RHCE - RH302 Red Hat Certified Engineer Certification Exam Preparation Course in a Book for Passing the RHCE - RH302 Red Hat Certified Engineer Exam The How To Pass on Your First Try Certification Study Guide
RHCE - RH302 Red Hat Certified Engineer Certification Exam Preparation Course in a Book for Passing the RHCE - RH302 Red Hat Certified Engineer Exam - The How To Pass on Your First Try Certification Study Guide Copyright © 2009 Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Notice of Liability The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been taken in the preparation of the book, neither the author nor the publisher shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions contained in this book or by the products described in it. Trademarks Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the designations appear as requested by the owner of the trademark. All other product names and services identified throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or other affiliation with this book.
3
This self-study exam preparation guide for the RHCE RH302 Red Hat Certified Engineer exam contains everything you need to test yourself and pass the Exam. Including all the exam topics, covered indepth and insider secrets, complete explanations of all RHCE subjects, test tricks and tips, over 250 highly realistic sample questions, and exercises designed to strengthen understanding of the RHCE concepts and prepare you for exam success on the first attempt are provided. Can you imagine valuing a book so much that you send the author a "Thank You" letter? This book includes new exercises and sample questions never before in print. Offering numerous sample questions, critical time-saving tips plus information available nowhere else, this book will help you pass the RHCE - RH302 Red Hat Certified Engineer exam on your FIRST try. Buy this. Read it. And Pass the RHCE - RH302 Red Hat Certified Engineer Exam. This book provides a laser sharp focus on all the exam objectives with a cohesive, concise, yet comprehensive coverage of all the topics included in the RHCE - RH302 Red Hat Certified Engineer Lab Exam. It includes over 250 questions modeled after the real exam with answers and an Exam Quick Prep feature which recaps all the important points for the last hour preparation before taking the exam. Covers all RH302 exam topics, including: x x x x x x x x x x x x x x
Hardware installation and configuration The boot process Linux filesystem administration Package management and Kickstart User and group administration System administration tools Kernel services and configuration Apache and Squid Network file sharing services (NFS, FTP, and Samba) Domain Name System (DNS) E-mail (servers and clients) Extended Internet Services Daemon (xinetd), the Secure package, and DHCP The X Window System Firewalls, SELinux, and troubleshooting
4
5
Contents RHCE - RH302 Red Hat Certified Engineer ....................................................................................... 1 Certification Exam Preparation Course in a Book for Passing the RHCE - RH302 Red Hat Certified Engineer Exam - The How To Pass on Your First Try Certification Study Guide .......... 1 Installation and Hardware Configuration ......................................................................................... 14 1.1.Overview ................................................................................................................................................... 14 1.2.Installation ............................................................................................................................................... 14
1.2.1.Using DVD............................................................................................................................ 14 1.2.2.Using Hard Disk .................................................................................................................. 15 1.2.3.Using Network ..................................................................................................................... 15 1.3.Kickstart File ............................................................................................................................................ 16
1.3.1.Creating Kickstart file .......................................................................................................... 16 1.3.2.Use of Kickstart file ............................................................................................................. 18 1.4.Configuring Hardware ............................................................................................................................ 19
1.4.1.Graphical utilities ................................................................................................................ 20 2.The Boot Process .............................................................................................................................. 25 2.1.Overview................................................................................................................................................... 25 2.2.Grub ......................................................................................................................................................... 25
2.2.1.Grub configuration file ....................................................................................................... 26 2.2.2.Configuring Grub ................................................................................................................ 27 2.3.Starting init .............................................................................................................................................. 29
2.3.1./etc/inittab file .................................................................................................................... 29
6
2.3.3.runlevel................................................................................................................................ 33 2.3.4.Initializing System.............................................................................................................. 34 2.3.5.Using command chkconfig ................................................................................................ 37 2.4.Using Graphical utilities ......................................................................................................................... 39
3.Filesystem Administration .............................................................................................................. 40 3.1.Overview ................................................................................................................................................... 40 3.2.Filesystem Information .......................................................................................................................... 40
3.2.1./etc/fstab file ....................................................................................................................... 41 3.2.2./etc/mtab ............................................................................................................................ 42 3.2.3.Mounting a filesystem........................................................................................................ 43 3.2.4.Unmounting a filesystem................................................................................................... 43 3.2.5.Creating a filesystem .......................................................................................................... 44 3.3.Creating Swap space ............................................................................................................................... 46
3.3.1.Enabling swap space........................................................................................................... 47 3.3.2.Disabling swap space ......................................................................................................... 48 3.4.Checking and Repairing a filesystem ..................................................................................................... 48
3.4.1.Searching for badblocks ..................................................................................................... 49 3.5.Automatically mounting a filesystem .................................................................................................... 50
3.5.1.Checking status of automount ........................................................................................... 52 3.6.RAID disks ............................................................................................................................................... 52
3.6.1.Creating RAID device ......................................................................................................... 52 3.7.Logical Volume Group ............................................................................................................................ 54
7
3.7.1.Creating A Logical Volume Group ..................................................................................... 54 3.7.2.Remove a logical volume .................................................................................................... 57 3.7.3.Remove a volume group ..................................................................................................... 58 3.7.4.Remove a physical volume ................................................................................................. 58 3.7.5.Logical volume management utility .................................................................................. 58 4.Package Management ...................................................................................................................... 59 4.1.Overview................................................................................................................................................... 59 4.2.Using yum ................................................................................................................................................ 59 4.3.Using rpm ................................................................................................................................................ 62 4.4.Using make .............................................................................................................................................. 64 4.5.Package Manager .................................................................................................................................... 65
5.User and Group Administration ..................................................................................................... 66 5.1.Overview ................................................................................................................................................... 66 5.2.Creating User Account ............................................................................................................................ 66 5.3.Modifying user account .......................................................................................................................... 72 5.4.Deleting user account ............................................................................................................................. 72 5.5.Group Administration ............................................................................................................................. 73
5.5.1.Adding New Group .............................................................................................................. 73 5.5.2.Modifying group information ............................................................................................ 73 5.5.3.Deleting group..................................................................................................................... 73 5.6.Using User Manager ............................................................................................................................... 73
5.6.1.Changing user password ..................................................................................................... 76 5.7.Space Usage ............................................................................................................................................. 76
6.System Administration .................................................................................................................... 77
8 6.1.Overview................................................................................................................................................... 77 6.2.Getting Administration Rights ............................................................................................................... 78
6.2.1.The su command................................................................................................................. 78 6.2.2.Using the su ........................................................................................................................ 78 6.2.3.Administrative commands ................................................................................................ 79 6.2.4./etc/sudoers file ................................................................................................................. 79 6.3.Changing owner and group .................................................................................................................... 81 6.4.Monitoring System performance ........................................................................................................... 82
6.4.1.Using System Monitor ........................................................................................................ 82 6.4.2.Using top ............................................................................................................................. 84 6.4.3.Other commands ................................................................................................................ 84 6.5.Log information....................................................................................................................................... 86
7.Kernel Services and Configuration ................................................................................................. 87 7.1.Overview ................................................................................................................................................... 87 7.2.kernel Modules ....................................................................................................................................... 87
7.2.1.Modules Loaded into Kernel .............................................................................................. 88 7.2.2.Inserting module into kernel ............................................................................................................... 89
7.2.3.Removing module from kernel .......................................................................................... 89 7.2.4.Using modprobe command ............................................................................................... 89 7.3.Process and Kernel Information ............................................................................................................ 90
7.3.1.The ps command ................................................................................................................. 90 7.3.2.Changing priority of process.............................................................................................. 90
9
7.3.3.Using dmesg ........................................................................................................................ 91 7.3.4.Syslogd ................................................................................................................................. 92 7.4.Automating Tasks -- ................................................................................................................................ 93
7.4.1.Using at ................................................................................................................................ 93 7.4.2.Using batch command ........................................................................................................ 96 7.4.3.Using cron ........................................................................................................................... 97 8.Web Server ....................................................................................................................................... 99 8.1.Overview .................................................................................................................................................. 99 8.2.Starting Apache ....................................................................................................................................... 99 8.3.Main Configuration file ........................................................................................................................ 101
8.3.1.Global Environment Configuration ................................................................................. 101 8.3.2.Main server section .......................................................................................................... 103 8.3.3.Virtual hosts section ......................................................................................................... 105 8.4.HTTP Server Configuration ................................................................................................................. 106
9.Squid Server ................................................................................................................................... 111 9.1.Overview................................................................................................................................................. 111 9.2.Configuring Squid ................................................................................................................................. 111
9.2.1.Network options ................................................................................................................ 111 9.2.2.Neighbor selection algorithm option .............................................................................. 112 9.2.3.Cache size options............................................................................................................. 112 9.2.4.Log File and Cache directory section .............................................................................. 112 9.2.5.Access control section ...................................................................................................... 113
10
9.2.6.Administrative parameters .............................................................................................. 114 9.3.Cache Manager ...................................................................................................................................... 114 9.4.Squid Daemon ....................................................................................................................................... 115
10.NFS Server .................................................................................................................................... 116 10.1.Overview ............................................................................................................................................... 116 10.2.Starting NFS service............................................................................................................................ 116 10.3.Sharing Folders ................................................................................................................................... 117
10.3.1.Format of hostname ....................................................................................................... 117 10.3.2.Options format................................................................................................................ 118 10.4.Accessing the NFS directory ............................................................................................................... 119 10.5.NFS Server Configuration................................................................................................................... 120 10.6.Using nfsstat ........................................................................................................................................ 122
11.Samba Server ................................................................................................................................ 122 11.1.Overview ............................................................................................................................................... 122 11.2.Samba Server Configuration ............................................................................................................... 122 11.3.Samba configuration file ..................................................................................................................... 126 11.4.Starting Samba service ........................................................................................................................ 127
11.4.1.Checking the service ........................................................................................................ 127 12.FTP Server .................................................................................................................................... 128 12.1.Overview ............................................................................................................................................... 128 12.2.Starting vsftd........................................................................................................................................ 128 12.3.Configuring vsftpd ............................................................................................................................... 128 12.4.ftp command prompt .......................................................................................................................... 130 12.5.Very Secure FTP daemon Configuration ........................................................................................... 131
13.LDAP Server ................................................................................................................................. 133 13.1.overview ................................................................................................................................................ 133
11 13.2.Configuration ....................................................................................................................................... 133 13.3.Starting the ldap .................................................................................................................................. 135
14.NIS server...................................................................................................................................... 135 14.1.Overview ............................................................................................................................................... 135 14.2.Setting NIS domain name ................................................................................................................... 135 14.3.Configuring NIS ................................................................................................................................... 136 14.4.Starting NIS server .............................................................................................................................. 137
14.4.1.Staring NIS server ........................................................................................................... 137 14.4.2.Starting ypbind service ................................................................................................... 137 14.5.Mapping Information .......................................................................................................................... 137
14.5.1.NIS database .................................................................................................................... 139 15.DHCP Server ................................................................................................................................. 139 15.1.Overview ............................................................................................................................................... 139 15.2.Starting the DHCP server.................................................................................................................... 139 15.3.Configuration file ................................................................................................................................. 140 15.4.Working of DHCP server..................................................................................................................... 140 15.5.DHCP client.......................................................................................................................................... 140
16.DNS server .................................................................................................................................... 143 16.1.Overview ............................................................................................................................................... 143 16.2.Starting Named daemon ..................................................................................................................... 143 16.3.BIND Configuration GUI .................................................................................................................... 143 16.4.Important files ..................................................................................................................................... 145
17.Mail Services ................................................................................................................................. 146 17.1.Overview ............................................................................................................................................... 146 17.2.Sendmail............................................................................................................................................... 146
17.2.1./etc/mail ........................................................................................................................... 147
12
17.2.2.Generating the .db files .................................................................................................. 147 17.2.3.Checking Sendmail Server ............................................................................................. 148 17.2.4.Important Files ............................................................................................................... 149 17.2.5.Actions taken by server on a mail .................................................................................. 149 17.3.Postfix ................................................................................................................................................... 150
17.3.1.Starting postfix server ..................................................................................................... 150 17.3.2.Configuration file ............................................................................................................ 151 17.3.3.Mailbox ............................................................................................................................ 151 17.3.4./var/spool/postfix .......................................................................................................... 152 17.3.5.Log files ............................................................................................................................ 152 17.4.Switching MTA .................................................................................................................................... 152 17.5.Dovecot ................................................................................................................................................. 153
17.5.1.Starting Dovecot .............................................................................................................. 153 17.5.2.Configuration file ............................................................................................................ 153 18.Network Security.......................................................................................................................... 155 18.1.Overview ............................................................................................................................................... 155 18.2.The daemon xinetd .............................................................................................................................. 155 18.3.Using TCP wrappers............................................................................................................................ 156
18.3.1./etc/hosts.allow............................................................................................................... 156 18.3.2./etc/hosts.deny ............................................................................................................... 156 18.4.Security Level Configuration .............................................................................................................. 157
18.4.1.Configuration files .......................................................................................................... 159
13 18.5.Command Reference ........................................................................................................................... 159
19.PAM and SELinux ........................................................................................................................ 160 19.1.PAM ...................................................................................................................................................... 160 19.2./etc/pam.d ........................................................................................................................................... 160 19.2.SELinux ................................................................................................................................................ 162
19.2.1.SELinux administration .................................................................................................. 162 19.3.Command Reference ........................................................................................................................... 163
Over 250 Exam Preparation Questions ........................................................................................... 164
14
INSTALLATION AND HARDWARE CONFIGURATION 1.1.Overview
Red Hat Enterprise Linux is one of the major commercial Linux distributions available in market . Fedora Core Linux is an open source project of Red Hat. New version of Fedora Core Linux is released every six months. 1.2.Installation
Anaconda is the default installer in Red Hat Linux. The installation process can be broadly divided into many parts depending on the method used for installation z z z
DVD Network Hard Disk 1.2.1.Using DVD
To begin installation using the DVD place the DVD media in the DVD drive of the computer and set the BIOS to boot from DVD drive. The steps of the installation process are z z z z
The DVD media is checked Choose language to use during installation process. Choose keyboard layout. Choose install type. User can either choose for new install or upgrade an existing installation.
z z z z
z z z z z z z
Choose the software packages to install. Choose partition scheme (options are automatic partition or manual partition) . Choose partitioning (options are use free space on hard disk,use current Linux partitions,use whole hard disk,and custom partition) If custom partition option is chosen create at least one / partition and swap partition (for single boot system) and create a / partition,swap partition and one /boot partition (for dual boot system) Install the grub bootloader on MBR. Configure the network device. Set the firewall options. Choose the languages system should support. Choose the time zone in which system is. Enter the root password. Select the packages.
After installation is complete remove the DVD media from DVD drive. The user had to accept the License terms,Configure the firewall,Configure the sound card.
15
Then the user is prompted for user name and password on the login screen. 1.2.2.Using Hard Disk For installation from hard disk it is assumed that Red hat Linux is already running on the computer. In the hard disk install copy all the files of the DVD in a partition drive which is not used during the new installation. Then copy the vmlinuz and initrd files of the DVD media in /boot directory. These files are needed to boot the installation process. GRUB is installed as the bootloader in Red Hat by default. To boot the installation process the boot loader should be informed about the files copied in the /boot directory. The following entry is added in the /boot/grub/grub.conf file to achieve the purpose title Red Hat-Installation root (hd0,7) kernel /vmlinuz initrd /initrd.img root(hd0,7) means that /boot partition exists on eighth partition of first hard disk. After above steps reboot the computer. Choose Red Hat Installation on the Grub menu to begin the install process. 1.2.3.Using Network For the network installation the installation files should be copied to the computer which will act as install server. In case of web server or HTTP server the files need to be copied in the directory /var/www/html. In case of NFS server the directory containing the installation files should be made accessible. In case of FTP server copy the files to directory /var/ftp/pub.
16
Note : when using the installation from Network or Hard disk choose the option INSTALL OR UPGRADE in text mode on the first screen of the Installation process. At the boot prompt enter the command askmethod :boot linux askmethod This lets the user to select the Installation Method. 1.3.Kickstart File
After successful installation of Red Hat Linux a kickstart file /root/anaconda-ks.cfg is created based on the options chosen by the user during the installation process. 1.3.1.Creating Kickstart file User has a choice to use graphical utility to create kickstart file or open a text editor and write the commands. 1.3.1.1.Text File install cdrom lang en_US.UTF-8 keyboard us xconfig --startxonboot network --device eth0 --bootproto dhcp rootpw --iscrypted firewall --enabled --port=22:tcp authconfig --enableshadow --enablemd5 selinux --enforcing timezone bootloader --location=mbr --driveorder=sda --append="rhgb quiet"
17
The install option denotes new installation and upgrade option will denote upgrade of an existing system. cdrom shows the install method used. NFS,FTP,HTTP,hard drive are other options which can be used for NFS,FTP,HTTP,and hard disk install methods. z z z z
For FTP method use option url –url give the ftp url name for HTTP method use option url –url give http url name for hard drive use option harddrive –dir=/give directory path –partition=give partition for NFS method use option nfs –server=servername –dir=directory name
Third line sets the installation language to be used during installation . Fourth line chooses the keyboard layout. The xconfig is used to configure the monitor and video card. The network command is used to configure the network. In above case it configures the Ethernet interface. rootpw denotes the root password. firewall command sets the firewall label. option –enable means firewall is enabled. option disable means firewall disabled. selinux is used to set the security enhanced linux the options are - -enforcing,--permissive,-disable timezone is used to select the timezone of the user. bootloader command is used to set the partition where the default bootloader grub is installed. 1.3.1.2.Graphical utility Open Terminal and type the command system-config-kickstart to start the kickstart configurator. [root@localhost ~]# system-config-kickstart
18
The user can use the graphical interface to choose the options and the kickstart file will be generated automatically. 1.3.2.Use of Kickstart file It is used to automate the installation process. To use kickstart installation use following steps z z z
create a kickstart file copy the kickstart file on cdrom, on network or on Local hard drive use above commands on the :boot prompt during the installation
ks=cdrom:
Kickstart from CDROM
ks=file:<path>
Kickstart from a file (path = 'fd0/ks.cfg')
ks=ftp://<path>
Kickstart from FTP.
ks=hd:<dev>
Kickstart via harddrive (dev = 'hda1', for example)
ks=http://<path>
Kickstart from HTTP.
ks=nfs(:options):<path> Kickstart from NFS. NFS mount options
19
are optional. 1.4.Configuring Hardware
The file /etc/sysconfig/hwconf contains the listing of installed hardware. The command kudzu can be run to detect and configure the changed hardware on a system. kudzu is run every time a Red Hat box is rebooted. It checks the file /etc/sysconfig/hwconf for the hardware installed and matches the data with the current hardware. Below is the format of the /etc/sysconfig/hwconf file class: CDROM bus: SCSI detached: 0 device: scd0 desc: "HL-DT-ST CD-RW GCE-8526B" host: 1 id: 0 channel: 0 lun: 0 class: VIDEO bus: PCI detached: 0 driver: i2c-i810 desc: "Intel Corporation 82845G/GL[Brookdale-G]/GE Chipset Integrated Graphics Device" video.xdriver: i810
20
vendorId: 8086 deviceId: 2562 subVendorId: 8086 subDeviceId: 2562 pciType: 1 pcidom: 0 pcibus: 0 pcidev: 2 pcifn: 0 The first entry is for a CDROM drive attached with the system and second is for the VIDEO card attached with the system. If any hardware is added or removed then it configures the added one and unconfigures the removed one. It then updates the data in /etc/sysconfig/hwconf. kudzu can be started in two modes z z
safe probe mode no safe probe mode
safe probe mode disables serial port probing,DDC monitor probing,PS/2 probing. To enable no safe probe mode on startup enter the line SAFE=no in the file /etc/sysconfig/kudzu. 1.4.1.Graphical utilities 1.4.1.1.For keyboard layout Enter the below command in terminal [root@localhost pub]# system-config-keyboard
21
The user can select the keyboard layout and press OK . 1.4.1.2.For monitor and video card Enter the below command in terminal [root@localhost pub]# system-config-display
z z z
User can set the Resolution,Color depth under the setting tab configure the monitor type and video card under tab hardware tab Use dual type tab for second monitor type and video card.
1.4.1.3.For sound card Enter the below command in terminal [root@localhost pub]# system-config-soundcard
22
This utility can be used to check the proper working of soundcard and reload the audio drivers and rewriting the configuration files. 1.4.1.4.For network devices Enter the below command in terminal [root@localhost pub]# system-config-network or [root@localhost pub]# neat
23
This utility is used to configure the network devices. z z z z z
On devices tab all network devices detected by Red Hat Linux are listed. Any network device can be selected and activated. On hardware tab the network hardware physically attached with computer and detected by Red Hat Linux can be configured. IPSec tab is used to configure IPSec tunnel and host to host connections. DNS tab is used to configure system's hostname and primary,secondary and tertiary dns IP addresses and dns search path. Hosts tab is used to specify static computer host name to IP address mapping.
1.4.1.5.For printer Enter the below command in terminal [root@localhost pub]# system-config-printer
24
This utility is used to add new printer or configure printers. 1.4.1.6.For date and time Enter the below command in terminal [root@localhost pub]# system-config-date or [root@localhost pub]# system-config-time
25
z z z
date & time tab is used to set the current date and time. network time protocol tab is used to synchronize system's clock with remote time server using network time protocol time zone tab is used to select the time zone in which the system lies.
2.THE BOOT PROCESS 2.1.Overview
The boot process can be divided into many steps. z z z z
Checking of MBR (Master boot record) by BIOS. Loading the bootloader in MBR. Choosing Operating system to boot on bootloader menu. Booting the Operating System
2.2.Grub
Grub is default bootloader if Red Hat Linux is installed in the system. When a system is booted the user sees the grub menu. The grub menu lists the operating systems which are installed on the system. Grub is able to boot non Linux operating system like Windows also. Grub boots the operating system chosen by the user on the grub menu. Every operating system displayed on the grub menu has its listing in the grub configuration file /boot/grub/grub.conf.
26
2.2.1.Grub configuration file Let the system have two operating system installed windows and Fedora Linux then the contents of the grub configuration file is # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that #
all kernel and initrd paths are relative to /boot/, e.g.
#
root (hd0,7)
#
kernel /vmlinuz-version ro root=/dev/sda11
#
initrd /initrd-version.img
#boot=/dev/sda default=0 timeout=5 splashimage=(hd0,7)/grub/splash.xpm.gz hiddenmenu title Fedora-Linux root (hd0,7) kernel /vmlinuz-2.6.21-1.3194.fc7 ro root=LABEL=/1 rhgb quiet initrd /initrd-2.6.21-1.3194.fc7.img title Windows rootnoverify (hd0,0)
27
chainloader +1 The title is used to set the display name on the grub menu corresponding to the operating system. E.g. on grub menu Fedora-Linux Windows is displayed. If user chooses fedora Linux on menu then the bootloader sees /dev/sda8 partition of the first hard disk (root (hd0,7) means the files needed to boot the operating system is present on the eighth partition of the first hard disk. kernel indicates the kernel which is loaded. The kernel gives the control to the init process which is called father of all processes. The initrd denotes the initial RAM disk boot image. The ro option on the kernel line means that the partition is to be mounted read only. If the user chooses the windows option then the windows operating system is booted. The rootnoverify (hd0,0) means that grub will not mount the partition. The option chainloader +1 means that grub will call the other boot loader to boot the operating system. The option default=0 means that if user makes no choice then the first operating system in the file will be booted. The option timeout=5 means that the user will have to make choice in 5 seconds on the grub menu. If the user makes no choice in 5 seconds then the default operating system will boot. In the above file the default operating system that will boot is Fedora. 2.2.2.Configuring Grub There are two ways to configure the grub bootloader. z z
By editing the configuration file using text editors by using Boot Configuration
28
2.2.2.1.Editing /boot/grub/grub.conf using Text editors The configuration file can be edited using any of the text editors like vi, gedit ,and emacs. After making the changes the grub has to be restarted to make the changes take place. 2.2.2.2.By using Boot Configuration To start the boot configuration graphical utility type the below command in the terminal window [root@localhost ~]# system-config-boot
The utility helps to chose default operating system which will be booted in case user has not made any choice within the time period on the grub menu. It also helps the user to choose the timeout period in seconds. If the user chooses 5 seconds then grub will wait for 5 seconds for user to make a choice after that it will boot the default operating system. 2.2.2.3.Password Protecting Grub Grub can also be password protected. This option is also available during the installation of Red Hat Linux. The MD5-encrypted password for grub can be generated using the command [root@localhost ~]# man grub-md5-crypt
29
in terminal. After entering the command the user is prompted to enter the password and then to verify the password user has to reenter the password. 2.3.Starting init
init is the father of all processes. The kernel starts the init process after mounting basic filesystems during the boot process. The init process has the pid (process identification number each and every process running on the system has a unique number assigned to them known as PID) of 1. init looks to the file /etc/inittab and runs the script in the file /etc/inittab. The init process looks for the entry initdefault in the file /etc/inittab. The entry initdefault indicates the default runlevel with which system needs to be started up. If the entry initdefault is not mentioned in the file then the user has to enter the runlevel values in the console for the boot process to proceed. 2.3.1./etc/inittab file This file describes which processes are started at boot up and during normal boot process (for different run levels different numbers of processes are started). An entry in the inittab file has the following format: id:runlevel:action:process z z z z
id is the unique identifier. runlevel is the value between 0,1,2,3,4,5 and 6 (some more values are available but not used).The runlevel field of sysinit, boot, and bootwait entries are ignored. Action describes the action to be taken by init. process specifies the process to be executed.
init Action respawn
Description The process is restarted using the process for this action. The process will be started once when the specified runlevel is entered and init will
wait
wait for its termination.
initdefault
An initdefault entry specifies the runlevel
30
entered after system boot. If none exists, init will prompt for runlevel on console. The process field is ignored. sysinit
The process will be executed during system boot. The runlevel field is ignored.
ctrlaltdel
If the user presses the CTRL+ALT+DELETE keys of the keyboard together then the init responds by shutting down the system or rebooting (depending on the process set)
powerfail
This action denotes that power failure has occurred and init takes the action depending upon the process set for this action
Powerokwait
If the powerfail action has occurred and the process mentioned for the powerfail action is to shutdown after 2 minutes then this action comes into picture if the power is restored before 2 minutes then the process for this action takes place.
Lines beginning with ‘#’ are comments. Below is a sample /etc/inittab file. # # inittab #
This file describes how the INIT process should set up the system in a certain run-level.
# # Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this)
31
# 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:5:initdefault: # System initialization. si::sysinit:/etc/rc.d/rc.sysinit l0:0:wait:/etc/rc.d/rc 0 l1:1:wait:/etc/rc.d/rc 1 l2:2:wait:/etc/rc.d/rc 2 l3:3:wait:/etc/rc.d/rc 3 l4:4:wait:/etc/rc.d/rc 4 l5:5:wait:/etc/rc.d/rc 5 l6:6:wait:/etc/rc.d/rc 6 # Trap CTRL-ALT-DELETE ca::ctrlaltdel:/sbin/shutdown -t3 -r now # When our UPS tells us power has failed, assume we have a few minutes # of power left. Schedule a shutdown for 2 minutes from now. # This does, of course, assume you have powered installed and your
32
# UPS connected and working correctly. pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" # If power was restored before the shutdown kicked in, cancel it. pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Canceled" # Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 # Run xdm in runlevel 5 x:5:respawn:/etc/X11/prefdm -nodaemon The line id:5:initdefault: sets the action to initdefault and the runlevel is 5. The line si::sysinit:/etc/rc.d/rc.sysinit is executed for every runlevel for the action sysinit the process /etc/rc.d/rc.sysinit is executed. The line 5:5:wait:/etc/rc.d/rc 5 denotes that the process /etc/rc.d/rc5 will be executed for the runlevel 5 and init will wait until the process is not completed. The line ca::ctrlaltdel:/sbin/shutdown -t3 -r now denotes that if the user presses the CTRL+ALT+DELETE keys then the system reboots after three seconds.
33
The line pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down" denotes that if power failure occurs then the powerfail action takes place and the system is scheduled to wait for two minutes before shutting down. The line pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Canceled" denotes that if the power resumes before two minutes then cancel the shutdown of the system. The line x:5:respawn:/etc/X11/prefdm -nodaemon denotes that the X11 server is started in case of runlevel 5. Thus graphic interface is available in runlevel 5. 2.3.3.runlevel A runlevel is a software configuration of the system which allows only a selected group of processes to exist.
runlevel 0
Description It is used to halt the system. It should not be used in initdefault.
1
Single user mode. No graphical tools are available.
2
Multiuser mode. Many users can login into the system. The graphical tools are not available as the X server is not running. Network services like NFS/NIS/Xinetd are not available.
3
Multiuser mode. The network services are available but the graphics mode is not available
4
Not used
5
Multiuser mode. All the network services are available. The graphics mode is also available as
34
the X11 is running. A good choice for the initdefault entry 6
All the process is terminated and the system is rebooted. This is not good choice for initdefault.
The runlevels 0,1 and 6 are reserved. Other runlevels like 7,8,9,a,b,c are also available but are not used.
2.3.4.Initializing System The script /etc/rc.sysinit is run once at the boot time. It is a shell script which performs many functions like z z z z z z z z
sets the hostname of the system checks SELinux status sets the system clock Initializes hardware Configures kernel parameters Mounts the filesystems Configures the hardware Starts and enables the swap space
2.3.4.1.Starting Services The services which will be started for a run level depends on the files contained in the directory of that runlevel.
runlevel
directory
0
/etc/rc.d/rc0.d
1
/etc/rc.d/rc1.d
2
/etc/rc.d/rc2.d
3
/etc/rc.d/rc3.d
4
/etc/rc.d/rc4.d
35
5
/etc/rc.d/rc5.d
6
/etc/rc.d/rc6.d
All programs in the directories of the above runlevel are symbolic link to programs in the directory /etc/rc.d/init.d. The directory /etc/rc.d/init.d contains the run level scripts. Thus for a run level which scripts of the directory /etc/rc.d/init.d are to be run depends on the contents of the directory corresponding to the runlevels. 2.3.4.2.Naming convention of files in runlevel directories The files in the runlevel directories have special naming convention. Name of all the programs either begins with S or K followed by 2 digits (0-9) and after that name of the service. All the programs (files of run level directories) whose name begin with S starts the service and name begin with K kills or stops the service. The two digits determine the order in which the services will run. E.g. the directory /etc/rc.d/rc5.d contains files for runlevel 5. It contains two files S10network and S56Xinetd then the service S10network is run first. The concept of deciding the order in which the scripts will run remains the same for the files with name beginning with K. 2.3.4.3.Format of scripts in /etc/rc.d/init.d The directory contains the scripts of all the runlevels. Below is the sample file to start the network service. #! /bin/bash # # network
Bring up/down networking
# # chkconfig: 2345 10 90 # description: Activates/Deactivates all network interfaces configured to \ #
start at boot time.
36
# ### BEGIN INIT INFO # Provides: $network ### END INIT INFO The line # chkconfig: 2345 10 90 sets the script to start in the runlevels 2,3,4 and 5 with the priority or order 10 and in case of all other runlevels it stops the service with the order or priority 90. In the runlevel 5 directory /etc/rc.d/rc5.d a file with name S10network will exist (as network service starts for run level 5 with the priority 10 and in the runlevel directory /etc/rc.d/rc1.d a file with name K90network will exist as network service stops with the priority 90 in runlevel 1. 2.3.4.4.Determining current and previous runlevel To determine current and previous runlevel use the below command [root@localhost ~]# runlevel N5 The letter N denotes that there is no previous runlevel (that is runlevel has not been changed). 5 denote that the current runlevel is 5. 2.3.4.5.Changing runlevels To change the current runlevel use the below command [root@localhost ~]# telinit n The letter n should be replaced by the values 0,1,2,3,4,5,6 that is Use telinit 5 to switch to runlevel 5. The init process kills or starts the processes necessary to switch to that runlevel in above case it will do it for runlevel 5. 2.3.4.6.Configuring services for a runlevel
37
User can decide the services which should run in a runlevel and which should not run in a run level. User can also see the status of each service in each runlevel. There are two methods to reorganize the services and view the information about the services in a runlevel. 2.3.5.Using command chkconfig The command chkconfig can used to view the information about every service in a runlevel and start or stop them. It can also be used to add a new service or delete a new service as well. 2.3.5.1.Adding a new service To add new service enter below command in terminal [root@localhost ~]# chkconfig --add new-service-name The new-service-name should have a start or kill entry in each of the runlevel. 2.3.5.2.Deleting a new service To delete service enter below command in terminal [root@localhost ~]# chkconfig --del new-service-name The service new-service-name is deleted from the chkconfig management and all the links in the runlevel directories are also removed. 2.3.5.3.Enable a service To enable a service in a runlevel enter below command in terminal (while working in that run level). [root@localhost ~]# chkconfig service-name on
The service service-name is enabled for that runlevel. 2.3.5.4.Disable a service
38
To disable a service in a runlevel enter below command in terminal (while working in that run level) [root@localhost ~]# chkconfig service-name off
The service service-name is disabled for that runlevel. 2.3.5.5.List status of a service To list status of a service in runlevels enter below command in terminal [root@localhost ~]# chkconfig –list service-name The status of the service service-name is displayed for all runlevel. For example [root@localhost ~]# chkconfig --list httpd httpd
0:off 1:off 2:on 3:on 4:on 5:on 6:off
The service httpd is enabled in the runlevels 2,3,4 and 5 and disabled in 0,1, and 6. 2.3.5.6.List status of all services To list status of all service in runlevels enter below command in terminal [root@localhost ~]# chkconfig –list
The status of all the services is displayed for all runlevel. 2.3.5.7.Starting a service To start a service enter below command in terminal [root@localhost ~]# service service-name start The service service-name is started in that runlevel. For example [root@localhost ~]# service httpd start
39
Starting httpd:
[ OK ]
The service httpd is started. 2.3.5.8.Stopping a service To start a service enter below command in terminal [root@localhost ~]# service service-name stop
The service service-name is stopped in that runlevel. For example [root@localhost ~]# service httpd stop Stopping httpd:
[ OK ]
The service httpd is stopped. 2.4.Using Graphical utilities
The service configuration utility can be used to edit a runlevel. It can be used to start a service, stop a service,add a service and delete a service. To start the service configuration use the below command in the terminal window [root@localhost ~]# serviceconf or [root@localhost ~]# system-config-services
40
User can check the box on the left of the service and then clicks to start,stop or restart the service. After making any changes it need to be saved using the save option on the graphic tool.
3.FILESYSTEM ADMINISTRATION 3.1.Overview
Red Hat Linux uses the ext3 filesystem. It has journaling feature that improves recovery from crashes. The filesystems are organized in a hierarchy. The / filesystem is on top of the hierarchy. All other filesystems are contained in it in form of subdirectories. If a disk partition is mounted on a filesystem then all the sub directories and files below that mount point are stored on that partition. Let the / partition and /usr partition are mounted on /dev/sda5 and /dev/sda6 partitions then the sub directories and files below the /usr are stored in the /dev/sda6 partition. All the filesystems which don't have separate partition are stored in the partition of / filesystem. 3.2.Filesystem Information
/bin – it contains commands to be used by common users.
41
/boot – it contains bootable Linux kernel and bootloader
configuration files.
/dev – it contains files representing device of the system. /etc – it contains configuration file. /sbin – it contains administrative commands. /usr – contains user and administrative commands, user
applications, and documentation.
/var – it contains log files of different services, and directories of
data used by services like
FTP, Web server. /proc – The /proc filesystem is virtual file system. This means that is not mounted on any disk partiotion. It about the
the /proc filesystem
contains system information and information
processes running on the system. The process information is kept into a sub
directory of the /proc. The name of the sub
directory is same as that of process PID.
3.2.1./etc/fstab file The file contains information about the filesystems. The sample /etc/fstab file is LABEL=/1
/
ext3
LABEL=/opt1
/opt
ext3
defaults
LABEL=/usr1
/usr
ext3
defaults
12
LABEL=/home1 /home
ext3
defaults
12
LABEL=/boot1
ext3
defaults
12
defaults
00
gid=5,mode=620
00
tmpfs devpts
/boot
/dev/shm tmpfs /dev/pts
sysfs
/sys
proc
/proc
LABEL=SWAP-sda13
devpts
defaults
sysfs proc swap swap
11 12
defaults
00
defaults defaults
00 00
42
The first column represents the device name representing the filesystem. The second column represents the mount point in the filesystem. The third column denotes the filesystem type. The filesystem types ext3,swap are associated with a device that is Partition of hard disk but the filesystems with type proc,sysfs,tmpfs are not associated with any partition of hard disk. The fourth column contains the options used while mounting the filesystem during the system boot using the mount command. The filesystem with the option noauto in the fourth field are not mounted during boot time. The defaults option mounts the filesystem with following options of mount rw, suid, dev, exec, auto, nouser,and async. async All I/O to the file system should be done asynchronously. auto means automatically mounted at boot time, dev Interpret character or block special devices on the file system. exec means allow execution of executable files, rw means in read write mode, suid Allow set-user-identifier or set-group-identifier bits to take effect. nouser a non root user cannot mount the filesystem. 3.2.2./etc/mtab To view the filesystems which are actually used by a running Linux system type the command mount in terminal or view the contents of the /etc/mtab file. The difference is /etc/fstab contains the static information about the filesystems while /etc/mtab contains the dynamic information about the filesystem. The sample /etc/mtab file is below /dev/sda11
/
ext3
rw
00
proc
/proc
proc
rw
00
sysfs
/sys
sysfs
rw
00
43
devpts
/dev/pts
devpts
rw,gid=5,mode=620 0 0
/dev/sda12
/opt
ext3
rw
00
/dev/sda10 /usr
ext3
rw
00
/dev/sda9
/home
ext3
rw
00
/dev/sda8
/boot
ext3
rw
00
tmpfs
/dev/shm
tmpfs
rw
00
none
/proc/sys/fs/binfmt_misc binfmt_misc rw
00
sunrpc
/var/lib/nfs/rpc_pipefs rpc_pipefs
00
rw
First column contains the disk partition which is mounted. Second column contains the filesystem mounted. Rests of the columns are same as that of the /etc/fstab file. 3.2.3.Mounting a filesystem To mount a filesystem mount command is used. The standard format of mount command is mount -t filesystem-type device-path-name directory-name If a user wants to mount cdrom media in directory /home/movie then issue the command [root@localhost ~]# mount /dev/cdrom /home/movies If a user wants to mount windows partition /dev/sda4 on /home/movie then issue the command [root@localhost ~]# mount -t vfat /dev/sda4 /home/movies 3.2.4.Unmounting a filesystem To unmount a filesystem use the following command umount directory-name- on-which-the-device-was-mounted
44
To unmount the /dev/sda4 use the following command root@localhost ~]#umount /home/movies To unmount a device when the device is no longer in use (at the time when the command is issued the device is in use so the command waits for the device). For example files are being copied from mounted directory /home/movies then below command will unmount the directory when file copy is over. root@localhost ~]#umount -l /home/movies To force unmounting of a directory use the below command root@localhost ~]#umount -f /home/movies 3.2.5.Creating a filesystem A filesystem can be created on a device. A device can be floppy disks,rewritable Cd s,rewritable DVDs and hard disk partitions. mkfs command is used to create the filesystems on a device. The format of the command is mkfs -t filesystem-type device-name For example if ext3 filesystem is to be created on the re writable CD device then the command will be mkfs -t ext3 /dev/cdrom mkfs command is front end to the commands which are actually invoked to carry out the work of creating the filesystems on the device. The command which will be invoked depends on the filesystem which is to be created. Below is the list of commands and filesystems for which the commands will be invoked.
filesystem Commands used ext2
mkfs.ext2 , mke2fs , mkfs -t ext2
ext3
mkfs.ext3, mke2fs , mkfs -t ext3
45
vfat
mkfs.vfat , mkfs -t vfat,mkdosfs,mkfs.msdos
ntfs
mkfs.ntfs,mkfs -t ntfs
xfs
mkfs.xfs , mkfs -t xfs
swap
mkswap
The commands mke2fs uses the configuration file /etc/mke2fs.conf. The configuration file contains the default parameters while creating the ext2 and ext3 filesystems. Below is the sample /etc/mke2fs file [defaults] base_features=sparse_super,filetype,resize_inode,dir_index blocksize = 4096 inode_ratio = 8192 [fs_types] small = { blocksize = 1024 inode_ratio = 4096 } floppy = { blocksize = 1024 } news = { inode_ratio = 4096
46
} largefile = { inode_ratio = 1048576 } largefile4 = { inode_ratio = 4194304 }
The defaults section of the file defines the default parameters used by the mke2fs. The default parameters can be overridden from the command line. The fs_types section defines the default parameters which should be used for a specific filesystems for example for the floppy the blocksize is set to 1024. 3.3.Creating Swap space
mkswap command is used to create a swap area on a device or file. If the system has less swap area and no partition device can be used as swap area or user is not willing to do that then a swap area can also be created on a file. The file should be created using the following commands [root@localhost ~]# dd if=/dev/zero of=/home/swap bs=1000000
count=10
10+0 records in 10+0 records out 10000000 bytes (10 MB) copied, 0.0373886 s, 267 MB/s This creates a file named swap in the /home directory of size 10 MB. It is data file (the output of the command file swap will return data as output).The ls -l swap command below shows the file permissions attached with the swap file created. The chmod command is used to change the file permissions of swap to 0 so that no one has the right to read,write or execute it.
47
[root@localhost home]# ls -l swap -rw-r--r-- 1 root root 10000000 2009-01-11 13:28 swap [root@localhost home]# chmod 0 swap [root@localhost home]# ls -l swap ---------- 1 root root 10000000 2009-01-11 13:28 swap Create swap space on the file swap [root@localhost home]# mkswap swap Setting up swapspace version 1, size = 9994 kB 3.3.1.Enabling swap space The swap space created cannot be used by the system unless it is enabled using the swapon command. The format of the swapon command is swapon device-name For example to enable the swap space created on the swap file above use the command [root@localhost home]# swapon swap The file /proc/swaps shows the swap space area of the system. This file can be used to see whether the swap area thus enables is used by the system or not. To check the contents of the /proc/swaps enter the below command on terminal [root@localhost home]# cat /proc/swaps Filename /dev/sda13 /home/swap
Type partition file
Size
Used Priority
819272 4 9756
0
-1 -2
The listing shows two swap areas on the system /dev/sda13 which is hard disk partition and /home/swap which is file.
48
3.3.2.Disabling swap space To disable a swap area use the command swapoff. The format of the command swapoff is swapoff device-name To disable the swap area created on the file swap in above case use the command [root@localhost home]# swapoff swap Now to check whether the swap file is disabled view the contents of the file /proc/swaps [root@localhost home]# cat /proc/swaps Filename
Type
/dev/sda13
partition
Size Used Priority 819272 4
-1
3.4.Checking and Repairing a filesystem
The fsck command is used to check the linux filesystem and optionally repair it. The general format of the fsck command is fsck -t filesystem-type device-name If no device-name is specified on the command line then the command checks the filesystem in order they are mentioned in the /etc/fstab file. The fsck command is the front end to the commands which are invoked for different filesystem types. The command which will be invoked depends on the filesystem which is to be checked. Below is the list of commands and filesystems for which the commands will be invoked.
Filesystem Commands used ext2
fsck.ext2 , fsck -t ext2
ext3
fsck.ext3, fsck -t ext3
vfat
fsck.vfat , fsck -t vfat,fsck.msdos
ntfs
fsck.ntfs,fsck -t ntfs
xfs
fsck.xfs , fsck -t xfs
49
fsck command returns the following exit codes 0 - No errors 1 - File system errors corrected 2 - System should be rebooted 4 - File system errors left uncorrected 8 - Operational error 16 - Usage or syntax error 32 - fsck canceled by user request 128 - Shared library error The exit code returned when multiple file systems are checked is bit-wise OR of the exit codes for each file system that is checked. 3.4.1.Searching for badblocks The command badblocks searches for the badblocks on a device. The badblocks command should not be run with the -w option as badblocks searches for the presence of badblocks on the device by writing a pattern on every block of the device which erases the data on the device. So,the filesystems which have data should not be checked with badblocks using the -w option. Those devices or filesystem should be checked for badblocks using the badblocks command without any option or with the -n option. The -n option is read only mode so no data is written on the device block and hence the data is not erased. To protect data and check for badblocks use the below command badblocks device-name or badblocks -n device-name To erase the data and check for the badblocks use the below command badblocks -w device-name
50 3.5.Automatically mounting a filesystem
When a system is booted the filesystems are automatically mounted. The users don’t have to run the mount command to mount the filesystems like /home,/usr etc. This automatic mounting of filesystem is due to the autofs service which runs when the system boots. The autofs service lies in the /etc/rc.d/init.d directory. When a system boots then the autofs service runs with the option start and when the system is shutting down the autofs service runs with the option stop. The autofs service controls the operation of the automount daemons. It reads the file /etc/auto.master and finds the mount points on system. Each mount points found is mounted by automount and a thread is also started by automount to manage the mount point. Below is the sample /etc/auto.master file. automount mounts a mount point when the mount point is accessed and deactivates it when it is no longer used. # Sample auto.master file # This is an automounter map and it has the following format # key [ -mount-options-separated-by-comma ] location # For details of the format look at autofs(5). # /misc /etc/auto.misc /net -hosts # # Include central master map if it can be found using # nsswitch sources. # # Note that if there are entries for /net or /misc (as # above) in the included master map any keys that are the
51
# same will not be seen as the first read key seen takes # precedence. # +auto.master In the above file the lines starting with # are comments. The line /misc /etc/auto.misc tells the daemon automount to look into the file /etc/auto.misc for the mount points. The sample /etc/auto.misc file is # This is an automounter map and it has the following format # key [ -mount-options-separated-by-comma ] location # Details may be found in the autofs(5) manpage cd
-fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
# the following entries are samples to pique your imagination #linux
-ro,soft,intr
#boot
-fstype=ext2
ftp.example.org:/pub/linux :/dev/hda1
#floppy
-fstype=auto
:/dev/fd0
#floppy
-fstype=ext2
:/dev/fd0
#e2floppy #jaz
-fstype=ext2 -fstype=ext2
#removable
-fstype=ext2
:/dev/fd0 :/dev/sdc1 :/dev/hdd
In the above file the line starting with # are comments. The line cd
-fstype=iso9660,ro,nosuid,nodev :/dev/cdrom
52
Causes the automount to mount the /dev/cdrom device when a CDROM media is inserted into the drive and change the directory to the /dev/cdrom. If user comments this line the /dev/cdrom drive will not be automatically mounted when a CDROM media is inserted into the drive. 3.5.1.Checking status of automount To check whether automount is running in the system or not type the following command in the terminal [root@localhost ~]# /etc/rc.d/init.d/autofs status automount (pid 2157) is running... 3.6.RAID disks
Linux uses the ext3 filesystem type which has journaling feature. Journaling feature means that it helps to recover from crashes and brings the filesystem into a consistent state. If power failure occurs when a system is running and it shutdowns immediately (not a graceful shutdown that is the system shuts down before user can shutdown using the shutdown -h now command or from the graphic panel choosing the shutdown option) leaves the filesystem in a inconsistent state. Journaling feature of the filesystem enables it to recover from such kind of crashes. But journaling feature is not sufficient to handle all the cases for example if one of the partition is damaged then the files cannot be recovered. RAID disks are used to improve disk performance and minimize the chance of data loss. RAID devices are virtual devices created from two or more real block devices. This allows multiple devices to be combined into a single device to hold a single filesystem. Linux Software RAID devices are implemented through the md (Multiple Devices) device driver. Currently, Linux supports LINEAR md devices, RAID0 (striping), RAID1 (mirroring), RAID4, RAID5, RAID6, RAID10. 3.6.1.Creating RAID device The RAID devices can be created during installation and after installation. 3.6.1.1.During installation
53
During installation of Red Hat Linux the RAID devices can be created using the disk druid partition manager. z z z z z
On the disk druid menu selecting the raid button launches the raid options panel. On that panel select create a software raid partition button. Create the partition with software raid as the filesystem type from the raid options panel select create a raid device button Enter the mount point, filesystem type, raid device, raid level information on the raid device panel.
This creates the raid devices. The raid devices information can be monitored, viewed using the mdadm command after the installation. 3.6.1.2.Using mdadm command To create the RAID device use the mdadm command. mdadm command is all purpose command for raid devices. It creates, enables, assembles and monitors the raid devices. The format of the mdadm command for creating raid devices is mdadm - -create raid-device-name - -level=n1 - -raid devices=n2 hard-disk-device-name n1 is a number which denotes the raid level of the raid device. The values of n1 can be 0, 1, 4, 5, 6, and 10. The value of n2 is equal to the number of physical devices which forms the raid device /dev/md0. The hard-disk-device name is name of the devices separated by spaces. The raid device name will be /dev/md0 if the first raid device is being created and so on. To create a raid device /dev/md0 of level 1 using the hard disks /dev/sda0,/dev/sda1,/dev/sda2 use the following command mdadm - -create /dev/md0 - -level=1 - -raid devices=3 /dev/sda0 /dev/sda1 /dev/sda2
3.6.1.3.Other uses of mdadm The mdadm can be used to mark a device of a raid array to be marked as failed, remove it from the raid array or add it to raid array. Raid array means the physical devices which together makes a logical raid device. The various format of the mdadm command are mdadm raid-device-name -f hard-disk-device-name
54
to mark the device as failed. To mark the device /dev/sda2 of the raid device /dev/md0 of the above example as failure the command used is mdadm /dev/md0 -f /dev/sda2 mdadm raid-device-name -r hard-disk-device-name is used to remove the device. To remove the device /dev/sda2 of the raid device /dev/md0 of the above example the command used is mdadm /dev/md0 -r /dev/sda2 mdadm raid-device-name -a hard-disk-device-name is used to add the device as a spare. To add the device /dev/sda2 of the raid device /dev/md0 of the above example the command used is mdadm /dev/md0 -a /dev/sda2 3.6.1.4.Information about a raid device The mdadm command is also used to see the detailed information about an active raid device. The command used for the purpose is given below mdadm - -details raid-device-name 3.7.Logical Volume Group
Logical volume group support is provided in Red Hat Linux. 3.7.1.Creating A Logical Volume Group To create a Logical volume group at first physical volume is initialized. The pvcreate command is used to initialize the partition for use by logical volume utilities. The format of pvcreate command is pvcreate hard-disk-partition-name To initialize the partition /dev/sda5 of the hard disk run the command [root@localhost ~]# pvcreate /dev/sda5
55
Physical volume "/dev/sda5" successfully created Then add the physical volume thus created to the new volume group using the command vgcreate or added to an existing volume group using the command vgextend. The format of command vgcreate and vgextend is vgcreate volume-group-name hard-disk-partition1 hard-disk-partition2 …........... vgextend volume-group-name hard-disk-partition1 hard-disk-partition2 ..... To create the new volume group my_vol_grp for the /dev/sda5 of the above example use the command [root@localhost dev]# vgcreate my_vol_grp /dev/sda5 Volume group "my_vol_grp" successfully created To view the attributes of the volume group created use the command vgdisplay. The format of the command vgdisplay is vgdisplay volume-group-name For example to view the attributes of the volume group my_vol_grp use the command [root@localhost dev]# vgdisplay my_vol_grp --- Volume group --VG Name
my_vol_grp
System ID Format Metadata Areas
lvm2 1
Metadata Sequence No 1 VG Access
read/write
VG Status
resizable
56
MAX LV Cur LV
0 0
Open LV
0
Max PV
0
Cur PV
1
Act PV
1
VG Size
9.77 GB
PE Size
4.00 MB
Total PE
2500
Alloc PE / Size
0/0
Free PE / Size
2500 / 9.77 GB
VG UUID
3I5EmB-es47-Deqz-hN9w-eUaK-u1i6-tMSCoW
To create a new logical volume in the volume group the command lvcreate is used. The format of the command lvcreate is lvcreate -l %VG or %FREE volume-group-name lvcreate -L G or M or K volume-group-name In the first case the space on which the logical group is to be created is expressed as the percentage of the total space of the volume group or the percentage of the total space of the free space. In the second case space on which the logical group is to be created is given as the total space expressed in MB, GB, KB (G means GB, M means MB and K means KB). To create the logical volume group on the my_vol_grp volume group created earlier use the command [root@localhost dev]# lvcreate -L 9.7G my_vol_grp
57
Rounding up size to full physical extent 9.70 GB Logical volume "lvol0" created The above commands create the logical volume successfully. To check the logical volume created view the contents of the directory /dev/my_vol_grp. It will contain an entry lvol0. To display the information about the logical volume thus created use the lvdisplay command. [root@localhost dev]# lvdisplay /dev/my_vol_grp/lvol0 --- Logical volume --LV Name
/dev/my_vol_grp/lvol0
VG Name
my_vol_grp
LV UUID
CaD0Bp-Czo8-fCbu-QXi5-d0I1-LHS3-TwJvVw
LV Write Access LV Status
read/write available
# open
0
LV Size
9.70 GB
Current LE
2484
Segments
1
Allocation
inherit
Read ahead sectors Block device
0
253:0
3.7.2.Remove a logical volume The lvremove command is used for this purpose. The format is lvremove /dev/volume-group/logical-volume-name
58
To remove logical volume logical-volume-name. To remove all the logical volumes in a volume group use lvremove /dev/volume-group 3.7.3.Remove a volume group The command vgremove is used for this purpose. vgremove volume-group-name 3.7.4.Remove a physical volume The command pvremove is used for this purpose. pvremove physical-volume 3.7.5.Logical volume management utility Red Hat offers graphical utility to achieve all the functions performed above like creating a volume group, creating a logical volume, removing volume group and logical volume, viewing and editing the information about the volume group and logical volume. To invoke the Logical Volume Management utility run the below command in the terminal window [root@localhost ~]# system-config-lvm
59
In the above utility the left hand panel shows the volume groups and the uninitialized entries. The uninitialized entries are the normal partitions of the hard disks and the volume group shows the volume group created for example this window shows the volume group my_vol_grp and within the volume group the logical volume lvol0 is listed. User can use the buttons edit properties to edit the properties of the logical volume.
4.PACKAGE MANAGEMENT 4.1.Overview
A good operating system should allow the user to install and update software with ease. Red Hat offers the luxury of maintaining the package in a simple and efficient way. There are many options available to the user yum, rpm, and graphical utilities. 4.2.Using yum
yum (Yellow Dog Updater ,Modified) is used to install and update the software packages in rpm format from software repositories on the web. The yum uses the configuration file /etc/yum.conf and the configuration files in the directory /etc/yum.conf.d.
60
The yum command checks the configuration files and searches the locations mentioned in the configuration files for the package which is needed to be updated or installed by yum. The format of sample configuration file /etc/yum.conf is [main] cachedir=/var/cache/yum keepcache=0 debuglevel=2 logfile=/var/log/yum.log exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 metadata_expire=1800 cachedir mentions the directory which yum uses as the cache memory that is storage for storing temporary file. keepcache options value if 0 causes the headers and cache files to be deleted after successful installation and value 1 retains the files. The log file where yum writes the log information. The option gpgcheck if 1 forces yum to check the gpg keys of the packages and if 0 the gpg keys are not checked. The files in the directory /etc/yum.repos.d contain the location on the web which yum searches for the packages. Each file represents the location of the packages. The contents of the directory are [root@localhost etc]# cd yum.repos.d;ls
61
fedora-development.repo fedora-updates.repo
livna-devel.repo
fedora.repo
fedora-updates.repocp
livna.repo
fedora.repocp
fedora-updates-testing.repo livna-testing.repo
Each file corresponds to a software repository on web. The file will be in the below form [fedora] name=Software-Server baseurl=give the http address of the server mirrorlist=give address of the mirror location enabled=1 gpgcheck=1 gpgkey=location of the gpg key file. The yum command takes a number of inputs. The general format of the command is yum option package-name In case of some options yum don't need package name so the format becomes yum option
Option
Description
usage
install
Installs a package
yum install package-name
update
Updates a package
yum update package-name
check-update Checks whether an update is available for the packages installed in the system
yum check-update
62
remove
Removes the pack-
yum remove package-name
age and any dependent package from the system erase
Same as remove
Same as remove
4.3.Using rpm
A lot number of Red Hat software exists in rpm format. It is very easy to install the rpm software packages by using the rpm command. The rpm command can be used to install, upgrade, verify, and uninstall the rpm software.
Option Usage
description
-i
rpm – i package-name Install a package
-U
rpm -U package-name Updates package already installed on the system. If any previous version of package is not installed then the package is installed.
-F
rpm -F package-name Upgrade a previously installed package.
-e
rpm -e package-name Erases a package from system
-q
rpm -q package-name Queries about a package
-V
rpm -V package-name Verify an installed package against its original software package. If the in-
63
stalled package matches with original software package then there is no output. -v
rpm -v
Prints verbose information
-vv
rpm -vv
Prints lots of verbose information
-h
rpm -h
Prints # marks during the package processing using rpm. 50 # are printed when 100% processing is done.
If the rpm command is to be used with two options then use this form usually the option -v, -vv, and -h is used with the other options. The format is [root@localhost rpm]# rpm -qvv python D: opening db environment /var/lib/rpm/Packages joinenv D: opening db index D: locked db index
/var/lib/rpm/Packages rdonly mode=0x0 /var/lib/rpm/Packages
D: opening db index
/var/lib/rpm/Name rdonly mode=0x0
D: opening db index
/var/lib/rpm/Pubkeys rdonly mode=0x0
D: read h# 1353 Header sanity check: OK D: ========== DSA pubkey id b44269d0 4f2a6fd2 (h#1353) D: read h#
741 Header V3 DSA signature: OK, key ID 4f2a6fd2
python-2.5-12.fc7
64
D: closed db index
/var/lib/rpm/Pubkeys
D: closed db index
/var/lib/rpm/Name
D: closed db index
/var/lib/rpm/Packages
D: closed db environment /var/lib/rpm/Packages D: May free Score board((nil)) In above example rpm queries the rpm database to find out whether the python software is installed. If the software is installed it prints the information about the software. The option -q and -vv are used together. The rpm command uses the two global configuration file /usr/lib/rpm/rpmrc and /usr/lib/rpm/redhat/rpmrc. It uses /etc/rpmrc configuration file which is configuration file specific to a system. The configuration file .rpmrc in the home directory of a user is the user level rpm configuration file. It also uses the /var/lib/rpm/* directory as the database for storing rpm package information. In above case it queries the database to get the information about the python rpm package. 4.4.Using make
The software packages are available in the tar.gz, tgz, and tar.bz2 format. The packages need to be uncompressed and then the source code is to be build using the. /configure, make and make install commands. To uncompress the packages with tar.gz extension use the commands gunzip realplay.tar.gz This forms realplay.tar and then use the command tar xvf realplay.tar generates directory realplay. The two commands can be combined into one command tar xvfz realplay.tar.gz
65
generates directory realplay. If the source code is in tar.bz2 format then use the command bzip2 -d realplay.tar.bz2 It forms the directory realplay.tar After uncompressing the package change the working directory of the terminal to the directory realplay Now to install the package run the commands ./configure make make install
The ./configure command configures the package for the platform of the system. The make command makes the package for the system. The command make install installs the package on the system. 4.5.Package Manager
package manager is a graphical utility which gathers the information about the packages available over the web for update and installation. It searches the software repositories which have been defined in the yum configuration files. To invoke the Package Manager enter the below command in terminal [root@localhost redhat]# system-config-packages
66
On the browse tab user can browse for the packages available over the web in different categories. On the search tab user can search for a package and on the list tab the user gets the listing of all the package, available package, and installed package depending upon the option box chosen by the user. After choosing for the packages which need to be installed the user can decide to apply the changes made on the panel. If the changes are applied then the packages are downloaded from web and are installed.
5.USER AND GROUP ADMINISTRATION 5.1.Overview
Linux is a multi user operating system. During installation root user account has to be created (root user is administrator of the system). One more user account is asked to create (user may choose to create the account or skip). User account can also be created after installation. Each user belongs to a group account. Group account can also be created after installation. 5.2.Creating User Account
The useradd command is used to create a new user. It is also used to update default values used while creating a new user. The general format of the useradd command is useradd options user-name
67
useradd -D options useradd -D The first form is used to create a new user while the second form is used to override the default options used while creating a new user. The third form is used to view the default values which will be used while creating a user account. To view the default values enter the following command in terminal [root@localhost ~]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel CREATE_MAIL_SPOOL=yes Simplest form of useradd command is useradd user-name If this command is run useradd creates the user account by using the default values. useradd reads the file /etc/login.defs for the default values to be used while creating the user. The sample /etc/login.defs file is # *REQUIRED* #Directory where mailboxes reside,or name of file, relative to the # home directory. If you _do_ define both, MAIL_DIR takes #precedence. # QMAIL_DIR is for Qmail
68
# #QMAIL_DIR MAIL_DIR #MAIL_FILE
Maildir /var/spool/mail .mail
# Password aging controls: # #PASS_MAX_DAYS Maximum number of days a password may #be used. #
PASS_MIN_DAYS Minimum number of days allowed #between password changes.
#
PASS_MIN_LEN Minimum acceptable password length.
#
PASS_WARN_AGE Number of days warning given before a #password expires.
# PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd # UID_MIN
500
UID_MAX
60000
# # Min/max values for automatic gid selection in groupadd
69
# GID_MIN
500
GID_MAX
60000
# # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # #USERDEL_CMD /usr/sbin/userdel_local # # If useradd should create home directories for users by default # On RH systems, we do. This option is overridden with the -m flag #on # useradd command line. # CREATE_HOME
yes
# The permission mask is initialized to this value. If not specified, # the permission mask will be initialized to 022. UMASK
077
# This enables userdel to remove user groups if no members exist. # USERGROUPS_ENAB yes # Use MD5 or DES to encrypt password? Red Hat use MD5 by #default.
70
MD5_CRYPT_ENAB yes So if a user is created with the command [root@localhost ~]# useradd user1 Then a directory user1 is created in /home, shell is /bin/bash, mailbox lies in /var/spool/mail directory and the contents of the /etc/skel directory is copied in the /home/user1 directory. /etc/skel contains the login and application startup scripts. The contents of the /etc/skel are viewed using ls -la command. [root@localhost skel]# ls -la total 80 drwxr-xr-x 4 root root 4096 2009-01-13 22:20 . drwxr-xr-x 138 root root 12288 2009-01-13 22:53 .. -rw-r--r-- 1 root root 33 2007-02-12 20:48 .bash_logout -rw-r--r-- 1 root root 176 2007-02-12 20:48 .bash_profile -rw-r--r-- 1 root root 124 2007-02-12 20:48 .bashrc -rw-r--r-- 1 root root 500 2007-05-23 19:45 .emacs drwxr-xr-x 3 root root 4096 2009-01-06 16:21 .kde drwxr-xr-x 2 root root 4096 2009-01-06 16:08 .xemacs -rw-r--r-- 1 root root 658 2007-03-06 01:54 .zshrc .bash_logout,.bash_profile,and .bashrc contains the user specific options and aliases which is used by the bash shell each time the bash shell starts up..kde contains the kde desktop application options. The .bashrc file can be used by user to customize user's shell environment. The sample .bashrc file is # .bashrc # Source global definitions
71
if [ -f /etc/bashrc ]; then . /etc/bashrc fi # User specific aliases and functions If the file /etc/bashrc exists then the file is executed./etc/bashrc contains the global options to the bash shell. The options in /etc/bashrc apply to all users using bash shell. The values in /etc/bashrc can be overridden using the .bashrc file. Much information needed to create user account is taken from the file /etc/profile. It sets the hostname, histsize of the shell, shell environment variables like PATH,USER,LOGNAME,and INPUTRC etc. The /etc/profile file also looks in the directory /etc/profile.d for the files which contain aliases and environment variables for use by the user. General format The default values used while creating a user account can be overridden by passing those values from shell. The format of useradd command is useradd -c “comment” -d home directory path -g group name -p password -s shell -u userid [root@localhost ~]# useradd -c "new user" -d /home/user2 -g user1 -s /bin/csh user2 When a user account is created an entry corresponding to the user name for example user1,user2 is created in /etc/passwd and /etc/shadow file. An entry is also added when a new group is created for example user1. Below is the content of /etc/passwd filesystem user1:x:502:502::/home/user1:/bin/bash user2:x:503:502:new user:/home/user2:/bin/csh /etc/shadow file contains the user name and the encrypted password of the user. The entry of /etc/group file is user1:x:502: Changing default values
72
The command useradd -D -b home directory name -s shell -g group can be used to change the default values used while creating new user account. Below command is used to change the shell to /bin/tcsh from /bin/bash [root@localhost ~]# useradd -D -s /bin/tcsh [root@localhost ~]# useradd -D GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= SHELL=/bin/tcsh SKEL=/etc/skel CREATE_MAIL_SPOOL=yes 5.3.Modifying user account
usermod command is used to modify the user information. The general format of usermod command is usermod -c “comment” -d home-directory-name -g group-name -l login-name -s shell -u user-id 5.4.Deleting user account
userdel command is used to delete the user account. userdel user-name this deletes the entry corresponding to the user name from /etc/passwd file and /etc/shadow. To delete the home directory along with the account following command is used userdel -r user-name
73 5.5.Group Administration
5.5.1.Adding New Group groupadd command is used to add new group. If no options are specified on the command line default values are used. The format of groupadd command is groupadd -g group-id groupadd-r option Second command is used to add administrative groups. Administrative group and users have ids below 500.The file /etc/gshadow is used to store the group's password. 5.5.2.Modifying group information groupmod command is used to modify existing group information. groupmod -g new-group-id -n new-group-name. 5.5.3.Deleting group groupdel command is used to delete group. It deleted the entry of group from the files like /etc/group and /etc/gshadow 5.6.Using User Manager
The user manager utility is used to perform all the tasks discussed above using the graphical interface. To invoke the user manager utility enter the below command in terminal [root@localhost ~]# system-config-users
74
It can be used to add ,modify and delete user and group information. To modify existing user information click on the user name and then use the properties button. The below panel is generated. The information can be edited on the below panel and changes can be saved.
75
To create a new user. click on the add user button. The below window is thrown and the information of new user can be entered.
76
5.6.1.Changing user password The password of user can be changed by entering the command passwd. passwd user-name if the user-name is not mentioned then it is assumed that user wants to change root user's password. The command prompts for root user's password and then for the new password. The password needs to be entered twice. 5.7.Space Usage
The du command is used to check the space used by the files and subfolders of a directory. The format of the command is du folder-name if the option -h is used the command displays the size of files and subfolders in K (kilobytes),M(megabytes),and G (gigabyte) form. The size of files contained in a subfolder is also displayed .
77
[root@localhost ~]# du -h /home/user1 8.0K /home/user1/.kde/Autostart 12K
/home/user1/.kde
8.0K /home/user1/.xemacs 44K
/home/user1
The df command is used to display the amount of space available on a filesystem. The format of the command is df filesystem If the filesystem option is not used on command line then df displays the amount of space available in all the mounted filesystems of the system. [root@localhost ~]# df Filesystem
1K-blocks
Used Available Use% Mounted on
/dev/sda11
9920592 2390424 7018100 26% /
/dev/sda12
4956284 141220 4559232 4% /opt
/dev/sda10
9920592 4643932 4764592 50% /usr
/dev/sda9
16479668 384520 15244508 3% /home
/dev/sda8 tmpfs
101086 383428
18499
77368 20% /boot
0 383428 0% /dev/shm
6.SYSTEM ADMINISTRATION 6.1.Overview
The root user is can perform all the tasks on the system. The root user is administrator account on Red Hat Linux. During installation the root account is must to create.
78 6.2.Getting Administration Rights
6.2.1.The su command The su command is used to change the user id and group id of the user issuing the command to that of user mentioned on the su command. The format of the su command is su – user-name If user2 has entered this command in terminal then he will have the privilege of user-name (he can perform all actions which user1 can perform using the terminal in which he entered the above command. Outside that terminal he won't have the privilege of user1). 6.2.2.Using the su Using the su command a user can also get privilege of root user but the user will be prompted for the root user's password. If he enters the password correctly then he gets the privilege of root user else he won't get the privilege. The user id and group id of the root user is 0. Te user and group ids below 500 are reserved for the administrative users. There are some administrative accounts which are automatically created by Linux but the user accounts cannot be used to log into the system as they are defined with the /sbin/nologin./sbin/nologin refuses login from the user. The user accounts are listed in the file /etc/passwd. Below is the sample /etc/passwd file root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
79
The users bin,daemon,adm,lp,and mail are defined with /sbin/nologin so those user accounts cannot be used to login into system. The root user must be created on a Linux machine and all other user accounts in above sample are automatically created. 6.2.3.Administrative commands 6.2.3.1./sbin and /usr/sbin directory The directory /sbin and /usr/sbin contain administrative commands. Only root user can use the commands .Other uses must have given privilege to use those commands. The privilege can be granted by the root user only. 6.2.4./etc/sudoers file The file /etc/sudoers file defines group of similar command under an alias name. For example ## Command Aliases ## These are groups of related commands... ## Networking Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool ## Installation and management of software Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum ## Services Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig ## Updating the locate database Cmnd_Alias LOCATE = /usr/sbin/updatedb ## Storage Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
80
At first command aliases are defined in the /etc/sudoers file. STORAGE is defined for the commands /sbin/fdisk,/sbin/sfdisk,/bin/mount,/bin/umount. In above case the command mount is in directory /bin. The explanation is any user can use mount command to view the filesystems currently mounted on the system but only root can use it to mount a filesystem. Since normal users can not use commands in /sbin directory that is why mount command is in /bin directory. Then in the file /etc/sudoers different groups are defined with different levels of privilege. ## Allow root to run any commands anywhere root ALL=(ALL)
ALL
## Allows members of the 'sys' group to run networking, software, ## service management apps and more. # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS ## Allows people in group wheel to run all commands # %wheel
ALL=(ALL)
ALL
## Same thing without a password # %wheel
ALL=(ALL)
NOPASSWD: ALL
## Allows members of the users group to mount and unmount the ## cdrom as root # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom ## Allows members of the users group to shutdown this system # %users localhost=/sbin/shutdown -h now
81
The file /etc/sudoers should be edited using the /sbin/visudo command. Suppose a user jack is to be given the privilege of group sys then uncomment the line #%sys using the /sbin/visudo command. Then open the file /etc/group and add the user jack on line corresponding to the group sys root:x:0:root bin:x:1:root,bin,daemon daemon:x:2:root,bin,daemon sys:x:3:root,bin,adm,jack adm:x:4:root,adm,daemon The entry jack is made in /etc/group file.. Now the user jack can use the command rpm to install any software prefixing the command rpm with sudo for example sudo rpm -i vlc 6.3.Changing owner and group
The chown command is used to change the owner or/and group of a file. The general format of the command is chown owner:group file-name case 1 if only owner is specified but group is not specified then the file owner is changed to owner and the file group is changed to that of login group of owner. Case 2 if owner and group both are specified then the file owner is changed to owner and file group is changed to group. Case 3 if owner is not specified but group is specified then the group of file is changed to that of group case 4 if owner and group both are not specified then nothing happens. The chgrp command is used to change the group of a file. The format of the command is
82
chgrp group-name file-name changes the group of file-name to group. The system administration can be divided into several parts z z z z z z
Managing user accounts (creating,deleting,modifying user and group accounts) (discussed before) managing services to be run in a runlevel (discussed before) Updating existing software and installing new software (discussed before) Monitoring system performance Automating tasks Managing and tuning kernel 6.4.Monitoring System performance
6.4.1.Using System Monitor The system information can be viewed using the System Monitor utility. To start the system monitor utility follow these steps on desktop go to system--> then go to administration-->then click on System Monitor.
83
On the processes tab the user can see the listing of all the processes of the system at that moment. The user can click on a process and then can end process by clicking on the End Process button. Using the Edit menu option the user can Start Process, View Process, End Process, Kill Process, and also change the priority of the process. Using the view menu option user can choose the option to see only processes started by him (his process) or all process or active processes on the system. Using the filesystems tab the filesystems currently mounted on the system are displayed. A user can also choose which information he/she wants to see for the processes using the Edit->preferences option of the menu . On the preferences window the user can choose the time interval after which the information is to be refreshed.
84
6.4.2.Using top The top utility is started by typing the top command in the terminal window. The top command gives various information about the system z z z z z z
number of users currently logged on load average of the system total number of processes, no of processes active, no of processes sleeping, no of zombie processes usage detail of swap memory usage detail of RAM memory the information about the processes of the system like PID (process identification number ),percent CPU usage,% memory usage, the command used for invoking the process. The priority of the process.
6.4.3.Other commands There are several commands available in Linux which can be used to view the system information. 6.4.3.1.Using w command The w command is used to view the users who are logged on the system and the processes run by them. It also shows the time for which the system is running and the load average of the system.
85
[root@localhost ~]# w 23:17:20 up 32 min, 2 users, load average: 0.10, 0.21, 0.19 USER TTY FROM
LOGIN@ IDLE JCPU PCPU WHAT
root
pts/0 :0.0
22:48 10:07 0.04s 0.00s find /home
root
pts/1 :0.0
23:08 1.00s 0.03s 0.00s w
6.4.3.2.Using uptime The uptime command is used to show the time for which system is running. Load average of the system and number of users logged on the system currently. [root@localhost ~]# uptime 23:17:44 up 32 min, 2 users, load average: 0.19, 0.22, 0.19 6.4.3.3.Using vmstat The vmstat command is used to displays the virtual memory statistics. [root@localhost ~]# vmstat procs --memory----- ---swap-r b swpd free buff cache
-io---- --system-- -----cpu-----si so bi
bo in cs us sy id wa st
0 0 0 218808 20736 258632 0 0 144 38 114 435 7 1 89 2 0 Under the proc heading it displays the no of processes waiting for run time (under r sub heading),no of processes in sleep(under sub heading b). Under the memory heading it displays amount of virtual memory used(swpd),free memory, buffer memory, cache memory, under swap heading amount of memory swapped in from disk(si) and amount of memory swapped out(so). Under the io heading blocks received from block devices(bi),blocks sent to block devices(bo). Under the CPU heading the CPU related information.
86
6.4.3.4.Using free It gives the amount of free and used memory space of the system. [root@localhost ~]# free total
used
free
766860
550340
216520
-/+ buffers/cache:
266068
500792
Mem:
Swap:
819272
0
shared 0
buffers
cached
22476
261796
819272
6.4.3.4.Using kill The kill command is used to end a process. The format of the kill command is kill -s signal-name pid z z z
if the pid is 0 then all process in current process are signaled. If the pid is 1 then processes with pid >1 re signaled if pid is > 1 then the process with that id is signaled. 6.5.Log information
The user can see the log information of the system using the System Log viewer .The system log viewer is launched from desktop using SYSTEM-->ADMINISTRATION-->SYSTEM LOG.
87
On the left hand side the list of log files is displayed. User can click on the name of files to view the log information. For example the file /var/log/boot.log contains the log information of boot time. Clicking on the cron entry on left displays the log information about the jobs scheduled using the cron utility on the right panel of the above utility. The log information about the cups can be seen by expanding the tree under the cups entry on the left panel of the utility.
7.KERNEL SERVICES AND CONFIGURATION 7.1.Overview
Linux kernel is heart of Linux operating system. The hardware drivers are installed to interface with the hardware. The hardware drivers are maintained as the modules of the kernel. The drivers can be inserted,deleted,and the information about the drivers can be viewed. 7.2.kernel Modules
All the modules configured into the kernel are located in the directory /lib/modules/*/. The * is replaced by the output of uname -r command. The content of the directory is [root@localhost 2.6.21-1.3194.fc7]# ls build modules.dep
modules.networking modules.symbols
88
extra modules.ieee1394map modules.ofmap
modules.usbmap
kernel modules.inputmap
source
modules.pcimap
modules.alias modules.isapnpmap modules.scsi updates modules.ccwmap modules.libata modules.seriomap weak-updates The kernel subdirectory of the above output contains the drivers currently part of the kernel. The file modules.networking contains the name of the drivers for the network devices. 7.2.1.Modules Loaded into Kernel To view the modules currently loaded into the kernel use the command lsmod. The file/proc/module contains the listing of modules currently loaded into the kernel. [root@localhost ~]# lsmod Module
Size Used by
i915
25793 3
drm
78037 4 i915
ipt_MASQUERADE iptable_nat nf_nat
7745 1
11461 1 22125 2 ipt_MASQUERADE,iptable_nat
The modinfo command can be used to view information about any of the loaded module into the kernel. For example to view information about the driver i915 of above case use the command [root@localhost ~]# modinfo i915 filename: license:
/lib/modules/2.6.21-1.3194.fc7/kernel/drivers/char/drm/i915.ko GPL and additional rights
description: Intel Graphics
89
author:
Tungsten Graphics, Inc.
srcversion:
9274BE575209BE18EC18D84
depends:
drm
7.2.2.Inserting module into kernel
Sometimes a user might need to install a hardware device if the hardware driver is not part of the kernel. The user has to insert the driver module into the kernel. The insmod command is used to insert a driver module into the kernel. The format of the insmod command is insmod file-name if the file-name is – then the module is taken from the standard input. 7.2.3.Removing module from kernel The rmmod command is used to remove a module from the kernel. The format of the command is rmmod module-name 7.2.4.Using modprobe command The modprobe command can be used to insert a module into kernel ,and remove a module from the kernel. The modprobe command inserts other modules which are dependent on the module being inserted using the command. Let module2 is module dependent on module1 then if the command modprobe module1 is executed then the modules module1 and module2 both are inserted as the module2 is dependent on module1. The module dependencies are listed into the modules.dep file located in the directory /lib/modules/uname -r/. If module2 is dependent on module1 then the file contents will be /lib/modules/*/kernel/crypto/module2.ko: /lib/modules/*/kernel/lib/zlib_deflate/module1.ko /lib/modules/*/kernel/lib/zlib_deflate/module1.ko
90
: In above example the modules module1 and module2 are listed using fully qualified path name. The dependent module is on left side and the independent module is on the right side of the semicolon. But if the command insmod is used then the module1 is only inserted. The command modprobe -r module-name is used to remove the modules from the kernel. The modprobe command looks in the directory /lib/modules/*/ and also for the configuration file /etc/modprobe.conf (if the file is present) and in the directory /etc/modprobe.d. The sample modprobe.conf file is alias eth0 via-rhine options snd-intel8x0 index=0 install binfmt-0000 /bin/true The option alias defines an alternate name eth0 for the via-rhine. The option options define the options which will be used when the module is inserted into the kernel. The install option is used to run the commands defined after the module name. In above case if the command modprobe binfmt-0000 is run then the command /bin/true is executed. 7.3.Process and Kernel Information
7.3.1.The ps command The ps command is all purpose command to get information about the processes running on the system. There are many options available for the ps command. The command ps aux is used to display all the processes currently running on the system. 7.3.2.Changing priority of process The renice command is used to change the priority of the running process. The format of the renice command is renice priority -p pid of process -u user-name -g group-id
91
If the renice command is issued on user then the process priority of all processes of the user changes and if issued for group then the process priority of all processes owned by the group is changed and if issued for process id then the process priority is changed. 7.3.3.Using dmesg It is used to examine and print the boot up message. The user can use the command to capture the messages. The format of the command is dmesg -c -n level The -c option clears the kernel ring buffer after printing -n option sets the level of messages which will be printed. If the value of level is 1 then the serious error messages are only printed. [root@localhost modprobe.d]# dmesg -c Linux version 2.6.21-1.3194.fc7 (
[email protected]) (gcc version 4.1.2 20070502 (Red Hat 4.1.2-12)) #1 SMP Wed May 23 22:35:01 EDT 2007 BIOS-provided physical RAM map: sanitize start sanitize end copy_e820_map() start: 0000000000000000 size: 000000000009fc00 end: 000000000009fc00 type: 1 ............ ......... ............ is the output of command. After the execution the kernel ring buffer gets clear now if the command dmesg is run again then there will be no output.
92
7.3.4.Syslogd The syslogd supports the system logging as well as kernel message trapping. The syslogd and klogd comprises the sysklogd package. syslogd supports the system logging. It uses the configuration file /etc/syslog.conf. The file defines the files where different system messages will be written. Below is the sample /etc/syslog.conf file # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.*
/dev/console
# Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none;cron.none # The authpriv file has restricted access. authpriv.*
/var/log/secure
# Log all the mail messages in one place. mail.*
-/var/log/maillog
# Log cron stuff cron.*
/var/log/cron
# Everybody gets emergency messages *.emerg
*
# Save news errors of level crit and higher in a special file. uucp,news.crit
/var/log/spooler
# Save boot messages also to boot.log local7.*
/var/log/boot.log
/var/log/messages
93
# # INN # news.=crit
/var/log/news/news.crit
news.=err
/var/log/news/news.err
news.notice
/var/log/news/news.notice
In the above file /var/log/secure file is defined to contain the authorization and security related messages. For example the PAM (Pluggable Authentication Module) related messages are logged in this file. The cron job messages are logged in the file /var/log/cron The file name can be changed by the root user if root wants to log the information into different file. The klogd captures the kernel messages. The process id(PID) of the klogd daemon is defined in the file /var/run/klogd.pid. The source for the kernel message is the /proc/kmsg file. If the file is not present then klogd uses a system call to obtain kernel messages. The klogd daemon always runs on a running system and traps any messages which kernel generates. 7.4.Automating Tasks --
A user can schedule to run a job at a specified time. The at,batch,and cron facilities are used to schedule a job at a specified time. 7.4.1.Using at The at command is used to schedule a job at a time and the atd daemon runs the job scheduled by the at command. The at command cannot be used by all the users. The root user can use the at command. There are two files which determine which users can use the at command. The file /etc/at.allow lists the name of the users who are allowed to use the at command. The /etc/at.deny command lists the name of the users who can't use the at command. The /etc/at.allow file is first checked for the user name who can use the at command if the file is not present then the file /etc/at.deny is checked to see the users who cannot use the at command. If
94
both the files are not present then only root user can run the at command. The sample format of the /etc/at.allow or /etc/at.deny is jack mark The user names should be one in a line and there should not be whitespace in the user name. The at -l command is used to list all the scheduled jobs(if root user runs this command then scheduled job of all users is displayed),if invoked by other users the scheduled job of only that user is displayed. The jobs which are listed have an on right are in at queue, the jobs which have = on right are jobs currently executing, and the jobs with b on right are in batch queue. [root@localhost ~]# atq 3
Fri Jan 16 22:44:00 2009 a root
2
Fri Jan 16 22:49:00 2009 a root
1
Fri Jan 16 22:39:00 2009 = root
4
Fri Jan 16 23:03:00 2009 a root
at -m sends mail to the user when the job completes even if the job has no output. The command at time-specification is used to schedule the job at that time. The three ways in which jobs can be scheduled are 7.4.1.1.using pipe A list of command can be scheduled using pipe for example [root@localhost ~]# ls -la | at now+5min job 1 at Fri Jan 16 22:39:00 2009 to schedule a number of commands write each command separated by semicolons. 7.4.1.2.Using at prompt
95
The at prompt is presented to the user if at time-specification is entered for example [root@localhost ~]# at now+20min at> ps at> du at> <EOT> press CTRL+D to come out of at prompt. In above example ps and du both are scheduled. 7.4.1.3.Using file The at -f filename time-specification command is used to give the command using the file filename. The contents of the file(commands in the file name is executed at time specification). atq – The atq command is used to list the scheduled job. Same as at -l atrm – command is used to delete a scheduled job. The format is
atrm jobid to delete the job 4 in below case use the command at -l gives listing of all scheduled jobs. [root@localhost ~]# at -l 4
Fri Jan 16 22:46:00 2009 a root
3
Fri Jan 16 22:44:00 2009 a root
2
Fri Jan 16 22:49:00 2009 a root
1
Fri Jan 16 22:39:00 2009 = root
use atrm to delete job 4.
96
[root@localhost ~]# atrm 4 the command atq gives listing of all scheduled jobs. [root@localhost ~]# atq 3
Fri Jan 16 22:44:00 2009 a root
2
Fri Jan 16 22:49:00 2009 a root
1
Fri Jan 16 22:39:00 2009 = root
The outputs of the commands are mailed to the owner of the job after successful completion of the job. 7.4.2.Using batch command The batch command is used to schedule a job. The job runs when the load average of the system is below .8.The batch scheduled job is run by the atd daemon. The batch command invokes the at command prompt [root@localhost ~]# batch at> df at> du at> <EOT> job 5 at Fri Jan 16 22:58:00 2009 The scheduled jobs which are submitted using the at command and batch command are spooled in the directory /var/spool/at. The files contain the information about the commands along with the environment under which the commands were scheduled. The sample file for the commands scheduled using the batch command is #!/bin/sh # atrun uid=0 gid=0 # mail root 0
97
umask 22 SSH_AGENT_PID=2866; export SSH_AGENT_PID HOSTNAME=localhost.localdomain; export HOSTNAME DESKTOP_STARTUP_ID=; export DESKTOP_STARTUP_ID SHELL=/bin/bash; export SHELL ............... ............ df du 7.4.3.Using cron The cron facility is also used to schedule the jobs. The crontab jobs are executed by the cron daemon. The root user can access cron facility. The users can be given access to cron using two files. The /etc/cron.allow file is used to list the users who can use the cron facility. The /etc/cron.allow file is first searched by the cron facility if the file does not exists then the /etc/cron.deny file is searched./etc/cron.deny lists the user names which are not allowed to access the cron facility. If both files don't exists then only root user can use cron facility. The crontab -e command is used to create a crontab file. A text editor can be used to create a file-name.cron file . [root@localhost at]# crontab -e no crontab for root - using an empty one crontab: installing new crontab The crontab file is created in the /var/spool/cron directory. The name of the file is same as the name of the user. The format of the file is 5 23 * * * ls -la /usr/local
98 z z z z z z z
The first field is minute (0-59) second field is hour (0-23) third field is day of month(0-31) fourth field is month (0-12).Jan,Feb,mar,Apr format is also used. fifth field is day of week(0-7).Sun,Mon,Tue format is also used.0 and 7 both are used for Sunday The field value * in the fields denotes all possible value. After the time fields the command field follows.
The command crontab -l is used to list all the crontab jobs. [root@localhost at]# crontab -l 5 23 * * * ls -la /usr/local
The crontab -r command is used to delete the crontab jobs. [root@localhost cron]# crontab -r [root@localhost cron]# crontab -l no crontab for root 7.4.3.1./etc/crontab The file /etc/crontab file is system crontab file. The cron daemon reads the /etc/crontab file. The sample /etc/crontab file is SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily
99
22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly The environment of the sub shell is set using this file. The SHELL parameter sets the shell to /bin/bash. The mail is done to root user (MAILTO parameter). The runparts define the time when the scripts in the directories /etc/cron.hourly, /etc/cron.daily,/etc/cron.weekly,and /etc/cron.monthly are executed by the cron daemon.
8.WEB SERVER 8.1.Overview
The web server accepts the Hyper Text Transfer Protocol(HTTP) requests and sends a response to the client. The apache web server is the most widely used web server. The apache web server source code is freely downloadable. 8.2.Starting Apache
The user should check whether the Apache web server is enabled in the runlevel or not. The chkconfig - -list option is used to check whether the Apache web server is enabled or not [root@localhost ~]# chkconfig --list httpd httpd
0:off 1:off 2:on 3:on 4:on 5:on 6:off
The httpd service (the daemon corresponding to the Apache web server) is enable in runlevel 2,3,4,and 5. If the service is not enabled then the command chkconfig httpd on is used. If the service is enabled in a runlevel use the command service httpd start to start the Apache Web Server. [root@localhost ~]# service httpd start Starting httpd:
[ OK ]
After starting the service check the working of Apache web server by typing the address http://localhost
100
in the address bar of the Mozilla Firefox (web browser).
The Apache web server configuration directory is /etc/httpd. The directory contains main configuration file, sub directories and symbolic links to other directories. [root@localhost httpd]# ls -l total 36 drwxr-xr-x 2 root root 4096 2009-01-17 10:01 conf drwxr-xr-x 2 root root 4096 2009-01-17 10:29 conf.d lrwxrwxrwx 1 root root 19 2009-01-06 16:15 logs -> ../../var/log/httpd drwxr-xr-x 3 root root 4096 2009-01-06 16:20 modsecurity.d lrwxrwxrwx 1 root root 27 2009-01-06 16:15 modules -> ../../usr/lib/httpd/modules lrwxrwxrwx 1 root root 13 2009-01-06 16:15 run -> ../../var/run The conf directory contains the main Apache configuration file httpd.conf. The conf.d contains the configuration files relating to the languages( like Python,Perl,and PHP),database(Mysql) and the authorization modules. The logs directory is symbolic link to /var/log/httpd directory which contains the httpd log information
101
the modsecurity directory contains files relating to the security, http policy, and protocols related. The modules directory is symbolic link to the /usr/lib/httpd/modules directory which contains the library files for the Apache web server. The run directory contains the symbolic link to /var/run directory which contains the httpd.pid file which contains the PID of httpd daemon. 8.3.Main Configuration file
/etc/httpd/conf/httpd.conf file is main configuration file for Apache web server. The file is divided into three parts. z z z
Configuration directives for Apache web server process as whole. Configuration parameters for the main server (not virtual hosts but these parameters also set default values for all virtual hosts) Settings for virtual hosts. 8.3.1.Global Environment Configuration
In the global environment configuration section the following attributes are set # Don't give away too much information about all the subcomponents # we are running. Comment out this line if you don't mind remote sites # finding out what major optional modules you are running ServerTokens OS This hides the additional subcomponent modules from the remote sites. The additional subcomponent configuration files reside in the /etc/httpd/conf.d directory. # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. ServerRoot "/etc/httpd" The server root names the main directory where all the server information is kept. # Timeout: The number of seconds before receives and sends time out.
102
# Timeout 120 The server will wait for 120 secs for a response and after that the connection will timeout. # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, in addition to the default Listen 80
In this case apache listens to port number 80.The port number can be changed to any port number by the user. # Dynamic Shared Object (DSO) Support # LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so The LoadModule loads the modules from the /usr/lib/httpd/modules directory (the directory /etc/httpd/modules is a symbolic link to above directory). # Load config files from the config directory "/etc/httpd/conf.d". # Include conf.d/*.conf Loads the additional component support component files from the /etc/httpd/conf.d directory. The directory contains the configuration files for PHP,Perl,Python,and Mysql etc. User apache Group apache
103
The httpd server runs under the user apache and group apache. The user account apache and the group account apache are automatically created (user don't create the accounts).The user can set this to his/her user-name and group-name. 8.3.2.Main server section # ServerAdmin: Your address, where problems with the server should be # e-mailed. ServerAdmin root@localhost In case of any information server wants to give then the information is send to the email address mentioned in the directive ServerAdmin. The email address can be edited if user wants so. # DocumentRoot: The directory out of which you will serve your # documents. By default, all requests are taken from this directory, but # symbolic links and aliases may be used to point to other locations. # DocumentRoot "/var/www/html" This is the directory where the user will place the contents or files he/she wants to get handled by the web server. For example if you create an index.html file and kept it in this directory and open the address http://localhost using any web browser then the contents of index.html file will be displayed. # AccessFileName: The name of the file to look for in each directory # for additional configuration directives. See also the AllowOverride # directive. # AccessFileName .htaccess #
104
# The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. #
Order allow,deny Deny from all The .htaccess file is used to control access to the directory. The contents of htaccess file should not be visible to the clients who are accessing the server (people who are using web browser to view contents or pages on the server). The line Deny from all sets the access level that no user can be able to see the file .htaccess (the address in the web browser address bar corresponding to the .htaccess file won't give anything). # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. # LogLevel warn The loglevel defines the messages which are to be logged. In above case the warning messages will be logged in the file. # Proxy Server directives. Uncomment the following lines to # enable the proxy server: #
ProxyRequests On
105
# Order deny,allow Deny from all Allow from .example.com The apache web server acts as proxy server if the above lines are uncommented. In the above example if the Proxy Requests directive is OFF then apache will act as a cache server. The permission level set for the proxy server in above case is the access is denied from all except .example.com. # # To enable a cache of proxied content, uncomment the following lines. # See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. # CacheEnable disk / CacheRoot "/var/cache/mod_proxy" # If the following lines are uncommented then the apache web server servers as a cache server. The root directory for the cached files is /var/cache/mod_proxy. 8.3.3.Virtual hosts section #
106
# Use name-based virtual hosting. # #NameVirtualHost *:80 # ServerAdmin [email protected] DocumentRoot /www/docs/dummy-host.example.com ServerName dummy-host.example.com ErrorLog logs/dummy-host.example.com-error_log CustomLog logs/dummy-host.example.com-access_log common The virtual host section is used to configure virtual hosting which supports more than one domain using a single web server system. In the following example the ServerName is set to dummy-host.example.com. So if a user requests a document in the domain ServerName then the documents or files from the directory /www/docs/dummy-host.example.com is fetched. Each and every apache directive can be used within the VirtualHost. 8.4.HTTP Server Configuration
The HTTP Server Configuration is used to configure the HTTP server. To invoke the utility enter the below command in terminal [root@localhost conf]# system-config-httpd
107
The main tab is used to configure the server name and web master email address to add the ip address click on the add button.
The new address and the port can be added on the panel displayed. The user can choose to listen to all address option . Use the virtual host tab to configure the virtual host.
108
The add button is used to add a new virtual host and the edit button is used to edit the properties of the virtual host highlighted on the left part of panel. the delete option can be used to delete the virtual host. If the user choose to edit the properties of a virtual host the below panel is displayed
109
The user can use the tabs on top of the panel to configure the options. The general properties like virtual host name ,document root directory, web master email address can be configured on the general tab. The server tab on the main panel is used to configure the server lock file location, core directory where all the configuration files of the server will be kept, and the location of the pid file. The user and group under which the apache server is running can also be edited.
110
The performance tab is used to configure the parameters which help in improve the performance of the apache web server. Parameters like connection timeout period ,maximum number of requests per connection are set here. These options are impact the performance of the apache web server.
111
9.SQUID SERVER 9.1.Overview
It is high performance proxy caching server for web clients with supporting HTTP,FTP,and Gopher data objects. Squid consists of a main server program squid, a Domain Name System lookup program dnsserver and some other modules for authentication and management tasks. 9.2.Configuring Squid
The directory /etc/squid contains the configuration files for squid server. The main configuration file for the squid server is /etc/squid/squid.conf. The squid configuration file is divided into sections 9.2.1.Network options Under the network options the user can define the socket addresses. http_port define the socket addresses where Squid will listen for HTTP client requests. The socket address can be defined in three forms: z z
port alone hostname with port
112 z
IP address with port
# Squid normally listens to port 3128 http_port 3128 9.2.2.Neighbor selection algorithm option Under this section the user define the mapping of rules for the requests and neighbor which will be called if a request obeys the rule. For example hierarchy_stoplist cgi-bin ? means that when the URL consists of certain string of characters then the original server handles the request. 9.2.3.Cache size options This section defines the options which control the cache size and swap memory used to handle the objects. For example #Default: cache_mem 8 MB This sets the cache size (RAM memory used to store the in transit objects that is objects that are in use),hot objects(objects that are used often),and negative cache objects(recent failed requests). 9.2.4.Log File and Cache directory section This section defines the directory which will be used as a cache directory. #Default: cache_dir ufs /var/spool/squid This section also defines the format of the squid log files. The cache dir /var/spool/squid contains the following files [root@localhost squid]# ls access.log cache.log squid.out store.log
113
The squid pid is stored in the file /var/run/squid.pid. 9.2.5.Access control section This section defines the access control. By default no outside client is allowed to access the contents. The acl tag is used to define access control. the form of acl tag is acl name type string or file below is the example of acl tags from /etc/squid/squid.conf file acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80
# http
acl Safe_ports port 21
# ftp
acl Safe_ports port 443
# https
acl Safe_ports port 70
# gopher
acl Safe_ports port 210
# wais
acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280
# http-mgmt
acl Safe_ports port 488
# gss-http
acl Safe_ports port 591
# filemaker
acl Safe_ports port 777
# multiling http
acl CONNECT method CONNECT
114
the first line gives name all to all the addresses. The manager can access the contents as defined by the second line. The localhost name is given to the loopback interface. The next lines define different ports with a name for example port 443 with name SSL_ports. http_access allow localhost http_access deny all the above lines define that the localhost can only access the http content all others are denied. This entry can be edited to add more number of clients who can access the content. 9.2.6.Administrative parameters The administrative parameter defines the user under which squid will run ,the user receiving mails in case cache dies etc. #Default: cache_mgr root Above line define that root user is mailed in case the cache dies. #Default: cache_effective_user squid
The above line define that the effective user of the squid is squid user. Squid is an administrative user account created automatically. 9.3.Cache Manager
The cache manager is a cgi utility for displaying information about the squid http proxy process as it runs. The configuration file for cache manager is /etc/squid/cachemgr.conf. The configuration file controls which servers will be managed by the cache manager. # This file controls which servers may be managed by # the cachemgr.cgi script #
115
# The file consists of one server per line on the format # hostname:port description # # Specifying :port is optional. If not specified then # the default proxy port is assumed. :* or :any matches # any port on the target server. # # hostname is matched using shell filename matching, allowing # * and other shell wildcards. localhost In the above example the localhost server is managed by the cache manager. The cache manager can be invoked by typing the address http://server-name/cgibin/cachemgr.cgi. 9.4.Squid Daemon
The squid daemon receives the configuration information from the squid daemon configuration file /etc/sysconfig/squid. The sample format of the file is # default squid options # -D disables initial dns checks. If you most likely will not to have an # internet connection when you start squid, uncomment this SQUID_OPTS="-D" # Time to wait for Squid to shut down when asked. Should not be necessary # most of the time. SQUID_SHUTDOWN_TIMEOUT=100
116
After making changes in the configuration file restart the squid daemon if the squid daemon is already running using the command [root@localhost squid]# /etc/init.d/squid restart Stopping squid: . Starting squid: .
[ OK ] [ OK ]
if the squid daemon is not running then use /etc/init.d/squid start command. Alternatively the command [root@localhost squid]# squid -k reconfigure causes the squid to read the configuration file again.
10.NFS SERVER 10.1.Overview
In organizations it is common that the files are kept at one server. The files are accessible by some computers on the intranet of the organization. The access to files is defined by rules set at the server machine. NFS is example of a file server. 10.2.Starting NFS service
To start the NFS service enter the below command in the terminal [root@localhost ~]# service nfs start Starting NFS services:
[ OK ]
Starting NFS quotas:
[ OK ]
Starting NFS daemon:
[ OK ]
Starting NFS mountd:
[ OK ]
117 10.3.Sharing Folders
The file /etc/exports contain the name of the folders which are to be shared. One directory entry is done on one line. The format of the /etc/exports file entry is directory-name host-name(options) #comments directory name is the name of the directory which is shared with other computers on network. The host names are the computers which have right to access the files. The options define security levels that is who can access and which users can access the directory. 10.3.1.Format of hostname Multiple hostnames or lp address can be entered separated by blank. The combination of lp address and hostname can also be used. The format of the entry is hostname1 hostname2 hostname1 hostname2 165.123.12.87 All the hosts from a particular network can also be entered using the ip address/net mask format. 192.168.1.1/255.255.255.0 The wildcard characters *,? can also be used. ? matches any one character and * matches any number of character. So for example if all the computers in the domain example.com should be allowed access to directory files then enter the entry files *.example.com but if the access should be restricted to computers with first name of 5 characters use files ?????.example.com The access can also be defined in terms of the NIS group. The NIS group can be preceded by the @ of sign before the NIS group name. For example to give access to mynis group add entry
118
@mynis 10.3.2.Options format The valid options used in the /etc/exports file are secure – the client computer should connect using the port below 1024.if the insecure option is specified then any port can be used. rw – the clients can read the files on NFS volume and also write on the directory . The other option is ro which allows read operation only. async – It responds to the request before the changes made by the request are made permanent (that is changes are written to disk).So this option improves performance but increases chance of inconsistencies . The sync option means server will respond to the request after the changes made by the request are made permanent (that is changes are written to disk) so there is no chance of inconsistency. root_squash – this option maps the root user of client (uid 0 gid 0) to anonymous uid and gid. The default value of anonymous uid and gid is 65534.The anonymous uid and gid value can be changed by using options anonuid and anongid. no_root_squash – the root user of client is treated as the root user of the server as well ( the uid/gid of root is not mapped to the anonymous uid and gid). all_squash – map uid and gid of all users to anonymous uid and gid. Other option is no_all_squash which causes no mapping to be done. Below is the sample /etc/exports file /home/vishnu *(sync,ro,secure,all_squash) /home/user1 ?????.example.com(async,rw,insecure,root_squash) In the first entry the directory /home/vishnu is made accessible by each computer (indicated by *) and options sync,ro,secure and all_squash is used. The second entry makes the directory /home/user1 accessible to computers with five letter name in domain example.com with options async,rw,insecure,and root_squash.
119
The directories mentioned in the /etc/exports file can be exported that is made available to the network using the exportfs command or rebooting the system or restarting the NFS service. [root@localhost ~]# exportfs -a -v exporting ?????.example.com:/home/user1 exporting *:/home/vishnu The exportfs -a -v command is used to export all directories listed in the /etc/export file and print verbose output. z z z z
-a option is used to export all directories -u option is used to unexport one or more directories. -r reexport the directories -v verbose mode produces output
or use the below command [root@localhost nfs]# service nfs restart Shutting down NFS mountd:
[ OK ]
Shutting down NFS daemon:
[ OK ]
Shutting down NFS quotas:
[ OK ]
Shutting down NFS services:
[ OK ]
Starting NFS services:
[ OK ]
Starting NFS quotas:
[ OK ]
Starting NFS daemon:
[ OK ]
Starting NFS mountd:
[ OK ]
10.4.Accessing the NFS directory
The NFS directory needs to be mounted before it can be accessed. To mount the NFS directory the mount command can be used. For example to access the /home/vishnu directory enter the below command in the terminal
120
[root@localhost nfs]# mount localhost:/home/vishnu /mnt/win This mounts the /home/vishnu directory on /mnt/win directory of the same system. The autofs facility can also be used to mount the NFS shared directories on demand. To mount the NFS directories using the autofs use the following step add the below line in the /etc/auto.master /net /etc/auto.net Then restart the autofs service. For example to access the directory /home/vishnu the below command is used cd /net/localhost 10.5.NFS Server Configuration
The NFS server configuration utility can be used to create the /etc/exports file using the graphical interface. It is invoked using the below command [root@localhost nfs]# system-config-nfs
It lists the two directories which are exported. To add a new directory for export click on the add button. User can also edit the properties of the directories already exported by selecting the
121
directory in the directory listing and click on the properties button. The below panel is displayed which can be used to edit the options which are used to share the directory /home/vishnu.
The above panel is also displayed if the user wants to share a new directory (by clicking on the add button) but that time the panel will not contain any previous value.
The server settings can also be edited by clicking on the server settings button
The user can enter the port numbers in the text boxes of the panel to force NFS daemon for using these ports.
122 10.6.Using nfsstat
The nfsstat command is used to display statistics about the NFS server and client activity. It uses following files to present the output in user readable format z z z z z z z
/proc/net/rpc/nfsd -- procfs-based interface to kernel NFS server statistics. /proc/net/rpc/nfs -- procfs-based interface to kernel NFS client statistics. /proc/mounts -- procfs-based interface to the mounted filesystems. use nfsstat -s to display server side information use nfsstat -c for client side information use nfsstat -n for NFS statistics use nfsstat -r for rpc statistics
The var/lib/nfs directory is used to keep information about the exported directory. The files xtab,etab,and rmtab files contain the information about the exported files. The sample etab file is /home/user1 ?????.example.com(rw,async,wdelay,hide,nocrossmnt,insecure,root_squash,no_all_squash,no _subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534) /home/vishnu *(ro,sync,wdelay,hide,nocrossmnt,insecure,root_squash,all_squash,no_subtree_check,secure_ locks,acl,mapping=identity,anonuid=65534,anongid=65534)
11.SAMBA SERVER 11.1.Overview
samba is used if the network connected with the system comprising of the computers running the windows operating system. Windows operating system uses the SMB(Session Message Block) protocol for sharing files and printers. 11.2.Samba Server Configuration
The samba server configuration utility is used to configure the samba server on the system. To invoke the samba server configuration utility enter the below command in the terminal [root@localhost nfs]# system-config-samba
123
The panel can be used to configure the server settings, samba users ,and new samba share. To edit the server setting click on the preferences menu and then to the server settings drop down choice. The below panel is displayed. On the basic tab enter the work group name and the description of the work group. On the security tab the enter the following information the authentication mode, the authentication server,kerberos realm, encrypt password and guest account. Set the value of the option to below values
124
On the preferences menu list the samba user tab invokes the Samba Users panel which helps to add new samba users. Click on the new user button to display the below panel
On the above panel enter the UNIX user name and windows user name (the UNIX user name and the windows user name are usually same). The passwords for the users are also entered on this panel. After entering the user-name and password click on the add share button to display the below panel
125
On the basic tab of create samba share the directory which is to be shared is entered. The share name for the directory is entered which can be any valid name and a description is added (you may write here anything).The writable option and visible option lets the user choose whether the clients can write to the directory (writable option) and whether it is visible(visible).If writable in not checked then the client can't write on the share. If the visible is not checked then the share won't be visible. On the access tab user can define who can access the share. The share can be made accessible to samba users (by checking the check box) or can be allowed to everyone by clicking on the option
box allow access to everyone.
Enter the values and click on OK. The below panel displays the samba share created using the above procedure and values displayed in the example panels
126
11.3.Samba configuration file
The /etc/samba directory contains the configuration files for the samba server. The /etc/samba/smb.conf is the main configuration file of the samba server. The /etc/samba/smbusers file contains the list of the samba users. To add the above /home/user1 directory to the share the below content is to be added in the /etc/samba/smb.conf configuration file [user1] comment = user1 home directory path = /home/user1 writeable = yes ;
browseable = yes valid users = vishnu
In above entry the user1 is the name of the share comment is the description added and writable option means the client have write access to the share and the users who can access the share are listed using the valid user’s entry. The path of the shared directory is mentioned in the path entry.
127
The /etc/samba/smbusers file contains the list of samba users. To add a new samba user vishnu as in above case enter below line in the /etc/samba/smbusers file vishnu = vishnu The left hand side denotes the UNIX user name and the right hand side denotes the windows user name. 11.4.Starting Samba service
Use the below command to start the samba service. service smb start 11.4.1.Checking the service To check whether the samba service is running on the system and the share created on the system is being shared as the user wanted it to be use the below command [root@localhost samba]# smbclient -L localhost Password: Anonymous login successful Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.25-2.fc7] Sharename
Type
Comment
---------
----
-------
user1
Disk
user1 home directory
IPC$
IPC
IPC Service (demo sama server)
Anonymous login successful Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.25-2.fc7] Server
Comment
---------
-------
128
LOCALHOST
demo sama server
Workgroup ---------
Master -------
MYGROUP when asked for password press the ENTER or RETURN key of the keyboard to login as anonymous user. The command displays all the shared directories on the system and also the workgroup created on the system. The command can be used to check the working of the samba server and the samba share.
12.FTP SERVER 12.1.Overview
File Transfer Protocol is standard method of sharing files over the Internet. The users can connect to the FTP server and upload, download files from the FTP server. The vsftp is name given to Very Secured File Transfer Protocol. 12.2.Starting vsftd
Enter the below command to start the vsftpd service if it is not running [root@localhost ~]# service vsftpd start Starting vsftpd for vsftpd:
[ OK ]
12.3.Configuring vsftpd
The directory /etc/vsftpd contains the configuration and other options file for the vsftpd. The main configuration file for the vsftpd is /etc/vsftpd/vsftpd.conf. The sample vsftpd.conf file is # Allow anonymous FTP? (Beware - allowed by default if you #comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in.
129
local_enable=YES # the parameter anonymous_enable is when set to YES then the anonymous user login is allowed by the ftp server. if set to NO then anonymous user login is not allowed. local_enable parameter is when set to YES then local users can login to ftp server if set to NO then local users can not login to ftp server. # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 #(ftp-data). connect_from_port_20=YES # xferlog_enable directive is set to YES logs information about the upload and download events. connect_from_port_20 if set to yes then port 20 is used for transfer of data by ftp. pam_service_name=vsftpd userlist_enable=YES the pam_service_name denotes the name of the service for the Pluggable Authentication Module. userlist_enable is set to YES then vsftp don't allow users listed in the file /etc/vsftpd/user_list to login through ftp. The /etc/vsftpd/user_list contain list of users which are allowed access if userlist_enable=NO. All the administrative users are listed in the file /etc/vsftpd/user_list root bin
130
daemon adm lp sync shutdown halt mail news uucp operator games nobody The vsftpd pam also looks for the user names in the file /etc/vsftpd/ftpusers. The file lists the user names who are not allowed to login through ftp. The user names in the file /etc/vsftpd/ftpusers are administrative users (they are same set of users as the /etc/vsftpd/user_list file). The file /var/log/vsftpd.log and /var/log/xferlog files contain the logging info about the ftp server. 12.4.ftp command prompt
To start the ftp command prompt enter the below command [root@localhost log]# ftp ftp> ftp supports lot of commands like
131
open hostname or ip address – connect to the computer identified by hostname or ip address close – close a connections pwd – shows name of current working directory on remote computer. ls -- lists the content of a directory on remote computer. cd – used to change directory on remote computer. lcd – to change to a directory on local system mkdir – to create a directory on remote system rename – rename a file or directory on remote computer get – copy a file from current directory of remote system to current directory of local system mget – same as get but multiple files at once put – copy a file from current directory on local system to current directory on remote system mput – same as put but multiple files at once. bye – closes current connection and exits ftp. 12.5.Very Secure FTP daemon Configuration
The Very Secure FTP daemon Configuration utility is used to configure the vsftpd daemon. To invoke the utility enter the below command in the terminal [root@localhost ~]# system-config-vsftpd
132
On the general tab user can specify options like enable upload and download of files ,whether to run in standalone mode or not(in standalone mode vsftpd listens to the port it don't run under inetd or xinetd). Under server control tab user can start or stop the server view the log files. On the access control tab the user can define whether the local users should be able to login into the ftp server and the file which is to be used to ban users from accessing the ftp server for example the /etc/vsftpd/user_list file contain the list of the administrative user who should not be allowed to access the ftp server. on Users tab the way system users and the anonymous users will access the ftp server is defined. The anonymous user behavior and the system users behavior is set differently so as to provide better grain of control On the directory option the file access options are set. File names which match a user defined criteria can be made inaccessible and invisible to the clients. The users can view the directory list if or not can also be controlled. On logging tab the user can provide the files which will be used for logging the standard logging file is /var/log/vsftpd.log. The information which will be logged can also be defined. On network tab the user can define the network options. The active connection options and the passive connection options as well. It also defines the port on which the ftp server listens.
133
Maximum number of clients connecting through a single source .
13.LDAP SERVER 13.1.overview
LDAP stands for Lightweight Directory Access Protocol. It is used to create directories of information that can be shared among client applications over a network. 13.2.Configuration
The main directory of the ldap is /etc/openldap. The directory contains the configuration files and schema files for the ldap. The contents of the directory are [root@localhost openldap]# ls -l total 24 drwxr-xr-x 2 root root 4096 2007-02-20 02:25 cacerts -rw-r--r-- 1 root root 246 2007-02-20 02:25 ldap.conf drwxr-xr-x 2 root root 4096 2009-01-06 16:17 schema The file ldap.conf is the main configuration file for the ldap. The sample ldap.conf file is # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASE dc=example, dc=com URI ldap://ldap.example.com ldap://ldap-master.example.com:666 SIZELIMIT TIMELIMIT
12 15
134
DEREF
never
The BASE directive is used to set the set the distinguished name in the ldap format using the dc=value format. URI specifies the uri of the ldap server to which the ldap library will attach. The server name can be specified or the ip address of the server can be specified. The port can also be specified on the URI directive. SIZELIMIT specifies the limit of results which will be returned when the ldap server is searched. If the value is set to 12 then 12 results will be returned as the output of a search. TIMELIMIT specifies the time limit which the ldap will take to answer the search request. The time limit of 15 in above example means that the ldap will take 15 seconds to answer a search request. DEREF options specifies the way an alias is dereferenced. The value of deref directive is never the alias is never dereferenced. This is the default. The other values of the DEREF options is always,searching,and finding. The schema directory contains the schema files. The various schema files are z z z z
cosine.schema inetorgperson.schema nis.schema samba.schema
The default schema can be used by the user or edited by the user to create the directory information of his/her own. The structure used to create directories is the LDAP Data Interchange Format(LDIF). To create the ldap directories user have to include the ldap schema he/she is using in the configuration file /etc/openldap/ldap.conf using the include directive. For example to include the samba.schema use include /etc/openldap/schema/samba.schema. After editing the configuration file user can start creating the directories using any of the ldap schemas. The command slapd -t is used to check the /etc/openldap/ldap.conf file for the syntax change. Create a directory entry with the extension .ldif and save the file.
135
To add the contents of the ldif file created to the ldap directory the command ldapadd is used. z z z z
ldapadd -a command adds a new entry to the ldap directory. ldapmodify command is used to modify the entries of the ldap server. ldapdelte command is used to delete an entry from the ldap server. ldapsearch is used to search the ldap directory using the search parameters. The number of entries which should be returned using the ldapsearch command is defined in the configuration file /etc/openldap/ldap.conf. The SIZELEIMIT option is used to define the number of rows returned. The time of search or the time within which the ldap server should respond is defined in the TIMELIMIT option.
13.3.Starting the ldap
Use the below command to start the ldap service service ldap start
14.NIS SERVER 14.1.Overview
Network Information Service (NIS) was created by Sun Microsystems. It is used to create an central information database which is kept at a server system and other computers on the network access the information. The computers which access the database information (maps) of the server are referred as NIS domain. 14.2.Setting NIS domain name
The command domainname ,or nisdomainname,and ypdomainname are used to set the NIS domain name of the system. The formats of the commands are domainname domain-name-of-system nisdomainname domain-name-of-system ypdomainname domain-name-of-system the below command sets the NIS domain name of the system to localdomain [root@localhost ~]# domainname localdomain The commands if used without any options give the nis domain name of the system
136
[root@localhost ~]# domainname localdomain [root@localhost ~]# nisdomainname localdomain [root@localhost ~]# ypdomainname localdomain The NIS domain name of the system is lost when the computer is rebooted. 14.3.Configuring NIS
The main configuration file of the NIS server is /etc/yp.conf. The sample /etc/yp.conf file is # /etc/yp.conf - ypbind configuration file # Valid entries are # domain LOCALDOMAIN server LOCALHOST #
Use server HOSTNAME for the domain NISDOMAIN.
# # domain NISDOMAIN broadcast #
Use broadcast on the local net for domain NISDOMAIN
# # domain NISDOMAIN slp #
Query local SLP server for ypserver supporting NISDOMAIN
# # ypserver HOSTNAME
137
#
Use server HOSTNAME for the local domain. The
#
IP-address of server must be listed in /etc/hosts.
# # broadcast #
If no server for the default domain is specified or
#
none of them is reachable, try a broadcast call to
#
find a server.
The entry domain LOCALDOMAIN server LOCALHOST defines the NIS domain name and the NIS server name of the system. The configuration file is read by the ypbind daemon. 14.4.Starting NIS server
14.4.1.Staring NIS server To start the NIS server daemon enter the below command in terminal service ypserv start 14.4.2.Starting ypbind service The ypbind service handles requests for information from the NIS server. To start the ypbind service enter the below command service ypbind start 14.5.Mapping Information
The /etc/nsswitch.conf is used to include the NIS in the search path of the files by a client system. The sample /etc/nsswitch file is # Legal entries are: #
138
#
nisplus or nis+
Use NIS+ (NIS version 3)
#
nis or yp
#
dns
Use DNS (Domain Name Service)
#
files
Use the local files
#
db
Use the local database (.db) files
#
compat
Use NIS on compat mode
#
hesiod
Use Hesiod for user lookups
#
[NOTFOUND=return]
Use NIS (NIS version 2), also called YP
Stop searching if not found so far
the above list defines the valid entries which can be added in the /etc/nsswitch.conf file. passwd:
files nisplus nis
shadow: files nisplus nis group:
files nisplus nis
In the above example the client computers will search the files passwd,shadow,and group on them and if the files are not found on the system then after that they will search for the files on nisplus domain. Next the Makefile in the directory /var/yp is edited to include the files which files are being shared by the NIS server. The file names which should not be shard in commented out. The clients’ computers who are allowed access the NIS server information is added in the file /var/yp/securenets file. The format of the entry in the /var/yp/securenets file is netmask network example 255.255.255.0 10.0.0.16 so all the computers on the network 10.0.0.16 can access the NIS sever information.
139
The finer grain of control can be implemented using the file /etc/ypserv.conf. This file can be used to set rules that define which host computers can access which files. The format of the file is ip address of network:file-name for which access is defined:security:mangle{:field} the field is optional. The security can have values as none(to allow access),port(to allow access from port below 1024),deny(denying access) the mangle field is having the value yes or no. 14.5.1.NIS database The NIS database of the files configured to have shared by the NIS server is created by using the ypinit command.
15.DHCP SERVER 15.1.Overview
DHCP stands for the Dynamic Host Configuration Protocol. DHCP server is used to assign the ip address,netmask,DNS server and other information to the computers in its network. The client computers will have to select that they want to use the DHCP server for the information like ip address,netmask,and DNS server. The server then provides the requested information to the clients 15.2.Starting the DHCP server
To check the status of the dhcp server run the above command in the terminal chkconfig –list dhcpd if the service is not running then enable the service by issuing the command chkconfig dhcpd on after enabling the user can run the dhcpd service using the command service dhcpd start
140 15.3.Configuration file
The configuration file for the DHCP server is /etc/dhcpd.conf. The configuration file is used to list the range of ip address out of which the server will assign a ip address to a computer on its network. It can also contain option to assign a particular address to a definite Ethernet address on the network. 15.4.Working of DHCP server
The file /var/lib/dhcp/dhcpd.leases contains information if a client has been assigned address by a dhcp server. For every client which has been assigned address one set of lease line is written in the file /var/lib/dhcp/dhcpd.leases. On the client computer if a user enters the command ifconfig -a then corresponding to the Ethernet interface which was assigned ip address using the dhcp server the user will be the ip address mentioned in the file /etc/dhcpd.conf 15.5.DHCP client
The DHCP client can be configured using the utility Network Configuration. To invoke the Network Configuration window enter the below command in the terminal window [root@localhost ~]# neat or [root@localhost ~]# system-config-network
141
To configure a device to obtain the ipaddress,dns server information and other information needed for connecting to the internet from the dhcp server follow this steps. Choose the device listing. In the above example the device eth0 is chosen (Ethernet interface eth0). click on the edit button. This will throw a Ethernet device panel to the user. On the below Ethernet device panel choose the general tab
142
Then to set up a dhcp client click on the option box Automatically obtain ip address settings with and in the drop down menu items choose dhcp. User can also choose to obtain the DNS server information using dhcp by clicking on the check box Automatically obtain DNS information from provider. After making the changes the user should restart the network using the below command service network start The dhclient is used to get the information from the dhcp server. The dhcp client (invoked by the command dhclient at boot time if the client is configured to obtain the ip address from the dhcp server at boot time else invoked when the activate button of the network configuration utility is clicked after selecting the Ethernet interface) gets the ip address information from the dhcp server it first checks the configuration file /etc/dhclient.conf for configuration parameters). The process id (PID) of the dhcp client (invoked by the command dhclient) is stored in the file /var/run/dhclient.pid.
143
16.DNS SERVER 16.1.Overview
The DNS stands for Domain Name System. It is used to translate the host names into ip address and also ip address into the host names. It also contains information about each domain and organization of domain into zones. 16.2.Starting Named daemon
The status of the named daemon can be checked by the command chkconfig - -list named if the service is not running then enable the service using the command chkconfig named on to start the service named use the command /etc/init.d/named start or service named start 16.3.BIND Configuration GUI
The BIND Configuration GUI is used to configure the DNS server on a Red Hat Box. In Red Hat the DNS service is implemented using the Berkeley Internet Name Domain (BIND). To invoke the BIND Configuration GUI enter the below command in the terminal [root@localhost ~]# system-config-bind
144
The properties button is clicked after selecting the object in the listing panel. In the current case the DNS server is selected. To add a new DNS server click on the New button to add a new server. After clicking on the new tab a drop down list is displayed on which the user can choose the object which he/she wants to set the value. The objects which are displayed in the drop down list are z z z z z z z z
Zone View Access Control List Security key Server Controls Logging DNSSEC Trusted keys
The user can enter the value of the parameter by clicking on the object. This displays a panel on which user can enter the value. The properties of an existing DNS server can be edit by selecting the server in the drop down list and then clicking the object on the drop down list. The values can be edited on the displayed panel. After editing the values the changes can be saved using the save button of the main panel.
145
To delete a listing use the delete button on the panel and selecting the object in the drop down list. 16.4.Important files
The named daemon configuration file is /etc/named.conf. The statements in this file are enclosed in braces and are terminated by semicolon. The lines marked by /* */,// ,and # are marked as comment lines. The important action defined elements are acl – access control list used as acl “description “ { ip address };
server – to describe the server logging – logging facility definitions options – various options like
the central directory
view – the value can be inside and outside for a DNS server the from the private network(inside) or from
request may come
the outside.
Zone – to describe the zone information After editing the /etc/named.conf file the syntax of the file can be checked using the command named-checkconf by default it checks the file /etc/named.conf for syntax. named-checkzone is used to check the syntax of the zone files which should be created by the user in the /var/named directory after creating the file /etc/named.conf file. The pid of the named daemon is stored in the file /var/run/named.pid. The directory /var/named directory is the zone file directory of the named service. The dump file of the named daemon is /var/named/data/cache_dumb.db. The statistics file of the named daemon is /var/named/data/named_stats.txt The path and the description of the files can also be viewed using the utility BIND Configuration GUI. ON the BIND Configuration GUI the DNS server is selected on the list and clicking on the
146
properties button displays the location on which the important files are kept and also the description of the files.
Command whois
Description Searches for the availability of the domain name. Format is whois domain-name.
host
It is used to get the ip address corresponding to the hostname and vice versa. Format is
dig
It is used to query the DNS server and display information returned by the DNS server. It is often used to troubleshoot the DNS server.
17.MAIL SERVICES 17.1.Overview
There are three parts of message transfer MTA – Mail Transfer Agent MDA – Mail Delivery Agent MUA – Mail User Agent
z z z
MTA's are also referred as the mail server. The sendmail and postfix are examples of the mail server. 17.2.Sendmail
To start the sendmail server type the below command in the terminal window [root@localhost ~]# service sendmail start
147
17.2.1./etc/mail The /etc/mail is the core directory of the sendmail. The files which are contained in the directory are /etc/mail are divided into following category 17.2.1.1.configuration file The main configuration file for the sendmail is /etc/mail/sendmail.cf. Many options which sendmail uses are also defined in the file /etc/mail/sendmail.mc. The file /etc/mail/sendmail.mc contains the sendmail default values like the location of the other configuration files to be used by the sendmail, location of the log files and database files. 17.2.1.2.Domain name mapping file The file /etc/mail/domaintable contain the domain name mapping that is mapping the old domain name of the network to the new one. 17.2.1.3.Access file The /etc/mail/access file defines the hosts and users from which the mail server sendmail will accept mail for delivery or relay. 17.2.1.4.Virtual server files The file /etc/mail/local-host-name define the domain names for which the sendmail server of the system will act as a mail server. 17.2.1.5.Virtual users file The file /etc/mail/virtusertable defines the actions which sendmail should take after receiving mail from the trusted users and hosts. Apart from this files the directory /etc/mail also contains the .db files which are database files corresponding to the files described above for example access.db. 17.2.2.Generating the .db files To generate the .db files use the following approaches /etc/init.d/sendmail reload or
148
/etc/init.d/sendmail restart in above case the database files are automatically created as the sendmail is restarted or the configuration files are reloaded when the reload option is used. But this case doesn’t work if user doesn’t want to stop or reload the sendmail server. Then the second approach is used Use the below command sequence to create .db files for all the configuration file cd /etc/mail make all if the user wants to make the individual configuration files into the .db files then use the following commands cd /etc/mail make access.db replace the filename access.db with the .db file you want to create for example make virtusertable.db makes the file virtusertable.db. 17.2.3.Checking Sendmail Server The sendmail server responds to requests on the port 25. To check whether the server is working or not type the command [root@localhost mail]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 localhost.localdomain ESMTP Sendmail 8.14.1/8.14.1; Sun, 18 Jan 2009 17:55:26 +0530 ^] user can enter help command to see the sendmail commands he/she can use.
149
help 214-2.0.0 This is sendmail 214-2.0.0 Topics: 214-2.0.0
HELO EHLO MAIL RCPT DATA
214-2.0.0
RSET NOOP QUIT HELP VRFY
214-2.0.0
EXPN VERB ETRN DSN
214-2.0.0
STARTTLS
AUTH
214-2.0.0 For more info use "HELP ". 17.2.4.Important Files 17.2.4.1./var/spool/mail The directory contains files corresponding to the user names that are using sendmail. These files contain the incoming messages received and processed by the sendmail. 17.2.4.2./var/spool/mail/statistics This file contains the collected statistics about the sendmail. 17.2.4.3./var/spool/mqueue This directory keeps the outgoing messages temporarily .the outgoing messages are kept until they are send. 17.2.4.4.Log files The sendmail log information is maintained in three files /var/log/maillog,/var/log/maillog.1,and /var/log/maillog.2. The log files contain different level of information. The file /var/log/maillog.2 contains the detailed log information. An entry is made for each mail been send by the server or received by the server. 17.2.5.Actions taken by server on a mail There are four actions which the server can take
150
RELAY – the server sends the message to the mail server request in the mail. REJECT – the message is rejected and sender is informed that the message is rejected. DISCARD – the message is rejected and sender is not informed that the message is rejected. ERROR:user defined text message – inform the user why the server did not relay the message. This options are used to configure the actions of a sendmail server. The options are used in the /etc/mail/access file. For example # by default we allow relaying from localhost... Connect:localhost.localdomain
RELAY
Connect:localhost
RELAY
Connect:127.0.0.1
RELAY
17.3.Postfix
It is a mail transfer agent that is mail server. The directory /etc/postfix contain the main configuration files and access related files used by the postfix server. 17.3.1.Starting postfix server The postfix server is not added in any run level by default (sendmail is generally there). So to add the postfix server use the command [root@localhost postfix]# chkconfig --list postfix service postfix supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add postfix') [root@localhost postfix]# chkconfig --add postfix the first command shows that postfix is not in any runlevel. The second command adds the postfix server to run level which the user is currently logged on. To enable the postfix server enter the command [root@localhost postfix]# chkconfig postfix on
151
to start the postfix server use the below command [root@localhost postfix]# service postfix start Starting postfix:
[ OK ]
17.3.2.Configuration file The /etc/postfix/main.cf is the main configuration file for the postfix server. There is also a file /etc/postfix/main.cf.default which is exact copy of the main.cf file and is used for reference in case user has made any wrong changes in the file main.cf. It defines the hostnames and domain names ,postfix queues and locations to be used for logging, mailbox. 17.3.2.1.Daemon Configuration file The file /etc/postfix/master.cf is the main configuration file for the postfix daemon process. 17.3.2.2.Permissions file The file /etc/postfix/postfix-files contain the directory and file permissions set by the postfix server. 17.3.2.3.Script file The file /etc/postfix/postfix-scripts file is a shell script which executes the postfix administrative commands. 17.3.2.4.Post install file The file /etc/postfix/post-install is a shell script which performs the post installation configuration of the postfix server. Access file – the file /etc/postfix/access file is used to define the users and system which have access to use the postfix server. 17.3.3.Mailbox The directory /var/spool/mail contains files corresponding to the user name of each user having access to the postfix mail server. The files act as mailbox. The incoming mail of the users processed by the postfix server is kept in the file. For example for a user named jack the mailbox will be /var/spool/mail/jack.
152
17.3.4./var/spool/postfix The directory contains a list of directories to temporarily store the mails. [root@localhost mail]# cd /var/spool/postfix;ls active corrupt deferred hold bounce defer flush
maildrop private saved
incoming pid
public trace
In above example the directory /var/spool/postfix contains the sub directories incoming to temporarily store the incoming mails which have not been delivered yet. Bounce to temporarily store the bounced mails. 17.3.5.Log files The log information about the postfix server is logged in the file /var/log/maillog,/var/log/maillog.1,and /var/log/maillog.2. The file /var/log/maillog.2 contains log information about each and every mail received and send by the postfix server. 17.4.Switching MTA
On a Red Hat Linux box the sendmail and postfix both the servers are installed but the sendmail is used as the default MTA. The postfix server is treated as an alternative service to the sendmail server. The alternatives services and the default services are defined in the directory /var/lib/alternatives directory and the /etc/alternatives directory. The contents of the directory /etc/alternatives display the default services configured on the system. The directory contain the entry mta-sendmail this makes sendmail as the default mail server. The /var/lib/alternatives directory contains file mta which lists other mail servers. To switch between the mail services from desktop perform following actions System Tools --> Mail Transport Agent Switcher. In the window displayed choose the postfix as the alternate mail server.
153
Then use the following commands to stop the sendmail server and start the postfix server. [root@localhost alternatives]# service sendmail stop Shutting down sm-client:
[ OK ]
Shutting down sendmail:
[ OK ]
the default sendmail server s stopped and the below command is used to start the postfix server. [root@localhost alternatives]# service postfix start Starting postfix:
[ OK ]
The postfix server takes the mail transport agent work in place of sendmail. It replaces the sendmail components and uses the postfix components but the location of the mailbox and the log files remain same in both the services. The user sending mail and receiving mail don’t see any difference as there is change only in the transport agent. 17.5.Dovecot
The dovecot is used to configure the IMAP and POP3.IMAP stands for Internet message Access Protocol and POP3 stands for Post Office Protocol.The mailboxes of sendmail and postfix are one single file so the above protocols are used to access the mails. 17.5.1.Starting Dovecot To enable the dovecot service use the command chkconfig dovecot on and to start the dovecot service use the command service dovecot start 17.5.2.Configuration file The main configuration file for the dovecot service is /etc/dovecot.conf.The sample format of the /etc/dovecot.conf file is # Base directory where to store runtime data. base_dir = /var/run/dovecot/
154
base_dir option sets the location where dovecot will store the run time data. The base_dir will contain the file master.pid file which contains the PID of the dovecot service. protocols = imap imaps pop3 pop3s protocols option sets the protocols which the dovecot listens. Above example sets the dovecot to listen imap,imaps,pop3 ,and pop3s protocols. # specify different ports for IMAP/POP3. For example: protocol imap { listen = *:10143 ssl_listen = *:10943 .. } the above part sets the port for the imap. Different ports are used for different protocols. # Log file to use for error messages, instead of sending them to syslog .# /dev/stderr can be used to log into stderr. log_path =/var/log/dovecot.log # Log file to use for informational and debug messages. # Default is the same as log_path. info_log_path =/var/log/dovecot.log The log_path and the info_log_path sets the log file paths where the dovecot will log the informational messages and error messages. # Maximum number of running mail processes. When this limit is reached, # new users aren't allowed to log in. max_mail_processes = 1024
155
max_mail_processes defines the maximum number of mail processes that can run simultaneously
18.NETWORK SECURITY 18.1.Overview
Network security is becoming a vital and challenging task. If a system is connected with network then the administrator should pay considerable attention to network security. 18.2.The daemon xinetd
The daemon xinetd is started when the system boots and listens on lot of ports corresponding to the services configured in the configuration file of the xinetd daemon /etc/xinetd.conf. The directory /etc/xinetd.d contains files corresponding to the services which xinetd will start if connection is made to that port number. These services are called on demand services and can be seen using the command [root@localhost xinetd.d]# system-config-services
or by viewing the contents of the directory /etc/xinetd.d [root@localhost ~]# cd /etc/xinetd.d;ls chargen-dgram daytime-dgram discard-stream rsync time-dgram
156
chargen-stream daytime-stream echo-dgram tcpmux-server time-stream cvs dgram echo-stream
discard-
tftp
Each file correspond to a service which xinetd automatically starts when connection is made to that port. This on demand services should not be accessible by everyone. The access can be made selective by the use of TCP wrappers. 18.3.Using TCP wrappers
The tcpd (tcp wrapper daemon) program can be set up to monitor incoming requests for xinetd services or in other words the services which xinetd supports and also services that have one to one mapping onto executable files. If tcp wrapper is used then if a client makes connection at a port for services like finger,talk,telnet,and rsh ( xinetd service) then at first tcp wrapper daemon determines whether the connection will be allowed or refused. If the connection is allowed then the corresponding service is invoked to listen at the port. The tcpd authenticates the client using the files /etc/hosts.allow and /etc/hosts.deny. 18.3.1./etc/hosts.allow It contains the list of ip address and subnet masks of clients who are allowed connection. This file is first scanned by tcpd. 18.3.2./etc/hosts.deny Iit contains the list of ip address and subnet masks of clients who are not allowed connection. This file is scanned by tcpd after scanning the /etc/hosts.allow file. If an address is not specified in any file then the connection is allowed. Format of the files /etc/hosts.allow and /etc/hosts.deny are same. The keyword ALL is specified for all clients. For example in.telnetd: .example.com fingerd: ALL the connection for the telnet is allowed for clients from domain example.com and connection for the finger is allowed for all the clients.
157
The service daemon is listed on the left if two service daemons are to be listed then the daemons are separated by comma (,) character. The semicolon acts as a separator between the daemon names and the address part. If multiple address is to be mentioned then the addresses are separated by comma. The ALL flag enables user to make the files as restrictive as it can be made. This enhances security. 18.4.Security Level Configuration
The Security Level Configuration utility is used to set the security level of the system. To invoke the Security Level Configuration utility enter the below command in the terminal window [root@localhost ~]# system-config-securitylevel
On the Firewall Options tab the user can set the firewall is enabled or disabled. The trusted services are allowed to pass through the firewall. On the other ports the user can add the trusted ports by clicking on the Add button clicking on the Add button displays the below panel
158
On the add port panel the user can enter the port and also the protocol (tcp and udp).after entering the value press ok. The user can click on the Advanced options tab to add a file containing iptable rules in the iptables save format. This allows user to add more complex rules and also customize the fire-
wall.
The user can browse and upload the file containing the user defined rules. After making the changes click on apply and then OK.
159
18.4.1.Configuration files There are two configuration files /etc/sysconfig/iptables and /etc/sysconfig/iptables-config. The file /etc/sysconfig/iptables contains the security level currently imposed on the system. This file is written by the Security Level Configuration utility. The file /etc/sysconfig/iptables-config is used to, load additional iptables modules. The additional modules help in NAT filtering and helpers. The sample /etc/sysconfig/iptables-config file is IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp" The directive IPTABLES_MODULES defines the modules which are loaded. In above example the modules ip_conntrack_netbios_ns ip_conntrack_ftp are loaded. # Save current firewall rules on restart. # Value: yes|no, default: no # Saves all firewall rules to /etc/sysconfig/iptables if firewall gets # restarted. IPTABLES_SAVE_ON_RESTART="no" If the value is yes then the rules are saved to the file /etc/sysconfig/iptables. 18.5.Command Reference
Command
Description
iptables -A
To append a security rule in current iptable rule
iptables -D
Delete a rule
iptables -R
Replace a rule
iptables -I
Insert a rule
iptables -L
List all rules
160
iptables-save
Save rules from kernel and install them in a configuration file.
19.PAM AND SELINUX 19.1.PAM
PAM stands for Pluggable Authentication module. PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The configuration file /etc/pam.conf or the files in the directory /etc/pam.d is used for configuring PAM. The contents of the file /etc/pam.conf is ignored if the files in the directory /etc/pam.d are present. 19.2./etc/pam.d
The files in the directory /etc/pam.d correspond to the services which use PAM for authentication. For example the file passwd in the above directory contains the following line #%PAM-1.0 auth
include
account include password include
system-auth system-auth system-auth
the first line is a comment. The second line contains the rule for the PAM. The format of the next lines are or rule lines are type control module- path module-argument The type in above case is auth. PAM allows four types account,password,authentiction,and session.
161
Account – the account type defines access to a service based on the availability of resource, time and other parameters. authentication(auth) – the authentication type prompts the user for a password and if the user provides it then he/she can access the service. Password – the password type is used to update the user information like changing user password. Session –this type is used to perform the jobs (like logging) before a user access a service or after a user access a service. The valid values for the control are include,required,sufficient,and optional. Required – means that pam will return failure if this PAM modules returns failure. let three modules are called and if this module returns false then the resultant will be false but pam will call all the modules which are to be called for the process. Sufficient – means that PAM returns success if this module returns success and other PAM modules will not be called which are to be called for the process. Optional – the success and failure of this module is not important on the overall return value (success or failure) of PAM. The module is important if it is the only module for the service. Include – this module includes all lines given in the configuration file of a specific type. The configuration file is passwd as an argument. The system-auth is the module path. The system-auth module resides in the current directory. Contents of file system-auth auth
required
pam_env.so
auth
sufficient pam_unix.so nullok try_first_pass
auth
requisite
pam_succeed_if.so uid >= 500 quiet
auth
required
pam_deny.so
in the above file the pam modules are called for verification of a user for the service passwd.
162
The PAM modules reside in the directory /lib/security. 19.2.SELinux
SELinux stands for the Security Enhanced Linux. It is flexible access control architecture and provides support for the role based access control and multilevel security. 19.2.1.SELinux administration The SELinux administration utility is used to configure the SELinux. To invoke the SELinux administration enter the below command in the terminal [root@localhost selinux]# system-config-selinux
The user can set the value of SELinux enforcing mode. Three values are allowed enforcing – SELinux policies are enforced. Permissive – SELinux policies are checked but policy issues
warning
instead of enforcement. Disable-- SELinux policies are not enforced that is are disabled. The SELinux administration changes the values in the SELinux configuration file /etc/sysconfig/selinux. The contents of the file are (for the above configuration of SELinux administration)
163
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: #
enforcing - SELinux security policy is enforced.
#
permissive - SELinux prints warnings instead of enforcing.
#
disabled - SELinux is fully disabled.
SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: #
targeted - Only targeted network daemons are protected.
#
strict - Full SELinux protection.
SELINUXTYPE=targeted 19.3.Command Reference
Command semanage
Description Mapping Linux user names to SELinux user identities, security context mapping for network port, interface and hosts and file context mapping.
chcat
Change file or users SELinux security category
chcon
Change the security context of each file to context
semodule
Used to install,remove.list selinux policy modules.
164
O V E R 2 5 0 E X A M P R E PA R AT I O N Q U E S T I O N S
1.
Which is default installer of Red Hat Enterprise Linux?
a. anaconda b. disk druid c. redhatinstaller d. grub Answer – a Explanation – disk druid is the default partition manager for the Red Hat Enterprise Linux. Grub is the default bootloader for the Red Hat Enterprise Linux and anaconda is default installer. 2. After an installation a user wants to see the log information of the installation process. Which file the user should refer? a. /root/anaconda-ks.cfg b. /root/install.log c. /root/install-log.info d. /root/anaconda.log Answer – b Explanation -- /root/anaconda-ks.cfg is the Kickstart file created after successful installation of Red Hat and /root/install.log is default log file. 3. A user wants to use Kickstart file for installing Red Hat Linux. He wants to set the SELinux policy during installation to enforcing. Which line should he add in the Kickstart file? a. set selinux - -enforcing b. selinux - -enforcing c. selinux - -default d. selinux = enforce Answer – b 4. Which line should be added in the Kickstart file to install the bootloader in the Master Boot Record (MBR)? a. bootloader - -location=mbr b. grub - -location=mbr c. grub - -location=hd0 d. bootloader - -location=hd0 Answer – a 5. Which command is entered on the anaconda boot prompt to install using the kickstart file located on the website http://kickstart-file/install/linux.com?
165
a. :anaconda ks=http://kickstart-file/install/linux.com b. :boot ks - -http://kickstart-file/install/linux.com c. :anaconda ks - -http://kickstart-file/install/linux.com d. :boot ks=http://kickstart-file/install/linux.com Answer – d Explanation – The anaconda boot prompt is denoted by: boot. 6.
How many modes can kudzu operate? a. 1 b. 2 c. 3 d. 4 Answer – 2 Explanation – kudzu can operate in two modes xsafe probe mode xno safe probe mode
7. You want to start the kudzu in safe probe mode. What will you add in the configuration file /etc/sysconfig/kudzu? a. SAFE=no b. SAFE=YES c. SAFE=? d. Anything other than no can be used on the left hand side of the assignment. Answer – d Explanation – SAFE=no denotes that kudzu starts in no safe probing mode and anything other than no means that it is started in the safe mode. 8. Which of the following is the default Red Hat Linux bootloader? a. GRUB b. LILO c. DISK DRUID d. ANACONDA Answer – a Explanation – GRUB is the default bootloader of Red Hat Linux. LILO is also bootloader but nowadays it is not used as default bootloader. DISK DRUID is the default partition manager in Red Hat Linux. 9. Which two partitions are necessary for Red Hat Linux installation? a. /, /usr b. /home, swap c. /boot, /home d. /, swap Answer -- d Explanation – The / filesystem is root of the Linux file system structure. So it is mandatory to make a / partition. All other partitions can lie within the / partition. The swap partition is
166
also necessary as Linux uses swap partition as extension of main memory. 10. You have computer 256 MB RAM .What is the size of swap space for good performance of the system? a. 256 MB b. 128 MB c. 512 MB d. 400 MB Answer – c Explanation – For good performance of the system the swap space area should be double of the physical RAM attached with the System. 11. What command is used to invoke the Network Configuration utility? a. system-config-network b. system-config-net c. neat d. system-config-neat Answer – a, c Explanation – system-config-network and neat both the commands can be used to invoke the Network Configuration utility. 12. The file /etc/sysconfig/hwconf is not present on the system. Which files will kudzu query to find out the devices already configure? a. /etc/modprobe.conf b. /etc/sysconfig/lasthwconf c. /etc/modprobe.conf,/etc/X11/xorg.conf,/etc/sysconfig/network-scripts/ifcfg-* d. /etc/modprobe.conf,/etc/X11/xorg.conf Answer – c Explanation -- /etc/modprobe.conf is module configuration file /etc/X11/xorg.conf lists the hardware like monitor, mouse, keyboard which are configured for X./etc/sysconfig/networkscripts/ifcfg-eth0 lists the network device detected if there are more than one network device present then /etc/sysconfig/networkscripts/ifcfg-eth1 lists the second network device detected and so on. 13. Which filesystem contains the configuration files? a. /etc b. /var c. /usr d. /mnt Answer – a
167
14. You have installed Red Hat Linux in your box. You want to see the options you have chosen during the installation process. Which file should you look for? a. no file contains that information b. /root/anaconda-ks.cfg c. /home/anaconda-ks.cfg d. /root/anaconda-ks Answer – b Explanation -- /root/anaconda-ks.cfg is the default kickstart file created by anaconda based on the options chosen during installation. 15. You want to upgrade a system using the kickstart file. Which option will you use in kickstart file? a. upgrade option in line 5 of kickstart file. b. upgrade option in line 1 of kickstart file. c. update option in line 5 of kickstart file. d. update option in line 1 of kickstart file. Answer – b Explanation – install option is used in the first line of kickstart file to show fresh install and upgrade option is used in the first line to show upgrade of a previous installation. 16. You want to see the information about the processes running on your system. Which filesystem will you use to get the information? a. /root b. /boot c. /proc d. /sys Answer – c Explanation -- /proc is pseudo filesystem which contains information about the processes running on the system. 17.You used system-config-date to set the date of your system. Your friend used systemconfig-time for the same purpose. Is there any difference? a. No both are same b. system-config-date is used to set date only. c. system-config-time is used to set time only. d. yes both are different Answer – a
168
18. You have grub bootloader installed on your system. You want to boot the default operating system if user did not make a choice for 10 seconds. Which command will you use in grub configuration file? a. timeout=10 b. timeout=10 secs c. timeout=10 s d. timeout - -10 Answer – a Explanation – The timeout=10 parameter is allowed in the grub configuration file /boot/grub/grub.conf. 19. What is meaning of the option rootnoverify (hd0, 0) in the grub configuration file? a. don’t verify the / partition b. Don’t mount the partition within braces of rootnoverify option. c. Don’t verify the first sector of hard disk. d. mount the partition indicated within the rootnoverify option. Answer – b Explanation – The rootnoverify (hd0, 0) option is used in case there is another operating system installed along with Red Hat Linux. For example if windows is installed along with Red Hat then grub should not try to mount the partition on which windows is installed.
20. You want to boot your Red Hat Linux operating system using kernel2.6.14. What changes should be made in the grub configuration file? a. kernel /vmlinuz-2.6.14 b. kernel /kernel-2.6.14 c. boot /kernel-2.6.14 d. boot /vmlinuz-2.6.14 Answer – a 21. Which process has the PID of 1? a. init b. inittab c. grub d. main Answer – a
169
Explanation – The init process have the PID of 1.it is called father of all processes. During boot process kernel gives control to the init process. 22. You want to reboot your system if a user presses CTRL+ALT+DELETE keys of the keyboard during the boot process. What should you do? a. Add ca::ctrlaltdel:/sbin/shutdown –r now in /etc/inittab file b. Write a shell script for that and keep it in root directory c. Add ca::ctrlaltdel:/sbin/shutdown –h now in /etc/inittab file d. It cannot be done Answer – a Explanation – The init process looks the /etc/inittab file for the processing to be done. The entry captures the CTRL+ALT+DELETE key sequence and the command shutdown –r now is executed. 23. What will happen if runlevel is set to 6? a. Multiuser mode booting b. Multiuser with networking mode c. The system reboots in a loop d. The system comes to halt Answer –c Explanation – In runlevel 0 the system comes to halt and in runlevel 2, 3, and 5 the multiuser mode is active. 24. A user created two scripts S111USERDEF and S85USERDEP which are executed during boot time. Which of the two services will start first? a. S111USERDEF b. S85USERDEP c. At same time d. Can’t be determined. Answer – a Explanation – The numeric digits i.e. 111 and 85 decide the order of run. The digits are compared from left to right taking one digit at a time. Since 1 is less than 8 so S111USERDEF is run first. 25. Which directories contain the boot time scripts for the run level 5? a. /etc/rc.d/rc5.d b. /etc/rc.d/rc.5d c. /etc/rc.d/r5.d d. /etc/rc.d/rcv.d Answer – a 26. A runlevel script has the line #chkconfig 345 25 75. What is the meaning of this line? a. It is a comment b. It denotes that the script will run in runlevel 3,4,5 c. It denotes that the script will run in runlevel 3, 4, 5 and the start priority is 25 and the stop priority is 75.
170
d. The line gives an error Answer –c 27. Which command is used to get the previous run level of a system? a. runlevel b. prevrunlevel c. lastrunlevel d. prevrun Answer – a Explanation – the runlevel command is used to get the current run level and the previous runlevel of a system. 28. The output of the runlevel command is N 5. What does it mean? a. Previous runlevel of the system was N b. The current runlevel of the system is N. c. The previous runlevel of the system was 5 d. The runlevel of the system was never changed from 5 so the previous runlevel is displayed as N. Answer – d 29. Which command is used to change the current run level? a. telinit b. runlevel c. init d. chgrunlevel Answer – a 30. You want to enable a service service-name for current run level (run level 5). Which command will you use to do so? a. runlevel service-name on b. enable service-name c. chkconfig service-name on d. chkconfig service-name enable Answer -- c Explanation – the chkconfig command is used to enable a service, disable a service and lists the status of a service or services. 31. The httpd service is enabled in the runlevel 5 but it is not running. How will the problem resolve? a. service httpd start b. chkconfig httpd start c. chkconfig httpd on d. service httpd on Answer – a
171
Explanation – the service httpd needs to be started for that the service httpd start command is used. 32. Which command is used to start the service configuration utility? a. serviceconf b. system-config-services c. serviceconf, system-config-services d. None of these Answer – c 33. How will you view the status of all the services in all the runlevel? a. Using chkconfig all b. Using chkconfig –list c. Using chkconfig –all d. Using chkconfig list Answer – b Explanation – the chkconfig –list gives the listing of all the services in different run levels with the status of services as on or off. 34. Which directory contains the run level scripts of all the runlevel? a. /etc/rc.d/rc.all b. /etc/rc.d/init.d c. /etc/rc.d/all.d d. /etc/rc.d/rcall.d Answer – b Explanation – The directory /etc/rc.d/init.d contains all the runlevel scripts and the directories /etc/rc.d/rc*.d contain symbolic links to the scripts of directory /etc/rc.d/init.d 35. Which filesystem is not mounted on disk partition? a. /etc b. /home c. /usr d. /proc Answer – d Explanation – The proc filesystem is virtual filesystem (it is not mounted on a disk partition) which contains the process and system information. 36. Which file contains the static information about the filesystem? a. /etc/mtab b. /etc/fstab c. /etc/ftab
172
d.
/etc/mstab Answer – b Explanation – The file /etc/fstab contains mount point, filesystem type, and other options. 37. Which filesystem contains the information about the filesystem currently mounted on the system? a. /etc/fstab b. /etc/mtab c. /etc/mstab d. /etc/ftab Answer – b Explanation -- /etc/mtab contains the information about the filesystem currently used by a running system. 38. A user wants don’t want to mount the /home partition automatically at boot time. What should he do? a. Add noauto option in fourth field of /etc/fstab b. Add notauto option in fourth field of /etc/fstab c. Add noauto option in fourth field of /etc/mtab d. Add notauto option in fourth field of /etc/mstab Answer –a Explanation – At boot time the /etc/fstab file is scanned for information about the filesystem to be mounted. If noauto option is used the filesystem is not automatically mounted. 39. Which command is used to see the listing of filesystem currently mounted on the system? a. fdisk -l b. fdisk –m c. mount –t d. mount Answer – d Explanation – fdisk command is used for creating new partition and view all the partitions of the hard disk. 40. A system has windows and Red Hat Linux installed on it. The user wants to access files kept in the /dev/sda6 partition with the vfat filesystem type. What should he/she do? a. mount vfat /dev/sda6 /mnt/win b. mount –t vfat /dev/sda6 /mnt/win c. fdisk –t vfat /dev/sda6 /mnt/win d. mount –t vfat /mnt/win /dev/sda6 Answer – b Explanation – The mount command has the form mount –t filesystem-type source partition target partition
173
to mount a source filesystem on target directory. 41. Which command is used to create vfat filesystem on a re writable CDROM? a. mkfs -t vfat /dev/cdrom b. mkfs.vfat /dev/cdrom c. Both of above d. None of above Answer – c Explanation – The mkfs –t vfat is frontend of the command mkfs.vfat. 42. Which configuration file is used while creating ext3 filesystem on a partition using the mke2fs command? a. /etc/ext3.conf b. /etc/mke2fs.conf c. /etc/mkfs/mke2fs.conf d. None of above Answer – b 43. A file is created using the below command dd if=/dev/zero of=/home/demo bs=1000000 count=2.What is the size of the file /home/demo? a. 20MB b. 2MB c. 2GB d. The command is wrong Answer – b Explanation – The bs option denotes the blocksize and count denotes the number of that. So the size of the file is 1000000 * 2 = 2 MB. 44. Which command is used to create a swap filesystem on a device or file? a. createswap b. mkfs c. mkswap d. swapon Answer – c 45. Your system has a swap partition on /dev/sda3 and another swap partition on /dev/sda5.How will you decide which swap partition is active? a. cat /proc/swaps b. fdisk –l c. cat /proc/swap d. None of above Answer – a Explanation -- /proc/swaps contain the entries
174
of the entire active swap space of the system. The contents of the file can be viewed using cat command. 46. Which command is used to check a device for badblocks? a. fsck b. mkfs c. chkfs d. badblocks Answer – d 47. A user ran command badblocks -w on a device containing important data files. What will be the problem? a. No problem b. Data on the device will be erased c. Data on device will not be erased d. -w is invalid option to badblocks command Answer – b Explanation – The data is not deleted if the badblocks command is used without option or with –n option. 48. How will you check the status of the automount daemon? a. /etc/rc.d/init.d/autofs status b. /etc/init.d/autofs status c. /etc/rc.d/init.d/automount status d. /etc/rc.d/init.d/autofs - -status Answer –b Explanation -- /etc/rc.d/init.d/autofs controls the operation of the automount daemon. 49. Which configuration file does /etc/rc.d/init.d/autofs use? a. /etc/autofs.conf b. /etc/auto.conf c. /etc/auto.master d. /etc/autofs.master Answer –c 50. Which command is used to create a raid device of level 5 using devices /dev/sda1, /dev/sda2? a. mdadm - -create /dev/md0 - -level=5 - -raid devices=2 /dev/sda1 /dev/sda2 b. mdadm - -create /dev/md1 - -level 5 - -raid devices=2 /dev/sda1 /dev/sda2 c. mdadm - -create /dev/md0 - -level=5 - -raid devices= /dev/sda1 /dev/sda2 d. mdadm - -create /dev/md0 - -level=5 devices=2 /dev/sda1 /dev/sda2 Answer – a Explanation – In second option - -level= should be used. In the third option - -raid
175
devices=n where n is no of devices is missing, In fourth option - -raid is missing from - -raid devices. 51. A raid device contains four devices. How will you remove one of the devices from the raid device? a. mdadm raid-device-name –r device-name b. mdadm device-name –r raid-device-name c. mdadm –r raid-device-name device-name d. mdadm –r device-name raid-device-name Answer – a 52. Which command is used to create volume group? a. vgcreate b. vgextend c. volgrpcr d. pvcreate Answer – a Explanation – vgcreate is used to create a new volume group and vgextend is used to extend an existing volume group. 53. Which directory contains entry for the logical volume group lvol0 created by a user in the volume group vol_grp? a. No directory has the entry b. /dev/vol_grp c. /home/vol_grp d. /sys/vol_grp Answer – b Explanation – The directory /dev/vol_grp contains lvol0 entry corresponding to the logical volume lvol0. 54. Which command is used to invoke the Logical Volume Management utility? a. System-config-lv b. System-config-lvm c. System-config-logman d. There is no such utility Answer – b 55. Which of the following should be created first before creating the Logical volume? a. Physical volume b. Volume group c. None of them d. Both of them Answer – d Explanation –Physical volume is to be initialized first and then the volume group is to be created before creating Logical volume. 56.
Which file and directory yum does look for information about the software
176
repositories? a. /etc/yum.conf b. /etc/yum.conf.d c. Both of them d. None of them Answer – c Explanation – it looks for the configuration file /etc/yum.conf and then looks for the files in the directory /etc/yum.conf.d 57. What is full form of yum? a. Yellow dog updater modified b. Yellow umbrella c. Yellow updater modified d. Yellow software updater modified Answer – a 58. What is the importance of option gpgcheck=1 in /etc/yum.conf file? a. The gpgkeys of packages are checked before install or update b. The gpgkeys of packages are not checked before install or update c. The gpgkeys of packages are checked before install only d. The gpgkeys of packages are checked before update only Answer – a Explanation – Usually the gpgkeys are installed before adding any software repository. If the gpgkey option is 1 then the packages are checked for the gpgkeys before installing or updating the packages. 59. A user ran yum command to install a package. Then he went for a cup of coffee. The install completed before his return. How can user decide whether the install was successful or failure? a. He can’t decide b. Looking at /etc/yum.conf file c. Looking at /etc/yum.conf.d directory d. Looking at /var/log/yum.log Answer – d Explanation – The log file of the yum command is /var/log/yum.log. The status of yum commands execution will be logged there. User can use the file to decide the install was successful or failure. 60. What are the levels of rpm configuration file? a. User, global b. User,system,global c. Sytem,global d. User, system Answer – b Explanation – The rpm command uses the two global configuration file /usr/lib/rpm/rpmrc and /usr/lib/rpm/redhat/rpmrc. It uses /etc/rpmrc configuration file which is configuration file specific to a system. The configuration file .rpmrc in the home directory of a user is the user
177
level rpm configuration file. 61. Where does the rpm package information kept? a. /var/lib/rpm/* b. /var/log/rpm/* c. /var/lib/rpm/db/* d. /var/lib/rpmdb/* Answer – a Explanation – The rpm command uses the /var/lib/rpm/* directory as the database for storing rpm package information. 62. A user used the command rpm –U package-name to install the package packagename which is not previously installed on the system. Is the command correct? a. No use rpm -v b. Yes c. No use rpm-q d. No it is used for update only Answer –b Explanation – The command rpm –U is used to upgrade a previously installed package and if the package is not installed in the system then it installs the package. 63. What is the difference between rpm –U and rpm –F commands? a. rpm –U installs a package if it is not installed previously b. rpm –F installs a package if it is not installed previously c. Both command do same function d. None of the above Answer – a Explanation – The command rpm –U updates a previously installed package but installs a new package and the command rpm –F updates a previously installed package but does not installs a new package. 64. Which is a valid rpm command? a. rpm –ieh b. rpm –Ueh c. rpm –ivvh d. rpm –iF Answer – c Explanation – the options -v (verbose information),-vv (verbose lots of information) and h (prints hash marks are rpm options which can be used with other options. The options i.e. and e, U and e, F are mutually exclusive. 65. Your software vendor informed you that package-name.rpm has been installed in your machine. How will you check vendor’s statement? a. There is no way to check vendor’s statement. b. Using system monitor c. rpm –q package-name d. yum install package-name
178
Answer – c Explanation – rpm –q package-name queries the rpm package database and finds out information about the package-name.yum install is used to install the package packagename.system monitor is used to view system information. 66. You have downloaded a package in tar.gz format. How will you uncompress the file? a. Using tar xvf b. Using gunzip followed by tar xvf c. Using tar xvf followed by gunzip d. Using bzip2 followed by tar xvf Answer – b Explanation – gunzip uncompressed the tar.gz file into .tar format and then the command tar xvf is used to uncompress the tar file. 67. What is the difference between the commands tar xvf and tar xvfz? a. No difference b. xvfz compresses a .tar file but xvf uncompress a .tar file c. xvfz uncompress a .tar.gz file but xvf uncompress a .tar file d. xvfz is verbose mode of command xvf Answer – c 68. What does command bzip2 does? a. bzip2 –d uncompress a tar.bz2 file b. bzip2 –d creates a tar.bz2 file c. bzip2 is used to uncompress .zip file d. bzip2 is used to compress a file to .zip format. Answer – a Explanation – bzip2 command is used to create and decompress a bz2 file.bzip2 –c is used to create .bz2 file and –d option is used to uncompress a .bz2 file. 69. Which utility is used to manage packages on a Red Hat box? a. Package manager b. Package management c. Package Admin d. Package manage Answer – a 70. Which command is used to invoke a Package Manager? a. system-config-package b. system-config-manage c. system-config-packages d. system-config-manages Answer – c
179
71. Which file does contain global options to the bash shell? a. /etc/bash b. /etc/bash.conf c. /etc/bashrc.conf d. /etc/bashrc Answer – d 72. Which file does define the default values to be used while creating the user account? a. /etc/user.defs b. /etc/login.defs c. /etc/userdefs d. /etc/login.conf Answer – b Explanation – The file contains the default values to be used while creating a user account. The default values can be overridden on the command line. 73. You want to create a user account john. The mail box of john should lie in the directory /var/temp.What line will you add in the file /etc/login.defs? a. MAIL_DIR=/var/temp b. MAIL_BOX=/var/temp c. MAIL_JOHN=/var/temp d. MAIL_CONFIG=/var/temp Answer – a Explanation – The line MAIL_DIR is used to denote the directory where mailbox of a user will reside. 74. Which directory contains the initial login and startup scripts? a. /etc/skel b. /etc/login.defs c. /etc/login d. /etc/initial Answer – a Explanation -- /etc/skel directory contains the initial login and a startup scripts.The content of /etc/skel is copied to the home directory of user when the user account is created. 75. A user wants to override the default values used for bash shell. What action should be taken by him? a. Creating a .bashrc file in home directory of user b. Creating a .bash file in home directory of user c. Editing the /etc/bashrc file. d. Creating a .bashrc file in home directory of user Answer – a Explanation – The .bashrc file in the home directory of the user is used to override the default values used for bash shell. 76.
A user Matt have a user id of 400.What is the significance of it?
180
a. User id 400 is of root user b. A user cannot have user id 400 c. Matt is an administrative user. d. Matt is a non administrative user. Answer – c Explanation – User id less than 500 are reserved for the administrative users. So matt is an administrative user. 77. Which file does contain the password of user? a. /etc/passwd b. /etc/pass c. /etc/password d. None of these Answer – d Explanation – The file /etc/shadow contains the user login name and encrypted password. The file/etc/passwd contains information about the user but at the place of passwd x character is written. 78. A new user is working on the /bin/tcsh shell. He wants the bash shell. What command will the system administrator execute? a. usermod –s /bin/bash new-user b. usermod –s /bin/bash c. useradd –D –s /bin/bash new-user d. usermod –D –s /bin/bash Answer – a Explanation – usermod command is used to modify the user information. 79. System Administrator wants to delete the account of user user1 along with the home directory of the user user1.What should be his approach? a. userdel user1 b. userdel –r user1 c. userdel –h /home/user1 user1 d. userdel –r /home/user1 user1 Answer – b Explanation – The command userdel –r user1 is used to delete the account of a user along with his/her home directory. If the –r option is not used then the home directory of the user is not deleted. 80. Which graphical utility is used to manage users? a. User Manger b. User Administrator c. User Admin d. User Configuration Answer – a Explanation –User Manager is used to create, delete, and modify user and group information. 81.
Which command is used to invoke user Manager Utility?
181
a. system-config-user b. system-config-usr c. system-config-users d. system-config-usrs Answer – c 82. Which command is used to change the password of the root user? a. passwd root b. su – c. su root d. passwd Answer – d Explanation – The format of passwd command id passwd user-name. It means the password of user user-name is to be changed. If the command passwd is used alone it means the password of root user is to be changed. 83. Which file does contain the information about the groups in a system? a. /etc/gpasswd b. /etc/passwd c. /etc/group d. /etc/groups Answer – d 84. The system administrator wants to see the disk space used up by user Jack. What sh0uld he do? a. Ask jack about the disk space usage b. df /home/jack c. space /home/jack d. df /home Answer – b Explanation -- The df command is used to display the amount of space available on a filesystem. 85. Which command is used to change password of a group? a. grpasswd b. grppasswd c. gpasswd d. gpassword Answer – c 86. A user wants to list the space used up by files and subdirectories of his home directory. What should he do? a. Check each file size and subdirectory size b. Ask the system administrator c. du /home/user d. df /home/user Answer – c Explanation – The du command is used to check the space used by the files and subfolders of a
182
directory 87. A user ran su – command in a terminal (terminal1) and got privilege of root user. He then opened a new terminal and ran command to mount a filesystem. Will the command execute successfully? a. No su – command don’t give root privilege b. Yes c. Yes he has to enter the root password d. No as it is different terminal session he won’t have root privilege in this session. Answer – d 88. A root user used the command su – user-name where user-name is a non administrative user.Will root has to enter the user’s password? a. Yes root user will have to enter user’s password b. No the shell will prompt for password of user-name but root can choose not to enter the password c. If root don’t enter user-name’s password then he won’t be able to execute user-name’s files d. No shell won’t prompt for user-name’s password Answer – d 89. How will you edit /etc/sudoers file? a. Using gedit b. Using vi c. Using visudo d. Using geditsudo Answer – c Explanation – the visudo command is used to edit the /etc/sudoers file. 90. A user Vishnu is member of group demo. The group demo is defined with the privilege of command shutdown –h now in /etc/sudoers file. Does Vishnu have privilege to run the command shutdown –h now? a. Yes he can use shutdown –h now b. No he can’t use the command directly c. Yes he will have to use sudo shutdown –h now d. Yes he will have to use visudo shutdown –h now Answer – c Explanation – The commands should be prefixed by the sudo command. 91. A user entered the command chown : file-name. What will happen ? a. Nothing b. The user and group of the file will change to that of user’s c. The user of the file will change to that of user’s d. The group of the file will change to that of group’s Answer – a Explanation -- chown owner: group file-name case 1 if only owner is specified but group is not specified then the file owner is changed to owner and the file group is changed to that of login group of owner.
183
Case 2 if owner and group both are specified then the file owner is changed to owner and file group is changed to group. Case 3 if owner is not specified but group is specified then the group of file is changed to that of group case 4 if owner and group both are not specified then nothing happens. 92. A user issues the chown user-name-group-name file-name command on a file filename which belongs to the root user. What will happen? a. He gets an error b. The owner of the file will change c. The group of the file will change d. Nothing happens Answer – a Explanation – The user don’t have privilege to change the file permissions of root user so he gets an error. 93. System administrator wants to see the users currently logged into the system and the processes run by them. Which command will help the system administrator? a. W b. Users c. All d. None of these Answer – a Explanation – The w command is used to view the users who are logged on the system and the processes run by them. It also shows the time for which the system is running and the load average of the system. 94. Which command shows the virtual memory statistics of a system? a. Iostat b. Vmstat c. Virtual d. All of these Answer – b Explanation -- The vmstat command is used to displays the virtual memory statistics 95. What does free command do? a. Frees RAM memory b. Frees swap memory c. gives the amount of free and used memory space of the system d. gives the amount of free and used memory of a filesystem Answer – c 96. A user issues a command kill 0.What will be the impact of the command? a. All process with pid >0 are re signaled. b. Gives an error c. Process with pid 0 is re signaled d. all processes in current process are signaled.
184
Answer – d 97. May a process have pid of 0? a. No process can have pid of 0 b. Yes init process have pid of 0 c. Boot process have pid of 0 d. A process pid can be set to 0 using renice command Answer – a Explanation – The lowest pid that a process can have is 1 which is pid of init process ( init is called father of all processes).no other process can have pid of 1 or lower than that. 98. Which utility is used to see system log information? a. Log Manager b. System Log Manager c. System Log Viewer d. Log Configuration Answer – c 99. Which utility is used to view various system information like CPU usage, network information, memory and swap information, process information? a. System Monitor b. System Information c. System Administration d. SystemManager Answer – a 100. Which of the following information does top command not give? a. number of users currently logged on b. load average of the system c. total number of processes, no of processes active, no of processes sleeping, no of zombie processes d. network usage information Answer – d Explanation -- The top command gives various information about the system number of users currently logged on load average of the system total number of processes, no of processes active, no of processes sleeping, no of zombie processes usage detail of swap memory usage detail of RAM memory the information about the processes of the system like PID (process identification number), percent CPU usage, % memory usage, the command used for invoking the process. 101. Which file does the command uptime use to present the output? a. /proc/uptime b. /proc/sys/uptime c. /sys/uptime d. It don’t use any file Answer – a Explanation – The uptime command uses the file /proc/uptime for the information and formats them in user readable format.
185
102. What is SIGKILL? a. It is a signal used with kill command generally b. It is a command c. None of above d. Both of them Answer – a Explanation – The SIGKILL is used to signal a process. For example kill –SIGKILL 5009 command gives the signal SIGKILL to process with pid 5009. 103. Which command is used to print the processor type of a system? a. uname -r b. uname -n c. uname -p d. uname -k Answer – c Explanation -- the command uname is used to print various system information.uname -a prints all the information about the system. 104. Which file contains the list of currently loaded modules in the kernel? a. /proc/module b. /proc/modules c. /proc/mod d. no such file is there Answer – b Explanation – The lsmod command is also used to list the modules currently loaded into kernel. The file /proc/modules also contain the same information. 105. A user wants to see the filename of a module currently loaded into the kernel. what should he do? a. modinfo modulename b. infomod modulename c. lsmod modulename d. modprobe modulename Answer – a Explanation –modinfo gives the details of a module loaded into the kernel. 106.
A user issues command insmod -.What will happen? a. Error will occur b. lists all the modules of kernel2.6.14 c. file name should be given from sysin d. none of the above Answer –c Explanation -- The insmod command is used to insert a driver module into the kernel. The format of the insmod command is insmod file-name
186
if the file-name is – then the module is taken from the standard input. 107. The module A is dependent on module B. which command should be used to load the module A into kernel? a. insmod b. modprobe c. rmmod d. modinfo Answer – b Explanation -- The modprobe command inserts other modules which are dependent on the module being inserted using the command.insmod loads only the module mentioned on the command line.
108.
Which command is used to remove a module from the kernel? a. Modprobe -a b. modprobe -b c. modprobe -r d. modprobe -d Answer – c 109.
Which configuration file and directory does modprobe command refer? a. /etc/modprobe.conf b. none of them c. /etc/modprobe.d d. both of them Answer – d Explanation – modprobe looks for the configuration file /etc/modprobe.conf (if the file is present) and in the directory /etc/modprobe.d. 110. On business requirement your client wants to run the process A (already running on the system) with increased priority. What command does administrator use? a. nice b. renice c. priority d. schedule Answer – b 111. The command renice 5 -u Jack is issued. What will happen? a. Error occurs no pid mentioned b. process priority of all processes belonging to user is changed to 5 c. no change in priority d. priority 5 not allowed Answer – b Explanation -- If the renice command is issued on user then the process priority of all processes of the user changes
187
112. A user issues two commands back to back dmesg -c dmesg What will be the output of second command? a. No output b. kernel messages displayed c. error d. help options displayed for dmesg Answer – a Explanation – dmesg when used with the -c option clears the kernel ring buffer. so dmesg command prints no output. 113. In which file is cron utility log the messages? a. /var/log/cron b. /var/log/cron/cron.log c. /var/log/cron.log d. none of the above Answer – a 114. Which configuration file does syslogd use? a. /etc/sysconfig/syslog b. /etc/sysconfig/syslog.conf c. /etc/syslog d. /etc/syslog.conf Answer --d 115. A user wants to log the boot messages in the file /var/log/boot. Which file should he/she edit? a. /etc/sysconfig/syslog b. /etc/sysconfig/syslog.conf c. /etc/syslog d. /etc/syslog.conf Answer – d Explanation – syslogd supports the system logging. It uses the configuration file /etc/syslog.conf. The file defines the files where different system messages will be written. 116. Which file does contain the pid of klogd daemon? a. /var/run/klogd.pid b. /var/klogd.pid c. /var/run/klog.pid d. /var/run/klogd Answer –a
a.
117. System administrator wants to allow the user Mac to access the at facility. What system administrator does? Add name on mac in /etc/at.allow
188
b. Add name on mac in /etc/at c. don't add name on mac in /etc/at.deny d. any of the above Answer – a Explanation -- The file /etc/at.allow lists the name of the users who are allowed to use the at command. If the /etc/at.deny command lists the name of the users who can't use the at command. 118. System administrator allows users Jack and Jill to use at facility. what will be content of file /etc/at.allow? a. Jack,jill b. jack:jill c. jack;jill d. jack e. jill Answer – d Explanation -- The user names should be one in a line and there should not be whitespaces between the username (on a line). 119. On a system the files /etc/at.allow and /etc/at.deny are not present. Which users can use the at facility? a. All the users of system b. no user of the system c. only root user d. error condition Answer – c
120. Which command is used to list all the scheduled jobs? a. at -l b. none of them c. both of them d. atq Answer – c Explanation -- atq the atq command is used to list the scheduled job. Same as at -l. 121. In which directory the jobs scheduled by the batch command spooled? a. /var/spool/at b. /var/spool/batch c. /var/spool/at.spool d. /var/spool/batch.spool Answer – a Explanation -- The scheduled jobs which are submitted using the at command and batch command are spooled in the directory /var/spool/at. The files contain the information about the commands along with the environment under which the commands were scheduled. 122.
Which command is used to create a crontab file?
189
a. crontab -l b. crontab -e c. crontab -d d. crontab -k Answer – b Explanation -- The crontab -e command is used to create a crontab file. The crontab file is created in the /var/spool/cron directory. The name of the file is same as the name of the user. 123. Which file is system crontab file? a. /etc/crontab b. /etc/cron c. none of the above d. /etc/cron.conf Answer – c Explanation -- the file /etc/crontab file is system crontab file. The cron daemon reads the /etc/crontab file. 124. Which command is used to start the Apache web server? a. service http start b. service httpd start c. service httpd on d. service http on Answer – b 125. Which file does contain the pid of the httpd daemon? a. /var/run/http.pid b. /var/run/httpd.pid c. /var/run/http d. /var/run/httpd Answer – b 126. Which directory contains the library modules for the httpd server? a. /usr/lib/httpd/modules b. /usr/lib/httpd/module c. /lib/httpd/modules d. /lib/httpd/module Answer – b 127. Which file does contain the configuration information about the httpd server? a. /etc/httpd.conf b. /etc/httpd/conf c. /etc/httpd/conf/httpd.conf d. /etc/httpd/conf.d Answer – c Explanation -- The Apache web server configuration directory is /etc/httpd. The conf sub directory of /etc/httpd directory contains the main Apache configuration file httpd.conf.
190
128. In the /etc/httpd/conf/httpd.conf file the user set the directive ServerRoot “/etc/demo”. What will be the impact? a. The top of the directory tree under which the server's configuration, error, and log files are kept will be /etc/demo. b. Error value c. no changes d. ServerRoot is not a directive. Answer – a Explanation – ServerRoot directive defines The top of the directory tree under which the server's configuration, error, and log files are kept 129. What is the content of /etc/httpd/conf.d directory? a. Configuration file related to Apache client b. load libraries related to Apache server c. nothing d. The conf.d contains the configuration files relating to the languages (like Python, Perl, and PHP), database (Mysql) and the authorization modules. Answer – d
130. What are the sections of Apache web server main configuration file /etc/httpd/conf/httpd.conf? a. Configuration directives for Apache web server process as whole. b. Configuration parameters for the main server c. Settings for virtual hosts. d. All of the above Answer –d 131. Which is the graphical utility for httpd server configuration? a. HTTPD Server Configuration b. HTTP Server Configuration c. HTTP Configuration d. HTTPD Configuration Answer – b
132. Which command invokes the HTTP Server Configuration utility? a. system-config-httpd b. system-config-http c. system-config-https d. system-config-httpconf Answer – a
133. The DocumentRoot directive of main apache web server configuration file is set to “/home/demo”. Where the users need to put the html files to be served by the server in response of client request?
191
a. /home/demo b. /var/www/html c. both of them d. none of them Answer – a Explanation – DocumentRoot defines the directory where the user will place the contents or files he/she wants to get handled by the web server. For example if you create an index.html file and kept it in this directory and opened the address http://localhost using any web browser then the contents of index.html file will be displayed.
134. What are the possible values of LogLevel directive in Apache web server main configuration file? a. Warn b. debug c. none of them d. all of them Answer – d Explanation -- debug info, notice, warn, error, crit, alert, and emerg are possible value of LogLevel directive.
135. Which directory does contain the log information about the httpd server? a. /var/log/httpd b. /var/log/apache c. /var/log/http d. /var/log/httpd.log Answer --a 136. What are the two main programs consisting Squid server? a. squid,dnssrv b. squid,dns c. squid,dsnserver d. squid,squiddemo Answer – c Explanation -- squid consists of a main server program squid, a Domain Name System lookup program dnsserver and some other modules for authentication and management tasks.
137. Which is the main configuration file for squid server? a. /etc/squid.conf b. /etc/squid/squidd.conf c. /etc/squid/squid.conf d. /etc/squid/sqd.conf Answer – c 138. On which port does squid listen by default for http?
192
a. 3128 b. 80 c. 413 d. 3120 Answer – a
139. An administrator wants to change the default http port that squid listen to 4000.What should he/she do in main squid configuration file? a. httpd_port 4000 b. port 4000 c. httpport 4000 d. http_port 4000 Answer – d Explanation -- http_port define the socket addresses where Squid will listen for HTTP client
140. In what forms does http_port socket address be defined in the squid server main configuration file? a. Port alone b. hostname with port c. none of them d. all of them Answer – d Explanation -- The socket address can be defined in three forms: port alone, hostname with port, and IP address with port. 141. What do you mean by in transit objects in terms of squid server? a. Objects used often b. objects never used c. objects which moved out d. objects that are in use Answer –d
142. What are hot objects in connection with squid server? a. Objects in use b. objects very complex c. objects not in use d. objects used very often Answer –d 143. How will you set the RAM memory used to handle the in transit and hot objects of squid server? a. cache_mem of /etc/squid/squid.conf b. ram_mem of /etc/squid/squid.conf c. RAM_mem of /etc/squid/squid.conf
193
d. mem_ram of /etc/squid/squid.conf Answer – a Explanation – cache_mem sets the cache size (RAM memory used to store the in transit objects that is objects that are in use), hot objects (objects that are used often), and negative cache objects (recent failed requests).
144. Which is the default cache directory for the squid server? a. /var/spool/squid/cache b. /var/spool/squid c. /var/spool/cache d. /var/spool/squid/cachedir Answer – b 145. Which file does contain the pid of the squid server? a. /var/run/squid.pid b. /var/run/squid c. /var/run/squid/squid.pid d. /var/run/squidd.pid Answer – a 146. What is the meaning of the line acl all src 0.0.0.0/0.0.0.0 of main squid server configuration file? a. gives name all to all the addresses b. gives name all to no address c. gives name acl to all the addresses d. gives name src to all the addresses Answer – a Explanation -- The acl tag is used to define access control. the form of acl tag is acl name type string or file 147. An administrator writes the below line in main squid server http_access allow 192.168.56.65. what does it refer? a. 192.168.56.65 can access the http content. b. Wrong format c. allow is invalid d. ip address should be with netmask Answer – a Explanation – http_access define which clients can access the squid server for http contents. 148. Can the line http_access deny all be added in the /etc/squid/squid.conf file? a. No all not allowed b. no deny is not allowed c. yes it can be d. no http_access is not allowed Answer – c
194
Explanation – line means the http content is denied for all the clients. 149. Under which user does squid server run? a. Squid b. root c. squiduser d. all of them Answer – a 150. What is cache manager? a. The cache manager is a cgi utility for displaying information about the squid http proxy process as it runs. b. Used to see amount of cache space used by a process c. nothing d. it is daemon process name of squid server. Answer – a 151. Which is the configuration file for the cache manager? a. /etc/squid/cache.conf b. /etc/squid/cachemanager.conf c. /etc/squid/cachemgr.conf d. /etc/cachemgr.conf Answer – c 152. How is the cache manager invoked? a. Cache-manager command b. using http://server-name/cgi-bin/cachemgr.cgi. c. Using system-config-cache d. all of the above Answer – b Explanation -- The cache manager can be invoked by typing the address http://servername/cgi-bin/cachemgr.cgi.
153. Which is the configuration file for the squid daemon? a. /etc/sysconfig/squid.conf b. /etc/squid/squid.conf c. /etc/sysconfig/squid.d/squid.conf d. /etc/sysconfig/squid Answer – d Explanation -- /etc/sysconfig/squid is configuration file for squid daemon and /etc/squid/squid.conf is configuration file for squid server.
a. b.
154. What does the line SQUID_OPTS="-D" in the squid daemon configuration file mean? Squid can be started without having internet connection load default values from configuration file
195
c. runs squid in safe mode d. all of above Answer – a Explanation -- -D option disables initial dns checks so squid can be started without having internet connection 155. Which command does make squid to reread the configuration file? a. squid -k reconfigure b. squid -k configure c. squid reconfigure d. squid configure Answer – a 156. Which command is used to restart the squid daemon? a. Service squidd restart b. service sqd restart c. /etc/init.d/squid restart d. service squid reload Answer – c 157. Which command is used to start the NFS services? a. Service nfsd start b. service nfs start c. service nfd start d. service nfsd on Answer – b 158. What does the option secure mean in case of /etc/exports file? a. Invalid option b. use PAM c. use SELinux d. none of above Answer – d Explanation -- the client computer should connect using the port below 1024.if the insecure option is specified then any port can be used. 159. An administrator wants to add a NIS group NISGRP in /etc/exports file? Which of the following is true? a. Not possible b. use NISGRP c. use @NISGRP d. use #NISGRP Answer – c Explanation -- The access can also be defined in terms of the NIS group. The nis group can be preceded by the @ of sign before the nis group name. 160.
An administrator wants to add host1 and host2 in /etc/exports file corresponding to
196
the directory /home/user. Which of the following is valid entry? a. Host1,host2 b. host1:host2 c. host1 host2 d. all of above Answer – c Explanation -- Multiple hostnames or Ip address can be entered separated by blank. The combination of ip address and hostname can also be used. 161. A system administrator has made *.example.com entry in the file /etc/exports. Which of the below address match the entry? a. New.myhost.example.com b. myhost.example.com c. both of above d. none of above Answer – b Explanation -- * character matches any number of characters in a domain name that is * matches for myhost (of option b) but not of option a as in option a there was new.myhost (means new belonging to domain myhost) 162. What is meaning of option root_squash in the file /etc/exports? a. Maps root user to client to user jack's account b. don't allow client root user to login c. maps client root user to NFS server root user d. maps the root user of client to anonymous user Answer – d Explanation -- maps the root user of client (uid 0 gid 0) to anonymous uid and gid. The default value of anonymous uid and gid is 65534.The anonymous uid and gid value can be changed by using options anonuid and anongid. 163. Which command is used to export all directories listed in the file /etc/exports? a. Exports b. exportfs c. export d. exportsf Answer – b Explanation -- The directories mentioned in the /etc/exports file can be exported that is made available to the network using the exportfs command or rebooting the system or restarting the NFS service. 164. Which graphical utility is used to create the /etc/exports file? a. NFS Configuration b. NFS Server Configuration c. NFS Server Manager d. NFS Server Administration Answer – b
197
165. Which command is used to invoke the NFS server configuration utility? a. System-config-nfsd b. system-config-nfs c. both of them d. none of them Answer – b 166. What operation is performed before user accesses a NFS directory? a. The directory is mounted b. the directory is unmounted c. no operation is done d. system should be rebooted Answer – a Explanation – before accessing a NFS directory the directory should be mounted using mount command or using autofs 167. Which command is used to display server side NFS information? a. nfsstat -s b. nfsstat -c c. nfs d. nfstat Answer – a Explanation -- The nfsstat command is used to display statistics about the NFS server and client activity 168. Which directory does contain information about the exported directory using the NFS? a. /var/lib/nfs b. /var/log/nfs c. /var/spool/nfs d. /var/log/nfs/nfs.log Answer – a Explanation -- The var/lib/nfs directory is used to keep information about the exported directory. The files xtab, etab, and rmtab files which contain the information about the exported files. 169. Which utility is used to configure samba server? a. Smaba Server configuration b. Samba Server configuration c. Samba configuration d. Smaba configuration Answer – b
a. b. c.
170. Which command is used to invoke the Samba Server Configuration utility? System-config-samba system-config-smb system-config-sambad
198
d. system-config-smbd Answer – a 171. Which of the following is main configuration file of samba server? a. /etc/samba/samba.conf b. /etc/samba.conf c. /etc/samba/smb.conf d. /etc/smb.conf Answer – c 172. Which file does contain the name of the all samba users? a. /etc/samba/smbusers b. /etc/smbusers c. /etc/samba/smbusrs d. /etc/samba/sambausers Answer – a 173. An administrator wants to add a user Jack as samba user. The Unix username and windows user name of Jack are same (it is Jack).what should be the format of entry in samba user file? a. jack=jack b. user=jack c. user:jack d. jack:jack Answer – a Explanation -- The /etc/samba/smbusers file contains the list of samba users. To add a new samba user vishnu as in above case enter below line in the /etc/samba/smbusers file vishnu = vishnu the left hand side denotes the Unix user name and the right hand side denotes the windows user name. 174. Which command is used to start the samba server? a. Service smbd start b. service samba start c. service smb start d. service sambad start Answer – c 175. Which command is used to view the samba server status information? a. smbstatus b. smb status c. smbclient -L d. none of them Answer – c Explanation – the command is used to check whether the samba service is running on the system and the share created on the system is being shared as the user wanted it to be.
199
176. Which command is used to start the ftp server? a. Service ftp start b. service ftpd start c. service vsftpd start d. service vftpd start Answer – c 177. Which is the main configuration file for the vsftpd server? a. /etc/ftpd/vsftpd.conf b. /etc/ftp/vsftpd.conf c. /etc/vsftpd/vsftp.conf d. /etc/vsftpd/vsftpd.conf Answer – d 178. An administrator wants the local users to use the ftp service. which of the following lines is to be added in the ftp server configuration file? a. local_user=YES b. local_users=YES c. local_usr=YES d. local_enable=YES Answer – d Explanation -- local_enable parameter is when set to YES then local users can login to ftp server if set to NO then local users can not login to ftp server.
179. In the main configuration file of ftp server the directive userlist_enable=NO is used. Which users are allowed to login into ftp? a. All users b. no users c. users in file /etc/vsftpd/user_list d. users not in file /etc/vsftpd/user_list Answer – c Explanation -- The /etc/vsftpd/user_list contain list of users which are allowed access if userlist_enable=NO.
180. An administrator wants to list the names of two users John and Jack in /etc/vsftpd/user_list file. Which of the following is valid entry? John, jack john;jack john:jack john
a. b. c. d. jack Answer – d Explanation – the users should be listed one in a line.
200
181. Which files contain the logging information about the ftp server? a. /var/log/vsftp.log b. /var/log/xferlogd c. both of them d. none of them Answer – d Explanation --The file /var/log/vsftpd.log and /var/log/xferlog files contain the logging info about the ftp server. 182. A user wants to copy a file from current directory of remote system to current directory of local system. Which ftp command should he/she use? a. Get b. put c. copy d. paste Answer – a 183. Which command invokes the ftp command prompt? a. vsftp b. sftp c. ftp d. ftpd Answer –c 184. Which graphical utility is used to configure the ftp server? a. Very Secure FTP daemon Configuration b. Very Secure FTP Configuration c. VSFTP daemon Configuration d. VSFTPD Configuration Answer -- a 185. Which command is used to invoke the Very Secure FTP daemon Configuration utility? a. System-config-vsftp b. system-config-ftp c. system-config-ftpd d. system-config-vsftpd Answer –d 186. Which is the main configuration file for the LDAP server? a. /etc/openldap/ldap.conf b. /etc/openldap/openldap.conf c. /etc/ldap/ldap.conf d. /etc/ldap/openldap.conf Answer – a 187.
What is the significance of the sizelimit option in the main configuration file of
201
ldap? a. Memory size limit b. the number of records in ldap c. number of concurrent processes d. specifies the limit of results returned Answer – d Explanation -- SIZELIMIT specifies the limit of results which will be returned when the ldap server is searched. If the value is set to 12 then 12 results will be returned as the output of a search. 188. What is the significance of the timelimit option in the main configuration file of ldap? a. Maximum time taken by ldap to answer a search request b. Minimum time taken by ldap to answer a search request c. Maximum time taken by ldap to add a entry d. none of above Answer – a Explanation -- TIMELIMIT specifies the time limit which the ldap will take to answer the search request. The timelimit of 15 in above example means that the ldap will take 15 seconds to answer a search request. 189. A user created a file which contains the directories of information he/she wants to add into an ldap server. What should be file extension? a. Ldap b. ldif c. ldaf d. ldfa Answer – b Explanation -- LDAP Data Interchange Format (LDIF) 190. Before using a schema to create ldap directory information what a user should do? a. Add the schema in /etc/openldap/ldap.conf b. nothing is to be done c. ad schema in /etc/openldap/openldap.conf d. make the schema file Answer – a Explanation -- To create the ldap directories user have to include the ldap schema he/she is using in the configuration file /etc/openldap/ldap.conf using the include directive. 191. Which directive is used to include a schema in the file /etc/openldap/ldap.conf? a. Copy b. use c. include d. make Answer – c 192.
A user makes changes in the file /etc/openldap/ldap.conf. He/she wants to check
202
whether he/she made any syntax error. Can he/she do this? a. No he can't do this using any command b. yes using slapd -t c. yes using ldap -t d. yes using ldcheck Answer – b Explanation -- The command slapd -t is used to check the /etc/openldap/ldap.conf file for the syntax change. 193. Which command is used to search for an entry in the ldap directory? a. ldap b. ldap -s c. ldapsearch d. ldapsrch Answer – c Explanation -- Ldapsearch is used to search the ldap directory using the search parameters. The number of entries which should be returned using the ldapsearch command is defined in the configuration file /etc/openldap/ldap.conf. The SIZELEIMIT option is used to define the number of rows returned.
194. Which directory does contain the default ldap schema file? a. /etc/openldap/ldap/schema/ b. /etc/ldap/schema/ c. /etc/openldap/schema/ d. /etc/openldap/schemaldap Answer – c 195.
which command is used to set the nis domain name of a system?
a. domainname b. nisdomainname c. ypdomainname d. all of these Answer – d Explanation -- The command domainname, or nisdomainname, and ypdomainname is used to set the NIS domain name of the system 196. Which is the main configuration file for NIS server? a. /etc/nis.conf b. /etc/nis/yp.conf c. /etc/yp/yp.conf d. /etc/yp.conf Answer – d
a. b.
197. Which command is used to start the NIS server? service ypserver start service yp start
203
c. service ypserv start d. service ypd start Answer – c 198. Which file is used to map NIS? a. /etc/nsswitch.conf b. /etc/nswitch.conf c. /etc/nwitch.conf d. /etc/nisswitch.conf Answer – a Explanation -- The /etc/nsswitch.conf is used to include the NIS in the search path of the files 199. The files /etc/passwd and /etc/group are being shared by the NIS server. Which file contains the name of the files being shared by the NIS server? a. Sharefile in /var/yp directory b. Makefile in /var/yp directory c. Makefile in /var/nis directory d. Make in /var/yp directory Answer – b Explanation -- the Makefile in the directory /var/yp is edited to include the files which files are being shared by the NIS server. The file names which should not be shard in commented out. 200. Which file does contain the entry for the client computers with access to NIS server? a. /var/yp/securenet b. /var/yp/securenets c. /var/yp/access.conf d. /var/yp/secure Answer – b Explanation -- The client’s computers who are allowed access the NIS server information is added in the file /var/yp/securenets file. 201. What are the valid values of security field in file /etc/ypserv.conf? a. None b. port c. deny d. all of these Answer – d Explanation -- The security can have values as none (to allow access), port (to allow access from port below 1024), deny (denying access) 202. Which command is used to create a NIS database? a. yp b. ypdata c. ypinit d. ypserv Answer – c Explanation -- the NIS database of the files configured to have shared by the NIS server is
204
created by using the ypinit command.
203. Which command is used to enable the dhcp server? a. chkconfig dhcpd start b. chkconfig dhcpd on c. chkconfig dhcpd enable d. chkconfig dhcp on Answer –b 204. Which of the following is dhcp server configuration file? a. /etc/dhcpd/dhcpd.conf b. /etc/dhcp/dhcpd.conf c. /etc/dhcpd.conf d. /etc/dhcp.conf Answer – c 205. What does the file /etc/dhcpd.conf contain? Answer -- The configuration file is used to list the range of ip address out of which the server will assign an ip address to a computer on its network. It can also contain option to assign a particular address to a definite Ethernet address on the network. 206. How can administrator decide number of client’s assigned address using the DHCP server? a. Using file /var/lib/dhcp/dhcpd.leases b. using file /var/lib/dhcp/dhcpd.count c. using file /var/lib/dhcp/dhcpd.num d. using file /var/lib/dhcp/dhcpd.stat Answer – a Explanation -- The file /var/lib/dhcp/dhcpd.leases contain information if a client has been assigned address by a dhcp server. For every client which has been assigned address one set of lease line is written in the file /var/lib/dhcp/dhcpd.leases. 207. Which graphical utility is used to configure the dhcp client? a. System-config-network b. neat c. all of there d. none of these Answer – c 208. Which file does contain the process id of the dhcp client? a. /var/run/dhcpclient.pid. b. /var/run/dhclient.pid. c. /var/run/dhcplient.pid. d. /var/run/dhpclient.pid. Answer – b
205
209. Which configuration file does dhcp client use? a. /etc/dhcplient.conf b. /etc/dhpclient.conf c. /etc/dhcpdclient.conf d. /etc/dhclient.conf Answer – d
210. Which command is used to start the named server? a. service bind start b. /etc/init.d/named start c. /etc/init.d/name start d. service name start Answer – b 211. Which graphical utility is used to configure the DNS server? a. BIND Configuration GUI b. BIND Configuration c. BIND Server Configuration GUI d. BIND Server Configuration Answer –a 212. Which command is used to invoke BIND Configuration GUI? a. system-config-name b. system-config-named c. system-config-bind d. system-config-dns Answer – c 213. Which is the main configuration file for the named daemon? a. /etc/named/named.conf b. /etc/named/name.conf c. /etc/named.conf d. /etc/name.conf Answer – c 214. What is the function of acl directive in the file /etc/named.conf? a. To define access control list b. to define performance option c. to define server pid d. none of the above Answer – a Explanation -- acl – access control list used as acl “description “{ip address};
215. An administrator made changes to file /etc/named.conf. Which command does check file for syntax error?
206
a. Named-checkconf b. checkconf c. checkfile d. namedcheckconf Answer – a 216. Which command is used to check the syntax of the zone files? a. named-checkzone b. checkzone c. checkzonenamed d. zonecheck Answer – a Explanation -- Named-checkzone is used to check the syntax of the zone files which should be created by the user in the /var/named directory after creating the file /etc/named.conf file. 217. Which file does contain the statistics of named daemon? /var/named/data/named_statistics.txt /var/named/data/named_stats /var/named/data/named_stats.txt /var/named/data/stats.txt Answer – c 218. you have chosen a domain name for your system. How can you check the availability of domain name? a. who b. whois c. domainchk d. domaincheck Answer – b Explanation – whois command is used to search for the availability of domain name format whois domain-name 219. How can you get the hostname of your system from ip address? a. host b. hostname c. gethost d. none of these Answer – a Explanation -- It is used to get the ip address corresponding to the hostname and vice versa. Format is host host-name host ip address
a. b. c.
220. Which file is dump file for the named daemon? /var/named/data/cache_dumb.db /var/named/data/dumb.db /var/named/data/named_dumb.db
207
d. /var/named/data/cache_dumb Answer – a
221. Which of the following files are configuration files for the sendmail server? a. /etc/mail/sendmail.cf b. /etc/mail/sendmail.mc c. both of them d. none of them Answer – c Explanation -- The main configuration file for the sendmail is /etc/mail/sendmail.cf. Many options which sendmail uses are also defined in the file /etc/mail/sendmail.mc. The file /etc/mail/sendmail.mc contains the sendmail default values like the location of the other configuration files to be used by the sendmail, location of the log files and database files. 222. The domain name of your system changed from oldone to newone. What should the administrator do? a. Domain name mapping in file /etc/domain b. use command domainname c. domain name mapping in file /etc/mail/domaintable d. none of above Answer – c Explanation -- The file /etc/mail/domaintable contain the domain name mapping that is mapping the old domain name of the network to the new one. 223. You want to configure the sendmail server to handle two domain names. What will you do? a. Can't be done b. define domain names in /etc/mail/local-host-name c. define domain names in /etc/mail/domain-name d. define domain names in /etc/mail/virtual Answer – b Explanation -- the file /etc/mail/local-host-name define the domain names for which the sendmail server of the system will act as a mail server. 224. Which file is used to define the users and clients for accessing the sendmail server? a. /etc/mail/access b. /etc/mail/access.deny c. /etc/mail/access.allow d. /etc/mail/security Answer – a Explanation -- The /etc/mail/access file defines the hosts and users from which the mail server sendmal will accept mail for delivery or relay.
225. After changing the /etc/mail/access file a user wants to create the access.db file. What command does server the purpose?
208
a. Make access.db b. make access c. create access d. create access.db Answer – a Explanation -- The user wants to make the individual configuration files into the .db files then use the following commands cd /etc/mail make access.db replace the filename access.db with the .db file you want to create for example make virtusertable.db makes the file virtusertable.db. 226. What actions does sendmail do on a mail? a. RELAY b. REJECT c. both of them d. none of them Answer – c Explanation -- There are four actions which the sendmail server can take RELAY – the server sends the message to the mail server request in the mail. REJECT – the message is rejected and sender is informed that the message is rejected. DISCARD – the message is rejected and sender is not informed that the message is rejected. ERROR: user defined text message – inform the user why the server did not relay the message. 227.Which file does contain collected statistics from sendmail? a. /var/spool/mail/statistics b. /var/spool/mail/stat c. /var/spool/mail/stats d. /var/spool/mail/statistic Answer – a 228. Which is the main configuration file for postfix server? a. /etc/postfix/main.cf b. /etc/postfix/main.mc c. /etc/postfix/postfix.cf d. /etc/postfix/post.cf Answer – a Explanation -- the /etc/postfix/main.cf is the main configuration file for the postfix server. There is also a file /etc/postfix/main.cf.default which is exact copy of the main.cf file and is used for reference in case user has made any wrong changes in the file main.cf. It defines the hostnames and domain names, postfix queues and locations to be used for logging, mailbox.
a. b. c. d.
229. Which is the postfix daemon configuration file? /etc/postfix/master.cf /etc/postfix/daemon.cf /etc/postfix/postfix.conf /etc/postfix/master.conf
209
Answer – a Explanation -- The file /etc/postfix/master.cf is the main configuration file for the postfix daemon process.
230. Which file is used to define the users and clients for accessing the postfix server? a. /etc/postfix/access b. /etc/postfix/access.deny c. /etc/postfix/access.allow d. /etc/postfix/security Answer – a Explanation -- the file /etc/postfix/access file is used to define the users and system which have access to use the postfix server. 231. Which file does contain the directory and file permission set by postfix? a. /etc/postfix/postfix-files b. /etc/postfix/permit-files c. /etc/postfix/postfix-file d. /etc/postfix/permission-files Answer –a Explanation -- the file /etc/postfix/postfix-files contain the directory and file permissions set by the postfix server. 232. Which files does contain the sendmail and postfix server log information? a. /var/log/maillog b. /var/log/maillog.1 c. /var/log/maillog.2 d. all of above Answer – d Explanation -- the log information about the postfix and sendmail server is logged in the file /var/log/maillog,/var/log/maillog.1,and /var/log/maillog.2. The file /var/log/maillog.2 contains log information about each and every mail received and send by the postfix and sendmail server. 233. Which directory does contain the default services configured on the system? a. /etc/alternative b. /etc/alternatives c. /etc/services/alternatives d. /etc/service/alternatives Answer –b Explanation -- The contents of the directory /etc/alternatives displays the default services configured on the system
a. b. c.
234. Which file does contain the alternative mail services? /var/lib/alternatives /var/lib/alternatives/mta /var/lib/alternative/mta
210
d. /var/lib/alternatives/mta-alternate Answer – b 235. Which is the main configuration file for the dovecot services? a. /etc/dovecot.conf b. /etc/dovecot.cf c. /etc/dovecot.mc d. /etc/dovecot/dovecot.conf Answer – a
236. Which directive of dovecot configuration file does set the directory path containing run time data? a. run_dir b. base_run c. main_dir d. base_dir Answer – d Explanation – base_dir defines Base directory where to store runtime data 237. Which directive of dovecot configuration defines maximum number of running mail processes? a. max_mail_processes b. max_run_mail_processes c. max_mail_run_processes d. mail_processes Answer – a Explanation -- max_mail_processes defines the maximum number of mail processes that can run simultaneously.
238. Which configuration file does xinetd use? a. /etc/xinet.conf b. /etc/xine.conf c. /etc/xinetd/xinetd.conf d. /etc/xinetd.conf Answer – d 239. Which directory does contain the files corresponding to the services supported by xinetd? a. /etc/xinetd.d b. /etc/xinetd c. /etc/xinetd.d/service d. /etc/xinetd.d/services Answer -- a
211
Explanation -- The directory /etc/xinetd.d contains files corresponding to the services which xinetd will start if connection is made to that port number. These services are called on demand services. 240. There are three clients A, B, and C. Administrator wants to allow A and B for xinetd services (with tcp wrappers).The client A is listed in file /etc/hosts.allow and c in /etc/hosts.deny.Is the configuration right? a. No b. yes Answer – b Explanation -- /etc/hosts.allow – it contains the list of ip address and subnet masks of clients who are allowed connection. This file is first scanned by tcpd. /etc/hosts.deny – it contains the list of ip address and subnet masks of clients who are not allowed connection. This file is scanned by tcpd after scanning the /etc/hosts.allow file. If an address is not specified in any file then the connection is allowed. 241. What is the significance of ALL in /etc/hosts. allow and /etc/hosts. deny? a. All is specified to denote all clients b. all is specified for all services c. both of these d. none of these Answer – a 242. Which graphical utility is used to configure security level of a system? a. security Configuration b. security Level Configurations c. security Level Configuration d. security Level Manager Answer – c 243. Which command is used to invoke security level configuration? a. system-config-security b. system-config-level c. system-config-securelevel d. system-config-securitylevel Answer – d
244. Which file contains the current security level settings? a. /etc/sysconfig/iptable b. /etc/sysconfig/iptables c. /etc/sysconfig/ipchains d. /etc/sysconfig/ipchain Answer – b Explanation -- The file /etc/sysconfig/iptables contains the security level currently imposed on the system. This file is written by the Security Level Configuration utility.
212
245. Which file does configure the modules needed for NAT filtering? a. /etc/sysconfig/iptables-config b. /etc/sysconfig/iptables-nat c. /etc/sysconfig/iptables-filter d. /etc/sysconfig/iptable-config Answer – a Explanation -- The file /etc/sysconfig/iptables-config is used to, load additional iptables modules. The additional modules help in NAT filtering and helpers. 246. Which command is used to save the rules from kernel and install them in a configuration file? a. iptables-save b. iptables-load c. iptables-kernel d. iptables -S Answer – a 247. The /etc/pam.conf file is absent on a system. Where will the configuration file for PAM find? a. /etc/pam/pam.d b. /etc/pam.d/conf c. /etc/pam.d/pam d. /etc/pam.d Answer – d Explanation -- The contents of the file /etc/pam.conf is ignored if the files in the directory /etc/pam.d are present. The files in the directory /etc/conf.d correspond to the services which use PAM for authentication. 248. Which of the following account types does PAM allow? a. auth b. password c. both of them d. none of them Answer – c Explanation -- PAM allows four types account, password, authentiction, and session. 249. What are the valid control types for a PAM configuration file? a. mandate b. done c. none of them d. both of them Answer – c Explanation -- The valid values for the control are include, required, sufficient, and optional.
a.
250. Which directory does contain the PAM modules? /lib/security
213
b. /lib/PAM c. /lib/security/PAM d. /etc/PAM Answer – a 251. Which graphical utility is used for SELinux configuration? a. SELinux configuration b. SELinux configurations c. SELinux administration d. SELinux manager Answer – c 252. Which command is used to invoke the SELinux administration utility? a. system-config-selinux b. system-config-SElinux c. system-config-SELinux d. system-config-se Answer – a 253. What of the following is valid SELinux enforcing mode? a. permissive b. enforcing c. disable d. all of them Answer – d Explanation -- enforcing – SELinux policies are enforced. Permissive – SELinux policies are checked but policy issues warning instead of enforcement. Disable-- SELinux policies are not enforced that is are disabled. 254. Which configuration file does SELinux use? a. /etc/sysconfig/selinux.conf b. /etc/sysconfig/selinux.mc c. /etc/sysconfig/selinux.cf d. /etc/sysconfig/selinux Answer – d 255. Which file does SELinux Administration utility change? a. /etc/sysconfig/selinux b. /etc/sysconfig/selad c. /etc/sysconfig/seladm d. /etc/sysconfig/seladmin Answer – a Explanation -- The SELinux administration changes the values in the SELinux configuration file /etc/sysconfig/selinux
214 INDEX* A access 97, 105, 113-14, 116-17, 119-20, 125-6, 129, 132, 135, 138-9, 150-1, 153, 161, 193, 203, 208-9 [4] access control 113, 193 access control list 145, 205 access control section 9, 113 Access file 147, 151, 172 access tab user 125 access.db 147-8, 208 AccessFileName 103 access.log cache.log squid.out store.log 112 account system-auth 160 user jack's 196 acl 113, 122, 145, 205 acl tag 113, 193 actions System Tools 152 address 61, 99, 103-4, 107, 115, 140, 156, 191, 193-4, 204, 211 assigned 140, 204 lp 117 adm 78-9, 81, 130 Administrative group 73 administrator 66, 155, 192-3, 195, 198-9, 204-5, 207, 211 AGE 68 AGENT 97 Alias SERVICES 79 aliases 70-1, 79, 103, 134 ALT 30, 32, 169 amount 85-6, 183, 194 anaconda 14, 26, 164-5, 167 anaconda boot prompt 164-5 anaconda ks 165 anongid 118, 122, 196 anonuid 122 Anonymous login 127 anonymous uid 118, 196 anonymous user behavior 132 answer 3, 134, 201 command xvf 178 dev/sda2 174 device-name raid-device-name 175 dumb 207 error condition 188 etc/autofs.master 174 etc/bashrc 179 etc/cachemgr.conf 194 etc/dhclient.conf 205 etc/dhcp.conf 204 etc/dovecot/dovecot.conf 210 etc/groups 181 etc/ldap/openldap.conf 200 etc/name.conf 205 etc/openldap/schemaldap 202 etc/PAM 213 etc/samba/sambausers 198 etc/smb.conf 198 etc/sysconfig/selinux 213 etc/syslog.conf 187 etc/vsftpd/vsftpd.conf 199 etc/xinetd.conf 210 etc/yp.conf 202 filesystem 183 ftpd 200 gpassword 181 hd0 164 kickstart-file/install/linux.com 165
215 lib/httpd/module 189 modified 176 namedcheckconf 206 paste 200 renice command 184 schedule 186 security Level Manager 211 service name start 205 service sambad start 198 service squid reload 195 service vftpd start 199 service ypd start 203 squid configure 195 system-config-dns 205 system-config-httpconf 190 system-config-manages 178 system-config-se 213 system-config-securitylevel 211 system-config-smbd 198 system-config-usrs 181 system-config-vsftpd 200 var/log/httpd.log 191 var/run/httpd 189 var/run/klogd 187 var/run/squidd.pid 193 var/spool/mail/statistic 208 var/spool/squid/cachedir 193 apache 102, 105-6 configuration ġġġĴ apache configuration file httpd.conf 100, 189 apache server 109, 190 Apache web server 99, 101, 110, 189-91 apache web server configuration directory 100, 189 apache web server process 101, 190 async 42, 118, 122 atq 94-6, 188 atrm 95-6 attributes 55, 101 auth 102, 149, 160-1, 212 file system-auth 161 authentication 111, 160-1, 191, 212 auto 42, 51 autofs 50-1, 174, 197 autofs status 174 automount 6, 50, 52 automount daemons 50, 174 B badblocks 6, 49, 174 base 45, 133-4, 153-4, 210 bash 70 bash shell 70-1, 179-80 bashrc 70 batch 93, 96 bi 19, 85 bin/bash 35, 67, 70, 72, 78, 97-9, 180 bin/bash new-user 180 bin/mount 79-80 bin/tcsh 72 bin/true 90 bin/umount 79-80 Block device 57, 85 blocksize 45-6, 173 bo 85 book 3, 5 boot 14-15, 25-9, 41, 51, 91, 165, 167-8 boot configuration 27-8
216 boot directory 15 boot/grub/grub.conf 25, 28, 168 boot ks 165 boot partition 14-15, 26 boot process 3, 5, 25, 29, 169, 184 normal 29 boot process kernel 169 boot prompt 16, 18 boot system, single 14 boot time 34-5, 42, 87, 142, 169, 172 bootloader 15-16, 25, 27, 41, 164-5 default 25, 164-5 bootloader command 17 broadcast 136-7 browse tab user 66 buffer 86, 91, 187 button 107-8, 120-1, 142, 144-5, 157 bzip2 178 C ca 31, 169 cache 105, 112, 114, 192-3 cache directory 112 default 193 cache directory section 9, 112 cache files 60 cache manager 10, 114-15, 194 Cache-manager command 194 cache server 105 cache size 112, 193 cachedir 60 case 81, 183 cat 47-8, 173-4 cd 120, 131, 152, 155 cdrom 16-19, 80 CDROM media 52 change 36, 46, 52, 72, 78, 81, 83, 90, 131, 153, 163, 170, 181-3, 186, 192 change directory 131 change root user's password 76 Changing priority of process 8, 90 Changing runlevels 36 chgrunlevel 170 chkconfig 35-8, 99, 150, 169, 171 chkconfig command 170 chkconfig dhcpd 204 chkconfig service-name 37-8, 170 choice 16, 27-8, 34, 123, 168 click 40, 75, 82-3, 87, 121, 123-5, 141, 158 user information 74 clicking 83, 87, 121, 125, 142, 144-5, 157 client computers 118, 138-40, 195, 203 client side information 122 client system 137 clients 3, 99, 104, 113-14, 118, 125-6, 132-3, 139-40, 142, 156, 186, 192-4, 196, 204, 207, 211 [1] dhcp 142, 204 root user of 118, 196 subnet masks of 156, 211 web 104, 111 Cmnd 79 columns 42-3 comma 157 command 20-4, 36-40, 43-4, 47-8, 54-8, 64-5, 76-81, 84, 86-91, 93-8, 119-20, 127-8, 170-5, 180-90, 195200, 202-7 [29] administrative 8, 41, 79, 151 atq 95, 188 badblocks 49, 174 batch 96, 188
217 bzip2 178 chgrp 81 chmod 46 chown 81 chown user-name-group-name file-name df 77, 181 dmesg 187 exportfs 119, 196 fdisk 172 filename time-specification 95 following 46, 52, 67, 72, 153 free 183 fsck 48-9 groupadd 73 groupdel 73 groupmod 73 insmod 89, 185 install 64 ldapsearch 135, 202 lsmod 185 lvdisplay 57 lvremove 57 mdadm 53-4 mke2fs 173 mkfs 44 mkswap 46 modinfo 88 modprobe 89-90, 186 network 17 nfsstat 122, 197 ps 8, 90 purpose 53, 90 pvcreate 54 renice 90-1, 186 rmmod 89 sbin/visudo 81 sudo 182 swap 46 swapon 47 top 84, 184 uptime 85 useradd 66-7, 71 userdel 72 usermod 72, 180 visudo 182 vmstat 85, 183 whois 206 ġŭť Ţ ű ť Ŧ ŭŵ Ŧ ġġġIJ Ĵ Ķ ġŭť Ţ ű Ů Ű ť Ūŧź ġġġIJ Ĵ Ķ ypinit 139, 204 yum 60-1, 176 command aliases 79-80 command askmethod 16 command atq 96 command badblocks 49, 174 command badblocks device-name 49 command badblocks searches 49 command bzip2 65, 178 command chkconfig 37, 143 command chkconfig dhcpd 139 command chkconfig dovecot 153 command chkconfig httpd 99 command chown 182 command crontab 98 command dd 173 command dhclient 142 command dmesg 91
183
218 command domainname 135, 202, 207 command don command execute 182 command field 98 command file swap 46 command ifconfig 140 command insmod 90 command kudzu 19 command ldapadd 135 command line 46, 48, 73, 77, 179, 186 command lsmod 88 command lvcreate 56 command mdadm 53 command mkfs.vfat 173 command modprobe 90 command mount 42, 80 command passwd 76, 181 command prompts 76, 96 command ps 90 command pvremove 58 Command Reference 13, 159, 163 command renice 186 command root@localhost 44 command rpm 81, 177 command sequence 148 command service dhcpd start 139 command service dovecot start 153 command service httpd start 99 command service network start 142 command service ypbind start 137 command sets 135 command shutdown 169, 182 command slapd 134, 202 command swapoff 48 command system-config-kickstart 17 command tar xvf 178 command tar xvfz realplay.tar.gz 64 command umount directory-name 43 command uname 185 command useradd 72 command userdel 180 command vgcreate 55 command vgdisplay 55 command vgextend 55 command vgremove 58 command.insmod loads 186 commands gunzip realplay.tar.gz 64 commands mke2fs uses 45 commands tar xvf 178 comment 71-2, 101, 126-8, 160, 169 computers 14-15, 23, 116-18, 122, 131, 135-6, 138-40, 166, 204 remote 131 conf 100, 102, 173, 189-90, 212 conf directory 100 config directory 102 configuration 8-9, 11, 101, 128, 133, 162, 190, 200, 205, 211 httpd server 190 post installation 151 samba 197 server's 190 configuration directives 103 Configuration directives for Apache web server process 190 configuration file cd 148 configuration file restart 116 configuration files 11-12, 27-8, 41, 45, 59-60, 64, 133-5, 140, 147-8, 159-61, 165-6, 176, 186-7, 194-5, 207-8, 212-13 [19] Configuration GUI 11, 143, 145, 205
219 configuration information 115, 189 configuration parameters 142, 190 configuration ġġġĴ configure 14, 17, 19-20, 23, 27, 64-5, 106-7, 109-10, 122-3, 131, 141, 143, 150, 153, 162, 204-5 [5] configure command configures 65 configure IPSec tunnel 23 configure printers 24 configure samba server 197 configure security level 211 configure system's hostname 23 Configuring Grub 5, 27 Configuring Hardware 5, 19 Configuring NIS 11, 136 Configuring services 36 Configuring Squid 9, 111 Configuring vsftpd 10, 128 connect 118, 128-9, 131, 150, 195 connection 102, 110, 131, 155-6, 192, 211 internet 115, 194-5 conntrack 159 console 29-30, 92 control 27, 104, 112, 161, 169, 212 copy 15, 91, 131, 200-1 core directory 109, 147 cpu 85 CPU usage 84, 184 crashes 40, 52 Creating Kickstart 5, 16 Creating User Account 7, 66 cron facility 93, 97 crontab 97-8, 189 crontab jobs 97-8 CTRL 30, 32, 169 ctrlaltdel 30-2, 169 D daemon 78-9, 81, 99, 130, 157 cron 97-9, 189 klogd 93, 187 named 143, 145, 205-6 tcp wrapper 156 daemon Configuration 10, 131, 200 Daemon Configuration 151 daemon process name 194 daemon xinetd 12, 155 data files 46, 174 database 64, 79, 100, 177, 190 database files 147-8, 207 days 68 db 138 db files 12, 147-8, 208 dc 133-4 default installer 14, 164 default operating system 27-8, 168 default parameters 45-6 default runlevel 29-30 default values 66-7, 71-3, 101, 147, 179, 194, 207 defaults 41, 45 deflate/module 89 Deleting user account 7, 72 deref 134 DEREF options 134 desc 19 description 29, 33, 35, 61-2, 123, 125-6, 145-6, 159, 163, 205 desktop 82, 86, 152 dev 18, 41-2 dev/cdrom 43-4, 51-2, 173
220 dev/fd0 51 dev/md0 53-4, 174 dev/my 57 dev/sda 26, 42-3, 47-8, 77 dev/sda0 53 dev/sda1 53, 174 dev/sda2 53-4, 174 dev/sda4 43 dev/sda5 40, 54-5, 173 dev/sda6 172 dev/vol 175 device 19, 41-2, 44, 46, 49, 52-4, 141, 166, 173-5 multiple 52 physical 53 device listing 141 device name 42 device-name 48-9, 175 filesystem-type 44, 48 devpts 41, 43 df 77, 96-7, 181 dhcp 139, 142 DHCP client 11, 140 dhcp server 139-42, 204 DHCP server 11, 139-40, 204 difference 42, 153, 167, 177-8 digits 35, 169 dir 17, 45, 153-4, 210 DIR 67-8, 179 directory 15, 34-6, 40-1, 59-60, 99-104, 117-21, 125-6, 131, 133-4, 149-52, 160, 171, 175-7, 188-91, 1967, 209-12 [25] base 153, 210 current 131, 161, 200 etc/alternatives 152 etc/httpd 189 schema 134 target 173 var/lib/alternatives 152 var/named 145, 206 var/nis 203 var/yp 203 directory entry 117, 134 directory files 117 directory information 134 directory list 132 directory listing 121 directory name 17, 117 directory-name host-name 117 directory option 132 directory path 17, 210 directory realplay 64-5 directory realplay.tar 65 directory tree 101, 190 directory user 70 directory yum 175 disk 85, 105, 118, 127, 171 disk druid 164-5 display 57, 77, 90, 124, 181 display server side information 122 display server side NFS information 197 dmesg 91, 187 DNS server 11, 139, 143-6, 205 dns server information 141 DNS server information 142 DNS service 143 DocumentRoot 103, 106, 190-1 domain 106, 127, 143 domain example.com 117-18, 156
221 domain name mapping 147, 207 Domain Name Service 138 Domain Name System 111, 143, 191 ġġġĴ domain names 146-7, 151, 196, 206-8 domain NISDOMAIN 136 domain ServerName 106 domainname domain-name-of-system 135 don dovecot 12, 153-4 dovecot configuration 210 down list 144-5 drivers 19, 80, 87-8 drm 88-9 DSO (Dynamic Shared Object) 102 dual boot system 14 dumb.db 145, 206 DVD 14-15 DVD drive 14 DVD media 14-15 Dynamic Host Configuration Protocol 139 Dynamic Shared Object (DSO) 102 E edit 39, 59, 83, 108, 120-1, 123, 144, 182 editing 27-8, 58, 134, 144-5, 179 email address, web master 107, 109 ENAB 69-70 entry 15, 20, 29, 37, 50-1, 71-3, 114, 117-18, 126, 135, 138, 149, 169, 173, 175, 201-3 [2] valid 136, 138, 196, 199 entry initdefault 29 entry mta-sendmail 152 environment 96, 99, 188 customize user's shell 70 EOT 95-6 error 49, 101, 104, 150, 183, 185-7, 190-1, 208 error Answer 170 error messages 91, 154 etc/alternatives 209 etc/at.allow 94, 187-8 etc/at.deny 93-4, 188 etc/at.deny command lists 93, 188 etc/auto.misc 50-1 etc/bashrc 71 etc/cron.daily 98-9 etc/demo 190 etc/dhcpd.conf 140, 204 etc/exports 117, 196 etc/exports file 118-20, 195-6 etc/fstab 42, 171-2 etc/ftab 171-2 etc/gshadow 73 etc/hosts 137, 211 etc/hosts.allow 12, 156, 211 etc/hosts.deny 12, 156, 211 etc/httpd 100-1, 189 etc/httpd/conf 101-2, 189-90 etc/httpd/conf/httpd.conf 189-90 etc/init 116, 143, 147-8, 174, 195, 205 etc/inittab 29 etc/login.defs 67, 179 etc/mail 11, 147-8, 208 etc/mail/local-host-name 147, 207 etc/mail/sendmail.cf 147, 207 etc/mail/sendmail.mc 147, 207 etc/modprobe 90, 186 etc/modprobe.conf 90, 166, 186
222 etc/mstab 172 etc/mtab 6, 42, 171-2 etc/named.conf 145, 205 etc/nsswitch.conf 137, 203 etc/openldap/ldap.conf 134-5, 200-2 etc/openldap/openldap.conf 200-1 etc/pam 13, 160, 212 etc/pam.conf 160, 212 etc/passwd 71, 78, 180-1, 203 etc/postfix/main.cf 151, 208 etc/postfix/master.cf 151, 208-9 etc/postfix/permission-files 209 etc/postfix/permit-files 209 etc/postfix/postfix-files 151, 209 etc/profile 71 etc/rc 31-2, 34-6, 50, 52, 169, 171, 174 etc/samba directory 126 etc/service/alternatives 209 etc/services/alternatives 209 etc/skel 67, 70, 72, 179 etc/skel directory 70, 179 etc/squid/squid.conf 111, 191-4 etc/sudoers 80-1 etc/sysconfig/hwconf 19-20, 166 etc/sysconfig/ipchains 211 etc/sysconfig/iptables 159, 211 etc/sysconfig/iptables-config 159, 212 etc/sysconfig/selinux 162, 213 etc/sysconfig/squid 115, 194 etc/sysconfig/syslog 187 etc/sysconfig/syslog.conf 187 etc/syslog 187 etc/syslog.conf 92, 187 etc/vsftpd/ftpusers 130 etc/vsftpd/user 129-30, 132, 199 etc/X11 32-3, 166 etc/xinetd 155, 210-11 etc/yp.conf 136 etc/yum.conf 59-60, 176 Ethernet device panel 141 Ethernet interface 17, 140, 142 exam 3 exam topics 3 example.com 105, 117-19, 122, 156 exec 42 execution, yum commands 176 exit codes 49 expire 60, 67, 72 Explanation 164-213 export 119, 196 export HOSTNAME DESKTOP 97 exported directory 122, 197 exportfs 119, 196 ext2 44-5, 48, 51 ext3 41, 44, 48 filesystem types 42 ext3 filesystem type 52 ext3 filesystems 40, 44-5, 173 ext3 rw 42-3 F facility 187-8 failure 54, 161, 176 father 27, 29, 169, 184 fc7 26, 63, 87-8, 91, 127 fdisk 172-3 Fedora Core Linux 14
223 field 98, 139 fourth 42, 98, 172 file group 81, 182-3 file modules.networking 88 file names 67, 87, 93, 95, 132, 138, 185, 203 file owner 81, 182-3 file permissions 46, 183 file swap 47-8 file system 42, 49 virtual 41 file system errors 49 file systems, multiple 49 filename 47-8, 88, 185 filename access.db 148, 208 files 29-30, 34-6, 46-8, 78-81, 92-9, 101-4, 115-18, 129-34, 137-40, 145-7, 149-52, 155-64, 171-6, 17890, 198-201, 203-13 [20] access.db 207 apache web server configuration 190 authpriv 92 bash 179 bashrc 70-1, 179 boot/grub/grub.conf 15 bz2 178 cached 105 change 163 component support component 102 configu-ration 92 crontab 97, 188-9 dhcp server configuration 204 domain name mapping 147 dovecot configuration 210 download 128 dump 145, 206 entry 117 etc/at.allow 93 etc/auto.master 50 etc/auto.misc 51 etc/bashrc 179 etc/cron.allow 97 etc/cron.deny 97 etc/crontab 98, 189 etc/dovecot.conf 153 etc/export 119 etc/fstab 6, 41, 43, 48, 172 etc/group 71, 81 etc/hosts.allow 156, 211 etc/httpd/conf/httpd.conf 101, 190 etc/inittab 5, 29-30, 169 etc/login.defs 67 etc/mail/access 147, 150, 207 etc/mke2fs 45 etc/mtab 42 etc/named.conf 145, 206 etc/nsswitch 137 etc/nsswitch.conf 138 etc/openldap/ldap.conf 134, 202 etc/pam.conf 212 etc/passwd 72 etc/postfix/access 151, 209 etc/postfix/postfix-scripts 151 etc/profile 71 etc/rpmrc configuration 64, 176 etc/samba/smb.conf configuration 126 etc/samba/smbusers 126-7, 198 etc/shadow 71 etc/squid/squid.conf 193 etc/sudoers 8, 79-80, 182
224 etc/sysconfig/iptables-config 159 etc/syslog.conf 92 etc/yp.conf 136 etc/yum.conf 176 executable 42, 156 execute user-namex201fs 182 exported 122, 197 file master.pid 154 file-name.cron 97 ftp server configuration 199 global configuration 64, 176 gpg key 61 htaccess 104 htpasswd 104 httpd.pid 101 important 11-12, 145-6, 149 index.html 103, 191 initrd 15 inittab 29 ldif 135 library 101 list 130, 132, 199 load config 102 local 138 main.cf 151, 208 modules.dep 89 multiple 131 named daemon configuration 145 pid 109 postfix daemon configuration 208 proc/kmsg 93 rmtab 122, 197 samba configuration 10, 126 samba user 198 sample 35, 96 sample auto.master 50 sample configuration 60 sample etab 122 sample ldap.conf 133 sample modprobe.conf 90 sample vsftpd.conf 128 script 151 sharing 122, 128 single 153 special 92 squid configuration 111, 192 squid daemon configuration 115, 194 squid server configuration 193 standard logging 132 sub-component configuration 101 swap 46-8 tar 178 tar.bz2 178 tar.gz 178 temporary 60 using 95, 204 var/log/secure 93 var/log/xferlog 130, 200 var/yp/securenets 138, 203 ġŏŦ ŵ Ÿ Ű ų Ŭ ġġġĴ ypbind configuration 136 yum configuration 65 zip 178 zone 145, 206 files he/she 103, 191 files nisplus nis shadow 138 files passwd 138
225 files S10network 35 files xtab 122, 197 Filesystem Administration 6 Filesystem Information 6, 40 filesystem mount command 43 filesystem option 77 filesystem type 42, 48, 53, 172 filesystem-type device-path-name directory-name 43 filesystems 6, 34, 40-4, 46, 48-50, 52, 77, 80, 83, 165-7, 171-2, 181-2 basic 29 df 77 mounted 77, 122 proc 41, 171 pseudo 167 single 52 vfat 173 filesystems tab 83 finger 156 firewall 3, 14, 16-17, 157, 159 firewall command sets 17 firewall rules 159 floppy 45-6, 51 following commands cd 148, 208 format 10, 19, 29, 35, 47-8, 50-1, 53-7, 60-1, 71-3, 76-8, 81, 89-91, 117, 138-9, 146, 184-5 [17] tar.bz2 64-5 value 134 Fri 94-6 fs 45-6 fsck 48-9, 174 fstype 51 ftp 18, 129-30, 159, 199-200 FTP 3, 17-18, 41, 111 ftp command 200 ftp command prompt 10, 130, 200 ftp server 129-30, 132, 199-200 FTP server 128 ftp service 199 G GB 56 gid 41, 43, 69, 96, 118, 196 Global Environment Configuration 9, 101 gpgcheck 60-1 gpgkeys 61, 176 graphical tools 33 graphical utility 5, 16-17, 20, 58-9, 65, 180, 190, 196, 200, 204-5, 211, 213 group 8, 67, 72-3, 79-82, 91, 109, 138, 181-3 logical 56 new 7, 71, 73 group accounts 66, 82 Group Administration 7, 73 group administration ġŔ ź Ŵ ŵ Ŧ Ů ġŢ ť Ů Ūů ŪŴ ŵ ų Ţ ŵ ŪŰ ů ġŵ Ű Ű ŭŴ ġġġĴ group apache 102-3 group demo 182 group ids 78 group information 73-4, 180 group-name 72, 103 group sys root 81 groupadd 68, 73 grp 55-7, 59, 175 grub 5, 15, 25, 27-8, 164-5, 168 grub configuration file 5, 25-6, 168 grub menu 15, 25, 27-8 gunzip 178 H halt
30, 33, 78, 130, 169
226 hard disk 14-16, 27, 42, 53-4, 59, 168, 172 hard-disk-device name 53 hard-disk-device-name 53-4 hard-disk-partition 55 vgcreate volume-group-name 55 vgextend volume-group-name 55 hard disk partitions 42, 44, 47 hardware 19-20, 34, 87, 166 Hardware Configuration 5 hardware drivers 87, 89 hd0 15, 26-7, 164, 168 he/she 144, 161, 172, 192, 201-2 sendmail commands 148 hierarchy 40, 112 home 41, 50, 67, 69-70, 72, 77, 98, 165, 171, 181 home/demo 173, 190-1 home directory 46, 64, 67, 69, 72, 126-7, 176, 179-81 his/her 180 home directory name 72 home-directory-name 72 home directory of user 179 home directory path 71 home/jack 181 home/movies 43-4 home/swap 47 home/user 70-1, 77, 118-19, 122, 126, 180-1, 196 home/vishnu 118-22 home/vishnu directory 119-20 host 19, 23, 146, 195-6, 206 virtual 107-8 host names 117, 143 hostname 10, 34, 71, 115, 117, 131, 146, 151, 192, 196, 206, 208 htaccess 103-4 HTTPD Configuration Answer 190 httpd server 103, 189, 191 HTTPD Server Configuration 190 httpd service 99, 170 I id
19, 29, 31, 86, 97 grp System 55 IfModule mod 104-5 imap 153-4 include 50, 134, 137-8, 160-1, 201, 203, 212 system-auth password 160 inconsistencies 118 index closed db 64 opening db 63 info 92, 104, 154 infomod modulename 185 information he/she 83, 201 information server 103 init 29-30, 32, 35, 50, 52, 168, 170-1, 174, 184 init process 27, 29, 36, 169, 184 INIT process 30 initdefault 29, 31-4 initialize 54 Initializing System 6, 34 initrd 15, 26-7 inode 45-6 Inserting module 8, 89 install 14, 16, 59, 61-2, 65, 81, 89-90, 160, 163-4, 176-8, 212 install server 15 installation 5, 14-17, 52-3, 60, 65-6, 77, 79, 164, 167 Installation and Hardware Configuration 5 installation files 15
227 installation process 14-16, 18, 164, 167 interface, procfs-based 122 ip, ns 159 ip address 131, 134, 139-40, 142-3, 145-6, 193, 196, 204-6 list of 156, 211 IPC 127 IPC Service 127 ipt 88 iptables 158-9, 212 iptables modules 159, 212 iso9660 51 J jack 81, 94, 151, 181, 186, 188, 198-9 jill 188 jobs 87, 93-7, 161, 188 john 179, 199 journaling feature 40, 52 K KB 56 kde 70 kernel 8, 15, 26-7, 29, 87-91, 93, 160, 168, 185-7, 212 kernel/crypto/module 89 Kernel Information 8, 90 kernel/lib/zlib 89 kernel messages 92-3, 187 kernel Modules 8, 87, 185 Kernel Services and Configuration 8 kernel subdirectory 88 keyboard 16, 30, 128, 166, 169 keyboard layout 14, 17, 20-1 keys 30, 32, 50-1, 169 gpg 60 Kickstart 18 kickstart configurator 17 kickstart file 5, 16, 18, 164, 167 kickstart-file/install/linux.com 164-5 Kickstart ġŖŴ Ŧ ų ġġġĴ Kill Process 83 klogd 92-3 ko 89 ks 18 kudzu 19-20, 165 L LABEL 26, 41 languages system 14 largefile 46 lastrunlevel 170 ldap 11, 133-5, 201-2 LDAP Data Interchange Format 134, 201 ldap directory 135, 202 ldap directory information 201 ldap server 134-5, 201 ldap service service ldap start 135 ldap.conf 133 ldapsearch 202 ldif 134, 201 LEN 68 letter 36 level 29, 34-8, 53, 80, 91, 149-50, 169-71, 174, 176 level directories 35 level rpm configuration file 177 lib/modules 87-90 lib/modules/uname 89 Lightweight Directory Access Protocol 133
228 LILO 165 line, following 104-5, 160, 199 links, symbolic 35, 100-3 Linux 15, 25, 52, 66, 78, 84, 87, 168 linux file system structure 165 linux filesystem 48 list 38, 87, 94-5, 97-8, 120, 126, 129, 131-2, 138, 140, 143, 152, 170-1, 185, 188, 199 [5] list of commands 44, 48 list of users 129, 199 list root 129 list service-name 38 list status 38 listing 19, 25, 47, 66, 83, 88, 95-6, 171-2 load average 84-5, 96, 183-4 LoadModule auth 102 local system 131, 200 local system mget 131 local system mkdir 131 localdomain 135-6 localhost 99, 103, 114-15, 127-8, 148, 150, 191 entry domain Localdomain server 137 location 16, 50-1, 60-1, 103, 109, 146-7, 151, 153-4, 164, 207-8 locks 122 log 78, 92-3, 100, 104, 106, 128, 154, 187 Log Configuration Answer 184 Log File and Cache directory section 9, 112 log files 12, 41, 60, 87, 101, 132, 147, 149, 152-4, 176, 190, 207 default 164 log information 8, 60, 86-7, 149, 152, 164, 191, 209 logging 92, 129, 132, 151, 161, 208 logical volume 7, 56-9, 175 Logical Volume Group 6-7, 54, 56 Logical volume group support 54 login 33, 70, 78-9, 85, 128-30, 132, 196, 199 anonymous user 129 initial 179 LogLevel 104, 191 logout 70 logs directory 100 lp 78-9, 130 lrwxrwxrwx 100 ls 46-7, 60, 70, 87, 94, 97-8, 100, 112, 131, 133, 152 lsmod modulename 185 lvcreate 56 lvremove 57-8 M mac 187-8 mail 12, 67-8, 72, 78-9, 92, 94, 99, 114, 130, 147, 149-50, 152-5, 179, 207-10 incoming 151-2 mail processes 155, 210 mail root 96 mail server 146-7, 150, 152, 207 default 152 mail server request 150, 208 mail server sendmal 207 mail services 11, 152, 209 mail transfer agent 146, 150 Mail Transport Agent Switcher 152 mail transport agent work 153 Mail User Agent 146 mailbox 12, 67, 70, 151, 153, 179, 208 main configuration file 100-1, 111, 126, 128, 133, 136, 147, 150-1, 153, 190-2, 198-202, 205, 207-10 Makefile 138, 203 manager, default partition 164-5 maps 91, 135, 196 automounter 50-1
229 master 50 MASQUERADE 88 Master Boot Record (MBR) 14, 25, 164 matt 180 max 154-5, 210 MAX 68-9 maximum number of mail processes 155, 210 Maximum number of running mail processes 154 MB 46, 56, 112, 166, 173 mbr 16, 164 MBR (Master Boot Record) 14, 25, 164 MD5 69-70 mdadm 53-4, 174-5 mdadm device-name 175 mdadm raid-device-name 53-4, 175 mem 112, 192-3 members 69, 80, 182 memory 85, 166, 183-4 messages 91, 93, 104, 150, 187, 208 outgoing 149 Min/max values 68 minutes 30-1, 33 misc 50-1 mke2fs 44, 46 mkfs 44-5, 173-4 mnt/cdrom 80 mnt/win 120, 172 mnt/win directory 120 modes 20, 41-3, 49, 63, 165 graphics 33 multiuser 31, 33, 169 safe probe 20, 165 Modifying group information 7, 73 Modifying user account 7, 72 modinfo 88, 185-6 modinfo modulename 185 modprobe 186 modprobe modulename 185 modsecurity directory 101 module modules/mod 102 module name 90 module-name 90 modules 87-90, 100, 102, 111, 159, 161, 166, 185-6, 191, 212 authorization 100, 190 command modprobe 89 driver 89, 185 loaded 88, 185 remove.list selinux policy 163 system-auth 161 modules directory 101 Modules Loaded 8, 88 modules module 89-90 modules.networking modules.symbols 87 modules.usbmap kernel modules.inputmap 88 monitor 17, 21, 53, 156, 166 package package-name.system 178 monitor type 21 Monitoring System performance 8, 82 mount 27, 42-3, 50, 52, 80, 119-20, 168, 172-3, 182 mount command 42-3, 50, 80, 119, 172, 197 mount-options-separated-by-comma 50-1 mount point 40, 42, 50, 53, 172 mounted directory 44 mounting 6, 29, 42-3, 50 Multiuser 31, 169 Multiuser mode booting 169 MYGROUP 127-8
230 Mysql
100, 102, 190
N name 35, 41, 53, 61, 88, 93, 97, 103, 114, 117, 126, 128-9, 131, 187-9, 193, 198-9 [3] Naming convention of files 35 nat 88 NAT filtering 159, 212 neat 22, 140, 166, 204 net 50, 120 netbios 159 netmask 139, 193 network 16-18, 35-6, 117, 119, 122, 133, 138-40, 142, 147, 155, 166, 196, 204, 207 network access 135 Network Configuration 140, 166 network devices 14, 22-3, 88, 166 network information 184 Network Information Service 135 network options 9, 111, 132 network port 163 network security 12, 155 network usage information 184 networking 31, 79-80 NFS 3, 17-18, 31, 116, 120, 197 NFS Configuration 196 NFS daemon 119, 121 NFS directory 10, 119-20, 197 NFS server 15, 122, 197 NFS Server Administration Answer 196 NFS Server Configuration 10, 120, 196 NFS server configuration utility 120, 197 NFS server root user 196 NFS service 116, 119, 195-6 nfsstat 122, 197 nis 135, 137-8, 203 files nisplus 138 NIS database 11, 139, 203 NIS domain name 11, 135-7, 202 NIS group 117, 195 NIS server 11, 136-9, 202-3 NIS server information 138, 203 NIS server name 137 NIS version 138 nisdomainname 135-6, 202 nisdomainname domain-name-of-system ypdomainname domain-name-of-system 135 NISGRP 195 noauto option 172 nocrossmnt 122 nodaemon 32-3 nodev 51 nosuid 51 notauto option 172 nouser 42 ntfs 45, 48 number 29, 53, 61-2, 68, 85, 94, 101, 104, 114, 117, 135, 173, 184, 196, 201-2, 204 O objects 112-13, 144-5, 192-3 hot 112, 192-3 transit 112, 192-3 operation 50, 118, 174, 197 option url 17 options format 10, 118 order 35-6, 48, 104-5, 169 organizations 116, 143 OS 127 output 46, 63, 87-8, 91, 94, 96, 119, 122, 134, 170, 184, 187, 201 overridden 46, 69, 71, 179
231 owner
81, 96, 182-3
P Package management and Kickstart 3 Package Manager 7, 65, 178 package name 61 package-name 62, 177 yum install 61, 177 package-name queries 178 package-name.yum install 178 package package-name 177 package processing 63 packages 3, 14, 59-62, 64-6, 176-8 gpgkeys of 176 installed 62, 66, 177 software 14, 59, 62-4 ġōŪů Ŷ Ź ġŧŪŭŦ Ŵ ź Ŵ ŵ Ŧ Ů ġŢ ť Ů Ūů istration xf0b7 3 pam 129, 161, 212 configuring 160 PAM configuration file 212 PAM modules 161-2, 212 panel 53, 66, 74, 107-9, 121, 123-5, 144-5, 157 partition 14, 17, 27, 40, 47-8, 52-4, 165, 168, 171-3 dev/sda6 40, 172 disk 40, 43, 171 filesystem-type source 172 pass 3, 5, 157 PASS 68 passwd 138, 161, 180-1 passwd user-name 76 passwd command id 181 password 15, 28-9, 68, 71, 76, 78, 80, 124, 127, 160-1, 181-2, 212 password of user 76, 180 path 18, 71, 98, 126, 145, 154 performance 110, 118, 166 ġŎŰ ů Ūŵ Ű ų Ūů Ũ ġŴ ź Ŵ ŵ Ŧ Ů ġġġĹ ij Perl 100, 102, 190 permission mask 69 PHP 100, 102, 190 physical volume 7, 54-5, 58, 175 pid 29, 52, 84, 86, 93, 97, 142, 145, 154, 168-9, 183-7, 189, 193 pipe 94 Pluggable Authentication Module 93, 129 pop3 153-4 port 16, 102, 107, 111-12, 114-15, 118, 121, 129, 132, 134, 139, 148, 154-8, 191-2, 195, 203 port number 102, 121, 155, 211 port panel 158 postfix 12, 146, 150-3, 209 list postfix service 150 postfix mail server 151 postfix server 150-3, 208-9 postfix server log information 209 power 30-2 power failure 30, 32-3, 52 Power Restored 32-3 powerfail 30, 32-3 powerfail action 30, 33 powerokwait 30, 32-3 prefdm 32-3 prevrunlevel 170 printers 23-4, 122 Prints 63 priority 36, 47-8, 83-4, 90, 186 privilege 78-81, 182-3 probing 20 problem 103, 170, 174 proc 41-2, 85, 167, 171
232 proc/modules 185 proc/swaps 47-8, 173 proc/uptime 184 Process and Kernel Information 8, 90 process id 91, 93, 142, 204 process identification number 29, 84, 184 process pid 90, 184 process PID 41 process priority 91, 186 processes 8, 27, 29-30, 32-4, 36, 41, 80, 83-6, 90-1, 154-5, 161, 167-9, 171, 183-6, 194, 210 active 83 concurrent 201 postfix daemon 151, 209 proxy 114, 194 running 90 total number of 84, 184 zombie 84, 184 processes tab 83 profile 70 program dnsserver 111, 191 programs 35, 156, 191 prompt 30, 94-5, 182 properties 59, 108-9, 120, 144 properties button 74, 121, 144, 146 protocols 101, 122, 153-4, 158 proxy 104-5 ps 20, 95 pts 85 Python 100, 102, 190 Q QMAIL 67-8 queries 62, 64, 136, 146 R raid 174-5 RAID 52 raid array 53 raid device name 53 raid-device-name 53-4, 175 raid-device-name device-name 175 raid devices 53-4, 174-5 RAID devices 52-3 raid devices information 53 RAID disks 6, 52 raid level information 53 raid options panel 53 ram 192-3 RAM memory 84, 112, 184, 192-3 ratio 45-6 rc 31-2, 169, 171 rc1 34, 36 rc5 32, 35-6, 169 rc.sysinit 31-2 read/write 55, 57 reconfigure 116, 195 Red Hat 14-15, 58-9, 62, 69, 91, 143, 164, 168 Red Hat Certified Engineer 3, 5 Red Hat Certified Engineer Exam 3, 5 Red Hat Enterprise Linux 14, 164 Red Hat Linux 14, 16, 23, 25, 28, 53-4, 77, 165, 168, 172 relay 147, 150, 207-8 RELAY 150, 208 remote system mput 131 remote system rename 131 remove 7, 53-4, 57-8, 62, 69, 89-90, 175, 186 remove user groups 69
233 Removing module 8, 89 respawn 29, 32-3 restart 40, 120, 142, 159, 195 service nfs 119 service sqd 195 service squidd 195 restarting 119, 196 RH 3, 5 RH systems 69 RHCE 3, 5 ro 51, 118, 122 root 15, 26-7, 78, 80-1, 85, 93-8, 118, 122, 165, 167, 181-2, 194 root/anaconda-ks.cfg 16, 164, 167 root directory 105, 169 document 109 root/install-log.info 164 root/install.log 164 root password 14, 17, 182 root privilege 182 root root 47, 70, 100, 133 root run-parts 98-9 root user 42, 66, 77-9, 93-4, 97, 99, 114, 118, 180-3, 188 maps 196 maps client 196 privilege of 78, 182 root user's password 76, 78 root@localhost 17, 28, 36-9, 43-4, 46, 52, 54, 58, 60, 67, 70-3, 77, 85-8, 94-9, 135-6, 140 [8] root@localhost alternatives 153 root@localhost cron 98 root@localhost dev 55-7 root@localhost home 47-8 root@localhost mail 148, 152 root@localhost nfs 119-20, 122 root@localhost postfix 150-1 root@localhost pub 20-4 root@localhost squid 112, 116 rootnoverify 26-7, 168 rootnoverify option 168 rpm 7, 59, 62-3, 177-8 rpm command 62-3 valid 177 rpm command uses 64, 176-7 rpm configuration file 176 user level 64 rpm format 59, 62 rpm package information 177 storing 64, 177 rules 112, 159-60, 212 iptable 158-9 runlevel 6, 29-30, 32-9, 82, 99, 150, 169-71 previous 36, 170 standard 32 runlevel command 170 runlevel directories 35-7 runlevel field 29-30 runlevel scripts 169, 171 runlevel service-name 170 runlevel values 29 running mail processes 154, 210 rw 42, 118, 122 S Samba 3, 127 Samba Server Configuration 10, 122, 197 samba server status information 198 samba users 123-6, 198 list of 127, 198
234 sample 30, 41-2, 45, 50-1, 67, 70, 78-9, 92, 98, 118, 136-7, 159 sample format 94, 115 sample questions 3 sbin 41, 78-9, 98 sbin directory 80 sbin/fdisk 79-80 sbin/nologin 78-9 sbin/service 79 sbin/sfdisk 79-80 sbin/shutdown 31-3, 80, 169 schedule 31, 93-4, 96-7 scheduled jobs 94-6, 188 schema 133, 201 schema files 133-4, 201 default ldap 202 scripts 29, 34-6, 99, 169, 171 search 60, 65-6, 134-5, 138, 146, 201-2, 206 search request 134, 201 search tab user 66 seconds 27-8, 32, 101, 134, 168, 201 section 9, 105, 112-13 global environment configuration 101 security 17, 93, 101, 139, 157, 203 security Configuration 211 security level 117, 157, 159, 211 Security Level Configuration 12, 157, 159, 211 security Level Configurations 211 selinux 17, 163-4 SELinux 3, 13, 162-3, 195, 213 SELinux administration 13, 162, 213 SELinux configuration file 162, 213 SELinux configurations 213 SELinux manager Answer 213 SELinux policies 162, 164, 213 SELinux user identities 163 Selinuxtype 163 sender 150, 208 sendmail 11, 146-50, 152-3, 207-9 mail server 147 sendmail log information 149 sendmail restart 148 sendmail server 12, 147-8, 150, 152-3, 207-9 default 153 sendmail server type 146 sendmail uses 147, 207 server 3, 12, 15, 33, 101-4, 114-16, 118, 127, 134-5, 137, 139-40, 144-5, 148-50, 190, 204-5, 207-8 [6] demo sama 127-8 high performance proxy caching 111 proxy 104-5 samba 10, 122, 126, 128, 198 web 9, 15, 41, 99, 103, 191 Server Configuration 9, 106, 190, 205 Server Configuration Answer 205 server HOSTNAME 136-7 server information 101 server mirrorlist 61 server name 107, 134 server-name/cgi-bin/cachemgr.cgi 194 server root names 101 server section 9, 103 server system 135 single web 106 ServerAdmin root@localhost 103 servername 17 ServerName 106 ServerName dummy-host.example.com 106 ServerRoot 101, 190
235 service daemons 157 service ftp start 199 service ftpd start 199 service httpd 38-9, 170-1, 189 service httpd start 38, 99, 170-1, 189 service httpd stop 39 service management apps 80 service-name 170 service nfd start 195 service nfs start 116, 195 service nfsd 195 service nfsd start 195 service passwd 161 service postfix start 153 service S10network 35 service samba start 198 service sendmail start 146 service service-name 37-9, 170 service service-name start 38 service service-name stop 39 service smb start 127, 198 service smbd start 198 service vsftpd start 128, 199 service yp start 202 service ypserv start 203 terminal 137 service ypserver start 202 serviceconf 39, 171 services 10, 34-41, 79-80, 99, 127, 129, 139, 143, 145, 152-3, 155-6, 160-1, 169-71, 189, 205, 210-12 alternatives 152 autofs 50, 120 default 152, 209 dhcpd 139 dovecot 153-4, 210 managing 82 net-work 35 network 33, 36 new 37 samba 127, 198 sharing 3 trusted 157 xinetd 156, 211 ypbind 137 services Answer 210 session 160-1, 182, 212 set 14, 17, 21, 25, 27, 30, 32, 101, 103-4, 129-30, 132, 134-5, 154, 156-7, 199, 201-2 [20] set initdefault 30-1 share 121, 125-7, 198 samba 123, 125, 128 shared directories 120, 126, 128 shell 67, 70-2, 98-9, 182 shell script 34, 151, 169 shutdown 30-3, 52, 78, 80, 115, 130, 182 Shutdown Canceled 32-3 Shutting 119, 153 SIGKILL 185 signal 185 Single user mode 31, 33 size, subdirectory 181 size of files 76, 181 SIZELIMIT 133-4, 201 Smaba configuration Answer 197 Smaba Server configuration 197 socket 111, 192 software 64, 79-82, 175 software configuration 33 software repositories 59, 61, 65, 176
236 source code 64-5 source filesystem 173 space 53, 56, 76, 181 amount of 77, 181 total 56 squash 118, 122, 196 squid 3, 111-12, 114-16, 191-2, 194-5 server program 111, 191 squid daemon 10, 115-16, 194-5 squid log files 112 squid reconfigure 195 squid restart 116, 195 squid server 9, 111, 191-4 squid start 116 squid user 114 squiduser 194 start 17, 28, 35-40, 82, 91, 99, 116, 127-8, 130, 134-5, 137, 143, 153, 189, 198-9, 205 [10] Start Process 83 start squid 115 Starting Apache 9, 99 Starting Dovecot 12, 153 Starting httpd 39, 99 Starting init 5, 29 Starting Named 11, 143 Starting NFS daemon 116, 119 Starting NFS mountd 116, 119 Starting NFS quotas 116, 119 Starting NFS services 10, 116, 119 Starting NIS server 11, 137 Starting postfix, service postfix start 151 Starting postfix server 12, 150 Starting Samba 10, 127 Starting Services 34 Starting squid 116 Starting vsftd 10, 128 Starting ypbind service 11, 137 startup 20, 97 statistics kernel NFS client 122 kernel NFS server 122 virtual memory 85, 183 status 37-8, 139, 143, 170-1, 174, 176 stop 35-7, 39-40, 132, 148, 153 network service 36 service sendmail 153 storage 60, 79-80 subdirectories 40, 181 subfolders 76, 181 subtree 122 success 161 suid 42 Sun Microsystems 135 swap 41-2, 45-7, 85-6, 165 swap area 46-8 swap filesystem 173 swap partition 14, 165, 173 swap space 6, 34, 47, 166 swpd 85 sync 78, 118, 122, 130 synchronize system's clock 25 syntax 145, 206 sys 41, 80-1, 167 sysfs 41-2 sysinit 29-32 syslogd 9, 92, 187 system 25-6, 29-30, 33-4, 46-7, 49-50, 61-2, 64-6, 77-80, 82-6, 127-8, 135-8, 166-70, 172-4, 176-7, 1836, 196-8 [21]
237 system administration 7, 82, 184 system administrator 180-1, 183, 187-8, 196 system administrator execute 180 system-auth 160-1 system boots 30, 42, 50, 155 system clock 34 system-config-bind 143, 205 system-config-boot 28 system-config-date 24, 167 system-config-display 21 system-config-ftp 200 system-config-ftpd 200 system-config-httpd 106, 190 system-config-https 190 system-config-keyboard 20 system-config-kickstart 17 system-config-level 211 System-config-logman 175 System-config-lv 175 system-config-lvm 58, 175 system-config-manage 178 system-config-name 205 system-config-neat 166 system-config-net 166 system-config-network 22, 140, 166, 204 system-config-nfs 120, 197 System-config-nfsd 197 system-config-packages 65, 178 system-config-printer 23 system-config-samba 122, 197 system-config-sambad 197 system-config-securelevel 211 system-config-security 211 system-config-securitylevel 157 system-config-selinux 162, 213 system-config-SElinux 213 system-config-SELinux 213 system-config-services 39, 155, 171 system-config-smb 197 system-config-soundcard 21 system-config-time 24, 167 system-config-users 73, 181 system-config-usr 181 System-config-vsftp 200 system-config-vsftpd 131 system crontab file 98, 189 system information.uname 185 system initialization 31 System Log 86 system log information 184 System Log Manager 184 system log viewer 86, 184 system logging 92, 187 System Monitor 82, 184 system reboots 32, 169 system users 132 system users behavior 132 SystemManager 184 T tab 21, 23, 107, 109, 141, 144 basic 123, 125 samba user 124 tab user 132 server control 132 tar xvf 178 tcpd 156, 211
238 Te user 78 telinit 36, 170 telnet 156 text editors 16, 27-8, 97 time 19, 24-5, 44, 70, 84-5, 93-4, 99, 101, 115, 121, 135, 161, 169, 183 time-specification 94-5 TIMELIMIT 133-4, 201 timeout 26, 101-2, 115, 168 timezone 16-17 tmpfs 41-3 topics 3, 149 type 17, 45, 47-8, 52, 91, 127, 148, 160-1, 163 processor 185 running Linux system 42 U uid 68, 118, 196 umount 44 uname 87, 185 uncomment 81, 104-5, 115, 128 uncompress 64, 178 xvf 178 unconfigures 20 uninitialized entries 59 Unix 127 Unix user name 198 UNIX user name 124, 127 Unix username 198 unmount 43-4, 80 unmounting 6, 43-4 update option 167 updates 20, 59, 61, 65-6, 161, 176-7 upgrade 14, 16-17, 62, 167, 177 upgrade option 17, 167 upload 128-9, 132, 158 UPS 31-2 uptime command uses 184 URI 133-4 url 17, 112 usage 49, 61-2 Use NIS 138 user 14-18, 27-30, 66-7, 69-71, 78-80, 83-7, 93-5, 102-4, 124-30, 139-42, 150-1, 157-8, 174-7, 179-91, 198-201, 206-9 [31] administrative 78, 129-30, 132, 180 anonymous 128, 132, 196 ban 132 bin/bash 71 bin/csh 71 common 40 configuration file 134 effective 114 etc/passwd filesystem 71 ldap directories 134, 201 local 128-9, 132, 199 menu option 83 modifying 82 multi 66 new 66-7, 71, 75, 154, 180 normal 80 password 29 trusted 147 useradd 70 userdel 180 valid 126 ġġġij IJ user accesses 161, 197 user account apache 103
239 user account john 179 user accounts 66-7, 71-2, 78-9, 179 administrative 114 installation root 66 new 72 ġŎŢ ů Ţ Ũ Ūů Ũ ġġġĹ ij User Admin 180 User Administrator 180 User and Group Administration 7 user apache 102-3 user applications 41 user button 75 new 124 User Configuration 180 user doesn user don user id 78, 179-80 user-id 72 user information 72, 161, 180 user issues 183, 187 user issues command insmod 185 user jack 81 user Jack 181, 198 user login name 180 user lookups 138 user Mac 187 User Manager 180 user Manager Utility 180 User Manger 180 user Matt 179 user-name 72, 76, 78, 90, 124, 182 his/her 103 useradd options 66 user names 15, 71-2, 74, 93-4, 97, 130, 149, 151, 188 user-name
user password, changing 7, 76, 161 user requests 49, 106 user set 190 user squid 114 USER TTY 85 user user 180 user user-name 181 user Vishnu 182 user yum 59 user1 126 useradd 67-9, 71-2, 180 useradd command line 69 useradd user-name 67 userdel 69, 72, 180 userdel user-name 72 USERGROUPS 69 userid 71 userlist 129, 199 directive 199 usermod 72, 180 username 188 users don users group 80 users Jack 188 users John 199 users localhost 80 users SELinux security cate-gory 163 users tab 132 user.Will root, administrative 182 user user user
240 Using batch command 9, 96 Using chkconfig 171 Using command chkconfig 6, 37 Using mdadm command 53 Using modprobe command 8, 89 Using system-config-cache 194 Using system monitor 177 Using System Monitor 8, 82 Using tar xvf 178 Using User Manager 7, 73 usr 40-1, 50, 77, 165-6, 171, 199 usr/lib/httpd/modules 189 usr/lib/httpd/modules directory 101-2 usr/local 97-8 usr/sbin directory 79 utility 22-4, 28, 59, 87, 106, 131, 145, 178, 184, 197 daemon Configuration 131, 200 network configuration 142 samba server configuration 122 service configuration 39, 171 system monitor 82 user manager 73 utility Answer 175 utility Network Configuration 140 V values 29, 36, 53, 60, 69, 71, 91, 98, 123, 125, 134, 139, 144-5, 159, 162-3, 191 [4] var/cache/mod 105 var/lib/dhcp/dhcpd.leases 140, 204 var/lib/nfs directory 122, 197 var/lib/rpm 64, 177 var/lib/rpm/Name 63-4 var/lib/rpm/Packages 63-4 var/lib/rpm/Pubkeys 63-4 var/log/cron 92-3, 187 var/log/dovecot.log 154 var/log/httpd directory 100 var/log/maillog 92, 149, 152, 209 var/log/vsftpd.log 130, 132, 200 var/log/yum.log 60, 176 var/named/data/cache 145, 206-7 var/run directory 101 var/spool/at 96, 188 var/spool/cron directory 97, 189 var/spool/mail 68, 78, 149, 151 var/spool/mail directory 70 var/spool/mail/stats 208 var/spool/postfix 12, 152 var/spool/squid 112, 193 var/temp 179 var/yp/securenets 203 vendor
verbose information 63, 177 Very Secure 10, 131, 200 vfat 43, 45, 48, 172-3 vfat filesystem type 172 vgcreate 55, 175 vgextend 55, 175 video card 17, 21 View Process 83 Virtual server files 147 Virtual users file 147 VirtualHost 106 vishnu 126-7, 182, 198 samba user 127, 198 vmlinuz 15 vol 55-7, 59
241 volume group 7, 55-6, 58-9, 175 vsftp 128-9, 200 VSFTP daemon Configuration 200 vsftpd 128 VSFTPD Configuration Answer 200 vsftpd service 128 vsftpd userlist 129 vv 63-4, 177 W warn 68, 104, 191 wdelay 122 web 59-61, 65-6 web browser 100, 103-4, 191 wheel 80 Window System 3 windows 25, 27, 59, 75, 122, 152, 168, 172 windows user name 124, 127, 198 won workgroup 128 writable option 125-6 www/docs/dummy-host.example.com 106 X xconfig 16-17 ġņŹ ŵ Ŧ ů ť Ŧ ť ġŊ ů ŵ Ŧ ų ů Ŧ ŵ ġŔ Ŧ ų ŷ ŪŤ Ŧ Ŵ ġŅŢ Ŧ Ů Ű ů ġġġĴ ġŌŦ ų ů Ŧ ŭġŴ Ŧ ų ŷ ŪŤ Ŧ Ŵ ġġġĴ ġġġIJ ĵ ĭ ġIJ ĸ -18, 20, 23, 25, 27, 34, 53, 82, 84, 86, 98, 119, 122, 144 ġłŤŤ Ŧ Ŵ Ŵ ġńŰ ů ŵ ų Ű ŭġōŪst 144 ġńŰ ů ŧŪŨ Ŷ ųŢ ŵ ŪŰ ů ġť ŪųŦ Ťŵ Ūŷ Ŧ Ŵ ġġġIJ ı IJ ġńŰ ů ŧŪŨ Ŷ ųŢ ŵ ŪŰ ů ġű Ţ ų Ţ Ů Ŧ ŵ Ŧ ų Ŵ ġġġIJ ı IJ ġŤ Ű ů ŧŪŨ Ŷ ų Ŧ ġġġij IJ ġńŰ ů ŧŪŨ Ŷ ųŦ Ŵ ġġġIJ ĵ ĭ ġĴ ĵ ġńŰ ů ŧŪŨ Ŷ ųŦ Ŵ ġŬŦ ų ů Ŧ ŭġű Ţ ųŢ Ů Ŧ ŵ Ŧ ų Ŵ ġġġĴ ĵ ġű ų Ű Ť Ŧ Ŵ Ŵ ġġġij ĺ ġų Ŷ ů ŭŦ ŷŦ ŭġġġij ĺ ġŴ Ŧ ŵ Ŵ ġġġĴ ĵ ġŶ Ŵ Ţ Ũ Ŧ ġť Ŧ ŵ Ţ ŪŭġġġĹ ĵ ġġġIJ ķ Ķ xferlog 129 xfs 45, 48 xinetd 3, 132, 155-6, 210-11 xorg.conf 166 Y yp 138, 203 ypdomainname 135-6, 202 ypserver HOSTNAME 136 yum 59-60, 176 yum uses 59-60 Z zombie processes usage detail zone file directory 145
184