Advanced System Administration I - Student Manual

SUSE LINUX Enterprise Server Advanced System Administration I SUSE LINUX AG

4 038564 010803

SUSE LINUX AG Training Document – Article No. 45441-3INT SUSE LINUX Enterprise Server – Advanced System Administration I Release: February 2004 (SUSE LINUX Enterprise Server 8) Feedback to: [email protected]

All programs, illustrations and information contained in this manual were compiled to our best knowledge and tested carefully. This, however, does not exclude the possibility of errors. For this reason, the program material contained in this present manual shall not constitute any obligation or guarantee of any kind. The authors of SUSE LINUX AG will thus accept no responsibility or in any way be held liable for damages of any kind which may result from the use of this program material, parts thereof, or for any resulting violation of the law by third parties. The representation of registered names, trade names, the naming of goods etc. in this training manual does not give the right, even where not specifically stipulated, to assume that such names, in terms of trade names or protection of trade name legislation, can be regarded as free and thus be put to use by anybody whosoever. All trade names are used without the guarantee for their free use and may possibly be registered trade marks. SUSE LINUX AG essentially adheres to the guidelines of the manufacturers. Other products named here may be trade marks of a respective manufacturer. This work is protected by copyright. All rights in connection with the reproduction or copying of this training manual or parts thereof are reserved. This also applies to translations thereof. No part of this work may, in any form whatsoever (print, photocopy, microfilm or any other procedures) and also not for training purposes, be reproduced or electronically processed, duplicated, or disseminated without the written permission of the publisher. © 2004 SUSE LINUX AG Internet: http://www.suse.de/training/

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

Contents 1

User Administration

1

1.1

Users and Groups

.

1.2

Files for User Administration

.

.

.

.

.

.

.

.

2

.

.

.

.

.

.

.

3

1.2.1

/etc/passwd

.

.

.

.

.

.

.

.

4

1.2.2

/etc/shadow

.

.

.

.

.

.

.

.

5

1.2.3

Checking /etc/passwd and /etc/shadow

.

.

6

1.2.4

/etc/group

.

.

.

.

.

.

.

.

7

1.2.5

/etc/gshadow

.

.

.

.

.

.

.

.

8

.

.

1.3

User and Group Administration with YaST

.

.

.

8

1.4

User and Group Administration with Shell Commands .

.

.

12

1.4.1

useradd, usermod, userdel, passwd

.

.

12

1.4.2

Group Administration: groupadd, groupmod, groupdel, gpasswd . . . . . . . . .

16

Tips for User Administration

1.4.3

.

.

.

.

.

.

.

18

1.5

Default Settings for the User

.

.

.

.

.

.

.

19

1.6

Changing the Current UID and GID

.

.

.

.

.

.

21

1.6.1

Changing the UID with su

.

.

.

.

.

.

21

1.6.2

Changing the GID with newgrp

.

.

.

.

.

22

1.6.3

Changing the UID in KDE

.

.

.

.

.

23

.

.

.

.

24

.

1.7

Delegating Administrative Tasks with sudo

1.8

PAM

1.9

faillog

.

1.10 Quotas

.

.

.

.

.

.

.

.

.

.

.

25

.

.

.

.

.

.

.

.

.

.

.

28

.

.

.

.

.

.

.

.

.

.

.

29

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

i

Contents 2 Bootmanager

37

2.1

What is a Boot Manager?

.

.

.

.

.

.

.

.

38

2.2

The Boot Manager GRUB

.

.

.

.

.

.

.

.

38

.

.

.

.

39

2.2.1

Configuring the Boot Manager GRUB

2.2.2

The GRUB Shell

.

.

.

.

.

.

.

.

41

2.3

The Boot Manager LILO

.

.

.

.

.

.

.

.

42

2.4

Additional Information

.

.

.

.

.

.

.

.

43

3 The Runlevel Concept

45

3.1

The Order of Events When the System Starts

3.2

The init Program

.

.

.

.

3.3

The Runlevels

.

.

.

3.4

The File /etc/inittab

.

3.5

The init Scripts

3.6

Changing the Runlevel 3.6.1

.

.

.

.

46

.

.

.

.

.

47

.

.

.

.

.

.

47

.

.

.

.

.

.

.

49

.

.

.

.

.

.

.

.

50

.

.

.

.

.

.

.

.

53

shutdown and halt

.

.

.

.

.

.

.

54

.

.

4 YaST and SuSEconfig .

.

.

59

4.1

YaST

.

.

.

.

4.2

/etc/sysconfig/ and SuSEconfig

.

.

.

.

.

60

.

.

.

.

.

62

5 System Monitoring

ii

65

5.1

The Syslog Daemon

.

.

.

.

.

.

.

.

.

66

5.2

Important Log Files

.

.

.

.

.

.

.

.

.

70

5.3

Archiving Log Files

.

.

.

.

.

.

.

.

.

71

5.4

Monitoring Hard Drive Space

.

.

.

.

.

.

.

73

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

Contents 6

7

Data Backups 6.1

Data Backup Strategies

.

.

.

.

.

.

.

.

78

6.2

Backup Tools in Linux

.

.

.

.

.

.

.

.

80

6.2.1

Data Backup with tar

.

.

.

.

.

.

.

80

6.2.2

Mirroring Directories with rsync

.

.

.

.

.

84

6.2.3

Copying Data with dd

.

.

.

.

.

.

.

85

6.3

Working with Magnetic Tapes

.

.

.

.

.

.

.

86

6.4

Automating Data Backups

.

.

.

.

.

.

.

88

.

Integrating Hardware 7.1

7.2

8

77

91

Adding a Hard Disk to the System

.

.

.

.

.

.

92

7.1.1

Partitioning a Hard Disk

.

.

.

.

.

.

.

92

7.1.2

Creating a File System

.

.

.

.

.

.

.

96

7.1.3

Mounting the File System

.

.

.

.

.

.

98

7.1.4

The File /etc/fstab

.

.

.

.

.

.

.

98

.

.

.

.

.

.

.

99

Kernel Modules

.

.

.

7.2.1

Commands for Using Modules

.

.

.

.

.

100

7.2.2

The File /etc/modules.conf

.

.

.

.

.

101

The X Window System 8.1

103

The X Window System

.

.

.

.

.

.

.

.

104

8.1.1

.

.

.

.

.

.

.

.

105

Display Names

8.2

Starting the X Window System Step by Step

.

.

.

.

106

8.3

Starting the X Server with a Window Manager

.

.

.

.

110

8.3.1

Starting a Second X Server

.

.

.

.

.

.

110

8.3.2

Log File for the X Server

.

.

.

.

.

.

110

.

.

.

.

.

.

112

8.4

Graphical Login

8.5

Protection from Unauthorized Access

.

.

.

.

.

.

113

8.5.1

xhost

.

.

.

.

.

.

.

.

.

.

114

8.5.2

xauth

.

.

.

.

.

.

.

.

.

.

114

8.5.3

ssh

.

.

.

.

.

.

.

.

.

.

115

Configuring the X Server

.

.

.

.

.

.

.

.

116

8.6

.

.

.

.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

iii

Contents 9 Printing 9.1

119

Basics .

.

.

.

.

.

.

.

.

.

.

.

120

9.1.1

The cupsd Printer Daemon

.

.

.

.

.

.

121

9.1.2

Filtering or Converting the Data to Print

.

.

.

.

122

9.2

Configuration of a Local Printer

.

.

.

.

.

.

.

123

9.3

Print Commands

.

.

.

.

.

.

.

125

.

.

.

.

.

125

9.4

.

.

.

9.3.1

Submitting a Print Job: lpr, lp

9.3.2

Displaying Print Jobs: lpq, lpstat

.

.

.

.

126

9.3.3

Canceling Print Jobs: lprm, cancel

.

.

.

.

126

9.3.4

Configuration of a Queue: lpoptions

.

.

.

.

127

Printer Administration .

.

9.4.1

Managing Printer Queues

9.4.2

Logging Error Messages

.

.

.

.

.

.

.

.

128

.

.

.

.

.

.

128

.

.

.

.

.

.

128

10 Rescue System

133

10.1 Possible Causes of Interruption of the Boot Process

.

.

.

134

10.2 Booting from CD Then Accessing Installed System

.

.

.

134

10.3 The SUSE Rescue System

.

.

.

.

.

.

.

.

135

10.4 Booting in a Shell

.

.

.

.

.

.

.

.

.

137

10.5 Checking the File System

.

.

.

.

.

.

.

.

137

A A Summary of Important Commands

143

B Abbreviations

149

iv

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1 User Administration Learning Aims In this chapter, you will learn • what a UID and a GID are and how to query them • the user and group administration files: /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow • how to create, edit, and delete groups and users with YaST • the user administration commands: useradd, usermod, userdel, passwd • the group administration commands: groupadd, groupmod, groupdel, gpasswd • the files containing default settings for users and passwords: /etc/login.defs, /etc/default/useradd • how to change the current UID or GID with su and newgrp • how to delegate administrative tasks to other users with the command sudo • how to configure the file /etc/sudoers with visudo • how to configure the user authentication in a flexible way with PAM modules • the purpose of the PAM modules pam_nologin and pam_securetty • how to lock an account automatically with faillog following a set number of failed login attempts • how to use quotas to limit the hard disk space for users and groups

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1

1 User Administration

1.1 Users and Groups Linux is a multiuser system, i.e. several users can work on the system at the same time. For this reason the system must be able to uniquely identify all users. To achieve this, every user must log in

• with a user name and • with a password.

Since the operating system can handle numbers much better than strings, users are administrated internally as numbers. The number which a user receives is the so-called UID (UserID). Every Linux system has a privileged user, the user root. This user always has the UID 0. Users can be grouped together:

• “normal” users are usually in the group users, • all users who intends to create web pages, for example, are placed in the group webedit, etc.

Of course, file permissions for the directory in which the web pages are located must be set so that the group webedit is able to write there. As with users, the groups are also allocated a number internally: the GID (GroupID). With the command id a user is given information on his UID and the groups he belongs to. tux@earth:~ > id uid=500(tux) gid=100(users) groups=100(users),14(uucp),16(dialout),17(audio), 33(video)

id provides the following information:

• Who I am: uid=500(tux) • What my “effective”, i.e. current GID is: gid=100(users) • In which groups I am a member: groups=...

2

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.2 Files for User Administration If you just want information on the groups in which you are a member, you can use the command groups: tux@earth:~ > groups users uucp dialout audio video

Both with id and with groups you can optionally specify a user name. With the command id root you obtain information on the user root. Additional information about local users can be queried with the command finger user: geeko@earth:~> finger tux Login: tux Name: tux Directory: /home/tux Shell: /bin/bash On since Thu Oct 23 13:21 (CEST) on pts/0 from 192.168.5.16 New mail received Wed Oct 22 11:54 2003 (CEST) Unread since Wed Oct 22 11:54 2003 (CEST) No Plan.

Exercise: Users in Linux Using the commands id and groups, find out 1. which UID you have 2. what your effective GID is 3. in which groups you are a member, 4. in which groups the user root is a member.

1.2

Files for User Administration

Information on users and groups is stored in four files, the structure of which should be known to the system administrator: • /etc/passwd • /etc/shadow • /etc/group • /etc/gshadow These four files are briefly introduced below.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3

1 User Administration

1.2.1 /etc/passwd In the past, Unix/Linux users were administrated in a single file: /etc/passwd. Here the user name, the UID, the home directory, the standard shell and the encrypted password were located. The password was encrypted using the function crypt (man 3 crypt). In principle it is not possible to deduce the plain text password from the encrypted password. There are programs, however (such as john), which use dictionaries to encrypt various passwords with crypt and compare the results with the entries in the file /etc/passwd. With the calculation power of modern computers, the first passwords will have been “guessed” within a matter of minutes. The main problem with the file /etc/passwd is the fact that the file has to be readable by all. In order that a user can find out to whom a specific file belongs, he must be able to allocate the UID to a user name (because only the UID is saved in the inode of a file). This allocation takes place in the file /etc/passwd. The logical consequence of this was to store the password field in its own file which can only be read by root: /etc/shadow (see Section 1.2.2 on the facing page). The structure of the file /etc/passwd is quite straightforward. The following diagram summarizes the structure of this file.

tux:x:606:100:The Linux penguin:/home/tux:/bin/bash Standard shell Home directory Comments field GID of primary group UID Password User name

Figure 1.1: A line from the file /etc/passwd

The following should be noted about individual fields in /etc/passwd: • User name This is the name with which the user is logged in to the system (login name). Linux can also handle longer user names, but here they should be restricted to a maximum of eight characters, so that the login-name may also be used by older programs.

4

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.2 Files for User Administration • Password There is usually an “x” in this field, which means that the password itself can be found in the file /etc/shadow. • UID The UID 0 is reserved for the user root. In accordance with the Linux standard1 there are two number ranges which are reserved: – the range 0 – 99 for the system itself – the range 100 – 499 for special “system users” (services, programs, etc.) “Normal” users start from UID 500. • Comments field Normally the full name of the user is written here. Often the room number, telephone number and other information is also stored here. • Home directory Usually the personal directory of the user is in the directory /home and has exactly the same name as the user name or the login name. • Standard shell This is the shell which is started for a user after he has successfully logged in. In Linux this is normally bash (Bourne Again Shell). It must be noted here that the shell must be listed in the file /etc/shells. Each user can change his standard shell with the command chsh. Information on this file is provided by man 5 passwd.

1.2.2

/etc/shadow

The file /etc/shadow contains the encrypted password and other information on the password. This file should only be readable by the user root. earth:~ # ls -l /etc/passwd /etc/shadow -rw-r--r-1 root root 2757 Jul 19 17:40 /etc/passwd -rw-r----1 root shadow 1262 Aug 16 14:01 /etc/shadow

The following diagram shows the structure of a line in the file /etc/shadow. 1 http://www.linuxbase.org

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

5

1 User Administration

tux:khMXCG8NPkeg2:11568:0:99999:7:0:12134: Day on which account is locked (days since 1.1.1970) For how many days is password valid, although password has expired. How many days before password expires should user be warned? Days after which password must be changed Days after which password may be changed Date of last change (days since 1.1.1970) encrypted password User name

Figure 1.2: A line from /etc/shadow

The above diagram shows the entry for the user tux with the encrypted password. The plain text password was suse. The encrypted password is coded with the crypt function and is always 13 characters in length. The encrypted word consists of letters, digits, and the special characters “.” (dot) and “/” (slash). If an invalid character occurs in the password field (such as “*” or “!”), then that user has an invalid password. Many users, such as wwwrun or bin have an asterisk (“*”) in the password field. This means that these users do not log in to the system, but instead play a role for specific programs. The user wwwrun is required, for example, to run the Apache Web server. If the password field is empty, then the user can log in to the system without giving a password. A password should always be set in a multiuser system.

1.2.3 Checking /etc/passwd and /etc/shadow Because users are administrated via two files (/etc/passwd and /etc/shadow), these files must be matched to each other, i.e. all users must be listed in both files. But especially when you are working manually on these files, discrepancies may occur. For such cases there are programs which check /etc/passwd and /etc/shadow.

6

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.2 Files for User Administration Example: earth:~ # tail -3 /etc/passwd /etc/shadow ==> /etc/passwd <== user1:x:500:100:SUSE example user:/home/user1:/bin/bash tux:x:501:100::/home/tux:/bin/bash geeko:x:502:100::/home/geeko:/bin/bash ==> /etc/shadow <== user1:ghvkuzfFGW6cw:11484:0:99999:7:0:: tux:khMXCG8NPkeg2:11568:0:99999:7:0::

The user geeko is only entered in /etc/passwd, but not in /etc/shadow. In order to correct such entries, the program pwconv exists: earth:~ # pwconv earth:~ # tail -3 /etc/passwd /etc/shadow ==> /etc/passwd <== user1:x:500:100:SUSE example user:/home/user1:/bin/bash tux:x:501:100::/home/tux:/bin/bash geeko:x:502:100::/home/geeko:/bin/bash ==> /etc/shadow <== user1:ghvkuzfFGW6cw:11484:0:99999:7:0:: tux:khMXCG8NPkeg2:11568:0:99999:7:0:: geeko:x:11568:0:99999:7:::

Apart from pwconv there is the command pwck (password check). This checks the integrity of data in /etc/passwd and /etc/shadow. earth:~ # pwck user fixadm: program /bin/ksh does not exist user fib: program /bin/ksh does not exist user fixlohn: program /bin/ksh does not exist user geeko: no group 102 user geeko: directory /home/geeko does not exist

1.2.4

/etc/group

Group administration also takes place in two files: • /etc/group and • /etc/gshadow. The file /etc/group contains the group name, the GID (GroupID) and the members of the group, for example: webedit:x:101:tux,geeko

This is the entry for the group webedit in /etc/group. This group has the GID 101. The users tux and geeko are members of this group. The second field (x) is the password field. In the same way as with user administration, the password itself also has its own file, which is /etc/gshadow.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

7

1 User Administration

1.2.5 /etc/gshadow Passwords can also be set for groups, which are then stored in the file /etc/gshadow. The password is only of significance if the active (effective) group is changed with the command newgrp (see Section 1.6.2 on page 22). webedit:!::tux,geeko

In this example the group webedit has no valid password (“!”, cf. Section 1.2.2 on page 6). A group administrator can be defined in the third field. The group administrator may add new members to a group, remove users from a group and change the group password. This field is empty in the above example. The fourth and final field denotes the group members. Attention! The files /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow should, if possible, not be modified with an editor. Errors in these files (especially in /etc/shadow) can lead to the user no longer being able to log in, and in the worst case, the user root is involved. There are a number of tools for user administration, which in all cases should be used, rather than an editor (see Section 1.4 on page 12).

Exercises: Modifying the standard shell Exercise 1 1. Modify the standard shell for user user1 with the command chsh. Set the file /usr/bin/passwd as the standard shell. 2. Test the result by logging in as the user user1 on another terminal. 3. Undo the changes you have made. Exercise 2 1. Remove the entry /usr/bin/passwd from the file /etc/shells (as user root). 2. Repeat exercise 1.

1.3 User and Group Administration with YaST From the main window of YaST, the user administration can be accessed by means of the item Security and Users. The user and group administration modules can be

8

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.3 User and Group Administration with YaST used to create new accounts or maintain existing accounts (changing the shell, the home directory, the group affiliation, etc.). From a terminal window, the user administration module can be started directly with the command yast2 users ’users’. The group administration module can be started directly with the command yast2 users ’groups’.

Figure 1.3: Module for Creating and Editing Users

In the YaST window for user and group administration (see Figure 1.3), the radio buttons at the top can be used to switch between the user administration and the group administration. The user administration dialog displays the existing user accounts. If you want the system accounts (UID from 0 to 499) to be displayed, check the respective box (Also view system users). The dialogs for creating and editing accounts are identical. When editing accounts, the fields contain the data of the selected account (see Figure 1.4 on the next page).

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

9

1 User Administration

Figure 1.4: Creating a New User

To configure various password parameters (such as the validity of the the password), click Password settings in the upper window. The button Details opens a dialog in which the UID, home directory, and group affiliation can be specified (see Figure 1.5).

Figure 1.5: Creating Users, Details

10

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.3 User and Group Administration with YaST In the dialog for creating and editing groups (see Figure 1.6), you can specify a name, GID, and password for a group and add members to the group.

Figure 1.6: Creating Groups YaST writes the information entered in the dialog to the user administration files: /etc/passwd, /etc/shadow, /etc/gpasswd und /etc/gshadow (see from page 4). Note! Newly created user accounts are automatically added to various groups (this can be changed, see Figure 1.5 on the facing page). In SUSE LINUX Enterprise Server 8, the affected groups are audio, dialout, uucp, and video. This default setting is defined in the file /usr/share/YaST2/include/users/ui.ycp and can be changed in this file.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

11

1 User Administration

1.4 User and Group Administration with Shell Commands Apart from YaST, a number of other programs can be used for managing users and groups: for users:

useradd for groups: groupadd usermod groupmod userdel groupdel passwd gpasswd Table 1.1: Shell commands for the administration of users and groups

Below we shall describe administration using shell programs.

1.4.1 useradd, usermod, userdel, passwd With the programs useradd, usermod and userdel users can be added, modified and deleted. The password of a user can be edited with passwd. The syntax is simple and there is good online documentation in the form of manual pages.

useradd The command useradd is used to add users to the system. In the simplest case, useradd is called up with the username as an argument: earth:~ # useradd tux

With useradd tux the user tux was created in /etc/passwd and /etc/shadow. earth:~ # grep tux /etc/passwd /etc/shadow /etc/passwd:tux:x:501:100::/home/tux:/bin/bash /etc/shadow:tux:!:11569:0:99999:7:0::

The line from the file /etc/shadow shows that there is only an exclamation mark “!” in the password field. This means that the user does not have a valid password. If you look in the directory /home/, you will see that the user directory has not been created: earth:~ # ls /home . .. user1

So if no option is specified, the command useradd creates a user without a home directory and without a valid password.

12

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.4 User and Group Administration with Shell Commands The most important options of the command useradd are: • -m This option automatically generates the home directory for the user. Without further arguments, the directory is created under /home/. In addition, a series of files and directories are copied to this directory. As a template for this, the directory /etc/skel/ (from skeleton) is used. • -c With the option -c (comment) the comment field can be modified. For example: earth:~ # useradd -c "Tux the penguin" -m tux earth:~ # grep tux /etc/passwd /etc/passwd:tux:x:501:100:Tux the penguin:/home/tux:/bin/bash

• -g This defines the primary group of the user. You can specify either the GID or the name of the group. • -p with this option you provide the user with a password. Attention! The encrypted password must be given here, not the plain text password. The program mkpasswd can be used to generate encrypted passwords. The program is located in the package whois. Example: earth:~ # useradd -m -p "ghvkuzfFGW6cw" tux

• -e The option -e (expiredate) is used to set an expiry date for the user account, in the form of YYYY-MM-DD, for example: earth:~ # useradd -m -e 2002-03-21 tux

A description of further options can be seen with man 8 useradd. The quickest way to create a new user is a combination of the programs useradd and passwd. With useradd the user is created, and with passwd the password is determined: earth:~ # useradd -m -c "Tux the penguin" tux earth:~ # passwd tux New password: Re-enter new password: Password changed

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

13

1 User Administration

passwd As described above, you can change a user’s password with the command passwd. If passwd is run without a username as an argument, then the corresponding user can change his own password. Apart from the option of being able to change a user’s password, the passwd command has some other functions: • Locking a user account: With the option -l (lock), a user can be locked out, and with the option -u (unlock), he can be reactivated: earth:~ # passwd -l tux Password changed.

• Status of a user account: The option -S issues the status of a user account: earth:~ # passwd -S tux tux L 09/04/2001 0 99999 7 0

The status follows directly after the username. L (locked) here means that the user is locked out. Other options are NP (no password) or P (valid password). Then the date of the last password change appears, the minimum length of validity, the maximum length of validity, and the warning periods and inactivity periods when a password expires. • Changing password times: With passwd the various password times can be changed. Options are: Option

Meaning

is used to set the maximum number of days a password remains valid. After number days the password is required to be changed. -n number is used to set the minimum number of days before a password may be changed. -w number is used to warn the user, that number days their password will expire. -i number is used to disable an account after the password has been expired for number days. Table 1.2: passwd: Options for changing the password times -x number

14

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.4 User and Group Administration with Shell Commands An example: earth:~ # passwd -x 30 -w 5 tux

The password of the user tux remains 30 days valid. After these days the password is required to be changed by tux. 5 days before, he receives a warning, that his password will be expire in 5 days.

usermod With usermod you can modify an already existing user account, for example the UID, the standard shell, the home directory or the primary group. The options of usermod are the same as the options of the useradd command. Here are some examples: • Changing the home directory: earth:~ # usermod -d /newhome/tux -m tux

• Changing the UID: earth:~ # usermod -u 1001 tux

userdel The final important command for user administration is userdel. With this, users can be removed from the system. earth:~ # userdel tux

Without options, userdel removes the user from the files /etc/passwd, /etc/shadow, /etc/group and /etc/gshadow. The home directory is not deleted, however. If the home directory is also to be deleted, then the option -r must be given. earth:~ # userdel -r tux

Exercise: Creating, Editing, and Deleting Accounts 1. Create the user harlequin in such a way that he must change his password every thirty days and receives a notice three days in advance. The home directory should be created automatically. 2. Change the password of harlequin. 3. Lock the account of harlequin. Then log in to the system as harlequin. What happens?

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

15

1 User Administration 4. Query the status of harlequin. Which information do you receive? 5. Reactivate the account of harlequin. Log in to the system as harlequin. What happens? 6. Change the password times of harlequin: • Maximum validity of the password: 20 days • Notification prior to the expiry of the password: 5 days 7. Query the status of harlequin. Which information do you receive? 8. Change the UID of harlequin to 1000. What happens to his home directory? 9. Delete harlequin together with his home directory.

1.4.2 Group Administration: gpasswd

groupadd, groupmod, groupdel,

With the programs groupadd, groupmod and groupdel, groups can be added, modified and deleted. Groups and their passwords can be edited with gpasswd.

groupadd Creating a group is done very easily with the command groupadd. If no GID is specified, the next free GID is used. With the option -g, you can specify a GID: earth:~ # groupadd pinguine earth:~ # groupadd -g 200 peanuts earth:~ # tail -5 /etc/group sapdb:x:61:sapdb users:x:100:user1 nogroup:x:65534:root pinguine:x:101: peanuts:x:200:

groupmod With the command groupmod, you can change the name (with the option -n) or the GID (with the option -g) of an existing group. earth:~ # groupmod -n penguins pinguine earth:~ # tail -5 /etc/group sapdb:x:61:sapdb users:x:100:user1 nogroup:x:65534:root peanuts:x:200: penguins:x:101:

16

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.4 User and Group Administration with Shell Commands groupdel Deleting a group is done with the command groupdel. As an argument the group name of the group to be deleted is specified. There are no options for this command. A group can only be deleted if no user has this group as his primary group. earth:~ # groupdel penguins

gpasswd With the command gpasswd the administrator can set and modify group passwords. But that is not its most important function. Group passwords are hardly used, in fact. With this command you can also name members of groups, remove users from groups and specify group administrators. • Adding group members to a group: You can add users to a group with the option -a. In the following example the user snoopy is added to the group peanuts: earth:~ # gpasswd -a snoopy peanuts Adding user snoopy to group peanuts

• Nominating a group administrator: Option -A allows you to name one or more group administrators. These are able to add users to the group, remove them and changed the group password. In the following example lucy becomes the administrator of the group peanuts: earth:~ # gpasswd -A lucy peanuts earth:~ # tail -1 /etc/gshadow peanuts:!:lucy:snoopy

• Removing users from a group: The new administrator, lucy first wants to remove the user snoopy from the group peanuts. The option -d (delete) helps her to do this: lucy@earth:~ > gpasswd -d snoopy peanuts Removing user snoopy from group peanuts

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

17

1 User Administration

Exercise: Creating and Editing Accounts (Group Administration) 1. Create two new users — samson and bert: • The home directories should be created automatically. • The passwords should be valid for ten days. • The users should be notified two days before the password expires. • Content of the comment field: “course participant”. 2. Query the password status of samson and bert and check if all information is correct. 3. Now perform the following tasks (be sure to use the correct users for the individual tasks): (a) Add samson to the group wheel (normally this group already exists). (b) (c) (d) (e) (f) (g)

Create a new group called training. bert should be the administrator of the group training. bert should include samson in his group. bert should rename his group training to exam. bert should remove samson from his group. Delete the group exam.

1.4.3 Tips for User Administration • How can I create a user so that he must change his password when he first logs in? This is possible with a small trick. The date of the last password change is set to 1.1.1970 and the user must changes password for example every 9999 days. (approx. 27 years). This means that he is forced to change his password the first time he logs in. The next time would be in 27 years. This can be achieved with the command chage: earth:~ # chage -M 9999 -d 0 tux

The option -M specifies for how many days the password is valid, and -d specifies the date of the last modification (0 = 1.1.1970). • How can I quickly generate a large number of users? I already have the user names and the clear text passwords in a text file. This is possible using a shell script, or using the command newusers. The users which you want to create should be in a file which has the same structure as /etc/passwd, whereby the password is given in clear text. Such a file could appear as follows:

18

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.5 Default Settings for the User bart:carumba:601:100:Bart Simpson:/home/bart:/bin/bash homer:meltdown:602:100:Homer Simpson:/home/homer:/bin/bash lisa:sax:603:100:Lisa Simpson:/home/lisa:/bin/bash

The command newusers generates the corresponding entries in /etc/passwd and /etc/shadow from this file and creates the home directories: earth:~ # newusers new_user.txt

This can be done more flexibly using shell scripts (see “SUSE LINUX Enterprise Server: Shell Programming with the Bash Shell”) . • A maximum of how many users can I create? From kernel version 2.4 ,32 bits are reserved for both UID and GID. This means that in theory 232 1 users/groups can be created (that is, 4294967295). That ought to be sufficient for most installations. You must bear in mind that not all file systems support 32-bit UIDs (e.g. NFSv2).

1.5

Default Settings for the User

The administrator is allowed to create defaults for users. By default, items such as the minimum password length or standard file permissions are meant. These settings can be found in the file /etc/login.defs. Documentation on this is available in manual page format: man 5 login.defs. The most important settings are briefly explained here: • FAIL_DELAY 3 If you enter a wrong password when logging in, there is a slight delay and you cannot log in again immediately. The length of this delay is specified with the instruction FAIL_DELAY in seconds. You should not specify 0 here, since this would make it possible to set up an automated attack using a suitable program. • FAILLOG_ENAB yes If the value here is yes, then all failed login attempts are logged (cf. Section 1.9 on page 28). • LASTLOG_ENAB yes All logins to the system are logged in the file /var/log/lastlog. This file can be read with the command lastlog and contains information for each user on when he was last logged in. • OBSCURE_CHECKS_ENAB yes With this you can activate a very simple password check. The minimum length for the password is checked and whether the password matches the user name. This should definitely be set to yes.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

19

1 User Administration • UMASK 022 This specifies with which file permissions the home directories of new users are created. With the default value of 022 the permissions rwxr-xr-x are set for all user directories which are created. If you want to establish that no other users should have read permissions for the home directories, you should set this to a value of 077. • PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 PASS_MIN_LEN 5 PASS_MAX_LEN 8 This setting concerns the password. – PASS_MAX_DAYS defines the maximum time that a password is valid, – PASS_MIN_DAYS defines the minimum time that a password is valid, – PASS_MIN_LEN defines the minimum length for a password and – PASS_MAX_LEN defines the maximum length. Attention! The maximum length of the password is eight characters. Nothing is gained by setting a larger value here. If you want to use longer passwords, then you must set up a different encryption mechanism (such as md5, using PAM).

Exercise: Default Settings (User Administration) Configure your system in such a way that • after a wrong password has been entered, you must wait four seconds before you can retry login, • the user passwords (for new accounts) are valid for a maximum of fifty days, • the permissions of newly created user directories are set to rwx------.

20

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.6 Changing the Current UID and GID

1.6

Changing the Current UID and GID

In Linux, which is a multiuser system, several users can work at the same time. Normally, the system administrator is logged in as a normal user and only assumes the root identity for the purpose of performing tasks that require root permissions. Programs can be run both on the command line and in the KDE desktop using a different UID/GID.

1.6.1

Changing the UID with su

su is an abbreviation of switch user. This command is used to assume the UID of the user root or of other users. The general syntax of su is: su [options] ...[-] [user [argument]] If the user tux wants to change to the user geeko, then he enters: tux@earth:~ > su geeko

If the user tux wants to change to the user root, then he enters: tux@earth:~ > su root

To become root, you can also omit the username, i.e. su root is the same as su. If you want to start a login shell when changing to the user root, you can enter: tux@earth:~ > su -

To become root and simultaneously run a command with his UID enter: tux@earth:~ > su - -c "grep tux /etc/shadow" Password: tux:UmQbtZSkpw4Lg:11569:0:99999:7:0::

The option -c enables you to run a command using another UID. The following table summarizes the options mentioned above: Option

Meaning

-, -l, --login -c command

Starts a login shell when the user is changed. When changing to the user root, this option enables the execution of a command with the UID of root. Displays the help for the command su. Table 1.3: Command su: Options

--help

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

21

1 User Administration

Exercise: su 1. Log in to the system as a normal user. 2. Use the command su to switch to the user root (with starting a login shell). Then switch back to the normal user. 3. Switch to the user samson. Switch back again. 4. Switch to the user root and enter a command that displays the entries for samson and bert in the files /etc/shadow and /etc/passwd.

1.6.2 Changing the GID with newgrp A user may be a member of many different groups, but only one GID is his “effective” (current) GID at any one time. Normally this is the primary group, which is specified in the file /etc/passwd. If the user creates directories or files then these files belong to this user and to the effective group: tux@earth:~ > id uid=601(tux) gid=100(users) groups=100(users),200(peanuts) tux@earth:~ > mkdir subdir1 tux@earth:~ > ls -ld subdir1 drwxr-xr-x 2 tux users 35 Sep 4 17:00 subdir1 tux@earth:~ >

With the command newgrp the user can change his effective GID. Only group members may perform such a group change, unless a group password was defined which the user knows. tux@earth:~ > newgrp peanuts tux@earth:~ > id uid=601(tux) gid=200(peanuts) groups=100(users),200(peanuts) tux@earth:~ > mkdir subdir2 tux@earth:~ > ls -ld subdir* drwxr-xr-x 2 tux users 35 Sep 4 17:00 subdir1 drwxr-xr-x 2 tux peanuts 35 Sep 4 17:01 subdir2 tux@earth:~ >

The above example shows that after entering newgrp peanuts, new files belong to the group peanuts.







The original effective GID can be recovered by entering exit or pressing Ctrl D .

22

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.6 Changing the Current UID and GID

1.6.3

Changing the UID in KDE

In KDE you can start any program with a different UID (as long as you know the password).
 
 To do this you can open a mini command line to enter a command, with Alt F2 . Via the button Options button in this window you can reach options which allow you to run a program as a different user, see Figure 1.7.

Figure 1.7: The mini command line in KDE with extended options in Options.

In this mini command line you could also just enter kdesu program, and a window opens prompting you to enter the root password, see Figure 1.8.

Figure 1.8: The kdesu window

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

23

1 User Administration

1.7 Delegating Administrative Tasks with sudo Sometimes it is necessary to allow a normal user access to a command which is usually reserved for root. The administrator may want a colleague to take over some of his tasks (shutting down the computer, creating users, etc.) in his absence (a week’s training). To enable this, there is the command sudo. tux@earth:~ > sudo /sbin/shutdown -h now We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things: #1) Respect the privacy of others. #2) Think before you type. Password:

sudo does not expect the root password here, but the password of the user who enters the command. The administrator can specify precisely which commands a user may or may not enter. The configuration of sudo can be found in the file /etc/sudoers. This file can be changed with its own command: visudo Documentation and configuration examples can be found by entering man 5 sudoers. The general structure of the configuration file: user/group host = command1, command2 ... Example: tux

ALL = /sbin/shutdown

With this, the user tux is able to carry out the command /sbin/shutdown with the permissions of root on all computers (ALL). A more complex example should illustrate the possibilities offered by sudo: User_Alias User_Alias User_Alias

ADMINS = tux, geeko WEBMASTER = willy SUBSTITUTE = olli, klaas

# Cmnd alias specification Cmnd_Alias Cmnd_Alias Cmnd_Alias

PRINTING = /usr/sbin/lpc, /usr/bin/lprm SHUTDOWN = /sbin/shutdown APACHE = /etc/init.d/apache

# User privilege specification root ALL=(ALL) ALL ADMINS ALL = NOPASSWD: ALL, !/usr/bin/passwd, /usr/bin/passwd [A-z]*, !/usr/bin/passwd root WEBMASTER ALL = APACHE SUBSTITUTE ALL = SHUTDOWN, PRINTING

24

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.8 PAM In the above configuration, so-called aliases are defined. This can be done for the user (User_Alias), computer (Host_Alias) and for commands (Cmnd_Alias). In the example the two users tux and geeko are grouped together in User_Alias ADMINS. The final three lines show how these aliases can be used in the actual rules: ADMINS ALL = NOPASSWD: ALL, !/usr/bin/passwd, /usr/bin/passwd [A-z]*, !/usr/bin/passwd root

ADMINS is the User_Alias for the two users tux and geeko. both of them may carry out all commands with root privileges on all hosts. But they may not run the passwd command without arguments (!/usr/bin/passwd), i.e. they may not change the root password. They may change the passwords of other users, however (/usr/bin/passwd [A-z]*).

Exercise: sudo Set up a sudo configuration which allows the user user1 to do the following: • create users, • change their passwords, • accept these users into existing groups, • prevent him from changing the root password.

1.8

PAM

We cannot cover this topic in detail in the context of this course. But a certain basic knowledge of PAM is required for system administration purposes2 . PAM stands for Pluggable Authentication Modules and is a collection of shared libraries for the authentication of users. As shown in figure 1.9 on the following page, there is a variety of applications which perform user authentication (login, passwd, su . . . ). If user authentication is to be changed, for example a fingerprint scan instead of username and password, then a whole series of applications would have to be newly compiled. PAM helps out here: its own modules take over the task of authentication. If a new authentication method is to be used, then you need to change the module and the PAM configuration of the programs in question. 2 The subject is treated in more detail in the course “SUSE LINUX Enterprise Security: Basics and technical Concepts”.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

25

1 User Administration

Applications login ftp xlock passwd su ...

User

PAM library

Configuration: /etc/pam.d/* Figure 1.9: Flexible user authentication with PAM.

Module type

Control flag

Module path

Arguments

auth 

     

0/required  21 %"$ 3 !#"'&4

#debug '#'&   $(4#$ "3  )

      "!# $  % 

account

  1  5 1  6'#  /0/0'& #

  37 0 " $4

requisite

%.8# )*/0 #)

&!session  '&$(  '& )*+"

   %#/0% /0!&   

optional

use_first_pass %!& ".8 '9$(/ !&  /0'&

password ,-!& ".%'

sufficient   %#/0% /0!&   

#try_first_pass  1 5# $ 2$#  "5 !& ".%'9  ' #)  4

no_warn

Figure 1.10: Structure of a PAM configuration file.

The PAM configuration files are located in the directory /etc/pam.d/3 : earth:~ # ls /etc/pam.d/ . chage chsh login passwd .. chfn cups other ppp

pure-ftpd shadow

squid ssdh

su sudo

useradd xdm

xlock

3 Instead of the files in the directory /etc/pam.d/, other Linux systems use a single configuration file: pam.conf.

26

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.8 PAM Each application has its own configuration file, the one for the program passwd, for example, is called /etc/pam.d/passwd. The structure of such a file is illustrated roughly in Figure 1.10 on the preceding page. We will not go into detail about the configuration, but two examples below should illustrate what it can do.

The Module pam_securetty.so With this module you determine which terminals can be regarded as “secure”. Only the user root may log in at these terminals. The following line in the file /etc/pam.d/login auth

required

pam_securetty.so

activates the module pam_securetty.so for the program login. /etc/securetty the “secure” terminals are then specified:

In the file

earth:~ # cat /etc/securetty # # This file contains the device names of tty lines (one per line, # without leading /dev/) on which root is allowed to login. # tty1 tty2 tty3 tty4 tty5 tty6 ...

Because of this PAM module it is not possible for root to log in via telnet.

The Module pam_nologin.so If the administrator does not want users to be logged in to the system, then he can use the module pam_nologin.so. This is also listed in the configuration file /etc/pam.d/login : auth

required

pam_nologin.so

If this PAM module is integrated, then every type of login by users can be prevented by generating the file /etc/nologin. earth:~ # touch /etc/nologin

A good and detailed documentation on the subject of PAM can be found in the file /usr/share/doc/packages/pam/.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

27

1 User Administration

1.9 faillog If the variable FAILLOG_ENAB in the file /etc/login.defs is set to yes, all unsuccessful login attempts will be logged in the file /var/log/faillog.4 With the command faillog, the file /var/log/faillog is shown in a formatted form: earth:~ # faillog Username Failures root 0 tux 1 geeko 2

Maximum 0 0 0

Latest Mon Jun 11 13:28:13 +0200 2001 on tty1 Fri Sep 7 09:21:18 +0200 2001 on 3 Fri Sep 7 09:21:34 +0200 2001 on 3

In the column Maximum the maximum allowed number of failed login attempts is specified. With earth:~ # faillog

-m 4

you can set the general maximum to four attempts. In order that the user root is not locked out in this way, a special maximum is specified for him: earth:~ # faillog -u root -m 0

These maximum values just created can now be seen in the output of faillog: earth:~ # faillog -a Username Failures Maximum root 0 0 tux 1 4 geeko 5 4

Latest Mon Jun 11 13:28:13 +0200 2001 on tty1 Fri Sep 7 09:21:18 +0200 2001 on 3 Fri Sep 7 09:37:24 +0200 2001 on 3

The last line implies that the next time the user geeko logs in to the system with his correct password, he will not gain access to the system, but receive an error message instead: earth login: geeko Password: exceeded failure limit for ‘geeko’localhost

Exercise: faillog 1. Set a maximum of three failed login attempts for the user samson. 2. As user samson, log in three times with the wrong password, and then use the correct password. 3. As the administrator, how can you cause the user to be able to log in again? Use the manual pages for this. 4 This only applies to login processes which use the program login: logging in to the consoles tty1 to tty6 and via Telnet.

28

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.10 Quotas

1.10

Quotas

Drive space was, is and will continue to be a problem. Whereas 100 KB used to be a luxury, now several 100 MB are quickly used up. In the same proportion that computers are becoming faster and capacities larger, so the need for disk space is also increasing. Undisciplined, a user can easily fill up his 4 GB hard drive with pictures, great software, etc. The quota system of Linux (Unix) supports user discipline. Here you can specify, for every user, how much space he can occupy, and how many files he may create. As well as user quotas, there are also group quotas. In SUSE LINUX Enterprise Server the package quota is required.

/

/aquota.user

Quota for user1

/export

/var

/export/aquota.user

Quota for user1

No quotas on /var

Figure 1.11: Quotas

Disk quota support is already included in the kernel in SUSE LINUX Enterprise Server. Disk quotas can be implemented for partitions with the ext2, ext3 or reiser file system.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

29

1 User Administration The configuration of quotas comprises four steps: 1. Preparing the file system for quotas (mount options) 2. Initializing the quota configuration file (quotacheck) 3. Setting quotas (edquota) 4. Starting (rcquota start) and activating (insserv quota) the quota service

Preparing the File System When the system is started the quotas for the file system must be activated. For this, it needs to be specified for which file systems the quotas are to be activated, and this is done via entries in the file /etc/fstab (see below). There the keyword usrquota must be entered for quotas on the username level, or grpquota for group quotas, for example: /dev/sda2 /dev/sda1 /dev/sda3 /dev/sda4 none none

swap / /export /var /proc /dev/pts

swap ext2 ext2 reiserfs proc devpts

defaults 0 0 usrquota,grpquota usrquota,grpquota defaults 1 2 defaults 0 0 defaults 0 0

1 1

1 2

Here both quota possibilities are activated for the file systems / and /export. It is necessary to remount the corresponding file system: earth:~ # mount -o remount / earth:~ # mount -o remount /export

Initializing the Quota Configuration File Afterwards the quota system must be initialized. This is done using the quotacheck command. This command checks the partitions specified, for which quotas should be activated, in terms of already occupied data blocks and inodes, and stores the determined values in the files aquota.user (for user quotas) and aquota.group (for group quotas). Attention! Up to kernel version 2.4 these files were called quota.user and quota.group and had to be created before quotacheck was run.

30

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.10 Quotas If you execute the command earth:~ # quotacheck -avug

all mounted file systems (-a) are checked for data blocks and inodes which are occupied by users (-u) and groups (-g). The option -v provides a detailed output. When checking mounted file systems, the option -m must sometimes also be given, to force the check. After the command quotacheck has been run, the following files will exist: earth:~ # ls -rw------- 1 -rw------- 1 earth:~ # ls -rw------- 1 -rw------- 1

-l /aquota* root root 6144 May root root 7168 May -l /export/aquota* root root 6144 May root root 7168 May

21 11:57 21 11:57

/aquota.group /aquota.user

21 11:57 21 11:57

/export/aquota.group /export/aquota.user

Configuring Quotas These files contain information in binary format about how much space is occupied by which user or which group, and on what quotas are set up. With the command edquota the administrator can set up and configure quotas: • edquota -u user for setting up user quotas. • edquota -g group for setting up group quotas. Example: earth:~ # edquota -u tux

With the output Disk quotas for user tux (uid 500): Filesystem blocks soft hard inodes /dev/sda5 7820 10000 20000 590

soft 0

hard 0

blocks specifies how much space is currently used, inodes specifies how many files belong to the user on the file system. The values for blocks are given in blocks of 1 KB, independent of the blocks size for the ext2 file system. The value 7820 therefore means that the user tux currently occupies some 8 MB of hard drive space. His soft limit is set at 10 MB, his hard limit at 20 MB. A limit of 0 means no limitation. The soft limits are the limits which may not be permanently exceeded. If the hard limits are reached, then no more space at all may be used. If the user now goes beyond the soft limits, then he has a fixed time available, determined by the quota system, to make space for this by deleting files or blocks. If he neglects to do so, then he can no

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

31

1 User Administration longer create anything new if the borders of the hard limits are crossed, but can only delete files. At these points you must now enter how many files the user may possess and/or how much hard drive space he may occupy. With edquota -t these time limits are specified: Grace period before enforcing soft limits for users: Time units may be: days, hours, minutes, or seconds Filesystem Block grace period Inode grace period /dev/sda1 7days 7days /dev/sda3 7days 7days

By entering earth:~ # edquota -p tux geeko

you can copy the user quotas already set up for the user tux to the user geeko. With the command repquota you obtain an overview of the quotas used: earth:~ # repquota -aug *** Report for user quotas on device /dev/sda4 Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------root -40 0 0 4 0 0 tux +20000 10000 20000 6days 5 0 0

Starting and Activating the Quota Service In order for the quota system to be initialized when the system is booted, the appropriate links must be made in the runlevel directories: earth:~ # insserv quota

Then the quota system can be started: earth:~ # /etc/init.d/quota start

The quota system can also be started or stopped with the following commands: /usr/sbin/quotaon filesystem /usr/sbin/quotaoff filesystem The option -a can be used to activate and deactivate all automatically mounted file systems (except NFS) with quotas. Additional options can be viewed with man quotaon.

32

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.10 Quotas

Exercise: Quotas 1. Using a suitable partition (ext2, ext3 or Reiser file system), ensure that the user user1 may not exceed a soft limit of 100 MB and a hard limit of 150 MB. 2. The group users should be allowed to use a maximum of 100 inodes on this partition. 3. Discuss how you can check your quota configuration.

Summary • The UID (user ID) is the number by means of which the system identifies a user. • The GID (group ID) is the number by means of which the system identifies a group with which users are associated. • Processes always run under a certain UID. • The commands id and groups provide information on the UID and the group membership of a user. • The command su can be used to change the effective UID and the command newgrp to change the effective GID of a user. • The command sudo: – Can be used to delegate administrative tasks to other users. – The configuration file is /etc/sudoers. – The command visudo can be used to edit this configuration file. • The command faillog: – Failed login attempts can be logged in the file /var/log/faillog. – The command faillog returns the content of this file in formatted form. It can also be used to limit the maximum number of failed login attempts.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

33

1 User Administration • Overview of important administration tools: Command

Meaning

faillog

Used to display the content of the file var/log/faillog Displays information on the groups a user belongs to. Information on the UID and the group membership of a user. Used to change the effective GID Used to change the effective UID. Used to delegate tasks of the administrator to another users. Used to modify the file /etc/sudoers. Table 1.4: Administration tools

groups id newgrp su sudo visudo

• Default settings for the users and passwords can be found in the files /etc/login.defs and /etc/default/useradd. • Important files to administrate users and groups are: /etc/passwd /etc/shadow /etc/group /etc/gshadow • YaST can be used to create, edit, and delete users and groups. • The shell commands for managing users and groups are as follows: Command

Meaning

Sets and modifies group passwords; adds or deletes group members; nominates a group administrator groupadd Creates a new group groupdel Deletes a group groupmod Changes the name or the GID of a group passwd Changes, locks and activates a user’s password useradd Creates a new user userdel Deletes a user usermod Modifies a user account Table 1.5: Commands for the administration of users and groups gpasswd

34

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

1.10 Quotas • PAM: – PAM modules enable the flexible configuration of the user authentication. – The files of the PAM configurations can be found in the directory /etc/pam.d/. – Important PAM modules are: pam_nologin, pam_securetty • Quotas serve the limitation of the hard disk space for users and groups. The commands are as follows: Command

Meaning

Used to set up and configure quotas Used to initialise the quota system Used to deactivate the quota system Used to activate the quota system Used to display the files aquota.user aquota.group Table 1.6: Commands for the administration of the quota system

edquota quotacheck quotaoff quotaon repquota

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

and

35

1 User Administration

36

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

2 Bootmanager Learning Aim In this chapter, you will learn • about the purpose of a boot manager • functions of stage1 and stage2 of a boot manager • the main properties of the boot manager GRUB • the structure and the most important parameters of the GRUB configuration file /boot/grub/menu.lst • how the boot process can be configured interactively with the help of the GRUB shell • the alternative boot manager LILO and the main differences from GRUB

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

37

2 Bootmanager

2.1 What is a Boot Manager? To boot the system, a program that is able to boot the respective operating system is needed. This program – the boot loader – loads the operating system kernel which then loads the system. In SUSE LINUX, this task is handled by the boot manager GRUB (GRand Unified Bootloader) (the default boot manager) or the boot manager LILO (LInux LOader). A boot manager can

• boot various operating systems, • specify parameters for the kernel.

The general structure of a boot manager is as follows:

Stage 1 The first stage of a boot manager is usually installed in the Master Boot Record (MBR) of the hard disk. As the space in the MBR is limited to 446 bytes, this program code merely contains the information for loading the next stage. Stage 1 can not only be installed in the MBR but also in the boot sectors of partitions or on a floppy disk. Stage 2 This stage usually contains the actual boot manager. The files of the boot manager are located in the directory /boot.

2.2 The Boot Manager GRUB GRUB is the standard boot manager in SUSE LINUX Enterprise Server. It features the following interesting characteristics:

• Stage 2 includes file system drivers for ReiserFS, ext2, ext3, Minix, JFS, XFS, FAT, and FFS (BSD). Thus, the boot manager can be used to access files by means of files names even before the operating system is loaded. For example, this feature is useful for searching for the kernel and loading it if the boot manager configuration is faulty. • The boot manager GRUB has its own shell which enables the interactive control of the boot manager.

38

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

2.2 The Boot Manager GRUB

2.2.1

Configuring the Boot Manager GRUB

The boot manager GRUB is configured by means of the file /boot/grub/menu.lst. The general structure of this file is as follows: • First the general options such as the background color of the boot manager menu are listed: color white/blue black/light-gray

• This is followed by options for the various operating systems that can be booted with the boot manager. Each entry for an operating system begins with the command title, e.g.: title linux kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 initrd (hd0,0)/boot/initrd

The following example shows a simple configuration file /boot/grub/menu.lst: default 0 timeout 8 title linux kernel (hd0,0)/boot/vmlinuz root=/dev/hda1 initrd (hd0,0)/boot/initrd

The lines mean: • default 0 The first entry (numbering from ”0”) is the default boot entry which is started automatically if no other entry is selected with the keyboard. • timeout 8 The default boot entry is started automatically after 8 seconds. • title linux This is the first entry in the boot menu. By default, this entry is started. • kernel (hd0,0)/boot/vmlinuz This entry describes the kernel location: first partition of the first hard disk. Please note the following regarding the designations for hard disks and partitions: – GRUB does not distinguish between IDE and SCSI hard disks. The hard disk that is recognized by the BIOS as the first hard disk is designated as hd0, the second hard disk as hd1 etc.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

39

2 Bootmanager – The first partition on the first hard disk is called hd0,0, the second partition hd0,1 etc. • root=/dev/hda1 root= serves the specification of the root partition. This is followed by other kernel parameters. • initrd (hd0,0)/boot/initrd Specifies the location of the initial ramdisk (initrd).

Exercise: Configuring GRUB 1. In your GRUB configuration file, add the new entry testrun to the boot menu; specify the parameter vga=normal for the kernel. 2. Test your new configuration by rebooting the computer. Solution proposal Structure of the file /boot/grub/menu.lst: gfxmenu (hd0,2)/boot/message color white/blue black/light-gray default 0 timeout 8

40

title linux kernel (hd0,2)/boot/vmlinuz root=/dev/hda3 initrd (hd0,2)/boot/initrd

vga=791

title testrun kernel (hd0,2)/boot/vmlinuz root=/dev/hda3 initrd (hd0,2)/boot/initrd

vga=normal

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

2.2 The Boot Manager GRUB

2.2.2

The GRUB Shell

As mentioned above, the boot manager GRUB has its own shell. The advantage: if the Linux system does not start due to an error in the boot manager, this built-in shell can be used to boot the system manually. The GRUB shell can be started

1. in the running system or 2. at the boot prompt.

Starting the GRUB Shell in the Running System In order to start the GRUB shell during operation, enter the command grub as root: earth:~ # grub Probing devices to guess BIOS drives. This may take a long time. GRUB

version 0.92

(640K lower / 3072K upper memory)

[ Minimal BASH-like line editing is supported. For the first word, TAB lists possible command completions. Anywhere else TAB lists the possible completions of a device/filename. ] grub>

:;

<=

Like in the Bash, GRUB shell commands can also be completed with the Tab key. In order to find out which partition contains the kernel, use the command find: grub> find /boot/vmlinuz hd(0,2)

The kernel (/boot/vmlinuz) is located in the third partition of the first hard disk (hd0,2).

Exercise: Starting the GRUB shell in the running system • Start the GRUB shell in the running system.

:;

=<

• Press Tab . What happens? (A list of available commands is displayed.) • Enter the first few characters of a command and complete the command :; =< with Tab . • Find out which partition the kernel is located in.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

41

2 Bootmanager Starting the GRUB Shell at the Boot Prompt Proceed as follows in order to start the GRUB shell at the boot prompt:

:;

<=

1. In the graphical boot selection menu, press Esc . You will be taken to a text-based menu.

:;<=

2. Start the GRUB shell (commandline) with c .

Exercise: Starting the GRUB shell at the boot prompt 1. Reboot the computer and open a GRUB shell at the boot prompt. 2. In the shell, search for the kernel (/boot/vmlinuz) and the initial ramdisk (/boot/initrd). 3. Boot the kernel in the shell. To do this, you have to specify the location of the kernel and the ramdisk: kernel (hdn1,n2)/boot/vmlinuz root=/dev/hdan3 initrd (hdn1,n2)/boot/initrd Use the command boot to boot the specified kernel.

2.3 The Boot Manager LILO LILO stands for LInux LOader. As LILO is not the default boot manager of SUSE LINUX Enterprise Server, it is only covered briefly in this section. The LILO configuration file is /etc/lilo.conf. Its structure is similar to that of the GRUB configuration file. Refer to the manual page for more information (man 5 lilo.conf). Attention! When the configuration file /etc/lilo.conf is modified, the command lilo has to be executed in order for the changes to be applied.

42

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

2.4 Additional Information

2.4

Additional Information

Refer to the following sources for additional information on the boot managers GRUB and LILO: • In electronic form in the Linux system: – Manual pages and info files: * * * *

info grub man grub man grub-install

man grub-md5-crypt * man lilo * man 5 lilo.conf

– README files: * In the directory /usr/share/doc/packages/grub * In the directory /usr/share/doc/packages/lilo • On the Internet: – http://www.gnu.org/software/grub/

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

43

2 Bootmanager

Summary • The purpose of a boot manager is to load the operating system. • The default boot manager of SUSE LINUX Enterprise Server is GRUB. • The functions of stage1 and stage2 of a boot manager are as follows: – stage1 is usually installed in the MBR and contains the file system drivers. – stage2 contains the actual boot manager. • The files of the boot manager are located in the directory /boot/. • The GRUB configuration file is /boot/grub/menu.lst. • The GRUB boot manager has an own shell which can be started from the boot prompt as well as in the running system. • Apart from GRUB, the boot manager LILO can also be used. The LILO configuration file is /etc/lilo.conf. • Important commands in this chapter: Command boot find grub lilo

44

Description Boots the kernel in the GRUB shell. Shows the location of the kernel (partition, hard disk). Starts the GRUB shell in the running system. Applies changes to the LILO configuration file /etc/lilo.conf. Table 2.1: Commands for using bootmanagers

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3 The Runlevel Concept Learning Aims In this chapter, you will learn • how the system boots • the function of the initial ramdisk initrd • the function of the init process and its configuration file /etc/inittab • which runlevels are predefined and what they mean • how services are started and stopped by means of the scripts in /etc/init.d/ • the meaning of the special scripts: /etc/init.d/boot, /etc/init.d/halt, /etc/init.d/rc • how to activate and deactivate services with the command insserv • how to use the YaST Runlevel Editor to activate and deactivate services in a runlevel • how to stop and start services when changing the runlevel • how to halt and reboot the system by changing the runlevel

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

45

3 The Runlevel Concept

3.1 The Order of Events When the System Starts The following diagram represents the basic steps when the computer is booted:

BIOS routines BIOS boot manager (GRUB) loads in memory

kernel

initrd

kernel kernel decompresses itself looks for the RAM disk

initrd doesn’t exist => drivers to mount the root file system are already in the kernel

initrd available

mounts

initrd kernel starts

linuxrc linuxrc loads

modules to mount the root file system kernel unmounts

initrd boots from harddisk starts

init init starts

processes, scripts

Figure 3.1: The System Start

46

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3.2 The init Program BIOS > GRUB > kernel: the first three significant steps when a Linux computer is started. The kernel uncompresses itself (Uncompressing Linux . . . ) and organizes the subsequent booting of the system. It searches for the RAM disk, providing one is available. This depends on whether GRUB (Grand Unified Bootloader) has loaded initrd (/boot/initrd). If initrd exists, it is integrated into the kernel. Then linuxrc is started. linuxrc loads the modules required to mount the root file system. When this script is finished, the kernel removes initrd from the system. If no initrd exists, the drivers to mount the file system are already in the kernel. Now the kernel can boot from the hard drive and starts the first process: init. This starts all further processes and scripts required to initialize the system. The system is then up and running.

3.2

The init Program

As mentioned above, initialization of the system is done by /sbin/init, started by the kernel as the first process of the system. This process or one of its child processes starts all further processes. init thus controls the entire booting of the system as well as the shutting down, because init is the last process running, ensuring that all other processes are correctly ended. Because of this position of priority, signal 9 (SIGKILL), with which all processes can normally be ended, has no effect. The central configuration file of init is /etc/inittab. In this file, it is determined what is to happen in the individual runlevels. Various scripts are started by init, depending on these entries. All these scripts are located in the directory /etc/init.d.

3.3

The Runlevels

In Linux, various runlevels define the state of the system. Which runlevel the system starts in when it is booted is defined in the file /etc/inittab by the entry initdefault. This standard runlevel is normally 3 or 5. However, it is also possible to boot to another runlevel. GRUB offers, by default at system start-up, three choices: Linux floppy Linux - Safe Settings

When one of those entries is chosen, the respective options are displayed in the field boot options. For the entry Linux, this is the option starting root=/dev/hd..., which is used to tell the kernel the location of the root partition of the system. Furthermore, the option vga=..., with the resolution for the framebuffer device, is specified in most

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

47

3 The Runlevel Concept cases. At this point, the runlevel to which the system shall boot may be added, too. This parameter is passed to init. An example entry at boot options: root=/dev/hda4 vga=791 1

As root partition, /dev/hda4 is transmitted to the kernel. The framebuffer is configured, the system boots to runlevel 1 (single user mode for administration). The system administrator can also change to another runlevel at a later time, for example: earth:~ # init 1

In the same way, change back to the standard runlevel in which all programs needed for operation are run and where individual users are able to log in to the system. The available runlevels are: Runlevel 0 1 2 3 4 5 6

Meaning

Halt Single-user mode Multiuser mode without network server services Multiuser mode with network (default) Not used Multiuser mode with network and display manager Reboot Table 3.1: Runlevels in Linux and their Meanings

Hint: If the partition /usr of a system is mounted via NFS, runlevel 2 should not be used, because NFS file systems are not available in this runlevel.

A system can be stopped with earth:~ # init 0

and restarted with earth:~ # init 6

Changing the standard runlevel is done with the YaST2 runlevel editor (yast2 > System > Runlevel Editor). If the standard runlevel is 5, users can log in directly in the graphical interface. If it is set to 3, no graphical login is available.

48

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3.4 The File /etc/inittab Attention: A corrupt /etc/inittab can lead to the system no longer booting correctly. You should therefore proceed with great care when making changes to this file. If an error still occurs, it is still possible to boot the system. To do so, insert an additional parameter in the GRUB boot menu (see Section 3.3 on page 47). Instead of the runlevel, insert init=/bin/bash: root=/dev/hda1 vga=791 init=/bin/bash

In this way, the init process is replaced by a shell (so inittab is not read) and you can repair the system manually.

3.4

The File /etc/inittab

The actions connected to the various runlevels are specified in the file /etc/inittab. The init process ensures that all actions specified there are carried out. The format of this file is: id:rl:action:process id is a unique name for the entry in /etc/inittab; it can be up to four characters in length. rl refers to one or more runlevels in which this entry should be evaluated. action describes what init is to do. process is the process connected to this entry. The /etc/inittab contains the following entries: id:5:initdefault:

The entry initdefault signals to the init process to which level it should bring the system. This can be overwritten at the boot prompt by entering a different level there (see above). si:bootwait:/etc/init.d/boot

bootwait means carry out this command while booting and wait until it has finished. The next entries describe the actions for runlevels 0 to 6. l0:0:wait:/etc/init.d/rc 0 l1:1:wait:/etc/init.d/rc 1 l2:2:wait:/etc/init.d/rc 2 l3:3:wait:/etc/init.d/rc 3 #l4:4:wait:/etc/init.d/rc 4 l5:5:wait:/etc/init.d/rc 5 l6:6:wait:/etc/init.d/rc 6

wait means that when changing to the level in question, the appropriate command is carried out and init waits until it has been completed. wait also means that further entries for the level are only performed after this process is completed.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

49

3 The Runlevel Concept The single user mode is a special case. # what to do in single-user mode ls:S:wait:/etc/init.d/rc S ~~:S:respawn:/sbin/sulogin

First, the command to initialize the level is performed, as above. Runlevel S is used by the scripts that are run when changing to runlevel 1. Then the command sulogin is started. respawn means that init waits for the end of the process then restarts it. sulogin is intended only for the system administrator to log in.

:;

<= :;

<= :;

<=

For those accustomed to PCs, Linux also has the Ctrl Alt Del key combination for restarting available. ca::ctrlaltdel:/sbin/shutdown -r -t 4 now

The action ctrlaltdel is carried out by the init process only if these keys are pressed. Should this not be allowed, remove or disable this entry by entering a “#” at the beginning of the line. The final large block describes in which runlevels getty processes (login processes) are started. 1:2345:respawn:/sbin/mingetty 2:2345:respawn:/sbin/mingetty 3:2345:respawn:/sbin/mingetty 4:2345:respawn:/sbin/mingetty 5:2345:respawn:/sbin/mingetty 6:2345:respawn:/sbin/mingetty

--noclear tty1 tty2 tty3 tty4 tty5 tty6

The getty processes provide the login prompt and in return expect a user name as input. They are started in runlevels 2, 3, and 5.1 If a session was ended, the processes are started again by init. If a line is disabled here, no further login is possible at the corresponding virtual console.

3.5 The init Scripts In the directory /etc/init.d, all the scripts used to start and stop services are located. These scripts can be called up in different ways: • Called up directly by init when the system is booted or when the system is shut :; <= :; <= :; <= down, stopped with Ctrl Alt Del , or in the case of a power failure. • Called up indirectly by init when changing the runlevel. Here, it is the script /etc/init.d/rc that runs the necessary scripts in the correct order during the runlevel change. 1 Also

50

in runlevel 4, if this runlevel is used.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3.5 The init Scripts • Called up directly by /etc/init.d/script start or stop This can also be run with rcscript start or stop if corresponding links are set in /sbin/ or /usr/sbin/. When changing to another runlevel, the stop scripts of the current runlevel and the start scripts of the new runlevel are called up via symbolic links to the corresponding subdirectory (/etc/init.d/rcrl.d). These links are created by the program /sbin/insserv. It also ensures that the scripts are run in the correct order (see 3.6 on page 53). Whether a service is started in a specific runlevel depends on whether there are links in the corresponding rc directory to its start and stop scripts. By using symbolic links in the subdirectories, only the script in /etc/init.d/ needs to be modified if changes are made to the start script, but not the entries in the directories for the runlevels. Each of these scripts in /etc/init.d/ is run both as a start script and a stop script. For this reason, they must understand different parameters: Parameter

Description

Starts a service that is not running. Stops a running service and restarts it. Stops a running service. Rereads the configuration of the service without stopping and restarting the service itself. status Displays the current status of the service. Table 3.2: Parameters for the Scripts in the Directory /etc/init.d/ start restart stop reload

To create your own scripts, use the file /etc/init.d/skeleton as a template. The init-info block at the beginning of the script determines which scripts should or should not run. Dependencies may also be specified here. insserv then ensures that the corresponding links are created and that the scripts are run in the correct order. ### BEGIN INIT INFO # Provides: syslog # Required-Start: network # Required-Stop: network # Default-Start: 2 3 5 # Default-Stop: # Description: Start the system logging daemons ### END INIT INFO

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

51

3 The Runlevel Concept Important scripts are briefly described below: • boot This script is started directly by init when the system starts. It is run once and once only. It evaluates the directory /etc/init.d/boot.d and starts all the scripts linked to file names with an “S” at the beginning of their names. These scripts perform a number of tasks: – The kernel daemon is started, which takes over the automatic loading of kernel modules. – The file systems are checked. – Superfluous files in /var/lock/ are deleted. – The system time is set. – Plug-and-Play hardware is configured with the isapnp tools. – In the script /etc/init.d/boot.local, your own system extensions can be added, which are only activated once each time the computer starts. • halt This script is run if runlevel 0 or 6 is started. It is called up either with halt (the system is completely shut down) or with reboot (the system is shut down then rebooted). • rc This script is responsible for the correct change from one runlevel to another one. It runs the stop scripts for the current runlevel then the start scripts for the new one (see also Section 3.6 on the facing page). The services in a runlevel can be activated and deactivated from the command line with the command insserv or in a more comfortable way using the administration tool YaST. Runlevel The YaST Runlevel Editor can be accessed from the YaST menu System > Editor or started directly with yast runlevel.

Exercise: Activating and Deactivating Services 1. Normally, the SSH daemon (sshd) is started in the runlevels 3 and 5. Deactivate this service with the command insserv. 2. What is the easiest way to check if the deactivation was successful? 3. Reactivate the SSH daemon.

52

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3.6 Changing the Runlevel

3.6

Changing the Runlevel

When the runlevel is changed, first the stop scripts of the current runlevel are run, then the start scripts of the new runlevel. Here, only the programs of the old runlevel that are not wanted or required in the new runlevel are ended and only those programs that were not running in the old runlevel but are needed in the new one are started. These scripts for each runlevel are located in the directories /etc/init.d/rcrl.d. All the start scripts begin with an “S” (e.g., S08portmap, S08sshd, S08syslog) and the stop scripts with a “K” (e.g., K03inetd, K12autofs, K12cron). The number that follows determines in which order scripts are started or stopped, so no dependency conflicts occur between programs. These numbers are generated by the program /sbin/insserv after the packages are installed. All dependencies of the start scripts in /etc/init.d/ are freshly calculated and the corresponding start and stop numbers are renewed. The following example (changing from runlevel 3 to runlevel 5) illustrates how such a change takes place. 1. The system is running in runlevel 3. If the system administrator (root) now enters earth:~ # init 5

he informs the init process that the runlevel should be changed. 2. init consults the configuration file /etc/inittab to find out which script to run when changing to this runlevel: /etc/init.d/rc with the parameter 5. 3. Now the program rc compares all the stop scripts of runlevel 3 (the scripts in the directory /etc/init.d/rc3.d that begin with “K”) with the start scripts of runlevel 5 (the scripts in the directory /etc/init.d/rc5.d that begin with “S”). If there is no matching start script for a stop script, the stop script is started, ending the service. The scripts are processed in the order specified by the number after the “K”. If a start script for the stop script exists, the service will continue to run. 4. Then the start scripts of runlevel 5 are compared with the stop scripts of runlevel 3. If there is no matching stop script — if the service is not running in runlevel 3 — the start script is started, starting the service. As with the stop scripts, the start scripts are also started in the order specified by the number in the name. If you want inittab to be reread without changing the runlevel, enter: earth:~ # init q

init will then just load /etc/inittab again, look for any changes in it, and modify the runlevel accordingly.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

53

3 The Runlevel Concept

Exercises: Runlevel Exercise 1 1. While the system is still running, change to runlevel 2. 2. Change back again to the previous runlevel. Exercise 2 1. Change the standard runlevel to 1. 2. Shut down the system. 3. Restart the computer and observe the changes.

3.6.1 shutdown and halt Like most modern operating systems, Linux reacts sensitively to being switched off without warning. The least that can happen is that the file systems need to be checked and corrected before the system can be used again. For this reason, the system should always be shut down properly. With the appropriate hardware, Linux can also switch off the machine as the last stage of shutting down. As already mentioned in Section 3.3 on page 48, the system administrator can halt the system by changing to runlevel 0 and restarting in runlevel 6. There are some other useful commands for properly shutting down the system or restarting it: Command

Description

Ensures an immediate, controlled system halt. All processes are stopped and the system no longer reacts to any input. You can now switch off the computer, if it is not configured to switch off automatically. poweroff Has the same effect as halt, except that the machine is switched off automatically, if this is possible. reboot Reboots the system. shutdown -h time Shuts down the system after the specified time: +m (number of minutes from now), hh:mm (time in hours:minutes, when Linux should shut down), now (system is stopped immediately). With the option -r instead of -h, the system is rebooted (runlevel 6). Without options, it changes to runlevel 1 (single user mode). Table 3.3: Commands for Halting and Rebooting the System halt

54

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3.6 Changing the Runlevel shutdown controls the shut down of the system in a special way, compared to the other stop commands. It informs all users that the system will be shut down and does not allow other users to log in before it shuts down. The command can also be supplied with a warning message, such as: earth:~ # shutdown +5 The new hard drive has arrived

If the shutdown planned for a later time should not be carried out after all, it can be revoked: earth:~ # shutdown -c

Exercise: Shutting Down and Rebooting the Machine 1. Use the command shutdown to shut down your machine in two minutes. Then reboot the machine. 2. Enter the command shutdown as described. 3. Prevent the machine from being shut down.

Summary • The stages when booting the system are as follows: BIOS > > root partition is mounted > init is started

boot manager >

kernel

• The initial ramdisk initrd contains the drivers (kernel modules) needed for booting the system. • init is the central process of the Linux system that starts all other processes. Its configuration file is /etc/inittab. The actions associated with the respective runlevel are defined in this file. • The following runlevels are predefined: Runlevel 0 1 2 3 4 5 6

Meaning

Halt Single-user mode Multiuser mode without network server services Multiuser mode with network (default) Not used Multiuser mode with network and display manager Reboot Table 3.4: Runlevels in Linux and Their Meanings

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

55

3 The Runlevel Concept • Special scripts: – /etc/init.d/boot This script is started directly by init when the system is booted. It reads the directory /etc/init.d/boot.d/ and starts all scripts pointed to by links starting with “S”. – /etc/init.d/halt This script is executed when changing to the runlevels 0 (command halt) or 6 (command reboot). – /etc/init.d/rc Starts the needed scripts in /etc/init.d/ in the correct order when changing the runlevel. • Services are started and stopped by means of the scripts in the directory /etc/init.d/: – When the system is booted – When the runlevel is changed – Manually with: /etc/init.d/script start and stop or rcscript start and stop These scripts support the following parameters: Parameter

Description

Starts a service that is not running. Stops a running service and restarts it. Stops a running service. Rereads the configuration of the service without stopping and restarting the service itself. status Displays the current status of the service. Table 3.5: Parameters for the Scripts in the Directory /etc/init.d/ start restart stop reload

• The command insserv can be used to activate and deactivate services. • The YaST Runlevel Editor can be used to activate and deactivate services in a runlevel. • The system can be halted and rebooted by changing the runlevel.

56

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

3.6 Changing the Runlevel • Overview of the most important commands in this chapter: Command

Description

halt init RL

Stops the system in a controlled manner. Changes to the specified runlevel RL. The option -q reloads the file /etc/inittab. Activates or deactivates a service. Stops the system in a controlled manner and switches the machine off (if this is possible). Starts or stops a service.

insserv poweroff rcscript start or stop reboot shutdown

Reboots the system. Shuts down the system (option -h; Runlevel 0), shuts it down and reboots it (option -r, runlevel 6), or changes to runlevel 1 (if no option is specified). Table 3.6: Commands for Starting and Stopping the System and Services

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

57

3 The Runlevel Concept

58

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

4 YaST and SuSEconfig Learning Aims In this chapter, you will learn • the basics of using the administration tool YaST • how to use YaST in text mode (ncurses interface) • how to start individual YaST modules • the meaning of the configuration files in the directory /etc/sysconfig/ • the function of the script SuSEconfig

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

59

4 YaST and SuSEconfig

4.1 YaST YaST stands for Yet another Setup Tool. Many configuration tasks within the scope of the system administration of SUSE LINUX Enterprise Server can easily be handled with this tool. The appearance of the user interface (ncurses or Qt) depends on the command used for starting YaST and on whether you use the graphical system or the command line. Terminal in X Window

Command line

yast2 Qt ncurses yast ncurses ncurses Table 4.1: Various Ways to Start YaST

In the graphical interface, YaST can be controlled intuitively with the mouse.

Figure 4.1: Appearance of YaST upon Start-up in the Graphical System (with yast2)

60

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

4.1 YaST The ncurses interface is controlled exclusively with the keyboard.

Figure 4.2: YaST in Text Mode (ncurses)

:;

<=

Press Tab to move from one box to another or to the text buttons. To go back to the pre:; =< :; <= vious box, press Alt + Tab . Use the arrow keys to navigate within the box. Highlighted :; <= :;? @BA <= . Often, . To select a menu item, press menu items can be marked by pressing :; <= you can press Alt and the highlighted letter to access an item directly. Except for the controls and the appearance, the graphical mode and the text mode of YaST are identical. Individual modules can also be started directly. Available modules can be listed with the command yast -l or yast --list. An individual module such as the software installation module can be started by specifying its name. Example: earth:~ # yast sw_single

The same rule applies here: yast sw_single – text mode, yast2 sw_single – graphical mode. Other YaST options can be listed with yast --help or yast -h.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

61

4 YaST and SuSEconfig

4.2 /etc/sysconfig/ and SuSEconfig All changes performed with YaST can be distinguished in two categories: • Direct modification of configuration files. Examples: – Installation of software: changes to the RPM database. – The printer configuration is written directly to the configuration files of the cups print system: /etc/cups/. – The runlevel editor modifies /etc/inittab and the links in the runlevel directories /etc/init.d/rcRL.d • YaST modifies the configuration files in /etc/sysconfig. Examples: – The network configuration is saved in /etc/sysconfig/network. – The mail configuration is saved in /etc/sysconfig/mail and /etc/sysconfig/postfix. – The DMA mode for hard disks is set in /etc/sysconfig/hardware. A large part of the configuration of SUSE LINUX is based on the files in the directory /etc/sysconfig/. These files can be edited by means of the YaST modules, with a simple text editor, or with the special YaST editor for /etc/sysconfig. The YaST editor for /etc/sysconfig can be started with yast2 sysconfig. After performing changes with YaST, YaST automatically starts the script /sbin/SuSEconfig. One of the main functions of SuSEconfig is the adaption of various configuration files to the files in /etc/sysconfig/. If the files in /etc/sysconfig/ are edited manually with an editor, the script SuSEconfig should be run in order to write all changes to the actual configuration files. Some of the files in /etc/sysconfig/ are interpreted by start scripts in /etc/init.d/ for the configuration of services. For reasons of clarity, SuSEconfig consists of several subscripts. These are located in the directory /sbin/conf.d/ and begin with “SuSEconfig.” (e.g., SuSEconfig.fonts, SuSEconfig.hostname).

62

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

4.2 /etc/sysconfig/ and SuSEconfig After editing a file in the directory /etc/sysconfig/ and updating all affected files by running SuSEconfig, all involved services must be restarted. For the network, this can be done with the following command: earth:~ # /etc/init.d/network stop earth:~ # /etc/init.d/network start

or earth:~ # /etc/init.d/network restart

For large-scale changes to the system configuration, the following procedure is recommended: 1. Change to the single-user mode (runlevel 1) with: earth:~ # init 1

If you need several consoles, you can also switch to runlevel 2: earth:~ # init 2

2. Perform the respective changes to the configuration files in the directory /etc/sysconfig/ (with an editor or with YaST). 3. Start SuSEconfig manually (unless you performed the changes with YaST) in order to make sure that the affected configuration files are updated. 4. Change back to the previous runlevel: earth:~ # init 3

Exercise: /etc/sysconfig and SuSEconfig Exercise 1 How can you find out which scripts in /etc/init.d read the file /etc/sysconfig/hardware? Exercise 2 1. Make a copy of the file /etc/sysconfig/security. 2. Start the YaST Security module with yast security and increase the security level to 3 (network server). 3. Now compare the current /etc/sysconfig/security with the copy you made. 4. Discuss the change in the file /etc/sysconfig/security. How can you find out the effect of this change on the system?

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

63

4 YaST and SuSEconfig

Summary • YaST can be controlled graphically (Qt interface) and in text mode (ncurses interface). • The individual modules can be started directly: yast2 modulename. • The central configuration of SUSE LINUX Enterprise Server is based on the files in the directory /etc/sysconfig/. • SuSEconfig makes sure that changes to the files in /etc/sysconfig/ are adopted by the individual program-specific configuration files. • SuSEconfig consists /sbin/conf.d/.

64

of

several

subscripts

located

in

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

the

directory

5 System Monitoring Learning Aims In this chapter, you will learn • about the functions of the syslog daemon • how to configure the syslog daemon • the central log file /var/log/messages • how to view log files and boot messages • how to archive log file with the program logrotate • how to monitor the free and used hard disk space with df and du

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

65

5 System Monitoring

5.1 The Syslog Daemon The syslog daemon is used by many services to log system events. The advantage in using one single service for logging is that all this can be managed from one single configuration file. The syslog daemon accepts messages from system services and logs them according to information in its configuration file, /etc/syslog.conf: # /etc/syslog.conf - Configuration file for syslogd(8) # # For info about the format of this file, see "man syslog.conf". # # print most on tty10 and on the xconsole pipe # kern.warn;*.err;authpriv.none /dev/tty10 kern.warn;*.err;authpriv.none |/dev/xconsole *.emerg * # enable this, if you want that root is informed # immediately, e.g. of logins #*.alert root ...

The file /etc/syslog.conf contains one rule per line. Each rule consists of two fields, separated by spaces or tabs. The category is given in the first field, which is always allocated a priority, separated by a dot. The second field specifies what should be done with the corresponding system messages. The category refers to the subsystem that provides the corresponding message. Each program that uses syslog for logging is assigned such a category. The following categories exist: authpriv, cron, daemon, kern, lpr, mail, news, syslog, user, uucp, local0 to local7 The categories are defined as follows: authpriv Used by all services that have anything to do with system security or authorization. All PAM messages use this category. The ssh daemon uses the auth category. cron Accepts messages from the cron and at daemons. daemon Used by various daemons that do not have their own category, such as the ppp daemon. kern A category for all kernel messages.

66

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

5.1 The Syslog Daemon lpr Messages from the printer system. mail Category only for messages from the mail system; this is important, since many messages may arrive here very quickly. news Category for messages from the news system; as with the mail system, many messages may need to be logged in a short time. syslog Internal messages of the syslog daemon. user General category for messages on a user level. It is used by login, for example, to log failed login attempts. uucp Messages of the uucp system. local0 – local7 Eight categories are available that you can define yourself. All of the local categories can be used in your own programs. With this, messages from your own programs can be administered individually through entries in the file /etc/syslog.conf. The priority gives details about the urgency of the message. The following priorities exist (increasing degree of urgency): debug, info, notice, warning, err, crit, alert, emerg The priorities are used as follows: debug Should really only be used for debugging purposes, as all messages of this category and higher are logged. info Priority for messages that are purely informative. notice Messages that describe normal system states and should be noted. warning Priority for messages displaying deviations from the normal state. err This priority displays the occurrence of an error. crit Informs of critical conditions for the program concerned. alert For messages of this priority level, the system administrator is required to take immediate action to keep the system functioning. emerg Messages with this priority are really too late, since this value warns that the system is no longer usable.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

67

5 System Monitoring As mentioned before, the second field in the entries determines what will be done with the corresponding message. The following options are available here: • Output of a file Adding a “-” before the file name specifies that the file is not synchronized for each entry.1 Example: mail.*

-/var/log/mail

• Specifying the device file for a text console All corresponding messages are sent to the console specified. Example: kern.warn;*.err;authpriv.none

/dev/tty10

• Specifying a FIFO file (named pipe) by putting the pipe character ’|’ in front of the file name All corresponding messages are written into the FIFO file. For example: kern.warn;*.err;authpriv.none

|/dev/xconsole

• Specifying a user list All users mentioned who are logged in receive a message on their text terminal (does not function with all terminal types). Example: *.alert

root,tux

• Specifying a computer name with a prefixed “@” Messages are forwarded to the computer specified and logged there by syslog, depending on the configuration on that computer. Example: *.*

@mars.example.com

• “*” All users logged in receive a message via wall. Example: *.crit

*

1 Files may be lost without immediate synchronization (e.g., if the system crashes). But immediate synchronization takes longer.

68

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

5.1 The Syslog Daemon The rules listed are always valid for the specified priority and all higher priorities: • By adding an equal sign “=” before the priority, the rule is set only for messages of this priority. Example: *.=warn;*.=err

-/var/log/warn

• If an exclamation mark (“!”) is set before the priority, this and all higher priorities are excluded from logging. Example: mail.*;mail.!=info

/var/adm/mail

• If an “*” is given, this stands for “all categories” or “all priorities”. • To exclude a certain category from logging, set “none” as the priority. Example: *.*;mail.none;news.none

-/var/log/messages

Parameters for the syslog daemon may be specified in the file /etc/sysconfig/syslog. The variable KERNEL_LOGLEVEL determines the logging level for the kernel log daemon (klogd). The variable SYSLOGD_PARAMS may be used to pass start parameters to the daemon. For example, if you want a host to log messages of other hosts, the syslog daemon of the host that should accept the messages from a remote syslog must be started with the option “-r”. The entry in the file /etc/sysconfig/syslog then appears as follows: # # if not empty: parameters for syslogd # for example SYSLOGD_PARAMS="-r -s my.dom.ain" # SYSLOGD_PARAMS="-r"

Exercise: Syslog Daemon For this exercise, cooperate with one of your classmates. 1. Student A is to configure his system’s syslog daemon in such a way that messages of another syslog daemon are accepted over the network (option in /etc/sysconfig/syslog). 2. Student B is to insert an entry in the file /etc/syslog.conf by means of which system messages are forwarded to the host of student A, e.g.: *.*

@earth1

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

69

5 System Monitoring 3. Restart the syslog daemons on both system. Take a look at the file /var/log/messages on the system of student A.

5.2 Important Log Files The log file to which most messages are written is the file /var/log/messages. Often hints can be found here about why, for example, a service does not function properly when it starts. The entry “-- MARK --” is written to the file by the syslog daemon every twenty minutes if no other messages to log exist. This makes it easy to check whether the syslog daemon was running the whole time or, if the entries “-- MARK --” in the file /var/log/messages are missing, if the daemon has been restarted. Log files can best be read with the command tail. Entering earth:~ # tail /var/log/messages

displays the last ten lines of the file, which are also the most current entries. With tail -n, specify the number of lines to display. If you want to have new messages displayed immediately, use the interactive mode with tail -f. Entering earth:~ # tail -20f /var/log/messages

switches tail to interactive mode. The last 20 lines of the file /var/log/messages are displayed. If new messages are added these are displayed immediately. The display is closed with CD CtrlEF CDCEF . Messages from the mail system are written by default to the file /var/log/mail and those of the news system to files in the directory /var/log/news, because these two subsystems often generate many messages, so a single log file would quickly become very large and unwieldy. When the system is booted, all messages of the boot scripts are displayed on the first virtual console. This often happens so fast that you cannot read all the messages. It is possible, however, to read the boot messages in the file /var/log/boot.msg. The messages of the kernel during the boot procedure can be displayed with the command /bin/dmesg. Another important file is /var/log/wtmp. This file exists in a binary form. Its contents can only be displayed with the command last (/usr/bin/last). Information is recorded here about which user was logged on from where and for how long. Because of the binary format, it is difficult to manipulate entries in this file.

70

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

5.3 Archiving Log Files

5.3

Archiving Log Files

It is important to ensure that log files do not get to large or to complex or require to much space inside the system. For this reason, the size and age of log files are monitored automatically. This is the function of the program logrotate (/usr/sbin/logrotate). logrotate is run daily by the cron daemon (/etc/cron.daily/logrotate). The program checks all listed log files for the given parameters by means of its configuration files. This way, files may be compressed or deleted either in regular intervals or when a determined size is reached. In the same way it may be determined how many compressed versions of a log file are kept over what period of time. Also, the forwarding of log files via e-mail is possible. The configuration file of logrotate is /etc/logrotate.conf. General parameters are specified here: # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # uncomment these to switch compression to bzip2 #compresscmd /usr/bin/bzip2 #uncompresscmd /usr/bin/bunzip2 # RPM packages drop log rotation information into this directory include /etc/logrotate.d ...

In the example, the log files are created or replaced, respectively, once a week (weekly). On that occasion, the old file is saved under a new name and a new, empty log file is created (create). Unless the option rotate is specified, the old files are deleted. In this example, the last four versions of the log file are kept (rotate 4). If the option compress is activated, the copies are stored in a compressed form. Those options, however, may be superseded by the entries of the files to monitor. All the files to monitor must be listed. This will either be done through the entries in /etc/logrotate.conf (see above, entry /var/log/wtmp [options]) or in the form of separate configuration files. Many RPM packages contain preconfigured files for the evaluation of logrotate, which are stored in the directory /etc/logrotate.d. The files contained in that directory are read by logrotate by means of the entry include /etc/logrotate.d in the file /etc/logrotate.conf.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

71

5 System Monitoring The log files that are created by the base package aaa_base are entered into the file /etc/logrotate.d/aaa_base. The treatment of the log files written by syslog is determined in /etc/logrotate.d/syslog: /var/log/mail /var/log/news/* ... /var/log/warn /var/log/messages ... { compress dateext maxage 365 rotate 99 missingok notifempty size +4096k create 644 root root sharedscripts postrotate /etc/init.d/syslog reload endscript }

Those files will not be “rotated” weekly but as soon as they come to a size of 4096 kB (size +4096k). Ninety-nine versions of each of the files will be kept (rotate 99), with old log files stored compressed (compress). As soon as one of the compressed files is older than 365 days, it is deleted (maxage 365). If a log file is empty, no rotation takes place (notifempty). New log files are created after the rotation and owner, group, and permissions are specified (create 644 root root). Scripts may be called after the rotation (postrotate . . . endscript). Some services, for instance, have to be restarted after log files have been changed. In this example, the syslog daemon will reread its configuration files after the rotation (/etc/init.d/syslog reload). A complete list of all possible options is given in the man page logrotate. Most of the services whose log files should be monitored come with preconfigured files, so only minor adjustments are normally necessary. The general parameters for the behavior of logrotate are specified in the file /etc/logrotate.conf. Every log file to monitor must be listed in /etc/logrotate.conf or the parameters for the monitoring may be specified in a separate file in the directory /etc/logrotate.d.

72

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

5.4 Monitoring Hard Drive Space

5.4

Monitoring Hard Drive Space

The command df (disk free) is used to monitor hard drive space. For all mounted partitions, it displays how much space is still occupied and available. With the option -h (for human readable) the output is given in units of GB or MB, which is easier to interpret. tux@earth:~ > df -h Filesystem /dev/hda1 /dev/hda2 /dev/hda3 /dev/hda5 /dev/hda6 /dev/hda7 shmfs /dev/hda8

Size 500M 2.0G 7.0G 500M 3.0G 2.0G 374M 19.0G

Used Avail Use% Mounted on 152M 348M 31% / 551M 1.4G 27% /opt 1.3G 5.7G 18% /rest 141M 359M 29% /tmp 2.5G 521M 84% /usr 119M 1.8G 6% /var 0 373M 0% /dev/shm 5.4G 13G 29% /home

To find out how large individual files or directories are, use the command du (disk usage). Without any options, it displays, for each subdirectory and the current directory, how large these are in units of 1 kB. Some useful options: Option -h -c -s -a

Description Provides an easier to read output in kB and MB. Displays the total as the final value. Useful to determine how much space is taken up by all files with a specific extension (e.g., .tex). Shows only the total amount; useful to find out how much space is taken up by directories. Displays the size of directories and files. Table 5.1: Command df: Important options

Examples: tux@earth:~ > du 4 ./Letters 400 . tux@earth:~ > du -h 4.0k ./Letters 400k . tux@earth:~ > du -ha 4.0k ./Letters 4.0k ./file1 4.0k ./file2 308k ./file3 76k ./file4 400k .

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

73

5 System Monitoring With earth:~ # du -h -c /home/tux

first the size of the directories in the home directory of the user tux is given then, with total, the total size of the directory (here the size of files it contains is also taken into account).

Exercise: Monitoring hard drive space 1. Find out how full the partitions on your system are. 2. Have displayed how much hard drive space is occupied by the home directory of the user user1.

Summary • The syslog-daemon logs system messages by means of entries in the file /etc/syslog.conf. Messages are sorted according to category and priority and written to files or forwarded to specific users or remote computers. • The most important log files of the system can be found in the directory /var/log. The main log file is /var/log/messages. • You can easily view the content of a log file with tail -f. The last ten lines of a file are displayed. Use the option -f to start the interactive mode in which the output is updated automatically. • Boot messages are written to the file /var/log/boot.msg. • The command dmesg can be used to get the boot messages of the kernel. • Log files are monitored for size and age by logrotate, which in turn is called at regular intervals by cron. If required, log files are compressed, archived, or deleted. • You can monitor how full partitions or directories are with the commands df and du.

74

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

5.4 Monitoring Hard Drive Space • An overview of important commands and programs: Command df dmesg du last logrotate tail

Meaning Shows the amount of occupied and free hard disk space. Produces kernel messages during the boot procedure. Shows the size of files and directories. Displays the content of the file /var/log/wtmp. Monitors the size and age of log files. Displays the last ten lines of a file. Use the option -f to start the interactive mode. Table 5.2: Commands for system monitoring

• An overview of important files and directories: File or directory

Meaning

Configuration file of the program logrotate. /etc/logrotate.d/ Directory containing preconfigured files for evaluation by logrotate. /etc/sysconfig/syslog This file contains parameters of the syslog daemon. /etc/syslog.conf Configuration file of the syslog daemon. /var/log/boot.msg Log file for boot messages. /var/log/mail Log file for the mail system. /var/log/messages Most important log file of the Linux system. /var/log/news/ Directory containing log files for the news system. /var/log/wtmp Logs which user was logged in when, from where, and for how long. Table 5.3: Files and directories for system monitoring /etc/logrotate.conf

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

75

5 System Monitoring

76

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

6 Data Backups Learning Aims In this chapter, you will learn • about the most important backup media • about incremental and differential backup strategies • how to create, view, and extract archives with tar • the commands for compressing and decompressing data • how to synchronize local directories with rsync • how to create partition images with dd • how to use mt to control tape drives • how to automate backups with cron

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

77

6 Data Backups

6.1 Data Backup Strategies Backing up data on a suitable medium is one of the most important tasks a system administrator has. Usually large amounts of data are involved which must be backed up, so that first a decision has to be taken on which media are to be used. Tape drives are usually used because these still have the best price to capacity ratio. These are SCSI drives, so that it is all the same to Linux what sort of drives are ultimately available (DAT, EXABYTE, DLT . . . ). Apart from this, tapes have the advantage that they can be reused relatively simply. Other media for data backup include writable CDs or DVDs, removable hard drives and MO (Magnetic-Optical) drives. More and more frequently, so-called Storage Area Networks (SAN) can be found: here a network is set up which serves only to back up data from different computers on a central backup server. But even here the backup is ultimately made on magnetic tapes. When organizing data backups, a compromise must be made between the different requirements. On the one hand, reconstruction of lost data should happen as quickly as possible, on the other, the amount of data to be backed up should be kept as small as possible, that is, only that data is saved which has changed since the last backup. The more data there is to be saved, the more resources are required (such as the number of tapes, the capacity of the network . . . ). How often a backup is carried out depends on the importance of the data. If the data is highly sensitive (i.e. the future of the company is dependent on it) then a complete daily backup is unavoidable. With lesser sensitivity, it is sufficient to carry out a complete backup once a week. Fundamentally, various tapes must be available which are overwritten in a rolling process. Incremental and differential backups are two frequently-used strategies. • Incremental: backup of the changes since the last backup. • Differential: backup of the changes since the last full backup.

78

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

6.1 Data Backup Strategies

Mon Tue Wed Thu Fri

Full backup

Mon Tue Wed Thu Fri

Full backup

Incremental backup

Differential backup

Figure 6.1: Incremental and Differential Backup Strategy

Depending on the backup scheme, several tapes are needed. The following table shows a common backup scheme for which 21 tapes are needed: Monthly backup Weekly backup Daily backup (incremental or differential)

12 tapes 5 tapes 4 tapes ∑ 21 tapes

The backup tapes should be stored separately from the server. This will prevent the backups from being lost in case of fire in the server room, for example. Sensitive data therefore belongs in a safe, ideally at a completely different location.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

79

6 Data Backups

6.2 Backup Tools in Linux Linux has a large variety of tools for data backup and three of them are introduced below. Each of the tools has different features, even though they can all be used for a “normal” backup.

6.2.1 Data Backup with tar tar (tape archiver) is the most commonly used tool for data backup. It archives files in a special format, either directly on a corresponding medium (such as magnetic tape or formatted floppy disk), or to a so-called archive file. Normally though, the data is not compressed. By convention, names of archive files end in .tar. If archive files are compressed (usually with the command gzip; see page 82), then the extension of the file name is either .tar.gz or .tgz. The command first expects an option (which is why it can also be used without a minus sign), then the name of the archive to be written (or the device file) and the name of the directory to be backed up. All directories and files beneath this are also saved. Directories are typically backed up with: earth:~ # tar -cvf /dev/st0 /home

This command backs up the complete contents of the directory /home to the tape device /dev/st0 (this is the first SCSI tape drive). The option -c (create) stands for creating the archive. The option -v (verbose) provides a detailed list, that is, the name of each file just backed up is displayed. After the option -f (file) the name of the archive to be created is given. This can either be a device file (such as a tape drive) or a standard file: earth:~ # tar -cvf /backup/etc.tar /etc

With this command the archive etc.tar is created, which contains all files from the directory /etc. When an archive is created, absolute paths are by default made relative, that is the leading “/” is removed. This message appears: tar: Removing leading ‘/’ from member names

To pack files from an archive back together again, enter: earth:~ # tar -xvf /dev/st0

This causes all files in the archive to be written to the current directory. Due to the relative path specifications in the tar archive, the directory structure is created here. If you want to extract to another directory, this can be done with the option -C, followed by the directory name. If just one single file is to be extracted, the name of this file must be specified: earth:~ # tar -xvf /test1/test.tar -C /test2 home/user1/.bashrc

80

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

6.2 Backup Tools in Linux Some other important options: Option -r -u -d

Meaning Appends files to an archive. Only includes files in an archive which are newer that the version in the archive (update). Compares files in the archive with those in the file system. Table 6.1: Command tar: Important options

If specific files are to be excluded from the backup, a list of these must be written in a file, line by line. This list is then passed on to tar with the option -X: earth:~ # cat exclude.files /home/user1/.bashrc /home/user2/Text* earth:~ # tar -cvf /dev/st0 /home -X exclude.files

In this example the file /home/user1/.bashrc and all files in the directories of the user user2 which start with the string Text are not saved to tape. The contents of an archive can be displayed with the following command: earth:~ # tar -tvf /dev/st0

If only files are to be backed up which are more recent than a specific file, then it is best to use a combination of the commands find and tar, for example: earth:~ # find /home -newer last_backup -type f -exec tar -rvf neu.tar {} \;

Now all files (-type f) are backed up which are more recent than the file last_backup. It is important to use tar here with the option -r (append files to an archive). If the option -c is used, then the archives will always be newly created (overwritten), and only the last file to be found will exist in the final archive.

Exercise: tar Archives 1. Create the tar archive /tmp/home.tar containing your entire home directory ( G ). 2. Change to the directory /tmp and extract only one file, e.g. the file .bashrc. 3. Compare the owner and time stamp of the extracted file and of the original file.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

81

6 Data Backups Compressing and Decompressing Data Linux offers various tools for compressing and decompressing data: • gzip [options] file This command can be used to compress and decompress data. The compressed data is marked with the suffix .gz. This command is only suitable for compressing individual files. To save several files or entire directories in a compressed file, use the command tar (see Section 6.2.1 on page 80). The following are some useful options of gzip: Option

Meaning

-c, --stdout, --to-stdout

Compresses the file without modifying the original file. The result is written to the standard output (usually the screen). From there, it can be redirected to a file with “>”. Decompresses the specified file instead of compressing it (compare gunzip; see below).

-d, --decompress, --uncompress -n, --fast, --best

Controls the compression speed. -1 means --fast and causes a quick compression but produces larger files. -9 corresponds to --best and requires more computing time but produces smaller files. The default setting is -6. -r, Also compresses and decompresses files in all sub--recursive directories. Table 6.2: Command gzip: Important options

Examples: earth:~ # gzip *.tex

This command compresses all .tex files in the current directory, resulting in files with the suffix .tex.gz. earth:~ # gzip -c price_list > price_list_backup.gz

This command compresses the file price_list. The file itself is not modified. The result of the compression is written to the file price_list_backup.gz. • gunzip file.gz This command decompresses a file compressed with gzip and removes the suffix .gz. This function corresponds to the command gzip -d file.

82

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

6.2 Backup Tools in Linux • bzip2 [options] file This is another command for compressing files, resulting in files that are usually about twenty to thirty percent smaller than the files compressed with gzip. The disadvantage is that more computing time is required for the compression. Here are some important options: Option

Meaning

-c, --stdout, --to-stdout

Compresses the file without modifying the original file. The result is written to the standard output (usually the screen). From there, it can be redirected to a file with “>” (see gzip above). Decompresses the specified file instead of compressing it (compare bunzip2; see below).

-d, --decompress, --uncompress -1 to -9

Determines how much memory is allocated for the compression: -1 requires 1.1 MB, -9 requires 6.7 MB. The default setting is -9 and produces the best result. Table 6.3: Command bzip2: Important options

• bunzip2 file.bz2 This command decompresses a file compressed with bzip2 and removes the suffix bz2. Its function corresponds to the command bzip2 -d file. • zcat file.gz This command can be used to decompress files compressed with gzip and write them to the standard output (usually the screen). The compressed file is not modified. The function of zcat corresponds to the command gunzip -c -d. tar archives can be compressed in two different ways: 1. In two separate stages: (a) Creation of the tar archive (b) Compression with gzip or bzip2 2. With a single command: tar -czf userlist.tar.gz ... The tar option -z (or --gzip) compresses or decompresses the tar archive immediately. The option -j (or --bzip2) compresses or decompresses the archive with bzip2.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

83

6 Data Backups

6.2.2 Mirroring Directories with rsync The command rsync (remote synchronization) is actually intended to create copies of complete directories across a network to a different computer. But it can also be used to carry out local mirroring of directories. In doing so, only those files are copied which are not already in the target directory, or only exist in older versions. Actually only parts of a file are copied which have changed (and not the entire files). The mirroring of all home directories can be carried out by running the following command: earth:~ # rsync -a /home /shadow

In this example the mirroring is made to the directory /shadow. There the directory home is first created, and then beneath it, the actual home directories of the users. If instead, the home directories are to be created directly beneath the target directory specified (that is, for example /shadow/tux), then this is achieved with the following command: earth:~ # rsync -a /home/. /shadow

Specifying “/.” at the end of the directory to be mirrored has the effect that this directory is not included in the copy. The option -a used in the examples puts rsync into the so-called archive mode. This is a combination of various other options (namely rlptg), which ensures that the characteristics of the files to be copied are identical to the originals. The following features are retained: • symbolic links, • access permissions, • owners, • group membership and timestamp. The option -r ensures in addition that directories are copied recursively. Other important options for rsync: Option

Meaning

Only files on one file system are saved, which means that symbolic links to other file systems are not followed. --delete Files which no longer exist in the original directory are also deleted from the mirrored directory. --exclude-from Specifies a file containing file names which should not be backed up. Table 6.4: Command rsync: Important options -x

84

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

6.2 Backup Tools in Linux The last option can be used as follows: earth:~ # rsync -a --exclude-from=/home/exclude /home/. /shadow/home

Here all files located in the file /home/exclude are not backed up. Empty lines or lines beginning with “;” or “#” are ignored.

6.2.3

Copying Data with dd

With the command dd files can be converted and copied byte-wise. Normally dd reads from the standard input and writes the result to the standard output. With the corresponding parameters, however, files can also be addressed directly. You can copy all kinds of files with this command, including device files, which means entire partitions. Exact copies of an installed system (or just parts of it) can thus be created very simply. In the simplest case a file can be compared with the command: earth:~ # dd if=/etc/protocols of=protocols.org 12+1 records in 12+1 records out

With the option if= (input file) the file to be copied is specified, and with the option of= (output file), the name of the copy. Copying files in this way is done on the basis of socalled records. The standard size is 512 bytes. The above output therefore means that 12 complete records of the standard size and a further incomplete record (that is, less than 512 bytes) were copied. If the record size is now modified by the option bs= (block size), then the output will also be modified: earth:~ # dd if=/etc/protocols of=protocols.old bs=1 6561+0 records in 6561+0 records out

A file listing shows that their sizes are identical: earth:~ # ls -l protocols* -rw-r--r-1 root root -rw-r--r-1 root root

6561 2002-08-31 11:46 protocols.old 6561 2002-08-31 11:45 protocols.org

If a complete partition is now to be copied, then the corresponding device file should be given as the input: earth:~ # dd if=/dev/sda1 of=boot.partition 32066+0 records in 32066+0 records out

dd can be used to create a backup copy of the MBR (Master Boot Record): earth:~ # dd if=/dev/sda of=/tmp/mbr_copy bs=512 count=1

This command copies one block (count=1) of 512 bytes (bs=512) from the first hard disk (/dev/sda) to the file /tmp/mbr_copy.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

85

6 Data Backups While files are copied using dd, they can also be converted at the same time. The option for this is conv=. The various conversions are passed to the option as parameters, separated by commas. The most important parameters are: Parameter

Meaning

lcase Conversion of all uppercase letters to lower case. ucase Conversion of all lower case letters to upper case. ascii Conversion from EBCDIC to ASCII. ebcdic Conversion from ASCII to EBCDIC. Table 6.5: Command dd: Parameters for Converting Files

A typical use of the command dd is to create a boot disk. Here a special kernel is written to an unformatted floppy disk (that is, without a file system).

6.3 Working with Magnetic Tapes To work with magnetic tapes, Linux has the command mt. With this, tapes can be positioned, compression can be switched on or off (with some SCSI-2 tape drives) and the status can be queried. Magnetic tape drives in Linux are always SCSI devices and can be addressed by various names: • /dev/st0 refers to the first tape drive. • /dev/nst0 addresses the same tape drive in the no rewind mode, that is, after writing or reading, the tape remains at that position and is not rewound back to the beginning. For reasons of compatibility to other Unix conversions, two symbolic links exist: /dev/rmt0 and /dev/nrmt0. The status of the tape is given by entering: earth:~ # mt -f /dev/st0 status drive type = Generic SCSI-2 tape drive status = 620756992 sense key error = 0 residue count = 0 file number = 0 block number = 0 Tape block size 0 bytes. Density code 0x25 (unknown). Soft error count since last status=0 General status bits on (41010000): BOT ONLINE IM_REP_EN

86

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

6.3 Working with Magnetic Tapes The most important information here is the details of the file number (file number, starting at 0) and the block numbers (block number, starting at 0), where the tape is positioned. In this example the tape is positioned at the beginning of the first file. To position the tape at the next file, the following command is used: earth:~ # mt -f /dev/nst0 fsf 1

The tape will now start before the first block of the second file. This can be seen from the output of the command: earth:~ # mt -f /dev/nst0 status drive type = Generic SCSI-2 tape drive status = 620756992 sense key error = 0 residue count = 0 file number = 1 block number = 0 Tape block size 0 bytes. Density code 0x25 (unknown). Soft error count since last status=0 General status bits on (81010000): EOF ONLINE IM_REP_EN

On the one hand the file number is now set to 1, on the other, the final line of the output now contains EOF (end of file) instead of BOT (beginning of tape). With the option bsf the tape can be repositioned back by a corresponding number of files. If the tape is to be positioned several files further, then a different number instead of 1 should be given as the last parameter. In general when positioning the tape, /dev/nst0 should always be specified as the device file. If this file is now read (for example, a tar archive is unpacked), then the tape will be at the end of the file (recognizable by a value different to 0 for the block number): earth:~ # mt -f /dev/nst0 status drive type = Generic SCSI-2 tape drive status = 620756992 sense key error = 0 residue count = 0 file number = 1 block number = 18 Tape block size 0 bytes. Density code 0x25 (unknown). Soft error count since last status=0 General status bits on (1010000): ONLINE IM_REP_EN

If the tape is to be spooled back to the beginning after the reading or writing process, this is done by entering: earth:~ # mt -f /dev/nst0 rewind

The tape is now at the beginning. If you want it to be ejected from the drive then you use the command: earth:~ # mt -f /dev/nst0 offline

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

87

6 Data Backups Normally tapes should always be written without compression, because otherwise it is no longer possible to recover the subsequent data in case of a write or read error. To check whether data compression is switched on or off, this command is used: earth:~ # mt -f /dev/st0 datcompression Compression on.

The command shows whether data compression is switched on or off. If the parameter on or off is specified at the end, then data compression will be switched on or off. By default compression is switched on (as in this example). If the tapes are to be written to or read from different Unix systems, problems may occur, at least with DAT drives. In most cases this is because of the different block sizes. With tar these can be specified (option -b), but also the default settings of the drive can be changed: earth:~ # mt -f /dev/st0 setblk 512

This command sets the block size to 512 bytes.

6.4 Automating Data Backups Backing up data is a task which should be carried out regularly. In Linux this can be automated with the cron service. System jobs are controlled via the file /etc/crontab and the files in the directory /etc/cron.d, and they are defined via the scripts in the directories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and /etc/cron.monthly. Specifying which users may create cron jobs is done through the files /var/spool/cron/allow and /etc/spool/cron/deny, which are evaluated in precisely this order. If both files do not exist then only root may define jobs. The jobs of individual users are stored in files in the directory var/spool/cron/tabs with names matching the user names. These files are processed with the command crontab (see man crontab). An example of a job: 0 22 * * 5 /root/bin/backup

The script /root/bin/backup is started every Friday at 10 o’clock in the evening. The format for the line is described in man 5 crontab.

88

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

6.4 Automating Data Backups

Summary • Various media are available for backups: tape drives, CD, DVD, removable drives , MO drives. • The following strategies are often used for backups: – Incremental: backup of the changes since the last backup. – Differential: backup of the changes since the last full backup. • tar is the most frequently-used backup tool. • The following commands can be used to compress and decompress data: gzip, gunzip, bzip2, bunzip2, zcat. • With the command rsync you can perform local mirroring of directories. • With the command dd files can be copied and converted byte by byte. • Linux provides the command mt for working with magnetic tapes. • Automatic backups can be carried out using the cron service. • An overview of important commands in this chapter: Command

Description

crontab dd bunzip2 bzip2 gunzip gzip mt rsync

For processing files for cron jobs. Copies and converts files byte by byte. Decompresses a file compressed with bzip2. Compresses and decompresses a file. Decompresses a file compressed with gzip. Compresses and decompresses a file. For working with tapes. Creates copies of entire directories on another host or mirrors directories locally. Archives files on a medium or in an archive file. Writes a file compressed with gzip to the default output in decompressed form. Table 6.6: Commands for data backups

tar zcat

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

89

6 Data Backups

90

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

7 Integrating Hardware Learning Aims In this chapter you will learn • how to use fdisk to check and modify the partitioning of a hard disk • how to create ext2, ext3, and Reiser file systems • how to mount a file system – with the command mount – by means of the file /etc/fstab • about kernel modules and their directory /lib/modules/ • the most important commands for handling kernel modules: lsmod, insmod, modprobe, depmod • the configuration file /etc/modules.conf

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

91

7 Integrating Hardware

7.1 Adding a Hard Disk to the System In order to integrate a hard disk into the Linux-System so that Linux automatically recognize it and you can access it immediately, three steps are necessary: 1. partition the hard disk, 2. create a file system, 3. mount the file system. Various Linux tools are available to do this.

7.1.1 Partitioning a Hard Disk The program fdisk is used for partitioning hard disks. When starting fdisk you enter the name of the hard disk or the device name as a parameter. To do this you must know which hard drive is involved (IDE, SCSI) and which “rank” it has (the first IDE hard disk in the system, the second IDE hard disk in the system). This results in names such as: • /dev/hda — IDE hard disk, master on the first IDE controller • /dev/hdb — IDE hard disk, slave on the first IDE controller • /dev/hdc — IDE hard disk, master on the second IDE controller • /dev/sda — first SCSI hard disk • /dev/sdb — second SCSI hard disk So fdisk is run like this: earth:~ # fdisk /dev/hdb

fdisk is used with the keyboard: a letter, followed by example: Letter d m n p

92

C HBI EF D?

, carries out an action, for

Action Deletes a partition. Gives a short summary of the fdisk commands. Creates a new partition. Shows a list of partitions which are currently available on the hard disk specified.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

7.1 Adding a Hard Disk to the System Letter q t w

Action Ends the program fdisk without saving changes. Sets the type of a partition. Saves the changes made to the hard disk. Table 7.1: Keyboard Shortcuts for fdisk

A maximum of four primary partitions can be set up on a hard disk (Intel)1 . If you need more partitions, then you declare one of these four as an “extended” partition and then you can create further “logical” partitions in it (SCSI hard disks: max. 14; IDE-drives: max. 63). For an empty hard disk this will first appear as follows: Command (m for help): p Disk /dev/hdb: 32 heads, 63 sectors, 528 cylinders Units = cylinders of 2016 * 512 bytes Device Boot

Start

End

Blocks

Id

System

Command (m for help):

A primary partition is created with n: Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-528): 1 Last cylinder or +size or +sizeM or +sizeK (1-528, default 528): +128M Command (m for help):

Entering the command p displays the partition table with the current settings: Command (m for help): p Disk /dev/hdb: 32 heads, 63 sectors, 528 cylinders Units = cylinders of 2016 * 512 bytes Device Boot /dev/hdb1

Start 1

End 131

Blocks 132016+

Id 83

System Linux

Command (m for help):

1 In

the various architectures (Intel, SUN, Alpha, PowerPC) there are different partitioning types.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

93

7 Integrating Hardware This partition table contains all the relevant information on the partition created: • This is the first partition of this hard disk (Device, hdb1). • It begins at cylinder 1 (Start) and ends at cylinder 131 (End). • It consists of 132016 blocks (Blocks). • Its so-called Hex code (Id) is 83 (see page 95). • Its type is Linux (System). Further partitions can be set up, for example an extended partition. This is also done with n, afterwards e is selected: Command (m for help): n Command action e extended p primary partition (1-4) e Partition number (1-4): 2 First cylinder (132-528): 132 Last cylinder or +size or +sizeM or +sizeK (132-528, default 528): 528 Command (m for help): p Disk /dev/hdb: 32 heads, 63 sectors, 528 cylinders Units = cylinders of 2016 * 512 bytes Device Boot /dev/hdb1 /dev/hdb2

Start 1 132

End 131 528

Blocks 132016+ 400176

Id 83 5

System Linux Extended

Command (m for help):

If an extended partition has been created, then logical partitions can be set up: Command (m for help): n Command action l logical (5 or over) p primary partition (1-4) 5 First cylinder (132-528, default 132): 132 Last cylinder or +size or +sizeM or +sizeK (132-528, default 528): +128M Command (m for help): p Disk /dev/hda: 32 heads, 63 sectors, 528 cylinders Units = cylinders of 2016 * 512 bytes Device Boot /dev/hdb1 /dev/hdb2 /dev/hdb5

Start 1 132 132

End 131 528 262

Blocks 132016+ 400176 132016+

Id 83 5 83

System Linux Extended Linux

Command (m for help):

94

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

7.1 Adding a Hard Disk to the System The standard type for these partitions is Linux. If a swap partition is to be created, for example, then the type must be changed. Command (m for help): t Partition number (1-5): 5 Hex code (type L to list codes): 82 Changed system type of partition 5 to 82 (Linux swap) Command (m for help): p Disk /dev/hdb: 32 heads, 63 sectors, 528 cylinders Units = cylinders of 2016 * 512 bytes Device Boot /dev/hdb1 /dev/hdb2 /dev/hdb5

Start 1 132 132

End 131 528 262

Blocks 132016+ 400176 132016+

Id 83 5 82

System Linux Extended Linux swap

Command (m for help):

With the command L or l you receive a Hex code list to change the partition type: 0 1 2 3 4 5 6 7 8 9 a b c e f 10 11 12 14 16 17 18

Empty FAT12 XENIX root XENIX usr FAT16 <32M Extended FAT16 HPFS/NTFS AIX AIX bootable OS/2 Boot Manag Win95 FAT32 Win95 FAT32 (LB Win95 FAT16 (LB Win95 Ext’d (LB OPUS Hidden FAT12 Compaq diagnost Hidden FAT16 <3 Hidden FAT16 Hidden HPFS/NTF AST Windows swa

1b 1c 1e 24 39 3c 40 41 42 4d 4e 4f 50 51 52 53 54 55 56 5c 61

Hidden Win95 FA Hidden Win95 FA Hidden Win95 FA NEC DOS Plan 9 PartitionMagic Venix 80286 PPC PReP Boot SFS QNX4.x QNX4.x 2nd part QNX4.x 3rd part OnTrack DM OnTrack DM6 Aux CP/M OnTrack DM6 Aux OnTrackDM6 EZ-Drive Golden Bow Priam Edisk SpeedStor

63 64 65 70 75 80 81 82 83 84 85 86 87 8e 93 94 9f a0 a5 a6 a7

GNU HURD or Sys Novell Netware Novell Netware DiskSecure Mult PC/IX Old Minix Minix / old Lin Linux swap Linux OS/2 hidden C: Linux extended NTFS volume set NTFS volume set Linux LVM Amoeba Amoeba BBT BSD/OS IBM Thinkpad hi BSD/386 OpenBSD NeXTSTEP

b7 b8 c1 c4 c6 c7 da db de e1 e3 e4 eb ee ef f1 f4 f2 fd fe ff

BSDI fs BSDI swap DRDOS/sec (FATDRDOS/sec (FATDRDOS/sec (FATSyrinx Non-FS data CP/M / CTOS / . Dell Utility DOS access DOS R/O SpeedStor BeOS fs EFI GPT EFI (FAT-12/16/ SpeedStor SpeedStor DOS secondary Linux raid auto LANstep BBT

The procedure is completed by entering the command w, which writes changes to the table. Attention! When the new table is written you are not asked for confirmation if you really want to do this.

Exercise: Partitioning a hard disk On your hard disk, create 3 additional partitions of 500 MB each.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

95

7 Integrating Hardware

7.1.2 Creating a File System mkfs Creating file systems (ext2, ext3, MS-DOS, MINIX, XFS, JFS) is performed with the command mkfs (make file system). mkfs is a front-end for the commands for creating file systems. The structure is mkfs.type, for example mkfs.ext2, mkfs.ext3, mkfs.msdos, mkfs.xfs, or mkfs.minix. For this reason, the file system type must be specified together with the command (with the option -t type). If no type is specified, the command automatically creates an ext2 file system. If an ext2 or ext3 file system is created with mkfs, then various parameters may be specified: Meaning

Option

This determines the size of the data blocks in the file system. Values of 1024, 2048, . . . , 16384 are allowed for the block size. -i bytes_per_inode This determines how many inodes are created on the file system. For bytes_per_inode the same values are possible as for the block size. A larger value should be chosen for the block size, however, since it makes little sense to have a larger number of inodes than data blocks. -j This creates an ext3 Journal on the file system. Table 7.2: The Command mkfs: Options for Creating an ext2 or ext3 File System -b blocksize

If the first two parameters are not given, the data block sizes and the number of inodes is chosen by mkfs, depending on the size of the partitions. The command mke2fs (corresponds to mkfs.ext2 and mkfs.ext3) can also be used to create an ext2 or ext3 file system (see man mke2fs).

96

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

7.1 Adding a Hard Disk to the System mkreiserfs To create a Reiser file system, the command mkreiserfs is used. Various parameters or options may be given here, such as: Option

Meaning

Here the size of the partition is specified in number of blocks. If this parameter is not given, mkreiserfs will determine the block size automatically. --format format Specifies the format of the Reiser file system:: 3.5 or 3.6 Table 7.3: The Command mkreiserfs: Options for Creating a Reiser File System number_of_blocks

An example of creating a partition with an ext2 file system earth:~ # mkfs -t ext2 /dev/hdb1 mke2fs 1.17, 26-Oct-1999 for EXT2 FS 0.5b, 95/08/09 Linux ext2 filesystem format Filesystem label= 25688 inodes, 102400 blocks 5120 blocks (5.00%) reserved for the super user First data block=1 Block size=1024 (log=0) Fragment size=1024 (log=0) 13 block groups 8192 blocks per group, 8192 fragments per group 1976 inodes per group Superblock backups stored on blocks: 8193, 16385, 24577, 32769, 40961, 49153, 57345, 65537, 73729, 81921, 90113, 98305 Writing inode tables: done Writing superblocks and filesystem accounting information: done earth:~ #

Here a 100 MB partition was formatted with the standard values, that is: • 5120 blocks (5.00%) reserved for the super user 5% of the entire space is reserved for the system administrator; if the hard disk is 95% full, then a normal user may not use any more space. • 25688 inodes, 102400 blocks The number of bytes per inode is 4 KB. • Block size=1024 (log=0) The block size is 1 KB. this is the smallest units which can be allocated (each file occupies a minimum of 1 KB).

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

97

7 Integrating Hardware

Exercise: Creating a file system Create an ext2, an ext3, and a Reiser file system on the three newly created partitions.

7.1.3 Mounting the File System After the file system has been created, the partition in question needs to be mounted. To do this, the partition is linked to a directory with the mount command: earth:~ #

mount -t ext2 /dev/hdb1 /mnt

Or, for a partition with ReiserFS: earth:~ # mount -t reiserfs /dev/hdb2 /mnt

The command mount can also be run without giving details of the file system type (option -t). In this case the file system type is automatically detected and the partition is mounted correspondingly. The file system can be unmounted with the command umount. earth:~ # umount /mnt

If you want the file system to be automatically mounted the next time the system boots, then a corresponding entry must be made in the file /etc/fstab.

7.1.4 The File /etc/fstab The file /etc/fstab specifies which device files are mounted to the file system, with which file system type and with which options, when the system is booted. Each line stands for one device file and is divided into six fields. An example: /dev/hdb1

/reallynew

ext2

usrquota,grpquota 1

2

The fields mean: Field 1 Name of the device file. Field 2 The mount point, that is, the directory where the file system is to be mounted. The directory specified here must already exist. Field 3 Type of file system (e.g. ext2, reiserfs).

98

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

7.2 Kernel Modules Field 4 Mounting options. Multiple options are separated by commas (e.g. defaults, noauto, ro). The option user implies that even normal users (e.g., tux) are authorized to mount the device file in the Linux system. This usually affects the CD-ROM drive (/dev/cdrom) and the floppy disk drive (/dev/fd0). Field 5 This determines whether the file system is to be backed up by the data backup program dump. 0 stands for do not process. Field 6 This specifies in which order the file system check (with the program fsck) should run when rebooting: • 0 for file systems which should not be checked, • 1 for route directories, • 2 for all other file systems which can be modified. At this point the order is also defined in which individual file systems are mounted (e.g. first /var/, then /var/tmp/).

In the above example (see page 98) the first partition of the IDE hard disk is linked to the directory /reallynew when the system boots, and can be reached via this path. The options usrquota,grpquota ensure that these limitations are supported by the file system (quotas must be activated separately, however).

Exercise: Mounting the file system Mount the three new partitions in the file systems at the mount points /data1, /data2, and /data3.

7.2

Kernel Modules

Drivers and features of the Linux kernel can either be compiled into the kernel or be loaded as kernel modules. These modules can be loaded later, while the system is running, without having to reboot the computer. Especially kernel components which are not required to boot the system are integrated as modules, so the kernel may be kept relatively small. The kernel modules are located in the directory /lib/modules/version/kernel, so for example the modules of the 2.4.19 kernel can be found in the directory /lib/modules/2.4.19-4GB/kernel.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

99

7 Integrating Hardware

7.2.1 Commands for Using Modules The following commands are available to work with modules: • lsmod lists the currently loaded modules in the kernel. • insmod module loads the given module into the kernel. For this, it must be available in the directory /lib/modules/version/. It is recommended, however, to use modprobe for loading modules (see below). • rmmod module removes the given module from the kernel. It can only be removed, however, if no processes are accessing hardware connected to it or corresponding services. rmmod -a removes from memory all modules currently not required. • modprobe module loads the given module into the kernel. In contrast to insmod, dependencies of other modules are taken into account when this is done. In addition, modprobe reads in the file /etc/modules.conf. The command can only be used if the file /lib/modules/version/modules.dep (see below) exists. For more detailed information, see man modprobe. The kernel daemon (Kmod since kernel version 2.2.x) ensures that modules needed in the running operation are automatically loaded using modprobe (for example, to access the CD-ROM drive). • depmod -a creates the file /lib/modules/version/modules.dep. This contains the dependencies of individual modules on each other. When a module is loaded (for example with modprobe), it is ensured that all modules dependent on it are also loaded. If it does not exist, the file modules.dep is loaded automatically when the system starts, by the start script /etc/init.d/boot. Thus it is not necessary to create this file manually.

100

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

7.2 Kernel Modules An example of a module list displayed with lsmod: Module parport_probe parport_pc parport minix loop es1371 soundcore nfsd eepro100 hisax isdn slhc

Size 2980 5600 6884 22360 7456 23628 2148 150528 12112 97016 82060 4300

Used by Not tainted 0 (autoclean) 0 (autoclean) 0 (autoclean) [parport_probe parport_pc] 1 (autoclean) 2 (autoclean) 2 4 [es1371] 3 (autoclean) 1 (autoclean) 1 (uninitialized) 0 [hisax] 0 [isdn]

In this list it can be seen which modules are currently loaded (1st field: Module), the size of the modules (2nd field: Size) and how often (3rd field: Used) they are used by other modules (4th field: by). Memory space occupied by the modules is then released. Modules can also be removed with rmmod -a (see above).

7.2.2

The File /etc/modules.conf

This file is the configuration file for the kernel modules. For example, it contains parameters for the modules which access hardware directly. It thus plays an important role in loading modules. Various command types can be found in it, for example: • alias instructions determine which kernel module is to be loaded for which device file. Example: alias

eth0

8139too

• options instructions are options for loading a module. Example: options

ne

io=0x300

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

101

7 Integrating Hardware

Summary • A maximum of four primary partitions can be created on a hard disk (Intel). Further partitions can be made with an “extended” partition, in which further “logical” partitions are set up. • The command fdisk can be used to check and modify the partitioning of a hard disk. • File systems can be mounted – with the command mount, – by means of the file /etc/fstab. This file specifies which file systems are mounted automatically when the system is booted. • Kernel modules: – Kernel modules are kernel components that are loaded dynamically (usually hardware drivers). – They are located in the directory /lib/modules/. – The configuration file for kernel modules is /etc/modules.conf. • The most important commands for handling kernel modules are: lsmod, insmod, modprobe, depmod • The file modules.dep contains all module dependencies. For the 2.4.19 kernel these are in the directory /lib/modules/2.4.19-4GB. • An overview of important commands in this chapter: Command

Description Creates the file modules.dep. Partitions a hard disk Loads a module into the kernel. Lists current kernel modules. Creates a ext2 or ext3 file system. Creates a file system. Creates a Reiser file system. Loads a module into the kernel, taking into account module dependencies. Mounts a file system to the Linux system. Removes a module from the kernel. Unmounts a file system. Table 7.4: Commands for Integrating Hardware

depmod fdisk insmod lsmod mke2fs mkfs mkreiserfs modprobe mount rmmod umount

102

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8 The X Window System Learning Aims In this chapter, you will learn • the client/server architecture of the X Window System • how to start the components of the X Window System step by step • two possibilities for starting the X Window System (startx, xdm/kdm) • starting a second X server • access control possibilities • configuration options for the X server

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

103

8 The X Window System

8.1 The X Window System The X Window System (or simply X or X11) allows you to control the input and output of several applications in different windows of a graphical interface. You need to distinguish here between graphical applications, which run in their own windows, and text-based applications, which are carried out in a terminal window. The X Window System was created in 1984 at MIT (Massachusetts Institute of Technology). The aim of the development was to be able to use graphical applications across a network, independently of hardware. This means it is possible with the X Window System to display and operate graphical applications on any monitors, without running them on the machines to which these monitors are connected. The basis for this is the separation into a server component (X server) and the application itself (client application), which communicate with each other by way of various communication channels. X server — The X server controls the graphical screen. This corresponds roughly with what would be called a “graphics driver” on other systems. In addition, it manages the input devices, such as keyboard and mouse, and transmits their actions to the X client. The X server, however, has nothing to do with the appearance of the window and the desktop; this is the task of the window manager. XFree86 3.3.x and its successor XFree86 4.x are free implementations. SUSE LINUX Enterprise Server defaults to using XFree86 4.x. Client application – The client application is a graphical application that uses the services of the X server to receive keyboard and mouse actions and to have its own output displayed on the screen. Window managers are specialized client applications. A window manager works together with the X server and provides additional functionality. Its tasks are: • providing control elements • managing virtual desktops • providing functionality of window frames (for example, changing their size) The X Window System is not linked to any specific window manager and thus not to any particular look and feel. SUSE LINUX Enterprise Server is currently released with some window managers, including kwin (the KDE window manager), mwm (Motif Window Manager), and twm (Tab Window Manager).

104

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8.1 The X Window System Desktop environments go far beyond the look and feel window managers provide for desktops and manipulating windows. The aim is to provide clients with a unified look and feel. KDE is the standard graphical desktop for SUSE LINUX Enterprise Server. As can be seen in Figure 8.1, the X server is running on the computer earth, while the X applications are running on the machines sun and venus. The display of the client applications, however, is performed by the X server on the machine earth. These computers may have different architectures.

Network sun

LMLMLMNMLNMLNML NLNLNL LLMMLMNMLLMNNML NLLNNL LMNML NL OOOOOOO QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR QQRR OOPPPQQ RR OOPPP OOPPP OOPPP OOPPP OOPPP OO PPP venus

X−applic. from sun

X−application from venus

earth

JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJKK JJ Figure 8.1: X Server and Client Applications Run on Different Computers

8.1.1

Display Names

On one computer, a number of X servers may be running to which, in turn, a number of monitors can be connected. For a client application to know on which X server input and output is performed, it is informed of the display name. The syntax for this is as follows; host:display_nr.screen_nr host Name (or IP address) of the computer to which the monitor is connected. If no computer is given, the local monitor is used.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

105

8 The X Window System display_nr defines the number of the display. A display is a unit consisting of a monitor (or several monitors), a keyboard, and a mouse. Normally, the display is 0, because computers only have one display. Large multiuser systems may quite possibly have a number of displays, each of which have a unique number. Normally they are counted upwards, starting with 0 for the first display, 1 for the second display, etc. To start a second X server on a computer with only one display, you also need to set the display number for this to another value (e.g., 1) (see Section 8.3.1 on page 110). screen_nr Displays may have more than one monitor as their display unit. This number specifies on which monitor client applications should display their output. Normally the display name is given in the environment variable, DISPLAY, but it can be passed on to an client application with the option -display display_name.

8.2 Starting the X Window System Step by Step The said distinction of the X server, client application, and window manager is not perceivable during normal operation; once you have logged in by way of the graphical login, the entire environment is at your command. However, in order to identify the structure more clearly, the individual components can also be started individually. For this purpose, terminate the running X server with the following command: earth:~ # init 3

Then start the X server by executing the command X from a text console. /usr/X11R6/bin/X is a link to /var/X11R6/bin/X. This, in turn, is a link to the actual X server /usr/X11R6/bin/XFree86. tux@earth:~ > X &

The result of this command is a gray area with a mouse pointer cross. Users cannot use the pure X server in a meaningful way, but X applications can use the X server for the graphical output. The X server can be terminated with CD CtrlEF CD AltEF CD U T S EF . If you start a graphical application from the same console from which the X server was started in the background, the following error message is displayed: tux@earth:~ > xterm xterm Xt error: Can’t open display: %s

The application xterm lacks the information on the X server to use. The X server needs to be addressed specifically, as it may be active on the same machine or on a different machine, or several X servers may be active on one machine.

106

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8.2 Starting the X Window System Step by Step Graphical applications interpret the variable DISPLAY , which contains the needed information. However, in the above example this variable is not set. If this variable is set, the program command will work and an xterm window will appear on the gray surface. tux@earth:~ > DISPLAY=localhost:0 xterm &

or tux@earth:~ > DISPLAY=:0 xterm &

Figure 8.2: The X Server with a Terminal

If you move the mouse pointer over the window, commands can be entered in the window. You can now start an application or a window manager.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

107

8 The X Window System Starting an Application To start an application on this X server (such as xterm), enter in a terminal: tux@earth:~ > xterm -g 80x25-0+30 &

Figure 8.3: The X Server with Two Terminals

The numbers after -g define the geometry of the application started: • size of the application window, for example, 80x25. This means the window is 80 characters wide and 25 characters high. • Position of the application, such as -0+30. This means the window is 0 points away from the right-hand edge display and 30 points from the upper edge of the display. “+” means: distance from the left or upper margin “-” means: distance from the right or lower margin Important: Processes in the terminal should only be started in the background, so the shell is still available for further processes. However, the size and the position of the window cannot be changed afterwards. A window manager is required to do this.

108

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8.2 Starting the X Window System Step by Step Starting a Window Manager To start a window manager (such as mwm), enter in the terminal: tux@earth:~ > mwm &

Figure 8.4: The X Server with a Terminal and the mwm Window Manager

The window manager changes the appearance of the desktop and the frames of existing windows, which also feature a title bar. The functionality and behavior of the X desktop are also redefined when the window manager is started.

Exercise: Start X Server and Application 1. Switch to a virtual terminal (e.g., tty1) and terminate the running X server with the command init 3. 2. Start an X server with X. 3. Start an xterm with xterm -g 80x25-0+30 & 4. From the xterm window, start a window manager (twm, mwm, or kwin).

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

109

8 The X Window System

8.3 Starting the X Server with a Window Manager Without a window manager, the X desktop is restricted in its use. For this reason, the X server is normally started together with a window manager. In runlevel 3 (no graphical login), use the script startx. To ensure a secure start-up of the X server, the script /usr/X11R6/bin/startx performs a system check. Then it starts the application xinit, which in turn starts the X server. The environment variable WINDOWMANAGER is interpreted. Upon start-up, startx activates the shared plaintext cookies that play a role in connection with the security mechanism xauth (see Section 8.5.2 on page 114, man Xsecurity). If necessary, the system administrator can replace startx with a custom script.

8.3.1 Starting a Second X Server Normally, only one X server is started. To start a second X server, for example, as root, this is done with: earth: # startx -- :1

Entering this starts a second X server with its output on tty8 (this can be reached with F8EF ). The first X server can be reached, as before, with CD CtrlEF CD AltEF CD F7EF . In CD CtrlFE CD AltEF CD this way, it is also possible to start a third or fourth X server. With earth: # startx -- :2

another X server is started with output on tty9 (can be reached with CD CtrlEF CD AltEF CD F9EF ).

Exercise: Start a Second X Server 1. Start a second X server on your computer. 2. Alternate between the two X servers.

8.3.2 Log File for the X Server When it starts, the X server generates a detailed log file, which can be helpful in finding problems with the X server. The XFree86 4.x X server creates this file according to the following pattern: /var/log/XFree86.display_nr.log Because the first X server started automatically has the display number 0 (for display numbers, see Section 8.1.1 on page 105), the name of its log file is: /var/log/XFree86.0.log

110

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8.3 Starting the X Server with a Window Manager The beginning of this log file looks like this: XFree86 Version 4.2.0 / X Window System (protocol Version 11, revision 0, vendor release 6600) Release Date: 18 January 2003 If the server is older than 6-12 months, or if your card is newer than the above date, look for a newer version before reporting problems. (See http://www.XFree86.Org/) Operating System: SuSE Linux [ELF] SuSE Module Loader present Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/var/log/XFree86.0.log", Time: Thu Febr 21 08:33:23 2003 (==) Using config file: "/etc/X11/XF86Config" (==) ServerLayout "Layout[all]" (**) |-->Screen "Screen[0]" (0) (**) | |-->Monitor "Monitor[0]" (**) | |-->Device "Device[0]" (**) |-->Input Device "Keyboard[0]" ...

The first line shows the version of the X server. You can see on what sort of system the X server was compiled in the line beginning with Operating System:. Then there are the log entries, including: • Markers: lists what the markers before individual entries mean. The most important are: Markers

Meaning

(--) (**) (==) (++) (WW) (EE)

Values derived from system hardware detection. Settings taken from the configuration file. Default settings for the X server. Values passed from the command line. Hints about settings the X server does not carry out. Messages that caused the start process or the X server to crash. In these lines, you will normally find the reason why the X server did not start correctly. Information messages about version numbers of X server modules, etc. Table 8.1: Markers in the Log File of the X Server

(II)

• Log file: displays the name of this log file. • Time: states when this log file was created — precisely when this X server was started. • Using config file: displays the name of the configuration file for the X server. © 2004, SUSE LINUX AG (http://www.suse.de/training/)

111

8 The X Window System

Exercise: Display the log file 1. Display the log files of the X servers.

8.4 Graphical Login If the Linux system is configured accordingly and an X server is running on the local machine, after the system has booted, the welcome window of the X interface starts, instead of the login prompt at a virtual console. This login window is generated by xdm or kdm. If the window manager GNOME is used, gdm is used for the login. These programs do not have to run on the local host; they can also use it as a mere X terminal. • xdm The configuration files of xdm are located in the directory /etc/X11/xdm/. The central configuration file is /etc/X11/xdm/xdm-config. • kdm The configuration files of kdm — the login manager of KDE — are located in the directory /etc/opt/kde3/share/config/kdm/. The central configuration files are /etc/opt/kde3/share/config/kdm/kdmrc and /opt/kde3/share/config/kdm/kdmrc. • gdm The configuration files of gdm — the login manager of GNOME — are located in the directory /etc/opt/gnome2/gdm/. The central configuration file is /etc/opt/gnome2/gdm/gdm.conf. The kdm display manager provides every user who has logged in to the system with a choice of window managers. After user name and password have been entered, the display manager executes the instructions of the file G /.xsession plus (in SUSE Linux) the instructions of the file G /.xinitrc and starts the window manager or user interface selected by the user. When the last X client entered in G /.xsession (usually the window manager) is terminated, the X server, too, is terminated and restarted, after which the login screen of the X server is displayed. If the file G /.xsession does not exist, only the file G /.xinitrc is evaluated. If this file is not available either, the file /etc/X11/xdm/sys.xsession is read. If this, too, is missing, the file xinitrc (without the dot) in /usr/X11R6/lib/X11/xinit/ or in /etc/X11/xinit/ is read.

112

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8.5 Protection from Unauthorized Access The login screen of the X server can also be relayed to a remote host. To do this, the following setting is required in the file /etc/sysconfig/displaymanager on the host whose login screen should be used: DISPLAYMANAGER\_REMOTE\_ACCESS="yes"

Then run SuSEconfig. This program will disable the following line in the configuration file of xdm (/etc/X11/xdm/xdm-config): !DisplayManager.requestPort: 0

Then you can get the login screen by entering the following on the remote host: X -query host :1 Enter “:1” if you already have a running X server on your local host (can be accessed with

F7EF ). The login screen from the remote host can be accessed with CD CtrlEF CD AltEF CD CtrlEF CD AltEF CDV CD F8EF .

8.5

Protection from Unauthorized Access

Due to the following characteristics of the X Window System: • it is divided into server and client components • it communicates across a network • it is easy for an client application to make a connection to an X server a series of security problems arises. To avoid such security problems, several mechanisms were developed to provide protection from unauthorized access (see man Xsecurity), for example: • xhost — Host-based access monitoring • xauth — Key-based access protection • ssh — Network accesses via a secure shell

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

113

8 The X Window System

8.5.1 xhost xhost only provides a very simple form of access monitoring, allowing or denying specific computers or users access to the X server. The following options for xhost are possible: Option

Meaning

+host

The host specified with host is allowed access to the X server. The + can also be omitted. Denies access to the X server to the host specified with host (who was previously granted access with xhost +). Allows all hosts access to the X server. Denies all hosts access to the X server, which had been granted with xhost +. Table 8.2: Command xhost: Options

-host + -

By merely entering xhost, list users and machines who are granted access. If you want to grant certain users or machines permanent access, it is best to enter this into the local configuration file G /.xinitrc. The disadvantage of xhost is that every user who logs in to a host with access authorization will also have access to the X server.

8.5.2 xauth Access protection via xauth is based on a magic cookie — a key (hexkey) every user needs who wants access to the X server. By default in SUSE Linux, when an X server starts, such a key is generated and written to the file G /.Xauthority1 . The keys are hex numbers with 33 digits. When a user starts a client application, this first reads the key from the file G /.Xauthority then passes it on, with a connection request, to the X server. If the key matches, the X server allows the connection. Otherwise it will be rejected. With the command xauth list, a list of all keys for known displays is given, for example: tux@earth:~ > xauth list earth.example.com:0 MIT-MAGIC-COOKIE-1 a92b6ab18556b6c39899d78dff69abb4 earth/unix:0 MIT-MAGIC-COOKIE-1 a92b6ab18556b6c39899d78dff69abb4

It is possible with xauth add and xauth remove to add or remove a key and its display to or from this list. 1 If

114

required, such a key can also be generated manually with the program keygen.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8.5 Protection from Unauthorized Access The xauth procedure is user-based. The xhost procedure is computer-based. If xauth is used, access from all hosts to the X server should be refused with xhost -

8.5.3

ssh

With the secure shell, an encrypted communication between hosts is possible over a potentially insecure network. Each hosts has a private and a public host key. Authentication between hosts is carried out by one host encrypting its request with the public key of the other host and sending it to that host. Only the other host can decode the request with its private key. The entire session between the hosts is additionally secured via a session key, which, for security reasons, is only located in the main memory of the computer and is regularly regenerated. If, for example, the user tux wants to log in via ssh on the machine sun, he must type in the following: tux@earth:~ > ssh sun Enter passphrase for RSA-key ’tux@earth’: The authenticity of host ’sun (192.168.0.22)’ can’t be established. RSA1 key fingerprint is 8f:04:ed:b9:56:c9:16:c0:f4:11:43:c8:88:3b:e5:c2. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ’sun,192.168.0.22’ (RSA1) to the list of known hosts. tux@sun password: Have a lot of fun... tux@sun:~ >

With the option -l, the user name can also be given: tux@earth:~ > ssh -l tux sun

To redirect input and output on the host sun to the host earth (automatic display redirection), for example, enter:2 tux@earth:~ > ssh -X sun

Here, the X protocol is forwarded through an X tunnel (X11 forwarding).

Exercise Exercise 1: Using ssh On your neighbor’s computer, start an xterm through an ssh tunnel, which is then displayed on your monitor. 2 With

SSH, such an X tunnel is set up by default. With OpenSSH, you must specify -X to achieve this.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

115

8 The X Window System Exercise 2: Using ssh 1. Log in on your computer as a normal user with: ssh -X -l user localhost 2. Start an xterm in the background. 3. Log out again with exit. What happens? 4. Close the terminal opened in the second step with exit. What happens? Exercise 3: Using ssh and xauth 1. Execute echo $DISPLAY in order to check which value the variable contains (usually :0.0). 2. Log in to your computer as root using: ssh -X -l root localhost 3. Enter: echo $DISPLAY What do you notice in the output? (Now the variable contains localhost:10.0.) How can you explain this? 4. Start an xterm in the background. Is it possible? 5. Enter xauth list. What can you see? 6. Enter xauth remove host/unix:10, and then xauth list. What can you see? 7. Try again to start an xterm in the background. Explain why this does not succeed (message: connection rejected because of wrong authentication)

8.6 Configuring the X Server Various tools are available for configuring the X server (XFree86 4.x): SaX2 (Package sax2) SaX2 supports the X server and can therefore be used with the mouse. /usr/X11R6/bin/xf86config In contrast to SaX2, this is a text-based program for configuring the X server. /usr/X11R6/bin/xvidtune This program can be used to configure the screen dimension (width, height). The modelines that define the screen size are contained in the file /etc/X11/XF86Config under section "Modes".

116

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

8.6 Configuring the X Server The configuration file of the X server is /etc/X11/XF86Config. It contains specifications such as the mouse settings, the keyboard, the resolution, and the frequency. Default values for some X applications (e.g., xterm, xclock) are defined in the file G /.Xdefaults and can also be modified here, if necessary. Furthermore, there is a file called G /.Xresources. However, this is merely a link to the file G /.Xdefaults. If these files are modified, the X server must be restarted or the command xrdb must be executed to reread the file G /.Xdefaults (the needed options can be viewed with xrdb --help). KDE and GNOME applications use different configuration files. More detailed information about configuring the X server is provided by the files in the directory /usr/share/doc/packages/xf86/.

Summary • The X Window System consists of a server component (X server) and client applications. • A display name has the following structure: host:display_nr.screen_nr Example: mars.example.com:0.0 • The X server (/usr/X11R6/bin/XFree86) can be started with or without a window manager, using the following commands: Command

Meaning

X Start X server without window manager. startx Start X server with window manager. Table 8.3: Commands for Starting the X Server

• Display managers (xdm, kdm, gdm) enable a graphical login. Important files of the display managers: – Files containing instructions that the display manager loads then starting the user interface: G /.xinitrc G /.xsession /etc/X11/xdm/sys.xsession /etc/X11/xinit/xinitrc

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

117

8 The X Window System – Configuration file for xdm: /etc/X11/xdm/xdm-config – Configuration files for kdm (KDE): /etc/opt/kde3/share/config/kdm/kdmrc /opt/kde3/share/config/kdm/kdmrc – Configuration file for gdm (GNOME): /etc/opt/gnome2/gdm/gdm.conf • Several X servers can be started on one machine. For example, you can start a second X server from a text console with startx -- :1. • Upon start-up, every X server creates a log file in the directory /var/log/. The log file of the first X server is /var/log/XFree86.0.log. • The following applications provide protection against unauthorized access: – xhost (host-based access control) – xauth (key-based access control) – ssh (network access via secure shell) • The following tools can be used to configure the X server: – SaX2 – xf86config – vidtune • Important files of the X server: File

Meaning X server configuration file Contains default values for some X applications Link to G /.Xdefaults Table 8.4: Files of the X Server

/etc/X11/XF86Config G /.Xdefaults

G

118

/.Xresources

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

9 Printing Learning Aims In this chapter, you will learn • about the functions of the print system in a multiuser environment • the standard print system CUPS (Common Unix Printing System) • how to administer queues • how print data are filtered and converted • how to start and stop the print service • how to configure a local printer with YaST • other ways to configure the printer (web frontend, program lpadmin) • the configuration file of the printer daemon cupsd, the log file, and other important files • how to generate, list, or delete a print job • how to configure, stop, and reactivate queues • how to set queues to reject and accept print jobs

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

119

9 Printing

9.1 Basics Addressing a printer under Linux is a complex operation, because in a multiuser system several users may submit jobs to a printer at the same time. Furthermore, the data is not sent directly to the printer, but is first converted to a printer-specific format.1 Several programs are inserted between the user and the printer for the organization of the printing process. In the case of the default printing system of the SUSE LINUX Enterprise Server, CUPS (Common Unix Printing System), the following sequence of events happens between submitting a print job and getting the actual printout on the printer: 1. The print job is created by a user or a program. 2. The file to print is saved in a queue. This creates two files for the print job in the directory /var/spool/cups. One of the files contains the data to print and the other contains information about the print job, for instance, who submitted the print job and which printer is addressed. 3. The printer daemon cupsd collects the file to print from the queue, determines the type of the data to print, and converts it to the printer-specific format. Afterwards, the data is transmitted to the printer. 4. The printer receives the data and prints it. When the print job is ended — it has been transmitted completely to the printer — it will be removed from the queue. This sequence of events ensures that a user may submit print jobs at any time and, at the same time, that he will not be bothered with the actual processing. Moreover, the queue principle ensures, among other things, that the print jobs are processed one after the other and no job is lost. In that context, the queues function as intermediate storage, enabling uninterrupted work on the computer and the submission of several print jobs to a queue.

1 Standard printer languages include ASCII text, PostScript (the standard printer language under Unix and Linux) PCL3, PCL5e, and ESC/P.

120

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

9.1 Basics

Filtering

file

convert to PostScript

print queue

specify the file format

filtering with pstops

Post− Script

convert to printer language

printer language

Post− Script

Post− Script printer

spec. printer

another printer

Ghost− script

language

Figure 9.1: The Print Filtering Process

9.1.1

The cupsd Printer Daemon

The printer daemon cupsd is a background process and is started at system start-up by the script /etc/init.d/cups . Its configuration file is /etc/cups/cupsd.conf. The user root may start or stop the printer daemon manually with the following commands: /etc/init.d/cups start or rccups start /etc/init.d/cups stop or rccups stop The command /etc/init.d/cups reload or rccups reload can be used during runtime to reread changes made manually to the configuration file /etc/cups/cupsd.conf. The tasks of the printer daemon are, in particular, the administration of the local queues (for details about queues, see page 123) and the filtering or conversion of the data to print to the printer-specific format: Administration of the Queues • cupsd gets the submitted print jobs from the queue and sends them to the printer. • The daemon is responsible for an orderly execution of the print jobs. • It controls the state of the queues and displays information about it, if queried.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

121

9 Printing

9.1.2 Filtering or Converting the Data to Print The filtering or converting the data to print proceeds in the following way: 1. Conversion to PostScript: (a) The data type is determined with the help of /etc/cups/mime.types. (b) The data is converted to PostScript by means of the tool specified in /etc/cups/mime.convs. 2. Accounting: After that, the number of pages is determined with the tool pstops (/usr/lib/cups/filter/pstops). The number of pages is written into the file /var/log/cups/page_log. If necessary, further filtering functions of pstops are enabled, depending on which options were chosen for the printing, for example, if only particular pages should be printed (the psselect option of pstops) or if several pages should appear on one sheet of paper (the ps-n-up option of pstops). 3. Conversion to printer-specific format: The PPD (PostScript Printer Descriptions) files in /etc/cups/ppd/ define how the conversion is to take place. • Non-PostScript printers: To print data on a non-PostScript printer, a filter is started that converts the data into the printer-specific format, for example, /usr/lib/cups/filter/cupsomatic, which calls Ghostscript. The entry *cupsFilter in a printer-specific PPD file in the directory /etc/cups/ppd/ determines the filter to be used. That filter processes all device-dependent print options, such as resolution and paper size. • PostScript printers: PPD files for PostScript printer do not have an *cupsFilter entry. The data do not need to be converted. The PPD file contains printer-specific parameters such as the resolution, PostScript level, and paper size. 4. Output on printer: To print the data on the printer itself, an additional filter is started, depending on how the printer is connected. Those filters are contained in the directory /usr/lib/cups/backend. tux@earth:~ > ls /usr/lib/cups/backend/ . .. canon epson http ipp lpd parallel

122

serial

socket

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

usb

9.2 Configuration of a Local Printer

9.2

Configuration of a Local Printer

A printer may be connected to a Linux system via the parallel, serial, or USB port. Accordingly, the particular “back-end” filter, parallel, serial, or usb, in the directory /usr/lib/cups/backend is started (compare to point 4 on the preceding page above). The configuration of a local printer is best done with YaST2. The printer configuration may be started • either through the YaST2 module yast2

W

Hardware

W

Printer

• or by entering the following commands on a text console: earth:~ # yast2 printer

YaST2 looks for the connected printer and tries to determine the printer model. The result is displayed. That “found” printer may be configured by choosing Configure. If Quick automatic setup has been chosen, all queues that are possible for that printer will be configured, for example, lp (as default queue for black-and-white printing) and color (as queue for color printing). They are displayed in the next window. Those queues are used to address a printer. A print job is not sent to a printer, but to a particular queue of a printer. For that reason, the specification of several queues for a printer is sensible, for instance, if the printer is a color printer and should be used to print both text (black-and-white printing) and graphics (color printing). For some printers, the configuration with Quick automatic setup is not available. In such a case, choose Normal setup with option to change values. A window opens in which to enter the name of the print queue (for the default queue, lp), the description of the printer, and its location. YaST2 already displays entries that, in most cases, do not need to be changed. After that, the configuration of the queue follows. There are several printer drivers listed from which to select, for instance, for black-and-white printing (e.g., monochrome 720dpi) or for color printing (e.g., color 720dpi). The options for the queue, such as resolution and paper size, may be specified under Advanced settings. Additionally, it is possible • to specify access restrictions for particular users, • to determine the status of the queue (printing or not, receive print jobs or not), and • to define banners for the starting and for the last page.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

123

9 Printing Those settings are written into the file /etc/cups/printers.conf, in which the queues configured by YaST2 are listed. An entry for a queue starts with and ends with . # Printer configuration file for CUPS v1.1.15 # Written by cupsd on Fre 30 Aug 2002 12:17:27 GMT Info EPSON Stylus COLOR 670 Location USB printer on /dev/usb/lp0 DeviceURI usb:/dev/usb/lp0 State Idle Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 ... ... Info EPSON Stylus COLOR 670 Location USB printer on /dev/usb/lp0 DeviceURI usb:/dev/usb/lp0 State Idle Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 ...

Each queue has its own configuration file. Those files are contained in the directory /etc/cups/ppd, for example, color.ppd and lp.ppd. Those files contain information, such as the resolution or the paper size, used when printing over the queue. The names of the individual queues are contained in the file /etc/printcap2 . This file is automatically created or updated. # This file was automatically generated by cupsd(1m) from the # /etc/cups/printers.conf file. All changes to this file # will be lost. best: color: high: lp: photo:

Those entries are of importance for particular applications (e.g., OpenOffice.org) that display the entries of /etc/printcap in your printer dialog window. For that reason, this 2 In case of the LPRng printing system, this file contains the queues, comparable to the entries in /etc/cups/printers.conf.

124

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

9.3 Print Commands file must not be changed manually. Apart from YaST, there are a number of other ways to configure the printer: • Printer configuration with YaST (the printer module can be started with: yast printer or yast2 printer) • Configuration via the CUPS web front-end: http://localhost:631 • Configuration from the command line: lpadmin • Manual editing of the configuration files

Exercise: Configuring Printers • Configure a printer queue s that you can print on the trainer’s printer. Follow the instructions of the trainer. • Print the YaST test page.

9.3

Print Commands

CUPS provides two kinds of commands: Berkeley3 and System V. The System V commands may also be used to configure queues (see Section 9.3.4 on page 127).

9.3.1

Submitting a Print Job: lpr, lp

Berkeley: lpr -P queue file System V: lp -d queue file Example: tux@earth:~ > lpr -P color chart.ps

or tux@earth:~ > lp -d color chart.ps

The file chart.ps is printed over the queue color. The parameter -o may be used to specify options regarding the printout.

3 The

Berkeley commands are the commands known from the printing system LPRng.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

125

9 Printing

tux@earth:~ > lpr -P lp -o duplex=none order.ps

or tux@earth:~ > lp -d lp -o duplex=none order.ps

The file order.ps is submitted to the queue lp and the duplex function of the printer is disabled for the printout (duplex=none). Information about the commands can be found • with man lpr and man lp, • under /usr/share/doc/packages/cups/sum.html#USING_SYSTEM or • /usr/share/doc/packages/cups/sum.html#STANDARD_PARAMETER

9.3.2 Displaying Print Jobs: lpq, lpstat Berkeley: lpq -P queue System V: lpstat -o queue If no queue was specified, all queues are displayed. Here, lpstat -o displays the active print jobs in the following way: queue-jobnumber More information becomes available with: lpstat -l -o queue -p queue All available information is displayed with: lpstat -t or lpstat -l -t Information about the commands can be found • with man lpq and man lpstat, and • under /usr/share/doc/packages/cups/sum.html#USING_SYSTEM

9.3.3 Canceling Print Jobs: lprm, cancel Berkeley: lprm -P queue job_no System V: cancel queue-job_no Information about the commands can be found • with man lpq and man lpstat and • under /usr/share/doc/packages/cups/sum.html#USING_SYSTEM

126

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

9.3 Print Commands

9.3.4

Configuration of a Queue: lpoptions

The printer-specific options to determine the kind of the printout are specified in the PPD file (in the directory /etc/cups/ppd) belonging to a queue. Every user may display the options with the command: lpoptions -p queue -l The output has the following structure: option/text:

value value value ...

An example may appear as follows: PageSize/Page Size: A3 *A4 A5 Legal Letter Resolution/Resolution: 150 *300 600

The character “*” in front of a value indicates the current setting. In the example above the paper format is set to A4 and the resolution to 300 dpi. The options of a queue can be changed with the following command: lpoptions -p queue -o option=value For example, to change the paper format for the queue lp to Letter, enter: lpoptions -p lp -o PageSize=Letter

Which users these new settings affect depends on who enters them: • If a normal user (e.g., tux) enters that command, the change only affects himself and will be saved in the file .lpoptions in his home directory. • If root enters the command, the settings will become preferences for every user on the local computer and they will be saved in the file /etc/cups/lpoptions. The corresponding PPD file will remain unchanged. Hardware-independent standard options regarding the kind of printout are described in /usr/share/doc/packages/cups/sum.html#STANDARD_OPTIONS. Information about saving options can be found in /usr/share/doc/packages/cups/sum.html#SAVING_OPTIONS.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

127

9 Printing

9.4 Printer Administration 9.4.1 Managing Printer Queues To disable printing on a queue, use the command /usr/bin/disable queue. Subsequently, print jobs will be accepted but not printed. To enable printing on the queue, enter /usr/bin/enable queue.

Example: earth:~ # lpq lj4050 is ready no entries earth:~ # /usr/bin/disable lj4050 earth:~ # lpq lj4050 is not ready no entries

If the printer is not available for an extended period (e.g., due to repair work), print jobs can be rejected for this printer queue. This can be done with the command /usr/sbin/reject queue. The printer can be activated with /usr/sbin/accept queue . Example: earth:~ # /usr/sbin/reject lj4050 earth:~ # lpr /etc/fstab lpr: unable to print file: server-error-not-accepting-jobs earth:~ # /usr/sbin/accept lj4050 earth:~ # lpr /etc/fstab

9.4.2 Logging Error Messages Messages from the daemon cupsd are written into the file /var/log/cups/error_log. By default, only inquiries and status changes are logged in that file. If errors should be logged as well, change the LogLevel option in the configuration file of the printer daemon (/etc/cups/cupsd.conf):

128

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

9.4 Printer Administration # # LogLevel: controls the number of messages logged to the ErrorLog # file and can be one of the following: # # debug2 Log everything. # debug Log almost everything. # info Log all requests and state changes. # warn Log errors and warnings. # error Log only errors. # none Log nothing. # LogLevel debug2

A reasonable choice for the LogLevel, which ensures enough information for evaluation, is debug2. After changing the configuration file, reread it with: earth:~ # rccups reload

Summary • Printing in a multiuser system is organized by means of printer queues. • The standard print system in SUSE LINUX Enterprise Server is CUPS (Common Unix Printing System). • The printer daemon cupsd has the following functions: – Queue management: * Consecutive processing of the print jobs, * Status monitoring of the queue, – Filtering or conversion of the print data. • The main stages of the print job filtering are as follows: 1. Identification of the file type 2. If necessary, conversion to PostScript 3. Filtering pstops 4. If necessary, conversion to a printer-specific format (Ghostscript) • The print service can be started and stopped as follows: /etc/init.d/cups start or rccups start /etc/init.d/cups stop or rccups stop

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

129

9 Printing • During operation, the configuration file of /etc/cups/cupsd.conf can be reloaded with:

the

printer

daemon

/etc/init.d/cups reload or rccups reload • Local printers can be easily be configured with YaST. Other ways to configure the printer: web front-end (http://localhost:631), lpadmin. • Important files of the print system: – /etc/cups/cupsd.conf Configuration file of the printer daemon cupsd. Contains information on the queues configured by YaST. – /etc/cups/ppd/* Every queue has a /etc/cups/ppd/.

separate

configuration

file

in

the

directory

– /etc/printcap This file contains the names of the configured queues that appear in the printer selection dialog of certain applications (e.g., OpenOffice.org). – /var/log/cups/error_log Errors of the CUPS daemon are logged in this file. • Print jobs can be – generated with lp or lpr, – listed with lpq or lpstat, – deleted with lprm or cancel. • Queues can be – configured with lpoptions, – disabled with /usr/bin/disable /usr/bin/enable,

and

enabled

with

– set to reject print jobs with /usr/bin/reject and to accept print jobs with /usr/bin/accept. • Important print commands are:

130

Command

Meaning

cancel lp lpoptions

Removes print jobs. Creates a print job. Configures queues.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

9.4 Printer Administration Command

Meaning

lpq Displays print jobs. lpr Creates a print job. lprm Removes print jobs. lpstat Displays print jobs. Table 9.1: Commands for Printing in Linux

• Commands for administering printer queues: Command

Meaning

Sets queue to accept print jobs after it was set to reject print jobs with reject. /usr/bin/disable Disables a queue. /usr/bin/enable Enables a queue that was disabled. /usr/bin/reject Sets queue to reject print jobs. Table 9.2: Commands for Administering Printer Queues /usr/bin/accept

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

131

9 Printing

132

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

10 Rescue System Learning Aims In this chapter, you will learn • how to detect the causes of interruptions to the boot process • about the use of the SUSE rescue system and how to access the installed system from there • how to boot directly to a shell • how to carry out a file system check

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

133

10 Rescue System

10.1 Possible Causes of Interruption of the Boot Process There is a variety of circumstances that could lead to the system no longer booting. The boot procedure could be interrupted at various points, depending on the cause. The boot manager GRUB is loaded in the first step of the boot process. If the boot manager is damaged, problems will be already encountered at that stage. In such a case, the system should be started from a CD. GRUB must be reinstalled (see Section 10.2). The boot manager will load the kernel into the memory. If a new kernel should be installed, a corresponding entry must be written into /boot/grub/menu.lst. It may also happen that a self-compiled kernel does not contain all necessary modules and the load attempt will end with a “kernel panic”. Here, it is recommended to use the same approach as for problems with GRUB or, if available, another kernel should be used to access the system. If the kernel is loaded, the root file system is mounted. If there is an error in the file system, the booting process is interrupted at this point. Then it is necessary to start the SUSE rescue system (see Section 10.3 on the facing page) and repair the file system with e2fsck or reiserfsck (see Section 10.5 on page 137). The last step of the boot procedure is the running of init (/sbin/init). Here, various scripts are run that, among other things, mount further partitions. If one of the central configuration files of the system (e.g., /etc/inittab or /etc/fstab) is faulty, the boot process will break off at this point. Here, the rescue system must also be used (see Section 10.3 on the facing page) or you must boot directly into a shell (see Section 10.4 on page 137). The same procedure is recommended if the root password has been forgotten and needs to be changed.

10.2 Booting from CD Then Accessing Installed System The SUSE LINUX Enterprise Server contains a bootable CD. YaST2 can create a boot disk for systems that are not able to boot from a CD (see Section 10.3 on the facing page). This CD enables access to the installed system in case the boot loader GRUB or the installed kernel are defective and the system no longer boots. In this case, proceed as during the installation, but select Boot installed system instead of New installation. In this way, the installed system is not started with the kernel installed on the hard disk but with the kernel on the CD. Now access to the installed system should be possible. For example, if GRUB is defective and does not start, use the following command: earth:~ # grub --batch
That will reinstall the boot manager GRUB.

134

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

10.3 The SUSE Rescue System If the system mistakenly boots from the CD because you left the CD in the drive, you can select the entry Boot Installed OS. In this way, you will be taken to the normal boot prompt and do not need to restart the machine in order to boot from the hard disk.

Exercise: Booting the System from CD 1. Create a backup copy of the current kernel: cp /boot/vmlinuz /boot/vmlinuz.bak 2. Now overwrite the data blocks of the current kernel by copying any file to /boot/vmlinuz, for example: cp /etc/grub.conf /boot/vmlinuz 3. Try to reboot the system. 4. If this is not successful, boot from CD then load the installed system. 5. Rename the backup copy of the kernel to vmlinuz: mv /boot/vmlinuz.bak /boot/vmlinuz 6. Test, by rebooting, if the system can now be booted again normally.

10.3

The SUSE Rescue System

The SUSE rescue system makes a standard system available that is loaded entirely from an external medium (floppy disk or CD). The rescue floppy disk is not included in the SUSE LINUX Enterprise Server, so you must create it yourself. The easiest way to do this Create boot, rescue or module is with YaST2 via the module System W floppy disk. To start the rescue system, select the menu entry Rescue System when booting from CD. The rescue system is loaded entirely to the main memory of the system. To achieve this, the file system (the most important directories with some basic programs) is written to a RAM disk in memory. This can be easily checked after the rescue system has started, using df: Rescue:~ # df -h Filesystem /dev/root shmfs

Size 18M 234M

Used 17M 0

Avail 1.0M 234M

Use% 95% 0%

Mounted on / /dev/shm

Six text consoles are available in the rescue system on which you can login as root without having to give a password. On the tenth console (this can be reached via XY Ctrl[Z XY AltZ[ XY F10Z[ ) messages from the kernel and syslog daemons are displayed, as with “normal” systems. In the file system, which is loaded entirely from the boot medium, you will find all the standard applications needed for a system recovery (e.g., /bin/bash, /bin/mount,

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

135

10 Rescue System /sbin/fdisk, /sbin/e2fsck, /sbin/reiserfsck, /usr/bin/vi, and /usr/bin/telnet). To gain access to the installed system, first mount the relevant partitions (the root partition of the installed system), for example: mount /dev/hda3 /mnt

mounts partition 3 so it can be addressed via the mount point /mnt in the rescue system. If this mounting fails, check the file system (see Section 10.5 on the next page). If configuration files in the installed system need to be changed or if a new root password should be set, the command chroot is useful here. With chroot, a new root directory is created for the commands subsequently issued. The following example allows you to change the root password of the installed system (the root partition of the installed system is mounted at /mnt): Rescue:~ # chroot /mnt passwd New password: Re-enter new password: Password changed Rescue:~ #

By running chroot /directory, a subshell is opened with a chroot environment. Now several commands can be executed in this changed environment. With exit, return to the original environment. In this way, the file /etc/fstab of the installed system is changed in the following example: Rescue:~ Rescue:/ ... Rescue:/ Rescue:~

# chroot /mnt # vi /etc/fstab # exit #

After the file system has been repaired with e2fsck or reiserfsck or the faulty configuration files have been corrected, it should be possible to reboot the system.

Exercise: SUSE Rescue System 1. Start the SUSE rescue system from CD. 2. Mount the root partition of your installed system on /mnt. 3. Change the root password. 4. Reboot the system.

136

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

10.4 Booting in a Shell

10.4

Booting in a Shell

The following entries are displayed in the GRUB menu at system start-up: Linux floppy Linux - Safe Settings

If Linux is selected, the options applied at boot time are shown in the field boot options. Here, add the parameter init=/bin/bash to start directly in a shell: root=/dev/hda1 vga=791 init=/bin/bash

You are logged in directly as the system administrator and the root partition is mounted read-only. To gain proper access to the system, the root partition should be changed to a writable state: init-2.05# mount -o remount,rw /

Now configuration files can be modified or the root password can be changed by running passwd.

Exercise: Booting in a Shell 1. Boot directly in a shell. 2. Change the root password of your installed system.

10.5

Checking the File System

Switching off the system without unmounting partitions (for example when a power cut occurs) can lead to errors in the file system. When the system is next booted, the fact that the computer was not shut down correctly is detected. Then a file system check is performed. If errors are found in the file system, the rescue system will need to be used. Depending on the file system type, either e2fsck or reiserfsck is used. These tools check the file system for a correct superblock (the block at the beginning of the partition containing information on the structure of the file system), faulty data blocks, or faulty allocation of data blocks. The most frequent problem in the ext2 file system is damage to the superblock. Here, you can first view the location of all copies of the superblock in the file system, using dumpe2fs. Then, with e2fsck, one of the backup copies is copied to the beginning of the file system. Usually a backup copy of the superblock is stored every 8192 blocks.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

137

10 Rescue System With Rescue:~ # e2fsck -f -b 8193 /dev/hda1

the superblock located at data block 8193 in the ext2 file system of the partition /dev/hda1 is copied to the beginning of the file system. With reiserfsck, the file system is subjected to a consistency check. The Journal is examined to see if certain transactions need to be repeated. With the option --fix-fixable, errors, such as wrong file sizes, are remedied directly when the file system is checked. With an error in the binary tree, it is possible to have this rebuilt using reiserfsck --rebuild-tree.

Exercise: Checking the file system 1. Start the SUSE rescue system. 2. Do a file system check on an ext2/ext3 formatted partition and on a ReiserFS formatted partition with e2fsck and reiserfsck, respectively. 3. Pay attention to the output of e2fsck and reiserfsck.

Summary • If the boot process is interrupted because of an error in GRUB or in the kernel, you can start again from a boot medium then access the installed system. • If the installed system can no longer be started, the SUSE Rescue System can be used. Here, for example, a file system check can be performed. • It is possible to boot directly to a shell, thus gaining access to the system as root. • Important commands in this chapter: Command

Meaning

chroot df

Creates a new root directory. Specifies where hard drives and their partitions or other drives are mounted in the file system, and how much space they occupy. Provides information on the state of the file system. Checks and repairs a ext2 and ext3 file system. Changes from the chroot environment back to the original environment. Reinstalls the boot manager GRUB.

dump2fs e2fsck exit grub

138

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

10.5 Checking the File System Command mount reiserfsck

Meaning Mounts a partition. Checks and repairs a Reiser file system. Table 10.1: System Rescue Commands

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

139

10 Rescue System

140

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

Appendix

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

141

A A Summary of Important Commands Detailed information on individual commands can be obtained by entering man command. alias defines a new alias name. bg continues an interrupted process in the background. boot starts the kernel in the GRUB shell. bunzip2 decompresses files compressed with bzip2. bzip2 compresses and decompresses files. cat displays the contents of a file on the standard output. cd changes to another directory. chattr changes the version of the file as well as the ext2 file system attributes. chgrp changes the group membership of files. clear deletes the contents of the screen or text console. chmod changes the access permissions of files. chown changes the owner of files. chroot creates a new root directory. chsh changes the login shell of the user. cp copies files. crontab maintains crontab files for individual users. cut cuts specific fields from all lines of a file and displays the selected areas. date prints or sets the system date and time. dd transmits data between different storage media byte-wise (floppy disk, hard drive, . . . ).

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

143

A A Summary of Important Commands debugfs is an ext2 file system debugger. depmod generates the file /etc/modules.conf. df specifies where hard drives and their partitions or other drives are mounted in the file system, and how much space they occupy. dmesg shows messages displayed by the kernel during the boot process. du provides information on the space occupied by files and directories. dumpe2fs provides information on the state of the file system. e2fsck checks and repairs a ext2 and ext3 file system. echo outputs the given string to the standard output. edquota sets up quotas. expand converts tabs to spaces. faillog displays the formatted file /var/log/faillog. fdformat carries out a low-level formatting of a floppy disk, on which a file system can then be installed (using mformat or mkfs). fdisk partitions a hard drive. file determines the file type, such as text file, HTML document. find searches for files. fmt is a simple text formatter, which formats the content of a text file or of the standard input paragraph by paragraph. fsck checks the consistency of the file system and carries out repairs if necessary. gpasswd allocates a password to a group or changes it. Groups can also be managed with this command. grep searches through one or more files for a string and displays the matching lines. groupadd creates a new group. groupdel deletes an existing group. groupmod modifies a group. groups provides a user with information on his group memberships.

144

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

A A Summary of Important Commands grub starts the GRUB shell while the system is running, reinstalls the boot manager GRUB. gunzip decompresses files compressed with gzip. gzip compresses or decompresses files. halt ends all processes currently running. head displays the beginning of a file to stout (by default, 10 lines). history lists the last commands carried out. id provides a user with information on his UID and his group membership. info starts the online help system with the same name. insmod loads a module into the kernel. insserv creates symbolic links in the directories /etc/init.d/rcrl.d. ipchains is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel 2.2. iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel 2.4.0 or newer. join joins the lines of two (alphabetically) sorted files using key fields. kill passes on signals to processes (the PID is specified). killall passes on signals to processes (the command name of the process is specified).

less displays files page by page to stdout aus, and can also display the contents of compressed files. lilo reads changes done in the LILO configuration file /etc/lilo.conf. ln creates links. locate searches a previously created database for files. lp sends off a print job. lpc manages the print queue. lpq displays print jobs. lpr sends off a print job.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

145

A A Summary of Important Commands lprm removes a print job from the queue. ls lists the contents of a directory. lsattr displays the state of the ext2 file system attributes. lsmod lists the kernel modules. lsof lists open files. man displays online information for a given command. mkdir creates one or more directories. mke2fs creates an ext2 or ext3 file system. mkfifo generates a FIFO file. mkfs creates a file system on a storage medium. mknod sets up a new device file in the directory /dev. mkreiserfs creates a file system in the Reiser file system format. modprobe loads a module into the kernel, taking into account module dependencies. more displays files page by page to stdout. Does not have as many functions as less. mount mounts a file system. mt used to work with magnetic tapes. mv moves a file to a different directory or renames a file. newgrp changes the effective group. nice starts a process with a changed priority (by setting the nice value). nl numbers the lines of a file. nohup starts a process or program, which continues running after logout. od displays files in octal, decimal or hexadecimal format (octal dump). passwd allocates the user a password or changes it. paste adds the lines of several files together horizontally. poweroff ensures an immediate, controlled system halt.

146

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

A A Summary of Important Commands pr formats text files for printing and prints the pages with a header (date, time, file name, number of pages). ps lists processes. pstree displays currently running processes in the form of a process tree. pwck checks the integrity of data in the files /etc/passwd and /etc/shadow. pwconv synchronizes the entries in the files /etc/passwd and /etc/shadow. pwd specifies the path of the current directory. quotacheck initializes the quota system. quotaoff disables the quota system. quotaon enables the quota system. reboot ends all running processes and then reboots the computer. reiserfsck checks and repairs a Reiser file system. renice changes the priority of running process (sets a new nice value). repquota lists the quotas used. rm deletes one or more files. rmdir deletes one or more empty directories. rmmod removes a module from the kernel. rpm manages packages in the RPM format. rsync creates copies of entire directories on a different host or mirrors directories locally.

set displays all variables known to the shell. shutdown shuts down the Linux system. sort sorts lines of a text file alphabetically according to fields. Sorted files can also be joined into one single file. split splits a file into several smaller files. su allows you to change to the UID of another user. sudo allows a normal user to carry out root commands.

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

147

A A Summary of Important Commands SuSEconfig transfers changes to the file /etc/sysconfig to the individual program-specific configuration files. tac displays files, whereby the last field is shown first (the reverse of cat). tail displays the end of a file to stdout (by default, 10 lines). tar generates or unpacks an archive consisting of a number of files and/or directories. tee branches the output to stdout and at the same time to one or more files. top lists processes according to computer time used. touch changes the timestamp of a file or creates a new file with a size of 0 bytes. tr replaces or deletes characters from the standard input and writes to the standard output. tune2fs adjusts tunable file system parameters on an ext2 file system. umask puts limitations on access modes for newly created files and directories. umount removes a device file from the file system. unalias removes an alias name. uname shows the name of the operating system (Linux). unexpand converts spaces to tabs. uniq removes duplicate lines from a sorted file. unset deletes a shell variable. useradd creates a new user. userdel deletes a user. usermod changes the user account. wc shows the number of characters, words and lines. whereis locates the binary, source, and manual page files for a command. which shows the full path of (shell) commands. whoami shows as which user you are currently logged in to the system. zcat displays the decompressed content of a file compressed with gzip on the standard output.

148

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

B Abbreviations AES Advanced Encryption Standard AIX Advanced IBM Unix ASCII American Standard Code for Information Interchange AT&T American Telephone & Telegraph Company Bash Bourne Again Shell BIOS Basic Input/Output System BSD Berkeley Software Distribution BSDI Berkeley Software Design, Inc. CDB Component Database CDE Common Desktop Enviroment CD-ROM Compact Disk - Read Only Memory CERN Conseil European pour la Recherché Nucleaire CPU Central Processing Unit CUPS Common Unix Printing System Daemon Disk And Execution Monitor DAT Digital Audio Disc DEC Digital Equipment Corporation DES Data Encryption Standard DOS Disk Operating System DPMS Display Power Management System EFF Electronic Frontier Foundation FAQ Frequently Asked Question

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

149

B Abbreviations FAT File Allocation Table FHS Filesystem Hierarchy Standard FIFO First In First Out FFS Fast Filing System (BSD) FSF Free Software Foundation GCC GNU C Compiler GDM GNOME Display Manager GE General Electrics GID Group ID GNOME GNU Network Object Model Environment GNU GNU is Not UNIX GRUB Grand Unified Bootloader GPL GNU General Public License HP Hewlett-Packard HPFS High Performance File System HTML Hypertext Markup Language HTTP Hyper Text Transfer Protocol I20 Intelligent Input/Output Technology IDE Integrated Drive Electronics IEEE The Institute of Electrical and Electronics Engineers IRIX Silocon Graphics Unix-like Operating System JFS Journaled File System KDE “K” Desktop Environment KDM KDE Display Manager LDP Linux Documentation Project LGPL GNU Lesser General Public License

150

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

B Abbreviations LILO Linux Loader LPR Line Printer LPRng Line Printer next generation MAC Medium Access Control MBR Master Boot Record MIT Massachusetts Institute of Technology MPL Mozilla Public License MTBF Mean Time Between Failure MWM Motif Window Manager NCP Netware Core Protocol NFS Network File System NIST National Institute of Standards and Technology NTFS New Technology File System (Microsoft Windows NT/2000/XP) PAM Pluggable Authentication Modules PARC Palo Alto Research Center PGP Pretty Good Privacy PID Process Identification PPD PostScript Printer Definition/Description PPID Parent Process Identification QPL Q Public License RAM Random Access Memory RFC Request for Comments RPM RedHat Package Manager SaX SUSE advanced X configuration SAN Storage Area Network SANE Scanner Access Now Easy

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

151

B Abbreviations SCO The Santa Cruz Operation, Inc. SCSI Small Computer System Interface SGID Set Group ID SMB Server Message Block SSH Secure Shell SUID Set User ID TTY Teletype TWM Tab Window Manager UID User ID UPS Uninterruptible Power Supply USB Universal Serial Bus USL Unix System Laboratories VFAT Virtual File Allocation Table VFS Virtual Filesystem Switch Vim Vi Improved WWW World Wide Web XDM X Window Display Manager XFS Extended File System YaST Yet Another Setup Tool

152

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

Index symbols

\

/.Xauthority . . . . 114 \ /.Xdefaults . . . . . 117 \ /.Xresources . . . . 117 \ /.lpoptions . . . . . 127 \ /.xinitrc . . . 112, 114 \ /.xsession . . . . . . 112 /boot/ . . . . . . . . . . . . . . . 38 /boot/grub/ menu.lst . . . 39, 134 /boot/initrd . . . . . . 47 /boot/vmlinuz . . . . . 41 /dev/nrmt0 . . . . . . . . . 86 /dev/nst0 . . . . . . . 86, 87 /dev/rmt0 . . . . . . . . . . . 86 /dev/st0 . . . . . . . . . . . . 86 /etc/X11/ XF86Config . . . . 117 /etc/X11/xdm/ . . . . 112 /etc/X11/xdm/ sys.xsession . 112 /etc/X11/xdm/ xdm-config 112, 113 /etc/X11/xinit/ xinitrc . . . . . . . . 112 /etc/cron.d/ . . . . . . 88 /etc/cron.daily/ . 88 /etc/cron.hourly/ 88 /etc/cron.monthly/ . 88 /etc/cron.weekly/ 88 /etc/crontab . . . . . . 88 /etc/cups/ cupsd.conf 121, 128

/etc/cups/ lpoptions . . . . . 127 /etc/cups/ mime.convs . . . . 122 /etc/cups/ mime.types . . . . 122 /etc/cups/ppd/ . . . 124 /etc/cups/ printers.conf 124 /etc/fstab . 30, 98, 134, 136 /etc/group . . . . . . . . . . 7 /etc/gshadow . . . . . . . . 8 /etc/init.d/ . . 47, 50, 51, 53 /etc/init.d/boot 52, 100 /etc/init.d/ boot.d/ . . . . . . . . . 52 /etc/init.d/boot.local 52 /etc/init.d/cups 121 /etc/init.d/halt . 52 /etc/init.d/rc 50, 52, 53 /etc/init.d/reboot . 52 /etc/init.d/ skeleton . . . . . . . . 51 /etc/inittab . . 47, 49, 53, 134 /etc/lilo.conf . . . . 42 /etc/login.defs . . 19, 28

/etc/logrotate.conf 71, 72 /etc/logrotate.d/ . . 71, 72 /etc/logrotate.d/ aaa_base . . . . . . . . 71 /etc/logrotate.d/ syslog . . . . . . . . . . . 72 /etc/modules.conf . . 100, 101 /etc/nologin . . . . . . 27 /etc/opt/gnome2/ gdm/ . . . . . . . . . . . . 112 /etc/opt/gnome2/ gdm/gdm.conf . 112 /etc/opt/kde3/ share/config/ kdm/ . . . . . . . . . . . . 112 /etc/opt/kde3/ share/config/ kdm/kdmrc . . . . . 112 /etc/pam.d/ . . . . . . . . 26 /etc/pam.d/login . 27 /etc/passwd . . . 4, 6, 12 /etc/printcap . . . . 124 /etc/securetty . . . . 27 /etc/shadow . . . 5, 6, 12 /etc/shells . . . . . . . . . 5 /etc/skel/ . . . . . . . . . 13 /etc/sudoers . . . . . . 24 /etc/sysconfig/ . . 62 /etc/sysconfig/ displaymanager . . 113

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

153

Index /etc/sysconfig/ syslog . . . . . . . . . . . 69 /etc/syslog.conf 66, 67 /lib/modules/ . . . . . 99 /mnt/ . . . . . . . . . . . . . . . 136 /opt/kde3/share/ config/kdm/kdmrc 112 /sbin/ . . . . . . . . . . . . . . . 51 /sbin/init . . . . . . . . . 47 /usr/X11R6/lib/ X11/xinit/ xinitrc . . . . . . . . 112 /usr/bin/disable 128 /usr/bin/enable . 128 /usr/lib/cups/ backend/ . . . . . . . 122 /usr/sbin/ . . . . . . . . . 51 /usr/sbin/accept 128 /usr/sbin/reject 128 /var/lock/ . . . . . . . . . 52 /var/log/boot.msg 70 /var/log/cups/ error_log . . . . . 128 /var/log/cups/ page_log . . . . . . . 122 /var/log/faillog . 28 /var/log/lastlog . 19 /var/log/mail . . . . . 70 /var/log/messages 70 /var/log/news/ . . . . 70 /var/log/wtmp . . . . . 70 /var/spool/cron/ tabs/ . . . . . . . . . . . . 88

A abbreviations . . . . . . . . . 149 accounts . . . . . . . . . . . . . . . . 9 adding hard disk . . . . . . . . 92 alias . . . . . . . . . . . . . . . 143 alias instructions . . . . 101 aquota.group . . . . . . 30 aquota.user . . . . . . . . 30 at . . . . . . . . . . . . . . . . . . . . 66 automating tasks . . . . . . . 88

154

B backup tapes . . . . . . . . . . . 79 bash . . . . . . . . . . . . . . . . 136 bg . . . . . . . . . . . . . . . . . . . 143 BIOS . . . . . . . . . . . . . . . . . . 47 boot . . . . . . . . . . . . . 42, 143 booting in a shell . . . . . . 137 boot loader . . . . . . . . . . . . 38 boot manager . . . . . . . . . . 38 boot procedure . . . . . . . . 134 bunzip2 . . . . . . . . . 83, 143 bzip2 . . . . . . . . . . . 83, 143

C cancel . . . . . . . . . . . . . 126 cat . . . . . . . . . . . . . . 81, 143 categories . . . . . . . . . . . . . . 66 cd . . . . . . . . . . . . . . . . . . . 143 chage . . . . . . . . . . . . . . . . 18 change partition type . . . . 95 chattr . . . . . . . . . . . . . 143 chgrp . . . . . . . . . . . . . . . 143 chmod . . . . . . . . . . . . . . . 143 chown . . . . . . . . . . . . . . . 143 chroot . . . . . . . . . 136, 143 chsh . . . . . . . . . . . . . . 5, 143 clear . . . . . . . . . . . . . . . 143 client application . . . . . . 104 compressing data . . . . . . . 82 cp . . . . . . . . . . . . . . . . . . . 143 create boot disk . . . . . . . . 86 cron . . . . . . . . . . . . . . 66, 88 crontab . . . . . . . . . 88, 143 CUPS . . . . . . . . . . . . . . . . 120 filtering . . . . . . . . . . . . 122 logging . . . . . . . . . . . . . 128 cupsd . . . . . . . . . . 120, 121 cut . . . . . . . . . . . . . . . . . . 143

D data backup . . . . . . . . . . . . 78 date . . . . . . . . . . . . . . . . 143 dd . . . . . . . . . . . . . . . . 85, 143 debugfs . . . . . . . . . . . . 144 decompressing data . . . . . 82 depmod . . . . . . . . . 100, 144 df . . . . . . . . . . . 73, 135, 144

display manager . . . . . . . . . . . . 112 name . . . . . . . . . . . . . . . 105 number . . . . . . . . . . . . . 106 DISPLAY, variable . . . 106, 107 dmesg . . . . . . . . . . . 70, 144 du . . . . . . . . . . . . . . . . 73, 144 dump . . . . . . . . . . . . . . . . . 99 dumpe2fs . . . . . . 137, 144

E e2fsck 134, 136, 137, 144 echo . . . . . . . . . . . . . . . . 144 edquota . . . . . . . . . 31, 144 exit . . . . . . . . . . . . . . . . 136 expand . . . . . . . . . . . . . 144 ext2 file system . . . . . . . . . 96 ext3 file system . . . . . . . . . 96 extended partition . . . 93, 94

F faillog . . . . . . . . . 28, 144 FAILLOG_ENAB, variable . 28 fdformat . . . . . . . . . . . 144 fdisk . . . . . . . 92, 136, 144 FIFO . . . . . . . . . . . . . . . . . . 68 file . . . . . . . . . . . . . . . . 144 file system check . . . . . . . . . . . . . . 137 create . . . . . . . . . . . . . . . 96 mount . . . . . . . . . . . . . . . 98 find . . . . . . . . . 41, 81, 144 finger . . . . . . . . . . . . . . . . 3 fmt . . . . . . . . . . . . . . . . . . 144 fsck . . . . . . . . . . . . . 99, 144

G getty . . . . . . . . . . . . . . . . 50 Ghostscript . . . . . . . . . . . 122 GID . . . . . . . . . . . . . . . . . . . . 2 gpasswd . . . . . . . . . 17, 144 grep . . . . . . . . . 12, 21, 144 groupadd . . . . . . . 16, 144 groupdel . . . . . . . 17, 144 groupmod . . . . . . . 16, 144 group quotas . . . . . . . . . . . 29

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

Index groups . . . . . . . . . . . . . . . . . . 9 groups . . . . . . . . . . . 3, 144 grub . . . . . . . . 41, 134, 145 GRUB . . . . . . . . . 38, 47, 134 configuration . . . . . . . . . 39 menu . . . . . . . . . . . . . . . 137 shell . . . . . . . . . . . . . . . . 41 gunzip . . . . . . . . . . 82, 145 gzip . . . . . . . . . . . . . 82, 145

H halt . . . . . . . . . . . . . 54, 145 hardware plug-and-play . . . . . . . . 52 head . . . . . . . . . . . . . . . . 145 hex code list . . . . . . . . . . . 95 history . . . . . . . . . . . . 145 home directory . . . . . . . . . . 5

I id . . . . . . . . . . . . . 2, 22, 145 info . . . . . . . . . . . . . . . . 145 init 49, 50, 106, 134, 137 init process . . . . . . . . . . 47 insmod . . . . . . . . . 100, 145 insserv . . . . . . . . . 51, 145 ipchains . . . . . . . . . . . 145 iptables . . . . . . . . . . . 145 isapnp . . . . . . . . . . . . . . . 52

klogd . . . . . . . . . . . . . . . . 69 kwin . . . . . . . . . . . . . . . . 104

L last . . . . . . . . . . . . . . . . . 70 lastlog . . . . . . . . . . . . . 19 less . . . . . . . . . . . . . . . . 145 lilo . . . . . . . . . . . . . 42, 145 LILO . . . . . . . . . . . . . . 38, 42 linux loader . . . . . . . . 38, 42 linuxrc . . . . . . . . . . . . . 47 ln . . . . . . . . . . . . . . . . . . . 145 locate . . . . . . . . . . . . . 145 log files . . . . . . . . . . . . 70, 71 logical partition . . . . . 93, 94 login . . . . . . . . . . . . . . . . 67 logrotate . . . . . . . . . . . 71 lp . . . . . . . . . . . . . . 125, 145 lpc . . . . . . . . . . . . . . . . . . 145 lpoptions . . . . . . . . . 127 lpq . . . . . . . . . . . . . 126, 145 lpr . . . . . . . . . . . . . 125, 145 lprm . . . . . . . . . . . . 126, 146 lpstat . . . . . . . . . . . . . 126 ls . . . . . . . . . . . . . . . . 22, 146 lsattr . . . . . . . . . . . . . 146 lsmod . . . . . . 100, 101, 146 lsof . . . . . . . . . . . . . . . . 146

M

J john . . . . . . . . . . . . . . . . . . 4 join . . . . . . . . . . . . . . . . 145

K KDE . . . . . . . . . . . . . . . . . 105 kdesu . . . . . . . . . . . . . . . . 23 kernel . . . . . . . . . . . . . . 41, 47 modules . . . . . . . . . . . . . 99 KERNEL_LOGLEVEL, variable . . . . . . . . . . . 69 kernel daemon . . . . . . . . . 52 keyboard controls . . . . . . 61 keyword grpquota . . . . . . . . . . 30 usrquota . . . . . . . . . . 30 kill . . . . . . . . . . . . . . . . 145 killall . . . . . . . . . . . . 145

magic cookie . . . . . . . . . 114 magnetic-optical drives . 78 magnetic tapes . . . . . . 78, 86 man . . . . . . . . . . . . . . . . . . 146 master boot record . . . . . . 38 MBR . . . . . . . . . . . . . . . . . . 38 messages from kernel . . . . . . . . . . 66 from mail system . . . . . 67 from news system . . . . 67 from printer system . . . 67 of uucp system . . . . . . 67 of syslog daemon . . . . . 67 mirroring directory . . . . . 84 mkdir . . . . . . . . . . . 22, 146 mke2fs . . . . . . . . . . 96, 146 mkfifo . . . . . . . . . . . . . 146

mkfs . . . . . . . . . . . . . 96, 146 mkfs.ext2 . . . . . . . . . . . 96 mkfs.ext3 . . . . . . . . . . . 96 mkfs.minix . . . . . . . . . 96 mkfs.msdos . . . . . . . . . 96 mkfs.xfs . . . . . . . . . . . . 96 mknod . . . . . . . . . . . . . . . 146 mkreiserfs . . . . . 97, 146 modelines . . . . . . . . . . . . 116 modprobe . . . . . . 100, 146 MO drives . . . . . . . . . . . . . 78 modules . . . . . . . . . . . . . . . 99 load . . . . . . . . . . . . . . . . 100 remove . . . . . . . . . . . . . 100 modules.dep . . . . . . . 100 more . . . . . . . . . . . . . . . . 146 mount . . . 30, 98, 136, 137, 146 mount point . . . . . . . 98, 136 mt . . . . . . . . . . . . . . . . 86, 146 multiuser mode . . . . . . . . . 48 mv . . . . . . . . . . . . . . . . . . . 146 mwm . . . . . . . . . . . . . . . . . . 104

N named pipe . . . . . . . . . . . . 68 ncurses . . . . . . . . . . . . . . . . 60 newgrp . . . . . . . . 8, 22, 146 newusers . . . . . . . . . . . . 18 NFS . . . . . . . . . . . . . . . . . . . 48 nice . . . . . . . . . . . . . . . . 146 nl . . . . . . . . . . . . . . . . . . . 146 nohup . . . . . . . . . . . . . . . 146 no rewind mode . . . . . . . . 86

O od . . . . . . . . . . . . . . . . . . . 146 options instructions . 101

P PAM . . . . . . . . . . . . . . . . . . 66 pam_nologin.so . . . . 27 pam_securetty.so . 27 partitions . . . . . . . . . . . . . . 93 partition table . . . . . . . . . . 93 passwd . . . . . . 14, 137, 146 password . . . . . . . . . . . . . . . 5 passwords . . . . . . . . . . . . . 10

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

155

Index password settings . . . . . . . 10 paste . . . . . . . . . . . . . . . 146 PostScript . . . . . . . . . . . . 122 poweroff . . . . . . . 54, 146 pppd . . . . . . . . . . . . . . . . . 66 pr . . . . . . . . . . . . . . . . . . . 147 primary partition . . . . . . . 93 printer commands . . . . . . . . . . 125 configuration . . . . . . . 123 daemon . . . . . . . . . . . . 121 queue . . . . . . . . . . . . . . 123 printing . . . . . . . . . . . . . . 120 print job canceling . . . . . . . . . . . 126 displaying . . . . . . . . . . 126 submitting . . . . . . . . . . 125 priority . . . . . . . . . . . . . 67, 69 ps . . . . . . . . . . . . . . . . . . . 147 pstops . . . . . . . . . . . . . 122 pstree . . . . . . . . . . . . . 147 pwck . . . . . . . . . . . . . . 7, 147 pwconv . . . . . . . . . . . 7, 147 pwd . . . . . . . . . . . . . . . . . . 147

Q queue . . . . . . . . . . . . . . . . 120 configuration . . . . . . . 127 quota . . . . . . . . . . . . . . . . . . 29 quota . . . . . . . . . . . . . 29, 32 quota.group . . . . . . . . 30 quota.user . . . . . . . . . 30 quotacheck . . . . . 30, 147 quotad . . . . . . . . . . . . . . . 32 quotaoff . . . . . . . 32, 147 quotaon . . . . . . . . . 32, 147

R RAM disk . . . . . . . . . . . . . 47 reboot . . . . . . . 52, 54, 147 reiserfsck . . . . . . . 134, 136–138, 147 renice . . . . . . . . . . . . . 147 repquota . . . . . . . 32, 147 rescue floppy disk . . . . . 135 rescue system . . . . . . . . . 135 rm . . . . . . . . . . . . . . . . . . . 147

156

rmdir . . . . . . . . . . . . . . . 147 rmmod . . . . . . . . . . 100, 147 rpm . . . . . . . . . . . . . . . . . . 147 rsync . . . . . . . . . . . 84, 147 runlevel . . . . . . . . . . . . . . . 47 changing . . . . . . . . . . . . 53

S SAN . . . . . . . . . . . . . . . . . . 78 sax2 . . . . . . . . . . . . . . . . 116 SaX2 . . . . . . . . . . . . . . . . . 116 screen number . . . . . . . . 106 secure shell . . . . . . . . . . . 115 set . . . . . . . . . . . . . . . . . . 147 set root passwort . . . . . . 136 shared libraries . . . . . . . . . 25 shutdown . . . . . . . 54, 147 SIGKILL, signal . . . . . . . 47 sort . . . . . . . . . . . . . . . . 147 split . . . . . . . . . . . . . . . 147 ssh . . . . . . . . . . . . . 113, 115 SSH . . . . . . . . . . . . . . . . . 115 sshd . . . . . . . . . . . . . . . . . 66 standard shell . . . . . . . . . . . 5 starting login processes . 50 start script . . . . . . . . . . 50, 53 startx . . . . . . . . . . . . . 110 stop script . . . . . . . . . . 50, 53 Storage Area Networks . 78 su . . . . . . . . . . . . . . . . 21, 147 sudo . . . . . . . . . . . . . 24, 147 sulogin . . . . . . . . . . . . . 50 SuSEconfig . . . . . . . . 148 SuSEconfig . 62, 63, 113 swap partition . . . . . . . . . . 95 syslogd . . . . . . . . . . . . . 66 SYSLOGD_PARAMS, variable . . . . . . . . . . . 69 syslog daemon . . . . . . . . . 66 system reboot . . . . . . . . . . . . . . . 48 start . . . . . . . . . . . . . . . . . 46 stop . . . . . . . . . . . . . . . . . 48

T tac . . . . . . . . . . . . . . . . . . 148 tail . . . . . . . . . . . 7, 70, 148

tar . . . . . . . . . . . . . . 80, 148 tee . . . . . . . . . . . . . . . . . . 148 telnet . . . . . . . . . . . . . 136 top . . . . . . . . . . . . . . . . . . 148 touch . . . . . . . . . . . . . . . 148 tr . . . . . . . . . . . . . . . . . . . 148 tune2fs . . . . . . . . . . . . 148 twm . . . . . . . . . . . . . . . . . . 104

U UID . . . . . . . . . . . . . . . . . . 2, 5 umask . . . . . . . . . . . . . . . 148 umount . . . . . . . . . . 98, 148 unalias . . . . . . . . . . . . 148 uname . . . . . . . . . . . . . . . 148 unexpand . . . . . . . . . . . 148 uniq . . . . . . . . . . . . . . . . 148 unset . . . . . . . . . . . . . . . 148 user quotas . . . . . . . . . . . . 29 useradd . . . . . . . . . 12, 148 userdel . . . . . . . . . 15, 148 usermod . . . . . . . . . 15, 148 user name . . . . . . . . . . . . . . . 4 users . . . . . . . . . . . . . . . . . . . 9 uucp-System . . . . . . . . . . 67

V vi . . . . . . . . . . . . . . . . . . . 136 visudo . . . . . . . . . . . . . . . 24

W wc . . . . . . . . . . . . . . . . . . . 148 whereis . . . . . . . . . . . . 148 which . . . . . . . . . . . . . . . 148 whoami . . . . . . . . . . . . . 148 WINDOWMANAGER, variable 110

X X . . . . . . . . . . . . . . . . . . . . 106 X11 forwarding . . . . . . . 115 xauth . . . . . . . . . . 113, 114 X client . . . . . . . . . . . . . . 104 xf86config . . . . . . . . 116 xhost . . . . . . . . . . 113, 114 xrdb . . . . . . . . . . . . . . . . 117 X server . . . . . . . . . . . . . . 104 configure . . . . . . . . . . . 116

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

Index xterm . . . . . . . . . . 106, 108 xvidtune . . . . . . . . . . . 116 X Window System . . . . . 104

Y

Z

YaST . . . . . . . . . . . . . . . . . . 59 starting modules . . . . . . 61

zcat . . . . . . . . . . . . . 83, 148

© 2004, SUSE LINUX AG (http://www.suse.de/training/)

157