Page 1 Red Hat Enterprise Linux 3 System Administration Guide...
Page 2 All other trademarks and copyrights referred to are the property of their respective owners. The GPG ﬁngerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E...
Page 3: Table Of Contents
Table of Contents Introduction............................i 1. Changes to This Manual ......................i 2. Document Conventions ......................ii 3. More to Come ........................v 3.1. Send in Your Feedback ..................v 4. Sign Up for Support ......................v I. File Systems............................i 1.
Page 4 II. Installation-Related Information....................37 9. Kickstart Installations ......................39 9.1. What are Kickstart Installations? ................. 39 9.2. How Do You Perform a Kickstart Installation? ........... 39 9.3. Creating the Kickstart File ................... 39 9.4. Kickstart Options ....................40 9.5. Package Selection ....................55 9.6.
Page 5 III. Package Management ......................101 16. Package Management with RPM..................103 16.1. RPM Design Goals ..................103 16.2. Using RPM ...................... 104 16.3. Checking a Package’s Signature ..............109 16.4. Impressing Your Friends with RPM ..............110 16.5. Additional Resources ..................112 17.
Page 6 25.2. Conﬁguring a DHCP Server ................181 25.3. Conﬁguring a DHCP Client ................185 25.4. Additional Resources ..................186 26. Apache HTTP Server Conﬁguration ................189 26.1. Basic Settings....................189 26.2. Default Settings....................191 26.3. Virtual Hosts Settings ..................196 26.4.
Page 7 35.7. Additional Information ..................248 36. Printer Conﬁguration ...................... 251 36.1. Adding a Local Printer..................252 36.2. Adding an IPP Printer ..................253 36.3. Adding a Remote UNIX (LPD) Printer ............254 36.4. Adding a Samba (SMB) Printer ............... 255 36.5.
Page 8 VII. Appendixes..........................315 A. Building a Custom Kernel....................317 A.1. Preparing to Build ..................... 317 A.2. Building the Kernel ................... 317 A.3. Additional Resources ..................319 Index..............................321 Colophon............................331...
Page 9: Introduction
Red Hat Enterprise Linux Security Guide. HTML, PDF, and RPM versions of the manuals are available on the Red Hat Enterprise Linux Docu- mentation CD and online at http://www.redhat.com/docs/. Note Although this manual reﬂects the most current information possible, read the Red Hat Enterprise Linux Release Notes for information that may not have been available prior to our documenta- tion being ﬁnalized.
Page 10: Document Conventions
Introduction Chapter 7 User-Deﬁned Device Names This new chapter explains how to use devlabel. Chapter 8 Access Control Lists This new chapter explains the how to use access control lists for ﬁles and directories. Chapter 9 Kickstart Installations This chapter has been updated to include new kickstart directives. Chapter 10 Kickstart Conﬁgurator This chapter has been updated to include the new options in Kickstart Conﬁgurator.
Page 11 Introduction command Linux commands (and other operating system commands, when used) are represented this way. This style should indicate to you that you can type the word or phrase on the command line and press [Enter] to invoke a command. Sometimes a command contains words that would be displayed in a different style on their own (such as ﬁle names).
Page 12 Introduction button on a GUI screen or window This style indicates that the text can be found on a clickable button on a GUI screen. For example: Click on the Back button to return to the webpage you last viewed. computer output Text in this style indicates text displayed to a shell prompt such as error messages and responses to commands.
Page 13: More To Come
If you spot a typo in the Red Hat Enterprise Linux System Administration Guide, or if you have thought of a way to make this manual better, we would love to hear from you! Please submit a report in Bugzilla (http://bugzilla.redhat.com/bugzilla/) against the component rhel-sag Be sure to mention the manual’s identiﬁer:...
Page 14 Introduction Note You must activate your product before attempting to connect to Red Hat Network. If your product has not been activated, Red Hat Network rejects registration to channels to which the system is not entitled. Good luck, and thank you for choosing Red Hat Enterprise Linux! The Red Hat Documentation Team...
Page 15: File Systems
I. File Systems File system refers to the ﬁles and directories stored on a computer. A ﬁle system can have different formats called ﬁle system types. These formats determine how the information is stored as ﬁles and directories. Some ﬁle system types store redundant copies of the data, while some ﬁle system types make hard drive access faster.
Page 17: The Ext3 File System
Chapter 1. The ext3 File System The default ﬁle system is the journaling ext3 ﬁle system. 1.1. Features of ext3 The ext3 ﬁle system is essentially an enhanced version of the ext2 ﬁle system. These improvements provide the following advantages: Availability After an unexpected power failure or system crash (also called an unclean system shutdown), each mounted ext2 ﬁle system on the machine must be checked for consistency by the...
Page 18: Converting To An Ext3 File System
Chapter 1. The ext3 File System 1.2. Creating an ext3 File System After installation, it is sometimes necessary to create a new ext3 ﬁle system. For example, if you add a new disk drive to the system, you may want to partition the drive and use the ext3 ﬁle system. The steps for creating an ext3 ﬁle system are as follows: 1.
Page 19 Chapter 1. The ext3 File System Then mount the partition again as ext2 ﬁle system by typing: mount -t ext2 /dev/hdb1 /mount/point In the above command, replace /mount/point with the mount point of the partition. Next, remove the ﬁle at the root level of the partition by changing to the directory where it .journal is mounted and typing: rm -f .journal...
Page 20 Chapter 1. The ext3 File System...
Page 21: Swap Space
Chapter 2. Swap Space 2.1. What is Swap Space? Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system needs more memory resources and the physical memory is full, inactive pages in memory are moved to the swap space.
Page 22: Removing Swap Space
Chapter 2. Swap Space Warning Changes take place immediately; be careful when you type. Exit by typing quit. • parted 3. Now that you have created the swap partition, use the command to setup the swap mkswap partition. At a shell prompt as root, type the following: mkswap /dev/hdb2 4.
Page 23: Moving Swap Space
Chapter 2. Swap Space 4. Remove the partition using parted At a shell prompt as root, type the command , where is the • parted /dev/hdb /dev/hdb device name for the hard drive with the swap space to be removed. At the prompt, type print to view the existing partitions and determine the •...
Page 24 Chapter 2. Swap Space...
Page 25: Redundant Array Of Independent Disks (Raid)
Chapter 3. Redundant Array of Independent Disks (RAID) 3.1. What is RAID? The basic idea behind RAID is to combine multiple small, inexpensive disk drives into an array to accomplish performance or redundancy goals not attainable with one large and expensive drive. This array of drives appears to the computer as a single logical storage unit or drive.
Page 26: Raid Levels And Linear Support
Chapter 3. Redundant Array of Independent Disks (RAID) 3.3.2. Software RAID Software RAID implements the various RAID levels in the kernel disk (block device) code. It offers the cheapest possible solution, as expensive disk controller cards or hot-swap chassis are not re- quired.
Page 27 Chapter 3. Redundant Array of Independent Disks (RAID) Level 4 — Level 4 uses parity concentrated on a single disk drive to protect data. It is better suited • to transaction I/O rather than large ﬁle transfers. Because the dedicated parity disk represents an inherent bottleneck, level 4 is seldom used without accompanying technologies such as write-back caching.
Page 28 Chapter 3. Redundant Array of Independent Disks (RAID)
Page 29: Logical Volume Manager (Lvm)
Chapter 4. Logical Volume Manager (LVM) 4.1. What is LVM? LVM is a method of allocating hard drive space into logical volumes that can be easily resized instead of partitions. With LVM, the hard drive or set of hard drives is allocated to one or more physical volumes. A physical volume can not span over more than one drive.
Page 30: Additional Resources
Chapter 4. Logical Volume Manager (LVM) Logical Volume Group (9.1 GB x 3) - 75 MB Logical Volume Logical Volume Free Space /home 20 GB 2 GB 5 GB Figure 4-2. Logical Volumes On the other hand, if a system is partitioned with the ext3 ﬁle system, the hard drive is divided into partitions of deﬁned sizes.
Page 31: Managing Disk Storage
Chapter 5. Managing Disk Storage Many users need to view the existing partition table, change the size of the partitions, remove parti- tions, or add partitions from free space or additional hard drives. The utility allows users to parted perform these tasks. This chapter discusses how to use to perform ﬁle system tasks.
Page 32: Viewing The Partition Table
Chapter 5. Managing Disk Storage Command Description Rescue a lost partition from start-mb to start-mb end-mb rescue end-mb Resize the partition from start-mb to resize minor-num start-mb end-mb end-mb Remove the partition rm minor-num Select a different device to conﬁgure select device Set the ﬂag on a partition;...
Page 33 Chapter 5. Managing Disk Storage Before creating a partition, boot into rescue mode (or unmount any partitions on the device and turn off any swap space on the device). Start , where /dev/hda is the device on which to create the partition: parted parted /dev/hda View the current partition table to determine if there is enough free space:...
Page 34: Removing A Partition
Chapter 5. Managing Disk Storage Warning Formatting the partition permanently destroys any data that currently exists on the partition. 5.2.3. Labeling the Partition Next, give the partition a label. For example, if the new partition is and you want to label /dev/hda3 /work e2label /dev/hda3 /work...
Page 35: Resizing A Partition
Chapter 5. Managing Disk Storage parted /dev/hda View the current partition table to determine the minor number of the partition to remove: print Remove the partition with the command . For example, to remove the partition with minor number rm 3 The changes start taking place as soon as you press [Enter], so review the command before committing to it.
Page 36 Chapter 5. Managing Disk Storage After resizing the partition, use the command to conﬁrm that the partition has been resized print correctly, is the correct partition type, and is the correct ﬁle system type. After rebooting the system into normal mode, use the command to make sure the partition was mounted and is recognized with the new size.
Page 37: Implementing Disk Quotas
Chapter 6. Implementing Disk Quotas Disk space can be restricted by implementing disk quotas so that the system administrator is alerted before a user consumes too much disk space or a partition becomes full. Disk quotas can be conﬁgured for individual users as well as user groups. This kind of ﬂexibility makes it possible to give each user a small quota to handle "personal"...
Page 38 Chapter 6. Implementing Disk Quotas 6.1.3. Creating Quota Files After each quota-enabled ﬁle system is remounted, the system is capable of working with disk quo- tas. However, the ﬁle system itself is not yet ready to support quotas. The next step is to run the command.
Page 39 Chapter 6. Implementing Disk Quotas Note The text editor deﬁned by the EDITOR environment variable is used by . To change the edquota editor, set the EDITOR environment variable to the full path of the editor of your choice. The ﬁrst column is the name of the ﬁle system that has a quota enabled for it. The second column shows how many blocks the user is currently using.
Page 40: Managing Disk Quotas
Chapter 6. Implementing Disk Quotas Like the other commands, this one opens the current quotas for the ﬁle system in the text edquota editor: Grace period before enforcing soft limits for users: Time units may be: days, hours, minutes, or seconds Filesystem Block grace period Inode grace period...
Page 41: Additional Resources
Chapter 6. Implementing Disk Quotas The easiest way to run it periodically is to use . As root, either use the command to cron crontab -e schedule a periodic or place a script that runs in any one of the following quotacheck quotacheck directories (using whichever interval best matches your needs):...
Page 42 Red Hat Enterprise Linux Introduction to System Administration; Red Hat, Inc. — Available at • http://www.redhat.com/docs/ and on the Documentation CD, this manual contains background in- formation on storage management (including disk quotas) for new Red Hat Enterprise Linux system...
Page 43: User-Deﬁned Device Names
Chapter 7. User-Deﬁned Device Names directory contains virtual ﬁles that represent devices. Each virtual ﬁle represents a device /dev/ for the system such as a storage device, USB device, or printer. These virtual ﬁles are called device names. Device names for IDE devices begin with , and device names for SCSI devices begin with .
Page 44 Chapter 7. User-Deﬁned Device Names devlabel add -d device symlink < > < > For example, to add the symbolic link to represent the partition, use the /dev/work /dev/hdb1 following command: devlabel add -d /dev/hdb1 -s /dev/work If the command was successful, the following is displayed: Created symlink /dev/work ->...
Page 45: How It Works
Chapter 7. User-Deﬁned Device Names This commands adds an entry for the mount point to and creates a /etc/sysconfig/devlabel symbolic link from . The option to speciﬁes /dev/usbcard /dev/sda1 --automount devlabel that the device should be automatically mounted when restarts if an entry for it is located devlabel and if the device exists (a device with the same UUID is found).
Page 46: Additional Resources
Chapter 7. User-Deﬁned Device Names 7.3. Additional Resources For more information concerning , refer to these resources. devlabel 7.3.1. Installed Documentation — The man page for discusses all of the options and includes a brief • man devlabel devlabel description of how it works. —...
Page 47: Access Control Lists
Chapter 8. Access Control Lists Files and directories have permission sets for the owner of the ﬁle, the group associated with the ﬁle, and all other users for the system. However, these permission sets have limitations. For example, different permissions can not be conﬁgured for different users. Thus, Access Control Lists (ACLs) were implemented.
Page 48 Chapter 8. Access Control Lists ACLs can be conﬁgured: 1. Per user 2. Per group 3. Via the effective rights mask 4. For users not in the user group for the ﬁle utility sets ACLs for ﬁles and directories. Use the option to add or modify the ACL setfacl of a ﬁle or directory:...
Page 49: Setting Default Acls
Chapter 8. Access Control Lists 8.3. Setting Default ACLs To set a default ACL, add before the rule and specify a directory instead of a ﬁle name. For example, to set the default ACL for the directory to read and execute for users not in the /share/ user group (an access ACL for an individual ﬁle can override it): setfacl -m d:o:rx /share...
Page 50: Compatibility With Older Systems
Chapter 8. Access Control Lists Option Description Creates an archive ﬁle. Do not extract the ﬁles; use in conjunction with show what extracting the ﬁles does. Replaces ﬁles in the archive. The ﬁles are written to the end of the archive ﬁle, replacing any ﬁles with the same path and ﬁle name.
Page 51 Chapter 8. Access Control Lists man page — Discusses how to get ﬁle access control lists • getfacl man page — Explains how to set ﬁle access control lists • setfacl man page — Explains more about the utility and its many options •...
Page 52 Chapter 8. Access Control Lists...
Page 53: Installation-Related Information
II. Installation-Related Information The Red Hat Enterprise Linux Installation Guide discusses the installation of Red Hat Enterprise Linux and some basic post-installation troubleshooting. However, advanced installation options are covered in this manual. This part provides instructions for kickstart (an automated installation tech- nique), system recovery modes (how to boot your system if it does not boot in the normal runlevel), how to conﬁgure RAID during installation, and how to conﬁgure LVM during installation.
Page 55: Kickstart Installations
Chapter 9. Kickstart Installations 9.1. What are Kickstart Installations? Many system administrators would prefer to use an automated installation method to install Red Hat Enterprise Linux on their machines. To answer this need, Red Hat created the kickstart installation method. Using kickstart, a system administrator can create a single ﬁle containing the answers to all the questions that would normally be asked during a typical installation.
Page 56: Kickstart Options
Chapter 9. Kickstart Installations sections — These two sections can be in any order and are not required. %pre %post • Refer to Section 9.6 Pre-installation Script and Section 9.7 Post-installation Script for details. Items that are not required can be omitted. •...
Page 57 Chapter 9. Kickstart Installations --enablemd5 Use md5 encryption for user passwords. --enablenis Turns on NIS support. By default, uses whatever domain it ﬁnds on the --enablenis network. A domain should almost always be set by hand with the option. --nisdomain= --nisdomain= NIS domain name to use for NIS services.
Page 58 Chapter 9. Kickstart Installations --krb5kdc= The KDC (or KDCs) that serve requests for the realm. If you have multiple KDCs in your realm, separate their names with commas (,). --krb5adminserver= The KDC in your realm that is also running kadmind. This server handles password chang- ing and other administrative requests.
Page 59 Chapter 9. Kickstart Installations --enablecache Enables the service. The service caches information about users, groups, and nscd nscd various other types of information. Caching is especially helpful if you choose to distribute information about users and groups over your network using NIS, LDAP, or hesiod. (required) bootloader Speciﬁes how the boot loader should be installed and whether the boot loader should be LILO or...
Page 60 Chapter 9. Kickstart Installations --upgrade Upgrade the existing boot loader conﬁguration, preserving the old entries. This option is only available for upgrades. (optional) clearpart Removes partitions from the system, prior to creation of new partitions. By default, no partitions are removed. Note If the command is used, then the...
Page 61 Chapter 9. Kickstart Installations <moduleName> Replace with the name of the kernel module which should be installed. --opts= Options to pass to the kernel module. Note that multiple options may be passed if they are put in quotes. For example: --opts="aic152x=0x340 io=11"...
Page 62 Install from a Red Hat installation tree on a local drive, which must be either vfat or ext2. • --partition= Partition to install from (such as, sdb2). • --dir= Directory containing the directory of the installation tree. RedHat For example: harddrive --partition=hdb2 --dir=/tmp/install-tree...
Page 63 Server from which to install (hostname or IP). • --dir= Directory containing the directory of the installation tree. RedHat For example: nfs --server=nfsserver.example.com --dir=/tmp/install-tree Install from an installation tree on a remote server via FTP or HTTP. For example: url --url http:// < server > / < dir >...
Page 64 Chapter 9. Kickstart Installations langsupport fr_FR --default= If language support for more than one language is speciﬁed, a default must be identiﬁed. For example, to install English and French and use English as the default language: langsupport --default=en_US fr_FR If you use with only one language, all languages will be installed with the speciﬁed --default language set to the default.
Page 65 Chapter 9. Kickstart Installations (optional) network Conﬁgures network information for the system. If the kickstart installation does not require net- working (in other words, it is not installed over NFS, HTTP, or FTP), networking is not conﬁg- ured for the system. If the installation does require networking and network information is not provided in the kickstart ﬁle, the installation program assumes that the installation should be done over eth0 via a dynamic IP address (BOOTP/DHCP), and conﬁgures the ﬁnal, installed system to determine its IP address dynamically.
Page 66 Chapter 9. Kickstart Installations --nodns Do not conﬁgure any DNS server. --netmask= Netmask for the installed system. --hostname= Hostname for the installed system. (required for installs, ignored for upgrades) part partition Creates a partition on the system. If more than one Red Hat Enterprise Linux installation exists on the system on different parti- tions, the installation program prompts the user and asks which installation to upgrade.
Page 67 Chapter 9. Kickstart Installations --maxsize= The maximum partition size in megabytes when the partition is set to grow. Specify an integer value here, and do not append the number with MB. --noformat Tells the installation program not to format the partition, for use with the com- --onpart mand.
Page 68 Chapter 9. Kickstart Installations <mntpoint> Location where the RAID ﬁle system is mounted. If it is , the RAID level must be 1 unless a boot partition ( ) is present. If a boot partition is present, the partition must be /boot /boot level 1 and the root (...
Page 69 Chapter 9. Kickstart Installations --iscrypted If this is present, the password argument is assumed to already be encrypted. (optional) skipx If present, X is not conﬁgured on the installed system. (optional) text Perform the kickstart installation in text mode. Kickstart installations are performed in graphical mode by default.
Page 70 Chapter 9. Kickstart Installations --hsync= Speciﬁes the horizontal sync frequency of the monitor. --vsync= Speciﬁes the vertical sync frequency of the monitor. --defaultdesktop= Specify either GNOME or KDE to set the default desktop (assumes that GNOME Desktop Environment and/or KDE Desktop Environment has been installed through %packages --startxonboot Use a graphical login on the installed system.
Page 71: Package Selection
Refer to the ﬁle on the ﬁrst RedHat/base/comps.xml Red Hat Enterprise Linux CD-ROM for a list of groups. Each group has an id, user visibility value, name, description, and package list. In the package list, the packages marked as mandatory are always installed if the group is selected, the packages marked default are selected by default if the group is selected, and the packages marked optional must be speciﬁcally selected even if the group is selected...
Page 72: Pre-Installation Script
Chapter 9. Kickstart Installations --ignoremissing Ignore the missing packages and groups instead of halting the installation to ask if the installation should be aborted or continued. For example: %packages --ignoremissing 9.6. Pre-installation Script You can add commands to run on the system immediately after the has been parsed.
Page 73: Post-Installation Script
Chapter 9. Kickstart Installations echo "part swap --recommended --ondisk $drive1" /tmp/part-include >> echo "part /home --fstype ext3 --size 1 --grow --ondisk hdb" /tmp/part-include >> else #1 drive echo "#partitioning scheme generated in %pre for 1 drive" /tmp/part-include > echo "clearpart --all" /tmp/part-include >>...
Page 74: Making The Kickstart File Available
Chapter 9. Kickstart Installations --interpreter /usr/bin/python Allows you to specify a different scripting language, such as Python. Replace /usr/bin/python with the scripting language of your choice. 9.7.1. Examples Turn services on and off: /sbin/chkconfig --level 345 telnet off /sbin/chkconfig --level 345 finger off /sbin/chkconfig --level 345 lpd off /sbin/chkconfig --level 345 httpd on Run a script named...
Page 75: Making The Installation Tree Available
Here is an example of a line from the ﬁle for the DHCP server: dhcpd.conf "/usr/new-machine/kickstart/"; filename next-server blarg.redhat.com; Note that you should replace the value after with the name of the kickstart ﬁle (or the filename directory in which the kickstart ﬁle resides) and the value after...
Page 76: Starting A Kickstart Installation
Chapter 9. Kickstart Installations If you are performing a CD-based installation, insert the Red Hat Enterprise Linux CD-ROM #1 into the computer before starting the kickstart installation. If you are performing a hard-drive installation, make sure the ISO images of the binary Red Hat Enterprise Linux CD-ROMs are on a hard drive in the computer.
Page 77 Chapter 9. Kickstart Installations ks=http:// < server > / < path > The installation program will look for the kickstart ﬁle on the HTTP server <server>, as ﬁle <path>. The installation program will use DHCP to conﬁgure the Ethernet card. For example, if your HTTP server is server.example.com and the kickstart ﬁle is in the HTTP directory , the correct boot command would be /mydir/ks.cfg...
Page 78 Chapter 9. Kickstart Installations...
Page 79: Kickstart Conﬁgurator
Conﬁgurator, select the Main Menu Button (on the Panel) => System Tools => Kickstart, or type the command /usr/sbin/redhat-config-kickstart As you are creating a kickstart ﬁle, you can select File => Preview at any time to review your current selections.
Page 80: Installation Method
Language Conﬁguration Tool ( ) after installation. redhat-config-language Choosing Reboot system after installation will reboot your system automatically after the installa- tion is ﬁnished. Kickstart installations are performed in graphical mode by default. To override this default and use text mode instead, select the Perform installation in text mode option.
Page 81: Boot Loader Options
NFS server, enter a fully-qualiﬁed domain name or IP address. For the NFS directory, enter the name of the NFS directory that contains the directory of the installation tree. RedHat For example, if the NFS server contains the directory , enter /mirrors/redhat/i386/RedHat/ for the NFS directory.
Page 82 Chapter 10. Kickstart Conﬁgurator 10.3. Boot Loader Options Figure 10-3. Boot Loader Options You have the option of installing GRUB or LILO as the boot loader. If you do not want to install a boot loader, select Do not install a boot loader. If you choose not to install a boot loader, make sure you create a boot diskette or have another way to boot (such as a third-party boot loader) your system.
Page 83: Partition Information
Chapter 10. Kickstart Conﬁgurator 10.4. Partition Information Figure 10-4. Partition Information Select whether or not to clear the Master Boot Record (MBR). Choose to remove all existing parti- tions, remove all existing Linux partitions, or preserve existing partitions. To initialize the disk label to the default for the architecture of the system (for example, msdos for Itanium), select Initialize the disk label if you are installing on a brand new hard x86 and...
Page 84 Chapter 10. Kickstart Conﬁgurator Figure 10-5. Creating Partitions To edit an existing partition, select the partition from the list and click the Edit button. The same Partition Options window appears as when you chose to add a partition as shown in Figure 10-5, except it reﬂects the values for the selected partition.
Page 85 Chapter 10. Kickstart Conﬁgurator Figure 10-6. Creating a Software RAID Partition Repeat these steps to create as many partitions as needed for your RAID setup. All of your partitions do not have to be RAID partitions. After creating all the partitions needed to form a RAID device, follow these steps: 1.
Page 86: Network Conﬁguration
Tool ( ). Refer to Chapter 19 Network Conﬁguration for details. redhat-config-network For each Ethernet card on the system, click Add Network Device and select the network device and network type for the device. Select eth0 to conﬁgure the ﬁrst Ethernet card, eth1 for the second...
Page 87: Authentication
Chapter 10. Kickstart Conﬁgurator 10.6. Authentication Figure 10-9. Authentication In the Authentication section, select whether to use shadow passwords and MD5 encryption for user passwords. These options are highly recommended and chosen by default. The Authentication Conﬁguration options allow you to conﬁgure the following methods of authen- tication: •...
Page 88: Conﬁguration
Chapter 10. Kickstart Conﬁgurator Figure 10-10. Firewall Conﬁguration If Disable ﬁrewall is selected, the system allows complete access to any active services and ports. No connections to the system are refused or denied. Selecting Enable ﬁrewall conﬁgures the system to reject incoming connections that are not in re- sponse to outbound requests, such as DNS replies or DHCP requests.
Page 89 Chapter 10. Kickstart Conﬁgurator Figure 10-11. X Conﬁguration - General If you are installing both the GNOME and KDE desktops, you must choose which desktop should be the default. If only one desktop is to be installed, be sure to choose it. Once the system is installed, users can choose which desktop they want to be their default.
Page 90 Chapter 10. Kickstart Conﬁgurator Figure 10-12. X Conﬁguration - Video Card 10.8.3. Monitor After conﬁguring the video card, click on the Monitor tab as shown in Figure 10-13. Figure 10-13. X Conﬁguration - Monitor...
Page 91: Package Selection
Chapter 10. Kickstart Conﬁgurator Probe for monitor is selected by default. Accept this default to have the installation program probe for the monitor during installation. Probing works for most modern monitors. If this option is selected and the installation program cannot successfully probe the monitor, the installation program will stop at the monitor conﬁguration screen.
Page 92: Pre-Installation Script
Chapter 10. Kickstart Conﬁgurator 10.10. Pre-Installation Script Figure 10-15. Pre-Installation Script You can add commands to run on the system immediately after the kickstart ﬁle has been parsed and before the installation begins. If you have conﬁgured the network in the kickstart ﬁle, the network is enabled before this section is processed.
Page 93 Chapter 10. Kickstart Conﬁgurator 10.11. Post-Installation Script Figure 10-16. Post-Installation Script You can also add commands to execute on the system after the installation is completed. If the net- work is properly conﬁgured in the kickstart ﬁle, the network is enabled, and the script can include commands to access resources on the network.
Page 94: Saving The File
Chapter 10. Kickstart Conﬁgurator 10.11.1. Chroot Environment To run the post-installation script outside of the chroot environment, click the checkbox next to this option on the top of the Post-Installation window. This is equivalent to the using the --nochroot option in the section.
Page 95: Basic System Recovery
Chapter 11. Basic System Recovery When things go wrong, there are ways to ﬁx problems. However, these methods require that you understand the system well. This chapter describes how to boot into rescue mode, single-user mode, and emergency mode, where you can use your own knowledge to repair the system. 11.1.
Page 96 Chapter 11. Basic System Recovery 11.2. Booting into Rescue Mode Rescue mode provides the ability to boot a small Red Hat Enterprise Linux environment entirely from a diskette, CD-ROM, or some other boot method instead of the system’s hard drive. As the name implies, rescue mode is provided to rescue you from something.
Page 97: Booting Into Single-User Mode
Chapter 11. Basic System Recovery sh-2.05b# If you selected Continue to mount your partitions automatically and they were mounted successfully, you are in single-user mode. Even if your ﬁle system is mounted, the default root partition while in rescue mode is a temporary root partition, not the root partition of the ﬁle system used during normal user mode (runlevel 3 or 5).
Page 98: Booting Into Emergency Mode
Chapter 11. Basic System Recovery 1. If you have a GRUB password conﬁgured, type and enter the password. 2. Select Red Hat Enterprise Linux with the version of the kernel that you wish to boot and type to append the line. 3.
Page 99: Software Raid Conﬁguration
Chapter 12. Software RAID Conﬁguration Read Chapter 3 Redundant Array of Independent Disks (RAID) ﬁrst to learn about RAID, the differ- ences between Hardware and Software RAID, and the differences between RAID 0, 1, and 5. Software RAID can be conﬁgured during the graphical installation of Red Hat Enterprise Linux or during a kickstart installation.
Page 100 Chapter 12. Software RAID Conﬁguration Once you have all of your partitions created as software RAID partitions, follow these steps: 1. Select the RAID button on the Disk Druid main partitioning screen (refer to Figure 12-4). 2. Figure 12-2 will appear. Select Create a RAID device. Figure 12-2.
Page 101 Chapter 12. Software RAID Conﬁguration , and you are making a RAID partition of , it must be RAID level 1 and it must use one /boot of the ﬁrst two drives (IDE ﬁrst, SCSI second). 8. The RAID partitions you just created appear in the RAID Members list. Select which partitions of these partitions should be used to create the RAID device.
Page 102 Chapter 12. Software RAID Conﬁguration...
Page 103: Lvm Conﬁguration
Chapter 13. LVM Conﬁguration LVM can be conﬁgured during the graphical installation process or during a kickstart installation. You can use the utilities from the package to create your LVM conﬁguration, but these instructions focus on using Disk Druid during installation to complete this task. Read Chapter 4 Logical Volume Manager (LVM) ﬁrst to learn about LVM.
Page 104 Chapter 13. LVM Conﬁguration 6. Enter the size that you want the physical volume to be. 7. Select Fixed size to make the physical volume the speciﬁed size, select Fill all space up to (MB) and enter a size in MBs to give range for the physical volume size, or select Fill to maximum allowable size to make it grow to ﬁll all available space on the hard disk.
Page 105 Chapter 13. LVM Conﬁguration 3. All logical volumes inside the volume group must be allocated in physical extent units. By default, the physical extent is set to 4 MB; thus, logical volume sizes must be divisible by 4 MBs. If you enter a size that is not a unit of 4 MBs, the installation program automatically selects the closest size in units of 4 MBs.
Page 106 Chapter 13. LVM Conﬁguration...
Page 107: Pxe Network Installations
System, have root privileges, and have the RPM package installed. To redhat-config-netboot start the Network Booting Tool from the desktop, go to the Main Menu Button (on the Panel) => System Settings => Server Settings => Network Booting Service. Or, type the command at a shell prompt (for example, in an XTerm or a GNOME terminal).
Page 108 FTP server or the document root for the HTTP server. For all network installations, the directory provided must contain the RedHat/ directory of the installation tree. After clicking OK, the ﬁles necessary to boot the installation...
Page 109: Adding Pxe Hosts
Chapter 14. PXE Network Installations "<description>" — Replace "<description>" with a description of the OS instance. • This corresponds to the Description ﬁeld in Figure 14-1. <NFS|HTTP|FTP> — Specify which of the NFS, FTP, or HTTP protocols to use for installa- •...
Page 110: Starting The 14.5. Conﬁguring The Dhcp Server
14.3.1. Command Line Conﬁguration If the network server is not running X, the utility, a part of the pxeboot redhat-config-netboot package, can be used to add hosts which are allowed to connect to the PXE server: pxeboot -a -O os-identifier...
Page 111: Adding A Custom Boot Message
Chapter 14. PXE Network Installations 14.5. Conﬁguring the DHCP Server If a DHCP server does not already exist on the network, conﬁgure one. Refer to Chapter 25 Dynamic Host Conﬁguration Protocol (DHCP) for details. Make sure the conﬁguration ﬁle contains the following so PXE booting is enabled for systems that support it: allow booting;...
Page 112 Chapter 14. PXE Network Installations...
Page 113: Diskless Environments
Chapter 15. Diskless Environments Some networks require multiple systems with the same conﬁguration. They also require that these systems be easy to reboot, upgrade, and manage. One solution is to use a diskless environment in which most of the operating system, which can be read-only, is shared from a central server between the clients and the individual clients have their own directories on the central server for the rest of the operating system, which must be read/write.
Page 114: Conﬁguring The Nfs Server
System, have root privileges, and have the RPM package installed. To redhat-config-netboot start the Network Booting Tool from the desktop, go to the Main Menu Button (on the Panel) => System Settings => Server Settings => Network Booting Service. Or, type the command at a shell prompt (for example, in an XTerm or a GNOME terminal).
Page 115: Adding Hosts
Chapter 15. Diskless Environments 4. The kernel versions installed in the diskless environment are listed. Select the kernel version to boot on the diskless system. 5. Click Apply to ﬁnish the conﬁguration. After clicking Apply, the diskless kernel and image ﬁle are created based on the kernel selected. They are copied to the PXE boot directory /tftpboot/linux-install/ <...
Page 116 Chapter 15. Diskless Environments diskless directory to allow applications to write to the root directory of the diskless environment if they need to.
Page 117: Package Management
III. Package Management All software on a Red Hat Enterprise Linux system is divided into RPM packages which can be installed, upgraded, or removed. This part describes how to manage the RPM packages on a Red Hat Enterprise Linux system using graphical and command line tools. Table of Contents 16.
Page 119: Package Management With Rpm
Chapter 16. Package Management with RPM The RPM Package Manager (RPM) is an open packaging system, available for anyone to use, which runs on Red Hat Enterprise Linux as well as other Linux and UNIX systems. Red Hat, Inc. encourages other vendors to use RPM for their own products.
Page 120: Using Rpm
The Red Hat Enterprise Linux CD-ROMs • The Red Hat Errata Page available at http://www.redhat.com/apps/support/errata/ • A Red Hat FTP Mirror Site available at http://www.redhat.com/download/mirror.html • Red Hat Network — Refer to Chapter 18 Red Hat Network for more details on Red Hat Network •...
Page 121 Chapter 16. Package Management with RPM error: V3 DSA signature: BAD, key ID 0352860f If it is a new, header-only, signature, an error message such as the following is displayed: error: Header V3 DSA signature: BAD, key ID 0352860f If you do not have the appropriate key installed to verify the signature, the message contains the word such as: NOKEY warning: V3 DSA signature: NOKEY, key ID 0352860f...
Page 122 If it does not suggest a package to resolve the dependency, you can try the --redhatprovides option to determine which package contains the required ﬁle. You need the package rpmdb-redhat installed to use this options. rpm -q --redhatprovides bar.so.2 If the package that contains...
Page 123 Chapter 16. Package Management with RPM Preparing... ########################################### [100%] error: removing these packages would break dependencies: foo is needed by bar-2.0.20-3.i386.rpm To cause RPM to ignore this error and uninstall the package anyway (which is also a bad idea since the package that depends on it will probably fail to work properly), use the option.
Page 124 Chapter 16. Package Management with RPM rpm -Fvh *.rpm RPM automatically upgrades only those packages that are already installed. 16.2.6. Querying Use the command to query the database of installed packages. The command rpm -q rpm -q foo displays the package name, version, and release number of the installed package foo: foo-2.0-1 Note Notice that we used the package name...
Page 125: Checking A Package's Signature
Chapter 16. Package Management with RPM which veriﬁes that all the ﬁles in the foo package are as they were when they were originally installed. For example: To verify a package containing a particular ﬁle: • rpm -Vf /bin/vi To verify ALL installed packages: •...
Page 126: Impressing Your Friends With Rpm
Chapter 16. Package Management with RPM During installation, GnuPG is installed by default. That way you can immediately start using GnuPG to verify any packages that you receive from Red Hat. First, you need to import Red Hat’s public key. 16.3.1.
Page 127 Relocations: (not relocateable) Version : 1.10 Vendor: Red Hat, Inc. Release Build Date: Fri 07 Feb 2003 04:07:32 PM EST Install date: (not installed) Build Host: porky.devel.redhat.com Group : System Environment/Base Source RPM: crontabs-1.10-5.src.rpm Size : 1004 License: Public Domain...
Page 128: Additional Resources
• man rpm rpm --help command. 16.5.2. Useful Websites http://www.rpm.org/ — The RPM website. • http://www.redhat.com/mailman/listinfo/rpm-list/ — The RPM mailing list is archived here. To • subscribe, send mail to < > with the word in the rpm-list-request@redhat.com subscribe subject line.
Page 129: Package Management Tool
Main Menu Button (on the Panel) => System Settings => Add/Remove Applications, or type the command at shell prompt. redhat-config-packages The same interface appears if you insert the Red Hat Enterprise Linux CD #1 into your computer. Figure 17-1. Package Management Tool The interface for this application is similar to the one used for individual package selection during installation.
Page 130: Installing Packages
Chapter 17. Package Management Tool 17.1. Installing Packages To install the standard packages in a package group that is not currently installed, check the checkbox beside it. To customize the packages to be installed within the group, click the Details button beside it. The list of standard and extra packages is displayed, as shown in Figure 17-2.
Page 131: Removing Packages
Chapter 17. Package Management Tool If you use Nautilus to browse the ﬁles and directories on your computer, you can also use it to install packages. In Nautilus, go to the directory that contains an RPM package (they usually end in .rpm and double-click on the RPM icon.
Page 132 Chapter 17. Package Management Tool...
Page 133: Red Hat Network
All Security Alerts, Bug Fix Alerts, and Enhancement Alerts (collectively known as Errata Alerts) can be downloaded directly from Red Hat using the Red Hat Update Agent standalone application or through the RHN website available at https://rhn.redhat.com/. Figure 18-1. Your RHN Red Hat Network saves users time because they receive email when updated packages are released.
Page 134 You must activate your Red Hat Enterprise Linux product before registered your system with Red Hat Network to make sure your system is entitled to the correct services. To activate your product, go to: http://www.redhat.com/apps/activate/ After activating your product, registered it with Red Hat Network to receive Errata Updates. The registration process gathers information about the system that is required to notify you of updates.
Page 135 Execute the command from a shell prompt. • up2date Use the RHN website at https://rhn.redhat.com/. • For more detailed instructions, refer to the documentation available at: http://www.redhat.com/docs/manuals/RHNetwork/ Red Hat Enterprise Linux includes the Red Hat Network Alert Notiﬁcation Tool, a convenient panel...
Page 136 Chapter 18. Red Hat Network...
Page 137: Network-Related Conﬁguration
IV. Network-Related Conﬁguration After explaining how to conﬁgure the network, this part discusses topics related to networking such as how to allow remote logins, share ﬁles and directories over the network, and set up a Web server. Table of Contents 19.
Page 139: Network Conﬁguration
If you type the command, the graphical version is displayed if X is running, otherwise, the text-based version is displayed. To force the text-based version to run, use the redhat-config-network-tui command. To use the command line version, execute the command redhat-config-network-cmd --help as root to view all the options. Figure 19-1. Network Administration Tool...
Page 140: Overview
If you prefer modifying the conﬁguration ﬁles directly, refer to the Red Hat Enterprise Linux Refer- ence Guide for information on their locations and contents. Go to the Red Hat Hardware Compatibility List (http://hardware.redhat.com/hcl/) to determine if Red Hat Enterprise Linux supports your hardware device.
Page 141 Chapter 19. Network Conﬁguration 7. Click Apply on the Create Ethernet Device page. Figure 19-2. Ethernet Settings After conﬁguring the Ethernet device, it appears in the device list as shown in Figure 19-3. Figure 19-3. Ethernet Device Be sure to select File => Save to save the changes. After adding the Ethernet device, you can edit its conﬁguration by selecting the device from the device list and clicking Edit.
Page 142: Establishing An Isdn Connection
Chapter 19. Network Conﬁguration one physical device more than one IP address. For example, you can conﬁgure an eth1 device and an eth1:1 device. For details, refer to Section 19.13 Device Aliases. 19.3. Establishing an ISDN Connection An ISDN connection is an Internet connection established with a ISDN modem card through a special phone line installed by the phone company.
Page 143: Establishing A Modem Connection
Chapter 19. Network Conﬁguration Figure 19-5. ISDN Device 19.4. Establishing a Modem Connection A modem can be used to conﬁgure an Internet connection over an active phone line. An Internet Service Provider (ISP) account (also called a dial-up account) is required. To add a modem connection, follow these steps: 1.
Page 144: Establishing An Xdsl Connection
Chapter 19. Network Conﬁguration 6. Conﬁgure the modem device, baud rate, ﬂow control, and modem volume. If you do not know these values, accept the defaults if the modem was probed successfully. If you do not have touch tone dialing, uncheck the corresponding checkbox. Click Forward. 7.
Page 145 Chapter 19. Network Conﬁguration 1. Click the Devices tab. 2. Click the New button. 3. Select xDSL connection from the Device Type list, and click Forward. 4. If your Ethernet card is in the hardware list, select the Ethernet Device from the pulldown menu from the page shown in Figure 19-8.
Page 146: Establishing A Token Ring Connection
Chapter 19. Network Conﬁguration Figure 19-9. xDSL Device Be sure to select File => Save to save the changes. After adding the xDSL connection, you can edit its conﬁguration by selecting the device from the device list and clicking Edit. For example, when the device is added, it is conﬁgured not to start at boot time by default.
Page 147 Chapter 19. Network Conﬁguration Figure 19-10. Token Ring Settings 6. On the Conﬁgure Network Settings page, choose between DHCP and static IP address. You may specify a hostname for the device. If the device receives a dynamic IP address each time the network is started, do not specify a hostname.
Page 148: Establishing A Cipe Connection
Chapter 19. Network Conﬁguration 19.7. Establishing a CIPE Connection CIPE stands for Crypto IP Encapsulation. It is used to conﬁgure an IP tunneling device. For example, CIPE can be used to grant access from the outside world into a Virtual Private Network (VPN). If you need to setup a CIPE device, contact your system administrator for the correct values.
Page 149: Establishing A Wireless Connection
Chapter 19. Network Conﬁguration Figure 19-13. CIPE Device Be sure to select File => Save to save the changes. After adding the device, you can edit its conﬁguration by selecting the device from the device list and clicking Edit. For example, you can conﬁgure whether the device is started at boot time and any routes to use while the device is activated.
Page 150 Chapter 19. Network Conﬁguration Note The installation program usually detects supported wireless Ethernet devices and prompts you to conﬁgure them. If you conﬁgured them during the installation, they are displayed in the hardware list on the Hardware tab. 5. If you selected Other Wireless Card, the Select Ethernet Adapter window appears. Select the manufacturer and model of the Ethernet card and the device.
Page 151: Managing Dns Settings
Chapter 19. Network Conﬁguration Figure 19-15. Wireless Device Be sure to select File => Save to save the changes. After adding the wireless device, you can edit its conﬁguration by selecting the device from the device list and clicking Edit. For example, you can conﬁgure the device to activate at boot time. When the device is added, it is not activated immediately, as seen by its Inactive status.
Page 152: Managing Hosts
Chapter 19. Network Conﬁguration Note The name servers section does not conﬁgure the system to be a name server. Instead, it conﬁgures the name servers to use when resolving IP address to hostnames and vice versa. 19.10. Managing Hosts The Hosts tab allows you to add, edit, or remove hosts from the ﬁle.
Page 153: Activating Devices
To start it, select Main Menu Button (on the Panel) => System Tools => Network Device Control or type the command redhat-control-network Figure 19-18. Activating Devices To activate a device, select it from the list and click the Activate button. To stop the device, select it from the list and click Deactivate.
Page 154 Chapter 19. Network Conﬁguration By default, there is one proﬁle called Common. To create a new proﬁle, select Proﬁle => New from the pull-down menu, and enter a unique name for the proﬁle. You are now modifying the new proﬁle as indicated by the status bar at the bottom of the main window. Click on an existing device already in the list, and click the Copy button to copy the existing device to a logical network device.
Page 155: Device Aliases
The activate proﬁle section only appears in the Network Device Control interface if more than the default Common interface exists. Alternatively, execute the following command to enable a proﬁle (replace <profilename> with the name of the proﬁle): redhat-config-network-cmd --profile profilename --activate <...
Page 156 Chapter 19. Network Conﬁguration After conﬁguring the Ethernet device, such as , to use a static IP address (DHCP does not work eth0 with aliases), go to the Devices tab and click New. Select the Ethernet card to conﬁgure with an alias, set the static IP address for the alias, and click Apply to create it.
Page 157: Establishing An Ipsec Connection
Chapter 19. Network Conﬁguration UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:5998 errors:0 dropped:0 overruns:0 frame:0 TX packets:5998 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1627579 (1.5 Mb) TX bytes:1627579 (1.5 Mb) 19.14. Establishing an IPsec Connection IPsec stands for Internet Protocol Security. It is a Virtual Private Network solution in which an en- crypted connection is established between two systems (host-to-host) or two networks (network-to- network).
Page 158 Chapter 19. Network Conﬁguration 9. Verify the information on the IPsec — Summary page, and click Apply. 10. Select File => Save to save the conﬁguration. 11. Select the IPsec connection from the list, and click the Activate button. 12. Repeat for the other host. It is extremely important that the same keys from step 8 be used on the other hosts.
Page 159 Chapter 19. Network Conﬁguration Figure 19-23. Network-to-Network IPsec Alternate network conﬁgurations options include a ﬁrewall between each IP router and the Internet and an Intranet ﬁrewall between each IPsec router and subnet gateway. The IPsec router and the gateway for the subnet can be one system with two Ethernet devices, one with a public IP address that acts as the IPsec router and one with a private IP address that acts as the gateway for the private subnet.
Page 160 Chapter 19. Network Conﬁguration 8. On the Remote Network page, enter the following information: Remote IP Address — The publically addressable IP address of the IPsec router for the • other private network. In our example, for ipsec0, enter the publically addressable IP address of ipsec1, and vice versa.
Page 161: Saving And Restoring The Network Conﬁguration
To restore, or import, the network conﬁguration from the ﬁle created from the previous command, execute the following command as root: redhat-config-network-cmd -i -c -f /tmp/network-config option means to import the data, the option means to clear the existing conﬁguration prior of importing, and the option speciﬁes that the ﬁle to import is as follows.
Page 162 Chapter 19. Network Conﬁguration...
Page 163: Basic Firewall Conﬁguration
To start the application, select Main Menu Button (on the Panel) => System Settings => Security Level or type the command from a shell prompt (for example, in redhat-config-securitylevel an XTerm or a GNOME terminal). Figure 20-1. Security Level Conﬁguration Tool Note The Security Level Conﬁguration Tool only conﬁgures a basic ﬁrewall.
Page 164 Chapter 20. Basic Firewall Conﬁguration Disable ﬁrewall — Disabling the ﬁrewall provides complete access to your system and does no • security checking. Security checking is the disabling of access to certain services. This should only be selected if you are running on a trusted network (not the Internet) or plan to do more ﬁrewall conﬁguration later.
Page 165: Activating The Iptables Service
/etc/sysconfig/iptables iptables The options selected are also written to the /etc/sysconfig/redhat-config-securitylevel ﬁle so that the settings can be restored the next time the application is started. Do not edit this ﬁle by hand. Even though the ﬁrewall is activated immediately, the service is not conﬁgured to start...
Page 166 Chapter 20. Basic Firewall Conﬁguration...
Page 167: Controlling Access To Services
Linux, try the Security Level Conﬁguration Tool ), which allows you to select the security level for your system, redhat-config-securitylevel similar to the Firewall Conﬁguration screen in the installation program. Refer to Chapter 20 Basic Firewall Conﬁguration for more information. If you need more speciﬁc ﬁrewall rules, refer to the...
Page 168: Tcp Wrappers
Chapter 21. Controlling Access to Services 0 — Halt • 1 — Single-user mode • 2 — Not used (user-deﬁnable) • 3 — Full multi-user mode • 4 — Not used (user-deﬁnable) • 5 — Full multi-user mode (with an X-based login screen) •...
Page 169: Services Conﬁguration Tool
(on the Panel) => System Settings => Server Settings => Services or type the command at a shell prompt (for example, in an XTerm or a GNOME terminal). redhat-config-services Figure 21-1. Services Conﬁguration Tool The Services Conﬁguration Tool displays the current runlevel as well as the runlevel you are cur- rently editing.
Page 170: Ntsysv
Chapter 21. Controlling Access to Services For example, assume you check to enable it in runlevel 3 and then save the changes. The rsync rsync service is immediately enabled. The next time is started, is still enabled. xinetd rsync Warning When you save changes to services, is restarted, and the changes take place imme-...
Page 171: Additional Resources
Chapter 21. Controlling Access to Services . In the previous example, replace daemon with the name of the service you want to daemon stop stop; for example, . Replace with to start or restart the service. httpd stop start restart 21.5.
Page 172 Chapter 21. Controlling Access to Services 21.6.2. Useful Websites http://www.xinetd.org — The webpage. It contains a more detailed list of features and • xinetd sample conﬁguration ﬁles. 21.6.3. Related Books Red Hat Enterprise Linux Reference Guide, Red Hat, Inc. — This companion manual contains •...
Page 173: Openssh
Chapter 22. OpenSSH OpenSSH is a free, open source implementation of the SSH (Secure SHell) protocols. It replaces , and with secure, encrypted network connectivity tools. OpenSSH telnet rlogin supports versions 1.3, 1.5, and 2 of the SSH protocol. Since OpenSSH version 2.9, the default protocol is version 2, which uses RSA keys as the default.
Page 174 Chapter 22. OpenSSH 22.3. Conﬁguring an OpenSSH Client To connect to an OpenSSH server from a client machine, you must have the openssh-clients packages installed on the client machine. openssh 22.3.1. Using the Command command is a secure replacement for the , and commands.
Page 175 Chapter 22. OpenSSH To transfer the local ﬁle to your account on penguin.example.net, type the following at a shadowman shell prompt (replace username with your username): scp shadowman username@penguin.example.net:/home/username This will transfer local ﬁle shadowman /home/username/shadowman penguin.example.net. The general syntax to transfer a remote ﬁle to the local system is as follows: scp username@tohostname:/remotefile /newlocalfile The remotefile speciﬁes the source, and newlocalfile speciﬁes the destination.
Page 176 Chapter 22. OpenSSH 1. To generate an RSA key pair to work with version 2 of the protocol, type the following command at a shell prompt: ssh-keygen -t rsa Accept the default ﬁle location of . Enter a passphrase different from your ~/.ssh/id_rsa account password and conﬁrm it by entering it again.
Page 177 Chapter 22. OpenSSH 22.3.4.3. Generating an RSA Key Pair for Version 1.3 and 1.5 Use the following steps to generate an RSA key pair, which is used by version 1 of the SSH Protocol. If you are only connecting between systems that use DSA, you do not need an RSA version 1.3 or RSA version 1.5 key pair.
Page 178: Additional Resources
Chapter 22. OpenSSH 22.3.4.5. Conﬁguring ssh-agent can be used to store your passphrase so that you do not have to enter it each time ssh-agent you make a connection. If you are not running the X Window System, follow these steps from a shell prompt.
Page 179: Network File System (Nfs)
Chapter 23. Network File System (NFS) Network File System (NFS) is a way to share ﬁles between machines on a network as if the ﬁles were located on the client’s local hard drive. Red Hat Enterprise Linux can be both an NFS server and an NFS client, which means that it can export ﬁle systems to other systems and mount ﬁle systems exported from other machines.
Page 180 Chapter 23. Network File System (NFS) 23.2.2. Mounting NFS File Systems using autofs A third option for mounting an NFS share is the use of autofs. Autofs uses the automount daemon to manage your mount points by only mounting them dynamically when they are accessed. Autofs consults the master map conﬁguration ﬁle to determine which mount /etc/auto.master...
Page 181: Exporting Nfs File Systems
To use the NFS Server Conﬁguration Tool, you must be running the X Window System, have root privileges, and have the RPM package installed. To start the application, select redhat-config-nfs Main Menu Button (on the Panel) => System Settings => Server Settings => NFS, or type the command...
Page 182 Chapter 23. Network File System (NFS) Figure 23-1. NFS Server Conﬁguration Tool To add an NFS share, click the Add button. The dialog box shown in Figure 23-2 will appear. The Basic tab requires the following information: Directory — Specify the directory to share, such as •...
Page 183 Chapter 23. Network File System (NFS) The User Access tab allows the following options to be conﬁgured: Treat remote root user as local root — By default, the user and group IDs of the root user are both • 0. Root squashing maps the user ID 0 and the group ID 0 to the user and group IDs of anonymous so that root on the client does not have root privileges on the NFS server.
Page 184 Chapter 23. Network File System (NFS) Caution Be careful with spaces in the ﬁle. If there are no spaces between the hostname and /etc/exports the options in parentheses, the options apply only to the hostname. If there is a space between the hostname and the options, the options apply to the rest of the world.
Page 185: Additional Resources
Chapter 23. Network File System (NFS) /sbin/chkconfig --level 345 nfs on , ntsysv or the Services Conﬁguration Tool to conﬁgure which services You can also use chkconfig start at boot time. Refer to Chapter 21 Controlling Access to Services for details. 23.4.
Page 186 Chapter 23. Network File System (NFS)
Page 187: Samba
To use this application, you must be running the X Window System, have root privileges, and have RPM package installed. To start the Samba Server Conﬁguration Tool redhat-config-samba from the desktop, go to the Main Menu Button (on the Panel) => System Settings => Server Set- tings =>...
Page 188 Chapter 24. Samba Note The Samba Server Conﬁguration Tool does not display shared printers or the default stanza that allows users to view their own home directories on the Samba server. 24.2.1.1. Conﬁguring Server Settings The ﬁrst step in conﬁguring a Samba server is to conﬁgure the basic settings for the server and a few security options.
Page 189 Chapter 24. Samba Domain — The Samba server relies on a Windows NT Primary or Backup Domain Controller • to verify the user. The server passes the username and password to the Controller and waits for it to return. Specify the NetBIOS name of the Primary or Backup Domain Controller in the Authentication Server ﬁeld.
Page 190 Chapter 24. Samba To add a Samba user, select Preferences => Samba Users from the pulldown menu, and click the Add User button. On the Create New Samba User window select a Unix Username from the list of existing users on the local system. If the user has a different username on a Windows machine and will be logging into the Samba server from the Windows machine, specify that Windows username in the Windows Username ﬁeld.
Page 191 Chapter 24. Samba To specify the Windows workgroup and a brief description of the Samba server, edit the following lines in your ﬁle: smb.conf workgroup = WORKGROUPNAME server string = BRIEF COMMENT ABOUT SERVER Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong.
Page 192 Chapter 24. Samba 4. Encrypted passwords must be enabled. Since they are enabled by default, they do not have to be speciﬁcally enabled in the conﬁguration ﬁle. However, they can not be disabled in the conﬁguration ﬁle either. In the ﬁle , verify that the following line does /etc/samba/smb.conf not exist:...
Page 193: Connecting To A Samba Share
Chapter 24. Samba To view active connections to the system, execute the command smbstatus 24.3. Connecting to a Samba Share You can use Nautilus to view available Samba shares on your network. Select Main Menu Button (on the Panel) => Network Servers to view a list of Samba workgroups on your network. You can also type smb: in the Location: bar of Nautilus to view the workgroups.
Page 194: Additional Resources
Chapter 24. Samba As you can see from Figure 24-7, there is an icon for each machine within the workgroup. Double- click on an icon to view the Samba shares on the machine. If a username and password combination is required, you are prompted for them. Alternately, you can also specify the Samba server and sharename in the Location: bar for Nautilus using the following syntax (replace <servername>...
Page 195 Chapter 24. Samba — help ﬁles included with the • /usr/share/doc/samba- < version-number > /docs/ samba package 24.4.2. Useful Websites http://www.samba.org/ — The Samba webpage contains useful documentation, information about • mailing lists, and a list of GUI interfaces. http://www.samba.org/samba/docs/using_samba/toc.html — an online version of Using Samba, •...
Page 196 Chapter 24. Samba...
Page 197: Dynamic Host Conﬁguration Protocol (Dhcp)
Chapter 25. Dynamic Host Conﬁguration Protocol (DHCP) Dynamic Host Conﬁguration Protocol (DHCP) is a network protocol for automatically assigning TCP/IP information to client machines. Each DHCP client connects to the centrally-located DHCP server which returns that client’s network conﬁguration including IP address, gateway, and DNS servers.
Page 198 { option domain-name "test.redhat.com"; option domain-name-servers ns1.redhat.com, ns2.redhat.com; option routers 192.168.1.254; more parameters for EXAMPLE shared-network subnet 192.168.1.0 netmask 255.255.255.0 {...
Page 199 Chapter 25. Dynamic Host Conﬁguration Protocol (DHCP) range 192.168.1.1 192.168.1.31; subnet 192.168.1.32 netmask 255.255.255.0 { parameters for subnet range 192.168.1.33 192.168.1.63; Example 25-2. Shared-network Declaration As demonstrated in Example 25-3, the declaration can be used to apply global parameters to a group group of declarations.
Page 200 Chapter 25. Dynamic Host Conﬁguration Protocol (DHCP) declaration speciﬁes that the network interface card with the MAC address host apex 00:A0:78:8E:9E:AA always receives the IP address 192.168.1.4. Notice that the optional parameter can be used to assign a host name to the client. host-name host apex { option host-name "apex.example.com";...
Page 201: Conﬁguring A Dhcp Client
Chapter 25. Dynamic Host Conﬁguration Protocol (DHCP) To start the DHCP service, use the command . To stop the DHCP /sbin/service dhcpd start server, use the command . To conﬁgure the daemon to start auto- /sbin/service dhcpd stop matically at boot time, refer to Chapter 21 Controlling Access to Services for information on how to manage services.
Page 202 Be sure to check the Hardware Compatibility List available at http://hardware.redhat.com/hcl/. If the network card is not conﬁgured by the installation program or Kudzu and you know which kernel module to load for it, refer to Chapter 40 Kernel Modules for details on loading kernel modules.
Page 203: Additional Resources
Chapter 25. Dynamic Host Conﬁguration Protocol (DHCP) 25.4. Additional Resources For conﬁguration options not covered here, refer to the following resources. 25.4.1. Installed Documentation man page — describes how the DHCP daemon works • dhcpd man page — explains how to conﬁgure the DHCP conﬁguration ﬁle; includes some •...
Page 204 Chapter 25. Dynamic Host Conﬁguration Protocol (DHCP)
Page 205: Apache Http Server Conﬁguration
RPM packages need to be installed to use the HTTP Con- httpd redhat-config-httpd ﬁguration Tool. It also requires the X Window System and root access. To start the application, go to the Main Menu Button => System Settings => Server Settings => HTTP or type the command at a shell prompt (for example, in an XTerm or GNOME Terminal).
Page 206: Basic Settings
Chapter 26. Apache HTTP Server Conﬁguration 26.1. Basic Settings Use the Main tab to conﬁgure the basic server settings. Figure 26-1. Basic Settings Enter a fully qualiﬁed domain name that you have the right to use in the Server Name text area. This option corresponds to the directive in .
Page 207: Default Settings
Chapter 26. Apache HTTP Server Conﬁguration If you set the server to listen to a port under 1024, you must be root to start it. For port 1024 and above, can be started as a regular user. httpd Figure 26-2. Available Addresses 26.2.
Page 208 Chapter 26. Apache HTTP Server Conﬁguration Figure 26-3. Site Conﬁguration The entries listed in the Directory Page Search List deﬁne the directive. The DirectoryIndex is the default page served by the server when a user requests an index of a directory DirectoryIndex by specifying a forward slash (/) at the end of the directory name.
Page 209 Chapter 26. Apache HTTP Server Conﬁguration No footer — Do not display a footer at the bottom of error pages. • 26.2.2. Logging By default, the server writes the transfer log to the ﬁle and the error /var/log/httpd/access_log log to the ﬁle.
Page 210 Chapter 26. Apache HTTP Server Conﬁguration server will make one or more connections to the DNS in order to ﬁnd out the hostname that corre- sponds to a particular IP address. If you choose Double Reverse Lookup, your server will perform a double-reverse DNS. In other words, after a reverse lookup is performed, a forward lookup is performed on the result.
Page 211 Chapter 26. Apache HTTP Server Conﬁguration variable in the resulting dialog box. Click OK to add it to the list. The Pass to CGI Scripts section conﬁgures the directive. PassEnv If you want to remove an environment variable so that the value is not passed to CGI scripts and SSI pages, use the Unset for CGI Scripts section.
Page 212: Virtual Hosts Settings
Chapter 26. Apache HTTP Server Conﬁguration IncludesNOEXEC — Allow server-side includes, but disable the com- • #exec #include mands in CGI scripts. Indexes — Display a formatted list of the directory’s contents, if no (such as • DirectoryIndex ) exists in the requested directory. index.html Multiview —...
Page 213 Chapter 26. Apache HTTP Server Conﬁguration 26.3. Virtual Hosts Settings You can use the HTTP Conﬁguration Tool to conﬁgure virtual hosts. Virtual hosts allow you to run different servers for different IP addresses, different host names, or different ports on the same machine. For example, you can run the website for http://www.example.com and http://www.anotherexample.com on the same Web server using virtual hosts.
Page 214 Chapter 26. Apache HTTP Server Conﬁguration In the Host Information section, choose Default Virtual Host, IP based Virtual Host, or Name based Virtual Host. Default Virtual Host You should only conﬁgure one default virtual host (remember that there is one setup by default). The default virtual host settings are used when the requested IP address is not explicitly listed in another virtual host.
Page 215: Server Settings
Chapter 26. Apache HTTP Server Conﬁguration Figure 26-9. SSL Support If an Apache HTTP Server is not conﬁgured with SSL support, communications between an Apache HTTP Server and its clients are not encrypted. This is appropriate for websites without personal or conﬁdential information.
Page 216 Chapter 26. Apache HTTP Server Conﬁguration Figure 26-10. Server Conﬁguration The Lock File value corresponds to the directive. This directive sets the path to the LockFile lockﬁle used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the directory is located on an NFS share.
Page 217: Performance Tuning
Chapter 26. Apache HTTP Server Conﬁguration 26.5. Performance Tuning Click on the Performance Tuning tab to conﬁgure the maximum number of child server processes you want and to conﬁgure the Apache HTTP Server options for client connections. The default settings for these options are appropriate for most situations.
Page 218: Additional Resources
— The Apache Software Foundation’s documentation on Apache • HTTP Server version 2.0, including the Apache HTTP Server Version 2.0 User’s Guide. http://www.redhat.com/support/resources/web_ftp/apache.html — Red Hat Support maintains a list • of useful Apache HTTP Server links. http://www.redhat.com/support/docs/faqs/RH-apache-FAQ/book1.html — The Apache Centralized •...
Page 219 Chapter 26. Apache HTTP Server Conﬁguration 2.0 manually, more details about the Apache HTTP Server directives, and instructions for adding modules to the Apache HTTP Server.
Page 220 Chapter 26. Apache HTTP Server Conﬁguration...
Page 221: Apache Http Secure Server Conﬁguration
Chapter 27. Apache HTTP Secure Server Conﬁguration 27.1. Introduction This chapter provides basic information on the Apache HTTP Server with the security mod_ssl module enabled to use the OpenSSL library and toolkit. The combination of these three components are referred to in this chapter as the secure Web server or just as the secure server. module is a security module for the Apache HTTP Server.
Page 222 Chapter 27. Apache HTTP Secure Server Conﬁguration httpd-devel package contains the Apache HTTP Server include ﬁles, header ﬁles and httpd-devel the APXS utility. You need all of these if you intend to load any extra modules, other than the modules provided with this product. See the Red Hat Enterprise Linux Reference Guide for more information on loading modules onto your secure server using Apache’s DSO functionality.
Page 223: An Overview Of Certiﬁcates And Security
Chapter 27. Apache HTTP Secure Server Conﬁguration Package Name Optional? openssl httpd-devel openssh openssh-askpass openssh-askpass-gnome openssh-clients openssh-server openssl-devel stunnel Table 27-1. Security Packages 27.3. An Overview of Certiﬁcates and Security Your secure server provides security using a combination of the Secure Sockets Layer (SSL) protocol and (in most cases) a digital certiﬁcate from a Certiﬁcate Authority (CA).
Page 224: Types Of Certiﬁcates
Chapter 27. Apache HTTP Secure Server Conﬁguration 27.4. Using Pre-Existing Keys and Certiﬁcates If you already have an existing key and certiﬁcate (for example, if you are installing the secure server to replace another company’s secure server product), you can probably be able to use your existing key and certiﬁcate with the secure server.
Page 225: Generating A Key
Chapter 27. Apache HTTP Secure Server Conﬁguration You need a key and a certiﬁcate to operate your secure server — which means that you can either gen- erate a self-signed certiﬁcate or purchase a CA-signed certiﬁcate from a CA. What are the differences between the two? A CA-signed certiﬁcate provides two important capabilities for your server: Browsers (usually) automatically recognize the certiﬁcate and allow a secure connection to be...
Page 226 Chapter 27. Apache HTTP Secure Server Conﬁguration Next, you need to create your own random key. Change to the directory, /usr/share/ssl/certs/ and type in the following command: make genkey Your system displays a message similar to the following: umask 77 ; \ /usr/bin/openssl genrsa -des3 1024 >...
Page 227: Generating A Certiﬁcate Request To Send To A Ca
Chapter 27. Apache HTTP Secure Server Conﬁguration server should not need to be re-booted very often, the extra security provided by entering a passphrase is a worthwhile effort in most cases. ﬁle should be owned by the root user on your system and should not be accessible server.key to any other user.
Page 228: Creating A Self-Signed Certiﬁcate
Chapter 27. Apache HTTP Secure Server Conﬁguration The default answers appear in brackets immediately after each request for input. For example, the ﬁrst information required is the name of the country where the certiﬁcate will be used, shown like the following: Country Name (2 letter code) [GB]: The default input, in brackets, is...
Page 229: Testing The Certiﬁcate
Chapter 27. Apache HTTP Secure Server Conﬁguration umask 77 ; \ /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt Using configuration from /usr/share/ssl/openssl.cnf Enter pass phrase: After you enter your passphrase (or without a prompt if you created a key without a passphrase), you are asked for more information.
Page 230: Accessing The Server
URL. The following URL example attempts to connect to a non-secure server listening on port 12331: http://server.example.com:12331 27.11. Additional Resources Refer to Section 26.7 Additional Resources for additional references about the Apache HTTP Server. 27.11.1. Useful Websites http://www.redhat.com/mailman/listinfo/redhat-secure-server — The • redhat-secure-server mailing list. You can also subscribe to the...
Page 231: Bind Conﬁguration
BIND and DNS. This chapter does explain how to use the Domain Name Service Conﬁguration Tool ( ) to conﬁgure basic BIND server zones. The redhat-config-bind Domain Name Service Conﬁguration Tool creates the conﬁguration ﬁle and /etc/named.conf...
Page 232: Adding A Forward Master Zone
Chapter 28. BIND Conﬁguration service to reload the conﬁguration ﬁles. Selecting File => Quit Saving changes also causes the named saves the changes before quitting the application. 28.1. Adding a Forward Master Zone To add a forward master zone (also known as a primary master), click the New button, select Forward Master Zone, and enter the domain name for the master zone in the Domain name text area.
Page 233: Adding A Reverse Master Zone
Chapter 28. BIND Conﬁguration After conﬁguring the Forward Master Zone, click OK to return to the main window as shown in Figure 28-1. From the pulldown menu, click Save to write the conﬁguration ﬁle, /etc/named.conf write all the individual zone ﬁles in the directory, and have the daemon reload the /var/named conﬁguration ﬁles.
Page 234 Chapter 28. BIND Conﬁguration Reverse Address Table with the hostname one.example.com. The hostname must end with a period (.) to specify that it is a full hostname. Figure 28-3. Adding a Reverse Master Zone A Primary Nameserver (SOA) must be speciﬁed, and at least one nameserver record must be speci- ﬁed by clicking the Add button in the Nameservers section.
Page 235: Adding A Slave Zone
Chapter 28. BIND Conﬁguration 7200 ; retry 604800 ; expire 86400 ; ttk ns2.example.com. one.example.com. two.example.com. 28.3. Adding a Slave Zone To add a slave zone (also known as a secondary master), click the New button and select Slave Zone. Enter the domain name for the slave zone in the Domain name text area.
Page 236 Chapter 28. BIND Conﬁguration The conﬁguration ﬁle is created by the service /var/named/slave.example.com.zone named when it downloads the zone data from the master server(s).
Page 237: Authentication Conﬁguration
Chapter 29. Authentication Conﬁguration When a user logs in to a Red Hat Enterprise Linux system, the username and password combination must be veriﬁed, or authenticated, as a valid and active user. Sometimes the information to verify the user is located on the local system, and other times the system defers the authentication to a user database on a remote system.
Page 238: Authentication
Chapter 29. Authentication Conﬁguration Figure 29-1. User Information The following list explains what each option conﬁgures: Cache User Information — Select this option to enable the name service cache daemon ( • nscd and conﬁgure it to start at boot time. package must be installed for this option to work.
Page 239 Chapter 29. Authentication Conﬁguration Figure 29-2. Authentication The following explains what each option conﬁgures: Use Shadow Passwords — Select this option to store passwords in shadow password format in • ﬁle instead of . Shadow passwords are enabled by default during /etc/shadow /etc/passwd installation and are highly recommended to increase the security of the system.
Page 240: Command Line Version
Chapter 29. Authentication Conﬁguration packages must be installed for this option to work. Refer krb5-libs krb5-workstation to the Red Hat Enterprise Linux Reference Guide for more information on Kerberos. Enable SMB Support — This option conﬁgures PAM to use an SMB server to authenticate users. •...
Page 241 Chapter 29. Authentication Conﬁguration Option Description Specify SMB workgroup --smbworkgroup= < workgroup > Specify SMB servers --smbservers= < server > Enable Hesiod --enablehesiod Disable Hesiod --disablehesiod Specify Hesiod LHS --hesiodlhs= < lhs > Specify Hesiod RHS --hesiodrhs= < rhs > Enable --enablecache nscd...
Page 242 Chapter 29. Authentication Conﬁguration...
Page 243: System Conﬁguration
V. System Conﬁguration Part of a system administrator’s job is conﬁguring the system for various tasks, types of users, and hardware conﬁgurations. This section explains how to conﬁgure a Red Hat Enterprise Linux system. Table of Contents 30. Console Access........................... 229 31.
Page 245: Console Access
Chapter 30. Console Access When normal (non-root) users log into a computer locally, they are given two types of special permis- sions: 1. They can run certain programs that they would not otherwise be able to run 2. They can access certain ﬁles (normally special device ﬁles used to access diskettes, CD-ROMs, and so on) that they would not otherwise be able to access Since there are multiple consoles on a single computer and multiple users can be logged into the computer locally at the same time, one of the users has to "win"...
Page 246: Disabling All Console Access
Chapter 30. Console Access 30.2. Disabling Console Program Access To disable access by users to console programs, run the following command as root: /etc/security/console.apps/* rm -f In environments where the console is otherwise secured (BIOS and boot loader passwords are set, [Ctrl]-[Alt]-[Delete] is disabled, the power and reset switches are disabled, and so forth), you may not want to allow any user at the console to run , and...
Page 247: Enabling Console Access For Other Applications
Chapter 30. Console Access /dev/sound/* /dev/beep < cdrom > =/dev/cdrom* /dev/cdroms/* /dev/cdwriter* /mnt/cdrom* You can add your own lines to this section, if necessary. Make sure that any lines you add refer to the appropriate device. For example, you could add the following line: <...
Page 248: The Floppy Group
Chapter 30. Console Access auth sufficient /lib/security/pam_timestamp.so session optional /lib/security/pam_timestamp.so The ﬁrst line that begins with should be after any other lines, and the line auth auth sufficient that begins with should be after any other lines. session session optional is successfully authenticated from the Main If an application conﬁgured to use pam_timestamp...
Page 249: Date And Time Conﬁguration
Main Menu Button => System Settings => Date & Time or type the command at a shell prompt (for example, in an XTerm or a GNOME redhat-config-date terminal). 31.1. Time and Date Properties As shown in Figure 31-1, the ﬁrst tabbed window that appears is for conﬁguring the system date and...
Page 250: Time Zone Conﬁguration
Chapter 31. Date and Time Conﬁguration Clicking the OK button applies any changes made to the date and time, the NTP daemon settings, and the time zone settings. It also exits the program. 31.2. Time Zone Conﬁguration To conﬁgure the system time zone, click the Time Zone tab. The time zone can be changed by either using the interactive map or by choosing the desired time zone from the list below the map.
Page 251: Keyboard Conﬁguration
To start the Keyboard Conﬁguration Tool, select the Main Menu button (on the panel) => System Settings => Keyboard, or type the command at a shell prompt. redhat-config-keyboard Figure 32-1. Keyboard Conﬁguration Tool Select a keyboard layout from the list (for example, U.S. English) and click OK. For changes to take...
Page 252 Chapter 32. Keyboard Conﬁguration...
Page 253: Mouse Conﬁguration
To start the Mouse Conﬁguration Tool, select Main Menu Button (on the Panel) => System Set- tings => Mouse, or type the command at a shell prompt (for example, in an redhat-config-mouse XTerm or GNOME terminal). If the X Window System is not running, the text-based version of the tool is started.
Page 254 Chapter 33. Mouse Conﬁguration Select the Generic - Wheel Mouse entry, with the proper mouse port, to enable the scroll button on the mouse. The scroll button on a wheel mouse can be used as the middle mouse button for cutting text, pasting text, and other middle mouse button functions.
Page 255: Window System Conﬁguration
To start the X Conﬁguration Tool, select Main Menu Button (on the Panel) => System Settings => Display, or type the command at a shell prompt (for example, in an redhat-config-xfree86 XTerm or GNOME terminal). If the X Window System is not running, a small version of X is started to run the program.
Page 256 Chapter 34. X Window System Conﬁguration Figure 34-2. Advanced Settings To change the monitor type or any of its settings, click the corresponding Conﬁgure button. To change the video card type or any of its settings, click the Conﬁgure button beside its settings.
Page 257: User And Group Conﬁguration
To use the User Manager, you must be running the X Window System, have root privileges, and have RPM package installed. To start the User Manager from the desktop, redhat-config-users go to the Main Menu Button (on the Panel) => System Settings => Users & Groups. Or, type...
Page 258: Modifying User Properties
Chapter 35. User and Group Conﬁguration Select a login shell. If you are not sure which shell to select, accept the default value of /bin/bash The default home directory is . You can change the home directory that is cre- /home/username/ ated for the user, or you can choose not to create the home directory by unselecting Create home directory.
Page 259: Adding A New Group
Chapter 35. User and Group Conﬁguration Figure 35-3. User Properties The User Properties window is divided into multiple tabbed pages: User Data — Shows the basic user information conﬁgured when you added the user. Use this tab • to change the user’s full name, password, home directory, or login shell. Account Info —...
Page 260: Command Line Conﬁguration
Chapter 35. User and Group Conﬁguration 35.4. Modifying Group Properties To view the properties of an existing group, select the group from the group list and click Properties from the button menu (or choose File => Properties from the pulldown menu). A window similar to Figure 35-5 appears.
Page 261 Chapter 35. User and Group Conﬁguration Option Description Number of days after the password expires until the account is days disabled. (If 0 is speciﬁed, the account is disabled immediately after the password expires. If -1 is speciﬁed, the account is not be disabled after the password expires.) Group name or group number for the user’s default group (The group group-name...
Page 262 Chapter 35. User and Group Conﬁguration Important Shadow passwords must be enabled to use the command. chage Option Description Specify the minimum number of days between which the user must days change passwords. If the value is 0, the password does not expire. Specify the maximum number of days for which the password is days valid.
Page 263: Explaining The Process
Chapter 35. User and Group Conﬁguration 3. Unlock the account — There are two common approaches to this step. The administrator can assign an initial password or assign a null password. Warning Do not use the command to set the password as it disables the immediate password passwd expiration just conﬁgured.
Page 264: Additional Information
Chapter 35. User and Group Conﬁguration The default shell is set to • /bin/bash 2. A new line for is created in . The line has the following characteristics: juan /etc/shadow It begins with the username • juan Two exclamation points ( ) appear in the password ﬁeld of the ﬁle, which •...
Page 265 Chapter 35. User and Group Conﬁguration 35.7.1. Installed Documentation The man pages for , and • useradd passwd groupadd chage 35.7.2. Related Books Red Hat Enterprise Linux Reference Guide — This manual gives a list of standard users and groups, •...
Page 266 Chapter 35. User and Group Conﬁguration...
Page 267: Printer Conﬁguration
Main Menu Button (on the Panel) => System Settings => Printing, or type the command . This command automatically determines whether to run the graphical redhat-config-printer or text-based version depending on whether the command is executed in the graphical desktop environment or from a text-based console.
Page 268: Adding A Local Printer
Chapter 36. Printer Conﬁguration Networked UNIX (LPD) — a printer attached to a different UNIX system that can be accessed • over a TCP/IP network (for example, a printer attached to another Red Hat Enterprise Linux system running LPD on the network). Networked Windows (SMB) —...
Page 269: Adding An Ipp Printer
Chapter 36. Printer Conﬁguration Figure 36-3. Selecting a Queue Name After clicking Forward, Figure 36-4 appears. Select Locally-connected from the Select a queue type menu, and select the device. The device is usually for a parallel printer or /dev/lp0 /dev/usb/lp0 for a USB printer.
Page 270: Adding A Remote Unix (Lpd) Printer
Chapter 36. Printer Conﬁguration If you disable the automatic browsing feature, you can still add a networked IPP printer by clicking the New button in the main Printer Conﬁguration Tool window to display the window in Figure 36-2. Click Forward to proceed. In the window shown in Figure 36-3, enter a unique name for the printer in the Name text ﬁeld.
Page 271: Adding A Samba (Smb) Printer
Chapter 36. Printer Conﬁguration Select Networked UNIX (LPD) from the Select a queue type menu, and click Forward. Figure 36-6. Adding a Remote LPD Printer Text ﬁelds for the following options appear: Server — The hostname or IP address of the remote machine to which the printer is attached. •...
Page 272 Chapter 36. Printer Conﬁguration Figure 36-7. Adding a SMB Printer As shown in Figure 36-7, SMB shares are automatically detected and listed. Click the arrow beside each share name to expand the list. From the expanded list, select a printer. If the printer you are looking for does not appear in the list, click the Specify button on the right.
Page 273: Adding A Novell Netware (Ncp) Printer
Chapter 36. Printer Conﬁguration 36.5. Adding a Novell NetWare (NCP) Printer To add a Novell NetWare (NCP) printer, click the New button in the main Printer Conﬁguration Tool window. The window shown in Figure 36-1 will appear. Click Forward to proceed. In the window shown in Figure 36-3, enter a unique name for the printer in the Name text ﬁeld.
Page 274: Selecting The Printer Model And Finishing
Chapter 36. Printer Conﬁguration In the window shown in Figure 36-3, enter a unique name for the printer in the Name text ﬁeld. The printer name cannot contain spaces and must begin with a letter. The printer name may contain letters, numbers, dashes (-), and underscores (_).
Page 275: Printing A Test Page
Chapter 36. Printer Conﬁguration Figure 36-10. Selecting a Printer Model The recommended print driver is selected based on the printer model selected. The print driver pro- cesses the data that you want to print into a format the printer can understand. Since a local printer is attached directly to your computer, you need a print driver to process the data that is sent to the printer.
Page 276: Modifying Existing Printers
Chapter 36. Printer Conﬁguration 36.8. Printing a Test Page After you have conﬁgured your printer, you should print a test page to make sure the printer is func- tioning properly. To print a test page, select the printer that you want to try out from the printer list, then select the appropriate test page from the Test pulldown menu.
Page 277 Chapter 36. Printer Conﬁguration Figure 36-12. Editing a Printer 36.9.1. Queue Name To rename a printer or change its short description, change the value in the Queue name tab. Click OK to return to the main window. The name of the printer should change in the printer list. Click Apply to save the change and restart the printer daemon.
Page 278: Saving The Conﬁguration File
If you want to keep your existing conﬁguration and add the conﬁguration in the saved ﬁle, you can merge the ﬁles with the following command (as root): /usr/sbin/redhat-config-printer-tui --Ximport --merge < settings.xml Your printer list will then consist of the printers you conﬁgured on the system as well as the printers you imported from the saved conﬁguration ﬁle.
Page 279 This method is useful if you want to add a printer from a script or in the %post section of a kickstart installation. 36.11.1. Adding a Local Printer To add a printer: redhat-config-printer-tui --Xadd-local options Options: --device=node (Required) The device node to use. For example,...
Page 280: Managing Print Jobs
36.11.3. Setting the Default Printer To set the default printer, use the following command, and specify the queuename: redhat-config-printer-tui --Xdefault --queue=queuename 36.12. Managing Print Jobs When you send a print job to the printer daemon, such as printing text ﬁle from Emacs or printing an image from The GIMP, the print job is added to the print spool queue.
Page 281 Chapter 36. Printer Conﬁguration Figure 36-14. List of Print Jobs To cancel a speciﬁc print job listed in the GNOME Print Manager, select it from the list and select Edit => Cancel Documents from the pulldown menu. If there are active print jobs in the print spool, a printer notiﬁcation icon might appears in the Panel Notiﬁcation Area of the desktop panel as shown in Figure 36-15.
Page 282: Sharing A Printer
Chapter 36. Printer Conﬁguration To view the list of print jobs in the print spool from a shell prompt, type the command . The last few lines will look similar to the following: Rank Owner/ID Class Job Files Size Time active user@localhost+902 902 sample.txt 2050 01:20:46...
Page 283 Chapter 36. Printer Conﬁguration Figure 36-17. Queue Options After selecting to share the queue, by default, all hosts are allowed to print to the shared printer. Allowing all systems on the network to print to the queue can be dangerous, especially if the system is directly connected to the Internet.
Page 284: Additional Resources
Chapter 36. Printer Conﬁguration Warning If this option is enabled, all print jobs are accepted from all hosts if they are received from an LPD client. Figure 36-19. System-wide Sharing Options 36.14. Additional Resources To learn more about printing on Red Hat Enterprise Linux, refer to the following resources. 36.14.1.
Page 285: Automated Tasks
Chapter 37. Automated Tasks In Linux, tasks can be conﬁgured to run automatically within a speciﬁed period of time, on a speciﬁed date, or when the system load average is below a speciﬁed number. Red Hat Enterprise Linux comes pre-conﬁgured to run important system tasks to keep the system updated. For example, the slocate database used by the command is updated daily.
Page 286 Chapter 37. Automated Tasks — any integer from 1 to 31 (must be a valid day if a month is speciﬁed) • — any integer from 1 to 12 (or the short name of the month such as jan or feb) •...
Page 287: At And Batch
Chapter 37. Automated Tasks The root user can always use cron, regardless of the usernames listed in the access control ﬁles. If the ﬁle exists, only users listed in it are allowed to use cron, and the ﬁle cron.allow cron.deny is ignored.
Page 288 Chapter 37. Automated Tasks If the set of commands or script tries to display information to standard out, the output is emailed to the user. to view pending jobs. Refer to Section 37.2.3 Viewing Pending Jobs for more Use the command information.
Page 289: Additional Resources
Chapter 37. Automated Tasks commands. The format of both access control ﬁles is one username on each line. Whitespace is not permitted in either ﬁle. The daemon ( ) does not have to be restarted if the access control ﬁles are modiﬁed.
Page 290 Chapter 37. Automated Tasks...
Page 291: Log Files
Main Menu Button (on the Panel) => System Tools => System Logs, or type the command at a shell prompt. redhat-logviewer The application only displays log ﬁles that exist; thus, the list might differ from the one shown in Figure 38-1.
Page 292: Adding A Log File
Chapter 38. Log Files Figure 38-1. Log Viewer By default, the currently viewable log ﬁle is refreshed every 30 seconds. To change the refresh rate, select Edit => Preferences from the pulldown menu. The window shown in Figure 38-2 will appear. In the Log Files tab, click the up and down arrows beside the refresh rate to change it.
Page 293: Examining Log Files
Chapter 38. Log Files 38.3. Adding a Log File To add a log ﬁle to the list, select Edit => Preferences, and click the Add button in the Log Files tab. Figure 38-3. Adding a Log File Provide a name, description, and the location of the log ﬁle to add. After clicking OK, the ﬁle is immediately added to the viewing area if the ﬁle exists.
Page 294 Chapter 38. Log Files The warning icon is displayed to the left of the lines that contains any of the warning words. Figure 38-5. Warning...
Page 295: Upgrading The Kernel
Chapter 39. Upgrading the Kernel The Red Hat Enterprise Linux kernel is custom built by the Red Hat kernel team to ensure its integrity and compatibility with supported hardware. Before Red Hat releases a kernel, it must ﬁrst pass a rigorous set of quality assurance tests.
Page 296: Preparing To Upgrade
Chapter 39. Upgrading the Kernel — contains support for PCMCIA cards. • kernel-pcmcia-cs — contains the kernel for multi-processor systems. The following are the key fea- • kernel-smp tures: Multi-processor support • Support for more than 4 GB of RAM (up to 16 GB for x86) •...
Page 297: Downloading The Upgraded Kernel
Network can download the latest kernel, upgrade the kernel on the system, create an initial RAM disk image if needed, and conﬁgure the boot loader to boot the new kernel. For more information, refer to http://www.redhat.com/docs/manuals/RHNetwork/. If Red Hat Network was used to download and install the updated kernel, following the instructions in Section 39.5 Verifying the Initial RAM Disk Image and Section 39.6 Verifying the Boot Loader,...
Page 298: Verifying The Initial Ram Disk Image
Chapter 39. Upgrading the Kernel Important It is strongly recommended that the old kernel is kept in case there are problems with the new kernel. Use the argument with the command to keep the old kernel. If the option is used to upgrade package, it will overwrite the currently installed kernel.
Page 299 Chapter 39. Upgrading the Kernel 39.6. Verifying the Boot Loader RPM package conﬁgures the boot loader to boot the newly installed kernel (except for kernel IBM eServer iSeries systems). However, it does not conﬁgure the boot loader to boot the new kernel by default.
Page 300 Begin testing the new kernel by rebooting the computer and watching the messages to ensure the hardware is detected properly. 39.6.2. Itanium Systems Itanium systems use ELILO as the boot loader, which uses /boot/efi/EFI/redhat/elilo.conf as the conﬁguration ﬁle. Conﬁrm that this ﬁle contains an section with the same version as the image...
Page 301 Chapter 39. Upgrading the Kernel [linux] image=/boot/vmlinuz-2.4.21-1.1931.2.399.ent ramdisk=/boot/initrd-2.4.21-1.1931.2.399.ent.img parameters="root=LABEL=/" [old] image=/boot/vmlinuz-2.4.20-2.30.ent ramdisk=/boot/initrd-2.4.20-2.30.ent.img parameters="root=LABEL=/" Notice that the default is not set to the new kernel. To conﬁgure z/IPL to boot the new kernel by default change the value of the variable to the name of the section that contains the new kernel. The default ﬁrst line of each section contains the name in brackets.
Page 302 Chapter 39. Upgrading the Kernel label=linux read-only initrd=/initrd-2.4.21-1.1931.2.399.ent.img append="root=LABEL=/" Notice that the default is not set to the new kernel. The kernel in the ﬁrst image is booted by default. To change the default kernel to boot either move its image stanza so that it is the ﬁrst one listed or add the directive and set it to the of the image stanza that contains the new kernel.
Page 303: Kernel Modules
Chapter 40. Kernel Modules The Linux kernel has a modular design. At boot time, only a minimal resident kernel is loaded into memory. Thereafter, whenever a user requests a feature that is not present in the resident kernel, a kernel module, sometimes referred to as a driver, is dynamically loaded into memory. During installation, the hardware on the system is probed.
Page 304 Chapter 40. Kernel Modules parport_pc 19204 1 (autoclean) 9188 0 (autoclean) parport 39072 1 (autoclean) [parport_pc lp] autofs 13692 0 (autoclean) (unused) e100 62148 microcode 5184 0 (autoclean) keybdev 2976 0 (unused) mousedev 5656 22308 0 (unused) input 6208 0 [keybdev mousedev hid] usb-uhci 27468 0 (unused)
Page 305: Additional Resources
— description and list of command line options. • modinfo — how to compile and use kernel mod- • /usr/src/linux-2.4/Documentation/modules.txt ules. This ﬁle is part of the package. kernel-source 40.2.2. Useful Websites http://www.redhat.com/mirrors/LDP/HOWTO/Module-HOWTO/index.html — Linux Loadable • Kernel Module HOWTO from the Linux Documentation Project.
Page 306 Chapter 40. Kernel Modules...
Page 307: Mail Transport Agent (Mta) Conﬁguration
RPM package must be installed to use the text-based version of redhat-switch-mail the Mail Transport Agent Switcher program. If you want to use the graphical version, the package must also be installed. For more information on installing redhat-switch-mail-gnome RPM packages, refer to Part III Package Management.
Page 308 Chapter 41. Mail Transport Agent (MTA) Conﬁguration...
Page 309: System Monitoring
VI. System Monitoring System administrators also monitor system performance. Red Hat Enterprise Linux contains tools to assist administrators with these tasks. Table of Contents 42. Gathering System Information ....................295 43. OProﬁle ............................301...
Page 311: Gathering System Information
Chapter 42. Gathering System Information Before you learn how to conﬁgure your system, you should learn how to gather essential system information. For example, you should know how to ﬁnd the amount of free memory, the amount of available hard drive space, how your hard drive is partitioned, and what processes are running. This chapter discusses how to retrieve this type of information from your Red Hat Enterprise Linux system using simple commands and a few simple programs.
Page 312 Chapter 42. Gathering System Information Useful interactive commands that you can use with include the following: Command Description [Space] Immediately refresh the display Display a help screen Kill a process. You will be prompted for the process ID and the signal to send to it. Change the number of processes displayed.
Page 313: Memory Usage
Chapter 42. Gathering System Information Figure 42-1. GNOME System Monitor 42.2. Memory Usage command displays the total amount of physical memory and swap space for the system as free well as the amount of memory that is used, free, shared, in kernel buffers, and cached. total used free...
Page 314: File Systems
Chapter 42. Gathering System Information Figure 42-2. GNOME System Monitor 42.3. File Systems command reports the system’s disk space usage. If you type the command at a shell prompt, the output looks similar to the following: Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda2 10325716 2902060...
Page 315: Hardware
Chapter 42. Gathering System Information To view the system’s partitions and disk space usage in a graphical format, use the System Monitor tab as shown at the bottom of Figure 42-2. 42.4. Hardware If you are having trouble conﬁguring your hardware or just want to know what hardware is in your system, you can use the Hardware Browser application to display the hardware that can be probed.
Page 316: Additional Resources
Chapter 42. Gathering System Information Expansion ROM at 80000000 [disabled] [size=64K] Capabilities: [dc] Power Management version 2 Capabilities: [f0] AGP version 2.0 is also useful to determine the network card in your system if you do not know the manu- lspci facturer or model number.
Page 317: Oproﬁle
Chapter 43. OProﬁle OProﬁle is a low overhead, system-wide performance monitoring tool. It uses the performance mon- itoring hardware on the processor to retrieve information about the kernel and executables on the system such as when memory is referenced, the number of L2 cache requests, and the number of hardware interrupts received.
Page 318: Overview Of Tools
Chapter 43. OProﬁle If the kernel version returned ends in , the multi-processor kernel is running. If it is not, .entsmp install it via Red Hat Network or from the distribution CDs, even if the system is not a multi-processor system.
Page 319 Chapter 43. OProﬁle This command also loads the kernel module (if it is not already loaded) oprofile and creates the directory if it does not already exist. Refer to /dev/oprofile/ Section 43.6 Understanding for details about this directory. /dev/profile/ Note Even if OProﬁle is conﬁgured not to proﬁle the kernel, the SMP kernel still must be running so that module can be loaded from it.
Page 320 Chapter 43. OProﬁle the counters other than counter 0 are not set to an event by default. The default events monitored are shown in Table 43-3. Processor Default Event for Counter Description Pentium Pro, Pentium CPU_CLK_UNHALTED The processor’s clock is not halted II, Pentium III, Athlon, AMD64 Pentium 4 (HT and...
Page 321 Chapter 43. OProﬁle Caution Be extremely careful when setting sampling rates. Sampling too frequently can overload the system, causing the system to appear as if it is frozen or causing the system to actually freeze. 43.2.2.2. Unit Masks If the is not , unit masks may also be required to further deﬁne the event.
Page 322: Starting And Stopping Oproﬁle
Chapter 43. OProﬁle is used, the sample ﬁle name includes the name of the executable as well --separate=library as the name of the library. 43.3. Starting and Stopping OProﬁle To start monitoring the system with OProﬁle, execute the following command as root: opcontrol --start Output similar to the following is displayed: Using log file /var/lib/oprofile/oprofiled.log...
Page 323 Chapter 43. OProﬁle opcontrol --dump Each sample ﬁle name is based on the name of the executable, with a closing curly bracket ( ) re- placing each forward slash ( ). The ﬁle name ends with a hash mark ( ), followed by the counter number used for that sample ﬁle.
Page 324 Chapter 43. OProﬁle Refer to the man page for a list of available command line options such as the option op_time used to sort the output from the executable with the largest number of samples to the one with the smallest number of samples.
Page 325 Chapter 43. OProﬁle List sample data by symbols with more details than . For example: samples symbol name 08083630 2 1.51515 xf86Wakeup 08083641 1 080836a1 1 080b8150 1 0.757576 Ones 080b8179 1 080b8fb0 2 1.51515 FlushClientCaches 080b8fb9 1 080b8fba 1 The data is the same as the option except that for each symbol, each virtual memory ad- dress used is shown.
Page 326 Chapter 43. OProﬁle <format> Display the output in a speciﬁc column order. This option can not be used with Use the following letters to represent the columns: Letter Description Virtual memory address Number of samples Cumulative number of samples Percentage of samples relative to total number of samples for the executable Cumulative percentage of samples relative to total number of samples for the executable Percentage of samples relative to all executables sampled...
Page 327: Example Usage
Chapter 43. OProﬁle 43.5.4. Using op_merge If multiple sample ﬁles exist for the exact same executable or library, the sample ﬁles can be merged for easier analysis. For example, to merge ﬁles for the library , execute the following /usr/lib/library-1.2.3.so command as root: op_merge /usr/lib/library-1.2.3.so The resulting ﬁle is...
Page 328: Graphical Interface
Chapter 43. OProﬁle Determine processor usage — The event can be monitored to determine the • CPU_CLK_UNHALTED processor load over a given period of time. This data can then be used to determine if additional processors or a faster processor might improve system performance. 43.8.
Page 329 Chapter 43. OProﬁle This is equivalent to the command, where N is the counter number. opcontrol --ctrN -kernel=1 If this option is unselected, it is equivalent to the command. opcontrol --ctrN -kernel=0 Select the Proﬁle user binaries option to count events in user mode for the currently selected event, as discussed in Section 43.2.3 Separating Kernel and User-space Proﬁles.
Page 330: Additional Resources
Chapter 43. OProﬁle To force data to be written to samples ﬁles as discussed in Section 43.5 Analyzing the Data, click the Flush proﬁler data button. This is equivalent to the command. opcontrol --dump To start OProﬁle from the graphical interface, click Start proﬁler. To stop the proﬁler, click Stop proﬁler.
Page 331: Appendixes
VII. Appendixes This part contains instructions for building a custom kernel from the source ﬁles provided by Red Hat, Inc.. Table of Contents A. Building a Custom Kernel ......................317...
Page 333: Building A Custom Kernel
Appendix A. Building a Custom Kernel Many people new to Linux often ask, "Why should I build my own kernel?" Given the advances that have been made in the use of kernel modules, the most accurate response to that question is, "Unless you already know why you need to build your own kernel, you probably do not need to."...
Page 334 7. It is recommended that the custom kernel have a modiﬁed version number so that the existing kernel is not overwritten. The method described here is the easiest to recover from in the event of a mishap. For other possibilities, details can be found at http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html or in the Makefile /usr/src/linux-2.4/...
Page 335: Additional Resources
• /usr/src/linux-2.4/Documentation/ on the Linux kernel and its modules. These documents are written for people interested in con- tributing to the kernel source code and understanding how the kernel works. A.3.2. Useful Websites http://www.redhat.com/mirrors/LDP/HOWTO/Kernel-HOWTO.html — Linux Kernel • HOWTO from the Linux Documentation Project.
Page 336 Appendix A. Building a Custom Kernel...
Page 337: Index
Index authentication, 221 Authentication Conﬁguration Tool, 221 authentication, 222 Kerberos support, 223 Symbols LDAP support, 223 MD5 passwords, 223 /dev/proﬁle/, 311 shadow passwords, 223 /dev/shm, 298 SMB support, 224 /etc/auto.master, 164 command line version, 224 /etc/cups/, 251 user information, 221 /etc/exports, 167 cache, 222 /etc/fstab, 2, 163...
Page 338 disabling all, 230 additional resources, 25 enabling, 231 assigning per ﬁle system, 23 conventions assigning per group, 23 document, ii assigning per user, 22 Cron, 269 disabling, 25 additional resources, 273 enabling, 21, 25 conﬁguration ﬁle, 269 /etc/fstab, modifying, 21 example crontabs, 270 creating quota ﬁles, 22 user-deﬁned tasks, 270...
Page 339 transfer log, 193 HTTP directives feedback, v DirectoryIndex, 192 ﬁle systems, 298 ext2 ErrorDocument, 192 (see ext2) ErrorLog, 193 ext3 Group, 200 (see ext3) HostnameLookups, 193 KeepAlive, 201 (see LVM) KeepAliveTimeout, 201 (see NFS) Listen, 190 ﬁndsmb, 178 LogFormat, 193 ﬁrewall conﬁguration LogLevel, 193 (see Security Level Conﬁguration Tool)
Page 340 CD-ROM-based, 59 clearpart, 44 Kerberos, 223 cmdline, 44 kernel creating, 40 building, 317 device, 44 custom, 317 diskette-based, 58 downloading, 281 driverdisk, 45 large memory support, 279 ﬁrewall, 45 modular, 317 ﬁrstboot, 46 modules, 287 multiple processor support, 279 format of, 39 upgrading, 279 include contents of another ﬁle, 55 kernel modules...
Page 341 setting default, 291 LDAP, 222, 223 switching with Mail Transport Agent Switcher, 291 loading kernel modules, 287 MUA, 291 log ﬁles, 275 (see also Log Viewer) description, 275 examining, 277 locating, 275 named.conf, 215 rotating, 275 neat syslogd, 275 (see network conﬁguration) viewing, 275 netcfg Log Viewer...
Page 342 OProﬁle, 301 /etc/fstab, 163 /dev/proﬁle/, 311 additional resources, 169 additional resources, 314 autofs conﬁguring, 302 (see autofs) separating proﬁles, 305 command line conﬁguration, 167 events conﬁguration, 163 sampling rate, 304 diskless environment, conﬁguring for, 98 setting, 303 exporting, 165 monitoring the kernel, 302 hostname formats, 168 opcontrol, 302 mounting, 163...
Page 343 removing, 106 setting default printer, 264 with Package Management Tool, 115 CUPS, 251 tips, 110 default printer, 260 upgrading, 107 delete existing printer, 260 verifying, 108 driver options, 261 pam_smbpass, 176 Effective Filter Locale, 262 pam_timestamp, 231 GhostScript pre-ﬁltering, 262 parted, 15 Media Source, 262 creating partitions, 16...
Page 344 108 redhat-conﬁg-netboot, 91 querying for ﬁle list, 111 redhat-conﬁg-network querying uninstalled packages, 111 (see network conﬁguration) tips, 110 redhat-conﬁg-network-cmd, 123, 139, 145 uninstalling, 106 redhat-conﬁg-network-tui with Package Management Tool, 115 (see network conﬁguration) redhat-conﬁg-packages upgrading, 107 (see Package Management Tool) using, 104 redhat-conﬁg-printer...
Page 345 (see Security Level Conﬁguration Tool) Security Level Conﬁguration Tool Samba, 171 iptables service, 149 additional resources, 178 trusted devices, 148 conﬁguration, 171, 174 trusted services, 148 default, 171 sendmail, 291 smb.conf, 171 services encrypted passwords, 175 controlling access to, 151 ﬁndsmb, 178 Services Conﬁguration Tool, 153 graphical conﬁguration, 171...
Page 346 VeriSign TCP wrappers, 152 using existing certiﬁcate, 208 telinit, 152 video card telnet, 157 settings for X, 239 tftp, 91, 94, 97 volume group, 13, 87 time conﬁguration, 233 synchronize with NTP server, 233 time zone conﬁguration, 234 timetool Windows (see Time and Date Properties Tool) ﬁle and print sharing, 171 token ring connection...
Page 347: Colophon
Colophon The manuals are written in DocBook SGML v4.1 format. The HTML and PDF formats are produced using custom DSSSL stylesheets and custom jade wrapper scripts. The DocBook SGML ﬁles are written in Emacs with the help of PSGML mode. Garrett LeSage created the admonition graphics (note, tip, important, caution, and warning).

Red Hat ENTERPRISE LINUX 3 System Administration Manual

Introduction

File Systems

Installation-Related Information

Package Management

Network-Related Conﬁguration

System Conﬁguration

System Monitoring

Appendixes

Index

Colophon

Quick Links

Related Manuals for Red Hat ENTERPRISE LINUX 3

Summary of Contents for Red Hat ENTERPRISE LINUX 3