Ebook Linux Administration A Beginners Guide PDF Full Chapter PDF

Linux Administration A Beginnerâ€™s
Guide - eBook PDF

Visit to download the full and correct content document:
https://ebooksecure.com/download/linux-administration-a-beginners-guide-ebook-pdf/
Linux Administration
A Beginner’s Guide
Seventh Edition
WALE SOYINKA
Copyright © 2016 by McGraw-Hill Education
ISBN: 978-0-07-184537-3
MHID: 0-07-184537-2
The material in this eBook also appears in the print version of this title: ISBN: 978-0-07-184536-6,
MHID: 0-07-184536-4.
eBook conversion by codeMantra

Version 1.0
At a Glance
PART I Introduction, Installation, and Software Management
1 Technical Summary
of Linux Distributions . . . . . . . . . . . . . . . 3
2 Installing Linux in
a Server Configuration . . . . . . . . . . . . . . . 17
3 The Command Line . . . . . . . . . . . . . . . . . . . 47
4 Managing Software . . . . . . . . . . . . . . . . . . . 87
PART II Single-Host Administration
5 Managing Users and Groups .. . . . . . . . . . . 121

6 Booting and Shutting Down . . . . . . . . . . . . 153
7 File Systems . . . . . . . . . . . . . . . . . . . . . . . . . 181
8 Core System Services . . . . . . . . . . . . . . . . . . 213
9 The Linux Kernel . . . . . . . . . . . . . . . . . . . . . 245
10 Knobs and Dials:
API (Virtual) File Systems . . . . . . . . . . . . 269
00-FM.indd 5 20/11/15 10:04 AM

PART III Networking and Security
11 TCP/IP for System Administrators . . . . . . . 287

12 Network Configuration . . . . . . . . . . . . . . . . 329
13 Linux Firewall (Netfilter) .. . . . . . . . . . . . . . 355
14 Local Security . . . . . . . . . . . . . . . . . . . . . . . 387
15 Network Security .. . . . . . . . . . . . . . . . . . . . 405
PART IV Internet Services
16 Domain Name System (DNS) . . . . . . . . . . . 421

17 File Transfer Protocol (FTP) . . . . . . . . . . . . . 459
18 Apache Web Server . . . . . . . . . . . . . . . . . . . 479
19 Simple Mail Transfer Protocol (SMTP) . . . . 499
20
Post Office Protocol and Internet Mail
Access Protocol (POP and IMAP) . . . . . . 513
21 Voice over Internet Protocol (VoIP) . . . . . . . 535
22 Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . 581
PART V Intranet Services
23 Network File System (NFS) . . . . . . . . . . . . . 603

24 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
25 Distributed File Systems (DFS) . . . . . . . . . . 643
26 Network Information Service (NIS) .. . . . . . 655
27 Lightweight Directory Access
Protocol (LDAP) .. . . . . . . . . . . . . . . . . . . 681
28 Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
29 Dynamic Host Configuration
Protocol (DHCP) . . . . . . . . . . . . . . . . . . . 721
30 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . 735
31 Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755
PART VI Appendixes
A Creating a Linux Installer

on Flash/USB Devices . . . . . . . . . . . . . . . 773
B Demo Virtual Machine .. . . . . . . . . . . . . . . . 785
Index .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803
00-FM.indd 6 20/11/15 10:04 AM

Contents
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxiii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
PART I
Introduction, Installation, and Software Management
1 Technical Summary of Linux Distributions . . . . . . . . . . . . . 3
Linux: The Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
What Is Open Source Software and GNU All About? . . . . . . . . . . . 5
What Is the GNU Public License? .. . . . . . . . . . . . . . . . . . . . . . 7
Upstream and Downstream . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
The Advantages of Open Source Software . . . . . . . . . . . . . . . . . . . 9
Understanding the Differences Between Windows and Linux . . . . 11
Single Users vs. Multiple Users vs. Network Users . . . . . . . . . 11
The Monolithic Kernel and the Micro-Kernel . . . . . . . . . . . . . . 12
Separation of the GUI and the Kernel .. . . . . . . . . . . . . . . . . . . 12
My Network Places . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
The Registry vs. Text Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Domains and Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . 15
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
00-FM.indd 7 20/11/15 10:04 AM

NPL_2010 / Linux Administration: A Beginner’s Guide, Seventh Edition / Wale Soyinka / 536-4 / Front Matter
2 Installing Linux in a Server Configuration . . . . . . . . . . . . . . 17

Hardware and Environmental Considerations . . . . . . . . . . . . . . . . 18
Server Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Uptime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Methods of Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Installing Fedora . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Project Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
The Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Installation Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Localization Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Software Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
System Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Start the Installation, Set the Root Password,
and Create a User Account . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Complete the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Log In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Installing Ubuntu Server .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Start the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Configure the Network .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Set Up Users and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configure the Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Set Up the Disk Partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Other Miscellaneous Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3 The Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

An Introduction to Bash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Job Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Environment Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Pipes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Command-Line Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Filename Expansion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Environment Variables as Parameters . . . . . . . . . . . . . . . . . . . 54
Multiple Commands .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Backticks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Documentation Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
The man Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
The texinfo System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Files, File Types, File Ownership, and File Permissions . . . . . . . . . 58
Normal Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Hard Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Symbolic Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Block Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Character Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Named Pipes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Listing Files: ls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
00-FM.indd 8 20/11/15 10:04 AM

Change Ownership: chown . . . . . . . . . . . . . .. . . . . . . . . . . . . 61

Change Group: chgrp . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 61
Change Mode: chmod . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 62
File Management and Manipulation .. . . . . . . . . .. . . . . . . . . . . . . 64
Copy Files: cp . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 65
Move Files: mv . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 65
Link Files: ln . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 66
Find a File: find .. . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 66
File Compression: gzip . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 67
File Compression: bzip2 . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 68
File Compression: xz .. . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 68
Create a Directory: mkdir . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 68
Remove a Directory: rmdir . . . . . . . . . . . . . . .. . . . . . . . . . . . . 69
Show Present Working Directory: pwd . . . . .. . . . . . . . . . . . . 69
Tape Archive: tar .. . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 69
Concatenate Files: cat . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 71
Display a File One Screen at a Time: more . . .. . . . . . . . . . . . . 72
Show the Directory Location of a File: which .. . . . . . . . . . . . . 72
Locate a Command: whereis . . . . . . . . . . . . .. . . . . . . . . . . . . 72
Editors .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 73
vi .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 73
emacs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 74
joe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 74
pico . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 74
Miscellaneous Tools . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 74
Disk Utilization: du . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 75
Disk Free: df . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 75
Synchronize Disks: sync . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 76
List Processes: ps . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 76
Show an Interactive List of Processes: top . . .. . . . . . . . . . . . . 77
Send a Signal to a Process: kill . . . . . . . . . . . .. . . . . . . . . . . . . 79
Show System Name: uname . . . . . . . . . . . . . .. . . . . . . . . . . . . 81
Who Is Logged In: who . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 82
A Variation on who: w . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 82
Switch User: su . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 82
Putting It All Together (Moving a User
and Its Home Directory) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
4 Managing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

The Red Hat Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Managing Software Using RPM . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Querying for Information the RPM Way
(Getting to Know One Another) . . . . . . . . . . . . . . . . . . . . . 91
Installing Software with RPM (Moving in Together) . . . . . . . 94
Uninstalling Software with RPM
(Ending the Relationship) . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Other Things RPM Can Do .. . . . . . . . . . . . . . . . . . . . . . . . . . 99
Yum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
00-FM.indd 9 20/11/15 10:04 AM

DNF .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 103
GUI RPM Package Managers . . . . . . . . . . . . . . . . . . . .. . . . . . . . 104
Fedora .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 104
openSUSE and SLE . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 104
The Debian Package Management System . . . . . . . . . .. . . . . . . . 105
APT .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 106
Software Management in Ubuntu . . . . . . . . . . . . . . . . .. . . . . . . . 106
Querying for Information . . . . . . . . . . . . . . . . . . . .. . . . . . . . 107
Installing Software in Ubuntu . . . . . . . . . . . . . . . .. . . . . . . . 107
Removing Software in Ubuntu . . . . . . . . . . . . . . . .. . . . . . . . 108
Compile and Install GNU Software . . . . . . . . . . . . . . .. . . . . . . . 110
Getting and Unpacking the Source Package .. . . . .. . . . . . . . 111
Looking for Documentation . . . . . . . . . . . . . . . . . .. . . . . . . . 113
Configuring the Package . . . . . . . . . . . . . . . . . . . .. . . . . . . . 113
Compiling the Package .. . . . . . . . . . . . . . . . . . . . .. . . . . . . . 114
Installing the Package .. . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 115
Testing the Software . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 116
Cleanup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 116
Common Problems When Building from Source Code .. . . . . . . . 117
Problems with Libraries . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 117
Missing Configure Script . . . . . . . . . . . . . . . . . . . .. . . . . . . . 118
Broken Source Code . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 118
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . 118
PART II
Single-Host Administration
5 Managing Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . 121
What Exactly Constitutes a User? . . . . . . . . . . . . . . . . . . . . . . . . . 122
Where User Information Is Kept . . . . . . . . . . . . . . . . . . . . . . . . . . 123
The /etc/passwd File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
The /etc/shadow File .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
The /etc/group File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
User Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Command-Line User Management . . . . . . . . . . . . . . . . . . . . 130
GUI User Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Users and Access Permissions .. . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Understanding SetUID and SetGID Programs . . . . . . . . . . . . 138
Sticky Bit .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Pluggable Authentication Modules .. . . . . . . . . . . . . . . . . . . . . . . 140
How PAM Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
PAM’s Files and Their Locations . . . . . . . . . . . . . . . . . . . . . . 141
Configuring PAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
An Example PAM Configuration File . . . . . . . . . . . . . . . . . . . 144
The “Other” File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
D’oh! I Can’t Log In! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Debugging PAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
00-FM.indd 10 20/11/15 10:04 AM

A Grand Tour . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . 147

Creating Users with useradd . . . . . . . . . . . . . . . . . . . . .. . . . 147
Creating Groups with groupadd . . . . . . . . . . . . . . . . . .. . . . 149
Modifying User Attributes with usermod . . . . . . . . . . .. . . . 150
Modifying Group Attributes with groupmod . . . . . . . .. . . . 150
Deleting Users and Groups with userdel and groupdel .. . . . 151
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . 151
6 Booting and Shutting Down . . . . . . . . . . . . . . . . . . . . . . . . 153

Boot Loaders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
GRUB Legacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
GRUB 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
LILO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
Bootstrapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
The init Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
rc Scripts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Writing Your Own rc Script . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Enabling and Disabling Services . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Enabling a Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Disabling a Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Graphical Service Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
Odds and Ends of Booting and Shutting Down . . . . . . . . . . . . . . 178
fsck! .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Booting into Single-User (“Recovery”) Mode .. . . . . . . . . . . . 179
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
7 File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

The Makeup of File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
i-Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182
Superblocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
ext3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
ext4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
Btrfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
XFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Which File System Should You Use? . . . . . . . . . . . . . . . . . . . 187
Managing File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Mounting and Unmounting Local Disks . . . . . . . . . . . . . . . . 188
Using fsck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Adding a New Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
Overview of Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196
Traditional Disk and Partition Naming Conventions . . . . . . . 196
Volume Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
Creating Partitions and Logical Volumes . . . . . . . . . . . . . . . . 198
Creating File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210
00-FM.indd 11 20/11/15 10:04 AM

8 Core System Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

The init Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
upstart: Die init. Die Now! . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
xinetd and inetd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
The /etc/xinetd.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Examples: A Simple Service Entry
and Enabling/Disabling a Service . . . . . . . . . . . . . . . . . . . 228
The Logging Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
rsyslogd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
systemd-journald (journald) . . . . . . . . . . . . . . . . . . . . . . . . . . 238
The cron Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
The crontab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Editing the crontab File .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
9 The Linux Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

What Exactly Is a Kernel? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Finding the Kernel Source Code . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Getting the Correct Kernel Version .. . . . . . . . . . . . . . . . . . . . 248
Unpacking the Kernel Source Code . . . . . . . . . . . . . . . . . . . . 249
Building the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Preparing to Configure the Kernel . . . . . . . . . . . . . . . . . . . . . 251
Kernel Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
Compiling the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Installing the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Booting the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
The Author Lied—It Didn’t Work! . . . . . . . . . . . . . . . . . . . . . 262
Patching the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Downloading and Applying Patches . . . . . . . . . . . . . . . . . . . 263
If the Patch Worked . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
If the Patch Didn’t Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
10 Knobs and Dials: API (Virtual) File Systems . . . . . . . . . . . 269

What’s Inside the /proc Directory? .. . . . . . . . . . . . . . . . . . . . . . . 270
Tweaking Files Inside of /proc . . . . . . . . . . . . . . . . . . . . . . . . 271
Some Useful /proc Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
Enumerated /proc Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Common proc Settings and Reports . . . . . . . . . . . . . . . . . . . . . . . 274
SYN Flood Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Issues on High-Volume Servers . . . . . . . . . . . . . . . . . . . . . . . 277
Debugging Hardware Conflicts . . . . . . . . . . . . . . . . . . . . . . . 277
SysFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
cgroupfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
tmpfs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
tmpfs Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
00-FM.indd 12 20/11/15 10:04 AM

PART III
Networking and Security
11 TCP/IP for System Administrators . . . . . . . . . . . . . . . . . . . 287
The Layers .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Packets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
TCP/IP Model and the OSI Model . . . . . . . . . . . . . . . . . . . . . 291
Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Ethernet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
IP (IPv4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
UDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303
A Complete TCP Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Opening a Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Transferring Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
Closing the Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
How ARP Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
The ARP Header: ARP Works with
Other Protocols, Too! .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Bringing IP Networks Together .. . . . . . . . . . . . . . . . . . . . . . . . . . 310
Hosts and Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Subnetting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Netmasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312
Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Dynamic Routing with RIP .. . . . . . . . . . . . . . . . . . . . . . . . . . 315
tcpdump Bits and Bobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Reading and Writing Dumpfiles .. . . . . . . . . . . . . . . . . . . . . . 321
Capturing More or Less per Packet . . . . . . . . . . . . . . . . . . . . 322
Performance Impact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
Don’t Capture Your Own Network Traffic . . . . . . . . . . . . . . . 322
Troubleshooting Slow Name Resolution (DNS) Issues .. . . . . 323
IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
IPv6 Address Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
IPv6 Address Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
IPv6 Backward-Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 326
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
12 Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Modules and Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . 330
Network Device Configuration Utilities
(ip, ifconfig, and nmcli) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Sample Usage—ifconfig, ip, and nmcli .. . . . . . . . . . . . . . . . . 334
Setting Up NICs at Boot Time .. . . . . . . . . . . . . . . . . . . . . . . . 339
Managing Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343
Sample Usage: Route Configuration .. . . . . . . . . . . . . . . . . . . 343
Displaying Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
A Simple Linux Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Routing with Static Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
00-FM.indd 13 20/11/15 10:04 AM

How Linux Chooses an IP Address .. . . . . . . . . . . . . . . . . . . . . . . 351

Hostname Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
13 Linux Firewall (Netfilter) . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

How Netfilter Works .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356
A NAT Primer .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
NAT-Friendly Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Chains .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Installing Netfilter .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Enabling Netfilter in the Kernel . . . . . . . . . . . . . . . . . . . . . . . 365
Configuring Netfilter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Saving Your Netfilter Configuration .. . . . . . . . . . . . . . . . . . . 368
The iptables Command .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
firewalld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Cookbook Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
Simple NAT: iptables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
Simple NAT: nftables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Simple Firewall: iptables .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
14 Local Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

Common Sources of Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
SetUID Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389
Unnecessary Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
Picking the Right Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Nonhuman User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393
Limited Resources .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Mitigating Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
chroot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
AppArmor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Monitoring Your System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Logging .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Using ps and netstat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Using df . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402
Automated Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Mailing Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
15 Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

TCP/IP and Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
The Importance of Port Numbers . . . . . . . . . . . . . . . . . . . . . . 406
Tracking Services .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Using the netstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Security Implications of netstat’s Output . . . . . . . . . . . . . . . . 408
00-FM.indd 14 20/11/15 10:04 AM

Binding to an Interface . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 409

Shutting Down Services . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 410
Shutting Down xinetd and inetd Services .. . . . . . . . . . . . . . 411
Shutting Down Non-xinetd Services . . . ... . . . . . . . . . . . . . 412
Monitoring Your System . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 412
Making the Best Use of syslog . . . . . . . . ... . . . . . . . . . . . . . 413
Monitoring Bandwidth with MRTG . . . . ... . . . . . . . . . . . . . 414
Handling Attacks . . . . . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 414
Trust Nothing (and No One) .. . . . . . . . . ... . . . . . . . . . . . . . 414
Change Your Passwords . . . . . . . . . . . . . ... . . . . . . . . . . . . . 415
Pull the Plug . . . . . . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 415
Network Security Tools .. . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 415
nmap .. . . . . . . . . . . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 416
Snort . . . . . . . . . . . . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 416
Nessus . . . . . . . . . . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 416
Wireshark/tcpdump .. . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 417
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 417
PART IV
Internet Services
16 Domain Name System (DNS) . . . . . . . . . . . . . . . . . . . . . . . 421
The Hosts File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422
How DNS Works .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Domain and Host Naming Conventions . . . . . . . . . . . . . . . . 423
The Root Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424
Subdomains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
The in-addr.arpa Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
Types of Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428
Installing a DNS Server .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430
Understanding the BIND Configuration File . . . . . . . . . . . . . 432
The Specifics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Configuring a DNS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
Defining a Primary Zone in the named.conf File . . . . . . . . . . 435
Defining a Secondary Zone in the named.conf File . . . . . . . . 437
Defining a Caching Zone in the named.conf File . . . . . . . . . . 437
DNS Records Types .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
SOA: Start of Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438
NS: Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
A: Address Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
PTR: Pointer Record . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440
MX: Mail Exchanger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
CNAME: Canonical Name . . . . . . . . . . . . . . . . . . . . . . . . . . . 442
RP and TXT: The Documentation Entries . . . . . . . . . . . . . . . . 442
Setting Up BIND Database Files . . . . . . . . . . . . . . . . . . . . . . . . . . 443
DNS Server Setup Walk-Through . . . . . . . . . . . . . . . . . . . . . . 444
00-FM.indd 15 20/11/15 10:04 AM

The DNS Toolbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449
dig .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
nslookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451
whois . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
nsupdate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
The rndc Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Configuring DNS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
The Resolver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
Configuring the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457
17 File Transfer Protocol (FTP) . . . . . . . . . . . . . . . . . . . . . . . . . 459

The Mechanics of FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Client/Server Interactions . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
Obtaining and Installing vsftpd . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Configuring vsftpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462
Starting and Testing the FTP Server . . . . . . . . . . . . . . . . . . . . 467
Customizing the FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470
Setting Up an Anonymous-Only FTP Server . . . . . . . . . . . . . 471
Setting Up an FTP Server with Virtual Users . . . . . . . . . . . . . 472
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
18 Apache Web Server .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Understanding HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Headers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Process Ownership and Security . . . . . . . . . . . . . . . . . . . . . . 482
Installing the Apache HTTP Server .. . . . . . . . . . . . . . . . . . . . . . . 483
Apache Modules .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485
Starting Up and Shutting Down Apache .. . . . . . . . . . . . . . . . . . . 486
Starting Apache at Boot Time . . . . . . . . . . . . . . . . . . . . . . . . . 487
Testing Your Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488
Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Creating a Simple Root-Level Page . . . . . . . . . . . . . . . . . . . . 489
Apache Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . 489
Common Configuration Options . . . . . . . . . . . . . . . . . . . . . . 490
Troubleshooting Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498
19 Simple Mail Transfer Protocol (SMTP) . . . . . . . . . . . . . . . . 499

Understanding SMTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Rudimentary SMTP Details . . . . . . . . . . . . . . . . . . . . . . . . . . 500
Security Implications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Email Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502
Installing the Postfix Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Installing Postfix via RPM in Fedora . . . . . . . . . . . . . . . . . . . 503
00-FM.indd 16 20/11/15 10:04 AM

Installing Postfix via APT in Ubuntu . . . . . . . . . . . . . . . . . . . 504

Installing Postfix from Source Code . . . . . . . . . . . . . . . . . . . . 505
Configuring the Postfix Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
The main.cf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
Checking Your Configuration .. . . . . . . . . . . . . . . . . . . . . . . . 509
Running the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Checking the Mail Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510
Flushing the Mail Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
The newaliases Command . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Making Sure Everything Works . . . . . . . . . . . . . . . . . . . . . . . 511
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
20 Post Office Protocol and Internet Mail Access

Protocol (POP and IMAP) .. . . . . . . . . . . . . . . . . . . . . . . . 513
POP3 and IMAP Protocol Basics . . . . . . . . . . . . . . . . . . . . . . . . . . 516
Dovecot (IMAP and POP3 Server) . . . . . . . . . . . . . . . . . . . . . . . . 517
Installing Dovecot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Dovecot Configuration Files and Options . . . . . . . . . . . . . . . 519
Configuring Dovecot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520
Running Dovecot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Checking Basic POP3 Functionality . . . . . . . . . . . . . . . . . . . . 527
Checking Basic IMAP Functionality . . . . . . . . . . . . . . . . . . . . 527
Other Issues with Mail Services . . . . . . . . . . . . . . . . . . . . . . . . . . 529
SSL Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Availability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
21 Voice over Internet Protocol (VoIP) . . . . . . . . . . . . . . . . . . . 535

VoIP Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536
VoIP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
Analog Telephone Adapter (ATA) . . . . . . . . . . . . . . . . . . . . . 537
IP Phones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537
VoIP Protocols .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
VoIP Implementations .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
Asterisk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
How Asterisk Works .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Asterisk Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
Starting and Stopping Asterisk .. . . . . . . . . . . . . . . . . . . . . . . 544
Understanding Asterisk Configuration Files and Structure . . . . . 545
SIP Channel Config: sip.conf . . . . . . . . . . . . . . . . . . . . . . . . . 545
The Dialplan: extensions.conf .. . . . . . . . . . . . . . . . . . . . . . . . 550
Modules: modules.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Asterisk Network, Port, and Firewall Requirements . . . . . . . . . . 555
Configuring the Local Firewall for Asterisk . . . . . . . . . . . . . . 556
Configuring the PBX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557
Local Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 558
Outside Connection—(VoIP Trunking) .. . . . . . . . . . . . . . . . . 565
Trunking Using Google Voice . . . . . . . . . . . . . . . . . . . . . . . . . 566
00-FM.indd 17 20/11/15 10:04 AM

Asterisk Maintenance and Troubleshooting . . . . . . . . . . . . . . . . . 576

Asterisk CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
Helpful CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 576
Common Issues with VoIP . . . . . . . . . . . . . . . . . . . . . . . . . . . 577
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
22 Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581

Understanding Public Key Cryptography . . . . . . . . . . . . . . . . . . 582
Key Characteristics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
Cryptography References . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Understanding SSH Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
OpenSSH and OpenBSD .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
Alternative Vendors for SSH Clients . . . . . . . . . . . . . . . . . . . 586
Installing OpenSSH via RPM in Fedora . . . . . . . . . . . . . . . . . 588
Installing OpenSSH via APT in Ubuntu . . . . . . . . . . . . . . . . . 588
Server Start-up and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
SSHD Configuration File .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592
Using OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Secure Shell (ssh) Client Program .. . . . . . . . . . . . . . . . . . . . . 593
Secure Copy (scp) Program . . . . . . . . . . . . . . . . . . . . . . . . . . 598
Secure FTP (sftp) Program . . . . . . . . . . . . . . . . . . . . . . . . . . . 598
Files Used by the OpenSSH Client . . . . . . . . . . . . . . . . . . . . . . . . 599
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
PART V
Intranet Services
23 Network File System (NFS) . . . . . . . . . . . . . . . . . . . . . . . . . 603
The Mechanics of NFS .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Versions of NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Security Considerations for NFS . . . . . . . . . . . . . . . . . . . . . . 606
Mount and Access a Partition . . . . . . . . . . . . . . . . . . . . . . . . . 606
Enabling NFS in Fedora, RHEL, and Centos . . . . . . . . . . . . . . . . 607
Enabling NFS in Ubuntu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
The Components of NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609
Kernel Support for NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
Configuring an NFS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
The /etc/exports Configuration File . . . . . . . . . . . . . . . . . . . 610
Configuring NFS Clients .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
The mount Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
Soft vs. Hard Mounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616
Cross-Mounting Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
The Importance of the intr Option . . . . . . . . . . . . . . . . . . . . . 617
Performance Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
Troubleshooting Client-Side NFS Issues . . . . . . . . . . . . . . . . . . . . 618
Stale File Handles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618
Permission Denied . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 618
00-FM.indd 18 20/11/15 10:04 AM

Sample NFS Client and NFS Server Configuration .. . . . . . . . . . . 619

Common Uses for NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
24 Samba . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
The Mechanics of SMB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624
Usernames and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . 624
Encrypted Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
Samba Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626
Installing Samba via RPM .. . . . . . . . . . . . . . . . . . . . . . . . . . . 627
Installing Samba via APT . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627
Samba Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629
Starting and Stopping Samba . . . . . . . . . . . . . . . . . . . . . . . . . 630
Creating a Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 630
Using smbclient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632
Mounting Remote Samba Shares . . . . . . . . . . . . . . . . . . . . . . . . . 635
Samba Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636
Creating Samba Users .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 637
Allowing Null Passwords .. . . . . . . . . . . . . . . . . . . . . . . . . . . 637
Changing Passwords with smbpasswd . . . . . . . . . . . . . . . . . 638
Using Samba to Authenticate Against a Windows Server .. . . . . . 638
winbindd Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639
Troubleshooting Samba .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642
25 Distributed File Systems (DFS) . . . . . . . . . . . . . . . . . . . . . . 643

DFS Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
DFS Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
GlusterFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654
26 Network Information Service (NIS) . . . . . . . . . . . . . . . . . . 655

Inside NIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656
The NIS Servers .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657
Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 658
Configuring the Master NIS Server .. . . . . . . . . . . . . . . . . . . . . . . 658
Establishing the Domain Name . . . . . . . . . . . . . . . . . . . . . . . 659
Starting NIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
Editing the Makefile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
Using ypinit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664
Configuring an NIS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
Install NIS Client-Side Package . . . . . . . . . . . . . . . . . . . . . . . 667
Editing the /etc/yp.conf File . . . . . . . . . . . . . . . . . . . . . . . . . 668
Enabling and Starting ypbind .. . . . . . . . . . . . . . . . . . . . . . . . 669
Editing the /etc/nsswitch.conf File . . . . . . . . . . . . . . . . . . . . . . . 669
NIS at Work .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672
Testing Your NIS Client Configuration . . . . . . . . . . . . . . . . . . 674
Configuring a Secondary NIS Server . . . . . . . . . . . . . . . . . . . . . . 674
Setting the Domain Name . . . . . . . . . . . . . . . . . . . . . . . . . . . 674
00-FM.indd 19 20/11/15 10:04 AM

Setting Up the NIS Master to Push to Slaves . . . . . . . . . . . . . 675

Running ypinit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675
NIS Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676
Using NIS in Configuration Files . . . . . . . . . . . . . . . . . . . . . . 677
Implementing NIS in a Real Network .. . . . . . . . . . . . . . . . . . . . . 678
A Small Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
A Segmented Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 678
Networks Bigger than Buildings . . . . . . . . . . . . . . . . . . . . . . 679
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
27 Lightweight Directory Access Protocol (LDAP) . . . . . . . . . 681

LDAP Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 682
LDAP Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
Client/Server Model .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684
Uses of LDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684
LDAP Terminology .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
OpenLDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
Server-Side Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 686
OpenLDAP Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 686
Installing OpenLDAP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687
Configuring OpenLDAP .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 688
Configuring slapd .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 690
Starting and Stopping slapd . . . . . . . . . . . . . . . . . . . . . . . . . . 693
Configuring OpenLDAP Clients . . . . . . . . . . . . . . . . . . . . . . . . . . 694
Creating Directory Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . 695
Searching, Querying, and Modifying the Directory . . . . . . . . . . . 697
Using OpenLDAP for User Authentication .. . . . . . . . . . . . . . . . . 698
Configuring the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699
Configuring the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702
28 Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
Printing Terminologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704
The CUPS System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Running CUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Installing CUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Configuring CUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 707
Adding Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708
Local Printers and Remote Printers . . . . . . . . . . . . . . . . . . . . 708
Using the Web Interface to Add a Printer . . . . . . . . . . . . . . . . 710
Using Command-Line Tools to Add a Printer . . . . . . . . . . . . 713
Routine CUPS Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 714
Setting the Default Printer . . . . . . . . . . . . . . . . . . . . . . . . . . . 714
Enabling, Disabling, and Deleting Printers . . . . . . . . . . . . . . 714
Accepting and Rejecting Print Jobs .. . . . . . . . . . . . . . . . . . . . 715
Managing Printing Privileges . . . . . . . . . . . . . . . . . . . . . . . . . 715
Managing Printers via the Web Interface . . . . . . . . . . . . . . . . 716
Using Client-Side Printing Tools . . . . . . . . . . . . . . . . . . . . . . . . . . 717
lpr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 717
00-FM.indd 20 20/11/15 10:04 AM

lpq .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
lprm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719
29 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . 721

The Mechanics of DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722
The DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 723
Installing DHCP Software via RPM . . . . . . . . . . . . . . . . . . . . 723
Installing DHCP Software via APT in Ubuntu . . . . . . . . . . . . 724
Configuring the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . 725
A Sample dhcpd.conf File .. . . . . . . . . . . . . . . . . . . . . . . . . . . 731
The DHCP Client Daemon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Configuring the DHCP Client . . . . . . . . . . . . . . . . . . . . . . . . 733
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734
30 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735
Why Virtualize? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
Virtualization Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
Virtualization Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . 738
Hyper-V . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 738
Kernel-Based Virtual Machine (KVM) . . . . . . . . . . . . . . . . . . 738
QEMU .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
User-Mode Linux (UML) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
VirtualBox .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
VMware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
Xen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
KVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
KVM Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741
Managing KVM Virtual Machines . . . . . . . . . . . . . . . . . . . . . 744
Setting Up KVM in Ubuntu/Debian .. . . . . . . . . . . . . . . . . . . . . . 745
Containers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 748
Containers vs. Virtual Machines . . . . . . . . . . . . . . . . . . . . . . . 749
Docker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753
31 Backups .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 755
Evaluating Your Backup Needs .. . . . . . . . . . . . . . . . . . . . . . . . . . 756
Amount of Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756
Backup Hardware and Backup Medium . . . . . . . . . . . . . . . . 757
Network Throughput . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 758
Speed and Ease of Data Recovery .. . . . . . . . . . . . . . . . . . . . . 759
Data Deduplication .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 759
Tape Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 760
Command-Line Backup Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763
dump and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764
tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768
rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769
Miscellaneous Backup Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . 769
Summary .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 770
00-FM.indd 21 20/11/15 10:04 AM

PART VI
Appendixes
A Creating a Linux Installer on Flash/USB Devices . . . . . . . . 773
Creating a Linux Installer on
Flash/USB Devices (via Linux OS) . . . . . . . . . . . . . . . . . . . . . . 774
Creating a Linux Installer on Flash/
USB Devices (via Microsoft Windows) . . . . . . . . . . . . . . . . . . . 776
Fedora Installer Using Live USB Creator on Windows .. . . . . 777
Ubuntu Installer Using UNetbootin on Windows . . . . . . . . . 779
OpenSUSE Installer Using Pendrivelinux.com’s
Universal USB Installer on Windows . . . . . . . . . . . . . . . . . 781
B Demo Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785

Basic Host System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 787
Installing the Virtualization Applications and Utilities .. . . . . . . . 788
Download and Prep the Demo VM Image File . . . . . . . . . . . . . . . 789
Import the Demo VM Image and
Create a New VM Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791
Managing the Demo Virtual Machine . . . . . . . . . . . . . . . . . . 791
Connecting to the Demo VM .. . . . . . . . . . . . . . . . . . . . . . . . . . . . 794
Virtual Network Computing (VNC) .. . . . . . . . . . . . . . . . . . . 794
Connecting via SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 796
Virtual Serial TTY Console . . . . . . . . . . . . . . . . . . . . . . . . . . . 797
Cockpit Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798
Just Use It! .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801
Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803
00-FM.indd 22 20/11/15 10:04 AM

Introduction
O
n October 5, 1991, Linus Torvalds posted this message to the news-group
comp.os.minix:
Do you pine for the nice days of minix-1.1, when men were men
and wrote their own device drivers? Are you without a nice
project and just dying to cut your teeth on an OS you can try
to modify for your needs? Are you finding it frustrating when
everything works on minix? No more all-nighters to get a nifty
program working? Then this post might be just for you :-)
Linus went on to introduce the first cut of Linux to the world. Unbeknown to
him, he had unleashed what was to become one of the world’s most popular and
disruptive operating systems. More than 24 years later, an entire industry has
grown up around Linux. And, chances are, you’ve probably already used it (or
benefitted from it) in one form or another!
Who Should Read This Book

A part of the title of this book reads “A Beginner’s Guide”; this is mostly apt.
But what the title should say is “A Beginner to Linux Administration Guide,”
because we do make a few assumptions about you, the reader. (And we
jolly well couldn’t use that title because it was such a mouthful and not sexy
enough.) We assume that you are already familiar with Microsoft Windows
servers (or other operating systems, but we’ll assume Windows for the sake of
discussion) at a “power user” level or better. We assume that you are familiar
with the terms (and some concepts) necessary to run a small- to medium-sized
network of computers. Any experience with bigger networks or advanced
Windows technologies, such as Active Directory, will allow you to get more
from the book but is not required.
xxv
00-FM.indd 25 20/11/15 10:04 AM

xxvi Linux Administration: A Beginner’s Guide
We make these assumptions because we did not want to write a guide for
dummies. There are already enough books on the market that tell you what to
click without telling you why; this book is not meant to be among those ranks.
In addition to your Windows background, we assume that you’re interested
in having more information about the topics here than the material we have
written alone. After all, we’ve spent only 30 to 35 pages on topics that have
entire books devoted to them! For this reason, we have scattered references to
other resources throughout the chapters. We urge you to take advantage of these
recommendations.
We believe that seasoned Linux system administrators can also benefit from
this book because it can serve as a quick how-to cookbook on various topics that
might not be the seasoned reader’s strong points. We understand that system
administrators generally have aspects of system administration that they like
or loath a lot. For example, making backups is not one of our favorite aspects of
system administration, and this is reflected in the half a page we’ve dedicated to
backups. (Just kidding, there’s an entire chapter on the topic.)
What’s in This Book?

Linux Administration: A Beginner’s Guide, Seventh Edition comprises six parts.
Part I: Introduction, Installation, and Software Management

Part I includes four chapters (Chapter 1, “Technical Summary of Linux
Distributions”; Chapter 2, “Installing Linux in a Server Configuration”; Chapter 3,
“The Command Line” ; and Chapter 4, “Managing Software”). The first two
chapters provide you with a nice overview of what Linux is, how it compares
to Windows in several key areas, and how to install server-grade Fedora and
Ubuntu Linux distributions.
Chapter 3, “The Command Line,” begins covering the basics of working with
the Linux command-line interface (CLI) so that you can become comfortable
working without a GUI. Although it is possible to administer a system from
within the graphical desktop, your greatest power comes from being comfortable
with both the CLI and the GUI. (This is true for Windows, too. Don’t believe that?
Open a command prompt, run netsh, and try to do what netsh does in the GUI.)
Part I ends with a chapter on how to install software from prepackaged
binaries and source code, as well as how to perform standard software
management tasks.
Ideally, the information in Part I should be enough information to get you
started and help you draw parallels to how Linux works based on your existing
knowledge of other operating systems. Some of the server installation and
software installation tasks performed in Part I help serve as a reference point for
some other parts of the book.
00-FM.indd 26 20/11/15 10:04 AM

Introduction xxvii
Part II: Single-Host Administration

Part II covers the material necessary to manage what we call a “stand-alone”
system, a system that does not require or provide any services to other systems
on the network. Although the notion of a server not serving anything might
seem counterintuitive at first, it is the foundation on which many other concepts
are built, and it will come in handy for your understanding of network-based
services later on.
Part II comprises six chapters. Chapter 5, “Managing Users and Groups,”
covers the underlying basics of user and group concepts on Linux platforms, as
well as day-to-day management tasks of adding and removing users and groups.
The chapter also introduces the basic concepts of multiuser operation and the
Linux permissions model.
Chapter 6, “Booting and Shutting Down,” documents the entire booting and
shutting down processes. This chapter includes details on how to start up services
properly and shut them down properly. You’ll learn how to add new services
manually, which will also come in handy later on in the book.
Chapter 7, “File Systems,” continues with the basics of file systems—their
organization, creation, and, most important, their management.
The basics of operation continue in Chapter 8, “Core System Services,” with
coverage of basic tools such as xinetd, upstart, rsyslog, cron, systemd,
journald, and so on. xinetd is the Linux equivalent of Windows’ svchost,
and rsyslog manages logging for all applications in a unified framework. You
might think of rsyslog and journald as more flexible versions of the Windows
Event Viewer.
Kernel coverage in Chapter 9, “The Linux Kernel,” documents the process
of configuring, compiling, and installing your own custom kernel in Linux. This
capability is one of the points that gives Linux administrators an extraordinary
amount of fine-grained control over how their systems operate.
Chapter 10, “Knobs and Dials: Virtual File Systems,” covers some kernel-level
tweaking through the /proc and /sys file systems. The ability to view and modify
certain kernel-level configuration and runtime variables through /proc and /sys,
as shown in this chapter, gives administrators almost infinite kernel fine-tuning
possibilities. When applied properly, this ability amounts to an arguably better
and easier way to tweak the kernel than is afforded by Windows platforms.
Part III: Networking and Security

Part III begins our journey into the world of networking and security. We are
not quite sure why we combined these two things together under the same
part, but if forced to justify this, we would say that “the network is the root of
most evils and therefore it needs to be secured.” Moving right along; with the
ongoing importance of security on the Internet, as well as compliance issues with
Sarbanes-Oxley (SOX) and the Health Insurance Portability and Accountability Act
(HIPAA), the use of Linux in scenarios that require high security is unprecedented.
00-FM.indd 27 20/11/15 10:04 AM

xxviii Linux Administration: A Beginner’s Guide
We deliberately decided to cover security before introducing network-based

services (Parts IV and V) so that we could touch on some essential security best
practices that can help in protecting your network-based services from attacks.
This section kicks off with Chapter 11, “TCP/IP for System Administrators,”
which provides a detailed overview of TCP/IP in the context of what system
(and/or network) administrators need to know. The chapter provides a lot of detail
on how to use troubleshooting tools such as tcpdump to capture packets and read
them back, as well as a step-by-step analysis of how TCP connections work. These
tools should enable you to troubleshoot network peculiarities effectively.
Chapter 12, “Network Configuration,” returns to administration issues by
focusing on basic network configuration (for both IPv4 and IPv6). This includes
setting up IP addresses, routing entries, and so on. We extend past the basics in
Chapter 13, “Linux Firewall (Netfilter),” by delving into advanced networking
concepts and showing you how to build a Linux-based firewall and router. We
touch on the new nftables project, which is slated to replace the existing and
popular iptables framework.
Chapter 14, “Local Security,” and Chapter 15, “Network Security,” discuss
aspects of system and network security in detail. They include Linux-specific
issues as well as general security tips and tricks and commonsensical stuff so that
you can better configure your system and protect it against attacks.
Part IV: Internet Services

The remainder of the book is divided into two distinct parts: “Internet Services”
and “Intranet Services.” Although they sound similar, they are different—
InTER(net) and InTRA(net). We define Internet services as those running on
a Linux system exposed directly to the Internet. Examples include web and
Domain Name System (DNS) services. We define intranet services as those that
are typically run behind a firewall for internal users and mostly for internal
consumption only.
This section starts off with Chapter 16, “Domain Name System (DNS),” which
covers the information you need to know to install, configure, and manage a DNS
server. In addition to the actual details of running a DNS server, we provide a
detailed background on how DNS works and several troubleshooting tips, tricks,
and tools.
From DNS, we move on to Chapter 17, “File Transfer Protocol (FTP),” which
covers the installation and care of FTP servers. Like the DNS chapter, this chapter
also includes a background on FTP itself and some notes on its evolution.
Chapter 18, “Apache Web Server,” moves on to what may be considered one
of the most popular uses of Linux today: running a web server with the popular
Apache software. This chapter covers the information necessary to install,
configure, and manage the Apache web server.
Chapter 19, “Simple Mail Transfer Protocol (SMTP),” and Chapter 20, “Post
Office Protocol and Internet Mail Access Protocol (POP and IMAP),” dive into
e-mail through the setup and configuration of SMTP, POP, and IMAP servers.
00-FM.indd 28 20/11/15 10:04 AM

Introduction xxix
We cover the information needed to configure all three, as well as show how
they interact with one another. We have chosen to cover the Postfix SMTP server
instead of the classic Sendmail server, because Postfix provides a more flexible
server with a better security record.
Chapter 21, “Voice over Internet Protocol (VoIP),” is an all new contribution
and addition to this edition. A lot of work and effort went into brewing and
distilling the very extensive topic of VoIP into just over 50 pages of this chapter.
We think it was well worth it, and at the end of this chapter we build a simple
VoIP-based PBX based on Asterisk software that can easily be extended to replace
commercial-grade PBX solutions, make phone calls among local extensions, or
interface with third-party VoIP providers to interface with the rest of the world.
Part IV ends with Chapter 22, “Secure Shell (SSH).” Knowing how to set
up and manage the SSH service is useful in almost any server environment—
regardless of the server’s primary function.
Part V: Intranet Services

Again, we define intranet services as those that are typically run behind a
firewall for internal users and mostly for internal consumption only. Even in this
environment, Linux has a lot to offer. Part V starts off with Chapter 23, “Network
File System (NFS).” NFS has been around for over 26 years now and has evolved
and grown to fit the needs of its users quite well. This chapter covers Linux’s NFS
server capabilities, including how to set up both clients and servers, as well as
troubleshooting.
Chapter 24, “Samba,” continues the idea of sharing disks and resources with
coverage of the Samba service. Using Samba, administrators can share disks and
printing facilities and provide authentication for Windows (and Linux) users
without having to install any special client software. Thus, Linux can become
an effective server, able to support and share resources between UNIX/Linux
systems as well as Windows systems. If you are into that sort of thing, Samba
can even be configured to serve as a drop-in replacement for full-fledged Active
Directory Microsoft Windows servers! Including Chapter 25, “Distributed File
Systems (DFS),” in Part V instead of Part IV came down to a coin toss, because
DFS can be used/deployed in both Internet- and intranet-facing scenarios. DFS
solutions are especially important and relevant in today’s cloud-centric world.
Among the many DFS implementations available, we have selected to cover
GlusterFS because of its ease of configuration and cross-distribution support.
In Chapter 26, “Network Information Service (NIS),” we talk about NIS, which
is typically deployed alongside NFS servers to provide a central naming service for
all users within a network. The chapter pays special attention to scaling issues and
how you can make NIS work in an environment with a large user base.
We revisit directory services in Chapter 27, “Lightweight Directory Access
Protocol (LDAP),” with coverage of LDAP and how administrators can use this
standard service for providing a centralized user database (directory) for use
among heterogeneous operating systems and also for managing tons of users.
00-FM.indd 29 20/11/15 10:04 AM

xxx Linux Administration: A Beginner’s Guide
Chapter 28, “Printing,” takes a tour of the Linux printing subsystem. The
printing subsystem, when combined with Samba, allows administrators to
support seamless printing from Windows-based clients. The result is a powerful
way of centralizing printing options for Linux, Windows, and even Mac OS X
users on a single server.
Chapter 29, “Dynamic Host Configuration Protocol (DHCP),” covers another
common use of Linux systems: DHCP servers. This chapter discusses how to
deploy the Internet Systems Consortium (ISC) DHCP server, which offers a
powerful array of features and access control options.
Then comes Chapter 30, “Virtualization.” Over several months, we agonized
and struggled over what title to use for this chapter, because we cover both
virtualization and containers (containerization). We ended up naming the chapter
simply “Virtualization” because we are not even sure if containerization is a
word. (Our copy editor Bill McManus says it is a word in the shipping industry!)
Virtualization is everywhere. It allows companies to consolidate services and
hardware that previously required several dedicated bare-metal machines into
much fewer bare-metal machines. We discuss the basic virtualization concepts
and briefly cover some of the popular virtualization technologies in Linux. The
chapter also covers the Kernel-based Virtual Machine (KVM) implementation in
detail, with examples. The KVM concepts that we discuss will help prepare you
for the brand-new goodies that we have in store for you in Appendix B. The tail
end of Chapter 30 features containers. The concepts behind containers are old but
new again. Like virtualization, containers are everywhere … and probably here to
stay. We use the popular Docker platform for our container implementation and
walk you through the process of how to deploy a web server container-style!
They say that all good things must come to an end, and that even applies to
this book! The final chapter is Chapter 31, “Backups.” Backups are arguably one
of the most critical pieces of administration. Linux-based systems support several
methods of providing backups that are easy to use and readily usable by tape
drives and other media. The chapter discusses some of the methods and explains
how they can be used as part of a backup schedule. In addition to the mechanics
of backups, we discuss general backup design and how you can optimize your
backup system.
Part VI: Appendixes

At the end of the book, we include some useful reference materials and real-
world resources that you can use today and every day at work, at home, in the
classroom, or in the lab.
Appendix A, “Creating a Linux Installer on Flash/USB Devices,” details
alternate and generic methods for creating an installation media on non-optical
media, such as a USB flash drive, SD card, and so on.
Appendix B is another brand-new addition to this book. It covers one of the
new features that we’ve added to this seventh edition: how to obtain and use a
00-FM.indd 30 20/11/15 10:04 AM

Introduction xxxi
purpose-built virtual machine (VM) image file that we created especially for you
as an accompaniment to this book. Once you power up the VM, you’ll see most of
the commands, scripts, software packages, hacks, and servers/daemons that we
discuss throughout this book. If you look carefully, you might even find some of
our very own sys admin mistakes enshrined in this VM.
Typographic Conventions
We were very ambitious in aiming for this book to be the one-stop Linux
administration resource for many of the mainstream Linux distros. But we didn’t
stop there! We also wanted to reflect the subtle nuances and idiosyncrasies that
sometimes exist between mainstream distros. To help with this, we had to adopt
some unique conventions throughout this book. Some of these conventions
appear in code listings, commands, command output, and command prompts.
Commands that are meant to be typed out by the reader are in bold Courier
font. For example:
command --options foobar
The output of commands is in plain Courier font:
This is a sample output
When we intend to reference or explain the output of commands that span

multiple lines, we may sometimes number the output of such commands (also in
Courier font). For example:
1. This is line 1 of a sample command output

2. This is line 2 of a sample command output
Some Linux commands and their options and output can be rather long. For
these situations we place the backslash symbol (\) at the end of each line (except
the final line) to indicate that the command spans multiple lines. For example,
for a command with multiple options that spans multiple lines, we would show
this as
command --option1 foobar1 --option2 foobar2 \

--option3 foobar3 --option4 foobar4 --option4 foobar4 \
--option5 foobar5
For distribution-independent commands, the command prompt will not have

any particular distribution name. For example:
[root@server ~]#
00-FM.indd 31 20/11/15 10:04 AM

xxxii Linux Administration: A Beginner’s Guide
For commands that target a specific Linux distribution, the command prompt
will incorporate the distribution name. For example, for a Fedora-based server,
the command prompt will resemble
[root@fedora-server ~]#
And for an Ubuntu-based server, the command prompt will resemble
root@ubuntu-server: ~#
Debian-based distros such as Ubuntu often do not directly use the superuser
(root) or administrator account for administering the system. Regular user
accounts with elevated privileges are used for this purpose. To achieve this,
most commands are often prefixed with the sudo command on such platforms.
Consider a regular user named “master” with sudo privileges who wants to run
a restricted command. The command prompt and command prefixed with sudo
will resemble
master@ubuntu-server:~$ sudo command --options
For projects or exercises that are meant to be run from a client system, the
command prompt might appear as
user@client ~$
For projects or exercises that are best suited for multi-server scenarios, when
you absolutely need more than one server, the command prompt will change
to reflect the steps or commands to be executed on the particular server. For
example, the prompt for the first server (Server-A) might resemble
[root@server-A ~]#
and the prompt for the second server (Server-B) might resemble
[root@server-B ~]#
Updates and Feedback

Although we hope that we’ve published a book with no errors, we have set up an
errata list for this book at www.linuxserverexperts.com. If you find any errors, we
welcome your submissions for errata updates. We also welcome your feedback
and comments. Unfortunately, our day jobs prevent us from answering detailed
questions, so if you’re looking for help on a specific issue, you may find one of
the many online communities a useful resource. However, if you have two cents
to share about the book, we welcome your thoughts. You can send us an e-mail to
feedback@linuxserverexperts.com.
00-FM.indd 32 20/11/15 10:04 AM

Introduction, Installation,
PART I and Software Management
01-ch01.indd 1 19/11/15 3:33 PM

Technical Summary of
CHAPTER 1 Linux Distributions
01-ch01.indd 3 19/11/15 3:33 PM

NPL_2010 / Linux Administration: A Beginner’s Guide, Seventh Edition / Wale Soyinka / 536-4 / Chapter 1
4 Linux Administration: A Beginner’s Guide
L
inux has hit the mainstream. Hardly a day goes by without a mention of Linux
(or open source software) in widely read and viewed print or digital media.
What was only a hacker’s toy many eons ago has grown up tremendously and is
well known for its stability, performance, and extensibility.
If you need more proof concerning Linux’s penetration, just pay attention to the
frequency with which “Linux” is listed as a desirable and must have skill for technology-
related job postings of Fortune 500 companies, small to medium-sized businesses, tech
start-ups, and government, research, and entertainment industry jobs—to mention a
few. The skills of good Linux system administrators and engineers are highly desirable!
With the innovations that are taking place in different open source projects
(such as K Desktop Environment, GNOME, Unity, LibreOffice, Android, Apache,
Samba, Mozilla, and so on), Linux has made serious inroads into consumer desktop,
laptop, tablet, and mobile markets. This chapter looks at some of the core server-side
technologies as they are implemented in the Linux (open source) world and in the
Microsoft Windows Server world (possibly the platform you are more familiar with).
But before delving into any technicalities, this chapter briefly discusses some important
underlying concepts and ideas that form the genetic makeup of Linux and Free and
Open Source Software (FOSS).
Linux: The Operating System

Some people (mis)understand Linux to be an entire software suite of developer tools,
editors, graphical user interfaces (GUIs), networking tools, and so forth. More formally
and correctly, such software collectively is called a distribution, or distro. The distro is the
entire software suite that makes Linux useful.
So if we consider a distribution everything you need for Linux, what then is Linux
exactly? Linux itself is the core of the operating system: the kernel. The kernel is the
program acting as chief of operations. It is responsible for starting and stopping other
programs (such as text editors, web browsers, services, and so on), handling requests
for memory, accessing disks, and managing network connections. The complete
list of kernel activities could easily fill a chapter in itself, and, in fact, several books
documenting the kernel’s internal functions have been written.
The kernel is a nontrivial program. It is also what puts the Linux badge on all the
numerous Linux distributions. All distributions use essentially the same kernel, so the
fundamental behavior of all Linux distributions is the same.
You’ve most likely heard of the Linux distributions named Red Hat Enterprise
Linux (RHEL), Fedora, Debian, Mageia, Ubuntu, Mint, openSUSE, CentOS, Arch,
Chrome OS, Slackware, and so on, which have received a great deal of press.
Linux distributions can be broadly categorized into two groups. The first category
includes the purely commercial distros, and the second includes the noncommercial
distros. The commercial distros generally offer support for their distribution—at a
cost. The commercial distros also tend to have a longer release life cycle. Examples of
commercial flavors of Linux-based distros are RHEL and SUSE Linux Enterprise (SLE).
01-ch01.indd 4 19/11/15 3:33 PM

CHAPTER 1 Technical Summary of Linux Distributions 5
The noncommercial distros, on the other hand, are free. These distros try to
adhere to the original spirit of the open source software movement. They are mostly
community supported and maintained—the community consists of the users and
developers. The community support and enthusiasm can sometimes supersede that
provided by the commercial offerings.
Several of the so-called noncommercial distros also have the backing and support of
their commercial counterparts. The companies that offer the purely commercial flavors
have vested interests in making sure that free distros exist. Some of the companies
use the free distros as the proofing and testing ground for software that ends up in
the commercial spins. Examples of noncommercial flavors of Linux-based distros are
Fedora, openSUSE, Ubuntu, Linux Mint, Gentoo, and Debian. Linux distros such as
Gentoo might be less well known and have not reached the same scale of popularity
as Fedora, openSUSE, and others, but they are out there and in active use by their
respective (and dedicated) communities.
What’s interesting about the commercial Linux distributions is that most of the
programs with which they ship were not written by the companies themselves.
Rather, other people have released their programs with licenses, allowing their
redistribution with source code. By and large, these programs are also available on
other variants of UNIX, and some of them are becoming available under Windows
as well. The makers of the distribution simply bundle them into one convenient and
cohesive package that’s easy to install. In addition to bundling existing software,
several of the distribution makers also develop value-added tools that make
their distribution easier to administer or compatible with more hardware, but the
software that they ship is generally written by others. To meet certain regulatory
requirements, some commercial distros try to incorporate/implement more specific
security requirements that the FOSS community might not care about but that some
institutions/corporations do care about.
Open Source Software and GNU: Overview

In the early 1980s, Richard Matthew Stallman began a movement within the software
industry. He preached (and still does) that software should be free. Note that by free,
he doesn’t mean in terms of price, but rather free in the same sense as freedom or libre.
This means shipping not just a product, but the entire source code as well. To clarify the
meaning of free software, Stallman was once famously quoted as saying:
“ Free software” is a matter of liberty, not price. To understand the concept, you should think
of “free” as in “free speech,” not as in “free beer.”
Stallman’s position was, somewhat ironically, a return to classic computing, when
software was freely shared among hobbyists on small computers and provided as part
of the hardware by mainframe and minicomputer vendors. It was not until the late
01-ch01.indd 5 19/11/15 3:33 PM

1960s that IBM considered selling application software. Through the 1950s and most of
the 1960s, IBM considered software as merely a tool for enabling the sale of hardware.
This return to openness was a wild departure from the early 1980s convention of
selling prepackaged software, but Stallman’s concept of open source software was
in line with the initial distributions of UNIX from Bell Labs. Early UNIX systems did
contain full source code. Yet by the late 1970s, source code was typically removed from
UNIX distributions and could be acquired only by paying large sums of money to
AT&T (now SBC). The Berkeley Software Distribution (BSD) maintained a free version,
but its commercial counterpart, BSDi, had to deal with many lawsuits from AT&T until
it could be proved that nothing in the BSD kernel came from AT&T.
Kernel Differences
Each company that sells a Linux distribution of its own will be quick to tell
you that its kernel is better than the others. How can a company make this
claim? The answer comes from the fact that each company maintains its own
patch set. To make sure that the kernels largely stay in sync, most companies
do adopt patches that are posted on www.kernel.org, the “Linux Kernel
Archives.” Vendors, however, typically do not track the release of every
single kernel version that is released onto www.kernel.org. Instead, they take
a foundation, apply their custom patches to it, run the kernel through their
quality assurance (QA) process, and then take it to production. This helps
organizations have confidence that their kernels have been sufficiently baked,
thus mitigating any perceived risk of running open source–based operating
systems.
The only exception to this rule revolves around security issues. If a security
issue is found with a version of the Linux kernel, vendors are quick to adopt the
necessary patches to fix the problem immediately. A new release of the kernel
with the fixes is often made within a short time (commonly less than 24 hours)
so that administrators who install it can be sure their installations are secure.
Thankfully, exploits against the kernel itself are rare.
So if each vendor maintains its own patch set, what exactly is it patching?
This answer varies from vendor to vendor, depending on each vendor’s target
market. Red Hat, for instance, is largely focused on providing enterprise-grade
reliability and solid efficiency for application servers. This might be different
from the mission of the Fedora team, which is more interested in trying new
technologies quickly, and even more different from the approach of a vendor
that is trying to put together a desktop-oriented or multimedia-focused Linux
system.
What separates one distribution from the next are the value-added tools
that come with each one. Asking, “Which distribution is better?” is much like
asking, “Which is better, Coke or Pepsi?” Almost all colas have the same basic
01-ch01.indd 6 19/11/15 3:33 PM

ingredients—carbonated water, caffeine, and high-fructose corn syrup—thereby

giving the similar effect of quenching thirst and bringing on a small caffeine-and-
sugar buzz. In the end, it’s a question of requirements: Do you need commercial
support? Did your application vendor recommend one distribution over
another? Does the software (package) updating infrastructure suit your site’s
administrative style better than another distribution? When you review your
requirements, you’ll find that there is likely a distribution that is geared toward
your exact needs.
The idea of giving away source code is a simple one: A user of the software should
never be forced to deal with a developer who might or might not support that user’s
intentions for the software. The user should never have to wait for bug fixes to be
published. More important, code developed under the scrutiny of other programmers
is typically of higher quality than code written behind locked doors. One of the great
benefits of open source software comes from the users themselves: Should they need a
new feature, they can add it to the original program and then contribute it back to the
source so that everyone else can benefit from it.
This line of thinking sprung a desire to release a complete UNIX-like system (Linux)
to the public, free of license restrictions. Of course, before you can build any operating
system, you need to build tools. And this is how the GNU project and its namesake
license were born.
NOTE GNU stands for GNU’s Not UNIX—recursive acronyms are part of hacker
humor. If you don’t understand why it’s funny, don’t worry. You’re still in the majority.
The GNU Public License

An important thing to emerge from the GNU project is the GNU Public License (GPL).
This license explicitly states that the software being released is free and that no one
can ever take away these freedoms. It is acceptable to take the software and resell it,
even for a profit; however, in this resale, the seller must release the full source code,
including any changes. Because the resold package remains under the GPL, the
package can be distributed for free and resold yet again by anyone else for a profit.
Of primary importance is the liability clause: The programmers are not liable for any
damages caused by their software.
It should be noted that the GPL is not the only license used by open source software
developers (although it is arguably the most popular). Other licenses, such as BSD and
Apache, have similar liability clauses but differ in terms of their redistribution. For
instance, the BSD license allows people to make changes to the code and ship those
changes without having to disclose the added code. (Whereas the GPL requires that the
added code is shipped.) For more information about other open source licenses, check
out www.opensource.org.
01-ch01.indd 7 19/11/15 3:33 PM

Historical Footnote
Many, many moons ago, Red Hat started a commercial offering of its erstwhile
free product (Red Hat Linux). The commercial release gained steam with the
Red Hat Enterprise Linux (RHEL) series. Because the foundation for RHEL
is GPL, individuals interested in maintaining a free version of Red Hat’s
distribution have been able to do so. Furthermore, as an outreach to the
community, Red Hat created the Fedora Project, which is considered the testing
grounds for new software before it is adopted by the RHEL team. The Fedora
Project is freely distributed and can be downloaded from http://fedoraproject
.org or https://getfedora.org.
Upstream and Downstream

To help you understand the concept of upstream and downstream components, let’s
start with an analogy. Picture, if you will, a pizza with all your favorite toppings.
The pizza is put together and baked by a local pizza shop. Several things go into
making a great pizza—cheeses, vegetables, flour (dough), herbs, meats, to mention a
few. The pizza shop will often make some of these ingredients in-house and rely on
other businesses to supply other ingredients. The pizza shop will also be tasked with
assembling the ingredients into a complete finished pizza.
Let’s consider one of the most common pizza ingredients—cheese. The cheese is
made by a cheesemaker who makes her cheese for many other industries or applications,
including the pizza shop. The cheesemaker is pretty set in her ways and has very
strong opinions about how her product should be paired with other food stuffs (wine,
crackers, bread, vegetables, and so on). The pizza shop owners, on the other hand, do
not care about other food stuffs—they care only about making a great pizza. Sometimes
the cheesemaker and the pizza shop owners will bump heads because of differences
in opinion and objectives. And at other times they will be in agreement and cooperate
beautifully. Ultimately (and sometimes unbeknown to them), the pizza shop owners
and cheesemaker care about the same thing: producing the best product that they can.
The pizza shop in our analogy here represents the Linux distributions vendors/
projects (Fedora, Debian, RHEL, openSUSE, and so on). The cheesemaker represents
the different software project maintainers that provide the important programs and
tools (such as the Bourne Again Shell [Bash], GNU Image Manipulation Program
[GIMP], GNOME, KDE, Nmap, and GNU Compiler Collection [GCC]) that are
packaged together to make a complete distribution (pizza). The Linux distribution
vendors are referred to as the downstream component of the open source food chain;
the maintainers of the accompanying different software projects are referred to as the
upstream component.
01-ch01.indd 8 19/11/15 3:33 PM

Standards
One argument you hear regularly against Linux is that too many different
distributions exist, and that by having multiple distributions, fragmentation
occurs. The argument opines that this fragmentation will eventually lead to
different versions of incompatible distros.
This is, without a doubt, complete nonsense that plays on “FUD” (fear,
uncertainty, and doubt). These types of arguments usually stem from a
misunderstanding of the kernel and distributions.
Ever since becoming so mainstream, the Linux community understood
that it needed a formal method and standardization process for how certain
things should be done among the numerous Linux spins. As a result, two major
standards are actively being worked on.
The Filesystem Hierarchy Standard (FHS) is an attempt by many of the Linux
distributions to standardize on a directory layout so that developers have an easy
time making sure their applications work across multiple distributions without
difficulty. As of this writing, several major Linux distributions have become
completely compliant with this standard.
The Linux Standard Base (LSB) specification is a standards group that specifies
what a Linux distribution should have in terms of libraries and tools.
A developer who assumes that a Linux machine complies only with LSB and
FHS is almost guaranteed to have an application that will work with all compliant
Linux installations. All of the major distributors have joined these standards
groups. This should ensure that all desktop distributions will have a certain
amount of commonality on which a developer can rely.
From a system administrator’s point of view, these standards are interesting
but not crucial to administering a Linux environment. However, it never hurts
to learn more about both. For more information on the FHS, go to their web
site at www.pathname.com/fhs. To find out more about LSB, check out www
.linuxfoundation.org/collaborate/workgroups/lsb.
The Advantages of Open Source Software

If the GPL seems like a bad idea from the standpoint of commercialism, consider the
surge of successful open source software projects—they are indicative of a system
that does indeed work. This success has evolved for two reasons. First, as mentioned
earlier, errors in the code itself are far more likely to be caught and quickly fixed under
the watchful eyes of peers. Second, under the GPL system, programmers can release
code without the fear of being sued. Without that protection, people might not feel as
comfortable to release their code for public consumption.
01-ch01.indd 9 19/11/15 3:33 PM

NOTE The concept of free software, of course, often begs the question of why
anyone would release his or her work for free. As hard as it might be to believe, some
people do it purely for altruistic reasons and the love of it.
Most projects don’t start out as full-featured, polished pieces of work. They often
begin life as a quick hack to solve a specific problem bothering the programmer at the
time. As a quick-and-dirty hack, the code might not have a sales value. But when this
code is shared and consequently improved upon by others who have similar problems
and needs, it becomes a useful tool. Other program users begin to enhance it with
features they need, and these additions travel back to the original program. The project
thus evolves as the result of a group effort and eventually reaches full refinement. This
polished program can contain contributions from possibly hundreds, if not thousands,
of programmers who have added little pieces here and there. In fact, the original
author’s code is likely to be little in evidence.
There’s another reason for the success of generously licensed software. Any
project manager who has worked on commercial software knows that the real cost
of development software isn’t in the development phase. It’s in the cost of selling,
marketing, supporting, documenting, packaging, and shipping that software. A
programmer carrying out a weekend hack to fix a problem with a tiny, kludged program
might lack the interest, time, and money to turn that hack into a profitable product.
When Linus Torvalds released Linux in 1991, he released it under the GPL.
As a result of its open charter, Linux has had a notable number of contributors
and analyzers. This participation has made Linux strong and rich in features. It is
estimated that since the v.2.2.0 kernel, Torvalds’s contributions represent less than
2 percent of the total code base.
NOTE This might sound strange, but it is true. Contributors to the Linux kernel code
include the companies with competing operating system platforms. For example,
Microsoft was one of the top code contributors to the Linux version 3.0 kernel code
base (as measured by the number of changes or patches relative to the previous
kernel version). Even though this might have been for self-promoting reasons on
Microsoft’s part, the fact remains that the open source licensing model that Linux
adopts permits this sort of thing to happen. Everyone and anyone who knows how, can
contribute code. The code is subjected to a peer review process, which in turn helps
the code to benefit from the “many eyeballs” axiom. In the end, everyone (end users,
companies, developers, and so on) benefits.
Because Linux is free (as in speech), anyone can take the Linux kernel and
other supporting programs, repackage them, and resell them. A lot of people and
corporations have made money with Linux doing just this! As long as these individuals
release the kernel’s full source code along with their individual packages, and as long
as the packages are protected under the GPL, everything is legal. Of course, this also
01-ch01.indd 10 19/11/15 3:33 PM

means that packages released under the GPL can be resold by other people under other
names for a profit.
In the end, what makes a package from one person more valuable than a package
from another person are the value-added features, support channels, and documentation.
Even IBM can agree to this; it’s how the company made most of its money from 1930 to
1970, and again in the late 1990s and early 2000s with IBM Global Services. The money
isn’t necessarily in the product alone; it can also be in the services that go with it.
The Disadvantages of Open Source Software

This section was included to provide a detailed, balanced, and unbiased contrast
to the previous section, which discussed some of the advantages of open source
software.
Unfortunately we couldn’t come up with any disadvantages at the time of this
writing! Nothing to see here.
Understanding the Differences Between

Windows and Linux
As you might imagine, the differences between Microsoft Windows and the Linux
operating system cannot be completely discussed in the confines of this section.
Throughout this book, topic by topic, you’ll read about the specific contrasts between
the two systems. In some chapters, you’ll find no comparisons, because a major
difference doesn’t really exist.
But before we attack the details, let’s take a moment to discuss the primary
architectural differences between the two operating systems.
Single Users vs. Multiple Users vs. Network Users

Windows was originally designed according to the “one computer, one desk, one user”
vision of Microsoft’s co-founder, Bill Gates. For the sake of discussion, we’ll call this
philosophy “single-user.” In this arrangement, two people cannot work in parallel
running (for example) Microsoft Word on the same machine at the same time. You
can buy Windows and run what is known as Terminal Server, but this requires huge
computing power and extra costs in licensing. Of course, with Linux, you don’t run
into the cost problem, and Linux will run fairly well on just about any hardware.
Linux borrows its philosophy from UNIX. When UNIX was originally developed
at Bell Labs in the early 1970s, it existed on a PDP-7 computer that needed to be shared
by an entire department. It required a design that allowed for multiple users to log into
01-ch01.indd 11 19/11/15 3:33 PM

the central machine at the same time. Various people could be editing documents,
compiling programs, and doing other work at the exact same time. The operating
system on the central machine took care of the “sharing” details so that each user
seemed to have an individual system. This multiuser tradition continues through today
on other versions of UNIX as well. And since Linux’s birth in the early 1990s, it has
supported the multiuser arrangement.
NOTE Most people believe that the term “multitasking” was invented with the advent
of Windows 95. But UNIX has had this capability since 1969! And because of Linux's
UNIX pedigree, you can thus be assured that the concepts included in Linux have had
many years to develop and prove themselves.
Today, the most common implementation of a multiuser setup is to support servers—

systems dedicated to running large programs for use by many clients. Each member of
a department can have a smaller workstation on the desktop, with enough power for
day-to-day work. When someone needs to do something requiring significantly more
processing power or memory, he or she can run the operation on the server.
“But, hey! Windows can allow people to offload computationally intensive work to
a single machine!” you may argue. “Just look at SQL Server!” Well, that position is only
half correct. Both Linux and Windows are indeed capable of providing services such as
databases over the network. We can call users of this arrangement network users, since
they are never actually logged into the server, but rather send requests to the server.
The server does the work and then sends the results back to the user via the network.
The catch in this case is that an application must be specifically written to perform such
server/client duties. Under Linux, a user can run any program allowed by the system
administrator on the server without having to redesign that program. Most users find
the ability to run arbitrary programs on other machines to be of significant benefit.
The Monolithic Kernel and the Micro-Kernel

Two forms of kernels are used in operating systems. The first, a monolithic kernel,
provides all the services the user applications need. The second, a micro-kernel, is
much more minimal in scope and provides only the bare minimum core set of services
needed to implement the operating system.
Linux, for the most part, adopts the monolithic kernel architecture; it handles
everything dealing with the hardware and system calls. Windows, on the other hand,
works off a micro-kernel design. The Windows kernel provides a small set of services
and then interfaces with other executive services that provide process management,
input/output (I/O) management, and other services. It has yet to be proved which
methodology is truly the best way.
Separation of the GUI and the Kernel

Taking a cue from the Macintosh design concept, Windows developers integrated
the GUI with the core operating system. One simply does not exist without the other.
01-ch01.indd 12 19/11/15 3:33 PM

The benefit with this tight coupling of the operating system and user interface is
consistency in the appearance of the system.
Although Microsoft does not impose rules as strict as Apple’s with respect to the
appearance of applications, most developers tend to stick with a basic look and feel
among applications. One reason why this is dangerous, however, is that the video card
driver is now allowed to run at what is known as “Ring 0” on a typical x86 architecture.
Ring 0 is a protection mechanism—only privileged processes can run at this level,
and typically user processes run at Ring 3. Because the video card is allowed to run at
Ring 0, it could misbehave (and it does!), and this can bring down the whole system.
On the other hand, Linux (like UNIX in general) has kept the two elements—user
interface and operating system—separate. The X Window System interface is run as a
user-level application, which makes the overall system more stable. If the GUI (which is
complex for both Windows and Linux) fails, Linux’s core does not go down with it. The
GUI process simply crashes, and you get a terminal window. The X Window System
also differs from the Windows GUI in that it isn’t a complete user interface. It defines
only how basic objects should be drawn and manipulated on the screen.
One of the most significant features of the X Window System is its ability to display
windows across a network and onto another workstation’s screen. This allows a user
sitting on host A to log into host B, run an application on host B, and have all of the
output routed back to host A. It is possible, for example, for several users to be logged
into the same machine and simultaneously use an open source equivalent of Microsoft
Word (such as LibreOffice).
In addition to the X Window System core, a window manager is needed to create
a useful environment. Linux distributions come with several window managers,
including the heavyweight and popular GNOME and KDE environments. Both
GNOME and KDE offer an environment that is friendly, even to the casual Windows
user. If you’re concerned with speed, you can look into the F Virtual Window Manager
(FVWM), Lightweight X11 Desktop Environment (LXDE), and XFCE window managers.
They might not have all the glitz of KDE or GNOME, but they are really fast and
lightweight.
So which approach is better—Windows or Linux—and why? That depends on what
you are trying to do. The integrated environment provided by Windows is convenient
and less complex than Linux, but out of the box, Windows lacks the X Window System
feature that allows applications to display their windows across the network on
another workstation. The Windows GUI is consistent, but it cannot be easily turned off,
whereas the X Window System doesn’t have to be running (and consuming valuable
hardware resources) on a server.
NOTE With its latest server family of operating systems, Microsoft has somewhat
decoupled the GUI from the base operating system (OS). You can now install and run
the server in a so-called Server Core mode. Managing the server in this mode is done
via the command line or remotely from a regular system, with full GUI capabilities.
01-ch01.indd 13 19/11/15 3:33 PM

My Network Places
The native mechanism for Windows users to share disks on servers or with each other
is through My Network Places (the former Network Neighborhood). In a typical
scenario, users attach to a share and have the system assign it a drive letter. As a result,
the separation between client and server is clear. The only problem with this method of
sharing data is more people-oriented than technology-oriented: People have to know
which servers contain which data.
With Windows, a new feature borrowed from UNIX has also appeared: mounting.
In Windows terminology, it is called reparse points. This is the ability to mount an optical
drive into a directory on your C drive. The concept of mounting resources (optical media,
network shares, and so on) in Linux/UNIX might seem a little strange, but as you get
used to Linux, you’ll understand and appreciate the beauty in this design. To get anything
close to this functionality in Windows, you have to map a network share to a drive letter.
Right from inception, Linux was built with support for the concept of mounting, and
as a result, different types of file systems can be mounted using different protocols and
methods. For example, the popular Network File System (NFS) protocol can be used to
mount remote shares/folders and make them appear local. In fact, the Linux Automounter
can dynamically mount and unmount different file systems on an as-needed basis.
A common example of mounting partitions under Linux involves mounted home
directories. The user’s home directories can reside on a remote server, and the client
systems can automatically mount the directories at boot time. So the /home (pronounced
slash home) directory exists on the client, but the /home/username directory (and its
contents) can reside on the server.
Under Linux NFS and other Network File Systems, users never have to know
server names or directory paths, and their ignorance is your bliss. No more questions
about which server to connect to. Even better, users need not know when the server
configuration must change. Under Linux, you can change the names of servers and
adjust this information on client-side systems without making any announcements or
having to reeducate users. Anyone who has ever had to reorient users to new server
arrangements will appreciate the benefits and convenience of this.
Printing works in much the same way. Under Linux, printers receive names that
are independent of the printer’s actual hostname. (This is especially important if the
printer doesn’t speak Transmission Control Protocol/Internet Protocol, or TCP/IP.)
Clients point to a print server whose name cannot be changed without administrative
authorization. Settings don’t get changed without your knowing it. The print server
can then redirect all print requests as needed. The unified interface that Linux provides
will go a long way toward improving what might be a chaotic printer arrangement in
your network environment. This also means you don’t have to install print drivers in
several locations.
01-ch01.indd 14 19/11/15 3:33 PM

The Registry vs. Text Files

Think of the Windows Registry as the ultimate configuration database—thousands
upon thousands of entries, only a few of which are completely documented.
“What? Did you say your Registry got corrupted?” <maniacal laughter> “Well, yes,
we can try to restore it from last night’s backups, but then Excel starts acting funny and
the technician (who charges $65 just to answer the phone) said to reinstall .…”
In other words, the Windows Registry system can be, at best, difficult to manage.
Although it’s a good idea in theory, most people who have serious dealings with it
don’t emerge from battling it without a scar or two.
Linux does not have a registry, and this is both a blessing and a curse. The blessing
is that configuration files are most often kept as a series of text files (think of the
Windows .ini files). This setup means you’re able to edit configuration files using
the text editor of your choice rather than tools such as regedit. In many cases, it
also means you can liberally add comments to those configuration files so that six
months from now you won’t forget why you set up something in a particular way.
Most software programs that are used on Linux platforms store their configuration
files under the /etc (pronounced slash etc) directory or one of its subdirectories. This
convention is widely understood and accepted in the FOSS world.
The curse of a no-registry arrangement is that there is no standard way of writing
configuration files. Each application can have its own format. Many applications are
now coming bundled with GUI-based configuration tools to alleviate some of these
problems. So you can do a basic setup easily, and then manually edit the configuration
file when you need to do more complex adjustments.
In reality, having text files hold configuration information usually turns out to
be an efficient method. Once set, they rarely need to be changed; even so, they are
straight text files and thus easy to view when needed. Even more helpful is that it’s
easy to write scripts to read the same configuration files and modify their behavior
accordingly. This is especially helpful when automating server maintenance operations,
which is crucial in a large site with many servers.
Domains and Active Directory

The idea behind Microsoft’s Active Directory (AD) is simple: Provide a repository for
any kind of administrative data, whether it is user logins, group information, or even
just telephone numbers. In addition, provide a central place to manage authentication
and authorization for a domain. The domain synchronization model was also changed
to follow a Domain Name System (DNS)–style hierarchy that has proved to be far more
reliable. NT LAN Manager (NTLM) was also dropped in favor of Kerberos. (Note that
AD is still somewhat compatible with NTLM.). As tedious as it may be, AD works
pretty well when properly set up and maintained.
Out of the box, Linux does not use a tightly coupled authentication/authorization
and data store model the way that Windows does with AD. Instead, Linux uses an
abstraction model that allows for multiple types of stores and authentication schemes
to work without any modification to other applications. This is accomplished through
01-ch01.indd 15 19/11/15 3:33 PM

the Pluggable Authentication Modules (PAM) infrastructure and the name resolution
libraries that provide a standard means of looking up user and group information for
applications. It also provides a flexible way of storing that user and group information
using a variety of schemes.
For administrators looking to Linux, this abstraction layer can seem peculiar at first.
However, consider that you can use anything from flat files, to Network Information
Service (NIS), to Lightweight Directory Access Protocol (LDAP) or Kerberos for
authentication. This means you can pick the system that works best for you. For
example, if you have an existing UNIX infrastructure that uses NIS, you can simply
make your Linux systems plug into that. On the other hand, if you have an existing
AD infrastructure, you can use PAM with Samba or LDAP to authenticate against the
Windows domain model. Use Kerberos? No problem. And, of course, you can choose
to make your Linux system not interact with any external authentication system. In
addition to being able to tie into multiple authentication systems, Linux can easily use
a variety of tools, such as OpenLDAP, to keep directory information centrally available
as well.
Summary
This chapter offered an overview of what Linux is and what it isn’t. We discussed a
few of the guiding principles, ideas, and concepts that govern open source software
and Linux by extension. We ended the chapter by covering some of the similarities
and differences between core technologies in the Linux and Microsoft Windows Server
worlds. Most of these technologies and their practical uses are dealt with in greater
detail in the rest of this book.
If you are so inclined and would like to get more detailed information on the
internal workings of Linux itself, you might want to start with the source code. The
source code can be found at www.kernel.org. It is, after all, open source!
01-ch01.indd 16 19/11/15 3:33 PM

Installing Linux in a
CHAPTER 2 Server Configuration
02-ch02.indd 17 19/11/15 3:05 PM

T
he remarkable improvement and polish in the installation tools (and procedures)
are partly responsible for the mass adoption of Linux-based distributions.
What once was a mildly frightening process many years ago has now become
almost trivial. Even better, there are many ways to install the software: optical media
(CD/DVD-ROMs), USB/Flash drives, network, and so on. Network installation
options can be a wonderful help when you’re installing a large number of hosts.
Another popular method of installing a Linux distribution is installing from what is
known as a “Live CD,” which simply allows you to try the software before committing
to installing it.
Most default configurations in which Linux is installed are already capable of
becoming servers. It is usually just a question of installing and configuring the proper
application to perform the needed task. Proper practice dictates that a so-called server
be dedicated to performing only a suite of specific tasks. Any other installed and
irrelevant services simply take up memory and create a drag on performance and,
as such, should be avoided. In this chapter, we discuss the installation process as it
pertains to servers and their dedicated functions.
Hardware and Environmental Considerations

As you would with any operating system, before you get started with the installation
process, you should determine what hardware configurations will work. Each
commercial vendor publishes a hardware compatibility list (HCL) and makes it
available on its web site. For example, openSUSE’s HCL database can be found at
http://en.opensuse.org/Hardware, Ubuntu’s HCL can be found at https://wiki
.ubuntu.com/HardwareSupport, Red Hat’s HCL is at http://hardware.redhat.com
(Fedora’s HCL can be safely assumed to be similar to Red Hat’s), and a more generic
(and older) HCL for most Linux flavors can be found at www.tldp.org/HOWTO/
Hardware-HOWTO.
These sites provide a good starting reference point when you are in doubt
concerning a particular piece of hardware. However, keep in mind that new Linux
device drivers are being churned out on a daily basis around the world, and no
single site can keep up with the pace of development in the open source community.
In general, most popular Intel-based and AMD-based configurations work without
difficulty.
A general rule that applies to all operating systems is to avoid cutting-edge
hardware and software configurations. Although their specs might appear impressive,
they may not yet have been through the maturing process some of the slightly older
hardware has undergone. For servers, this usually isn’t an issue, since there is no need
for a server to have the latest and greatest toys such as fancy video cards and sound
cards. Your main goal, after all, is to provide a stable and highly available server for
your users.
02-ch02.indd 18 19/11/15 3:05 PM

Another random document with
no related content on Scribd:
Aunt Cassie at forty-seven had been as shriveled and dried as she was now,
twenty years later.
The old woman said, “My dear girl, I am miserable ... miserable.” And
drying the tears that streamed down her face, she added, “It won’t be long
now until I go to join dear Mr. Struthers.”
Sabine wanted suddenly to laugh, at the picture of Aunt Cassie entering
Paradise to rejoin a husband whom she had always called, even in the
intimacy of married life, “Mr. Struthers.” She kept thinking that Mr.
Struthers might not find the reunion so pleasant as his wife anticipated. She
had always held a strange belief that Mr. Struthers had chosen death as the
best way out.
And she felt a sudden almost warm sense of returning memories, roused
by Aunt Cassie’s passion for overstatement. Aunt Cassie could never bring
herself to say simply, “I’m going to die” which was not at all true. She must
say, “I go to join dear Mr. Struthers.”
Sabine said, “Oh, no.... Oh, no.... Don’t say that.”
“I don’t sleep any more. I barely close my eyes at night.”
She had seated herself now and was looking about her, absorbing
everything in the room, the changes made by the dreadful O’Hara, the
furniture he had bought for the house. But most of all she was studying
Sabine, devouring her with sidelong, furtive glances; and Sabine, knowing
her so well, saw that the old woman had been given a violent shock. She
had come prepared to find a broken, unhappy Sabine and she had found
instead this smooth, rather hard and self-contained woman, superbly
dressed and poised, from the burnished red hair (that straight red hair the
aunts had once thought so hopeless) to the lizard-skin slippers—a woman
who had obviously taken hold of life with a firm hand and subdued it, who
was in a way complete.
“Your dear uncle never forgot you for a moment, Sabine, in all the years
you were away. He died, leaving me to watch over you.” And again the
easy tears welled up.
(“Oh,” thought Sabine, “you don’t catch me that way. You won’t put me
back where I once was. You won’t even have a chance to meddle in my
life.”)
Aloud she said, “It’s a pity I’ve always been so far away.”
“But I’ve thought of you, my dear.... I’ve thought of you. Scarcely a
night passes when I don’t say to myself before going to sleep, ‘There is
poor Sabine out in the world, turning her back on all of us who love her.’ ”
She sighed abysmally. “I have thought of you, dear. I’ve prayed for you in
the long nights when I have never closed an eye.”
And Sabine, talking on half-mechanically, discovered slowly that, in
spite of everything, she was no longer afraid of Aunt Cassie. She was no
longer a shy, frightened, plain little girl; she even began to sense a
challenge, a combat which filled her with a faint sense of warmth. She kept
thinking, “She really hasn’t changed at all. She still wants to reach out and
take possession of me and my life. She’s like an octopus reaching out and
seizing each member of the family, arranging everything.” And she saw
Aunt Cassie now, after so many years, in a new light. It seemed to her that
there was something glittering and hard and a little sinister beneath all the
sighing and tears and easy sympathy. Perhaps she (Sabine) was the only one
in all the family who had escaped the reach of those subtle, insinuating
tentacles.... She had run away.
Meanwhile Aunt Cassie had swept from a vivid and detailed description
of the passing of Mr. Struthers into a catalogue of neighborhood and family
calamities, of deaths, of broken troths, financial disasters, and the
appearance on the horizon of the “dreadful O’Hara.” She reproached Sabine
for having sold her land to such an outsider. And as she talked on and on
she grew less and less human and more and more like some disembodied,
impersonal force of nature. Sabine, watching her with piercing green eyes,
found her a little terrifying. She had sharpened and hardened with age.
She discussed the divorces which had occurred in Boston, and at length,
leaning forward and touching Sabine’s hand with her thin, nervous one, she
said brokenly: “I felt for you in your trouble, Sabine. I never wrote you
because it would have been so painful. I see now that I evaded my duty. But
I felt for you.... I tried to put myself in your place. I tried to imagine dear
Mr. Struthers being unfaithful to me ... but, of course, I couldn’t. He was a
saint.” She blew her nose and repeated with passion, as if to herself, “A
saint!”
(“Yes,” thought Sabine, “a saint ... if ever there was one.”) She saw that
Aunt Cassie was attacking her now from a new point. She was trying to pity
her. By being full of pity the old woman would try to break down her
defenses and gain possession of her.
Sabine’s green eyes took one hard, glinting look. “Did you ever see my
husband?” she asked.
“No,” said Aunt Cassie, “but I’ve heard a great deal of him. I’ve been
told how you suffered.”
Sabine looked at her with a queer, mocking expression. “Then you’ve
been told wrongly. He is a fascinating man. I did not suffer. I assure you
that I would rather have shared him with fifty other women than have had
any one of the men about here all to myself.”
There was a frank immorality in this statement which put Aunt Cassie to
rout, bag and baggage. She merely stared, finding nothing to say in reply to
such a speech. Clearly, in all her life she had never heard any one say a
thing so bald and so frank, so completely naked of all pretense of gentility.
Sabine went on coldly, pushing her assault to the very end. “I divorced
him at last, not because he was unfaithful to me, but because there was
another woman who wanted to marry him ... a woman whom I respect and
like ... a woman who is still my friend. Understand that I loved him
passionately ... in a very fleshly way. One couldn’t help it. I wasn’t the only
woman.... He was a kind of devil, but a very fascinating one.”
The old woman was a little stunned but not by any means defeated.
Sabine saw a look come into her eyes, a look which clearly said, “So this is
what the world has done to my poor, dear, innocent little Sabine!” At last
she said with a sigh, “I find it an amazing world. I don’t know what it is
coming to.”
“Nor I,” replied Sabine with an air of complete agreement and sympathy.
She understood that the struggle was not yet finished, for Aunt Cassie had a
way of putting herself always in an impregnable position, of wrapping
herself in layer after layer of sighs and sympathy, of charity and
forgiveness, of meekness and tears, so that in the end there was no way of
suddenly tearing them aside and saying, “There you are ... naked at last, a
horrible meddling old woman!” And Sabine kept thinking, too, that if Aunt
Cassie had lived in the days of her witch-baiting ancestor, Preserved
Pentland, she would have been burned for a witch.
And all the while Sabine had been suffering, quietly, deep inside, behind
the frankly painted face ... suffering in a way which no one in the world had
ever suspected; for it was like tearing out her heart, to talk thus of Richard
Callendar, even to speak his name.
Aloud she said, “And how is Mrs. Pentland.... I mean Olivia ... not my
cousin.... I know how she is ... no better.”
“No better.... It is one of those things which I can never understand....
Why God should have sent such a calamity to a good man like my brother.”
“But Olivia ...” began Sabine, putting an end abruptly to what was
clearly the prelude to a pious monologue.
“Oh!... Olivia,” replied Aunt Cassie, launching into an account of the
young Mrs. Pentland. “Olivia is an angel ... an angel, a blessing of God sent
to my poor brother. But she’s not been well lately. She’s been rather sharp
with me ... even with poor Miss Peavey, who is so sensitive. I can’t imagine
what has come over her.”
It seemed that the strong, handsome Olivia was suffering from nerves.
She was, Aunt Cassie said, unhappy about something, although she could
not see why Olivia shouldn’t be happy ... a woman with everything in the
world.
“Everything?” echoed Sabine. “Has any one in the world got
everything?”
“It is Olivia’s fault if she hasn’t everything. All the materials are there.
She has a good husband ... a husband who never looks at other women.”
“Nor at his own wife either,” interrupted Sabine. “I know all about
Anson. I grew up with him.”
Aunt Cassie saw fit to ignore this. “She’s rich,” she said, resuming the
catalogue of Olivia’s blessings.
And again Sabine interrupted, “But what does money mean Aunt
Cassie? In our world one is rich and that’s the end of it. One takes it for
granted. When one isn’t rich any longer, one simply slips out of it. It has
very little to do with happiness....”
The strain was beginning to show on Aunt Cassie. “You’d find out if you
weren’t rich,” she observed with asperity, “if your father and great-
grandfather hadn’t taken care of their money.” She recovered herself and
made a deprecating gesture. “But don’t think I’m criticizing dear Olivia.
She is the best, the most wonderful woman.” She began to wrap herself
once more in kindliness and charity and forgiveness. “Only she seems to me
to be a little queer lately.”
Sabine’s artificially crimson mouth took on a slow smile. “It would be
too bad if the Pentland family drove two wives insane—one after the other.”
Again Aunt Cassie came near to defeat by losing her composure. She
snorted, and Sabine helped her out by asking: “And Anson?” ironically.
“What is dear Anson doing?”
She told him of Anson’s great work, “The Pentland Family and the
Massachusetts Bay Colony” and of its immense value as a contribution to
the history of the nation; and when she had finished with that, she turned to
Jack’s wretched health, saying in a low, melancholy voice, “It’s only a
matter of time, you know.... At least, so the doctors say.... With a heart like
that it’s only a matter of time.” The tears came again.
“And yet,” Sabine said slowly, “You say that Olivia has everything.”
“Well,” replied Aunt Cassie, “perhaps not everything.”
Before she left she inquired for Sabine’s daughter and was told that she
had gone over to Pentlands to see Sybil.
“They went to the same school in France,” said Sabine. “They were
friends there.”
“Yes,” said Aunt Cassie. “I was against Sybil’s going abroad to school. It
fills a girl’s head with queer ideas ... especially a school like that where any
one could go. Since she’s home, Sybil behaves very queerly.... I think it’ll
stand in the way of her success in Boston. The boys don’t like girls who are
different.”
“Perhaps,” said Sabine, “she may marry outside of Boston. Men aren’t
the same everywhere. Even in Boston there must be one or two who don’t
refer to women as ‘Good old So-and-so.’ Even in Boston there must be men
who like women who are well dressed ... women who are ladies....”
Aunt Cassie began to grow angry again, but Sabine swept over her.
“Don’t be insulted, Aunt Cassie. I only mean ladies in the old-fashioned,
glamorous sense..... Besides,” she continued, “whom could she marry who
wouldn’t be a cousin or a connection of some sort?”
“She ought to marry here ... among the people she’s always known.
There’s a Mannering boy who would be a good match, and James Thorne’s
youngest son.”
Sabine smiled. “So you have plans for her already. You’ve settled it?”
“Of course, nothing is settled. I’m only thinking of it with Sybil’s
welfare in view. If she married one of those boys she’d know what she was
getting. She’d know that she was marrying a gentleman.”
“Perhaps ...” said Sabine. “Perhaps.” Somehow a devil had taken
possession of her and she added softly, “There was, of course, Horace
Pentland.... One can never be quite sure.” (She never forgot anything,
Sabine.)
And at the same moment she saw, standing outside the door that opened
on the terrace next to the marshes, a solid, dark, heavy figure which she
recognized with a sudden feeling of delight as O’Hara. He had been
walking across the fields with the wiry little Higgins, who had left him and
continued on his way down the lane in the direction of Pentlands. At the
sight of him, Aunt Cassie made every sign of an attempt to escape quickly,
but Sabine said in a voice ominous with sweetness, “You must meet Mr.
O’Hara. I think you’ve never met him. He’s a charming man.” And she
placed herself in such a position that it was impossible for the old woman to
escape without losing every vestige of dignity.
Then Sabine called gently, “Come in, Mr. O’Hara.... Mrs. Struthers is
here and wants so much to meet her new neighbor.”
The door opened and O’Hara stepped in, a swarthy, rather solidly built
man of perhaps thirty-five, with a shapely head on which the vigorous black
hair was cropped close, and with blue eyes that betrayed his Irish origin by
the half-hidden sparkle of amusement at this move of Sabine’s. He had a
strong jaw and full, rather sensual, lips and a curious sense of great physical
strength, as if all his clothes were with difficulty modeled to the muscles
that lay underneath. He wore no hat, and his skin was a dark tan, touched at
the cheek-bones by the dull flush of health and good blood.
He was, one would have said at first sight, a common, vulgar man in that
narrow-jawed world about Durham, a man, perhaps, who had come by his
muscles as a dock-laborer. Sabine had thought him vulgar in the beginning,
only to succumb in the end to a crude sort of power which placed him
above the realm of such distinctions. And she was a shrewd woman, too,
devoted passionately to the business of getting at the essence of people; she
knew that vulgarity had nothing to do with a man who had eyes so shrewd
and full of mockery.
He came forward quietly and with a charming air of deference in which
there was a faint suspicion of nonsense, a curious shadow of vulgarity, only
one could not be certain whether he was not being vulgar by deliberation.
“It is a great pleasure,” he said. “Of course, I have seen Mrs. Struthers
many times ... at the horse shows ... the whippet races.”
Aunt Cassie was drawn up, stiff as a poker, with an air of having found
herself unexpectedly face to face with a rattlesnake.
“I have had the same experience,” she said. “And of course I’ve seen all
the improvements you have made here on the farm.” The word
“improvements” she spoke with a sort of venom in it, as if it had been
instead a word like “arson.”
“We’ll have some tea,” observed Sabine. “Sit down, Aunt Cassie.”
But Aunt Cassie did not unbend. “I promised Olivia to be back at
Pentlands for tea,” she said. “And I am late already.” Pulling on her black
gloves, she made a sudden dip in the direction of O’Hara. “We shall
probably see each other again, Mr. O’Hara, since we are neighbors.”
“Indeed, I hope so....”
Then she kissed Sabine again and murmured, “I hope, my dear, that you
will come often to see me, now that you’ve come back to us. Make my
house your own home.” She turned to O’Hara, finding a use for him
suddenly in her warfare against Sabine. “You know, Mr. O’Hara, she is a
traitor, in her way. She was raised among us and then went away for twenty
years. She hasn’t any loyalty in her.”
She made the speech with a stiff air of playfulness, as if, of course, she
were only making a joke and the speech meant nothing at all. Yet the air
was filled with a cloud of implications. It was the sort of tactics in which
she excelled.
Sabine went with her to the door, and when she returned she discovered
O’Hara standing by the window, watching the figure of Aunt Cassie as she
moved indignantly down the road in the direction of Pentlands. Sabine
stood there for a moment, studying the straight, strong figure outlined
against the light, and she got suddenly a curious sense of the enmity
between him and the old woman. They stood, the two of them, in a strange
way as the symbols of two great forces—the one negative, the other
intensely positive; the one the old, the other, the new; the one of decay, the
other of vigorous, almost too lush growth. Nothing could ever reconcile
them. According to the scheme of things, they would be implacable
enemies to the end. But Sabine had no doubts as to the final victor; the
same scheme of things showed small respect for all that Aunt Cassie stood
for. That was one of the wisdoms Sabine had learned since she had escaped
from Durham into the uncompromising realities of the great world.
When she spoke, she said in a noncommittal sort of voice, “Mrs.
Struthers is a remarkable woman.”
And O’Hara, turning, looked at her with a sudden glint of humor in his
blue eyes. “Extraordinary ... I’m sure of it.”
“And a powerful woman,” said Sabine. “Wise as a serpent and gentle as
a dove. It is never good to underestimate such strength. And now.... How do
you like your tea?”
He took no tea but contented himself with munching a bit of toast and
afterward smoking a cigar, clearly pleased with himself in a naïve way in
the rôle of landlord coming to inquire of his tenant whether everything was
satisfactory. He had a liking for this hard, clever woman who was now only
a tenant of the land—his land—which she had once owned. When he
thought of it—that he, Michael O’Hara, had come to own this farm in the
midst of the fashionable and dignified world of Durham—there was
something incredible in the knowledge, something which never ceased to
warm him with a strong sense of satisfaction. By merely turning his head,
he could see in the mirror the reflection of the long scar on his temple,
marked there by a broken bottle in the midst of a youthful fight along the
India Wharf. He, Michael O’Hara, without education save that which he
had given himself, without money, without influence, had raised himself to
this position before his thirty-sixth birthday. In the autumn he would be a
candidate for Congress, certain of election in the back Irish districts. He,
Michael O’Hara, was on his way to being one of the great men of New
England, a country which had once been the tight little paradise of people
like the Pentlands.
Only no one must ever suspect the depth of that great satisfaction.
Yes, he had a liking for this strange woman, who ought to have been his
enemy and, oddly enough, was not. He liked the shrewd directness of her
mind and the way she had of sitting there opposite him, turning him over
and over while he talked, as if he had been a small bug under a microscope.
She was finding out all about him; and he understood that, for it was a trick
in which he, himself, was well-practised. It was by such methods that he
had got ahead in the world. It puzzled him, too, that she should have come
out of that Boston-Durham world and yet could be so utterly different from
it. He had a feeling that somewhere in the course of her life something had
happened to her, something terrible which in the end had given her a great
understanding and clarity of mind. He knew, too, almost at once, on the day
she had driven up to the door of the cottage, that she had made a discovery
about life which he himself had made long since ... that there is nothing of
such force as the power of a person content merely to be himself, nothing so
invincible as the power of simple honesty, nothing so successful as the life
of one who runs alone. Somewhere she had learned all this. She was like a
woman to whom nothing could ever again happen.
They talked for a time, idly and pleasantly, with a sense of understanding
unusual in two people who had known each other for so short a time; they
spoke of the farm, of Pentlands, of the mills and the Poles in Durham, of the
country as it had been in the days when Sabine was a child. And all the
while he had that sense of her weighing and watching him, of feeling out
the faint echo of a brogue in his speech and the rather hard, nasal quality
that remained from those days along India Wharf and the memories of a
ne’er-do-well, superstitious Irish father.
He could not have known that she was a woman who included among
her friends men and women of a dozen nationalities, who lived a life among
the clever, successful people of the world ... the architects, the painters, the
politicians, the scientists. He could not have known the ruthless rule she put
up against tolerating any but people who were “complete.” He could have
known nothing of her other life in Paris, and London, and New York, which
had nothing to do with the life in Durham and Boston. And yet he did
know.... He saw that, despite the great difference in their worlds, there was
a certain kinship between them, that they had both come to look upon the
world as a pie from which any plum might be drawn if one only knew the
knack.
And Sabine, on her side, not yet quite certain about casting aside all
barriers, was slowly reaching the same understanding. There was no love or
sentimentality in the spark that flashed between them. She was more than
ten years older than O’Hara and had done with such things long ago. It was
merely a recognition of one strong person by another.
It was O’Hara who first took advantage of the bond. In the midst of the
conversation, he had turned the talk rather abruptly to Pentlands.
“I’ve never been there and I know very little of the life,” he said, “but
I’ve watched it from a distance and it interests me. It’s like something out of
a dream, completely dead ... dead all save for young Mrs. Pentland and
Sybil.”
Sabine smiled. “You know Sybil, then?”
“We ride together every morning.... We met one morning by chance
along the path by the river and since then we’ve gone nearly every day.”
“She’s a charming girl.... She went to school in France with my
daughter, Thérèse. I saw a great deal of her then.”
Far back in her mind the thought occurred to her that there would be
something very amusing in the prospect of Sybil married to O’Hara. It
would produce such an uproar with Anson and Aunt Cassie and the other
relatives.... A Pentland married to an Irish Roman Catholic politician!
“She is like her mother, isn’t she?” asked O’Hara, sitting forward a bit
on his chair. He had a way of sitting thus, in the tense, quiet alertness of a
cat.
“Very like her mother.... Her mother is a remarkable woman ... a
charming woman ... also, I might say, what is the rarest of all things, a
really good and generous woman.”
“I’ve thought that.... I’ve seen her a half-dozen times. I asked her to help
me in planting the garden here at the cottage because I knew she had a
passion for gardens. And she didn’t refuse ... though she scarcely knew me.
She came over and helped me with it. I saw her then and came to know her.
But when that was finished, she went back to Pentlands and I haven’t seen
her since. It’s almost as if she meant to avoid me. Sometimes I feel sorry for
her.... It must be a queer life for a woman like that ... young and beautiful.”
“She has a great deal to occupy her at Pentlands. And it’s true that it’s
not a very fascinating life. Still, I’m sure she couldn’t bear being pitied....
She’s the last woman in the world to want pity.”
Curiously, O’Hara flushed, the red mounting slowly beneath the dark-
tanned skin.
“I thought,” he said a little sadly, “that her husband or Mrs. Struthers
might have raised objections.... I know how they feel toward me. There’s no
use pretending not to know.”
“It is quite possible,” said Sabine.
There was a sudden embarrassing silence, which gave Sabine time to
pull her wits together and organize a thousand sudden thoughts and
impressions. She was beginning to understand, bit by bit, the real reasons of
their hatred for O’Hara, the reasons which lay deep down underneath,
perhaps so deep that none of them ever saw them for what they were.
And then out of the silence she heard the voice of O’Hara saying, in a
queer, hushed way, “I mean to ask something of you ... something that may
sound ridiculous. I don’t pretend that it isn’t, but I mean to ask it anyway.”
For a moment he hesitated and then, rising quickly, he stood looking
away from her out of the door, toward the distant blue marshes and the open
sea. She fancied that he was trembling a little, but she could not be certain.
What she did know was that he made an immense and heroic effort, that for
a moment he, a man who never did such things, placed himself in a position
where he would be defenseless and open to being cruelly hurt; and for the
moment all the recklessness seemed to flow out of him and in its place there
came a queer sadness, almost as if he felt himself defeated in some way....
He said, “What I mean to ask you is this.... Will you ask me sometimes
here to the cottage when she will be here too?” He turned toward her
suddenly and added, “It will mean a great deal to me ... more than you can
imagine.”
She did not answer him at once, but sat watching him with a poorly
concealed intensity; and presently, flicking the cigarette ashes casually from
her gown, she asked, “And do you think it would be quite moral of me?”
He shrugged his shoulders and looked at her in astonishment, as if he
had expected her, least of all people in the world, to ask such a thing.
“It might,” he said, “make us both a great deal happier.”
“Perhaps ... perhaps not. It’s not so simple as that. Besides, it isn’t
happiness that one places first at Pentlands.”
“No.... Still....” He made a sudden vigorous gesture, as if to sweep aside
all objections.
“You’re a queer man.... I’ll see what can be done.”
He thanked her and went out shyly without another word, to stride across
the meadows, his black head bent thoughtfully, in the direction of his new
bright chimneys. At his heels trotted the springer, which had lain waiting
for him outside the door. There was something about the robust figure,
crossing the old meadow through the blue twilight, that carried a note of
lonely sadness. The self-confidence, the assurance, seemed to have melted
away in some mysterious fashion. It was almost as if one man had entered
the cottage a little while before and another, a quite different man, had left it
just now. Only one thing, Sabine saw, could have made the difference, and
that was the name of Olivia.
When he had disappeared Sabine went up to her room overlooking the

sea and lay there for a long time thinking. She was by nature an indolent
woman, especially at times when her brain worked with a fierce activity. It
was working thus now, in a kind of fever, confused and yet tremendously
clear; for the visits from Aunt Cassie and O’Hara had ignited her almost
morbid passion for vicarious experience. She had a sense of being on the
brink of some calamity which, beginning long ago in a hopeless tangle of
origins and motives, was ready now to break forth with the accumulated
force of years.
It was only now that she began to understand a little what it was that had
drawn her back to a place which held memories so unhappy as those
haunting the whole countryside of Durham. She saw that it must have been
all the while a desire for vindication, a hunger to show them that, in spite of
everything, of the straight red hair and the plain face, the silly ideas with
which they had filled her head, in spite even of her unhappiness over her
husband, she had made of her life a successful, even a brilliant, affair. She
had wanted to show them that she stood aloof now and impregnable, quite
beyond their power to curb or to injure her. And for a moment she
suspected that the half-discerned motive was an even stronger thing, akin
perhaps to a desire for vengeance; for she held this world about Durham
responsible for the ruin of her happiness. She knew now, as a worldly
woman of forty-six, that if she had been brought up knowing life for what it
was, she might never have lost the one man who had ever roused a genuine
passion in a nature so hard and dry.
It was all confused and tormented and vague, yet the visit of Aunt
Cassie, filled with implications and veiled attempts to humble her, had
cleared the air enormously.
And behind the closed lids, the green eyes began to see a whole
procession of calamities which lay perhaps within her power to create. She
began to see how it might even be possible to bring the whole world of
Pentlands down about their heads in a collapse which could create only
freedom and happiness to Olivia and her daughter. And it was these two
alone for whom she had any affection; the others might be damned,
gloriously damned, while she stood by without raising a finger.
She began to see where the pieces of the puzzle lay, the wedges which
might force open the solid security of the familiar, unchanging world that
once more surrounded her.
Lying there in the twilight, she saw the whole thing in the process of
being fitted together and she experienced a sudden intoxicating sense of
power, of having all the tools at hand, of being the dea ex machinâ of the
calamity.
She was beginning to see, too, how the force, the power that had lain
behind all the family, was coming slowly to an end in a pale, futile
weakness. There would always be money to bolster up their world, for the
family had never lost its shopkeeping tradition of thrift; but in the end even
money could not save them. There came a time when a great fortune might
be only a shell without a desiccated rottenness inside.
She was still lying there when Thérèse came in—a short, plain, rather
stocky, dark girl with a low straight black bang across her forehead. She
was hot and soiled by the mud of the marshes, as the red-haired unhappy
little girl had been so many times in that far-off, half-forgotten childhood.
“Where have you been?” she asked indifferently, for there was always a
curious sense of strangeness between Sabine and her daughter.
“Catching frogs to dissect,” said Thérèse. “They’re damned scarce and I
slipped into the river.”
Sabine, looking at her daughter, knew well enough there was no chance
of marrying off a girl so queer, and wilful and untidy, in Durham. She saw
that it had been a silly idea from the beginning; but she found satisfaction in
the knowledge that she had molded Thérèse’s life so that no one could ever
hurt her as they had hurt her mother. Out of the queer nomadic life they had
led together, meeting all sorts of men and women who were, in Sabine’s
curious sense of the word, “complete,” the girl had pierced her way
somehow to the bottom of things. She was building her young life upon a
rock, so that she could afford to feel contempt for the very forces which
long ago had hurt her mother. She might, like O’Hara, be suddenly humbled
by love; but that, Sabine knew, was a glorious thing well worth suffering.
She knew it each time that she looked at her child and saw the clear gray
eyes of the girl’s father looking out of the dark face with the same proud
look of indifferent confidence which had fascinated her twenty years ago.
So long as Thérèse was alive, she would never be able wholly to forget him.
“Go wash yourself,” she said. “Old Mr. Pentland and Olivia and Mrs.
Soames are coming to dine and play bridge.”
As she dressed for dinner she no longer asked herself, “Why did I ever
imagine Thérèse might find a husband here? What ever induced me to come
back here to be bored all summer long?”
She had forgotten all that. She began to see that the summer held
prospects of diversion. It might even turn into a fascinating game. She knew
that her return had nothing to do with Thérèse’s future; she had been drawn
back into Durham by some vague but overwhelming desire for mischief.
CHAPTER V
When Anson Pentland came down from the city in the evening, Olivia
was always there to meet him dutifully and inquire about the day. The
answers were always the same: “No, there was not much doing in town,”
and, “It was very hot,” or, “I made a discovery to-day that will be of great
use to me in the book.”
Then after a bath he would appear in tweeds to take his exercise in the
garden, pottering about mildly and peering closely with his near-sighted
blue eyes at little tags labeled “General Pershing” or “Caroline Testout” or
“Poincaré” or “George Washington” which he tied carefully on the new
dahlias and roses and smaller shrubs. And, more often than not, the
gardener would spend half the next morning removing the tags and placing
them on the proper plants, for Anson really had no interest in flowers and
knew very little about them. The tagging was only a part of his passion for
labeling things; it made the garden at Pentlands seem a more subdued and
ordered place. Sometimes it seemed to Olivia that he went through life
ticketing and pigeonholing everything that came his way: manners,
emotions, thoughts, everything. It was a habit that was growing on him in
middle-age.
Dinner was usually late because Anson liked to take advantage of the
long summer twilights, and after dinner it was the habit of all the family,
save Jack, who went to bed immediately afterward, to sit in the Victorian
drawing-room, reading and writing letters or sometimes playing patience,
with Anson in his corner at Mr. Lowell’s desk working over “The Pentland
Family and the Massachusetts Bay Colony,” and keeping up a prodigious
correspondence with librarians and old men and women of a genealogical
bent. The routine of the evening rarely changed, for Anson disliked going
out and Olivia preferred not to go alone. It was only with the beginning of
the summer, when Sybil was grown and had begun to go out occasionally to
dinners and balls, and the disturbing Sabine, with her passion for playing
bridge, had come into the neighborhood, that the routine was beginning to
break up. There were fewer evenings now with Olivia and Sybil playing
patience and old John Pentland sitting by the light of Mr. Longfellow’s
lamp reading or simply staring silently before him, lost in thought.
There were times in those long evenings when Olivia, looking up
suddenly and for no reason at all, would discover that Sybil was sitting in
the same fashion watching her, and both of them would know that they, like
old John Pentland, had been sitting there all the while holding books in their
hands without knowing a word of what they had read. It was as if a kind of
enchantment descended upon them, as if they were waiting for something.
Once or twice the silence had been broken sharply by the unbearable sound
of groans coming from the north wing when she had been seized suddenly
by one of her fits of violence.
Anson’s occasional comment and Olivia’s visits to Jack’s room to see
that nothing had happened to him were the only interruptions. They spoke
always in low voices when they played double patience in order not to
disturb Anson at his work. Sometimes he encountered a bit of information
for which he had been searching for a long time and then he would turn and
tell them of it.
There was the night when he made his discovery about Savina
Pentland....
“I was right about Savina Pentland,” he said. “She was a first cousin and
not a second cousin of Toby Cane.”
Olivia displayed an interest by saying, “Was that what you wrote to the
Transcript about?”
“Yes ... and I was sure that the genealogical editor was wrong. See ...
here it is in one of Jared Pentland’s letters at the time she was drowned....
Jared was her husband.... He refers to Toby Cane as her only male first
cousin.”
“That will help you a great deal,” said Olivia, “won’t it?”
“It will help clear up the chapter about the origins of her family.” And
then, after a little pause, “I wish that I could get some trace of the
correspondence between Savina Pentland and Cane. I’m sure it would be
full of things ... but it seems not to exist ... only one or two letters which tell
nothing.”
And then he relapsed again into a complete and passionate silence, lost
in the rustle of old books and yellowed letters, leaving the legend of Savina
Pentland to take possession of the others in the room.
The memory of this woman had a way of stealing in upon the family
unaware, quite without their willing it. She was always there in the house,
more lively than any of the more sober ancestors, perhaps because of them
all she alone had been touched by splendor; she alone had been in her
reckless way a great lady. There was a power in her recklessness and
extravagance which came, in the end, to obscure all those other plain,
solemn-faced, thrifty wives whose portraits adorned the hall of Pentlands,
much as a rising sun extinguishes the feeble light of the stars. And about her
obscure origin there clung a perpetual aura of romance, since there was no
one to know just who her mother was or exactly whence she came. The
mother was born perhaps of stock no humbler than the first shopkeeping
Pentland to land on the Cape, but there was in her the dark taint of
Portuguese blood; some said that she was the daughter of a fisherman. And
Savina herself had possessed enough of fascination to lure a cautious
Pentland into eloping with her against the scruples that were a very fiber of
the Pentland bones and flesh.
The portrait of Savina Pentland stood forth among the others in the white
hall, fascinating and beautiful not only because the subject was a dark,
handsome woman, but because it had been done by Ingres in Rome during
the years when he made portraits of tourists to save himself from starvation.
It was the likeness of a small but voluptuous woman with great wanton dark
eyes and smooth black hair pulled back from a camellia-white brow and
done in a little knot on the nape of the white neck—a woman who looked
out of the old picture with the flashing, spirited glance of one who lived
boldly and passionately. She wore a gown of peach-colored velvet
ornamented with the famous parure of pearls and emeralds given her, to the
scandal of a thrifty family, by the infatuated Jared Pentland. Passing the
long gallery of portraits in the hallway it was always Savina Pentland whom
one noticed. She reigned there as she must have reigned in life, so bold and
splendorous as to seem a bit vulgar, especially in a world of such sober folk,
yet so beautiful and so spirited that she made all the others seem scarcely
worth consideration.
Even in death she had remained an “outsider,” for she was the only one
of the family who did not rest quietly among the stunted trees at the top of
the bald hill where the first Pentlands had laid their dead. All that was left
of the warm, soft body lay in the white sand at the bottom of the ocean
within sight of Pentlands. It was as if fate had delivered her in death into a
grave as tempestuous and violent as she had been in life. And somewhere
near her in the restless white sand lay Toby Cane, with whom she had gone
sailing one bright summer day when a sudden squall turned a gay excursion
into a tragedy.
Even Aunt Cassie, who distrusted any woman with gaze so bold and free
as that set down by the brush of Ingres—even Aunt Cassie could not
annihilate the glamour of Savina’s legend. For her there was, too, another,
more painful, memory hidden in the knowledge that the parure of pearls and
emeralds and all the other jewels which Savina Pentland had wrung from
her thrifty husband, lay buried somewhere in the white sand between her
bones and those of her cousin. To Aunt Cassie Savina Pentland seemed
more than merely a reckless, extravagant creature. She was an enemy of the
Pentland fortune and of all the virtues of the family.
The family portraits were of great value to Anson in compiling his book,
for they represented the most complete collection of ancestors existing in all
America. From the portrait of the emigrating Pentland, painted in a wooden
manner by some traveling painter of tavern signs, to the rather handsome
one of John Pentland, painted at middle-age in a pink coat by Sargent, and
the rather bad and liverish one of Anson, also by Mr. Sargent, the collection
was complete save for two—the weak Jared Pentland who had married
Savina, and the Pentland between old John’s father and the clipper-ship
owner, who had died at twenty-three, a disgraceful thing for any Pentland to
have done.
The pictures hung in a neat double row in the lofty hall, arranged
chronologically and without respect for lighting, so that the good ones like
those by Ingres and Sargent’s picture of old John Pentland and the
unfinished Gilbert Stuart of Ashur Pentland hung in obscure shadows, and
the bad ones like the tavern-sign portrait of the first Pentland were exposed
in a glare of brilliant light.
This father of all the family had been painted at the great age of eighty-
nine and looked out from his wooden background, a grim, hard-mouthed
old fellow with white hair and shrewd eyes set very close together. It was a
face such as one might find to-day among the Plymouth Brethren of some
remote, half-forgotten Sussex village, the face of a man notable only for the
toughness of his body and the rigidity of a mind which dissented from
everything. At the age of eighty-four, he had been cast out for dissension
from the church which he had come to regard as his own property.
Next to him hung the portrait of a Pentland who had been a mediocrity
and left not even a shadowy legend; and then appeared the insolent,
disagreeable face of the Pentland who had ducked eccentric old women for
witches and cut off the ears of peace-loving Quakers in the colony founded
in “freedom to worship God.”
The third Pentland had been the greatest evangelist of his time, a man
who went through New England holding high the torch, exhorting rude
village audiences by the coarsest of language to such a pitch of excitement
that old women died of apoplexy and young women gave birth to premature
children. The sermons which still existed showed him to be a man
uncultivated and at times almost illiterate, yet his vast energy had founded a
university and his fame as an exhorter and “the flaming sword of the Lord”
had traveled to the ignorant and simple-minded brethren of the English back
country.
The next Pentland was the eldest of the exhorter’s twenty children (by
four wives), a man who clearly had departed from his father’s counsels and
appeared in his portrait a sensual, fleshly specimen, very fat and almost
good-natured, with thick red lips. It was this Pentland who had founded the
fortune which gave the family its first step upward in the direction of the
gentility which had ended with the figure of Anson bending over “The
Pentland Family and the Massachusetts Bay Colony.” He had made a large
fortune by equipping privateers and practising a near-piracy on British
merchantmen; and there was, too, a dark rumor (which Anson intended to
overlook) that he had made as much as three hundred per cent profit on a
single shipload of negroes in the African slave trade.
After him there were portraits of two Pentlands who had taken part in the
Revolution and then another hiatus of mediocrity, including the gap
represented by the missing Jared; and then appeared the Anthony Pentland
who increased the fortune enormously in the clipper trade. It was the
portrait of a swarthy, powerful man (the first of the dark Pentlands, who
could all be traced directly to Savina’s Portuguese blood), painted by a
second-rate artist devoted to realism, who had depicted skilfully the warts
which marred the distinguished old gentleman. In the picture he stood in the
garden before the Pentland house at Durham with marshes in the
background and his prize clipper Semiramis riding, with all sail up, the
distant ocean.
Next to him appeared the portrait of old John Pentland’s father—a man
of pious expression, dressed all in black, with a high black stock and a wave
of luxuriant black hair, the one who had raised the family to really great
wealth by contracts for shoes and blankets for the soldiers at Gettysburg and
Bull Run and Richmond. After him, gentility had conquered completely,
and the Sargent portrait of old John Pentland at middle-age showed a man
who was master of hounds and led the life of a country gentleman, a man
clearly of power and character, whose strength of feature had turned slowly
into the bitter hardness of the old man who sat now in the light of Mr.
Longfellow’s lamp reading or staring before him into space while his son
set down the long history of the family.
The gallery was fascinating to strangers, as the visual record of a family
which had never lost any money (save for the extravagance of Savina
Pentland’s jewels), a family which had been the backbone of a community,
a family in which the men married wives for thrift and housewifely virtues
rather than for beauty, a family solid and respectable and full of honor. It
was a tribe magnificent in its virtue and its strength, even at times in its
intolerance and hypocrisy. It stood represented now by old John Pentland
and Anson, and the boy who lay abovestairs in the room next Olivia’s,
dying slowly.
At ten o’clock each night John Pentland bade them good-night and went
off to bed, and at eleven Anson, after arranging his desk neatly and placing
his papers in their respective files, and saying to Olivia, “I wouldn’t sit up
too late, if I were you, when you are so tired,” left them and disappeared.
Soon after him, Sybil kissed her mother and climbed the stairs past all the
ancestors.
It was only then, after they had all left her, that a kind of peace settled
over Olivia. The burdens lifted, and the cares, the worries, the thoughts that
were always troubling her, faded into the distance and for a time she sat
leaning back in the winged armchair with her eyes closed, listening to the
sounds of the night—the faint murmur of the breeze in the faded lilacs
outside the window, the creaking that afflicts very old houses in the night,
and sometimes the ominous sound of Miss Egan’s step traversing distantly

Ebook Linux Administration A Beginners Guide PDF Full Chapter PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ebook Linux Administration A Beginners Guide PDF Full Chapter PDF

Uploaded by

Copyright:

Available Formats

Linux Administration A Beginnerâ€™s

Guide - eBook PDF

eBook conversion by codeMantra

PART I Introduction, Installation, and Software Management

PART II Single-Host Administration

5 Managing Users and Groups .. . . . . . . . . . . 121

00-FM.indd 5 20/11/15 10:04 AM

11 TCP/IP for System Administrators . . . . . . . 287

PART IV Internet Services

16 Domain Name System (DNS) . . . . . . . . . . . 421

PART V Intranet Services

23 Network File System (NFS) . . . . . . . . . . . . . 603

A Creating a Linux Installer

00-FM.indd 6 20/11/15 10:04 AM

00-FM.indd 7 20/11/15 10:04 AM

2 Installing Linux in a Server Configuration . . . . . . . . . . . . . . 17

3 The Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

00-FM.indd 8 20/11/15 10:04 AM

Change Ownership: chown . . . . . . . . . . . . . .. . . . . . . . . . . . . 61

4 Managing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

00-FM.indd 9 20/11/15 10:04 AM

00-FM.indd 10 20/11/15 10:04 AM

A Grand Tour . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . 147

6 Booting and Shutting Down . . . . . . . . . . . . . . . . . . . . . . . . 153

7 File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

00-FM.indd 11 20/11/15 10:04 AM

8 Core System Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

9 The Linux Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

10 Knobs and Dials: API (Virtual) File Systems . . . . . . . . . . . 269

00-FM.indd 12 20/11/15 10:04 AM

12 Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

00-FM.indd 13 20/11/15 10:04 AM

How Linux Chooses an IP Address .. . . . . . . . . . . . . . . . . . . . . . . 351

13 Linux Firewall (Netfilter) . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

14 Local Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387

15 Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405

00-FM.indd 14 20/11/15 10:04 AM

Binding to an Interface . . . . . . . . . . . . . . . . . ... . . . . . . . . . . . . . 409

00-FM.indd 15 20/11/15 10:04 AM

The DNS Toolbox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

17 File Transfer Protocol (FTP) . . . . . . . . . . . . . . . . . . . . . . . . . 459

18 Apache Web Server .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

19 Simple Mail Transfer Protocol (SMTP) . . . . . . . . . . . . . . . . 499

00-FM.indd 16 20/11/15 10:04 AM

Installing Postfix via APT in Ubuntu . . . . . . . . . . . . . . . . . . . 504

20 Post Office Protocol and Internet Mail Access

21 Voice over Internet Protocol (VoIP) . . . . . . . . . . . . . . . . . . . 535

00-FM.indd 17 20/11/15 10:04 AM

Asterisk Maintenance and Troubleshooting . . . . . . . . . . . . . . . . . 576

22 Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581

00-FM.indd 18 20/11/15 10:04 AM

Sample NFS Client and NFS Server Configuration .. . . . . . . . . . . 619

25 Distributed File Systems (DFS) . . . . . . . . . . . . . . . . . . . . . . 643

26 Network Information Service (NIS) . . . . . . . . . . . . . . . . . . 655

00-FM.indd 19 20/11/15 10:04 AM

Setting Up the NIS Master to Push to Slaves . . . . . . . . . . . . . 675

27 Lightweight Directory Access Protocol (LDAP) . . . . . . . . . 681

00-FM.indd 20 20/11/15 10:04 AM

29 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . 721

00-FM.indd 21 20/11/15 10:04 AM

B Demo Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785

00-FM.indd 22 20/11/15 10:04 AM

Who Should Read This Book

20 Post Office Protocol and Internet Mail Access