3116 Workbook

SUSE Linux Enterprise Server 11 SP2
Administration
Workbook
Novell Training Services www.novell.com

3116
A U T H O R I Z E D C O U R S E WA R E
Part # 100-005293-001-REV A
Version 1
Novell, Inc. Copyright 2013-EMPOYEE USE ONLY-NO COPYING, PRINTING, OR DISTRIBUTION ALLOWED.
Legal Notices Novell, Inc., has intellectual property rights relating to technology embodied in
the product that is described in this document. In particular, and without
Novell, Inc., makes no representations or warranties with respect to the contents limitation, these intellectual property rights may include one or more of the U.S.
or use of this documentation, and specifically disclaims any express or implied patents listed on the Novell Legal Patents Web page (http://www.novell.com/
warranties of merchantability or fitness for any particular purpose. Further, company/legal/patents/) and one or more additional patents or pending patent
Novell, Inc., reserves the right to revise this publication and to make changes to applications in the U.S. and in other countries.
its content, at any time, without obligation to notify any person or entity of such
revisions or changes. Novell, Inc.
1800 South Novell Place
Further, Novell, Inc., makes no representations or warranties with respect to any
software, and specifically disclaims any express or implied warranties of Provo, UT 84606
merchantability or fitness for any particular purpose. Further, Novell, Inc., U.S.A.
reserves the right to make changes to any and all parts of Novell software, at any www.novell.com
time, without any obligation to notify any person or entity of such changes.
Online Documentation: To access the latest online documentation for this and
Any products or technical information provided under this Agreement may be other Novell products, see the Novell Documentation Web page (http://
subject to U.S. export controls and the trade laws of other countries. You agree to www.novell.com/documentation).
comply with all export control regulations and to obtain any required licenses or
classification to export, re-export or import deliverables. You agree not to export
or re-export to entities on the current U.S. export exclusion lists or to any Novell Trademarks
embargoed or terrorist countries as specified in the U.S. export laws. You agree
For Novell trademarks, see the Novell Trademark and Service Mark list (http://
to not use deliverables for prohibited nuclear, missile, or chemical biological
www.novell.com/company/legal/trademarks/tmlist.html).
weaponry end uses. See the Novell International Trade Services Web page (http:/
/www.novell.com/info/exports/) for more information on exporting Novell
software. Novell assumes no responsibility for your failure to obtain any Third-Party Materials
necessary export approvals.
All third-party trademarks are the property of their respective owners.
Copyright © 2008 Novell, Inc. All rights reserved. No part of this publication
may be reproduced, photocopied, stored on a retrieval system, or transmitted
without the express written consent of the publisher.
Contents
SUSELni uxEnterpsi eServer1 SP2Adminstratoi n/Workbo k1
Introduction 7
Check the Media in Your Student Kit 7

Check Hardware and Software Requirements 8
Course Scenario 8
Set Up Your Practice Environment 9
Set Up da-host 10
Set Up da1 15
Set Up da2 15
Review the Exercise Conventions 16
SECTION 1 Install SUSE Linux Enterprise Server 11 SP2 17
Exercise 1-1 Install SUSE Linux Enterprise Server 11 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
SECTION 2 Manage System Initialization 23
Exercise 2-1 Manage the Boot Loader. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

Exercise 2-2 Manage Runlevels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Part I: View and Change the Current Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Part II: Activate the atd Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Part III: Set a Runlevel at Boot Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Part IV: Enable rsyncd with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
SECTION 3 Administer Linux Processes and Services 31
Exercise 3-1 Manage Linux Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Part I: Move Processes to the Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Part II: Modify Process Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
SECTION 4 Administer the Linux File System 37
Exercise 4-1 Configure Partitions on your Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Part I: Create Partitions and File Systems with YaST . . . . . . . . . . . . . . . . . . . . . . 38
Part II: Partition Manually with fdisk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Part III: Manage File Systems from the Command Line . . . . . . . . . . . . . . . . . . . . 42
Exercise 4-2 Manage File Systems from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Part I: Run e2fsck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Part II: Customize the File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Exercise 4-3 Create Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Part I: Create LVM Physical Volumes, a Volume Group, and Logical
Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Part II: Resize an LVM Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Exercise 4-4 Set Up and Configure Disk Quotas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3
To report suspected copying, please call 1-800-PIRATES.
SUSE Linux Enterprise Server 11 SP2 Administration / Workbook
SECTION 5 Configure the Network Manually 53
Exercise 5-1 Configure the Network Connection Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

Part I: Note the Current Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Part II: Delete the Current Network Setup with YaST . . . . . . . . . . . . . . . . . . . . . . 54
Part III: Configure the Network Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Part IV: Save the Network Connection to an Interface Configuration File . . . . . . 55
SECTION 6 Manage Hardware 57
Exercise 6-1 Manage Linux Kernel Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Exercise 6-2 Obtain Hardware Configuration Information in YaST . . . . . . . . . . . . . . . . . . . . . . 59
Exercise 6-3 Modify udev Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
SECTION 7 Configure Remote Access 63
Exercise 7-1 Practice Using OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Exercise 7-2 Perform Public Key Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Exercise 7-3 Use Remote Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Part I: Remotely Access a Text-Based Version of YaST . . . . . . . . . . . . . . . . . . . . 68
Part II: Remotely Access the GUI Version of YaST . . . . . . . . . . . . . . . . . . . . . . . 68
Part III: Configure Remote Administration with YaST . . . . . . . . . . . . . . . . . . . . . 69
Part IV: Access Your da1 Server Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Exercise 7-4 Use Nomad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
SECTION 8 Monitor SUSE Linux Enterprise Server 11 73
Exercise 8-1 Gather Information on your SLES 11 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Exercise 8-2 Manage System Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Part I: Modify the syslog-ng Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Part II: Configure logrotate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
SECTION 9 Administer Linux Processes and Services 81
Exercise 9-1 Schedule Jobs with cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Part I: Schedule Jobs with at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Part II: Schedule Jobs with cron . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
SECTION 10 Manage Backup and Recovery 85
Exercise 10-1 Back Up System Files with YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Exercise 10-2 Create Backup Files with tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Part I: Create a Full Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Part II: Create an Incremental Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Exercise 10-3 Work with Snapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Exercise 10-4 Create Drive Images with dd (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Exercise 10-5 Back Up a Home Directory with rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Part I: Perform a Local Backup with rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Part II: Perform a Remote Backup with rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Exercise 10-6 Configure a cron Job for Data Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
SECTION 11 Administer User Access and Security 97
Exercise 11-1 Configure PAM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Exercise 11-2 Configure sudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Exercise 11-3 Configure the Password Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Exercise 11-4 Use ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Part I: Configure the ACL of a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Part II: Configure a Default ACL for a Directory . . . . . . . . . . . . . . . . . . . . . . . . 105
Part III: Delete an ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Exercise 11-5 Configure SuSEfirewall2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Introduction
Introduction
This workbook is designed to help you practice the skills associated with SUSE Linux
Enterprise Server 11 Administration (Course 3116) objectives.
These skills, along with those taught in SUSE Linux Enterprise Server 11
Fundamentals (Course 3115), prepare you to take the Novell Certified Linux
Administrator 11 (Novell CLA 11) certification test.
Before starting the exercises in this workbook, you need do the following:
 “Check the Media in Your Student Kit” on page 7
 “Check Hardware and Software Requirements” on page 8
 “Course Scenario” on page 8
 “Set Up Your Practice Environment” on page 9
 “Review the Exercise Conventions” on page 16
Check the Media in Your Student Kit

Your kit for Course 3116 contains the following media:
 3116 Course Manual. Printed course manual that contains instructional and
reference content.
 3116 Workbook. Printed workbook that contains step-by-step instructions for
setting up and completing the 3116 course exercises.
 Course 3116– SUSE Linux Enterprise Server 11 SP2 Administration Course
DVD. This DVD contains the course manual in PDF format, this workbook in
PDF format, and a readme file.
In addition, there are several directories with the following content:
 exercises. This directory contains files used for course exercises.
 setup. This directory contains files you need to set up your practice
environment.
 VMs. This directory contains Virtual Machines used in the course.
 SUSE Linux Enterprise Server 11 SP2 Product DVD
 SUSE Linux Enterprise Desktop 11 SP2 Product DVD
Check Hardware and Software Requirements

The following table lists the minimum hardware and software requirements for this
course:
Table Intro-1 Course 3116 Hardware and Software Requirements
Setup Minimum Requirements
Hardware You need a host computer that meets the

following requirements:
Pentium 4 - 2.8Ghz CPU (or faster; use

of x86_64 hardware is recommended)
Monitor and Graphics Card capable of
displaying 1280x1024 (or higher)
resolution
4 GB (or more) RAM
60 GB (or more) hard disk drive
DVD drive
Make sure that the host computer is actually

utilizing the full 4 GB of RAM. If not, exercises
can run extremely slow or even stall a
process.
Software To complete the setup of the host computer,

you need the following software, software
installation files, and DVD:
SUSE Linux Enterprise Server 11 SP2
You use this software to install da-host.

VMware Player 4.x.x or 5.x.x
Adobe Reader 9.x
SUSE Linux Enterprise Server 11 SP2
Administration Course DVD
The Course DVD contains software and
files needed for setup and exercises.
Course Scenario
The exercises in this course center around the fictional Digital Airlines Company that
has offices at various airports around the globe.
The Digital Airlines management has made the decision to migrate several back-end
services to Linux servers running SUSE Linux Enterprise Server 11 SP2.
Your task is to set up a lab environment with SUSE Linux Enterprise Server 11 SP2
and to familiarize yourself with it.
Introduction
You need to learn how to do the following to be able to adminster SLES 11 SP2 in
Digital Airlines IT environment:
 Install SUSE Linux Enterprise Server 11 SP2
 Manage system initialization
 Administer Linux processes and services
 Administer storage
 Configure the network
 Manage hardware
 Configure remote access
 Monitor a SUSE Linux Enterprise Server 11 SP2 system
 Automate tasks
 Manage backup and recovery
 Administer user access and security
Set Up Your Practice Environment

To perform the exercises in this workbook, you need a physical machine (da-host,
172.17.8.1/16) that has SUSE Linux Enterprise Server 11 SP2 installed.
You also need a VMware virtual machine (da1, 172.17.8.101/16) which will be
installed with SUSE Linux Enterprise Server 11 SP2 in Exercise 1 of Section 1. An
empty (uninstalled) VMware virtual machine is provided on the DVD for this
purpose, but you can as well just use VMware player to create the needed disk files.
The Course 3116 DVD contains an additional SLES 11 SP2 VMware virtual machine
(da2, 172.17.8.102/16) that uses BtrFS for the / file system for use in the snapper
exercise in Section 10.
The following explains how to set up your computer to do the exercises. You have to
do the following:
 “Set Up da-host” on page 10
 “Set Up da1” on page 15
 “Set Up da2” on page 15
Set Up da-host
da-host is the machine where you work most of the time during the exercises. This
machine will host the da1 VMware virtual machine that you install in Section 1 of the
course.
To install da-host, you can use one of the following methods:
 “Install da-host Using AutoYaST” on page 10
 “Install da-host Manually” on page 11
After that, you have to do the following task:
 “Install VMware Player” on page 14
Install da-host Using AutoYaST
On the course CD in the setup directory, you can find an AutoYaST XML file for
the installation of da-host, called 3116-da-host.xml. Depending on your host’s
hardware, copy the file to another storage device:
Table Intro-2 Copies of da-host.xml
Available Hardware Storage Location for da-host.xml
2 CD/DVD drives No copy needed
Floppy disk drive Copy to floppy disk
USB port Copy to USB stick or USB hard drive
NFS and DHCP server in your network Copy into the exported directory on your NFS
server
To install da-host using AutoYaST, do the following:

1. Be sure there are no data on the server that you still need, because all existing
data on the hard disk will be erased.
2. Boot the server from the SUSE Linux Enterprise Server 11 SP2 Product DVD. If
your hardware supports it, use the x86_64 DVD, otherwise the DVD for the i586
architecture.
3. When the installation screen appears, highlight the Installation option by using
the arrow keys.
You have 20 seconds to highlight the option before GRUB boots from the hard
drive.
4. Set the display resolution by pressing F2; then select the display resolution
matching your monitor; it should not be less than 1024x768.
5. Insert the media containing the file 3116-da-host.xml.
Introduction
6. In the Boot Options field, type the following (depending on the media containing
the 3116-da-host.xml file):
 3116-da-host.xml on the course DVD:
autoyast=dvd:///setup/3116-da-host.xml instmode=cd
 3116-da-host.xml on a floppy disk:
autoyast=floppy:///3116-da-host.xml instmode=cd
 3116-da-host.xml on a USB device:
autoyast=usb:///3116-da-host.xml instmode=cd
 3116-da-host.xml on an NFS server:
autoyast=nfs://IP-address/path_to_file/3116-da-
host.xml netsetup=dhcp
Then press Enter.
The kernel loads and the SUSE Linux Enterprise Server 11 SP2 installation
begins.
YaST accesses the file 3116-da-host.xml and installs SLES 11 SP2
according to the configuration contained in that file.
7. (Conditional) If the installation stops at some early point, reset the computer,
restart the installation and try one of the other installation options, like
Installation—ACPI Disabled.
Install da-host Manually
To install da-host manually, do the following:

1. Boot your Workstation with the SUSE Linux Enterprise Server 11 SP2 DVD.
Wait while the machine boots.
2. When the GRUB installation screen appears, highlight the Installation option by
using the arrow keys.
You have 20 seconds to highlight the option before GRUB boots from the hard
drive.
3. Set the display resolution by pressing F2, then select the display resolution that
matches your monitor. It should not be less than 1024x768.
4. In the Welcome dialog, do the following:
a. Make sure that the correct keyboard layout is selected in the Keyboard
Layout menu. If not, select Keyboard Layout and choose your layout.
b. Select I Agree to the License Terms, then click Next.
5. In the Media Check, click Next.
6. From the Installation Mode dialog, make sure that New Installation is selected,
then click Next.
7. Configure your time zone information by doing the following:

a. From the Clock and Time Zone dialog, select your time zone, then click
Change.
b. Set the Current Time and Current Date to match your current time and date;
then select Accept.
Time is set according to the 24-hour clock format. The date format is dd/
mm/yyyy.
c. Click Next.
8. In the Server Base Scenario dialog, ensure that Physical Machine is selected,
then click Next.
9. From the Installation Settings dialog, do the following:
a. Check the suggested partitioning under the Partitioning heading. If it does
not list partition 1 (/dev/sda1) for swap and partition 2 (/dev/sda2) for /
(root), do the following:
i. Select Partitioning.
The Preparing Hard Disk dialog appears.
ii. Select your hard disk (the first hard disk entry), then click Next.
iii. Click Use entire hard disk.
iv. Make sure none of the Proposal setup settings are selected, then select
Next.
You are returned to the Installation Settings overview dialog.
b. To install software that is not included in the default selection, do the
following:
i. Select Software from the Installation Settings dialog.
ii. Select the following Patterns:
File Server
Mail and News Server
Web and LAMP Server
DHCP and DNS Server
Directory Server (LDAP)
C/C++ Compiler and Tools
Select Accept.
iii. When prompted to accept software licenses, click Accept.
iv. When prompted to review the automatic changes, click Continue.
You are returned to the Installation Settings overview dialog.
c. Click Install.
d. When prompted to confirm the installation, click Install.
Wait while the initial installation is performed. After the initial installation is
complete, SLES 11 SP2 restarts.
Introduction
10. In the Password for the System Administrator “root” dialog, as password type
novell, then click Next. Confirm the warning by clicking Yes.
11. In the Hostname and Domain Name dialog type the following information:
 Hostname: da-host
 Domain Name: digitalairlines.com
 Change Hostname via DHCP: Deselect
 Assign Hostname to Loopback IP: Deselect
Click Next to continue.
12. In the Network Configuration dialog, configure your network settings by doing
the following:
a. From the Network Configuration dialog, beneath the Firewall entry, click on
disable next to Firewall is enabled.
The line will change to Firewall is disabled.
b. From the Network Configuration dialog, select Network Interfaces >
Hostname/DNS tab.
In the Name Server 1 field, enter 172.17.8.1 and make sure that
digitalairlines.com appears in the Domain Search field, then click OK.
13. From the Test Internet Connection dialog, select No, Skip This Test, then click
Next.
14. In the Installation Overview dialog, make sure that Use Following Configuration
is selected.
Under CA Management, make sure that the Server Name is da-
host.digitalairlines.com and the E-Mail is postmaster@digitalairlines.com. If
not, select CA Management > Edit Default Settings and correct the Server Name
to da-host.digitalairlines.com and E-Mail to postmaster@digitalairlines.com.
Click Next to return to the Installation Overview dialog.
15. In the User Authentication dialog, make sure Local (/etc/passwd) is selected,
then click Next.
16. In the New Local User dialog, enter the following, then click Next
 User’s Full Name: Geeko Novell
 Username: geeko
 Password: novell
 Confirm Password: novell
Confirm the warning by clicking Yes.
17. In the Release Notes dialog, click Next.
18. In the Hardware Configuration dialog, make sure that the values for Resolution
and Monitor are correct for your hardware, then click Next.
19. In the Installation Completed dialog, click Finish.
The installation is completed and the SLES 11 login screen appears.
20. Remove the SUSE Linux Enterprise Server 11 SP2 DVD from your DVD drive.
Install VMware Player
To install VMware Player on da-host, do the following:

1. Download the VMware Player for Linux software (for i386 or x86_64,
depending on the architecture of SLES 11 SP2 installed on da-host) from
www.vmware.com (http://www.vmware.com/go/downloadplayer/) and copy it to
the /tmp/ directory.
2. Log in to the graphical desktop as root (password: novell).
3. Open a terminal and install VMware Player by entering
bash /path/to/VMware-Player-4.x.x-x.arch.bundle
Follow the prompts to install VMware Player.
4. Create a /vmware directory and make it writable for regular users:
mkdir -m 1777 /vmware
5. Unpack the da1-3116.zip and da2-3116.zip archives from the setup directory
on the Student DVD:
cd /vmware
unzip /path/to/da1-3116.zip
chown -R geeko: /vmware/3116-da1
unzip /path/to/da1-3117.zip
chown -R geeko: /vmware/3117-da1
6. On da-host, create the /etc/sysconfig/network/ifcfg-vmnet1 file
with the following content:
BOOTPROTO='static'
STARTMODE='auto'
USERCONTROL='no'
IPADDR='172.17.8.1/16'
7. To make sure the settings in the file take effect, reboot your computer.
8. After the reboot, log in as geeko and open a terminal window.
9. In the terminal window, enter ip a s dev vmnet1.
You should see an output similar to the following:
Introduction
da-host:~ # ip a s dev vmnet1

6: vmnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 1000
link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.172.1/24 brd 192.168.172.255 scope global
vmnet1
inet 172.17.8.1/16 brd 172.17.255.255 scope global vmnet1
inet6 fe80::250:56ff:fec0:1/64 scope link
valid_lft forever preferred_lft forever
The other address you see in the output above (192.168.172.1/24) is the address
VMware Player assigns to the interface. It is not relevant, as da1 uses a fixed IP
address (172.17.8.101/16) and does not rely on IP addresses being distributed by
VMware Player via DHCP.
Set Up da1
da1 is a SUSE Linux Enterprise Server 11 SP2. This virtual machine is installed in
Exercise 1 of Section 1 and then used in some of the subsequent exercises.
As the machine will be installed as par of an exercise, there is no setup required at
this point beyond the copying of the files described under “Install VMware Player”
on page 14.
Set Up da2
da2 is a SUSE Linux Enterprise Server 11 SP2 with BtrFS used as the / (root) file
system. This virtual machine is used in Section 10 (but you could also use it as a
replacement for da1 in other Sections if you, for some reason, did not install da1 in
Section 1).
To set up the machine, do the following:
1. As user Geeko, open the main menu, click More Applications and select System
> VMware Player.
2. In the End User License Agreement dialog, click Accept.
3. (Optional) If you are prompted to download available updates, click Cancel.
4. Click Open an existing Virtual Machine.
5. Navigate to the /vmware/3116-da2 directory and select 3116-da2.vmx,
then click Open.
6. Select da2 in the left pane and click Play virtual machine.
When prompted whether you moved or copied the VM, click I copied it.
The virtual machine starts.
7. To change the keyboard layout within the virtual machine from US English to
another one, do the following:
a. Log in as user geeko (password novell).
b. Start YaST (root password: novell) and select System > Language.
c. Set Primary Language to your language and select Adapt Keyboard Layout
to your language and click OK.
d. Close the YaST Control Center
8. Open a terminal window and ping da-host with the following command:
ping da-host.digitalairlines.com
You should see echo replies.
9. Shut down da2 until you need it.
Review the Exercise Conventions

When working through an exercise, you will see conventions that indicate
information you need to supply that is specific to your server.
The following describes the most common conventions:
 italicized/bolded text: This is a reference to a variable that is unique to your
situation, such as the hostname of your server.
For example, if the hostname of your server is da1, and you see the following,
hostname.digitalairlines.com
then you would enter
da1.digitalairlines.com
 172.17.8.xx: This is the IP address that is assigned to your SUSE Linux
Enterprise system.
For example, if your IP address is 172.17.8.101, and you see the following:
172.17.8.xx
then you would enter
172.17.8.101
 Select: The word select is used in exercise steps to indicate a variety of actions
including clicking a button on the interface and selecting a menu item.
 Enter and Type: The words enter and type have distinct meanings.
The word enter means to type text in a field or at a command line and press the
Enter key when necessary. The word type means to type text without pressing the
Enter key.
If you are directed to type a value, make sure you do not also press the Enter key
or you might activate a process that you are not ready to start.
Install SUSE Linux Enterprise Server 11 SP2
SECTION 1 Install SUSE Linux Enterprise Server 11 SP2
In this section of the workbook, you learn how to do the following:

 “Install SUSE Linux Enterprise Server 11 SP2” on page 18
In this exercise, you install SUSE Linux Enterprise Server 11 SP2.
Exercise 1-1 Install SUSE Linux Enterprise Server 11 SP2

In this exercise, you install a SUSE Linux Enterprise Server 11 SP2 system. Use the
following specifications as a guideline for the installation:
 Create the following partitions:
 1 GB swap partition.
 6 GB for / (You should leave unpartitioned space on the hard disk to add
partitions in later exercises).
 Use default software patterns, but add the C/C++ Compiler and Tools pattern.
 root password: novell
NOTE: This password is not appropriate for a production environment.
 Use a static IP address:

 IP address: 172.17.8.101
 Network mask: 255.255.0.0
 Hostname: da1
 Domain name: digitalairlines.com
 Name server: 172.17.8.1
 Default gateway: none
 Use local authentication. Create a geeko user account with a password of novell.
 Skip the online update.
To install SLES 11 SP2, do the following:
1. Insert your SLES 11 SP2 installation DVD into your host workstation’s DVD
drive.
2. As user Geeko, open the main menu, click More Applications and select System
> VMware Player.
3. In the End User License Agreement dialog, click Accept.
4. (Optional) If you are prompted to download available updates, click Cancel.
5. Click Open a Virtual Machine.
6. Navigate to the /vmware/3116-da1 directory and select 3116-da1.vmx,
then click Open.
7. Select da1 in the left pane and click Play virtual machine.
The virtual machine starts.
8. When the GRUB installation screen appears, select Installation with the arrow
keys and then press Enter.
Wait while Linux is loaded and the YaST Installation module starts.
9. In the Welcome dialog, select your language and your keyboard layout from the
Language and Keyboard Layour drop-down menus
NOTE: Although you can select any available language, the exercises in this manual are
written for English US.
10. In the same dialog, select I Agree to the License Terms, then click Next.
11. In the Media Check screen, click Next.
Wait while the system hardware is probed.
12. In the Installation Mode dialog, select New Installation, then click Next.
13. In the Clock and Time Zone dialog, select your time zone and deselect Hardware
Clock Set To UTC.
14. In the Server Base Scenario screen, select Physical Machine, then click Next.
The Installation Settings proposal dialog appears.
15. Change the partitioning settings by selecting Partitioning.
16. In the Prepare Hard Disk dialog, select Custom Partitioning (for experts), then
click Next.
17. Create a swap partition by doing the following:
a. Under System View, select Hard Disks > sda.
b. Select Add.
c. Select Primary Partition, then click Next.
d. Select Custom Size, then enter a size of 1 GB.
e. Click Next.
f. From the File System drop-down list, select Swap.
g. Add the swap partition by clicking Finish.
18. Create the root partition by doing the following:
a. Select Add.
b. Select Primary Partition, then click Next.
c. Select Custom Size; then enter a size of 6 GB.
d. Click Next.
e. Configure the following options:
 Select Ext3 from the File System drop-down list.
 Select / from the Mount Point drop-down list.
f. Add the root partition by clicking Finish.
In the Expert Partitioner, you should now see two partitions, one for swap
with 1 GB and one for / with 6 GB.
19. Confirm the partitioning setup and return to the Installation Settings by clicking
Accept.
20. In the Installation Settings Overview, select Software.
21. Under Patterns, scroll down as needed and select C/C++ Compiler and Tools.
Click OK to return to the Installation Settings dialog.
If prompted to accept license agreements for packages to be installed, select
Accept.
22. In the Installation Settings dialog, click Install.
23. In the confirmation dialog, click Install.
Wait while the disk is partitioned and the packages are installed. This may take
up to 30 minutes to complete, depending on the hardware.
The system will reboot after the software installation.
24. In the Password for the System Administrator “root” screen, enter novell in the
password fields.
Confirm the password warning by clicking Yes.
25. In the Hostname and Domain Name dialog, enter da1 in the Hostname field and
digitalairlines.com in the Domain Name field.
Deselect Change Hostname via DHCP.
Deselect Assign Hostname to Loopback IP.
26. In the Network Configuration screen under Firewall, click disable next to
Firewall is enabled.
The entry will change to Firewall is disabled.
27. Select Network Interfaces.
28. In the Network Settings dialog, select the first detected network card, then click
Edit.
29. In the Network Card Setup dialog, do the following:
 Select Statically Assigned IP Address.
 In the IP Address field, enter 172.17.8.101.
 In the Subnet Mask field, enter 255.255.0.0.
 In the Hostname field, enter da1.digitalairlines.com.
Click Next to return to the Network Settings dialog.
30. Select the Hostname/DNS tab.
Your hostname and domain name should already be filled. If not, enter a
Hostname of da1 and the Domain Name digitalairlines.com.
As Name Server 1, enter 172.17.8.1
NOTE: Because this virtual machine runs in host-only mode, it is isolated from the rest of your
network. In a production environment, you would configure a gateway router address.
31. Return to the Network Configuration dialog by selecting OK.

32. Continue with the installation by clicking Next.
33. In the Test Internet Connection dialog, select No, Skip This Test, then click Next.
34. In the Network Services Configuration, make sure that the values under CA
Management are correct.
If there are incorrect values, correct them by clicking on CA Management > Edit
Default Settings. Correct entries as needed and return to the Network Services
Configuration dialog by clicking Next twice.
35. In the User Authentication Method screen, select Local (/etc/passwd), then click
Next.
36. In the New Local User screen, add a user named geeko by entering the following:
 User’s Full Name: Geeko
 User Login: geeko
 Password: novell
37. Create the user by clicking Next.
38. Confirm the password warning by clicking Yes.
39. In the Release Notes screen, review the release notes, then click Next.
40. In the Hardware Configuration dialog, review the settings suggested under
Graphics Cards and correct them as needed, then click Next.
41. Complete the installation process by clicking Finish.
Wait while an AutoYaST profile is created and the graphical login is loaded.
Log in as geeko (password novell).
42. (Conditional) If your da-host machine has an Internet connection, you can install
VMware Tools in your SLES 11 virtual machine by doing the following:
a. In your VMware window, select Virtural Machine > Removable Devices >
CD/DVD > Disconnect.
b. In your VMware window, select Virtual Machine > Install VMware Tools >
Download and Install > Install.
c. When prompted for the root user’s password, enter novell.
A File Browser window opens displaying the files on the VMware Tools
.tgz file.
d. Double-click the .tgz file.
In the File Roller window that opens up, select Extract and then select a
directory for the vmware-tools-distrib directory, such as geeko’s
home directory.
The files will be extracted to the location you specify.
e. Open a terminal window by right-clicking on the desktop and selecting Open
in Terminal.
In that terminal, change to the root account by entering su - and the
password novell when prompted.
f. Change into the vmware-tools-contrib directory by entering
cd /home/geeko/vmware-tools-distrib
g. At the shell prompt, enter ./vmware-install.pl.
h. Accept the suggested default values by pressing Enter.
Several modules will be compiled.
i. When prompted to configure your screen resolution, enter the appropriate
menu option for 1024x768.
j. In your VMware window, select Virtual Machine > Removable Devices >
CD/DVD > Connect to /dev/sr0.
k. When prompted for the root user’s password, enter novell and click
Authenticate.
l. Close the File Browser window.
m. Reboot the system by entering init 6 at the shell prompt.
(End of Exercise)
Manage System Initialization
SECTION 2 Manage System Initialization

 “Manage the Boot Loader” on page 24
In this exercise, you practice booting into a shell and modifying /boot/grub/
menu.lst.
 “Manage Runlevels” on page 27
In this exercise, you practice configuring runlevels.
Exercise 2-1 Manage the Boot Loader

In this exercise, you practice booting into a shell and modifying /boot/grub/
menu.lst.
You enter init=/bin/bash at the boot prompt and modify /boot/grub/menu.lst
to require a password before kernel parameters can be modified. You then test the
new GRUB configuration.
NOTE: This exercise will not work with SUSE Linux Enterprise Server 11 SP2 running on physical
hardware with a USB keyboard. USB drivers are usually loaded late in the init process. If your
machine is equipped with a USB keyboard, you have to add the modules to the initial RAM disk for
this exercise to work.
To do this with a USB keyboard, complete the following steps first:

Find out which USB modules are loaded by entering lsmod in a terminal window. Then start the
YaST Control Center, and select System > /etc/sysconfig Editor. Expand System > Kernel. In
INITRD_MODULES, add the appropriate modules (such as usbhid, uhdi_hcd, and/or ehci_hcd).
Close the dialogs. In a terminal window (as root), enter mkinitrd.
Complete the following:

1. If your da1 virtual server is suspended, resume it. If it is turned off, turn it on and
continue with Step 6.
2. If necessary, log in to da1 as geeko (password of novell).
3. Right-click on the desktop, then select Open in Terminal.
4. In the terminal window, enter su - followed by a password of novell.
5. Reboot the system by entering init 6 at the shell prompt.
6. When the GRUB boot menu is displayed, press Space to stop the timer.
7. In the Boot Options field, replace the vga=0xxxx option with init=/bin/bash
amd press Enter.
After a few moments, the bash prompt is displayed:
8. Enter mount to find out if the root (/) partition is mounted writable. If not,
remount the root partition read-writable by entering
mount -o remount,rw,sync /
9. At the shell prompt, enter vi /boot/grub/menu.lst.
10. Press Ins.
11. Position the cursor at the beginning of the line starting with “gfxmenu”.
12. Comment out the line by inserting a pound sign (#) in front of the line starting
with “gfxmenu”.
13. To avoid having the password displayed in clear-text in the configuration file,
create an MD5-Hash encrypted password by doing the following within vi:
a. Add a new, blank line after the “gfxmenu” line you just commented out.
b. Press Esc.
c. Enter :r! echo -e “secret\nsecret” | grub-md5-
crypt.
This runs an external command from within the vi editor. The echo
command sends the secret and secret text strings to the standard input
of the grub-md5-crypt command.
The grub-md5-crypt command uses these strings as input for its
Password: and Retype Password: prompts. It then encrypts the password.
The output from grub-md5-crypt command is inserted into the file,
including the encrypted password:
# Modified by YaST2. Last modification on Wed Sep 26
10:10:28 CEST 2012
default 0
timeout 8
##YaST - generic_mbr
#gfxmenu (hd0,1)/boot/message
stty: standard input: Invalid argument

Password:
Retype password:
$1$Ihe5r0$4H7xQDaVkzAmL93O7145w0
##YaST - activate
###Don't change this comment - YaST2 identifier: Original

name: linux###
title SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27
root (hd0,1)
kernel /boot/vmlinuz-3.0.13-0.27-pae root=/dev/sda2
resume=/dev/sda1 splash=silent showopts vga=0x317
initrd /boot/initrd-3.0.13-0.27-pae
...
d. Arrow up to the first line that reads
stty: standard input: Invalid argument.
e. Type dd to delete the line.
f. Repeat this process to delete the following lines:
Password:
Retype Password:
g. Press Ins.
h. At the beginning of the line with the encrypted password, enter
password --md5.
An example is shown below:
# Modified by YaST2. Last modification on Wed Sep 26

10:10:28 CEST 2012
default 0
timeout 8
##YaST - generic_mbr
#gfxmenu (hd0,1)/boot/message
password --md5 $1$Ihe5r0$4H7xQDaVkzAmL93O7145w0
##YaST - activate
###Don't change this comment - YaST2 identifier: Original

name: linux###
title SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27
...
Your hash value will be different than that shown above.
i. Save the file by pressing Esc and then entering :wq.
14. Reset the computer by entering reboot at the shell prompt.
You will notice that the start screen looks different now, because you turned off
the graphical menu.
15. If you want to edit the kernel command line, press p and then enter a password of
secret.
16. Select the SUSE Linux Enterprise Server 11 SP2 menu option and press Enter.
Wait while the system boots.
17. Undo the changes in /boot/grub/menu.lst:
a. Log in as geeko with a password of novell.
b. Open a terminal window and su - to root using a password of novell.
c. At the shell prompt, enter vi /boot/grub/menu.lst.
d. Press Ins.
e. Put a comment sign (#) at the beginning of the line beginning with
“password”.
f. Remove the comment sign in front of the line starting with “gfxmenu”.
g. Save the file and close vi by pressing Esc and entering :wq.
h. At the shell prompt, enter exit twice.
(End of Exercise)
Exercise 2-2 Manage Runlevels

In this exercise, you practice configuring runlevels.
This exercise has four parts.
In the first part, you use the runlevel command to determine the current runlevel.
You also use the init command to change to runlevel 3 and then back to 5.
In the second part, you activate the at service atd.
In the third part, you reboot your computer and boot into runlevel 3 instead of the
default runlevel 5. You then log in and switch to back to runlevel 5.
In the fourth part, you activate the rsyncd daemon using the YaST runlevel editor.
 “Part I: View and Change the Current Runlevel” on page 27
 “Part II: Activate the atd Service” on page 28
 “Part III: Set a Runlevel at Boot Time” on page 29
 “Part IV: Enable rsyncd with YaST” on page 30
Part I: View and Change the Current Runlevel

To view and change the current runlevel, do the following:
1. If necessary, log in to your da1 server as geeko with a password of novell.
2. Open a terminal window and su - to root using a password of novell.
3. Check the previous and current runlevels by entering runlevel at the shell
prompt.
List the runlevels in the table below:
Table 2-1 Runlevels
Previous Current
Notice that the previous runlevel is listed as N, which means that there was no
previous runlevel set.
4. Change to runlevel 3 by entering init 3 in the terminal window.
The graphical environment is terminated and you are left at a terminal login
prompt.
5. Log in as root with a password of novell.
6. Check the previous and current runlevel by entering runlevel.
List the runlevels in the table below:
Table 2-2 Runlevels
Previous Current
7. Switch to runlevel 5 by entering init 5.

The GUI login screen appears.
8. Log in as geeko with a password of novell.
Part II: Activate the atd Service

To activate the atd service, do the following:
1. Open a terminal window.
2. At the shell prompt, su - to root with a password of novell.
3. View the current runlevel configuration for atd by entering
chkconfig atd -l
at the shell prompt.
Notice that configuration is off for all runlevels.
4. Install the service to its predefined runlevels by entering
insserv -d atd
5. Check the modified runlevel configuration for atd by entering chkconfig
atd -l again.
Notice that the default configuration for atd sets runlevels 2, 3, and 5 to on.
6. Change to the /etc/rc.d/rc3.d directory by entering
cd /etc/rc.d/rc3.d
7. List the atd files in the directory by entering ls -l *atd at the shell prompt.
Notice that there are two atd links—one is used to start the atd service and one
is used to kill it:
8. Start the at service by entering rcatd start at the shell prompt.
9. Verify that the service is running by entering rcatd status at the shell
prompt.
10. Switch to virtual terminal 1 by pressing Ctrl+Alt+F1 or by entering chvt 1.
NOTE: If pressing Ctrl+Alt+F1 changes da-host to the first virtual terminal, change back to the
graphical interface by pressing Ctrl+Alt+F7. Then activate the VMware window, press
Ctrl+Alt+Space and, while keeping Ctrl+Alt pressed, release Space and press F1.
11. Press Ctrl+c or Enter to bring up the shell prompt.
12. You should be still be logged in as root. Verify this by entering whoami at the
shell prompt.
13. Switch to runlevel 1 by entering init 1 at the shell prompt.
14. When prompted, enter a root password of novell.
15. Determine if the atd service is running by entering rcatd status at the
shell prompt.
The service is listed as unused because it is not configured to start at runlevel 1.
16. Switch back to your previous runlevel (5) by entering init 5 at the shell
prompt.
The GUI login screen appears.
18. Open a terminal session and enter su - to switch to root using a password of
novell.
shell prompt.
The service is listed as running because it is configured to start at runlevel 5.
20. From the command line, remove the atd service from system startup runlevels
by entering chkconfig atd off.
21. View the current runlevel configuration for at by entering chkconfig atd -
l at the shell prompt.
Notice that the service is off for all runlevels.
shell prompt.
The service is listed as running because changing the runlevel configuration with
chkconfig does not affect the status of the respective service. You would need
to stop it manually or reboot the system to stop the atd service.
23. Re-enable the service to start at the default runlevels by entering chkconfig
atd on at the shell prompt.
Part III: Set a Runlevel at Boot Time

To set a runlevel at boot time, do the following:
1. Reboot by entering init 6 at the shell prompt.
2. When the GRUB boot menu is displayed, press Space to stop the timer.
3. In the Boot Options field, add the number 3 at the end of the line.
4. Press Enter to boot the Linux system to runlevel 3.
5. When the login prompt appears, log in as root with a password of novell.
6. Display the current runlevel by entering runlevel at the shell prompt.
7. Switch to runlevel 5 by entering init 5 at the shell prompt.

9. Switch back to the virtual terminal by pressing Ctrl+Alt+F1.
NOTE: If pressing Ctrl+Alt+F1 changes da-host to the first virtual terminal, change back to the
graphical interface by pressing Ctrl+Alt+F7. Then activate the VMware window, press
Ctrl+Alt+Space and, while keeping Ctrl+Alt pressed, release Space and press F1.
10. Press Ctrl+c.

11. Log out as root by entering exit or by pressing Ctrl+d.
12. Switch back to the graphical user interface by pressing Ctrl+Alt+F7.
Part IV: Enable rsyncd with YaST

To enable rsyncd with YaST, do the following:
1. In the graphical desktop, select Computer > YaST.
2. Enter a password of novell.
The YaST Control Center appears.
3. Select System > System Services (Runlevel).
The System Services (Runlevel): Services dialog appears.
4. Switch to a more detailed view (with additional options) by selecting Expert
Mode.
5. Scroll to and select rsyncd.
6. Below the list, configure this service to start at runlevels 3 and 5 by selecting 3
and 5.
7. From the Set/Reset drop-down list, select Enable the Service.
8. Start the rsyncd service by selecting Start Now from the Start/Stop/Refresh
drop-down list.
A status message appears indicating that the service started successfully.
9. Close the status message by selecting OK.
10. Stop the rsyncd service by selecting Stop Now from the Start/Stop/Refresh
drop-down list.
A status message appears indicating that the service stopped successfully.
11. Close the status message by selecting OK.
12. Save the changes by selecting OK > Yes.
13. Close the YaST Control Center.
(End of Exercise)
Administer Linux Processes and Services
SECTION 3 Administer Linux Processes and Services

 “Manage Linux Processes” on page 32
In this exercise, you start and stop processes and change their priorities.
Exercise 3-1 Manage Linux Processes

In this exercise, you start and stop processes and change their priorities.
In the first part of the exercise, you start and suspend gcalctool, move it to the
background and foreground, and then stop it.
In the second part, you start gcalctool and set the priority of the running program
to a nice value of -5. Then you start xeyes with a nice value of 10.
 “Part I: Move Processes to the Background” on page 32
 “Part II: Modify Process Priorities” on page 34
Part I: Move Processes to the Background

To move processes to the background, do the following:
1. If necessary, log in to your da1 virtual workstation as geeko with a password of
novell.
3. At the command line, display the processes that are currently owned by geeko by
entering
ps -lU geeko (with a lowercase L)
4. Display the processes that are currently owned by root by entering
ps -lU root (with a lowercase L)
5. Start the GNOME Calculator program by entering gcalctool at the shell
prompt.
Notice that the terminal is not available to receive new commands because no
command line is displayed. This is because the calculator program is running in
the foreground.
6. Arrange the calculator window and the terminal window so that you can see them
both; then select the terminal window to activate it.
7. Suspend the calculator program by pressing Ctrl+z.
8. Try using the calculator tool to calculate several numbers.
Because its process was suspended, the calculator does not respond.
9. View the job in the background by entering
jobs
You should see that the gcalctool job is stopped.
10. View the gcalctool process running from the current terminal by entering
ps -l (with a lower case L)
The process shows a status of T, which indicates that it is being traced or
stopped.
11. Resume the calculator program running in the background by entering

bg 1
Notice that the calculator program is running again. Because it’s running in the
background, you can now use the terminal window to enter other commands.
12. Verify that the job status is running by entering
jobs
You should see that the gcalctool job is now running.
13. View the gcalctool branch in the process tree by entering
pstree -p | grep gcalctool
Notice that the gcalctool process is listed at the end of the tree.
14. Close the calculator program.
15. Start the calculator in the background by entering
nohup gcalctool &
NOTE: The nohup command runs a command such that it ignores any hangup kill signals
sent to it.
16. Close the terminal window.

The calculator program remains running.
17. Open a new terminal window.
18. Start the top program by entering
top
19. View only the processes started by root by typing u, then entering root.
20. Check for the calculator program (gcalctool) listed in top.
21. (Conditional) If you cannot find the gcalctool program, try maximizing the
terminal window. You can also activate the Calculator window and use it to
calculate several numbers. This should cause the gcalctool process to be
moved near the top of the output in top.
You can also enter F in top and select PID as the sort column. If needed, you can
also reverse the sort order by pressing R.
22. Record the PID of the gcalctool process:
23. Exit top by typing q.

24. View information about the gcalctool process by entering
ps PID_of_gcalctool_process
25. Switch to your root user account using the su - command and a password of
novell.
26. Stop the calculator program and check the status by entering the following
commands:
kill PID_of_gcalctool_process
ps aux | grep gcalctool
27. Start the xeyes program in the background by entering
xeyes&
28. Kill the xeyes program by entering
killall xeyes
Part II: Modify Process Priorities

To modify process priorities, do the following:
1. Switch back to your geeko user by entering exit at the shell prompt.
2. Start the gcalctool program in the background by entering
gcalctool &
3. Record the PID for gcalctool (displayed in the terminal window):
4. View the running process by entering

ps lf
Notice that the nice value (NI) is currently at 0.
5. Increase the priority of the process to a nice value of -5 by entering
renice -5 -p PID_of_gcalctool_process
Notice that a regular user cannot change the nice value to a value below 0, only
0-20.
6. Switch to root (su -) with a password of novell.
7. Try setting the nice value to -5 again by entering
renice -5 -p PID_of_gcalctool_process
8. Check that the setting is effective by entering
ps lf (lower case L)
Notice that the process is not displayed, because ps lf only displays processes
started by the current user. The calculator program was started by geeko (not
root).
9. View all processes by entering
ps alf
The gcalctool process is now displayed.

10. Change the nice value for the gcalctools process to a higher priority by entering
renice -10 -p PID_of_gcalctools_process
11. Verify that the gcalctools process nice value is set to -10 by entering
ps alf (with a lower case L)
12. Exit the shell running as root by entering
exit
You should now be user geeko again.
13. Start the xeyes program in the background with the nice value of +10 by entering
nice xeyes&
14. Verify that the xeyes process nice value is set to +10 by entering
ps lf (with a lower case L)
15. Kill the gcalctools and xeyes processes by entering the following
commands:
kill PID_of_gcalctools_process
killall xeyes
16. Close your terminal window.
(End of Exercise)
Administer the Linux File System
SECTION 4 Administer the Linux File System

 “Configure Partitions on your Hard Drive” on page 38
In this exercise, you practice creating partitions and file systems with YaST and
fdisk. You also use command line tools to create file systems.
 “Manage File Systems from the Command Line” on page 44
In this exercise, you practice managing file systems from the command line.
 “Create Logical Volumes” on page 48
In this exercise, you learn how to administer LVM with YaST.
 “Set Up and Configure Disk Quotas” on page 51
In this exercise, you learn how to administer quotas.
Exercise 4-1 Configure Partitions on your Hard Drive

In this exercise, you practice creating partitions and file systems using YaST and
fdisk. You also use command line tools to create file systems.
In the first part of this exercise, you use YaST to create the following partitions and
file systems:
 An extended partition using the remaining disk space.
 One logical partition with a size of 500 MB, an ext3 file system, and a mount
point of /apps.
 One logical partition with a size of 1 GB, a BtrFS file system, and a mount point
of /srv.
In the second part of this exercise, you use fdisk to create the following partitions:
 One logical partition of the partition type Win95/FAT32 with a size of 500 MB.
 One logical partition of the partition type Linux with a size of 500 MB.
In the third part of this exercise, you create file systems on the partitions you created
in the second part using the applicable options for mkfs:
 Create a FAT32 file system on /dev/sda7.
 Create an ext2 file system on /dev/sda8.
To do this, you need to complete the following tasks:
 “Part I: Create Partitions and File Systems with YaST” on page 38
 “Part II: Partition Manually with fdisk” on page 40
 “Part III: Manage File Systems from the Command Line” on page 42
Part I: Create Partitions and File Systems with YaST

To create partitions and file systems with YaST, do the following:
1. If your da1 virtual machine is not running, start or resume it.
2. If necessary, log into da1 as geeko with a password of novell.
3. Open a terminal window and use the su - command to switch to your root
account using a password of novell.
4. At the shell prompt, enter yast2 disk.
A warning message appears.
5. Continue by clicking Yes.
After a few moments, the Expert Partitioner dialog appears.
6. Create an extended partition with YaST by doing the following:
a. From the System View, expand Hard Disks.
b. Highlight sda, then click Add.
c. For the New Partition Type, select Extended Partition; then click Next.
d. Make sure Maximum Size is selected; then click Finish.

You are returned to the Expert Partitioner dialog, with the extended partition
listed as a new entry for your hard disk.
7. Create a new ext3 partition with YaST:
a. Click Add.
The Add Partition on /dev/sda dialog is displayed.
b. Verify that Custom Size under New Partition Size isselected.
c. In the Size field, enter 500 MB, then click Next.
The Add Partition on /dev/sda dialog now offers Formatting Options and
Moutning Options.
d. Set the File system type to Ext3.
e. Under Mounting Options, select Mount Partition.
f. For the Mount Point, enter /apps.
g. Create the partition definition by clicking Finish.
You are returned to the Expert Partitioner dialog where the new partition is
added to the list.
The asterisk (*) after the mount point indicates the file system is not
currently mounted.
8. Create a partition for the /srv directory:
a. With the sda disk selected, click Add.
b. With Custom Size selected, enter 1 GB in the Size field, then click Next.
c. In the File System drop-down list, select BtrFS.
d. (Conditional) If a dialog informs you that the btrfsprogs package needs to
be installed, make sure the SLES 11 SP2 installation media is available and
click Install.
e. Under Mounting Options, select Mount partition.
f. For the Mount Point, enter /srv.
g. Click the Subvolume Handling button.
The Subvolume Handling dialog appears.
h. In the New Subvolume field enter @/www and click Add new.
i. In the New Subvolume field enter @/ftp and click Add new.
Click OK to close the Subvolume Handling dialog.
j. Add the /srv partition by clicking Finish.
You are returned to the Expert Partitioner dialog where the new partition is
added to the list.
9. Add the new partitions to the hard drive by clicking Next.
A Summary dialog shows a summary of the changes.
10. Select Finish.

This commits the changes to disk and closes the Expert Partitioner dialog.
11. In the terminal window where you are logged in as root, verify that the new
partitions have been mounted by entering mount.
You should see the following lines:
/dev/sda5 on /apps type ext3 (rw,acl,user_xattr)
/dev/sda6 on /srv type btrfs (rw)
12. The previous contents of the /srv directory are no longer visible as it is
currently used as the mount point for the /dev/sda6 partition.
To copy the existing contents of the directory to the new partition, do the
following:
a. Unmount /dev/sda6 by entering
umount /srv
b. Mount the partition /dev/sda6 under /mnt by entering
mount /dev/sda6 /mnt
c. Move the content of /srv/www to /mnt/www by entering:
mv /srv/www/* /mnt/www
(The www and ftp directories you see under /mnt are the subvolumes you
created with YaST in Step 8 on page 39)
d. Remove the /srv/www and /srv/ftp directories by entering
rmdir /srv/www /srv/ftp
e. Umount /mnt and mount /dev/sda6 again, using the entries in /etc/
fstab
umount /mnt
mount -a
f. Verify that the files you moved are available again under /srv/www by
entering
ls /srv/www
13. Verify that the appropriate entry was added to the /etc/fstab for the new
partitions by entering:
cat /etc/fstab
Part II: Partition Manually with fdisk

To partition manually from the command line with fdisk, do the following:
1. In the terminal window where you are logged in as root, start the utility fdisk
to modify the first hard disk on your server by entering
fdisk /dev/sda
2. View the current partition table in fdisk by entering p.
Notice that there are five partitions defined on sda:

Command (m for help): p
Disk /dev/sda: 10.7 GB, 10737418240 bytes

255 heads, 63 sectors/track, 1305 cylinders, total 20971520
sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c59c0
Device Boot Start End Blocks Id System

/dev/sda1 2048 2105343 1051648 82 Linux s
/dev/sda2 * 2105344 14684159 6289408 83 Linux
/dev/sda3 14684160 20971519 3143680 f W95 Ex
/dev/sda5 14686208 15728639 521216 83 Linux
/dev/sda6 15730688 17831935 1050624 83 Linux
Command (m for help):

3. Create a new 500MB Win95 FAT32 logical partition in the extended partition
you created earlier by doing the following:
a. Create a new partition by entering n.
b. Enter l (lower case L) for logical.
c. Accept the default first cylinder by pressing Enter.
d. Indicate the partition size by entering +500M.
e. Change the partition type to Win95 FAT32 by entering t (for type).
f. Enter 7 to select the partition you just created.
g. When prompted for a Hex code, enter b for W95/FAT32.
h. Verify the new partition configuration by entering p.
Notice that the /dev/sda7 partition has been added to the partition table.
4. Create another logical partitions with a partition type of Linux (the default) by
doing the following:
a. Create a new partition by entering n.
b. Enter l (lower case L) to create a logical partition.
c. Accept the default first cylinder by pressing Enter.
d. Specify a partition size of 1 GB by entering +500M.
e. Verify the new partition configuration by entering p.
Notice that the /dev/sda8 partition has been added to the partition table.
5. Write the new partition table to your hard drive and exit fdisk by entering w.
6. View the current partition table used by the kernel by entering
cat /proc/partitions
Notice that the 2 new partitions you just created aren’t listed.
7. To access the new partitions, you must update the kernel’s partition table stored
in memory. Do one of the following:
 Have the kernel update its partition table by entering partprobe.
 Reboot the system by entering reboot.
8. View the partition table again by entering
cat /proc/partitions
Part III: Manage File Systems from the Command Line

To manage file systems from the command line, do the following:
1. In the terminal window where you are logged in as root, create the following file
systems:
a. Create a new FAT32 file system on /dev/sda7 and give it the label data1
by entering the following:
mkfs.msdos -n data1 /dev/sda7
The following message should be displayed:
mkfs.msdos 2.11 (12 Mar 2005)
This confirms the file system was created.
NOTE: Make sure you specify the correct device in the above command! If you specify
the wrong device, no warning message will be displayed and the file system on the device
will be overwritten.
b. Create a new ext2 file system on /dev/sda8 with verbose output by

entering the following:
mkfs -t ext2 -v /dev/sda8
Notice that by adding the option -v, extensive information about the new
file system is displayed.
2. Create the directories named data1 and data2 under /export/ by entering
mkdir -p /export/data{1,2}
3. Verify that the directories were created by entering
ls -l /export
4. As root, add entries to the /etc/fstab file for the new file systems:
a. Open the file /etc/fstab in the vi editor by entering vi /etc/fstab
b. Press Ins.
c. At the end of the file fstab, add the following new lines:
/dev/sda7 /export/data1 vfat defaults 1 2
/dev/sda8 /export/data2 ext2 defaults 1 2
These new entries ensure the sda7 and sda8 partitions are mounted when
starting or rebooting the system.
d. Save the changes to /etc/fstab by pressing Esc and then entering :wq.
5. In the terminal window, reread the /etc/fstab file and mount all of the new
file systems by entering
mount -a
6. View the information on the mounted file systems by entering the following two
commands:
mount
cat /proc/mounts
You should see entries for the two new partitions you just created.
(End of Exercise)
Exercise 4-2 Manage File Systems from the Command Line

In this exercise, you practice managing file systems from the command line.
In the first part of this exercise, you run e2fsck on the ext3 file system you created on
/dev/sda5 in the previous exercise, which is mounted under /apps.
In the second part of the exercise, you convert the /dev/sda8 partition to an ext3
file system by adding a journal. You also add a label to it.
 “Part I: Run e2fsck” on page 44
 “Part II: Customize the File Systems” on page 44
Part I: Run e2fsck

To run e2fsck, do the following:
1. If if your da1 virtual machine is stoped or suspended, start it.
3. Open a terminal session and switch to your root user account by entering su -
followed by a password of novell at the shell prompt.
4. Unmount the file system on /dev/sda5 by entering
umount /apps
5. Verify that the file system is no longer mounted by entering
mount
The /dev/sda5 partition should not be listed in the output of the mount
command.
6. Start a file system check on /dev/sda5 running in verbose mode with an
automatic response of yes to all prompts by entering
e2fsck -f -y -v /dev/sda5
7. Mount the /apps file system again by entering
mount /apps
8. Verify that the file system on /dev/sda5 is mounted by entering
mount
Part II: Customize the File Systems

In this part of the exercise, you add a journal to an ext2 file system, effectively
making it an ext3 file system. Complete the following:
1. Modify the /dev/sda8 partition:
a. In the terminal window, umount the /dev/sda8 partition and view details
about the ext2 file system on it by entering
umount /dev/sda8
dumpe2fs /dev/sda8 | more

Notice the Filesystem features and the Filesystem state.
b. While the file system is unmounted, give the ext2 file system a volume name
of /export/data2 by entering
tune2fs -L /export/data2 /dev/sda8
NOTE: It is common practice to use this naming convention. Naming a file system after
its mount point can be useful in system rescue situations when the /etc/fstab file is
not available.
c. Verify that the file system now has a volume name by entering
dumpe2fs /dev/sda8 | less
You should see that the Filesystem volume name has been set to the
partition’s mount point, /export/data2.
d. Add a journal to the file system (making it an ext3 file system) by entering
tune2fs -j /dev/sda8
e. Verify that the file system now contains a journal by entering
The Filesystem features line should now contain an entry “has_journal”.
f. Mount /dev/sda8 again by entering
mount /dev/sda8
g. View information on the mounted file systems by entering
mount
Notice that the file system is still mounted as an ext2 file system.
h. Unmount the partition /dev/sda8 again by entering
umount /dev/sda8
i. Verify that the file system state is clean by entering
j. Edit the /etc/fstab file to change the file system type from ext2 to ext3
by entering vi /etc/fstab at the shell prompt.
k. Press Ins.
l. Locate the entry for /dev/sda8 and change the file system type from ext2
to ext3, as in the following:
/dev/sda8 /export/data2 ext3 defaults 1 2
m. Press Esc, then enter :exit to save the changes to the file and exit the vi
editor.
n. At the command line, reread /etc/fstab and mount the partition as an
ext3 file system by entering
mount -a
o. Verify the change by entering
mount
You should see that /dev/sda8 has been mounted as an ext3 file system.
p. Unmount the partition /dev/sda8 again by entering
umount /export/data2
q. Mount the partition as an ext2 file system manually by entering
mount -t ext2 /dev/sda8 /export/data2
r. Verify that the file system is mounted without a journal (as an ext2 file
system) by entering
mount
As you can see, ext3 is backward compatible with ext2.
s. Remount /dev/sda8 as an ext3 file system and verify the change by
entering the following commands:
umount /export/data2
mount -a
mount
2. Create a snapshot for the /srv/www/ subvolume by doing the following:
a. Create a before_snapshot.html file in /srv/www/htdocs by
entering
touch /srv/www/htdocs/before_snapshot.html
b. Create a read-only snapshot for the /srv/www subvolume by entering
cd /srv
btrfs subvolume snapshot -r www www-snapshot
c. List the existing snapshots by entering
btrfs subvolume list
d. Try to create a file in the /srv/www-snapshot/htdocs/ directory by
entering
touch /srv/www-snapshot/htdocs/file
You should see a message that touch cannot create the file on a read-only
file system.
e. Create a after_snapshot.html file in /srv/www/htdocs by
entering
touch /srv/www/htdocs/after_snapshot.html
f. View the content of the /srv/www-snapshot/htdocs directory by entering
ls /srv/www-snapshot/htdocs
You should see the before_snapshot.html file, but not the

after_snapshot.html file.
You could back up the snapshot htdocs directory now without changes to the
original htdocs directory interfering with the backup.
g. Delete the snapshot by entering
btrfs subvolume delete www-snapshot
Snapshots are actually specialized subvolumes and can be deleted like any
subvolume with with the btrfs subvolume delete command.
(End of Exercise)
Exercise 4-3 Create Logical Volumes

In this exercise, you learn how to administer LVM with YaST.
In the first part of this exercise, you use YaST to create two physical volumes (PVs)
with a size of 1 GB each. You then add them to a volume group (VG) named projects.
Within the volume group, you next add two logical volumes named pilot (750 MB)
and production (300 MB) which will be mounted under /projects/pilot and /
projects/production, respectively.
In the second part of the exercise, you increase the size of the logical volume
production to the maximum space available within the volume group.
 “Part I: Create LVM Physical Volumes, a Volume Group, and Logical Volumes”
on page 48
 “Part II: Resize an LVM Volume” on page 50
Part I: Create LVM Physical Volumes, a Volume Group, and Logical

Volumes
To create LVM Physical Volumes, a Volume Group, and Logical Volumes, do the
following:
1. If your DA1 virtual machine is suspended or stoped, start it.
3. Start YaST by selecting Computer > YaST and entering a password of novell,
when prompted.
4. Select System > Partitioner and acknowledge the warning message by selecting
Yes.
The Expert Partitioner dialog appears.
5. Create a new LVM partition by doing the following:
a. From the System View, expand Hard Disks.
b. Highlight sda; then click Add.
c. Verify Custom Size is selected; then enter 1 GB in the Size field.
d. Click Next.
e. Under Formatting Options, select Do not format partition.
f. Under File System ID, select 0x8E Linux LVM.
g. Save the partition definition by selecting Finish.
6. Create another 1 GB LVM partition by repeating the preceding step.
You should now have two 1 GB LVM partitions.
7. From the System View, select Volume Management; then click Add > Volume
Group.
8. Specify the following:

 Volume Group Name: projects
 Physical Extent Size: 4 MB
9. Add each Linux LVM physical volume to the volume group projects by Ctrl-
clicking /dev/sda9 and /dev/sda10 and then clicking Add.
10. Click Finish.
The Volume Management dialog appears displaying the newly added volume
group.
11. Add a logical volume named pilot to the projects volume group by doing the
following:
a. With Volume Management selected in the System View, select Add >
LogicalVolume.
The Add Logical Volume dialog appears.
b. Enter a Logical Volume name of pilot, then click Next.
c. Select Custom Size and enter 750 MB in the Size field, then click Next.
d. In the File System drop-down list, select Ext3.
e. Select Mount Partition, then enter a mount point of /projects/pilot.
f. Select Finish.
12. Add a logical volume named production to the projects volume group by doing
the following:
a. With Volume Management selected in the System View, select Add >
LogicalVolume.
The Add Logical Volume dialog appears.
b. Enter a Logical Volume name of production, then click Next.
c. Select Custom Size and enter 750 MB in the Size field, then click Next.
d. In the File System drop-down list, select Ext3.
e. Select Mount Partition, then enter a mount point of /projects/production.
f. Select Finish.
You are returned to the Expert Partitioner.
13. In the Expert Partitioner, click Next.
A Summary appears; accept the changes by clicking Finish.
14. Open a terminal window and use the su - command and a password of novell
to switch to root.
15. View the new LVM file systems by entering
df -h
You should see /dev/mapper/projects-pilot and /dev/mapper/projects-production
entries in the output.
16. View the device names and mount locations by entering

cat /etc/fstab
Part II: Resize an LVM Volume

To resize a LVM Volume, do the following:
1. In the terminal window where you are logged in as root, enter
umount /projects/production.
2. From the YaST Control Center, select System > Partitioner and acknowledge the
warning message by selecting Yes.
The Expert Partitioner dialog appears.
3. From the System View, expand Volume Management.
4. Expand projects and select production, then click Resize.
The Resize Logical Volume dialog appears.
The current size of the volume is listed under Size.
5. Select Maximum Size.
6. Continue by clicking OK.
7. Save the changes by clicking Next, then apply the changes by clicking Finish.
8. From the terminal window, view the new size of production by entering
df -h
(End of Exercise)
Exercise 4-4 Set Up and Configure Disk Quotas

In this exercise, you learn how to administer quotas.
You install the quota package and then configure quotas for /dev/sda8, which is
mounted at /export/data2.
1. If your da1 virtual machine is suspended or stopped, start it.
3. Open a terminal window; then switch to root using the su - command and a
password of novell.
4. Install the quota package by entering yast -i quota.
5. (Conditional) Insert the SLES 11 SP2 installation DVD, if prompted.
6. View the disk quota configuration for user geeko by entering
quota -vu geeko
The lack of any output indicates there are no quotas currently configured for
geeko.
7. Add quota mount options to the /dev/sda8 partition by doing the following:
a. Open the /etc/fstab file in the vi editor by entering
vi /etc/fstab
b. Press Ins and arrow down to the /dev/sda8 entry.
c. Edit the /dev/sda8 entry to the following:
/dev/sda8 /export/data2 ext3
defaults,usrquota,grpquota 1 2
d. When you finish, press Esc, then save the file and exit by entering :wq.
8. Remount the file system so it that the changes in the /etc/fstab file are read
by the system by entering
mount -o remount /dev/sda8
NOTE: If you receive the error message “/export/data2 mounted already, or bad option”, check
the contents of the /etc/fstab file. You might have misspelled the usrquota or
grpquota option.
9. Run quotacheck to initialize the quota database by entering

quotacheck -mavug
NOTE: You will receive several status messages about old quota files. These indicate that this
is a new quota database with no previous quota database files on the system.
10. Verify that the aquota.user and aquota.groups files exist in the /
export/data2 directory by entering
ls -l /export/data2
11. Turn quotas on for all file systems that are mounted with these options by
entering
quotaon -av
12. Make the quota system persistent after reboot by entering
insserv boot.quota
13. Set a quota for geeko with a soft block limit of about 20 MB and a hard block
limit of about 30 MB on /dev/sda8 by entering
edquota -u geeko
The quota editor appears in the vi editor.
14. Press Ins.
15. Under soft, remove the 0 and enter 20000.
16. Under hard, remove the 0 and enter 30000.
17. When you’re finished, press Esc, then enter :wq.
18. View the quota information about all configured users by entering
repquota -av
You should see the following the values for geeko that you just entered.
19. (Optional) If you finish early, set a quota for the users group of 100 MB for the
soft limit and 150 MB for the hard limit.
20. Test if the quotas by doing the following:
a. As root, create a directory named /export/data2/geeko and change
the owner to geeko by doing the following:
mkdir /export/data2/geeko
chown geeko.users /export/data2/geeko
b. Change to the user account geeko and create a file by entering
su - geeko
dd if=/dev/zero of=/export/data2/geeko/bigfile
After a short time, you should see a message indicating the quota was
exceeded.
21. Close all open windows.
(End of Exercise)
Configure the Network Manually
SECTION 5 Configure the Network Manually

 “Configure the Network Connection Manually” on page 54
In this exercise, you learn how to configure the network manually.
Exercise 5-1 Configure the Network Connection Manually

In this exercise, you learn how to configure the network manually.
In the first part, you use the ip command to find out the current settings for IP
address, routes, and mac address.
In the second part, you use YaST to delete the current network configuration.
In the third part, you use the ip command to set up the network manually.
In the fourth part, you recreate the file noted in Part I using an editor.
 “Part I: Note the Current Network Configuration” on page 54
 “Part II: Delete the Current Network Setup with YaST” on page 54
 “Part III: Configure the Network Manually” on page 55
 “Part IV: Save the Network Connection to an Interface Configuration File” on
page 55
Part I: Note the Current Network Configuration

To note the current network configuration, do the following:
1. If necessary, power on your da1 virtual server and log in as geeko with a
password of novell.
3. Enter ip address show eth0.
4. Under eth0, find the line starting with inet and record the IP address with the
subnet mask displayed in that line:
 IP address:
 Subnet mask:
5. Enter ip route show.
Notice that a default gateway has not been assigned.
6. Enter ip link show eth0.
7. Find the line starting with link/ether and record the MAC address of the
network card:
 MAC address:
Part II: Delete the Current Network Setup with YaST

To delete the current network setup with YaST, do the following:
1. Start YaST; then select Network Devices > Network Settings.
2. Select your network card, then click Delete.
3. Click OK.
Configure the Network Manually
4. Close YaST.
5. Verify that the network connection is not working any more by pinging your host
system’s vmnet1 virtual network interface. Enter the following at the shell
prompt:
ping 172.17.8.1
You should see a message indicating that the network is unreachable.
6. Enter ip address show at the shell prompt.
Note that the state of your eth0 device is DOWN.
Part III: Configure the Network Manually

To configure the network manually, do the following:
1. Enter the following command at the shell prompt:
ip address add IP_address/Netmask_from_PartI brd + dev
eth0
2. To activate the network device, enter
ip link set eth0 up
3. To set the default route, enter
ip route add default via 172.17.8.1
4. Verify that the network connection is working again by entering
ping 172.17.8.1
You should see your host system respond to the ping.
Part IV: Save the Network Connection to an Interface Configuration

File
To save the network connection to an interface configuration file, do the following:
1. In the terminal window, enter
cd /etc/sysconfig/network
2. Make a copy of the network configuration template by entering
cp ifcfg.template ifcfg-eth0
3. Open the copied file in a text editor by entering vi ifcfg-eth0 at the shell
prompt.
4. Press Ins.
5. Find the following options and enter the indicated values:
 STARTMODE='auto'
 BOOTPROTO='static'
 IPADDR='172.17.8.101/16'
 NETMASK=’255.255.0.0’
 BROADCAST=’172.17.255.255’
 Change BRIDGE=’yes’ to BRIDGE=’no’
6. Press Esc, then save the file and exit vi by entering :wq.
7. Create a new file with vi called routes by entering vi routes at the shell
prompt.
8. Press Ins, then add the following line to the file:
default 172.17.8.1 - -
9. Press Esc; then save the file and exit vi by entering :wq.
10. Reboot your system by entering init 6 at the shell prompt.
Wait while the system reboots.
11. After rebooting, log in as geeko with a password of novell.
13. Change to root using the su - command and a password of novell.
14. Verify that the network configuration loaded correctly by entering the following
commands:
ip address show eth0
ip route show
15. Verify that the network connection is working properly by entering
ping 172.17.8.1
NOTE: If the network configuration doesn’t work properly, use the YaST Network Settings module
to reconfigure the network card with the proper settings.
(End of Exercise)
Manage Hardware
SECTION 6 Manage Hardware
In this section of the workbook, you can find the following exercises:
 “Manage Linux Kernel Modules” on page 58
In this exercise, you load and unload kernel modules.
 “Obtain Hardware Configuration Information in YaST” on page 59
In this exercise, you learn how to obtain hardware configuration information on
your computer.
 “Modify udev Rules” on page 60
In this exercise, you will modify a udev rule to rename your Ethernet interface.
Exercise 6-1 Manage Linux Kernel Modules

In this exercise, you load and unload kernel modules.
Unload the joydev kernel module, then load it again.
password of novell.
2. Open a terminal window, then switch to the root user by entering su - followed
by a password of novell.
3. View the currently loaded kernel modules by entering lsmod at the prompt.
4. Scroll through the modules to see if the joystick module (joydev) is loaded. If it’s
difficult to locate in the output, you can enter lsmod | grep joydev at the
shell prompt.
The 0 in the Used column indicates that the module is not in use.
NOTE: If the joydev module is not listed, skip to step Step 7 on page 58.
5. Remove the joystick module from the kernel memory by entering

rmmod joydev
6. Verify that the joydev kernel module was removed from memory by entering
lsmod | grep joydev at the shell prompt.
Notice that the module joydev is no longer listed.
7. Load the joystick kernel module by entering
modprobe joydev
8. Verify that the joydev kernel module is loaded in memory by entering lsmod |
grep joydev at the shell prompt.
9. View the kernel modules configuration by entering modprobe -c | less at
the shell prompt.
10. Scroll through the module configuration information by pressing Space.
11. When you have finished, return to the command line by typing q.
12. Create a list of kernel modules dependencies by entering
depmod -v | less
Wait a few moments for the information to be generated.
13. Scroll through the dependency information by pressing Space.
14. When you have finished, return to the command line by typing q.
15. Close the terminal window by entering exit twice.
(End of Exercise)
Manage Hardware
Exercise 6-2 Obtain Hardware Configuration Information in YaST

In this exercise, you obtain hardware configuration information about your computer.
password of novell.
2. Select Computer > YaST.
4. Select Hardware > Hardware Information.
Wait while the YaST module scans your hardware. This may take several
minutes. When complete, the Hardware Information dialog appears.
5. Review the results of the hardware detection.
6. Save the results to a file by doing the following:
a. Click Save to File.
b. Browse to the root user’s home directory (/root).
c. In the File Name field, enter hardware.txt.
d. Click Save.
e. Wait while the file is saved. This make take several minutes to complete.
7. Close the Hardware Information window by clicking Close.
8. Close the YaST Control Center.
9. View the information saved in the hardware.txt file by doing the following:
a. Open a terminal window.
b. Switch to your root user account by entering su - at the shell prompt,
followed by a password of novell.
c. At the shell prompt, enter less hardware.txt.
d. Use the Spacebar to browse through the results.
e. When finished, press q to exit.
(End of Exercise)
Exercise 6-3 Modify udev Rules

In this exercise, you modify a udev rule to rename your Ethernet interface.
Modify the udev rule in /etc/udev/rules.d/70-persistent-
net.rules to rename your eth0 interface to eth1.
password of novell.
2. Open a terminal window and switch to the root user account by entering su -
followed by a password of novell.
3. At the shell prompt, enter cd /etc/udev/rules.d.
4. Open the 70-persistent-net.rules file in the vi editor by entering
vi 70-persistent-net.rules
5. Press Ins.
6. Locate and scroll down to the line that sets the name of your network interface to
eth0.
7. Change the NAME= eth0 parameter to NAME=eth1.
8. Press Esc.
9. Save your changes and exit the editor by entering :exit at the shell prompt.
10. Reboot your da1 virtual server by entering init 6 at the shell prompt.
11. Wait for your default GRUB menu item to be selected to start the boot process.
12. When the system starts to boot, press Esc so you can view your system’s boot
messages.
You should see a message indicating eth0 is being renamed to eth1 by udev.
You should also see a message indicating the eth1 interface has not been
configured. This happens because there is no configuration for eth1 in /etc/
sysconfig/network/.
13. As these messages may scroll by too fast to see them easily, you can find the
udev message by doing the following:
a. When the system has rebooted, log in as geeko with a password of novell.
b. Open a terminal window and su - to root (password novell).
c. In the terminal window, enter less /var/log/boot.msg and enter /
udev. Press n to get to the next instance of the search string. Quit less by
pressing q.
14. At the shell prompt, enter cd /etc/udev/rules.d.
15. Open the 70-persistent-net.rules file in the vi editor by entering
vi 70-persistent-net.rules
Manage Hardware

16. Press Ins.
17. Change the NAME= eth1 parameter back to NAME=eth0.
18. Press Esc.
19. Save your changes and exit the editor by entering :exit at the shell prompt.
20. Reboot your da1 virtual server by entering init 6 at the shell prompt.
21. Wait for your default GRUB menu item to be selected to start the boot process.
22. When the system starts to boot, press Esc so you can view your system’s boot
messages.
23. Verify that your network interface is now named eth0 and that the appropriate
network configuration parameters are applied.
(End of Exercise)
Configure Remote Access
SECTION 7 Configure Remote Access

 “Practice Using OpenSSH” on page 64
In this exercise, you learn how to establish SSH connections between computers.
 “Perform Public Key Authentication” on page 66
In this exercise, you practice using SSH with public key authentication.
 “Use Remote Administration” on page 68
In this exercise, you configure remote administration.
 “Use Nomad” on page 71
In this exercise, you configure remote desktop sharing using Nomad.
Exercise 7-1 Practice Using OpenSSH

In this exercise, you learn how to establish SSH connections between computers.
You will run the SSH client on your da-host workstation and the SSH server on your
da1 virtual machine.
Perform the following tasks:
 Log in remotely to your da1 server as root.
 Remotely execute the ps aux command on da1 without logging in to the server.
 Copy the /etc/hosts file from da1 to your /tmp directory.
 Copy the /etc/hosts file from your da-host workstation to the home
directory of geeko on da1.
 Using sftp, copy the /bin/date file from da1 to /home/geeko on your
workstation.
Do the following:
1. If necessary, power on both your da1 virtual machines.
2. Log in to da1 from da-host by doing the following:
a. Right-click the da-host desktop and select Open in Terminal.
b. At the command line, enter
ssh -l geeko da1.digitalairlines.com
c. When prompted to continue, enter yes.
d. When prompted, enter a password of novell.
You are now logged in to the da1 server as geeko.
e. Log out by entering exit.
3. Check the processes running on the da1 server by entering the following at the
shell prompt of your da-host workstation:
ssh -l geeko da1.digitalairlines.com ps aux
4. When prompted, enter a password of novell.
A list of all processes currently running on da1 is displayed.
5. Copy the /etc/hosts file on your da1 server to the /tmp directory on your
workstation by entering the following at the workstation shell prompt:
scp geeko@da1.digitalairlines.com:/etc/hosts /tmp/
7. At the shell prompt, enter ls /tmp.
You should see the hosts file from the da1 server in your /tmp directory.
8. Copy the /etc/hosts file on your workstation to geeko’s home directory on
your da1 server by entering the following:
scp /etc/hosts geeko@da1.digitalairlines.com:

10. Verify that the file was copied by doing the following:
a. Switch to your da1 server.
b. If necessary, log in as geeko with a password of novell.
c. Double-click the geeko’s Home icon on the desktop.
You should see the hosts file from the workstation in the geeko user’s home
directory.
d. Switch back to your workstation.
11. Use sftp to connect to your da1 server as geeko by entering:
sftp geeko@da1.digitalairlines.com
13. Copy the /bin/date program file from the da1 server to geeko’s home
directory on your workstation by entering:
get /bin/date /home/geeko/
14. Quit sftp by entering exit.
15. At the shell prompt, enter ls /home/geeko.
Verify that the date program has been copied to the geeko user’s home
directory.
16. Close all open windows on your da-host workstation and your da1 virtual
machine.
(End of Exercise)
Exercise 7-2 Perform Public Key Authentication

In this exercise, you practice using SSH with public key authentication.
You use your da-host and da1 systems to complete this exercise.
First, you create an ssh-key pair on da-host. Then you add the public key to the
~geeko/.ssh/authorized_keys file on your da1 server and note the
difference between logging in with and without a public key.
You then use ssh-agent to cache the private key and log in again to your da1
server as geeko. Finally, you change the server configuration to allow only public key
authentication.
1. If necessary, power on your da1 virtual machine.
2. On your da-host workstation, open a terminal window.
3. Generate an RSA key pair by doing the following:
a. At the terminal window, enter ssh-keygen -t rsa.
b. Accept the default location for the key (/home/geeko/.ssh/id_rsa)
by pressing Enter.
c. When prompted, enter a passphrase of secret.
Information about your key pair, such as the location of your identification
and the public key, is displayed.
4. Add the RSA public key to the geeko user’s ~/.ssh/authorized_keys file
on da1 by doing the following:
a. Copy the file to the home directory of geeko on the da1 server by entering
the following:
scp ~/.ssh/id_rsa.pub
geeko@da1.digitalairlines.com:
b. When prompted, enter a password of novell.
c. Using ssh, log in as geeko to your da1 server by entering
d. When prompted, enter a password of novell.
e. Enter ls -al.
f. If an .ssh directory does not exist, then create it by entering
mkdir .ssh
g. Append the public key to the ~/.ssh/authorized_keys file by
entering (the file will be created if it does not exist yet):
cat id_rsa.pub >> .ssh/authorized_keys
5. Log out from the da1 server by entering exit.
6. Using ssh, log in to your da1 server as geeko by entering

You are prompted for a password to unlock the private key.
7. Log in by entering secret; then log out by entering exit.
8. To track authentication, start the ssh-agent by entering ssh-agent
bash.
9. Add your private key to the agent for authentication by entering
ssh-add ~/.ssh/id_rsa
10. When prompted, enter a passphrase of secret.
11. Using ssh, log in as geeko to your da1 server by entering
This time you are not prompted for a password or passphrase.
12. Switch to user root on da1 by entering su - followed by a password of novell.
13. At the shell prompt, enter vi /etc/ssh/sshd_config.
14. Do the following:
a. Enter /PasswordAuthentication to locate the
PasswordAuthentication line.
b. Make sure it is set to no.
c. Enter /UsePAM to locate the UsePAM line.
d. Press Ins.
e. Change the value of UsePam from yes to no.
f. Press Esc.
g. Enter :exit to save the file and close the editor.
15. Restart sshd by entering rcsshd restart.
16. Enter ssh geeko@localhost.
17. When prompted to continue connecting, enter yes.
You should see an error message and no prompt for a password.
18. Using the vi editor, undo the changes made in Step 14 on page 67; then restart
sshd.
19. Log out as root by entering exit.
20. Log out from da1 by entering exit.
(End of Exercise)
Exercise 7-3 Use Remote Administration

In this exercise, you configure remote administration.
You establish a VNC connection to the da1 server from the da-host workstation.
This exercise has four parts. In the first part, you remotely access the text-based
version of YaST on da1 from your workstation.
Then in the second part, you remotely access the graphical version of YaST on da1
from your workstation.
In the third part, you configure remote access to your da1 server with the YaST
Remote Administration module.
In the fourth part, you access your server via VNC.
You need to complete the following tasks:
 “Part I: Remotely Access a Text-Based Version of YaST” on page 68
 “Part II: Remotely Access the GUI Version of YaST” on page 68
 “Part III: Configure Remote Administration with YaST” on page 69
 “Part IV: Access Your da1 Server Remotely” on page 69
Part I: Remotely Access a Text-Based Version of YaST

Do the following:
1. If necessary, power on your da1 virtual machine.
2. Open a terminal window on da-host and enter:
ssh root@da1.digitalairlines.com
3. When prompted for the password, enter novell.
4. Launch the ncurses-based version of YaST by entering yast2.
Despite the fact that you entered yast2, the text-based version of the YaST
Control Center appears.
This is because X11 forwarding is not active in the default configuration of ssh.
5. Exit the YaST Control Center by pressing Alt+q.
6. Close the SSH session by entering exit.
Part II: Remotely Access the GUI Version of YaST

Do the following:
1. From the terminal window on your workstation, enter
ssh -X root@da1.digitalairlines.com
2. When prompted for the password, enter novell.
3. Launch the GUI-based version of YaST by entering yast2.

Because the -X option activated X11 forwarding, the GUI-based version of the
YaST Control Center appears:
Part III: Configure Remote Administration with YaST

Do the following, using the YaST Control Center you started in Part II:
1. In the main window of YaST, select Network Services > Remote Administration
(VNC).
The Remote Administration dialog appears.
2. Select Allow Remote Administration and select Open Port in Firewall if the
firewall is enabled.
3. Click Finish.
4. Close YaST.
5. Restart the display manager by entering rcxdm restart at the shell prompt.
where you are logged in to da1 via ssh.
You should see the graphical interface of your da1 virtual machine restart.
6. At the shell prompt, enter exit.
Your da1 SUSE Linux Enterprise Server 11 SP2 system is ready to be accessed
remotely.
Part IV: Access Your da1 Server Remotely

To access the da1 server from a web browser, do the following:
1. Install a Java browser plug-in on your da-host workstation:
a. On da-host, start the YaST Software Management by selecting elect
Computer > YaST > Software > Software Management.
b. In the search field, type java-1, then click Search.
c. From the search results, select java-1_6_0-ibm-plugin.
d. Click Accept.
e. Accept the automatic changes by clicking Continue.
Wait while the packages are installed.
f. Close YaST.
2. On your da-host workstation desktop, open the Firefox web browser by selecting
Computer > Firefox.
3. In the Location field, enter
http://da1.digitalairlines.com:5801
The SLES 11 SP2 login dialog appears within the browser window.
4. Log in to the remote server’s desktop as geeko with a password of novell.
The desktop for your geeko user on da1 appears.

5. If time permits, try completing various administrative tasks and running
commonly-used applications on da1 through the VNC session.
6. When you’re finish testing the desktop, close the VNC session by clicking
Disconnect (at the top of the screen).
(End of Exercise)
Exercise 7-4 Use Nomad

In this exercise, you configure remote desktop sharing using Nomad. You establish an
RDP connection between da-host and da1.
As the necessary client packages are part of the SLED 11 SP2 installation media, you
have to add the DVD as a repository to da-host before installation.
You establish an RDP connection between your da-host workstation and the da1
virtual workstation.
1. Verify that your da1 workstation is running.
2. Log in to your da1 virtual machine as geeko, open a terminal window and su -
to the root account (password novell).
3. Install the yast2-rdp package on da1 by entering
yast -i yast2-rdp
4. Configure the RDP access by doing the following:
a. Start YaST and select Network Services > Remote Administration (RDP).
b. When prompted that the xrdp package needs to be installed, click Install.
c. (Conditional) If prompted, insert your SLES 11 installation DVD.
d. Wait while the RDP packages are installed.
A Remote Administration dialog appears.
e. Mark Allow Remote Administration and Open Port in Firewall if the firewall
is activated
f. Click Finish.
g. Close YaST.
5. Reboot da1 by entering init 6 at the shell prompt.
6. After the system as rebooted, log in as geeko with a password of novell.
7. Open a terminal session and switch to root using the su- command followed by
a password of novell.
8. Verify that xrdp is running by entering rcxrdp status at the shell prompt.
The command should return a status of “running”.
9. Install the rdesktop and tsclient packages on your host workstation by doing the
following:
a. Start YaST by selecting Computer > YaST.
b. When prompted, enter a root user password of novell.
c. Insert the SLED 11 SP2 installation DVD (i586 or x86_64, depending on
your installed architecture) in the DVD drive.
d. Select Software > Software repositories.
e. Select Add > DVD > Next; when prompted to insert the Add-on Products
DVD select Continue.
f. Accept the License Agreement and click Next.
g. Click OK to close the Software Repositories module
h. In YaST, select Software > Software Management.
i. In the search field, enter rdesktop and click Search.
j. Within the search results, select the rdesktop and tsclient packages and click
Accept. In the Automatic Changes dialog, select Continue.
k. Close the YaST Control Center.
10. Configure a remote desktop connection on your host workstation by doing the
following:
a. At the shell prompt on your host workstation da-host, enter tsclient.
b. In the Termina Server Client window, dlick New Connection > Windows
Terminal Service.
An Windows Terminal Service connection dialog appears.
c. In the Host field, type da1.digitalairlines.com.
d. In the Username field, type geeko.
e. In the Password field, type novell.
f. Expand Advanced Options.
g. In the Connection Type drop-down list, select LAN.
h. Select (check) the Save this connection entry.
i. In the Name field, enter da1 Desktop.
j. Click Save.
The da1 Desktop remote desktop connection is added to the Terminal Server
Client window.
11. Open the remote connection by double-clicking da1 Desktop.
The da1 desktop is displayed in an rdesktop /TightVNC window.
12. (Conditional) If time permits, experiment with the remote desktop. Try opening
and using the various applications remotely.
13. When complete, click Computer > Logout > Log Out within the remote desktop
session.
14. In the Terminal Server Client window, click the Exit icon.
15. At the shell prompt, enter exit.
(End of Exercise)
Monitor SUSE Linux Enterprise Server 11
SECTION 8 Monitor SUSE Linux Enterprise Server 11

 “Gather Information on your SLES 11 Server” on page 74
In this exercise, you learn how to get information on the computer you are using.
 “Manage System Logging” on page 76
In this exercise, you practice configuring syslog-ng and logrotate.
Exercise 8-1 Gather Information on your SLES 11 Server

In this exercise, you learn how to get information on the computer you are using.
You use the administration tools covered in this section to gather information on your
server.
As you work through this exercise, write down the appropriate value in the right-hand
column of the following table:
Table 8-1 Hardware Values
System Parameter Value
OS
Hardware Architecture
Processor Type
Hostname
Kernel Release
Kernel Version (include date and time)
System Up Time
Load Averages
SLES 11 Version
System Date and Time
Model Name of Processor
Free Memory
Patch Level

1. If necessary, power on your da1 server and log in as geeko with a password of
novell.
2. Open a terminal window and switch to root using the su - command and a
password of novell.
3. View the kernel release of the Linux distribution you are running by entering
uname -r
4. View the computer’s hardware architecture by entering
uname -m
5. View the processor type for this Linux build by entering
uname -p
6. View all information, including hostname, kernel release, and kernel version, by
entering
uname -a
7. View the system uptime and the load averages by entering
uptime
8. View the version of the SUSE Linux Enterprise Server distribution by entering
cat /etc/SuSE-release
9. View the system date and time by entering
date
10. View information on the processor by entering
cat /proc/cpuinfo
11. View the current memory statistics by entering
cat /proc/meminfo
(End of Exercise)
Exercise 8-2 Manage System Logging

In this exercise, you practice configuring syslog-ng and logrotate.
First, you configure syslog-ng to log messages of the local4 facility. The /var/
log/local4 file is used for messages of the local4 facility no matter the priority.
The /var/log/local4.debug file logs only messages with the debug priority.
A third file, /var/log/local4.info, logs only messages with the info priority.
Then you configure logrotate to manage these log files. You create a /etc/
logrotate.d/local4 file that does the following with these three files:
 Compresses the old logs
 Saves the old logs with a date extension
 Limits the oldest log to one day
 Limits the rotated logs saved to five
 Limits the maximum size of the file to 20 bytes
 Proceeds without error if a log file is missing
 Logs the date in the local4.info file each time a new log file is generated
NOTE: The above values (one day, five logs, 20 bytes) are used for demonstration purposes only. In
a production environment, these values should be much higher.
Complete the following tasks to do this:

 “Part I: Modify the syslog-ng Configuration” on page 76
 “Part II: Configure logrotate” on page 78
Part I: Modify the syslog-ng Configuration

To modify the syslog-ng configuration, do the following:
novell.
password of novell.
3. At the shell prompt, enter vi /etc/syslog-ng/syslog-ng.conf.
4. Press Ins.
5. Add the following lines at the bottom of the file to create filters for the messages
you want to log:
filter f_local4debug { level(debug) and facility(local4);
};
filter f_local4info { level(info) and facility(local4); };
filter f_local4 { facility(local4); };
6. Specify the destinations and log paths by adding the following lines:
destination local4debug { file("/var/log/local4.debug"); };

log { source(src); filter(f_local4debug);
destination(local4debug); };
destination local4info { file("/var/log/local4.info"); };
log { source(src); filter(f_local4info);
destination(local4info); };
destination local4 { file("/var/log/local4"); };
log { source(src); filter(f_local4); destination(local4); };
NOTE: Check your syntax carefully. If you make a mistake in this file, syslog won’t start.
7. Save the changes and close the editor by pressing Esc and then entering :exit.
8. Restart the syslog daemon by entering rcsyslog restart at the shell
prompt.
9. Open a new terminal window and enter su - followed by a password of novell.
10. Check the configuration by logging an entry to the info level in the local4 facility
by doing the following:
a. Enter the following in one of your terminal sessions to monitor the activity
of the log file:
tail -F /var/log/local4.info
NOTE: The -F option keeps trying to open a file even if it is inaccessible when tail
starts.
You will see warnings regarding the fact that the file does not yet exist. You can disregard
this error as the file will be created when you complete the next step.
b. In the other terminal window, log an entry to the info level in the local4
facility by entering
logger -p local4.info "Info message 1"
c. Check the results in the second terminal window. The message should be
logged in the /var/log/local4.info file.
The message should also be logged in the /var/log/local4 file and,
because of other entries in /etc/syslog-ng/syslog-ng.conf, in /
var/log/localmessages.
NOTE: If no messages appear, there might be something wrong with your syslog
configuration, for instance a typo or a missing “;”. To diagnose what is wrong, enter
rcsyslog restart at the shell prompt and see if syslog starts properly. If there is an
issue with the configuration, an error message will say so. Look for the line number
shown in the output for the error, correct it, and restart syslog.
d. In the terminal window where the log activity is being monitored with
tail, stop the monitoring by pressing Ctrl+c.
11. Repeat this process for the debug log level. Use the following command in the
first terminal window:
tail -F /var/log/local4.debug
Use the following command in the second terminal window:
logger -p local4.debug “Info message 2”
NOTE: Only those level4 log files with entries will be compressed during log rotation in Part
II of this exercise.
12. In the terminal window where the log activity is being monitored with tail,
stop the monitoring by pressing Ctrl+c.
Part II: Configure logrotate

To configure logrotate, do the following:
1. At the shell prompt, enter vi /etc/logrotate.d/local4.
2. Press Ins.
3. Add the following content to the file:
/var/log/local4.debug /var/log/local4.info /var/log/local4
{
compress
dateext
maxage 1
rotate 5
size 20
postrotate
date >> /var/log/local4.info
endscript
}
NOTE: Make sure the directories in the first line are separated with spaces.
4. Press Esc, then save the changes and close the editor by entering :exit.
5. Switch to virtual terminal 1 by pressing Ctrl+Alt+F1.
7. Rotate the logs manually by entering
logrotate /etc/logrotate.conf
8. Check the directory /var/log/ for the zipped local4 log files by entering
ls -l /var/log | less
You see the following files:
 local4.debug-current_date.bz2
 local4.info-current_date.bz2
For example, if the current date is July 15, 2012, then the zipped file for
local4.info will be local4.info-20120715.bz2.
The .bz2 extension is used because the command to compress files is set to
bzip2 in /etc/logrotate.conf.
NOTE: Only those log files with entries are zipped.
9. Exit the list by entering q.

10. Check the contents of the local4.info zipped archive by entering
less /var/log/local4.info-current_date.bz2
You should see the entries you added to the log file.
11. Press q to exit.
12. Log out as root by entering
exit
13. Return to the GNOME desktop by pressing Ctrl+Alt+F7.
(End of Exercise)
SECTION 9 Administer Linux Processes and Services
In this section of the workbook, you learn how to do the following

 “Schedule Jobs with cron and at” on page 82
In this exercise, you practice scheduling jobs with at and cron.
Exercise 9-1 Schedule Jobs with cron and at

In this exercise, you practice scheduling jobs with at and cron.
In the first part of the exercise, you redirect the output of the finger command to /
var/log/messages three minutes from the current time. Then you schedule the
same job for tomorrow at noon. Finally, you schedule a program to run tomorrow at 2
p.m. and afterwards remove the job.
In the second part of the exercise, you create a cron job as a normal user that logs the
output of finger to ~/users.log every minute and another cron job as root that
backs up /etc/ to /export/data2/etc.tgz using tar and the options czvf
every Tuesday at 2 a.m.
 “Part I: Schedule Jobs with at” on page 82
 “Part II: Schedule Jobs with cron” on page 83
Part I: Schedule Jobs with at

To schedule jobs with at, do the following:
novell.
password of novell.
3. Check to see if the at service is running by entering rcatd status at the
shell prompt.
4. If the command returns a status of unused, start the at service by entering
rcatd start at the shell prompt.
5. Display the current date and time by entering date at the shell prompt.
6. Three minutes from now, log who is currently logged in to the /var/log/
messages file by entering the following commands:
at hh:mm
finger >> /var/log/messages
NOTE: Make sure you enter two > characters in the above command. If you have only one >
character, all existing entries in /var/log/messages will be overwritten.
7. Exit the at editor by pressing Ctrl+d.

8. View the scheduled at jobs by entering atq (or at -l).
Note the job number listed.
9. Enter tail -f /var/log/messages at the shell prompt.
Login information for geeko will appear at the end of the file after the three
minutes have passed.
Stop tail by entering Ctrl+c.

10. Schedule the same job to run tomorrow at noon by entering the following
commands:
at noon tomorrow
finger >> /var/log/messages
12. Schedule the date to be logged tomorrow at 2:00 p.m. to the /var/log/
messages file by entering the following:
at 14:00 tomorrow
date >> /var/log/messages
Notice that the two jobs are listed, each with an individual job number.
15. Remove the job scheduled for tomorrow at 2:00 p.m. by entering
atrm job_number
Only the job scheduled for 12:00 p.m. should still be listed.
Part II: Schedule Jobs with cron

To schedule jobs with cron, do the following:
1. At the shell prompt, return to the geeko user account by entering exit.
2. Schedule a cron job as geeko by doing the following:
a. Enter crontab -e at the shell prompt.
The vi editor is displayed with geeko’s crontab file loaded.
b. Press Ins to enter insert mode.
c. Schedule finger to run every minute and write the output to the ~/
users.log file by entering the following:
* * * * * finger >> ~/users.log
d. Press Esc.
e. Save the file and exit the vi editor by entering :wq.
f. Watch the users.log file for a few minutes and validate that it is being
updated by entering tail -F ~/users.log at the shell prompt.
NOTE: The -F option keeps trying to open a file even if it is inaccessible when tail
starts.
g. When finished, press Ctrl+c to break out of tail.
3. Remove geeko’s crontab file by entering crontab -r at the shell prompt.

4. Verify that the crontab file no longer exists by entering crontab -l at the
shell prompt.
5. Verify that the cron job you defined in Step 2 is no longer active by entering
tail -f ~/users.log at the shell prompt.
Notice that entries to users.log are no longer being added.
6. Press Ctrl+c to stop tail.
7. Schedule a cron job as root:
a. At the shell prompt, enter su - followed by a password of novell.
b. Enter crontab -e.
c. Press Ins.
d. Add a job that runs at 2:00 a.m. every Tuesday and creates a tarball of /etc
that is saved in /tmp by entering the following:
0 2 * * 2 tar czvf /tmp/etc.tgz /etc
e. Press Esc.
f. Save the file and exit the vi editor by entering :wq.
g. Verify that the job is in the crontab file for root by entering crontab -l
The entry you made in Step d should be listed.
8. Remove root’s crontab file by entering crontab -r at the shell prompt.
9. Verify that the crontab file no longer exists by entering crontab -l at the
shell prompt.
(End of Exercise)
Manage Backup and Recovery
SECTION 10 Manage Backup and Recovery

 “Back Up System Files with YaST” on page 86
In this exercise, you learn how to perform a system backup with YaST.
 “Create Backup Files with tar” on page 87
In this exercise, you learn how to use tar to create backups.
 “Work with Snapper” on page 89
In this exercise, you learn how to use the YaST Snapper module and the
snapper command line tool.
 “Create Drive Images with dd (Optional)” on page 91
In this exercise, you use dd to create a drive image.
 “Back Up a Home Directory with rsync” on page 93
In this exercise, you use rsync to back up a user’s home directory.
 “Configure a cron Job for Data Backups” on page 95
In this exercise, you use cron to automate the backup process.
Exercise 10-1 Back Up System Files with YaST

In this exercise, you learn how to perform a system backup with YaST.
You perform the system backup with the YaST System Backup module.
1. If necessary, power on you da1 server and log in as geeko with a password of
novell.
2. Select Computer > YaST.
4. In YaST, select System > System Backup.
5. Select Profile Management > Add.
6. Enter Course3116; then click OK.
7. In the Filename field, enter /tmp/course3116.tar.
8. Click Next.
9. In the Backup Options screen, use the default selections by clicking Next.
A list of directories and file systems which are not going to be included in the
backup is displayed.
10. Under Items Excluded from Search, select Add > Directory.
11. Enter /home; then click OK.
We will assume that the home directories are backed up using a different utility.
12. Click OK.
13. In the profile overview, make sure the profile Course3116 is highlighted; then
click Create Backup.
Wait until the backup has been completed. (This will take some time to
complete.)
14. In the Backup Summary, click OK; then click OK in the System Backup screen.
15. Review the structure of the tar archive in /tmp/course3116.tar by doing
the following:
a. Open a terminal window and switch to your root user account by entering su
- at the shell prompt followed by a password of novell.
b. At the shell prompt, enter tar -tf /tmp/course3116.tar.
The list of files should match what you intended to back up.
(End of Exercise)
Exercise 10-2 Create Backup Files with tar

In this exercise, you learn how to use tar to create backups.
You use tar to create a full backup and an incremental backup.
 “Part I: Create a Full Backup” on page 87
 “Part II: Create an Incremental Backup” on page 87
NOTE: In this exercise, you copy backup files to the directory /tmp. This is done for
demonstration purposes only. You should not store an actual backup in the /tmp directory.
Part I: Create a Full Backup

To create a full backup, do the following:
novell.
3. Change to the /srv/www directory by entering
cd /srv/www/
4. Create a tar archive of the htdocs directory by entering
tar czf /tmp/htdocs.tar.gz htdocs
5. Delete the htdocs directory by entering
rm -r htdocs
6. Restore the htdocs directory by entering
tar xzf /tmp/htdocs.tar.gz
7. View the content of the restored directory by entering
ls htdocs
Part II: Create an Incremental Backup

To create an incremental backup, do the following:
1. Create a full backup of the htdocs directory by entering
tar czv -g /tmp/snapshot_file -f /tmp/
htdocs_full.tar.gz htdocs
2. Create a new file in the htdocs directory by entering
touch htdocs/incremental.html
3. Perform an incremental backup by entering
tar czv -g /tmp/snapshot_file -f /tmp/
htdocs_incremental.tar.gz htdocs
Note that tar backs up the content of the directory incrementally.

4. View the content of the incremental backup file by entering
tar -tzf /tmp/htdocs_incremental.tar.gz
The output of the above command should indicate that only the new file got
backed up.
5. Remove the htdocs directory by entering
rm -r htdocs
6. Unpack the full backup by entering
tar xzf /tmp/htdocs_full.tar.gz
7. Unpack the incremental backup by entering
tar xzf /tmp/htdocs_incremental.tar.gz
(End of Exercise)
Exercise 10-3 Work with Snapper

In this exercise, you learn how to use the YaST Snapper module and the snapper
command line tool.
You create a user with the YaST Users and Group Management module, then view
the changes in the YaST Snapper module and undo the changes with YaST and
snapper.
This exercise is done on the da2 virtual machine. The da2 VMware disk image files
are available on the 3116 course DVD and should already have been copied to the /
vmware directory of da-host during the setup of your exercise environment.
Do the following.
1. From your da-host desktop, launch VMware Player.
2. Select Open a Virtual Machine and browse to /vmware/3116-da2/, select
3116-da2.vmx and click Open.
3. In the VMware Player window, select 3116-da2 and click Play virtual machine.
4. (Conditional) If a Question dialog appears, select I copied it. If there is a Hint
regarding VMware Tools, click OK.
5. Log in to the da2 workstation as geeko (password novell).
6. Start YaST and create a tux user account using the Users and Groups
Management module.
7. In YaST, select Miscellaneous > Snapper.
8. In the Snapshots dialog, select the entry that matches the creation of the tux user
from Step 6 and click Show Changes.
9. Expand the etc entry on the left and select passwd.
10. Click the three Show the difference ... radio buttons to see their effect.
11. Click Restore From First and then OK.
12. Click the three Show the difference ... radio buttons again and notice the
difference to what they showed in Step 10.
13. With the passwd entry still selected, click Restore From Second and then OK.
14. Select all entries (put a check mark in the square) and click Restore Selected.
15. Click Yes in the Restoring Files dialog, and then OK.
16. Close YaST.
17. In a terminal window as root, enter cat /etc/passwd.
The user tux should not be listed.
18. In the terminal window, enter snapper list. There should be a yast snapper
entry; this is the entry where you undid the yast users entry.
Note the Pre and Post numbers:
19. Display the difference for the two snapshots for the /etc/passwd entry with the
following command:
snapper diff prenr..postnr /etc/passwd
There should be a line that starts with -tux ...
20. Check if there is a /home/tux directory by entering ls /home.
21. Check the status of the snapshots by entering
snapper status prenr..postnr
22. Roll back the change made by the YaST Snapper module by entering
snapper -v undochange prenr..postnr
As no file name is specified, all files are restored.
This is not always advisable, as other files might have been changed by other
processes while the snapper module was running that you don’t want to change
back to their previous state. Therefore always check the status as in Step 21 to
avoid any inadvertant effects from the restore.
23. Check if the /home/tux directory was restored and the /etc/passwd file
has again an entry for tux.
(End of Exercise)
Exercise 10-4 Create Drive Images with dd (Optional)

In this exercise, you use dd to create a drive image from an optical disc.
1. Connect your da1 virtual machine to the 3116_CD.iso file located in the
Exercises/10-3 directory on your course DVD by doing the following:
a. If an optical disc icon is displayed on your da1 desktop, right-click it and
select Unmount Volume.
b. In your da1 VMware window, select Virtual Machine > Removable Devices
> CD/DVD > Disconnect.
c. If necessary, insert your 3116 course DVD in your host workstation’s optical
drive.
d. In your da1 VMware window, select Virtual Machine > Removable Devices
> CD/DVD > Connect to Disk Image File (iso).
e. Browse to and select the 3116_CD.iso file located in the Exercises/10-
3 directory on your course DVD.
f. Select Open.
g. When prompted for root’s password, enter novell.
You should see the GNOME File Browser window open, displaying the
contents of the disc.
2. Close the File Browser window.
4. At the shell prompt, enter mount.
5. In the output, look for an entry
/dev/sr0 on /media/...
6. Note the corresponding device name (listed in the first column of the output):
7. Copy an image of the CD to the hard disk by entering the following at the shell
prompt:
dd if=/dev/device_name of=/tmp/course_cd.iso
When done, you should see a “... records in ... records out” message.
8. When the copy process is complete, mount the image file by entering
mount -o loop /tmp/course_cd.iso /mnt/
9. Change to the /mnt/ directory by entering cd /mnt at the shell prompt.
10. Display the content of the image file by entering ls at the shell prompt.
You should see the files from the CD.
11. Enter cd /media/3116_CD; then enter ls.

Note that the content of the image file is identical to the original CD.
12. Change to your home directory and unmount the image file by entering the
following commands:
cd
umount /mnt
13. Delete the image file by entering
rm /tmp/course_cd.iso
14. Connect your da1 virtual machine back to your host workstation’s optical drive
by doing the following:
a. Right-click the 3116_CD volume on your desktop and select Unmount.
b. In your da1 VMware window, select Virtual Machine > Removable Devices
> CD/DVD > Disconnect.
c. If necessary, insert your SLES 11 installation DVD in your host
workstation’s optical drive.
d. In your da1 VMware window, select Virtual Machine > Removable Devices
> CD/DVD > Connect to /dev/sr0.
e. When prompted for root’s password, enter novell.
f. Close all open windows.
(End of Exercise)
Exercise 10-5 Back Up a Home Directory with rsync

In this exercise, you use rsync to backup a user’s home directory.
 “Part I: Perform a Local Backup with rsync” on page 93
 “Part II: Perform a Remote Backup with rsync” on page 93
Part I: Perform a Local Backup with rsync

To perform a local backup with rsync, do the following:
1. On your da1 virtual server, log in as geeko with a password of novell (if
necessary) and open a terminal window.
2. Switch to root using the su - command along with a password of novell.
3. Create a backup directory by entering mkdir /tmp/rsync_test at the shell
prompt.
4. Copy geeko's home directory to the backup directory by entering the following
command at the shell prompt:
rsync -av /home/geeko/ /tmp/rsync_test
5. At the shell prompt, enter cd /tmp/rsync_test.
6. Enter ls to view the files copied by rsync.
You should see all the files that are in geeko’s home directory.
7. At the shell prompt, enter cd ~.
8. Open a second terminal window.
9. As the geeko user, create a new file by entering touch new_file at the shell
prompt.
10. Switch to the root terminal window and enter the same rsync command again:
rsync -av /home/geeko/ /tmp/rsync_test
Notice that rsync transfers only the new file and the corresponding directory.
Part II: Perform a Remote Backup with rsync

In this part of the exercise, you preform a a remote backup to your da-host
workstation from da1. Do the following:
1. Open the ssh port in the firewall on da-host (if it is enabled) by doing the
following:
a. On da-host, select Computer > YaST.
b. Select Security and Users > Firewall.
(If the firewall is not running you can just close the Firewall Configuration
window and YaST and go to Step 2 on page 94.)
c. On the left, select Allowed Services.
d. In the Service to Allow drop-down list, select Secure Shell Server.

e. Click Add.
f. Click Next > Finish.
g. Close YaST.
2. Switch back to your da1 server.
3. From the root terminal window on da1, create a /tmp/rsycnc_remote_test
directory by entering
mkdir /tmp/rsync_remote_test
4. From the root terminal window on da1, perform a remote backup of the geeko
user’s home directory on da-host by entering the following at the shell prompt
(all on one line):
rsync -av root@da-host.digitalairlines.com:/home/geeko
/tmp/rsync_test
5. When prompted to accept the security certificate, enter yes.
You should see the geeko user’s files on da-host being synchronized to your da1
server.
7. Switch to your da-host workstation and do the following:
a. Open a terminal session on da-host.
b. As geeko, create a new file in the geeko home directory by entering
touch ~/new_file2
8. Switch back to your da1 server.
9. Enter the rsync command again at the shell prompt:
rsync -av root@da-sled.digitalairlines.com:/home/geeko
/tmp/rsync_test
Notice that only new files created since the last time rsync was run are copied.
11. Clean up the backup directories by entering
rm -r /tmp/rsync_*
12. Close all terminal windows on both virtual machines.
(End of Exercise)
Exercise 10-6 Configure a cron Job for Data Backups

In this exercise, you use cron to automate the backup process.
1. On your da1 virtual server, log in as geeko with a password of novell (if
necessary) and open a terminal window.
2. Switch to root using the su - command and a password of novell.
3. Change to the /usr/local/bin/ directory by entering
cd /usr/local/bin
4. Create the home_backup.sh file in the current directory by entering vi
home_backup.sh at the shell prompt.
5. Press Ins, then add the following lines to the file:
#!/bin/bash
rsync -a /home/geeko /tmp/rsync_test
6. Press Esc, then enter :exit to save the file and close the editor.
7. Make the file executable by entering chmod 744 home_backup.sh at the
shell prompt.
8. To edit root’s crontab, start the crontab editor by entering crontab -e at the
shell prompt.
9. Press Ins, then enter the following:
5_minutes_in_the_future current_hour * * * /usr/local/bin/
home_backup.sh
For example, to have the backup script run at 3:30 pm, you would enter the
following:
30 15 * * * /usr/local/bin/home_backup.sh
10. Press Esc, then enter :exit to save the file and close the editor.
11. Wait five minutes, then verify that the backup ran by entering the following at the
shell prompt:
ls /tmp/rsync_test
12. Close all open windows on da1.
(End of Exercise)
Administer User Access and Security
SECTION 11 Administer User Access and Security

 “Configure PAM Authentication” on page 98
In this exercise, you practice configuring PAM authentication.
 “Configure sudo” on page 100
In this exercise, you practice configuring sudo.
 “Configure the Password Security Settings” on page 102
In this exercise, you practice changing different security settings.
 “Use ACLs” on page 104
In this exercise, you practice using ACLs.
 “Configure SuSEfirewall2” on page 107
In this exercise, you practice configuring the firewall on SUSE Linux Enterprise
Server 11 SP2.
Exercise 11-1 Configure PAM Authentication

In this exercise, you practice configuring PAM authentication.
You will create a file on da1 that prevents all normal users (such as geeko) from
logging in and you then test the system.
novell.
2. From the graphical desktop, switch to virtual console 3 by pressing Ctrl+Alt+F3.
4. Create the /etc/nologin file by entering the following command at the shell
prompt:
echo No login possible > /etc/nologin
5. Switch to virtual console 4 by pressing Alt+F4.
6. Attempt to log in as geeko.
A “No login possible” and a “Login incorrect” message are displayed, indicating
that you cannot log in to the system.
7. Switch back to virtual console 3 by pressing Alt+F3.
8. View the last lines of the file /var/log/messages by entering the following
at the shell prompt:
tail /var/log/messages
Look for the “FAILED LOGIN” message for geeko that indicates the failed login
attempt.
9. Edit the file /etc/pam.d/login configuration file by doing the following:
a. At the shell prompt, enter vi /etc/pam.d/login.
b. Switch to insert mode by pressing Ins.
c. Add a # sign to the beginning of the following line:
auth requisite pam_nologin.so
This PAM module checks to see if a /etc/nologin file exists. If it does,
it does not allow regular users to log in by returning a failed status.
Now that this line is commented out, PAM will not check for the file. This
means that all users can log in, even if the file exists.
d. Press Esc, then save the file by entering :w.
10. Test the modified PAM configuration file:
a. Switch to virtual console 4 by pressing Alt+F4.
b. Attempt to log in as geeko with a password of novell.
You are able to log in because PAM no longer checks for the /etc/
nologin file.
c. Log out as geeko by entering exit.
11. Edit the file /etc/pam.d/login to uncomment the pam_nologin.so line:
a. Switch to virtual console 3 by pressing Alt+F3.
b. In the vi editor, press Ins.
c. Uncomment the pam_nologin.so line (by removing the # sign you
entered before) so it looks like the following:
auth requisite pam_nologin.so
d. Press Esc, then save the file and exit vi by entering :wq.
12. On virtual console 4, try logging in again as geeko.
Again, you receive a “Login incorrect” message.
13. Press Alt+F3.
14. Delete the file /etc/nologin by entering rm /etc/nologin at the shell
prompt.
15. Press Alt+F4.
16. Try again to log in as geeko with a password of novell.
Because the /etc/nologin file no longer exists, user login is enabled again.
17. Log out as geeko by entering exit.
18. Press Alt+F3.
19. Log out as root by entering exit.
20. Return to the server desktop by pressing Alt+F7.
(End of Exercise)
Exercise 11-2 Configure sudo

In this exercise, you practice configuring sudo.
You allow the geeko user to kill processes on da1 as root.
3. Switch to root using the su - command and password of novell.
4. At the shell prompt, enter visudo.
5. Press Ins.
6. Scroll down to the “Defaults targetpw...” line.
7. Comment out the following lines by placing a # at the beginning of each of the
following lines:
Defaults targetpw # ask for the password of ...
ALL ALL=(ALL) ALL # WARNING! Only use this together ...
8. Define a User_Alias named POWERUSERS that contains the geeko user
account by adding the following line to the end of the file:
User_Alias POWERUSERS = geeko
9. Define a Cmnd_Alias named KPROCS that contains the kill and killall
commands by adding the following line to the end of the file:
Cmnd_Alias KPROCS = /bin/kill, /usr/bin/killall
10. Define a Host_Alias named HOSTS that contains the da1 host by adding the
following line to the end of the file:
Host_Alias HOSTS = da1
11. Using the aliases defined above, allow the geeko user to run the specified
commands on da1 as root by adding the following line to the end of the file:
POWERUSERS HOSTS = (root) KPROCS
12. Press Esc, then save your changes and exit the editor by entering :exit.
13. Test your configuration by doing the following:
a. At the shell prompt (as root), enter top to start the top process running.
b. Open a new terminal window.
c. At the shell prompt in the new terminal window (as geeko), enter sudo
killall top.
d. When prompted, enter geeko’s password of novell.
You should see that top is unloaded in the first terminal window.
e. Close all open windows on the desktop.
(End of Exercise)
Exercise 11-3 Configure the Password Security Settings

In this exercise, you practice changing different security settings.
You will change the default behavior when Ctrl+Alt+Del is pressed. You will also
change the encryption method from blowfish to MD5.
password of novell.
2. Open a terminal window on da1.
3. Check the setting for the Ctrl+Alt+Del keystroke in the file /etc/inittab by
entering
grep ctrlaltdel /etc/inittab
Note the current setting:
4. Start YaST by selecting Computer > YaST and entering a password of novell.
5. Select Security and Users > Security Center and Hardening.
The Security Overview dialog appears.
6. On the left, select Predefined Security Configurations.
7. Make sure Custom Settings is selected.
8. On the left, select Password Settings.
9. From the Password Encryption Method drop-down list, select MD5.
10. On the left, select Boot Settings.
11. From the Interpretation of Ctrl + Alt + Del drop-down list, select Halt.
12. Apply the new security settings by clicking OK.
13. Close YaST.
14. To test the change, you must first activate the new configuration.
This can be done either by rebooting the system or by entering (as root) init q,
which reloads the /etc/inittab file. You will do the latter:
a. In the terminal window, su - to root using a password of novell.
b. Reload the /etc/inittab file by entering init q.
15. Verify that the Ctrl+Alt+Del setting has changed by entering
grep ctrlaltdel /etc/inittab
Notice that the setting is now shutdown -h instead of what you noted in Step
3 on page 102.
16. Test this setting by pressing Ctrl+Alt+F1 to switch to a virtual terminal. Then
select from the VMware Menu Virtual Machine > Send Ctrl+Alt+Del.
The system shuts down instead of restarting.
17. Power the da1 virtual machine back on and log in as geeko with a password of
novell.
18. (Optional) Use the YaST Security Settings module to change the default for
Ctrl+Alt+Del back to Restart.
(End of Exercise)
Exercise 11-4 Use ACLs

In this exercise, you practice using ACLs.
In the first part, you create the acl_test directory in /tmp and set rwx rights for
the owner only. You then set ACLs to allow the geeko user to change into that
directory.
In the second part, you create a file in the /tmp/acl_test directory as root using
touch. Then you change the default ACLs for the /tmp/acl_test directory to
give geeko read and write access to files and directories.
In the third part of this exercise, you practice removing the ACLs that you have set.
 “Part I: Configure the ACL of a Directory” on page 104
 “Part II: Configure a Default ACL for a Directory” on page 105
 “Part III: Delete an ACL” on page 105
Part I: Configure the ACL of a Directory

To configure the ACL of a directory, do the following:
1. If necessary, log in to your da1 server as geeko with a password of novell.
3. Change to the directory /tmp by entering
cd /tmp
4. Create a test directory by entering
mkdir acl_test
5. Limit the file system permissions for the directory by entering
chmod 700 acl_test
6. Open a second terminal window as the geeko user.
7. Try changing to the test directory by entering
cd /tmp/acl_test/
The command fails, because geeko (who is not the owner of the directory) has no
permission to read and change into the directory.
8. Switch to the root terminal session.
9. Display the minimum ACL of the directory by entering
getfacl acl_test
It should should show the rwx permissions for the owning user and no
permission for anyone else.
10. Add an extended ACL by entering
setfacl -m u:geeko:rwx acl_test/

11. Switch to the geeko terminal and try to access the directory again by entering
cd /tmp/acl_test
Because of the extended ACL, you can now change into the directory.
12. Switch to the root terminal and display the extended ACL of the directory by
entering
getfacl /tmp/acl_test/
It should show the additional permissions for the named user geeko.
Part II: Configure a Default ACL for a Directory

To configure a default ACL for a directory, do the following:
1. In the root terminal window, change to the directory acl_test by entering
cd /tmp/acl_test
2. Create a file by entering
touch without_default_acl
3. Display the ACL of the new file by entering
getfacl without_default_acl
Because there is no default ACL for the parent directory, the new file does not
have an extended ACL either.
4. Set a default ACL for the acl_test directory by entering
setfacl -d -m u:geeko:rw /tmp/acl_test/
5. Create another test file by entering
touch with_default_acl
6. Display the ACL of the new file by entering
getfacl with_default_acl
Because this file was created after the default ACL of the parent directory was
set, the new file inherited the ACL. It has an entry for the named user geeko.
Part III: Delete an ACL

To delete ACL, do the following:
1. In the root terminal window, remove the ACL by entering
setfacl -x u:geeko with_default_acl
2. Display the ACL again by entering
As you can see, the ACL for the user geeko has been removed. If there were
ACLs for other users, they would remain unaffected.
3. View the file attributes of with_default_acl by entering

ls -l with_default_acl
The + sign signifies that there are still extended attributes (such as the mask) set
for the file.
4. Remove all ACLs by entering
setfacl -b with_default_acl
5. Display the ACL again by entering the following commands:
ls -l with_default_acl
Notice that the ACL has been removed.
6. Close all terminal windows.
(End of Exercise)
Exercise 11-5 Configure SuSEfirewall2

In this exercise, you practice configuring the firewall on SUSE Linux Enterprise
Server 11 SP2.
In this exercise, you practice configuring SuSEfirewall2 on your da1 server. You
install and configure the Apache Web Server on da1. Then you enable the firewall on
da1 and configure it to allow Web server traffic.
1. If necessary, log in to da1 as geeko with a password of novell.
2. Install the Apache Web Server on da1 by doing the following:
a. Select Computer > YaST.
b. When prompted, enter a password of novell.
c. Select Software > Software Management.
d. From the View drop-down list, select Patterns.
e. Select the Web and LAMP Server pattern.
f. Click Accept.
g. In the Automatic Changes screen, click Continue.
h. If prompted, insert your SLES 11 SP2 installation DVD and click Retry.
Wait while the packages are installed.
i. When done, close YaST.
j. Open a terminal session.
k. Switch to root by entering su - at the shell prompt followed by a password
of novell.
l. Start Apache on da1 by entering rcapache2 start at the shell prompt.
3. Test the Apache Web Server on da1 by doing the following:
a. Select Computer > Firefox.
b. In the Address field, enter http://da1.digitalairlines.com.
You should see a page saying “It works!”.
c. Close Firefox.
4. Enable SuSEfirewall2 on da1 by doing the following:
a. Start YaST again on da1.
b. Select Security and Users > Firewall.
c. In the Start-Up screen, verify that mark Enable Firewall Automatic Starting
is marked.
d. (Conditional) if your firewall isn’t currently running, select Start Firewall
Now.
You should see the firewall status change to running.
e. Click Next.
f. Review the settings on the Summary screen, then click Finish.
g. Close YaST.
5. Test the firewall configuration from your da-host workstation by doing the
following:
a. Start Firefox on da-host.
b. In the Address field, enter http://da1.digitalairlines.com.
The server should fail to respond because the firewall on da1 is blocking all
network traffic.
6. Configure the firewall on DA1 to allow Web server traffic by doing the
following:
a. Switch to your DA1 virtual server.
b. Start YaST and select Security and Users > Firewall.
c. Select Allowed Services.
d. From the Service to Allow drop-down list, select HTTP Server; then click
Add.
e. From the Service to Allow drop-down list, select HTTPS Server; then click
Add.
f. Click Next.
g. Click Finish.
h. Close YaST.
7. Test the new firewall configuration by doing the following:
a. Switch to your da-host workstation.
b. In the Firefox window, click the Reload icon.
The server should now respond because the firewall on da1 is configured to
allow HTTP and HTTPS traffic.
8. Close all open windows on both systems.
(End of Exercise)

3116 Workbook

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3116 Workbook

Uploaded by

Copyright:

Available Formats

SUSE Linux Enterprise Server 11 SP2

Novell Training Services www.novell.com

SUSELni uxEnterpsi eServer1 SP2Adminstratoi n/Workbo k1

Check the Media in Your Student Kit 7

SECTION 1 Install SUSE Linux Enterprise Server 11 SP2 17

Exercise 1-1 Install SUSE Linux Enterprise Server 11 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

SECTION 2 Manage System Initialization 23

Exercise 2-1 Manage the Boot Loader. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

SECTION 3 Administer Linux Processes and Services 31

Exercise 3-1 Manage Linux Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

SECTION 4 Administer the Linux File System 37

Exercise 4-1 Configure Partitions on your Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

SECTION 5 Configure the Network Manually 53

Exercise 5-1 Configure the Network Connection Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54

SECTION 6 Manage Hardware 57

Exercise 6-1 Manage Linux Kernel Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

SECTION 7 Configure Remote Access 63

Exercise 7-1 Practice Using OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

SECTION 8 Monitor SUSE Linux Enterprise Server 11 73

Exercise 8-1 Gather Information on your SLES 11 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

SECTION 9 Administer Linux Processes and Services 81

Exercise 9-1 Schedule Jobs with cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

SECTION 10 Manage Backup and Recovery 85

Exercise 10-1 Back Up System Files with YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

Exercise 11-1 Configure PAM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Check the Media in Your Student Kit

Check Hardware and Software Requirements

Table Intro-1 Course 3116 Hardware and Software Requirements

Setup Minimum Requirements

Hardware You need a host computer that meets the

Pentium 4 - 2.8Ghz CPU (or faster; use

Make sure that the host computer is actually

Software To complete the setup of the host computer,

SUSE Linux Enterprise Server 11 SP2

You use this software to install da-host.

Set Up Your Practice Environment

Install da-host Using AutoYaST

Table Intro-2 Copies of da-host.xml

Available Hardware Storage Location for da-host.xml

2 CD/DVD drives No copy needed

Floppy disk drive Copy to floppy disk

USB port Copy to USB stick or USB hard drive

To install da-host using AutoYaST, do the following:

Install da-host Manually

To install da-host manually, do the following:

7. Configure your time zone information by doing the following:

Install VMware Player

To install VMware Player on da-host, do the following:

da-host:~ # ip a s dev vmnet1

Review the Exercise Conventions

SECTION 1 Install SUSE Linux Enterprise Server 11 SP2

In this section of the workbook, you learn how to do the following:

Exercise 1-1 Install SUSE Linux Enterprise Server 11 SP2

NOTE: This password is not appropriate for a production environment.

 Use a static IP address:

As Name Server 1, enter 172.17.8.1

31. Return to the Network Configuration dialog by selecting OK.

SECTION 2 Manage System Initialization

In this section of the workbook, you learn how to do the following:

Exercise 2-1 Manage the Boot Loader

To do this with a USB keyboard, complete the following steps first:

Complete the following:

stty: standard input: Invalid argument

###Don't change this comment - YaST2 identifier: Original