID.
www.wilshiresoft.com info@wilshiresfot.com
It is generally a not a good idea to share RAID configured partitions with non RAID partitions. The reason for this is obvious as a disk failure could still incapacitate a system. If you decide to use RAID, all the partitions on each RAID disk should be part of a RAID set. Backup Your System First Software RAID creates the equivalent of a single RAID virtual disk drive made up of all the underlying regular partitions used to create it. You will have to format this new RAID device before your Linux system will be able to store files on it. This will cause all the old data on the underlying RAID partitions to be lost. It is best to backup the data on these and any other partitions on the disk drive on which you want implement RAID. A mistake could unintentionally corrupt valid data.
The number of cylinders for this disk is set to 8355. There is nothing wrong with that, but this is larger than 1024, and could in certain setups cause problems with: 1) software that runs at boot time (e.g., old versions of LILO) 2) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Command (m for help): Use FDISK Help We now use the fdisk "m" command to get some help Command (m for help): m ... ...
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id ... ... Command (m for help): Set The ID Type To FD Partition /dev/sdb1 is the 1st partition on disk /dev/hde. We now modify its "type" using the "t" command and then specifying the partition number and type code. We also use the "L" command to get a full listing of ID types in case we forget. Command (m for help): t Partition number (1-5): 1 Hex code (type L to list codes): L ... ... ... 16 Hidden FAT16 61 SpeedStor a9 NetBSD f2 DOS secondary 17 Hidden HPFS/NTF 63 GNU HURD or Sys ab Darwin boot fd Linux raid auto 18 AST SmartSleep 64 Novell Netware b7 BSDI fs fe LANstep 1b Hidden Win95 FA 65 Novell Netware b8 BSDI swap ff BBT Hex code (type L to list codes): fd Changed system type of partition 1 to fd (Linux raid autodetect) Make Sure The Change Occurred Use the "p" command to get the new proposed partition table
Command (m for help): p Disk /dev/hde: 4311 MB, 4311982080 bytes 16 heads, 63 sectors/track, 8355 cylinders Units = cylinders of 1008 * 512 = 516096 bytes Device Boot /dev/sdb1 /dev/sdb2 Save The Changes Use the "w" command to permanently save the changes to disk /dev/hde. Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. WARNING: Re-reading the partition table failed with error 16: Device or resource busy. The kernel still uses the old table. The new table will be used at the next reboot. Syncing disks. [root@skynet tmp]# The error above will occur if any of the other partitions on the disk is mounted. Repeat For The Other Partitions Seps for changing the IDs for /dev/sdc1 and /dev/sdd1 are very similar. Start 1 4089 End 4088 5713 Blocks 2060320+ 819000 Id fd 83 System Linux raid autodetect Linux
www.wilshiresoft.com info@wilshiresfot.com
General Guidelines
When configuring RAID 5 a "parity-algorithm" setting must be used. The "raid-disk" parameters for each partition in the /etc/raidtab file are numbered starting at "0". For example, if you have four partitions for RAIN, they would be numbered 0, 1, 2 & 3. For RAID levels 1, 4 and 5 /etc/raidtab "persistent-superblock" must be set to "1" in order for the RAID autodetect feature (partition type FD) to work. For all RAID versions, "persistent-superblock" must be set to "0" In our example: We configure RAID 5 on using each of the desired partitions on the 3 disks (sdb1, sdc1 sdd1). The set of 3 RAID disks will be called /dev/md0. # # sample raiddev configuration file # 'old' RAID0 array created with mdtools. # raiddev /dev/md0 raid-level 5 nr-raid-disks 3 persistent-superblock 1 chunk-size 32 parity-algorithm left-symmetric device /dev/sdb1 raid-disk 0 device /dev/sdc1 raid-disk 1 device /dev/sdd1 raid-disk 2
Your new RAID device will now have to be formatted. In the example below: We use the "-j" qualifier to ensure that a journaling file systems is created. A block size of 4KB (4096 bytes) is used with each chunk being comprised of 8 blocks. It is very important that the "chunk-size" parameter in the /etc/raidtab file match the value of the block size multiplied by the stride value in the command below. Note: If the values don't match, then you will get parity errors. [root@skynet tmp]# mke2fs -j -b 4096 -R stride=8 /dev/md0 mke2fs 1.32 (09-Nov-2002) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) 516096 inodes, 1030160 blocks 51508 blocks (5.00%) reserved for the super user First data block=0 32 block groups 32768 blocks per group, 32768 fragments per group 16128 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736 Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 26 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.
Load The RAID Driver For The New RAID Set The next step is make the Linux operating system fully aware of the RAID set by loading the driver for the new RAID set using the raidstart command. [root@skynet tmp]# raidstart /dev/md0 Create A Mount Point For The RAID Set The next step is to create a mount point for /dev/md0. In this case we'll create one called /mnt/raid [root@skynet mnt]# mkdir /mnt/raid Edit The /etc/fstab File The /etc/fstab file lists all the partitions that need to be mounted when the system boots.
Add an Entry for the RAID set We'll now add an entry for the /dev/md0 device. Here is an example of a line that could be used: /dev/md0 /mnt/raid ext3 defaults 1 2
Note: It is very important that you DO NOT use labels in the /etc/fstab file for RAID devices, just use the real device name such as "/dev/md0". On startup, the /etc/rc.d/rc.sysinit script checks the /etc/fstab file for device entries that match RAID set names in the /etc/raidtab file. It will not automatically start the RAID set driver for the RAID set if it doesn't find a match. Device mounting then occurs later on in the boot process. Mounting a RAID device that doesn't have a loaded driver can corrupt your data giving the error below. Mount The New RAID Set The mount command can now be used to mount the RAID set. Using the automount feature
www.wilshiresoft.com info@wilshiresfot.com
The mount command's "-a" flag will cause Linux to mount all the devices in the /etc/fstab file that have automounting enabled (default) and that are also not already mounted. [root@skynet tmp]# mount -a Manually Mounting the RAID Set You can also mount the device manually. [root@skynet tmp]# mount /dev/md0 /mnt/raid
www.wilshiresoft.com info@wilshiresfot.com
(B) Background Process A program that is running without user input. A number of background processes can be running on a multitasking operating system, such as UNIX/Linux, while the user is interacting with the foreground process (for example, data entry). Some background processesdaemons, for examplenever require user input. Others are merely in the background temporarily while the user is busy with the program presently running in the foreground. Bash (Bourne Again SHell) An enhanced version of the Bourne Shell. (Also, see Korn Shell.) BDF Fonts A variety of bitmapped fonts for the X Window System. (Also, see PostScript Fonts and TrueType Fonts.) Bin A directory containing executable programs, primarily binary files. Binaries Source code that has been compiled into executable programs. In the UNIX/Linux world, some software is distributed as source code only; other packages include both source and binaries; still others are distributed only in binary format. Bootstrap is using a much smaller initial program to load in the desired program (which is usually an operating system). Boot Disk A diskette (floppy) containing enough of an operating system (such as Linux) to boot up (start) the computer and run some essential programs from the command line. This may be necessary if the system was rendered non-bootable for some reason. A boot disk can be used to partition and format the hard drive, restore the Master Boot Record, or copy specific files, among other things. Bot Short for Robot. A program designed to search for information on the Internet with little human intervention. Bourne Shell A popular command line shell offering many advantages over the DOS command prompt. (Also, see Bash and Korn Shell.) BSD (Berkeley Software Distribution) UNIX UNIX distribution from University of California at Berkeley (Also, see FreeBSD.) Bzip2 A newer file compression program for UNIX/Linux, providing smaller file sizes than Gzip
(C) CGI (Common Gateway Interface) Used on Web servers to transmit data between scripts and/or applications and then return the data to the Web page or browser. CGI scripts are often created using the Perl language, and can generate dynamic Web content (including e-commerce shopping baskets, discussion groups, survey forms, current news, etc.).
www.wilshiresoft.com info@wilshiresfot.com
CHS (Cylinder/Head/Sector) Disk information required by FDISK during partitioning. Client A machine that requests services (e-mail, for example) from a server. CLU (Command Line Utility) A program that is run from a command line session, or shell, such as Tar or Mkdir Cluster A network of workstations (PCs or other) running Linux. (Also, see Beowulf.) Command Line Interface (CLI) A full-screen or windowed text-mode session where the user executes programs by typing in commands with or without parameters. The CLI displays output text from the operating system or program and provides a command prompt for user input. Compiler A program used to turn programming source code into an executable program. Console Application A command line program that does not require (or perhaps even offer) a graphical user interface to run. Cron A Linux daemon that executes specified tasks at a designated time or interval. CSV Comma Separated Value file contains the values in a table as a series of ASCII text lines organized so that each column value is separated by a comma from the next column's value and each row starts a new line. CUPS Common Unix Printing System provides a portable printing layer for UNIX and linux based operating systems
(D) Daemon A background process of the operating system that usually has root security level permission. A daemon usually lurks in the background until something triggers it into activity, such as a specific time or date, time interval, receipt of e-mail, etc. Desktop The operating system user interface, which is designed to represent an office esk with objects on it. Rather than physical telephones, lamps, in/out baskets, etc., the perating system desktop uses program and data icons, windows, taskbars, and the like. here are many different desktop environments available for Linux, including KDE, NOME, and X11, that can be installed by a user. (Also, see GUI, Window manager and X Window System.) Device Driver A program that serves as an intermediary between the operating system nd a device (ports, drives, monitors, printers, etc.) defining to the operating system what apabilities the device has and translating the operating system commands into nstructions the device understands. Distribution A packaging of the Linux kernel (core) with various user interfaces, utilities, drivers, and other software into a user deliverable. Often available as a free download or in a low-cost CD-ROM package. Popular distributions include Caldera OpenLinux, CoreLinux, Debian, Red Hat, Slackware, SuSE, TurboLinux and others.
(E) Emacs (Editing with MACroS) A popular text editor. Enlightenment One of several user interfaces (window managers). For more on fterStep, go to www.afterstep.org. (Also, see AfterStep, GNOME, KDE and X Window system.) Elm was a popular e-mail program for users of Unix or linux based operating systems that runs in a cmd line mode (like reading email in DOS). Errata Redhat has lots of this stuff EXT2 Extended File System Version 2 is probably the most widely used filesystem in the Linux community. It provides standard Unix file semantics and advanced features. Moreover, thanks to the optimizations included in the kernel code, it is robust and offers excellent performance.
EXT3 Extended File System Version 3 Ext3 support the same features as Ext2, but includes also Journaling. A journaling file system uses a separate area called a log or journal. Before metadata changes are actually performed, they are logged to this separate area. The operation is then performed. If the system crashes during the operation, there is enough information in the log to "replay" the log record and complete the operation.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
(F) File System A set of programs that tells an operating system how to access and nterpret the contents of a disk or tape drive, or other storage medium. Common file reparing Today for Linux Tomorrow systems include: FAT and FAT-32 (DOS/Windows), HPFS (OS/2), NFS, NTFS (Windows NT/2000), and others. Filter A program that reads data (from a file, program output or command line entry) as input, processes it according to a set of predefined conditions (for example, sorted lphabetically) and outputs the processed data. Some filters include Awk, Grep, Sed and sort. Finger A UNIX/Linux command that provides information about users that are logged on. Foreground Process In a multitasking operating system, such as UNIX/Linux, the foreground process is the program that the user is interacting with at the present time (for example, data entry). Different programs can be in the foreground at different times, as the user jumps between them. In a tiered windowing environment, it is the topmost window. FreeBSD (Free Berkeley Software Distribution) Similar to Linux in that it includes many GNU programs and runs many of the same packages as Linux. However, some kernel functions are implemented differently. (Also, see BSD UNIX.) FTP (File Transfer Protocol) A method of transferring files to and from other computersoften software repositories.
(G) GCC (GNU C Compiler) A high-quality C compiler governed by the GPL. GIMP (GNU Image Manipulation Program) A popular image editor/paint program for Linux. GNOME (GNU Network Object Model Environment) One of several user interfaces (window managers) for Linux, built with Gtk. For more on GNOME, go to www.gnome.org. (Also, see AfterStep, Enlightenment, KDE and X Window System.) GNU (GNU is Not Unix) Project An effort of the Massachusetts Institute of Technology (MIT) Free Software Foundation (FSF) to develop and promote alternatives to proprietary UNIX implementations. GNU software is licensed under the GPL. GNU/Linux Same as Linux. So-called because many of the components included in a Linux distribution are GNU tools. GPL (GNU General Public License) A common usage and redistribution www.linuxdoc.org/LDP/gs/app-gpl/node1.html to see a copy of the GPL agreement. license. Visit
Grep (Global Regular Expression and Print) A tool that searches files for a string of text and outputs any line that contains the pattern Grub A linux bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel software. The kernel then starts the rest of the operating system. Gtk/Gtk+ (GIMP ToolKit) A powerful, fast open source graphics library for the X window System on UNIX/Linux, used by programmers to create buttons, menus and other graphical objects. (Also, see GNOME, Motif and Qt.) GUI (Graphical User Interface) The collection of icons, windows, and other onscreen graphical images that provide the users interaction with the operating system. (Also, see Desktop and Window manager.) Gzip (GNU zip) The original file compression program for UNIX/Linux. Recent versions produce files with a .gz extension. (A .z or .Z extension indicates an older version of Gzip.) Compression is used to compact files to save storage space and reduce transfer time. (When combined with Tar, the resulting file extensions may be .tgz, .tar.gz or .tar.Z.)
(H)
www.wilshiresoft.com info@wilshiresfot.com
Home Directory The directory the user is placed in after logging on. HTML (Hyper Text Markup Language) The standard markup language for designing Web pages. Markup tags, or formatting commands, allow the Web page designer to specify highlighting, position graphics, create hyperlinks, etc. HTTP (Hyper Text Transport Protocol) The set of guidelines created for requesting and sending HTML-based Web pages.
(I) Init The first process to run immediately after the operating system loads. It starts the system in single-user mode or spawns a shell to read the startup files, and opens ports designated as login ports. IRC Internet relay chat. A older system of chatting online using the Internet. These can be more like the wild west days since there is usally little to no direct control or moderation of these.
(J) Java An object-oriented programming language developed by Sun Microsystems to be operating system independent. Java is often used on Web servers. Java applications and applets are sometimes offered as downloads to run on users systems. Java programming can produce applications, or smaller Java applets. Java is a somewhat simplified version of the C++ language, and is normally interpreted rather than compiled. Java Applets Small Java programs that are embedded in a Web page and run within a browser, not as a stand-alone application. Applets cannot access some resources on the local computer, such as files and serial devices (modems, printers, etc.), and generally cannot communicate with other computers across a network. JavaBeans component architecture for the Java language. JavaBeans components are called Beans. JavaScript A cross-platform World Wide Web scripting language, vaguely related to Java. It can be used as a server-side scripting language, as an embedded language in server-parsed HTML, and as an embedded language for browsers. JDK (Java Development Kit) A Java programming toolkit from Sun, IBM or others, available for UNIX/Linux and other operating systems. JFS (Journaled/Journaling File System) A file system that includes built-in backup/recovery capabilities. Changes to the index are written to a log file before the changes take effect so that if the index is corrupted (by a power failure during the index write, for example), the index can be rebuilt from the log, including the changes. JVM (Java Virtual Machine) A Java runtime environment, required for the running of Java programs, which includes a Java interpreter. A different JVM is required for each unique operating system (Linux, OS/2, Windows 98, etc.), but any JVM can run the same version of a Java program.
(K) KDE (K Desktop Environment) One of several user interfaces (window managers) for Linux, built with Qt. For more on KDE, go to www.kde.org. (Also, see AfterStep, Enlightenment, GNOME and X Window System.) Kernel The core of the operating system, upon which all other components rely. The kernel manages such tasks as low-level hardware interaction and the sharing of resources, including memory allocation, input/output, security, and user access. Korn Shell An enhanced version of the Bourne Shell, including extensive scripting support and command line editing. It supports many scripts written for the Bourne Shell. (Also, see Bash.)
(L) LGPL (Library GPL) A variation of the GPL that covers program libraries. LILO (LInux LOader) A popular partition boot manager utility, capable of booting to operating systems other than Linux. It is not file system-specific.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Linux An open source UNIX-like operating system, originally begun by Linus Torvalds. Linux really refers to only the operating system kernel, or core. More than 200 people have contributed to the development of the Linux kernel. The rest of a Linux distribution consists of various utilities, device drivers, applications, a user interface and other tools that generally can be compiled and run on other UNIX operating systems as well. Lindows is a low-cost commercial Linux-based operating system with a user interface similar to the latest Microsoft Windows operating system. Although Lindows is proprietary and is not open source like Linux, Lindows is less expensive than Windows XP. LISA (Lisp-based Intelligent Software Agents) is a production-rule system heavily influenced by JESS (Java Expert System Shell). It has at its core a reasoning (artifical intelligence) engine based on the Rete pattern matching algorithm. LISA also provides the ability to reason over ordinary CLOS objects. Log To store application or system messages or errors. Also, a file that holds this information. Lynx A popular non-graphical (text-based) Web browser.
(M) Macro A set of instructions stored in an executable form. Macros may be applicationspecific (such as a spreadsheet or word processing macro that performs specific steps within that program) or general-purpose (for example, a keyboard macro that types in a user ID when Ctrl-U is pressed on the keyboard). Man The UNIX/Linux command for reading online manual pages. MBR (Master Boot Record) The first physical sector on a bootable disk drive. The place where the system BIOS looks when the computer is first booted, to determine which partition is currently active (bootable), before reading that partitions first (boot) sector and booting from the partition. Mesa An implementation of the OpenGL (Open Graphics Library) API (Application Programming Interface). It provides standard guidelines and a toolset for writing 2D and 3D hardware-assisted graphics software. MIME (Multipurpose Internet Mail Exchange) A communications protocol that allows text e-mail messages to include non-textual (graphics, video or audio, for example) data. Motif A powerful proprietary graphics library for UNIX/Linux, developed by the Open Software Foundation (OSF) and used by programmers to create buttons, menus and other graphical objects for the X Window System. Mozilla was Netscape Communication's nickname for Navigator, its Web browser, and, more recently, the name of an open source public collaboration aimed at making improvements to Navigator. Mount Identify a disk drive to the file system before use. Multitasking The ability of an operating system to run more than one program, or task, at a time. A cooperative multitasking OS, like Windows 95/98, requires one application to voluntarily free up resources upon request so another application can use it. A preemptive multitasking OS, such as UNIX/Linux, Windows NT/2000 or OS/2, frees up resources when ordered to by the operating system, on a time-slice basis, or a priority basis, so that one application is unable to hog resources when they are needed by another program. Multithreading The ability of an operating system to concurrently run programs that have been divided into subcomponents, or threads. Multithreading, when done correctly, offers better utilization of processors and other system resources. Multithreaded programming requires a multitasking/multithreading operating system, such as UNIX/Linux, Windows NT/2000 or OS/2, capable of running many programs concurrently. A word processor can make good use of multithreading, because it can spell check in the foreground while saving to disk and sending output to the system print spooler in the background.
(N) NFS (Network File System) A file system that allows the sharing of files across a network or the Internet.
(O) Object-Oriented A software development methodology that offers the programmer standard reusable software modules (components), rather than requiring the developer to write custom programming code each time. Using standard components reduces development time (because the writing and testing of those
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
components has already been done by other programmers), and ensures a standard look and feel for programs using the same components. OO See Object-Oriented. Open Source A somewhat ambiguous term that refers to software that is released with its source code. The fact that the source code is provided does not necessarily mean that users can modify and redistribute the source code. The term is sometimes used interchangeably with free software, although they are not always the same. OSS (Open Sound System) A device driver for accessing sound cards and other audio devices under UNIX/Linux. It evolved from the Linux Sound Driver, and supports most popular audio chips and adapters. OSS (Open Source Software) See Open Source.
(P) PAM (Pluggable Authentication Modules) A replaceable user authentication module for system security, which allows programs to be written without knowing which authentication scheme will be used. This allows a module to be replaced later with a different module without requiring rewriting the software. Panel The name for the Linux equivalent of the Windows Taskbar. Partition A contiguous section of a disk drive that is treated by the operating system as a physical drive. Thus, one disk drive can have several drive letters assigned to it. PCF fonts A variety of bitmapped fonts to be used with the X Window System. PD See Public Domain. PDF (Portable Document Format) files Binary files created with Adobe Acrobat or other programs capable of producing output in this format. Used for producing operating system-independent documents, which can be viewed using Acrobat Reader or other programs, including Web browsers equipped with an Acrobat Reader plugin. Perl (Practical Extraction and Report Language) A common scripting/programming language. It is often used on UNIX/Linux Web servers for generating CGI scripts. PGP (Pretty Good Privacy) A high-security, public-key data encryption program for UNIX/Linux and other operating systems. PHP is a script language and interpreter that is freely available and used primarily on Linux Web servers. Piping Symbol The | keyboard character (the Shift-Backslash character above the Enter key on a typical 101key keyboard). It is often used to feed the output from one command or program to another. For example, history | grep mcopy sends the contents of the .bash_history file (via the history command) to the grep program, searching for the string mcopy. (Also, see Append Symbol and Redirection Symbol.) Pine is a program for Internet News & Email - is a tool for reading, sending, and managing electronic messages. PL file extension for a perl script Port/Ported/Porting The process of taking a program written for one operating system platform and modifying it to run on another OS with similar functionality. There is generally little or no attempt to customize the program to take advantage of the unique capabilities of the new operating system, as opposed to optimizing an application for a specific operating system. Portable A term referring to software that is designed to be use on more than one operating system with only minor modifications and recompilation. POSIX (Portable Operating System Interface for uniX) A set of programming interface standards governing how to write application source code so that the applications are portable between operating systems. POSIX is based on UNIX and is the basis for the X/Open specification of The Open Group. PostScript A page description language developed by Adobe Systems that tells a printer how to display text or graphics on a printed page. PostScript Fonts A wide variety of fonts that can be used with OS/2, MS Windows and the X Window System. Font files include those with .afm, .pfa and .pfb extensions. Sometimes called Adobe Type 1 fonts, or ATM
www.wilshiresoft.com info@wilshiresfot.com
(Adobe Type Manager) fonts. PostScript fonts typically require a PostScript-compatible printer. (Also, see BDF Fonts and TrueType Fonts.) Process An executing program. (Also, see Multitasking and Multithreading.) Public Domain Software that is available to be used and modified by anyone, for any purpose, and may even be incorporated for distribution in commercial software. Public domain software is not copyrighted, and no rights are retained by the author. Public Key Encryption A method of data encryption that involves two separate keys: a public key and a private key. Data encrypted with the public key can be decrypted only with the private key and vice versa. Typically, the public key is published and can be used to encrypt data sent to the holder of the private key, and the private key is used to sign ata. Python An object-oriented p-code programming language.
(Q) Qt A powerful, fast open source graphics library for the X Window System on UNIX/Linux, which is used by programmers to create buttons, menus, and other graphical objects. (Also, see Gtk/Gtk+ and KDE.) Queue (Sometimes incorrectly spelled Que.) A list of tasks awaiting execution, as in the print queue. Qmail is one of the more popular email servers also called a SMTP server
(R) RAID (Redundant Array of Independent/Inexpensive Disks/Devices) A method of providing data redundancy, improved performance and/or quick data recoverability from disk crashes, by spreading or duplicating data across multiple disk drives. Commonly used RAID types include RAID 0 (Data Striping), RAID 1 (Disk Mirroring) and RAID 5 (Striping with Distributed Parity). RAID configurations typically require SCSI disk drives (not IDE/EIDE) and may require identical drives (same capacity, brand, etc.). RAID arrays appear to the operating system as a single device. RC File A script file containing the startup instructions for a program (an application or even the operating system). The file, to be executed automatically when the operating system is started, contains a list of instructions (commands or other scripts) to run. RCS (Revision Control System) A suite of programs that controls shared access to files in a group environment and tracks text file changes. Generally used for maintaining programming source code modules. Rdev A utility for obtaining information about a Linux system. It is used to query and set the image root device, the video mode, the swap device and a RAM disk.
Redirection Symbol The > keyboard character. It is often used to send the output from a command to a text file. For example, ls -a > output.txt sends the current directory list to a file called output.txt. Repeating the command will replace the content of the file with new data. (Also, see Append Symbol and Piping Symbol.) RFS (Remote File Sharing) A program that lets the user access files on another computer as if they were on the users system. Root Operator The user ID with authority to perform all system-level tasks. (Also called Superuser) Root Window The underlying session in which the Linux desktop runs. RPM (RPM Package Manager) A packaging and installation tool for Internet downloads, included with some Linux distributions. It produces files with a .RPM extension. Similar to Dpkg.
(S) Script A set of commands stored in a file. Used for automated, repetitive, execution. Session A complete interaction period between the user and the operating system, from login to logoff.
www.wilshiresoft.com info@wilshiresfot.com
Shareware A form of commercial software, where it is offered as try before you buy. If the customer continues to use the product after a short trial period, they are required to pay a specified, usually nominal, fee. (Also, see Open Source and Public Domain.) Shell A text-mode window containing a command line interface to the operating system. Shell Prompt The user input area of a shell. Whereas in a DOS shell the command prompt is designated by a Greater Than (>) symbol, in Linux it is usually a Percent (%) symbol, Dollar sign ($) or other special character, depending on the shell used. Shell Script A script designed to be run automatically when a shell is started. SHTTP (Secure Hyper Text Transport Protocol) A secure, encrypted version of HTTP used for financial transactions and other private information sent via the Internet. Slash (/) The symbol used in file pathnames, instead of the backslash (\) used in the DOS/Windows and OS/2 operating systems. Source Code Programming commands in their raw state as input by a programmer. Some programming languages allow the commands to be executed on the fly by a program interpreter. Other languages require the commands to be compiled into executable programs (binaries) before they can be used. In the UNIX/Linux world, some software is distributed as source code only; other packages include both source and binaries; still others are distributed in binary format only. SPAM Unsolicited email. Currently it is estimated that world wide over 50% of all email is SPAM Spool (Simultaneous Peripheral Operation On-Line) To send data to a program that queues up the information for later use (for example, the print spooler). SQL (Structured Query Language) The language used for manipulating records and fields (rows and columns) in a relational database. Sometimes erroneously pronounced sequel. Steganography The practice of hiding one piece of information within another. One example is putting an invisible digital watermark in a digitized photograph. String A sequence of characters, as in a search string. Superuser Usually synonymous with root operator. Swap To temporarily move data (programs and/or data files) from random access memory to disk storage (swap out), or back (swap in), to allow more programs and data to be processed than there is physical memory to hold it. Also called Virtual Memory. Swap Space Where swapped data is temporarily stored on disk. Linux uses a dedicated disk partition for swap space, rather than a specific swap file. Symbolic link An alias or shortcut to a program or file. Sync To force all pending input/output to the disk drive. Syslog The UNIX/Linux System Logger, where all system messages or errors are stored.
(T) Tag A command in a markup language, such as HTML, to display information in a certain way, such as bold, centered or using a certain font. Tar (Tape ARchive) A file packaging tool included with UNIX/Linux for the purpose of assembling a collection of files into one combined file for easier archiving. It was originally designed for tape backup, but today can be used with other storage media. When run by itself, it produces files with a .tar extension. When combined with Gzip, for data compression, the resulting file extensions may be .tgz, .tar.gz or .tar.Z. Tarball A file created by the Tar utility, containing one or more other archived and, optionally, compressed files. TeX A popular macro-based text formatter. The basis for other such formatters, including LaTeX and teTeX. TFTP (Trivial File Transfer Protocol) A simplified version of FTP without authentication or many other basic features of FTP.
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Thread A small piece of programming that acts as an independent subset of a larger program, also called a process. A multithreaded program can run much faster than a monolithic, or single-threaded, program because several, or even many, different tasks can be performed concurrently, rather than serially (sequentially). Also, threads within a single application can share resources and pass data back and forth between themselves. Time-sharing A method of allowing multiple users to share a processor by allocating each user a portion of the processor resources on a timed basis and rotating each users processes within those time segments. (Also, see Multitasking.) Torvalds, Linus The original creator of the Linux kernel in 1991, holder of the Linux copyright, and currently still the coordinator of the Linux development project. Touch A command that changes the date/time stamp of a file without affecting the contents. TrueType Fonts A wide variety of fonts designed to be printer-independent, unlike PostScript fonts available for the Apple Macintosh and Windows. Not commonly used with UNIX/Linux. (Also, see BDF Fonts and PostScript Fonts.) Tux The name of the fictional Linux penguin mascot.
(U) UNIX UNIX began as a proprietary operating system developed by Bell Laboratories in the 1960s. It eventually spawned a number of mutually incompatible commercial versions from such companies as Apple (Mac OS X), Digital (Digital UNIX), Hewlett-Packard (HPUX), IBM (AIX), NeXT (NeXTSTEP) and others. UUCP A set of programs and protocols that have become the basis for a worldwide network of UNIX computers named after the UNIX to UNIX Copy Program.
(V) Virtual Desktop A method for expanding the users workspace beyond the boundaries of the computer screen. The desktop may be scrollable left and right, up and down, as if a larger desktop were positioned behind the glass screen and moved around to reveal icons, windows and other objects that were off-stage, or out of view. Alternatively, as with the KDE desktop, multiple buttons may be available, each of which displays an area of desktop equal to the size of the glass screen and which can each contain different objects. Virtual Machine Virtual Machines (VMs) are features of central processor chips that isolate an area of memory from the rest of the system. Because operating systems and applications run in a protected mode environment, if a program freezes in one Virtual Machine it will not affect the operation of the programs and operating systems running outside of that Virtual Machine. Virtual Memory The process of using a portion of disk space as a temporary storage area for memory synonymous with Swap. VRML (Virtual Reality Modeling Language) A primarily Web-based language used for 3D effects (such as building walk-throughs).
(W) Widget A graphical user interface programming object (button, scrollbar, radio button, etc.) for the X Window System. (Also, see X Window System.) Window Manager The graphical user interface (GUI) that runs on top of X Window to provide the user with windows, icons, taskbars and other desktop objects. Wine is a Windows compatibility layer. Wine does not require Microsoft Windows, as it is a completely alternative implementation consisting of 100% Microsoft-free code, but it can optionally use native system DLLs if they are available. This is what you would use if you wanted to run a windows program on a linux machine WineX is the equivilant of wine except it main strength is the ability to play games designed for Windows Working Directory Another name for the current directory, or the directory in which the user is currently working.
www.wilshiresoft.com info@wilshiresfot.com
Workspace Another name for the Root Window, or Desktop. Wrapper A program used to start another program.
(X) X Window System A graphical windowing environment for UNIX. The underlying programming required by many user interfaces (Also, see Desktop, Window Manager and XFree86.) X11 Version 11 of the X Window System. XDM (X Display Manager) User-friendly login front end for the X Window System. Often used in a cyber caf or campus environment where users who are not familiar with UNIX need occasional access. XFree86 A version of the X Window System for Linux. Used by GNOME, KDE and other Linux user interfaces/window managers. XHTML (extensible Hyper Text Markup Language) An enhanced version of HTML that supports programmerdefined extensions like XML. Ximian - was a company that provided open source desktop applications for Linux and UNIX based on the GNOME platform. XML (eXtensible Markup Language) A powerful new markup language for designing Web pages; an alternative to the older HTML, allowing programmers to define their own markup tags, or formatting commands.
(Y) Y (why) Y not? I needed something to go here. YaST Yest another Setup Tool same funciton and purpose as linuxconf. See linuxconf for more information.
(Z) Zip A popular form of file compression/archiving available on many operating system Platforms, including DOS/Windows, OS/2 and UNIX/Linux. Popular tools include PKZip/PKUnzip and Zip/Unzip. Not to be confused with the Iomega Zip disk, this is a removable storage device. (Confusingly, a zipped file can be stored on a Zip diskor not. They are unrelated.) Zipped files will have a .zip extension. Zone An area of a network under administrative or other control. In a name server configuration, a domain can be a zone. Zones can be further subdivided into subzones, each having its own administrators and servers. Zoo A format for compression and archiving available for UNIX/Linux. Files packaged this way sport a .zoo file extension.
www.wilshiresoft.com info@wilshiresfot.com
Page i
INDEX
1. Linux Introduction ...............................................................................................................................1 1.1. Open Source and Free Software ............................................................................................................. 1 1.1.1. History ............................................................................................................................................. 1 1.2. GPL and Open Source Licenses ............................................................................................................. 2 1.3. About Linux ............................................................................................................................................ 2 1.4. Current Support for Networking Services ................................................................................................. 3 1.5. Flexibility of Open Source Software ......................................................................................................... 3 2. The Linux Distribution Comparison....................................................................................................4 2.1 Red Hat Linux.......................................................................................................................................... 4 2.1.1 Fedora Linux..................................................................................................................................... 4 2.1.2 RedHat Enterprise Linux.................................................................................................................... 4 Server Solutions: ................................................................................................................................... 5 Client Solutions:..................................................................................................................................... 5 2.1.3 Red Hat Enterprise Linux system configuration limits.......................................................................... 6 2.2. Mandrake Linux ...................................................................................................................................... 7 2.3 SuSE Linux.............................................................................................................................................. 7 2.4 Debian GNU/Linux................................................................................................................................... 7 2.5 Slackware Linux ...................................................................................................................................... 8 2.6 Caldera OpenLinux.................................................................................................................................. 8 2.7. Top 6 Distributions.................................................................................................................................. 8 2.7.1 Evaluation Criteria and Description .................................................................................................... 9 2.7.2 Organizational Structure.................................................................................................................... 9 2.7.3 Ease of Installation Process............................................................................................................. 10 2.7.4 Commitment to Open Source........................................................................................................... 10 2.7.5 Per Seat Licensing .......................................................................................................................... 10 2.7.6 Target Market ................................................................................................................................. 11 2.7.7 Software Upgrades / Support........................................................................................................... 11 2.7.8 License Fee .................................................................................................................................... 11 3. Linux Installation............................................................................................................................... 12 3.1 Hardware Requirements ........................................................................................................................ 12 3.2 Planning the Installation ......................................................................................................................... 12 3.3 How Much Space Is Required? .............................................................................................................. 13 3.4 Partitioning Naming Conventions............................................................................................................ 14 3.5 Install Options........................................................................................................................................ 14 4. Boot Loaders ..................................................................................................................................... 16 4.1 Boot Loaders and System Architecture................................................................................................... 16 4.1.1 Features of GRUB........................................................................................................................... 16 4.1.2 File Names and Blocklists................................................................................................................ 18 4.1.3 GRUB's Root File System................................................................................................................ 18 4.1.4 GRUB Commands .......................................................................................................................... 19 4.1.5 GRUB Menu Configuration File........................................................................................................ 20 4.1.6 Configuration File Structure ............................................................................................................. 21 4.2 LILO...................................................................................................................................................... 21 4.2.1 LILO and the x86 Boot Process ....................................................................................................... 21 4.2.2 LILO versus GRUB ......................................................................................................................... 22 5. Linux Boot Process ........................................................................................................................... 24 5.1 Init, and Shutdown ................................................................................................................................. 24 5.1.1 Linux Run levels.............................................................................................................................. 24 5.2 System startup script /etc/rc.d/rc.sysinit .................................................................................................. 25 5.2.1 Controlling the boot time services using chkconfig.......................................................................... 27 Chkconfig Examples ............................................................................................................................ 27 5.2.2 The service command................................................................................................................... 27 6. Linux File System .............................................................................................................................. 29 6.1 Ex2 and Ext3 FIlesystem........................................................................................................................ 29 6.2 Preparing Partitions on Disks ................................................................................................................. 30 6.2.1 Device Naming Convention ............................................................................................................. 30 6.2.3 Adding a New Partition .................................................................................................................... 31 6.2.2 Verify the New Partition ................................................................................................................... 32
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page ii
6.3 Managing Swap Space .......................................................................................................................... 32 6.3.1 Creating Swap Space...................................................................................................................... 32 7. Overview of Linux File System Hierarchy Standard (FHS) ............................................................... 34 7.1 FHS Organization .................................................................................................................................. 34 The /dev/ Directory............................................................................................................................... 34 The /etc/ Directory................................................................................................................................ 34 The /lib/ Directory................................................................................................................................. 34 The /mnt/ Directory .............................................................................................................................. 34 The /opt/ Directory ............................................................................................................................... 34 The /proc/ Directory ............................................................................................................................. 35 The /sbin/ Directory.............................................................................................................................. 35 The /usr/ Directory ............................................................................................................................... 35 The /usr/local/ Directory ....................................................................................................................... 36 The /var/ Directory ............................................................................................................................... 36 7.1.2. /usr/local/ in Red Hat Linux............................................................................................................. 37 7.2. Special File Locations ........................................................................................................................... 37 7.3 Files in the /etc/sysconfig/ Directory........................................................................................................ 37 8. Linux Desktop Enviornments............................................................................................................ 39 8.1 GNOME ................................................................................................................................................ 39 8.2 KDE ...................................................................................................................................................... 41 9. Linux Accout Management................................................................................................................ 44 9.1 Managing User Accounts ....................................................................................................................... 44 9.1.2 Passwds............................................................................................................................................. 44 9.1.3 Files Controlling User Accounts and Groups .................................................................................... 44 /etc/passwd ......................................................................................................................................... 45 /etc/shadow ......................................................................................................................................... 45 /etc/group ............................................................................................................................................ 46 /etc/gshadow ....................................................................................................................................... 46 9.2 User Management Commands............................................................................................................... 47 Adding Users........................................................................................................................................... 48 Changing Passwords ............................................................................................................................... 48 Delete Users ........................................................................................................................................... 49 Setup User Aging................................................................................................................................. 49 9.3 Setting Up Quotas ................................................................................................................................. 49 9.3.1 Understanding Disk Quotas ............................................................................................................. 49 9.3.2 Settingup and configuring the Quotas .............................................................................................. 50 9.3.3 Initialize The Quota Table................................................................................................................ 51 9.4 Other Quota Topics................................................................................................................................ 52 9.4.1 Editing Group Quotas...................................................................................................................... 52 9.5 Using Sudo............................................................................................................................................ 52 9.5.1 What is SUDO?............................................................................................................................... 52 9.5.2 Example Using sudo ....................................................................................................................... 53 The visudo command............................................................................................................................... 53 Simple /etc/sudoers Examples ................................................................................................................. 53 10. Red Hat Package Manager (RPMs).................................................................................................. 55 10.1 Introduction.......................................................................................................................................... 55 10.2 What Is a Package? ............................................................................................................................. 55 10.2.1 What Is RPM?............................................................................................................................... 55 10.3.1 Listing Installed RPMs ................................................................................................................... 55 10.3.2 Listing Files Associated With RPMs ............................................................................................... 56 10.3.4 Listing Files For Already Installed RPMs ........................................................................................ 56 10.2 Managing RPMs .................................................................................................................................. 56 11. Linux Networking............................................................................................................................. 58 11.1 Configuring Your NIC's IP Address ....................................................................................................... 58 11.1.1 Determining Your IP Address......................................................................................................... 58 11.1.2 Changing Your IP Address ............................................................................................................ 58 11.1.3 network-scripts File Formats : ........................................................................................................ 59 11.2 Multiple IP Addresses On A Single NIC................................................................................................. 59 11.2.1 Viewing Your Current Routing Table .............................................................................................. 60 11.3 Convert Your Linux Server Into A Router .............................................................................................. 60 11.3.1 Configuring IP Forwarding ............................................................................................................. 60 11.4 Setting Up A Telnet Server................................................................................................................... 61
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page iii
11.5 Setting up rsh and rlogin ...................................................................................................................... 62 11.6 Configuring an FTP server ................................................................................................................... 62 12. NFS .................................................................................................................................................. 65 12.1 NFS Operational Overview................................................................................................................... 65 12.2 Important NFS Daemons...................................................................................................................... 65 12.3 Configuring NFS on The Server............................................................................................................ 65 12.3.1 The /etc/exports File...................................................................................................................... 65 12.4 Configuring NFS on The Client ............................................................................................................. 66 12.4.1 Starting NFS on the Client ............................................................................................................. 66 12.4.2 Making NFS Mounting Permanent ................................................................................................. 67 12.4.3 Activating Modifications To The /etc/exports File ............................................................................ 67 12.4.4 Deleting, Moving Or Modifying A Share.......................................................................................... 67 13. Centralized Logins Using NIS.......................................................................................................... 69 13.1 Introduction to NIS ............................................................................................................................... 69 13.2 Configuring The NFS Server for NIS..................................................................................................... 69 13.2.1 Configuring The NFS Client for NIS................................................................................................ 69 13.3 Configuring The NIS Server.................................................................................................................. 70 13.3.1 Required NIS Server Daemons...................................................................................................... 71 13.3.2 Initialize Your NIS Domain ............................................................................................................. 71 13.4 Managing NIS server ........................................................................................................................... 72 13.5 Configuring The NIS Client................................................................................................................... 73 14. DNS.................................................................................................................................................. 75 14.1 Introduction to DNS.............................................................................................................................. 75 14.2 Basic DNS Testing of DNS Resolution.................................................................................................. 75 14.4 Configuring DNS.................................................................................................................................. 76 14.3 The /etc/resolv.conf File ....................................................................................................................... 76 15.DHCP/Bootp...................................................................................................................................... 81 15.1 DHCP Operational Overview ................................................................................................................ 81 15.2 the /etc/dhcpd.conf File ........................................................................................................................ 81 15.2.1 Start the DHCP services................................................................................................................ 82 15.3 Configuring Linux Clients To Use DHCP............................................................................................... 83 16. Apache Web Server ......................................................................................................................... 84 16.1 Introduction - What is Apache............................................................................................................... 84 16.2. Configuring Apache............................................................................................................................. 84 16.2.1 Configure the /etc/httpd/conf/httpd.conf file..................................................................................... 85 16.3.1 Where To Put Your Web Pages ..................................................................................................... 89 16.3.2 Named Virtual Hosting................................................................................................................... 90 17. Sharing Resources Using SAMBA .................................................................................................. 92 17.1 Introduction.......................................................................................................................................... 92 17.2. Configuring SAMBA ............................................................................................................................ 92 17.3 Configuring SWAT (Samba Web Administration Tool) ........................................................................... 92 17.3.1 Basic SWAT Setup........................................................................................................................ 93 18. KICKSTART (Network Based Linux Inst over the NFS)................................................................... 94 18.1 Introduction.......................................................................................................................................... 94 18.2 Setting up the Installation Server .......................................................................................................... 95 18.2.1 Create the Installation Directories .................................................................................................. 95 18.2.3 Setup Your NFS Server ................................................................................................................. 95 18.2.4 Setup DNS and DHCP servers. ..................................................................................................... 96 18.2.5 Create Kickstart Configuration Files ............................................................................................... 96 18.3 Kickstart Configurator........................................................................................................................... 96 19. SQUID Proxy server....................................................................................................................... 101 19.1 Introduction to SQUID ........................................................................................................................ 101 19.2 Configuring SQUID ............................................................................................................................ 101 19.2.1 The /etc/squid/squid.conf File ...................................................................................................... 101 19.2.2 Access Control Lists.................................................................................................................... 102 19.2.3 Restricting Web Access by Time.................................................................................................. 102 19.2.4 Configure the Web Browsers to Use Your Squid Server................................................................ 103 20. IPTABLES (Netfilter) ...................................................................................................................... 104 20.1 What is iptables? ............................................................................................................................... 104 20.1.1 Overview..................................................................................................................................... 104 Capabilities........................................................................................................................................ 104 Packet STATES:................................................................................................................................ 105
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page iv
IPTABLES Examples ......................................................................................................................... 105 Saving iptable Scripts......................................................................................................................... 106 21. Linux Resource Monitoring........................................................................................................... 107 21.1 Resource Monitoring Commands........................................................................................................ 107 free ....................................................................................................................................................... 107 top ........................................................................................................................................................ 107 The GNOME System Monitor A Graphical top .................................................................................... 108 vmstat ................................................................................................................................................... 109 pstree.................................................................................................................................................... 109 21.2 The proc File System....................................................................................................................... 110 21.2.1 Top-level Files in the proc File System ..................................................................................... 111 22. Backups......................................................................................................................................... 114 22.1 Introduction........................................................................................................................................ 114 22.2 Different Data: Different Backup Needs .............................................................................................. 114 22.3 Types of Backups .............................................................................................................................. 114 22.3.1 Full Backups ............................................................................................................................... 115 22.3.2 Incremental Backups................................................................................................................... 115 22.3.3 Differential Backups .................................................................................................................... 115 22.4. Backup Media................................................................................................................................... 115 Tape ..................................................................................................................................................... 116 Disk....................................................................................................................................................... 116 Network................................................................................................................................................. 116 22.5 Red Hat Linux-Specific Information (applies to all versions)................................................................. 116 22.5.1 Software Support ........................................................................................................................ 116 22.5.2 Backup Utilities ........................................................................................................................... 117 tar ..................................................................................................................................................... 117 cpio ................................................................................................................................................... 117 AMANDA........................................................................................................................................... 117 dump/restore ..................................................................................................................................... 118 22.6 Working with dump/restore............................................................................................................... 118 22.6.1 Making backups with dump.......................................................................................................... 119 22.6.2 Restoring files with restore command ........................................................................................ 120 22.7 Managing the tape mt Command...................................................................................................... 121 23. Printers .......................................................................................................................................... 126 23.1. Types of Printers............................................................................................................................... 126 23.1.1. Printing Considerations............................................................................................................... 126 Function ............................................................................................................................................ 126 Cost .................................................................................................................................................. 127 23.6. Printer Languages and Technologies................................................................................................. 127 23.7. Networked Versus Local Printers....................................................................................................... 127 23.8 Printer Configuration .......................................................................................................................... 128 Printing a Test Page .......................................................................................................................... 132 Modifying Existing Printers ................................................................................................................. 133 Queue Name ..................................................................................................................................... 133 Queue Type....................................................................................................................................... 133 Printer Driver ..................................................................................................................................... 133 Driver Options.................................................................................................................................... 133 Saving the Configuration File.............................................................................................................. 134 Printer Configuration .......................................................................................................................... 134 Command Line Configuration ............................................................................................................. 135 Managing Print Jobs .......................................................................................................................... 136 Sharing a Printer................................................................................................................................ 138 Sharing a Printer with LPRng ............................................................................................................. 139 24.Upgrading the RedHat Linux Kernel............................................................................................... 141 24.1 Upgrading Kernel Step By Step .......................................................................................................... 141 25. Configuring Dumb Terminal .......................................................................................................... 145 26. Software RAID ............................................................................................................................... 146 26.1 RAID Types ....................................................................................................................................... 146 26.1.1 RAID 0........................................................................................................................................ 146 26.1.2 RAID 1........................................................................................................................................ 146 26.1.3 RAID 5........................................................................................................................................ 147 26.2 SCSI and IDE .................................................................................................................................... 148
www.wilshiresoft.com info@wilshiresfot.com Wilshire Software Technologies Ph: 2761-2214 / 6677-2214 / 6452-6173 Rev Dt: 15-Oct-08 Ver: 1
Page v
26.2.1 IDE Drives .................................................................................................................................. 148 26.2.2 SCSI Drives ................................................................................................................................ 148 26.3 Configure RAID In Single User Mode.................................................................................................. 149 26.3.1 Configuring Software RAID.......................................................................................................... 149 Edit the RAID Configuration File ......................................................................................................... 151 General Guidelines ............................................................................................................................ 151 26.3.2 Create the RAID Set.................................................................................................................... 151 Format The New RAID Set................................................................................................................. 151 Check The Status Of The New RAID .................................................................................................. 153 Glossary of Common Linux Terms ..................................................................................................... 154
www.wilshiresoft.com info@wilshiresfot.com