RH133 Redhat Enterprise Linux System Administration
Redhat Enterprise Linux System
Core support: CPU, Memory, Process
Management , Interrupt/Exception Handling etc.
Dynamically Loadable Kernel Modules
User Mode Access to kernel facilities
System Calls and Signals
Filesystem Device Nodes
Are not accessed through a device node but instead are accessed through a “network interface” abstraction.
CPU and Memory
Seven Supported Architectures: x86, Itanium2,
AMD64/EM64T, S/390, zSeries, iSeries, pSeries.
CPU Support on x86
Technical support for more than 2 physical CPUs only on
AS variant (may use Hyper-Threading)
Up to 32 Physical CPUs with SMP or hugemem kernel.
Memory support on x86
Technical support for more than 16 GB on AS or WS
Standard i686/athlon kernel: 4GB
SMP i686/athlon kernel:
Hugemem SMP kernel:
Preparing to Install
Read the RELEASE-NOTES file on the first
CD or at http://www.redhat.com
Check Hardware Compatibility
Redhat Supported Hardware List
Hardware compatible with Redhat Linux
XFree86 supported video cards.
Redhat Enterprise Linux and the GRUB boot loader can co-exist with other operating systems, including the following:
DOS, Windows 3.x/9x/ME
NetBSD, FreeBSD and other open systems.
Two major issues arise when implementing multiboot systems:
Partitioning and the boot process.
A boot loader such as System Commander or
NTLDR is already on the system and will launch
GRUB as a secondary boot loader.
Device Node Examples
hd[a-t] sd[a-z]+ fd[0-7] md[0-31] loop[0-15] ram[0-9]
tty[0-31] ttyS[0-9]+ lp[0-3] null zero
Standard floppy drives software RAID metadisks loopback devices ramdisks virtual consoles
Parallel Ports infinite sink ( the bit bucket) infinite source of zeros sources of random information framebuffer devices
/dev/cdrom - - >
/dev/modem - - >
/dev/pilot - - > /dec/ttyS[0-9]+
The RHEL Installer
First Stage Installer Images
– VFAT filesystem image for bootable media larger than a floppy
You will need to use the dd command to move this image to you media. For instance:
dd <diskboot.img > /dev/sda
Floppy installation is no longer supported boot.iso -- ISO9660 bootable CD image
Booting form boot.iso is the same as passing the askmethod argument to the installer when booting from CD 1.
You can create a bootable CD using the cdrecord command. For instance
cdrecord dev=/dec/hdc boot.iso
Pre-boot Execution Environment (PXE) provides for a diskless installation.
Second Stage Installer
Graphical or textual
Can be invoked in noprobe or Kickstart mode
Once located and loaded by the first stage, drives the remainder of the installation process.
noprobe and Kickstart modes available
mediacheck tests media integrity
Starts X server and a GUI installer
Can be started in lowers mode.
Works with hard drive, CDROM, NFS Installation
Graphical is the default
Menu-based terminal interface
Works with all installation methods (ftp and http)
RHEL Installation Overview
Language, Keyboard and mouse selection
Media selection if applicable
Network and firewall configuration
X server configuration
Partitioning Hard Drives
Hard drives are divided into partitions.
Partitions normally contain file systems.
Primary, extended and logical partitions
The default filesystem is ext3
Multiple partitions may be assembled into a larger virtual partitions: software RAID and
Filesystems are accessed via a mount point, which is a designed directory in the file system hierarchy.
Redundant Array of Inexpensive Disks
Multiple partitions on different disks combined into one RAID device
Fault tolerance, larger disk size, performance
Install-time RAID levels:
Striping (no redundancy)
Striping with distributed parity
Configuring File Systems
Must select mount points, partition sizes, and file system types in the installer
Can set up manually or automatically
There are many layouts which may be used
/ mast include /etc, /lib, /bin, /sbin, /dev
Swap space is typically 2x physical RAM
Typical mount points: /boot, /home, /usr, /var,
/tmp, /usr/local, /opt
Can configure each NIC independently
DHCP or static IP configuration
Determine if automatically activated on boot
LVM: Logical Volume Manager
Manages storage on one or more partitions as virtual partitions, or logical volumes
Real partitions are physical volumes and are assigned to a volume group (a virtual disk)
Disk space in the volume group is divided into extends which are assigned to a logical volume
Easy to resize logical volumes
Add a physical volume to the volume group and assign the new extents to the logical volume.
Installer can set up a kernel mode stateful packet filter
Choice of two settings: “Enabled” and “No
“Trusted Devices” can bypass the firewall
Can allow access to arbitrary services.
Security Enhanced Linux
Access control determines what actions processes can perform on what objects
Discretionary Access Control (Traditional
Users control permissions on objects
Mandatory Access Control (SELinux)
System policy restricts permission which can be granted.
SELinux Installation Options
Active (default) (Enforcing)
By predefined components
Defined in RedHat/base/comps.xml
Virtual consoles during installation
dmesg and /var/log/dmesg
GRUB drops to a prompts if there is a problem loading files.
noprobe Mode and Driver Disks
Method for supporting hardware newer than the install program
Used at install time for less common hardware
Prompt for Driver Disk
When run in noprobe mode
When started with: linux dd
When no PCI devices are detected.
Setup Agent (firstboot)
Configure X window System if necessary
Set date and time
Register with Redhat Network and get updated
Install additional RPMs or Redhat
Documentation from CDROM
Setup users system-config-* configuration tools
System Initialization and Services
Boot Sequence Overview
Kernel Initialization init starts and enters desired run level by executing:
/etc/rc.d/rc and /etc/rc.d/rc?.d
X Display Manager if appropriate
Boot device selected
First sector of boot device read and executed
Boot Loader Components
Stage – small, resides in MBR or boot sector
Stage – loaded from boot partition
Minimum Specifications for Linux:
Label, kernel location, OS root filesystem and
Location of the initial ramdisk (initrd)
Minimum specification for other OS:
Boot device, label
GRUB and grub.conf
GRUB – The Grand Unified Bootloader
Command-line interface available at boot prompt
Boot from ext2/ext3, ReiserFS, JFS, FAT, minix, or FFS filesystems
Support MD5 password protection
Changes to grub.conf take effect immediately
If MBR on /dev/had is corrupted, reinstall the first stage bootloader with:
Starting the Boot Process: GRUB
Select with space followed by up/down arrows on the boot splash screen
Change an exiting stanza in menu editing mode
Issue boot commands interactively on the
GRUB command line
init reads its config: /etc/inittab
Initial run level
System initialization scripts
Run level specific script directories
Trap certain key sequences
Define UPS power fall/restore scripts
Spawn gettys on virtual consoles
Initialize X in run level 5
Kernel boot time functions
Device driver initialization
Mounts root filesystem read only
Loads initial process (init)
Important tasks include:
Activate udev and selinux
Sets kernel parameters in /etc/sysctl.conf
Sets the system clock
Enables swap partitions
Root filesystem check and remount
Active RAID and LVM devices
Enable disk quotas
Check and mount other filesystems
Cleans up stale locks and PID files.
System V run levels
Run level defines which services to start
Each run level has a corresponding directory
The system V init scripts reside in:
Symbolic links in the run level directories call the init.d scripts with a start or stop arguments.
A daemon process is a program that is run in the background, providing some sytem service
Two types of daemons:
Transient – Controlled by the “Super-daemon”
initiallzes the default run level per the
/etc/inittab file initdefault line such as
13:3:wait:/etc/rc.d/rc 3 <--- (run level 3)
Run after the run level specific scripts
Common place for custom modification
In most cases it is recommended that you create a System V init script in
/etc/rc.d/init.d unless the service you are starting is so trivial it doesn’t warrant it.
Existing scripts can be used as a starting point.
Multiple independent VT100-like terminals
Defined in /etc/inittab
Accessed with Ctrl-Alt-F_key from an X session
/dev/ttyn: virtual console n
/dev/tty0: the current virtual console
Default RedHat Enterprise Linux Configuration
12 consoles defined
Consoles 1-6 accept logins
X server starts on the first available console, usually 7.
Utilities to control default service startup
system-config-services: graphical utility that requires and X interface
ntsysv : ncurses based utility usuable in virtual consoles
a fast, versatile command line utility that works well and is usable with scripts and Kickstart installations
Utilities to control services manually
service: immediately Start or stop a standalone service
chkconfig: immediately starts and stop xinetd- managed service.
Shutting down the system
shutdown –h now halt poweroff init 0
Rebooting rarely fixes problem in Linux
If you feel a reboot is necessary try bringing the system down to runlevel 1 and the back up to runlevel 3 or 5. This is much faster than a reboot.
Rebooting the system:
shutdown –r now reboot init 6
Kernel Services and Configuration
Modular kernel components
Components that need not be resident in the kernel for all configurations and hardware
Peripheral device drivers
Modules configurable at load time
Kernel Module Configuration
Module examination: /sbin/modinfo
Module Configuration: /etc/modprobe.conf
Aliases, parameters, actions
Module Dependencies: modules.dep, depmod
Manual control: insmod, rmmod
The /proc filesystem
/proc is a vital filesystem containing information about the running kernel
Contens of “files” under /proc may be viewed using cat
Provides information on system hardware, networking settings and activity, memory usage, and more.
The /proc filesystem, cont’d
The /proc/sys subdirectory allows administrators to modify certain parameters of a running kernel.
/proc/sys configuration with sysctl
/proc/sys modifications are temporary and not saved at system shutdown
The sysctl command manages such settings in a static and centralized fashion:
sysctl is called at boot time by rc.sysinit and uses setting sin /etc/sysctl.conf
General Hardware Resources
dmesg and /var/log/dmesg kudzu
/proc filesystem hwbrowser
System Bus Support
Hotswappable Bus Support
USB and IEEE 1394 Buses
Information in /proc/bus subdirectories
/sbin/lsusb and /sbin/usbmodules utilities
USB devices in /dev/usb
Information in /proc/bus/pccard
System Monitoring and Process Control
top, gnome-system-monitor display snapshot of processes ymstat – reports virtual memory stats iostat – lists information on resource usage, including I/O statistics free – summary of system memory usage renice – change priority of a process kill – send system signal to a process
System Initialization: Device
Master Boot Record (MBR) contains:
Executable code to load operating system
Space for partition table information, including:
Partition id and type
Starting cylinder for partition
Number of cylinder for partition
An extended partition points to additional partition descriptors
Total maximum number of partitions supported by the kernel:
63 for IDE drives
15 for SCSI drives
Why partition drives?
Containment, performance, quotas, recovery
Create partition using:
GNU parted – Advanced partition manipulation
(create, copy, resize, etc)
Partprobe – reinitializes the kernel’s in memory version of the partition table.
Managing Data: Filesystem creation
mkfs mkfs.ext2, mkfs.ext3, mkfs.minix, mkfs.msdos
Specific filesystem utilities may be called directly
mke2fs [options] device
Journaling for ext2 filesystems: ext3
ext3 is essentially an ext3 filesystem that uses a journal for file transaction automatically.
ext3 filesystems can be created natively or easily converted from ext2
Ext3 has three journaling modes:
Ordered – the default, journals only meta-data
Journaled – Journals data as well as meta-data
Writeback – Journals updates are not automatic, but gives better performance at possible expense of data integrity.
Managing data: mount
mount [options] [device] [mount_point] device (or filesystem label) points to the filesystem to mount.
mount_point is the directory under which the files on the filesystem will be located.
Managing Data: mount options
-t vfstype (vfat, ext2, ext3, iso9660, etc.)
Not normally needed
Default options for the ext2/ext3 filesystem:
rw, suid, dev, exec, auto, nouse, and async
Managing Data: Unmounting
umount [options] device | mnt_point
A filesystem “in use” may not be unmounted
Use fuser to check and/or kill processes
Use the remount option to change a mounted filesystem’s options
mount –o remount,ro /data
Managing Data: Filesystem Labels
Alternate way to refer to devices
e2lable <special_dev_file> mount [options] LABEL=fslabel mount_point
Managing Data: mount, by example
Sample filesystem requirements met using options:
Disabling execute access
Mounting a filesystem image
Mounting a pc-compatible filesytem.
Disabling access time updates.
Setting up a mount alias
Managing Data: Connecting Network
Mounting NFS resources
Requires hostname or address of server
Requires name of exported directory
Mounting SMB resources
Requires hostname and address of server
Requires share name
May require username and password
Managing Data: /etc/fstab
Configuring of the filesystem hierarchy
Used by mount, fsck, and other programs
Maintains the hierarchy between system reboots
May use filesystem volume labels in the device field
Managing Data: The auto-Mounter
System administrator specifies mount points to be controlled by the automounter daemon process.
The automounter monitors access to these directories and mount the filesystem on request.
Filesystems automatically unmounted after a specified interval of inactivity.
Enable /etc/auto.net to “browse” all NFS exports on the network.
ext2/ext3 Filesystem Attributes
ext2 and ext3 support attributes that affect the manipulation of the file data.
lsattr display file attributes chattr changes file attributes
Some attributes are not currently supported by the
Swap space is supplement to system RAM
Basic setup involves:
Create swap partition or file
Write special signature using mkswap
Add appropriate entries to /etc/fstab
Activate swap space with swapon -a
Maintaining consistency with fsck
Filesystems checked at boot up sulogin session started if errors are sever lost+found tune2fs dump2fs debugfs parted
Adding a Drive
Physically connect the new drive
If required, reread partition table with partprobe
Verify with fdisk –l and cat /proc/partitions
Create filesystems for new partitions, or
Write signature to new swap partitions
Optionally create disk label
Create any needed mount points
Add new entries to /etc/fstab
All drivers for network interface cards are built as module
Networking scripts reference logical interface names, eg:
/etc/modprobe.conf maps logical names to specific module name
Alias eth0 3c59x
Token Ring :
: eth0, eth1, ethN tr0, tr1, trN fddi0, fddi1, fddiN ppp0, ppp1, pppN
Data link layer addresses
Views and controls the negotiated media speed (100baseTX, 10baseT) of some ethernet cards.
Useful for forcing specific ethernet speed and duplex settings
Changes with mii-tools should be made on inactive interfaces.
Used to configure and set IP address on network interfaces
Not Usually called directly, but by other scripts
Also used to view properties of active and inactive network interfaces.
if (up | down) interface
Start and Stop network interfaces
Take care of details specific to interface
Obtains addresses as needed
Interface configuration file
Static dhcp bootp
Text-based network configuration tool
Only writes config files. Does not activate device or changes. Use ifup/ifdown to activate changes
Used by kudzu when new network card found at boot time.
GNOME-based network configuration tool
Can be launched by a non-privileged user, but requires authentication as root.
Binding multiple IP addresses
Use multiple IP addresses on a NIC
Virtual interface (s)
For a small number of IPs, create an ifcfg file for each virtual interface
For a large number of IPs, create an ifcfg range file
The dhclient daemon manages client-side
DHCP and BOOTP
For DHCP, dhclient:
Obtains a lease
Performs automatic lease renewal
Normally run by ifup/ifdown
Can be run manually to force renewal or release of a lease
Global Network Parameters
HOSTNAME=<fqdn by default>
NISDOMAIN=<nis domain name>
Global default defined in:
Default gateway can also be defined in
ifcfg-xxx default overrides Global default routes
Linux kernel automatically creates a network route for connected networks
Static routes defines per interface
route –n netstat -rn
hostname – display or set the system’s name
Is initially set by rc.sysinit from $HOSTNAME variable
/etc/hosts – local database of hostname to
IP address mappings
Checked before DNS
Useful for small isolated networks
DNS client configuration
Defines which name servers to use
Servers are checked in order listed
Useful utilites in bind-utils RPM package include:
host : gather host/domain information
host –a redhat.com
dig: send queries to name server directly
Dig @ns1.redhat.com mx redhat.com
Network packet loss and latency measurement tool traceroute, mtr
Display network path to a destination netstat
Multi-purpose network information tool
RPM and Kickstart
The RPM Way
Package installation is never interactive
Applies to all software (core OS and addons)
No such thing as a patch to a package
RPM Package Manager
local database rpm and related executables package files
install/remove query verify build
Installing and Removing Software
Primary RPM Options:
: rpm –i, -- install
: rpm –U, --upgrade
: rpm –F, --freshen
: rpm –e, --erase
Output Options: -v, -h
URL support: ftp:// (with globbing), http://
Many other install-options are available to address special cases.
Updating a Kernel RPM
Make sure to install kernel updates
Do not use rpm –U or rpm –F !
rpm –ivh kernel-version.arch.rpm
Boot new kernel to test
Revert to old kernel if a problem arises rpm –e kernel-olderversion if no problems
rpm –q what_packages what_information
Installed Package options:
rpm –qa List installed packages rpm –qi filename rpm –qi package_name shows owning package general information rpm –qi package_name lists files in package
Uninstalled Package Options
rpm -qip packages_file.i386.rpm
rpm –qlp packages_file.i686.rpm
Installed RPM file Verification:
rpm –V package_name rpm –Vp package_file.i386.rpm
Signature verification BEFORE package install:
rpm –import gpg_key rpm –checksig package_file.i386.rpm
Other RPM Utilities and Features
rpm2cpio: file extraction rpmdb-redhat: distribution database
rpm –redhatprovides filename rpm –redhatprovides capability system-config-packages
Automatic Dependency Resolution
Automatic installation of dependent packages
Invokes with –aid option
Use in conjunction with rpmdb-redhat
Macro can indicate where packages files found.
RedHat Network (RHN)
/usr/sbin/up2date rhnsd daemon and queued actions
Collective and remote administration
Base metal provisioning
RHN in the Enterprise
Updates cached locally conserving bandwidth
Client profiles stored locally
Custom channel management
username, password, system name
Software Profile (RPM list)
Local Digital Certificate
The up2date utility
Interactive or batch invocations
Freshen with published errata/updates
Install new packages
Resolve package dependencies
Install or download only
Cache dir: /var/spool/up2date
Web based administration https://rhn.redhat.com
Queuing of actions
Local polling: rhnsd
Every 4 hours by default
Tuned in /etc/sysconfig/rhnsd
/usr/sbin/rhn_check does the hard work.
Network Installation Server
Necessary for network-based Installs
Often faster than CDROM-based installation methods
Provides an easy distribution platforms for the enterprise
Shares the Redhat directory via NFS, FTP and/or HTTP
Using Kickstart to automate Installation
Kickstart is a component of the installer that automates in installation
Kickstart supports all installation methods.
The installer reads information from an ASCII file rather than prompting for it
Kickstart files can be made available via floppy, cdrom, hard disk, initrd, nfs, ftp and http. They can also be dynamically generated using cgi scripts and specified using dhcp/pxe.
Kickstart: Commands Sections
Constructs arguments that are passed to configuration utilites (“commands”)
The absence of required specifications
(e.g., keyboard) will raise the appropriate utility.
Commands section must come first.
%packages specifies components groups and RPMs to install.
Component groups in the comps.xml file are specified with @ component-group
Third party RPMs cannot be specified without modifying hdlist
Package names only (not version).
Kickstart: %pre, %post
%pre gives you the first word
Executes as a bash shell script
Executes after kickstart file is parsed
%post gives you the final word
Can specify interpreter (bash is default) chroot’ed by default, but may be run without chroot.
User Policy Considerations
Amount of system access outside of user’s account
Determine “need to know”
Expiration of passwords and accounts
Disk usage and CPU limits
User Account Database: /etc/passwd
Contains account information used at login and by other programs
One account per line with seven colondelimited
Should have permission rw-r-- r--
Adding a New User Account
Most common method is useradd:
Running useradd is equivalent to :
Edit /etc/passwd, /etc/shadow, /etc/group
Create and populate home directory
Set permissions and ownership
Set account password and using passwd
Accounts may be added in a batch with newusers.
User Private Groups
When user accounts are created, a private group is also created with the same name.
Users are assigned to this private group.
User’s new files affiliated with this group.
Advantage: Prevents new files from belonging to a “Public” group.
Disadvantage: may encourage making files “world-accessible”
Entries to /etc/group
groupadd groupmod groupdel
To change files in a user’s /etc/passwd entry you can:
Edit the file by hand
Use usermod [options] username
To remove a user either:
Manually remove the user from /etc/passwd
/etc/shadow, /etc/group, /var/spool/mail
Use userdel [-r] username
Password Aging Policies
By default, passwords do not expire.
Forcing passwords to expire is part of a strong security policy.
Modify default expiration settings in
To modify password aging for exiting users, use the chage command
chage [options] username
Login Shell Scripts
Non Login Shell Scripts
su [-] [user] su [-] [user] –c command
Allows the user to temporarily before another user.
Default user is root
The “-” option makes the new shell a login shell.
Users listed in /etc/sudoers execute commands with:
An effective user id of 0
Group id of root’s group
An administrator will be contracted if a user not listed in /etc/sudoers attempts to use sudo.
Information about users may be centrally stored and managed on a remote server.
Two types of information must always be provided for each user account.
Account Information: UID number, default shell, home directory, group memberships, and so on.
Authentication: a way to tell that the password provided on login for an account is correct.
GUI tool to configure authentication
For text-based tool, use –nox option
Supported account information services:
(local files), NIS, LDAP, Hesoid, Windbind
Supported authentication mechanisms:
(NSS), kerberos, LDAP, SMB, Winbind
Example: NIS Configuration
Must install ypbind and portmap RPMs
Enable NIS to provide User Information
Specify NIS Server and NIS domain name
Keep default authentication (through NSS)
What does this actually do?
Four text-based configuration files are changed.
Example: LDAP Configuration
Must install nss-ldap and openldap RPMs
Enable LDAP to provide User Information
Specify server, the search base DN and TLS
Enable LDAP to provide Authentication
What does this actually do?
Four text-based configuration files are changed.
Every file has both user and group
A newly created file will be owned by:
The user who creates it
The current primary group of that user
SGID directories may change this behavior
The chown command can be used by root to change ownership.
Linux File Permissions
Flags indicate access mode for each access level
File mode is a concise collective expression of flags’ values.
Normally processes started by a user run under the user and group security context of that user.
SUID and/or SGID bit set on an executable file cause it to run under the user and/or group security context of the file’s owner and/or group.
Default File Permissions
Read and write for all is the default for files.
Read, write and execute is the default for directories.
umask can be used to withhold permissions on file creation.
Non-system users’ umask is 002
Files will have permission of 664
Directories will have permission of 775
Supports users private groups
System User’s umask 022
The Setgid Access Mode
Normally, files created in a directory belong to the default group of the user.
When a file is created in a directory with the setgid bit set, it belongs to the same group as the directory.
Each process or object (file, directory, network socket also has a SELinux context.
The SELinux policy controls
What identities can use which roles
What roles can enter which domains
What domains can access which types.
Access Control Lists (ACLs)
Grant RWX access files to multiple users or groups
mount –o acl getfacl file|directory setfacl –m u:gandolf:rwx setfacl –m g:nazgul:rw setfacl –m d:u:frodo:rw setfacl –x u:samwise
system-config-securitylevel setneforce and setsebool
/selinux virtual file system
List process contexts: ps –Z
List file contexts: ls –Z
Change file contexts: chcon
chron –t httpd_sys_content_t index.html
chron –reference=/var/www/html index.html
What is the error?
Check /var/log/messages for AVC denials
Is the process doing something it shouldn’t?
Does the target have the right context?
Does a Boolean setting need adjustment?
Printing and Administration Tools
New IPP protocol based on HTTP/1.1
Web administration interface on port 631
Can communicate with LPD print servers
System V and BSD command interface
Classes support automatic job redirection and printer pooling
Authentication by user/host/digital certificate
Log files in web server Common Log Format
Print Queue Design
program lp cupsd filter printer
CUPS Configuration Files
cupsd server configuration file
Similar syntax to Apache httpd.conf file
Print queue configuration file
Automatically generated by lpdadmin, systemconfig-printer or the CUPS web administration interface.
CUPS Queue Management
Web interface: http://localhost:631/
To authenticate, user must be a member of the SystemGroup (sys by default) listed on
Connection is not encrypted lpadmin – command line tool for printer administration
Used to schedule recurring events
Use crontab to edit, install, and view job schedules
crontab [-u user] file crontab [-l|-r|e]
-l lists crontab
-r removes crontab
-e edit crontab using $EDITOR
Controlling Access to cron
Restrict/allow user access to cron
Contain usernames to allow/deny access.
System crontab files
Different format than user crontab files
Master crontab file /etc/crontab runs executables in
/etc/cron.d/ directory contains additional system crontab files.
System cron job : tmpwatch
Cleans old files out specified directories
Useful for keeping /tmp directory from filling up tmpwatch is run daily in /etc/cron.daily
System cron Job: logwatch
Monitor with logwatch
Helps catch problem issues
Detects suspicious behavior logwatch is run daily in /etc/cron.daily
Sends nightly email report
System Cron Job: logrotate
Maintain log files from getting too large
Keeps log files from getting too large
Keeps filesystem from filling up logrotate is run daily in /etc/cron.daily
Configure all logs in /etc/logrotate.conf
Configure individual log files in files within
syslog System V initialization script in
controls both the syslogd and the klogd daemons
Configures system logging
Sets switches used when starting syslogd and klogd from the System V initialization Scripts
SCSI tape devices (i.e, DDS, DLT)
/dev/[n]st0, /dev/[n]st1, etc.
Devices with ‘n’ do not automatically rewind
Use the mt utility to control tape drive
mt –f /dev/st0 rewind mt –f /dev/st0 fst 50 mt –f /dev/st0 offline mt –f /dev/st0 erase mt –f /dev/st0 rewoff
Archives to tapes or other media or files
star backs up SELinux context and ACL attributes
c create t list z gzip compression j x v extra verbose bzip2 compression
cd /tmp && tar xvf ~/archive.tar
tar cvf /dev/st0 /data /foo /bar
Back up and restore ext2/3 filesystems
Does not work with other filesystems
dump should only be used on unmounted filesystems or filesystems that are read only
Can do full or incremental backups
dump -0u –f /dev/nst0 /dev/hda2 restore –fr /dev/nst0
Similar to tar
Does no recurse directories by itself
Can archive special files
Piping output from find into cpio is common
find /data | cpio –ocv > /dev/nst0 cpio -icdvm < /dev/nst0 cpio -tvf < mybackup.cpio
Dump and tar call use rmt (remote tape mgr)
dump -0uf [email protected]:/dev/nst0 /home
Use [email protected]:path format to specify the remote user, host and device.
dump can use ssh for secure backups when RSH environment variable to set to ssh.
Other backup software
Higher-level applications for tape backup include:
Highly-scalable command-line client-server archiver included with RHEL
Arkeia, Bru, Tivoli, Veritas (client), UNiBACK,
The X Window System
Xorg: The X11 Server
Foundation for the Redhat Enterprise
Linux graphical user interface (GUI)
Open Source implementation of X11
Relies on networking
IP or Local UNIX domain-sockets
Designed as one server to many clients
Highly flexible protocol
Xorg Server Design
System video hardware I/O Management
Display, video and input device coordination
Core server: /usr/X11r6/bin/Xorg
Enhanced by dynamically loaded modules
Drivers: ati, nv, mouse, keyboard, etc.
Extensions: dri, glx and extmod
Native server: xfs
XOrg Server Configuration
Typically configured after installation
Best results while in runlevel 3!
Stored in /etc/X11/xorg.conf
The X server and it’s client may be individually configured and combined
Server extensions provide enhanced rendering capabilities
To view server capabilities: xdpyinfo
gdm, kdm and xdm
metacity, kwin and twm
Server and Client Relationship
Xorg in runlevel 3
Two methods to establish the environment
/etc/X11/xinit/xinitrc and ~/.xinitrc
/etc/X11/xinit/Xclients and ~/.Xclients
XOrg in runlevel 5
Environment established by /sbin/init
DESKTOP defines the window manager
DIPLAYMANGER defines the display manager
~/.xsession or ~/.Xclients
Fonts and Typefaces
xfs, chkfontpath, fc-cache
Display and Window Managers
switchdesk, /etc/sysconfig/desktop, gconftool-
Remote X sessions
X protocol communication is unencrypted
Host-based sessions implemented through the xhost command
User-based sessions implemented through the Xauthority mechanism.
sshd may automatically install xauth keys on remote machine
Tunnels x protocol over secure encrypted ssh connection
Advanced Filesystem Managerment
Software RAID Configuration
Create and define RAID device using mdadm mdadm –C /dev/md0 -1 0 –n 2 /dev/hda5
Format each RAID device with a filesystem
mke2fs –j /dev/md0
Test the RAID devices mdadm allows you to check the status of your RAID devices
mdadm –detail /dev/md0
Software RAID Recovery
Simulating disk failure
mdadm /dev/md0 –f /dev/sda1
Recovering from a software RAID disk failure
Replace the failed hard drive and power on
Reconstruct partitions on the replacement drive
mdadm /dev/md0 –a /dev/sda1 mdadm, /proc/mdstat, and syslog messages
Converting LVM1 to LVM2
RHEL4 Uses the LVM2 format for metadata
Supports transactional changes and replication
Human readable and editable in an emergency
Existing LVM1 volumes can be converted to LVM2 with the vgconvert command
vgconvert –M2 vgo
Converts the volume group vg0 from LVM1 to
Creating Logical Volumes
Create physical volumes
Assign physical volumes to volume groups
vgcreate vg0 /dev/hda3
Create logical volumes from volume groups
lvcreate –L 256M –n data vg0 mke2fs –j /dev/vg0/data
Resizing Logical Volumes
lvextend and ext2online can extend mounted ext2/3 filesystems.
lvextend first grow the logical volume
You can not shirnk mounted filesystems.
Physical volumes may be added to or removed
vgextend vg0 /dev/sdb1 pvmode /dev/hda3 vgreduce vg0 /dev/hda3
The Linux Quota System
Implemented within kernel
Enabled on a per-filesystem basis
Individual policies for groups or users
Limit by number of blocks or inodes
Implement both soft and hard limits
Partition mount options: usrquota, grpquota
Initialize database: quotacheck
The Linux Quota System (cont.)
Start or stop quotas: quotaon, quotaoff
Edit quotas directly: edquota username
From a shell
setquota username 4086 5120 40 50 /foo
Define prototypical users:
edquota –p user1 user2
The Linux Quota System (cont.)
User inspection : quota
Quota overviews: repquota
Miscellaneous utilites: wantquota
Unit 11: Agenda
Things to check
Treat the problem as a symptom
Gather data by identifying other problems
Identify what still works
From a hypothesis about what is wrong
Check log files for supporting evidence
Backup config files before editing them
Things to Check: X
Never debug X while in runlevel 5!
Try system-config-display first
Is /home or /tmp full, or has the user reached a hard quota?
Is xfs running?
Things to Check : Networking
Order of the Boot Process
Entering runlevel X
Common after crash or improper shutdown ext2 mounted for writing marked “dirty”
If not mounted or mounted read only, “clean”
If not mounted and “dirty”, may be corrupted
Repair requires exhaustive check ext3 usually marked “clean”
Journal indicates if recovery is needed
Only need to check files recorded in journal
If / has journal, kernel examines it at boot
/etc/rc.d/rc.sysinit runs fsck on filesystems marked in the /etc/fstab
Fack is a front end to other programs
A “failed” fsck must be run manually
Pass run-level to init
On boot from GRUB splash screen
Process rc.sysinit and rc1.d scripts
Runlevel s,S or single
Process only rc.sysinit
Run sulogin only
Required when root filesystem is unavailable
Boot from CDROM (boot.iso or CD #1)
Boot from diskboot.img on USB key
Rescue Environment Utilities
Disk Maintenance Utilities
Logging : /tmp/syslog or
Rescue Environment Details
Anaconda will ask if filesystems should be mounted
Watch for error messages
$PATH includes hard drive’s directories
System-specific device files provided
Mknod knows major/minor #’s
End of Unit 11
Questions and Answers
What are some things to check for
How might you repair an ext2 filesystem?
What are some alternate boot methods?
* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project