Anda di halaman 1dari 360

INSTRUCTOR GUIDE

System Administration of Red Hat Linux 5

System Administration of Red Hat Linux 5

System Administration of Red Hat Linux 5


Part Number: NH85993 Course Edition: 1.0

ACKNOWLEDGMENTS
Project Team
Content Developer: Subramaniyam R Content Manager: Georgina Evangeline Project Manager: Hemapriya D Media Instructional Designer: Subramaniyam R Content Editor: Dorothy Prabhu Media Producer: Sathya Priya Materials Editor: Harish N Project Technical Support: Mike Toscano

NOTICES
DISCLAIMER: While Element K Corporation takes care to ensure the accuracy and quality of these materials, we cannot guarantee their accuracy, and all materials are provided without any warranty whatsoever, including, but not limited to, the implied warranties of merchantability or tness for a particular purpose. The name used in the data les for this course is that of a ctitious company. Any resemblance to current or future companies is purely coincidental. We do not believe we have used anyones name in creating this course, but if we have, please notify us and we will change the name in the next revision of the course. Element K is an independent provider of integrated training solutions for individuals, businesses, educational institutions, and government agencies. Use of screenshots, photographs of another entitys products, or another entitys product name or service in this book is for editorial purposes only. No such use should be construed to imply sponsorship or endorsement of the book by, nor any afliation of such entity with Element K. This courseware may contain links to sites on the Internet that are owned and operated by third parties (the External Sites). Element K is not responsible for the availability of, or the content located on or through, any External Site. Please contact Element K if you have any concerns regarding such links or External Sites. TRADEMARK NOTICES: Element K and the Element K logo are trademarks of Element K Corporation and its afliates. Red Hat Enterprise Linux 5 is a registered trademark of Red Hat Inc., in the U.S. and other countries; the Red Hat products and services discussed or described may be trademarks of Red Hat Inc. All other product names and services used throughout this course may be common law or registered trademarks of their respective proprietors. Copyright 2009 2009 Element K Corporation. All rights reserved. Screenshots used for illustrative purposes are the property of the software proprietor. This publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, storage in an information retrieval system, or otherwise, without express written permission of Element K, 500 Canal View Boulevard, Rochester, NY 14623, (585) 240-7500, (800) 478-7788. Element K Coursewares World Wide Web site is located at www.elementkcourseware.com. This book conveys no rights in the software or other products about which it was written; all use or licensing of such software or other products is the responsibility of the user according to terms and conditions of the owner. Do not make illegal copies of books or software. If you believe that this book, related materials, or any other Element K materials are being reproduced or transmitted without permission, please call (800) 478-7788.

ii

System Administration of Red Hat Linux 5

CONTENTS

SYSTEM ADMINISTRATION OF RED HAT LINUX 5


LESSON 1 - INITIALIZING THE LINUX SYSTEM
A. Discuss the Boot Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BIOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Boot Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Boot Loader Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Superblocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Sectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Master Boot Record (MBR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Congure GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The grub.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . GRUB Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Grub Menu-Specic Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

2 2 3 4 4 4 5 5 7 7 8 8 9

C. View Kernel and Init Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Kernel Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 The dmesg Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 The Init Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 D. Change Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Runlevel Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 The inittab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Controlling Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Contents

iii

CONTENTS
LESSON 2 - MANAGING PACKAGES
A. Manage Packages Using RPM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Package Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 The RPM Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 RPM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 The RPM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 RPM Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 RPM Verication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 B. Congure Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Types of Repositories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 The createrepo Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 C. Manage Packages Using YUM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 The YUM Package Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 YUM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 D. Explore Red Hat Network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 The Red Hat Network (RHN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 The Red Hat Network Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 The Red Hat Network Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Entitlements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

LESSON 3 - MANAGING KERNEL SERVICES


A. Explore the Linux Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 The Role of Linux Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 Kernel Layers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Types of Kernels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 B. Customize Kernel Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Kernel Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Kernel Module Managing Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 The modprobe.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

iv

System Administration of Red Hat Linux 5

CONTENTS
C. Create an initrd Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 initrd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 D. Access Device Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 udev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Device Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Device Nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 E. Monitor Hardware Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Hardware Communication Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Hardware Abstraction Layer (HAL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 The HAL Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 F. Monitor Processes and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Kernel State Monitoring Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Memory Monitoring Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 The gnome-system-monitor Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 G. Congure the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Types of Kernel Conguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

LESSON 4 - CONFIGURING THE GRAPHICAL USER INTERFACE


A. Implement X. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 X.Org . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 X Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 X Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 X Font Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 XOrg Runlevels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Remote X Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Commands Used in Remote X Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 X-Stations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 B. Customize the Display Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Display Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 The GNOME Desktop Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 The KDE Desktop Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 The switchdesk Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

Contents

CONTENTS
C. Customize the Window Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 Window Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 The XTerm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

LESSON 5 - CONFIGURING SYSTEM SERVICES


A. Maintain System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 The syslogd Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 The /etc/syslog.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 The system-cong-date Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Network Time Protocol (NTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 The ntp.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 B. Work with Remote Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Secure Shell (SSH) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 Virtual Network Computing (VNC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112 The vncserver Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 The vncviewer Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 C. Automate System Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Cron . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Cron Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 The tmpwatch Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 The logrotate Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 The logwatch Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 System Crontab Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 The at Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 The Anacron System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

vi

System Administration of Red Hat Linux 5

CONTENTS
LESSON 6 - MANAGING FILESYSTEMS
A. Create Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Partition Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 The fdisk Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 The fdisk Utility Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 The /etc/fstab File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Device Recognition by MBR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Partition Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 B. Mount Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Filesystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Filesystem Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Filesystem Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 The tune2fs Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 The mke2fs Utility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 The dumpe2fs Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Mount Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Swap Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 The mkswap Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143 Swap Partition Management Commands . . . . . . . . . . . . . . . . . . . . . . . . 144 C. Implement NFS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 NFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 The Remote Procedure Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 The Portmapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 The Exports File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 D. Explore Automounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 The automount Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 The gnome-mount Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

Contents

vii

CONTENTS
LESSON 7 - MANAGING ADVANCED FILESYSTEM SERVICES
A. Congure Disk Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Disk Quota . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 Commands Used for Quota Management . . . . . . . . . . . . . . . . . . . . . . . 164 Quota Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Commands Used to Generate Quota Reports . . . . . . . . . . . . . . . . . . . . 165 B. Congure RAID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Redundant Array of Inexpensive Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Software RAID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 RAID Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 The mdadm Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171 C. Manage Logical Volumes Using the Logical Volume Manager . . . . . . . . . 176 Logical Volume Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 LVM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 LVM Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 LVM Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178 LVM Snapshots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179 D. Back Up Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Data Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 The Dump Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183 Raw Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Determine a Backup Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 E. Restore Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 The Restore Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188 F. Synchronize Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 File Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 The rsync Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192 The Synchronization Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

viii

System Administration of Red Hat Linux 5

CONTENTS
LESSON 8 - CONFIGURING NETWORKS
A. Overview of Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 The Transmission Control Protocol/Internet Protocol (TCP/IP) Suite . . . . 198 Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Network Interface Cards (NICs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 The ifcong Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 B. Congure Internet Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 IP Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 IP Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204 C. Congure Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Routers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Routing Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Gateway. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 D. Congure DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Domains Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218 Domain Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Domain Name System (DNS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 DNS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Berkeley Internet Name Domain (BIND) . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Resolving Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 E. Congure Network Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 Network Conguration Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 Network Interface Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 The ethtool Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Dynamic Network Conguration Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Contents

ix

CONTENTS
F. Share Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Network Information Service (NIS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 NIS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Lightweight Directory Access Protocol (LDAP) . . . . . . . . . . . . . . . . . . . . . 234 The LDAP Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 G. Congure SELinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Types of Access Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241 Security-Enhanced Linux (SELinux) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

LESSON 9 - INSTALLING LINUX


A. Install Red Hat Enterprise Linux 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 Linux Installation Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 The Anaconda Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Disk Druid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 B. Install Linux Using Kickstart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Kickstart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 The Kickstart Congurator Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263 Kickstart Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

LESSON 10 - IMPLEMENTING VIRTUALIZATION WITH XEN


A. Implement Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Paravirtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Hypervisor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271 Domain 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272 Domain U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

System Administration of Red Hat Linux 5

CONTENTS
B. Congure and Manage Domains. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Domain Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 The xendomains Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 The Xen Daemon (xend) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 The virt-manager Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 The xm Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 The xentop Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

LESSON 11 - TROUBLESHOOTING LINUX SYSTEMS


A. Troubleshoot Linux-Based Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Troubleshooting Strategies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 The Linux Rescue Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Rescue Environment Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 B. Troubleshoot Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Device Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Device Repair Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

APPENDIX A - MANAGING USERS AND GROUPS APPENDIX B - SYSTEM ADMINISTRATION OF RED HAT LINUX 5 (OBJECTIVE MAPPING FOR EXAM RED HAT LINUX SYSTEM ADMINISTRATION (RH131)) APPENDIX C - SYSTEM ADMINISTRATION OF RED HAT LINUX 5 (OBJECTIVE MAPPING FOR EXAM RH202) LESSON LABS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 GLOSSARY
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

INDEX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Contents

xi

NOTES

xii

System Administration of Red Hat Linux 5

INTRODUCTION

ABOUT THIS COURSE


You have performed all the basic tasks in Red Hat Enterprise Linux 5. However, as a system administrator, you require certain skills to manage a network of Linux systems. In this course, you will install, congure, maintain, and troubleshoot Linux systems. You will also explore the client-server architecture and acquire basic networking skills. As a system administrator, you will have to manage multiple systems in the network. To do this, you need to acquire administrative skills because basic Linux knowledge will enable you to perform only certain simple tasks. In this course, you will congure systems, deploy services, setup networking, and troubleshoot system issues. This will reduce the time and effort involved in performing your administrative tasks.

Course Description
Target Student
This course is designed for Linux or Unix users and IT professionals who want to build their skill in Linux system administration. Individuals aspiring to become a Red Hat Certied Technician (RHCT) can also pursue this course.

Course Prerequisites
Students should have basic user-level computer skills with the Linux or Unix operating system.

How to Use This Book


As a Learning Guide
Each lesson covers one broad topic or set of related topics. Lessons are arranged in order of increasing prociency with Red Hat Enterprise Linux 5; skills you acquire in one lesson are used and developed in subsequent lessons. For this reason, you should work through the lessons in sequence.

Introduction

xiii

INTRODUCTION
We organized each lesson into results-oriented topics. Topics include all the relevant and supporting information you need to master Red Hat Enterprise Linux 5, and activities allow you to apply this information to practical hands-on examples. You get to try out each new skill on a specially prepared sample le. This saves you typing time and allows you to concentrate on the skill at hand. Through the use of sample les, hands-on activities, illustrations that give you feedback at crucial steps, and supporting background information, this book provides you with the foundation and structure to learn Red Hat Enterprise Linux 5 quickly and easily.

As a Review Tool
Any method of instruction is only as effective as the time and effort you are willing to invest in it. In addition, some of the information that you learn in class may not be important to you immediately, but it may become important later on. For this reason, we encourage you to spend some time reviewing the topics and activities after the course. For additional challenge when reviewing activities, try the What You Do column before looking at the How You Do It column.

As a Reference
The organization and layout of the book make it easy to use as a learning tool and as an afterclass reference. You can use this book as a rst source for denitions of terms, background information on given topics, and summaries of procedures.

Course Objectives
In this course, you will install and set up Linux systems, manage lesystems and services, congure kernel services, and build basic network administration skills. You will: initialize the Linux system. manage packages. manage the Linux kernel services. congure the graphical user interface. examine system services. manage lesystems. use advanced services to manage lesystems. congure networking interfaces and related settings. identify the various methods of Linux installation. implement virtualization with Xen. troubleshoot Linux system issues.

xiv

System Administration of Red Hat Linux 5

INTRODUCTION

Course Requirements
Hardware
Instructor Computer
The instructor system must have the following hardware conguration: 2 GB of memory or higher An Intel Pentium processor with 2.7 GHz speed or higher DVD R/W drive (Boot capable) Floppy disk drive Generic keyboard and mouse Sound and display cards (VGA, 256 color, 800 x 600) Network Interface Card (NIC) Generic Monitor

Student Computers
Each student system must have the following hardware conguration: 1 GB of memory or higher An Intel Pentium processor with 2.7 GHz speed or higher DVD R/W drive (Boot capable) Floppy disk drive Generic keyboard and mouse Sound and display cards (VGA, 256 color, 800 x 600) Network Interface Card (NIC) Generic monitor One blank CD-RW per student

Software
A licensed copy of Red Hat Enterprise Linux 5 for the instructor and students. A copy of the Red Hat Enterprise Linux 5 Rescue CD for the instructor and for each student to perform the activities in lesson 11.

Class Setup
Classroom Network Connectivity
1. For each student and the instructor, set up an independent network consisting of one system each. All Linux computers are connected on the same network via a hub/switch and the network is 192.168.0.* , where 192.168.0.1 is the IP address of the Instructor machine and the IP address of student machines start from 192.168.0.2.

Introduction

xv

INTRODUCTION
2. 3. On each system, install Red Hat Enterprise Linux 5.2. Synchronize system time in each network

Installing Red Hat Enterprise Linux 5.2 on the Server


To install Red Hat Enterprise Linux 5 on the server: 1. Insert Red Hat Enterprise Linux CD 1 in the DVD-RW drive. 2. 3. 4. 5. 6. 7. 8. 9. On the Red Hat Enterprise Linux 5 page, to install or upgrade an existing system, press Enter. On the Welcome to Red Hat Enterprise Linux Server page, select Skip and then press Enter. On the Red Hat Enterprise installation page, click Next. On the Language Selection page, in the language selection list box, verify that the English (English) option is selected and click Next. On the Keyboard Conguration page, in the Keyboard selection area, verify that U.S. English is selected and click Next. At the Installation Number prompt, enter the installation number provided with the Red Hat Enterprise Linux 5 CDs. To install Red Hat Enterprise Linux 5, choose Install Red Hat Enterprise Linux Server and click Next. On the disk partitioning setup page, from the partition layout drop-down list, select Create custom layout and click Next.

10. Partition the hard disk according to the table and click Next.

Type
ext3 swap ext3

Mount Point
/boot /

Size
110 MB Twice the RAM size 10000 MB

11. On the Boot Loader Conguration page, click Next. 12. On the Network Conguration page, congure network parameters. Click Edit. In the Enable IPv4 support section, in the Edit Interface dialog box, select the Manual conguration option. In the IP Address text box, type 192.168.0.1 and in the Prex(Netmask) text box, type 255.255.255.0 and click OK. Uncheck the Enable IPv6 support option. In the text box beside the Manually option, type localhost.localdomain and click Next. In the Error With Data message box, click Continue twice.

13. On the time zone selection page, in the selected city drop-down list, verify that the America/New York option is selected and click Next.

xvi

System Administration of Red Hat Linux 5

INTRODUCTION
14. On the set root password page, in the Root Password text box, type p@ssw0rd and press Tab. 15. In the Conrm text box, type p@ssw0rd and click Next. 16. On the Software Selection page, in the Include Support section, check the Software Development and Web server options. 17. In the Customize section, select the Customize now option and click Next. 18. In the rst list box, select the Desktop Environments option, and in the adjacent list box, check the KDE (K Desktop Environment) packages. 19. In the rst list box, select the Servers option, and in the adjacent list box, check the DNS Name Server, FTP Server, and Network Servers packages. 20. In the rst list box, select the Base System option, and in the adjacent list box, check the System Tools package and click Next. 21. On the about to install page, click Next to start installation. 22. On the Required Install Media dialog box, click Continue to continue installation. 23. At the Change CDROM prompts, enter the respective RHEL 5 CDs. 24. On the Congratulations page, click Reboot to reboot the system. 25. On the Welcome page, click Forward. 26. On the License Agreement page, choose Yes, I agree to the License Agreement and click Forward. 27. On the Firewall page, from the Firewall spin box, choose Disabled and click Forward. 28. On the message box, click Yes. 29. On the SELinux page, from the SELinux Setting spin box, choose Disabled and click Forward. 30. On the message box, click Yes. 31. On the KDump page, click Forward. 32. On the Date and Time page, set the current date and time and click Forward. 33. On the Choose Server page, click Forward. 34. On the Set Up Software Updates page, select the No, I prefer to register at a later time option and click Forward. 35. In the Red Hat network connection dialog box, click No thanks, Ill connect later. 36. On the Finish Updates Setup page, click Forward. 37. On the Create User page, click Forward. 38. In the conrmation dialog box, click Continue. 39. On the Sound Card page, click Forward. 40. On the Additional CDs page, click Finish. 41. In the conrmation dialog box, click OK to reboot the system. 42. Log in as root in the GUI.
Creating the rhelsource folder is necessary to perform the activities in this course.

Installing the Course Data Files on the Server


1. 2. 3. Copy the 085993Data folder and all its contents from the data CD to the /root directory. Create a folder named rhelsource in the /root/085993Data/Managing_Packages directory. Copy the contents of RHEL 5 Disc 1 into the rhelsource folder.

Introduction

xvii

INTRODUCTION
4. 5. Copy the contents of the Server folder in the other four RHEL 5 cds into the /root/ 085993Data/Managing_Packages/rhelsource/Server folder. On the message box that appears, click Skip.

Installing the Activity Simulation Files on the Server


There are simulated versions of certain course activities provided on the CD-ROM. These simulations can be run on any Red Hat Enterprise Linux 5 system.. The activity simulations are found in the 085993Data/Simulations/Lesson# folder. To launch the simulated version of the activity, in the <activity name> folder, right-click the <activity name.html> le and choose Open With Open with Firefox Web Browser. Flash Plugin is required to run the simulated version of the activities. To copy the Flash Plugin, follow the steps below: 1. Insert the Red Hat Enterprise Linux 5 Supplementary CD into the DVD/RW drive. 2. 3. 4. Switch to the CLI. Enter cd /media/RHELServerSupplementary5.1i3861/Supplementary Enter rpm -ivh flash-plugin-9.0.48.0-1.el5.i386.rpm to install the Flash plugin.

Installing Red Hat Enterprise Linux 5 on a Workstation


To install Red Hat Enterprise Linux 5 on the workstation: 1. Insert Red Hat Enterprise Linux CD 1 in the DVD-RW drive. 2. 3. 4. 5. 6. 7. 8. 9. On the Red Hat Enterprise Linux 5 page, to install or upgrade an existing system, press Enter. On the Welcome to Red Hat Enterprise Linux Server page, select Skip and then press Enter. On the Red Hat Enterprise installation page, click Next. On the Language Selection page, in the language selection list box, verify that the English (English) option is selected and click Next. On the Keyboard Conguration page, in the Keyboard selection area, verify that U.S. English is selected and click Next. At the Installation Number prompt, enter the installation number provided with the Red Hat Enterprise Linux 5 cds. To install Red Hat Enterprise Linux 5, choose Install Red Hat Enterprise Linux Server and click Next. On the disk partitioning setup page, from the partition layout drop-down list, select Create custom layout and click Next.

10. Partition the hard disk according to the table and click Next.

Type
ext3 swap

Mount Point
/boot

Size
110 MB Twice the RAM size

xviii

System Administration of Red Hat Linux 5

INTRODUCTION
Type
ext3

Mount Point
/

Size
10000 MB

11. On the Boot Loader Conguration page, click Next.


For the student machines, use consecutive IP addresses such as 192.168.0.2, 192.168.0.3, and so on.

12. On the Network Conguration page, congure network parameters. Click Edit. In the Enable IPv4 support section, in the Edit Interface dialog box, select the Manual conguration option. In the IP Address text box, type 192.168.0.X and in the Prex(Netmask) text box, type 255.255.255.0 and click OK. Uncheck the Enable IPv6 support option. In the text box beside the Manually option, type localhost.localdomain and click Next. In the Error With Data message box, click Continue twice.

13. On the time zone selection page, in the selected city drop-down list, verify that the America/New York option is selected and click Next. 14. On the set root password page, in the Root Password text box, type p@ssw0rd and press Tab. 15. In the Conrm text box, type p@ssw0rd and click Next. 16. On the Software Selection page, in the Include Support section, check the Software Development and Web server options. 17. In the Customize section, select the Customize now option and click Next. 18. In the rst list box, select the Desktop Environments option, and in the adjacent list box, check the KDE (K Desktop Environment) packages. 19. In the rst list box, select the Servers option, and in the adjacent list box, check the DNS Name Server, FTP Server, and Network Servers packages. 20. In the rst list box, select the Base System option, and in the adjacent list box, check the System Tools package and click Next. 21. On the about to install page, click Next to start installation. 22. On the Required Install Media dialog box, click Continue to continue installation. 23. At the Change CDROM prompts, enter the respective RHEL 5 CDs. 24. On the Congratulations page, click Reboot to reboot the system. 25. On the Welcome page, click Forward. 26. On the License Agreement page, choose Yes, I agree to the License Agreement and click Forward. 27. On the Firewall page, from the Firewall spin box, choose Disabled and click Forward. 28. On the message box, click Yes. 29. On the SELinux page, from the SELinux Setting spin box, choose Disabled and click Forward. 30. On the message box, click Yes.

Introduction

xix

INTRODUCTION
31. On the KDump page, click Forward. 32. On the Date and Time page, set the current date and time and click Forward. 33. On the Choose Server page, click Forward. 34. On the Set Up Software Updates page, select the No, I prefer to register at a later time option and click Forward. 35. In the Red Hat network connection dialog box, click No thanks, Ill connect later. 36. On the Finish Updates Setup page, click Forward. 37. On the Create User page, click Forward. 38. In the conrmation dialog box, click Continue. 39. On the Sound Card page, click Forward. 40. On the Additional CDs page, click Finish. 41. In the conrmation dialog box, click OK to reboot the system. 42. Log in as root in the GUI.

Installing the Course Data Files on a Workstation


1. 2. 3. 4. 5. Copy the 085993Data folder and all its contents from the data CD to the /root directory. Create a folder named rhelsource in the /root/085993Data/Managing_Packages directory. Copy the contents of RHEL 5 Disc 1 into the rhelsource folder. Copy the contents of the Server folder in the other four RHEL 5 cds into the /root/ 085993Data/Managing_Packages/rhelsource/Server folder. On the message box that appears, click Skip.

List of Additional Files


Printed with each activity is a list of les students open to complete that activity. Many activities also require additional les that students do not open, but are needed to support the le(s) students are working with. These supporting les are included with the student data les on the course CD-ROM or data disk. Do not delete these les.

xx

System Administration of Red Hat Linux 5

LESSON 1

LESSON 1
Initializing the Linux System
In this lesson, you will initialize the Linux system. You will: Discuss the boot sequence. Congure the GRUB boot loader. Examine kernel and init initialization. Change runlevels.

Lesson Time 2 hour(s)

Lesson 1: Initializing the Linux System

LESSON 1
Introduction
The initialization process is the rst process that starts when the system is booted. The initialization process is important because it involves the loading of the operating system and its various components. Without this process, the programs that load the operating system on the computer will not get initialized. In this lesson, you will examine and understand the various processes that are involved in system initialization. As a system administrator, you will have to install and troubleshoot the operating system on each computer in the network. Learning about system initialization will help you maintain operating systems and troubleshoot problems in the initialization process efficiently.

TOPIC A
Discuss the Boot Sequence
You have worked with the Linux operating system. To understand how Linux is loaded on your system, you need to learn about the boot process. In this topic, you will discuss the boot sequence and its components. The boot process is the most important process in system startup and is essential for the proper loading of the operating system and all its applications. While installing Linux on multiple computers, it is important that you have a sound knowledge of the boot process because it will help you identify and troubleshoot any issues related to system startup or operating systems.

The Boot Process


The Boot Process

The boot process is a process that is repeated each time your computer is started by loading the operating system from your hard drive. It involves a series of sequential steps. The boot sequence can be divided into the BIOS initialization, boot loader, kernel and init initialization, and the boot scripts. The boot process consists of the following stages: 1. The processor checks for the Basic Input/Output System (BIOS) program and executes it. 2. 3. The BIOS checks for peripherals such as oppy disk drives, CD-ROM, and hard disk for bootable media. It locates a valid device to boot the system. The BIOS loads the primary boot loader from the Master Boot Record (MBR) into the memory. The boot loader is a program that contains instructions required to boot a machine. It also loads the partition table along with it. The user is prompted with a graphical screen displaying the different operating systems available in the system to boot. The user should select an operating system and press Enter to boot the system. If the user does not respond, then the default operating system will be booted. The boot loader determines the kernel and locates the corresponding kernel binary. It then uploads the respective initrd image into the memory and transfers the control of the boot process to the kernel.

4.

5.

System Administration of Red Hat Linux 5

LESSON 1
6. The kernel congures the available hardware, including processors, I/O subsystems, and storage devices. It decompresses the initrd image and mounts it to load the necessary drivers. If the system has implemented any virtual devices such as LVM or software RAID, then they are initialized. The components that are congured by the kernel will be displayed one by one on the screen. The kernel mounts the root partition and releases the unused memory. To setup the user environment, the init program is executed. The init program searches for the inittab that contains the details of the runlevel that has to be started. It sets the environment path, checks the lesystem, initializes the serial ports, and runs background processes for the runlevel. If the graphical mode is chosen, then the xdm or kdm is started and the login window is displayed on the screen.

7. 8.

9.

10. The user enters the user name and password to log in to the system. 11. The system authenticates the user. If the user is a valid user, then the prole, the .login, the .bash_login, and the .bash_profile les are executed. The shell is started and the system is ready for the user to work on it.

Figure 1-1: Stages in the boot process.


xdm refers to the X Window Desktop Manager. Users who use GNOME or KDE use gdm or kdm respectively. In RHEL 5, gdm is the default desktop manager. These will be discussed in detail in lesson 4.

BIOS
Basic Input/Output System (BIOS) is a low-level rmware that acts as the interface between the hardware and the operating system in a computer. The BIOS settings can be modied according to the needs of the user. BIOS plays an important role in starting the boot process and determines the boot device settings. When your computer is powered on, BIOS is loaded into the memory and it initiates the Power-On Self Test (POST).
The BIOS size varies among vendors, and has a maximum size of 8 megabytes.

Lesson 1: Initializing the Linux System

LESSON 1
Boot Loader
Boot Loader

Denition: A boot loader is a program that loads the kernel from a hard drive or boot disk and then starts the operating system. It is also referred to as the boot manager. Boot managers can load more than one operating system into the computers memory. The user is then allowed to select the desired operating system. The boot loader interacts with BIOS and utilizes subroutines to load the operating system. Boot managers can also protect the boot process with a password. The GRUB boot loader is the default boot loader for Red Hat Enterprise Linux 5. Some of the other boot loaders include LILO and SYSLINUX. Example:

Figure 1-2: The working of a boot loader.

Boot Loader Components


The boot loader uses three main components that work together to systematically load the operating system in stages.

Component
Boot sector program

Description
It is the rst component of the boot loader. It is loaded by the BIOS on startup and has a xed size of 512 bytes. Its main function is to load the second stage boot loader; however, it can also load another sector or a kernel. Loads the operating system and contains a kernel loader. This has a size of 100 kilobytes in GRUB. Controls the installation of disk sectors and can be run only when booting from a disk. It coordinates the activities of the boot sector and the boot loader.

Second stage boot loader Boot loader installer

Superblocks
Superblocks

Denition: A superblock, often called sb, is a data structure that is stored on a disk and contains control information for a lesystem. Linux partitions are discussed in terms of blocks. The superblock comprises the rst 512 bytes of a partition. It contains information about the block size used by the lesystem, the location of the root directory, and the time it was last checked.

System Administration of Red Hat Linux 5

LESSON 1
Each partition on a disk is identied by a number. The number 1 is assigned to the rst partition, number 2 to the second partition, and so on.

Example:

Figure 1-3: A superblock on a hard disk.

Sectors
Denition: A sector is the smallest unit of storage read or written on a disk. The sector stores 512 bytes of data by default. A collection of sectors is called a track. The number of sectors in a track may vary, and so does its capacity to hold data. The size of the sector can be altered when formatting the hard disk. Example:
Sectors

Figure 1-4: A hard disk showing sectors and tracks.

The Master Boot Record (MBR)


Denition: MBR, or the Master Boot Record, is the rst physical sector on a hard drive, which contains the code that is used to load the operating system or boot loader into memory. It also contains the partition table of the hard drive. MBR helps to determine the partition that is currently active.
The Master Boot Record (MBR)

Lesson 1: Initializing the Linux System

LESSON 1
Example:

Figure 1-5: A hard disk showing the master boot record and the partition table loaded by it.

ACTIVITY 1-1
Discussing the Boot Process
Scenario: As a junior administrator in your company, you are instructed to acquaint yourself with the boot sequence components because it will help you troubleshoot any issues that may arise when loading the operating system.

1.

What enables you to choose the operating system to load from the hard disk? a) The number of sectors on the hard disk. b) The Master Boot Record (MBR). c) The number of tracks on the hard disk. d) The BIOS. e) The boot loader.

2.

What is true of the Master Boot Record (MBR)? a) The MBR contains the partition tables. b) The MBR contains a number of sectors. c) The MBR contains the code to load the operating system into the memory. d) The MBR determines the boot device settings. e) The MBR determines the currently active partition.

System Administration of Red Hat Linux 5

LESSON 1
3. True or False? The boot loader installer contains a kernel loader. True False

TOPIC B
Congure GRUB
You have discussed the boot sequence. To manage the boot process, you must understand how to use and congure the components involved in it. By conguring GRUB, you can modify the system to run according to your requirements. In this topic, you will congure the GRUB boot loader and understand its functions. The boot sequence familiarized you with the steps involved in the boot process. As a system administrator, you might be assigned the task of running multiple operating systems on the same system. In such cases, you must know how to add new kernels and how to boot the required operating system. To accomplish this task, you should know about GRUB and how to congure it.

The GRUB
Denition: GRand Unied Bootloader (GRUB) is a program that Red Hat Enterprise Linux 5 uses to install a boot loader to MBR. GRUB allows you to place specic instructions in MBR that loads a GRUB menu or environment command. This enables you to start the operating system of your choice, pass instructions to the kernel at boot, or check for system parameters before booting. Example:
The GRUB

Figure 1-6: The grub boot loader menu screen with its various functions.

Lesson 1: Initializing the Linux System

LESSON 1
The grub.conf File
The grub.conf le found in the /boot/grub directory is the conguration le for the GRUB boot manager. It contains various conguration options for conguring and troubleshooting the boot manager.

The grub.conf Option


default=Number timeout=Number Splashimage=(hdx,y)/grub/image location title user desired name root (hdx,y) kernel {Location} {option} initrd Kernel image

Enables You To
Specify the default booting kernel number if multiple kernel images are found. Specify the time limit for the login screen to be displayed. Specify the location of the login screen image. Specify a title to differentiate between the kernel images in the login screen. Specify the location of the MBR. Specify the location of the kernel. Specify the location of the kernel image.

GRUB Commands
GRUB commands enable the user to congure and modify GRUB settings in each runlevel based on user requirements. General commands and CLI commands can be used anywhere in the menu and can be accessed from the CLI.

General Command
bootp device

Enables You To
Use the BOOTP protocol to initialize a network device. Create a disk image, and specify a le as a BIOS drive. This command is also used to troubleshoot GRUB in case of drive errors. Use the DHCP protocol to initialize a network device. Set a password for the menu les. The locked les will not have the edit property set to them. Congure a network manually. The gateway, IP address, subnet mask, and server address can be congured using this command. Specify the terminal settings. The serial ports can be used only if this command is specied. Congure settings for various serial devices and serial ports.

dhcp password ifconfig

terminal serial

System Administration of Red Hat Linux 5

LESSON 1
CLI Command
boot cat file name find setup install kernel Lmodule halt reboot exit

Enables You To
Load the operating system into the computer from the command line interface. Display the content of a le. Search for a le. Install and congure various services such as authentication, rewalls, and system services. Install GRUB and other utilities. Load a kernel boot image. Load a kernel module. Shut down your system. Reboot your system. Exit from the GRUB shell.

Grub Menu-Specic Commands


Menu-specic commands are used to congure GRUB from the conguration le. They can be enabled in the global section of the grub.conf conguration le.

Menu-Specic Command
default fallback hiddenmenu timeout

Enables You To
Set the default entry for the entry number NUM, which is used by GRUB in case of boot entry errors. Set the fallback entry, allowing GRUB to override any errors in the boot entry. Hide the menu control from the user at the control terminal. This does not affect the boot entry. Set the timeout value before booting into the default boot entry. The hiddenmenu command can be disabled here by pressing Esc before the timeout elapses. Start a new boot entry, which is displayed on the menu interface.

title

How to Congure GRUB


Procedure Reference: Congure the GRUB Boot Loader To congure the GRUB boot loader:
1. 2.

Log in as root in the CLI. Enter vi /boot/grub/grub.conf to open the grub.conf le.
The /boot/grub/menu.lst le can also be used to congure the GRUB boot manager.

Lesson 1: Initializing the Linux System

LESSON 1
3. 4.

Make the necessary changes. Save and close the le.

Procedure Reference: Protect GRUB with a Password To protect GRUB with a password:
1. 2. 3. 4. 5. 6. 7.

Log in as root in the CLI. Enter grub-md5-crypt to create an MD5 encrypted password. Enter cd /boot/grub to navigate to the /boot/grub directory. Enter vi grub.conf to open the grub.conf le. Press I to switch to the insert mode. On a new line below the hiddenmenu option, type password --md5 to specify your password. Save and close the le.

Procedure Reference: Install the GRUB Boot Loader To install GRUB as the boot loader:
1. 2. 3. 4.

Log in as root in the CLI. Enter cat /boot/grub/device.map to know the boot device in the system. Enter grub-install boot device to install the GRUB boot loader. Enter reboot to check if the system boots with the specied boot loader.

Procedure Reference: Setup GRUB Manually To setup GRUB manually:


1. 2. 3. 4. 5. 6.

Log in as root. At the command prompt, enter grub to open the GRUB shell. Enter root (boot device node, partition) Enter setup (boot device node, partition) Enter quit to close the GRUB shell. Enter reboot to reboot the system.

Procedure Reference: Boot from Menu Editing Mode To boot from the menu editing mode:
1. 2. 3.

Start the system. In the GRUB graphical splash screen, press the Esc key. Select an entry and press E, to enter into the menu editing mode. Select a line and press E to edit a line. Select a line and press D to delete a line. Select a line and press O to add a line. Select a line and press C to open the GRUB shell.

10

System Administration of Red Hat Linux 5

LESSON 1
4.

Press B to boot the system.

ACTIVITY 1-2
Conguring GRUB
Scenario: The system administrator is receiving many complaints from users that their systems are not booting properly. As a junior administrator, you are assigned the task of troubleshooting the systems. You nd that the boot loader is not installed properly, and that someone has modied the settings in the boot loader because there is no password protection. You decide to reinstall GRUB and protect it with a password. These are your login details: Your login id is root Your password is p@ssw0rd
How You Do It a. Log in as root in the CLI. b. To install GRUB, enter grub-install /dev/hda c. Verify that the Installation finished. No error reported message is displayed. This indicates that GRUB has been installed successfully. 2. Generate an MD5 encrypted password for GRUB. a. To generate an MD5 password for GRUB, enter grub-md5-crypt b. At the Password prompt, enter p@ssw0rd c. Enter the password again at the Retype password prompt. d. Write down the md5 password that is generated.
This md5 password will be used in the activity to protect GRUB with a password.

What You Do 1. Install the GRUB boot manager.

Lesson 1: Initializing the Linux System

11

LESSON 1
3. Enable password protection for GRUB. a. To navigate to the /boot/grub directory, enter cd /boot/grub b. To open the grub.conf file, enter vi grub.conf c. To go to the hiddenmenu line, enter /hid d. To switch to the insert mode, press I. e. On a new line below the hiddenmenu option, type password --md5 password
In the password section, students must type the md5 password that they have generated.

f.

To switch to the command mode, press Esc.

g. Save and close the file. 4. Check whether password protection is enabled for GRUB. a. To restart the system, enter reboot b. At the GRUB graphical splash screen, press A.
Unless you specify the password, you will not be able to edit the GRUB from the splash screen. Thus, password protection is enabled for the GRUB boot loader.

c. To enter the password to edit the GRUB configuration, press P. d. At the Password prompt, enter p@ssw0rd e. To edit the GRUB configuration, press E. f. To boot with the default setup, press B.

12

System Administration of Red Hat Linux 5

TOPIC C
View Kernel and Init Initialization
You familiarized yourself with the functional aspects of the GRUB boot loader and the technicalities of the boot process. The boot process is incomplete without kernel and init initialization, which constitute the closing stages of the boot process. In this topic, you will view kernel and init initialization. The boot process is the most important system process. To control it, you must be able to view its status at each stage. Learning about kernel and init initialization will enable you to check each step of the boot process and troubleshoot any problems in the boot process.

LESSON 1

Kernel Initialization
The kernel initialization phase is the phase in the boot process where the kernel gets loaded and takes control of the computer. The kernel analyzes the system conguration and hardware, and then displays essential information such as the kernel that is loaded, the status of the various ports, RAM, and hard disk. This data helps you diagnose the problems in the boot process. The initialization can be veried using the dmesg command.

The dmesg Command


The dmesg command is used to examine and control the kernel initialization process. It is used to print messages about the status of the various hardware devices in the system during kernel initialization. Status messages can also be accessed from the /var/log/dmesg le.
The dmesg Command

Figure 1-7: Output of the dmesg command, displaying hardware devices attached to the computer.

Lesson 1: Initializing the Linux System

13

LESSON 1
The Init Process
The Init Process

The init initialization stage is the fourth stage of the boot sequence. The init process started after kernel initialization is the most important process that controls the standalone processes such as execution of scripts and initiation of the GUI. When a user logs in, init invokes a getty program, which starts a process from the /etc/inittab le. The pstree command can be used to display the process tree.

Figure 1-8: Output of the pstree command, showing the various processes involved in system initialization. The Process Tree Processes on the Linux system may be listed in a tree-like format using the pstree command. This is useful in tracking parent and child processes. All processes are listed as child processes to init and this is represented by the initial branching. Getty Programs Getty programs are programs that are invoked by the init process. These programs control the terminal settings such as speed and mode and are initiated in standard runlevels in the /etc/inittab le.

How to View Kernel and Init Initialization


Procedure Reference: Examine the Kernel Initialization To examine kernel initialization:
1. 2.

Log in as root. Enter dmesg to examine the kernel initialization.

Procedure Reference: Examine the Init Initialization To examine init initialization:


1. 2.

Log in as root. Enter pstree to examine the init initialization.

14

System Administration of Red Hat Linux 5

ACTIVITY 1-3
Viewing Kernel and Init Initialization
Scenario: Your system administrator has received complaints from a number of users in your organization that their systems are not booting properly and are unable to detect certain hardware devices. You have been instructed to view the sequence of kernel and init initialization to help you understand the boot process and also identify areas that might require troubleshooting.
What You Do 1. Examine the kernel initialization. How You Do It a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root. c. To view the kernel initialization, enter dmesg d. Observe the list of devices displayed in the order they were initialized. 2. Examine the init initialization. a. To view the init initialization, enter pstree b. Observe the init initialization tree displayed on the screen. c. Enter logout

LESSON 1

Lesson 1: Initializing the Linux System

15

LESSON 1

TOPIC D
Change Runlevels
You examined kernel and init initialization, which concludes the boot process. However, in certain cases such as system crashes and lesystem corruption, you will have to modify the boot process to prevent any damage to the network. In this topic, you will change runlevels. You have been working with the basics of the boot process and system initialization. You also need to understand the various modes that you can boot your system in when you are unable to run your system normally. Learning about runlevels will enable you to boot your system in different runlevels and congure them. This will enhance your capabilities as a system administrator and also help you cope with problems such as system crashes.

Runlevels
Runlevels

Denition: A runlevel is a system setting that controls the number of processes running on the system. In Red Hat Enterprise Linux 5, there are 8 runlevels, out of which the 06 runlevels are the most used. Runlevel directories are located in the /etc/rc.d directory. Runlevels differ in their functions and the processes running in each runlevel. Example:

System V Runlevels System V runlevels are exible runlevels in which the user is able to specify the processes running in each runlevel. These runlevels are used by system administrators in Red hat Enterprise Linux 5.2. Each runlevel has its own script. Under system V, the runlevel S is used for maintenance work, and runlevel 1 is used for system administration. The /etc/rc.d Directory The /etc/rc.d directory contains most of the system shell scripts that are called during the startup and initialization of the system. The following les and subdirectories are present in the /etc/rc.d directory.

16

System Administration of Red Hat Linux 5

LESSON 1
File/Directory
rc.local rc rc.sysinit init.d/ rc0.d/ rc1.d/ rc2.d/ rc3.d/ rc4.d/ rc5.d/ rc6.d/

Description
Local initialization script. Runlevel initialization script (starts and stops services based on runlevel). System initialization script. Directory of control scripts for individual services and daemons. Directory of conguration scripts for runlevel 0. Directory of conguration scripts for runlevel 1, single user. Directory of conguration scripts for runlevel 2, multiuser. Directory of conguration scripts for runlevel 2, full multiuser. Directory of conguration scripts for runlevel 4. Directory of conguration scripts for runlevel 5, to boot directly into X Windows. Directory of conguration les for runlevel 6.

The les in the rcx.d subdirectories are actually symbolic links to scripts in the /etc/ rc.d/init.d directory.

Runlevel Types
There are various runlevels in Linux. Some runlevels are used for system maintenance, whereas others are used to troubleshoot the system. The following table lists the various runlevels in Linux.

Runlevel
0 1 2 3 4 5 6 S and s

Used To
Shutdown the system. Perform maintenance work and is a single-user runlevel. Allow multiple user logins. It is user-dened, and most system services run in this runlevel, except NFS. Allow servers to run in the CLI mode, except the X server. Run the system only in very special cases. Often left unused. This is a userdened runlevel. Start the system normally. This is a multiuser runlevel and supports both GUI and the CLI. Reboot the system. Carry out maintenance tasks on the system. They are single-user runlevels.

The inittab File


The inittab le found in the /etc directory stores the details of various processes related to init initialization. It also stores details of the runlevels in use. The inittab le stores data in the id:runlevels:action:process format. Entries in the le can be altered by any user.
The inittab File

Lesson 1: Initializing the Linux System

17

LESSON 1

Figure 1-9: The inittab file, showing runlevel details.

Controlling Services
The controlling services are used to control daemons and their services through manual and default startup utilities. The default startup and manual service utilities are listed below.

Default Startup Service Utility


system-config-services ntsysv chkconfig option

Used To
Start and stop system services. It is an X-based graphical utility. This should be run from the terminal on the GUI screen. Congure runlevels. You can select the services that are to be started automatically. Update the system directory and check runlevel details.

Manual Service Utility


service option chkconfig option

Used To
Keep track of the daemon status. It can also be used to start or stop init scripts. Start or stop xinetd-based services. Also used to update the system directory.

How to Switch Runlevels


Procedure Reference: Change the Default Runlevel To change the default runlevel:
1. 2.

Log in as root. Enter cd /etc to navigate to the /etc directory.

18

System Administration of Red Hat Linux 5

LESSON 1
3. 4. 5. 6.

Enter vi inittab to open the inittab le. Locate the line id:[default runlevel]:initdefault:. Enter the desired runlevel number in default runlevel. Reboot the system.

Procedure Reference: Display the Current and Previous Runlevels To display the current and previous runlevels:
1. 2.

Log in as root. At the command prompt, enter runlevel to display the current and the previous runlevels.
When you change the default runlevel, you need to know if the changes have taken effect and verify that you have specied the correct runlevel.

Procedure Reference: Switch Between Runlevels To switch between runlevels:


1. 2.

Log in as root. Enter init new runlevel to switch to a different runlevel.

Procedure Reference: Manage Services with Command Line Tools To manage services with command line tools:
1. 2.

Log in as root. Control a service from the CLI. Enter service {service name} {start | stop | restart | reload | status} to manage the specied service. Enter chkconfig {service name} {on | off} to turn on or off the service at the startup of the system. Enter ntsysv command options to open a console-based interactive tool to control the service at the specied runlevel.

Procedure Reference: Manage Services with Graphical Tools To manage services with graphical tools:
1. 2.

Log in as root in GUI. Open the Service Conguration window. At the command prompt, enter system-cong-services. Choose System Administration Services. Choose System Administration Server SettingsServices.

3.

In the Service Conguration window, select the Background Services tab to view the list of the services available in the system and their description and status. Choose Action to add, delete, start, stop, and restart the services. Choose View Refresh Service List to refresh the service list.
19

4. 5.

Lesson 1: Initializing the Linux System

LESSON 1
6. 7.

Choose Edit Runlevel to edit the services in the particular runlevel. Choose File Quit to close the window.

ACTIVITY 1-4
Changing Runlevels
Before You Begin: 1. Log in as root in the CLI. 2. 3. 4. 5. 6. 7. To navigate to the /etc directory, enter cd /etc To open the inittab le, enter vi inittab Locate the line id:5:initdefault: Delete the line and type id:3:initdefault: Save and close the le. Enter reboot to reboot the system

Scenario: As a junior administrator, you are assigned the task of setting up the operating systems on multiple systems in the network. You nd that some users are unable to access their GUI because the system is booting from the wrong runlevel. You decide to change the default boot runlevel. You are also assigned the task of activating the NetworkManager and NFS services on their systems to enable information sharing within the network.
What You Do 1. View the current runlevel. How You Do It a. Log in as root in the CLI. b. To view the current runlevel, enter runlevel c. Observe that N 3 is displayed, indicating that the current runlevel is 3.

20

System Administration of Red Hat Linux 5

LESSON 1
2. Change the default boot runlevel. a. To navigate to the /etc directory, enter cd /etc b. To edit the inittab file, enter vi inittab c. To place the cursor on the id:3:initdefault: line, enter /id d. To go to the insert mode, press I. e. In the id:3:initdefault: line, change 3 to 5. f. To exit to the command mode, press Esc.

g. Save and close the file. h. To bring the changes to effect, enter reboot 3. Enable the NetworkManager service in the current runlevel. a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root in the CLI. c. To view the current runlevel, enter runlevel d. To enable the NetworkManager service, enter ntsysv e. Select the NetworkManager service. f. Press Tab and observe that the OK button is selected. Press Enter to exit ntsysv.

4.

Enable the NFS service from the CLI.

a. To start the NFS service, enter service nfs start b. To enable the NFS service during system startup, enter chkconfig nfs on c. Enter clear

Lesson 1: Initializing the Linux System

21

LESSON 1
5. Check whether the NFS service is enabled. a. To switch to the GUI mode, press Ctrl+Alt+F7. b. Log in as root. c. To open the terminal window, choose ApplicationsAccessoriesTerminal. d. In the terminal, to open the Service Configuration window, enter system-config-services e. From the Background Services tab, scroll down and select nfs. f. Verify that in the Status box, the rpc.mountd is running and the nfsd is running messages are displayed.

g. To exit the application, choose File Quit. h. Close the terminal.

Lesson 1 Follow-up
In this lesson, you explored the boot process. You also congured the GRUB boot loader to manage the boot process, and booted the system in different runlevels. You examined the various controlling services and understood kernel and init initialization. This knowledge will enable you to troubleshoot issues during installation and rectify the problems at the beginning of the boot process.
1. Do you think the boot process will affect the applications installed on your system? Why? Answers will vary, but may include: 1. The boot process is responsible for the proper loading of the operating system and the various applications that are installed on the computer. Therefore, any change in the boot process will affect the programs and applications that are dependent on it. 2. Once the boot process is completed, the applications may not be dependent on the boot configuration because the applications start their own individual processes and may not be affected unless they are configured to start on system startup. 2. Which is the best runlevel to boot your system in? Why? Answers will vary, but may include: 1. The best runlevel to boot in depends on the individual users requirements. 2. The default runlevel is runlevel 5. If a user is technically sound, he may use runlevel 3 with the CLI only. If a user prefers GUI, he may use runlevel 5.

22

System Administration of Red Hat Linux 5

LESSON 2

LESSON 2
Managing Packages
In this lesson, you will manage packages. You will: Manage packages using the RPM package manager. Congure repositories. Install packages using the YUM package manager. Explore the Red Hat Network.

Lesson Time 1 hour(s), 30 minutes

Lesson 2: Managing Packages

23

LESSON 2
Introduction
You explored the boot process and examined the various controlling services. Now that you have booted the system, you are ready to install software in your system. In this lesson, you will explore packages and the RPM (RPM Package Manager) package manager. After booting your system, you may have to install software in it to enable you to perform the required tasks. To do this, you need to learn about packages and package managers and how to install them on your system. Unless the packages are fully installed on the system, the software will not function.

TOPIC A
Manage Packages Using RPM
You explored the boot process and examined the various controlling services. Once you boot your system, you may need to install software as required. Installing software on your system will increase the capabilities of your computer and enable you to accomplish your tasks faster. In this topic, you will manage packages using the RPM package manager. You will need to install software on your system to carry out the required tasks effectively. The software is a collection of packages. You can install software only if you know how to add these packages to your system. Even if one package is not installed correctly, the software might not work. Installation of these packages is facilitated by package managers. Therefore, it is necessary that you must know about packages and package managers if you are to install software on the systems in your network.

Packages
Packages

Denition: A package is a collection of classes, functions, or procedures that can be imported as a single unit. Packages include all les required to run an application. Each package is compiled specically for your Linux distribution and system type. Packages are of many types, depending on the applications where they are used.

24

System Administration of Red Hat Linux 5

LESSON 2
Example:

Package Managers
Denition: A package manager is a tool that enables you to search for packages and upgrade or remove them. It keeps track of the les that are provided with each package. Querying options are also provided by a package manager to list the installed packages and their characteristics. The naming convention followed by package managers for package les is name-version-release.architecture.rpm. Example: The RPM package manager and the YUM (Yellow dog Updater, Modied) package manager are examples of package managers. These are the two main package managers available in RHEL 5.2. These package managers can be used depending on the number of packages being installed and the number of systems. The user can use any package manager based on user requirements.
Package Managers

Dependencies Dependency management is a major function of package managers. Dependencies are the packages upon which a target package depends for its functionality. Dependency chains can run on for many levels. For example, package A will be installed only after package B is installed. Similarly, package B will be installed only after package C is

Lesson 2: Managing Packages

25

LESSON 2
installed. In a situation where you want to install ve packages, each having their own dependencies, this can turn into a cumbersome task. Package managers can fetch the required packages in an automated manner saving time and effort. RPM has several complementary utilities, such as up2date and yum, to manage dependencies.

The RPM Package Manager


The RPM Package Manager

RPM or the RPM Package Manager developed by Red Hat is a tool for maintaining packages. By providing a standard software packaging format, RPM enables easy administration and maintenance of Linux systems and servers. RPM provides a standard installation mechanism, information about installed packages, and a method for uninstalling and upgrading existing packages.

Figure 2-1: Installing a package using the RPM package manager.


The RPM package manager is distributed under the GNU General Public License (GPL) and can be used with many distributions of Linux and even with other UNIX implementations.

The /usr/lib/rpm/* Directory The /usr/lib/rpm/* directory contains the RPM tools required to manage the RPM packages. The /var/lib/rpm/* directory contains the RPM database of the installed packages. By default, the rpmrc le, which is the global RPM conguration le, is located in the /usr/lib/rpm directory. The rpmrc le consists of the RPM architecture compatibility information. If you want the RPM settings to be applicable for a systemwide conguration, place the rpmrc le in the /etc directory. If the rpmrc le is placed as .rpmrc in the home directory of any user, then the rpm settings will be applicable only for that specic user.

RPM Commands
The RPM package management commands enable you to perform package management tasks. The common RPM package management commands are given in the following table.

Command
rpm -i {RPM package_file} rpm -F {RPM package_file} rpm -U {RPM package_file} rpm -e {RPM package_name}

Enables You To
Install the package. Reinstall the package. Upgrade the package. Remove the package.

26

System Administration of Red Hat Linux 5

LESSON 2
The RPM Components
The RPM package manager contains a number of components. Using these components, you can maintain a list of the packages that are installed on the system.

Component
The RPM local database The RPM package yum RPM package les

Description
Keeps track of the packages that are installed on the system. Contains many executables and scripts required to install packages. Acts as the front-end package installer for RPM. Contains the source codes for the package.

RPM Queries
An RPM query is a function used to query RPM for information on both installed and uninstalled packages. The syntax for an RPM query is rpm -q {what_packages} {what_information}. There are various options, which give distinct outputs, for the rpm -q command. The options for the RPM query command are listed below.

Option
rpm -qa rpm -qc package_name rpm -qi package_name rpm -ql package_name rpm -qR package_name

Enables You To
List all packages that are installed on your system. List the conguration les of the specied package. Give the basic details of the package such as installed date, size, and summary. List the les in the package. List the package dependencies.

RPM Verication
RPM verication compares the existing packages with the RPM package database and returns missing or corrupt packages. The syntax for RPM verication is rpm -V package_name. Various options allow you to verify specic information in the package. The RPM verication options are listed below.

Option
rpm -Va rpm -V package name

Enables You To
Verify all installed packages. Verify a specic package.

Lesson 2: Managing Packages

27

LESSON 2
Option
rpm -V {file name}{package_name}

Enables You To
Verify a specic le in the package.

How to Manage Packages Using RPM


Procedure Reference: Managing Packages Using RPM To manage packages using RPM:
1. 2. 3. 4.

Log in as root in the CLI. Enter rpm -F RPM package_file to reinstall a package using RPM. Enter rpm -U RPM package_file to update a package using RPM. Enter rpm -e RPM package_name to remove a package using RPM.

ACTIVITY 2-1
Managing Packages Using RPM
The activity Creating a Kickstart File in Lesson 9 is dependent on this activity. Therefore, the instructor must also perform this activity along with the students.

Data Files: pykickstart-0.43-1.el5.noarch.rpm system-cong-kickstart-2.6.19.1-1.el5.noarch.rpm

Scenario: Your colleague wants the kickstart application package to be installed in her machine. After the installation, you need to write down the following details for documentation purpose: Version of the package Files in the package Status of the package

The source les of the program pykickstart-0.43-1.el5.noarch.rpm and system-cong-kickstart-2.6.19.1-1.el5.noarch.rpm are located in the 085993Data folder in the /root directory of the user. Account information: Login name for root user: root Password for root user: p@ssw0rd

28

System Administration of Red Hat Linux 5

LESSON 2
What You Do 1. Install and check the version of the kickstart packages. How You Do It a. To switch to the CLI mode, press Ctrl+Alt+F1. b. To navigate to the 085993Data/Managing_ Packages folder, enter cd 085993Data/Managing_Packages c. To install the pykickstart-0.43-1.el5.noarch.rpm package, enter rpm -ivh pykickstart-0.43-1.el5.noarch.rpm d. To view the version number of the package, enter rpm -qi pykickstart-0.43-1.el5 e. To install the system-config-kickstart-2.6.19.1-1.el5.noarch.rpm package, enter rpm -ivh system-config-kickstart -2.6.19.1-1.el5.noarch.rpm f. Enter clear

g. To view the version number of the package, enter rpm -qi system-config-kickstart -2.6.19.1-1.el5 h. Enter clear 2. List the files in each package. a. To view the list of all files in the pykickstart-0.43-1.el5.noarch.rpm package, enter rpm -ql pykickstart-0.43-1.el5 b. To view the list of all files in the system-config-kickstart-2.6.19.1-1.el5.noarch.rpm package, enter rpm -ql system-config-kickstart -2.6.19.1-1.el5 c. Enter clear

Lesson 2: Managing Packages

29

LESSON 2
3. Check the status of the files in each package. a. To view the status of all files in the pykickstart-0.43-1.el5.noarch.rpm package, enter rpm -qs pykickstart-0.43-1.el5 b. To view the status of all files in the system-config-kickstart-2.6.19.1-1.el5.noarch.rpm package, enter rpm -qs system-config-kickstart-2.6.19.1-1.el5 c. Enter clear

TOPIC B
Congure Repositories
You managed package installation using the RPM package manager. When managing a network, you may have to update the systems with the latest packages. You need to know where to obtain these packages. In this topic, you will examine repositories and how to use them to update the system. Updating the systems with the latest packages is one of the most important roles of a system administrator. To do this, you must know where the packages are available and how they can be downloaded.

Repositories
Repositories

Denition: The software is installed in the system only when the repositories for the software are present in it. A repository is a database that holds the source code and compilations. There are two types of repositories, local and online. The packages for the software are found in their respective repositories and are directly installed from them. Example:

30

System Administration of Red Hat Linux 5

LESSON 2
Types of Repositories
There are two types of repositories. Online repositories are found on the Internet. The packages can be directly downloaded from the Internet and installed on the system. Local or private repositories are stored in your system. The process of updating the system is greatly facilitated by repositories because the source les are readily available. Repositories also make it easier for system administrators to update multiple systems simultaneously.

The createrepo Command


The createrepo command is used to create yum repositories. It generates XML metadata called repomd and creates a repository from existing rpm packages. The createrepo command has a number of options that facilitate the repository creation process. The options for the createrepo command are listed below.

Option
-p -s -c

Enables You To
Generate the output in the xml format. Select the checksum to be used to create the repository. Compare the repository with the checksum and check package integrity. Creates a cache directory for the package checksum. Exclude the specied les from the repository. Show the help menu. Run the command verbosely.

-x -h -v

How to Congure Repositories


Procedure Reference: Creating a Private Repository To create a private repository:
1. 2. 3. 4. 5.

Log in as root. Enter mkdir /directory name to create a directory. Populate the directory with the packages. Enter createrepo -v /directory name to create a private repository. If you add or remove any packages from the directory, run createrepo again.

Procedure Reference: Conguring Additional Repositories To congure additional repositories:


1. 2. 3. 4. 5.

Log in as root. Enter cd /etc/yum.repos.d to navigate to the /etc/yum.repos.d directory. Enter vi {file name} to create a le. Switch to the insert mode. Type the required information.
31

Lesson 2: Managing Packages

LESSON 2


6.

Enter name = repository name to set the repository name. Enter description of the repository to give a description of the repository. Enter baseurl = {URL of the repository} to set the repository baseurl. Enter enabled = { 0 | 1 } to control the status of the repository. Enter gpgcheck = { 0 | 1 } to control the GPG signature verication.

Save and close the le.

ACTIVITY 2-2
Conguring Repositories
Data Files: createrepo-0.4.4-2.fc6.noarch.rpm

Scenario: You have been assigned the task of updating a few systems in the network with the kickstart application. However, you nd that there are hundreds of packages in the installation folder, and that you have to search for the kickstart packages each time while installing. So, you decide to make your job easier by creating a kickstart repository with specic packages, so that you can call the repository instead of searching for the packages.
What You Do 1. Install the createrepo packages. How You Do It a. To install the createrepo package, enter rpm -i createrepo-0.4.4-2.fc6.noarch.rpm b. To verify if the package is installed, enter rpm -q createrepo-0.4.4-2.fc6 2. Create a private repository. a. To navigate to the /root directory, enter cd /root b. To create the rhelsource repository, enter mv 085993Data/Managing_Packages /rhelsource / c. Enter createrepo -v /rhelsource to create a private repository.

32

System Administration of Red Hat Linux 5

LESSON 2
3. Configure additional repositories. a. To navigate to the /etc/yum.repos.d directory, enter cd /etc/yum.repos.d b. To create the rhelsource file, enter vi rhelsource c. Switch to the insert mode. d. To enter the repository name, enter name = rhelsource e. To enter the repository description, on a new line, enter My Local Repository f. To enter the baseurl, on a new line, enter baseurl=file:///rhelsource/Server/

g. To enable the repository, on a new line, enter enabled = 1 h. Type gpgcheck = 0 i. j. To exit to the command mode, press Esc. Save and close the file.

k. To navigate to the yum.conf file, enter vi /etc/yum.conf l. To navigate to the gpgcheck=1 line, enter /gpg

m. Switch to the insert mode. n. To disable gpgcheck, change gpgcheck=1 to gpgcheck=0 o. To exit to the command mode, press Esc. p. Save and close the file. q. Enter logout

Lesson 2: Managing Packages

33

LESSON 2

TOPIC C
Manage Packages Using YUM
You managed package installation on a single computer using RPM. As a system administrator, your task involves installing software on multiple systems simultaneously within a short period of time. In this topic, you will manage package installation using YUM. As a system administrator, you will be dealing with multiple systems at once. It is necessary that you install packages on all systems simultaneously and in the shortest possible time. Knowing about the YUM package manager will help you install and manage packages on multiple systems simultaneously.

The YUM Package Manager


The YUM Package Manager

Yellow dog Updater, Modied (YUM) is a package manager used to update, install, and manage packages. YUM automatically detects and congures the dependencies for software packages and maintains a database of the installed software. YUM is widely used by system administrators because it is easier to maintain packages. It supports both local and online repositories.

Figure 2-2: Installing a package from a local repository using the YUM package manager. YUM vs. RPM YUM is preferred by system administrators because it can update and manage multiple systems simultaneously. RPM can update only one system at a time. In YUM, the package dependencies are automatically detected and congured, whereas in RPM they have to be manually congured. YUM supports both online and local repositories. RPM supports only local repositories.

YUM Commands
The syntax for using YUM is yum [options] {command} {package name}. YUM has various commands that can be used to maintain packages.

Command
install update check-update remove

Enables You to
Install a package. Update packages. The command will update all packages when a package is not specied. Check for available updates. Remove the specied packages.

34

System Administration of Red Hat Linux 5

LESSON 2
Command
list

Enables You to
Display the details of the specied package. When a package is not specied, it lists the status of all the packages in the system. Display a brief description of the specied package. Install packages from a local repository.

info localinstall

How to Manage Packages Using YUM


Procedure Reference: Managing Packages Using Yum To manage packages using yum:
1. 2.

Log in as root. Manage packages using yum. Enter yum install {package name} to install packages using YUM. Enter yum remove {package name} to remove packages using YUM. Enter yum info {package name} to display package description. Enter yum update {package name} to update the system with the specied package.

ACTIVITY 2-3
Managing Packages Using YUM
Scenario: A meeting is scheduled at your company. You are required to install the ypbind service on the systems in the conference room to enable network communication. You are also asked to brief users on the installed ypbind packages. You decide to install the packages and generate a description using yum. Account information: Login name for root user: root Password for root user: p@ssw0rd
The activity Conguring NIS Services in Lesson 8 is dependent on this activity. Therefore, the instructor must also perform this activity along with the students.

Lesson 2: Managing Packages

35

LESSON 2
What You Do 1. Install the ypbind package using yum. How You Do It a. Log in as root in the CLI. b. To install the package, enter yum localinstall /rhelsource/Server/yp* c. At the Is this ok [y/N]: prompt, enter y d. Observe that the dependencies are updated and the Complete! message is displayed. e. Enter clear 2. Check the status of the package. a. To view the status of the ypbind package, enter yum list ypbind b. To view a description of the ypbind package, enter yum info ypbind c. Enter clear d. Enter logout

TOPIC D
Explore Red Hat Network
In the previous topic, you created repositories and accessed them. Now, you may want to download packages from the Internet to update and maintain your system. In this topic, you will explore the Red Hat Network. There may be instances when, as a system administrator, you will need to manage troubleshooting issues and receive support from Red Hat. To perform these tasks effectively, you will need to connect to the Red Hat Network, download updates, and manage the systems in the network.

36

System Administration of Red Hat Linux 5

LESSON 2
The Red Hat Network (RHN)
The Red Hat Network (RHN) is an Internet-based tool to update and manage systems running Red Hat Enterprise Linux. It contains the Red Hat Update Agent and the Red Hat Network daemon, and follows the basic client-server architecture. The Update Agent downloads the package updates and installs them on your computer. The Network daemon searches for updates periodically and schedules them. The Red Hat Network is the direct source for packages for Enterprise Linux. It also provides troubleshooting assistance.
The Red Hat Network (RHN)

Figure 2-3: The Red Hat Network home page, showing the various support facilities provided by RHN. Installation Numbers The installation number is a 16-digit number that is provided by Red Hat to enable you to install the full set of optional packages included in the Enterprise Linux subscription. It also enables you to register with the Red Hat Network to download updates and support, to validate your subscription with Red Hat, and to subscribe to the various channels and entitlements. The number is found on the information slip provided with the Red Hat Enterprise Linux package.

The Red Hat Network Server


The Red Hat Network Server is the central server to which all RHN client systems are connected to access the latest RPM packages. The Red Hat Network Server is of two types, satellite and proxy. The satellite server is a LAN-based server through which client systems can be updated. This server is inaccessible through the Internet. The proxy server stores the updates from Red Hat in local caches, thereby reducing the bandwidth of the server. Client user proles can be stored on both servers. The network server maintains the integrity of the network with its enhanced security features.

Lesson 2: Managing Packages

37

LESSON 2
The Red Hat Network Client
The Red Hat Network Client is a computer connected to the RHN proxy or the RHN satellite server. The RHN client is congured to connect to the central RHN servers and download updates and rpms automatically. RHN satellite server connectivity is necessary to download updates.

Entitlements
Entitlements are features that are available to the RHN client through a paid subscription. Entitlements are of many types such as channel entitlements and service levels. The channel entitlements control access to software channels. Four service levels are available to maintain the client systems.

Service Level
RHN Update

Description
Provides clients with immediate updates on errata, downloads, and support. This service is ideal for single computers or small networks. Provides clients with all the features of the RHN update and the additional capability of managing larger networks. Provides clients with maximum network management capabilities. This service provides a number of customized options for managing systems. It provides all the features of RHN update and management services. Provides clients with the capability to monitor system defects and troubleshoot them before they become critical.

RHN Management RHN Provisioning

RHN Monitoring

Software Channels Software channels are related packages placed together in a group. There are two types of software channels, the base and child channels. The client can subscribe to only one base channel, and can subscribe to multiple child channels of this base channel.

38

System Administration of Red Hat Linux 5

ACTIVITY 2-4
Exploring the Red Hat Network
Scenario: Your company has purchased a few subscriptions for Red Hat Enterprise Linux that need to be activated with the proper activation numbers and entitlements, to enable you to download updates and support from Red Hat to keep the systems updated. You are assigned the task of identifying the various entitlements that have been purchased with the subscription and registering the systems on Red Hat Network.

LESSON 2

1.

Which component of the Red Hat Network is responsible for updating your computer when connected to RHN? a) The Red Hat Network Client. b) The Red Hat Network Server. c) The Update Agent. d) The Red Hat Network daemon. e) The channel entitlements.

2.

True or False? You can download updates from the RHN satellite server via the Internet. True False

3.

What is true of entitlements? a) The entitlements are of two types, channel entitlements and software entitlements. b) RHN Monitoring is the lowest service level. c) A client can subscribe to multiple base channels. d) The channel entitlements control access to software channels. e) RHN Provisioning includes the features of RHN Management and RHN Update.

Lesson 2 Follow-up
In this lesson, you managed packages using package managers, and also explored the various repositories from where you can download the packages. This will enable you to easily install software packages on the systems in the network.

Lesson 2: Managing Packages

39

LESSON 2
1. What are the pre-installation steps to be carried out before installing a package? Answers will vary, but may include: 1. When installing a package, it is necessary to ensure that the package is from a trusted source to avoid system corruption. 2. Before installing a package, it is necessary to check if all the files pertaining to the particular package are present. 3. It is necessary to check whether the dependencies required to install the package are already present in the system. If not, the dependencies have to be installed first. 2. Why do you think it is important to create your own repositories? Answers will vary, but may include: 1. Creating repositories is necessary because a personalized and customized database of the packages can be maintained and any additional packages can be removed. 2. Private repositories enable effective package organization. Repositories can be created and organized according to data such as package name and source name.

40

System Administration of Red Hat Linux 5

LESSON 3

LESSON 3
Managing Kernel Services
In this lesson, you will manage the Linux kernel services. You will: Identify the role and functions of the Linux kernel. Customize kernel modules. Create the initrd image. Access device drivers. Monitor the hardware devices available in the computer system. Manage processes and resources. Congure kernel settings.

Lesson Time 2 hour(s), 30 minutes

Lesson 3: Managing Kernel Services

41

LESSON 3
Introduction
You have familiarized yourself with the initialization of the Linux system and managing packages. The kernel, being the core of the Linux operating system, handles various crucial functions such as system initialization, process scheduling, memory, and hardware management. In this lesson, you will explore the role of kernel services and its conguration. As a Linux system administrator, you may need to congure, modify, and customize the kernel to meet user requirements. Even a minor misconguration may cause kernel panic, rendering the system ineffective. Therefore, a deeper understanding of the kernel services is required to manage the kernel efficiently.

TOPIC A
Explore the Linux Kernel
The rst component that initializes in the Linux boot process is the kernel. It provides all the essential services that are required for running the computer. It controls the rest of the processes that happen on the computer. In this topic, you will explore the role of the Linux kernel and its functions. If a system crashes or stops performing, it actually means the kernel or an operation critical to the working of the kernel has crashed. To troubleshoot such systems, a system administrator needs to understand the functionality of the kernel.

The Role of Linux Kernel


The Role of Linux Kernel

The Linux kernel, which is the core constituent of the Linux operating system, manages all other resources in the computer. It manages lesystem access, memory, processes, devices, and resource allocation. It controls the interaction between software applications and underlying system resources. The kernel initializes itself during the boot process and then starts running the other processes. By default, the kernel loads with a minimal set of functions required to run a system. The kernels functionality can be expanded by installing kernel modules. The kernel is required to synchronize the operations of multiple processes and govern resources.

Figure 3-1: The Linux kernels role in operating a system.

42

System Administration of Red Hat Linux 5

LESSON 3
Kernel Versions Linux kernel versions refer to the different editions of the Linux kernel. Kernel versions are identied by their kernel number, which consists of four parts. The format of the version number is:
major_version_number.major_revision_number.minor_revision_number.fix_number

The version number can be viewed using the uname -r command.

Kernel Layers
The kernel performs various functions to control and manage the operations of a system.

Kernel Layer
The System Call Interface (SCI) Layer

Function
The SCI layer is an abstraction layer that handles function calls sent from user applications to the kernel. A function call is basically a service request sent to the operating systems kernel for invoking a system-level function such as request for processing time and memory allocation. This layer enables the kernel to schedule and process function calls and manage multiple function calls simultaneously. The kernels major task is to handle different processes by allocating separate execution space on the processor and ensuring that the running of one process does not interfere with the other processes. The kernel implements sharing of the processor time for executing multiple processes through process scheduling. Managing the computers memory is one of the complex tasks performed by the kernel. Like processor sharing, memory also needs to be shared among different application services and resources. The kernel maps or allocates the available memory to applications or programs on request and frees the memory automatically when the execution of the programs are completed, so that it can be allocated to other programs. The kernel also performs lesystem management, which involves storing and organizing les and data on the computer and keeps track of it. The kernel also supports a virtual lesystem that provides an abstract view of the underlying data that is organized under complex structures, so that it appears to be a single structure.

The Process Management Layer

The Memory Management Layer

The Filesystem Management Layer

Lesson 3: Managing Kernel Services

43

LESSON 3
Kernel Layer
The Device Management Layer

Function
The kernel performs device management by controlling device access and interfacing between user applications and the hardware devices of the computer. When the user application sends a system call, the kernel reads the request and passes it on to the drivers that manage the activities of the particular device. For this purpose, the kernel maintains a list of all devices in the /devdirectory.

Types of Kernels
Kernels can be classied as monolithic and modular, based on their organization.

Kernel Type
Monolithic kernel

Description
In a monolithic kernel, all modules such as device drivers or lesystems are built-in. Monolithic kernels can interact faster with devices. But the major disadvantage is its huge size, which leads to higher usage of RAM. In a modular kernel, only a minimal set of essential modules are built-in. The rest of the modules can be installed and the kernel can be re-built whenever necessary. A modular kernel is also known as a micro kernel or a dynamic kernel. Modular kernels are exible and saves memory usage because the kernel modules, which are loaded as required, are removed from the memory when the related devices are unmounted.

Modular kernel

Kernel modules and device drivers are discussed in detail in the following topics.

44

System Administration of Red Hat Linux 5

ACTIVITY 3-1
Exploring the Role and Functions of the Linux Kernel
Scenario: As a system administrator, you may need to troubleshoot issues related to the kernel. So, you would like to explore the kernel concepts to refresh your knowledge.
What You Do 1. How You Do It

LESSON 3

Which function is associated with the System Call Interface (SCI) layer of the kernel? a) Passing requests to device drivers b) Sending service requests to the kernel c) Processor time allocation for functions d) Process scheduling functions e) File organization

2.

What are the major functions performed by the kernel? a) Kernel initialization b) Process management c) Memory management d) Module installation e) Dependency Management

3.

True or False? The kernel maintains a list of all devices in the /boot directory. True False

Lesson 3: Managing Kernel Services

45

LESSON 3

TOPIC B
Customize Kernel Modules
You have familiarized yourself with the basic concepts of the Linux kernel. Kernel modules are functions that extend the capability of a kernel to support additional functionality. In this topic, you will customize kernel modules. The Linux kernel, by default, loads with a minimum set of kernel modules. When you want the kernel to support some additional functionality, you have to install or load the necessary modules manually. Customizing the modules to suit user requirements will enable you to manage the kernel efficiently.

Kernel Modules
Kernel Modules

Denition: A kernel module is a system-level function that extends the functionality of the kernel. It can be dynamically loaded to the kernel or unloaded from the kernel when required. It enables the kernel to update or recompile itself without requiring a reboot of the system. The kernel module le consists of a .ko extension. The modules built for a specic kernel version may not be compatible with another version of the kernel.

Example:

Figure 3-2: bridge.ko is the kernel module for networking support. Advantages of Kernel Modules The advantages of kernel modules are: Kernel modules reduce the burden on the kernel. If kernel modules were not present, their functionality has to be added directly to the kernel image, which can make the kernels larger. Kernel modules avoid the rebuilding and rebooting of the system when a new functionality is required.

46

System Administration of Red Hat Linux 5

LESSON 3
Dynamic loading of kernel modules facilitate lower memory consumption.

Directories Containing Kernel Modules The /lib/modules directory contains the modules of different kernel versions that are installed. It contains a directory named after the kernels version number. A list of currently loaded modules is found in the /proc/modules le. Modules are stored across various directories based on the categories they belong to. The following table lists the directories containing modules.

Directories
pcmcia net drivers fs arch

Description
Contains modules for the PCMCIA drivers and laptops. Contains modules for network-related products such as rewalls and protocols. Contains modules for various types of hardware. Contains modules for various types of lesystems. Contains modules for architecture specic support.

Kernel Module Managing Utilities


A kernel module managing utility enables you to view, load, unload, or modify kernel modules.

Kernel Module Utility


lsmod modinfo

Enables You To
Display the currently loaded kernel modules, their size, usage details, and their dependent modules. Display the information about a particular kernel module such as lename of the module, licence, description, authors name, module version number, dependent modules, and other parameters or attributes. The syntax for this command is: modinfo {module options} Install a loadable module into the currently running kernel. This utility inserts only the specied module and does not insert any dependant modules. The syntax for this command is: insmod {filename} {module options}

insmod

Lesson 3: Managing Kernel Services

47

LESSON 3
Kernel Module Utility
modprobe

Enables You To
Add modules to the kernel or remove modules from the kernel. This utility is capable of loading all dependant modules before inserting a specied module. The syntax for adding a module is: modprobe {modulename} The syntax for removing a module is: modprobe -r {modulename}

Command Options for modinfo The command options for the modinfo command are listed in the table below.

Command Option
-V -n -a -d -p -F

Enables You To
Display the version number of modinfo utility. Display the lename of the module. Display the author of the module. Display the description about the module. Display the parameters supported by the module. Print the eld values such as parameters, author, and description, one per line.

Command Options for insmod The command options for the insmod command are listed in the table below.

Command Option
-e -f

Enables You To
Add persistent parameters for the module. Force the loading of a module even when there is a difference between the modules kernel version and the current kernel version. Prevent simultaneous loading of the same module. Specify a module name while installing the module.

-L -o{module name}

Command Options for modprobe The command options for the modprobe command are listed in the table below.

48

System Administration of Red Hat Linux 5

LESSON 3
Command Option
-a -r -v -l -t{directory name}

Enables You To
Add all modules specied in the command line. Remove all modules specied in the command line. Display the verbose of all commands as they are executed. List all modules that match the given wildcard information. List all modules present in a specied directory.

The modprobe.conf File


The modprobe.conf le is a conguration le, which contains settings that apply persistently to all the modules loaded on the system. It is used to congure modules and their dependencies and also specify module aliases. The modprobe.conf le, which is located in the /etc/ modprobe.d directory, has a number of options for conguring kernel modules.
The modprobe.conf File

Figure 3-3: The modprobe.conf file that is used to configure kernel modules.

Option
alias wildcard modulename include filename options modulename option install modulename command

Used To
Specify an alternate name for a module with a long name. Add conguration les to the module. Specify the options to be added to each module before insertion into the kernel. Run the command without inserting the module into the kernel.

Lesson 3: Managing Kernel Services

49

LESSON 3
How to Customize Kernel Modules
Procedure Reference: Insert Modules Using the insmod Command To load the modules using the insmod command:
1. 2. 3.

Log in as root in the CLI. Enter insmod {module name} to insert a specied module into the kernel. Enter modinfo[command options] {module name} to view detailed information about the inserted module.

Procedure Reference: View Information About the Currently Running Kernel Modules To view information about the currently running kernel modules:
1. 2. 3.

Log in as root in the CLI. Enter lsmod to view the status of all currently loaded modules. Enter clear to clear the screen.

Procedure Reference: Add or Remove Modules Using the modprobe Utility To load modules using the modprobe utility:
1. 2. 3. 4.

Log in as root in the CLI. Enter modprobe {module name} to add the specied module and all its dependant modules to the kernel. Enter lsmod to view the status of loaded modules. If necessary, enter modprobe -r {module name} to remove a loaded module.

Procedure Reference: Congure Modules Using the modprobe.conf File. To congure modules using the modprobe.conf le:
1. 2. 3.

Log in as root in the CLI. Enter cd /etc to remove a loaded module. Enter vi modprobe.conf to open the modprobe.conf le. Specify the parameter to pass through when the module is loaded. Set the aliases for a module name. Save and close the le.

4.

50

System Administration of Red Hat Linux 5

ACTIVITY 3-2
Inserting and Conguring a Kernel Module
Scenario: You colleague tried to transfer some documents from his Linux machine to his mobile device. However, he was not able to do so. After examining the system, you nd that the kernel module required for the Bluetooth support is not available.
What You Do 1. Insert the bluetooth kernel module. How You Do It a. Log in as root in the CLI. b. To insert the bluetooth module, enter insmod /lib/modules/2.6.18-53.el5/ kernel/drivers/bluetooth/bcm203x.ko 2. View information about the inserted bluetooth module. a. To view the information about the bluetooth module, enter modinfo /lib/modules/2.6.18-53.el5/ kernel/drivers/bluetooth/bcm203x.ko b. Observe the displayed information about the loaded bluetooth module. 3. Configure the bluetooth kernel module. a. To navigate to the /etc folder, at the command prompt, enter cd /etc b. To modify the modprobe.conf file, enter vi modprobe.conf c. To go to the last line, press Shift+G. d. To go to the insert mode, press I. e. To specify an alias name as for the bluetooth module, on a new line, enter alias blue bcm203x f. To switch to the command mode, press Esc.

LESSON 3

g. Save and close the file. h. Enter logout

Lesson 3: Managing Kernel Services

51

LESSON 3

TOPIC C
Create an initrd Image
You have congured and customized kernel modules. The initrd image or the initial ramdisk image consists of all the kernel modules that were loaded during the boot process. Additional modules that are installed also need to be added to the initrd image to load automatically at boot time. In this topic, you will create the initrd image to update the kernel. The existing kernel in your system might have all the necessary modules, but at a later stage, you might require to update the modules when new set of devices have to be supported. Knowing how to update the existing modules by creating the initrd image will enable you to provide support for new devices.

initrd
initrd

initrd refers to the initial ramdisk that is temporarily mounted as the root lesystem for loading start up programs and modules. The ramdisk loads along with the kernel, and its functionality is controlled by the kernel. Initrd enables the system to be started in two phases. In the rst phase, the system is booted with the minimum set of modules required to load the main or the permanent root lesystem. In the second phase, when the main root lesystem is mounted, the previously mounted initrd lesystem is removed and the ramdisk is released for installing additional modules on demand.

Figure 3-4: The initrd enables the system to be started in two phases. The initrd Image The initrd image is an archived le containing all the essential les that are required for booting the operating system. It can be built or customized to include additional modules, remove unnecessary modules, or update existing modules. The mkinitrd Command The mkinitrd command is used to create the initial ramdisk image for pre-loading the kernel modules.

52

System Administration of Red Hat Linux 5

LESSON 3
Command Option
--preload={module name} --with={module name} --builtin={module name}

Used To
Load a module in the initrd image before the loading of SCSI modules. Load a module in the initrd image after the loading of SCSI modules. Specify that the module is already built into the currently loaded kernel, so that mkinitrd will omit it while creating the initrd image. Automatically determine the type of lesystem that the root device is found on. Avoid loading LVM, RAID, and SCSI modules respectively while creating the initrd image. Overwrite an existing initrd image le.

--fstab={fstab} --omit-lvm-modules --omit-raid-modules --omit-scsi-modules -f

How to Create the initrd Image


Procedure Reference: Create an initrd Image with Updated Information To create an initrd image with updated information:
1. 2.

Log in as root in the CLI. To create an initrd image, enter mkinitrd {command options} /boot/initrd-{kernel version number}.img {kernel version number} Update the /boot/grub/grub.conf le with the updated initrd information.

3.

Lesson 3: Managing Kernel Services

53

LESSON 3

ACTIVITY 3-3
Creating an initrd Image to Update the Kernel
Scenario: You have to troubleshoot a Linux system that has a booting issue. The system consists of a SCSI disk containing the Linux installation les. However, the kernel does not have an in-built SCSI module. Though the kernel can load and execute, it wont be able to mount its root le system without loading the SCSI module rst. Because the module resides in the root le system in /lib/modules/, you cannot pre-enable SCSI support.
What You Do 1. Create a new initrd image. How You Do It a. Log in as root in the CLI. b. To create a new initrd image, enter mkinitrd /boot/new-initrd-image.img 'uname -r'
In the 'uname -r' section of the mkinitrd /boot/new-initrd-image.img 'uname -r'command, use the back quote () key on the keyboard.

54

System Administration of Red Hat Linux 5

LESSON 3
2. Update the GRUB configuration with the new initrd image. a. To access the directory where GRUB is located, enter cd /boot/grub b. To edit the GRUB configuration file, enter vi grub.conf c. To go to the last line, press Shift+G. d. To go to the insert mode, press I. e. Verify that the cursor is in the line that starts with the text initrd /initrd2.6.****.img or module /initrd2.6.****.img. f. To comment the line, type #

g. On a new line, type module /new-initrd-image.img h. To switch to the command mode, press Esc. i. j. Save and close the file. To load the new initrd image, enter reboot

Lesson 3: Managing Kernel Services

55

LESSON 3
3. View the new initrd image and boot from it. a. When the system reboots and the GRUB splash screen displays the message Booting Red Hat Enterprise Linux (2.6.****) in 3 seconds, press any key to enter the boot loader menu. b. If prompted for password, press P to view the Password prompt. At the prompt, enter your password. c. In the boot loader menu, verify that your currently installed Linux version is selected and press E to view its components. d. Observe that the newly created initrd image module /new-initrd-image.img is displayed in the boot sequence list. e. To boot from the new initrd image, press B.

TOPIC D
Access Device Drivers
You have created an initrd image to provide in-built module support to the kernel. After the kernel is loaded, the module les may require changes to support additional features. The device module les are stored in the /dev directory in Linux. In this topic, you will access the device driver les through /dev and udev to view their attributes and make necessary modications. Also, you will manage the drivers in /dev with udev. A system administrator has to read and write details to the driver les frequently when additional hardware is required or existing hardware is upgraded. Knowing how to access drives through /dev will enable you to handle this effectively.

udev
udev is a device manager that manages the automatic detection and conguration of hardware devices. udev is an integral part of the kernel and it starts during the boot time. The udev utility handles module loading for both cold plugged and hot plugged devices. It loads the modules on system boot for cold-plugged devices such as a monitor or a sound card. And it loads the required modules dynamically during system run time for hot-plugged devices such as a USB drive or a camcorder.

56

System Administration of Red Hat Linux 5

LESSON 3
Cold Plug vs. Hot Plug Hot plug is the ability of a system to add or remove hardware without rebooting the system, while cold plug is the inability to do so. Hot plug devices are detected by the system as they are plugged in, whereas, cold plug devices such as hard disks are not sensed when connected to a running system; they need a complete reboot of the system to function. Some cold plug devices can be connected only when the system is not running.

Device Drivers
Denition: A device driver is a software program that enables a computers operating system to identify the characteristics and functions of a hardware device, communicate with it, and control its operations. It acts as an interface between the operating system and hardware devices such as hard drive, CD/DVD drive, printer, scanner, monitor, and keyboard. Device drivers can be in-built in the operating system or installed on demand. Example:
Device Drivers

Figure 3-5: A printer driver is used by the operating system to communicate with your printer to print files or documents. Device Tree A device tree is a structure that lists all hardware devices installed in the computer and assigns device nodes to them. It is auto generated by the computers Random Access Memory (RAM) when the computer is started, or a new device is installed, or a device or system conguration is modied.

Device Nodes
A device node is an access point to device drivers; it is used while mapping service requests with device access. It represents a particular hardware resource in a device tree. It is also known as a device le or device special le. This node contains vital information such as the device type, the major number, and the minor number. A minor number identies a particular device and the major number identies the device driver that controls this particular device. Device nodes are located in the /dev directory.
Device Nodes

Lesson 3: Managing Kernel Services

57

LESSON 3

Figure 3-6: A device node representing the disk volume. Types of Hardware Devices Hardware devices can be divided into two types based on their usage or function.

Device Type
Block devices

Description
These are typically used for data storage. They buffer all the service requests received to choose the order in which requests have to be responded. Block devices accept input and provide output in the form of blocks, which are of larger byte sizes. Examples are: Hard disks /dev/hda, /dev/sda CD/DVD ROM /dev/hdc Software RAID /dev/md[05] These are typically used for data streaming and do not use buffering to handle service requests. They accept input and provide output in smaller byte sizes. Examples are: Software devices /dev/null, /dev/zero Virtual consoles /dev/tty[06]

Character devices

How to Access Drivers Through /dev


Procedure Reference: Access Drivers Through /dev To access device driver les through /dev:
1. 2. 3.

Log in as root in the CLI. Enter who to check which terminal is being used and the users who are logged in. Enter cat /dev/{device node} to view the device driver le.

58

System Administration of Red Hat Linux 5

LESSON 3
4.

Enter echo {messages} > /dev/{device node} to access driver les.

Procedure Reference: Add Files Under /dev To add les under /dev:
1. 2.

Log in as root in the CLI. Add les under the /dev directory. Create les under /etc/udev/rules.d a. b. c. d. e. f. a. Enter cd /etc/udev/rules.d to open the rules.d directory. Enter touch {file name} to view the timestamps of the device le. Switch to the insert mode. Enter vi {file name} to open the device le. Type the text as indicated below to add details to the le. KERNEL== "{device}", NAME="{device node}" Save and close the le. Enter mknod /dev/{device node} {device type} {major number} {minor number} to create the device node.

Create les using the mknod command.

ACTIVITY 3-4
Accessing Drivers Through /dev
Scenario: Your company has a server to which many users log in with their user account to carry out their day-to-day operation. Due to the unscheduled emergency maintenance in the server, you may need to reboot the system if necessary. You now need to communicate the following to all the logged in users so that they can save their data and complete their task and logout.
What You Do 1. View information about users who have currently logged in. How You Do It a. Log in as root in the GUI. b. To open the terminal, choose ApplicationsAccessoriesTerminal. c. To check who is logged into which terminal, enter who

Lesson 3: Managing Kernel Services

59

LESSON 3
2. Access drivers in the /dev directory. a. To alert all the current users, enter echo "please save your work, the system will be down for maintenance in 30 minutes" > /dev/tty1 b. Switch to the CLI. c. Observe that the echoed message is displayed on the screen. Press Enter to return to the login prompt.

ACTIVITY 3-5
Adding Files Under /dev
Scenario: You have been requested to attach a scanner and a web camera to a computer. To enable your system to support these two hardware devices, you need to add the related driver les under the /dev directory.
What You Do 1. Add a device driver file. How You Do It a. Log in as root in the CLI. b. To navigate to the driver files directory, enter cd /etc/udev/rules.d c. To create the driver file, enter vi 99cam.rules

60

System Administration of Red Hat Linux 5

LESSON 3
2. Create entries for web camera and scanner in the driver file. a. To go to the insert mode, press I. b. To add a web camera device, enter KERNEL==hda1, NAME=webcam c. To add a scanner device, enter KERNEL==hda2, NAME=scanner d. To switch to the command mode, press Esc. e. Save and close the file. f. To apply the settings, enter reboot

TOPIC E
Monitor Hardware Devices
You have accessed driver les and modied its parameters. Drivers are associated directly with the devices that are installed in your computer. In this topic, you will monitor the various hardware devices that are installed in your computer. A system administrator needs to keep track of all the devices that are connected to the computer and monitor them continuously. Gaining knowledge about the utilities that are used to keep track of these hardware devices is essential for proper management of the systems.

Hardware Communication Channels


The kernel and the hardware devices communicate using major channels such as Interrupt Requests, Input/Output (I/O) addresses, and Direct Memory Address (DMA).

Hardware Communication Channel


Interrupt ReQuests (IRQ)

Description
An interrupt request is a signal sent by a hardware device to the kernel to request processing time for performing an operation. This enables the kernel to prioritize system events and allocate the CPUs processing time for the devices. Every hardware device communicates with the operating system through a unique input/output address. The kernel uses this address to identify the requests sent to or from the device. It is also used to map the devices with user applications requesting the device services.

Input/Output (I/O) Address

Lesson 3: Managing Kernel Services

61

LESSON 3
Hardware Communication Channel
Direct Memory Address (DMA)

Description
Direct Memory Address is a method by which hardware devices directly communicate with the memory to obtain memory allocation without going through the processor.

Hardware Abstraction Layer (HAL)


Hardware Abstraction Layer (HAL)

The Hardware Abstraction Layer (HAL) is a logical interface that enables software applications to interact with hardware devices at an abstract level through system calls. This layer converts generic system calls sent by software applications to detailed device-specic instructions. It enables an operating system to adapt to different kinds of hardware platforms without requiring any modications in the kernel.

Figure 3-7: The Hardware Abstraction Layer (HAL) that enables software applications to interact with hardware devices.

The HAL Utilities


The HAL utilities enable you to view or monitor the hardware device connected to the computer.

HAL Utility
lspci lsusb hal-device hal-device-manager

Used To
List all peripheral components connected to a computer. List all USB components connected to a computer. Display the list of all connected devices in a text mode. Display all connected devices on a graphical window. This utility is dependent on udev for device node information.

62

System Administration of Red Hat Linux 5

LESSON 3
How to Monitor Hardware Devices
Procedure Reference: Monitor Hardware Devices To monitor the hardware devices currently connected to the system:
1. 2.

Log in as root. Monitor hardware devices. Enter lspci to list the status of all PCI devices. Enter lsusb to list the status all USB devices. Enter hal-device to list all devices.

ACTIVITY 3-6
Monitoring the Hardware Devices on a Computer
Before You Begin: 1. Open the terminal window in the CLI. 2. 3. 4. Log in as root. Enter cd /rhelsource/Server to navigate to /rhelsource/Server directory. Enter rpm -ivh hal-gnome-0.5.8.1-25.el5.i386.rpm to install the HAL device manager package.

Scenario: As a part of your system administration task, you have to keep track of the devices used on all the computers in the network and maintain a list of hardware resources that are in use.
What You Do 1. View all peripheral devices that are connected to the system. How You Do It a. Log in as root in the GUI. b. To open the terminal window, choose ApplicationsAccessoriesTerminal. c. To view the list of peripheral components and their related information, at the prompt, enter lspci -v d. Observe the list of hardware devices being displayed along with the related information. e. Enter clear to clear the display of items on the screen.

Lesson 3: Managing Kernel Services

63

LESSON 3
2. View all hardware devices that are connected to the system using HAL device manager. a. To view the list of all hardware devices and their related information, enter hal-device-manager b. Observe that the Device Manager window lists all hardware devices connected to the system in the left pane. c. In the right pane, click the Advanced tab to view more information. d. Close the Device Manager window. e. In the terminal, enter clear

TOPIC F
Monitor Processes and Resources
You have monitored the hardware devices in your computer. Along with the hardware devices, software applications and programs work in conjunction to make the entire system work. Software programs are handled by the processor. In this topic, you will monitor the processes to view how the system resources are utilized and how the processor manages them. As a system administrator, you may need to handle a number of running processes simultaneously. Based on the need, one program may require more priority than another. While the execution of one process is in progress, you may decide to pause or stop the process to start another more important process. Performing process monitoring will help you to manage multiple programs and their resource allocation.

Kernel State Monitoring Utilities


Kernel state monitoring utilities are used to gather information about the operating system, its running events, and processes.

Kernel State Monitoring Utility


uname uptime

Enables You To
Display the name of the operating system, its version, licence, processor and hardware details. Display the duration for which the system has been running, the load average of the system, and how many users have logged on currently. Provide a graphical representation of the system, the load average for the past 1, 5, and 15 minutes.

tload

64

System Administration of Red Hat Linux 5

LESSON 3
System Load System load is a measurement of the amount of work done by a computer over a given period of time. It is represented in the form of three numbers. The rst number indicates the system load during the last one minute, the second number indicates the system load during the last ve minutes, and the last number indicates the system load during the last fteen minutes.

Memory Monitoring Utilities


Memory monitoring utilities are used to view the usage of memory and other related statistics.

Memory Monitoring Utility


free

Enables You To
Display the total memory available in the system, the amount of memory that is free, used, shared, buffered, and cached. Display the statistics about virtual memory usage. It lists the details about the currently running processes such as memory usage, interrupts or I/O address information, and processor allocation information. Display the mapping of processes with memory resources.

vmstat

pmap

Command Options for free Utility The command options for the free command are listed in the table below.

Command Option
-b -k -m -g -s {delay in seconds} -o -t

Used To
Display the amount of memory in bytes, kilobytes, megabytes, and gigabytes respectively.

Update the memory statistics at a delay of the specied seconds. Disable the display of the buffer or cache information line at the end. Display the total of RAM and swap space.

Command Options for vmstat Utility The command options for the vmstat utility are listed in the table below.

Command Option
-a -s

Used To
Display the active or inactive memory. Display memory statistics in a list format.

Lesson 3: Managing Kernel Services

65

LESSON 3
Command Option
-m -d -p {disk partition}

Used To
Display statistics in the form of slabs. Display disk statistics. Display statistics for the specied partition.

Command Options for pmap Utility The command options for the pmap utility are listed in the table below.

Command Option
-x {process ID} -d {process ID} -q {process ID} -V

Used To
Report the memory map of processes in an extended format. Report the memory map of processes in a device format. Report the minimal required information of memory mapping. Display the version of the pmap utility.

The gnome-system-monitor Utility


The gnome-system-monitor Utility

The gnome-system-monitor is a GUI utility that is used to monitor the system processes, resources, and lesystems. The Processes tab displays details about the currently running processes such as name, status, ID, CPU and memory usage. The Resources tab displays the CPU, memory and swap usage history, and network operations history. The File Systems tab displays information about currently mounted lesystems, related directories, type, and usage status.

Figure 3-8: The gnome-system-monitor with system status displayed.

66

System Administration of Red Hat Linux 5

LESSON 3
How to Manage Processes and Resources
Procedure Reference: Monitor the Kernel State To monitor the kernel state:
1. 2. 3. 4.

Log in as root in the CLI. Enter uname [command options] to view the information regarding the running kernel. Enter uptime to view the running time of the system. Enter tload to view the graphical representation of the systems load average.

Procedure Reference: Monitor the Memory Usage To monitor the memory usage:
1. 2. 3.

Log in as root in the CLI. Enter free [command options] to view the free and used memory in the system. Enter vmstat [command options] to report the virtual memory statistics.

Procedure Reference: Monitor the Processes Mapping To monitor the processes mapping:
1. 2. 3.

Log in as root. Enter ps [command options] to view the running process in the system. Enter pmap [command options] {pid} to view the memory map of a process.

Procedure Reference: Manage Processes Using the Gnome System Monitor To manage processes using the gnome system monitor:
1. 2.

Log in as root in the GUI. Open the gnome system monitor. Enter gnome-system-monitor in the terminal. Or, choose ApplicationsSystem ToolsSystem Monitor. In the Processes tab, scroll to locate the process. Right-click on a running process to start, stop, kill, or change priority. Choose MonitorQuit to close the window.

3. 4. 5.

Lesson 3: Managing Kernel Services

67

LESSON 3

ACTIVITY 3-7
Monitoring Processes and Resources
Scenario: There are many services running in the main server. The company has expanded and a large number of users have joined your network. Therefore, there are many users logged on to the same server. To reduce load on the server, the company wants to add separate servers. As a system administrator, you have been asked to submit data on the existing server to decide on the number of servers to be added and what applications are to be moved to the additional servers.
What You Do 1. Monitor the kernel state. How You Do It a. To monitor the kernel state, enter uname -r b. To view the running time of the system, enter uptime 2. Monitor the memory usage. a. To view the virtual memory statistics, enter vmstat b. To view the unused memory available in the system, enter free -m 3. Monitor processes. a. To view the processes that are currently running on the system, enter ps aux b. Observe that a list of all processes is displayed. It provides the details regarding users who are running the processes, the process IDs, CPU and memory usage, virtual and resident set size, the terminal type, time, and the command.
VSZ and RSZ are the virtual set size and resident set size attributes of a process that displays how much memory has been occupied by a process.

c. Enter clear

68

System Administration of Red Hat Linux 5

TOPIC G
Congure the Kernel
You have monitored the system processes and memory utilization that are managed by the kernel. The kernel needs to be congured to support a required functionality when it is not available in the current conguration. In this topic, you will congure the kernel using /proc and sysctl. Certain programs may require additional settings, which may not be required for other programs that commonly run on the computer. In such cases, you may want to congure the kernel temporarily for supporting the specied program. Or, you may want to retain the settings in the kernel forever. Knowing how to congure a kernel temporarily or permanently will enable you to administer the kernel efficiently.

LESSON 3

Types of Kernel Conguration


Linux kernels can be congured in two different ways. One form of conguration is persistent and the other is transactional.

Kernel Conguration Type


Persistent conguration

Description
A persistent kernel conguration refers to the conguration of kernel settings in such a way that the settings do not change even after the system is rebooted. The changes made to the kernel are permanent. Kernel conguration with sysctl.conf is persistent and does not get effaced when the kernel is reinitialized. A transactional conguration refers to updating the kernel settings for a required service. These settings are not permanent and it is reverted when the system is rebooted. The settings hold good only for the particular transaction of the kernel. Kernel conguration with /proc is transactional and are reected immediately. This type of conguration can be used for network services modication and memory subsystems related features of the kernel.

Transactional conguration

/proc The /proc is a directory in the Linux virtual lesystem; it provides elaborate information about the kernels running process. The sysctl Command The sysctl command is used to view or set the kernel parameters at runtime. You can view the list of its options through man sysctl

Lesson 3: Managing Kernel Services

69

LESSON 3
Command Option
-w variable={value} variable={value} -n -e -a -A

Used To
Set a parameter value or to change the sysctl setting. Set a key parameter value. Disable printing of key name while displaying the kernel parameters. Ignore errors about unknown keys. Display all parameter values that are currently available. Display all parameter values that are currently available in a table format.

The sysctl.conf File The sysctl.conf le is a le where the persistent kernel settings are added.

How to Congure the Kernel Settings


Procedure Reference: Manage the Kernel Using the /etc/sysctl.conf File To manage the kernel using the /etc/sysctl.conf le:
1. 2. 3. 4. 5.

Log in as root in the CLI. Open the /etc/sysctl.conf le. Make the necessary modications to the kernel settings. Save and close the le. Reboot the system.

Procedure Reference: Congure the Kernel Using /proc To congure the kernel using /proc:
1. 2. 3.

Log in as root in the CLI. Enter echo {value} > /proc/{file location whose value in the kernel needs to be changed} to congure the kernel parameters. Save and close the le.

Procedure Reference: Congure the Kernel Using sysctl To congure the kernel using sysctl:
1. 2.

Log in as root in the CLI. Enter sysctl {command options} {kernel parameter}={value} to congure the kernel parameters.

70

System Administration of Red Hat Linux 5

ACTIVITY 3-8
Conguring the Kernel Settings
Scenario: You have two network cards in a PCone is connected to the network 192.168.0.0 and the other is connected to 172.29.156.34. You want to make the PC as a router so that both the networks can access each other and forward the packets from one network to the other.
What You Do 1. Configure kernel settings persistently for IP forwarding.
The symbol indicates that the text appearing on the next line should be typed on the same line in which appears.

LESSON 3

How You Do It a. To open the sysctl.conf file, enter vi /etc/sysctl.conf b. To go to the IPv4 forward setting line, enter /net c. To go to the insert mode, press I.

The process of forwarding Internet data packets from one network to another.

d. To enable automatic forwarding of data packets on a network, set the IPv4 forwarding value as net.ipv4.ip_forward = 1 a. To specify the default Time To Live (TTL) value, in a new line, enter net.ipv4.ip_ default_ttl = 65 a. To block all ICMP ECHO requests, in a new line, enter net.ipv4.icmp_echo_ignore_ all = 1 a. To set the IP packet filter value, enter net.ipv4.conf. default.rp_filter = 0 a. To disable source routing, on a new line, type net.ipv4.conf.default. accept_source_route = 1 b. To switch to the command mode, press Esc. c. Save and close the file. d. To apply the settings, enter reboot

2.

Define the maximum number of hops a packet is allowed to make before reaching its destination. Block all ICMP ECHO requests to manage network traffic.

3.

4.

Reject incoming packets if their source address does not match the interface they arrive from. Disable source routing and apply the configured kernel settings.

5.

Lesson 3: Managing Kernel Services

71

LESSON 3
6. Check the configured kernel settings. a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root in the CLI. c. To view the IP forwarding settings, enter cat /proc/sys/net/ipv4/ip_forward d. To view the default TTL value, enter cat /proc/sys/net/ipv4/ip_default_ttl e. To view the ICMP ECHO message settings, enter cat /proc/sys/net/ipv4/ icmp_echo_ignore_all f. To view the packet filter settings, enter cat /proc/sys/net/ipv4/ conf/default/rp_filter

g. To view the source route settings, enter cat /proc/sys/net/ipv4/conf/default/ accept_source_route h. Enter logout

Lesson 3 Follow-up
In this lesson, you have explored the purpose and organization of the kernel. This will enable you to understand the kernel structure, monitor kernel components, and congure the kernel services.
1. How do you think modules affect the way kernels are loaded? Answers will vary, but may include: 1. Kernel modules increase the flexibility of the kernel by extending kernel functionality to control hardware devices, drivers, and filesystems. 2. Kernel modules also decrease load on the kernel by lowering the number of processes the kernel is involved in. 2. Why is process management important for operating systems? Answers will vary, but may include: 1. Process management is necessary to manage system resources. Too many unnecessary processes running on the system at the same time will result in poor system performance. 2. Process management also enables the system administrator to identify harmful processes and prevent system corruption.

72

System Administration of Red Hat Linux 5

LESSON 4

LESSON 4
Conguring the Graphical User Interface
In this lesson, you will congure the graphical user interface. You will: Implement X. Customize the display manager. Customize the window environment.

Lesson Time 1 hour(s), 30 minutes

Lesson 4: Conguring the Graphical User Interface

73

LESSON 4
Introduction
You have worked with the Linux kernel and kernel services, and have been using the command line interface to access these services. However, for those who are not comfortable with the CLI, Linux also provides a more user-friendly graphical user interface. In this lesson, you will congure the graphical user interface. Linux provides the exibility of switching back and forth between the command line interface and the graphical user interface. While the command line allows you to perform an action with speed, the graphical user interface is more user friendly and allows you to nd options and functions easily when you cannot remember the corresponding commands.

TOPIC A
Implement X
You have managed kernel services using the Linux command line. Sometimes, when you are guiding users through a process, they may be unable to understand the commands you tell them to type in the CLI. Combining the graphical user and command line interfaces in Linux, provides users greater control and options. In this topic, you will implement X to work with the graphical user interface. Because Linux provides both a command line interface and a graphical user interface, users can choose to work in either one of them or both. Some users may not like the blank screen of the command line. They may prefer working with the more user-friendly icons and windows. You may not always remember the commands to carry out a task. In such cases, you can use the GUI to accomplish your task.

X.Org
X.Org is a free version of the X Window graphical user interface system for some Linux distributions. It provides an interface between display hardware, such as the mouse and the keyboard, and the desktop environment. It is platform independent and extensible because it can be modied by changing or adding new features.

X Servers
X Servers

Denition: An X server is a program that implements the GUI provided by the X window system. It runs on the local machine. It manages the keyboard, mouse, and display device. It converts the X-Windows protocol commands to machine language commands. It also converts the graphical user interface commands to X-Windows protocol commands for the client. It draws pictures and displays text on screen.

74

System Administration of Red Hat Linux 5

LESSON 4
Example:

The X Protocol The X protocol is the standard protocol used by clients and servers in the X Window System. Using this protocol, requests for window operations can be exchanged.

X Clients
Denition: An X client is an application that is written with the aid of the Xlib library, which gives programs access to any X server. An X client sends requests to the X server for a certain action to take place, for instance, to create a window. The X server sends the event that the X client is expecting in response to the request. An X client also receives errors in requests from the server. There can be more than 1 X client sending requests to the X server. Example:
X Clients

Lesson 4: Conguring the Graphical User Interface

75

LESSON 4
X Font Servers
X Font Servers

Denition: An X font server (Xfs), is a service that provides fonts to the X server and X client applications that connect to the X server. The /etc/rc.d/init.d/xfs script starts the Xfs server. The font path, which is a collection of paths in the lesystem where font les are stored, can also be edited using Xfs. Xfs supports the TrueType, Type1, and bitmap fonts. Fonts may be stored on one machine acting as a networked font server. Multiple X servers can share these fonts over the network. Example:

XOrg Runlevels
XOrg Runlevels

The X window system boots into two main runlevels: runlevel 3 and runlevel 5. When you start the machine, it boots into a graphical mode, which is runlevel 5. You can also boot the machine into a CLI or text mode, which is runlevel 3. Runlevel 3 is a full multiuser mode. The X server is started from runlevel 3 using the startx or the xinit command.

Figure 4-1: Booting in different runlevels results in different displays.

76

System Administration of Red Hat Linux 5

LESSON 4
Remote X Sessions
Denition: Remote X sessions are sessions where the user on the remote workstation is able to view the X window of the host and run the hosts applications. These sessions may be run on local and TCP/IP networks. Remote X sessions may be host based or user based. Host-based sessions can be implemented by invoking the xhost command, which allows the user to add or remove hosts. User-based sessions can be implemented by the xauth utility, which authorizes users who can access the remote X host using keys. Example:
Remote X Sessions

Commands Used in Remote X Sessions


The xhost and xauth commands are used to manage remote X sessions. A number of options are provided for effective session management.

Option
xhost - help xhost +{name} xhost -{name}

Enables You to
Display a usage message. Add the name to the list of hosts or users connecting to the X server. Remove the name from the list of hosts or users connecting to the X server.

Option
xauth -f authfile xauth -i xauth -v

Enables You to
Set the authority le to be used by xauth. Let xauth bypass authority le locks. Let xauth print status messages.

Lesson 4: Conguring the Graphical User Interface

77

LESSON 4
X-Stations
X-stations

Denition: An X-station is a terminal or diskless workstation that is connected over a network and engineered to run the X Window system remotely. An X-station is not directly connected to a computers Central Processing Unit (CPU). All X-station systems in a network are connected to a central workstation. The central workstation provides the terminal with the operating system, memory, programs, and CPU cycles. Example:

How to Implement X
Procedure Reference: Customize X for the Monitor Automatically To customize X for the monitor:
1. 2. 3. 4. 5. 6.

Log in as root in the GUI. In the warning box that appears, click Continue. Choose ApplicationsAccessoriesTerminal to display the terminal. Enter system-config-display to open the Display Settings window. Select the Hardware tab. Customize the monitor settings. a. In the Monitor Type section, click Congure. b. c. To expand the Monitor section, click the triangle. Select the appropriate monitor model and click OK to save the settings to the /etc/X11/xorg.conf le.

7. 8. 9.

Click OK to close the Display Settings window. At the prompt, click OK. Choose SystemLog Out root to log out of the GUI.

10. Log in for the changes to take effect.

78

System Administration of Red Hat Linux 5

LESSON 4
The X window automatically detects the type of monitor and its settings. If you need to customize the monitor type, refer to the corresponding monitors product manual to learn its type and optimum settings. Monitor type refers to the different models, sizes, and also whether its a generic or laptop display.

The system-cong-display Command The system-config-display command displays the Display Settings dialog box to set the system resolution, color depth, and other advanced display settings. Procedure Reference: Customize X for the Monitor Manually To customize X for the monitor manually:
1. 2. 3. 4. 5. 6.

Log in as root in the CLI. Enter cd /etc/X11 to navigate the /etc/X11 folder. Enter vi xorg.conf to open the X conguration le. Under the Section Screen column, make necessary changes to the monitor settings. Save and close the le. Log out and log in for the changes to take effect.

Procedure Reference: Change Default Bitplanes for the Display Manager To change the default bitplanes for the display manager:
1. 2. 3. 4. 5. 6. 7. 8. 9.

Log in as root in the GUI. Choose ApplicationsAccessoriesTerminal to display the terminal. Enter system-config-display. From the Resolution drop-down list, select the desired resolution. From the Color Depth drop-down list, select the desired color depth. Click OK twice to save the settings. Choose SystemLog Out root. In the Log out of this system now? dialog box, click Log Out. Log in again to verify the applied settings.
Bitplanes refer to the display resolution.

Refresh Rate Refresh rate or vertical scan rate is the speed at which a screen is refreshed. Normally, color displays are refreshed 60 times per second. Resolution and Color Depth Resolution is the number of pixels that a computer monitor is capable of displaying. It is described in terms of Width x Height. The most common resolutions are 640 x 480, 800 x 600, and 1024 x 768.

Lesson 4: Conguring the Graphical User Interface

79

LESSON 4
Color depth refers to the number of colors used to display an image. The values can range from 256 colors to millions of colors. The size of a le increases with the increase in color depth value. Procedure Reference: Customize X for the Video Card To customize X for the video card:
1. 2. 3. 4.

Log in as root in the terminal. Enter system-config-display. Select the Hardware tab. Customize X for the video card. a. In the Video Card section, click Congure. b. c. Select the appropriate video card and driver settings. Click OK twice to save the settings.
The X window automatically detects the type of video card and its driver settings. You can also refer to the product manual to learn the type and optimum settings of the video card.

Every video card comes with a default memory requirement in the form of RAM, which is required for the video card to perform optimally. For normal graphics support, the default memory requirement is 32 MB RAM. If you use graphic-intensive applications, you may need to allocate higher RAM space for optimal performance, provided your video card supports it. You need to check the product manual of the video card for conguration details.

The xvidtune Command The xvidtune command displays the xvidtune dialog box to congure the horizontal and vertical display settings.
This command, when wrongly used, may cause permanent damage to the monitor or video card. You must therefore ensure that you do not change any settings without fully understanding the purpose of the setting.

Procedure Reference: Install Fonts To install fonts:


1. 2. 3.

Log in as root in the GUI. Choose ApplicationsAccessoriesTerminal to display the terminal. Create a directory and copy the font into the directory. a. Enter mkdir /Directory name to create the font directory. b. c. Enter cp /Directory containing fonts/Font name.ttf /Directory name. Enter cd /Directory name.

4.

Create the les fonts.scale and font.dir in the new directory. a. Enter ttmkfdir -d /Directory name -o /Directory name/fonts.scale. b. Enter mkfontdir /Directory name.

80

System Administration of Red Hat Linux 5

LESSON 4
5. 6. 7. 8. 9.

To add the new directory to the default font server conguration le, the /etc/X11/ fs/cong le, enter chkfontpath -a /Directory name . If necessary, enter chkfontpath --list to view the newly added font path. Enter service xfs restart to restart xfs. Choose SystemPreferencesFonts to display the Font Preferences dialog box. Click the menu button next to Application font.

10. In the Pick a Font dialog box, in the Family list, select the installed font. 11. Click OK and click Close.

The xorg.conf File The xorg.cong is a conguration le for XOrg. This le is used for conguring different X window parameters and is located in the/etc/X11/xorg.conf directory. Procedure Reference: Congure X to Use the Font Server To congure X to use the font server:
1. 2. 3. 4.

Log in as root in the CLI. Enter service xfs restart to restart the X font server. If necessary, enter chkconfig xfs on to make xfs available at system startup. Enter startx to start the X window.

Procedure Reference: Conguring XOrg in Run Level 3 To congure XOrg in runlevel 3:


1. 2. 3.

Log in as root. Enter init 3 to boot into runlevel 3. Enter xinit or startx to start the X server from the command line.

Procedure Reference: Conguring XOrg in Run Level 5 To congure XOrg in runlevel 5:


1. 2. 3. 4. 5.

Log in as root. At the command prompt, enter vi /etc/inittab to open the inittab le. Ensure that the line id: runlevel: initdefault reads id:5:initdefault to boot into run level 5. Save and close the le. Restart the computer.

Procedure Reference: Export X Sessions To export X sessions:


1. 2.

Log in as root in the GUI. At the terminal, enter DISPLAY=Client IP Address:0.0 to set the display variable.

Lesson 4: Conguring the Graphical User Interface

81

LESSON 4
DISPLAY is an environment variable that is used to specify where to export the X display.

3. 4.

Log in as root in the client machine in GUI. Enter xhost +Server IP address to add the server to the list of hosts.

ACTIVITY 4-1
Conguring X Font Servers
Data Files: MalOtf.ttf

Before You Begin:


The packages listed below are found in the /rhelsource folder. They are also provided in the /root/085993Data/ Graphical_User_Interface directory along with the MalOtf.ttf le.

1. 2. 3. 4. 5. 6.

Log in as root in the GUI. Open the terminal window. Enter rpm -qi libFS to check if the libFS-1.0.0-3.1.i386.rpm package is installed. Enter rpm -qi xorg-x11-xfs to check if the xorg-x11-xfs-1.0.2.4.i386.rpm package is installed. Enter rpm -qi chkfontpath to check if the chkfontpath-1.10.1-1.1.i386.rpm package is installed. Enter clear to clear the screen.

Scenario: You are setting up computers for new employees in various divisions of your organization. A new employee in the graphics department requires Linux GUI with high resolution and color settings. The employee also wants the MalOtf.ttf font installed in the system. Account information: Login name for root user: root Password for root user: p@ssw0rd

82

System Administration of Red Hat Linux 5

LESSON 4
What You Do 1. Set the monitor resolution and color settings. How You Do It a. To open the Display Settings window, enter system-config-display b. From the Resolution drop-down list, verify that 800X600 is selected. c. Verify that in the Color Depth drop-down list, Millions of Colors is selected and click OK. d. In the confirmation message box, click OK. 2. Install the new font. a. To create a font directory, enter mkdir /usr/share/fonts/local
The symbol indicates that the text appearing on the next line should be typed on the same line in which appears.

b. To copy the font file to the /usr/share/ fonts/local directory, enter cp /root/085993Data/ Graphical_User_Interface/ MalOtf.ttf /usr/share/fonts/local c. Enter cd /usr/share/fonts/local d. Enter ttmkfdir -d /usr/share/fonts/local -o /usr/share/fonts/local/fonts.scale e. Enter mkfontdir /usr/share/fonts/local f. Enter chkfontpath -a /usr/share/fonts/local

Lesson 4: Conguring the Graphical User Interface

83

LESSON 4
3. Configure the new font. a. To restart the xfs service, enter service xfs restart b. To clear the screen, enter clear c. Choose SystemPreferencesFonts to display the Font Preferences dialog box. d. Click the menu button next to Application font. e. In the Pick a Font dialog box, in the Family list, scroll up and select MalOtf and click OK. f. Click Close.

ACTIVITY 4-2
Conguring XOrg Server
Scenario: A user on your network wants to view the X window of his system on another system on the network that he is using as the environment system. You are assigned the task of setting up his system. You decide to congure the X server and check if it is in the proper runlevel. You decide to export the X session to the other system.
What You Do 1. Configure the boot runlevel. How You Do It a. To open the inittab file, enter vi /etc/inittab b. Verify that the line id:{runlevel}:initdefault: reads id:5:initdefault: to boot into run level 5. c. To exit to the command mode, press Esc. d. Save and close the file.

84

System Administration of Red Hat Linux 5

LESSON 4
2. Export X sessions. a. To export the X session, enter DISPLAY= 192.168.0.1:0.0 b. To close the terminal window, enter exit. c. Choose SystemLog Out root to log out of the system. d. To log out of the system, at the message box, click Log Out.

TOPIC B
Customize the Display Manager
You implemented X to work with the Linux graphical user interface. Now, you want to customize the GUI environment. The desktop is one of the rst screens that a user interacts within a GUI. Therefore, it is necessary that the desktop should be appealing and easy to use. This will help create a good impression on the user. In this topic, you will customize the display manager to manage the desktop environment. The desktop is an important part of any graphical user interface. Users may want to customize their desktop environments according to their own preferences. They can keep the applications they access frequently and keep shortcuts to different programs on the desktop. This will enable easy access to various applications and options.

Display Managers
Denition: A display manager is a program that controls the look and feel of a desktop environment. A display manager provides a graphical login screen. Display managers manage a collection of X servers. These servers may be on the local host or on remote systems. Display managers can be customized to run every time the system boots. The most popular desktop environments that are used by users of X servers are GNOME and KDE. You can customize any of the applications present in the Applications, Places, or System folders for KDE and GNOME. After saving the settings, they will then be applied to the desktop environment. Most of the applications are common to both KDE and GNOME, while some are specic to the individual environment, such as Control Center in KDE.
Display Managers

Lesson 4: Conguring the Graphical User Interface

85

LESSON 4
Example:

Display Managers for Linux Common display managers for Linux include: The GNOME display manager, or gdm, is the default display manager for Red Hat Linux. gdm allows the user to congure language settings and log in to, shut down, or reboot the system. The KDE display manager, or kdm, is the display manager for KDE, or K Desktop Environment. It allows the user to log in, shut down, or reboot the system.

The GNOME Desktop Environment


The GNOME Desktop Environment

The GNOME desktop environment (GDE) is the default desktop environment in RHEL 5. The GNOME desktop initially displays three icons, one each for the Computer, roots Home, and Trash. There are two horizontal panels, one at the top and one at the bottom of the desktop. The user can customize these panels with shortcuts to applications that are frequently used. The GNOME Desktop Manager (gdm) is used to customize the GDE.

86

System Administration of Red Hat Linux 5

LESSON 4

Figure 4-2: The gnome display manager, with its various components.

The KDE Desktop Environment


The KDE desktop environment is installed along with GDE in RHEL 5. There is only one horizontal panel at the bottom in the case of KDE. The main menu can be accessed by clicking the Red Hat logo in the left corner of the KDE panel. KDE can be customized to suit users needs.
The KDE Desktop Environment

Figure 4-3: The KDE display manager, displaying only one panel. The Congure - KDesktop Window The Congure - KDesktop window enables you to change the appearance of KDM. The options that are available in the Congure - KDesktop window are provided in the following table.

Lesson 4: Conguring the Graphical User Interface

87

LESSON 4
Congure - KDesktop Options
Display Behavior

Used To
Congure the resolution and other display settings. Congure the behavior of the desktop such as enabling icons on the desktop and the action to be performed on clicking the right, left, or middle button. Congure the number of virtual desktops. You can specify up to 16 virtual desktops. Change the background settings such as wallpaper and background. Set a screen saver and its timing options.

Multiple Desktops Background Screen Saver

KDE Panel Conguration Options The Add Applet, Add Application, and Add New Panel options are used to access and congure different applications that are categorized under Applet, Application Button, and Panel. Some of the options in each menu are provided in the following table.

Add Applet
Clock Lock/Logout Buttons Quick Launcher Trash System Monitor

Add Application
The Internet Office Find Files/Folders Control Center Help

Add New Panel


Panel Dock Application Bar External Taskbar KasBar Universal Sidebar

The switchdesk Command


The switchdesk Command

The switchdesk command provides a simple method of switching among the various desktop environments. To enable the switchdesk command, the packages switchdesk-4.0.8-6.noarch.rpm and switchdesk-gui-4.0.8-6.noarch.rpm have to be installed after the installation of the Linux operating system is complete. On running the switchdesk command from the terminal, the Desktop Switcher dialog box is displayed.

88

System Administration of Red Hat Linux 5

LESSON 4

Figure 4-4: The switchdesk command, with the Desktop Switcher dialog box.

How to Customize the Display Manager


Procedure Reference: Switch Between Desktop Environments To switch between KDM and GDM:
1. 2. 3.

Log in as root in GUI. Display the terminal. To enable the switch desk feature, verify that the packages, switchdesk-4.0.8-6.noarch.rpm and switchdesk-gui-4.0.8-6.noarch.rpm are installed. Enter switchdesk Desktop type to display the Desktop Switcher window. Choose the desired desktop environment. Click OK twice to apply the changes. Log out and log in to verify the applied changes.

4. 5. 6. 7.

Procedure Reference: Congure GDM To congure GDM:


1. 2. 3. 4. 5.

Log in as root in the GNOME desktop environment. Choose ApplicationsSystem ToolsTerminal. Enter gdmsetup to open the Login Window Preferences dialog box. Make the necessary changes. Click Close.

Congure GDM Using CLI To congure GDM using CLI, navigate to the /etc/X11/gdm/gdm.conf le. You can manually change the necessary settings, which will then be applied to the desktop after you save and exit the le and start the X window service.

Lesson 4: Conguring the Graphical User Interface

89

LESSON 4
Procedure Reference: Congure KDM Using the Congure - KDesktop Window To congure KDM using the Congure - KDesktop window:
1. 2. 3.

Log in as root in the KDE desktop. Right-click the desktop and choose Congure Desktop. In the Congure - KDesktop window, congure the settings. Select Background to modify the background settings. Select Behavior to congure the desktop behavior. Select Multiple Desktops to congure multiple virtual desktops. Select Screen Saver to modify the screen saver settings. Select Display to modify the display settings.

4.

In the Congure - KDesktop window, click Apply and then click OK.

Procedure Reference: Congure Display Managers for Use by X-Stations To congure the desired display managers for use by X-stations:
1. 2. 3. 4. 5.

Log in as root in GUI. Enter switchdesk to display the Desktop Switcher window. Choose the desired desktop environment. Click OK twice to apply the changes. Reboot the system to verify that the system boots in the specied desktop.

Procedure Reference: Change the GDM Greeting Page To change the GDM greeting page:
1. 2. 3. 4. 5. 6. 7. 8. 9.

Log in as root in the GNOME desktop environment. Choose ApplicationsAccessoriesTerminal. Enter gdmsetup to display the Login Window Preferences dialog box. In the Login Window Preferences dialog box, select the Local tab. In the Themes section, choose the desired greeting page. Click Close. Enter exit to close the terminal window. Choose SystemLog Out root. In the Log out of this system now dialog box, click Log Out.
Instead of using the switchdesk command to switch between desktops, you can switch between desktops from the welcome screen. Click the Session button at the bottom of the welcome screen and select the appropriate desktop.

90

System Administration of Red Hat Linux 5

ACTIVITY 4-3
Conguring KDM
Scenario: A user working in the graphics department wants to create a customized desktop environment. His requirements include changing the default background, having six desktop windows, and adding the menu bar on top of the screen. You are assigned the task of changing the users background. You nd that the user presently has GDM congured in the machine.
What You Do 1. Switch from GNOME to KDE. How You Do It a. On the welcome screen of the GUI, click Session. b. In the Sessions dialog box, select the KDE option and click Change Session. c. In the Username text box, type root and press Enter. d. In the Password text box, type p@ssw0rd and press Enter. e. In the message box that asks if you want to make the selected session as default, click Just For This Session. 2. Change the desktop background image. a. On the KDM desktop, right-click and choose Configure Desktop. b. In the Configure - KDesktop window, on the left pane, verify that Background is selected. c. On the right pane, in the Background section, click the Picture drop-down list. d. From the Picture drop-down list, scroll up and select Kubical. 3. Add the menu bar to the top of the screen. a. On the left pane, select Behavior. b. In the Menu Bar at Top of Screen section, select the Desktop menu bar option.

LESSON 4

Lesson 4: Conguring the Graphical User Interface

91

LESSON 4
4. Configure virtual desktops. a. On the left pane, select Multiple Desktops. b. In the Number of desktops spin box, double-click and type 6 5. Apply the new settings. a. In the Configure - KDesktop dialog box, click Apply to apply the settings. b. Click OK to close the Configure KDesktop dialog box.

TOPIC C
Customize the Window Environment
In the previous topic, you customized the display manager to manage the desktop environment. In addition to the desktop, windows and icons form an important part of the users interaction with the GUI. In this topic, you will customize the window environment. While working in a graphical user interface, users will need to work with windows. They may need to manipulate the size and placement of windows to suit their needs. Customizing the window environment can meet these needs with ease.

Window Managers
Window Managers

Denition: A window manager is a program that controls the look and feel of a graphical user interface. It determines the appearance of windows by controlling their size and placement. It also determines the responses to clicking actions. A window manager provides users with icons, taskbars, title bars for windows, and other desktop objects. It also allows users to manipulate a window by moving, resizing, or closing it.

92

System Administration of Red Hat Linux 5

LESSON 4
Example:

The XTerm
Denition: The XTerm is a screen for typing system commands for the X Window System. It is also known as the shell prompt, console, or terminal. It requires an X Server running on the local or remote system. It helps to combine the advantages of the shell and window manager user interfaces. Example:
The XTerm

How to Customize the Window Environment


Procedure Reference: Customize a System-Wide Desktop Environment To customize a system-wide desktop environment for KDE/GNOME:
1. 2. 3. 4.

Log in as root in the GUI. On the desktop, click the Start Here icon in the KDE to access the menu. Click the Applications, Places, or System folder to access the respective contents and applications in GDE. Make the necessary changes and save the settings.

Lesson 4: Conguring the Graphical User Interface

93

LESSON 4
Procedure Reference: Customize the Window Manager Menus To customize the window manager in GNOME:
1.

Customize the window manager menu in GNOME. a. Log in as root in GUI in GNOME. b. c. d. e. To add an application to the panel, right-click the empty space in the panel located at the bottom of the screen and choose Add to Panel. Choose the desired application and click Add. Click Close to close the Add to Panel dialog box. To move an application icon in the panel, right-click the icon, choose Move and then move the cursor to the desired location in the panel and click on the panel. If necessary, to delete an application icon in the panel, right-click the icon and choose Remove From Panel.

f.
2.

Position the panels in GNOME. a. Right-click the empty space in the panel located at the bottom of the screen. b. c. Choose New Panel and choose the desired options. Right-click the panel and choose Properties to change the orientation, size, and color of the panel.

Procedure Reference: Congure a Panel in KDE To congure a panel in KDE:


1. 2. 3.

Log in as root in KDE GUI. Right-click the empty space in the panel and choose Congure Panel. In the Congure KDE Panel dialog box, use the Arrangement, Appearance, and the Taskbar buttons on the left pane to congure the panel. The Arrangement option is used to change the position, length, and the size of a panel. The Appearance option is used to change the appearance of the panel. The Taskbar option is used to congure the actions that need to be performed when clicking the right, left, and middle mouse buttons. It is also used to congure the taskbar.

4.

Click Apply to apply the settings and click OK to close the Congure KDE Panel dialog box.

Procedure Reference: Customize the Window Manager Menu for KDE To customize the window manager menu for KDE:
1. 2.

Log in as root in KDE GUI. To add an application to the panel, right-click the empty space in the panel and choose Add Application to Panel and then choose the desired application. The application icon is added to the panel. To move an application icon in the panel, right-click the icon, choose the Move [Application name] button, and then move the cursor to the desired location in the panel and click.

3.

94

System Administration of Red Hat Linux 5

LESSON 4
4.

If necessary, to delete an application icon in the panel, right-click the icon and choose the Remove [Application name] button.
You can add, move, or delete icons of frequently used applications in the KDE desktop.

Procedure Reference: Congure xterm To congure xterm:


1. 2. 3.

Log in as root in the GUI. Display the terminal. Change the location of the xterm window in the screen. a. b. Enter vi /etc/X11/xinit/xinitrc. Scroll down and change xterm -geometry 80x50-50+150, which sets the location of the xterm window in the screen, to xterm -{Parameter} {Value}. Save and close the le.
The etc/X11/xinit directory contains the xinitrc le, which is used to start the Window manager.

c.

4. 5. 6. 7. 8.

Log out from the current session. Reboot the system to verify that the system boots in the specied desktop. Click Session, choose Failsafe Terminal and click OK. Enter the user name and password to display the xterm X terminal. Ensure that the cursor is within the xterm window. Enter exit to log out and return to the login screen.
There are different types of terminals, such as xterm, rxvt, and aterm. The rxvt and aterm are X terminals that are intended as a replacement for xterm. Because they use less swap space than xterm, they are an advantage on any machine serving many X sessions.

Procedure Reference: Verify and Resolve Library Dependency Issues for X Applications To verify and resolve dependency issues for X applications:
1. 2. 3.

Enter rpm -qpR X application package name to identify the library les and the dependent packages needed for the installation of the X package. Enter locate Library file to verify that the library les are present in the system. Enter rpm -ivh X application package name to install all the dependencies and then install the required X application packages.

Lesson 4: Conguring the Graphical User Interface

95

LESSON 4
Importance of Library Files During the installation of certain X applications, the application will search for library les and some dependent packages needed for the X application package to be successfully installed in a system. In case the library les are not installed in the system, you need to rst identify the library les and then install the packages containing them along with the dependent packages required for the X application.

ACTIVITY 4-4
Customizing Desktop Panel Menus
Scenario: A new user on your network who is just getting familiar with Linux feels that the edge panel on the desktop is too big and wants it to be more compact and relocated to the left edge. Moreover, the colleague nds it time consuming to access frequently used applications, such as the terminal window and the KWrite application, and he also feels that the default panel background color doesnt contrast well with the panel icons. He has requested you to assist and guide him through the task of modifying the desktop.
What You Do 1. Position the panel at the left top edge of the desktop. How You Do It a. On the panel located at the bottom of the screen, right-click the empty space and choose Configure Panel. b. In the Configure - KDE Panel dialog box, verify that Arrangement is selected. c. In the right pane, in the Position section, click the Top left button. 2. Resize the panel. a. In the Length section, in the Length spin box, double-click and type 50 b. In the Size section, from the Size dropdown list, select Small.

96

System Administration of Red Hat Linux 5

LESSON 4
3. Change the panel background. a. On the left pane, click Appearance. b. On the right pane, in the Panel Background section, check Enable background image. c. Click the Open file dialog icon. d. In the Select Image File - KDE Panel dialog box, in the Location combo box, type /usr/share/wallpapers and press Enter. e. Select blue_angle_swirl.jpg and click OK to close the Select Image File - KDE Panel dialog box. f. To apply the changes and close the Configure - KDE Panel dialog box, click OK.

4.

Add frequently used applications to the panel.

a. On the panel located at the top left corner of the screen, right-click the empty space and choose AddApplication ButtonSystem ToolsTerminal. b. On the panel, right-click the empty space and choose Add Application to Panel UtilitiesEditorsKWrite. c. Choose K MenuLog Out. d. Click End Current Session to log out of the KDE session.

Lesson 4 Follow-up
In this lesson, you congured the graphical user interface. Working with the graphical user interface of Linux can be useful when recalling commands becomes difficult. The GUI is also more user friendly and easily understandable. As a system administrator, it will help you direct users to congure their systems.

Lesson 4: Conguring the Graphical User Interface

97

LESSON 4
1. Do you think using the Linux graphical user interface in conjunction with the command line interface will yield better results? Why? Answers will vary, but may include: 1. Using the GUI or the CLI depends on user requirements. If the user is technically sound and is able to use commands with ease, then they can use the CLI. If they want a more interactive interface, they can use the GUI. Therefore, combining both will make Linux accessible to all users. 2. Sometimes, viewing the CLI screen for too long may seem monotonous. In such cases, they can use the GUI along with the CLI. 2. In what way do you think customizing the display and window managers is useful? Answers will vary, but may include: 1. Customizing window managers enables users to easily access the applications that they frequently use. 2. Users can modify the system to suit their requirements and comfort.

98

System Administration of Red Hat Linux 5

LESSON 5

LESSON 5
Conguring System Services
In this lesson, you will examine system services. You will: Maintain system logs using NTP and logging daemons. Communicate with remote systems. Automate system services using cron.

Lesson Time 2 hour(s), 15 minutes

Lesson 5: Conguring System Services

99

LESSON 5
Introduction
You have congured the GUI on your system. As a system administrator, you will manage multiple systems in the network. There will be many instances when the GUI and other services might be affected and you might have to troubleshoot them to maintain the interfaces on the systems. To carry out these tasks, you must have a knowledge of the system services. In this lesson, you will congure system services. While managing multiple systems, you need to keep track of each system, troubleshoot problems, and also perform regular checks. If these tasks are not done periodically, system crashes may occur and disrupt the whole network, causing loss of productivity. However, you are given only a limited time to manually perform these checks.

TOPIC A
Maintain System Logs
You have managed processes and resources. As a system administrator, you must keep track of the various processes taking place in multiple systems to manage and troubleshoot them. In this topic, you will maintain system logs. When you are maintaining multiple systems, you will always have sudden issues that turn into major problems if left unattended. It might also lead to system crashes. You must always maintain logs of all processes running on your system to enable you troubleshoot these issues immediately. This will help you effectively manage the network.

System Logs
System Logs

Denition: System logs are records of system activities that the syslogd utility keeps track of. The syslogd utility runs as a daemon. System logs are usually started at boot time. System log messages include the date, the process that delivered the message, and the message. Example:

The syslogd Utility


The syslogd utility is used to keep track of remote and local system logs. Logs are characterized by their host name and program eld. The settings for syslogd are congured using the /etc/syslog.conf le. The syntax for this command is syslogd options.
100 System Administration of Red Hat Linux 5

LESSON 5
The syslogd utility provides a number of options to manage specic functions. Option
-d -f filename -m interval -r

Enables You To
Turn on the debug mode. Specify a new conguration le instead of /etc/syslog.conf. Specify a time interval between two lines. Enable syslogd to receive messages from the network.

The /etc/syslog.conf File


The /etc/syslog.conf le controls the location where syslogd information is recorded. This le consists of two columns. The rst column lists the facilities and severities of the messages. The second column lists the les to which they should be logged. By default, most messages are stored in the /var/log/messages le. Some applications maintain their own log les and directories independent of the syslog.conf le. Each service has its own log storage le. Some of them are listed below:

Log File / Directory


/var/log/maillog /var/log/httpd/access_log /var/log/samba /var/log/mrtg /var/log/httpd

Description
Stores Mail messages. Stores Apache web server page access logs. Stores Samba messages. Stores MRTG messages. Stores Apache web server messages.

Tracking Problems Noted in Logs Log les are important to help track down system problems. In the event of a log le becoming too large, it can be deleted and syslogd will re-create it. The /etc/syslog.conf le helps in tracking down the location of the log les and which programs are represented by them. The /etc/syslog.conf le can be edited to include log messages as desired. Syslog Severities The /etc/syslog.conf le can be congured to place messages having different severities and facilities in different les. The messages will be logged based on the increasing level of severity. For example, if the severity level is set as notice, all messages matching the level of severity notice and higher are logged. The following table lists the syslog severities and their descriptions.

Level Of Severity
0

Keyword
emerg

Description
When the system cannot be used

Lesson 5: Conguring System Services

101

LESSON 5
Level Of Severity
1 2 3 4 5 6 7

Keyword
alert crit error warn notice info debug

Description
When immediate action is required When the condition is critical When errors are encountered When warnings are encountered When normal, but signicant conditions are encountered When informational messages are encountered When debugging messages are encountered

Syslog Facilities The /etc/syslog.conf le displays its messages using several facility options. There are various facility options based on the type of message to be logged.

Use This Facility Option


lpr mail news syslog user

If You Need To Log


Printing messages Mail messages News messages Internal syslog messages User-level messages

The system-cong-date Command


The system-cong-date Command

The system-config-date command allows you to open the Date/Time Properties window. This enables you to congure the time zone and modify date and time. The command can also be used to congure the Network Time Protocol settings.
This command can only be run from the terminal in the GUI.

102

System Administration of Red Hat Linux 5

LESSON 5

Figure 5-1: The system-config-date command allows you to set the date and time.

Network Time Protocol (NTP)


Network Time Protocol, or NTP, is a standard Internet protocol for synchronizing the internal system clock with the true time or the average time on a number of high accuracy clocks around the world. NTP is used for transmitting and receiving time over TCP/IP networks. NTP is also used to set the clock of one computer to match that of another, and synchronize it with the network clock.
Network Time Protocol (NTP)

Figure 5-2: Synchronization of system clocks with network time using NTP Drift Files The drift le is a le found in the /etc/ntp directory. The NTP drift le is used by the ntpd daemon to reset the time when the system is restarted. The drift le synchronizes the system clock and the clock drift, to display the time from the NTP server.

The ntp.conf File


The ntp.conf le found in the /etc directory contains conguration options for the NTP server. The le contains settings for all hosts on local as well as public servers. The ntpd daemon reads the ntp.conf le for synchronization settings and then connects to the NTP server.
Lesson 5: Conguring System Services 103

LESSON 5
How to Maintain System Logs
Procedure Reference: Congure System Logs To congure system logs:
1. 2. 3.

Log in as root. At the command prompt, enter vi /etc/syslog.conf to open the system log conguration le. Type {Facility} {Level of severity} {File where the log messages will get stored} to set the type and level of severity to be logged in the specied le. Save and exit. Enter service syslog restart to restart the system log service and apply the changes.

4. 5.

Procedure Reference: Congure syslogd to Act as a Central Network Log Server To congure syslogd to act as a central network log server:
1. 2. 3. 4. 5. 6.

Log in as root in the CLI. To open the syslog le, enter vi /etc/sysconfig/syslog. To switch to the insert mode, press I. Add the -r option to the SYSLOGD_OPTIONS parameter, SYSLOGD_ OPTIONS=-r -m 0 Save and close the le. Enter service syslog restart to restart the syslog service.

Procedure Reference: Congure syslogd to Send Log Output to a Central Log Server To congure syslogd to send the log output to a central log server:
1. 2. 3. 4. 5.

Log in as root. Enter vi /etc/syslog.conf to open the system log conguration le. Type {Facility} {Level of severity} @{IP or FQDN of the log server} to send the log output to a remote log server. Save and close the le. Enter service syslog restart to restart the system log service and apply the changes.

Procedure Reference: Synchronize the System Clock with Remote Time Server Using the system-cong-date Command To synchronize the system clock with remote time server using the system-config-date command:
1. 2.

Log in as root. Launch the Date and Time Properties window.

104

System Administration of Red Hat Linux 5


3. 4.

In the GUI, from the menu bar, choose SystemAdministration Date & Time. Enter system-config-date.

LESSON 5

Select the Network Time Protocol tab. Synchronize the system clock with the remote time server using NTP. a. b. c. Check the Enable Network Time Protocol option. Click the Add button to add the NTP server. If necessary, Select the entry and click Add to modify the existing entry. Select the entry and click Edit to edit the existing entry. Select the entry and click Delete to delete the existing entry. Click the Show advanced options section to use the hidden advanced options.

5.

Click OK to apply the settings and close the window.

Procedure Reference: Synchronize the System Clock with the Remote Time Server Using the /etc/ntp.conf File To synchronize the system clock with the remote time server using the ntp.conf le:
1. 2. 3. 4.

Log in as root. To navigate to the /etc directory, enter cd /etc. Enter vi ntp.conf to open the ntp.conf le. Specify the time server details. Enter server { ip-address | FQDN of the time server } to set the server details. Enter drift file { drift file location } to set the drift le location.

5. 6.

Save and close the le. To manually reset the clock, enter ntpdate.

Lesson 5: Conguring System Services

105

LESSON 5

ACTIVITY 5-1
Conguring System Logs
Scenario: As the system administrator, you are performing routine maintenance checks on systems in the network. You nd that the logs show a couple of errors because they are not logged properly. You want only the warnings and alerts to be shown in the logs. So, you decide to congure the settings for syslog.
What You Do 1. Open the /etc/syslog.conf file. How You Do It a. To switch to the CLI, press Ctrl+Alt+F1. b. Log in as root in the CLI of the Linux client machine. c. To open the syslog.conf file, enter vi /etc/syslog.conf 2. Configure the syslog settings. a. To go to the last line, press Shift+G. b. To switch to the insert mode, press I. c. On a new line, type mail 4 /root/test.log d. To exit to the command mode, press Esc. e. Save and close the file. f. To restart the syslog service, enter service syslog restart

g. Enter clear

106

System Administration of Red Hat Linux 5

ACTIVITY 5-2
Conguring syslogd
Scenario: In a network, you must ensure that all system logs are sent to a central server to keep track of all systems in the network. However, you want the messages to be automatically sent to the log server and do not want to monitor each system individually. So, you decide to congure syslogd to accomplish your task.
What You Do 1. Configure syslogd to act as a Central Network Log Server. How You Do It a. To open the syslog file, enter vi /etc/sysconfig/syslog b. To go to the SYSLOGD_OPTIONS=-m 0 line, enter /SYS 2. Modify the settings in the /etc/ sysconfig/syslog file. a. To switch to the insert mode, press I. b. To add the -r option to the SYSLOGD_ OPTIONS parameter, set SYSLOGD_ OPTIONS=-r -m 0 c. To exit to the command mode, press Esc. d. Save and close the file. 3. Restart the syslog service. a. To restart the syslog service, enter service syslog restart b. Enter clear

LESSON 5

Lesson 5: Conguring System Services

107

LESSON 5

ACTIVITY 5-3
Synchronizing System Clocks
Scenario: All employees in the company where you work as a system administrator are required to ll out their time cards to keep track of their daily duties. You are assigned the task of standardizing the time displayed on all systems to ensure that all users enter the correct time in their time cards. As part of the auditing task, you want to ensure that all systems in the network have their time synchronized to the time server. To ensure uniformity in the time cards, you decide to congure NTP.
What You Do 1. Open the ntp.conf file. How You Do It a. To navigate to the /etc directory, enter cd /etc b. To open the ntp.conf file, enter vi ntp.conf 2. Synchronize the system time with the server. a. To go to the last line, press Shift+G. b. To go to the insert mode, press I. c. On a new line, type server 192.168.0.1 d. To exit to the command mode, press Esc. e. Save and close the file. f. Enter logout

108

System Administration of Red Hat Linux 5

LESSON 5
3. Enable NTP. a. Switch to the GUI mode. b. Log in as root in the GUI of the Linux client machine. c. To launch the terminal, choose ApplicationsAccessoriesTerminal. d. To launch the Date/Time Properties window, at the terminal, enter system-config-date e. Select the Network Time Protocol tab. f. To synchronize the system clock with the remote time server using NTP, check the Enable Network Time Protocol option.

g. Verify that the NTP servers are displayed. h. Click OK to apply the settings and close the window. i. Enter reboot

TOPIC B
Work with Remote Systems
In the previous topic, you maintained system logs and examined NTP. In situations such as adding new systems to the network, you will directly communicate with the server and modify the data in the server to connect your computer to the server. In this topic, you will explore the SSH and VNC and examine its various functions. As a system administrator in the network, you will address the needs of users who are scattered across different locations. Or, there might be some meetings or conferences that require you to connect to the server remotely. Your capability as a system administrator will increase if you knew how to connect to remote systems. You can access data remotely and also troubleshoot all the systems from one location.

Lesson 5: Conguring System Services

109

LESSON 5
Secure Shell (SSH)
Secure Shell (SSH)

Denition: Secure Shell (SSH) is a network protocol that controls the secure ow of data among computers in a network. SSH architecture contains the transport layer, the user authentication layer, and the connection layer. The client places a request, which is authenticated by the user authentication layer. This transfers the request to the server, which is authenticated by the transport layer, through the connection layer. By making use of public-key cryptography to encrypt data, this architecture makes SSH exible and secure. There are many versions of SSH, such as SSH1 and SSH2. Example:

OpenSSH
OpenSSH is a free version of the SSH protocol that is included with most Linux distributions. Data to be transmitted passes through a secure tunnel that is formed between the two systems. Telnet transmits data which includes passwords that can be easily intercepted by any system in the network. OpenSSH provides a strong client-server authentication method. The ssh-keygen Command The ssh-keygen command generates, manages, and converts authentication keys. The following table lists some options of the ssh-keygen command.

Use This ssh-keygen Command Option


-b bits -c -f file name -l -p

If You Need To
Specify the number of bits to be created in the key. Change the comment in the public and private key les. Specify the le name of the key le. Show the ngerprint of the specied public key le. Change the passphrase of a private key le instead of creating a new private key.

110

System Administration of Red Hat Linux 5

LESSON 5
Public and Private Keys Both a private key and a public key are involved in the authentication process. Each key is a collection of alphanumeric and special characters that uniquely identify each system. The private key is involved in public key authentication that is retained on the local system. The public key is involved in public key authentication that is made known to remote systems. The private key is retained on the local system. The public key is made known to remote systems. The private key is never transmitted to the destination server. A meaningful message will result only when the destinations private key is combined with the public key of the original server. While logging in to a remote machine, the private and public keys are combined by the remote server for verication. The keys need to match if the user has to login and transfer les. Authenticity is established by the remote server, which then grants the necessary permissions. Key Files The key pairs that you create using SSH are stored in different les depending on the algorithm you use.

Files Created
id_dsa, id_dsa.pub id_rsa, id_rsa.pub identity, identity.pub

Algorithm
DSA. RSA with SSH protocol version 2. RSA with SSH protocol version 1.

The /etc/ssh/sshd_cong File The /etc/ssh/sshd_cong le is the SSH server conguration le. Most lines in this conguration le are commented, indicating the default settings that have been applied. You can remove the comment and change the default settings. Some common SSH server conguration le options are provided in the following table.

Use This sshd Option


X11Forwarding yes

If You Need To
Run or stop running a program in one machine and display the X window output in another machine. Stop running a program in one machine and display the X window output in another machine. Allow the root user to login via SSH. Specify the maximum number of connections that can be made to a host. Drop connections if the connection is not established within the login grace time. Specify the location of the le that contains the authentication keys. Specify whether a null password is allowed or denied.

X11Forwarding no

PermitRootLogin MaxStartups Number LoginGraceTime Time in seconds

AuthorizedKeysFile File name PermitEmptyPasswords yes/no

Lesson 5: Conguring System Services

111

LESSON 5
Tunneling
Tunneling

Tunneling is a layered protocol model in which one protocol is layered over the other. The inner protocol called the payload protocol is encapsulated within another protocol called the delivery protocol. This provides security and exibility to the connection. Some of the tunneling protocols are GRE, GTP, and MPLS. An SSH tunnel is created when an SSH connection is tunnelled. SSH tunneling enables users to access web sites and bypass rewalls by setting up proxy servers. A protocol that is blocked by the rewall is encapsulated within a different protocol that is not blocked by the rewall, thus establishing the connection.

Figure 5-3: The tunneling protocol and its architecture.

Virtual Network Computing (VNC)


Virtual Network Computing (VNC)

Denition: Virtual Network Computing (VNC) is a platform-independent system through which a user can control a remote system. The virtual network is made up of the VNC client, the VNC server, and the VNC protocol. The VNC client is able to view the output that is displayed by the VNC server through the VNC protocol. A user can run multiple VNC sessions. However, the display for each VNC client may differ from the VNC server display. Example:

112

System Administration of Red Hat Linux 5

LESSON 5
The vncserver Command
The vncserver command is used to start a system with VNC. The $HOME/.vnc/xstartup le allows the user to control applications running on the remote system. You can specify the display number that the VNC server will use when it is started. The syntax for the vncserver command is vncserver {:display number} {-option} The vncserver command has various options.

Option
-name desktop name -geometry resolution -depth depth -pixelformat format

Enables You To
Specify the desktop name. Specify the screen resolution of the remote desktop. Specify the pixel depth of the desktop. The accepted values are 8, 15, and 24. Specify the pixel format, such as RGB and BGR.

The vncviewer Command


The vncviewer command is used to view the VNC client. On passing the vncviewer command, the VNC client connects to the VNC server. The user can specify the VNC server to which the VNC client has to be connected. The vncviewer supports user authentication by prompting for a password. There are various options for specifying the vncviewer parameters. The syntax for the vncviewer command is vncviewer {option} {host} {:display#}

Option
-display Xdisplay -listen port -Shared -FullScreen -via gateway

Enables You To
Specify the X display. Search for reverse connections from the VNC server. Keep multiple VNC connections open. Start the VNC client in the full-screen mode. Create a tunnel to a gateway machine, and then connects the client to the host.

How to Communicate with Remote Systems


Procedure Reference: Communicate Using Secure Shell To communicate using secure shell:
1. 2.

Log in as a user. Connect securely to another computer. a. Enter ssh {user name}@{hostname or IP of the destination} to connect to the remote host. b. c. If prompted, add the host as a trusted host. Enter the password to log in.
113

Lesson 5: Conguring System Services

LESSON 5
3.

Execute commands securely in another computer. a. b. c. d. Enter ssh {user name}@{hostname or IP of the destination} to connect to the remote host. If prompted, add the host as a trusted host. Enter the password to log in. Enter the command to execute the command. Enter ssh -L {port number}:{remote server IP or FQDN}:{port number} {username}@{remote server IP or FQDN} to create a tunnel using SSH. If prompted, add the host as a trusted host. Enter the password to log in.

4.

Create a tunnel using SSH. a.

b. c.
5.

Authenticate the tunnel with SSH keys. a. Enter ssh-keygen -d to generate a key. b. c. d. e. f. Press Enter three times to generate the keys id_dsa and id_dsa.pub in /root/ .ssh. Log in as root in the second system with which you want to establish an SSH connection. Enter ssh-keygen -d. Press Enter three times to generate the keys id_dsa and id_dsa.pub in /root/ .ssh. Enter scp /root/.ssh/id_dsa.pub {username}@{ IP or FQDN of the first system}:/root/.ssh/authorized_keys to copy the public key from the second machine to the rst machine. If prompted add the host as a trusted host. Enter the password to log in. Enter scp /root/.ssh/id_dsa.pub {username}@{ IP or FQDN of the first system}:/root/.ssh/authorized_keys to copy the public key from the rst machine to the second machine. If prompted, add the host as a trusted host. Enter the password to log in.

g. h. i.

j. k.

Procedure Reference: Transfer Files Securely to Another Computer To transfer les securely to another computer:
1. 2.

Log in as a user in the CLI. Enter scp {command option} {source file or folder name} {user name}@{hostname or IP of the destination}:/{destination file or folder name} to transfer les using scp. If prompted, add the host as a trusted host. Enter the password to transfer the le.

3. 4.

114

System Administration of Red Hat Linux 5

LESSON 5
Procedure Reference: Run the VNC Server To run the VNC server:
1. 2. 3. 4. 5.

Log in as root in the GUI. At the terminal, enter vncserver to start the VNC server. Enter the VNC server password, which will be used by clients when connecting to this server. Conrm the password. Write down the {server name}:{screen number} that is displayed.

Procedure Reference: Connect to the VNC Server using VNC Viewer To connect to the VNC server using VNC viewer:
1. 2. 3.

Log in as root in the GUI of the client machine. At the terminal, enter vncviewer {server name}:{screen number} to view the VNC server. In the VNC Authentication window, in the Password text box, enter the password of the server to connect.

ACTIVITY 5-4
Communicating Using Secure Shell
Before You Begin: To be performed by the instructor: 1. Verify that the 085993Data/Conguring_System_Services/meeting_report is present in the root directory of the server. 2. 3. Enter ssh-keygen -d to generate a key. Press Enter three times to generate the keys id_dsa and id_dsa.pub in /root/.ssh.

Scenario: A lecture is scheduled to take place at your office. As a system administrator, you have been asked by users to establish a secure connection between the system in the lecture hall and their systems, so that they can access the meeting_report le on their systems remotely. You decide to congure SSH to establish the connection and secure it using authentication keys.

Lesson 5: Conguring System Services

115

LESSON 5
What You Do 1. Connect to another computer in the network. How You Do It a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root. c. To connect to the server, enter ssh root@192.168.0.1
If you are prompted to continue connecting, enter yes.

d. If prompted, at the root@192.168.0.1s password: prompt, enter p@ssw0rd e. Verify that the last login time is displayed. f. To navigate to the 085993Data directory, enter cd 085993Data

g. To navigate to the Configuring_System_ Services directory, enter cd Configuring_System_Services h. To view the contents of the Configuring_ System_Services directory, enter ls -l i. To view the contents of the meeting_ report file, enter cat meeting_report Enter logout

j. 2. Create a tunnel using SSH.

a. To create a tunnel using SSH, enter ssh -L 3128:192.168.0.1:3128 root@192.168.0.1 b. If prompted, to continue connecting, enter yes c. If prompted, at the root@192.168.0.1s password: prompt, enter p@ssw0rd d. Verify that the last login time is displayed. e. Enter logout

116

System Administration of Red Hat Linux 5

LESSON 5
3. Authenticate the tunnel with SSH keys. a. To generate a key, enter ssh-keygen -d b. Generate the keys id_dsa and id_dsa.pub in /root/.ssh.
If prompted, to overwrite the le, enter y.

c. To copy the public keys to the server, enter scp /root/.ssh/id_dsa.pub root@192.168.0.1:/root/ .ssh/authorized_keys d. If prompted, at the root@192.168.0.1s password: prompt, enter p@ssw0rd e. Observe that the file is copied to the server. 4. Copy the keys from the server to the client. a. To connect to the server, enter ssh root@192.168.0.1
If you are prompted to continue connecting, enter yes.

b. If prompted, at the root@192.168.0.1s password: prompt, enter p@ssw0rd c. To copy the public keys to the client, enter scp /root/.ssh/id_dsa.pub root@192.168.0.X:/root/ .ssh/authorized_keys d. If prompted, at the root@192.168.0.Xs password: prompt, enter p@ssw0rd e. Observe that the file is copied to the client. f. To log out of the server, enter logout
In the place of 192.168.0.X in root@192.168.0.X, the students must enter the IP addresses of their respective client machines, such as 192. 168.0.2 and 192.168.0.3

Lesson 5: Conguring System Services

117

LESSON 5

ACTIVITY 5-5
Implementing VNC
Before You Begin: To be performed by the instructor: 1. Log in as root in the GUI. 2. 3. 4. 5. Enter vncserver to start the VNC server, at the terminal. Enter the VNC server password will be used by the clients when connecting to this server. Conrm the password. Make a note of {server name}:{screen number} displayed.
Instead of the server name, the IP address of the server can also be used.

Instead of the server name, the IP address of the server can also be used.

6.

Enter mkdir /employee to create the employee directory.

The steps from 25 should be repeated for each student and the {server name}:{screen number} displayed must be provided to enable them to access the VNC server.

Scenario: As the system administrator you want to maintain a list of users and their IP addresses to keep track of network resources. You nd that system details of the users have not been updated on the server.
What You Do 1. Connect to the VNC server using vncviewer.
Ensure that the packages vnc-4.1.29.el5.i386.rpm and vnc-server-4.1.29.el5.i386.rpm are installed before commencing with this activity. Otherwise, you can install the packages using the yum localinstall /rhelsource/Server/vnc* command.

How You Do It a. To open the terminal in the GUI of the Linux client machine, from the menu bar, choose ApplicationsAccessories Terminal. b. To view the VNC server, enter vncviewer 192.168.0.1:X c. In the VNC Authentication window, in the Password text box, enter p@ssw0rd d. Position the mouse pointer on the terminal.
In the place of X, students should type their respective screen numbers provided by the instructor.

118

System Administration of Red Hat Linux 5

LESSON 5
2. Create the employee file in the /employee directory. a. To create the employee file, enter vi employee192.168.0.X
In the place of X in employee192.168.0.X, students should enter their respective system numbers.

b. To switch to the insert mode, press I. c. Enter Name=XXXXX


In the place of XXXXX, students should enter their name.

d. Enter Employee IP=192.168.0.X


In the place of X, students should enter their respective system numbers.

e. To exit to the command mode, press Esc. f. Save and close the file.

g. Click the close button to exit the VNC server. h. To close the terminal, enter exit

Lesson 5: Conguring System Services

119

LESSON 5

TOPIC C
Automate System Services
You are connected to remote systems using SSH and VNC. Now that you have systems located at different points on the network, keeping track of the processes on each system manually becomes difficult. To efficiently administer all the systems in the network, you will automate system services. In a network, when you are maintaining multiple systems, you will nd it difficult to manually monitor the processes running on each system. By automating these tasks, you will save time and effort while maximizing productivity. This will also indicate any defects in the process, so you can troubleshoot them before they cause any further damage.

Cron
Cron

Denition: A cron is a daemon that runs in the background on a Linux system and executes specied tasks at a designated time or date. A cron is normally used to schedule periodically executed tasks dened in the crontab le. The syntax for running the cron daemon is cron {option} {mail command}. Example:

Cron Fields Each line or entry in the crontab le has six elds, which are separated by spaces. The command to be executed is contained in the sixth eld. The rst ve elds instruct the cron daemon as to when to execute the command. The following table lists the rst ve cron elds and their values.

Field
1 2 3 4 5

Title
minute hour day month weekday

Value
00 to 59 00 to 23 1 to 31 1 to 12 0 to 6 (0=Sunday)

120

System Administration of Red Hat Linux 5

LESSON 5
Other than the values shown in the previous table, these ve elds can also use other formats: An asterisk symbol (*), to match all values. A single integer to match the exact value. A comma delimited list of integers to match one of the listed values. A range of integers, separated by a dash (-), to match the values within that range.

Cron Jobs
A task scheduled via cron is called a cron job. Cron jobs may run either at the system level or at the user level. The cron jobs that you create for users are stored in the /var/spool/cron/[User name] le. System default cron jobs are stored in the /etc/crontab le. Only a root user can add system level jobs.
Cron Jobs

Figure 5-4: Cron jobs listed in the crontab file. Setting Up Scheduled Jobs Using cron Scheduling a cron job is accomplished by adding the job to the system-wide /etc/ crontab le. The crontab le may also contain environment variables that will be passed to the commands at the time of execution. Jobs in the crontab le are called entries, and they include a time description, the user name to run the command, and the command. The format of a crontab entry is: minute hour monthday month weekday user command. The time elds in a crontab entry are described in the following table.

Field
Minute Hour Day of the month Month Day of the week

Allowed Values
059 023 131 112 or JanDec 07 (0 or 7 is Sunday) or SunSat

Lesson 5: Conguring System Services

121

LESSON 5
In addition to specifying a particular time and day, a pattern can also be described by using asterisks ( * ) to specify all of a particular eld. For example, an asterisk in the minute eld would indicate that the command should be carried out every minute. In addition to asterisks, time ranges are also permitted by separating values with a dash ( ), and lists of values are specied by separating values with a comma ( , ).

The tmpwatch Command


The tmpwatch utility is run as a daily cron job used to delete les such as the les in the /tmp directory, which have not been accessed for some time and are utilizing disk space. The syntax for using the tmpwatch utility is tmpwatch {options} {hours}. There are a number of options for the tmpwatch command.
Even if one error is encountered, tmpwatch will exit the cleanup process.

Option
-u -m -a -d -f

Enables You To
Delete les according to the time they were accessed. Delete les according to the time they were modied. Remove all le types, including directories. Restrict tmpwatch from removing directories, even if they are empty or marked for deletion. Remove les forcefully, overriding all access regulations.

The logrotate Command


The logrotate utility is run as a daily cron job used to compress, delete, or mail log les. It may be congured to run weekly or monthly depending on the log size. The conguration le for logrotate is /etc/logrotate.conf. The logrotate command has various options.

Option
-d -f -m {subject} {recipient}

Enables You To
Turn on the debug mode to disable any changes from being made to the logs. Force log rotation by deleting old les irrespective of their importance and create fresh ones. Mail the logs to the recipient. The default is /bin/mail -s.

122

System Administration of Red Hat Linux 5

LESSON 5
The logwatch Utility
The logwatch utility is run as a daily cron job used to monitor logs. It is fully customizable via the /etc/logwatch/conf/logwatch.conf le. The utility searches the logs and reports any suspicious messages. There are a number of detail levels for the reports, such as 10, 5, and 0, which correspond to high, medium, and low detail respectively. The logwatch utility has various options.

Option
--detail level --print --range range --mailto address save file name

Enables You To
Set the detail level of the log report. Print the report generated by logwatch. Set the range for analysis. It can accept any value among Yesterday, Today, and All. Mail the results to the recipients email id. Save the output to a le instead of displaying it.

System Crontab Files


System crontab les are the conguration les for the cron utility. They are stored in the /etc/ crontab directory. The name of the user running the command is indicated in the sixth eld of the le. In case of a user crontab le, the sixth eld contains the command that is running. These les can be edited directly by the root user.
System Crontab Files

Figure 5-5: The /etc/crontab file with system-level cron jobs.

Lesson 5: Conguring System Services

123

LESSON 5
User crontab Files In addition to system-level cron jobs, individual users can also schedule cron jobs. Unlike the system-level crontab, users have their own crontab le. The format of entries in this le is the same as that of the system-wide crontab, with the exception of the user eld. Because the entire crontab le is dedicated to a single user, the user eld is not included. While the /etc/crontab le can be edited directly, user crontab les are best edited via the crontab utility.

The at Command
The at command executes a given set of commands at a specied time. The at command is useful for executing a command set only once. Using either the -f option or input redirection, dened by the < symbol, the at command reads the list of commands from a le. This le needs to be an executable shell script. The following table lists some commonly used at command options and their descriptions.

Command Option
atq atq -V at -q [a-z] at -m at -f filename at -l at -v

Enables You To
Display the job queue of all users except the superuser. Print the version number to standard error. Display the jobs in the specied queue. Send mail to the user when the job is complete. Read the job from the le rather than the standard input. Print all jobs queued for a user. Display the time that the job will be executed before reading the job.

Specify Time Using the at Command Some of the common time formats in which you can schedule a job are as given in the following table.

Time Format
HH:MM am or HH:MM pm MMDDYY or MM/DD/YY or DD.MM.YY JAN or FEB or MAR SUN or MON or TUE

Description
Species the hour and minute Species the day, month, and year Species the month Species the day of the week

The Anacron System


The Anacron System

Denition: Anacron is a daemon that executes tasks at intervals, which are specied in days, without requiring the system to be running continuously. Anacron is used to control the execution of daily, weekly, or monthly jobs.

124

System Administration of Red Hat Linux 5

LESSON 5
Example:

The /etc/anacrontab File The /etc/anacrontab le is the conguration le for the anacron utility. The le has four elds. The rst eld displays the number of days since the job has not been run; the second eld displays the time in minutes after which the job has to be run after reboot; the third eld displays the job identier, and the fourth eld displays the job to be run by anacron.

How to Automate System Services


Procedure Reference: Delegate Tasks Using cron To delegate tasks using cron:
1. 2. 3. 4.

Log in as root in the CLI. Enter crontab -e to create a cron job for the root user. To switch to the input mode, press I. Type {Minute} {Hour} {Day of Month} {Month} {Day of Week} {Command that has to be run} to specify a schedule for the job. Save and close the le to install the new cron job. To verify, check if you have received a mail regarding the job that has been scheduled. Enter crontab -l to list the cron jobs. To remove the job from the queue, enter crontab -r

5. 6. 7. 8.

Congure Access to cron Services To congure user access to cron services, you need to perform the following actions in the corresponding les listed in the table.

If You Need To
Allow cron service to the users Deny cron service to the users

You Should
Add users in the /etc/cron.allowle Add users in the /etc/cron.deny le

Lesson 5: Conguring System Services

125

LESSON 5
Procedure Reference: Schedule Jobs to Run at a Specic Time To schedule jobs to run at a specic time:
1. 2. 3. 4. 5.

Log in as root in the CLI. Enter at Specific time format to specify an at job. Type Job that has to be run and press Enter. Press Ctrl+D to exit the process. To verify, check if you have received an email for the job that has been executed.

Procedure Reference: Manage at Jobs To manage at jobs:


1. 2. 3.

Log in as root in the CLI. Enter atq to view the queue of pending at jobs. Enter atrm Job number to delete the job from the queue.

ACTIVITY 5-6
Scheduling Jobs Using crontab
Scenario: Your organization has adopted a new policy, which requires all users to ll out their time sheets every day. The senior system administrator has requested you to create a reminder in all user systems. Account information: Login name for root user: root Password for root user: p@ssw0rd Login name for whom the reminder needs to be scheduled: user1 Password for user1: p@ssw0rd

126

System Administration of Red Hat Linux 5

LESSON 5
What You Do 1. Schedule a cron job to email a reminder everyday at a specified time. How You Do It a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root in the CLI. c. To create the user user1, enter useradd user1 d. To set the password for user1, enter passwd user1 e. At the New UNIX password: prompt, enter p@ssw0rd f. At the Retype new UNIX password: prompt, enter p@ssw0rd

g. To specify a cron job for user1, enter crontab -u user1 -e h. To schedule the cron job, type ## ## * * * /bin/echo "Please Fill Out Your Time Sheet" i. To switch to the command mode, press the Esc key. Save and close the file.
Inform the students to replace the ## ## sign with their system time. Ensure that the time entered is ve minutes ahead of the current system time. For example, while performing the activity, if the system time is 03:30 PM, then enter 03:35 P.M. This shall help to you to check if you are receiving a reminder email after ve minutes.

j.

k. Enter logout 2. Check whether the user user1 has received the reminder for a scheduled job. a. After the specified time, log in as user1 in the CLI. b. To open the mailbox, enter mail c. Type 1 and press Enter to read the contents of the first email. d. To delete the email, enter d e. To quit the mail service, enter q f. Enter logout

Lesson 5: Conguring System Services

127

LESSON 5
Lesson 5 Follow-up
In this lesson, you maintained system logs, congured remote systems, and assigned jobs. This will enable you to use these services to effectively manage the machines on your network and ensure that the ow of data within the network does not get disrupted.
1. Do you think automating system processes will affect the systems performance? Why? Answers will vary, but may include: The performance of the system when processes are automated depends on the processes themselves. When a high-performance process is automated, it will utilize more system resources than the low-performance processes. It also depends on the number of processes running on the system at the particular time and also the process priority. 2. Do you think that being able to access remote computers as a system administrator is useful? Why? Answers will vary, but may include: The system administrator is responsible for the systems on the network. It is his task to ensure that the systems are properly updated without disturbing the users. Therefore, being able to access the systems on the network as a system administrator is useful because he can update the users systems once they have completed their tasks and the systems are free.

128

System Administration of Red Hat Linux 5

LESSON 6

LESSON 6
Managing Filesystems
In this lesson, you will manage lesystems. You will: Identify the concepts involved in partition management. Manage lesystems. Mount NFS Filesystems. Mount lesystems on the hard disk.

Lesson Time 1 hour(s), 45 minutes

Lesson 6: Managing Filesystems

129

LESSON 6
Introduction
You have explored the various kernel and system services available. As a system administrator in a network, you will be assigned the task of maintaining les on systems in the network. You should know how to organize the les to ensure that the users do not modify any conguration les required for running the system and kernel services. It will also help you to easily locate these les because they are organized. In this lesson, you will manage lesystems. Data organization facilitates efficient resource management and enables faster retrieval of information. It also helps you keep track of the various resources available in the company. Data organization is done by sorting data into lesystems, which eliminates the task of searching for data.

TOPIC A
Create Partitions
Previously, you have examined various system services. These services can be used only when the hard disk is properly formatted and data is stored on it in an efficient manner. When you are a system administrator, you will be assigned the task of providing users with systems that have the hardware and software already installed. You need to install the hard disks on the systems and ensure that users have enough space to store their data. This will also enable you to use system services to complete your task in an efficient manner. In this topic, you will manage disk partitions. The hard disk is the most critical component for data storage in any system. Without effective disk partitioning, data on the disk will be unorganized and cluttered. You also face the danger of a system crash due to data overow.

Partitions
Partitions

Denition: A partition is a section of a hard disk that logically acts as a separate disk. Partitions enable you to convert a large hard disk to smaller manageable chunks leading to better organization of information. A partition must be formatted and assigned a lesystem before data can be stored on it. Partitions are identied using a partition table, which is stored in the boot record. The partition table can contain entries for a maximum of four partitions. Partitions can be classied into primary and extended partitions. The size of each partition, which cannot exceed the total free space on the hard disk, can vary; but once created, the size cannot be changed.

130

System Administration of Red Hat Linux 5

LESSON 6
Example:

Hard Disk Size Specication Before proceeding with the installation process, you need to plan the hard disk layout based on your individual requirements. Each partition has a recommended size specication. The following table lists the recommended size specication for partitions.

Partition
/ /boot swap /var

Recommended Size
Minimum 1 GB. 100 MB. Double the RAM size. Minimum 250 MB. If the possibility of the installation of many applications exists in the future, allocate appropriate size. Varies based on the number of users.

/home

Disk Partitioning Most operating systems, including Linux, use disk partitions. Partitions enable you to divide large disks into smaller, more manageable chunks and are treated as if they are separate disks. Data of different types can be stored on separate locations on the hard disk. The partition size can be specied by the user. However, the lesystem size must be considered before specifying the partition size. Disk partitioning enables the user to separate system les from user accessible ones. Corrupted partitions do not affect the other partitions, and they can be recovered separately.

Partition Types
There are three types of partitions: Primary, Extended, and Logical. Each partition has a set of specic features. Partitioning of the hard disk depends on the type of partition in it. The recommended protocol for partitioning a hard disk is 3 primary partitions and 1 extended partition with any number of logical partitions within. The three types of partitions are listed in the following table:

Lesson 6: Managing Filesystems

131

LESSON 6
Partition Type
Primary

Description
A maximum of four primary partitions are allowed. The swap lesystem and the boot partition are normally created in a primary partition. There can be only one extended partition, which can be further subdivided. This partition type does not contain any data and has a separate partition table. A logical partition is created within an extended partition. There is no restriction on the number of logical partitions, but it is advisable to limit it to 12 logical partitions per disk drive.

Extended

Logical

The fdisk Utility


The fdisk Utility

Denition: An fdisk is a menu-driven utility program that is used for creating, modifying, or deleting partitions on a disk drive. Using fdisk, a new partition table can be created, or existing entries in the partition table can be modied. The fdisk utility understands the DOS and Linux type partition tables. Depending on the partition table created, the DOS FDISK or the Linux fdisk program is invoked. The fdisk utility also allows you to specify the size of partitions. The syntax for using the fdisk utility is fdisk {option} {device name}. Example:

The fdisk Utility Options


The fdisk utility provides various options for partitioning the disks according to requirements of the users. The various fdisk options are:

132

System Administration of Red Hat Linux 5

LESSON 6
Option
-b sector size -H heads -S sectors -s partition -v -l

Enables You To
Specify the number of disk sectors. Specify the number of disk heads. Specify the number of sectors per track. Print the partition size in blocks. List the fdisk version. List partition tables for the devices.

The /etc/fstab File


The fstab le is a conguration le that stores information about storage devices and partitions and where and how the partitions should be mounted. The fstab le is located in the /etc directory. It can be edited by a root user. The fstab le consists of a number of linesone for each lesystem. Each line has six elds, separated by spaces.
The /etc/fstab File

Figure 6-1: The /etc/fstab file contains partition and filesystem settings.

Field
Device or partition name Default mount point Filesystem type Mount options Dump options

Description
Species the name of the device or lesystem that has to be mounted. Indicates where the lesystem has to be mounted. Species the type of lesystem used by the device or partition. Species a set of comma-separated options that will be activated when the lesystem is mounted. Indicates if the dump utility should back up the lesystem. Usually, zero is specied as the dump option to indicate that dump can ignore the lesystem. Species the order in which the fsck utility should check lesystems.

fsck options

Lesson 6: Managing Filesystems

133

LESSON 6
Device Recognition by MBR
Device recognition is performed by MBR at system startup by recognizing the hard disk and all the partitions in it. The MBR has two main components that help it to detect any devices that are connected to the system.

Component
The Master Partition Table

Description
Contains the list of partitions on the hard disk. Technically, the hard disk can have many partitions. The four partitions displayed in the partition table are known as primary partitions. All other partitions are linked to these primary partitions. The table displays the partition id, its starting cylinder, and the number of cylinders occupied by the partition. Contains the program for loading the operating system on the hard disk. This program is loaded by the BIOS to initiate the boot process.

The Master Boot Code

Partition Management
Partition management is the process of creating, destroying, and manipulating partitions to optimize system performance. Effective partition management enables you to keep track of the data in the partitions and avoid data overow. Various utilities, such as sfdisk, partprobe and GNU parted, are available for partition management. The sfdisk Utility The sfdisk utility is used to manipulate partitions. The sfdisk utility manages partitions by listing the number of partitions and their sizes, checking the partitions, and repartitioning a storage device. There are various options available in sfdisk to manage partitions.

Option
-s -l device -V device device -i -Anumber

Enables You To
List the partition size. List partitions on all hard disks. Check for consistency in all partitions. Repartition hard disks. However, if the code is wrongly entered, it may lead to loss of data. Set numbers to all cylinders in the hard disk. Activate the partition indicated by the partition number.

134

System Administration of Red Hat Linux 5

LESSON 6
The GNU Parted Utility The GNU parted utility is used to manage partitions. It is particularly useful when creating partitions in new hard disks. It can be used to create, destroy, and resize partitions. This utility is generally not used for resizing ext3 partitions. A number of options are available in GNU parted.

Options
-h -v -i -s

Enables You To
Display a help message. Display the version of GNU Parted. Congure parted to ask for user input. Stop parted from asking for user input.

The partprobe Program The partprobe program is used to update the kernel of changes in the partition tables. The program rst checks the partition table. If there are any changes, it automatically updates the kernel with the changes. The partprobe program has several options.

Option
-d -s -v

Enables You To
Cancel any updates. Display the storage devices and their partitions. Display the version of the partprobe program.

How to Manage Partitions


Procedure Reference: Create a Partition To create a partition:
1. 2. 3. 4.

Log in as root. Enter fdisk /dev/{device name} to begin disk partitioning. Enter N to create a partition. Create a primary partition. A. Enter P to create a primary partition. B. C. D. To accept the default starting point of the partition, press Enter. To accept the default partition size, press Enter. Specify the partition size. E. Enter +[Required size] to specify the partition size in blocks. Enter +[Required size]K to specify the partition size in kilobytes(Kb). Enter +[Required size]M to specify the partition size in megabytes(Mb).

Create an extended partition.


135

Lesson 6: Managing Filesystems

LESSON 6
a. b. c. d. e. f. g. Enter E to create an extended partition. To accept the default starting point of the partition, press Enter. To accept the default partition size, press Enter. Enter N to create a logical partition within the extended partition. To accept the default starting point of the partition, press Enter. To accept the default partition size, press Enter. Specify the partition size.
5. 6. 7.

Enter +[Required size] to specify the partition size in blocks. Enter +[Required size]K to specify the partition size in kilobytes(Kb). Enter +[Required size]M to specify the partition size in megabytes(Mb).

Enter W to write the partition table to the disk. Enter partprobe or reboot the system to update the partition table. Enter sfdisk -l /dev/{device name} to list the partition table.

Procedure Reference: Apply Labels to a Partition To apply labels to a partition:


1. 2.

Log in as root. At the command prompt, enter e2label /dev/{device name}{Partition number} {label name} to apply a label to the partition. Enter e2label /dev/{device name}{Partition number} to view the applied or associated label. Enter mount LABEL={label name} {mount point} to mount the partition using its label.

3. 4.

136

System Administration of Red Hat Linux 5

ACTIVITY 6-1
Creating a New Partition
Scenario: Your organization has a network support team that works in two shifts. One employee uses a system in the morning shift and the same system is used by another in the evening shift. Both need to have separate partitions as per the details given here: Logical partitions: hda5 and hda6. Login name for root user: root Password for root user: p@ssw0rd

LESSON 6

You also need to ensure that these partitions are easily identied for easy maintenance. The labels that need to be applied to the partitions are: For the morning shift: Mrng For the evening shift: Evng
How You Do It a. Log in as root in the CLI. b. To begin the disk partition, enter fdisk /dev/hda c. To create a new partition, type n and press Enter. d. To create an extended partition, type e and press Enter. e. Press Enter to accept the default starting point of the partition. f. Press Enter to accept the default partition size.

What You Do 1. Create an extended partition.

Lesson 6: Managing Filesystems

137

LESSON 6
2. Create two logical partitions within the extended partition. a. Enter n to create a new partition. b. Press Enter to accept the default starting point of the partition. c. Enter +1000M to specify the size of the partition. d. Repeat the steps from (a) to (c) to create another logical partition. e. Enter w to write the partition table to the disk. f. 3. Set logical partitions for the ext2 filesystem. Enter reboot

a. To switch to the CLI, press Ctrl+Alt+F1. b. Log in as root in the CLI of the Linux client machine. c. To create an ext2 filesystem on /dev/ hda5, enter mkfs.ext2 /dev/hda5 d. Enter clear e. To create an ext2 filesystem on /dev/ hda6, enter mkfs.ext2 /dev/hda6 f. Enter clear

4.

Apply labels to the partition.

a. To view the existing label of the partition /dev/hda5, enter e2label /dev/hda5 b. To apply a new label Mrng to the partition, enter e2label /dev/hda5 Mrng c. To view the existing label of the partition /dev/hda6, enter e2label /dev/hda6 d. To apply a new label Evng to the partition, enter e2label /dev/hda6 Evng e. Enter clear

138

System Administration of Red Hat Linux 5

LESSON 6
5. Mount a partition using its label. a. To verify that the partition label for /dev/ hda5 has changed, enter e2label /dev/hda5 b. To verify that the partition label for /dev/ hda6 has changed, enter e2label /dev/hda6 c. To mount the partition /dev/hda5 using its label, enter mount LABEL=Mrng / d. To mount the partition /dev/hda6 using its label, enter mount LABEL=Evng / e. To verify that the partitions have been mounted using their labels, enter mount f. Enter clear

TOPIC B
Mount Filesystems
You have managed partitions. When you create a partition, you need to populate it with data. As a system administrator, you will be assigned the task of managing partitions and the data in it. In this topic, you will manage lesystems. As the system administrator, you will be responsible for setting up systems in the network. You need to create partitions on the hard disks and populate it with data. You also need to ensure that the setup meets user requirements. Only then will the user be able to organize his data efficiently and retrieve information easily.

Filesystems
Filesystems are the methods and data structures that an operating system uses to organize and manage les on the hard disk. Filesystems are based on the Filesystem Hierarchy Standard (FHS) protocol. The user can store or retrieve any data from the lesystems. The various lesystem types are listed below:

Filesystem Type
Flash

Used To
Store data in ash drives such as removable hard disks, USB devices, and thumb drives.

Lesson 6: Managing Filesystems

139

LESSON 6
Filesystem Type
Database

Used To
Store data in the form of a database, with multiple reference points on each le, so that searching for data is made easier. Store data that has to be transferred on a hard disk or any other media from which it can be directly moved to the computer.

Disk

Filesystem Hierarchy Standard Filesystem Hierarchy Standard (FHS) is a collaborative document that lays down a set of guidelines for naming les and directories and their locations. The important advantages of FHS include compatibility between systems that are FHS-compliant and restriction on users changing the /usr partition that contains common executable les. The latter is achieved by mounting /usr as read-only partition. The complete documentation of the standard is available at http://www.pathname.com/fhs/. Journaling Filesystems A journaling lesystem is a method used by an operating system to quickly recover after an unexpected interruption, such as a system crash. Journaling lesystems can remove the need for a lesystem check when the system boots. Using journaling lesystems, the system does not write modied les directly onto the disk. Instead, a journal is maintained on the disk. This journal describes all the changes that must be made to the disk. A background process executes each change as and when it is entered in the journal. If the system shuts down, the pending changes will be performed when it is rebooted. Incomplete entries in the journal are discarded.

Filesystem Integrity
Filesystem integrity refers to the correctness and validity of a lesystem. The integrity of a lesystem is checked using the fsck command. Most systems automatically run fsck at boot time so that errors, if any, are detected and corrected before the system is used. Filesystem errors are usually caused by power failures, hardware failures, or improper shut down of the system. The syntax for using the fsck command is fsck -t {filesystem type} {options}.

Filesystem Labels
Filesystem labels are assigned to lesystems for easy identication. They may be up to 16 characters long. The labels can be displayed or changed using the e2label command. The syntax for setting lesystem labels is e2label /dev/{device name}{partition number}. They can also be set using the tune2fs -L volume label command.
The kernel searches for the label in the storage device and mounts it.

140

System Administration of Red Hat Linux 5

LESSON 6
The tune2fs Utility
The tune2fs utility helps in tuning parameters associated with a Linux lesystem. Using this utility, a journal can be added to an existing ext2 or ext3 lesystem. If the lesystem is already mounted, the journal will be visible in the root directory of the lesystem. If the lesystem is not mounted, the journal will be hidden. The tune2fs utility is available with most Linux distributions.
The tune2fs Utility

Figure 6-2: The tune2fs command can be used to manage filesystems

The mke2fs Utility


The mke2fs utility is used to create both ext2 and ext3 lesystems. The syntax for using this command is mke2fs {options} {filesystem name}. The mke2fs utility has various options.

Option
-b block size -c -f -j -M -V

Enables You To
Specify the size of the block in bytes. Check the device for errors in the blocks before creating the lesystem. Specify the fragment size in bytes. Create a journalled ext3 lesystem. Set the directory that was last accessed for the lesystem to be mounted. Print the version number of the mke2fs utility.

The dumpe2fs Utility


The dumpe2fs utility is primarily used for managing an ext2-based lesystem. It dumps the status of the ext2 lesystem to the standard output device and prints the block group information for the selected device. The syntax for using the dumpe2fs command is dumpe2fs {options} {blocksize} {device name}. There are various options for the dumpe2fs utility.

Option
-x -b

Enables You To
Print a detailed report about block numbers in the lesystem. Print the bad blocks in the lesystem.

Lesson 6: Managing Filesystems

141

LESSON 6
Option
-f -i

Enables You To
Force the utility to display the lesystem status irrespective of lesystem ags. Display the lesystem data from an image le created using the e2image utility.

Mount Points
Mount Points

Denition: A mount point is an access point to information stored on a local or remote storage device. The mount point is typically an empty directory on which a lesystem is loaded or mounted to make the lesystem accessible to the user. If the directory already has some contents, they become invisible to the user until the mounted lesystem is unmounted. Example:

Mount Options The following table lists the mount options you can specify for a lesystem.

Option
auto noauto nouser user exec noexec ro rw sync async

Enables You To
Specify that the device has to be mounted automatically. Specify that the device need not be mounted automatically. Specify that only the root user can mount a device or lesystem. Specify that all users can mount a device or lesystem. Allow binaries in a lesystem to be executed. Prevent binaries in a lesystem to be executed. Mount a lesystem as read-only. Mount a lesystem with read and write permissions. Specify that input and output operations in a lesystem should be done synchronously. Specify that input and output operations in a lesystem should be done asynchronously.

142

System Administration of Red Hat Linux 5

LESSON 6
Swap Space
Denition: Swap space is a partition on the hard disk that is used when the system runs out of physical memory. Linux pushes some of the unused les from the RAM to the swap space to free up memory. Usually, the swap space equals twice the RAM capacity.
Swap Space

Swap Type
Device swap Filesystem swap Pseudo-swap

Description
Device swap space is congured when you partition the hard disk. It is used by the operating system to run large applications. Filesystem swap space is utilized by the operating system as an emergency resource when the available swap space runs out. Pseudo swap space allows for large applications to run on computers with limited RAM.

Swap space is of three types. Example:

Swap Files Swap les are created expressly for storing data transferred from memory to a disk. It is dynamic and changes in size when data is moved in and out of memory. It is used to offload data from the RAM onto the hard disk. Swap partitions A swap partition is an area of virtual memory on a hard disk to complement the physical RAM in the computer. Swap partitions are created by Linux because they perform better than swap lesystems.

The mkswap Command


The mkswap command is a system administration command that is used to create swap space on a disk partition. The syntax for the mkswap command is mkswap {option} device {size}. The device argument of mkswap is generally a disk partition, for example, /dev/hda2 or /dev/sdb3, but it can also be a le. The mkswap command provides a number of options.

Lesson 6: Managing Filesystems

143

LESSON 6
Option
-c -f -p -L label

Enables You To
Verify that the device is free from bad sectors before mounting the swap space. Force a swap partition of an area larger than the permissible limit. Set the page size to be used by mkswap. Activate swap space using labels applied to partitions or lesystems.

Swap Partition Management Commands


A number of commands are used to manage swap partitions. The most important commands are swapon and swapoff. The swapon command is used to activate a swap partition on the specied device. It provides a number of options for specifying the devices. Usually, the swapon -a command is used to activate the swap space on all devices. The swapon -e command is used to skip devices that do not exist. The swapoff command is used to deactivate the swap space on the devices. Usually, the swapoff -a command is used to deactivate the swap space on all devices.

How to Manage Filesystems


Procedure Reference: Create a Mount Point To create a mount point:
1. 2. 3. 4.

Log in as root. Enter mkdir mount point to create a mount point. Enter chown {user name} {mount point} to set the user as the owner of the mount point. Enter chgrp {group name} {mount point} to set the group as the owner of the mount point.

Procedure Reference: Mount a Filesystem To mount a lesystem:


1. 2.

Log in as root in the CLI. Enter mount [command options] /dev/{device name}{Partition number} {mount point} to mount the specied device on the specied mount point. Enter mount mount point to verify that the lesystem is mounted on the specied mount point.

3.

Procedure Reference: Mount Filesystems at Startup Using the /etc/fstab File To mount lesystems at startup using the /etc/fstab le:
1. 2.

Log in as root in the CLI. Enter vi /etc/fstab to open the /etc/fstab le.

144

System Administration of Red Hat Linux 5

LESSON 6
3.

Type * {device or partition name} {mount point} {filesystem type} {mount options} {dump options} {fsck options} to add an entry for the new lesystem. Save and close the le. Reboot the system to mount the lesystem automatically, or enter mount -a to reload the mount table with recent changes from /etc/fstab le. Verify that the lesystem has been automatically mounted at startup a. Log in as root. b. Enter mount to mount all lesystems.

4. 5. 6.

Procedure Reference: Unmount Filesystems To unmount a lesystem:


1. 2.

Log in as root in the CLI. Unmount the lesystem. Enter umount [command option] /dev/{device name}{Partition number} to unmount the lesystem. Or, enter umount [command option] {mount point} to unmount the lesystem.

Procedure Reference: Manage Filesystems in Use To manage the lesystem in use:


1. 2. 3. 4.

Log in as root in the CLI. Enter fuser mount point to display the details about the processes using the lesystem. Enter fuser -km {mount point} to kill all processes using the lesystem. Enter umount mount point to unmount the lesystem.
The lesystem can not be unmounted when is used by another process.

Procedure Reference: Manage Swap Partitions To manage swap partitions:


1. 2. 3.

Log in as root in the CLI. Enter mkswap /dev/{device name}{Partition number} to create a swap partition. Type /dev/{device name}{Partition number} swap swap {mount options} {dump options} {fsck options} to add the partition entry to the /etc/fstab le. Enter
swapon device name to activate the swap partition.

4.

5.

Enter
swapoff device name to deactivate the swap partition and convert it into a stan-

dard Linux lesystem.

Lesson 6: Managing Filesystems

145

LESSON 6
Procedure Reference: Format a Partition with a Filesystem To format a partition with a lesystem:
1. 2.

Log in as root in the CLI. Format a partition with a lesystem. Enter mkfs -t {file system type} /dev/{device name}{Partition number} to create the specied lesystem on the specied partition of the device. Or, enter mke2fs [command options] /dev/{device name}{Partition number} to create an ext2 lesystem on the specied partition of the device.

ACTIVITY 6-2
Mounting lesystems
Before You Begin: 1. Enter useradd netadmin to create the user netadmin1. 2. 3. 4. 5. 6. Enter passwd netadmin1 to set the password for netadmin1. At the New UNIX password prompt, enter p@ssw0rd to set the password for netadmin1. Verify your password at the prompt. Repeat steps from 14 to create the user netadmin2. Enter clear to clear the screen.

Scenario: There is a meeting at your office. A couple of users want to have their systems moved to the conference room so that they can access their les during the conference. You nd that there are multiple systems to be moved, and this will take a lot of time. So, you decide to take the required lesystems from users and load them on the system in the conference room so that users can access their les. User name: netadmin1, Partition size: 1GB, Mount point: /admin1, user and group owner of /admin1: netadmin1 User name: netadmin2, Partition size: 1GB, Mount point: /admin2, user and group owner of /admin2: netadmin2

146

System Administration of Red Hat Linux 5

LESSON 6
What You Do 1. Create mount points for the users. How You Do It a. Enter mkdir /admin1 b. To set the user netadmin1 as the owner in /admin1, enter chown netadmin1 /admin1 c. To set the group netadmin1 as the owner in /admin1, enter chgrp netadmin1 /admin1 d. Create a mountpoint, /admin2, and assign the user and group ownership to netadmin2 by following the steps from (a) to (c). e. Enter clear 2. Mount and verify the filesystem. a. To mount the filesystem for netadmin1, enter mount -a /dev/hda5 /admin1 b. To verify that the filesystem is mounted, enter mount c. Observe that the line /dev/hda5 on /admin1 type ext2 (rw) is displayed. This indicates your filesystem is mounted. d. To mount the filesystem for netadmin1, enter mount -a /dev/hda6 /admin2 e. To verify that the filesystem is mounted, enter mount f. Observe that the line /dev/hda6 on /admin2 type ext2 (rw) is displayed. This indicates your filesystem is mounted.

Lesson 6: Managing Filesystems

147

LESSON 6
3. Create an entry in the fstab file to mount the /dev/hda5 and /dev/hda6 filesystems on boot. a. To open the fstab file, enter vi /etc/fstab b. To go to the last line, press Shift+G. c. To switch to the insert mode, press I. d. To mount the /dev/hda5 filesystem on boot, on a new line, type /dev/hda5 /admin1 ext2 defaults 0 0 and press Enter. e. To mount the /dev/hda6 filesystem on boot, type /dev/hda6 /admin2 ext2 defaults 0 0 f. Press Esc.

g. Save and close the file. h. Enter clear i. j. 4. Check whether the specified filesystem mounts on boot. Enter mount -a Enter reboot

a. To switch to the CLI, press Ctrl+Alt+F1. b. Log in as root in the CLI of the Linux client machine. c. Enter mount to verify that the filesystems are mounted at the specified mountpoints on boot. d. Enter clear

148

System Administration of Red Hat Linux 5

TOPIC C
Implement NFS
You have mounted lesystems. When you are updating multiple systems, in certain cases, you will need to mount a lesystem from another system in the network. To mount a remote lesystem, you should know about NFS. When you are managing multiple systems on a network, you may need to update systems with the latest lesystems. Instead of downloading the update to each system, you can download the lesystem in one computer and share it across the network. This will save you bandwidth and time, and increase your efficiency.

LESSON 6

NFS
Denition: Network File System (NFS) is a networking protocol that allows a computer system to access les over a network or the Internet as though they were on the computers local disk. Using NFS, computers running different operating systems can share les and disk storage. NFS allows les stored on networked computers to be represented within a single directory tree. NFS uses the TCP/IP protocol. Filesystems that use the NFS protocol are called NFS lesystems. The NFS protocol has different versions, such as NFS version 2, NFS version 3, and NFS version 4. Example:
NFS

NFS Daemons NFS is implemented by four daemons: rpc.nfsd, rpc.mountd, rpc.lockd, and rpc.statd. The rpc.nfsd daemon is the primary daemon that handles all NFS requests. The rpc.mountd daemon evaluates the permissions for an exported lesystem before it is mounted. The rpc.lockd daemon provides lock recovery on crashed systems. The rpc.statd daemon handles le locking issues.

RPCBIND The RPCBIND service is a daemon that dynamically assigns ports to Remote Procedure Calls (RPCs) for communication between clients and servers. NFS relies on RPCs. It provides a map from a service name to the port number it is running on. The rpcbind service can be started only by the superuser.
Lesson 6: Managing Filesystems 149

LESSON 6
The Remote Procedure Call
The Remote Procedure Call

Denition: Remote Procedure Call (RPC) is a package that contains a collection of tools and library functions. RPC is stored on an RPC server. When a client sends an RPC request to invoke a procedure, the server communicates with the client in the eXternal Data Representation (XDR) format. RPC uses UDP and TCP sockets to transport data to the remote host. The programs in RPC are uniquely identied by a program number. Details about the program and their corresponding program numbers are available in the /etc/rpc le. Example:

The Portmapper
The Portmapper

Denition: The portmapper is a program that an RPC application uses to register the port numbers they are using. This program is stored in the /sbin directory or in the /usr/sbin directory. The portmapper acts as a service agent for all RPC servers running on the machine. To access a service with the given program number, the client rst queries the portmapper to get the information about the port number where the service is available. The portmapper accepts the request, processes it, and then returns the TCP and UDP port number of the service to the client.
In Linux, the portmapper is referred to as portmap or rpc.portmap.

150

System Administration of Red Hat Linux 5

LESSON 6
Example:

The Exports File


Denition: The exports le is a conguration le that is used to export the lesystem. This le contains the denitions, such as the directory to be exported and the clients who can access the directory, for the lesystem. Clients are addressed by their hostnames, IP address ranges, IP address or subnet mask combinations, or NIS workgroups. The export options for the client are specied within parentheses, beside the client list. The exports le is stored in the /etc directory. By default, hosts will have the read-only access to the lesystem. The exports le can be activated or deactivated using the exportfs command. Example:
The Exports File

How to Implement NFS services


Procedure Reference: Export Filesystems To export a lesystem:
1.

Open the /etc/exports le.

Lesson 6: Managing Filesystems

151

LESSON 6
2.

Type
<path to the directory to be exported> [host names][export options] to add an entry for each shared directory.
If you do not specify a hostname, all hosts can access the exported lesystem. There should be no space between the hostname and the export options.

3. 4. 5. 6. 7. 8. 9.

Save and close the le. Enter service nfs start to start the NFS service. Enter exportfs -r to activate the list of exported lesystems. Enter cat /proc/fs/nfs/exports to display the /proc/fs/nfs/exports le to view the export list. Enter service portmap start to start the portmapper. Enter rpcinfo -p to verify that the portmapper is functioning using the rpcinfo command. If necessary, enter nfsstat to view statistics on NFS client and server operations.

Procedure Reference: Mount NFS Exported Filesystem To mount NFS exported lesystems:
1. 2.

Log in as root. Mount the NFS exported lesystem. A. At the command prompt, type mount -t nfs {server IP address or host name}:{exported filesystem} [command options] {mount point}. B. Add the new entries in the /etc/fstab le. a. b. c. Open the le. To switch to the insert mode, press I. Type {server IP address or host name}:{exported filesystem} {mount point} nfs {mount options} {dump options} {fsck options}. Save and close the le.

d. C.

Enter mount -a to mount the lesystems in the /etc/fstab le.

Mount Options In the mount command, you can provide several mount options along with the -o option. Some of them are listed in the following table.

Option
ro rw rsize=<number of bytes>

Enables You To
Mount the lesystem as read only. Mount the lesystem with write permissions. Specify the number of bytes that are read from the NFS server.

152

System Administration of Red Hat Linux 5

LESSON 6
Option
wsize=<number of bytes> tcp nfsvers=<version number> retry=<number of attempts> timeo=<time in seconds> hard soft intr bg

Enables You To
Specify the number of bytes that are written to the NFS server. Mount a lesystem using the TCP protocol, instead of the default UDP protocol. Specify the NFS version to be used. Specify the number of mount attempts. Specify the timeout value for a mount request. Specify that NFS le operations can be interrupted only manually. Specify that NFS le operations should be abandoned after the portmapper timeout occurs. Specify that users can interrupt a mount attempt. Specify that the rst mount attempt should occur in the foreground and further retries should be performed in the background. Disable NFS locking. This option is used in old NFS servers that do not support locking.

nolock

ACTIVITY 6-3
Implementing NFS
Data Files: software-1 software-2 software-3

Before you Begin: To be performed by the instructor: 1. Switch to the CLI. 2. 3. On the server, create the /software directory and copy the les software-1, software-2, and software-3 from the /root/085993Data/Managing_Filesystems/ directory to it. Enter clear to clear the screen.

Setup: To be performed by the student: 1. On the client machine, on the rst line, add the following entry to the /etc/resolv.conf le.
nameserver 192.168.0.1

Lesson 6: Managing Filesystems

153

LESSON 6
Scenario: Your company is expanding and several new workstations have been added to your Linux network. You have created a software repository that contains various desktop software and device drivers. To facilitate installation, you want the repository to be accessible to all hosts. The software repository is located in host 192.168.0.1 in the /software directory.

154

System Administration of Red Hat Linux 5

LESSON 6
What You Do To Be Performed by the Instructor 1. Export the software directory from the server to the clients. a. To open the /etc/exports file, enter vi /etc/exports b. To switch to the insert mode, press I. c. To type the path to the filesystem to be exported, type /software d. To specify the subnet that can access the remote filesystem, press the Spacebar and type * e. Type (rw) to specify that the filesystem has read/write permissions. See Code Sample 1. f. Press Esc to switch to the command mode.
The * option is given to export the /software directory to all the client machines connected to the network.

How You Do It

g. Save and close the file. h. To clear the screen, enter clear i. To start the NFS service, enter service nfs start To start the NFS service on system startup, enter chkconfig nfs on

j.

k. To activate the export list, enter exportfs -r


Ensure that you leave a space between the command and the -r option.

l.

To clear the screen, enter clear

Code Sample 1
/software *(rw)

Lesson 6: Managing Filesystems

155

LESSON 6
To Be Performed by the Student 2. Mount the remote directory on the /mnt/software directory in the client machine. a. On the system labeled client, enter showmount -e 192.168.0.1 to view the exported directories. b. Enter mount -t nfs 192.168.0.1:/software /mnt c. To clear the screen, enter clear 3. Check whether the /software directory has been mounted. a. To view the contents of the /mnt directory, enter ls /mnt b. To view the contents of the /software directory, enter ls /mnt/software c. To delete a file, enter rm /mnt/software/software-1 to verify that the remote filesystem is read-only. d. To unmount the filesystem, enter umount /mnt e. To clear the screen, enter clear

TOPIC D
Explore Automounting
You have created partitions and managed lesystems. As a system administrator, your job requires you to not only manage lesystems, but also mount and unmount them from various sources. Performing this task on each system in the network manually will be tedious. In this topic, you will use automount to mount lesystems. As a system administrator, you need to maintain data on systems in the network. You may have to mount lesystems on multiple systems. In such cases, you need to know about automounting. This knowledge will enable you to easily mount lesystems automatically on systems in the network.

156

System Administration of Red Hat Linux 5

LESSON 6
The automount Program
Denition: The automount program is a program that is used to mount and unmount the lesystem automatically. It is controlled using the /etc/auto.master conguration le. It requires three arguments: mount-point, map-type, and map to mount the lesystem. The arguments can be specied either in the conguration le or on the command line. Example:
The automount Program

The autofs program The autofs program controls the automount daemon. It is started using the service autofs start command and is stopped using the service autofs stop command. It can also be invoked at system startup using the chkconfig autofs on command. The /etc/auto.master File The auto.master le is a conguration le that contains the mount points of a system. The format of the lesystem specied in the conguration le is <mount-point> <map-type>. The <mount-point> species the location of the mount on the local le system. The <maptype> species the type of map used for mounting. Autofs Direct Maps Autofs direct maps automatically mount lesystems at user-dened points in the le system. The relation between the mount point and lesystem is clearly indicated. A direct map is denoted by a mount point of /- in the master map le. In direct maps, path names are given in the form of keys in the entries. The syntax for a direct map entry is key {mount-options} {location}.

Lesson 6: Managing Filesystems

157

LESSON 6
The gnome-mount Package
The gnome-mount Package

The gnome-mount package is used to mount and unmount drives and volumes from the gnome desktop environment. The storage device is detected by the gnome-vfs-daemon and the gnomevolume-manager, which are software found in the gnome stack, and then the device is mounted. The gnome-mount package uses the HAL (Hardware Abstraction Layer) to mount the drives.

Figure 6-3: The gnome-mount package and its function. There are a number of options provided by the gnome-mount package.
The settings for mount point location, mount options, and the lesystem to be used can be congured by the user.

Option
-m -f -o -e -u --display-settings --erase-settings

Enables You To
Specify the mount point. Specify the lesystem type to be used. Specify the mount options. The options are separated by commas. Eject the drive or volume. Unmount the storage device. Display the drive or volume settings. Erase the drive or volume settings.

How to Mount Filesystems Using Automount


Procedure Reference: Congure Automount Filesystems Using Relative Path To congure automount lesystems using relative path:
1. 2.

Log in as root. Specify the automount settings in the /etc/auto.master le. a. Enter vi /etc/auto.master to open the /etc/auto.master le. b. c. d. Switch to the insert mode. Add entries for the lesystems to be mounted, type {mount point} {map le} Type {mount point} {map file} --timeout={time in seconds} to specify the timeout value, which indicates the time limit after which lesystems will be unmounted if not in use.
System Administration of Red Hat Linux 5

158

LESSON 6
e.
3.

Save and close the le.

Create map les and add entries to them. a. Create the {map le}. b. c. Open the {map le} and switch to the insert mode. Add entries for each of the network or device lesystem that will be mounted to the {map le}. Specify the relative automount path of the lesystem. Specify the mount options for the lesystem. Type {relative automount path} {mount options} {remote host name or IP}:{filesystem to be mounted} to specify the device or lesystem that has to be mounted.

4. 5. 6.

Enter service autofs restart to restart the autofs service. Enter chkconfig autofs on to congure autofs service to start at system startup. Enter cd {mount point}/{relative automount path} to verify your conguration by accessing the partition.

Procedure Reference: Congure Automount Filesystems Using Direct Path To congure automount lesystems using direct path:
1. 2.

Log in as root. Specify the automount settings in the /etc/auto.master le a. b. c. Enter vi /etc/auto.master to open the /etc/auto.master le, at the command prompt. Type /- map file to add entries for the lesystems to be mounted. Type {mount point} {map file} --timeout={time in seconds} to specify the timeout value, which indicates the time limit after which lesystems will be unmounted if not in use. Save and close the le.

d.
3.

Create map les and add entries to them. a. Create the map le. b. c. Open the map le and switch to the insert mode. Add entries for each of the network or device lesystem that will be mounted to the map le. d. Specify the mount point of the lesystem. Specify the mount options for the lesystem. Specify the device or lesystem that has to be mounted.

Save and close the le.

4. 5. 6.

Enter service autofs restart to restart the autofs service. Enter chkconfig autofs on to congure autofs service to start at system startup. Enter cd mount point to verify your conguration by accessing the partition.

Lesson 6: Managing Filesystems

159

LESSON 6

ACTIVITY 6-4
Conguring Automount Systems Using Relative Path
Scenario: You often access a software repository that has been exported as an NFS lesystem. However, you want to avoid mounting and unmounting it, and want it to be automatically mounted each time you access it.
What You Do 1. Create the map file. How You Do It a. To view the shared NFS directories, in the Linux client machine, enter showmount -e 192.168.0.1 b. To open the /etc/auto.nfs file, enter vi /etc/auto.nfs c. To switch to the insert mode, press I. d. To specify mnt as the automount point of the filesystem, type mnt and press the Spacebar. e. To specify the filesystem type as nfs, on the same line, type -fstype=nfs and press the Spacebar. f. To specify the path to the nfs directory that has to be mounted, on the same line, type 192.168.0.1:/software See Code Sample 1. g. To switch to the command mode, press Esc. h. Save and close the file. i. To clear the screen, enter clear

Code Sample 1
mnt -fstype=nfs 192.168.0.1:/software

160

System Administration of Red Hat Linux 5

LESSON 6
2. Specify the settings in the /etc/ auto.master file. a. To open the /etc/auto.master file, enter vi /etc/auto.master b. On a new line, to specify the mount point as /nfs and the map file location as /etc/ auto.nfs, type /nfs /etc/auto.nfs c. To switch to the command mode, press Esc. d. Save and close the file. e. To clear the screen, enter clear f. To restart the autofs service, enter service autofs restart

g. To enable autofs on system boot, enter chkconfig autofs on 3. Check whether you are able to access the automounted directory. a. To navigate to the automount point, enter cd /nfs/mnt b. To list the contents of the mnt directory to verify that you are able to access the automounted NFS directory, enter ls c. To clear the screen, enter clear d. Enter logout

Lesson 6 Follow-up
In this lesson, you created partitions and populated them with lesystems. You also managed lesystems on remote computers using NFS and SSH. This will enable you to set up hard disks on computers. Managing lesystems on remote machines will help you save time and effort. You will be able to accomplish all tasks even from your system rather than performing them from other systems.
1. What do you think is the importance of NFS? Why? Answers will vary, but may also include: 1. NFS is necessary for the proper sharing of files on a network. 2. NFS provides better security over other file-sharing protocols in the network. 3. Files can be transferred across multiple systems on the network simultaneously using NFS.

Lesson 6: Managing Filesystems

161

LESSON 6
2. When do you think formatting a partition is necessary? Why? Answers will vary, but may include: 1. Formatting a partition is necessary when there is data overflow on the hard disk. When more data cannot be accommodated on the disk, it is better to backup existing data and format the partition. 2. Partition formatting is done when the filesystems in the partition are corrupted, and all other programs are unable to run because of the corrupted filesystems. 3. When installing a new operating system, it is always better to format the partition and then install the operating system on the hard disk, to avoid conflict between the previously installed partitions.

162

System Administration of Red Hat Linux 5

LESSON 7

LESSON 7
Managing Advanced Filesystem Services
In this lesson, you will use advanced services to manage lesystems. You will: Congure disk quotas. Congure RAID. Manage logical volumes. Back up data on the computer. Restore backed up data. Synchronize les using rsync.

Lesson Time 3 hour(s), 15 minutes

Lesson 7: Managing Advanced Filesystem Services

163

LESSON 7
Introduction
You have managed lesystem services for the network as a whole. To be an effective system administrator, you must know how to manage services for each user individually and how to store data for later use. In this lesson, you will examine disk quotas and how to backup and restore data. As an organization grows over time, there will be an increase in the quantum of data stored, resulting in data overow. This could lead to system crashes. Therefore, it is crucial to manage data effectively to make your system fault tolerant and prevent data loss.

TOPIC A
Congure Disk Quotas
Until now, you have maintained local lesystems. You will also need to ensure that all users have access to disk space for storing individual les in a lesystem. In this topic, you will manage disk quotas. One of the tasks that a system administrator must undertake is limiting usage of disk space by each user. Users may need to store les and data in a common location. By managing disk quotas, you can ensure that all users have adequate storage space in that common location.

Disk Quota
Disk Quota

Denition: Disk quota is the disk space that is allotted to a user for le storage on a computer. Disk quotas are optional and need to be congured for each user. Every lesystem for which disk quota has been implemented will have a default grace period of seven days. This means that when a user has reached the soft limit, the grace limit feature gets activated. The soft limit is the quota value beyond which disk space usage is allowed only during the grace period. Once the grace period expires, the soft limit will be enforced as the hard limit, or a maximum limit will be set on disk usage and users cannot exceed this limit. Example:

Commands Used for Quota Management


Quota management is the effective allotment and monitoring of quotas for all users. Quotas should be assigned in such a way that users are able to maximize the utilization of disk resources without data overow.
164 System Administration of Red Hat Linux 5

LESSON 7
Linux has various commands that help ease the job of quota management for the system administrator. Command
edquota -u {user name} edquota -g {group name} setquota -u user name} setquota -g group name}

Used To
Edit quotas for a specic user. Edit quotas for a specic group. Set quotas for a specic user. Set quotas for a specic group.

Quota Reports
Quota reports are created by the system to view the usage of disk space by each user. These reports enable the system administrator to view which user is taking up the maximum disk space. There are the two types of quota reports, user quota reports and group quota reports. A quota report contains the following details: The name of the user. The total number of blocks (in kilobytes) that have been utilized by the user on a partition. The soft limit that is the maximum amount of disk usage that a quota user has on a partition. The hard limit that is the absolute limit on the disk usage that a quota user has on a partition. The grace period that is the time limit before the soft limit is enforced for a lesystem with quota enabled. The total number of inodes that have been used on a partition by a user. The soft limits on inodes. The hard limits on inodes.

The quotacheck Command The quotacheck command examines lesystems for which you enabled quotas, builds a table of current disk usage, and updates the aquota.user le. The following table lists the options you can use with the quotacheck command.

quotacheck Command Option


-g -u -a

Enables You To
Create group quotas. Create users. Specify all lesystems for which the usrquota mounting option is enabled.

Commands Used to Generate Quota Reports


A number of commands are available for the generation of effective quota reports.

Lesson 7: Managing Advanced Filesystem Services

165

LESSON 7
Command
repquota -a repquota -u {filesystem name} quota -uv {user name} warnquota -u {user name} warnquota -g {user name}

Enables You To
Display the quota reports for all users. Display the quota report for the particular lesystem. Display the quota report for the particular user. Check if the user is not exceeding the allotted quota limit. Check if the group is not exceeding the allotted quota limit.

How to Congure Disk Quotas


Procedure Reference: Set Disk Quota for a Filesystem To set disk quota for a lesystem:
1. 2.

Log in as root in the CLI. Specify user quota for the partition you want to allocate to users. a. b. Enter vi /etc/fstab. In the fourth eld of the partition entry, change the default values. c. Change defaults to defaults,usrquota to dene user quota for the specied partition. Change defaults to defaults,grpquota to dene group quota for the specied partition. Change defaults to defaults,usrquota,grpquota to dene user and group quota for the specied partition.

Save and close the le.

3. 4.

Enter mount -o remount mount point to remount the partition. Enter quotacheck -c Mount point of the partition to scan for the disk usage and create a quota le.

Procedure Reference: Manage Quota Service in the System To manage quota service in the system:
1. 2.

Log in as root in the CLI. Manage the quota service in the system. Enter quotaon {command option} {mount point} to turn on the quota. Enter quotaoff {command option} {mount point} to turn off the quota.

Procedure Reference: Set Quota for Users To set quotas for the users:
1. 2.

Log in as root in the CLI. Set quotas for users.


System Administration of Red Hat Linux 5

166

LESSON 7
Use the edquota command to set user quota. a. b. c. Enter edquota [command options] {user or group name}. Specify the soft and hard limits for blocks and inodes. Save and close the le.

Enter setquota {command option} {user or group name} {soft block limit} {hard block limit} {soft inode} {hard inode} {command option} /dev/{device name}{partition number} to set quotas for users using the setquota command.

Procedure Reference: View Quota Reports To view the quota report:


1. 2.

Log in as root in the CLI. View the quota report. Enter quota {command option} {user or group name} to display the quota report for the user or group. Enter repquota {command option} {mount point} to display the quota report for the specied mount point. Enter warnquota {command option} {mount point} to send the quota report as a mail to the user as congured in /etc/warnquota.conf.

ACTIVITY 7-1
Conguring User Quota
Before You Begin: 1. Log in as root in the CLI of the client machine. 2. 3. Create a user user2 with password p@ssw0rd. Enter clear to clear the screen.

Scenario: Your company has a common server that is used by all employees to store and share les within the company. You have received complaints from users on the network about low disk space on the common server because some employees have excessive amounts of data on it. You decide to assign disk quotas to limit disk space usage for users as per the following details: Space to be allocated to user1 and user2: Block soft limit =100 Block hard limit =125 Inode soft limit =500 Inode hard limit =700

The quota has to be set for user1 and user2.

Lesson 7: Managing Advanced Filesystem Services

167

LESSON 7
Account information: Login name for root user: root Password for root user: p@ssw0rd
How You Do It a. Log in as root in the CLI. b. To open the /etc/fstab file, enter vi /etc/fstab c. To switch to the insert mode, press I. d. To set user quota for the / partition, change LABEL=/ / ext3 defaults 1 1 to LABEL=/ / ext3 defaults,usrquota 1 1 e. To switch to the command mode, press Esc. f. Save and close the file.

What You Do 1. Configure the user quota for the partition /.

g. Enter reboot h. To switch to the CLI mode, press Ctrl+Alt+F1. i. j. Log in as root in the CLI. To scan for the disk usage and create a quota file, enter quotacheck -cum /

168

System Administration of Red Hat Linux 5

LESSON 7
2. Specify the disk space usage. a. To edit the user1 quota, enter edquota -u user1 b. To switch to the insert mode, press I. c. Specify the hard and soft limit values for user1 as given in the scenario. d. Press Esc. e. Save and close the file. f. Specify disk space usage for user2 and save the file by following steps from (a) to (d).

g. Enter clear h. To apply the changes, enter quotaon -u / i. Enter clear

TOPIC B
Congure RAID
You have managed disk space in the newly added hard disk. Before you start storing data in the hard disk, you want to make your disk fault tolerant. To do this, you need to duplicate data in multiple hard disks. In this topic, you will congure RAID. The number of users accessing the le server is increasing steadily. Due to this overload, performance has decreased and the server hangs. The junior administrator makes a mistake and shuts down the server abruptly. The system crashes and all the data is lost. If data is maintained using multiple hard disks, loss of data can be prevented.

Redundant Array of Inexpensive Disks


Denition: Redundant Array of Inexpensive Disks (RAID) is a method that is used to store the same data in different locations on multiple hard disks of a server or a standalone disk storage system. Disk arrays are made fault tolerant by implementing RAID. Enabling RAID on the hard disks increases their performance and reliability by distributing data.
Redundant Array of Inexpensive Disks

Lesson 7: Managing Advanced Filesystem Services

169

LESSON 7
RAID uses data striping and disk mirroring techniques to prevent loss of data due to hard disk crash. It breaks data into equal sized chunks and then each chunk is written to the hard disk based on the RAID level. RAID can be implemented either by the operating system or by the RAID disk controller card. Example:

Software RAID
Software RAID

Denition: Software RAID is RAID implemented using software that is applied in the kernel disk code. It depends on the performance and the load of the servers processor. Software RAID is inexpensive because it works even with less expensive disks, such as IDE and SCSI. In addition, software RAID has higher fault tolerance levels that enable you to diagnose and x problems in the system easily. Software RAID offers features such as kernel-based conguration, threaded OS rebuild, portable arrays among Linux machines without reconstruction, array reconstruction using idle system resources, automatic CPU detection, and hot-swappable drive support.
The features of software RAID keep upgrading with time; these can be implemented into the system without any hardware upgrade.

Example:

170

System Administration of Red Hat Linux 5

LESSON 7
Hardware vs. Software RAID Hardware RAID system is implemented using the disk controller card. The hard disks that are connected to the disk controller RAID are congured. The disk controller will hide the array of disks and present it as a single logical storage unit or drive to the system. The operating system will not be able to identify the difference in the hardware. Software RAID is an inexpensive way of implementing RAID. It is applied in the kernel disk code, and can be implemented on all types of hard disks. The software-based array is dependent on server CPU performance and load.

RAID Levels
RAID can be implemented in different levels based on system requirements. The most commonly used RAID levels are 0, 1, and 5.

RAID Levels
RAID 0

Description
RAID 0 is commonly referred to as Data Striping. RAID 0 stores data across multiple devices by avoiding data redundancy. The operating system that implements RAID 0 will consider multiple disks as a single device. The advantage of RAID 0 is an increase in data access speed. It is suggested that when implementing RAID 0, the disks be of equal size. The disadvantage of RAID 0 is that if any one hard disk crashes, then the entire data is lost. RAID 1 is commonly referred to as Disk Mirroring. RAID 1 stores copies of the same data on multiple disks. The server has to write same data to more than one disk, which can saturate data buses and CPU utilization. RAID 1 leads to data redundancy and does not speed up data access. RAID 5 is an improved level of RAID 4. RAID 5 stripes the parity data between all disks in the RAID set. The advantages of RAID 5 are no single point where contention will be created. This would speed up multiple small writes. Multiple small reads are faster, as data resides on all drives in the array. It is possible to get all drives involved in the read operation. This RAID level is the most commonly used RAID level.

RAID 1

RAID 5

There are various other RAID levels such as RAID 2, 3, 4, and 6. Disk tolerance increases with increase in the RAID level, and so does disk requirement.

The mdadm Tool


The mdadm tool is used to manage RAID devices. This tool can be used to create, remove, and monitor RAID devices. The mdadm tool operates in multiple modes, such as build, create, assemble, monitor, and manage. The syntax for using the mdadm tool is mdadm {mode} {raid device} {options} {component devices}.
The mdadm tool is otherwise called the multiple disk administration tool.

Lesson 7: Managing Advanced Filesystem Services

171

LESSON 7
The mdadm tool has various options, which are listed below. Option
-A -B -C -F -G -h

Enables You To
Assemble components of a previously created array. Build an array without superblocks. Create a RAID array. Switch to the monitor mode to monitor arrays. Increase or decrease the size or shape of an active array. Print help options.

mdadm Operation Modes There are several major modes of operation for the mdadm utility.

Mode
Create Assemble Manage Follow or monitor

Function
Creates and congures a new array. Starts and activates an existing array. Adds or removes disks in an active array or marks a disk as failed. Congures mdadm to send alerts when there are array errors or disk failures, and allows sharing of spare disks. Builds a legacy array without superblocks. Performs any other operation on arrays, from getting information about devices to removing old superblocks and stopping active arrays.

Build Misc

How to Congure RAID


Procedure Reference: Congure Software RAID To congure software RAID:
1. 2. 3.

Log in as root in the CLI. Enter rpm -qi mdadm to make sure the RAID package is installed. Create a software RAID. a. Create a RAID-0 array. Enter mdadm --create --verbose /dev/md{device number} --level=0 --raid-devices=2 /dev/{device name}{device number} /dev/{device name}{device number} to create a RAID-0 array.

172

System Administration of Red Hat Linux 5

LESSON 7
Or, enter mdadm -Cv /dev/md{device number} -l0 -n2 /dev/{device name}{device number} /dev/{device name}{device number}. Enter mdadm --create --verbose /dev/md{device number} --level=1 --raid-devices=2 /dev/{device name}{device number} /dev/{device name}{device number} to create a RAID-1 array. Enter mdadm --create --verbose /dev/md{device number} --level=5 --raid-devices=3 /dev/{device name}{device number} /dev/{device name}{device number} /dev/{device name}{device number} to create a RAID-5 array. Or, enter mdadm -Cv /dev/md{device number} -l5 -n3 /dev/{device name}{device number} /dev/{device name}{device number} /dev/{device name}{device number}.

b.

Create a RAID-1 array.

c.

Create a RAID-5 array.

4. 5. 6. 7. 8. 9.

Enter mdadm --detail --scan > /etc/mdadm.conf to create the RAID conguration le with RAID array information. Enter vi /etc/mdadm.conf to open the /etc/mdadm.conf le and specify device information. Enter mkfs -t {filesystem type} /dev/md{device number} to create a lesystem on the RAID disk. Create a mount point and mount the RAID disk. Enter cat /proc/mdstat to verify that the RAID disk has been created. Enter mdadm -S /dev/md{device number} to stop/deactivate the RAID service. service.

10. Enter mdadm -AS /dev/md{device number} to start/activate the RAID 11. Enter mdadm -E /dev/{device name}{device number} to examine

device name information.

Lesson 7: Managing Advanced Filesystem Services

173

LESSON 7

ACTIVITY 7-2
Conguring RAID Level 5
Scenario: You have allocated 3 GB on your system to store sensitive transaction details. You want to effectively use the space, as well as build fault tolerance in the hard disk so that you can recover the data if the hard disk crashes.
What You Do 1. Create three logical partitions on the hard disk. How You Do It a. To invoke the fdisk utility for the /dev/hda device, enter fdisk /dev/hda b. To create a partition of default size, enter n c. To accept the default first cylinder size, press Enter. d. To set the partition size, enter +1000M e. To change the partition type, enter t f. To set the partition number, enter 7

g. To change the partition from type 83 to type fd, at the Hex code (type L to list codes): prompt, enter fd h. To write the changes to the partition table, enter w i. Create two logical partitions with size 1 GB each and type fd To reboot the system, enter reboot

j.

174

System Administration of Red Hat Linux 5

LESSON 7
2. Create a software RAID 5. a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root in the CLI. c. To check if the mdadm package is installed on your system, enter rpm -qa | grep mdadm d. To create a RAID 5 array, enter mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/hda7 /dev/hda8 /dev/hda9 e. If necessary, to continue creating the array, at the prompt, enter y f. To create the RAID configuration file / etc/mdadm.conf with the RAID array information, enter mdadm --detail --scan > /etc/mdadm.conf

3.

Specify the device information in the mdadm.conf file.

a. To open the /etc/mdadm.conf. file, enter vi /etc/mdadm.conf b. To switch to the insert mode, press I. c. To specify the device information, on a new line, type DEVICE /dev/hda7 /dev/hda8 /dev/hda9 d. To exit to the command mode, press Esc. e. Save and close the file. f. Enter clear

4.

Create a filesystem on the RAID device and mount the RAID device on a mount point called /raid.

a. To create an ext3 filesystem on the RAID device /dev/md0, enter mkfs.ext3 /dev/md0 b. To create a mount point for RAID in /raid, enter mkdir /raid c. To mount the RAID device /dev/md0 on /raid, enter mount /dev/md0 /raid

Lesson 7: Managing Advanced Filesystem Services

175

LESSON 7
5. Check whether a new RAID device is created. a. To verify that the RAID device has been created, enter cat /proc/mdstat b. Observe that the list of active RAID devices is displayed. c. Enter clear

TOPIC C
Manage Logical Volumes Using the Logical Volume Manager
You have added new hardware devices to the system, and congured RAID to protect your hard disk. You are storing huge amounts of data on the le server. You want to manage the storage area when the system runs out of space. In this topic, you will manage disk space. As the number of users increases, a vast collection of information is stored on the le server. To install new software, you are downloading source les from the website. While downloading, an error is displayed stating that there is insufficient memory in the home directory. You decide to increase the storage space, but want to complete the download. To manage the current situation, you have decided to move the memory allocated to the swap lesystem to the home directory. Learning about LVM will enable you to accomplish this task.

Logical Volume Manager


Logical Volume Manager

Denition: Logical Volume Manager (LVM) is a software tool that is used to manage disk storage on a computer system. LVM creates an abstraction layer over the storage area in the system, so that details about where the data is stored are hidden. It hides the storage details by completely separating the hardware storage and the software management, so that any changes made to the hardware do not affect the software during runtime. The volume manager organizes hard disks into volume groups and the partitions in the storage area are referred to as the Logical Volumes (LV). Example:

176

System Administration of Red Hat Linux 5

LESSON 7
LVM Components
LVM consists of ve components.

Component
Volume Group (VG)

Description
The Volume Group component is the highest level of abstraction in LVM. The physical drives or hard disks are organized into volume groups. The partition type of the disk or partition should be set to Linux LVM. Physical Volume is a physical medium with additional data for administrative purposes. The pvcreate command is used to create a volume group that contains one or more PVs. Each physical volume is divided into blocks of data referred to as Physical Extents (PEs). The size of physical extents is the same as the size of logical extents for the volume group. A PE is the smallest unit that can be addressed by LVM on physical storage. The actual data is stored in the Logical Volume. The LV is referred to as a standard block device. It contains a lesystem, which is set using the mkfs command. For example, /home, /var. Each Logical Volume is divided into blocks of data referred to as Logical Extents (LE). The size of logical extents is the same for all logical volumes in the volume group.

Physical Volume (PV)

Physical Extents (PE)

Logical Volume (LV)

Logical Extents (LE)

LVM Architecture
In a storage drive, each Physical Volume (PV) is divided into equal sized Physical Extents (PEs). Each PE is given a number, which is unique within the PV. In each PV, metadata information is stored in an area named Volume Group Descriptor Area (VGDA). VGDA includes a PV description, a VG description, an LV description, and several PE descriptions, which are stored at the beginning of each physical volume. Each LV is divided into Logical Extents (LEs). LEs are of the same size as the PEs of that VG. Every LE is mapped to one PE on a PV.
LVM Architecture

Lesson 7: Managing Advanced Filesystem Services

177

LESSON 7

Figure 7-1: A volume group showing LVM architecture

LVM Management Tools


LVM contains a number of tools to maximize the features provided by LVM. These tools perform a variety of functions. The syntax for using the LVM tools is {Tool name} {disk partition}.

Tool
lvcreate lvdisplay lvextend lvreduce lvremove lvscan pvcreate pvdisplay pvmove pvscan

Enables You To
Create a logical volume. Display information about a logical volume. Add space to a logical volume. Reduce the size of a logical volume. Remove logical volumes from the system. List all logical volumes in all volume groups. Initialize physical volumes for use by LVM. Display various attributes of physical volumes. Move extents from one physical volume to another. List all physical volumes.

Tool
vgcreate

Enables You To
Create a volume group.

178

System Administration of Red Hat Linux 5

LESSON 7
Tool
vgdisplay vgextend vgreduce vgremove vgscan resize2fs

Enables You To
Display volume group information. Add physical volumes to a volume group. Remove a physical volume from a volume group. Remove a volume group. Search for all volume groups. Resize ext2/ext3 lesystems.

LVM Snapshots
In the event of a system crash, LVM snapshots can be used to recover lesystems. They are similar to copies of logical volumes. The user can create multiple copies of logical volumes in the form of block devices. They store the changes that are made to lesystems, instead of storing the entire lesystems. They can be created using the lvcreate tool. Snapshot Volumes A snapshot volume is a volume containing a record of data that was present in the volume at the time the snapshot was taken. Snapshot volumes enable you to take backups of the lesystem even when the lesystem is running and changes are being made to it. These may be mounted as a logical volume to track changes that have been made to the lesystem since the snapshot volume was created.

How to Manage Logical Volumes Using Logical Volume Manager


Procedure Reference: Create Logical Volume Using the Logical Volume Manager To create logical volumes using the logical volume manager:
1. 2. 3.

Log in as root in the CLI. Enter fdisk /dev/{device name}{device number}. Create a partition with type as LVM. a. Type n and press Enter. b. c. d. e. f. g. h. i. j. Type p and press Enter. Type 1 and press Enter. Press Enter two times. Type t and press Enter. Type 8e and press Enter. Type w and press Enter. To update the partition table, enter partprobe Enter vgscan to enable LVM to locate partitions of type Linux LVM. Enter pvcreate /dev/{device name}{device number} to create physical volumes on each hard disk.

Lesson 7: Managing Advanced Filesystem Services

179

LESSON 7
You must create physical volumes on each hard disk that contains the Linux LVM partition. This is because a physical volume cannot span more than one hard disk.

k.

Enter vgcreate {volume group name} /dev/{device name}{device number 1} .... /dev/{device name}{device number n}vgcreate {volume group name} /dev/{device name}{device number 1} .... /dev/{device name}{device number n} to create volume groups by merging the physical volumes. Enter lvcreate -L {size of logical volume} {volume group name} -n {logical volume name} to create logical volumes in the volume groups you created. Enter mkfs -t {filesystem type} /dev/{volume group name}/{logical volume name} to assign a lesystem to the logical volumes you created.

l.

m. Enter reboot to reboot the system. n.

Procedure Reference: Resize Logical Volume Using LVM Tools To resize logical volumes using LVM tools:
1. 2. 3. 4. 5. 6.

Log in as root. Enter pvcreate /dev/{device name}{device number} to create a physical volume. Enter vgextend {volume group name} /dev/{device name}{device number} to add the partition to the existing volume group. Enter lvextend -L +{size} /dev/{volume group name}/{logical volume name} to extend the lesystem. Enter resize2fs /dev/{volume group name}/{logical volume name} to resize the lesystem. View the changes you have made. Enter vgdisplay to view volume group information. Enter pvdisplay to view physical volume information. Enter lvdisplay to view logical volume information.

Procedure Reference: Manage LVM Snapshots To manage LVM snapshots:


1. 2.

Log in as root. Enter lvcreate -L {size} -s {snapshot volume name} /dev/{volume group name}/{logical volume name} to create a snapshot of the volume. Enter mount /dev/{volume group name}/{snapshot volume name} {mount point} to mount the snapshot volume. Remove the snapshot volume. a. Enter umount {mount point} to unmount the snapshot volume.

3. 4.

180

System Administration of Red Hat Linux 5

LESSON 7
b. Enter lvremove /dev/{volume group name}/{snapshot volume name} to remove the snapshot volume.

ACTIVITY 7-3
Managing Disk Space Using the Logical Volume Manager
Scenario: While planning to set up a le server in your organization, you decide to allocate disk space as per the following requirements: Development team - 1 GB Marketing team - 1 GB Hardware team- 1 GB

You have been provided with a hard disk of capacity 80 GB.


What You Do 1. Create three logical partitions on the hard disk. How You Do It a. To invoke the fdisk utility for the /dev/hda device, enter fdisk /dev/hda b. To create a partition of size 2 GB, enter n c. To accept the default first cylinder size, press Enter. d. To set the partition size, enter +2000M e. To change the partition type, enter t f. To set the partition number, enter 10

g. To change the partition from type 83 to type 8e, at the Hex code (type L to list codes): prompt, enter 8e h. To write the changes to the partition table, enter w i. Create two logical partitions of size 2 GB each and partition type 8e To reboot the system, enter reboot

j.

Lesson 7: Managing Advanced Filesystem Services

181

LESSON 7
2. Create physical volumes on the LVM partitions. a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root in the CLI. c. To enable LVM to locate partitions of type Linux LVM, enter vgscan d. To create physical volumes for each hard disk on the LVM partitions, enter pvcreate /dev/hda10 /dev/hda11 /dev/hda12 3. Create logical volumes on the hard disk. a. To create a volume group named Myvolume on the /dev/hda device, enter vgcreate Myvolume /dev/hda10 /dev/hda11 /dev/hda12 b. In the Myvolume volume group, to create a logical volume with a size of 1GB for the development team, enter lvcreate -L 1000 Myvolume -n Development c. To create a logical volume with a size of 1GB for Hardware, enter lvcreate -L 1000 Myvolume -n Hardware d. To create a logical volume with a size of 1GB for Marketing, enter lvcreate -L 1000 Myvolume -n Marketing e. To reboot the system, enter reboot f. To switch to the CLI mode, press Ctrl+Alt+F1.

g. Log in as root in the CLI of the Linux client machine. h. To assign the ext2 filesystem to the logical volumes you created, enter mkfs -t ext2 /dev/Myvolume/Development i. To assign the ext2 filesystem to the logical volumes you created, enter mkfs -t ext2 /dev/Myvolume/Hardware To assign the ext2 filesystem to the logical volumes you created, enter mkfs -t ext2 /dev/Myvolume/Marketing

j.

182

System Administration of Red Hat Linux 5

LESSON 7
4. Create mount points for the LVM partitions. a. To create the Development directory, enter mkdir /Development b. To mount the volume group on /Development, enter mount /dev/Myvolume/Development /Development c. Create the mount points for the Hardware and Marketing groups. d. Mount the volume groups Hardware and Marketing on /Hardware and /Marketing respectively. e. To verify that the filesystems are mounted, enter mount f. Enter clear

TOPIC D
Back Up Data
Apart from working with les, you will also need to prevent loss of information in the event of a system crash or some other unforeseen circumstances. In this topic, you will back up data. A team is working on an important project. They dont want to lose data because that would require a lot of rework. As a system administrator, you can perform daily backups to ensure that no data is lost if the system crashes.

Data Dump
A data dump is a copy of the raw data in memory. It can be copied to a le or storage media such as a hard disk or CD. Data dumping can be done only when the device is unmounted. A data dump can be created using specic commands, such as the dump command.

The Dump Command


The dump command dumps all les in a lesystem to a tape or another le. Dump automatically detects the size of the output medium. The syntax for the dump command is dump {command options} files to dump}. The dump command has various options.

Lesson 7: Managing Advanced Filesystem Services

183

LESSON 7
Option
-a

Enables You To
Archive data on the external medium until the medium gets lled. At this point, a prompt is displayed to the user for intervention. Specify a label for the dump le. Data is restored using this label. Write the output of a backup to a le. Abort dump whenever it encounters an error, without displaying a prompt. Set the dump level. A full backup is taken at level 0 and the default level is 9. Any value between 0 and 9 is permissible. Specify the number of kilobytes per dump record. Specify the target location. Specify the compression level.

-L label -f filename -q -level# -b Maximum block size -f Location of the target file -z Compression level 1-9

Raw Devices
Raw Devices

Denition: A raw device is the section of a physical disk whose contents are not managed by the operating system. Unlike lesystems, a raw device cannot be accessed by users. Raw devices can be bound to existing block devices, such as the disks. All input or output operations to a raw device are done directly on the physical device performing the input or output operation. Raw devices bypass the caching that is associated with block devices. Example:

Character Devices A character device is a data storage or transfer device that exchanges one character or byte at a time with the operating system. Character devices do not transfer data in blocks, but they are allowed to use as many or as few bytes as they like. Unlike block devices, character devices do not have a buffer for requests.

Determine a Backup Strategy


An effective backup strategy determines the amount of data backed up and enables efficient data restoration.

184

System Administration of Red Hat Linux 5

LESSON 7
Guidelines: To choose an effective backup strategy, follow these guidelines: Determine the scope of the backup operation to be performed. Do you need to back up data on a single computer? Do you need to back up data on multiple computers? Are the computers situated in a single location? Are the computers spread across different locations? Identify the amount of data that needs to be backed up. Does the data reside on a single system? Is the data distributed among several servers? Can the data be easily replaced?

Ensure you have all the necessary information about the data to be backed up.

Determine the most suitable time for performing backup operations so that users can continue working. Ensure that users are informed well in advance about scheduled backups. Review the storage space. Do you have an adequate number of tapes? Determine the reliability of backup media. Determine whether previous backups can be erased or not. It is advisable to retain previous backup versions.

Depending on the scope of the backup operation to be performed, do you have the required number of human resources to perform the backup operation? Test the backups performed and verify the integrity of backed up les.

Example: A major corporation recently suffered a catastrophic loss of data during a power outage caused by a snow storm. The system administrator had decided to update the organizations backup strategy. First, he observes that team members regularly save work-inprogress to their local hard drives. He also determines where other mission critical les are stored. Based on these ndings, the system administrator creates a backup plan that includes all computers on the network. He reviews the storage capacity of the current backup media, and nds it to be inadequate. After some research, he recommends to the management that a new storage system be purchased and installed. Finally, the system administrator consults with various managers and team leads to determine the teams work schedules. He schedules the backups from 10:00 P.M.4:30 A.M. because this is the ideal time that will cause minimum disruption of work. The Hanoi Sequence While performing incremental or partial backups, using the Hanoi sequence helps to minimize the number of tapes used. Backup procedures have several levels ranging from 09. Level 0 indicates a complete backup and ensures that the entire lesystem is copied. A level number greater than 0 indicates that all new les and les modied since the last backup of the same or lower level will be copied. This is known as an incremental backup.

Lesson 7: Managing Advanced Filesystem Services

185

LESSON 7
It is practical to always start with a level 0 backup. A level 0 backup should be performed at regular intervals, preferably once a month or once every two months. Data should be stored in a set of fresh tapes each time a level 0 backup is performed. These tapes should be stored forever. After performing a level 0 backup, dumps of active lesystems need to be made on a daily basis. A modied Tower of Hanoi algorithm is used for this purpose. The sequence of dump levels followed in this method is 3 2 5 4 7 6 9 8 9 9. Every week, a level 1 dump needs to be taken and the daily Hanoi sequence repeats beginning with a dump level of 3. The /etc/issue and the /etc/issue.net Files The /etc/issue.net le is the login banner that users see when they make a connection to the system over the network; for example, when they use Telnet or SSH to connect to a system, the content in the /etc/issue.net le is displayed. It includes welcome information text displayed whenever a new session is opened. The /etc/issue and /etc/ issue.net les constitute the login banner that is displayed to local user logins. The / etc/issue le can be customized.

How to Back Up Data


Procedure Reference: Archive Using the dump Command To archive using the dump command:
1. 2. 3.

Log in as root in the CLI. Enter dump -0 -f {target file} {source file} to take a complete backup. Enter dump -{Hanoi Sequence} -f {target file} {source file} to add updates to the existing backup le.

186

System Administration of Red Hat Linux 5

ACTIVITY 7-4
Performing Backups
Before You Begin: 1. Enter mkdir Reports to create the Reports directory in the root directory. 2. 3. 4. 5. Enter cd Reports to navigate to the /Root/Reports directory. Enter vi project to create the project le to store the project data. Save and close the le. Enter logout.

LESSON 7

Scenario: A colleague is working on a very important project, and he wants to make a daily backup of his system. He also wants a reminder to create backups whenever he starts his system. All project-related les are in the /root directory and they need to be saved as project_backup in the /tmp directory. Account information: Login name for root user: root Password for root user: p@ssw0rd

What You Do 1. Make a backup of the /root file in the /tmp directory.

How You Do It a. Log in as root in the CLI. b. To make a complete backup, enter dump -0 -f /tmp/project_backup /root c. Enter clear d. To compress the backup file, enter bzip2 /tmp/project_backup
Compressing the backup le may take a few minutes.

Lesson 7: Managing Advanced Filesystem Services

187

LESSON 7
2. Set a reminder during system login to perform backups. a. Enter vi /etc/issue b. On a new line, type Backup Your Project Data c. Press Esc. d. Save and close the file. e. To verify that the reminder is displayed, enter logout

TOPIC E
Restore Data
You have backed up data. If the original data is lost because of a crash, you will need to reinstate the data you backed up. In this topic, you will restore data. After an unexpected system crash, a user discovers that some les are missing. These les may be extremely important and may affect network productivity. As a system administrator, you need to restore the backed up data.

The Restore Command


The restore command enables you to restore les or le systems from backups made with dump. Specic data can also be restored using the options of the restore command. The common restore command options are given in the following table.

Option
-C -i -r -f /Location of the backup file

Enables You To
Compare the backup le with the source le. Run the restore command in restore mode to restore backups partially. Perform a complete recovery of the backed up les. Specify the location of the backup le.

The restore command can be used across networks to restore data.

188

System Administration of Red Hat Linux 5

LESSON 7
Volume Number While making backups of large les on removable storage devices, such as tape drives, the total size will be split into smaller volumes and stored in multiple tape drives with each tape drive identied with a specic volume number. When you want to restore the backup made on such multiple volumes, specify the volume number starting from the last volume number to the rst volume number. The hard disk, because it is a single volume, will always have the volume number 1.

How to Restore Data


Procedure Reference: Restore Backups Using the restore Command To fully restore the backups:
1. 2. 3.

Log in as root in the CLI. Navigate to the directory where you want to restore backed up les. Restore backups. Enter restore -rf /Location of the backup file to restore a backup taken using the dump command.

ACTIVITY 7-5
Restoring Backup Data
Before You Begin: 1. Log in as root. 2. 3. Enter rm -rf /root/Reports. Enter clear.

Scenario: You observe that some of your project les are missing. You make a daily backup of your work. Account information: Login name for root user: root Password for root user: p@ssw0rd The name and location of the backup le is /tmp/project_backup.bz2.

Lesson 7: Managing Advanced Filesystem Services

189

LESSON 7
What You Do 1. Identify the missing directory and files.
Step 1a may take a few minutes.

How You Do It a. To decompress the file using bunzip2, enter bunzip2 /tmp/project_backup.bz2 b. To view the missing directory and files, enter restore -C -f /tmp/project_backup c. Enter clear

Step 1a may take a few minutes.

2.

Switch to the restore mode.

a. Enter cd / b. To switch to the restore mode, enter restore -i -f /tmp/project_backup c. At the restore prompt, enter cd root

3.

Extract the missing files.

a. To add the directory that needs to be restored, enter add Reports/ b. To extract the directory from the backup file, enter extract c. To specify the volume number, enter 1 d. To accept the default owner/mode of the files to be extracted, enter y e. To quit the restore mode, enter quit f. To check if the Reports directory has been restored, enter ls /root/Reports

Inform the students to ignore the initial messages displayed on the screen, and observe that the message does not exist is not displayed indicating that the missing les have been replaced.

g. Enter clear h. Enter logout

190

System Administration of Red Hat Linux 5

TOPIC F
Synchronize Files
You have successfully restored data on systems in the network after they suffered a crash. You are required to update the data on systems to maintain consistency across les in the network. You decide to use data synchronization to accomplish the task faster. In this topic, you will synchronize les using the rsync utility. Project les are stored in a common directory. All the team members working on that project have a local copy of project les in their system. As team members edit the les, you want the changes to be automatically updated in the stored le. Implementing synchronization will guarantee that the data remains updated.

LESSON 7

File Synchronization
Denition: File synchronization is the process of maintaining an up-to-date version of a le present in multiple locations. Any modications made to the le in one location should reect in les present in other locations. For instance, when two different locations are synchronized, the latest version of the le is available to all users. Example:
File Synchronization

The rsync Utility


Denition: The rsync utility is a utility that is used to synchronize les among systems. It compares two les and sends only the differences in the compressed form, instead of sending the entire le. The rsync daemon is managed using the rsyncd.conf le stored in the /etc directory. The syntax for using the rsync utility is rsync {source file or folder} {destination file or folder}.
The rsync utility uses the rsync algorithm to determine differences between les. The rsync Utility

Lesson 7: Managing Advanced Filesystem Services

191

LESSON 7
Example:

Checksum
Checksum

Denition: Checksum is a numerical value that enables a computer to verify that the data received is intact. The checksum value is added to the packet by the computer that sends data. The computer that receives data performs calculations on the data within the packet, and compares the results to the checksum value stored in the packets header. If the two values are identical, then the packet contains valid data. Example:

The Synchronization Process


The Synchronization Process

Your organization has connected the New York office network with the network in Dallas through a slow communication link. The login information to authorize the New York office network users is stored in the xnserv1 le on ServerA. Users in Dallas might also need to connect to the New York network at times. Therefore, a copy of the login information is stored in the xnserv2 le on ServerB in Dallas. Whenever there is an increase in the number of users, the login information is updated in the xnserv1 le. However, the changes made to this le should also be reected in ServerB so that users in Dallas are able to connect to the New York network seamlessly. 1. ServerB splits the content of the xnserv2 le into a xed-size series of blocks. For each block, the server creates two checksums and sends them to ServerA. 2. ServerA searches the xnserv1 le to check whether all the blocks have the same checksum length. If a section of the xnserv1 le partly matches with a section of the xnserv2 le, then ServerA sends a set of instructions to build a copy of that xnserv1 le section. However, if a section of the xnserv1 le does not match with the xnserv2 le, then ServerA sends the entire data of that section to ServerB. ServerB receives the information and updates the xnserv2 le.

3.

192

System Administration of Red Hat Linux 5

LESSON 7

Figure 7-2: The synchronization process.

How to Synchronize Files Using rsync


Procedure Reference: Synchronize Files Between Two Computers on the Network To synchronize les between two computers on the network:
1. 2.

Log in as a user. Enter rsync {source file or folder} {user name}@{hostname or IP of the destination}:/{destination file or folder} to synchronize les between two computers. If prompted, add the host as a trusted host. Enter the password to synchronize the les. Verify that the les have been synchronized.

3. 4. 5.

Lesson 7: Managing Advanced Filesystem Services

193

LESSON 7

ACTIVITY 7-6
Synchronizing Files Using rsync
Data Files: trans

Before You Begin: To be performed by the instructor: 1. On the server, create the /html directory. 2. Copy the trans from the /root/085993Data/Managing_Advanced_File_Services/ directory to the /html directory on the server.

Setup: To be performed by the student: 1. Log in as root in the CLI of the client machine. 2. 3. 4. Create the /html directory. Enter cd /html to navigate to the /html directory. Enter touch registration to create the registration le.

Scenario: Your organization has hosted a conference and all participants are required to ll out their entry forms at the venue. There is a computer provided for registration. You want to ensure that information from the system that is used for registration is constantly updated on the server.
What You Do 1. Synchronize the trans file on the server with the registration file. How You Do It a. To synchronize the file registration, enter rsync --rsh=ssh root@192.168.0.1:/html/trans /html/registration b. If needed, to enter the passphrase to connect to the server, press Enter. c. When prompted, enter p@ssw0rd as the password.

194

System Administration of Red Hat Linux 5

LESSON 7
2. Check whether the file has been updated on the system. a. To view the contents of the /html directory, enter ls -l /html b. To open the registration file, enter cat registration c. Enter logout

Lesson 7 Follow-up
In this lesson, you used advanced lesystem services to perform data management. You managed disk quotas, implemented RAID on your hard disk, utilized LVM to manage disk space, and backed up data using dump/restore. You also synchronized les using the rsync command. This knowledge will enable you to keep your data updated and prevent data loss.
1. What are the benefits of synchronizing data? Why? Answers will vary, but may include: 1. Data can be updated across multiple users on the network simultaneously. A central database server might get blocked by multiple requests. Synchronizing data prevents the occurrence of these bottlenecks. 2. Synchronizing data reduces the time taken to access the data by the users, by enabling the users with similar requests to retrieve data at the same time. 2. What are the advantages of assigning disk quotas? Why? Answers will vary, but may include: 1. Assigning disk quotas makes partition management easier as disks are split into manageable chunks. 2. Disk quotas help avoid data overflows in the network by issuing alerts if the user has used up his disk space.

Lesson 7: Managing Advanced Filesystem Services

195

NOTES

196

System Administration of Red Hat Linux 5

LESSON 8

LESSON 8
Conguring Networks
In this lesson, you will congure networking interfaces and related settings. You will: Acquire an overview of networking. Congure IPv4 and IPv6. Congure routing. Congure DNS. Congure networks. Congure NIS and LDAP to share information across the network. Congure SELinux.

Lesson Time 5 hour(s), 10 minutes

Lesson 8: Conguring Networks

197

LESSON 8
Introduction
You have managed lesystems on individual computers, but often system administrators have to manage a set of computers that are interconnected to share information or resources. In this lesson, you will congure network connectivity between different computers. A network enables computers to communicate with each other and share data, and software and hardware resources. It facilitates system administrators to disseminate information, administer systems remotely, enable communication through mail or chat systems, enable technology sharing, manage software licenses, and control unauthorized access by implementing security measures.

TOPIC A
Overview of Networking
You have familiarized yourself with the Linux operating system constructs. Ease of setting up operating networks is one of the major factors that determines the quality of an operating system. When Linux was developed, high priority was given to the networking features. To congure networks and their features successfully, you need to understand the fundamentals of networking. In this topic, you will explore the basics of networking. As a network administrator, you will be managing and troubleshooting servers, network services, and workstations. Before you start managing a network, you should understand the network and its components.

The Transmission Control Protocol/Internet Protocol (TCP/IP) Suite


The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the standard set of communication protocols used for networking. It consists of two different protocols, namely TCP and IP. TCP handles the disassembling and reassembling of transmitted data units. It ensures that data is transferred reliably from one computer to another on a network. IP handles the addressing of data units that are transmitted over networks. It ensures that data reaches the correct destination. TCP and IP are combined using a special software application to enable communication among dissimilar networks. Usually, a single protocol would be sufficient to connect similar networks, but a combination of protocols is required to connect two different networks and complete the communication task.

198

System Administration of Red Hat Linux 5

LESSON 8
Ports
Denition: On a network, a port is an access point to a logical connection. It serves as a channel through which information can be exchanged directly between networked computers. Many ports can operate simultaneously on a computer to provide services to different applications. A unique port number identies the type of application that is sending or receiving data. It also informs the computer as to which application program running in the computer should process the data that is being sent or received through a particular port. Ports are identied by numbers between 0 and 65536. Example: Just as several people might live at the same address, such as an apartment or office building, multiple network applications might reside at the same IP address. In an apartment or office building, apartment or suite numbers might be used in conjunction with the street address to identify which occupant should receive a mail. Similarly, the IP address along with the specic port number is allocated for different applications. There is a scheme for identifying specic applications that share an IP addressand that is the addition of a port to the IP address. For example, a web server and an FTP server might both run on the same server, at 24.95.112.13. Web servers typically are set up to run on port 80, and FTP servers run on port 21. To identify the FTP server, you could use the address 24.95.112.13:21. The colon character separates the port address from the rest of the IP address. Most servers enable the administrator to specify the port on which a service should run. The ability to specify the port number can be useful when multiple services, such as two web servers, are running on the same computer. One server might run on port 80, and the other on port 81.
Ports

Ports Allocated for Different Services Ports can be allocated for different services based on the types of applications supported by a network.

Port Number
1 5 7 18 20 21 22

Description
TCP Port Service Multiplexer (TCPMUX) Remote Job Entry (RJE) ECHO Message Send Protocol (MSP) File Transfer [Default Data] (FTP Data) File Transfer [Control] (FTP Control) Secure Shell Login (SSH)

Lesson 8: Conguring Networks

199

LESSON 8
Port Number
23 25 29 37 42 43 49 53 69 70 79 80 103 108 109 110 115 118 119 137 139 143 150 156 161 179 190 194 197 389 396 443 444 445 458 546 547 563 569 1080

Description
Telnet Simple Mail Transfer Protocol (SMTP) MSG ICP Time Host Name Server WhoIs Login Host Protocol Domain Name System (DNS) Trivial File Transfer Protocol (TFTP) Gopher Services Finger HTTP X.400 Standard SNA Gateway Access Server POP2 POP3 Simple File Transfer Protocol (SFTP) SQL Services Newsgroup (NNTP) NetBIOS Name Service NetBIOS Datagram Service Interim Mail Access Protocol (IMAP) NetBIOS Session Service SQL Server SNMP Border Gateway Protocol (BGP) Gateway Access Control Protocol (GACP) Internet Relay Chat (IRC) Directory Location Service (DLS) Lightweight Directory Access Protocol (LDAP) Novell Netware over IP HTTPS Simple Network Paging Protocol (SNPP) Microsoft-DS Apple QuickTime DHCP Client DHCP Server SNEWS MSN Socks

200

System Administration of Red Hat Linux 5

LESSON 8
Network Interfaces
A network interface is a point of connection between two computers. It can be implemented using hardware or software. There are different types of network interfaces.

Network Interface Type


Physical network interface

Description
Physical network interface is implemented using a hardware device. For example, an ethernet interface (denoted by ethX, where X refers to the number of the interface) is setup using Network Interface Card (NIC). Virtual network interface is implemented through software support. For example, a loopback interface (lo) simulates a network interface without the help of a physical device. It is used to test network connectivity and accuracy of data transmission by sending data back to the generating source address.

Virtual network interface

Network Interface Cards (NICs)


Denition: A Network Interface Card (NIC) is a small circuit board device that enables a computer to connect to a network. A network interface is created between two or more computers using NIC. To connect to different networks such as a wired or a wireless network, more than one NIC can also be installed on a computer. The different NICs connected to a system are numbered. The NIC can be built into the motherboard of the computer, connected through a USB, or can be an internal adapter card that is installed into one of the computers expansion slots. After the NIC is installed, it has to be congured to connect to a particular network using the required network addresses.
Network Interface Cards (NICs)

Lesson 8: Conguring Networks

201

LESSON 8
Example:

The ifcong Command


ifconfig is a command that is used for conguring network interfaces for Linux servers and workstations. It is also used to view the current TCP/IP conguration of the machine, including the IP address and the netmask address. The syntax for this command is: ifconfig {interface name} {options or address}. This command has various options.

Option
up down address netmask addr dstaddr addr

Function
Activates the interface. Deactivates the interface. Sets the IP address. Sets the network mask for the interface. Sets the remote IP address.

Acquiring an Overview of Networking


Procedure Reference: View Network Settings To view your network settings:
1. 2. 3. 4.

Log in as root in the CLI. Enter ifconfig to view the basic settings of all network devices. Enter ifconfig eth{device number} to view the basic settings of a specic network interface. Enter ip link to view the interface and the associated hardware address.

202

System Administration of Red Hat Linux 5

LESSON 8
5.

Enter ip addr to view the settings of all network devices.

ACTIVITY 8-1
Viewing Network Settings
Scenario: You have completed installing Linux on a user machine. You now want to implement networking in the system. To do this, you need to view the various network interfaces connected to the system.
What You Do 1. View the list of all network interfaces. How You Do It a. Log in as root in the CLI. b. To view the list of all network interfaces present on your computer, enter ip link c. Observe that the list of ethernet and other network devices are listed. 2. View the settings of all network interfaces. a. Enter ifconfig b. Observe that the details of all network interfaces present on the computer are displayed. c. Enter clear

Lesson 8: Conguring Networks

203

LESSON 8

TOPIC B
Congure Internet Protocols
You have familiarized yourself with the basics of networking in Linux. The TCP/IP set of protocols form the basis of networking. The network interface card consists of the IP addressing structure, which needs to be congured to connect to a network. In this topic, you will congure the Internet protocols. Internet Protocols such as IPv4 and IPv6 are used to congure network connectivity between systems. There are different ways of conguring these protocols and the IP addresses. Creating different types of networks such as static or dynamic networks, virtual or physical networks depends largely on IP conguration. Therefore, it is essential to analyze IP conguration for networking.

IP Addresses
IP Address

An IP address is a unique address that identies a host on the Internet. It is a 32-bit binary number that is usually displayed as four decimal numbers, called octets, which are separated by dots; for example, 155.40.104.49 is an IP address. The octets on the left side of the address identify the network on which a host resides, and the octets on the right side of the address identify the host.

Figure 8-1: An IP address that identifies the network on which a host resides.

IP Versions
IP Version 4 (IPv4) and IP Version 6 (IPv6) are the two versions of the Internet protocol that are currently in use. With the number of hosts on the Internet growing at a fast pace, the earlier version, IPv4, which adopts a 32-bit addressing format, has limited unique IP addresses for public Internet access, apart from reserved and consumed addresses. Soon, there is a chance for running out of IP addresses and routing can become complicated and this could restrict future Internet access. So, a new version of IP, called IP Next Generation (IPng) or IPv6, is being implemented on the Internet. The proposed Internet standard can increase the available pool of IP addresses by implementing a 128-bit binary address space. IPv6 also includes new efficiency features, such as simplied address headers, hierarchical addressing, support for time-sensitive network trafc, and a new structure for unicast addressing. IPv6 and IPv4 Compatibility IPv6 is not compatible with IPv4; so at present, it is narrowly deployed on a limited number of test and production networks. Full adoption of the IPv6 standard will require a general conversion of IP routers to support interoperability.

204

System Administration of Red Hat Linux 5

LESSON 8
How to Congure Internet Protocols
Procedure Reference: Manually Congure the IPv4 Settings for NIC To manually congure the IPv4 Settings for NIC:
1. 2. 3. 4. 5. 6. 7.

Log in as root in the CLI. Enter ifdown eth{device number} to stop the network interface service. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi ifcfg-eth{device number} to open the NIC conguration le. Specify DEVICE=eth{device number} Specify HWADDR={hardware address} Change BOOTPROTO variable to control the IPv4 settings. 1. For dynamic IPv4 conguration, set the value to BOOTPROTO=dhcp for dynamic IPv4 conguration. 2. For static IPv4 conguration, Set BOOTPROTO=static To specify the IPv4 address of the NIC, type IPADDR={IPv4 address} To specify the netmask address, type NETMASK={netmask address}

8. 9.

Set ONBOOT={yes | no} to specify if the NIC should be enabled or disabled during system boot. Save and close the le.

10. Enter ifup eth{device number} to start the network interface service.

BOOTPROTO The BOOTPROTO is a variable that is used to dene the mode in which the NIC will be congured. If BOOTPROTO=static, then the NIC will be congured manually. If BOOTPROTO=dhcp, then the NIC will contact the DHCP server to get the IP information. Procedure Reference: Create Virtual NIC with IPv4 Address To create a virtual NIC with IPv4 address:
1. 2. 3.

Log in as root in the CLI. Enter ifdown eth{device number} to stop the network interface service. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory.
The /etc/syscong/network-scripts/ directory contains various network scripts such as ifcfg-eth0 that will be executed whenever the system starts up.

4. 5.

Enter vi ifcfg-eth{device number}: {alias number} to open the NIC conguration le. Switch to the insert mode.

Lesson 8: Conguring Networks

205

LESSON 8
6. 7. 8.

Specify DEVICE=eth{device number} Specify HWADDR={hardware address} Set BOOTPROTO={none | static} to control the IPv4 settings.
Virtual NIC can only have static IP.

9.

To specify the IPv4 address of the NIC, set IPADDR={IPv4 address}

10. To specify the netmask address, set NETMASK={netmask address} 11. To specify if the NIC should be enabled or disabled during system boot, set

ONBOOT={yes | no}
12. Save and close the le. 13. Enter ifup eth{device number} to start the network interface service.

Procedure Reference: Manage IPv6 State in the System To manage IPv6 state in the system:
1. 2.

Log in as root in the CLI. Manage the IPv6 state in the system. Edit the /etc/syscong/network le. a. b. c. d. e. a. b. c. d. e. Enter cd /etc/sysconfig to open the syscong directory. Enter vi network to open the network settings le. Switch to the insert mode. Specify NETWORKING_IPV6={yes | no} to manage the IPv6 state. Save and close the le. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi ifcfg-eth{device number} to open the NIC conguration le. Switch to the insert mode. Specify IPV6INIT={yes | no} to manage the IPv6 state. Save and close the le.

Edit the /etc/syscong/network-scripts/ifcfg-eth{device number} le.

3.

Enter ip -6 addr show to view the IPv6 settings.

Procedure Reference: Manually Congure IPv6 Settings for NIC To manually congure IPv6 settings for NIC:
1. 2. 3. 4. 5.

Log in as root in the CLI. Enter ifdown eth{device number} to stop the network interface service. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi ifcfg-eth{device number} to open the NIC conguration le. Switch to the insert mode.

206

System Administration of Red Hat Linux 5

LESSON 8
6. 7. 8.

Specify DEVICE=eth{device number} Specify HWADDR={hardware address} Change the DHCPV6C variable to control the IPv6 settings. 1. For dynamic IPv6 conguration, set the value to DHCPV6C=yes for dynamic IPv6 conguration. 2. For static IPv6 conguration: Set the DHCP value to DHCPV6C=no to statically congure IPv6. Set the value to IPV6ADDR={IPv6 address}/{length} to specify the IPv6 address of the NIC.

9.

Set ONBOOT={yes | no} to specify if the NIC should be enabled or disabled during system boot.

10. Save and close the le. 11. Enter ifup eth{device number} to start the network interface service.

Procedure Reference: Create Virtual NIC With IPv6 Address To create a virtual NIC with IPv6 address:
1. 2. 3. 4. 5. 6. 7. 8. 9.

Log in as root in the CLI. Enter ifdown eth{device number} to stop the network interface service. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi ifcfg-eth{device number}:{alias number} to open the alias NIC conguration le. Switch to the insert mode. Type DEVICE=eth{device number}:{alias number} Type HWADDR={hardware address} Type DHCPV6C=no Set IPV6ADDR_SECONDARIES={IPv6 address}/{length} {IPv6 address}/ {length} to specify the multiple IPv6 address to a single NIC. during system boot.

10. Set ONBOOT={yes | no} to specify if the NIC should be enabled or disabled 11. Save and close the le. 12. Enter ip -6 addr to view the specied IPv6 address.

Lesson 8: Conguring Networks

207

LESSON 8

ACTIVITY 8-2
Creating a Virtual NIC with IPv4 Address
Scenario: You are working as a system administrator in a startup company. Your responsibilities include setting up and conguring the network connectivity in your organization. There has been a shortage of systems, and so you decide to create a virtual network by conguring virtual network interfaces.
What You Do 1. Access the network scripts file for creating virtual NIC. How You Do It a. To view the current IP address of your NIC, enter ifconfig eth0 b. Write down the HWaddr, inet addr, and Mask addresses. c. To stop the network interface service, enter ifdown eth0 d. Enter cd /etc/sysconfig/network-scripts e. To create a NIC alias file, enter vi ifcfg-eth0:1 f. 2. Configure the device and hardware settings for the virtual NIC. To go to the insert mode, press I.

a. To specify the device number of the virtual NIC, enter DEVICE=eth0:1 b. To specify the hardware address, enter HWADDR={Enter the hardware address of eth0 device} c. For static IPv4 configuration, enter BOOTPROTO=static

208

System Administration of Red Hat Linux 5

LESSON 8
3. Configure the IP settings for the eth0:1 virtual NIC. a. To specify the IP address, enter IPADDR= {Enter the inet address of eth0 device} b. To specify the netmask address, enter NETMASK={Enter the Mask address of eth0 device} c. To initialize the virtual NIC on boot, enter ONBOOT=yes 4. Apply the virtual NIC configuration settings. a. To switch to the command mode, press Esc. b. Save and close the file. c. Enter reboot 5. View the newly created virtual NIC. a. Log in as root in the GUI. b. To open the terminal window, choose ApplicationsAccessoriesTerminal. c. In the terminal, enter ifup eth0:1 d. To open the network configuration settings, enter system-config-network e. In the Network Configuration window, in the list of devices, observe that the newly created virtual NIC eth0:1 is displayed. f. Close the Network Configuration window.
The students have to enter the inet address of their eth0 network interface.

The students have to enter the Mask address of their eth0 network interface.

g. In the terminal, enter exit

Lesson 8: Conguring Networks

209

LESSON 8

TOPIC C
Congure Routes
You have congured the IP settings for network interfaces. Routing allows you to manage data transmission traffic on networks. It enables data to be transmitted from a source to its destination through different routes. In this topic, you will congure routes. Networked computers interact with each other simultaneously at numerous instances. If one computer on a network is communicated by many other computers at the same time, if the data transmission routes or communication paths are not congured, it might lead to a system crash due to ooding of information. Therefore, the routes for information transmission have to be congured to avoid collision in network traffic.

Routers
A Router

Denition: A router is a networking device that connects multiple networks. Routers enable data to be exchanged among networks by examining and determining the best network path for data to travel. A router can be a dedicated device or can be implemented as a software application running on a network enabling device. Example:

Routing
Routing

Denition: Routing is the process of selecting the best route for moving data packets from a source to its destination on a network. To assist the process of routing, a router applies appropriate algorithms to generate and maintain an information base about network paths. It considers various metrics such as the path bandwidth, path reliability, and communication costs while evaluating the available network paths to determine the optimal route for forwarding a packet. Once the optimal route for a packet is assigned, packet switching is done to transfer the packet from the source host to the destination host.

210

System Administration of Red Hat Linux 5

LESSON 8
Example:

Packet A packet is a unit of data being sent across a network. The size of a packet ranges between 1000 and 1500 bytes. It contains the source and destination addresses and handling information to specify how it should be sent over the Internet. A packet is also known as a datagram. The contents of a packet depend on the network protocol in use. Packet-Switching Technology A packet-switching technology is a technology for transmitting data between computers on a network. In a packet-switched network, a message is broken into packets, which are transmitted individually or switched to their required destination. During the process, each packet may follow a different path, but at the destination, the packets are reassembled to form the original message sent from the main destination. This technology ensures greater routing and transporting efficiency through a network. The Internet is a packet-switched network. Benets of Packet-Switched Networking The benet of a packet-switched network lies in the underlying technology of dividing a message to be sent over the Internet into packets. When data is transported in packets rather than in one big stream of data, the packets do not all have to move through the same path. Because the data is broken up into small packets of data, the packets can be sent across the Internet over various paths, eventually (in a fraction of a second) reaching their destination, where the packets can be reassembled into the original data. This means that one or more of the smaller networks that make up the Internet can go out of service without preventing the packets from ultimately reaching their destination because the packets can simply take a different path to get there. If a few packets never reach their destination, they can be resent over a different path. If les werent broken up into smaller packets, the entire le would have to be resent if any part of it didnt reach the destination intact. Having multiple paths and breaking up les into small packets increase the reliability of the network.

Routing Tables
Routers exchange information with each other by building a table of network addresses. This information base is called a routing table. Routers refer to this table to determine where to forward the packets. If a router that is attached to four networks, receives a packet from one of these networks, it will determine which of the other three networks is the best mode to send the packet so that it could reach its destination quickly.
Routing Tables

Lesson 8: Conguring Networks

211

LESSON 8

Figure 8-2: A routing table that consists network addresses.

Gateway
Gateway

Denition: A gateway is a device, software, or system that converts data between incompatible systems. Gateways can translate data between different operating systems, email formats, or totally different networks. It can link two dissimilar networks, operating on varying protocols enabling them to communicate with each other and exchange information. Example:

Default Gateway The default gateway is the gateway that acts as a network segments access point to all other external networks as well as the Internet. The IP address assigned to the default gateway router is called the default gateway address. It is particularly important because this address is congured as the access point to all computers on that network segment. It provides an access path for packets in and out of the network segment.

How to Congure Routes


Procedure Reference: Congure Default Gateway for IPv4 Address To congure default gateway for IPv4 address:
1.

Log in as root in the CLI.

212

System Administration of Red Hat Linux 5

LESSON 8
2.

Congure default gateway. To congure the default gateway globally: a. b. c. d. e. f. Enter cd /etc/sysconfig to open the syscong directory. Enter vi network to open the network settings le. Switch to insert mode. Specify GATEWAY={IPv4 address of the gateway machine} Save and close the le. Enter ifdown eth{device number} and ifup eth{device number} to apply the settings. Enter ifdown eth{device number} to stop the network interface service. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi ifcfg-eth{device number} to open the NIC conguration le. Specify GATEWAY={IPv4 address of the gateway machine} Save and close the le. Enter ifup eth{device number} to start the network interface service.

To congure the default gateway per NIC: a. b. c. d. e. f.

Procedure Reference: Congure Route for IPv4 Address To congure route for IPv4 address:
1. 2.

Log in as root in the CLI. Enter ip route add {network part of IPv4 address}/{length} via {gateway IPv4 address} to add a static route. To make the static route persistent: a. Enter ifdown eth{device number} to stop the network interface service. b. c. d. e. f. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi route-eth{device number} to open the NIC conguration le. Specify {network part of IPv4 address}/{length} via {gateway IPv4 address} to congure the route. Save and close the le. Enter ifup eth{device number} to start the network interface service.

3.

4.

To view the updated routing table: Enter route Or, enter netstat -r Or, enter ip route

Lesson 8: Conguring Networks

213

LESSON 8
Procedure Reference: Check IPv4 Connectivity To check IPv4 connectivity:
1. 2.

Log in as root in the CLI. Check the IPv4 connectivity. Enter ping [command options] {IPv4 or hostname of destination machine} to check the connectivity between the two systems. Enter traceroute [command options] {IPv4 or hostname of destination machine} to view the network path to the destination machine. Enter mtr [command options] {IPv4 or hostname of destination machine} to check the connectivity of the network path to the destination machine.

Procedure Reference: Congure Default Gateway for IPv6 Address To congure default gateway for IPv6 address:
1. 2. 3. 4. 5. 6. 7.

Log in as root in the CLI. To congure the default gateway, at the command prompt, enter cd /etc/sysconfig to open the syscong directory. Enter vi network to open the network settings le. Switch to the insert mode. Specify IPV6_DEFAULTGW={IPv6 address of the gateway machine} Save and close the le. Enter ifdown eth{device number} and ifup eth{device number} to apply the settings.

Procedure Reference: Congure Route for IPv6 Address To congure route for IPv6 address:
1. 2.

Log in as root in the CLI. Enter ip -6 route add {network part of IPv6 address}/{length} via {gateway IPv6 address} to add a static route. To make the static route persistent: a. Enter ifdown eth{device number} to stop the network interface service. b. c. d. e. f. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi route6-eth{device number} to open the le containing route settings. Specify {network part of IPv6 address}/{length} via {gateway IPv6 address} to congure the route. Save and close the le Enter ifup eth{device number} to start the network interface service.
System Administration of Red Hat Linux 5

3.

214

LESSON 8
4.

Enter ip -6 route to view the updated routing table.

Procedure Reference: Check IPv6 Connectivity To check IPv6 connectivity:


1. 2.

Log in as root in the CLI. Check the IPv6 connectivity. Enter ping6 [command options] {IPv6 or hostname of destination machine} to check the connectivity between the two systems. Enter traceroute6 [command options] {IPv6 or hostname of destination machine} to view the network path to the destination machine. Enter tracepath6 [command options] {IPv6 or hostname of destination machine} to trace the network path and calculate the associated MTU to the destination machine.

ACTIVITY 8-3
Conguring Routes
Scenario: You have congured network connectivity and IP addresses on a new machine. Now, you need to congure the router settings to connect to other computers on the network.
What You Do 1. Specify the router settings for automatic configuration of routes. How You Do It a. Log in as root in the CLI. b. To stop the network interface service, enter ifdown eth0 c. To configure the default gateway, enter cd /etc/sysconfig d. Enter vi network e. To go to the last line, press Shift+G. f. Switch to the insert mode.

g. On a new line, type GATEWAY= 192.168.0.1 h. Save and close the file.

Lesson 8: Conguring Networks

215

LESSON 8
2. Start the network interface. a. To start the network interface service, enter ifup eth0 b. Enter logout

TOPIC D
Congure DNS
You have congured routers for transmission of data between computers on a network. When information is sent across networks through different routes, the source computer from which the message is generated and the destination computer to which the message has to be delivered are identied using their respective IP addresses. The Domain Name System translates and resolves IP address and their equivalent host or domain names on networks. In this topic, you will congure DNS. Computers on a network identify each other through their IP addresses. But it is difficult for network users to remember IP addresses. So IP addresses of network computers and devices are replaced by descriptive names for users to locate network resources and share information and services between them. The translation between the IP address and their descriptive names is handled by DNS, which needs to be congured by the network administrator.

Domains
Domains

Domains are network entities that are grouped based on their nature of operations. Each domain is identied by a unique name. It enables the rest of the networks on the Internet to communicate with the domain as a unit, instead of establishing a connection with each individual computer of that unit. A domain classies network entities into different types such as educational, commercial, government, or organizational.

Figure 8-3: Domains identifying the different types of network entities on the Internet.

216

System Administration of Red Hat Linux 5

LESSON 8
Domains Hierarchy
Domains are organized in a hierarchical tree structure, much like a companys organizational chart. The structure begins at the root, represented by a dot ( . ), and is followed by top-level domains that are divided into categories, such as .com and .org. Top-level domains are typically maintained publicly, and are further divided into sub domains that are assigned to particular organizations. Sub domains are further divided within organizations, and they branch out to include more specic domains. The string of all domain and sub domain names is separated by periods.
Domains Hierarchy

Figure 8-4: The hierarchy of top-level and specific domains. Top-Level Domains (TLD) Top-level domains are highest level domains in the domain hierarchy. Top-level domains include:

Top-Level Domain
INT (International) GOV (Government) MIL (Military) COM (Commercial) EDU (Educational) NET (Network) ORG (Organizations)

Used By
International organizations and organizations created by international treaties Government agencies Military organizations Corporations Educational institutions Networking companies or Internet Service Providers (ISPs) Other miscellaneous organizations, such as nonprot and religious organizations

Country Codes for Top-Level Domains Country codes are used as an extension for the top-level domains to classify them further based on the country of operation. Some of the major country level codes for toplevel domains are listed below:

Lesson 8: Conguring Networks

217

LESSON 8
Country Code
AU BI BR CA CN DE EU GR IE IN JP KR NZ UK US

Used For
Australia Burundi Brazil Canada Peoples Republic of China Germany European Union Greece Ireland India Japan Korea New Zealand United Kingdom United States

Host Names
Host Names

Denition: A host name is a unique descriptive name given to a computer or device attached to a network. A computer or a device on a network can be identied either by its host name or by its equivalent IP address. Host names are typically user-friendly names and are easy to remember. The host name for a system can be congured using the /etc/ hosts le. Example:

218

System Administration of Red Hat Linux 5

LESSON 8
Domain Names
Denition: A domain name is a unique name that collectively identies a set of computers and devices that belong to a network. It is used to identify a particular network as an entity on a world-wide network. The domain name is divided into labels that are separated by periods (.). Domain names are not case sensitive and can be as long as 255 characters. A label, however, can have no more than 63 characters. Domain names appear as a part of the complete address of a network resource. Example:
Domain Names

Domain Name Vs. Host Name A domain name identies a network entity, which is a collection of computers and devices on a network. A host name is a unique name that identies a specic computer or device on a network. Therefore, host names are subsets of domain names. Within a local network, a computer or device can be identied using its host name. But on a world-wide network, a computer or a device can be identied only through a fully qualied domain name. Fully Qualied Domain Name (FQDN) A Fully Qualied Domain Name (FQDN) is the combination of the host name, the domain name, the sub domains (if any), and the top-level domain. It is used to identify a network resource on a world-wide network.

Domain Name System (DNS)


Domain Name System (DNS) is a distributed, hierarchical database system that maintains information about domain names and their equivalent IP addresses on a network. It uses this information to translate a fully qualied domain name into its numeric IP address or viceversa. IP addresses are used by networked computers to locate, connect, and communicate with each other. Because IP addresses are difficult to remember, the DNS translates them to their corresponding domain names. DNS works as a central system to ensure that there are no duplicates in domain names and IP addresses on the network.
Domain Name System (DNS)

Lesson 8: Conguring Networks

219

LESSON 8

Figure 8-5: A system that maintains information about domain names and their equivalent IP addresses on a network.

DNS Components
DNS has three major components that are used for resolving domain names and IP addresses.

DNS Component
Resolver

Function
The resolver is a client-based software that sends a request to DNS name servers for translating a domain name to its IP address or vice-versa. There are two different types of resolvers such as the local and the remote resolvers. The local resolver is responsible for querying the local name server while the remote resolvers are responsible for querying the preferred, secondary, and authoritative name servers. The /etc/hosts le maintains a database of the host names and the IP addresses to which they are connected. The le is referenced before starting DNS. The entries in the le help the resolver resolve the host names and IP addresses. The resolv.conf le is used for conguring the domain name resolver. The le species the IP addresses of name servers to use while naming resolutions. You can specify up to three name servers where priority is given to the rst name server listed. If the resolv.conf le doesnt exist or if the le has no entries for name servers, the resolver attempts to congure the local host as the name server.

220

System Administration of Red Hat Linux 5

LESSON 8
DNS Component
Name servers

Function
A name server consists of a database of domain names and IP addresses. Name servers can be of three types: Local name server: A name server located on the local network; it handles queries from the local resolver. Primary (or Preferred) name server: A name server located on the Internet; it is referred to when the local name server is not able to resolve the domain name. Secondary name server: A name server located on the Internet; it is approached by the primary name server or the client when the local and primary name servers are not able to resolve the domain name. Domain name space consists of information about the hierarchy of domains and the hosts under each domain; it is referred to by the name servers for mapping domains.

Domain name space

Berkeley Internet Name Domain (BIND)


Berkeley Internet Name Domain (BIND) is a domain name service that resolves host names to IP addresses. BIND supports operating systems such as Windows, Linux, Unix, Solaris, and Novell. In Linux, BIND is implemented using the named daemon. Conguration information of BIND is stored in the /etc/named.conf le. Information about zones and cache les is stored in the /var/named directory. BIND Versions There are many versions of BIND in the market. The current version of BIND is BIND 9. Zones A zone is a point of delegation in a DNS tree structure that maps to a domain. A zone can map to an entire domain with all its child domains or to a specic portion of a domain. Each zone will have one authoritative name server or one or more secondary name servers.

Resolving Utilities
Different utilities are used for resolving domain names and host names.

Utility
The hosts le

Description
The/etc/hosts le contains the host name to IP address mapping information for the systems on the network. In older versions of Linux, the /etc/ networks le was used for this purpose.

Lesson 8: Conguring Networks

221

LESSON 8
Utility
The host.conf le

Description
The /etc/host.conf le contains information on how the host name lookups are to be performed. For example, if the /etc/host.conf le contains the line order hosts,bind, the host name lookup will be performed rst in the local /etc/hosts le and then in the DNS. The default entry in the /etc/hosts le is order hosts,bind. The /etc/nsswitch.conf le, or the name server switch conguration le, contains information about each and every database and the order in which they work. The rst column contains information about the database and ends with a colon; the remaining columns specify the order in which the database should use the service. For example, hosts: les dns, where the hosts part is referred to as the database and means that the hosts entries in the local les will have higher priority than the entries in the DNS server. In case the host name entries are not found in the local les, the search will continue with the DNS. The /etc/resolv.conf le, or the resolver conguration le, is a set of routines in the C library that provide access to the Internet Domain Name System (DNS). The resolver conguration le contains a list of keywords with values that is read by the resolver routines the rst time they are invoked by a process. The three different conguration options are name server, domain, and search.

The nsswitch.conf le

The resolv.conf le

How to Congure DNS


Procedure Reference: Congure a Hostname To congure a host name:
1. 2. 3. 4.

Log in as root in the CLI. Enter hostname to view the current host name. Enter hostname {new hostname} to set the desired host name. Make the host name persistent. a. Enter cd /etc/sysconfig to open the syscong directory. b. c. d. e. Enter vi network to open the network settings le. Switch to the insert mode. Set HOSTNAME={new hostname} Save and close the le.

5.

Reboot the system to apply the settings.


The host name can also be assigned though DHCP.

222

System Administration of Red Hat Linux 5

LESSON 8
Procedure Reference: Congure the Local Host Name Resolver To congure a local host name resolver:
1. 2. 3. 4. 5. 6. 7.

Log in as root in the CLI. Enter cd /etc to open the /etc directory. Enter vi hosts to open the hosts le. Switch to the insert mode. On a new line, type {IP address} {hostname or FQDN} to specify the host name and its matching IP address. Add similar entries for all the hosts. Save and close the le.

Procedure Reference: Congure the Remote Host Name Resolver To congure a remote host name resolver:
1. 2. 3. 4. 5. 6. 7. 8.

Log in as root in the CLI. Enter cd /etc to open the /etc directory. Enter vi hosts to open the hosts le. Switch to insert mode. Type nameserver {1 DNS IP} Type nameserver {2 DNS IP} If necessary, add multiple name server entries to search in order. Save and close the le.

Procedure Reference: Check Host Name Resolving To check host name resolving:
1. 2.

Log in as root in the CLI. Check host name resolving. Enter host {hostname or FQDN or IP address} to convert the host name into its IP address or vice-versa. Enter dig {hostname or FQDN or IP address} to query the DNS servers for resolving a host name. Or, enter nsloopup {hostname or FQDN or IP address} to query Internet name servers for resolving a host name.

Lesson 8: Conguring Networks

223

LESSON 8

ACTIVITY 8-4
Conguring DNS
Scenario: You are maintaining a closed network in which DNS has to be implemented. You need to manually congure the host name and resolver to enable DNS resolving.
What You Do 1. Configure a host name for the system. How You Do It a. Log in as root in the CLI. b. To view the current host name, enter hostname c. Enter cd /etc/sysconfig d. Enter vi network e. To go to the host name configuration line, enter /H f. To go to the insert mode, press I.

g. To edit the existing host name of the system, in the host name configuration line, delete the text localhost.localdomain
The student number will vary for each student. Please ensure that no two students have the same student number.

h. To specify the desired host name, set HOSTNAME=myworkstation{Student Number} i. To switch to the command mode, press Esc. Save and close the file.

j.

k. To apply the settings, enter reboot l. Switch to the CLI and verify that the host name is displayed at the login prompt.

224

System Administration of Red Hat Linux 5

LESSON 8
2. Configure name servers to resolve host names and IP addresses. a. Log in as root in the CLI. b. Enter cd /etc c. Enter vi resolv.conf d. Verify that the primary name server is specified as nameserver 192.168.0.1 e. To go to the last line, press Shift+G. f. To go to the insert mode, press I.

g. On a new line, specify the secondary name server, type nameserver 192.168.0.2 h. To switch to the command mode, press Esc. i. j. Save and close the file. Enter logout

TOPIC E
Congure Network Interfaces
You have congured the DNS. After conguring the DNS lookup, addresses, and routes, the network interface settings need to be congured to establish the network. In this topic, you will congure network interfaces. Networking has numerous advantages for multiple users. The maximum utilization of the networks potential depends on how well the network is congured. Networks can be congured through different ways using various utilities. These utilities are also used for managing and troubleshooting the issue arising in the networks. Therefore, it is essential to know how to congure and administer network settings.

Network Conguration Utilities


Networks can be congured and managed through different utilities.

Lesson 8: Conguring Networks

225

LESSON 8
Network Conguration Utility
system-cong-network or system-cong-network -gui

Description
Invokes the GUI-based Network Conguration tool, which enables you to view and congure the network interfaces and related hardware. It can also be used for conguring host names and the DNS settings. Invokes the command line-based network administration tool. This tool allows you to perform all network-related conguration through a text-based interface. Enables to view the entire list of network interfaces, related hardware, and proles along with their respective conguration settings.

system-cong-network-tui

system-cong-network-cmd

Network Interface Settings


To facilitate the work of network interfaces, a set of ethernet card settings should be specied. This includes speed, duplex, and auto-negotiation settings.

Network Interface Setting


Speed and Duplex settings

Description
These settings are used to control the speed of data transmission between two computers. Duplex systems, typically refer to two computers that are connected to each other, allowing data transactions to happen either way. Duplex settings can be of two types: Half-duplex: A computer either sends or just receives data at a particular time. Full-duplex: A computer sends and receives data at the same time. Full-duplexes are preferred as it increases the total speed of a network by supporting two-way transactions. Speed and duplex settings may be forced on computers to make communication between them possible. The speed of transmission may vary from 10 to 1000 Mbps.

226

System Administration of Red Hat Linux 5

LESSON 8
Network Interface Setting
Auto-negotiation settings

Description
On a network, when one computer transmits data to another, the speed at which the rst computer sends the data should match the speed at which the other computer receives the data; otherwise the communication will fail. If auto-negotiation is enabled on both the computers on a network, the speed and duplex settings of two computers are automatically determined and adjusted, so that the two computers can communicate with each other at the fastest common speed supported by them. Auto-negotiation is the default setting for ethernet cards.

The ethtool Utility


The ethtool command is used to view and congure the ethernet card settings. It is typically used for forcing the speed and duplex settings and for conguring auto-negotiation. The syntax for this command is: ethtool {options} eth{device number} autoneg {options} speed {options} duplex {options}. Settings that are made using the ethtool utility are permanent and are stored in the etc/syscong/network-scripts/ ifcfg-ethX le. This le can also be edited directly.

Dynamic Network Conguration Utilities


Dynamic conguration utilities are used for automatic detection of network settings such as wired or wireless network, Virtual Private Network, and Dial-up connections.

Dynamic Network Utility


The NetworkManager service

Description
Enables the system to remember the conguration of active network connections. So, when the system is shut down and restarted, the network settings are automatically detected and the connection is activated without requiring any change in conguration. The advantage of this service is that, it can store the conguration of multiple network settings. For example, when you work on laptops, you may connect to the LAN at office using a wired network and you might also use a wireless connection while you are traveling. The NetworkManager allows you to identify the type of connection you are using and enables it automatically when you switch between such wired and wireless connections.

Lesson 8: Conguring Networks

227

LESSON 8
Dynamic Network Utility
The nm-applet service

Description
Serves as an assistant service to the NetworkManager. It runs on the desktop and allows the user to select the type of network connection manually by choosing the appropriate connection from a list of detected congurations.

How to Congure Networks


Procedure Reference: Congure NIC Using the system-cong-network Command To congure the NIC using the system-config-network command:
1. 2.

Log in as root in the CLI. Open the network conguration window. Enter system-config-network to open the Network Conguration utility. Or, choose SystemAdministrationNetwork. Congure the NIC. In the Devices tab, congure ethernet devices associated with the NIC. In the Hardware tab, congure the NIC settings. In the DNS tab, congure the DNS settings. In the Hosts tab, congure the local host name lookup.

3.

4.

Save the changes made to the NIC. Choose FileSave to save the changes. Press the Deactivate button followed by the Activate button to load the changes made.

5.

Close the Network Conguration window.

Procedure Reference: Change the Speed and Duplex Settings of NIC Using the ethtool Command To change the speed and duplex settings of NIC using the ethtool command:
1. 2. 3.

Log in as root in the CLI. Enter ifdown eth{device number} to stop the network interface service. Enter ethtool -s eth{device number} autoneg {off |on} speed {10 | 100 | 1000} duplex {half | full} to set the speed and the duplex settings of the NIC. Enter ifup eth{device number} to start the network interface service. Enter ethtool eth{device number} to view the changes made.

4. 5.

228

System Administration of Red Hat Linux 5

LESSON 8
Procedure Reference: Change the Speed and Duplex Settings of NIC Using the ifcfg-eth{device number} File To change the speed and duplex settings of NIC using the ifcfg-eth{device number} le:
1. 2. 3. 4. 5.

Log in as root in the CLI. Enter ifdown eth{device number} to stop the network interface service. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi ifcfg-eth{device number} to open the NIC conguration le. On a new line, type ETHTOOL_OPT="autoneg {off |on} speed {10 | 100 | 1000} duplex {half | full}" to set the speed and duplex settings. Save and close the le. Enter ifup eth{device number} to start the network interface service.

6. 7.

Procedure Reference: Setup Transparent Dynamic Conguration for NIC To set up transparent dynamic conguration for NIC:
1. 2. 3. 4. 5. 6. 7. 8.

Log in as root in the CLI. Enter ifdown eth{device number} to stop the network interface service. Enter cd /etc/sysconfig/network-scripts to open the network-scripts directory. Enter vi ifcfg-eth{device number}:{alias number} to open the NIC conguration le. Set ONBOOT=no to specify the NIC to be disabled during system boot. Enter service network restart to apply the settings. Enter service NetworkManager start to start the network managing service. Enter chkconfig NetworkManager to start the network managing service during system boot.

Lesson 8: Conguring Networks

229

LESSON 8

ACTIVITY 8-5
Conguring the Network Interface Settings
Scenario: You have created a static network for the research and development department. However, the employees of this department may also connect to the local area network of the organization. So, you have to enable dynamic conguration for automatic network prole selection.
What You Do 1. Configure the network interface settings to run the NetworkManager service while the system starts. How You Do It a. Log in as root in the CLI. b. To stop the network interface service, enter ifdown eth0 c. Enter cd /etc/sysconfig/network-scripts d. Enter vi ifcfg-eth0 e. To go to the NIC boot settings line, enter /O f. To go to the insert mode, press I.

g. To disable the NIC on system boot, set ONBOOT=no h. To switch to the command mode, press Esc. i. j. Save and close the file. To apply the settings, enter service network restart

k. To start the network managing service, enter service NetworkManager start l. To start the network managing service at system boot, enter chkconfig NetworkManager on

m. To apply the settings, enter reboot

230

System Administration of Red Hat Linux 5

LESSON 8
2. Check the configured NetworkManager. a. Log in as root in the GUI. b. On the GNOME panel, verify that the NetworkManager icon is displayed beside the system time. c. Place the mouse pointer over the NetworkManager icon to view the current network profile. d. Choose SystemLog Out root to log out of the system. e. To log out of the system, at the message box, click Log Out.

TOPIC F
Share Information
You have congured a network. The purpose of setting up networks is to share information and other resources among network users. In this topic, you will share information and services over the network. Organizations with global operations invariably have branch offices in the major cities of the world. In such instances, information must be shared among employees in the various offices. Storing the login and contact information in a centralized system will enable users to access it no matter where they are located.

Network Information Service (NIS)


Denition: Network Information Service (NIS) is a network service that manages information about all systems and users on a network. It is a centralized information administration system that enables network users to maintain data integrity. It allows distribution of consistent data throughout the network. The components of NIS are maps, NIS domain, master server, and slave server. NIS distributes information from the database to all hosts to maintain consistency of conguration information across machines on the network.
Network Information Service (NIS)

Lesson 8: Conguring Networks

231

LESSON 8
Example:

NIS Components
NIS consists of four major components.

Component
Maps

Description
NIS stores information such as user name, password, and group name in database les; referred to as NIS maps. Each map consists of a pair of les. A map is made up of key-pair values and is stored in the database management library format. NIS maps can be created by running make in the /var/yp directory. An NIS domain is a group of hosts that share the same set of maps. The hosts within a domain share password, hosts, and group le information. Maps are stored in a sub directory having the same name as the domain in the /var/yp directory. By default, the NIS domain name is specied in the /etc/syscong/ network le. Each domain consists of a single master NIS server. A client can belong to only one domain. NIS stores the database that contains network information in the master server. The master server also contains the source les for the various maps. The ypserv process should be run on the server to manage the NIS server. The conguration settings of the master server are specied in the ypserv.conf le. The conguration le is stored in the /etc directory. The NIS slave server is a secondary server that balances the load on the master server. The slave server contains a copy of the database and source les. Any update made to the maps or database will be updated to the slave server by the master server using the ypush command. When the master server is down, then the slave server will act as a master server and resolve the queries sent by the client. The information about the slave server is specied in /var/ yp/ypservers.

NIS Domain

NIS Master Server

NIS Slave Server

NIS Maps There are many standard maps supported by NIS.

232

System Administration of Red Hat Linux 5

LESSON 8
File
/etc/hosts /etc/networks /etc/passwd /etc/group /etc/services /etc/rpc /etc/protocols /usr/lib/aliases

Maps
hosts.byname, hosts.byaddr networks.byname, networks.byaddr passwd.byname, passwd.byuid group.byname, group.bygid services.byname, services.bynumber rpc.byname, rpc.bynumber protocols.byname, protocols.bynumber mail.aliases

Description
Maps IP address to the corresponding host name. Maps IP network address to the network name. Maps encrypted password to the respective user login name. Maps Group IDs to group names. Maps service description to a service name. Maps RPC service numbers to the corresponding RPC service names. Maps protocol numbers to protocol names. Maps mail aliases to mail alias names.

The securenets le The NIS will listen to all networks after the installation of the daemons, ypserv, and ypxfrd. Both the daemons restrict user access by using the /var/yp/securenets le. The securenets le contains only the range of IP addresses to which the daemons have to respond. By default, the NIS will listen to all networks after the installation of daemons where the securenets le remains empty. You can add the specic range of IP addresses to the le so that the daemons will respond only to those networks. The netgroup File The netgroup le contains a list of user groups on the network along with their permissions. This helps in checking the permissions while performing remote mounts and working in remote logins and remote shells. The user groups are dened in the format as given below,
Groupname member1, [member 2....]

where member1 refers to another group name or consists of three elds. They are hostname, username, and domainname. For example, a group named machines is dened as machines (analytical, cwarden, ourglobalcompany) where analytical refers to the hostname, cwarden refers to the username, and ourglobalcompany refers to the domainname. If any of the elds are left empty, then it is considered as the wildcard. For example, in a group dened as machines (analytical, -, ourglobalcompany), the host analytical belongs to the group machines in the domain ourglobalcompany but there are no users for this group. Information About NIS Maps Any NIS user can display information about NIS maps. The following table lists the commands used to display the maps.

Lesson 8: Conguring Networks

233

LESSON 8
Command
ypcat map name or its alias ypmatch -x ypwhich -m yppoll map alias name

Enables You To
List the values in a map. List the aliases of maps. List the available maps and the master server names. Display the version and master server of a map.

Lightweight Directory Access Protocol (LDAP)


Lightweight Directory Access Protocol (LDAP)

Denition: Lightweight Directory Access Protocol (LDAP) is a communication protocol that denes the transport and format of messages used by a client to access the directory service. LDAP stores information in a directory in the form of a hierarchical tree structure. It authenticates users before they are allowed to query or modify the information that resides in a directory. LDAP is run on TCP/IP networks. Example:

The LDAP Process


The LDAP Process

The LDAP directory service is a client-server model that enables network clients to use the directory service available on servers. The following stages are involved with the LDAP process. 1. The LDAP client sends a request to access the directory service. 2. 3. 4. 5. The LDAP server accepts the request and authenticates the user. If the user is valid, it allows the user to access the directory service. Otherwise, it returns an error message. The user sends a request in search of the information to the server. The server processes the request. It sends either the result or a pointer where the information is available to the client. The client uses the information sent by the server.

234

System Administration of Red Hat Linux 5

LESSON 8

Figure 8-6: The different stages in the LDAP process.

How to Congure NIS and LDAP


Procedure Reference: Congure an NIS Server To congure the NIS server:
1. 2.

Log in as root in the CLI. Add the NIS domain name to the network le. a. Enter enter vi /etc/sysconfig/network to open the /etc/ syscong/network le. b. c. d. Switch to the insert mode. Type NISDOMAIN={nis domain name} to add the NIS domain information. Save and close the le.

3.

Add the NIS server information to the yp.conf le. A. Enter vi /etc/yp.conf to open the NIS conguration le. B. C. Switch to the insert mode. Add the domain name. a. D. Enter domain {domain name} server {server's host name} to add the domain name and server information.

Save and close the le.

4. 5. 6. 7.

Enter service portmap start to inform the NIS client about the ports on which the NIS server will be listening to requests. Enter service yppasswdd start to service new password requests from NIS users. Enter service ypserv start to start the NIS server. Initialize the NIS domain to create appropriate authentication les for the domain.

Lesson 8: Conguring Networks

235

LESSON 8
1. 2. 3. 4. 5.
8. 9.

Enter /usr/lib/yp/ypinit -m to initialize the NIS domain. The host names you added to the yp.conf le will be displayed. If required, enter the other NIS server host names. After all the host names are entered, press Ctrl+D. When you are prompted to conrm the server name, type y and press Enter. Start the ypbind and ypxfrd daemons.

Enter rpcinfo -p localhost to verify that the daemons are running on the localhost. Navigate to the /var/yp directory and then run the make utility to create NIS maps in order to update the NIS domains authentication les with the user and system information. a. Enter cd /var/yp to open the yp directory. b. Enter make to update the NIS domains authentication les.

10. Enter ypmatch user name passwd verify that the NIS user information is

updated. Procedure Reference: Congure the NIS Client to Provide User Information To congure the NIS client to provide user information:
1. 2.

Log in as root in the CLI. Congure the NIS client using the Authentication Conguration utility. a. To open the NIS conguration settings, enter authconfig-tui b. c. d. e. f. Under User information, select the Use NIS option. Press F12 to go to the next screen. In the Domain text box, type the NIS domain name. In the Server text box, type the NIS server name. Press F12 to nish and close the wizard.

3.

Modify the nsswitch.conf le to specify that NIS should be used as a source of information. a. Enter vi /etc/nsswitch.conf to open the name server switch conguration le. b. c. d. Switch to the insert mode. Enter {service name}: nis dns files db to specify NIS as the preferred service. Save and close the le.

4.

Start the portmap, ypbind, and yppasswdd daemons. 1. Enter service portmap start to start the portmap daemon. 2. 3. Enter service ypbind start to start the ypbind daemon. Enter service yppasswdd start to start the yppasswdd daemon.

5.

Enter rpcinfo -p localhost to verify that the daemons are running on the localhost.

236

System Administration of Red Hat Linux 5

LESSON 8
Procedure Reference: Congure the LDAP Client to Provide User Authentication To congure the LDAP client to provide user authentication:
1. 2. 3. 4. 5. 6. 7. 8.

Log in as root in the CLI. Enter authconfig-tui to use the Authentication Conguration utility to congure the LDAP client. Under Authentication, select Use LDAP Authentication. Press F12 to go to the next screen. If necessary, check the Use TLS option to transfer encrypted password. In the Server text box, type the LDAP server information. In the Base DN text box, type the base distinguished name. Press F12 to nish and close the wizard.

Procedure Reference: Congure Authentication Using Text-Based Utility To congure network authentication using the text-based utility:
1. 2.

Log in as root in the CLI. To congure the authentication in a system, at the command prompt, enter authconfig-tui to open the text-based Authentication Conguration utility.

Press Tab to move between elements. Press the Spacebar to select or deselect the options. Press F12 to navigate to the next step.

3.

Specify the necessary settings and press F12 to save the changes.

Procedure Reference: Congure Authentication Using GUI-Based Utility To congure network authentication using GUI-based utility:
1. 2.

Log in as root in the CLI. Congure system authentication. Enter authconfig-gtk to open the GUI-based utility. Or, enter system-config-authentication to open the GUI-based Authentication Conguration utility. Or, from the Menu bar, choose SystemAdministrationAuthentication.

3.

Congure user authentication. a. In the Authentication Conguration window, in the User Information tab, specify where the user information is available. b. c. In the Authentication tab, specify the authentication server information. If necessary, specify the options available.

4.

Click OK to apply the settings and close the window.

Lesson 8: Conguring Networks

237

LESSON 8

INSTRUCTOR ACTIVITY 8-6


Conguring NIS Services
Scenario: You are responsible for managing a large network that has many servers to provide different network services. To manage the network easily, you want to maintain information about users and systems at a centralized location. You also need to enable clients to access the central location from any of the offices.

Performing this activity in a real-time environment would require multiple systems and servers. Therefore, considering the huge hardware requirements, this activity as been given as an instructor activity.

What You Do 1. Configure the NIS domain.

How You Do It a. Log in as root in the GUI. b. To open the network settings file, enter vi /etc/sysconfig/network c. To go to the last line, press Shift+G. d. Switch to the insert mode. e. To specify the NIS domain, on a new line, type NISDOMAIN=newnisdomain f. To switch to the command mode, press Esc.

g. Save and close the file. 2. Configure the NIS server settings. a. To open the NIS configuration file, enter vi /etc/yp.conf b. To go to the last line, press Shift+G. c. Switch to the insert mode. d. To configure the NIS domain settings, on a new line, type domain newnisdomain server 192.168.0.1 e. To switch to the command mode, press Esc. f. Save and close the file.

238

System Administration of Red Hat Linux 5

LESSON 8
3. Start NIS daemons. a. To start the portmap daemon, enter service portmap start b. To start the yppasswdd daemon, enter service yppasswdd start c. To start the ypserv daemon, enter service ypserv start 4. Initialize the NIS domain to create appropriate authentication files for the domain. a. To initialize the NIS domain, enter /usr/lib/yp/ypinit -m b. To skip adding a new host, press Ctrl+D. c. To confirm the action, enter y d. To clear the screen, enter clear 5. Start YP daemons. a. To start the ypbind daemon, enter service ypbind start b. To start the ypxfrd daemon, enter service ypxfrd start c. To verify that the daemons are running on the localhost, enter rpcinfo -p 192.168.0.1 6. Create NIS maps to update the NIS domains authentication files with the user and system information. a. To open the /var/yp directory, enter cd cd /var/yp b. To update the NIS information, enter make Congure the NIS Client on the Same System 7. Enable NIS services on the client machine. a. To open the Authentication Configuration utility, enter authconfig-tui b. In the User Information section, check the option Use NIS. c. To go to the next screen, press F12.

Lesson 8: Conguring Networks

239

LESSON 8
8. Check the NIS settings and close the wizard. a. In the NIS Settings screen, verify that the Domain value is newnisdomain b. Verify that the Server address is 192.168.0.1 c. To close the wizard, press F12. 9. Add the NIS server information to the nsswitch.conf file. a. To create a backup of the existing nsswitch.conf file, enter mv /etc/nsswitch.conf /etc/nsswitch.conf.bak b. To copy the sample template file, enter cp /usr/share/doc/yp-tools-* .*/nsswitch.conf /etc 10. Restart all NIS daemons. a. To restart the portmap daemon, enter service portmap restart b. To restart the ypbind daemon, enter service ypbind restart c. To restart the yppasswdd daemon, enter service yppasswdd restart d. To verify that the daemons are running on the localhost, enter rpcinfo -p 192.168.0.1 11. Check the NIS user information using the ypmatch command. a. To verify the NIS user information, enter ypmatch netadmin1 passwd b. Observe that the NIS user information is updated. c. To exit the terminal, enter exit d. Choose SystemLog Out root to log out of the system. e. To log out of the system, at the message box, click Log Out.

240

System Administration of Red Hat Linux 5

TOPIC G
Congure SELinux
You have shared information on networks. Information on networks and other resources needs to be protected from misuse or damage. So, adequate security measures need to be adopted to secure the network resources. In this topic, you will congure SELinux. When networks are converged with world-wide networks, there are possibilities of various security attacks to take place, which might be aimed at both organizations and individuals. Imagine that your companys servers are damaged and all your critical data is erased. You can prevent this by setting up the required security checks. Indeed, while hackers work in ingenious ways, you could gain an edge over them too, using a variety of tools and techniques to foil their numerous attempts.

LESSON 8

Types of Access Controls


Access control is a method of restricting access to system resources. Only authorized programs will be allowed to access system resources. In Linux, there are two types of access controls.

Access Control Method


Discretionary Access Control (DAC)

Description
In case of discretionary access control, the system checks the resources over which the user has access rights. The rights of the user are identied using the authentication information such as user identity and password. The resources that the users have access to solely depends on their access rights. Under discretionary access control, there are two types of permissions such as the administrator or non-administrator permissions. For application programs to run, administrator access has to be provided. Administrator access provides full discretion to lesystem and exposes it to security threats. For example, a malicious program or process started by a user having administrator access can damage the data in the lesystem. DAC is the standard security strategy in Linux.

Lesson 8: Conguring Networks

241

LESSON 8
Access Control Method
Mandatory Access Control (MAC)

Description
In case of mandatory access control, the system checks the resources over which the user does not have access rights. MAC is applied through SELinux. The rights of the user are identied using the authentication such as the SELinux user identity, role, and type of access. Mandatory access control is the opposite of discretionary access control where permissions have to be dened for all processes (known as subjects) as to how they access the resources (known as objects) such as les, directories, devices, memory resources, and other processes. An action is an operation, such as append, write, read, create, execute, and rename, that a subject can perform on the object. This is implemented using security policies that control the interaction between the processes and objects. For example, when a subject tries to access an object, the security policy is checked to verify whether the subject is authorized to access the object before granting the access.

Security-Enhanced Linux (SELinux)


Security-Enhanced Linux (SELinux)

Security-Enhanced Linux (SELinux) is the default security enhancement feature provided with Red Hat Enterprise Linux. It was developed by the U.S. National Security Agency that implements various security policies in Linux operating systems. It provides additional lesystem and network security so that unauthorized processes cannot access or tamper with data, bypass security mechanisms, violate security policies, or execute untrustworthy programs. It enforces mandatory access controls on processes and resources, and allows information to be classied and protected based on its condentiality and integrity requirements. This connes the damage caused to information by malicious applications.

Figure 8-7: The SELinux feature of Red Hat Enterprise Linux 5.

242

System Administration of Red Hat Linux 5

LESSON 8
This feature comes as a part of Red Hat Enterprise Linux (RHEL) 4 and the later versions.

SELinux Modes SELinux can run in three different modes.

SELinux Mode
Disabled

Description
In this mode, SELinux is turned off. So, the mandatory access control will not be implemented and the default discretionary access control method will be prevalent. In this default mode, all the security policies are enforced. Therefore, processes cannot violate the security policies. In this mode, SELinux is enabled, but the security policies are not enforced. So, processes can bypass the security policies. However, when a security violation occurs, it is logged and a warning message is sent to the user.

Enforcing

Permissive

Security Policies
A security policy denes access parameters for every process and resource in the system. Conguration les and policy source les located in the /etc/selinux directory, can be congured by the root user.

Security Policy Type


Targeted Policy

Description
According to the targeted policy, except the targeted subjects and objects, all other subjects and objects will run in an unconned environment. The untargeted subjects and objects will operate on the DAC method and the targeted ones will operate on the MAC method. A targeted policy is enabled by default. A strict policy is the opposite of a targeted policy, where every subject and object of the system is enforced to operate on the MAC method. However, a strict policy is not available in SELinux of the RHEL 5 version.

Strict Policy

Lesson 8: Conguring Networks

243

LESSON 8
How to Congure SELinux
Procedure Reference: Control the SELinux State in the System To control the SELinux state in the system:
1. 2.

Log in as root in GUI. Control the SELinux state in the system. To control the SELinux state using the /etc/syscong/selinux le: a. b. c. Enter vi /etc/sysconfig/selinux to open the selinux directory. Switch to the insert mode. Set SELINUX={enforcing | permissive | disabled} to change the SELINUX variable to control the mode of the SELinux policy. Set SELINUXTYPE={targeted | mls} to change the SELINUXTYPE variable to control the type of the SELinux policy. Save and close the le. Enter setenforce {1 | 0} to switch between the enforcing and the permissive mode respectively. Enter getenforce to view the mode. To open the SELinux Administration window: b. Enter system-config-selinux to open the SELinux Administration utility. From the Menu bar, choose ApplicationsSystem Tools SELinux Management. Select Status in the left pane to manage the mode and the policy type in the right pane. Select Boolean in the left pane to manage individual policy related with the services in the right pane. If necessary, change other settings. From the Menu bar, choose FileQuit to close the SELinux Administration window.

d. e. a. b. a.

Switch between the enforcing and the permissive mode.

To control the SELinux state using GUI tools:

Manage the SELinux settings.

Procedure Reference: View the Security Context for Files and Processes To view the security context for les and processes:
1. 2.

Log in as root in CLI. View the security context for les and processes. Enter ls -Z[command option] {file or directory name} to view the security context of the specied le or directory. Enter ps -Z[command option] {process name} to view the security context of the specied process.

244

System Administration of Red Hat Linux 5

LESSON 8
Security Context Security context is the collection of all security settings pertaining to processes, les, and directories. Security context consists of three elements such as the user, role, and type. Based on the security context attributes, SELinux decides how the subjects access the objects of the system. Procedure Reference: Change the Security Context for Files To change the security context for les:
1. 2.

Log in as root in CLI. Change the security context for les. Enter chcon -[command option] {security context} {file or directory name} to set the specied security context to the specied le or directory. Enter restorecon {file or directory name} to restore the default security context to the specied le or directory.

INSTRUCTOR ACTIVITY 8-7


Conguring the SELinux Settings
Scenario: Your network system contains condential information that needs to be protected from any unauthorized access. You need to enable access control to prevent processes from reading or tampering data and programs, bypassing application security mechanisms, executing untrustworthy programs, or interfering with other processes in violation of the system security policy.
What You Do 1. Configure the SELinux mode. How You Do It a. Switch to the CLI. b. Log in as root in the CLI. c. To configure the SELinux settings, enter vi /etc/sysconfig/selinux d. To go to the SELinux mode configuration line, enter /SELINUX=disabled e. To go to the insert mode, press I. f. To configure access control, set SELINUX=permissive
This activity is an instructor activity because it involves conguring the security policies of the server, which could lead to restricted user access.

Lesson 8: Conguring Networks

245

LESSON 8
2. Check the SELinux policy settings. a. Verify that the security policy is set to SELINUXTYPE=targeted b. To switch to the command mode, press Esc. c. Save and close the file. d. To apply the settings, enter reboot

Lesson 8 Follow-up
In this lesson, you congured networks. This will enable you to form networks to share data and resources. It will also enable you to identify and troubleshoot network-related issues.
1. What are the network services configured in your workplace? Do you think they are adequate? Why? Answers will vary, but may include: The network services implemented in an organization depend on the number of users, the server capacity, and the number of servers in the organization. It also depends on the functional requirements of the network. Network services can be implemented specifically for the size of the network and the tasks allocated to it. 2. As a system administrator, what are the points you must consider before setting up a network? Answers will vary, but may include: Before setting up a network, the system administrator should analyze the size of the network, the number of servers available, probable connectivity issues with cabling, and the amount of information that has to be shared within the network.

246

System Administration of Red Hat Linux 5

LESSON 9

LESSON 9
Installing Linux
In this lesson, you will identify the various methods of Linux installation. You will: Install the Red Hat Linux operating system. Install Linux using kickstart.

Lesson Time 3 hour(s)

Lesson 9: Installing Linux

247

LESSON 9
Introduction
You have gained knowledge of all the elements of the Linux operating system and its services. Getting acquainted with the services and the working of the Linux operating system will enable you to cognize your requirements while installing Linux. In this lesson, you will install the Red Hat Enterprise Linux operating system. To take advantage of the many features packed into Linux, you need to rst install it. Before installing, you have to ensure that the settings and hardware conguration of the computer targeted for installation are sufficient to host the Linux operating system. And while installing, you need to determine the features that have to be installed to suit your requirements.

TOPIC A
Install Red Hat Enterprise Linux 5
You are familiar with basic system administration. However, installation techniques do not apply universally to all operating systems, and you need to familiarize yourself with such information pertaining to Linux. In this lesson, you will install Linux on a computer after ensuring that the computer is suitable to host it. Installation is perhaps the most important aspect in the usage of the Linux operating system. It involves many other major tasks such as creating and conguring partitions, and conguring devices. Also, Linux can be installed in different ways. As a system administrator, you might require to install and reinstall Linux on a number of systems. Knowing how to administer Linux installation will enable you to utilize the potential of the features packed into Linux to the optimum.

Linux Installation Methods


Linux installation can be done for servers and workstations. There are different methods by which Linux can be installed.

Installation Method
Local CD-ROM Installation

Description
Linux can be installed from the set of installation CD-ROMs. It requires the systems BIOS settings to support booting from CD-ROMs. This is like a local installation and is the easiest way to install Linux. Linux installation can be done by staging the installation les on the local hard drive.

Local Hard Drive Installation

248

System Administration of Red Hat Linux 5

LESSON 9
Installation Method
USB Drive Installation

Description
Linux can also be installed through USB drives if CD-ROM or other modes of installation is not supported on the system. To enable booting from USB drives, the diskboot.img le has to be copied from the images folder of the installation CD-ROM to the USB drive. This mode of installation also requires the BIOS to support booting from USB drives. Linux installation can be done on networked computers by staging all the installation les on a separate server and installing it on the clients. The network installation server shares the installation directory to the clients via Network File System (NFS), FTP, or HTTP. This method is often faster than CD-ROM-based installations.1

Network-Based Installation

The network installation server is necessary for all network-based Linux installations.

Preinstall Checklist To ensure that your system is ready for Linux to be installed: 1. Collect the basic system information about your computer. 2. 3. 4. 5. Check the available hardware with the Hardware Compatibility List (HCL). Verify that the minimum system requirements are met for Red Hat Enterprise Linux 5. Plan the hard disk partitioning layout and the corresponding lesystems, including the size of the swap drive depending on the physical RAM. Check the installation media using the Test The Media option available on the Linux Installation CD.

The Anaconda Installer


The Anaconda installer is an installation program that enables installation of Red Hat Enterprise Linux through the text mode or the graphical mode. It provides step-by-step instructions to guide installation. It also enables you to partition and organize hard disks, and manage RAID and LVMs. The installer provides various options to choose and add different packages based on your operating requirements.
The Anaconda installer is also available in other distributions of Linux such as Fedora and CentOS. The Anaconda Installer

Lesson 9: Installing Linux

249

LESSON 9

Figure 9-1: The Anaconda installer in Red Hat Enterprise Linux 5.

Firewalls
Firewalls

Denition: A rewall is a software program that protects a system or a network from unauthorized access by blocking unrequested traffic. A rewall allows incoming or outgoing traffic that has specically been permitted by an administrator. It also allows incoming traffic that is sent in response to requests from internal hosts. Firewalls often provide logging features and alarms that track security problems and report them to the administrator. Example:

Disk Druid
Disk Druid

Disk druid is a component of the Red Hat Linux installation program; it is used to partition disk drives during the installation process. It enables you to create a partition, assign a lesystem to a partition, specify the size of a partition, modify the attributes of an existing partition, and delete a partition. It also enables you to indicate whether the partition is a primary, logical, or an extended one.

250

System Administration of Red Hat Linux 5

LESSON 9

Figure 9-2: The disk partitioning component of the Red Hat Linux installation program.

How to Install Red Hat Enterprise Linux 5


Procedure Reference: Install Linux from the CD-ROM To install Linux from the CD-ROM:
1. 2. 3. 4. 5. 6. 7. 8. 9.

At the boot prompt, choose the mode of installation either as text or graphical mode. If necessary, check the boot media and start the installation. Click Next to begin the installation. Choose the desired language. Choose the desired key board type. Enter the installation number and click OK or Skip the step. A warning message will be displayed if you are using a new hard disk; click Yes to continue. From the partition layout drop-down list, choose the desired partition layout and click Next. If a warning message is displayed, click Yes to continue.

10. If necessary, review the partition table and click Next. 11. On the boot loader installation page, choose the choice and location of the boot

loader and click Next.


12. On the network conguration page, congure the network and click Next. 13. Choose the desired time zone for the machine and click Next. 14. Enter the root password and click Next. 15. Accept the default package list or choose Customize now and click Next.

Lesson 9: Installing Linux

251

LESSON 9
16. Select the necessary package and click Next. 17. On the installation complete page, click Reboot to nish the installation and

reboot the system. Procedure Reference: Install Linux over a Network To install Linux over a network:
1. 2. 3. 4. 5. 6. 7. 8. 9.

At the boot prompt, enter linux askmethod to view the boot medium options. Select the appropriate network installation medium and press Enter. Choose the desired language. Choose the desired key board type. Choose the type of the installation method. Congure the network settings. Specify the remote install server information. If necessary, check the boot media and start the installation. Click Next to begin the installation.

10. Enter the installation number and click OK or Skip the step. 11. A warning message will be displayed if you are using a new hard disk; click Yes

to continue.
12. From the partition layout drop-down list, choose the desired partition layout and

click Next.
13. If a warning message is displayed, click Yes to continue. 14. If necessary, review the partition table and click Next. 15. On the boot loader installation page, choose the choice and location of the boot

loader and click Next.


16. On the network conguration page, congure the network and click Next. 17. Choose the desired time zone for the machine and click Next. 18. Enter the root password and click Next. 19. Accept the default package list or choose Customize now and click Next. 20. Select the necessary package and click Next. 21. On the installation complete page, click Reboot to nish the installation and

reboot the system. Procedure Reference: Congure the Post Installation Settings To congure the post installation settings:
1. 2. 3. 4.

In the post installation welcome screen, click Forward. Accept the license agreement and click Forward. If necessary, customize the Firewall settings and click Forward. If necessary, customize the SELinux settings and click Forward.

252

System Administration of Red Hat Linux 5

LESSON 9
5. 6. 7. 8. 9.

If necessary, enable kdump and click Forward. If necessary, customize the Date and Time settings and click Forward. Set up software updates with RHN and click Forward. Create a user and click Forward. If necessary, customize the sound card settings and click Forward.

10. If necessary, install if any additional CD is available and click Finish. 11. Log in using the username and the password.

Procedure Reference: Access the Network Installation Server To access the network installation server:
1. 2. 3. 4. 5.

Log in as root. Insert the installation CD into the CD-ROM and mount it using the command mount /dev/cdrom /{mount point}. Enter cp R /{mount point}/* /{destination directory}/ to copy the installation image into the destination folder. Replace the CD with the next installation CD and perform the steps 2 and 3. Congure the server to be used during the remote installation. a. Congure the NFS server for network installation. 1. 2. 3. 4. 5. b. 1. 2. 3. 4. c. 1. 2. 3. 4. Enter vi /etc/exports to open the exports le. Type /{destination directory} {options} to specify the destination directory for obtaining installation les. Save and close the le. Enter service nfs start to start the NFS server. Enter exportfs -r to export the directory. Ensure that the /{destination directory} is/var/ftp/pub for FTP-based installation. Type /{destination directory} {options} to specify the destination directory for obtaining installation les. Save and close the le. Enter service vsftpd start to start the FTP server. Ensure that the /{destination directory} is/var/www/html for HTTP-based installation. Type /{destination directory} {options} to specify the destination directory for obtaining installation les. Save and close the le. Enter service httpd start to start the HTTPD server.

Congure the FTP server for network installation.

Congure the HTTP server for network installation.

Lesson 9: Installing Linux

253

LESSON 9
Procedure Reference: Create a Boot Media To create a boot media:
1. 2.
To create a boot CD, a CD writer has to be attached to the system.

Log in as root. Create a boot media. a. Create a boot CD. 1. At the command prompt, enter cp /media/images/boot.iso {destination directory} to copy the boot image to the specied location. Enter cd {destination directory} to navigate to that location. Enter cdrecord -v boot.iso to create the boot CD. At the command prompt, enter cat /media/images/bootdisk.img > /dev/{device name}{device number} to redirect the bootdisk.img content to the location where the USB device node.

2. 3. b. 1.

Create a boot USB drive.

ACTIVITY 9-1
Installing Linux
Before You Begin: 1. Log in as root in the CLI.
There is a simulated version of this activity on the CD-ROM that is shipped with this course. The activity simulation are available in the 085993Data\Simulations\ Lesson9 folder. To launch the simulated version of the activity, in the Installing_Linux folder, right-click the Installing_Linux.html le and choose Open With Open with Firefox Web Browser.

2. 3.

Navigate to the /root/085993Data/Installing Linux directory. Rightclick and open the InstallingLinux.html le using the Firefox Web Browser.

Scenario: A Linux system needs to be allocated to a newly joined employee of your organization. You have been assigned the task of installing the Linux operating system and conguring the basic network settings to connect to the organizations network.

254

System Administration of Red Hat Linux 5

LESSON 9
What You Do 1. Initiate the Red Hat Enterprise Linux 5 installation process for a server system.
Ensure that the Red Hat Enterprise Linux CD 1 is inserted in the CD-ROM drive and boot the system from the CD-ROM.

How You Do It a. On the Boot page, press Enter to install Linux in graphical mode. b. On the Welcome To Red Hat Enterprise Linux Server page, in the CD Found dialog box, select Skip to skip the media test and start the installation process. c. On the Red Hat Enterprise Linux 5 page, click Next. d. On the Language Selection page, in the Language Selection list box, verify that the English (English) option is selected and click Next. e. On the Keyboard Configuration page, verify that the U.S. English option in the Keyboard section is selected and click Next. f. Observe that the Installation Number dialog box is displayed. Select the Skip entering Installation Number option and click OK.

g. In the Skip dialog box, click Skip. h. On the Installation Option page, verify that the Install Red Hat Linux Server option is selected and click Next.

Lesson 9: Installing Linux

255

LESSON 9
2. Partition the hard disk manually. a. On the Disk Partitioning Setup page, from the Partition Layout drop-down list, select Create custom layout and click Next. b. On the Disk Partitioning Setup page, in the Partition Allocation section, select the Free space option and click the New button. c. In the Add Partition dialog box, from the Mount Point drop-down list, select /boot. d. In the File System Type drop-down list, verify that ext3 is selected. In the Size (MB) drop-down list, double-click and type 120 and click OK. e. In the Partition Allocation section, verify that the /boot partition is created. f. Select the remaining free space and click New to open the Add Partition dialog box.

g. In the Add Partition dialog box, from the File System Type drop-down list, select swap. h. In the Size (MB) drop-down list, doubleclick and type 2000 and click OK. i. In the Partition Allocation section, verify that the swap partition is created. In the Partition Allocation table, scroll down and select the remaining free space, and click New to open the Add Partition dialog box.

j.

k. From the Mount Point drop-down list, select /. l. In the File System Type drop-down box, verify that ext3 is selected. In the Size (MB) drop-down list, double-click and type 10000 and click OK.

m. On the Disk Partitioning Setup page, click Next.

256

System Administration of Red Hat Linux 5

LESSON 9
3. Set the boot loader and network configuration. a. On the Boot Loader Configuration page, click Next. b. On the Network Configuration page, in the Network Devices section, click the Edit button. c. In the Edit Interface dialog box, in the Enable IPv4 support section, select the Manual configuration option. d. In the IP Address text box, click and type 192.168.0.1 and press Tab. e. In the Prefix (Netmask) text box, type 255.255.255.0 and click OK. f. On the Network Configuration page, verify that in the Hostname section, in the manually text box, the text localhost.localdomain is displayed and click Next.

g. In the Error With Data message box, click Continue. h. In the Error With Data message box, click Continue. 4. Set the time zone and root password. a. On the Time Zone Selection page, in the Location section, verify that the America/New_York option is selected and click Next. b. On the Set Root Password page, in the Root Password text box, click and enter p@ssw0rd c. In the Confirm text box, enter p@ssw0rd and click Next.

Lesson 9: Installing Linux

257

LESSON 9
5. Select the required software packages for the system. a. On the Software Selection page, in the Include Support section, check the Software Development and Web server options. b. In the Customize section, select the Customize now option and click Next. c. On the Package Selection page, in the first list box, verify that the Desktop Environments option is selected and in the adjacent list box, check the KDE (K Desktop Environment) package. d. In the first list box, select the Development option, and in the adjacent list box, check the Java Development and the KDE Software Development packages. e. In the first list box, select the Servers option, and in the adjacent list box, check the DNS Name Server, FTP Server, and Network Servers packages. f. In the first list box, select the Base System option, and in the adjacent list box, check the System Tools package and click Next.

6.

Perform installation.

a. On the Begin Installation page, click Next. b. In the Required Install Media dialog box, click Continue.
The required set of CDs as displayed on the Required Install Media dialog box must be kept ready before proceeding with the installation process.

c. When prompted, insert Red Hat Linux CD-02, CD-03 and CD-04 into the CD drive and click OK. d. On the Congratulations page, click Reboot.

258

System Administration of Red Hat Linux 5

LESSON 9
7. Configure the post installation settings. a. On the Welcome page, click Forward. b. On the License Agreement page, verify that the Yes, I agree to the License Agreement option is selected and click Forward. c. On the Firewall page, from the Firewall drop-down list, select Disabled and click Forward. d. In the confirmation message box, click Yes. e. On the SELinux page, from the SELinux Setting drop-down list, select Disabled and click Forward. f. In the confirmation dialog box, click Yes.

g. On the Kdump page, click Forward. h. On the Date and Time page, verify that the date and time is set to the current date and time and click Forward. i. On the Choose Server page, click Forward. On the Set Up Software Updates page, select the No, I prefer to register at a later time option and click Forward.

j.

k. In the Red Hat network connection dialog box, click No thanks, Ill connect later. l. On the Finish Updates Setup page, click Forward.

m. On the Create User page, click Forward. n. In the confirmation message box, click Continue. o. On the Sound Card page, click Forward. p. On the Additional CDs page, click Finish. q. In the confirmation dialog box, click OK to reboot the system.

Lesson 9: Installing Linux

259

LESSON 9

ACTIVITY 9-2
Creating Boot CD-ROM
1. Insert the CD in the DR-RW drive of your system. Scenario: You need to install Red Hat Enterprise Linux 5 on a set of network clients through the installation les that are stored on a remote server. But, to initiate a network-based installation, you require a boot CD-ROM.
What You Do 1. Create a Linux boot CD. How You Do It a. Log in as root in the GUI. b. To open the terminal window, choose ApplicationsAccessoriesTerminal. c. To navigate to the directory containing the boot image, enter cd /rhelsource/images d. To create the boot CD, enter cdrecord -v boot.iso e. Observe that the CD recording process starts.
After the cd recording is complete, remove the CD manually from the CD-RW drive.

f.

Close the terminal window.

260

System Administration of Red Hat Linux 5

ACTIVITY 9-3
Installing Linux on Networked Computers
Before You Begin: To be performed by the instructor: 1. Verify that the rhelsource folder is present in the / directory. 2. 3. 4. 5. 6. 7. 8. Open the terminal window. At the command prompt, enter vi /etc/exports to open the exports le. Switch to the insert mode. On a new line, type /rhelsource *(rw) to share the /rhelsource directory through NFS. Save and close the le. At the command prompt, enter exportfs -r to export the /rhelsource directory to all the client machines. Enter service nfs restart to restart the NFS service.

LESSON 9

Setup: To be performed by the student: 1. To view the IP address and netmask address of the computer, in the terminal, enter ifcong eth0 2. Make a note of the inet addr and the Mask address of the system.
The IP and netmask addresses will be utilized in this activity.

3.

Insert the boot disk into the CD-ROM drive of the system and reboot the system.

Scenario: You need to install Red Hat Enterprise Linux 5 on a number of systems simultaneously. But, it is tedious to install Linux using all the installation CDs on every system. So, you decide to run a network-based installation to save time and efforts.
What You Do 1. Initiate boot from the boot medium. How You Do It a. At the boot prompt, enter linux askmethod a. On the language selection page, in the Language Selection list box, verify that the English option is selected and select OK. b. On the keyboard type selection page, in the Keyboard section, verify that the us option is selected and select OK.

2.

Select the language and keyboard configuration options.

Lesson 9: Installing Linux

261

LESSON 9
3. Choose the installation method and configure the network settings. a. On the Installation Method page, select NFS image and select OK. b. On the Configure TCP/IP page, in the Enable IPv4 support section, select the Manual configuration option. c. Press F12 to move to the next screen. This will be done for you. d. On the Manual TCP/IP Configuration page, in the IPv4 address text box, type the IP address of your machine and after the /, type the netmask address. e. Press F12 to move to the next screen. This will be done for you. f. On the NFS Setup page, in the NFS server name text box, enter the servers IP address or host name.

g. In the Red Hat Enterprise Linux Server directory text box, type the source path to the directory containing the installation files. h. Press F12 to move to the next screen. This will be done for you. 4. Start installation.
Refer to the previous Installing Linux activity for the installation steps. During installation, the students need not select any additional packages on the Package Selection page. Therefore, request the students to just view the packages and click Next.

a. Verify that the installation starts and the Boot page is displayed. b. Click Next to continue installing Linux.

262

System Administration of Red Hat Linux 5

TOPIC B
Install Linux Using Kickstart
You have familiarized yourself with the methods of installing Linux manually. However, automating the Linux installation process can save time and effort, especially while installation is required to be done on multiple systems on a network. In this topic, you will automate Linux installation using kickstart. As a system administrator, you may have to install Linux on multiple systems or perform repeat installations. In such cases, it might be difficult to run through the entire installation on each machine manually.

LESSON 9

Kickstart
Kickstart is an automatic installation method that installs Red Hat Enterprise Linux based on the settings in a conguration le. This conguration le is known as the kickstart le. This method is also known as the scripted installation method and is typically used for automating Linux installation on multiple computers that are networked. Kickstart installation can be done either through the graphical mode or through the textual mode. The Kickstart File The kickstart le is a text le that contains the answers to a list of questions that are typically asked during Linux installation. A new kickstart le can be created by editing the sample.ks le that is found in the RH-DOCS directory of the Red Hat Enterprise Linux Documentation CD-ROM. The Linux installation program also creates a sample kickstart le named anaconda-ks.cong in the /root directory. It consists of the options that were selected during the installation of the current Linux setup. ksvalidator The ksvalidator is a utility that enables you to check and validate the syntax of the kickstart conguration le. This is typically used when the kickstart le is created manually.

The Kickstart Congurator Utility


The Kickstart Congurator is a graphical interface utility that enables you to create a kickstart le. It is invoked using the system-config-kickstart command. The congurator utility consists of the settings for basic conguration, installation method, boot loader options, partition information, network conguration, authentication, rewall conguration, and package selection. When the appropriate settings are congured, the kickstart le can be previewed and saved using the Kickstart Congurator utility.
The Kickstart Congurator Utility

Lesson 9: Installing Linux

263

LESSON 9

Figure 9-3: The Kickstart Configurator utility that is used to create a kickstart file.

Kickstart Commands
The kickstart mode of installation can be started by specifying ks in the boot option. Boot options are different for various methods of installation.

Installation Method
Installation from Local Mediums

Kickstart Option
Floppy: ks=floppy CD-ROM: ks=cdrom Hard drive: ks=hd:device:/path/to/file ks=URL

Installation from Network (via NFS, FTP, or HTTP)

How to Install Linux Using Kickstart


Procedure Reference: Create Kickstart Conguration File Using system-congkickstart To create the kickstart conguration le using system-config-kickstart:
1. 2. 3.

Log in as root in GUI. Enter system-config-kickstart to open the Kickstart Congurator utility. Congure the basic installation settings. In the left pane, select Basic Conguration and in the right pane, set the desired language, keyboard, time zone, root password, and target architecture.

264

System Administration of Red Hat Linux 5


4.

LESSON 9
Choose reboot system after installation and perform installation in the text or the interactive mode. In the left pane, select Installation Method and in the right pane, select the desired installation method options. In the left pane, select Boot Loader Options and in the right pane, specify the location to install the boot loader. Optionally, provide the GRUB password and kernel parameters.

Select the installation method.

5.

Select the boot loader options.

6.

Provide the partition information. In the left pane, select Partition Information and in the right pane, specify the partition options and layout information. Congure network settings. In the left pane, select Network Conguration and in the right pane, add the network device with the desired options.

7.

8. 9.

In the left pane, select Authentication and in the right pane, enable the desired settings and specify the required information. Congure rewall and SELinux settings. In the left pane, select Firewall Conguration in the right pane, specify the rewall and the SELinux settings. desired settings.

10. In the left pane, select Display Conguration in the right pane specify the 11. In the left pane, select Package Selection in the right pane, choose the desired

packages that have to be installed.


12. In the left pane, select Pre-Installation Script, in the right pane, type the required

script, if necessary.
13. In the left pane, select Post-Installation Script, in the right pane, type the

required script, if necessary.

Lesson 9: Installing Linux

265

LESSON 9

ACTIVITY 9-4
Creating a Kickstart File
Scenario: You have to install Red Hat Enterprise Linux 5 on all the machines on your network. Manually monitoring and installing Red Hat Enterprise Linux 5 on each machine would be tedious and time consuming. Alternatively, you want to automate the installation process to facilitate multiple installations simultaneously without much supervision.
What You Do 1. Configure the kickstart settings. How You Do It a. Log in as root in the GUI. b. To open the terminal window, choose ApplicationsAccessoriesTerminal. c. To open the Kickstart Configurator, at the command prompt, enter system-config-kickstart d. In the left pane, choose Installation Method. e. In the right pane, verify that the Perform new installation and CD-ROM options are selected. In the left pane, choose Boot Loader Options. f. In the right pane, verify that the Install a new boot loader option is selected. In the left pane, choose Display Configuration.

g. In the right pane, from the Resolution drop-down box, select the 1024x768 option.

266

System Administration of Red Hat Linux 5

2.

Create the kickstart file.

a. To create the kickstart file, choose File Save File. b. In the system-config-kickstart dialog box, in the Name text box, verify that ks.cfg is displayed and in the Save in folder drop-down list, verify that the root folder is selected. c. To save the file, click Save. d. Close the Kickstart Configurator window.

LESSON 9

3.

View the kickstart file.

a. To view the kickstart file, enter cat /root/ks.cfg b. Observe that the configured kickstart settings are incorporated in the file and enter exit to close the terminal.

Lesson 9 Follow-up
In this lesson, you familiarized yourself with the different methods of Linux installation and how to create boot medium. This will enable you to install and congure Linux.
1. What is the ideal way to partition your hard disk? Answers will vary, but may include: Partitioning the hard disk depends on user requirements and the amount of data to be stored on the disk. Usually, it is recommended to create 3 primary partitions and 1 extended partition with any number of logical partitions within. 2. Which installation method of Linux would be appropriate to meet the requirements of your organization? Answers will vary, but may include: The mode of installation to be used depends on user requirements. When installing on multiple systems at the same time, it is recommended to use the network installation method or kickstart installation. When installing on a single machine, the CD-ROM method may be used. The mode of installation to be used also depends on the time available to the user. He may install Linux manually, or automate installation using kickstart, if he has any other task to perform.

Lesson 9: Installing Linux

267

NOTES

268

System Administration of Red Hat Linux 5

LESSON 10

LESSON 10
Implementing Virtualization with Xen
In this lesson, you will implement virtualization with Xen. You will: You will acquire an overview of Xen virtualization. You will manage domains using Xen.

Lesson Time 1 hour(s), 30 minutes

Lesson 10: Implementing Virtualization with Xen

269

LESSON 10
Introduction
Until now, you have worked with physical systems. You have installed Linux on systems, congured various services, and managed systems. You might have used separate hardware for each system. This type of hardware usage is not feasible if you want to run only minor applications on the other systems. Therefore, you must know how to implement virtualization and manage virtual systems. As the system administrator, you might have to keep track of the companys hardware resources. If users are allocated individual systems for running minor applications, it may lead to a shortage of hardware. There may be instances when single users require multiple systems to meet specic project requirements. In such instances, you can maximize hardware resources efficiently by adding virtual systems to user machines.

TOPIC A
Implement Virtualization
You have installed Linux on the system. Your work may require you to use more than one system at the same time. Instead of installing Linux on multiple CPUs, you can use virtualization to run all operating systems from your own system as if they were individual machines. In this topic, you will implement virtualization on your system. You need multiple CPUs to run multiple operating systems separately. This will increase the hardware requirements of the users, and thus increase the companys costs. To save hardware costs, you can use virtualization to run multiple operating systems on a single computer. This will enable you to add the virtual systems capabilities to your system.

Paravirtualization
Paravirtualization

Denition: Paravirtualization is a virtualization technique where computers with different hardware congurations are capable of running similar software. Paravirtualization is accomplished using a hypervisor, which allows the virtual system to run operating systems such as Linux, and software such as Java. Virtualization increases the systems capabilities by allowing the virtual system to perform at the same level as the nonvirtualized system. Paravirtualization has been implemented by companies such as Xen.

270

System Administration of Red Hat Linux 5

LESSON 10
Example:

Hardware Requirements The hardware requirements for implementing Xen virtualization are:

Hardware
Processor RAM Hard Disk

Capacity
Must support PAE or VT/SVM for full virtualization. 256 MB ram per domain. 6 GB per domain.

Hypervisor
Denition: The hypervisor is a virtualization tool that enables the virtual system to run software in a paravirtualized environment. The hypervisor acts as a virtual interface between the virtualized software and the hardware in the system. A hypervisor may control the booting of the virtual OS when it directly interacts with the OS, and runs within the OS when the virtual OS requires the hypervisor to connect to specic hardware. It can be classied into Type 1 and Type 2 hypervisors, depending upon the software that the virtual system runs. Greater performance is achieved by allowing the software of the virtual system to interact with the hypervisor. Xen Hypervisor The Xen hypervisor is the main component of Xen virtualization. The Xen hypervisor is responsible for system booting and proper functioning of the virtualized system. It coordinates domains that are connected to the virtual machine, thereby improving system performance.
Hypervisor

Lesson 10: Implementing Virtualization with Xen

271

LESSON 10
Example:

Domain 0
Domain 0

Domain 0, or dom0, is the domain started by the Xen hypervisor when the system boots. This domain has privileges equivalent to the root user. It controls hardware devices in the computer and those connected to guest domains. Dom0 shares its kernel with domU. The lesystem from domain 0 is exported to domU to run the virtual machine on domU. The domain runs specic drivers to connect to guest domains. Dom0 makes use of frontend drivers to connect to the local systems hardware. Backend drivers are used to connect the hardware to domU.

Figure 10-1: Domain-0 and its function.

Domain U
Domain U

Domain U, or domU, is the domain of the virtual system and is similar to domain 0. Domain U is isolated from the hardware of the physical system. Domain U uses the backend driver to connect to the hardware of domain 0. Domain U is started by the xend daemon when it is invoked by the xm command.

Figure 10-2: Domain-U and its connection mechanism.

272

System Administration of Red Hat Linux 5

LESSON 10
Domain U does not have the privileges of a root user.

Implementing Virtualization
Procedure Reference: Manage a Domain-0 Virtual Machine

1. 2.

Log in as root. Install the Xen packages. a. Enter rpm -ivh kernel-xen-2.6.18-8.rl5.i686.rpm to install the kernel-xen-2.6.18-8.rl5.i686.rpm package. b. c. Enter rpm -ivh xen-3.0.3-25.el5.i386.rpm to install the xen-3.0.3-25.el5.i386.rpm package. Enter rpm -ivh xen-libs-3.0.3-25.el5.i386.rpm to install the xen-libs-3.0.3-25.el5.i386.rpm package.

3. 4. 5. 6. 7.

Reboot the system. From the grub menu, choose the xen kernel. Log in as root. Enter service xend start to start the xend service. Enter chkconfig xend on to start the xend service at the system boot.

ACTIVITY 10-1
Implementing Virtualization
Data Files: bridge-utils-1.1-2.i386.rpm SDL-1.2.10-8.el5.i386.rpm gnome-python2-gnomekeyring-2.16.0-1.fc6.i386.rpm kernel-xen-2.6.18-53.el5.i686.rpm kernel-xen-devel-2.6.18-53.el5.i686.rpm libvirt-0.2.3-9.el5.i386.rpm libvirt-python-0.2.3-9.el5.i386.rpm python-virtinst-0.103.0-3.el5.noarch.rpm virt-manager-0.4.0-3.el5.i386.rpm xen-3.0.3-41.el5.i386.rpm xen-libs-3.0.3-41.el5.i386.rpm

Lesson 10: Implementing Virtualization with Xen

273

LESSON 10
Before You Begin: 1. Open the terminal window. 2. 3. Enter cp -R 085993Data/Implementing_Virtualization_With_Xen / to copy the 085993Data/Implementing_Virtualization_With_Xen directory to the / directory. Enter clear to clear the screen.

Scenario: A couple of huge projects are slated to start. As the system administrator, you are required to ensure that hardware requirements of the network are met. To save hardware resources, you decide to implement virtualization on user systems so that you can run multiple virtual systems on them.

274

System Administration of Red Hat Linux 5

LESSON 10
What You Do 1. Install the Xen packages. How You Do It a. To navigate to the /Implementing_ Virtualization_With_Xen folder, enter cd /Implementing _Virtualization_With_Xen b. To install the xen-2.6.18-53.rl5.i686.rpm package, enter rpm -ivh kernel-xen-2.6.18-53.el5.i686.rpm c. To install the kernel-xen-devel-2.6.18-53.el5.i686.rpm package, enter rpm -ivh kernel-xen -devel-2.6.18-53.el5.i686.rpm d. To install the bridge-utils-1.1-2.i386.rpm package, enter rpm -ivh bridge-utils-1.1-2.i386.rpm e. To install the SDL-1.2.10-8.el5.i386.rpm package, enter rpm -ivh SDL-1.2.10-8.el5.i386.rpm f. Enter clear

g. To install the xen-libs-3.0.3-25.el5.i386.rpm package, enter rpm -ivh xen-libs-3.0.3-25.el5.i386.rpm h. To install the libvirt-0.2.3-9.el5.i386.rpm package, enter rpm -ivh --nodeps libvirt-0.2.3-9.el5.i386.rpm
Stops RPM from performing a dependency check.

i.

To install the libvirt-python-0.1.8-15.el5.i386.rpm package, enter rpm -ivh libvirt -python-0.2.3-9.el5.i386.rpm To install the python-virtinst-0.103.0-3.el5.noarch.rpm package, enter rpm -ivh python -virtinst-0.103.0-3.el5.noarch.rpm

j.

k. Enter clear

Lesson 10: Implementing Virtualization with Xen

275

LESSON 10
l. To install the xen-3.0.3-41.el5.i386.rpm package, enter rpm -ivh xen -3.0.3-41.el5.i386.rpm 2. Modify the grub.conf file. a. To navigate to the /boot/grub directory, enter cd /boot/grub b. To open the grub.conf file, enter vi grub.conf c. To go to the default=0 line, enter /def d. Change default=0 to default=1 e. To exit to the command mode, press Esc. f. Save and close the file.

g. To reboot the system, enter reboot h. At the GRUB screen, select the 2.6.18 53.el5xen kernel.

276

System Administration of Red Hat Linux 5

LESSON 10
3. Implement Xen in the system. a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root in the CLI. c. To navigate to the /Implementing_ Virtualization_With_Xen folder, enter cd /Implementing _Virtualization_With_Xen d. To install the gnome-python2-gnomekeyring2.16.0-1.fc6.i386.rpm package, enter rpm -ivh gnome -python2-gnomekeyring -2.16.0-1.fc6.i386.rpm e. To install the virt-manager-0.4.0-3.el5.i386.rpm package, enter rpm -ivh virt -manager-0.4.0-3.el5.i386.rpm f. Enter clear

g. To start the Xen service, enter service xend start h. To enable Xen at system startup, enter chkconfig xend on

TOPIC B
Congure and Manage Domains
You have implemented Xen virtualization on your system. Now, you want to add virtual systems, or domains, to your computer. To accomplish this task, you should know about domain management and how to congure and manage domains. In this topic, you will congure domains. Once you implement virtualization in your system, you must congure virtual systems that will be added to it. You must then manage domains in such a way that the performance of your system does not decrease. Only then you will be able to run virtual systems separately on your system without draining system resources. You can also add the virtual systems capabilities to your system through domain management.

Lesson 10: Implementing Virtualization with Xen

277

LESSON 10
Domain Management
Domain Management

Domain management is the process of managing multiple domUs connected to dom0. Domain management is necessary to avoid software and hardware conict between two domains. Domains should be managed to maximize utilization of virtual machine resources. This increases productivity while reducing system usage.

Figure 10-3: Importance of domain management.

The xendomains Script


The xendomains.rc.d script is a system V init script used to start and stop the xen domUs during system boot. This script automatically invokes domains based on the conguration les of the domains found in the /etc/xen/auto directory. The script can be invoked from the GUI or CLI using the service xendomains start or service xendomains stop command.

The Xen Daemon (xend)


The Xen daemon, or xend, is responsible for implementing Xen virtualization. The daemon acts as the interface between the hypervisor and the xm interface. xend streamlines virtualization by synchronizing requests, so that the Xen driver does not get ooded with multiple requests at the same time. The daemon settings are controlled by the xend-cong le. The Xen daemon can be called from the command prompt using the xend command.

Command
xend start xend stop xend restart

Enables You To
Start xend. Stop xend. Restart xend.

278

System Administration of Red Hat Linux 5

LESSON 10
The virt-manager Command
The virt-manager command is used to open the Virtual Machine Manager interface. The interface can be used to add new domains, disconnect domains, and delete domains from the list of installed domains. The manager displays the virtual machines and their performance details.
The virt-manager Command

Figure 10-4: The virt-manager command opens the VMM interface.

The xm Commands
The xm interface is used to manage multiple guest domains when paravirtualization is implemented. The interface provides a number of subcommands to perform domain management. The xm subcommands can be divided into Domain subcommands Host subcommands Commands to control virtual devices Access control commands
The xm Commands

Figure 10-5: The xm interface and its function.

Lesson 10: Implementing Virtualization with Xen

279

LESSON 10
Subcommand
create list console pause unpause shutdown save

Enables You to
Start the domain-U. The conguration le is xmdomain.cfg. Print information about a domain. When a domain name is not specied, it gives information about all domains. Open the Virtual Machine console. Pause a domain. The memory allocation for the domain is not affected. Resume a paused domain. Terminate the domain. This command shuts down the virtual operating system and releases memory allocated for it. Save the state of a domain to a le. Once the state le is saved, the memory for the domain is released and is free for other domains to run. The saved domains can be restored later. Restore or resume a saved domain.

restore

The xm Interface The xm interface is the management interface for the Xen daemon. The interface is necessary for management of Xen guest domains. This can be done only when xend is running. Management of domains using the xm interface requires the privileges of a root user. Domain management can be done only when the connection to the hypervisor is successfully completed. The xm interface can be initiated using the xm command, whose syntax is xm {sub command} {domain-name) [options].

The xentop Command


The Xentop Command

The xentop command is used to monitor domains and display real-time domain information. Therefore, when the domain gets updated, the information displayed also gets updated. The syntax for the xentop command is xentop {option}.

Figure 10-6: The xentop interface displays a real-time list of domains.

280

System Administration of Red Hat Linux 5

LESSON 10
The output of the xentop command is controlled by various command line options. Option
-v -n -d -h

Enables you to
Display the version information. Display information about the network. Set the refresh time between updates. Display help options.

Congure Domains and Virtual Server


Procedure Reference: Create a Domain-U Virtual Machine To create a domain-U virtual machine:
1. 2.

Log in as root in GUI. Open the Virtual Machine Manager. At the command prompt, enter virt-manager to launch the Virtual Machine Manager application. From the menu bar, choose Applications System Tools Virtual Machine Manager.

3. 4. 5. 6. 7. 8. 9.

In the Open Connection window, click Connect to connect to the local xen host, that is, domain-0. In the Virtual Machine Manager window, choose File New machine to create a virtual system, that is, domain-U. In the Create a new virtual system window, click Forward. Type the virtual system name in the System Name text box and click Forward. Depending on the type of system domain-0, select the virtualization method and click Forward. Locate the installation media by specifying the install media URL. If required, provide the location of the kickstart url.

10. Click Forward. 11. Assign storage space for the virtual machine.

a. b.

Select normal disk partition and specify the partition information in the partition text box. Select simple le and specify the location of the le in the le location text box.

12. Click Forward. 13. Allocate the memory and the virtual CPU for the virtual machine and click For-

ward.
14. Click Finish to nish the setup and start the domain-U installation in the virtual

machine console.

Lesson 10: Implementing Virtualization with Xen

281

LESSON 10
Procedure Reference: Manage Domain-Us with the xm Command To manage domain-Us with the xm command:
1. 2.

Log in as root in GUI. Manage domain-U with the xm command. Enter xm create {virtual machine name} to start the domain-U. Enter xm list to list the information about all domains. Enter xm pause {domain-U ID} to pause the domain in memory. Enter xm unpause {domain-U ID} to resume the domain. Enter xm console {domain-U ID) to open the Virtual Machine Console, and use Ctrl+] to escape to the command prompt from the console. Enter xm shutdown {domain-U ID} to shutdown the virtual machine. Enter xm save {location of the file} to save the current state of the virtual machine. Enter xm restore {location of the file} to resume the virtual machine from the saved state.

Procedure Reference: Start Domain-U on System Boot To start the domain-U on system-boot:
1. 2. 3. 4. 5.

Log in as root. Enter cd /etc/xen/auto to navigate to the /etc/xen/auto directory. Enter ln -s /etc/xen/{virual machine configuration filename} {virual machine configuration file name} Enter chkconfig xendomains on to enable the Xen service at startup. Reboot the system.

282

System Administration of Red Hat Linux 5

ACTIVITY 10-2
Managing Domains
Before You Begin: To be performed by the instructor: 1. Move the 085993Data/Managing_Packages/rhelsource folder to the / directory. 2. 3. 4. 5. 6. Open the /etc/exports le. Verify that the /rhelsource directory is shared through NFS. Save and close the le. Enter exportfs -r to export the /rhelsource directory to all the client machines. Restart the NFS service.

LESSON 10

Setup: To be performed by the student: 1. Enter fdisk /dev/hda to begin the disk partition 2. 3. 4. 5. 6. 7. 8. 9. Type n and press Enter to create a partition. Type e and press Enter to create an extended partition. Press Enter to accept the default starting point of the partition. Press Enter to accept the default partition size. Enter n to create a partition. Press Enter to accept the default starting point of the partition. Enter +10000M to specify the size of the partition. Enter w to write the partition table to the disk.

10. Enter reboot to reboot the system. 11. To switch to the CLI, press Ctrl+Alt+F1. 12. Enter mkfs.ext2 /dev/hda5 to create the ext2 lesystem on /dev/hda5. 13. Enter service nfs restart to restart the NFS service. 14. Enter showmount -e 192.168.0.1 to view the shared directories. 15. Verify that /dev/hda5 is unmounted. Scenario: A user on your network requires an additional system with an application installed. You are given the task of providing the user with the system. However, you nd that systems are needed for another important project that is coming up. You nd that the application is a lowperformance application and decide to use virtualization to accomplish the task.

Lesson 10: Implementing Virtualization with Xen

283

LESSON 10
What You Do 1. Open the Virtual Machine Manager application. How You Do It a. To switch to the GUI mode, press Ctrl+Alt+F7. b. Log in as root in the GUI. c. To open the Virtual Machine Manager, from the menu bar, choose Applications System Tools Virtual Machine Manager. d. To open the Open connection window, choose FileOpen connection and click Connect.

284

System Administration of Red Hat Linux 5

LESSON 10
2. Create a virtual system. a. In the Virtual Machine Manager window, choose File New machine. b. In the Create a new virtual system window, click Forward. c. On the Naming your virtual system page, in the System Name text box, type guest01 and click Forward. d. To choose the virtualization method, on the Choosing a virtualization method page, choose Paravirtualized and click Forward. e. On the Locating installation media page, click the Install Media URL text box, type nfs:192.168.0.1:/rhelsource and click Forward. f. On the Assigning storage space page, verify that Normal Disk Partition is selected.

g. To assign storage space for the virtual machine, in the Partition text box, click and type /dev/hda5 and click Forward. h. On the Connect to host network page, choose Shared physical device and click Forward. i. To assign the default values, on the Allocate memory and CPU page, click Forward. Click Finish to finish the setup and start the domain-U installation.

j.

k. If necessary, in the New Keyring Password window, in the Password text box, type p@ssw0rd l. In the Confirm new password text box, type p@ssw0rd and click OK.

m. Install Red Hat Enterprise Linux 5.2 on the virtual system. n. Observe that RHEL5 installation on the virtual system has commenced. To restart the virtual system, click Run.

Lesson 10: Implementing Virtualization with Xen

285

LESSON 10
o. Click Shutdown to close the virtual system.

Lesson 10 Follow-up
In this lesson, you implemented Xen on the system. This will enable you to save hardware resources and also optimize the performance of the system by adding virtual systems to it.
1. When do you think virtualization is necessary? Why? Answers will vary, but may include: 1. Implementing virtualization depends on the type of application being virtualized. It can be used only in certain cases, when the applications are small. 2. Another factor for the implementation of virtualization is hardware utilization. Hardware utilization depends on the resources of the company. It can be readily used when a company has excessive hardware resources. Virtualization is ideal for small-to-mediumsized companies with limited resources. 2. What is the maximum number of domain-Us that can be run on a domain-0 at the same time? Answers will vary, but may include: 1. The number of domain-Us that may run on a system at the same time depends on the hardware configuration and the disk space available. 2. The number of domain-Us that may run on a system at the same time also depends on the type of applications being used, and the memory space the processes occupy.

286

System Administration of Red Hat Linux 5

LESSON 11

LESSON 11
Troubleshooting Linux Systems
In this lesson, you will troubleshoot Linux system issues. You will: Use the Linux rescue environment for troubleshooting the Linux system issues. Troubleshoot devices.

Lesson Time 1 hour(s), 15 minutes

Lesson 11: Troubleshooting Linux Systems

287

LESSON 11
Introduction
You have familiarized yourself with Xen virtualization. While installing and working with the Linux operating system, you may experience unexpected technical issues. To provide uninterrupted service to the users, you need to be able to solve the problems that arise while functioning. In this lesson, you will troubleshoot Linux-related issues. As an administrator managing multiple systems on a network, you would have installed various services and packages required by users. However, when several users start using the network and its services, there may be instances when they do not function as desired. As the administrator, you will be expected to determine and resolve the problems related to the system.

TOPIC A
Troubleshoot Linux-Based Issues
You have installed Linux and congured the primary settings for using the system. While working with Linux, you may experience issues, which might prevent you from using the system or its services. In this topic, you will troubleshoot Linux-based issues to recover the system. As an administrator managing multiple systems on a network, you will experience various issues with the Linux operating system. Without proper identication and analysis, nding a solution will take lots of time and effort. Therefore, you must familiarize yourself with the procedures required to identify these issues and solve them efficiently.

Troubleshooting Strategies
A troubleshooting strategy is a plan of action for identifying the causes and resolving the effects of a system-related issue. There are various guidelines that need to be considered while preparing a troubleshooting strategy.

Strategy
Analyze the problem

Description
Before attempting to troubleshoot an issue, try to identify the problem through its symptoms such as error messages and other available information such as log les and conguration les. Also check if the relevant services are working properly. Before experimenting with issues in conguration les, log les, or any other important data, it is recommended to make a backup to avoid loss of information and further complication of the issues. Observe whether the issue is related with the hardware, an application, a process, or any other service. Try to choose one or more symptoms and drill down to the root cause. Eliminating the root cause will rectify all the related issues.

Back up data

Eliminate possible causes

288

System Administration of Red Hat Linux 5

LESSON 11
Strategy
Adopt fundamental problem-solving approaches

Description
After identifying the underlying causes, try out fundamental methods of resolving the issue before proceeding to complicated problem solving procedures.

The Linux Rescue Environment


The Linux rescue environment is a stand-alone Red Hat Enterprise Linux system for troubleshooting a corrupt Linux system. It serves as an external environment through which the errors in the Linux system can be xed without the help of the existing installation les. The rescue environment mounts the standard Linux system directories on the /mnt/sysimage directory. These directories are mounted either in read-write mode or read-only mode depending on the kind of issue.
The Linux Rescue Environment

Figure 11-1: The rescue environment for troubleshooting Linux issues.


In some cases, when system directories cannot be mounted on the /mnt/sysimage directory, the prompt will be available for troubleshooting.

The chroot Mode The chroot mode shifts the /root directory to a different location for recovery. It is also known as jail mode because the user will not be able to access any other le or directory except this directory and its subdirectories.

Rescue Environment Utilities


A set of utilities is available in the rescue environment to troubleshoot different issues.

Lesson 11: Troubleshooting Linux Systems

289

LESSON 11
Category
Disk Maintenance Utilities

Utilities
LVM utilities such as lvcreate, lvresize, and lvremove. Software RAID utility such as mdadm. Disk partitioning and swap utilities such as fdisk, sfdisk, mount, umount, and mkswap. Filesystem utilities such as mkfs, tune2fs, fsck, and e2fsck.

Networking Utilities

Network debugging utilities such as ifconfig, route, dig, netstat, traceroute, host, and hostname. Network connectivity utilities such as ssh, ftp, and scp. Shell commands such as chroot and bash. Process management tools such as ps and kill. Editors such as vi and nano. File management commands such as cd, ls, cp, rm, and mv. Kernel management utility such as sysctl. Package management tools such as rpm and yum. Archiving and compression utilities such as tar and gzip.

Other Utilities

How to Use the Rescue Environment


Procedure Reference: Analyze the Problem by Gathering Data To analyze the problem by gathering data:
1. 2.

Log in as root in the CLI. Gather data about the issue using appropriate commands and les. Enter history to analyze the history of commands run by the user. Enter grep {keyword} {log file name} to nd the specied keyword in the log le while troubleshooting. Enter diff {current file} {backed up file} to view if there are any changes in the le compared with the last backed up state. Enter find {location of the directory to search} -cmin -{time in minutes} to nd all les that have been modied within a specied timing. Enter strace {command} to collect more information when the specied command is run.

290

System Administration of Red Hat Linux 5

LESSON 11
Enter tail -f {log file name} to view the log le as and when it is updated. Congure system logs to log all debug messages. a. b. Enter vi /etc/syslog.conf to open the system log conguration le. Type {Facility} {Level of severity} {File where the log messages will get stored} to set the type and level of severity to be logged in the specied le. Save and exit. Enter service syslog restart to restart the system log service and apply the changes.

c. d.

Troubleshooting Boot Process

Cause
If the boot loader screen does not appear, then the GRUB might not be congured properly. If the grub> prompt appears, then the GRUB might have been corrupted. If the kernel does not load, then the kernel image might be corrupted. If the kernel does not load, then the parameter passed during the system start up might be wrong. If there is a kernel panic, then: 1. the boot loader might have been miscongured, 2. the /etc/inittab le is miscongured, 3. or the root lesystem is miscongured. If the kernel loads, but /etc/rc.d causes an issue, then the /etc/fstab le might have an error. If the kernel loads, but /etc/rc.d causes an issue, then the fsck utility might have failed. If the services do not start correctly, then the they might not have been congured properly.

Solution
Congure the /boot/grub/grub.conf in the rescue mode. Install the grub again in the rescue mode. Install a new kernel in the rescue mode. Specify the correct parameter by editing the grub in the boot loader screen. 1. In the rescue mode, congure the boot loader conguration. 2. In the rescue mode, dene the parameters in the /etc/inittab correctly. 3. In the rescue mode, run a lesystem check on the lesystem. In the rescue mode, x the /etc/fstab le.

In the rescue mode, run the fsck command manually. Congure the service properly.

Procedure Reference: Use the Linux Rescue Environment To use the Linux rescue environment:
1. 2. 3.

Modify the BIOS settings to boot from the recovery disk. Insert the rst Red Hat installation CD into the CD-ROM drive and boot the system. At the boot prompt, enter Linux rescue to enter the rescue mode.

Lesson 11: Troubleshooting Linux Systems

291

LESSON 11
4.

If necessary, specify settings necessary to access the installation les. a. b. c. Specify the language and keyboard settings. On the Setup Networking page, select Yes. On the Network Conguration page, specify the networking parameters or eth0 and select OK.

5.

A message is displayed, stating that the root partition will be mounted in the /mnt/ sysimage directory. Select Continue to mount the lesystem with read and write permissions. Select OK to continue with the boot process. The root directory is now mounted on the ramdisk. Change the root directory to the one mounted in the /mnt/sysimage directory.chroot /mnt/sysimage Troubleshoot to nd the cause of system failure and make the necessary changes to recover the system. For example, if the system failed to boot due to inaccuracies in the LILO conguration le, modify the le, and then reinstall LILO. Enter exit to exit the chroot environment. hard disk.

6. 7. 8.

9.

10. Enter sync so that the changes you made are reected in the lesystem on the 11. Enter exit to exit from the rescue mode. The system will now reboot.

Procedure Reference: Troubleshooting X To troubleshoot X:


1. 2.

Switch to the runlevel to 3. Check to ensure that the required criteria for X are met. Ensure that the quota value for the user has not been reached. Enter service xfs status to check whether the xfs font server is running. Enter X -probeonly to gather more information. Make sure the host name of the system is congured properly. Enter system-config-display to check whether the display settings are congured properly.

Procedure Reference: Troubleshoot Network Issues To troubleshoot network issues:


1. 2. 3.

Verify that the network cable is plugged properly. View the /var/log/messages le to nd out more information about the error. Verify that the network service is available for the runlevel you are currently in. a. Verify that the network le is present in the /etc/rc.d/rc{runlevel}d directory. b. If the le is not present, then enter chkconfig --level {runlevel} network on to enable the network service in the runlevel.

4.

Verify that the network service is started. a. Enter service network status to view the status of the network service.

292

System Administration of Red Hat Linux 5

LESSON 11
b.
5.

If the service is stopped, then enter service network start to start it.

Verify that the IP address and subnet mask are allocated by viewing the output of the ifconfig command. a. b. Enter ifconfig to view the IP address and subnet mask. If no entries for IP address and subnet mask are displayed, determine if the IP addresses are allocated manually or through a DHCP server. 1. If IP addresses are allocated through a DHCP server, change the BOOTPROTO parameter to dhcp in the /etc/syscong/network-scripts le. If IP addresses are allocated manually, verify that the IPADDR and NETMASK parameters are set in the /etc/syscong/network-scripts le. Restart the network service.

2. 3. c.
6. 7.

Ping the network gateway to verify if you are able to connect to the network. /bin/ping {IP address}

Verify that the default gateway and routing table are congured properly. Verify that the name-to-IP address resolution in your network is proper. If you have implemented DNS in your network, verify that the DNS entries are correct. a. b. c. d. Using the host, dig, or nslookup commands, verify that the name-to-IP address mapping is correct in the DNS conguration les. dig {host name or FQDN} host {host name or FQDN} nslookup {host name or FQDN}

Or, if you have not implemented DNS in your network, verify that the /etc/ hosts le has correct name-to-IP address mapping information.

8.

Verify that IP forwarding is enabled. a. Verify that the /proc/sys/net/ipv4/ip_forward le has the value 1. b. If the le contains 0, change the value to 1. 1. 2. In the /etc/sysctl.conf le, modify the value of the net.ipv4.ip_ forward parameter to 1. Run the sysctl command to apply the changes, sysctl -p /etc/ sysctl.conf

9.

Verify that the ports of the service you are trying to access are open at the destination host. a. Use Telnet to access the service through a specic port, telnet {host name} {port number} b. c. In the /etc/hosts.allow and /etc/hosts.deny les and iptables, verify that you are allowed to access the ports. If the port is not open, start the service by using the service {service-name} start command or by adding an entry for the startup script in the rc.local le. Display the host name by using the hostname command.

10. Verify that the host name is set.

a.

Lesson 11: Troubleshooting Linux Systems

293

LESSON 11
b. If the host name is not set, modify the /etc/syscong/network le to add an entry for the host.

ACTIVITY 11-1
Troubleshooting the GRUB
Before You Begin: 1. Log in as root in the CLI. 2. 3. 4. 5. 6. 7. Enter cd /boot/grub to open the GRUB folder. Enter cp grub.conf grub1.conf to backup the existing GRUB conguration le. Enter vi grub.conf to open the current GRUB conguration le. Comment all the lines. Save and close the le. Enter reboot to apply the settings.

Scenario: You system boots with the grub prompt rather than booting from the GUI prompt. Even after reboot, the situation remains the same. This indicates that there is an issue with the GRUB conguration. But, you require the system to boot through the GUI mode.
What You Do 1. Rectify the grub settings. How You Do It a. At the grub prompt, enter root b. To view the current boot loader settings, enter cat /grub/grub.conf c. Make a note of the kernel and module settings and press Enter to return to the grub prompt. d. Enter kernel /xen.gz2.6.18-53.el5 e. Enter module /vmlinuz-2.6.18-53.el5xen ro root=LABEL=/ rhgb quiet f. Enter module /initrd-2.6.18-53.el5xen.img

g. To reboot the system, at the grub prompt, enter boot

294

System Administration of Red Hat Linux 5

LESSON 11
2. Check the rectified grub.conf file to ensure that the settings are correct. a. To switch to the CLI mode, press Ctrl+Alt+F1. b. Log in as root in the CLI. c. To navigate to the grub directory, enter cd /boot/grub/ d. To delete the current GRUB configuration file, enter rm grub.conf e. To confirm the remove action, enter y f. To replace the correct GRUB configuration file, enter mv grub1.conf grub.conf

g. To view the current grub.conf file, enter cat grub.conf h. To clear the screen, enter clear

ACTIVITY 11-2
Troubleshooting Partitions
Before You Begin: 1. Log in as root in the CLI. 2. 3. Enter e2label /dev/hda1 /boo to change the lesystem label. Enter reboot to apply the settings.

Scenario: A new employee has been provided with a Linux system and he has accidently manipulated some les. When he tried booting the machine, he gets the error Checking lesystems. fsck.ext3: Unable to resolve LABEL=/boot

Lesson 11: Troubleshooting Linux Systems

295

LESSON 11
What You Do 1. Troubleshoot the partition label issue. How You Do It a. At the command prompt, enter the root password. b. To view label entries of all partitions, at the Repair filesystem prompt, enter cat /etc/fstab c. To view the boot device information, enter fdisk -l d. Observe that the boot device partition is /hda1. e. To check if its same as that in the /etc/ fstab, enter e2label /dev/hda1 f. Observe that the boot directory information is specified wrongly as /boo instead of /boot.

g. To rectify the mistake in labeling, enter e2label /dev/hda1 /boot h. To reboot the system, press Ctrl+D. 2. Check whether the system has recovered. a. Verify that the system reboots and the GUI login screen is displayed. b. Log in as root in the GUI.

296

System Administration of Red Hat Linux 5

ACTIVITY 11-3
Troubleshooting Runlevels
Before You Begin: 1. Log in as root in the CLI. 2. 3. 4. 5. To access the inittab le containing runlevel information, enter vi /etc/inittab Comment the line that starts with si::sysinit:/etc/rc.d/rc.sysinit Save and close the le. Enter reboot to apply the settings.

LESSON 11

Scenario: You have been requested to troubleshoot a system that is unable to boot and throws an error. When attempting to boot the system, an error message is displayed stating that /etc/rc5.d/ S00microcode_ctl: microcode device /dev/cpu microcode does not exist. It indicates that there is a system initialization error with the rc.d settings.
What You Do 1. Troubleshoot runlevels using the RHEL boot CD-ROM. How You Do It a. Insert the RHEL 5 Rescue CD in the CD/DVD drive and reboot the system. b. To enter into the Linux rescue mode, at the boot prompt, enter linux rescue 2. Select the language and keyboard configuration options. a. On the Choose a Language page, in the Language Selection list box, verify that the English option is selected and select OK. b. On the Keyboard Type page, in the Keyboard section, verify that the us option is selected and select OK.

Lesson 11: Troubleshooting Linux Systems

297

LESSON 11
3. Configure the network settings and enter the rescue mode. a. On the Setup Networking page, select Yes. b. On the Network Configuration for eth0 page, select the Enable IPv4 support option. c. On the IPv4 Configuration for eth0 page, select the Manual address configuration option. d. In the IP Address text box, type the IP address of your respective systems. e. In the Prefix (Netmask) text box, type 255.255.255.0 and click OK. f. On the Miscellaneous Network Settings page, press F12 to move to the next page.

g. On the Error With Data page, select Continue to ignore the error. h. On the Error With Data page, select Continue to ignore the error. i. j. On the Rescue page, select Continue. On the Rescue page, select OK.

298

System Administration of Red Hat Linux 5

LESSON 11
4. Troubleshoot the inittab settings. a. To mount the rescue environment files, at the sh prompt, enter chroot /mnt/sysimage b. To go to the inittab file, enter vi /etc/inittab c. To go to the sysinit line, enter /#si d. To go to the insert mode, press I. e. Observe that the cursor is at the beginning of the line # si::sysinit:/etc/rc.d/ rc.sysinit. f. To remove the comment declaration, delete the # symbol at the beginning of the line.

g. To exit to the command mode, press Esc. h. Save and close the file.
Eject the rescue CD manually from the CD-RW drive before rebooting the system.

i.

To exit the chroot environment, enter exit To reboot the system, enter reboot

j.

k. Observe that the system boots correctly and the login prompt is displayed. l. To start operating the system, log in as root in the GUI.

Lesson 11: Troubleshooting Linux Systems

299

LESSON 11

TOPIC B
Troubleshoot Devices
You have rectied system-based issues and rebooted the system. While restoring the system, the hardware devices may not be activated properly. In this topic, you will troubleshoot hardware devices. Systems may be connected to various external devices, such as the speaker or the modem. And these devices may not work properly as expected. Finding the cause of the problem will help you solve the device issues.

Device Problems
Peripheral devices may also experience failures.

Symptom
The user is unable to hear from the speaker. The modem is unable to dial in or out.

Cause
The speaker or the sound card is not functioning properly. There is a mismatch between the modem conguration and the modem settings, or there could be a modem failure. The CPU is unable to establish link with the monitor. The dumb terminal is unable to connect with the server. The UPS is malfunctioning, or there is a mismatch between the UPS setting and the conguration le. The mouse does not function properly due to the conguration settings or there could be a problem in the device. The driver is not mounted or there is some problem with the driver.

On system boot, the monitor switches to the power save mode or the power light ickers. The dumb terminal device is unable to boot. It just stops with the display screen. A system connected to the UPS shuts down abruptly. The user is unable to switch to the GUI mode.

The user is unable to access the oppy or the CD drive.

Viewing Hardware Details Some commands that are commonly used for viewing hardware details are listed in the following table.

Use This Option


dmesg /sbin/lspci _lsdev /sbin/lsmod

To Do This
View bootup messages View information about PCI cards View information about the installed hardware View a list of loaded modules

300

System Administration of Red Hat Linux 5

LESSON 11
Use This Option
/bin/uname

To Do This
View system information such as the kernel name, release and version numbers, hardware platform, and operating system

Device Repair Techniques


If you have determined the cause of a failure, it will be easier for you to solve the problem.

Cause
The speaker or the sound card does not function properly. The modem conguration mismatches with the modem setting or there is a modem failure. The CPU is unable to communicate with the LCD panel. The dumb terminal is unable to connect to the server. The UPS does not provide the power supply or there is a mismatch of the UPS setting. The mouse does not function properly due to the conguration settings or there could be a problem in the device. The driver is not mounted or there is some problem with the driver.

Solution
Check the speaker and its corresponding driver. If you still have a problem, then you need to check the sound card. Check the modem and serial port settings. If the problem continues, check the corresponding drivers. Check whether the cable is connected to the system and then check the functionality of the VGA card. Check the serial ports and cables. Check the serial ports, the cable, and the conguration le. Unplug and reconnect the mouse, then restart the system. Check whether the read/write indicator is on. Otherwise, check the power cable connected to the oppy.

How to Troubleshoot Devices


Procedure Reference: Troubleshoot the Sound Card Problems To troubleshoot the sound card issues:
1. 2.

Verify that the speaker is connected, switched on, and is functioning. If the speaker is functioning but the problem persists, verify that the sound card is detected while booting. a. Verify that the sound card is listed in the output of the lspci command. b. If the sound card is not detected, contact your hardware engineer to resolve the sound card issue.

3.

If the sound card is detected and the problem still persists, verify that the sound card module is loaded.

Lesson 11: Troubleshooting Linux Systems

301

LESSON 11
a. Verify that the sound card module details are listed in the output of the lsmod command.
lsmod module name

b.

If the sound card module is not loaded, add an entry for the sound card in the /etc/modprobe.conf le. To add an entry in the le, you need to know the slot number and the name of the module used for the sound card.
alias sound-slot-{slot number} {module name
The /lib/modules/[kernel version]/kernel/sound directory contains modules for the sound card.

c.

Reboot the system to load the module automatically.


You can also load the module using the modprobe or insmod command. If you want to use the modprobe command, run the depmod command to build a database.

Procedure Reference: Troubleshoot the Modem Issues To troubleshoot the modem issues:
1. 2. 3.

Verify that the modem is connected properly to the system and powered on. Check your telephone line and verify that it is connected properly to the modem. Verify that the modem speed is set properly. a. Verify that the modem speed specied in the /etc/mgetty+sendfax/ mgetty.cong le is equal or lesser than your modem speed. b. If the modem speed is not set, modify the speed parameter in the le.
speed speed in bps

4.

Verify that the serial port settings are correct. a. Verify that the settings listed in the output of the setserial -a /dev/ttyS0 command matches with your modem specications. b. If the serial port settings are not proper, change them.
setserial /dev/ttyS{port number} {spd_normal | spd_hi | spd_vhi} setserial /dev/ttyS{port number} baud_base {baud rate}

5.

If you are still unable to dial in using the modem, then the issue is hardware related. Contact your hardware engineer to resolve the issue.

Procedure Reference: Troubleshoot the LCD Panel Issues To troubleshoot the LCD panel issues:
1. 2.

Verify that the LCD panel is connected to the system properly and is powered on. Verify that the VGA card module is congured correctly. a. Verify that all parameters in the Screen section in the /etc/X11/xorg.conf le are given correctly. b. If necessary, modify the parameters according to your LCD panel specications.

302

System Administration of Red Hat Linux 5

LESSON 11
3.

Verify that the monitor parameters such as DefaultDepth, Viewport, and Depth are congured correctly. a. b. In the /etc/X11/xorg.conf le, verify that the DefaultDepth, Viewport, and Depth parameters are set properly. If necessary, modify the parameters according to your LCD panel specications.

4.

If the LCD monitor is still not working properly, then the issue is hardware related. Contact your hardware engineer to resolve the issue.

Procedure Reference: Troubleshoot the Dumb Terminal Issues To troubleshoot the dumb terminal issues:
1. 2.

Verify that the dumb terminal device is connected properly to the server. Verify that the serial port is congured correctly. a. b. Verify that the settings listed in the output of the setserial -a /dev/ttyS0 command matches your device specications. If necessary, change the serial port settings.
setserial /dev/ttyS{port number} {spd_normal | spd_hi | spd_vhi} setserial /dev/ttyS{port number} baud_base {baud rate}

3.

If the dumb terminal is still not working properly, then the issue is hardware related. Contact your hardware engineer to resolve the issue.

Procedure Reference: Troubleshoot the Issues Related to UPS Devices To troubleshoot the UPS device issues:
1. 2.

Verify that the UPS device is connected properly to the server. Verify that the serial port is congured correctly. a. Verify that the settings listed in the output of the setserial -a /dev/ttyS0 command matches your device specications. b. If necessary, change the serial port settings.
setserial /dev/ttyS{port number} {spd_normal | spd_hi | spd_vhi} setserial /dev/ttyS{port number} baud_base {baud rate}

3.

If the UPS device is still not working properly, then the issue is hardware related. Contact your hardware engineer to resolve the issue.

Procedure Reference: Troubleshoot the Mouse Issues To troubleshoot the mouse issues:
1. 2. 3.

Verify that the mouse is connected properly to the system. Reboot the system. If the mouse is still not working, then the issue is hardware related. Contact your hardware engineer to resolve the issue.

Lesson 11: Troubleshooting Linux Systems

303

LESSON 11
Procedure Reference: Troubleshoot the Floppy Disk Problems To troubleshoot the oppy disk issues:
1.

Verify that the power connector for the oppy drive is proper. If the connection is not on, then there is a problem with the power connector. a. Verify that the read-write indicator is glowing. b. If it is not glowing, the power connector needs to be checked and replaced.

2.

If the power connector is working and the oppy issue persists, then there is a problem with the oppy drive or oppy. a. b. With your hardware engineers help, verify that the oppy drive is functioning properly. If the oppy drive is functional, verify that your oppy is functioning properly.

DISCOVERY ACTIVITY 11-4


Troubleshooting Hardware Issues
Scenario: Your company has organized a trade show, where you have set up several dumb terminals with LCD monitors to demonstrate your companys products. You are responsible for troubleshooting any hardware-related issues.

1.

One of the LCD monitors is not displaying any output. What could be the problem? a) The LCD panel is not connected properly to the system. b) The VGA card module is not configured properly. c) Serial port settings are not configured properly. d) Monitor parameters such as DefaultDepth, Viewport, and Depth are not configured properly.

2.

In which file will you change the LCD monitor parameters, such as DefaultDepth, Viewport, and Depth? a) /etc/x11Config b) /etc/XF86 c) /X11/XF86Config d) /etc/X11/xorg.conf

3.

True or False? In the /etc/X11/xorg.conf file, the section Screen contains parameters for the VGA card module for an LCD monitor. True False

304

System Administration of Red Hat Linux 5

LESSON 11
4. In one of the terminals, users are not able to listen to the audio associated with the animation. What will be your first step to troubleshoot the issue? a) Verify that the sound card is detected while booting. b) Verify that the sound card module is loaded. c) Contact the hardware engineer to solve the issue. d) Verify that the speaker is connected, switched on, and is working properly. 5. You have configured a modem to communicate with your sales team in different locations. However, you are not able to dial in using the modem. What will be your next step after verifying whether the modem is connected properly to the system and powered on? a) Verify that the modem speed is set properly. b) Verify that the serial port settings are correct. c) Verify that the telephone line is connected properly to the modem. 6. Which command will you use to verify serial port settings? a) setserial -q b) setserial -v c) setserial -a d) setserial -z

Lesson 11 Follow-up
In this lesson, you have acquainted yourself with various troubleshooting strategies in Linux. This will enable you to tackle most of the issues arising while working with Linux-based systems.
1. When will you troubleshoot the boot loader? Why? Answers will vary, but may include: 1. Boot loader troubleshooting must be carried out in cases when the system is unable to boot from the selected kernel, module, or root partition. It should also be checked when the various options for the boot loader, such as default, timeout, and password protection do not function properly. 2. Under what circumstances would you troubleshoot the system environment? Why? Answers will vary, but may include: 1. The system environment must be troubleshot in cases when the kernel does not load properly, hardware devices do not initialize, and services do not run properly.

Lesson 11: Troubleshooting Linux Systems

305

FOLLOW-UP

Follow-up
In this course, you administered systems and services. This will enable you to congure, manage, and troubleshoot Linux systems.
1. What are they key tools of Linux that will ease the tasks of a system administrator? Answers will vary, but may include: 1. Linux has various tools that can be used for specific purposes to ease the tasks of a system administrator. Some of the tools include fdisk, dmesg, and mdadm. 2. Which system feature should be managed properly to maintain the integrity of the system? Answers will vary, but may include: 1. There are various services that should be managed to maintain system integrity. Some of the services include filesystem checking, boot loader setup, system initialization, remote connectivity, and networking. Their level of management depends on the systems vulnerability to viruses and malicious programs. 3. What are the probable issues that might arise while working with Linux systems? Answers will vary, but may include: Some of the issues that arise when working with Linux are boot loader problems, run level issues, kernel panic, filesystem corruption, and network failure.

Whats Next?
The next course in this series is Networking and Security Administration of Red Hat Linux 5. In this course, you will learn to congure common network services and monitor system security using Red Hat Enterprise Linux.

306

System Administration of Red Hat Linux 5

APPENDIX A

APPENDIX A
Managing Users and Groups
You have worked with large networks. But as an administrator of your office network, you may be required to manage hundreds of users and groups.

User Account Management Commands


Managing user accounts involves creating user accounts, removing them, and modifying their various attributes. Different commands and options in Linux enable you to manage user accounts.

Command Syntax
useradd [options] {username} userdel [options] {username} usermod [options] {username} newusers {filename}

What It Does
Creates a new user or updates user information for existing users. Removes a user account and cleans up les associated with the users home directory. Alters the attributes of a user account. Creates multiple users at a time.

The useradd Command Options


The useradd command supports different options that enable you to specify attributes of user accounts even at the time of their creation. Some of the commonly used options are listed here.

Use This Command


useradd -r special username useradd -n username useradd -e {YYYY-MM-DD} {username} useradd -o username

If You Need To
Create a system user account or a special account. Create user account without UPG. Create a user account with the expiry date specied. Create a user account with a non-unique UID.

Appendix A: Managing Users and Groups

307

APPENDIX A
Use This Command
useradd -G {List of supplementary groups} useradd -u {UID}{username} useradd -D {options} {username}

If You Need To
Create a user account with the list of supplementary groups listed at the time of creation. Create a user account with the UID specied. Update user information for existing users.

The useradd Command Options


The useradd command supports different options that enable you to specify attributes of user accounts even at the time of their creation. Some of the commonly used options are listed here.

Use This Command


useradd -r special username useradd -n username useradd -e {YYYY-MM-DD} {username} useradd -o username useradd -G {List of supplementary groups} useradd -u {UID}{username} useradd -D {options} {username}

If You Need To
Create a system user account or a special account. Create user account without UPG. Create a user account with the expiry date specied. Create a user account with a non-unique UID. Create a user account with the list of supplementary groups listed at the time of creation. Create a user account with the UID specied. Update user information for existing users.

Modifying User Accounts


Modifying a user account includes changing a users name, default groups, user ID number (UID), or passwords. You can use the usermod command or use your systems administration utilities. The following table lists some of the user account properties you can modify.

Option
-c -d -e -f

Modies
The users comment eld in the /etc/passwd le. The users login or home directory. The date when the users account is to be disabled. The number of days after a password expires until the account is permanently disabled. To disable the account as soon as the password expires, enter the value 0; to disable this feature, enter the value -1. The users initial login group, which must be an existing group. The list of other groups that the user is also a member of. Separate group names with a comma and no white space. The group must exist so that the user can be added to it. The user name for the specied user.

-g -G

-l

308

System Administration of Red Hat Linux 5

APPENDIX A
Option
-p -s -u -L -U

Modies
The encrypted password. The users login shell. A blank in this option species to use the default login shell. The users UID, which must be a unique number. The users account, locking it. An exclamation mark is added to the beginning of the encrypted password, which disables the password. The users account, unlocking it. The exclamation mark is removed from the password.

Modifying User Accounts


Modifying a user account includes changing a users name, default groups, user ID number (UID), or passwords. You can use the usermod command or use your systems administration utilities. The following table lists some of the user account properties you can modify.

Option
-c -d -e -f

Modies
The users comment eld in the /etc/passwd le. The users login or home directory. The date when the users account is to be disabled. The number of days after a password expires until the account is permanently disabled. To disable the account as soon as the password expires, enter the value 0; to disable this feature, enter the value -1. The users initial login group, which must be an existing group. The list of other groups that the user is also a member of. Separate group names with a comma and no white space. The group must exist so that the user can be added to it. The user name for the specied user. The encrypted password. The users login shell. A blank in this option species to use the default login shell. The users UID, which must be a unique number. The users account, locking it. An exclamation mark is added to the beginning of the encrypted password, which disables the password. The users account, unlocking it. The exclamation mark is removed from the password.

-g -G

-l -p -s -u -L -U

Appendix A: Managing Users and Groups

309

APPENDIX A
The userdel Command
The userdel command modies the system account les, deleting all entries that refer to login. The named user must exist for the command to work. The userdel command will not allow you to remove an account if the user is currently logged in. You must kill any running processes that belong to an account you are deleting. The -r option will delete the les in the users home directory, along with the home directory itself, and the users mail spool. Files located in other le systems will have to be searched for and deleted manually.

The chage Command


The chage command changes the user password expiry information. It changes the number of days between password changes and the date of the last password change. Based on this information, the system determines when users need to change their passwords. The chage command is restricted to the root user, except when used with the -l option.

Use This chage Command Option


-l -m Minimum days -M Maximum days -W Warning -E YYYY-MM-DD

If You Need To
List the password aging information. Set the minimum number of days between password changes. Set the maximum number of days for the password to be valid. Set the duration to notify before a password change. Set the duration for the user account to be valid.

User Proles
A user prole is a set of options, preferences, bookmarks, and other user items that characterize a user. User proles dene settings such as network resources, data, attributes, and permissions that the system assigns to a user, and these settings are retained for every session. The user can specify a name for the user prole. Otherwise, the prole will be called a Default User. Each user can create several user proles for business or personal use.

Global User Proles


A global user prole is a set of options, preferences, bookmarks, stored messages, attributes, permissions, and other user items that a user has access to in whichever system he logs in. Global user proles are stored on the server. Each time a user logs in, data in the global prole is copied to the local machine. While the user is logged in, any changes made to the settings affect only the local copy of the prole. The global user prole settings are stored in the /etc/ prole le. These settings are copied onto local machines at the time of logging in.

Skel Directories
When a user is created, the skel directory stores a copy of the les and directories placed in the home directory of the new user. The skel directory path is /etc/skel. All new users begin with the same settings. Modications made to the skel directory affect only new users, and not existing ones. The /etc/skel directory is used by the /usr/sbin/useradd program.

310

System Administration of Red Hat Linux 5

APPENDIX A
Group Management Commands
Managing groups involves creating groups, removing them, and modifying their various attributes. Different commands and options in Linux enable you to manage group accounts.

Command Syntax
groupadd Group name gpasswd Group name groupmod -n {New name} {Old name} groupmod -g GID groupdel Group name

Function
Creates a new user group. Sets a new password for the user group. Renames a group. Modies the Group ID (GID) number. Deletes a user group.

Special Permissions
Special permissions are used when normal permissions become inadequate, usually in the case of processes. Through special permissions, less privileged users are allowed to execute a le that can usually be run only by the root user. Set User ID, or SUID, is the permission that allows a user who executes a le to have similar permissions as the user owner of the le. Set Group ID, or SGID, is the permission that allows a user who executes a le to have similar permissions as the group owner of the le.

The SUID and SGID Permissions


The set user ID and set group ID commands are powerful tools that enable users to perform tasks without the other problems that could arise with the user having the actual permissions of that group or user. However, these can be dangerous tools too. If you change the permissions on a le to be either SUID or SGID, keep these two things in mind: Use the lowest permissions needed to accomplish a task. If possible, dont give a le an SUID or SGID of root. A user with fewer privileges often can be congured to perform the task. Watch for back doors. If a user runs a program with the SUID set to root, then the user retains root as the effective user ID when the user goes through the back door. The following can be used as back doors: Programs that enable you to shell out. Programs with multiple entrances and exits.

Default Permissions
In Linux, default permissions are assigned to newly created les and directories based on user privileges. For les and directories created by the root user, the default permissions are 644 and 755. In the case of less privileged users, Linux assigns a permission of 664 for newly created les and 775 for newly created directories. These default permissions are determined by the user le creation mask or umask. However, this may be altered by the administrator.

Appendix A: Managing Users and Groups

311

APPENDIX A
ACL
The Access Control List or ACL is a list of permissions attached to an object. Traditionally, a le object in Linux is associated with three sets of permissionsread (r), write (w), and execute (x) for the three user groupsle owner, group, and other. ACLs can be used for situations where the traditional le permission concept does not suffice. They allow the assignment of permissions to individual users or groups even if these do not correspond to the owner or the owning group. ACL can be managed at lesystem level, or at the le and directory level. To nd out the ACL specications of a le, you can use the getfacl command. To set the access control specications for les and directories, you can use the setfacl command with its different options.

Advanced Permission Commands


Advanced permission commands can be used effectively to set special le or directory access rights for users.

Command Syntax
chmod u{operator}s {File name} chmod g{operator}s {Directory name} chmod o{operator}t File name umask Value chattr Operatori File/Directory name

Used To
Set SUID for a le. Set SGID for a directory. Set the sticky bit for a le. Set the default le creation mode. Set the immutable ag for a le or directory.

312

System Administration of Red Hat Linux 5

APPENDIX B

APPENDIX B
System Administration of Red Hat Linux 5 (Objective Mapping for Exam Red Hat Linux System Administration (RH131))
RH 131 Objective
Unit 1: Package Management Manage software on system using yum, Red Hat Network, and RPM. Unit 2: System Initialization Dene boot process, recover system, and manage service startup.

Element K Course Reference


Lesson 2, Topics A, C and D

Lesson 1, Topic A Lesson 11, Topic A Lesson 1, Topic D

Lesson 3, Topics A, B, C, D, E, F, and G Unit 3: Kernel Services Explore kernel modules and variants, tune kernel parameters, manage devices, and monitor processes and resources. Unit 4 - System Services Congure and access various consoles to manage system logging, time synchronization, printers, and task automation. Unit 5 - Filesystem Management Expand storage by adding new lesystems and swap space. Congure autofs for on-demand network storage. Lesson 5, Topics A and C

Lesson 6, Topic B and D

Appendix B: System Administration of Red Hat Linux 5 (Objective Mapping for Exam Red Hat Linux System Administration (RH131))

313

APPENDIX B
RH 131 Objective
Unit 6 - User Administration Create, modify and delete users, groups, and policy. Escalate privileges. Establish collaborative group directories. Unit 7 - Network Conguration Congure dynamic and static network settings for both IPv4 and IPv6. Unit 8 - Advanced User Administration Revisit user administration by connecting to network directory services like NIS and LDAP. Protect users and groups through ACLs, quotas, and SELinux. Unit 9 - Advanced Filesystem Management Back up your data. Manage lesystems using Software RAID and Logical Volume Management. Unit 10 - Installation Perform both interactive and automated installations of Red Hat Enterprise Linux. Unit 11 - Virtualization with Xen Install the xen environment and create a paravirtualized user domain running Red Hat Enterprise Linux.

Element K Course Reference


Refer to Appendix A

Lesson 8, Topic A, B, and E

Lesson 8, Topics D, F and G

Lesson 7, Topics D, B and C

Lesson 9, Topics A and B

Lesson 10, Topics A and B

Unit 12 - Troubleshooting Lesson 1, Topic D Explore troubleshooting methodologies while Lesson 11, Topic A and B dening standard things to check. Maintain system from different runlevels. Utilize the rescue environment of anaconda.

314

System Administration of Red Hat Linux 5

APPENDIX C

APPENDIX C
System Administration of Red Hat Linux 5 (Objective Mapping for Exam RH202)
Red Hat Certied Technician (RHCT) or RH202 certication exam is a performance-based test that measures actual competence on Linux systems. RHCT requires passing a three-hour hands-on exam. It evaluates students on system installation, conguration, troubleshooting, and maintenance skills. In order to meet the objectives of this exam, candidates should have the pre-requisite knowledge of Red Hat Linux Essentials (RH033) and Red Hat System Administration (RH131). Therefore, Red Hat Linux Essentials (RH033) and Red Hat Linux System Administration (RH131) courses have been bundled to enable adequate coverage for the RH202 exam. Red Hat Linux Essentials (RH033) introduces the student to Red Hat Linux, and enables the student to perform basic tasks such as personalizing the operating system, organizing the le system, managing users and groups, automating tasks, and prioritizing processes on a computer equipped with Red Hat Enterprise Linux 5. Red Hat Linux System Administration (RH131) introduces the student to basic networking and client-server architecture. It also equips the student with system administration skills to perform system conguration, maintenance, and troubleshooting tasks.

Appendix C: System Administration of Red Hat Linux 5 (Objective Mapping for Exam RH202)

315

NOTES

316

System Administration of Red Hat Linux 5

LESSON LABS

LESSON LABS
Due to classroom setup constraints, some labs cannot be keyed in sequence immediately following their associated lesson. Your instructor will tell you whether your labs can be practiced immediately following the lesson or whether they require separate setup from the main lesson content. Lesson-level lab setup information is listed in the front of this manual in the course setup section.

LESSON 1 LAB 1
Exploring the Boot Sequence
Please ensure that the course setup is completed before commencing with the ofine practice activities.

Scenario: As a junior administrator, you have been instructed to acquaint yourself with the system initialization sequence because it will help you troubleshoot any issues that may arise when loading the operating system on the computer. So, you decide to examine the system initialization process.

Please ensure that the course setup is completed before commencing with the ofine practice activities.

1. 2. 3. 4.

Configure BIOS. Configure the boot loader. Examine kernel and init initialization. Change runlevels.

Lesson Labs

317

LESSON LABS

LESSON 2 LAB 1
Managing Packages
Scenario: You have been assigned the task of managing a few systems in the network. You need to update all the systems with the gawk packages. You decide to set up a centralized repository.

1. 2.

Create a repository. Install the package using the yum package manager.

LESSON 3 LAB 1
Exploring the Kernel Services and Conguration
Scenario: The system administrator is responsible for monitoring the performance of kernels to ensure smooth running of the systems. You therefore decide to acquaint yourself with the various kernel services and how to congure them.

1. 2. 3. 4.

Create an initrd image. Explore the hardware devices connected to the system. Monitor the currently running processes in the system. Configure the kernel with /proc.

318

System Administration of Red Hat Linux 5

LESSON 4 LAB 1
Conguring the Linux Graphical User Interface
Data Files: A.D. MONO.ttf Setup: If students are going to perform this lab activity immediately after Lesson 3, they need to copy the data les from the 085993Data/Graphical_Interface/ directory in the student data CD to the users root directory. However, if they are going to perform it outside the classroom environment, they need to have the following setup: 1. 2. A system running Red Hat Enterprise Linux 5 with the CLI components installed. Data les extracted from the 085993Data/Graphical_Interface/ directory in the student data CD to the users root directory.

LESSON LABS

Scenario: The system allocated to a new employee has the command line interface but not the graphical user interface. He has requested you to congure the GUI based on the following specications: Set the screen resolution as 800x600 and color to millions of colors. Install the font A.D. MONO.ttf. Select the newly installed font and set the font size as 16 in KDM. Position the panel on the top-left corner of the screen. Make the panel bigger than the default size.

1. 2.

Install the Linux GUI. Customize the KDM window environment.

Lesson Labs

319

LESSON LABS

LESSON 5 LAB 1
Managing System Services
Scenario: You are the system administrator of your organization. You are asked to provide a system to a junior administrator. Part of the junior administrators tasks include: Maintenance of system logs. Remote system management. Setting up reminders for employees to backup their data at 4:30 P.M daily.

1. 2. 3. 4.

Configure the log service to log the debug messages in the debug.log file. Configure the machine as a log server to accept the log from other machines. Activate the VNC server in the machine for remote management. Create a reminder for employees to backup their data at 04:30 P.M daily.

LESSON 6 LAB 1
Managing Partitions
Scenario: As a system administrator, you will need to set up systems for new employees. You are required to congure their hard disks and separate the user accessible areas on the disk from the sensitive ones that contain system and software information. You must also populate the partitions with lesystems and ensure easy identication of the partitions. The users requirements are as follows: Size of partition user: 10000M. Size of partition root: 10000M. You are also required to create a lesystem called company policies and place it in the user partition.

1.

Create partitions.

320

System Administration of Red Hat Linux 5

2. 3. 4.

Add labels to the newly created partitions. Create filesystems. Mount the filesystems on the partitions.

LESSON LABS

LESSON 7 LAB 1
Implementing Filesystem Services
Scenario: Your are working as a junior system administrator in a support center. Users in your organization register system administration issues with the support center. A number of new users have currently joined your network. Your senior manager has allocated the following tasks to you. Set user disk quota on Doug Smiths workstation based on the following details: 1. Blocks soft limit=175 2. 3. 4. 5. 6. Blocks hard limit=150 Inodes soft limit=600 Inodes hard limit=500 Fault tolerance should be built into the hard disk, which stores sensitive information. Data backup should be implemented on the hard disk to avoid data loss.

1. 2. 3.

Set the disk quota on Doug Smiths workstation. Implement RAID on the hard disk. Backup the data on the hard disk.

Lesson Labs

321

LESSON LABS

LESSON 8 LAB 1
Conguring Network Services
Scenario: In your organization, the network was created by hardware professionals. As a system administrator, you have been assigned the task of conguring the network and related services for sharing information.

1. 2. 3. 4.

Configure a network using static IP addressing. Enable the host name to IP resolution. Configure routing. Configure the NIS server and clients.

LESSON 9 LAB 1
Installing Red Hat Linux
Setup: If students are going to perform this lab activity immediately after Lesson 8, they need to delete the existing partitions and complete the installation. However, if they are going to perform it outside the classroom environment, they need to have the following setup: 1. A system that meets the minimum hardware requirement to host Red Hat Linux. 2. Red Hat Enterprise Linux 5 installation CDs.

Scenario: You need to install Red Hat Enterprise Linux 5 on a system with default settings. The system has 512 MB RAM and a 40 GB hard disk and is intended for a single user, who does not require the Graphical User Interface and needs only the Command Utility Interface. Before installing, ensure that the system is set to boot from the CD-ROM drive.

1. 2.

Start a default installation. Partition the disk.

322

System Administration of Red Hat Linux 5

3.

Complete installation without creating a boot disk.

LESSON LABS

LESSON 10 LAB 1
Implementing Virtualization
Scenario: Your company has a couple of projects lined up and is using all hardware resources available to complete its projects. However, you nd that some users are using separate hardware devices to run minor applications, whereas they could be used for other projects. You decide to free the hardware for other projects by implementing virtualization on user systems.

1. 2. 3.

Install packages for Xen on user systems. Implement Xen virtualization on systems. Add guest domain Us.

LESSON 11 LAB 1
Troubleshoot Linux System Issues
Scenario: As a system administrator, you might encounter many system issues, which have to be rectied to restore the system or its services. So, you decide to refresh your knowledge about troubleshooting Linux system issues.

1.

What is the first step in troubleshooting a corrupt X window system? a) Switch to run level 3 to fix the issue. b) Switch to run level 0 to fix the issue. c) Switch to run level 6 to fix the issue. d) Switch to run level 5 to fix the issue.

2.

Thesystem-config-displaycommand is used to check the display settings.

Lesson Labs

323

LESSON LABS

3.

In which file should the name server entry be defined to resolve domain name to IP address by the domain name server? a) /etc/hosts b) /etc/host.conf c) /etc/resolv.conf d) /etc/sysconfig/network

4.

Which command statement will enable IP forwarding permanently? a) echo 0 > /proc/sys/net/ipv4/ip_forward b) define net.ipv4.ip_forward as 0 in /etc/sysctl.conf c) define net.ipv4.ip_forward as 1 in /etc/sysctl.conf d) echo 1 > /proc/sys/net/ipv4/ip_forward

5.

Which of these commands is used to repair a broken filesystem? a) e2fsck b) mkfs c) fsck d) dump2fs

6.

Which command is used to check if the work warning occurred in the /var/log/ messages file? a) tail warning /var/log/messages b) head warning /var/log/messages c) grep warning /var/log/messages d) find warning /var/log/messages

7.

Which of these is used to change the run level permanently to 3? a) telinit 3 b) define si:3:sysinit:/etc/rc.d/rc.sysinit in /etc/inittab file c) init 3 d) define default = 3 in /boot/grub/grub.conf

8.

The/etc/syslog.conf file needs to be edited in order to configure the system log information. Which of these commands is used to debug the execution of a program? a) strings b) strace c) traceroute d) pstree

9.

10. Which command is used to determine if a specific package is installed in the system? rpm -qa or rpm -q <package name>

324

System Administration of Red Hat Linux 5

11. Which command is used to view all information about the kernel? uname -a uname 12. Which of these is used to define the label /boot for the device /dev/hda2? a) e2label /dev/hda2 /boot b) e2label /boot /dev/hda2 c) e2label /boot d) e2lable /dev/hda2 13. If the boot loader screen does not appear, what might be the possible cause and solution? Possible cause: The GRUB might not been configured properly. Solution: Configure the /boot/grub/grub.conf in the rescue mode or Install the grub again in the rescue mode. 14. If the grub> prompt appears, then what might be the possible cause and solution? Possible cause: The GRUB might have been corrupted. Solution: Configure the /boot/grub/grub.conf in the rescue mode or Install the grub again in the rescue mode. 15. If the kernel loads but /etc/rc.d is cause an issue, what might be the possible causes? And what is the solution? Possible cause: (1) The /etc/fstab might have an error. (2) The fsck might have failed. Solution: (1) In the rescue mode fix the /etc/fstab file. (2) In the rescue mode run the fsck command manually. 16. If the /etc/inittab file is corrupted, which mode is normally used to work on the system? Single-user mode: s, S, single

LESSON LABS

Lesson Labs

325

NOTES

326

System Administration of Red Hat Linux 5

GLOSSARY

GLOSSARY
/etc/syslog.conf The le that controls where syslogd records system logs. ACL (Access Control List) A list of permissions attached to an object. Anacron A daemon that executes commands at intervals, which are specied in days, without requiring the computer system to be running continuously. at The command used to execute a given set of commands at a specied time. automount A program that is used to mount and unmount the lesystem automatically. BIND (Berkeley Internet Name Domain) A domain name service that resolves host names to IP addresses. BIOS (Basic Input/Output System) A low-level software that acts as the interface between the hardware and the operating system in a computer. boot loader A program that loads the kernel from a hard drive or boot disk and then starts the operating system. boot process The process of starting or restarting your computer by loading the operating system from your hard drive. checksum A numerical value that enables a computer to verify that data was received intact. createrepo An rpm used to create yum repositories. cron A daemon that runs in the background on a Linux system and executes specied tasks at a designated time or date. crontab The le that contains instructions dening the tasks to be executed by a cron. daemon A background program that runs unattended and is usually invisible to the user; it provides important system services. data dump A copy of the raw data in memory copied to a le. It can also be a copy of the contents of one location to another. default gateway A gateway that acts as a network segments access point to all other external networks and therefore, the connection to the Internet. device driver A software program that enables a computers operating system to identify the characteristics and functions of a hardware device, communicate with it, and control it. device management A process that involves interfacing between user applications and the hardware devices of the computer.

Glossary

327

GLOSSARY
device node An access point to the device drivers that is used while mapping service requests with device access. device tree A structure that lists all hardware devices installed in the computer and assigns device nodes to them. It is auto generated by the computers operating system. disk quota The specic amount of disk space that is allotted to a user for le storage on a computer. display manager A program that controls the look and feel of a desktop environment. DMA (Direct Memory Address) A method by which hardware devices directly communicate with the memory to obtain memory allocation without going through the processor. DNS (Domain Name System) A distributed, hierarchical database system that maintains information about host names and their equivalent IP addresses on the Internet. It uses this information to translate the URL of a web resource into its numeric IP address for identifying and locating the resource over the Internet. Domain 0 The domain started by the Xen hypervisor, when the system boots. domain name A unique name that identies a website on the Internet. A period is used to separate the labels of domain names. Domain U The domain of the virtualized system that does not have the privileges of a root user. domain An organizational unit on the Internet such as educational, commercial, or government units that is identied by a unique name. dump The utility that dumps all the les in a lesystem to a tape or another le. exports le A conguration le that is used to export the lesystem. fdisk A utility program that is used for creating, modifying, or deleting partitions on a disk drive. File Synchronization The process of maintaining an up-to-date version of a le present in multiple locations. lesystem integrity The correctness and validity of a lesystem. lesystem management A process that involves storing and organizing les and data on the computer and keeping track of it. lesystems The methods and data structures that an operating system uses to organize and manage les on disk rewall A software program or a hardware device that protects a network or system from unauthorized data by blocking unrequested traffic. font path A collection of paths in the lesystem where font les are stored. FQDN (Fully Qualied Domain Name) is the combination of the host name, the domain name, the sub domains (if any), and the top-level domain. It is used to identify a network resource on a world-wide network. fsck The command used to check the integrity of a lesystem. gateway A device, software, or system that converts data between incompatible systems.

328

System Administration of Red Hat Linux 5

GLOSSARY
gdm (GNOME Display Manager) The default display manager for Red Hat Linux. global user prole A description of the settings, preferences, bookmarks, stored messages, attributes, permissions, and other user items that a user has access to in whichever system he logs in. gnome-mount package A package used to mount and unmount drives and volumes from the gnome desktop environment. gnome-system-monitor A graphical utility that is used to monitor the system processes, resources, and lesystems. grace period The time limit before the soft limit is enforced for a lesystem with quota enabled. GRUB (GRand Unied Bootloader) A program that Linux uses to install a boot loader to the MBR. HAL (Hardware Abstraction Layer) is a logical interface that enables the software applications of a system to interact with hardware devices at an abstract level through system calls. hard limit The absolute limit on the disk usage that a quota user has on a partition. host name The unique descriptive name given to a network node on a TCP/IP network. It is easier for users to deal with host names than directly with the IP address. hypervisor A virtualization tool that enables the virtual system to run software in paravirtualization. I/O address (Input/Output address) An address used to identify the requests sent to or from hardware device. init process The most important process in the system controlling the standalone processes running on the system. The init process can be controlled by the /etc/inittab le. initrd image An archived le containing all the essential les that are required for booting the operating system. initrd The initial ramdisk that is temporarily mounted as the root lesystem for loading the start up programs and modules that were loaded during the boot process. inittab A le that stores the details of the init process. IP (Internet Protocol) A protocol responsible for the addressing of data units that are transmitted over networks. It ensures that the data reaches the correct destination. IPng (IP Next Generation) Also known as IPv6, it is a new version of IP, being implemented on the Internet. IPv4 (IP Version 4) An older version of IP, which is being replaced by IPv6 with extended features. IPv6 (IP Version 6) A new version of IP, which is being implemented on the Internet. Also called IP Next Generation (IPng). IRQ (Interrupt ReQuests) A signal sent by a hardware device to the kernel to request processing time for performing an operation. kdm (K Display Manager) The display manager for KDE, or K Desktop Environment. kernel module A system-level function that extends the functionality of the kernel.

Glossary

329

GLOSSARY
LDAP (Lightweight Directory Access Protocol) A communication protocol that denes the transport and format of messages used by a client to access the directory service. Linux kernel The core constituent of the Linux operating system that manages all the other resources in the computer, such as lesystem access, memory, processes, devices, and resource allocation. Linux rescue environment A stand-alone Red Hat Enterprise Linux system for troubleshooting a corrupt existing Linux installation and making it run. local or private repositories Repositories stored in your system. LVM (Logical Volume Manager) A software tool that is used to manage the disk storage on a computer system. major number A major number, stored as a part of the structure of a device node, identies the device driver that controls a particular device. MBR (Master Boot Record) The rst physical sector on a bootable hard drive. memory management A process that involves mapping or allocating the available memory to applications or programs on request and freeing the memory automatically when the execution of the programs are completed, so that it can be allocated to other programs. minor number A minor number, stored as a part of the structure of a device node, identies a particular device installed on the computer. mkinitrd A command used to create the initial ramdisk image for pre-loading the kernel modules. modular kernel A kernel in which only a minimal set of essential modules are built-in. The rest of the modules can be installed and the kernel can be re-built whenever necessary. It is also known as a micro kernel or a dynamic kernel. monolithic kernel A kernel in which all the required modules such as device drivers or lesystems are builtin. mount point An access point to information stored on a local or remote storage device. NFS (Network File System) A networking protocol that allows a computer system to access les over a network or the Internet as though they were on the computers local disk. NIC (Network Interface Card) A small circuit board device that is installed in a computer to enable a computer to connect to a network. NIS (Network Information Service) A service that manages network information about the systems and users in the network. NTP (Network Time Protocol) A standard Internet protocol for synchronizing the internal system clock with a server or network clock. ntp.conf A le containing the conguration options for the NTP server. online repositories Repositories found on the Internet. OpenSSH A free version of the Secure SHell protocol that ensures secure communication by encrypting data transmitted over the Internet. package manager A tool that enables the installation, verication, upgrading, or removal of packages.

330

System Administration of Red Hat Linux 5

GLOSSARY
package A collection of classes, functions, or procedures that can be imported as a single unit. Paravirtualization A virtualization technique where computers with different hardware congurations are capable of running similar software. partition A section of a hard disk that logically acts as a separate disk. port An access-point to a logical connection. It serves as a point of exit and entry for data channels on a network. portmapper A program that an RPC application uses to register the port numbers they are using. POST (Power-On Self Test) A series of built-in diagnostics that are performed when the computer is started. Proprietary codes are generated to indicate test results. private key The key involved in public key authentication that is retained on the local system. public key The key involved in public key authentication that is made known to remote systems. quota report A report created by the system to view the usage of disk space by each user. RAID (Redundant Array of Inexpensive Disks) A method that is used to store the same data in different locations or multiple hard disks of a server or stand-alone disk storage system. raw device The section of a physical disk whose contents are not managed by the operating system. Red Hat Network Client A computer connected to the RHN Proxy or RHN satellite server. Red Hat Network Server The central server to which all RHN client systems are connected. Red Hat Network An Internet-based tool to update and manage systems running Red Hat Enterprise Linux. remote X session A session where the user on the remote workstation is able to view the X window of the host. repomd The XML metadata based on the rpm. repository The name of the database that holds the source code and compilations. router A networking device that connects multiple networks together. Routers send data between networks by examining and determining the best network path for the data to travel. routing table A table of network addresses used by routers to forward packets over networks. routing The process of selecting the best route for moving a packet from its source to destination on a network. RPC (Remote Procedure Call) A package that contains a collection of tools and library functions. RPCBIND A daemon that dynamically assigns ports to remote procedure calls for communication between clients and servers. RPM (RPM Package Manager) A tool for maintaining packages. rsync A utility that is used to synchronize les between systems.

Glossary

331

GLOSSARY
runlevel A setting that controls the number of processes running on the system. SCI (System Call Interface) An abstraction layer that handles function calls sent from user applications to the kernel. sector The smallest unit of storage read or written on a disk. SELinux (Security-Enhanced Linux) A security enhancement feature developed by the U.S. National Security Agency that implements various security policies in the Linux operating system. skel directory The location where the default les and directories created on adding a new user are stored. soft limit The maximum amount of disk usage that a quota user has on a partition. Software RAID RAID implemented using software that is applied in the kernel disk code. ssh-keygen A program that generates, manages, and converts authentication keys. SSH (Secure Shell) A network protocol that controls the secure ow of data among computers in a network. sub domains The secondary level of domains under the top-level domains in the domain hierarchy. superblock A data structure that is stored on disk and contains control information for a lesystem. Swap space A portion of the hard disk that is used in situations when Linux runs out of physical memory and needs more of it. syslogd A utility that is used to keep track of system logs. system logs Records of system activities that the syslogd utility keeps track of. TCP (Transmission Control Protocol) A protocol that handles the disassembling and reassembling of transmitted data units. It ensures that data is transferred reliably between computers on a network. TCP/IP (Transmission Control Protocol/Internet Protocol) The standard set of communication protocols used for networking. top-level domains The highest level of classication of domains in the domain hierarchy. true time The average time on a number of high accuracy clocks around the world. tunneling A protocol in which one protocol is layered over the other, for a layered model. udev A device manager that manages the automatic detection and conguration of hardware devices. user prole A description of the settings, preferences, bookmarks, stored messages, and other user items that characterize a user. VNC (Virtual Network Computing) A platformindependent system through which a user can control a remote system. window manager A program that controls the look and feel of a graphical user interface. X client An application that is written with the aid of the Xlib library.

332

System Administration of Red Hat Linux 5

GLOSSARY
X protocol The standard protocol used by clients and servers in the X Window System. X server A program that implements the graphical user interface service provided by the X Window System. X-station A terminal that is connected over a network and engineered to run the X Window System remotely. X.Org A free version of the X Window graphical user interface system for Linux. Xfs (X font server) A service that provides fonts to the X.Org server and the X client applications that connect to it. XTerm A screen for typing system commands for the X Window System. Yellow dog Updater, Modied (YUM) A package manager similar to RPM. zone A point of delegation in a DNS tree structure that maps to a domain.

Glossary

333

NOTES

334

System Administration of Red Hat Linux 5

INDEX

INDEX
/dev accessing drivers, 58 adding les, 59

A
access controls, 241 anacron system, 124 automount, 157

B
BIND, 221 BIOS, 3 boot loader, 4 boot manager, 4 boot media, 254 boot process, 2

sysctl, 69 system-cong-date, 102 tmpwatch, 122 virt-manager, 279 vncserver, 113 vncviewer, 113 xentop, 280 xvidtune, 80 Congure - KDesktop window, 87 cron, 120 delegating tasks, 125 jobs, 121

D
daemons, 18 data dump, 183 datagram, 211 default gateway, 212 dependency management, 25 device drivers, 57 device nodes major number, 57 minor number device trees, 57 devices problems, 300 repairing techniques, 301 disk druid, 250 disk partitioning, 131 Also See: partition types disk quota, 164 display managers gdm, 85 kdm DNS, 219 Domain 0, 272 domain management, 278 domain names, 219 vs. host names, 219

C
character devices, 184 Also See: raw devices checksum, 192 cold plug vs. hot plug, 57 color depth, 80 commands at, 124 createrepo, 31 repomd dump, 183 ethtool, 227 fsck, 140 ifcong, 202 logrotate, 122 mkinitrd, 52 mkswap, 143 mount, 152 quotacheck, 165 restore, 188 ssh-keygen, 110 switchdesk, 88

Index

335

INDEX
Domain U, 272 domains, 216 top-level, 217 sub drift les, 103 host names, 218 hypervisor, 271

I
init process, 14 initrd, 52 initrd image, 52 installing fonts, 80 IP addresses, 204 IPng See: IPv6 IPv4, 204 checking connectivity, 214 conguring default gateway, 212 conguring route, 213 IPv6, 204 checking connectivity, 215 conguring default gateway, 214 conguring route, 214

F
le synchronization, 191 les, 103 Also See: drift les ntp.conf /etc/syslog.conf, 101 crontab, 120 exports le, 151 fstab, 133 inittab, 17 kickstart, 263 modprobe.conf, 49 netgroup, 233 securenets, 233 system crontab, 123 user crontab xorg.conf, 81 Filesystem Hierarchy Standard, 140 lesystems, 139 exporting, 151 integrity, 140 setting disk quota, 166 rewalls, 250 font paths, 76 FQDN, 219

J
journaling lesystems, 140

K
kernel conguration types, 69 kernel initialization, 13 kernel layers, 43 device management, 44 lesystem management, 43 memory management, 43 process management, 43 SCI, 43 kernel module utilities insmod, 47 lsmod, 47 modinfo, 47 modprobe, 48 kernel modules, 46 kernel types modular, 44 monolithic, 44 kernel versions, 43

G
gateways, 212 Getty programs, 14 global user prole, 310 gnome-mount package, 158 GRUB, 7 booting from the Menu Editing Mode, 10 installing, 10 securing, 10

H
HAL, 62 Hanoi sequence, 185 hardware communication channels DMA, 62 I/O Address, 61 IRQ, 61 hardware devices, types of, 58

L
LDAP, 234 Linux Anaconda installer, 249 conguring, 252 installation, 248 kickstart, 263

336

System Administration of Red Hat Linux 5

INDEX
Linux kernel, 42 Linux Rescue Environment, 289 Logical Volume Manager, 176 architecture, 177 components, 177 snapshots, 179 tools, 178

R
RAID, 169 Also See: software RAID levels, 171 raw devices, 184 Also See: character devices Red Hat Network, 37 Red Hat Network Client, 38 Red Hat Network Server, 37 refresh rate, 79 remote X sessions, 77 repositories, 30 online, 31 local or private resolution, 79 routers, 210 routing, 210 routing tables, 211 RPC, 150 RPCBIND, 149 RPM commands, 26 components, 27 packet manager, 26 queries, 27 verication, 27 runlevels, 16 switching, 18 types, 17 using command line tools, 19 using graphical tools, 19

M
MBR, 5 mdadm tool, 171 mount points, 142

N
network interface settings, 226 network interfaces, 201 Network Time Protocol, 103 NFS, 149 NIC, 201 NIS, 231 components, 232 maps, 232

O
OpenSSH, 110

P
package manager, 25 packages, 24 packet-switching technology, 211 packets, 211 paravirtualization, 270 partition types, 131 Also See: disk partitioning partitions, 130 partprobe program, 135 portmapper, 150 ports, 199 POST, 3 private key, 110 public key, 110

S
sectors, 5 Secure Shell, 110 security context, 245 security policies, 243 SELinux, 242 SGID permissions, 311 skel directory, 310 software RAID, 170 Also See: RAID software vs. hardware RAID, 171 special permissions, 311 SSH communication, 113 SUID permissions, 311 superblock, 4 swap les, 143 swap partitions, 143

Q
quota reports soft limit, 165 hard limit grace period

Index

337

INDEX
swap space, 143 synchronization, 192 syslog conguring, 104 facilities, 102 severities, 101 system load, 65 system logs, 100 Xen daemon, 278 xm interface, 279 xterm conguring, 95 XTerm, 93

Y
YUM commands, 34 package manager, 34

T
TCP/IP TCP, 198 IP troubleshooting strategies, 288 true time, 103 tunneling, 112

Z
zones, 221

U
udev, 56 user prole, 310 utilities dump, 185 dumpe2fs, 141 fdisk, 132 for kernel state monitoring, 64 for memory monitoring, 65 gnome-system-monitor, 66 Kickstart Congurator, 263 logwatch, 123 mke2fs, 141 rsync, 191 sfdisk, 134 syslogd, 101 tune2fs, 141

V
virtual network computing, 112 volume number, 189

W
window managers, 92

X
X clients, 75 X customization, 78, 79, 80 X font servers, 76 X protocols, 74 X servers, 74 X-stations, 78 X.Org, 74

338

System Administration of Red Hat Linux 5