RHCE - RH302 Red Hat Certified Engineer Certification Exam Preparation Course in a Book for Passing...

RHCE - RH302 Red Hat Certified Engineer

Certification Exam Preparation Course in a Book for Passing the RHCE - RH302 Red Hat Certified Engineer Exam

The How To Pass on Your First Try Certification Study Guide

RHCE - RH302 Red Hat Certified Engineer Certification Exam Preparation Course in a Book for Passing the RHCE - RH302 Red Hat Certified Engineer Exam - The How To Pass on Your

First Try Certification Study Guide

Copyright © 2009

Notice of rights

All rights reserved. No part of this book may be reproduced or transmitted in any form by any means, electronic,

mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.

Notice of Liability

The information in this book is distributed on an “As Is” basis without warranty. While every precaution has been

taken in the preparation of the book, neither the author nor the publisher shall have any liability to any person or

entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the instructions

contained in this book or by the products described in it.

Trademarks

Many of the designations used by manufacturers and sellers to distinguish their products are claimed as

trademarks. Where those designations appear in this book, and the publisher was aware of a trademark claim, the

designations appear as requested by the owner of the trademark. All other product names and services identified

throughout this book are used in editorial fashion only and for the benefit of such companies with no intention of

infringement of the trademark. No such use, or the use of any trade name, is intended to convey endorsement or

other affiliation with this book.

3

This self-study exam preparation guide for the RHCE -RH302 Red Hat Certified Engineer exam contains everything you need to test yourself and pass the Exam. Including all the exam topics, covered indepth and insider secrets, complete explana-tions of all RHCE subjects, test tricks and tips, over 250 highly realistic sample questions, and exercises designed to strengthen understanding of the RHCE concepts and prepare you for exam success on the first attempt are provided.

Can you imagine valuing a book so much that you send the author a "Thank You" letter?

This book includes new exercises and sample questions never before in print. Offering numerous sample questions, critical time-saving tips plus information available nowhere else, this book will help you pass the RHCE - RH302 Red Hat Certified Engineer exam on your FIRST try.

Buy this. Read it. And Pass the RHCE - RH302 Red Hat Certified Engineer Exam.

This book provides a laser sharp focus on all the exam objectives with a cohesive, concise, yet comprehensive coverage of all the topics included in the RHCE - RH302 Red Hat Certified Engineer Lab Exam.

It includes over 250 questions modeled after the real exam with answers and an Exam Quick Prep feature which recaps all the important points for the last hour preparation before taking the exam.

Covers all RH302 exam topics, including:

� Hardware installation and configuration� The boot process� Linux filesystem administration� Package management and Kickstart� User and group administration� System administration tools� Kernel services and configuration� Apache and Squid� Network file sharing services (NFS, FTP, and Samba)� Domain Name System (DNS)� E-mail (servers and clients)� Extended Internet Services Daemon (xinetd), the Secure package, and DHCP� The X Window System� Firewalls, SELinux, and troubleshooting

5

Contents

RHCE - RH302 Red Hat Certified Engineer ....................................................................................... 1

Certification Exam Preparation Course in a Book for Passing the RHCE - RH302 Red Hat

Certified Engineer Exam - The How To Pass on Your First Try Certification Study Guide .......... 1

Installation and Hardware Configuration ......................................................................................... 14

1.1.Overview ................................................................................................................................................... 14

1.2.Installation ............................................................................................................................................... 14

1.2.1.Using DVD............................................................................................................................ 14

1.2.2.Using Hard Disk .................................................................................................................. 15

1.2.3.Using Network ..................................................................................................................... 15

1.3.Kickstart File ............................................................................................................................................ 16

1.3.1.Creating Kickstart file .......................................................................................................... 16

1.3.2.Use of Kickstart file ............................................................................................................. 18

1.4.Configuring Hardware ............................................................................................................................ 19

1.4.1.Graphical utilities ................................................................................................................ 20

2.The Boot Process .............................................................................................................................. 25

2.1.Overview ................................................................................................................................................... 25

2.2.Grub ......................................................................................................................................................... 25

2.2.1.Grub configuration file ....................................................................................................... 26

2.2.2.Configuring Grub ................................................................................................................ 27

2.3.Starting init .............................................................................................................................................. 29

2.3.1./etc/inittab file .................................................................................................................... 29

6

2.3.3.runlevel................................................................................................................................ 33

2.3.4.Initializing System .............................................................................................................. 34

2.3.5.Using command chkconfig ................................................................................................ 37

2.4.Using Graphical utilities ......................................................................................................................... 39

3.Filesystem Administration .............................................................................................................. 40

3.1.Overview ................................................................................................................................................... 40

3.2.Filesystem Information .......................................................................................................................... 40

3.2.1./etc/fstab file ....................................................................................................................... 41

3.2.2./etc/mtab ............................................................................................................................ 42

3.2.3.Mounting a filesystem ........................................................................................................ 43

3.2.4.Unmounting a filesystem ................................................................................................... 43

3.2.5.Creating a filesystem .......................................................................................................... 44

3.3.Creating Swap space ............................................................................................................................... 46

3.3.1.Enabling swap space ........................................................................................................... 47

3.3.2.Disabling swap space ......................................................................................................... 48

3.4.Checking and Repairing a filesystem ..................................................................................................... 48

3.4.1.Searching for badblocks ..................................................................................................... 49

3.5.Automatically mounting a filesystem .................................................................................................... 50

3.5.1.Checking status of automount ........................................................................................... 52

3.6.RAID disks ............................................................................................................................................... 52

3.6.1.Creating RAID device ......................................................................................................... 52

3.7.Logical Volume Group ............................................................................................................................ 54

7

3.7.1.Creating A Logical Volume Group ..................................................................................... 54

3.7.2.Remove a logical volume .................................................................................................... 57

3.7.3.Remove a volume group ..................................................................................................... 58

3.7.4.Remove a physical volume ................................................................................................. 58

3.7.5.Logical volume management utility .................................................................................. 58

4.Package Management ...................................................................................................................... 59

4.1.Overview ................................................................................................................................................... 59

4.2.Using yum ................................................................................................................................................ 59

4.3.Using rpm ................................................................................................................................................ 62

4.4.Using make .............................................................................................................................................. 64

4.5.Package Manager .................................................................................................................................... 65

5.User and Group Administration ..................................................................................................... 66

5.1.Overview ................................................................................................................................................... 66

5.2.Creating User Account ............................................................................................................................ 66

5.3.Modifying user account .......................................................................................................................... 72

5.4.Deleting user account ............................................................................................................................. 72

5.5.Group Administration ............................................................................................................................. 73

5.5.1.Adding New Group .............................................................................................................. 73

5.5.2.Modifying group information ............................................................................................ 73

5.5.3.Deleting group ..................................................................................................................... 73

5.6.Using User Manager ............................................................................................................................... 73

5.6.1.Changing user password ..................................................................................................... 76

5.7.Space Usage ............................................................................................................................................. 76

6.System Administration .................................................................................................................... 77

8

6.1.Overview ................................................................................................................................................... 77

6.2.Getting Administration Rights ............................................................................................................... 78

6.2.1.The su command ................................................................................................................. 78

6.2.2.Using the su ........................................................................................................................ 78

6.2.3.Administrative commands ................................................................................................ 79

6.2.4./etc/sudoers file ................................................................................................................. 79

6.3.Changing owner and group .................................................................................................................... 81

6.4.Monitoring System performance ........................................................................................................... 82

6.4.1.Using System Monitor ........................................................................................................ 82

6.4.2.Using top ............................................................................................................................. 84

6.4.3.Other commands ................................................................................................................ 84

6.5.Log information....................................................................................................................................... 86

7.Kernel Services and Configuration ................................................................................................. 87

7.1.Overview ................................................................................................................................................... 87

7.2.kernel Modules ....................................................................................................................................... 87

7.2.1.Modules Loaded into Kernel .............................................................................................. 88

7.2.2.Inserting module into kernel ............................................................................................................... 89

7.2.3.Removing module from kernel .......................................................................................... 89

7.2.4.Using modprobe command ............................................................................................... 89

7.3.Process and Kernel Information ............................................................................................................ 90

7.3.1.The ps command ................................................................................................................. 90

7.3.2.Changing priority of process .............................................................................................. 90

9

7.3.3.Using dmesg ........................................................................................................................ 91

7.3.4.Syslogd ................................................................................................................................. 92

7.4.Automating Tasks -- ................................................................................................................................ 93

7.4.1.Using at ................................................................................................................................ 93

7.4.2.Using batch command ........................................................................................................ 96

7.4.3.Using cron ........................................................................................................................... 97

8.Web Server ....................................................................................................................................... 99

8.1.Overview .................................................................................................................................................. 99

8.2.Starting Apache ....................................................................................................................................... 99

8.3.Main Configuration file ........................................................................................................................ 101

8.3.1.Global Environment Configuration ................................................................................. 101

8.3.2.Main server section .......................................................................................................... 103

8.3.3.Virtual hosts section ......................................................................................................... 105

8.4.HTTP Server Configuration ................................................................................................................. 106

9.Squid Server ................................................................................................................................... 111

9.1.Overview ................................................................................................................................................. 111

9.2.Configuring Squid ................................................................................................................................. 111

9.2.1.Network options ................................................................................................................ 111

9.2.2.Neighbor selection algorithm option .............................................................................. 112

9.2.3.Cache size options............................................................................................................. 112

9.2.4.Log File and Cache directory section .............................................................................. 112

9.2.5.Access control section ...................................................................................................... 113

10

9.2.6.Administrative parameters .............................................................................................. 114

9.3.Cache Manager ...................................................................................................................................... 114

9.4.Squid Daemon ....................................................................................................................................... 115

10.NFS Server .................................................................................................................................... 116

10.1.Overview ............................................................................................................................................... 116

10.2.Starting NFS service ............................................................................................................................ 116

10.3.Sharing Folders ................................................................................................................................... 117

10.3.1.Format of hostname ....................................................................................................... 117

10.3.2.Options format................................................................................................................ 118

10.4.Accessing the NFS directory ............................................................................................................... 119

10.5.NFS Server Configuration ................................................................................................................... 120

10.6.Using nfsstat ........................................................................................................................................ 122

11.Samba Server ................................................................................................................................ 122

11.1.Overview ............................................................................................................................................... 122

11.2.Samba Server Configuration ............................................................................................................... 122

11.3.Samba configuration file ..................................................................................................................... 126

11.4.Starting Samba service ........................................................................................................................ 127

11.4.1.Checking the service ........................................................................................................ 127

12.FTP Server .................................................................................................................................... 128

12.1.Overview ............................................................................................................................................... 128

12.2.Starting vsftd........................................................................................................................................ 128

12.3.Configuring vsftpd ............................................................................................................................... 128

12.4.ftp command prompt .......................................................................................................................... 130

12.5.Very Secure FTP daemon Configuration ........................................................................................... 131

13.LDAP Server ................................................................................................................................. 133

13.1.overview ................................................................................................................................................ 133

11

13.2.Configuration ....................................................................................................................................... 133

13.3.Starting the ldap .................................................................................................................................. 135

14.NIS server...................................................................................................................................... 135

14.1.Overview ............................................................................................................................................... 135

14.2.Setting NIS domain name ................................................................................................................... 135

14.3.Configuring NIS ................................................................................................................................... 136

14.4.Starting NIS server .............................................................................................................................. 137

14.4.1.Staring NIS server ........................................................................................................... 137

14.4.2.Starting ypbind service ................................................................................................... 137

14.5.Mapping Information .......................................................................................................................... 137

14.5.1.NIS database .................................................................................................................... 139

15.DHCP Server ................................................................................................................................. 139

15.1.Overview ............................................................................................................................................... 139

15.2.Starting the DHCP server.................................................................................................................... 139

15.3.Configuration file ................................................................................................................................. 140

15.4.Working of DHCP server..................................................................................................................... 140

15.5.DHCP client.......................................................................................................................................... 140

16.DNS server .................................................................................................................................... 143

16.1.Overview ............................................................................................................................................... 143

16.2.Starting Named daemon ..................................................................................................................... 143

16.3.BIND Configuration GUI .................................................................................................................... 143

16.4.Important files ..................................................................................................................................... 145

17.Mail Services ................................................................................................................................. 146

17.1.Overview ............................................................................................................................................... 146

17.2.Sendmail ............................................................................................................................................... 146

17.2.1./etc/mail ........................................................................................................................... 147

12

17.2.2.Generating the .db files .................................................................................................. 147

17.2.3.Checking Sendmail Server ............................................................................................. 148

17.2.4.Important Files ............................................................................................................... 149

17.2.5.Actions taken by server on a mail .................................................................................. 149

17.3.Postfix ................................................................................................................................................... 150

17.3.1.Starting postfix server ..................................................................................................... 150

17.3.2.Configuration file ............................................................................................................ 151

17.3.3.Mailbox ............................................................................................................................ 151

17.3.4./var/spool/postfix .......................................................................................................... 152

17.3.5.Log files ............................................................................................................................ 152

17.4.Switching MTA .................................................................................................................................... 152

17.5.Dovecot ................................................................................................................................................. 153

17.5.1.Starting Dovecot .............................................................................................................. 153

17.5.2.Configuration file ............................................................................................................ 153

18.Network Security.......................................................................................................................... 155

18.1.Overview ............................................................................................................................................... 155

18.2.The daemon xinetd .............................................................................................................................. 155

18.3.Using TCP wrappers ............................................................................................................................ 156

18.3.1./etc/hosts.allow............................................................................................................... 156

18.3.2./etc/hosts.deny ............................................................................................................... 156

18.4.Security Level Configuration .............................................................................................................. 157

18.4.1.Configuration files .......................................................................................................... 159

13

18.5.Command Reference ........................................................................................................................... 159

19.PAM and SELinux ........................................................................................................................ 160

19.1.PAM ...................................................................................................................................................... 160

19.2./etc/pam.d ........................................................................................................................................... 160

19.2.SELinux ................................................................................................................................................ 162

19.2.1.SELinux administration .................................................................................................. 162

19.3.Command Reference ........................................................................................................................... 163

Over 250 Exam Preparation Questions ........................................................................................... 164

14

I N S T A L L A T I O N A N D H A R D W A R E C O N F I G U R A T I O N

1.1.Overview

Red Hat Enterprise Linux is one of the major commercial Linux distributions available in

market . Fedora Core Linux is an open source project of Red Hat. New version of Fedora Core

Linux is released every six months.

1.2.Installation

Anaconda is the default installer in Red Hat Linux. The installation process can be broadly

divided into many parts depending on the method used for installation

� DVD� Network� Hard Disk

1.2.1.Using DVD

To begin installation using the DVD place the DVD media in the DVD drive of the computer and

set the BIOS to boot from DVD drive. The steps of the installation process are

� The DVD media is checked� Choose language to use during installation process.� Choose keyboard layout.� Choose install type. User can either choose for new install

or upgrade an existing installation.

� Choose the software packages to install.� Choose partition scheme (options are automatic partition or manual partition) .� Choose partitioning (options are use free space on hard disk,use current Linux

partitions,use whole hard disk,and custom partition) � If custom partition option is chosen create at least one / partition and swap partition (for

single boot system) and create a / partition,swap partition and one /boot partition (for dual boot system)

� Install the grub bootloader on MBR.� Configure the network device.� Set the firewall options.� Choose the languages system should support.� Choose the time zone in which system is.� Enter the root password.� Select the packages.

After installation is complete remove the DVD media from DVD drive. The user had to accept

the License terms,Configure the firewall,Configure the sound card.

15

Then the user is prompted for user name and password on the login screen.

1.2.2.Using Hard Disk

For installation from hard disk it is assumed that Red hat Linux is already running on the

computer. In the hard disk install copy all the files of the DVD in a partition drive which is not

used during the new installation.

Then copy the vmlinuz and initrd files of the DVD media in /boot directory. These files are

needed to boot the installation process. GRUB is installed as the bootloader in Red Hat by

default. To boot the installation process the boot loader should be informed about the files

copied in the /boot directory.

The following entry is added in the /boot/grub/grub.conf file to achieve the purpose

title Red Hat-Installation

root (hd0,7)

kernel /vmlinuz

initrd /initrd.img

root(hd0,7) means that /boot partition exists on eighth partition of first hard disk.

After above steps reboot the computer. Choose Red Hat Installation on the Grub menu to begin

the install process.

1.2.3.Using Network

For the network installation the installation files should be copied to the computer which will

act as install server.

In case of web server or HTTP server the files need to be copied in the directory

/var/www/html.

In case of NFS server the directory containing the installation files should be made accessible.

In case of FTP server copy the files to directory /var/ftp/pub.

16

Note : when using the installation from Network or Hard disk choose the option INSTALL OR

UPGRADE in text mode on the first screen of the Installation process. At the boot prompt enter

the command askmethod

:boot linux askmethod

This lets the user to select the Installation Method.

1.3.Kickstart File

After successful installation of Red Hat Linux a kickstart file /root/anaconda-ks.cfg is created

based on the options chosen by the user during the installation process.

1.3.1.Creating Kickstart file

User has a choice to use graphical utility to create kickstart file or open a text editor and write

the commands.

1.3.1.1.Text File

install

cdrom

lang en_US.UTF-8

keyboard us

xconfig --startxonboot

network --device eth0 --bootproto dhcp

rootpw --iscrypted

firewall --enabled --port=22:tcp

authconfig --enableshadow --enablemd5

selinux --enforcing

timezone

bootloader --location=mbr --driveorder=sda --append="rhgb quiet"

17

The install option denotes new installation and upgrade option will denote upgrade of an exist-

ing system.

cdrom shows the install method used. NFS,FTP,HTTP,hard drive are other options which can

be used for NFS,FTP,HTTP,and hard disk install methods.

� For FTP method use option url –url give the ftp url name� for HTTP method use option url –url give http url name� for hard drive use option harddrive –dir=/give directory path –partition=give partition� for NFS method use option nfs –server=servername –dir=directory name

Third line sets the installation language to be used during installation .

Fourth line chooses the keyboard layout.

The xconfig is used to configure the monitor and video card.

The network command is used to configure the network. In above case it configures the Ether-

net interface.

rootpw denotes the root password.

firewall command sets the firewall label. option –enable means firewall is enabled. option

disable means firewall disabled.

selinux is used to set the security enhanced linux the options are - -enforcing,--permissive,--

disable

timezone is used to select the timezone of the user.

bootloader command is used to set the partition where the default bootloader grub is installed.

1.3.1.2.Graphical utility

Open Terminal and type the command system-config-kickstart to start the kickstart configura-

tor.

[root@localhost ~]# system-config-kickstart

18

The user can use the graphical interface to choose the options and the kickstart file will be

generated automatically.

1.3.2.Use of Kickstart file

It is used to automate the installation process. To use kickstart installation use following steps

� create a kickstart file� copy the kickstart file on cdrom, on network or on Local hard drive� use above commands on the :boot prompt during the installation

ks=cdrom: Kickstart from CDROM

ks=file:<path> Kickstart from a file (path = 'fd0/ks.cfg')

ks=ftp://<path> Kickstart from FTP.

ks=hd:<dev> Kickstart via harddrive (dev = 'hda1', for

example)

ks=http://<path> Kickstart from HTTP.

ks=nfs(:options):<path> Kickstart from NFS. NFS mount options

19

are optional.

1.4.Configuring Hardware

The file /etc/sysconfig/hwconf contains the listing of installed hardware. The command kudzu

can be run to detect and configure the changed hardware on a system. kudzu is run every time a

Red Hat box is rebooted. It checks the file /etc/sysconfig/hwconf for the hardware installed and

matches the data with the current hardware. Below is the format of the /etc/sysconfig/hwconf

file

class: CDROM

bus: SCSI

detached: 0

device: scd0

desc: "HL-DT-ST CD-RW GCE-8526B"

host: 1

id: 0

channel: 0

lun: 0

-

class: VIDEO

bus: PCI

detached: 0

driver: i2c-i810

desc: "Intel Corporation 82845G/GL[Brookdale-G]/GE Chipset Integrated Graphics Device"

video.xdriver: i810

20

vendorId: 8086

deviceId: 2562

subVendorId: 8086

subDeviceId: 2562

pciType: 1

pcidom: 0

pcibus: 0

pcidev: 2

pcifn: 0

The first entry is for a CDROM drive attached with the system and second is for the VIDEO card

attached with the system. If any hardware is added or removed then it configures the added one

and unconfigures the removed one. It then updates the data in /etc/sysconfig/hwconf. kudzu

can be started in two modes

� safe probe mode� no safe probe mode

safe probe mode disables serial port probing,DDC monitor probing,PS/2 probing.

To enable no safe probe mode on startup enter the line

SAFE=no

in the file /etc/sysconfig/kudzu.

1.4.1.Graphical utilities

1.4.1.1.For keyboard layout

Enter the below command in terminal

[root@localhost pub]# system-config-keyboard

21

The user can select the keyboard layout and press OK .

1.4.1.2.For monitor and video card


[root@localhost pub]# system-config-display

� User can set the Resolution,Color depth under the setting tab � configure the monitor type and video card under tab hardware tab� Use dual type tab for second monitor type and video card.

1.4.1.3.For sound card


[root@localhost pub]# system-config-soundcard

22

This utility can be used to check the proper working of soundcard and reload the audio drivers

and rewriting the configuration files.

1.4.1.4.For network devices


[root@localhost pub]# system-config-network

or

[root@localhost pub]# neat

23

This utility is used to configure the network devices.

� On devices tab all network devices detected by Red Hat Linux are listed. Any network device can be selected and activated.

� On hardware tab the network hardware physically attached with computer and detected by Red Hat Linux can be configured.

� IPSec tab is used to configure IPSec tunnel and host to host connections.� DNS tab is used to configure system's hostname and primary,secondary and tertiary dns

IP addresses and dns search path. � Hosts tab is used to specify static computer host name to IP address mapping.

1.4.1.5.For printer


[root@localhost pub]# system-config-printer

24

This utility is used to add new printer or configure printers.

1.4.1.6.For date and time


[root@localhost pub]# system-config-date

or

[root@localhost pub]# system-config-time

25

� date & time tab is used to set the current date and time.� network time protocol tab is used to synchronize system's clock with remote time server

using network time protocol� time zone tab is used to select the time zone in which the system lies.

2 . T H E B O O T P R O C E S S

2.1.Overview

The boot process can be divided into many steps.

� Checking of MBR (Master boot record) by BIOS.� Loading the bootloader in MBR.� Choosing Operating system to boot on bootloader menu.� Booting the Operating System

2.2.Grub

Grub is default bootloader if Red Hat Linux is installed in the system. When a system is booted

the user sees the grub menu. The grub menu lists the operating systems which are installed on

the system.

Grub is able to boot non Linux operating system like Windows also. Grub boots the operating

system chosen by the user on the grub menu. Every operating system displayed on the grub

menu has its listing in the grub configuration file /boot/grub/grub.conf.

26

2.2.1.Grub configuration file

Let the system have two operating system installed windows and Fedora Linux then the con-

tents of the grub configuration file is

# grub.conf generated by anaconda

#

# Note that you do not have to rerun grub after making changes to this file

# NOTICE: You have a /boot partition. This means that

# all kernel and initrd paths are relative to /boot/, e.g.

# root (hd0,7)

# kernel /vmlinuz-version ro root=/dev/sda11

# initrd /initrd-version.img

#boot=/dev/sda

default=0

timeout=5

splashimage=(hd0,7)/grub/splash.xpm.gz

hiddenmenu

title Fedora-Linux

root (hd0,7)

kernel /vmlinuz-2.6.21-1.3194.fc7 ro root=LABEL=/1 rhgb quiet

initrd /initrd-2.6.21-1.3194.fc7.img

title Windows

rootnoverify (hd0,0)

27

chainloader +1

The title is used to set the display name on the grub menu corresponding to the operating

system. E.g. on grub menu

Fedora-Linux

Windows

is displayed.

If user chooses fedora Linux on menu then the bootloader sees /dev/sda8 partition of the first

hard disk (root (hd0,7) means the files needed to boot the operating system is present on the

eighth partition of the first hard disk.

kernel indicates the kernel which is loaded. The kernel gives the control to the init process

which is called father of all processes. The initrd denotes the initial RAM disk boot image.

The ro option on the kernel line means that the partition is to be mounted read only.

If the user chooses the windows option then the windows operating system is booted.

The rootnoverify (hd0,0) means that grub will not mount the partition.

The option chainloader +1 means that grub will call the other boot loader to boot the operating

system.

The option default=0 means that if user makes no choice then the first operating system in the

file will be booted.

The option timeout=5 means that the user will have to make choice in 5 seconds on the grub

menu. If the user makes no choice in 5 seconds then the default operating system will boot.

In the above file the default operating system that will boot is Fedora.

2.2.2.Configuring Grub

There are two ways to configure the grub bootloader.

� By editing the configuration file using text editors� by using Boot Configuration

28

2.2.2.1.Editing /boot/grub/grub.conf using Text editors

The configuration file can be edited using any of the text editors like vi, gedit ,and emacs. After

making the changes the grub has to be restarted to make the changes take place.

2.2.2.2.By using Boot Configuration

To start the boot configuration graphical utility type the below command in the terminal win-

dow

[root@localhost ~]# system-config-boot

The utility helps to chose default operating system which will be booted in case user has not

made any choice within the time period on the grub menu. It also helps the user to choose the

timeout period in seconds. If the user chooses 5 seconds then grub will wait for 5 seconds for

user to make a choice after that it will boot the default operating system.

2.2.2.3.Password Protecting Grub

Grub can also be password protected. This option is also available during the installation of Red

Hat Linux. The MD5-encrypted password for grub can be generated using the command

[root@localhost ~]# man grub-md5-crypt

29

in terminal. After entering the command the user is prompted to enter the password and then

to verify the password user has to reenter the password.

2.3.Starting init

init is the father of all processes. The kernel starts the init process after mounting basic filesys-

tems during the boot process. The init process has the pid (process identification number each

and every process running on the system has a unique number assigned to them known as PID)

of 1.

init looks to the file /etc/inittab and runs the script in the file /etc/inittab. The init process looks

for the entry initdefault in the file /etc/inittab. The entry initdefault indicates the default runle-

vel with which system needs to be started up. If the entry initdefault is not mentioned in the file

then the user has to enter the runlevel values in the console for the boot process to proceed.

2.3.1./etc/inittab file

This file describes which processes are started at boot up and during normal boot process (for

different run levels different numbers of processes are started). An entry in the inittab file has

the following format:

id:runlevel:action:process

� id is the unique identifier. � runlevel is the value between 0,1,2,3,4,5 and 6 (some more values are available but not

used).The runlevel field of sysinit, boot, and bootwait entries are ignored.� Action describes the action to be taken by init. � process specifies the process to be executed.

init Action Description

respawn The process is restarted using the process

for this action.

wait

The process will be started once when the

specified runlevel is entered and init will

wait for its termination.

initdefault An initdefault entry specifies the runlevel

30

entered after system boot. If none exists,

init will prompt for runlevel on console. The

process field is ignored.

sysinit The process will be executed during system

boot. The runlevel field is ignored.

ctrlaltdel If the user presses the CTRL+ALT+DELETE

keys of the keyboard together then the init

responds by shutting down the system or

rebooting (depending on the process set)

powerfail This action denotes that power failure has

occurred and init takes the action depend-

ing upon the process set for this action

Powerokwait If the powerfail action has occurred and the

process mentioned for the powerfail action

is to shutdown after 2 minutes then this

action comes into picture if the power is

restored before 2 minutes then the process

for this action takes place.

Lines beginning with ‘#’ are comments.

Below is a sample /etc/inittab file.

#

# inittab This file describes how the INIT process should set up

# the system in a certain run-level.

#

# Default runlevel. The runlevels used by RHS are:

# 0 - halt (Do NOT set initdefault to this)

31

# 1 - Single user mode

# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)

# 3 - Full multiuser mode

# 4 - unused

# 5 - X11

# 6 - reboot (Do NOT set initdefault to this)

#

id:5:initdefault:

# System initialization.

si::sysinit:/etc/rc.d/rc.sysinit

l0:0:wait:/etc/rc.d/rc 0







# Trap CTRL-ALT-DELETE

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

# When our UPS tells us power has failed, assume we have a few minutes

# of power left. Schedule a shutdown for 2 minutes from now.

# This does, of course, assume you have powered installed and your

32

# UPS connected and working correctly.

pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"

# If power was restored before the shutdown kicked in, cancel it.

pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Canceled"

# Run gettys in standard runlevels

1:2345:respawn:/sbin/mingetty tty1






# Run xdm in runlevel 5

x:5:respawn:/etc/X11/prefdm -nodaemon

The line id:5:initdefault:

sets the action to initdefault and the runlevel is 5.

The line si::sysinit:/etc/rc.d/rc.sysinit is executed for every runlevel for the action sysinit the

process /etc/rc.d/rc.sysinit is executed.

The line 5:5:wait:/etc/rc.d/rc 5

denotes that the process /etc/rc.d/rc5 will be executed for the runlevel 5 and init will wait until

the process is not completed.

The line ca::ctrlaltdel:/sbin/shutdown -t3 -r now

denotes that if the user presses the CTRL+ALT+DELETE keys then the system reboots after

three seconds.

33

The line pf::powerfail:/sbin/shutdown -f -h +2 "Power Failure; System Shutting Down"

denotes that if power failure occurs then the powerfail action takes place and the system is

scheduled to wait for two minutes before shutting down.

The line pr:12345:powerokwait:/sbin/shutdown -c "Power Restored; Shutdown Canceled"

denotes that if the power resumes before two minutes then cancel the shutdown of the system.

The line x:5:respawn:/etc/X11/prefdm -nodaemon

denotes that the X11 server is started in case of runlevel 5. Thus graphic interface is available in

runlevel 5.

2.3.3.runlevel

A runlevel is a software configuration of the system which allows only a selected group of

processes to exist.

runlevel Description

0 It is used to halt the system. It should not be

used in initdefault.

1 Single user mode. No graphical tools are availa-

ble.

2 Multiuser mode. Many users can login into the

system. The graphical tools are not available as

the X server is not running.

Network services like NFS/NIS/Xinetd are not

available.

3 Multiuser mode. The network services are

available but the graphics mode is not available

4 Not used

5 Multiuser mode. All the network services are

available. The graphics mode is also available as

34

the X11 is running. A good choice for the initde-

fault entry

6 All the process is terminated and the system is

rebooted. This is not good choice for initdefault.

The runlevels 0,1 and 6 are reserved. Other runlevels like 7,8,9,a,b,c are also available but are

not used.

2.3.4.Initializing System

The script /etc/rc.sysinit is run once at the boot time. It is a shell script which performs many

functions like

� sets the hostname of the system� checks SELinux status� sets the system clock� Initializes hardware� Configures kernel parameters� Mounts the filesystems� Configures the hardware� Starts and enables the swap space

2.3.4.1.Starting Services

The services which will be started for a run level depends on the files contained in the directory

of that runlevel.

runlevel directory

0 /etc/rc.d/rc0.d

1 /etc/rc.d/rc1.d

2 /etc/rc.d/rc2.d

3 /etc/rc.d/rc3.d

4 /etc/rc.d/rc4.d

35

5 /etc/rc.d/rc5.d

6 /etc/rc.d/rc6.d

All programs in the directories of the above runlevel are symbolic link to programs in the

directory /etc/rc.d/init.d. The directory /etc/rc.d/init.d contains the run level scripts. Thus for a

run level which scripts of the directory /etc/rc.d/init.d are to be run depends on the contents of

the directory corresponding to the runlevels.

2.3.4.2.Naming convention of files in runlevel directories

The files in the runlevel directories have special naming convention. Name of all the programs

either begins with S or K followed by 2 digits (0-9) and after that name of the service. All the

programs (files of run level directories) whose name begin with S starts the service and name

begin with K kills or stops the service.

The two digits determine the order in which the services will run. E.g. the directory

/etc/rc.d/rc5.d contains files for runlevel 5. It contains two files S10network and S56Xinetd

then the service S10network is run first. The concept of deciding the order in which the scripts

will run remains the same for the files with name beginning with K.

2.3.4.3.Format of scripts in /etc/rc.d/init.d

The directory contains the scripts of all the runlevels. Below is the sample file to start the net-

work service.

#! /bin/bash

#

# network Bring up/down networking

#

# chkconfig: 2345 10 90

# description: Activates/Deactivates all network interfaces configured to \

# start at boot time.

36

#

### BEGIN INIT INFO

# Provides: $network

### END INIT INFO

The line # chkconfig: 2345 10 90

sets the script to start in the runlevels 2,3,4 and 5 with the priority or order 10 and in case of all

other runlevels it stops the service with the order or priority 90.

In the runlevel 5 directory /etc/rc.d/rc5.d a file with name S10network will exist (as network

service starts for run level 5 with the priority 10 and in the runlevel directory /etc/rc.d/rc1.d a

file with name K90network will exist as network service stops with the priority 90 in runlevel 1.

2.3.4.4.Determining current and previous runlevel

To determine current and previous runlevel use the below command

[root@localhost ~]# runlevel

N 5

The letter N denotes that there is no previous runlevel (that is runlevel has not been changed). 5

denote that the current runlevel is 5.

2.3.4.5.Changing runlevels

To change the current runlevel use the below command

[root@localhost ~]# telinit n

The letter n should be replaced by the values 0,1,2,3,4,5,6 that is Use telinit 5 to switch to runle-

vel 5. The init process kills or starts the processes necessary to switch to that runlevel in above

case it will do it for runlevel 5.

2.3.4.6.Configuring services for a runlevel

37

User can decide the services which should run in a runlevel and which should not run in a run

level. User can also see the status of each service in each runlevel.

There are two methods to reorganize the services and view the information about the services in

a runlevel.

2.3.5.Using command chkconfig

The command chkconfig can used to view the information about every service in a runlevel and

start or stop them. It can also be used to add a new service or delete a new service as well.

2.3.5.1.Adding a new service

To add new service enter below command in terminal

[root@localhost ~]# chkconfig --add new-service-name

The new-service-name should have a start or kill entry in each of the runlevel.

2.3.5.2.Deleting a new service

To delete service enter below command in terminal

[root@localhost ~]# chkconfig --del new-service-name

The service new-service-name is deleted from the chkconfig management and all the links in the

runlevel directories are also removed.

2.3.5.3.Enable a service

To enable a service in a runlevel enter below command in terminal (while working in that run

level).

[root@localhost ~]# chkconfig service-name on

The service service-name is enabled for that runlevel.

2.3.5.4.Disable a service

38

To disable a service in a runlevel enter below command in terminal (while working in that run

level)

[root@localhost ~]# chkconfig service-name off

The service service-name is disabled for that runlevel.

2.3.5.5.List status of a service

To list status of a service in runlevels enter below command in terminal

[root@localhost ~]# chkconfig –list service-name

The status of the service service-name is displayed for all runlevel. For example

[root@localhost ~]# chkconfig --list httpd

httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

The service httpd is enabled in the runlevels 2,3,4 and 5 and disabled in 0,1, and 6.

2.3.5.6.List status of all services

To list status of all service in runlevels enter below command in terminal

[root@localhost ~]# chkconfig –list

The status of all the services is displayed for all runlevel.

2.3.5.7.Starting a service

To start a service enter below command in terminal

[root@localhost ~]# service service-name start

The service service-name is started in that runlevel. For example

[root@localhost ~]# service httpd start

39

Starting httpd: [ OK ]

The service httpd is started.

2.3.5.8.Stopping a service

To start a service enter below command in terminal

[root@localhost ~]# service service-name stop

The service service-name is stopped in that runlevel. For example

[root@localhost ~]# service httpd stop

Stopping httpd: [ OK ]

The service httpd is stopped.

2.4.Using Graphical utilities

The service configuration utility can be used to edit a runlevel. It can be used to start a service,

stop a service,add a service and delete a service. To start the service configuration use the below

command in the terminal window

[root@localhost ~]# serviceconf

or

[root@localhost ~]# system-config-services

40

User can check the box on the left of the service and then clicks to start,stop or restart the

service. After making any changes it need to be saved using the save option on the graphic tool.

3 . F I L E S Y S T E M A D M I N I S T R A T I O N

3.1.Overview

Red Hat Linux uses the ext3 filesystem. It has journaling feature that improves recovery from

crashes. The filesystems are organized in a hierarchy. The / filesystem is on top of the hierarchy.

All other filesystems are contained in it in form of subdirectories.

If a disk partition is mounted on a filesystem then all the sub directories and files below that

mount point are stored on that partition. Let the / partition and /usr partition are mounted on

/dev/sda5 and /dev/sda6 partitions then the sub directories and files below the /usr are stored

in the /dev/sda6 partition.

All the filesystems which don't have separate partition are stored in the partition of / filesystem.

3.2.Filesystem Information

/bin – it contains commands to be used by common users.

41

/boot – it contains bootable Linux kernel and bootloader configuration files.

/dev – it contains files representing device of the system.

/etc – it contains configuration file.

/sbin – it contains administrative commands.

/usr – contains user and administrative commands, user applications, and documentation.

/var – it contains log files of different services, and directories of data used by services like

FTP, Web server.

/proc – The /proc filesystem is virtual file system. This means that the /proc filesystem

is not mounted on any disk partiotion. It contains system information and information

about the processes running on the system. The process information is kept into a sub

directory of the /proc. The name of the sub directory is same as that of process PID.

3.2.1./etc/fstab file

The file contains information about the filesystems. The sample /etc/fstab file is

LABEL=/1 / ext3 defaults 1 1

LABEL=/opt1 /opt ext3 defaults 1 2

LABEL=/usr1 /usr ext3 defaults 1 2

LABEL=/home1 /home ext3 defaults 1 2

LABEL=/boot1 /boot ext3 defaults 1 2

tmpfs /dev/shm tmpfs defaults 0 0

devpts /dev/pts devpts gid=5,mode=620 0 0

sysfs /sys sysfs defaults 0 0

proc /proc proc defaults 0 0

LABEL=SWAP-sda13 swap swap defaults 0 0

42

The first column represents the device name representing the filesystem.

The second column represents the mount point in the filesystem.

The third column denotes the filesystem type. The filesystem types ext3,swap are associated

with a device that is Partition of hard disk but the filesystems with type proc,sysfs,tmpfs are not

associated with any partition of hard disk.

The fourth column contains the options used while mounting the filesystem during the system

boot using the mount command.

The filesystem with the option noauto in the fourth field are not mounted during boot time.

The defaults option mounts the filesystem with following options of mount rw, suid, dev, exec,

auto, nouser,and async.

async All I/O to the file system should be done asynchronously. auto means automatically

mounted at boot time, dev Interpret character or block special devices on the file system.

exec means allow execution of executable files,

rw means in read write mode,

suid Allow set-user-identifier or set-group-identifier bits to

take effect.

nouser a non root user cannot mount the filesystem.

3.2.2./etc/mtab

To view the filesystems which are actually used by a running Linux system type the command

mount in terminal or view the contents of the /etc/mtab file. The difference is /etc/fstab con-

tains the static information about the filesystems while /etc/mtab contains the dynamic infor-

mation about the filesystem. The sample /etc/mtab file is below

/dev/sda11 / ext3 rw 0 0

proc /proc proc rw 0 0

sysfs /sys sysfs rw 0 0

43

devpts /dev/pts devpts rw,gid=5,mode=620 0 0

/dev/sda12 /opt ext3 rw 0 0

/dev/sda10 /usr ext3 rw 0 0

/dev/sda9 /home ext3 rw 0 0

/dev/sda8 /boot ext3 rw 0 0

tmpfs /dev/shm tmpfs rw 0 0

none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0

sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0

First column contains the disk partition which is mounted.

Second column contains the filesystem mounted.

Rests of the columns are same as that of the /etc/fstab file.

3.2.3.Mounting a filesystem

To mount a filesystem mount command is used. The standard format of mount command is

mount -t filesystem-type device-path-name directory-name

If a user wants to mount cdrom media in directory /home/movie then issue the command

[root@localhost ~]# mount /dev/cdrom /home/movies

If a user wants to mount windows partition /dev/sda4 on /home/movie then issue the com-

mand

[root@localhost ~]# mount -t vfat /dev/sda4 /home/movies

3.2.4.Unmounting a filesystem

To unmount a filesystem use the following command

umount directory-name- on-which-the-device-was-mounted

44

To unmount the /dev/sda4 use the following command

root@localhost ~]#umount /home/movies

To unmount a device when the device is no longer in use (at the time when the command is

issued the device is in use so the command waits for the device). For example files are being

copied from mounted directory /home/movies then below command will unmount the directory

when file copy is over.

root@localhost ~]#umount -l /home/movies

To force unmounting of a directory use the below command

root@localhost ~]#umount -f /home/movies

3.2.5.Creating a filesystem

A filesystem can be created on a device. A device can be floppy disks,rewritable Cd s,rewritable

DVDs and hard disk partitions.

mkfs command is used to create the filesystems on a device. The format of the command is

mkfs -t filesystem-type device-name

For example if ext3 filesystem is to be created on the re writable CD device then the command

will be

mkfs -t ext3 /dev/cdrom

mkfs command is front end to the commands which are actually invoked to carry out the work

of creating the filesystems on the device. The command which will be invoked depends on the

filesystem which is to be created. Below is the list of commands and filesystems for which the

commands will be invoked.

filesystem Commands used

ext2 mkfs.ext2 , mke2fs , mkfs -t ext2

ext3 mkfs.ext3, mke2fs , mkfs -t ext3

45

vfat mkfs.vfat , mkfs -t

vfat,mkdosfs,mkfs.msdos

ntfs mkfs.ntfs,mkfs -t ntfs

xfs mkfs.xfs , mkfs -t xfs

swap mkswap

The commands mke2fs uses the configuration file /etc/mke2fs.conf. The configuration file

contains the default parameters while creating the ext2 and ext3 filesystems. Below is the

sample /etc/mke2fs file

[defaults]

base_features=sparse_super,filetype,resize_inode,dir_index

blocksize = 4096

inode_ratio = 8192

[fs_types]

small = {

blocksize = 1024

inode_ratio = 4096

}

floppy = {

blocksize = 1024

}

news = {

inode_ratio = 4096

46

}

largefile = {

inode_ratio = 1048576

}

largefile4 = {

inode_ratio = 4194304

}

The defaults section of the file defines the default parameters used by the mke2fs. The default

parameters can be overridden from the command line.

The fs_types section defines the default parameters which should be used for a specific filesys-

tems for example for the floppy the blocksize is set to 1024.

3.3.Creating Swap space

mkswap command is used to create a swap area on a device or file.

If the system has less swap area and no partition device can be used as swap area or user is not

willing to do that then a swap area can also be created on a file. The file should be created using

the following commands

[root@localhost ~]# dd if=/dev/zero of=/home/swap bs=1000000 count=10

10+0 records in

10+0 records out

10000000 bytes (10 MB) copied, 0.0373886 s, 267 MB/s

This creates a file named swap in the /home directory of size 10 MB. It is data file (the output of

the command file swap will return data as output).The ls -l swap command below shows the file

permissions attached with the swap file created. The chmod command is used to change the file

permissions of swap to 0 so that no one has the right to read,write or execute it.

47

[root@localhost home]# ls -l swap

-rw-r--r-- 1 root root 10000000 2009-01-11 13:28 swap

[root@localhost home]# chmod 0 swap

[root@localhost home]# ls -l swap

---------- 1 root root 10000000 2009-01-11 13:28 swap

Create swap space on the file swap

[root@localhost home]# mkswap swap

Setting up swapspace version 1, size = 9994 kB

3.3.1.Enabling swap space

The swap space created cannot be used by the system unless it is enabled using the swapon

command. The format of the swapon command is

swapon device-name

For example to enable the swap space created on the swap file above use the command

[root@localhost home]# swapon swap

The file /proc/swaps shows the swap space area of the system. This file can be used to see

whether the swap area thus enables is used by the system or not.

To check the contents of the /proc/swaps enter the below command on terminal

[root@localhost home]# cat /proc/swaps

Filename Type Size Used Priority

/dev/sda13 partition 819272 4 -1

/home/swap file 9756 0 -2

The listing shows two swap areas on the system /dev/sda13 which is hard disk partition and

/home/swap which is file.

48

3.3.2.Disabling swap space

To disable a swap area use the command swapoff. The format of the command swapoff is

swapoff device-name

To disable the swap area created on the file swap in above case use the command

[root@localhost home]# swapoff swap

Now to check whether the swap file is disabled view the contents of the file /proc/swaps

[root@localhost home]# cat /proc/swaps

Filename Type Size Used Priority

/dev/sda13 partition 819272 4 -1

3.4.Checking and Repairing a filesystem

The fsck command is used to check the linux filesystem and optionally repair it. The general

format of the fsck command is

fsck -t filesystem-type device-name

If no device-name is specified on the command line then the command checks the filesystem in

order they are mentioned in the /etc/fstab file.

The fsck command is the front end to the commands which are invoked for different filesystem

types. The command which will be invoked depends on the filesystem which is to be checked.

Below is the list of commands and filesystems for which the commands will be invoked.

Filesystem Commands used

ext2 fsck.ext2 , fsck -t ext2

ext3 fsck.ext3, fsck -t ext3

vfat fsck.vfat , fsck -t vfat,fsck.msdos

ntfs fsck.ntfs,fsck -t ntfs

xfs fsck.xfs , fsck -t xfs

49

fsck command returns the following exit codes

0 - No errors

1 - File system errors corrected

2 - System should be rebooted

4 - File system errors left uncorrected

8 - Operational error

16 - Usage or syntax error

32 - fsck canceled by user request

128 - Shared library error

The exit code returned when multiple file systems are checked is bit-wise OR of the exit codes

for each file system that is checked.

3.4.1.Searching for badblocks

The command badblocks searches for the badblocks on a device. The badblocks command

should not be run with the -w option as badblocks searches for the presence of badblocks on the

device by writing a pattern on every block of the device which erases the data on the device.

So,the filesystems which have data should not be checked with badblocks using the -w option.

Those devices or filesystem should be checked for badblocks using the badblocks command

without any option or with the -n option. The -n option is read only mode so no data is written

on the device block and hence the data is not erased.

To protect data and check for badblocks use the below command

badblocks device-name or badblocks -n device-name

To erase the data and check for the badblocks use the below command

badblocks -w device-name

50

3.5.Automatically mounting a filesystem

When a system is booted the filesystems are automatically mounted. The users don’t have to

run the mount command to mount the filesystems like /home,/usr etc. This automatic mount-

ing of filesystem is due to the autofs service which runs when the system boots. The autofs

service lies in the /etc/rc.d/init.d directory. When a system boots then the autofs service runs

with the option start and when the system is shutting down the autofs service runs with the

option stop.

The autofs service controls the operation of the automount daemons. It reads the file

/etc/auto.master and finds the mount points on system. Each mount points found is mounted

by automount and a thread is also started by automount to manage the mount point. Below is

the sample /etc/auto.master file.

automount mounts a mount point when the mount point is accessed and deactivates it when it

is no longer used.

# Sample auto.master file

# This is an automounter map and it has the following format

# key [ -mount-options-separated-by-comma ] location

# For details of the format look at autofs(5).

#

/misc /etc/auto.misc

/net -hosts

#

# Include central master map if it can be found using

# nsswitch sources.

#

# Note that if there are entries for /net or /misc (as

# above) in the included master map any keys that are the

51

# same will not be seen as the first read key seen takes

# precedence.

#

+auto.master

In the above file the lines starting with # are comments.

The line /misc /etc/auto.misc tells the daemon automount to look into the file /etc/auto.misc

for the mount points. The sample /etc/auto.misc file is

# This is an automounter map and it has the following format

# key [ -mount-options-separated-by-comma ] location

# Details may be found in the autofs(5) manpage

cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom

# the following entries are samples to pique your imagination

#linux -ro,soft,intr ftp.example.org:/pub/linux

#boot -fstype=ext2 :/dev/hda1

#floppy -fstype=auto :/dev/fd0

#floppy -fstype=ext2 :/dev/fd0

#e2floppy -fstype=ext2 :/dev/fd0

#jaz -fstype=ext2 :/dev/sdc1

#removable -fstype=ext2 :/dev/hdd

In the above file the line starting with # are comments. The line

cd -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom

52

Causes the automount to mount the /dev/cdrom device when a CDROM media is inserted into

the drive and change the directory to the /dev/cdrom. If user comments this line the

/dev/cdrom drive will not be automatically mounted when a CDROM media is inserted into the

drive.

3.5.1.Checking status of automount

To check whether automount is running in the system or not type the following command in the

terminal

[root@localhost ~]# /etc/rc.d/init.d/autofs status

automount (pid 2157) is running...

3.6.RAID disks

Linux uses the ext3 filesystem type which has journaling feature. Journaling feature means that

it helps to recover from crashes and brings the filesystem into a consistent state. If power failure

occurs when a system is running and it shutdowns immediately (not a graceful shutdown that is

the system shuts down before user can shutdown using the shutdown -h now command or from

the graphic panel choosing the shutdown option) leaves the filesystem in a inconsistent state.

Journaling feature of the filesystem enables it to recover from such kind of crashes.

But journaling feature is not sufficient to handle all the cases for example if one of the partition

is damaged then the files cannot be recovered. RAID disks are used to improve disk perfor-

mance and minimize the chance of data loss.

RAID devices are virtual devices created from two or more real block devices. This allows

multiple devices to be combined into a single device to hold a single filesystem.

Linux Software RAID devices are implemented through the md (Multiple Devices) device driver.

Currently, Linux supports LINEAR md devices, RAID0 (striping), RAID1 (mirroring), RAID4,

RAID5, RAID6, RAID10.

3.6.1.Creating RAID device

The RAID devices can be created during installation and after installation.

3.6.1.1.During installation

53

During installation of Red Hat Linux the RAID devices can be created using the disk druid

partition manager.

� On the disk druid menu selecting the raid button launches the raid options panel. � On that panel select create a software raid partition button.� Create the partition with software raid as the filesystem type� from the raid options panel select create a raid device button� Enter the mount point, filesystem type, raid device, raid level information on the raid

device panel.

This creates the raid devices. The raid devices information can be monitored, viewed using the

mdadm command after the installation.

3.6.1.2.Using mdadm command

To create the RAID device use the mdadm command. mdadm command is all purpose com-

mand for raid devices. It creates, enables, assembles and monitors the raid devices. The format

of the mdadm command for creating raid devices is

mdadm - -create raid-device-name - -level=n1 - -raid devices=n2 hard-disk-device-name

n1 is a number which denotes the raid level of the raid device. The values of n1 can be 0, 1, 4, 5,

6, and 10. The value of n2 is equal to the number of physical devices which forms the raid device

/dev/md0. The hard-disk-device name is name of the devices separated by spaces. The raid

device name will be /dev/md0 if the first raid device is being created and so on.

To create a raid device /dev/md0 of level 1 using the hard disks /dev/sda0,/dev/sda1,/dev/sda2

use the following command

mdadm - -create /dev/md0 - -level=1 - -raid devices=3 /dev/sda0 /dev/sda1 /dev/sda2

3.6.1.3.Other uses of mdadm

The mdadm can be used to mark a device of a raid array to be marked as failed, remove it from

the raid array or add it to raid array. Raid array means the physical devices which together

makes a logical raid device. The various format of the mdadm command are

mdadm raid-device-name -f hard-disk-device-name

54

to mark the device as failed. To mark the device /dev/sda2 of the raid device /dev/md0 of the

above example as failure the command used is

mdadm /dev/md0 -f /dev/sda2

mdadm raid-device-name -r hard-disk-device-name

is used to remove the device. To remove the device /dev/sda2 of the raid device /dev/md0 of

the above example the command used is

mdadm /dev/md0 -r /dev/sda2

mdadm raid-device-name -a hard-disk-device-name

is used to add the device as a spare. To add the device /dev/sda2 of the raid device /dev/md0 of

the above example the command used is

mdadm /dev/md0 -a /dev/sda2

3.6.1.4.Information about a raid device

The mdadm command is also used to see the detailed information about an active raid device.

The command used for the purpose is given below

mdadm - -details raid-device-name

3.7.Logical Volume Group

Logical volume group support is provided in Red Hat Linux.

3.7.1.Creating A Logical Volume Group

To create a Logical volume group at first physical volume is initialized. The pvcreate command

is used to initialize the partition for use by logical volume utilities. The format of pvcreate

command is

pvcreate hard-disk-partition-name

To initialize the partition /dev/sda5 of the hard disk run the command

[root@localhost ~]# pvcreate /dev/sda5

55

Physical volume "/dev/sda5" successfully created

Then add the physical volume thus created to the new volume group using the command

vgcreate or added to an existing volume group using the command vgextend. The format of

command vgcreate and vgextend is

vgcreate volume-group-name hard-disk-partition1 hard-disk-partition2 …...........

vgextend volume-group-name hard-disk-partition1 hard-disk-partition2 .....

To create the new volume group my_vol_grp for the /dev/sda5 of the above example use the

command

[root@localhost dev]# vgcreate my_vol_grp /dev/sda5

Volume group "my_vol_grp" successfully created

To view the attributes of the volume group created use the command vgdisplay. The format of

the command vgdisplay is

vgdisplay volume-group-name

For example to view the attributes of the volume group my_vol_grp use the command

[root@localhost dev]# vgdisplay my_vol_grp

--- Volume group ---

VG Name my_vol_grp

System ID

Format lvm2

Metadata Areas 1

Metadata Sequence No 1

VG Access read/write

VG Status resizable

56

MAX LV 0

Cur LV 0

Open LV 0

Max PV 0

Cur PV 1

Act PV 1

VG Size 9.77 GB

PE Size 4.00 MB

Total PE 2500

Alloc PE / Size 0 / 0

Free PE / Size 2500 / 9.77 GB

VG UUID 3I5EmB-es47-Deqz-hN9w-eUaK-u1i6-tMSCoW

To create a new logical volume in the volume group the command lvcreate is used. The format

of the command lvcreate is

lvcreate -l %VG or %FREE volume-group-name

lvcreate -L G or M or K volume-group-name

In the first case the space on which the logical group is to be created is expressed as the percen-

tage of the total space of the volume group or the percentage of the total space of the free space.

In the second case space on which the logical group is to be created is given as the total space

expressed in MB, GB, KB (G means GB, M means MB and K means KB).

To create the logical volume group on the my_vol_grp volume group created earlier use the

command

[root@localhost dev]# lvcreate -L 9.7G my_vol_grp

57

Rounding up size to full physical extent 9.70 GB

Logical volume "lvol0" created

The above commands create the logical volume successfully. To check the logical volume

created view the contents of the directory /dev/my_vol_grp. It will contain an entry lvol0.

To display the information about the logical volume thus created use the lvdisplay command.

[root@localhost dev]# lvdisplay /dev/my_vol_grp/lvol0

--- Logical volume ---

LV Name /dev/my_vol_grp/lvol0

VG Name my_vol_grp

LV UUID CaD0Bp-Czo8-fCbu-QXi5-d0I1-LHS3-TwJvVw

LV Write Access read/write

LV Status available

# open 0

LV Size 9.70 GB

Current LE 2484

Segments 1

Allocation inherit

Read ahead sectors 0

Block device 253:0

3.7.2.Remove a logical volume

The lvremove command is used for this purpose. The format is

lvremove /dev/volume-group/logical-volume-name

58

To remove logical volume logical-volume-name.

To remove all the logical volumes in a volume group use

lvremove /dev/volume-group

3.7.3.Remove a volume group

The command vgremove is used for this purpose.

vgremove volume-group-name

3.7.4.Remove a physical volume

The command pvremove is used for this purpose.

pvremove physical-volume

3.7.5.Logical volume management utility

Red Hat offers graphical utility to achieve all the functions performed above like creating a

volume group, creating a logical volume, removing volume group and logical volume, viewing

and editing the information about the volume group and logical volume.

To invoke the Logical Volume Management utility run the below command in the terminal

window

[root@localhost ~]# system-config-lvm

59

In the above utility the left hand panel shows the volume groups and the uninitialized entries.

The uninitialized entries are the normal partitions of the hard disks and the volume group

shows the volume group created for example this window shows the volume group my_vol_grp

and within the volume group the logical volume lvol0 is listed. User can use the buttons edit

properties to edit the properties of the logical volume.

4 . P A C K A G E M A N A G E M E N T

4.1.Overview

A good operating system should allow the user to install and update software with ease. Red Hat

offers the luxury of maintaining the package in a simple and efficient way. There are many

options available to the user yum, rpm, and graphical utilities.

4.2.Using yum

yum (Yellow Dog Updater ,Modified) is used to install and update the software packages in rpm

format from software repositories on the web. The yum uses the configuration file

/etc/yum.conf and the configuration files in the directory /etc/yum.conf.d.

60

The yum command checks the configuration files and searches the locations mentioned in the

configuration files for the package which is needed to be updated or installed by yum. The

format of sample configuration file /etc/yum.conf is

[main]

cachedir=/var/cache/yum

keepcache=0

debuglevel=2

logfile=/var/log/yum.log

exactarch=1

obsoletes=1

gpgcheck=1

plugins=1

metadata_expire=1800

cachedir mentions the directory which yum uses as the cache memory that is storage for storing

temporary file.

keepcache options value if 0 causes the headers and cache files to be deleted after successful

installation and value 1 retains the files.

The log file where yum writes the log information.

The option gpgcheck if 1 forces yum to check the gpg keys of the packages and if 0 the gpg keys

are not checked.

The files in the directory /etc/yum.repos.d contain the location on the web which yum searches

for the packages. Each file represents the location of the packages. The contents of the directory

are

[root@localhost etc]# cd yum.repos.d;ls

61

fedora-development.repo fedora-updates.repo livna-devel.repo

fedora.repo fedora-updates.repocp livna.repo

fedora.repocp fedora-updates-testing.repo livna-testing.repo

Each file corresponds to a software repository on web. The file will be in the below form

[fedora]

name=Software-Server

baseurl=give the http address of the server

mirrorlist=give address of the mirror location

enabled=1

gpgcheck=1

gpgkey=location of the gpg key file.

The yum command takes a number of inputs. The general format of the command is

yum option package-name

In case of some options yum don't need package name so the format becomes

yum option

Option Description usage

install Installs a package yum install package-name

update Updates a package yum update package-name

check-update Checks whether an

update is available

for the packages

installed in the

system

yum check-update

62

remove Removes the pack-

age and any depen-

dent package from

the system

yum remove package-name

erase Same as remove Same as remove

4.3.Using rpm

A lot number of Red Hat software exists in rpm format. It is very easy to install the rpm soft-

ware packages by using the rpm command. The rpm command can be used to install, upgrade,

verify, and uninstall the rpm software.

Option Usage description

-i rpm – i package-name Install a package

-U rpm -U package-name Updates package

already installed on

the system. If any

previous version of

package is not in-

stalled then the pack-

age is installed.

-F rpm -F package-name Upgrade a previously

installed package.

-e rpm -e package-name Erases a package from

system

-q rpm -q package-name Queries about a pack-

age

-V rpm -V package-name Verify an installed

package against its

original software

package. If the in-

63

stalled package

matches with original

software package then

there is no output.

-v rpm -v Prints verbose infor-

mation

-vv rpm -vv Prints lots of verbose

information

-h rpm -h Prints # marks during

the package processing

using rpm. 50 # are

printed when 100%

processing is done.

If the rpm command is to be used with two options then use this form usually the option -v, -vv,

and -h is used with the other options. The format is

[root@localhost rpm]# rpm -qvv python

D: opening db environment /var/lib/rpm/Packages joinenv

D: opening db index /var/lib/rpm/Packages rdonly mode=0x0

D: locked db index /var/lib/rpm/Packages

D: opening db index /var/lib/rpm/Name rdonly mode=0x0

D: opening db index /var/lib/rpm/Pubkeys rdonly mode=0x0

D: read h# 1353 Header sanity check: OK

D: ========== DSA pubkey id b44269d0 4f2a6fd2 (h#1353)

D: read h# 741 Header V3 DSA signature: OK, key ID 4f2a6fd2

python-2.5-12.fc7

64

D: closed db index /var/lib/rpm/Pubkeys

D: closed db index /var/lib/rpm/Name

D: closed db index /var/lib/rpm/Packages

D: closed db environment /var/lib/rpm/Packages

D: May free Score board((nil))

In above example rpm queries the rpm database to find out whether the python software is

installed. If the software is installed it prints the information about the software. The option -q

and -vv are used together.

The rpm command uses the two global configuration file /usr/lib/rpm/rpmrc and

/usr/lib/rpm/redhat/rpmrc. It uses /etc/rpmrc configuration file which is configuration file

specific to a system. The configuration file .rpmrc in the home directory of a user is the user

level rpm configuration file. It also uses the /var/lib/rpm/* directory as the database for storing

rpm package information. In above case it queries the database to get the information about the

python rpm package.

4.4.Using make

The software packages are available in the tar.gz, tgz, and tar.bz2 format. The packages need to

be uncompressed and then the source code is to be build using the. /configure, make and make

install commands.

To uncompress the packages with tar.gz extension use the commands

gunzip realplay.tar.gz

This forms realplay.tar

and then use the command

tar xvf realplay.tar

generates directory realplay.

The two commands can be combined into one command

tar xvfz realplay.tar.gz

65

generates directory realplay.

If the source code is in tar.bz2 format then use the command

bzip2 -d realplay.tar.bz2

It forms the directory realplay.tar

After uncompressing the package change the working directory of the terminal to the directory

realplay

Now to install the package run the commands

./configure

make

make install

The ./configure command configures the package for the platform of the system.

The make command makes the package for the system.

The command make install installs the package on the system.

4.5.Package Manager

package manager is a graphical utility which gathers the information about the packages availa-

ble over the web for update and installation. It searches the software repositories which have

been defined in the yum configuration files. To invoke the Package Manager enter the below

command in terminal

[root@localhost redhat]# system-config-packages

66

On the browse tab user can browse for the packages available over the web in different catego-

ries. On the search tab user can search for a package and on the list tab the user gets the listing

of all the package, available package, and installed package depending upon the option box

chosen by the user.

After choosing for the packages which need to be installed the user can decide to apply the

changes made on the panel. If the changes are applied then the packages are downloaded from

web and are installed.

5 . U S E R A N D G R O U P A D M I N I S T R A T I O N

5.1.Overview

Linux is a multi user operating system. During installation root user account has to be created

(root user is administrator of the system). One more user account is asked to create (user may

choose to create the account or skip). User account can also be created after installation. Each

user belongs to a group account. Group account can also be created after installation.

5.2.Creating User Account

The useradd command is used to create a new user. It is also used to update default values used

while creating a new user. The general format of the useradd command is

useradd options user-name

67

useradd -D options

useradd -D

The first form is used to create a new user while the second form is used to override the default

options used while creating a new user. The third form is used to view the default values which

will be used while creating a user account.

To view the default values enter the following command in terminal

[root@localhost ~]# useradd -D

GROUP=100

HOME=/home

INACTIVE=-1

EXPIRE=

SHELL=/bin/bash

SKEL=/etc/skel

CREATE_MAIL_SPOOL=yes

Simplest form of useradd command is

useradd user-name

If this command is run useradd creates the user account by using the default values. useradd

reads the file /etc/login.defs for the default values to be used while creating the user. The sam-

ple /etc/login.defs file is

# *REQUIRED*

#Directory where mailboxes reside,or name of file, relative to the

# home directory. If you _do_ define both, MAIL_DIR takes #precedence.

# QMAIL_DIR is for Qmail

68

#

#QMAIL_DIR Maildir

MAIL_DIR /var/spool/mail

#MAIL_FILE .mail

# Password aging controls:

#

#PASS_MAX_DAYS Maximum number of days a password may #be used.

# PASS_MIN_DAYS Minimum number of days allowed #between password changes.

# PASS_MIN_LEN Minimum acceptable password length.

# PASS_WARN_AGE Number of days warning given before a #password expires.

#

PASS_MAX_DAYS 99999

PASS_MIN_DAYS 0

PASS_MIN_LEN 5

PASS_WARN_AGE 7

#

# Min/max values for automatic uid selection in useradd

#

UID_MIN 500

UID_MAX 60000

#

# Min/max values for automatic gid selection in groupadd

69

#

GID_MIN 500

GID_MAX 60000

#

# If defined, this command is run when removing a user.

# It should remove any at/cron/print jobs etc. owned by

# the user to be removed (passed as the first argument).

#

#USERDEL_CMD /usr/sbin/userdel_local

#

# If useradd should create home directories for users by default

# On RH systems, we do. This option is overridden with the -m flag #on

# useradd command line.

#

CREATE_HOME yes

# The permission mask is initialized to this value. If not specified,

# the permission mask will be initialized to 022.

UMASK 077

# This enables userdel to remove user groups if no members exist.

#

USERGROUPS_ENAB yes

# Use MD5 or DES to encrypt password? Red Hat use MD5 by #default.

70

MD5_CRYPT_ENAB yes

So if a user is created with the command

[root@localhost ~]# useradd user1

Then a directory user1 is created in /home, shell is /bin/bash, mailbox lies in /var/spool/mail

directory and the contents of the /etc/skel directory is copied in the /home/user1 directory.

/etc/skel contains the login and application startup scripts. The contents of the /etc/skel are

viewed using ls -la command.

[root@localhost skel]# ls -la

total 80

drwxr-xr-x 4 root root 4096 2009-01-13 22:20 .

drwxr-xr-x 138 root root 12288 2009-01-13 22:53 ..

-rw-r--r-- 1 root root 33 2007-02-12 20:48 .bash_logout

-rw-r--r-- 1 root root 176 2007-02-12 20:48 .bash_profile

-rw-r--r-- 1 root root 124 2007-02-12 20:48 .bashrc

-rw-r--r-- 1 root root 500 2007-05-23 19:45 .emacs

drwxr-xr-x 3 root root 4096 2009-01-06 16:21 .kde

drwxr-xr-x 2 root root 4096 2009-01-06 16:08 .xemacs

-rw-r--r-- 1 root root 658 2007-03-06 01:54 .zshrc

.bash_logout,.bash_profile,and .bashrc contains the user specific options and aliases which is

used by the bash shell each time the bash shell starts up..kde contains the kde desktop applica-

tion options. The .bashrc file can be used by user to customize user's shell environment. The

sample .bashrc file is

# .bashrc

# Source global definitions

71

if [ -f /etc/bashrc ]; then

. /etc/bashrc

fi

# User specific aliases and functions

If the file /etc/bashrc exists then the file is executed./etc/bashrc contains the global options to

the bash shell. The options in /etc/bashrc apply to all users using bash shell. The values in

/etc/bashrc can be overridden using the .bashrc file.

Much information needed to create user account is taken from the file /etc/profile. It sets the

hostname, histsize of the shell, shell environment variables like PATH,USER,LOGNAME,and

INPUTRC etc. The /etc/profile file also looks in the directory /etc/profile.d for the files which

contain aliases and environment variables for use by the user.

General format

The default values used while creating a user account can be overridden by passing those values

from shell. The format of useradd command is

useradd -c “comment” -d home directory path -g group name -p password -s shell -u userid

[root@localhost ~]# useradd -c "new user" -d /home/user2 -g user1 -s /bin/csh user2

When a user account is created an entry corresponding to the user name for example us-

er1,user2 is created in /etc/passwd and /etc/shadow file. An entry is also added when a new

group is created for example user1. Below is the content of /etc/passwd filesystem

user1:x:502:502::/home/user1:/bin/bash

user2:x:503:502:new user:/home/user2:/bin/csh

/etc/shadow file contains the user name and the encrypted password of the user. The entry of

/etc/group file is

user1:x:502:

Changing default values

72

The command useradd -D -b home directory name -s shell -g group

can be used to change the default values used while creating new user account. Below command

is used to change the shell to /bin/tcsh from /bin/bash

[root@localhost ~]# useradd -D -s /bin/tcsh

[root@localhost ~]# useradd -D

GROUP=100

HOME=/home

INACTIVE=-1

EXPIRE=

SHELL=/bin/tcsh

SKEL=/etc/skel

CREATE_MAIL_SPOOL=yes

5.3.Modifying user account

usermod command is used to modify the user information. The general format of usermod

command is

usermod -c “comment” -d home-directory-name -g group-name -l login-name -s shell -u user-id

5.4.Deleting user account

userdel command is used to delete the user account.

userdel user-name

this deletes the entry corresponding to the user name from /etc/passwd file and /etc/shadow.

To delete the home directory along with the account following command is used

userdel -r user-name

73

5.5.Group Administration

5.5.1.Adding New Group

groupadd command is used to add new group. If no options are specified on the command line

default values are used. The format of groupadd command is

groupadd -g group-id

groupadd-r option

Second command is used to add administrative groups. Administrative group and users have

ids below 500.The file /etc/gshadow is used to store the group's password.

5.5.2.Modifying group information

groupmod command is used to modify existing group information.

groupmod -g new-group-id -n new-group-name.

5.5.3.Deleting group

groupdel command is used to delete group. It deleted the entry of group from the files like

/etc/group and /etc/gshadow

5.6.Using User Manager

The user manager utility is used to perform all the tasks discussed above using the graphical

interface. To invoke the user manager utility enter the below command in terminal

[root@localhost ~]# system-config-users

74

It can be used to add ,modify and delete user and group information. To modify existing user

information click on the user name and then use the properties button. The below panel is

generated. The information can be edited on the below panel and changes can be saved.

75

To create a new user. click on the add user button. The below window is thrown and the infor-

mation of new user can be entered.

76

5.6.1.Changing user password

The password of user can be changed by entering the command passwd.

passwd user-name

if the user-name is not mentioned then it is assumed that user wants to change root user's

password. The command prompts for root user's password and then for the new password. The

password needs to be entered twice.

5.7.Space Usage

The du command is used to check the space used by the files and subfolders of a directory. The

format of the command is

du folder-name

if the option -h is used the command displays the size of files and subfolders in K (kilo-

bytes),M(megabytes),and G (gigabyte) form. The size of files contained in a subfolder is also

displayed .

77

[root@localhost ~]# du -h /home/user1

8.0K /home/user1/.kde/Autostart

12K /home/user1/.kde

8.0K /home/user1/.xemacs

44K /home/user1

The df command is used to display the amount of space available on a filesystem. The format of

the command is

df filesystem

If the filesystem option is not used on command line then df displays the amount of space

available in all the mounted filesystems of the system.

[root@localhost ~]# df

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/sda11 9920592 2390424 7018100 26% /

/dev/sda12 4956284 141220 4559232 4% /opt

/dev/sda10 9920592 4643932 4764592 50% /usr

/dev/sda9 16479668 384520 15244508 3% /home

/dev/sda8 101086 18499 77368 20% /boot

tmpfs 383428 0 383428 0% /dev/shm

6 . S Y S T E M A D M I N I S T R A T I O N

6.1.Overview

The root user is can perform all the tasks on the system. The root user is administrator account

on Red Hat Linux. During installation the root account is must to create.

78

6.2.Getting Administration Rights

6.2.1.The su command

The su command is used to change the user id and group id of the user issuing the command to

that of user mentioned on the su command. The format of the su command is

su – user-name

If user2 has entered this command in terminal then he will have the privilege of user-name (he

can perform all actions which user1 can perform using the terminal in which he entered the

above command. Outside that terminal he won't have the privilege of user1).

6.2.2.Using the su

Using the su command a user can also get privilege of root user but the user will be prompted

for the root user's password. If he enters the password correctly then he gets the privilege of

root user else he won't get the privilege.

The user id and group id of the root user is 0. Te user and group ids below 500 are reserved for

the administrative users. There are some administrative accounts which are automatically

created by Linux but the user accounts cannot be used to log into the system as they are defined

with the /sbin/nologin./sbin/nologin refuses login from the user. The user accounts are listed in

the file /etc/passwd. Below is the sample /etc/passwd file

root:x:0:0:root:/root:/bin/bash

bin:x:1:1:bin:/bin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin

sync:x:5:0:sync:/sbin:/bin/sync

shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown

halt:x:7:0:halt:/sbin:/sbin/halt

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin

79

The users bin,daemon,adm,lp,and mail are defined with /sbin/nologin so those user accounts

cannot be used to login into system. The root user must be created on a Linux machine and all

other user accounts in above sample are automatically created.

6.2.3.Administrative commands

6.2.3.1./sbin and /usr/sbin directory

The directory /sbin and /usr/sbin contain administrative commands. Only root user can use the

commands .Other uses must have given privilege to use those commands. The privilege can be

granted by the root user only.

6.2.4./etc/sudoers file

The file /etc/sudoers file defines group of similar command under an alias name. For example

## Command Aliases

## These are groups of related commands...

## Networking

Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient,

/usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool

## Installation and management of software

Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum

## Services

Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig

## Updating the locate database

Cmnd_Alias LOCATE = /usr/sbin/updatedb

## Storage

Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe,

/bin/mount, /bin/umount

80

At first command aliases are defined in the /etc/sudoers file. STORAGE is defined for the

commands /sbin/fdisk,/sbin/sfdisk,/bin/mount,/bin/umount.

In above case the command mount is in directory /bin. The explanation is any user can use

mount command to view the filesystems currently mounted on the system but only root can use

it to mount a filesystem. Since normal users can not use commands in /sbin directory that is

why mount command is in /bin directory.

Then in the file /etc/sudoers different groups are defined with different levels of privilege.

## Allow root to run any commands anywhere

root ALL=(ALL) ALL

## Allows members of the 'sys' group to run networking, software,

## service management apps and more.

# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING,

PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands

# %wheel ALL=(ALL) ALL

## Same thing without a password

# %wheel ALL=(ALL) NOPASSWD: ALL

## Allows members of the users group to mount and unmount the

## cdrom as root

# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom

## Allows members of the users group to shutdown this system

# %users localhost=/sbin/shutdown -h now

81

The file /etc/sudoers should be edited using the /sbin/visudo command. Suppose a user jack is

to be given the privilege of group sys then uncomment the line #%sys using the /sbin/visudo

command.

Then open the file /etc/group and add the user jack on line corresponding to the group sys

root:x:0:root

bin:x:1:root,bin,daemon

daemon:x:2:root,bin,daemon

sys:x:3:root,bin,adm,jack

adm:x:4:root,adm,daemon

The entry jack is made in /etc/group file..

Now the user jack can use the command rpm to install any software prefixing the command rpm

with sudo for example

sudo rpm -i vlc

6.3.Changing owner and group

The chown command is used to change the owner or/and group of a file. The general format of

the command is

chown owner:group file-name

case 1 if only owner is specified but group is not specified then the file owner is changed to

owner and the file group is changed to that of login group of owner.

Case 2 if owner and group both are specified then the file owner is changed to owner and file

group is changed to group.

Case 3 if owner is not specified but group is specified then the group of file is changed to that of

group

case 4 if owner and group both are not specified then nothing happens.

The chgrp command is used to change the group of a file. The format of the command is

82

chgrp group-name file-name

changes the group of file-name to group.

The system administration can be divided into several parts

� Managing user accounts (creating,deleting,modifying user and group accounts) (discussed before)

� managing services to be run in a runlevel (discussed before)

� Updating existing software and installing new software (discussed before)

� Monitoring system performance � Automating tasks� Managing and tuning kernel

6.4.Monitoring System performance

6.4.1.Using System Monitor

The system information can be viewed using the System Monitor utility. To start the system

monitor utility follow these steps on desktop go to system--> then go to administration-->then

click on System Monitor.

83

On the processes tab the user can see the listing of all the processes of the system at that mo-

ment.

The user can click on a process and then can end process by clicking on the End Process button.

Using the Edit menu option the user can Start Process, View Process, End Process, Kill Process,

and also change the priority of the process.

Using the view menu option user can choose the option to see only processes started by him (his

process) or all process or active processes on the system.

Using the filesystems tab the filesystems currently mounted on the system are displayed. A user

can also choose which information he/she wants to see for the processes using the Edit--

>preferences option of the menu .

On the preferences window the user can choose the time interval after which the information is

to be refreshed.

84

6.4.2.Using top

The top utility is started by typing the top command in the terminal window. The top command

gives various information about the system

� number of users currently logged on� load average of the system� total number of processes, no of processes active, no of processes sleeping, no of zombie

processes� usage detail of swap memory� usage detail of RAM memory� the information about the processes of the system like PID (process identification

number ),percent CPU usage,% memory usage, the command used for invoking the process. The priority of the process.

6.4.3.Other commands

There are several commands available in Linux which can be used to view the system informa-

tion.

6.4.3.1.Using w command

The w command is used to view the users who are logged on the system and the processes run

by them. It also shows the time for which the system is running and the load average of the

system.

85

[root@localhost ~]# w

23:17:20 up 32 min, 2 users, load average: 0.10, 0.21, 0.19

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

root pts/0 :0.0 22:48 10:07 0.04s 0.00s find /home

root pts/1 :0.0 23:08 1.00s 0.03s 0.00s w

6.4.3.2.Using uptime

The uptime command is used to show the time for which system is running. Load average of the

system and number of users logged on the system currently.

[root@localhost ~]# uptime

23:17:44 up 32 min, 2 users, load average: 0.19, 0.22, 0.19

6.4.3.3.Using vmstat

The vmstat command is used to displays the virtual memory statistics.

[root@localhost ~]# vmstat

procs --memory----- ---swap-- -io---- --system-- -----cpu------

r b swpd free buff cache si so bi bo in cs us sy id wa st

0 0 0 218808 20736 258632 0 0 144 38 114 435 7 1 89 2 0

Under the proc heading it displays the no of processes waiting for run time (under r sub head-

ing),no of processes in sleep(under sub heading b).

Under the memory heading it displays amount of virtual memory used(swpd),free memory,

buffer memory, cache memory, under swap heading amount of memory swapped in from

disk(si) and amount of memory swapped out(so).

Under the io heading blocks received from block devices(bi),blocks sent to block devices(bo).

Under the CPU heading the CPU related information.

86

6.4.3.4.Using free

It gives the amount of free and used memory space of the system.

[root@localhost ~]# free

total used free shared buffers cached

Mem: 766860 550340 216520 0 22476 261796

-/+ buffers/cache: 266068 500792

Swap: 819272 0 819272

6.4.3.4.Using kill

The kill command is used to end a process. The format of the kill command is

kill -s signal-name pid

� if the pid is 0 then all process in current process are signaled.� If the pid is 1 then processes with pid >1 re signaled� if pid is > 1 then the process with that id is signaled.

6.5.Log information

The user can see the log information of the system using the System Log viewer .The system log

viewer is launched from desktop using SYSTEM-->ADMINISTRATION-->SYSTEM LOG.

87

On the left hand side the list of log files is displayed. User can click on the name of files to view

the log information. For example the file /var/log/boot.log contains the log information of boot

time.

Clicking on the cron entry on left displays the log information about the jobs scheduled using

the cron utility on the right panel of the above utility. The log information about the cups can be

seen by expanding the tree under the cups entry on the left panel of the utility.

7 . K E R N E L S E R V I C E S A N D C O N F I G U R A T I O N

7.1.Overview

Linux kernel is heart of Linux operating system. The hardware drivers are installed to interface

with the hardware. The hardware drivers are maintained as the modules of the kernel. The

drivers can be inserted,deleted,and the information about the drivers can be viewed.

7.2.kernel Modules

All the modules configured into the kernel are located in the directory /lib/modules/*/. The * is

replaced by the output of uname -r command. The content of the directory is

[root@localhost 2.6.21-1.3194.fc7]# ls

build modules.dep modules.networking modules.symbols

88

extra modules.ieee1394map modules.ofmap modules.usbmap

kernel modules.inputmap modules.pcimap source

modules.alias modules.isapnpmap modules.scsi updates

modules.ccwmap modules.libata modules.seriomap weak-updates

The kernel subdirectory of the above output contains the drivers currently part of the kernel.

The file modules.networking contains the name of the drivers for the network devices.

7.2.1.Modules Loaded into Kernel

To view the modules currently loaded into the kernel use the command lsmod. The

file/proc/module contains the listing of modules currently loaded into the kernel.

[root@localhost ~]# lsmod

Module Size Used by

i915 25793 3

drm 78037 4 i915

ipt_MASQUERADE 7745 1

iptable_nat 11461 1

nf_nat 22125 2 ipt_MASQUERADE,iptable_nat

The modinfo command can be used to view information about any of the loaded module into

the kernel. For example to view information about the driver i915 of above case use the com-

mand

[root@localhost ~]# modinfo i915

filename: /lib/modules/2.6.21-1.3194.fc7/kernel/drivers/char/drm/i915.ko

license: GPL and additional rights

description: Intel Graphics

89

author: Tungsten Graphics, Inc.

srcversion: 9274BE575209BE18EC18D84

depends: drm

7.2.2.Inserting module into kernel

Sometimes a user might need to install a hardware device if the hardware driver is not part of

the kernel. The user has to insert the driver module into the kernel. The insmod command is

used to insert a driver module into the kernel. The format of the insmod command is

insmod file-name

if the file-name is – then the module is taken from the standard input.

7.2.3.Removing module from kernel

The rmmod command is used to remove a module from the kernel. The format of the command

is

rmmod module-name

7.2.4.Using modprobe command

The modprobe command can be used to insert a module into kernel ,and remove a module

from the kernel.

The modprobe command inserts other modules which are dependent on the module being

inserted using the command. Let module2 is module dependent on module1 then if the com-

mand

modprobe module1 is executed then the modules module1 and module2 both are inserted as the

module2 is dependent on module1. The module dependencies are listed into the modules.dep

file located in the directory /lib/modules/uname -r/. If module2 is dependent on module1 then

the file contents will be

/lib/modules/*/kernel/crypto/module2.ko:

/lib/modules/*/kernel/lib/zlib_deflate/module1.ko

/lib/modules/*/kernel/lib/zlib_deflate/module1.ko

90

:

In above example the modules module1 and module2 are listed using fully qualified path name.

The dependent module is on left side and the independent module is on the right side of the

semicolon.

But if the command insmod is used then the module1 is only inserted.

The command modprobe -r module-name is used to remove the modules from the kernel.

The modprobe command looks in the directory /lib/modules/*/ and also for the configuration

file /etc/modprobe.conf (if the file is present) and in the directory /etc/modprobe.d.

The sample modprobe.conf file is

alias eth0 via-rhine

options snd-intel8x0 index=0

install binfmt-0000 /bin/true

The option alias defines an alternate name eth0 for the via-rhine. The option options define the

options which will be used when the module is inserted into the kernel.

The install option is used to run the commands defined after the module name. In above case if

the command

modprobe binfmt-0000 is run then the command /bin/true is executed.

7.3.Process and Kernel Information

7.3.1.The ps command

The ps command is all purpose command to get information about the processes running on the

system. There are many options available for the ps command. The command ps aux is used to

display all the processes currently running on the system.

7.3.2.Changing priority of process

The renice command is used to change the priority of the running process. The format of the

renice command is

renice priority -p pid of process -u user-name -g group-id

91

If the renice command is issued on user then the process priority of all processes of the user

changes and if issued for group then the process priority of all processes owned by the group is

changed and if issued for process id then the process priority is changed.

7.3.3.Using dmesg

It is used to examine and print the boot up message. The user can use the command to capture

the messages. The format of the command is

dmesg -c -n level

The -c option clears the kernel ring buffer after printing

-n option sets the level of messages which will be printed.

If the value of level is 1 then the serious error messages are only printed.

[root@localhost modprobe.d]# dmesg -c

Linux version 2.6.21-1.3194.fc7 ([email protected]) (gcc version

4.1.2 20070502 (Red Hat 4.1.2-12)) #1 SMP Wed May 23 22:35:01 EDT 2007

BIOS-provided physical RAM map:

sanitize start

sanitize end

copy_e820_map() start: 0000000000000000 size: 000000000009fc00 end:

000000000009fc00 type: 1

............

.........

............

is the output of command. After the execution the kernel ring buffer gets clear now if the com-

mand dmesg is run again then there will be no output.

92

7.3.4.Syslogd

The syslogd supports the system logging as well as kernel message trapping. The syslogd and

klogd comprises the sysklogd package. syslogd supports the system logging. It uses the configu-

ration file /etc/syslog.conf. The file defines the files where different system messages will be

written. Below is the sample /etc/syslog.conf file

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* -/var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

93

#

# INN

#

news.=crit /var/log/news/news.crit

news.=err /var/log/news/news.err

news.notice /var/log/news/news.notice

In the above file /var/log/secure file is defined to contain the authorization and security related

messages. For example the PAM (Pluggable Authentication Module) related messages are

logged in this file.

The cron job messages are logged in the file /var/log/cron

The file name can be changed by the root user if root wants to log the information into different

file.

The klogd captures the kernel messages. The process id(PID) of the klogd daemon is defined in

the file /var/run/klogd.pid. The source for the kernel message is the /proc/kmsg file. If the file

is not present then klogd uses a system call to obtain kernel messages. The klogd daemon

always runs on a running system and traps any messages which kernel generates.

7.4.Automating Tasks --

A user can schedule to run a job at a specified time. The at,batch,and cron facilities are used to

schedule a job at a specified time.

7.4.1.Using at

The at command is used to schedule a job at a time and the atd daemon runs the job scheduled

by the at command. The at command cannot be used by all the users. The root user can use the

at command. There are two files which determine which users can use the at command.

The file /etc/at.allow lists the name of the users who are allowed to use the at command. The

/etc/at.deny command lists the name of the users who can't use the at command. The

/etc/at.allow file is first checked for the user name who can use the at command if the file is not

present then the file /etc/at.deny is checked to see the users who cannot use the at command. If

94

both the files are not present then only root user can run the at command. The sample format of

the /etc/at.allow or /etc/at.deny is

jack

mark

The user names should be one in a line and there should not be whitespace in the user name.

The at -l command is used to list all the scheduled jobs(if root user runs this command then

scheduled job of all users is displayed),if invoked by other users the scheduled job of only that

user is displayed.

The jobs which are listed have an on right are in at queue, the jobs which have = on right are

jobs currently executing, and the jobs with b on right are in batch queue.

[root@localhost ~]# atq

3 Fri Jan 16 22:44:00 2009 a root

2 Fri Jan 16 22:49:00 2009 a root

1 Fri Jan 16 22:39:00 2009 = root

4 Fri Jan 16 23:03:00 2009 a root

at -m sends mail to the user when the job completes even if the job has no output.

The command at time-specification is used to schedule the job at that time. The three ways in

which jobs can be scheduled are

7.4.1.1.using pipe

A list of command can be scheduled using pipe for example

[root@localhost ~]# ls -la | at now+5min

job 1 at Fri Jan 16 22:39:00 2009

to schedule a number of commands write each command separated by semicolons.

7.4.1.2.Using at prompt

95

The at prompt is presented to the user if at time-specification is entered for example

[root@localhost ~]# at now+20min

at> ps

at> du

at> <EOT>

press CTRL+D to come out of at prompt. In above example ps and du both are scheduled.

7.4.1.3.Using file

The at -f filename time-specification command is used to give the command using the file file-

name. The contents of the file(commands in the file name is executed at time specification).

atq – The atq command is used to list the scheduled job. Same as

at -l

atrm – command is used to delete a scheduled job. The format is

atrm jobid

to delete the job 4 in below case use

the command at -l gives listing of all scheduled jobs.

[root@localhost ~]# at -l

4 Fri Jan 16 22:46:00 2009 a root

3 Fri Jan 16 22:44:00 2009 a root

2 Fri Jan 16 22:49:00 2009 a root

1 Fri Jan 16 22:39:00 2009 = root

use atrm to delete job 4.

96

[root@localhost ~]# atrm 4

the command atq gives listing of all scheduled jobs.

[root@localhost ~]# atq

3 Fri Jan 16 22:44:00 2009 a root

2 Fri Jan 16 22:49:00 2009 a root

1 Fri Jan 16 22:39:00 2009 = root

The outputs of the commands are mailed to the owner of the job after successful completion of

the job.

7.4.2.Using batch command

The batch command is used to schedule a job. The job runs when the load average of the system

is below .8.The batch scheduled job is run by the atd daemon. The batch command invokes the

at command prompt

[root@localhost ~]# batch

at> df

at> du

at> <EOT>

job 5 at Fri Jan 16 22:58:00 2009

The scheduled jobs which are submitted using the at command and batch command are spooled

in the directory /var/spool/at. The files contain the information about the commands along

with the environment under which the commands were scheduled. The sample file for the

commands scheduled using the batch command is

#!/bin/sh

# atrun uid=0 gid=0

# mail root 0

97

umask 22

SSH_AGENT_PID=2866; export SSH_AGENT_PID

HOSTNAME=localhost.localdomain; export HOSTNAME

DESKTOP_STARTUP_ID=; export DESKTOP_STARTUP_ID

SHELL=/bin/bash; export SHELL

...............

............

df

du

7.4.3.Using cron

The cron facility is also used to schedule the jobs. The crontab jobs are executed by the cron

daemon. The root user can access cron facility. The users can be given access to cron using two

files.

The /etc/cron.allow file is used to list the users who can use the cron facility. The

/etc/cron.allow file is first searched by the cron facility if the file does not exists then the

/etc/cron.deny file is searched./etc/cron.deny lists the user names which are not allowed to

access the cron facility. If both files don't exists then only root user can use cron facility.

The crontab -e command is used to create a crontab file. A text editor can be used to create a

file-name.cron file .

[root@localhost at]# crontab -e

no crontab for root - using an empty one

crontab: installing new crontab

The crontab file is created in the /var/spool/cron directory. The name of the file is same as the

name of the user. The format of the file is

5 23 * * * ls -la /usr/local

98

� The first field is minute (0-59)� second field is hour (0-23)� third field is day of month(0-31) � fourth field is month (0-12).Jan,Feb,mar,Apr format is also used.� fifth field is day of week(0-7).Sun,Mon,Tue format is also used.0 and 7 both are used for

Sunday� The field value * in the fields denotes all possible value.� After the time fields the command field follows.

The command crontab -l is used to list all the crontab jobs.

[root@localhost at]# crontab -l

5 23 * * * ls -la /usr/local

The crontab -r command is used to delete the crontab jobs.

[root@localhost cron]# crontab -r

[root@localhost cron]# crontab -l

no crontab for root

7.4.3.1./etc/crontab

The file /etc/crontab file is system crontab file. The cron daemon reads the /etc/crontab file.

The sample /etc/crontab file is

SHELL=/bin/bash

PATH=/sbin:/bin:/usr/sbin:/usr/bin

MAILTO=root

HOME=/

# run-parts

01 * * * * root run-parts /etc/cron.hourly

02 4 * * * root run-parts /etc/cron.daily

99

22 4 * * 0 root run-parts /etc/cron.weekly

42 4 1 * * root run-parts /etc/cron.monthly

The environment of the sub shell is set using this file.

The SHELL parameter sets the shell to /bin/bash.

The mail is done to root user (MAILTO parameter).

The runparts define the time when the scripts in the directories /etc/cron.hourly,

/etc/cron.daily,/etc/cron.weekly,and /etc/cron.monthly are executed by the cron daemon.

8 . W E B S E R V E R

8.1.Overview

The web server accepts the Hyper Text Transfer Protocol(HTTP) requests and sends a response

to the client. The apache web server is the most widely used web server. The apache web server

source code is freely downloadable.

8.2.Starting Apache

The user should check whether the Apache web server is enabled in the runlevel or not. The

chkconfig - -list option is used to check whether the Apache web server is enabled or not

[root@localhost ~]# chkconfig --list httpd

httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

The httpd service (the daemon corresponding to the Apache web server) is enable in runlevel

2,3,4,and 5. If the service is not enabled then the command chkconfig httpd on is used.

If the service is enabled in a runlevel use the command service httpd start to start the Apache

Web Server.

[root@localhost ~]# service httpd start

Starting httpd: [ OK ]

After starting the service check the working of Apache web server by typing the address

http://localhost

100

in the address bar of the Mozilla Firefox (web browser).

The Apache web server configuration directory is /etc/httpd. The directory contains main

configuration file, sub directories and symbolic links to other directories.

[root@localhost httpd]# ls -l

total 36

drwxr-xr-x 2 root root 4096 2009-01-17 10:01 conf

drwxr-xr-x 2 root root 4096 2009-01-17 10:29 conf.d

lrwxrwxrwx 1 root root 19 2009-01-06 16:15 logs -> ../../var/log/httpd

drwxr-xr-x 3 root root 4096 2009-01-06 16:20 modsecurity.d

lrwxrwxrwx 1 root root 27 2009-01-06 16:15 modules -> ../../usr/lib/httpd/modules

lrwxrwxrwx 1 root root 13 2009-01-06 16:15 run -> ../../var/run

The conf directory contains the main Apache configuration file httpd.conf.

The conf.d contains the configuration files relating to the languages( like Python,Perl,and

PHP),database(Mysql) and the authorization modules.

The logs directory is symbolic link to /var/log/httpd directory which contains the httpd log

information

101

the modsecurity directory contains files relating to the security, http policy, and protocols

related.

The modules directory is symbolic link to the /usr/lib/httpd/modules directory which contains

the library files for the Apache web server.

The run directory contains the symbolic link to /var/run directory which contains the httpd.pid

file which contains the PID of httpd daemon.

8.3.Main Configuration file

/etc/httpd/conf/httpd.conf file is main configuration file for Apache web server. The file is

divided into three parts.

� Configuration directives for Apache web server process as whole.� Configuration parameters for the main server (not virtual hosts but these parameters

also set default values for all virtual hosts)� Settings for virtual hosts.

8.3.1.Global Environment Configuration

In the global environment configuration section the following attributes are set

# Don't give away too much information about all the subcomponents

# we are running. Comment out this line if you don't mind remote sites

# finding out what major optional modules you are running

ServerTokens OS

This hides the additional subcomponent modules from the remote sites. The additional sub-

component configuration files reside in the /etc/httpd/conf.d directory.

# ServerRoot: The top of the directory tree under which the server's

# configuration, error, and log files are kept.

ServerRoot "/etc/httpd"

The server root names the main directory where all the server information is kept.

# Timeout: The number of seconds before receives and sends time out.

102

#

Timeout 120

The server will wait for 120 secs for a response and after that the connection will timeout.

# Listen: Allows you to bind Apache to specific IP addresses and/or

# ports, in addition to the default

Listen 80

In this case apache listens to port number 80.The port number can be changed to any port

number by the user.

# Dynamic Shared Object (DSO) Support

#

LoadModule auth_basic_module modules/mod_auth_basic.so

LoadModule auth_digest_module modules/mod_auth_digest.so

LoadModule authn_file_module modules/mod_authn_file.so

The LoadModule loads the modules from the /usr/lib/httpd/modules directory (the directory

/etc/httpd/modules is a symbolic link to above directory).

# Load config files from the config directory "/etc/httpd/conf.d".

#

Include conf.d/*.conf

Loads the additional component support component files from the /etc/httpd/conf.d directory.

The directory contains the configuration files for PHP,Perl,Python,and Mysql etc.

User apache

Group apache

103

The httpd server runs under the user apache and group apache. The user account apache and

the group account apache are automatically created (user don't create the accounts).The user

can set this to his/her user-name and group-name.

8.3.2.Main server section

# ServerAdmin: Your address, where problems with the server should be

# e-mailed.

ServerAdmin root@localhost

In case of any information server wants to give then the information is send to the email address

mentioned in the directive ServerAdmin. The email address can be edited if user wants so.

# DocumentRoot: The directory out of which you will serve your

# documents. By default, all requests are taken from this directory, but

# symbolic links and aliases may be used to point to other locations.

#

DocumentRoot "/var/www/html"

This is the directory where the user will place the contents or files he/she wants to get handled

by the web server. For example if you create an index.html file and kept it in this directory and

open the address http://localhost using any web browser then the contents of index.html file

will be displayed.

# AccessFileName: The name of the file to look for in each directory

# for additional configuration directives. See also the AllowOverride

# directive.

#

AccessFileName .htaccess

#

104

# The following lines prevent .htaccess and .htpasswd files from being

# viewed by Web clients.

#

<Files ~ "^\.ht">

Order allow,deny

Deny from all

</Files>

The .htaccess file is used to control access to the directory. The contents of htaccess file should

not be visible to the clients who are accessing the server (people who are using web browser to

view contents or pages on the server). The line Deny from all sets the access level that no user

can be able to see the file .htaccess (the address in the web browser address bar corresponding

to the .htaccess file won't give anything).

# LogLevel: Control the number of messages logged to the error_log.

# Possible values include: debug, info, notice, warn, error, crit,

# alert, emerg.

#

LogLevel warn

The loglevel defines the messages which are to be logged. In above case the warning messages

will be logged in the file.

# Proxy Server directives. Uncomment the following lines to

# enable the proxy server:

#

<IfModule mod_proxy.c>

ProxyRequests On

105

#

<Proxy *>

Order deny,allow

Deny from all

Allow from .example.com

</Proxy>

The apache web server acts as proxy server if the above lines are uncommented. In the above

example if the Proxy Requests directive is OFF then apache will act as a cache server. The

permission level set for the proxy server in above case is the access is denied from all except

.example.com.

#

# To enable a cache of proxied content, uncomment the following lines.

# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details.

#

<IfModule mod_disk_cache.c>

CacheEnable disk /

CacheRoot "/var/cache/mod_proxy"

</IfModule>

#

If the following lines are uncommented then the apache web server servers as a cache server.

The root directory for the cached files is /var/cache/mod_proxy.

8.3.3.Virtual hosts section

#

106

# Use name-based virtual hosting.

#

#NameVirtualHost *:80

#

<VirtualHost *:80>

ServerAdmin [email protected]

DocumentRoot /www/docs/dummy-host.example.com

ServerName dummy-host.example.com

ErrorLog logs/dummy-host.example.com-error_log

CustomLog logs/dummy-host.example.com-access_log common

</VirtualHost>

The virtual host section is used to configure virtual hosting which supports more than one

domain using a single web server system.

In the following example the ServerName is set to dummy-host.example.com. So if a user

requests a document in the domain ServerName then the documents or files from the directory

/www/docs/dummy-host.example.com is fetched. Each and every apache directive can be used

within the VirtualHost.

8.4.HTTP Server Configuration

The HTTP Server Configuration is used to configure the HTTP server. To invoke the utility

enter the below command in terminal

[root@localhost conf]# system-config-httpd

107

The main tab is used to configure the server name and web master email address to add the ip

address click on the add button.

The new address and the port can be added on the panel displayed. The user can choose to

listen to all address option .

Use the virtual host tab to configure the virtual host.

108

The add button is used to add a new virtual host and the edit button is used to edit the proper-

ties of the virtual host highlighted on the left part of panel. the delete option can be used to

delete the virtual host. If the user choose to edit the properties of a virtual host the below panel

is displayed

109

The user can use the tabs on top of the panel to configure the options. The general properties

like virtual host name ,document root directory, web master email address can be configured on

the general tab.

The server tab on the main panel is used to configure the server lock file location, core directory

where all the configuration files of the server will be kept, and the location of the pid file. The

user and group under which the apache server is running can also be edited.

110

The performance tab is used to configure the parameters which help in improve the perfor-

mance of the apache web server. Parameters like connection timeout period ,maximum number

of requests per connection are set here. These options are impact the performance of the apache

web server.

111

9 . S Q U I D S E R V E R

9.1.Overview

It is high performance proxy caching server for web clients with supporting HTTP,FTP,and

Gopher data objects. Squid consists of a main server program squid, a Domain Name System

lookup program dnsserver and some other modules for authentication and management tasks.

9.2.Configuring Squid

The directory /etc/squid contains the configuration files for squid server. The main configura-

tion file for the squid server is /etc/squid/squid.conf. The squid configuration file is divided into

sections

9.2.1.Network options

Under the network options the user can define the socket addresses. http_port define the

socket addresses where Squid will listen for HTTP client requests. The socket address can be

defined in three forms:

� port alone� hostname with port

112

� IP address with port

# Squid normally listens to port 3128

http_port 3128

9.2.2.Neighbor selection algorithm option

Under this section the user define the mapping of rules for the requests and neighbor which will

be called if a request obeys the rule. For example

hierarchy_stoplist cgi-bin ?

means that when the URL consists of certain string of characters then the original server han-

dles the request.

9.2.3.Cache size options

This section defines the options which control the cache size and swap memory used to handle

the objects. For example

#Default:

cache_mem 8 MB

This sets the cache size (RAM memory used to store the in transit objects that is objects that are

in use),hot objects(objects that are used often),and negative cache objects(recent failed re-

quests).

9.2.4.Log File and Cache directory section

This section defines the directory which will be used as a cache directory.

#Default:

cache_dir ufs /var/spool/squid

This section also defines the format of the squid log files. The cache dir /var/spool/squid con-

tains the following files

[root@localhost squid]# ls

access.log cache.log squid.out store.log

113

The squid pid is stored in the file /var/run/squid.pid.

9.2.5.Access control section

This section defines the access control. By default no outside client is allowed to access the

contents. The acl tag is used to define access control. the form of acl tag is

acl name type string or file

below is the example of acl tags from /etc/squid/squid.conf file

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

114

the first line gives name all to all the addresses. The manager can access the contents as defined

by the second line. The localhost name is given to the loopback interface. The next lines define

different ports with a name for example port 443 with name SSL_ports.

http_access allow localhost

http_access deny all

the above lines define that the localhost can only access the http content all others are denied.

This entry can be edited to add more number of clients who can access the content.

9.2.6.Administrative parameters

The administrative parameter defines the user under which squid will run ,the user receiving

mails in case cache dies etc.

#Default:

cache_mgr root

Above line define that root user is mailed in case the cache dies.

#Default:

cache_effective_user squid

The above line define that the effective user of the squid is squid user. Squid is an administra-

tive user account created automatically.

9.3.Cache Manager

The cache manager is a cgi utility for displaying information about the squid http proxy process

as it runs. The configuration file for cache manager is /etc/squid/cachemgr.conf. The configura-

tion file controls which servers will be managed by the cache manager.

# This file controls which servers may be managed by

# the cachemgr.cgi script

#

115

# The file consists of one server per line on the format

# hostname:port description

#

# Specifying :port is optional. If not specified then

# the default proxy port is assumed. :* or :any matches

# any port on the target server.

#

# hostname is matched using shell filename matching, allowing

# * and other shell wildcards.

localhost

In the above example the localhost server is managed by the cache manager.

The cache manager can be invoked by typing the address http://server-name/cgi-

bin/cachemgr.cgi.

9.4.Squid Daemon

The squid daemon receives the configuration information from the squid daemon configuration

file /etc/sysconfig/squid. The sample format of the file is

# default squid options

# -D disables initial dns checks. If you most likely will not to have an

# internet connection when you start squid, uncomment this

SQUID_OPTS="-D"

# Time to wait for Squid to shut down when asked. Should not be necessary

# most of the time.

SQUID_SHUTDOWN_TIMEOUT=100

116

After making changes in the configuration file restart the squid daemon if the squid daemon is

already running using the command

[root@localhost squid]# /etc/init.d/squid restart

Stopping squid: . [ OK ]

Starting squid: . [ OK ]

if the squid daemon is not running then use

/etc/init.d/squid start

command.

Alternatively the command

[root@localhost squid]# squid -k reconfigure

causes the squid to read the configuration file again.

1 0 . N F S S E R V E R

10.1.Overview

In organizations it is common that the files are kept at one server. The files are accessible by

some computers on the intranet of the organization. The access to files is defined by rules set at

the server machine. NFS is example of a file server.

10.2.Starting NFS service

To start the NFS service enter the below command in the terminal

[root@localhost ~]# service nfs start

Starting NFS services: [ OK ]

Starting NFS quotas: [ OK ]

Starting NFS daemon: [ OK ]

Starting NFS mountd: [ OK ]

117

10.3.Sharing Folders

The file /etc/exports contain the name of the folders which are to be shared. One directory entry

is done on one line. The format of the /etc/exports file entry is

directory-name host-name(options) #comments

directory name is the name of the directory which is shared with other computers on network.

The host names are the computers which have right to access the files.

The options define security levels that is who can access and which users can access the directo-

ry.

10.3.1.Format of hostname

Multiple hostnames or lp address can be entered separated by blank. The combination of lp

address and hostname can also be used. The format of the entry is

hostname1 hostname2

hostname1 hostname2 165.123.12.87

All the hosts from a particular network can also be entered using the ip address/net mask

format.

192.168.1.1/255.255.255.0

The wildcard characters *,? can also be used. ? matches any one character and * matches any

number of character. So for example if all the computers in the domain example.com should be

allowed access to directory files then enter the entry

files *.example.com

but if the access should be restricted to computers with first name of 5 characters use

files ?????.example.com

The access can also be defined in terms of the NIS group. The

NIS group can be preceded by the @ of sign before the NIS group name. For example to give

access to mynis group add entry

118

@mynis

10.3.2.Options format

The valid options used in the /etc/exports file are

secure – the client computer should connect using the port below 1024.if the insecure option is

specified then any port can be used.

rw – the clients can read the files on NFS volume and also write on the directory . The other

option is ro which allows read operation only.

async – It responds to the request before the changes made by the request are made perma-

nent (that is changes are written to disk).So this option improves performance but increases

chance of inconsistencies . The sync option means server will respond to the request after the

changes made by the request are made permanent (that is changes are written to disk) so there

is no chance of inconsistency.

root_squash – this option maps the root user of client (uid 0 gid 0) to anonymous uid and

gid. The default value of anonymous uid and gid is 65534.The anonymous uid and gid value can

be changed by using options anonuid and anongid.

no_root_squash – the root user of client is treated as the root user of the server as well ( the

uid/gid of root is not mapped to the anonymous uid and gid).

all_squash – map uid and gid of all users to anonymous uid and gid. Other option is

no_all_squash which causes no mapping to be done.

Below is the sample /etc/exports file

/home/vishnu *(sync,ro,secure,all_squash)

/home/user1 ?????.example.com(async,rw,insecure,root_squash)

In the first entry the directory /home/vishnu is made accessible

by each computer (indicated by *) and options sync,ro,secure and all_squash is used.

The second entry makes the directory /home/user1 accessible to computers with five letter

name in domain example.com with options async,rw,insecure,and root_squash.

119

The directories mentioned in the /etc/exports file can be exported that is made available to the

network using the exportfs command or rebooting the system or restarting the NFS service.

[root@localhost ~]# exportfs -a -v

exporting ?????.example.com:/home/user1

exporting *:/home/vishnu

The exportfs -a -v command is used to export all directories listed in the /etc/export file and

print verbose output.

� -a option is used to export all directories� -u option is used to unexport one or more directories.� -r reexport the directories� -v verbose mode produces output

or use the below command

[root@localhost nfs]# service nfs restart

Shutting down NFS mountd: [ OK ]

Shutting down NFS daemon: [ OK ]

Shutting down NFS quotas: [ OK ]

Shutting down NFS services: [ OK ]

Starting NFS services: [ OK ]

Starting NFS quotas: [ OK ]

Starting NFS daemon: [ OK ]

Starting NFS mountd: [ OK ]

10.4.Accessing the NFS directory

The NFS directory needs to be mounted before it can be accessed. To mount the NFS directory

the mount command can be used. For example to access the /home/vishnu directory enter the

below command in the terminal

120

[root@localhost nfs]# mount localhost:/home/vishnu /mnt/win

This mounts the /home/vishnu directory on /mnt/win directory of the same system.

The autofs facility can also be used to mount the NFS shared directories on demand. To mount

the NFS directories using the autofs use the following step

add the below line in the /etc/auto.master

/net /etc/auto.net

Then restart the autofs service. For example to access the directory /home/vishnu the below

command is used

cd /net/localhost

10.5.NFS Server Configuration

The NFS server configuration utility can be used to create the /etc/exports file using the graphi-

cal interface. It is invoked using the below command

[root@localhost nfs]# system-config-nfs

It lists the two directories which are exported. To add a new directory for export click on the add

button. User can also edit the properties of the directories already exported by selecting the

121

directory in the directory listing and click on the properties button. The below panel is displayed

which can be used to edit the options which are used to share the directory /home/vishnu.

The above panel is also displayed if the user wants to share a new directory (by clicking on the

add button) but that time the panel will not contain any previous value.

The server settings can also be edited by clicking on the server settings button

The user can enter the port numbers in the text boxes of the panel to force NFS daemon for

using these ports.

122

10.6.Using nfsstat

The nfsstat command is used to display statistics about the NFS server and client activity. It

uses following files to present the output in user readable format

� /proc/net/rpc/nfsd -- procfs-based interface to kernel NFS server statistics.� /proc/net/rpc/nfs -- procfs-based interface to kernel NFS client statistics.� /proc/mounts -- procfs-based interface to the mounted filesystems.� use nfsstat -s to display server side information� use nfsstat -c for client side information� use nfsstat -n for NFS statistics� use nfsstat -r for rpc statistics

The var/lib/nfs directory is used to keep information about the exported directory. The files

xtab,etab,and rmtab files contain the information about the exported files. The sample etab file

is

/home/user1

?????.example.com(rw,async,wdelay,hide,nocrossmnt,insecure,root_squash,no_all_squash,no

_subtree_check,secure_locks,acl,mapping=identity,anonuid=65534,anongid=65534)

/home/vishnu

*(ro,sync,wdelay,hide,nocrossmnt,insecure,root_squash,all_squash,no_subtree_check,secure_

locks,acl,mapping=identity,anonuid=65534,anongid=65534)

1 1 . S A M B A S E R V E R

11.1.Overview

samba is used if the network connected with the system comprising of the computers running

the windows operating system. Windows operating system uses the SMB(Session Message

Block) protocol for sharing files and printers.

11.2.Samba Server Configuration

The samba server configuration utility is used to configure the samba server on the system. To

invoke the samba server configuration utility enter the below command in the terminal

[root@localhost nfs]# system-config-samba

123

The panel can be used to configure the server settings, samba users ,and new samba share.

To edit the server setting click on the preferences menu and then to the server settings drop

down choice. The below panel is displayed.

On the basic tab enter the work group name and the description of the work group. On the

security tab the enter the following information the authentication mode, the authentication

server,kerberos realm, encrypt password and guest account. Set the value of the option to below

values

124

On the preferences menu list the samba user tab invokes the Samba Users panel which helps to

add new samba users. Click on the new user button to display the below panel

On the above panel enter the UNIX user name and windows user name (the UNIX user name

and the windows user name are usually same). The passwords for the users are also entered on

this panel.

After entering the user-name and password click on the add share button to display the below

panel

125

On the basic tab of create samba share the directory which is to be shared is entered. The share

name for the directory is entered which can be any valid name and a description is added (you

may write here anything).The writable option and visible option lets the user choose whether

the clients can write to the directory (writable option) and whether it is visible(visible).If writa-

ble in not checked then the client can't write on the share. If the visible is not checked then the

share won't be visible.

On the access tab user can define who can access the share. The share can be made accessible to

samba users (by checking the check box) or can be allowed to everyone by clicking on the option

box allow access to everyone.

Enter the values and click on OK. The below panel displays the samba share created using the

above procedure and values displayed in the example panels

126

11.3.Samba configuration file

The /etc/samba directory contains the configuration files for the samba server. The

/etc/samba/smb.conf is the main configuration file of the samba server. The

/etc/samba/smbusers file contains the list of the samba users. To add the above /home/user1

directory to the share the below content is to be added in the /etc/samba/smb.conf configura-

tion file

[user1]

comment = user1 home directory

path = /home/user1

writeable = yes

; browseable = yes

valid users = vishnu

In above entry the user1 is the name of the share comment is the description added and writable

option means the client have write access to the share and the users who can access the share

are listed using the valid user’s entry. The path of the shared directory is mentioned in the path

entry.

127

The /etc/samba/smbusers file contains the list of samba users. To add a new samba user vishnu

as in above case enter below line in the /etc/samba/smbusers file

vishnu = vishnu

The left hand side denotes the UNIX user name and the right hand side denotes the windows

user name.

11.4.Starting Samba service

Use the below command to start the samba service.

service smb start

11.4.1.Checking the service

To check whether the samba service is running on the system and the share created on the

system is being shared as the user wanted it to be use the below command

[root@localhost samba]# smbclient -L localhost

Password:

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.25-2.fc7]

Sharename Type Comment

--------- ---- -------

user1 Disk user1 home directory

IPC$ IPC IPC Service (demo sama server)

Anonymous login successful

Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.25-2.fc7]

Server Comment

--------- -------

128

LOCALHOST demo sama server

Workgroup Master

--------- -------

MYGROUP

when asked for password press the ENTER or RETURN key of the keyboard to login as ano-

nymous user. The command displays all the shared directories on the system and also the

workgroup created on the system.

The command can be used to check the working of the samba server and the samba share.

1 2 . F T P S E R V E R

12.1.Overview

File Transfer Protocol is standard method of sharing files over the Internet. The users can

connect to the FTP server and upload, download files from the FTP server. The vsftp is name

given to Very Secured File Transfer Protocol.

12.2.Starting vsftd

Enter the below command to start the vsftpd service if it is not running

[root@localhost ~]# service vsftpd start

Starting vsftpd for vsftpd: [ OK ]

12.3.Configuring vsftpd

The directory /etc/vsftpd contains the configuration and other options file for the vsftpd. The

main configuration file for the vsftpd is /etc/vsftpd/vsftpd.conf. The sample vsftpd.conf file is

# Allow anonymous FTP? (Beware - allowed by default if you #comment this out).

anonymous_enable=YES

#

# Uncomment this to allow local users to log in.

129

local_enable=YES

#

the parameter anonymous_enable is when set to YES then the anonymous user login is allowed

by the ftp server. if set to NO then anonymous user login is not allowed.

local_enable parameter is when set to YES then local users can login to ftp server if set to NO

then local users can not login to ftp server.

# Activate logging of uploads/downloads.

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20 #(ftp-data).

connect_from_port_20=YES

#

xferlog_enable directive is set to YES logs information about the upload and download events.

connect_from_port_20 if set to yes then port 20 is used for transfer of data by ftp.

pam_service_name=vsftpd

userlist_enable=YES

the pam_service_name denotes the name of the service for the Pluggable Authentication Mod-

ule.

userlist_enable is set to YES then vsftp don't allow users listed in the file /etc/vsftpd/user_list

to login through ftp.

The /etc/vsftpd/user_list contain list of users which are allowed access if userlist_enable=NO.

All the administrative users are listed in the file /etc/vsftpd/user_list

root

bin

130

daemon

adm

lp

sync

shutdown

halt

mail

news

uucp

operator

games

nobody

The vsftpd pam also looks for the user names in the file /etc/vsftpd/ftpusers. The file lists the

user names who are not allowed to login through ftp. The user names in the file

/etc/vsftpd/ftpusers are administrative users (they are same set of users as the

/etc/vsftpd/user_list file).

The file /var/log/vsftpd.log and /var/log/xferlog files contain the logging info about the ftp

server.

12.4.ftp command prompt

To start the ftp command prompt enter the below command

[root@localhost log]# ftp

ftp>

ftp supports lot of commands like

131

open hostname or ip address – connect to the computer

identified by hostname or ip address

close – close a connections

pwd – shows name of current working directory on remote computer.

ls -- lists the content of a directory on remote computer.

cd – used to change directory on remote computer.

lcd – to change to a directory on local system

mkdir – to create a directory on remote system

rename – rename a file or directory on remote computer

get – copy a file from current directory of remote system to current directory of local system

mget – same as get but multiple files at once

put – copy a file from current directory on local system to current directory on remote system

mput – same as put but multiple files at once.

bye – closes current connection and exits ftp.

12.5.Very Secure FTP daemon Configuration

The Very Secure FTP daemon Configuration utility is used to configure the vsftpd daemon. To

invoke the utility enter the below command in the terminal

[root@localhost ~]# system-config-vsftpd

132

On the general tab user can specify options like enable upload and download of files ,whether to

run in standalone mode or not(in standalone mode vsftpd listens to the port it don't run under

inetd or xinetd).

Under server control tab user can start or stop the server view the log files.

On the access control tab the user can define whether the local users should be able to login into

the ftp server and the file which is to be used to ban users from accessing the ftp server for

example the /etc/vsftpd/user_list file contain the list of the administrative user who should not

be allowed to access the ftp server.

on Users tab the way system users and the anonymous users will access the ftp server is defined.

The anonymous user behavior and the system users behavior is set differently so as to provide

better grain of control

On the directory option the file access options are set. File names which match a user defined

criteria can be made inaccessible and invisible to the clients. The users can view the directory

list if or not can also be controlled.

On logging tab the user can provide the files which will be used for logging the standard logging

file is /var/log/vsftpd.log. The information which will be logged can also be defined.

On network tab the user can define the network options. The active connection options and the

passive connection options as well. It also defines the port on which the ftp server listens.

133

Maximum number of clients connecting through a single source .

1 3 . L D A P S E R V E R

13.1.overview

LDAP stands for Lightweight Directory Access Protocol. It is used to create directories of infor-

mation that can be shared among client applications over a network.

13.2.Configuration

The main directory of the ldap is /etc/openldap. The directory contains the configuration files

and schema files for the ldap. The contents of the directory are

[root@localhost openldap]# ls -l

total 24

drwxr-xr-x 2 root root 4096 2007-02-20 02:25 cacerts

-rw-r--r-- 1 root root 246 2007-02-20 02:25 ldap.conf

drwxr-xr-x 2 root root 4096 2009-01-06 16:17 schema

The file ldap.conf is the main configuration file for the ldap. The sample ldap.conf file is

#

# LDAP Defaults

#

# See ldap.conf(5) for details

# This file should be world readable but not world writable.

BASE dc=example, dc=com

URI ldap://ldap.example.com ldap://ldap-master.example.com:666

SIZELIMIT 12

TIMELIMIT 15

134

DEREF never

The BASE directive is used to set the set the distinguished name in the ldap format using the

dc=value format.

URI specifies the uri of the ldap server to which the ldap library will attach. The server name

can be specified or the ip address of the server can be specified. The port can also be specified

on the URI directive.

SIZELIMIT specifies the limit of results which will be returned when the ldap server is

searched. If the value is set to 12 then 12 results will be returned as the output of a search.

TIMELIMIT specifies the time limit which the ldap will take to answer the search request. The

time limit of 15 in above example means that the ldap will take 15 seconds to answer a search

request.

DEREF options specifies the way an alias is dereferenced. The value of deref directive is never

the alias is never dereferenced. This is the default. The other values of the DEREF options is

always,searching,and finding.

The schema directory contains the schema files. The various schema files are

� cosine.schema� inetorgperson.schema� nis.schema� samba.schema

The default schema can be used by the user or edited by the user to create the directory infor-

mation of his/her own. The structure used to create directories is the LDAP Data Interchange

Format(LDIF). To create the ldap directories user have to include the ldap schema he/she is

using in the configuration file /etc/openldap/ldap.conf using the include directive.

For example to include the samba.schema use

include /etc/openldap/schema/samba.schema.

After editing the configuration file user can start creating the directories using any of the ldap

schemas.

The command slapd -t is used to check the /etc/openldap/ldap.conf file for the syntax change.

Create a directory entry with the extension .ldif and save the file.

135

To add the contents of the ldif file created to the ldap directory the command ldapadd is used.

� ldapadd -a command adds a new entry to the ldap directory.� ldapmodify command is used to modify the entries of the ldap server.� ldapdelte command is used to delete an entry from the ldap server.� ldapsearch is used to search the ldap directory using the search parameters. The number

of entries which should be returned using the ldapsearch command is defined in the configuration file /etc/openldap/ldap.conf. The SIZELEIMIT option is used to define the number of rows returned. The time of search or the time within which the ldap server should respond is defined in the TIMELIMIT option.

13.3.Starting the ldap

Use the below command to start the ldap service

service ldap start

1 4 . N I S S E R V E R

14.1.Overview

Network Information Service (NIS) was created by Sun Microsystems. It is used to create an

central information database which is kept at a server system and other computers on the

network access the information. The computers which access the database information (maps)

of the server are referred as NIS domain.

14.2.Setting NIS domain name

The command domainname ,or nisdomainname,and ypdomainname are used to set the NIS

domain name of the system. The formats of the commands are

domainname domain-name-of-system

nisdomainname domain-name-of-system

ypdomainname domain-name-of-system

the below command sets the NIS domain name of the system to localdomain

[root@localhost ~]# domainname localdomain

The commands if used without any options give the nis domain name of the system

136

[root@localhost ~]# domainname

localdomain

[root@localhost ~]# nisdomainname

localdomain

[root@localhost ~]# ypdomainname

localdomain

The NIS domain name of the system is lost when the computer is rebooted.

14.3.Configuring NIS

The main configuration file of the NIS server is /etc/yp.conf. The sample /etc/yp.conf file is

# /etc/yp.conf - ypbind configuration file

# Valid entries are

#

domain LOCALDOMAIN server LOCALHOST

# Use server HOSTNAME for the domain NISDOMAIN.

#

# domain NISDOMAIN broadcast

# Use broadcast on the local net for domain NISDOMAIN

#

# domain NISDOMAIN slp

# Query local SLP server for ypserver supporting NISDOMAIN

#

# ypserver HOSTNAME

137

# Use server HOSTNAME for the local domain. The

# IP-address of server must be listed in /etc/hosts.

#

# broadcast

# If no server for the default domain is specified or

# none of them is reachable, try a broadcast call to

# find a server.

The entry domain LOCALDOMAIN server LOCALHOST

defines the NIS domain name and the NIS server name of the system.

The configuration file is read by the ypbind daemon.

14.4.Starting NIS server

14.4.1.Staring NIS server

To start the NIS server daemon enter the below command in terminal

service ypserv start

14.4.2.Starting ypbind service

The ypbind service handles requests for information from the NIS server. To start the ypbind

service enter the below command

service ypbind start

14.5.Mapping Information

The /etc/nsswitch.conf is used to include the NIS in the search path of the files by a client

system. The sample /etc/nsswitch file is

# Legal entries are:

#

138

# nisplus or nis+ Use NIS+ (NIS version 3)

# nis or yp Use NIS (NIS version 2), also called YP

# dns Use DNS (Domain Name Service)

# files Use the local files

# db Use the local database (.db) files

# compat Use NIS on compat mode

# hesiod Use Hesiod for user lookups

# [NOTFOUND=return] Stop searching if not found so far

the above list defines the valid entries which can be added in the /etc/nsswitch.conf file.

passwd: files nisplus nis

shadow: files nisplus nis

group: files nisplus nis

In the above example the client computers will search the files passwd,shadow,and group on

them and if the files are not found on the system then after that they will search for the files on

nisplus domain.

Next the Makefile in the directory /var/yp is edited to include the files which files are being

shared by the NIS server. The file names which should not be shard in commented out.

The clients’ computers who are allowed access the NIS server information is added in the file

/var/yp/securenets file. The format of the entry in the /var/yp/securenets file is

netmask network

example

255.255.255.0 10.0.0.16

so all the computers on the network 10.0.0.16 can access the NIS sever information.

139

The finer grain of control can be implemented using the file /etc/ypserv.conf. This file can be

used to set rules that define which host computers can access which files.

The format of the file is

ip address of network:file-name for which access is defined:security:mangle{:field}

the field is optional. The security can have values as none(to allow access),port(to allow access

from port below 1024),deny(denying access)

the mangle field is having the value yes or no.

14.5.1.NIS database

The NIS database of the files configured to have shared by the NIS server is created by using the

ypinit command.

1 5 . D H C P S E R V E R

15.1.Overview

DHCP stands for the Dynamic Host Configuration Protocol. DHCP server is used to assign the

ip address,netmask,DNS server and other information to the computers in its network. The

client computers will have to select that they want to use the DHCP server for the information

like ip address,netmask,and DNS server. The server then provides the requested information to

the clients

15.2.Starting the DHCP server

To check the status of the dhcp server run the above command in the terminal

chkconfig –list dhcpd

if the service is not running then enable the service by issuing the command

chkconfig dhcpd on

after enabling the user can run the dhcpd service using the command

service dhcpd start

140

15.3.Configuration file

The configuration file for the DHCP server is /etc/dhcpd.conf. The configuration file is used to

list the range of ip address out of which the server will assign a ip address to a computer on its

network. It can also contain option to assign a particular address to a definite Ethernet address

on the network.

15.4.Working of DHCP server

The file /var/lib/dhcp/dhcpd.leases contains information if a client has been assigned address

by a dhcp server. For every client which has been assigned address one set of lease line is writ-

ten in the file /var/lib/dhcp/dhcpd.leases.

On the client computer if a user enters the command ifconfig -a then corresponding to the

Ethernet interface which was assigned ip address using the dhcp server the user will be the ip

address mentioned in the file /etc/dhcpd.conf

15.5.DHCP client

The DHCP client can be configured using the utility Network Configuration. To invoke the

Network Configuration window enter the below command in the terminal window

[root@localhost ~]# neat

or

[root@localhost ~]# system-config-network

141

To configure a device to obtain the ipaddress,dns server information and other information

needed for connecting to the internet from the dhcp server follow this steps.

Choose the device listing. In the above example the device eth0 is chosen (Ethernet interface

eth0).

click on the edit button.

This will throw a Ethernet device panel to the user.

On the below Ethernet device panel choose the general tab

142

Then to set up a dhcp client click on the option box Automatically obtain ip address settings

with and in the drop down menu items choose dhcp.

User can also choose to obtain the DNS server information using dhcp by clicking on the check

box Automatically obtain DNS information from provider.

After making the changes the user should restart the network using the below command

service network start

The dhclient is used to get the information from the dhcp server. The dhcp client (invoked by

the command dhclient at boot time if the client is configured to obtain the ip address from the

dhcp server at boot time else invoked when the activate button of the network configuration

utility is clicked after selecting the Ethernet interface) gets the ip address information from the

dhcp server it first checks the configuration file /etc/dhclient.conf for configuration parame-

ters).

The process id (PID) of the dhcp client (invoked by the command dhclient) is stored in the file

/var/run/dhclient.pid.

143

1 6 . D N S S E R V E R

16.1.Overview

The DNS stands for Domain Name System. It is used to translate the host names into ip address

and also ip address into the host names. It also contains information about each domain and

organization of domain into zones.

16.2.Starting Named daemon

The status of the named daemon can be checked by the command

chkconfig - -list named

if the service is not running then enable the service using the command

chkconfig named on

to start the service named use the command

/etc/init.d/named start

or

service named start

16.3.BIND Configuration GUI

The BIND Configuration GUI is used to configure the DNS server on a Red Hat Box. In Red Hat

the DNS service is implemented using the Berkeley Internet Name Domain (BIND). To invoke

the BIND Configuration GUI enter the below command in the terminal

[root@localhost ~]# system-config-bind

144

The properties button is clicked after selecting the object in the listing panel. In the current case

the DNS server is selected.

To add a new DNS server click on the New button to add a new server. After clicking on the new

tab a drop down list is displayed on which the user can choose the object which he/she wants to

set the value. The objects which are displayed in the drop down list are

� Zone� View� Access Control List� Security key� Server� Controls � Logging� DNSSEC Trusted keys

The user can enter the value of the parameter by clicking on the object. This displays a panel on

which user can enter the value.

The properties of an existing DNS server can be edit by selecting the server in the drop down list

and then clicking the object on the drop down list. The values can be edited on the displayed

panel. After editing the values the changes can be saved using the save button of the main panel.

145

To delete a listing use the delete button on the panel and selecting the object in the drop down

list.

16.4.Important files

The named daemon configuration file is /etc/named.conf. The statements in this file are en-

closed in braces and are terminated by semicolon. The lines marked by /* */,// ,and # are

marked as comment lines. The important action defined elements are

acl – access control list used as acl “description “ { ip address };

server – to describe the server

logging – logging facility definitions options – various options like the central directory

view – the value can be inside and outside for a DNS server the request may come

from the private network(inside) or from the outside.

Zone – to describe the zone information

After editing the /etc/named.conf file the syntax of the file can be checked using the command

named-checkconf

by default it checks the file /etc/named.conf for syntax.

named-checkzone is used to check the syntax of the zone files which should be created by the

user in the /var/named directory after creating the file /etc/named.conf file.

The pid of the named daemon is stored in the file /var/run/named.pid.

The directory /var/named directory is the zone file directory of the named service.

The dump file of the named daemon is /var/named/data/cache_dumb.db.

The statistics file of the named daemon is /var/named/data/named_stats.txt

The path and the description of the files can also be viewed using the utility BIND Configuration

GUI. ON the BIND Configuration GUI the DNS server is selected on the list and clicking on the

146

properties button displays the location on which the important files are kept and also the de-

scription of the files.

Command Description

whois Searches for the availability of the

domain name. Format is

whois domain-name.

host It is used to get the ip address

corresponding to the hostname and

vice versa. Format is

dig It is used to query the DNS server

and display information returned by

the DNS server. It is often used to

troubleshoot the DNS server.

1 7 . M A I L S E R V I C E S

17.1.Overview

There are three parts of message transfer

� MTA – Mail Transfer Agent� MDA – Mail Delivery Agent� MUA – Mail User Agent

MTA's are also referred as the mail server. The sendmail and postfix are examples of the mail

server.

17.2.Sendmail

To start the sendmail server type the below command in the terminal window

[root@localhost ~]# service sendmail start

147

17.2.1./etc/mail

The /etc/mail is the core directory of the sendmail. The files which are contained in the directo-

ry are /etc/mail are divided into following category

17.2.1.1.configuration file

The main configuration file for the sendmail is /etc/mail/sendmail.cf. Many options which

sendmail uses are also defined in the file /etc/mail/sendmail.mc. The file

/etc/mail/sendmail.mc contains the sendmail default values like the location of the other

configuration files to be used by the sendmail, location of the log files and database files.

17.2.1.2.Domain name mapping file

The file /etc/mail/domaintable contain the domain name mapping that is mapping the old

domain name of the network to the new one.

17.2.1.3.Access file

The /etc/mail/access file defines the hosts and users from which the mail server sendmail will

accept mail for delivery or relay.

17.2.1.4.Virtual server files

The file /etc/mail/local-host-name define the domain names for which the sendmail server of

the system will act as a mail server.

17.2.1.5.Virtual users file

The file /etc/mail/virtusertable defines the actions which sendmail should take after receiving

mail from the trusted users and hosts.

Apart from this files the directory /etc/mail also contains the .db files which are database files

corresponding to the files described above for example access.db.

17.2.2.Generating the .db files

To generate the .db files use the following approaches

/etc/init.d/sendmail reload

or

148

/etc/init.d/sendmail restart

in above case the database files are automatically created as the sendmail is restarted or the

configuration files are reloaded when the reload option is used.

But this case doesn’t work if user doesn’t want to stop or reload the sendmail server. Then the

second approach is used

Use the below command sequence to create .db files for all the configuration file

cd /etc/mail

make all

if the user wants to make the individual configuration files into the .db files then use the follow-

ing commands

cd /etc/mail

make access.db

replace the filename access.db with the .db file you want to create for example make virtuserta-

ble.db makes the file virtusertable.db.

17.2.3.Checking Sendmail Server

The sendmail server responds to requests on the port 25. To check whether the server is work-

ing or not type the command

[root@localhost mail]# telnet localhost 25

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

220 localhost.localdomain ESMTP Sendmail 8.14.1/8.14.1; Sun, 18 Jan 2009 17:55:26 +0530

^]

user can enter help command to see the sendmail commands he/she can use.

149

help

214-2.0.0 This is sendmail

214-2.0.0 Topics:

214-2.0.0 HELO EHLO MAIL RCPT DATA

214-2.0.0 RSET NOOP QUIT HELP VRFY

214-2.0.0 EXPN VERB ETRN DSN AUTH

214-2.0.0 STARTTLS

214-2.0.0 For more info use "HELP <topic>".

17.2.4.Important Files

17.2.4.1./var/spool/mail

The directory contains files corresponding to the user names that are using sendmail. These

files contain the incoming messages received and processed by the sendmail.

17.2.4.2./var/spool/mail/statistics

This file contains the collected statistics about the sendmail.

17.2.4.3./var/spool/mqueue

This directory keeps the outgoing messages temporarily .the outgoing messages are kept until

they are send.

17.2.4.4.Log files

The sendmail log information is maintained in three files

/var/log/maillog,/var/log/maillog.1,and /var/log/maillog.2. The log files contain different level

of information. The file /var/log/maillog.2 contains the detailed log information. An entry is

made for each mail been send by the server or received by the server.

17.2.5.Actions taken by server on a mail

There are four actions which the server can take

150

RELAY – the server sends the message to the mail server request in the mail.

REJECT – the message is rejected and sender is informed that the message is rejected.

DISCARD – the message is rejected and sender is not informed that the message is rejected.

ERROR:user defined text message – inform the user why the server did not relay the message.

This options are used to configure the actions of a sendmail server. The options are used in the

/etc/mail/access file. For example

# by default we allow relaying from localhost...

Connect:localhost.localdomain RELAY

Connect:localhost RELAY

Connect:127.0.0.1 RELAY

17.3.Postfix

It is a mail transfer agent that is mail server. The directory /etc/postfix contain the main confi-

guration files and access related files used by the postfix server.

17.3.1.Starting postfix server

The postfix server is not added in any run level by default (sendmail is generally there). So to

add the postfix server use the command

[root@localhost postfix]# chkconfig --list postfix

service postfix supports chkconfig, but is not referenced in any runlevel (run 'chkconfig --add

postfix')

[root@localhost postfix]# chkconfig --add postfix

the first command shows that postfix is not in any runlevel.

The second command adds the postfix server to run level which the user is currently logged on.

To enable the postfix server enter the command

[root@localhost postfix]# chkconfig postfix on

151

to start the postfix server use the below command

[root@localhost postfix]# service postfix start

Starting postfix: [ OK ]

17.3.2.Configuration file

The /etc/postfix/main.cf is the main configuration file for the postfix server. There is also a file

/etc/postfix/main.cf.default which is exact copy of the main.cf file and is used for reference in

case user has made any wrong changes in the file main.cf. It defines the hostnames and domain

names ,postfix queues and locations to be used for logging, mailbox.

17.3.2.1.Daemon Configuration file

The file /etc/postfix/master.cf is the main configuration file for the postfix daemon process.

17.3.2.2.Permissions file

The file /etc/postfix/postfix-files contain the directory and file permissions set by the postfix

server.

17.3.2.3.Script file

The file /etc/postfix/postfix-scripts file is a shell script which executes the postfix administra-

tive commands.

17.3.2.4.Post install file

The file /etc/postfix/post-install is a shell script which performs the post installation configura-

tion of the postfix server.

Access file – the file /etc/postfix/access file is used to define the users and system which have

access to use the postfix server.

17.3.3.Mailbox

The directory /var/spool/mail contains files corresponding to the user name of each user having

access to the postfix mail server. The files act as mailbox. The incoming mail of the users

processed by the postfix server is kept in the file. For example for a user named jack the mailbox

will be /var/spool/mail/jack.

152

17.3.4./var/spool/postfix

The directory contains a list of directories to temporarily store the mails.

[root@localhost mail]# cd /var/spool/postfix;ls

active corrupt deferred hold maildrop private saved

bounce defer flush incoming pid public trace

In above example the directory /var/spool/postfix contains the sub directories incoming to

temporarily store the incoming mails which have not been delivered yet.

Bounce to temporarily store the bounced mails.

17.3.5.Log files

The log information about the postfix server is logged in the file

/var/log/maillog,/var/log/maillog.1,and /var/log/maillog.2. The file /var/log/maillog.2 con-

tains log information about each and every mail received and send by the postfix server.

17.4.Switching MTA

On a Red Hat Linux box the sendmail and postfix both the servers are installed but the sendmail

is used as the default MTA. The postfix server is treated as an alternative service to the sendmail

server.

The alternatives services and the default services are defined in the directory

/var/lib/alternatives directory and the /etc/alternatives directory. The contents of the directory

/etc/alternatives display the default services configured on the system. The directory contain

the entry

mta-sendmail

this makes sendmail as the default mail server.

The /var/lib/alternatives directory contains file mta which lists other mail servers.

To switch between the mail services from desktop perform following actions System Tools -->

Mail Transport Agent Switcher.

In the window displayed choose the postfix as the alternate mail server.

153

Then use the following commands to stop the sendmail server and start the postfix server.

[root@localhost alternatives]# service sendmail stop

Shutting down sm-client: [ OK ]

Shutting down sendmail: [ OK ]

the default sendmail server s stopped and the below command is used to start the postfix server.

[root@localhost alternatives]# service postfix start

Starting postfix: [ OK ]

The postfix server takes the mail transport agent work in place of sendmail. It replaces the

sendmail components and uses the postfix components but the location of the mailbox and the

log files remain same in both the services. The user sending mail and receiving mail don’t see

any difference as there is change only in the transport agent.

17.5.Dovecot

The dovecot is used to configure the IMAP and POP3.IMAP stands for Internet message Access

Protocol and POP3 stands for Post Office Protocol.The mailboxes of sendmail and postfix are

one single file so the above protocols are used to access the mails.

17.5.1.Starting Dovecot

To enable the dovecot service use the command

chkconfig dovecot on

and to start the dovecot service use the command

service dovecot start

17.5.2.Configuration file

The main configuration file for the dovecot service is /etc/dovecot.conf.The sample format of

the /etc/dovecot.conf file is

# Base directory where to store runtime data.

base_dir = /var/run/dovecot/

154

base_dir option sets the location where dovecot will store the run time data. The base_dir will

contain the file master.pid file which contains the PID of the dovecot service.

protocols = imap imaps pop3 pop3s

protocols option sets the protocols which the dovecot listens. Above example sets the dovecot to

listen imap,imaps,pop3 ,and pop3s protocols.

# specify different ports for IMAP/POP3. For example:

protocol imap {

listen = *:10143

ssl_listen = *:10943

..

}

the above part sets the port for the imap. Different ports are used for different protocols.

# Log file to use for error messages, instead of sending them to syslog

.# /dev/stderr can be used to log into stderr.

log_path =/var/log/dovecot.log

# Log file to use for informational and debug messages.

# Default is the same as log_path.

info_log_path =/var/log/dovecot.log

The log_path and the info_log_path sets the log file paths where the dovecot will log the infor-

mational messages and error messages.

# Maximum number of running mail processes. When this limit is reached,

# new users aren't allowed to log in.

max_mail_processes = 1024

155

max_mail_processes defines the maximum number of mail processes that can run simulta-

neously

1 8 . N E T W O R K S E C U R I T Y

18.1.Overview

Network security is becoming a vital and challenging task. If a system is connected with network

then the administrator should pay considerable attention to network security.

18.2.The daemon xinetd

The daemon xinetd is started when the system boots and listens on lot of ports corresponding to

the services configured in the configuration file of the xinetd daemon /etc/xinetd.conf.

The directory /etc/xinetd.d contains files corresponding to the services which xinetd will start if

connection is made to that port number. These services are called on demand services and can

be seen using the command

[root@localhost xinetd.d]# system-config-services

or by viewing the contents of the directory /etc/xinetd.d

[root@localhost ~]# cd /etc/xinetd.d;ls

chargen-dgram daytime-dgram discard-stream rsync time-dgram

156

chargen-stream daytime-stream echo-dgram tcpmux-server time-stream cvs discard-

dgram echo-stream tftp

Each file correspond to a service which xinetd automatically starts when connection is made to

that port.

This on demand services should not be accessible by everyone. The access can be made selective

by the use of TCP wrappers.

18.3.Using TCP wrappers

The tcpd (tcp wrapper daemon) program can be set up to monitor incoming requests for xinetd

services or in other words the services which xinetd supports and also services that have one to

one mapping onto executable files.

If tcp wrapper is used then if a client makes connection at a port for services like fin-

ger,talk,telnet,and rsh ( xinetd service) then at first tcp wrapper daemon determines whether

the connection will be allowed or refused. If the connection is allowed then the corresponding

service is invoked to listen at the port. The tcpd authenticates the client using the files

/etc/hosts.allow and /etc/hosts.deny.

18.3.1./etc/hosts.allow

It contains the list of ip address and subnet masks of clients who are allowed connection. This

file is first scanned by tcpd.

18.3.2./etc/hosts.deny

Iit contains the list of ip address and subnet masks of clients who are not allowed connection.

This file is scanned by tcpd after scanning the /etc/hosts.allow file.

If an address is not specified in any file then the connection is allowed.

Format of the files /etc/hosts.allow and /etc/hosts.deny are same. The keyword ALL is specified

for all clients. For example

in.telnetd: .example.com

fingerd: ALL

the connection for the telnet is allowed for clients from domain example.com and connection for

the finger is allowed for all the clients.

157

The service daemon is listed on the left if two service daemons are to be listed then the daemons

are separated by comma (,) character. The semicolon acts as a separator between the daemon

names and the address part. If multiple address is to be mentioned then the addresses are

separated by comma.

The ALL flag enables user to make the files as restrictive as it can be made. This enhances

security.

18.4.Security Level Configuration

The Security Level Configuration utility is used to set the security level of the system. To invoke

the Security Level Configuration utility enter the below command in the terminal window

[root@localhost ~]# system-config-securitylevel

On the Firewall Options tab the user can set the firewall is enabled or disabled. The trusted

services are allowed to pass through the firewall. On the other ports the user can add the trusted

ports by clicking on the Add button clicking on the Add button displays the below panel

158

On the add port panel the user can enter the port and also the protocol (tcp and udp).after

entering the value press ok.

The user can click on the Advanced options tab to add a file containing iptable rules in the

iptables save format. This allows user to add more complex rules and also customize the fire-

wall.

The user can browse and upload the file containing the user defined rules. After making the

changes click on apply and then OK.

159

18.4.1.Configuration files

There are two configuration files /etc/sysconfig/iptables and /etc/sysconfig/iptables-config.

The file /etc/sysconfig/iptables contains the security level currently imposed on the system.

This file is written by the Security Level Configuration utility.

The file /etc/sysconfig/iptables-config is used to, load additional iptables modules. The addi-

tional modules help in NAT filtering and helpers. The sample /etc/sysconfig/iptables-config file

is

IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp"

The directive IPTABLES_MODULES defines the modules which are loaded. In above example

the modules ip_conntrack_netbios_ns ip_conntrack_ftp are loaded.

# Save current firewall rules on restart.

# Value: yes|no, default: no

# Saves all firewall rules to /etc/sysconfig/iptables if firewall gets

# restarted.

IPTABLES_SAVE_ON_RESTART="no"

If the value is yes then the rules are saved to the file /etc/sysconfig/iptables.

18.5.Command Reference

Command Description

iptables -A To append a security rule in current

iptable rule

iptables -D Delete a rule

iptables -R Replace a rule

iptables -I Insert a rule

iptables -L List all rules

160

iptables-save Save rules from kernel and install them

in a configuration file.

1 9 . P A M A N D S E L I N U X

19.1.PAM

PAM stands for Pluggable Authentication module. PAM is a system of libraries that handle the

authentication tasks of applications (services) on the system.

The configuration file /etc/pam.conf or the files in the directory /etc/pam.d is used for configur-

ing PAM. The contents of the file /etc/pam.conf is ignored if the files in the directory

/etc/pam.d are present.

19.2./etc/pam.d

The files in the directory /etc/pam.d correspond to the services which use PAM for authentica-

tion. For example the file passwd in the above directory contains the following line

#%PAM-1.0

auth include system-auth

account include system-auth

password include system-auth

the first line is a comment.

The second line contains the rule for the PAM. The format of the next lines are or rule lines are

type control module- path module-argument

The type in above case is auth.

PAM allows four types account,password,authentiction,and session.

161

Account – the account type defines access to a service based on the availability of resource,

time and other parameters.

authentication(auth) – the authentication type prompts the user for a password and if the

user provides it then he/she can access the service.

Password – the password type is used to update the user information like changing user

password.

Session –this type is used to perform the jobs (like logging) before a user access a service or

after a user access a service.

The valid values for the control are include,required,sufficient,and optional.

Required – means that pam will return failure if this PAM modules returns failure. let three

modules are called and if this module returns false then the resultant will be false but pam will

call all the modules which are to be called for the process.

Sufficient – means that PAM returns success if this module returns success and other PAM

modules will not be called which are to be called for the process.

Optional – the success and failure of this module is not important on the overall return value

(success or failure) of PAM. The module is important if it is the only module for the service.

Include – this module includes all lines given in the configuration file of a specific type. The

configuration file is passwd as an argument.

The system-auth is the module path. The system-auth module resides in the current directory.

Contents of file system-auth

auth required pam_env.so

auth sufficient pam_unix.so nullok try_first_pass

auth requisite pam_succeed_if.so uid >= 500 quiet

auth required pam_deny.so

in the above file the pam modules are called for verification of a user for the service passwd.

162

The PAM modules reside in the directory /lib/security.

19.2.SELinux

SELinux stands for the Security Enhanced Linux. It is flexible access control architecture and

provides support for the role based access control and multilevel security.

19.2.1.SELinux administration

The SELinux administration utility is used to configure the SELinux. To invoke the SELinux

administration enter the below command in the terminal

[root@localhost selinux]# system-config-selinux

The user can set the value of SELinux enforcing mode. Three values are allowed

enforcing – SELinux policies are enforced.

Permissive – SELinux policies are checked but policy issues warning

instead of enforcement.

Disable-- SELinux policies are not enforced that is are disabled.

The SELinux administration changes the values in the SELinux configuration file

/etc/sysconfig/selinux. The contents of the file are (for the above configuration of SELinux

administration)

163

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

# enforcing - SELinux security policy is enforced.

# permissive - SELinux prints warnings instead of enforcing.

# disabled - SELinux is fully disabled.

SELINUX=disabled

# SELINUXTYPE= type of policy in use. Possible values are:

# targeted - Only targeted network daemons are protected.

# strict - Full SELinux protection.

SELINUXTYPE=targeted

19.3.Command Reference

Command Description

semanage Mapping Linux user names to SELinux user

identities, security context mapping for

network port, interface and hosts and file

context mapping.

chcat Change file or users SELinux security cate-

gory

chcon Change the security context of each file to

context

semodule Used to install,remove.list selinux policy

modules.

164

O V E R 2 5 0 E X A M P R E P A R A T I O N Q U E S T I O N S

1. Which is default installer of Red Hat Enterprise Linux?

a. anacondab. disk druidc. redhatinstallerd. grubAnswer – aExplanation – disk druid is the default partition manager for the Red Hat Enterprise Linux. Grub is the default bootloader for the Red Hat Enterprise Linux and anaconda is default installer.

2. After an installation a user wants to see the log information of the installation process. Which file the user should refer? a. /root/anaconda-ks.cfgb. /root/install.logc. /root/install-log.infod. /root/anaconda.logAnswer – bExplanation -- /root/anaconda-ks.cfg is the Kickstart file created after successful installation of Red Hat and /root/install.log is default log file.

3. A user wants to use Kickstart file for installing Red Hat Linux. He wants to set the SELinux policy during installation to enforcing. Which line should he add in the Kickstart file?a. set selinux - -enforcingb. selinux - -enforcingc. selinux - -defaultd. selinux = enforceAnswer – b

4. Which line should be added in the Kickstart file to install the bootloader in the Master Boot Record (MBR)?a. bootloader - -location=mbrb. grub - -location=mbrc. grub - -location=hd0d. bootloader - -location=hd0Answer – a

5. Which command is entered on the anaconda boot prompt to install using the kickstart file located on the website http://kickstart-file/install/linux.com?

165

a. :anaconda ks=http://kickstart-file/install/linux.comb. :boot ks - -http://kickstart-file/install/linux.comc. :anaconda ks - -http://kickstart-file/install/linux.comd. :boot ks=http://kickstart-file/install/linux.com

Answer – dExplanation – The anaconda boot prompt is denoted by: boot.

6. How many modes can kudzu operate?a. 1b. 2c. 3d. 4

Answer – 2Explanation – kudzu can operate in two modes

��safe probe mode��no safe probe mode

7. You want to start the kudzu in safe probe mode. What will you add in the configuration file /etc/sysconfig/kudzu?

a. SAFE=nob. SAFE=YESc. SAFE=?d. Anything other than no can be used on the left hand side of the assignment. Answer – dExplanation – SAFE=no denotes that kudzu starts in no safe probing mode and anything other than no means that it is started in the safe mode.

8. Which of the following is the default Red Hat Linux bootloader?a. GRUBb. LILOc. DISK DRUIDd. ANACONDA Answer – a Explanation – GRUB is the default bootloader of Red Hat Linux. LILO is also bootloader but nowadays it is not used as default bootloader. DISK DRUID is the default partition manager in Red Hat Linux.

9. Which two partitions are necessary for Red Hat Linux installation?a. /, /usrb. /home, swapc. /boot, /homed. /, swap Answer -- d

Explanation – The / filesystem is root of the Linux file system structure. So it is mandatoryto make a / partition. All other partitions can lie within the / partition. The swap partition is

166

also necessary as Linux uses swap partition as extension of main memory.

10. You have computer 256 MB RAM .What is the size of swap space for good performance of the system?

a. 256 MBb. 128 MBc. 512 MBd. 400 MB Answer – c Explanation – For good performance of the system the swap space area should be double of the physical RAM attached with the System.

11. What command is used to invoke the Network Configuration utility?a. system-config-networkb. system-config-netc. neatd. system-config-neat Answer – a, c Explanation – system-config-network and neat both the commands can be used to invoke the Network Configuration utility.

12. The file /etc/sysconfig/hwconf is not present on the system. Which files will kudzu query to find out the devices already configure?

a. /etc/modprobe.confb. /etc/sysconfig/lasthwconfc. /etc/modprobe.conf,/etc/X11/xorg.conf,/etc/sysconfig/network-scripts/ifcfg-*d. /etc/modprobe.conf,/etc/X11/xorg.conf Answer – c Explanation -- /etc/modprobe.conf is module configuration file /etc/X11/xorg.conf lists the hardware like monitor, mouse, keyboard which are configured for X./etc/sysconfig/network- scripts/ifcfg-eth0 lists the network device detected if there are more than one network device present then /etc/sysconfig/network- scripts/ifcfg-eth1 lists the second network device detected and so on.

13. Which filesystem contains the configuration files?a. /etcb. /varc. /usrd. /mnt Answer – a

167

14. You have installed Red Hat Linux in your box. You want to see the options you have chosen during the installation process. Which file should you look for?

a. no file contains that informationb. /root/anaconda-ks.cfgc. /home/anaconda-ks.cfgd. /root/anaconda-ks Answer – b Explanation -- /root/anaconda-ks.cfg is the default kickstart file created by anaconda based on the options chosen during installation.

15. You want to upgrade a system using the kickstart file. Which option will you use in kickstart file?

a. upgrade option in line 5 of kickstart file.b. upgrade option in line 1 of kickstart file.c. update option in line 5 of kickstart file.d. update option in line 1 of kickstart file. Answer – b Explanation – install option is used in the first line of kickstart file to show fresh install and upgrade option is used in the first line to show upgrade of a previous installation.

16. You want to see the information about the processes running on your system. Which filesystem will you use to get the information?

a. /rootb. /bootc. /procd. /sys Answer – c Explanation -- /proc is pseudo filesystem which contains information about the processes running on the system.

17.You used system-config-date to set the date of your system. Your friend used system-config-time for the same purpose. Is there any difference?

a. No both are sameb. system-config-date is used to set date only.c. system-config-time is used to set time only.d. yes both are different Answer – a

168

18. You have grub bootloader installed on your system. You want to boot the default operating system if user did not make a choice for 10 seconds. Which command will you use in grub configuration file?

a. timeout=10b. timeout=10 secsc. timeout=10 sd. timeout - -10 Answer – a Explanation – The timeout=10 parameter is allowed in the grub configuration file /boot/grub/grub.conf.

19. What is meaning of the option rootnoverify (hd0, 0) in the grub configuration file?a. don’t verify the / partitionb. Don’t mount the partition within braces of rootnoverify option.c. Don’t verify the first sector of hard disk.d. mount the partition indicated within the rootnoverify option. Answer – b Explanation – The rootnoverify (hd0, 0) option is used in case there is another operating system installed along with Red Hat Linux. For example if windows is installed along with Red Hat then grub should not try to mount the partition on which windows is installed.

20. You want to boot your Red Hat Linux operating system using kernel2.6.14. What changes should be made in the grub configuration file?

a. kernel /vmlinuz-2.6.14b. kernel /kernel-2.6.14c. boot /kernel-2.6.14d. boot /vmlinuz-2.6.14Answer – a

21. Which process has the PID of 1?a. initb. inittabc. grubd. mainAnswer – a

169

Explanation – The init process have the PID of 1.it is called father of all processes. During boot process kernel gives control to the init process.

22. You want to reboot your system if a user presses CTRL+ALT+DELETE keys of the keyboard during the boot process. What should you do?

a. Add ca::ctrlaltdel:/sbin/shutdown –r now in /etc/inittab fileb. Write a shell script for that and keep it in root directoryc. Add ca::ctrlaltdel:/sbin/shutdown –h now in /etc/inittab filed. It cannot be doneAnswer – aExplanation – The init process looks the /etc/inittab file for the processing to be done. The entry captures the CTRL+ALT+DELETE key sequence and the command shutdown –r now is executed.

23. What will happen if runlevel is set to 6?a. Multiuser mode bootingb. Multiuser with networking modec. The system reboots in a loopd. The system comes to haltAnswer –cExplanation – In runlevel 0 the system comes to halt and in runlevel 2, 3, and 5 the multiuser mode is active.

24. A user created two scripts S111USERDEF and S85USERDEP which are executed during boot time. Which of the two services will start first?

a. S111USERDEFb. S85USERDEPc. At same timed. Can’t be determined.Answer – aExplanation – The numeric digits i.e. 111 and 85 decide the order of run. The digits are compared from left to right taking one digit at a time. Since 1 is less than 8 so S111USERDEF is run first.

25. Which directories contain the boot time scripts for the run level 5?a. /etc/rc.d/rc5.db. /etc/rc.d/rc.5dc. /etc/rc.d/r5.dd. /etc/rc.d/rcv.dAnswer – a

26. A runlevel script has the line #chkconfig 345 25 75. What is the meaning of this line?

a. It is a commentb. It denotes that the script will run in runlevel 3,4,5 c. It denotes that the script will run in runlevel 3, 4, 5 and the start priority is 25 and the stop priority is 75.

170

d. The line gives an errorAnswer –c

27. Which command is used to get the previous run level of a system?a. runlevelb. prevrunlevelc. lastrunleveld. prevrun Answer – a Explanation – the runlevel command is used to get the current run level and the previous runlevel of a system.

28. The output of the runlevel command is N 5. What does it mean?a. Previous runlevel of the system was Nb. The current runlevel of the system is N.c. The previous runlevel of the system was 5d. The runlevel of the system was never changed from 5 so the previous runlevel is displayed as N. Answer – d

29. Which command is used to change the current run level?a. telinitb. runlevelc. initd. chgrunlevel Answer – a

30. You want to enable a service service-name for current run level (run level 5). Which command will you use to do so?

a. runlevel service-name onb. enable service-namec. chkconfig service-name ond. chkconfig service-name enableAnswer -- c Explanation – the chkconfig command is used to enable a service, disable a service and lists the status of a service or services.

31. The httpd service is enabled in the runlevel 5 but it is not running. How will the problem resolve?

a. service httpd startb. chkconfig httpd startc. chkconfig httpd ond. service httpd on Answer – a

171

Explanation – the service httpd needs to be started for that the service httpd start command is used.

32. Which command is used to start the service configuration utility?a. serviceconfb. system-config-servicesc. serviceconf, system-config-servicesd. None of these Answer – c

33. How will you view the status of all the services in all the runlevel?a. Using chkconfig allb. Using chkconfig –listc. Using chkconfig –alld. Using chkconfig list Answer – b Explanation – the chkconfig –list gives the listing of all the services in different run levels with the status of services as on or off.

34. Which directory contains the run level scripts of all the runlevel?a. /etc/rc.d/rc.allb. /etc/rc.d/init.dc. /etc/rc.d/all.dd. /etc/rc.d/rcall.d Answer – b Explanation – The directory /etc/rc.d/init.d contains all the runlevel scripts and the directories /etc/rc.d/rc*.d contain symbolic links to the scripts of directory /etc/rc.d/init.d

35. Which filesystem is not mounted on disk partition?a. /etcb. /homec. /usrd. /proc Answer – d Explanation – The proc filesystem is virtual filesystem (it is not mounted on a disk partition) which contains the process and system information.

36. Which file contains the static information about the filesystem?a. /etc/mtabb. /etc/fstabc. /etc/ftab

172

d. /etc/mstab Answer – bExplanation – The file /etc/fstab contains mount point, filesystem type, and other options.

37. Which filesystem contains the information about the filesystem currently mounted on the system?

a. /etc/fstabb. /etc/mtabc. /etc/mstabd. /etc/ftab Answer – bExplanation -- /etc/mtab contains the information about the filesystem currently used by a running system.

38. A user wants don’t want to mount the /home partition automatically at boot time. What should he do?

a. Add noauto option in fourth field of /etc/fstabb. Add notauto option in fourth field of /etc/fstabc. Add noauto option in fourth field of /etc/mtabd. Add notauto option in fourth field of /etc/mstab Answer –aExplanation – At boot time the /etc/fstab file is scanned for information about the filesystem to be mounted. If noauto option is used the filesystem is not automatically mounted.

39. Which command is used to see the listing of filesystem currently mounted on the system?

a. fdisk -lb. fdisk –mc. mount –td. mount Answer – d Explanation – fdisk command is used for creating new partition and view all the partitions of the hard disk.

40. A system has windows and Red Hat Linux installed on it. The user wants to access files kept in the /dev/sda6 partition with the vfat filesystem type. What should he/she do?

a. mount vfat /dev/sda6 /mnt/winb. mount –t vfat /dev/sda6 /mnt/winc. fdisk –t vfat /dev/sda6 /mnt/wind. mount –t vfat /mnt/win /dev/sda6 Answer – b Explanation – The mount command has the form mount –t filesystem-type source partition target partition

173

to mount a source filesystem on target directory.

41. Which command is used to create vfat filesystem on a re writable CDROM?a. mkfs -t vfat /dev/cdromb. mkfs.vfat /dev/cdromc. Both of aboved. None of above Answer – c Explanation – The mkfs –t vfat is frontend of the command mkfs.vfat.

42. Which configuration file is used while creating ext3 filesystem on a partition using the mke2fs command?

a. /etc/ext3.confb. /etc/mke2fs.confc. /etc/mkfs/mke2fs.confd. None of above Answer – b

43. A file is created using the below commanddd if=/dev/zero of=/home/demo bs=1000000 count=2.What is the size of the file /home/demo?a. 20MBb. 2MBc. 2GBd. The command is wrong Answer – b Explanation – The bs option denotes the blocksize and count denotes the number of that. So the size of the file is 1000000 * 2 = 2 MB.

44. Which command is used to create a swap filesystem on a device or file?a. createswapb. mkfsc. mkswapd. swapon Answer – c

45. Your system has a swap partition on /dev/sda3 and another swap partition on /dev/sda5.How will you decide which swap partition is active?

a. cat /proc/swapsb. fdisk –lc. cat /proc/swapd. None of above Answer – a Explanation -- /proc/swaps contain the entries

174

of the entire active swap space of the system. The contents of the file can be viewed using cat command.

46. Which command is used to check a device for badblocks?a. fsckb. mkfsc. chkfsd. badblocks Answer – d

47. A user ran command badblocks -w on a device containing important data files. What will be the problem?

a. No problem b. Data on the device will be erasedc. Data on device will not be erasedd. -w is invalid option to badblocks command Answer – bExplanation – The data is not deleted if the badblocks command is used without option or with –n option.

48. How will you check the status of the automount daemon?a. /etc/rc.d/init.d/autofs statusb. /etc/init.d/autofs statusc. /etc/rc.d/init.d/automount statusd. /etc/rc.d/init.d/autofs - -statusAnswer –bExplanation -- /etc/rc.d/init.d/autofs controls the operation of the automount daemon.

49. Which configuration file does /etc/rc.d/init.d/autofs use?a. /etc/autofs.confb. /etc/auto.confc. /etc/auto.masterd. /etc/autofs.masterAnswer –c

50. Which command is used to create a raid device of level 5 using devices /dev/sda1, /dev/sda2?

a. mdadm - -create /dev/md0 - -level=5 - -raid devices=2 /dev/sda1 /dev/sda2b. mdadm - -create /dev/md1 - -level 5 - -raid devices=2 /dev/sda1 /dev/sda2c. mdadm - -create /dev/md0 - -level=5 - -raid devices= /dev/sda1 /dev/sda2d. mdadm - -create /dev/md0 - -level=5 devices=2 /dev/sda1 /dev/sda2Answer – aExplanation – In second option - -level= should be used. In the third option - -raid

175

devices=n where n is no of devices is missing, In fourth option - -raid is missing from - -raid devices.

51. A raid device contains four devices. How will you remove one of the devices from the raid device?

a. mdadm raid-device-name –r device-nameb. mdadm device-name –r raid-device-name c. mdadm –r raid-device-name device-named. mdadm –r device-name raid-device-nameAnswer – a

52. Which command is used to create volume group?a. vgcreateb. vgextendc. volgrpcrd. pvcreateAnswer – aExplanation – vgcreate is used to create a new volume group and vgextend is used to extend an existing volume group.

53. Which directory contains entry for the logical volume group lvol0 created by a user in the volume group vol_grp?

a. No directory has the entryb. /dev/vol_grpc. /home/vol_grpd. /sys/vol_grpAnswer – bExplanation – The directory /dev/vol_grp contains lvol0 entry corresponding to the logical volume lvol0.

54. Which command is used to invoke the Logical Volume Management utility?a. System-config-lvb. System-config-lvmc. System-config-logmand. There is no such utilityAnswer – b

55. Which of the following should be created first before creating the Logical volume?a. Physical volumeb. Volume groupc. None of themd. Both of themAnswer – dExplanation –Physical volume is to be initialized first and then the volume group is to be created before creating Logical volume.

56. Which file and directory yum does look for information about the software

176

repositories?a. /etc/yum.confb. /etc/yum.conf.dc. Both of themd. None of themAnswer – cExplanation – it looks for the configuration file /etc/yum.conf and then looks for the files in the directory /etc/yum.conf.d

57. What is full form of yum?a. Yellow dog updater modifiedb. Yellow umbrellac. Yellow updater modifiedd. Yellow software updater modifiedAnswer – a

58. What is the importance of option gpgcheck=1 in /etc/yum.conf file?a. The gpgkeys of packages are checked before install or updateb. The gpgkeys of packages are not checked before install or updatec. The gpgkeys of packages are checked before install onlyd. The gpgkeys of packages are checked before update onlyAnswer – aExplanation – Usually the gpgkeys are installed before adding any software repository. If the gpgkey option is 1 then the packages are checked for the gpgkeys before installing or updating the packages.

59. A user ran yum command to install a package. Then he went for a cup of coffee. The install completed before his return. How can user decide whether the install was successful or failure?

a. He can’t decideb. Looking at /etc/yum.conf filec. Looking at /etc/yum.conf.d directory d. Looking at /var/log/yum.logAnswer – dExplanation – The log file of the yum command is /var/log/yum.log. The status of yum commands execution will be logged there. User can use the file to decide the install was successful or failure.

60. What are the levels of rpm configuration file?a. User, globalb. User,system,globalc. Sytem,globald. User, systemAnswer – bExplanation – The rpm command uses the two global configuration file /usr/lib/rpm/rpmrc and /usr/lib/rpm/redhat/rpmrc. It uses /etc/rpmrc configuration file which is configuration file specific to a system. The configuration file .rpmrc in the home directory of a user is the user

177

level rpm configuration file.

61. Where does the rpm package information kept?a. /var/lib/rpm/*b. /var/log/rpm/*c. /var/lib/rpm/db/*d. /var/lib/rpmdb/*Answer – aExplanation – The rpm command uses the /var/lib/rpm/* directory as the database for storing rpm package information.

62. A user used the command rpm –U package-name to install the package package-name which is not previously installed on the system. Is the command correct?

a. No use rpm -vb. Yesc. No use rpm-qd. No it is used for update onlyAnswer –bExplanation – The command rpm –U is used to upgrade a previously installed package and if the package is not installed in the system then it installs the package.

63. What is the difference between rpm –U and rpm –F commands?a. rpm –U installs a package if it is not installed previouslyb. rpm –F installs a package if it is not installed previouslyc. Both command do same functiond. None of the aboveAnswer – aExplanation – The command rpm –U updates a previously installed package but installs a new package and the command rpm –F updates a previously installed package but does not installs a new package.

64. Which is a valid rpm command?a. rpm –iehb. rpm –Uehc. rpm –ivvhd. rpm –iFAnswer – cExplanation – the options -v (verbose information),-vv (verbose lots of information) and h (prints hash marks are rpm options which can be used with other options. The options i.e. and e, U and e, F are mutually exclusive.

65. Your software vendor informed you that package-name.rpm has been installed in your machine. How will you check vendor’s statement?

a. There is no way to check vendor’s statement.b. Using system monitorc. rpm –q package-named. yum install package-name

178

Answer – cExplanation – rpm –q package-name queries the rpm package database and finds out information about the package-name.yum install is used to install the package package-name.system monitor is used to view system information.

66. You have downloaded a package in tar.gz format. How will you uncompress the file?

a. Using tar xvfb. Using gunzip followed by tar xvfc. Using tar xvf followed by gunzipd. Using bzip2 followed by tar xvfAnswer – bExplanation – gunzip uncompressed the tar.gz file into .tar format and then the command tar xvf is used to uncompress the tar file.

67. What is the difference between the commands tar xvf and tar xvfz?a. No differenceb. xvfz compresses a .tar file but xvf uncompress a .tar filec. xvfz uncompress a .tar.gz file but xvf uncompress a .tar filed. xvfz is verbose mode of command xvfAnswer – c

68. What does command bzip2 does?a. bzip2 –d uncompress a tar.bz2 fileb. bzip2 –d creates a tar.bz2 filec. bzip2 is used to uncompress .zip filed. bzip2 is used to compress a file to .zip format.Answer – aExplanation – bzip2 command is used to create and decompress a bz2 file.bzip2 –c is used to create .bz2 file and –d option is used to uncompress a .bz2 file.

69. Which utility is used to manage packages on a Red Hat box?a. Package managerb. Package managementc. Package Admind. Package manageAnswer – a

70. Which command is used to invoke a Package Manager?a. system-config-packageb. system-config-managec. system-config-packagesd. system-config-managesAnswer – c

179

71. Which file does contain global options to the bash shell?a. /etc/bashb. /etc/bash.confc. /etc/bashrc.confd. /etc/bashrcAnswer – d

72. Which file does define the default values to be used while creating the user account?

a. /etc/user.defsb. /etc/login.defsc. /etc/userdefsd. /etc/login.conf

Answer – bExplanation – The file contains the default values to be used while creating a user account. The default values can be overridden on the command line.

73. You want to create a user account john. The mail box of john should lie in the directory /var/temp.What line will you add in the file /etc/login.defs?

a. MAIL_DIR=/var/tempb. MAIL_BOX=/var/tempc. MAIL_JOHN=/var/tempd. MAIL_CONFIG=/var/tempAnswer – aExplanation – The line MAIL_DIR is used to denote the directory where mailbox of a user will reside.

74. Which directory contains the initial login and startup scripts?a. /etc/skelb. /etc/login.defsc. /etc/logind. /etc/initialAnswer – aExplanation -- /etc/skel directory contains the initial login and a startup scripts.The content of /etc/skel is copied to the home directory of user when the user account is created.

75. A user wants to override the default values used for bash shell. What action should be taken by him?

a. Creating a .bashrc file in home directory of userb. Creating a .bash file in home directory of userc. Editing the /etc/bashrc file.d. Creating a .bashrc file in home directory of userAnswer – aExplanation – The .bashrc file in the home directory of the user is used to override the default values used for bash shell.

76. A user Matt have a user id of 400.What is the significance of it?

180

a. User id 400 is of root userb. A user cannot have user id 400c. Matt is an administrative user.d. Matt is a non administrative user.Answer – cExplanation – User id less than 500 are reserved for the administrative users. So matt is an administrative user.

77. Which file does contain the password of user?a. /etc/passwdb. /etc/passc. /etc/passwordd. None of theseAnswer – dExplanation – The file /etc/shadow contains the user login name and encrypted password. The file/etc/passwd contains information about the user but at the place of passwd x character is written.

78. A new user is working on the /bin/tcsh shell. He wants the bash shell. What command will the system administrator execute?

a. usermod –s /bin/bash new-userb. usermod –s /bin/bashc. useradd –D –s /bin/bash new-userd. usermod –D –s /bin/bashAnswer – aExplanation – usermod command is used to modify the user information.

79. System Administrator wants to delete the account of user user1 along with the home directory of the user user1.What should be his approach?

a. userdel user1b. userdel –r user1c. userdel –h /home/user1 user1d. userdel –r /home/user1 user1Answer – bExplanation – The command userdel –r user1 is used to delete the account of a user along with his/her home directory. If the –r option is not used then the home directory of the user is not deleted.

80. Which graphical utility is used to manage users?a. User Mangerb. User Administratorc. User Admind. User ConfigurationAnswer – aExplanation –User Manager is used to create, delete, and modify user and group information.

81. Which command is used to invoke user Manager Utility?

181

a. system-config-userb. system-config-usrc. system-config-usersd. system-config-usrsAnswer – c

82. Which command is used to change the password of the root user?a. passwd rootb. su –c. su rootd. passwdAnswer – dExplanation – The format of passwd command id passwd user-name. It means the password of user user-name is to be changed. If the command passwd is used alone it means the password of root user is to be changed.

83. Which file does contain the information about the groups in a system?a. /etc/gpasswdb. /etc/passwdc. /etc/groupd. /etc/groupsAnswer – d

84. The system administrator wants to see the disk space used up by user Jack. What sh0uld he do?

a. Ask jack about the disk space usageb. df /home/jack c. space /home/jackd. df /homeAnswer – bExplanation -- The df command is used to display the amount of space available on a filesystem.

85. Which command is used to change password of a group?a. grpasswdb. grppasswdc. gpasswdd. gpasswordAnswer – c

86. A user wants to list the space used up by files and subdirectories of his home directory. What should he do?

a. Check each file size and subdirectory sizeb. Ask the system administratorc. du /home/userd. df /home/userAnswer – cExplanation – The du command is used to check the space used by the files and subfolders of a

182

directory

87. A user ran su – command in a terminal (terminal1) and got privilege of root user. He then opened a new terminal and ran command to mount a filesystem. Will the command execute successfully?

a. No su – command don’t give root privilegeb. Yesc. Yes he has to enter the root password d. No as it is different terminal session he won’t have root privilege in this session.Answer – d

88. A root user used the command su – user-name where user-name is a non administrative user.Will root has to enter the user’s password?

a. Yes root user will have to enter user’s passwordb. No the shell will prompt for password of user-name but root can choose not to enter the passwordc. If root don’t enter user-name’s password then he won’t be able to execute user-name’s filesd. No shell won’t prompt for user-name’s password Answer – d

89. How will you edit /etc/sudoers file?a. Using geditb. Using vic. Using visudod. Using geditsudoAnswer – cExplanation – the visudo command is used to edit the /etc/sudoers file.

90. A user Vishnu is member of group demo. The group demo is defined with the privilege of command shutdown –h now in /etc/sudoers file. Does Vishnu have privilege to run the command shutdown –h now?

a. Yes he can use shutdown –h nowb. No he can’t use the command directlyc. Yes he will have to use sudo shutdown –h nowd. Yes he will have to use visudo shutdown –h nowAnswer – cExplanation – The commands should be prefixed by the sudo command.

91. A user entered the command chown : file-name. What will happen ?a. Nothingb. The user and group of the file will change to that of user’sc. The user of the file will change to that of user’sd. The group of the file will change to that of group’sAnswer – aExplanation -- chown owner: group file-namecase 1 if only owner is specified but group is not specified then the file owner is changed to owner and the file group is changed to that of login group of owner.

183

Case 2 if owner and group both are specified then the file owner is changed to owner and file group is changed to group.Case 3 if owner is not specified but group is specified then the group of file is changed to that of groupcase 4 if owner and group both are not specified then nothing happens.

92. A user issues the chown user-name-group-name file-name command on a file file-name which belongs to the root user. What will happen?

a. He gets an errorb. The owner of the file will changec. The group of the file will changed. Nothing happensAnswer – aExplanation – The user don’t have privilege to change the file permissions of root user so he gets an error.

93. System administrator wants to see the users currently logged into the system and the processes run by them. Which command will help the system administrator?

a. Wb. Usersc. Alld. None of theseAnswer – aExplanation – The w command is used to view the users who are logged on the system and the processes run by them. It also shows the time for which the system is running and the load average of the system.

94. Which command shows the virtual memory statistics of a system?a. Iostatb. Vmstatc. Virtuald. All of these

Answer – bExplanation -- The vmstat command is used to displays the virtual memory statistics

95. What does free command do?a. Frees RAM memoryb. Frees swap memoryc. gives the amount of free and used memory space of the systemd. gives the amount of free and used memory of a filesystem

Answer – c

96. A user issues a command kill 0.What will be the impact of the command?a. All process with pid >0 are re signaled.b. Gives an errorc. Process with pid 0 is re signaledd. all processes in current process are signaled.

184

Answer – d

97. May a process have pid of 0?a. No process can have pid of 0b. Yes init process have pid of 0c. Boot process have pid of 0d. A process pid can be set to 0 using renice command

Answer – aExplanation – The lowest pid that a process can have is 1 which is pid of init process ( init is called father of all processes).no other process can have pid of 1 or lower than that.

98. Which utility is used to see system log information?a. Log Managerb. System Log Managerc. System Log Viewerd. Log Configuration

Answer – c

99. Which utility is used to view various system information like CPU usage, network information, memory and swap information, process information?

a. System Monitorb. System Informationc. System Administrationd. SystemManager

Answer – a

100. Which of the following information does top command not give?a. number of users currently logged onb. load average of the systemc. total number of processes, no of processes active, no of processes sleeping, no of zombie processesd. network usage informationAnswer – dExplanation -- The top command gives various information about the system number of users currently logged on load average of the system total number of processes, no of processes active, no of processes sleeping, no of zombie processes usage detail of swap memory usage detail of RAM memory the information about the processes of the system like PID (process identification number), percent CPU usage, % memory usage, the command used for invoking the process.

101. Which file does the command uptime use to present the output?a. /proc/uptimeb. /proc/sys/uptimec. /sys/uptimed. It don’t use any fileAnswer – aExplanation – The uptime command uses the file /proc/uptime for the information and formats them in user readable format.

185

102. What is SIGKILL?a. It is a signal used with kill command generallyb. It is a commandc. None of aboved. Both of themAnswer – aExplanation – The SIGKILL is used to signal a process. For example kill –SIGKILL 5009 command gives the signal SIGKILL to process with pid 5009.

103. Which command is used to print the processor type of a system?a. uname -rb. uname -nc. uname -pd. uname -kAnswer – cExplanation -- the command uname is used to print various system information.uname -aprints all the information about the system.

104. Which file contains the list of currently loaded modules in the kernel?a. /proc/moduleb. /proc/modulesc. /proc/modd. no such file is thereAnswer – bExplanation – The lsmod command is also used to list the modules currently loaded into kernel. The file /proc/modules also contain the same information.

105. A user wants to see the filename of a module currently loaded into the kernel. what should he do?

a. modinfo modulenameb. infomod modulenamec. lsmod modulenamed. modprobe modulenameAnswer – aExplanation –modinfo gives the details of a module loaded into the kernel.

106. A user issues command insmod -.What will happen?a. Error will occurb. lists all the modules of kernel2.6.14c. file name should be given from sysind. none of the above

Answer –cExplanation -- The insmod command is used to insert a driver module into the kernel. The format of the insmod command is

insmod file-name

186

if the file-name is – then the module is taken from the standard input.

107. The module A is dependent on module B. which command should be used to load the module A into kernel?

a. insmodb. modprobec. rmmodd. modinfoAnswer – bExplanation -- The modprobe command inserts other modules which are dependent on the module being inserted using the command.insmod loads only the module mentioned on the command line.

108. Which command is used to remove a module from the kernel?a. Modprobe -ab. modprobe -bc. modprobe -rd. modprobe -d

Answer – c

109. Which configuration file and directory does modprobe command refer?a. /etc/modprobe.confb. none of themc. /etc/modprobe.dd. both of them

Answer – dExplanation – modprobe looks for the configuration file /etc/modprobe.conf (if the file is present) and in the directory /etc/modprobe.d.

110. On business requirement your client wants to run the process A (already running on the system) with increased priority. What command does administrator use?

a. niceb. renicec. priorityd. scheduleAnswer – b

111. The command renice 5 -u Jack is issued. What will happen?a. Error occurs no pid mentionedb. process priority of all processes belonging to user is changed to 5c. no change in priorityd. priority 5 not allowedAnswer – bExplanation -- If the renice command is issued on user then the process priority of all processes of the user changes

187

112. A user issues two commands back to back dmesg -cdmesg

What will be the output of second command?a. No outputb. kernel messages displayedc. errord. help options displayed for dmesgAnswer – aExplanation – dmesg when used with the -c option clears the kernel ring buffer. so dmesg command prints no output.

113. In which file is cron utility log the messages?a. /var/log/cronb. /var/log/cron/cron.logc. /var/log/cron.logd. none of the aboveAnswer – a

114. Which configuration file does syslogd use?a. /etc/sysconfig/syslogb. /etc/sysconfig/syslog.confc. /etc/syslogd. /etc/syslog.confAnswer --d

115. A user wants to log the boot messages in the file /var/log/boot. Which file should he/she edit?

a. /etc/sysconfig/syslogb. /etc/sysconfig/syslog.confc. /etc/syslogd. /etc/syslog.confAnswer – dExplanation – syslogd supports the system logging. It uses the configuration file /etc/syslog.conf. The file defines the files where different system messages will be written.

116. Which file does contain the pid of klogd daemon?a. /var/run/klogd.pidb. /var/klogd.pidc. /var/run/klog.pidd. /var/run/klogdAnswer –a

117. System administrator wants to allow the user Mac to access the at facility. What system administrator does?

a. Add name on mac in /etc/at.allow

188

b. Add name on mac in /etc/atc. don't add name on mac in /etc/at.denyd. any of the aboveAnswer – aExplanation -- The file /etc/at.allow lists the name of the users who are allowed to use the at command. If the /etc/at.deny command lists the name of the users who can't use the at command.

118. System administrator allows users Jack and Jill to use at facility. what will be content of file /etc/at.allow?

a. Jack,jillb. jack:jillc. jack;jilld. jacke. jillAnswer – dExplanation -- The user names should be one in a line and there should not be whitespaces between the username (on a line).

119. On a system the files /etc/at.allow and /etc/at.deny are not present. Which users can use the at facility?

a. All the users of systemb. no user of the systemc. only root userd. error conditionAnswer – c

120. Which command is used to list all the scheduled jobs?a. at -lb. none of themc. both of themd. atqAnswer – cExplanation -- atq the atq command is used to list the scheduled job. Same as at -l.

121. In which directory the jobs scheduled by the batch command spooled?a. /var/spool/atb. /var/spool/batchc. /var/spool/at.spoold. /var/spool/batch.spoolAnswer – aExplanation -- The scheduled jobs which are submitted using the at command and batch command are spooled in the directory /var/spool/at. The files contain the information about the commands along with the environment under which the commands were scheduled.

122. Which command is used to create a crontab file?

189

a. crontab -lb. crontab -ec. crontab -dd. crontab -kAnswer – bExplanation -- The crontab -e command is used to create a crontab file. The crontab file is created in the /var/spool/cron directory. The name of the file is same as the name of the user.

123. Which file is system crontab file?a. /etc/crontabb. /etc/cronc. none of the above d. /etc/cron.confAnswer – cExplanation -- the file /etc/crontab file is system crontab file. The cron daemon reads the /etc/crontab file.

124. Which command is used to start the Apache web server?a. service http startb. service httpd startc. service httpd ond. service http onAnswer – b

125. Which file does contain the pid of the httpd daemon?a. /var/run/http.pidb. /var/run/httpd.pidc. /var/run/httpd. /var/run/httpdAnswer – b

126. Which directory contains the library modules for the httpd server?a. /usr/lib/httpd/modulesb. /usr/lib/httpd/modulec. /lib/httpd/modulesd. /lib/httpd/moduleAnswer – b

127. Which file does contain the configuration information about the httpd server?a. /etc/httpd.confb. /etc/httpd/confc. /etc/httpd/conf/httpd.confd. /etc/httpd/conf.dAnswer – cExplanation -- The Apache web server configuration directory is /etc/httpd. The conf sub directory of /etc/httpd directory contains the main Apache configuration file httpd.conf.

190

128. In the /etc/httpd/conf/httpd.conf file the user set the directive ServerRoot“/etc/demo”. What will be the impact?

a. The top of the directory tree under which the server's configuration, error, and log files are kept will be /etc/demo.b. Error valuec. no changesd. ServerRoot is not a directive.Answer – aExplanation – ServerRoot directive defines The top of the directory tree under which the server's configuration, error, and log files are kept

129. What is the content of /etc/httpd/conf.d directory?a. Configuration file related to Apache client b. load libraries related to Apache serverc. nothingd. The conf.d contains the configuration files relating to the languages (like Python, Perl, and PHP), database (Mysql) and the authorization modules.Answer – d

130. What are the sections of Apache web server main configuration file /etc/httpd/conf/httpd.conf?

a. Configuration directives for Apache web server process as whole.b. Configuration parameters for the main serverc. Settings for virtual hosts.d. All of the aboveAnswer –d

131. Which is the graphical utility for httpd server configuration?a. HTTPD Server Configuration b. HTTP Server Configuration c. HTTP Configurationd. HTTPD Configuration Answer – b

132. Which command invokes the HTTP Server Configuration utility?a. system-config-httpdb. system-config-httpc. system-config-httpsd. system-config-httpconfAnswer – a

133. The DocumentRoot directive of main apache web server configuration file is set to “/home/demo”. Where the users need to put the html files to be served by the server in response of client request?

191

a. /home/demob. /var/www/htmlc. both of themd. none of themAnswer – aExplanation – DocumentRoot defines the directory where the user will place the contents or files he/she wants to get handled by the web server. For example if you create an index.html file and kept it in this directory and opened the address http://localhost using any web browser then the contents of index.html file will be displayed.

134. What are the possible values of LogLevel directive in Apache web server main configuration file?a. Warnb. debugc. none of themd. all of themAnswer – dExplanation -- debug info, notice, warn, error, crit, alert, and emerg are possible value of LogLevel directive.

135. Which directory does contain the log information about the httpd server?a. /var/log/httpdb. /var/log/apachec. /var/log/httpd. /var/log/httpd.logAnswer --a

136. What are the two main programs consisting Squid server?a. squid,dnssrvb. squid,dnsc. squid,dsnserverd. squid,squiddemoAnswer – cExplanation -- squid consists of a main server program squid, a Domain Name Systemlookup program dnsserver and some other modules for authentication and management tasks.

137. Which is the main configuration file for squid server?a. /etc/squid.confb. /etc/squid/squidd.confc. /etc/squid/squid.confd. /etc/squid/sqd.confAnswer – c

138. On which port does squid listen by default for http?

192

a. 3128b. 80c. 413d. 3120Answer – a

139. An administrator wants to change the default http port that squid listen to 4000.What should he/she do in main squid configuration file?a. httpd_port 4000b. port 4000c. httpport 4000d. http_port 4000Answer – dExplanation -- http_port define the socket addresses where Squid will listen for HTTP client

140. In what forms does http_port socket address be defined in the squid server main configuration file?

a. Port aloneb. hostname with portc. none of themd. all of them

Answer – dExplanation -- The socket address can be defined in three forms: port alone, hostname with port, and IP address with port.

141. What do you mean by in transit objects in terms of squid server?a. Objects used oftenb. objects never used c. objects which moved outd. objects that are in use

Answer –d

142. What are hot objects in connection with squid server?a. Objects in useb. objects very complexc. objects not in use d. objects used very oftenAnswer –d

143. How will you set the RAM memory used to handle the in transit and hot objects of squid server?a. cache_mem of /etc/squid/squid.confb. ram_mem of /etc/squid/squid.confc. RAM_mem of /etc/squid/squid.conf

193

d. mem_ram of /etc/squid/squid.confAnswer – aExplanation – cache_mem sets the cache size (RAM memory used to store the in transit objects that is objects that are in use), hot objects (objects that are used often), and negative cache objects (recent failed requests).

144. Which is the default cache directory for the squid server?a. /var/spool/squid/cache b. /var/spool/squid c. /var/spool/cache d. /var/spool/squid/cachedirAnswer – b

145. Which file does contain the pid of the squid server?a. /var/run/squid.pid b. /var/run/squidc. /var/run/squid/squid.pidd. /var/run/squidd.pidAnswer – a

146. What is the meaning of the line acl all src 0.0.0.0/0.0.0.0 of main squid server configuration file?

a. gives name all to all the addressesb. gives name all to no addressc. gives name acl to all the addressesd. gives name src to all the addressesAnswer – aExplanation -- The acl tag is used to define access control. the form of acl tag is acl name type string or file

147. An administrator writes the below line in main squid serverhttp_access allow 192.168.56.65. what does it refer?a. 192.168.56.65 can access the http content.b. Wrong formatc. allow is invalidd. ip address should be with netmaskAnswer – aExplanation – http_access define which clients can access the squid server for http contents.

148. Can the line http_access deny all be added in the /etc/squid/squid.conf file?a. No all not allowedb. no deny is not allowedc. yes it can bed. no http_access is not allowedAnswer – c

194

Explanation – line means the http content is denied for all the clients.

149. Under which user does squid server run?a. Squidb. rootc. squiduserd. all of themAnswer – a

150. What is cache manager?a. The cache manager is a cgi utility for displaying information about the squid http proxy process as it runs.b. Used to see amount of cache space used by a process c. nothingd. it is daemon process name of squid server.Answer – a

151. Which is the configuration file for the cache manager?a. /etc/squid/cache.confb. /etc/squid/cachemanager.confc. /etc/squid/cachemgr.confd. /etc/cachemgr.confAnswer – c

152. How is the cache manager invoked?a. Cache-manager commandb. using http://server-name/cgi-bin/cachemgr.cgi.c. Using system-config-cached. all of the aboveAnswer – bExplanation -- The cache manager can be invoked by typing the address http://server-name/cgi-bin/cachemgr.cgi.

153. Which is the configuration file for the squid daemon?a. /etc/sysconfig/squid.confb. /etc/squid/squid.confc. /etc/sysconfig/squid.d/squid.confd. /etc/sysconfig/squidAnswer – dExplanation -- /etc/sysconfig/squid is configuration file for squid daemon and /etc/squid/squid.conf is configuration file for squid server.

154. What does the line SQUID_OPTS="-D" in the squid daemon configuration file mean?

a. Squid can be started without having internet connection b. load default values from configuration file

195

c. runs squid in safe moded. all of aboveAnswer – aExplanation -- -D option disables initial dns checks so squid can be started without having internet connection

155. Which command does make squid to reread the configuration file?a. squid -k reconfigureb. squid -k configurec. squid reconfigured. squid configureAnswer – a

156. Which command is used to restart the squid daemon?a. Service squidd restart b. service sqd restart c. /etc/init.d/squid restartd. service squid reloadAnswer – c

157. Which command is used to start the NFS services?a. Service nfsd startb. service nfs startc. service nfd startd. service nfsd onAnswer – b

158. What does the option secure mean in case of /etc/exports file?a. Invalid option b. use PAMc. use SELinux d. none of aboveAnswer – dExplanation -- the client computer should connect using the port below 1024.if the insecure option is specified then any port can be used.

159. An administrator wants to add a NIS group NISGRP in /etc/exports file? Which of the following is true?

a. Not possibleb. use NISGRPc. use @NISGRPd. use #NISGRPAnswer – cExplanation -- The access can also be defined in terms of the NIS group. The nis group can be preceded by the @ of sign before the nis group name.

160. An administrator wants to add host1 and host2 in /etc/exports file corresponding to

196

the directory /home/user. Which of the following is valid entry?a. Host1,host2b. host1:host2c. host1 host2d. all of aboveAnswer – cExplanation -- Multiple hostnames or Ip address can be entered separated by blank. The combination of ip address and hostname can also be used.

161. A system administrator has made *.example.com entry in the file /etc/exports. Which of the below address match the entry?

a. New.myhost.example.comb. myhost.example.comc. both of aboved. none of aboveAnswer – bExplanation -- * character matches any number of characters in a domain name that is * matches for myhost (of option b) but not of option a as in option a there was new.myhost (means new belonging to domain myhost)

162. What is meaning of option root_squash in the file /etc/exports?a. Maps root user to client to user jack's accountb. don't allow client root user to loginc. maps client root user to NFS server root user d. maps the root user of client to anonymous user Answer – dExplanation -- maps the root user of client (uid 0 gid 0) to anonymous uid and gid. The default value of anonymous uid and gid is 65534.The anonymous uid and gid value can be changed by using options anonuid and anongid.

163. Which command is used to export all directories listed in the file /etc/exports?a. Exportsb. exportfsc. exportd. exportsfAnswer – bExplanation -- The directories mentioned in the /etc/exports file can be exported that is made available to the network using the exportfs command or rebooting the system or restarting the NFS service.

164. Which graphical utility is used to create the /etc/exports file?a. NFS Configuration b. NFS Server Configuration c. NFS Server Managerd. NFS Server AdministrationAnswer – b

197

165. Which command is used to invoke the NFS server configuration utility?a. System-config-nfsdb. system-config-nfsc. both of themd. none of themAnswer – b

166. What operation is performed before user accesses a NFS directory?a. The directory is mountedb. the directory is unmountedc. no operation is doned. system should be rebootedAnswer – aExplanation – before accessing a NFS directory the directory should be mounted using mount command or using autofs

167. Which command is used to display server side NFS information?a. nfsstat -sb. nfsstat -cc. nfsd. nfstatAnswer – aExplanation -- The nfsstat command is used to display statistics about the NFS server and client activity

168. Which directory does contain information about the exported directory using the NFS?

a. /var/lib/nfsb. /var/log/nfsc. /var/spool/nfsd. /var/log/nfs/nfs.logAnswer – aExplanation -- The var/lib/nfs directory is used to keep information about the exported directory. The files xtab, etab, and rmtab files which contain the information about the exported files.

169. Which utility is used to configure samba server?a. Smaba Server configurationb. Samba Server configurationc. Samba configurationd. Smaba configurationAnswer – b

170. Which command is used to invoke the Samba Server Configuration utility?a. System-config-sambab. system-config-smbc. system-config-sambad

198

d. system-config-smbdAnswer – a

171. Which of the following is main configuration file of samba server?a. /etc/samba/samba.confb. /etc/samba.confc. /etc/samba/smb.confd. /etc/smb.confAnswer – c

172. Which file does contain the name of the all samba users?a. /etc/samba/smbusersb. /etc/smbusersc. /etc/samba/smbusrsd. /etc/samba/sambausersAnswer – a

173. An administrator wants to add a user Jack as samba user. The Unix username and windows user name of Jack are same (it is Jack).what should be the format of entry in samba user file?

a. jack=jackb. user=jackc. user:jackd. jack:jackAnswer – aExplanation -- The /etc/samba/smbusers file contains the list of samba users. To add a new samba user vishnu as in above case enter below line in the /etc/samba/smbusers file vishnu = vishnuthe left hand side denotes the Unix user name and the right hand side denotes the windows user name.

174. Which command is used to start the samba server?a. Service smbd startb. service samba startc. service smb startd. service sambad startAnswer – c

175. Which command is used to view the samba server status information?a. smbstatusb. smb statusc. smbclient -Ld. none of themAnswer – cExplanation – the command is used to check whether the samba service is running on the system and the share created on the system is being shared as the user wanted it to be.

199

176. Which command is used to start the ftp server?a. Service ftp startb. service ftpd startc. service vsftpd startd. service vftpd startAnswer – c

177. Which is the main configuration file for the vsftpd server?a. /etc/ftpd/vsftpd.confb. /etc/ftp/vsftpd.confc. /etc/vsftpd/vsftp.confd. /etc/vsftpd/vsftpd.confAnswer – d

178. An administrator wants the local users to use the ftp service. which of the following lines is to be added in the ftp server configuration file?

a. local_user=YESb. local_users=YESc. local_usr=YESd. local_enable=YESAnswer – dExplanation -- local_enable parameter is when set to YES then local users can login to ftp server if set to NO then local users can not login to ftp server.

179. In the main configuration file of ftp server the directive userlist_enable=NO is used. Which users are allowed to login into ftp?

a. All usersb. no usersc. users in file /etc/vsftpd/user_listd. users not in file /etc/vsftpd/user_listAnswer – cExplanation -- The /etc/vsftpd/user_list contain list of users which are allowed access if userlist_enable=NO.

180. An administrator wants to list the names of two users John and Jack in /etc/vsftpd/user_list file. Which of the following is valid entry?

a. John, jackb. john;jackc. john:jackd. johnjackAnswer – dExplanation – the users should be listed one in a line.

200

181. Which files contain the logging information about the ftp server?a. /var/log/vsftp.logb. /var/log/xferlogdc. both of themd. none of themAnswer – dExplanation --The file /var/log/vsftpd.log and /var/log/xferlog files contain the logging info about the ftp server.

182. A user wants to copy a file from current directory of remote system to current directory of local system. Which ftp command should he/she use?

a. Getb. putc. copyd. pasteAnswer – a

183. Which command invokes the ftp command prompt?a. vsftpb. sftpc. ftpd. ftpdAnswer –c

184. Which graphical utility is used to configure the ftp server?a. Very Secure FTP daemon Configuration b. Very Secure FTP Configuration c. VSFTP daemon Configuration d. VSFTPD Configuration Answer -- a

185. Which command is used to invoke the Very Secure FTP daemon Configuration utility?

a. System-config-vsftpb. system-config-ftpc. system-config-ftpdd. system-config-vsftpdAnswer –d

186. Which is the main configuration file for the LDAP server?a. /etc/openldap/ldap.confb. /etc/openldap/openldap.confc. /etc/ldap/ldap.confd. /etc/ldap/openldap.confAnswer – a

187. What is the significance of the sizelimit option in the main configuration file of

201

ldap?a. Memory size limitb. the number of records in ldapc. number of concurrent processesd. specifies the limit of results returnedAnswer – dExplanation -- SIZELIMIT specifies the limit of results which will be returned when the ldap server is searched. If the value is set to 12 then 12 results will be returned as the output of a search.

188. What is the significance of the timelimit option in the main configuration file of ldap?

a. Maximum time taken by ldap to answer a search requestb. Minimum time taken by ldap to answer a search requestc. Maximum time taken by ldap to add a entryd. none of aboveAnswer – aExplanation -- TIMELIMIT specifies the time limit which the ldap will take to answer the search request. The timelimit of 15 in above example means that the ldap will take 15 seconds to answer a search request.

189. A user created a file which contains the directories of information he/she wants to add into an ldap server. What should be file extension?

a. Ldapb. ldifc. ldafd. ldfaAnswer – bExplanation -- LDAP Data Interchange Format (LDIF)

190. Before using a schema to create ldap directory information what a user should do?a. Add the schema in /etc/openldap/ldap.confb. nothing is to be donec. ad schema in /etc/openldap/openldap.confd. make the schema file Answer – aExplanation -- To create the ldap directories user have to include the ldap schema he/she is using in the configuration file /etc/openldap/ldap.conf using the include directive.

191. Which directive is used to include a schema in the file /etc/openldap/ldap.conf?a. Copyb. use c. included. makeAnswer – c

192. A user makes changes in the file /etc/openldap/ldap.conf. He/she wants to check

202

whether he/she made any syntax error. Can he/she do this?a. No he can't do this using any commandb. yes using slapd -tc. yes using ldap -td. yes using ldcheckAnswer – bExplanation -- The command slapd -t is used to check the /etc/openldap/ldap.conf file for the syntax change.

193. Which command is used to search for an entry in the ldap directory?a. ldapb. ldap -sc. ldapsearchd. ldapsrchAnswer – cExplanation -- Ldapsearch is used to search the ldap directory using the search parameters.The number of entries which should be returned using the ldapsearch command is defined in the configuration file /etc/openldap/ldap.conf. The SIZELEIMIT option is used to define the number of rows returned.

194. Which directory does contain the default ldap schema file?a. /etc/openldap/ldap/schema/b. /etc/ldap/schema/c. /etc/openldap/schema/d. /etc/openldap/schemaldapAnswer – c

195. which command is used to set the nis domain name of a system?a. domainnameb. nisdomainnamec. ypdomainnamed. all of theseAnswer – dExplanation -- The command domainname, or nisdomainname, and ypdomainname is used to set the NIS domain name of the system

196. Which is the main configuration file for NIS server?a. /etc/nis.conf b. /etc/nis/yp.conf c. /etc/yp/yp.conf d. /etc/yp.conf Answer – d

197. Which command is used to start the NIS server?a. service ypserver startb. service yp start

203

c. service ypserv startd. service ypd startAnswer – c

198. Which file is used to map NIS?a. /etc/nsswitch.confb. /etc/nswitch.confc. /etc/nwitch.confd. /etc/nisswitch.confAnswer – aExplanation -- The /etc/nsswitch.conf is used to include the NIS in the search path of the files

199. The files /etc/passwd and /etc/group are being shared by the NIS server. Which file contains the name of the files being shared by the NIS server?

a. Sharefile in /var/yp directoryb. Makefile in /var/yp directoryc. Makefile in /var/nis directoryd. Make in /var/yp directoryAnswer – bExplanation -- the Makefile in the directory /var/yp is edited to include the files which files are being shared by the NIS server. The file names which should not be shard in commented out.

200. Which file does contain the entry for the client computers with access to NIS server?a. /var/yp/securenetb. /var/yp/securenetsc. /var/yp/access.confd. /var/yp/secureAnswer – bExplanation -- The client’s computers who are allowed access the NIS server information is added in the file /var/yp/securenets file.

201. What are the valid values of security field in file /etc/ypserv.conf?a. Noneb. portc. denyd. all of theseAnswer – dExplanation -- The security can have values as none (to allow access), port (to allow access from port below 1024), deny (denying access)

202. Which command is used to create a NIS database?a. ypb. ypdatac. ypinitd. ypservAnswer – cExplanation -- the NIS database of the files configured to have shared by the NIS server is

204

created by using the ypinit command.

203. Which command is used to enable the dhcp server?a. chkconfig dhcpd startb. chkconfig dhcpd onc. chkconfig dhcpd enabled. chkconfig dhcp onAnswer –b

204. Which of the following is dhcp server configuration file?a. /etc/dhcpd/dhcpd.confb. /etc/dhcp/dhcpd.confc. /etc/dhcpd.confd. /etc/dhcp.confAnswer – c

205. What does the file /etc/dhcpd.conf contain?Answer -- The configuration file is used to list the range of ip address out of which the server will assign an ip address to a computer on its network. It can also contain option to assign a particular address to a definite Ethernet address on the network.

206. How can administrator decide number of client’s assigned address using the DHCP server?

a. Using file /var/lib/dhcp/dhcpd.leasesb. using file /var/lib/dhcp/dhcpd.countc. using file /var/lib/dhcp/dhcpd.numd. using file /var/lib/dhcp/dhcpd.statAnswer – aExplanation -- The file /var/lib/dhcp/dhcpd.leases contain information if a client has been assigned address by a dhcp server. For every client which has been assigned address one set of lease line is written in the file /var/lib/dhcp/dhcpd.leases.

207. Which graphical utility is used to configure the dhcp client?a. System-config-networkb. neatc. all of thered. none of theseAnswer – c

208. Which file does contain the process id of the dhcp client?a. /var/run/dhcpclient.pid.b. /var/run/dhclient.pid.c. /var/run/dhcplient.pid.d. /var/run/dhpclient.pid.Answer – b

205

209. Which configuration file does dhcp client use?a. /etc/dhcplient.confb. /etc/dhpclient.confc. /etc/dhcpdclient.confd. /etc/dhclient.confAnswer – d

210. Which command is used to start the named server?a. service bind startb. /etc/init.d/named startc. /etc/init.d/name startd. service name startAnswer – b

211. Which graphical utility is used to configure the DNS server?a. BIND Configuration GUIb. BIND Configuration c. BIND Server Configuration GUId. BIND Server ConfigurationAnswer –a

212. Which command is used to invoke BIND Configuration GUI?a. system-config-nameb. system-config-namedc. system-config-bindd. system-config-dnsAnswer – c

213. Which is the main configuration file for the named daemon?a. /etc/named/named.confb. /etc/named/name.confc. /etc/named.confd. /etc/name.confAnswer – c

214. What is the function of acl directive in the file /etc/named.conf?a. To define access control listb. to define performance option c. to define server pidd. none of the aboveAnswer – aExplanation -- acl – access control list used as acl “description “{ip address};

215. An administrator made changes to file /etc/named.conf. Which command does check file for syntax error?

206

a. Named-checkconfb. checkconfc. checkfiled. namedcheckconfAnswer – a

216. Which command is used to check the syntax of the zone files?a. named-checkzoneb. checkzonec. checkzonenamedd. zonecheckAnswer – aExplanation -- Named-checkzone is used to check the syntax of the zone files which should be created by the user in the /var/named directory after creating the file /etc/named.conf file.

217. Which file does contain the statistics of named daemon?/var/named/data/named_statistics.txt/var/named/data/named_stats/var/named/data/named_stats.txt/var/named/data/stats.txtAnswer – c

218. you have chosen a domain name for your system. How can you check the availability of domain name?

a. whob. whoisc. domainchkd. domaincheckAnswer – bExplanation – whois command is used to search for the availability of domain name format whois domain-name

219. How can you get the hostname of your system from ip address?a. hostb. hostnamec. gethostd. none of theseAnswer – aExplanation -- It is used to get the ip address corresponding to the hostname and vice versa. Format ishost host-namehost ip address

220. Which file is dump file for the named daemon?a. /var/named/data/cache_dumb.dbb. /var/named/data/dumb.dbc. /var/named/data/named_dumb.db

207

d. /var/named/data/cache_dumbAnswer – a

221. Which of the following files are configuration files for the sendmail server?a. /etc/mail/sendmail.cfb. /etc/mail/sendmail.mcc. both of themd. none of themAnswer – cExplanation -- The main configuration file for the sendmail is /etc/mail/sendmail.cf. Many options which sendmail uses are also defined in the file /etc/mail/sendmail.mc. The file /etc/mail/sendmail.mc contains the sendmail default values like the location of the other configuration files to be used by the sendmail, location of the log files and database files.

222. The domain name of your system changed from oldone to newone. What should the administrator do?

a. Domain name mapping in file /etc/domainb. use command domainnamec. domain name mapping in file /etc/mail/domaintabled. none of aboveAnswer – cExplanation -- The file /etc/mail/domaintable contain the domain name mapping that is mapping the old domain name of the network to the new one.

223. You want to configure the sendmail server to handle two domain names. What will you do?

a. Can't be doneb. define domain names in /etc/mail/local-host-namec. define domain names in /etc/mail/domain-named. define domain names in /etc/mail/virtualAnswer – bExplanation -- the file /etc/mail/local-host-name define the domain names for which the sendmail server of the system will act as a mail server.

224. Which file is used to define the users and clients for accessing the sendmail server?a. /etc/mail/accessb. /etc/mail/access.denyc. /etc/mail/access.allowd. /etc/mail/securityAnswer – aExplanation -- The /etc/mail/access file defines the hosts and users from which the mail server sendmal will accept mail for delivery or relay.

225. After changing the /etc/mail/access file a user wants to create the access.db file. What command does server the purpose?

208

a. Make access.dbb. make accessc. create access d. create access.dbAnswer – aExplanation -- The user wants to make the individual configuration files into the .db files then use the following commandscd /etc/mailmake access.dbreplace the filename access.db with the .db file you want to create for example make virtusertable.db makes the file virtusertable.db.

226. What actions does sendmail do on a mail?a. RELAYb. REJECTc. both of themd. none of themAnswer – cExplanation -- There are four actions which the sendmail server can take RELAY – the server sends the message to the mail server request in the mail.REJECT – the message is rejected and sender is informed that the message is rejected.DISCARD – the message is rejected and sender is not informed that the message is rejected.ERROR: user defined text message – inform the user why the server did not relay the message.

227.Which file does contain collected statistics from sendmail?a. /var/spool/mail/statisticsb. /var/spool/mail/statc. /var/spool/mail/statsd. /var/spool/mail/statisticAnswer – a

228. Which is the main configuration file for postfix server?a. /etc/postfix/main.cfb. /etc/postfix/main.mcc. /etc/postfix/postfix.cfd. /etc/postfix/post.cfAnswer – aExplanation -- the /etc/postfix/main.cf is the main configuration file for the postfix server. There is also a file /etc/postfix/main.cf.default which is exact copy of the main.cf file and is used for reference in case user has made any wrong changes in the file main.cf. It defines the hostnames and domain names, postfix queues and locations to be used for logging, mailbox.

229. Which is the postfix daemon configuration file?a. /etc/postfix/master.cfb. /etc/postfix/daemon.cfc. /etc/postfix/postfix.confd. /etc/postfix/master.conf

209

Answer – aExplanation -- The file /etc/postfix/master.cf is the main configuration file for the postfix daemon process.

230. Which file is used to define the users and clients for accessing the postfix server?a. /etc/postfix/accessb. /etc/postfix/access.denyc. /etc/postfix/access.allowd. /etc/postfix/securityAnswer – aExplanation -- the file /etc/postfix/access file is used to define the users and system which have access to use the postfix server.

231. Which file does contain the directory and file permission set by postfix?a. /etc/postfix/postfix-filesb. /etc/postfix/permit-filesc. /etc/postfix/postfix-filed. /etc/postfix/permission-filesAnswer –aExplanation -- the file /etc/postfix/postfix-files contain the directory and file permissions set by the postfix server.

232. Which files does contain the sendmail and postfix server log information?a. /var/log/maillogb. /var/log/maillog.1c. /var/log/maillog.2d. all of aboveAnswer – dExplanation -- the log information about the postfix and sendmail server is logged in the file /var/log/maillog,/var/log/maillog.1,and /var/log/maillog.2. The file /var/log/maillog.2 contains log information about each and every mail received and send by the postfix and sendmail server.

233. Which directory does contain the default services configured on the system?a. /etc/alternativeb. /etc/alternativesc. /etc/services/alternativesd. /etc/service/alternativesAnswer –bExplanation -- The contents of the directory /etc/alternatives displays the default services configured on the system

234. Which file does contain the alternative mail services?a. /var/lib/alternativesb. /var/lib/alternatives/mtac. /var/lib/alternative/mta

210

d. /var/lib/alternatives/mta-alternateAnswer – b

235. Which is the main configuration file for the dovecot services?a. /etc/dovecot.confb. /etc/dovecot.cfc. /etc/dovecot.mcd. /etc/dovecot/dovecot.confAnswer – a

236. Which directive of dovecot configuration file does set the directory path containing run time data?

a. run_dirb. base_runc. main_dird. base_dirAnswer – dExplanation – base_dir defines Base directory where to store runtime data

237. Which directive of dovecot configuration defines maximum number of running mail processes?

a. max_mail_processes b. max_run_mail_processes c. max_mail_run_processes d. mail_processes Answer – aExplanation -- max_mail_processes defines the maximum number of mail processes that can run simultaneously.

238. Which configuration file does xinetd use?a. /etc/xinet.confb. /etc/xine.confc. /etc/xinetd/xinetd.confd. /etc/xinetd.confAnswer – d

239. Which directory does contain the files corresponding to the services supported by xinetd?

a. /etc/xinetd.db. /etc/xinetdc. /etc/xinetd.d/serviced. /etc/xinetd.d/servicesAnswer -- a

211

Explanation -- The directory /etc/xinetd.d contains files corresponding to the services which xinetd will start if connection is made to that port number. These services are called on demand services.

240. There are three clients A, B, and C. Administrator wants to allow A and B for xinetd services (with tcp wrappers).The client A is listed in file /etc/hosts.allow and c in /etc/hosts.deny.Is the configuration right?

a. Nob. yesAnswer – bExplanation -- /etc/hosts.allow – it contains the list of ip address and subnet masks of clients who are allowed connection. This file is first scanned by tcpd./etc/hosts.deny – it contains the list of ip address and subnet masks of clients who are not allowed connection. This file is scanned by tcpd after scanning the /etc/hosts.allow file.If an address is not specified in any file then the connection is allowed.

241. What is the significance of ALL in /etc/hosts. allow and /etc/hosts. deny?

a. All is specified to denote all clients b. all is specified for all servicesc. both of thesed. none of theseAnswer – a

242. Which graphical utility is used to configure security level of a system?a. security Configurationb. security Level Configurationsc. security Level Configurationd. security Level ManagerAnswer – c

243. Which command is used to invoke security level configuration?a. system-config-securityb. system-config-levelc. system-config-secureleveld. system-config-securitylevelAnswer – d

244. Which file contains the current security level settings?a. /etc/sysconfig/iptableb. /etc/sysconfig/iptablesc. /etc/sysconfig/ipchainsd. /etc/sysconfig/ipchainAnswer – bExplanation -- The file /etc/sysconfig/iptables contains the security level currently imposed on the system. This file is written by the Security Level Configuration utility.

212

245. Which file does configure the modules needed for NAT filtering?a. /etc/sysconfig/iptables-configb. /etc/sysconfig/iptables-natc. /etc/sysconfig/iptables-filterd. /etc/sysconfig/iptable-configAnswer – aExplanation -- The file /etc/sysconfig/iptables-config is used to, load additional iptables modules. The additional modules help in NAT filtering and helpers.

246. Which command is used to save the rules from kernel and install them in a configuration file?

a. iptables-saveb. iptables-loadc. iptables-kerneld. iptables -SAnswer – a

247. The /etc/pam.conf file is absent on a system. Where will the configuration file for PAM find?

a. /etc/pam/pam.db. /etc/pam.d/confc. /etc/pam.d/pamd. /etc/pam.d Answer – dExplanation -- The contents of the file /etc/pam.conf is ignored if the files in the directory /etc/pam.d are present. The files in the directory /etc/conf.d correspond to the services which use PAM for authentication.

248. Which of the following account types does PAM allow?a. authb. passwordc. both of themd. none of themAnswer – cExplanation -- PAM allows four types account, password, authentiction, and session.

249. What are the valid control types for a PAM configuration file?a. mandateb. donec. none of themd. both of themAnswer – cExplanation -- The valid values for the control are include, required, sufficient, and optional.

250. Which directory does contain the PAM modules?a. /lib/security

213

b. /lib/PAMc. /lib/security/PAMd. /etc/PAMAnswer – a

251. Which graphical utility is used for SELinux configuration?a. SELinux configuration b. SELinux configurationsc. SELinux administrationd. SELinux managerAnswer – c

252. Which command is used to invoke the SELinux administration utility?a. system-config-selinuxb. system-config-SElinuxc. system-config-SELinuxd. system-config-seAnswer – a

253. What of the following is valid SELinux enforcing mode?a. permissiveb. enforcingc. disabled. all of themAnswer – dExplanation -- enforcing – SELinux policies are enforced.Permissive – SELinux policies are checked but policy issues warning instead of enforcement.Disable-- SELinux policies are not enforced that is are disabled.

254. Which configuration file does SELinux use?a. /etc/sysconfig/selinux.confb. /etc/sysconfig/selinux.mcc. /etc/sysconfig/selinux.cfd. /etc/sysconfig/selinuxAnswer – d

255. Which file does SELinux Administration utility change?a. /etc/sysconfig/selinuxb. /etc/sysconfig/seladc. /etc/sysconfig/seladmd. /etc/sysconfig/seladminAnswer – aExplanation -- The SELinux administration changes the values in the SELinux configuration file /etc/sysconfig/selinux

214

INDEX*

Aaccess 97, 105, 113-14, 116-17, 119-20, 125-6, 129, 132, 135, 138-9, 150-1, 153, 161, 193, 203, 208-9 [4]access control 113, 193access control list 145, 205access control section 9, 113Access file 147, 151, 172access tab user 125access.db 147-8, 208AccessFileName 103access.log cache.log squid.out store.log 112account system-auth 160 user jack's 196acl 113, 122, 145, 205acl tag 113, 193actions System Tools 152address 61, 99, 103-4, 107, 115, 140, 156, 191, 193-4, 204, 211 assigned 140, 204 lp 117adm 78-9, 81, 130Administrative group 73administrator 66, 155, 192-3, 195, 198-9, 204-5, 207, 211AGE 68AGENT 97Alias SERVICES 79aliases 70-1, 79, 103, 134ALT 30, 32, 169amount 85-6, 183, 194anaconda 14, 26, 164-5, 167anaconda boot prompt 164-5anaconda ks 165anongid 118, 122, 196anonuid 122Anonymous login 127anonymous uid 118, 196anonymous user behavior 132answer 3, 134, 201 command xvf 178 dev/sda2 174 device-name raid-device-name 175 dumb 207 error condition 188 etc/autofs.master 174 etc/bashrc 179 etc/cachemgr.conf 194 etc/dhclient.conf 205 etc/dhcp.conf 204 etc/dovecot/dovecot.conf 210 etc/groups 181 etc/ldap/openldap.conf 200 etc/name.conf 205 etc/openldap/schemaldap 202 etc/PAM 213 etc/samba/sambausers 198 etc/smb.conf 198 etc/sysconfig/selinux 213 etc/syslog.conf 187 etc/vsftpd/vsftpd.conf 199 etc/xinetd.conf 210 etc/yp.conf 202 filesystem 183 ftpd 200 gpassword 181 hd0 164 kickstart-file/install/linux.com 165

215

lib/httpd/module 189 modified 176 namedcheckconf 206 paste 200 renice command 184 schedule 186 security Level Manager 211 service name start 205 service sambad start 198 service squid reload 195 service vftpd start 199 service ypd start 203 squid configure 195 system-config-dns 205 system-config-httpconf 190 system-config-manages 178 system-config-se 213 system-config-securitylevel 211 system-config-smbd 198 system-config-usrs 181 system-config-vsftpd 200 var/log/httpd.log 191 var/run/httpd 189 var/run/klogd 187 var/run/squidd.pid 193 var/spool/mail/statistic 208 var/spool/squid/cachedir 193apache 102, 105-6 configuration apache configuration file httpd.conf 100, 189apache server 109, 190Apache web server 99, 101, 110, 189-91apache web server configuration directory 100, 189apache web server process 101, 190async 42, 118, 122atq 94-6, 188atrm 95-6attributes 55, 101auth 102, 149, 160-1, 212 file system-auth 161authentication 111, 160-1, 191, 212auto 42, 51autofs 50-1, 174, 197autofs status 174automount 6, 50, 52automount daemons 50, 174

Bbadblocks 6, 49, 174base 45, 133-4, 153-4, 210bash 70bash shell 70-1, 179-80bashrc 70batch 93, 96bi 19, 85bin/bash 35, 67, 70, 72, 78, 97-9, 180bin/bash new-user 180bin/mount 79-80bin/tcsh 72bin/true 90bin/umount 79-80Block device 57, 85blocksize 45-6, 173bo 85book 3, 5boot 14-15, 25-9, 41, 51, 91, 165, 167-8boot configuration 27-8

216

boot directory 15boot/grub/grub.conf 25, 28, 168boot ks 165boot partition 14-15, 26boot process 3, 5, 25, 29, 169, 184 normal 29boot process kernel 169boot prompt 16, 18boot system, single 14boot time 34-5, 42, 87, 142, 169, 172bootloader 15-16, 25, 27, 41, 164-5 default 25, 164-5bootloader command 17broadcast 136-7browse tab user 66buffer 86, 91, 187button 107-8, 120-1, 142, 144-5, 157bzip2 178

Cca 31, 169cache 105, 112, 114, 192-3cache directory 112 default 193cache directory section 9, 112cache files 60cache manager 10, 114-15, 194Cache-manager command 194cache server 105cache size 112, 193cachedir 60case 81, 183cat 47-8, 173-4cd 120, 131, 152, 155cdrom 16-19, 80CDROM media 52change 36, 46, 52, 72, 78, 81, 83, 90, 131, 153, 163, 170, 181-3, 186, 192change directory 131change root user's password 76Changing priority of process 8, 90Changing runlevels 36chgrunlevel 170chkconfig 35-8, 99, 150, 169, 171chkconfig command 170chkconfig dhcpd 204chkconfig service-name 37-8, 170choice 16, 27-8, 34, 123, 168click 40, 75, 82-3, 87, 121, 123-5, 141, 158 user information 74clicking 83, 87, 121, 125, 142, 144-5, 157client computers 118, 138-40, 195, 203client side information 122client system 137clients 3, 99, 104, 113-14, 118, 125-6, 132-3, 139-40, 142, 156, 186, 192-4, 196, 204, 207, 211 [1] dhcp 142, 204 root user of 118, 196 subnet masks of 156, 211 web 104, 111Cmnd 79columns 42-3comma 157command 20-4, 36-40, 43-4, 47-8, 54-8, 64-5, 76-81, 84, 86-91, 93-8, 119-20, 127-8, 170-5, 180-90, 195-

200, 202-7 [29] administrative 8, 41, 79, 151 atq 95, 188 badblocks 49, 174 batch 96, 188

217

bzip2 178 chgrp 81 chmod 46 chown 81 chown user-name-group-name file-name 183 df 77, 181 dmesg 187 exportfs 119, 196 fdisk 172 filename time-specification 95 following 46, 52, 67, 72, 153 free 183 fsck 48-9 groupadd 73 groupdel 73 groupmod 73 insmod 89, 185 install 64 ldapsearch 135, 202 lsmod 185 lvdisplay 57 lvremove 57 mdadm 53-4 mke2fs 173 mkfs 44 mkswap 46 modinfo 88 modprobe 89-90, 186 network 17 nfsstat 122, 197 ps 8, 90 purpose 53, 90 pvcreate 54 renice 90-1, 186 rmmod 89 sbin/visudo 81 sudo 182 swap 46 swapon 47 top 84, 184 uptime 85 useradd 66-7, 71 userdel 72 usermod 72, 180 visudo 182 vmstat 85, 183 whois 206 ypinit 139, 204 yum 60-1, 176command aliases 79-80command askmethod 16command atq 96command badblocks 49, 174command badblocks device-name 49command badblocks searches 49command bzip2 65, 178command chkconfig 37, 143command chkconfig dhcpd 139command chkconfig dovecot 153command chkconfig httpd 99command chown 182command crontab 98command dd 173command dhclient 142command dmesg 91

218

command domainname 135, 202, 207command don��command execute 182command field 98command file swap 46command ifconfig 140command insmod 90command kudzu 19command ldapadd 135command line 46, 48, 73, 77, 179, 186command lsmod 88command lvcreate 56command mdadm 53command mkfs.vfat 173command modprobe 90command mount 42, 80command passwd 76, 181command prompts 76, 96command ps 90command pvremove 58Command Reference 13, 159, 163command renice 186command root@localhost 44command rpm 81, 177command sequence 148command service dhcpd start 139command service dovecot start 153command service httpd start 99command service network start 142command service ypbind start 137command sets 135command shutdown 169, 182command slapd 134, 202command swapoff 48command system-config-kickstart 17command tar xvf 178command tar xvfz realplay.tar.gz 64command umount directory-name 43command uname 185command useradd 72command userdel 180command vgcreate 55command vgdisplay 55command vgextend 55command vgremove 58command.insmod loads 186commands gunzip realplay.tar.gz 64commands mke2fs uses 45commands tar xvf 178comment 71-2, 101, 126-8, 160, 169computers 14-15, 23, 116-18, 122, 131, 135-6, 138-40, 166, 204 remote 131conf 100, 102, 173, 189-90, 212conf directory 100config directory 102configuration 8-9, 11, 101, 128, 133, 162, 190, 200, 205, 211 httpd server 190 post installation 151 samba 197 server's 190configuration directives 103Configuration directives for Apache web server process 190configuration file cd 148configuration file restart 116configuration files 11-12, 27-8, 41, 45, 59-60, 64, 133-5, 140, 147-8, 159-61, 165-6, 176, 186-7, 194-5,

207-8, 212-13 [19]Configuration GUI 11, 143, 145, 205

219

configuration information 115, 189configuration parameters 142, 190configuration configure 14, 17, 19-20, 23, 27, 64-5, 106-7, 109-10, 122-3, 131, 141, 143, 150, 153, 162, 204-5 [5]configure command configures 65configure IPSec tunnel 23configure printers 24configure samba server 197configure security level 211configure system's hostname 23Configuring Grub 5, 27Configuring Hardware 5, 19Configuring NIS 11, 136Configuring services 36Configuring Squid 9, 111Configuring vsftpd 10, 128connect 118, 128-9, 131, 150, 195connection 102, 110, 131, 155-6, 192, 211 internet 115, 194-5conntrack 159console 29-30, 92control 27, 104, 112, 161, 169, 212copy 15, 91, 131, 200-1core directory 109, 147cpu 85CPU usage 84, 184crashes 40, 52Creating Kickstart 5, 16Creating User Account 7, 66cron facility 93, 97crontab 97-8, 189crontab jobs 97-8CTRL 30, 32, 169ctrlaltdel 30-2, 169

Ddaemon 78-9, 81, 99, 130, 157 cron 97-9, 189 klogd 93, 187 named 143, 145, 205-6 tcp wrapper 156daemon Configuration 10, 131, 200Daemon Configuration 151daemon process name 194daemon xinetd 12, 155data files 46, 174database 64, 79, 100, 177, 190database files 147-8, 207days 68db 138db files 12, 147-8, 208dc 133-4default installer 14, 164default operating system 27-8, 168default parameters 45-6default runlevel 29-30default values 66-7, 71-3, 101, 147, 179, 194, 207defaults 41, 45deflate/module 89Deleting user account 7, 72deref 134DEREF options 134desc 19description 29, 33, 35, 61-2, 123, 125-6, 145-6, 159, 163, 205desktop 82, 86, 152dev 18, 41-2dev/cdrom 43-4, 51-2, 173

220

dev/fd0 51dev/md0 53-4, 174dev/my 57dev/sda 26, 42-3, 47-8, 77dev/sda0 53dev/sda1 53, 174dev/sda2 53-4, 174dev/sda4 43dev/sda5 40, 54-5, 173dev/sda6 172dev/vol 175device 19, 41-2, 44, 46, 49, 52-4, 141, 166, 173-5 multiple 52 physical 53device listing 141device name 42device-name 48-9, 175 filesystem-type 44, 48devpts 41, 43df 77, 96-7, 181dhcp 139, 142DHCP client 11, 140dhcp server 139-42, 204DHCP server 11, 139-40, 204difference 42, 153, 167, 177-8digits 35, 169dir 17, 45, 153-4, 210DIR 67-8, 179directory 15, 34-6, 40-1, 59-60, 99-104, 117-21, 125-6, 131, 133-4, 149-52, 160, 171, 175-7, 188-91, 196-

7, 209-12 [25] base 153, 210 current 131, 161, 200 etc/alternatives 152 etc/httpd 189 schema 134 target 173 var/lib/alternatives 152 var/named 145, 206 var/nis 203 var/yp 203directory entry 117, 134directory files 117directory information 134directory list 132directory listing 121directory name 17, 117directory-name host-name 117directory option 132directory path 17, 210directory realplay 64-5directory realplay.tar 65directory tree 101, 190directory user 70directory yum 175disk 85, 105, 118, 127, 171disk druid 164-5display 57, 77, 90, 124, 181display server side information 122display server side NFS information 197dmesg 91, 187DNS server 11, 139, 143-6, 205dns server information 141DNS server information 142DNS service 143DocumentRoot 103, 106, 190-1domain 106, 127, 143domain example.com 117-18, 156

221

domain name mapping 147, 207Domain Name Service 138Domain Name System 111, 143, 191 domain names 146-7, 151, 196, 206-8domain NISDOMAIN 136domain ServerName 106domainname domain-name-of-system 135don��dovecot 12, 153-4dovecot configuration 210down list 144-5drivers 19, 80, 87-8drm 88-9DSO (Dynamic Shared Object) 102dual boot system 14dumb.db 145, 206DVD 14-15DVD drive 14DVD media 14-15Dynamic Host Configuration Protocol 139Dynamic Shared Object (DSO) 102

Eedit 39, 59, 83, 108, 120-1, 123, 144, 182editing 27-8, 58, 134, 144-5, 179email address, web master 107, 109ENAB 69-70entry 15, 20, 29, 37, 50-1, 71-3, 114, 117-18, 126, 135, 138, 149, 169, 173, 175, 201-3 [2] valid 136, 138, 196, 199entry initdefault 29entry mta-sendmail 152environment 96, 99, 188 customize user's shell 70EOT 95-6error 49, 101, 104, 150, 183, 185-7, 190-1, 208error Answer 170error messages 91, 154etc/alternatives 209etc/at.allow 94, 187-8etc/at.deny 93-4, 188etc/at.deny command lists 93, 188etc/auto.misc 50-1etc/bashrc 71etc/cron.daily 98-9etc/demo 190etc/dhcpd.conf 140, 204etc/exports 117, 196etc/exports file 118-20, 195-6etc/fstab 42, 171-2etc/ftab 171-2etc/gshadow 73etc/hosts 137, 211etc/hosts.allow 12, 156, 211etc/hosts.deny 12, 156, 211etc/httpd 100-1, 189etc/httpd/conf 101-2, 189-90etc/httpd/conf/httpd.conf 189-90etc/init 116, 143, 147-8, 174, 195, 205etc/inittab 29etc/login.defs 67, 179etc/mail 11, 147-8, 208etc/mail/local-host-name 147, 207etc/mail/sendmail.cf 147, 207etc/mail/sendmail.mc 147, 207etc/modprobe 90, 186etc/modprobe.conf 90, 166, 186

222

etc/mstab 172etc/mtab 6, 42, 171-2etc/named.conf 145, 205etc/nsswitch.conf 137, 203etc/openldap/ldap.conf 134-5, 200-2etc/openldap/openldap.conf 200-1etc/pam 13, 160, 212etc/pam.conf 160, 212etc/passwd 71, 78, 180-1, 203etc/postfix/main.cf 151, 208etc/postfix/master.cf 151, 208-9etc/postfix/permission-files 209etc/postfix/permit-files 209etc/postfix/postfix-files 151, 209etc/profile 71etc/rc 31-2, 34-6, 50, 52, 169, 171, 174etc/samba directory 126etc/service/alternatives 209etc/services/alternatives 209etc/skel 67, 70, 72, 179etc/skel directory 70, 179etc/squid/squid.conf 111, 191-4etc/sudoers 80-1etc/sysconfig/hwconf 19-20, 166etc/sysconfig/ipchains 211etc/sysconfig/iptables 159, 211etc/sysconfig/iptables-config 159, 212etc/sysconfig/selinux 162, 213etc/sysconfig/squid 115, 194etc/sysconfig/syslog 187etc/sysconfig/syslog.conf 187etc/syslog 187etc/syslog.conf 92, 187etc/vsftpd/ftpusers 130etc/vsftpd/user 129-30, 132, 199etc/X11 32-3, 166etc/xinetd 155, 210-11etc/yp.conf 136etc/yum.conf 59-60, 176Ethernet device panel 141Ethernet interface 17, 140, 142exam 3exam topics 3example.com 105, 117-19, 122, 156exec 42execution, yum commands 176exit codes 49expire 60, 67, 72Explanation 164-213export 119, 196export HOSTNAME DESKTOP 97exported directory 122, 197exportfs 119, 196ext2 44-5, 48, 51ext3 41, 44, 48 filesystem types 42ext3 filesystem type 52ext3 filesystems 40, 44-5, 173ext3 rw 42-3

Ffacility 187-8failure 54, 161, 176father 27, 29, 169, 184fc7 26, 63, 87-8, 91, 127fdisk 172-3Fedora Core Linux 14

223

field 98, 139 fourth 42, 98, 172file group 81, 182-3file modules.networking 88file names 67, 87, 93, 95, 132, 138, 185, 203file owner 81, 182-3file permissions 46, 183file swap 47-8file system 42, 49 virtual 41file system errors 49file systems, multiple 49filename 47-8, 88, 185filename access.db 148, 208files 29-30, 34-6, 46-8, 78-81, 92-9, 101-4, 115-18, 129-34, 137-40, 145-7, 149-52, 155-64, 171-6, 178-

90, 198-201, 203-13 [20] access.db 207 apache web server configuration 190 authpriv 92 bash 179 bashrc 70-1, 179 boot/grub/grub.conf 15 bz2 178 cached 105 change 163 component support component 102 configu-ration 92 crontab 97, 188-9 dhcp server configuration 204 domain name mapping 147 dovecot configuration 210 download 128 dump 145, 206 entry 117 etc/at.allow 93 etc/auto.master 50 etc/auto.misc 51 etc/bashrc 179 etc/cron.allow 97 etc/cron.deny 97 etc/crontab 98, 189 etc/dovecot.conf 153 etc/export 119 etc/fstab 6, 41, 43, 48, 172 etc/group 71, 81 etc/hosts.allow 156, 211 etc/httpd/conf/httpd.conf 101, 190 etc/inittab 5, 29-30, 169 etc/login.defs 67 etc/mail/access 147, 150, 207 etc/mke2fs 45 etc/mtab 42 etc/named.conf 145, 206 etc/nsswitch 137 etc/nsswitch.conf 138 etc/openldap/ldap.conf 134, 202 etc/pam.conf 212 etc/passwd 72 etc/postfix/access 151, 209 etc/postfix/postfix-scripts 151 etc/profile 71 etc/rpmrc configuration 64, 176 etc/samba/smb.conf configuration 126 etc/samba/smbusers 126-7, 198 etc/shadow 71 etc/squid/squid.conf 193 etc/sudoers 8, 79-80, 182

224

etc/sysconfig/iptables-config 159 etc/syslog.conf 92 etc/yp.conf 136 etc/yum.conf 176 executable 42, 156 execute user-namex201fs 182 exported 122, 197 file master.pid 154 file-name.cron 97 ftp server configuration 199 global configuration 64, 176 gpg key 61 htaccess 104 htpasswd 104 httpd.pid 101 important 11-12, 145-6, 149 index.html 103, 191 initrd 15 inittab 29 ldif 135 library 101 list 130, 132, 199 load config 102 local 138 main.cf 151, 208 modules.dep 89 multiple 131 named daemon configuration 145 pid 109 postfix daemon configuration 208 proc/kmsg 93 rmtab 122, 197 samba configuration 10, 126 samba user 198 sample 35, 96 sample auto.master 50 sample configuration 60 sample etab 122 sample ldap.conf 133 sample modprobe.conf 90 sample vsftpd.conf 128 script 151 sharing 122, 128 single 153 special 92 squid configuration 111, 192 squid daemon configuration 115, 194 squid server configuration 193 standard logging 132 sub-component configuration 101 swap 46-8 tar 178 tar.bz2 178 tar.gz 178 temporary 60 using 95, 204 var/log/secure 93 var/log/xferlog 130, 200 var/yp/securenets 138, 203 ypbind configuration 136 yum configuration 65 zip 178 zone 145, 206files he/she 103, 191files nisplus nis shadow 138files passwd 138

225

files S10network 35files xtab 122, 197Filesystem Administration 6Filesystem Information 6, 40filesystem mount command 43filesystem option 77filesystem type 42, 48, 53, 172filesystem-type device-path-name directory-name 43filesystems 6, 34, 40-4, 46, 48-50, 52, 77, 80, 83, 165-7, 171-2, 181-2 basic 29 df 77 mounted 77, 122 proc 41, 171 pseudo 167 single 52 vfat 173filesystems tab 83finger 156firewall 3, 14, 16-17, 157, 159firewall command sets 17firewall rules 159floppy 45-6, 51following commands cd 148, 208format 10, 19, 29, 35, 47-8, 50-1, 53-7, 60-1, 71-3, 76-8, 81, 89-91, 117, 138-9, 146, 184-5 [17] tar.bz2 64-5 value 134Fri 94-6fs 45-6fsck 48-9, 174fstype 51ftp 18, 129-30, 159, 199-200FTP 3, 17-18, 41, 111ftp command 200ftp command prompt 10, 130, 200ftp server 129-30, 132, 199-200FTP server 128ftp service 199

GGB 56gid 41, 43, 69, 96, 118, 196Global Environment Configuration 9, 101gpgcheck 60-1gpgkeys 61, 176graphical tools 33graphical utility 5, 16-17, 20, 58-9, 65, 180, 190, 196, 200, 204-5, 211, 213group 8, 67, 72-3, 79-82, 91, 109, 138, 181-3 logical 56 new 7, 71, 73group accounts 66, 82Group Administration 7, 73group administration group apache 102-3group demo 182group ids 78group information 73-4, 180group-name 72, 103group sys root 81groupadd 68, 73grp 55-7, 59, 175grub 5, 15, 25, 27-8, 164-5, 168grub configuration file 5, 25-6, 168grub menu 15, 25, 27-8gunzip 178

Hhalt 30, 33, 78, 130, 169

226

hard disk 14-16, 27, 42, 53-4, 59, 168, 172hard-disk-device name 53hard-disk-device-name 53-4hard-disk-partition 55 vgcreate volume-group-name 55 vgextend volume-group-name 55hard disk partitions 42, 44, 47hardware 19-20, 34, 87, 166Hardware Configuration 5hardware drivers 87, 89hd0 15, 26-7, 164, 168he/she 144, 161, 172, 192, 201-2 sendmail commands 148hierarchy 40, 112home 41, 50, 67, 69-70, 72, 77, 98, 165, 171, 181home/demo 173, 190-1home directory 46, 64, 67, 69, 72, 126-7, 176, 179-81 his/her 180home directory name 72home-directory-name 72home directory of user 179home directory path 71home/jack 181home/movies 43-4home/swap 47home/user 70-1, 77, 118-19, 122, 126, 180-1, 196home/vishnu 118-22home/vishnu directory 119-20host 19, 23, 146, 195-6, 206 virtual 107-8host names 117, 143hostname 10, 34, 71, 115, 117, 131, 146, 151, 192, 196, 206, 208htaccess 103-4HTTPD Configuration Answer 190httpd server 103, 189, 191HTTPD Server Configuration 190httpd service 99, 170

Iid 19, 29, 31, 86, 97 grp System 55IfModule mod 104-5imap 153-4include 50, 134, 137-8, 160-1, 201, 203, 212 system-auth password 160inconsistencies 118index closed db 64 opening db 63info 92, 104, 154infomod modulename 185information he/she 83, 201information server 103init 29-30, 32, 35, 50, 52, 168, 170-1, 174, 184init process 27, 29, 36, 169, 184INIT process 30initdefault 29, 31-4initialize 54Initializing System 6, 34initrd 15, 26-7inode 45-6Inserting module 8, 89install 14, 16, 59, 61-2, 65, 81, 89-90, 160, 163-4, 176-8, 212install server 15installation 5, 14-17, 52-3, 60, 65-6, 77, 79, 164, 167Installation and Hardware Configuration 5installation files 15

227

installation process 14-16, 18, 164, 167interface, procfs-based 122ip, ns 159ip address 131, 134, 139-40, 142-3, 145-6, 193, 196, 204-6 list of 156, 211IPC 127IPC Service 127ipt 88iptables 158-9, 212iptables modules 159, 212iso9660 51

Jjack 81, 94, 151, 181, 186, 188, 198-9jill 188jobs 87, 93-7, 161, 188john 179, 199journaling feature 40, 52

KKB 56kde 70kernel 8, 15, 26-7, 29, 87-91, 93, 160, 168, 185-7, 212kernel/crypto/module 89Kernel Information 8, 90kernel/lib/zlib 89kernel messages 92-3, 187kernel Modules 8, 87, 185Kernel Services and Configuration 8kernel subdirectory 88keyboard 16, 30, 128, 166, 169keyboard layout 14, 17, 20-1keys 30, 32, 50-1, 169 gpg 60Kickstart 18kickstart configurator 17kickstart file 5, 16, 18, 164, 167kickstart-file/install/linux.com 164-5Kickstart Kill Process 83klogd 92-3ko 89ks 18kudzu 19-20, 165

LLABEL 26, 41languages system 14largefile 46lastrunlevel 170ldap 11, 133-5, 201-2LDAP Data Interchange Format 134, 201ldap directory 135, 202ldap directory information 201ldap server 134-5, 201ldap service service ldap start 135ldap.conf 133ldapsearch 202ldif 134, 201LEN 68letter 36level 29, 34-8, 53, 80, 91, 149-50, 169-71, 174, 176level directories 35level rpm configuration file 177lib/modules 87-90lib/modules/uname 89Lightweight Directory Access Protocol 133

228

LILO 165line, following 104-5, 160, 199links, symbolic 35, 100-3Linux 15, 25, 52, 66, 78, 84, 87, 168linux file system structure 165linux filesystem 48list 38, 87, 94-5, 97-8, 120, 126, 129, 131-2, 138, 140, 143, 152, 170-1, 185, 188, 199 [5]list of commands 44, 48list of users 129, 199list root 129list service-name 38list status 38listing 19, 25, 47, 66, 83, 88, 95-6, 171-2load average 84-5, 96, 183-4LoadModule auth 102local system 131, 200local system mget 131local system mkdir 131localdomain 135-6localhost 99, 103, 114-15, 127-8, 148, 150, 191 entry domain Localdomain server 137location 16, 50-1, 60-1, 103, 109, 146-7, 151, 153-4, 164, 207-8locks 122log 78, 92-3, 100, 104, 106, 128, 154, 187Log Configuration Answer 184Log File and Cache directory section 9, 112log files 12, 41, 60, 87, 101, 132, 147, 149, 152-4, 176, 190, 207 default 164log information 8, 60, 86-7, 149, 152, 164, 191, 209logging 92, 129, 132, 151, 161, 208logical volume 7, 56-9, 175Logical Volume Group 6-7, 54, 56Logical volume group support 54login 33, 70, 78-9, 85, 128-30, 132, 196, 199 anonymous user 129 initial 179LogLevel 104, 191logout 70logs directory 100lp 78-9, 130lrwxrwxrwx 100ls 46-7, 60, 70, 87, 94, 97-8, 100, 112, 131, 133, 152lsmod modulename 185lvcreate 56lvremove 57-8

Mmac 187-8mail 12, 67-8, 72, 78-9, 92, 94, 99, 114, 130, 147, 149-50, 152-5, 179, 207-10 incoming 151-2mail processes 155, 210mail root 96mail server 146-7, 150, 152, 207 default 152mail server request 150, 208mail server sendmal 207mail services 11, 152, 209mail transfer agent 146, 150Mail Transport Agent Switcher 152mail transport agent work 153Mail User Agent 146mailbox 12, 67, 70, 151, 153, 179, 208main configuration file 100-1, 111, 126, 128, 133, 136, 147, 150-1, 153, 190-2, 198-202, 205, 207-10Makefile 138, 203manager, default partition 164-5maps 91, 135, 196 automounter 50-1

229

master 50MASQUERADE 88Master Boot Record (MBR) 14, 25, 164matt 180max 154-5, 210MAX 68-9maximum number of mail processes 155, 210Maximum number of running mail processes 154MB 46, 56, 112, 166, 173mbr 16, 164MBR (Master Boot Record) 14, 25, 164MD5 69-70mdadm 53-4, 174-5mdadm device-name 175mdadm raid-device-name 53-4, 175mem 112, 192-3members 69, 80, 182memory 85, 166, 183-4messages 91, 93, 104, 150, 187, 208 outgoing 149Min/max values 68minutes 30-1, 33misc 50-1mke2fs 44, 46mkfs 44-5, 173-4mnt/cdrom 80mnt/win 120, 172mnt/win directory 120modes 20, 41-3, 49, 63, 165 graphics 33 multiuser 31, 33, 169 safe probe 20, 165Modifying group information 7, 73Modifying user account 7, 72modinfo 88, 185-6modinfo modulename 185modprobe 186modprobe modulename 185modsecurity directory 101module modules/mod 102module name 90module-name 90modules 87-90, 100, 102, 111, 159, 161, 166, 185-6, 191, 212 authorization 100, 190 command modprobe 89 driver 89, 185 loaded 88, 185 remove.list selinux policy 163 system-auth 161modules directory 101Modules Loaded 8, 88modules module 89-90modules.networking modules.symbols 87modules.usbmap kernel modules.inputmap 88monitor 17, 21, 53, 156, 166 package package-name.system 178monitor type 21Monitoring System performance 8, 82mount 27, 42-3, 50, 52, 80, 119-20, 168, 172-3, 182mount command 42-3, 50, 80, 119, 172, 197mount-options-separated-by-comma 50-1mount point 40, 42, 50, 53, 172mounted directory 44mounting 6, 29, 42-3, 50Multiuser 31, 169Multiuser mode booting 169MYGROUP 127-8

230

Mysql 100, 102, 190

Nname 35, 41, 53, 61, 88, 93, 97, 103, 114, 117, 126, 128-9, 131, 187-9, 193, 198-9 [3]Naming convention of files 35nat 88NAT filtering 159, 212neat 22, 140, 166, 204net 50, 120netbios 159netmask 139, 193network 16-18, 35-6, 117, 119, 122, 133, 138-40, 142, 147, 155, 166, 196, 204, 207network access 135Network Configuration 140, 166network devices 14, 22-3, 88, 166network information 184Network Information Service 135network options 9, 111, 132network port 163network security 12, 155network usage information 184networking 31, 79-80NFS 3, 17-18, 31, 116, 120, 197NFS Configuration 196NFS daemon 119, 121NFS directory 10, 119-20, 197NFS server 15, 122, 197NFS Server Administration Answer 196NFS Server Configuration 10, 120, 196NFS server configuration utility 120, 197NFS server root user 196NFS service 116, 119, 195-6nfsstat 122, 197nis 135, 137-8, 203 files nisplus 138NIS database 11, 139, 203NIS domain name 11, 135-7, 202NIS group 117, 195NIS server 11, 136-9, 202-3NIS server information 138, 203NIS server name 137NIS version 138nisdomainname 135-6, 202nisdomainname domain-name-of-system ypdomainname domain-name-of-system 135NISGRP 195noauto option 172nocrossmnt 122nodaemon 32-3nodev 51nosuid 51notauto option 172nouser 42ntfs 45, 48number 29, 53, 61-2, 68, 85, 94, 101, 104, 114, 117, 135, 173, 184, 196, 201-2, 204

Oobjects 112-13, 144-5, 192-3 hot 112, 192-3 transit 112, 192-3operation 50, 118, 174, 197option url 17options format 10, 118order 35-6, 48, 104-5, 169organizations 116, 143OS 127output 46, 63, 87-8, 91, 94, 96, 119, 122, 134, 170, 184, 187, 201overridden 46, 69, 71, 179

231

owner 81, 96, 182-3

PPackage management and Kickstart 3Package Manager 7, 65, 178package name 61package-name 62, 177 yum install 61, 177package-name queries 178package-name.yum install 178package package-name 177package processing 63packages 3, 14, 59-62, 64-6, 176-8 gpgkeys of 176 installed 62, 66, 177 software 14, 59, 62-4 istration xf0b7 3pam 129, 161, 212 configuring 160PAM configuration file 212PAM modules 161-2, 212panel 53, 66, 74, 107-9, 121, 123-5, 144-5, 157partition 14, 17, 27, 40, 47-8, 52-4, 165, 168, 171-3 dev/sda6 40, 172 disk 40, 43, 171 filesystem-type source 172pass 3, 5, 157PASS 68passwd 138, 161, 180-1passwd user-name 76 passwd command id 181password 15, 28-9, 68, 71, 76, 78, 80, 124, 127, 160-1, 181-2, 212password of user 76, 180path 18, 71, 98, 126, 145, 154performance 110, 118, 166 Perl 100, 102, 190permission mask 69PHP 100, 102, 190physical volume 7, 54-5, 58, 175pid 29, 52, 84, 86, 93, 97, 142, 145, 154, 168-9, 183-7, 189, 193pipe 94Pluggable Authentication Module 93, 129pop3 153-4port 16, 102, 107, 111-12, 114-15, 118, 121, 129, 132, 134, 139, 148, 154-8, 191-2, 195, 203port number 102, 121, 155, 211port panel 158postfix 12, 146, 150-3, 209 list postfix service 150postfix mail server 151postfix server 150-3, 208-9postfix server log information 209power 30-2power failure 30, 32-3, 52Power Restored 32-3powerfail 30, 32-3powerfail action 30, 33powerokwait 30, 32-3prefdm 32-3prevrunlevel 170printers 23-4, 122Prints 63priority 36, 47-8, 83-4, 90, 186privilege 78-81, 182-3probing 20problem 103, 170, 174proc 41-2, 85, 167, 171

232

proc/modules 185proc/swaps 47-8, 173proc/uptime 184Process and Kernel Information 8, 90process id 91, 93, 142, 204process identification number 29, 84, 184process pid 90, 184process PID 41process priority 91, 186processes 8, 27, 29-30, 32-4, 36, 41, 80, 83-6, 90-1, 154-5, 161, 167-9, 171, 183-6, 194, 210 active 83 concurrent 201 postfix daemon 151, 209 proxy 114, 194 running 90 total number of 84, 184 zombie 84, 184processes tab 83profile 70program dnsserver 111, 191programs 35, 156, 191prompt 30, 94-5, 182properties 59, 108-9, 120, 144properties button 74, 121, 144, 146protocols 101, 122, 153-4, 158proxy 104-5ps 20, 95pts 85Python 100, 102, 190

QQMAIL 67-8queries 62, 64, 136, 146

Rraid 174-5RAID 52raid array 53raid device name 53raid-device-name 53-4, 175raid-device-name device-name 175raid devices 53-4, 174-5RAID devices 52-3raid devices information 53RAID disks 6, 52raid level information 53raid options panel 53ram 192-3RAM memory 84, 112, 184, 192-3ratio 45-6rc 31-2, 169, 171rc1 34, 36rc5 32, 35-6, 169rc.sysinit 31-2read/write 55, 57reconfigure 116, 195Red Hat 14-15, 58-9, 62, 69, 91, 143, 164, 168Red Hat Certified Engineer 3, 5Red Hat Certified Engineer Exam 3, 5Red Hat Enterprise Linux 14, 164Red Hat Linux 14, 16, 23, 25, 28, 53-4, 77, 165, 168, 172relay 147, 150, 207-8RELAY 150, 208remote system mput 131remote system rename 131remove 7, 53-4, 57-8, 62, 69, 89-90, 175, 186remove user groups 69

233

Removing module 8, 89respawn 29, 32-3restart 40, 120, 142, 159, 195 service nfs 119 service sqd 195 service squidd 195restarting 119, 196RH 3, 5RH systems 69RHCE 3, 5ro 51, 118, 122root 15, 26-7, 78, 80-1, 85, 93-8, 118, 122, 165, 167, 181-2, 194root/anaconda-ks.cfg 16, 164, 167root directory 105, 169 document 109root/install-log.info 164root/install.log 164root password 14, 17, 182root privilege 182root root 47, 70, 100, 133root run-parts 98-9root user 42, 66, 77-9, 93-4, 97, 99, 114, 118, 180-3, 188 maps 196 maps client 196 privilege of 78, 182root user's password 76, 78root@localhost 17, 28, 36-9, 43-4, 46, 52, 54, 58, 60, 67, 70-3, 77, 85-8, 94-9, 135-6, 140 [8]root@localhost alternatives 153root@localhost cron 98root@localhost dev 55-7root@localhost home 47-8root@localhost mail 148, 152root@localhost nfs 119-20, 122root@localhost postfix 150-1root@localhost pub 20-4root@localhost squid 112, 116rootnoverify 26-7, 168rootnoverify option 168rpm 7, 59, 62-3, 177-8rpm command 62-3 valid 177rpm command uses 64, 176-7rpm configuration file 176 user level 64rpm format 59, 62rpm package information 177 storing 64, 177rules 112, 159-60, 212 iptable 158-9runlevel 6, 29-30, 32-9, 82, 99, 150, 169-71 previous 36, 170 standard 32runlevel command 170runlevel directories 35-7runlevel field 29-30runlevel scripts 169, 171runlevel service-name 170runlevel values 29running mail processes 154, 210rw 42, 118, 122

SSamba 3, 127Samba Server Configuration 10, 122, 197samba server status information 198samba users 123-6, 198 list of 127, 198

234

sample 30, 41-2, 45, 50-1, 67, 70, 78-9, 92, 98, 118, 136-7, 159sample format 94, 115sample questions 3sbin 41, 78-9, 98sbin directory 80sbin/fdisk 79-80sbin/nologin 78-9sbin/service 79sbin/sfdisk 79-80sbin/shutdown 31-3, 80, 169schedule 31, 93-4, 96-7scheduled jobs 94-6, 188schema 133, 201schema files 133-4, 201 default ldap 202scripts 29, 34-6, 99, 169, 171search 60, 65-6, 134-5, 138, 146, 201-2, 206search request 134, 201search tab user 66seconds 27-8, 32, 101, 134, 168, 201section 9, 105, 112-13 global environment configuration 101security 17, 93, 101, 139, 157, 203security Configuration 211security level 117, 157, 159, 211Security Level Configuration 12, 157, 159, 211security Level Configurations 211selinux 17, 163-4SELinux 3, 13, 162-3, 195, 213SELinux administration 13, 162, 213SELinux configuration file 162, 213SELinux configurations 213SELinux manager Answer 213SELinux policies 162, 164, 213SELinux user identities 163Selinuxtype 163sender 150, 208sendmail 11, 146-50, 152-3, 207-9 mail server 147sendmail log information 149sendmail restart 148sendmail server 12, 147-8, 150, 152-3, 207-9 default 153sendmail server type 146sendmail uses 147, 207server 3, 12, 15, 33, 101-4, 114-16, 118, 127, 134-5, 137, 139-40, 144-5, 148-50, 190, 204-5, 207-8 [6] demo sama 127-8 high performance proxy caching 111 proxy 104-5 samba 10, 122, 126, 128, 198 web 9, 15, 41, 99, 103, 191Server Configuration 9, 106, 190, 205Server Configuration Answer 205server HOSTNAME 136-7server information 101server mirrorlist 61server name 107, 134server-name/cgi-bin/cachemgr.cgi 194server root names 101server section 9, 103server system 135 single web 106ServerAdmin root@localhost 103servername 17ServerName 106ServerName dummy-host.example.com 106ServerRoot 101, 190

235

service daemons 157service ftp start 199service ftpd start 199service httpd 38-9, 170-1, 189service httpd start 38, 99, 170-1, 189service httpd stop 39service management apps 80service-name 170service nfd start 195service nfs start 116, 195service nfsd 195service nfsd start 195service passwd 161service postfix start 153service S10network 35service samba start 198service sendmail start 146service service-name 37-9, 170service service-name start 38service service-name stop 39service smb start 127, 198service smbd start 198service vsftpd start 128, 199service yp start 202service ypserv start 203 terminal 137service ypserver start 202serviceconf 39, 171services 10, 34-41, 79-80, 99, 127, 129, 139, 143, 145, 152-3, 155-6, 160-1, 169-71, 189, 205, 210-12 alternatives 152 autofs 50, 120 default 152, 209 dhcpd 139 dovecot 153-4, 210 managing 82 net-work 35 network 33, 36 new 37 samba 127, 198 sharing 3 trusted 157 xinetd 156, 211 ypbind 137services Answer 210session 160-1, 182, 212set 14, 17, 21, 25, 27, 30, 32, 101, 103-4, 129-30, 132, 134-5, 154, 156-7, 199, 201-2 [20]set initdefault 30-1share 121, 125-7, 198 samba 123, 125, 128shared directories 120, 126, 128shell 67, 70-2, 98-9, 182shell script 34, 151, 169shutdown 30-3, 52, 78, 80, 115, 130, 182Shutdown Canceled 32-3Shutting 119, 153SIGKILL 185signal 185Single user mode 31, 33size, subdirectory 181size of files 76, 181SIZELIMIT 133-4, 201Smaba configuration Answer 197Smaba Server configuration 197socket 111, 192software 64, 79-82, 175software configuration 33software repositories 59, 61, 65, 176

236

source code 64-5source filesystem 173space 53, 56, 76, 181 amount of 77, 181 total 56squash 118, 122, 196squid 3, 111-12, 114-16, 191-2, 194-5 server program 111, 191squid daemon 10, 115-16, 194-5squid log files 112squid reconfigure 195squid restart 116, 195squid server 9, 111, 191-4squid start 116squid user 114squiduser 194start 17, 28, 35-40, 82, 91, 99, 116, 127-8, 130, 134-5, 137, 143, 153, 189, 198-9, 205 [10]Start Process 83start squid 115Starting Apache 9, 99Starting Dovecot 12, 153Starting httpd 39, 99Starting init 5, 29Starting Named 11, 143Starting NFS daemon 116, 119Starting NFS mountd 116, 119Starting NFS quotas 116, 119Starting NFS services 10, 116, 119Starting NIS server 11, 137Starting postfix, service postfix start 151Starting postfix server 12, 150Starting Samba 10, 127Starting Services 34Starting squid 116Starting vsftd 10, 128Starting ypbind service 11, 137startup 20, 97statistics kernel NFS client 122 kernel NFS server 122 virtual memory 85, 183status 37-8, 139, 143, 170-1, 174, 176stop 35-7, 39-40, 132, 148, 153 network service 36 service sendmail 153storage 60, 79-80subdirectories 40, 181subfolders 76, 181subtree 122success 161suid 42Sun Microsystems 135swap 41-2, 45-7, 85-6, 165swap area 46-8swap filesystem 173swap partition 14, 165, 173swap space 6, 34, 47, 166swpd 85sync 78, 118, 122, 130synchronize system's clock 25syntax 145, 206sys 41, 80-1, 167sysfs 41-2sysinit 29-32syslogd 9, 92, 187system 25-6, 29-30, 33-4, 46-7, 49-50, 61-2, 64-6, 77-80, 82-6, 127-8, 135-8, 166-70, 172-4, 176-7, 183-

6, 196-8 [21]

237

system administration 7, 82, 184system administrator 180-1, 183, 187-8, 196system administrator execute 180system-auth 160-1system boots 30, 42, 50, 155system clock 34system-config-bind 143, 205system-config-boot 28system-config-date 24, 167system-config-display 21system-config-ftp 200system-config-ftpd 200system-config-httpd 106, 190system-config-https 190system-config-keyboard 20system-config-kickstart 17system-config-level 211System-config-logman 175System-config-lv 175system-config-lvm 58, 175system-config-manage 178system-config-name 205system-config-neat 166system-config-net 166system-config-network 22, 140, 166, 204system-config-nfs 120, 197System-config-nfsd 197system-config-packages 65, 178system-config-printer 23system-config-samba 122, 197system-config-sambad 197system-config-securelevel 211system-config-security 211system-config-securitylevel 157system-config-selinux 162, 213system-config-SElinux 213system-config-SELinux 213system-config-services 39, 155, 171system-config-smb 197system-config-soundcard 21system-config-time 24, 167system-config-users 73, 181system-config-usr 181System-config-vsftp 200system-config-vsftpd 131system crontab file 98, 189system information.uname 185system initialization 31System Log 86system log information 184System Log Manager 184system log viewer 86, 184system logging 92, 187System Monitor 82, 184system reboots 32, 169system users 132system users behavior 132SystemManager 184

Ttab 21, 23, 107, 109, 141, 144 basic 123, 125 samba user 124tab user 132 server control 132tar xvf 178tcpd 156, 211

238

Te user 78telinit 36, 170telnet 156text editors 16, 27-8, 97time 19, 24-5, 44, 70, 84-5, 93-4, 99, 101, 115, 121, 135, 161, 169, 183time-specification 94-5TIMELIMIT 133-4, 201timeout 26, 101-2, 115, 168timezone 16-17tmpfs 41-3topics 3, 149type 17, 45, 47-8, 52, 91, 127, 148, 160-1, 163 processor 185 running Linux system 42

Uuid 68, 118, 196umount 44uname 87, 185uncomment 81, 104-5, 115, 128uncompress 64, 178 xvf 178unconfigures 20uninitialized entries 59Unix 127Unix user name 198UNIX user name 124, 127Unix username 198unmount 43-4, 80unmounting 6, 43-4update option 167updates 20, 59, 61, 65-6, 161, 176-7upgrade 14, 16-17, 62, 167, 177upgrade option 17, 167upload 128-9, 132, 158UPS 31-2uptime command uses 184URI 133-4url 17, 112usage 49, 61-2Use NIS 138user 14-18, 27-30, 66-7, 69-71, 78-80, 83-7, 93-5, 102-4, 124-30, 139-42, 150-1, 157-8, 174-7, 179-91,

198-201, 206-9 [31] administrative 78, 129-30, 132, 180 anonymous 128, 132, 196 ban 132 bin/bash 71 bin/csh 71 common 40 configuration file 134 effective 114 etc/passwd filesystem 71 ldap directories 134, 201 local 128-9, 132, 199 menu option 83 modifying 82 multi 66 new 66-7, 71, 75, 154, 180 normal 80 password 29 trusted 147 useradd 70 userdel 180 valid 126 user accesses 161, 197user account apache 103

239

user account john 179user accounts 66-7, 71-2, 78-9, 179 administrative 114 installation root 66 new 72 User Admin 180User Administrator 180User and Group Administration 7user apache 102-3user applications 41user button 75 new 124User Configuration 180user doesn��user don��user id 78, 179-80user-id 72user information 72, 161, 180user issues 183, 187user issues command insmod 185user jack 81user Jack 181, 198user login name 180user lookups 138user Mac 187User Manager 180user Manager Utility 180User Manger 180user Matt 179user-name 72, 76, 78, 90, 124, 182 his/her 103 useradd options 66user names 15, 71-2, 74, 93-4, 97, 130, 149, 151, 188user-name� �� user password, changing 7, 76, 161user requests 49, 106user set 190user squid 114USER TTY 85user user 180user user-name 181user Vishnu 182user yum 59user1 126useradd 67-9, 71-2, 180useradd command line 69useradd user-name 67userdel 69, 72, 180userdel user-name 72USERGROUPS 69userid 71userlist 129, 199 directive 199usermod 72, 180username 188users don��users group 80users Jack 188users John 199users localhost 80users SELinux security cate-gory 163users tab 132user.Will root, administrative 182user� ��user� ��user� ��

240

Using batch command 9, 96Using chkconfig 171Using command chkconfig 6, 37Using mdadm command 53Using modprobe command 8, 89Using system-config-cache 194Using system monitor 177Using System Monitor 8, 82Using tar xvf 178Using User Manager 7, 73usr 40-1, 50, 77, 165-6, 171, 199usr/lib/httpd/modules 189usr/lib/httpd/modules directory 101-2usr/local 97-8usr/sbin directory 79utility 22-4, 28, 59, 87, 106, 131, 145, 178, 184, 197 daemon Configuration 131, 200 network configuration 142 samba server configuration 122 service configuration 39, 171 system monitor 82 user manager 73utility Answer 175utility Network Configuration 140

Vvalues 29, 36, 53, 60, 69, 71, 91, 98, 123, 125, 134, 139, 144-5, 159, 162-3, 191 [4]var/cache/mod 105var/lib/dhcp/dhcpd.leases 140, 204var/lib/nfs directory 122, 197var/lib/rpm 64, 177var/lib/rpm/Name 63-4var/lib/rpm/Packages 63-4var/lib/rpm/Pubkeys 63-4var/log/cron 92-3, 187var/log/dovecot.log 154var/log/httpd directory 100var/log/maillog 92, 149, 152, 209var/log/vsftpd.log 130, 132, 200var/log/yum.log 60, 176var/named/data/cache 145, 206-7var/run directory 101var/spool/at 96, 188var/spool/cron directory 97, 189var/spool/mail 68, 78, 149, 151var/spool/mail directory 70var/spool/mail/stats 208var/spool/postfix 12, 152var/spool/squid 112, 193var/temp 179var/yp/securenets 203vendor� � ��verbose information 63, 177Very Secure 10, 131, 200vfat 43, 45, 48, 172-3vfat filesystem type 172vgcreate 55, 175vgextend 55, 175video card 17, 21View Process 83Virtual server files 147Virtual users file 147VirtualHost 106vishnu 126-7, 182, 198 samba user 127, 198vmlinuz 15vol 55-7, 59

241

volume group 7, 55-6, 58-9, 175vsftp 128-9, 200VSFTP daemon Configuration 200vsftpd 128VSFTPD Configuration Answer 200vsftpd service 128vsftpd userlist 129vv 63-4, 177

Wwarn 68, 104, 191wdelay 122web 59-61, 65-6web browser 100, 103-4, 191wheel 80Window System 3windows 25, 27, 59, 75, 122, 152, 168, 172windows user name 124, 127, 198won��workgroup 128writable option 125-6www/docs/dummy-host.example.com 106

Xxconfig 16-17

-18, 20, 23, 25, 27, 34, 53, 82, 84, 86, 98, 119, 122, 144st 144

xferlog 129xfs 45, 48xinetd 3, 132, 155-6, 210-11xorg.conf 166

Yyp 138, 203ypdomainname 135-6, 202ypserver HOSTNAME 136yum 59-60, 176yum uses 59-60

Zzombie processes usage detail 184zone file directory 145

RHCE - RH302 Red Hat Certified Engineer Certification Exam Preparation Course in a Book for Passing...

Documents

Transcript of RHCE - RH302 Red Hat Certified Engineer Certification Exam Preparation Course in a Book for Passing...