linux-home-networking

(1)

Linux Home Networking

Grief Relief For The Home And Small Office

Peter Harrison

www.linuxhomenetworking.com

May 3, 2003

(2)

(3)

(4)

Copyright

Unless otherwise stated, the material published within this document is copyright of the author, Peter Harrison. No part of of this document, including page design, interior design, cover design and icons may be reproduced or transmitted in any form, by any means, (electronic, photocopying, recording, or otherwise) without the prior consent of the publisher/author.

Disclaimer – The Website and Manual

While every effort will be made to ensure that the information contained within the is website and manual is accurate and up to date, the author makes no warranty, representation or undertaking whether

expressed or implied, nor does it assume any legal liability, whether direct or indirect, or responsibility for the accuracy, completeness, or usefulness of any information.

Disclaimer - Other sites

Hypertext links to sites outside this website are provided as a convenience to users and should not necessarily be construed as an endorsement. Although every care is taken to provide links to suitable material from this site, the nature of the Internet prevents the author from guaranteeing the suitability or accuracy of any of the material that this site may be linked to. Consequently, the author can accept no responsibility for unsuitable or inaccurate material that may be encountered and accepts no liability whether direct or indirect for any loss or damage a person suffers because that person had directly or indirectly relied on any information stored in the hypertext links.

Further, the author is not and can not be responsible for the accuracy or legitimacy of information found elsewhere on the Internet and there is therefore no guarantee or warranty that any of the sites listed will be available at any particular time. The author does not guarantee or warrant any services that might be announced - use at your own risk.

The author makes no warranty, representation or undertaking whether expressed or implied nor does it assume any legal responsibility for the accuracy, completeness of usefulness of the information in the hypertext links.

(5)

Introduction

D

uring the “.com” gold rush, I decided to set up a small website dedicated to Caribbean art. The company I used made it really easy, all I had to do was copy my files to the web server using the username and password they provided.

One day at work I overheard some friends saying that they were hosting their websites from home using their DSL line. I suddenly decided to do the same and moved www.simiya.com literally “in-house”. Of course, it wasn’t as easy as they had made it seem. I generally found a majority of Linux resources on the web to be either too detailed or too vague or just inaccurate. There were many excellent articles on specific topics, but they were usually part of a general interest publication, and information on related topics on the site was sometimes hard to find.

There just wasn’t a site out there for intermediate Linux home users who wanted to get their feet wet in web hosting, nor did there seem to be any similar sites targeting the poor I.T. people who are told to “get Linux working by tomorrow”.

After a few months I decided that no one should have to repeat my pain and I added some technical pages to the site. Soon, www.linuxhomenetworking.com was born.

This manual assumes you have a few weeks of Linux experience and understand the basics, such as file management and the use of text editors such as “vi”. This approach was taken in order to keep its focus on the intermediate user who requires a compact guide.

It’s ironic to know that in the beginning I learned from the web as I just wasn’t prepared to buy too many Linux books, now I’ve created this manual because web users were constantly asking me to write one. If you like this manual, feel free to visit the site and let me know. Without your encouragement it wouldn’t have happened at all.

(6)

(7)

i

Chapter 1 ... 15

Adding Linux Users ... 15

Who Is The Super User? ...15

How To Add Users...15

How To Change Passwords...16

How To Delete Users ...17

How To Tell The Groups To Which A User Belongs ...17

Chapter 2 ... 19

Using Sudo... 19

What is sudo?...19

Download and Install The sudo Package ...20

The visudo Command ...20

The /etc/sudoers File ...20

General Guidelines ...20

Simple Examples ...20

How To Use sudo ...21

Using syslog To Track All sudo Commands ...21

Chapter 3 ... 23

Installing RPM Software ... 23

Where To Get Commonly Used RPMs...23

RPMs On Your Installation CDs ...24

RPMs Downloaded From Redhat...24

RPMs Downloaded From Speakeasy...24

How to Easily Access CD RPMs With Automount ...24

Downloading RPMS To Your Linux Box...25

Getting RPMs Using Web Based FTP...26

RedHat...26

Speakeasy ...26

Getting RPMs Using Command Line Anonymous FTP ...26

How To Install The RPMs ...29

Using Downloaded Files ...29

Using CDROMs...29

How to Install Source RPMs...29

Newer Linux Versions ...30

Older Linux Versions ...31

How To List Installed RPMs ...31

How Uninstall RPMs...32

RedHat Up2date ...32

Some Necessary Facts About up2date ...34

(8)

The RedHat Boot Sequence ...37

Determining The Default Boot runlevel...38

Get A GUI Console ...38

Get A Basic Text Terminal Without Exiting The GUI ...39

Using A GUI Terminal Window ...39

Using Virtual Terminals ...39

System Shutdown And Rebooting...39

Halt / Shutdown The System...39

Reboot The System ...39

How To Set Which Programs Run At Each runlevel ...40

Chkconfig Examples...40

Use Chkconfig To Get A Listing Of Sendmail's Current Startup Options ...40

Switch Off Sendmail Starting Up In Levels 3 and 5 ...40

Doublecheck That Sendmail Will Not Startup...40

Turn it back on again ...41

Final Tips On chkconfig...41

Chapter 5 ... 43

Why Host Your Own Site?... 43

Network Diagram ...43

Alternatives To Home Web Hosting ...44

Factors To Consider Before Hosting Yourself ...44

Home Based Websites...44

Pros ...44

Cons...44

Small Office Based Websites...45

Pros ...45

Cons...45

How To Migrate From An External Provider ...46

Chapter 6 ... 47

Introduction To Networking... 47

What Is TCP/IP? ...48

What is TCP?...48

What is UDP? ...48

What are TCP / UDP Ports?...48

What is a TTL? ...49

What is ICMP?...49

What Do IP Addresses Look Like?...49

Private IP Addresses ...50

What Is Localhost? ...50

What Is A Subnet Mask? ...50

How Many Addresses Do I Get With My Mask? ...51

What’s The Range Of Addresses On My Network? ...51

Manual Calculation ...51

Calculation Using A Script ...52

What Is Duplex?...52 What Is A Hub? ...52 What Is A Switch?...53 What Is A LAN?...53 What Is A Router?...53 What Is A Gateway?...54 What Is A Route?...54

What Is A Default Gateway? ...54

(9)

Table Of Contents iii

What Is A MAC Address? ...55

What Is ARP? ...55

What Is A Firewall?...56

What Is NAT? ...56

What Is Port Forwarding With NAT?...56

What Is DHCP? ...57

What Is DNS?...57

How Can I Check The IP Address For A Domain?...58

How Do I Get My Own DNS Domain Name? ...59

Static or Dynamic DNS? ...59

What is FTP?...59

Regular FTP...59

Anonymous FTP ...59

Where is Linux Help? ...60

Finding General Information On A Command ...60

Search For All Instances Of A Word ...60

Chapter 7 ... 63

Troubleshooting Linux With Syslog... 63

Syslog ...63

About syslog ...63

Syslog Facilities...64

Activating Changes To The syslog Configuration File...65

How To View New Log Entries As They Happen...65

Logging Syslog Messages To A Remote Linux Server...65

Configuring the Linux Syslog Server...65

Configuring the Linux Client ...66

Syslog Configuration and Cisco Network Devices...67

Syslog and Firewalls...67

Logrotate ...67

The /etc/logrotate.conf File ...67

Sample contents of /etc/logrotate.conf ...68

The /etc/logrotate.d Directory...68

The /etc/logrotate.d/syslog File (For General System Logging)...68

The /etc/logrotate.d/apache File (For Apache) ...69

The /etc/logrotate.d/samba File (for SAMBA) ...69

Activating logrotate ...69

Chapter 8 ... 71

Linux Networking ... 71

How To Configure Your NIC's IP Address ...71

Determining Your IP Address...71

Changing Your IP Address ...72

network-scripts File Formats ...73

Multiple IP Addresses On A Single NIC ...73

IP Address Assignment For A Direct DSL Connection...74

Some Important Files Created By adsl-setup ...77

Simple Troubleshooting ...78

How To Change Your Default Gateway ...79

How Configure Two Gateways ...79

How To Delete A Route ...80

How To View Your Current Routing Table ...80

How To Convert Your Linux Server Into A Router ...81

Configuring Your /etc/hosts File...82

(10)

Chapter 9 ... 85

Simple Network Troubleshooting ... 85

How To See MAC Addresses ...85

How To Use "Ping" To Test Network Connectivity ...86

Using "traceroute" To Test Connectivity...87

Possible Traceroute Messages...88

Always Get A Bidirectional Traceroute ...89

Ping & Traceroute Troubleshooting Example ...90

Possible Reasons For Failed Traceroutes ...91

Viewing Packet Flow With TCPdump ...92

Possible TCPdump Messages...92

Useful TCPdump Expressions ...93

Chapter 10... 97

Linux Wireless Networking... 97

Wireless Linux Compatible NICs ...97

The Linksys WMP11 NIC and Linux ...98

Pre Version 2.7 WMP 11 Card...98

The WMP 11 Version 2.7 Card ...98

Linux-WLAN Preparation ...99

PCMCIA Type Card Specific Information ...99

Installing The Linux-WLAN Drivers ...99

Linux-WLAN Installation - Using RPMs ...99

Determining The Kernel Type ...99

Determining The OS Version ...100

Determining The Kernel Version...100

Linux-WLAN Installation – Using TAR files ...101

Install the Kernel Source Files ...101

Download And Install The Linux-WLAN TAR File ...101

Configure The New wlan0 Interface Driver (PCI Cards) ...102

Configure The New wlan0 Interface Driver (PCMCIA Cards) ...103

Post Installation Steps...104

Configure The New wlan0 Interface...104

Disable Your Existing Ethernet NIC ...104

Select the Wireless mode and SSID ...104

Simulate a Reboot ...105

PCI Cards – Installed Using RPMs ...105

PCI Cards – Installed Using TAR Files...105

PCMCIA Cards ...105

Check For Interrupt Conflicts...105

Linux-WLAN Encryption For Security ...107

De-activating Encryption ...108

Troubleshooting Your Wireless LAN ...109

Chapter 11... 111

Linux Firewalls Using iptables... 111

What Is iptables?...112

Download And Install The Iptables Package ...112

How To Get iptables Started ...112

Packet Processing In iptables ...112

Processing For Packets Routed By The Firewall...114

Packet Processing For Data Received By The Firewall...115

Packet Processing For Data Sent By The Firewall ...116

Targets And Jumps...117

(11)

Table Of Contents v

Important Iptables Command Switch Operations...119

General Iptables Match Criteria ...119

Common TCP and UDP Match Criteria ...120

Common ICMP (Ping) Match Criteria ...121

Common Match Extensions Criteria...121

Using User Defined Chains ...123

Sample iptables Scripts...124

Basic Initialization...124

Allowing DNS Access To Your Firewall ...125

Allowing WWW And SSH Access To Your Firewall...126

Allowing Your Firewall To Access The Internet...126

Allow Your Home Network To Access The Firewall ...127

Masquerading (Many to One NAT) ...127

Port Forwarding Type NAT (DHCP DSL) ...128

Static NAT ...130

Logging & Troubleshooting...131

Chapter 12... 133

Telnet, TFTP and XINETD ... 133

Telnet ...134

What is Telnet? ...134

Setting Up A Telnet Server...135

TFTP ...135

What is TFTP?...135

Setting up a TFTP server...136

Configuring Cisco Devices for TFTP...137

Cisco PIX firewall ...137

Cisco Switch Running CATOS...137

Cisco Router ...138

Cisco CSS 111000 "Arrowpoints"...138

Cisco Local Director...138

Using TFTP To Restore Your Router Configuration ...139

Chapter 13... 141

Linux FTP Server Setup... 141

FTP Overview...141

FTP Control Channel - TCP Port 21 ...142

FTP Data Channel - TCP Port 20...142

Active FTP...142

Passive FTP...143

Problems With FTP And Firewalls...143

Client Protected By A Firewall Problem...143

Solutions...143

Server Protected By A Firewall Problem ...144

Solutions...144

How To Download And Install The VSFTP Package...145

How To Get VSFTP Started ...146

Testing To See If VSFTP Is Running...146

What Is Anonymous FTP?...147

The /etc/vsftpd.conf File...147

FTP Security Issues ...148

The /etc/vsftpd.ftpusers File ...148

Anonymous Upload ...148

FTP Greeting Banner ...148

Using SCP As Secure Alternative To FTP ...148

(12)

Sample Login Session To Test Funtionality...150

Chapter 14... 153

Secure Remote Logins And File Copying... 153

Using Secure Shell As A Replacement For Telnet ...153

Testing To See If SSH Is Running ...154

The etc/ssh/sshd_config File...154

Using SSH To Login To A Remote Machine ...155

User “root” Logs In To smallfry As User “root”...155

User “root” Logs In To smallfry As User “peter” ...155

Using default port 22 ...155

Using port 435 ...155

What You Should Expect To See When You Log In ...155

Deactivating Telnet once SSH is installed ...156

Using SCP as a more secure replacement for FTP...157

Copying Files To The Local Linux Box ...157

Copying Files To The Remote Linux Box...157

Chapter 15... 159

Windows, Linux And Samba ... 159

Download and Install Packages...160

How To Get SAMBA Started...160

Configuring SWAT ...161

Samba and PC Firewall Software...161

Zone Alarm...162

The Windows XP Built In Firewall...162

How To Create A Samba PDC Administrator User ...162

Create The Administrator’s User Group and Directories ...162

Create The Administrator User Under Linux...163

Adduser’s Command Switches ...163

Create An Administrator Domain Password ...164

Make The Administrator One Of The Samba Admin Users...164

How to Configure a Samba PDC...164

Create A Samba PDC ...164

Create Your PC Machine Trusts...166

Manual Creation Of Machine Trust Accounts (NT Only)...166

Dynamic Creation Of Machine Trust Accounts...167

Make Your PC Clients Aware Of Your Samba PDC...167

Windows 95/98/ME...167

Windows NT...168

Windows 2000 ...168

Windows XP...168

How To Add Users To Your Samba Domain ...169

Add The Users In Linux...169

Map The Linux Users To An smbpassword ...169

Map A Drive Share...169

Mapping Using “My Computer” ...169

Mapping From The Command Line...170

Domain Groups And Samba ...170

How To Delete Users From Your Samba Domain ...171

Delete The Users In Linux ...171

Delete The Users Using smbpasswd...171

Chapter 16... 173

(13)

Table Of Contents vii

Adding A Printer To A Samba PDC ...173

Adding The Printer To Linux...173

Make Samba Aware Of The Printer ...174

Configure The Printer Driver On The Workstations ...175

Creating Group Shares in SAMBA ...176

Create The Directory And User Group ...176

Configure The Share In SWAT ...176

Map The Directory Using “My Computer”...177

Windows Drive Sharing With Your SAMBA Server ...177

Windows Setup ...177

Windows 98/ME ...177

Windows 2000 ...177

Windows XP...178

Test Your Windows Client Configuration...178

Create A ZIP Drive Mount Point On Your Samba Server ...178

Prompted For Password Method ...179

Not Prompted For Password Method...179

Using The smbmount Command Method...179

Chapter 17... 181

Configuring DNS... 181

What Is DNS?...181

What Is BIND?...181

When To Use A DNS Caching Nameserver ...182

When To Use A Regular DNS Server...182

When To Use Dynamic DNS...182

How To Download and Install The BIND Packages ...182

How To Get BIND Started ...182

The /etc/resolv.conf File...183

Configuring A Caching Nameserver...184

Configuring A Regular Nameserver ...184

Configuring named.conf...184

Configuring The Zone Files ...185

The SOA Record...185

NS, MX, A And CNAME Records ...187

Sample Forward Zone File ...188

Sample Reverse Zone File ...189

What You Need To Know About NAT And DNS ...189

Loading Your New Configuration Files ...192

Make Sure Your /etc/hosts File Is Correctly Updated...192

Configure Your Firewall...192

Fix Your Domain Registration ...193

How To Migrate Your Website In-House...193

DHCP Considerations For DNS...194

Chapter 18... 197

Dynamic DNS... 197

What Is DNS?...197

What Is Dynamic DNS? ...198

Dynamic DNS And NAT Router/Firewalls ...198

Dynamic DNS Prerequisites...199

Sign Up With A DDNS Provider ...199

Update Your DNS Registration ...199

Installing And Using ez-ipupdate ...199

The /etc/ez-ipupdate.conf File...200

(14)

The /etc/ddclient.conf File...201

Testing Your Dynamic DNS ...202

Testing Port Forwarding...202

Chapter 19... 203

The Apache Web Server ... 203

Download and Install The Apache Package ...203

How To Get Apache Started ...204

Configuring DNS For Apache...204

General Configuration Steps...204

Named Virtual Hosting ...205

IP Based Virtual Hosting ...205

A Note On Virtual Hosting And SSL...205

Disabling SSL – (Not Recommended) ...206

Use Wild Cards Sparingly...206

Configuration – Multiple Sites And IP Addresses...206

A Note On Virtual Hosting And DNS ...208

Using Data Compression On Web Pages...208

Compression Configuration Example ...209

Apache Running On A Server Behind A Firewall...210

File Permissions And Apache ...210

How To Protect Web Page Directories With Passwords ...210

Issues When Upgrading To Apache 2.0...212

Incompatible /etc/httpd/conf/http.conf files ...212

Chapter 20... 213

Monitoring Server Performance ... 213

SNMP...213

What is SNMP? ...213

SNMP on a Linux Server ...213

MRTG ...215

What is MRTG?...215

Download and Install The MRTG Packages...215

Configuring MRTG ...216

RedHat Version 8.0 and Indexmaker...217

Using MRTG To Monitor Other Subsystems ...218

Webalizer ...218

What Is Webalizer?...218

How To View Your Webalizer Statistics ...218

The Webalizer Configuration File ...218

Make Webalizer run in Quiet Mode ...218

Chapter 21... 221

Configuring Linux Mail Servers... 221

Configuring Sendmail ...221

An Overview Of How Sendmail Works ...221

Configuring DNS ...222

Installing And Starting Sendmail...222

Restart Sendmail After Editing Your Configuration Files ...223

Errors With The Newaliases Command...223

Errors With The m4 Command ...223

Errors When Restarting sendmail...224

The /var/log/maillog File...224

The /etc/mail/sendmail.mc File ...224

(15)

Table Of Contents ix

Edit /etc/mail/sendmail.mc To Make Sendmail Listen On NICs Too...225

Regenerate The sendmail.cf File...225

Restart sendmail to load the new configuration ...226

Now Make Sure Sendmail Is Listening On All Interfaces...226

A General Guide To Using The sendmail.mc File...226

The /etc/hosts File...227

Symptoms Of A Bad /etc/hosts File...227

The /etc/mail/relay-domains File...228

The /etc/mail/access File ...229

The /etc/mail/local-host-names File...230

Which User Should Really Receive The Mail? ...230

The /etc/mail/virtusertable file ...231

The /etc/aliases File...231

Simple Mailing Lists Using Aliases...232

An Important Note About The /etc/aliases File ...233

Sendmail Masquerading Explained...233

Configuring masquerading...233

Testing Masquerading...234

Other Masquerading Notes ...234

A Simple PERL Script To Help Stop SPAM...235

Configuring Your POP Mail Server...235

Installing Your POP Mail Server ...236

Configuring Your POP Mail Server...236

How To Configure Your Windows Mail Programs...237

How to handle overlapping email addresses. ...237

Chapter 22... 239

Configuring The DHCP Server ... 239

Download and Install The DHCP Package ...239

The /etc/dhcp.conf File...240

Upgrading Your DHCP Server ...241

How to get DHCP started ...242

Modify Your Routes for DHCP on Linux Server ...242

Temporary solution ...242

Permanent Solution ...243

Configuring Linux clients to use DHCP ...243

Error Found When Upgrading From Redhat 7.3 To 8.0...243

Chapter 23... 245

The NTP Server ... 245

What is NTP?...245

Download and Install The NTP Package...246

The /etc/ntp.conf File ...246

How To Get NTP Started...247

Determining If NTP Is Synchronized Properly ...248

Configuring Cisco Devices To Use An NTP Server...248

Cisco IOS ...248

CAT OS ...249

Firewalls and NTP...249

Chapter 24... 251

Configuring Cisco PIX Firewalls... 251

Network Address Translation (NAT) ...251

Accessing the PIX command line ...252

Via The Console Port ...252

(16)

Configuring PPPoE...253

NAT Configuration ...254

Dynamic DNS Port Forwarding Entries ...254

How To Get Static IPs For DSL Cheaply ...254

Sample PIX configuration: DSL - Static IPs ...255

Outgoing Connections NAT Configuration ...255

Incoming Connections NAT Configuration ...255

Chapter 25... 257

Configuring Cisco DSL Routers ... 257

An Introduction to Network Address Translation (NAT) ...258

Introduction to accessing the router command line ...258

Via The Console Port ...258

Via Telnet ...258

Sample Configurations...260

DSL Router With Built-In Modem - DHCP...260

DSL Router With Built-In Modem - Static IP ...262

DSL Router With External Modem - Static IP ...264

Appendix I ... 269

Miscellaneous Topics... 269

VPN Terminologies...269 Authentication...269 Encryption ...270 IPSec ...270

Authentication Header (AH)...270

Encapsulating Security Protocol (ESP) ...270

Transport mode VPNs...270

Transport mode AH packet format ...270

Transport mode AH / ESP packet format ...270

Tunnel mode VPNs...271

Tunnel mode AH packet format ...271

Tunnel mode AH / ESP packet format...271

Authentication methods...271

Encryption methods ...271

Internet Key Exchange (IKE)...271

IKE authentication methods...272

Public key cryptography using RSA encryption...272

Shared keys ...272

IKE's role in creating Security Associations ...273

Transforms ...273

Shared keys ...273

IKE and ISAKMP...273

VPN Security And Firewalls...273

VPN User Authentication Methods For Temporary Connections ...273

Types Of Dial Up VPN Authentication ...274

Running Linux Without A Monitor ...275

Preparing To Go “Headless” ...275

Configuration Steps ...275

Make Your Linux Box Emulate A VT100 Dumb Terminal...277

(17)

Table Of Contents xi

Syslog Configuration and Cisco Devices ...280

Cisco Routers ...280

Catalyst CAT Switches running CATOS...280

Cisco Local Director...280

Cisco PIX Filewalls ...282

Cisco CSS11000 (Arrowpoints) ...282

The Sample Cisco syslog.conf File ...283

Disk Partitioning Explained...284

What Is A Partition? ...284

What Is A Filesystem?...284

How Linux Links Filesystems And Partitions ...284

What Partitions Are Mandatory?...285

"/", Also Known As "root"...285

/boot ...285

swap...285

Recommended Sizes For Disk Partitions...285

Some Recommended Partition Sizes ...286

How Much Space Do I Have On My Partitions?...287

What Can I Do When I Run Out Of Disk Space?...287

The OSI Networking Model ...288

The Seven OSI Layers ...288

TCP/IP Packet Format ...289

Contents Of The IP Header ...289

Contents Of The TCP Header...290

Contents Of The UDP Header ...290

Appendix II... 293

Codes, Scripts and Configurations ... 293

Subnet Calculator Script ...294

Apache File Permissions Script ...296

Sendmail SPAM Filter Script...297

The mail-filter.accept File...298

The mail-filter.reject File...298

The mail-filter Script...298

IPtables FTP Client...303

IPtables FTP Server ...304

IPtables NTP Server...305

IPtables Complex script ...305

DNS Zone File For my-site.com ...319

DNS Zone File For my-other-site.com ...319

Forward Zone File For A Home Network Using NAT ...320

Reverse Zone File For A Home Network Using NAT ...320

Sendmail Sample /etc/mail/access File ...322

Sendmail Sample /etc/aliases File ...322

Sendmail Sample /etc/mail/local-host-names File ...323

Sendmail Sample /etc/mail/sendmail.mc File ...324

Sendmail Sample /etc/mail/virtusertable File...326

ICMP Codes...327

Cisco PIX Firewall - DHCP DSL Configuration...329

Cisco PIX Firewall - Static DSL Configuration...330

Appendix III... 333

Bibliography ... 333

Wireless Linux ...334

Cisco Router Configuration Examples...334

(18)

General Home Networking Resource Pages...335

SSH Servers and SSH Clients...335

The Windows SCP client called WinSCP...336

FTP Server and FTP Clients ...336

DHCP Server ...336

Apache Web Server Software...336

Sendmail Mail Configuration ...336

Dynamic DNS - Hosting Your Website at Home ...337

Static DNS...337

NTP Server ...337

POP Mail Server ...338

Samba - Linux as a Windows File Server ...338

General Linux Resource Pages...338

Disk Partitioning ...339

Network Monitoring...339

(19)

(20)

(21)

15

Chapter 1 Adding Linux Users

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In This Chapter

Chapter 1 Adding Linux Users

Who Is The Super User? How To Add Users

How To Change Passwords How To Delete Users

How To Tell The Groups To Which A User Belongs

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

O

ne of the most important activities in administering a Linux box is the addition of users. I have included some simple examples to provide a foundation for future chapters. A more detailed description of the process is beyond the focus of this book. You may use the command “man useradd” to get the help pages on adding users with the useradd command or the “man usermod” to become more familiar with modifying users with the usermod command.

Who Is The Super User?

The super user with unrestricted access to all system resources and files is the user named "root". You will need to log in as user root to add new users to your Linux box

How To Add Users

Adding users takes some planning, read through the steps below before starting:

• Arrange your list of users into groups by function. In this example there are three groups "parents", "children" and "soho".

(22)

Parents Children Soho

Paul Alice Accounts Jane Derek Sales • Add the Linux groups to your server:

[root@bigboy tmp]# groupadd parents [root@bigboy tmp]# groupadd children [root@bigboy tmp]# groupadd soho

• Add the Linux users, assign them to their respective groups [root@bigboy tmp]# useradd -g parents paul [root@bigboy tmp]# useradd -g parents jane [root@bigboy tmp]# useradd -g children derek [root@bigboy tmp]# useradd -g children alice [root@bigboy tmp]# useradd -g soho accounts [root@bigboy tmp]# useradd -g soho sales

If you don't specify the group with the "-g", RedHat Linux will create a group with the same name as the user you just created. When each new user first logs in, they will be prompted for their new permanent password.

• Each user's personal directory will be placed in the /home directory. The directory name will be the same as their user name.

[root@bigboy tmp]# ll /home

drwxr-xr-x 2 root root 12288 Jul 24 20:04 lost+found drwx--- 2 accounts soho 1024 Jul 24 20:33 accounts drwx--- 2 alice children 1024 Jul 24 20:33 alice drwx--- 2 derek children 1024 Jul 24 20:33 derek drwx--- 2 jane parents 1024 Jul 24 20:33 jane drwx--- 2 paul parents 1024 Jul 24 20:33 paul drwx--- 2 sales soho 1024 Jul 24 20:33 sales [root@bigboy tmp]# ll /home

How To Change Passwords

You’ll need to create passwords for each account. This is done with the "passwd" command. You will be prompted once for your old password and twice for the new one.

• User "root" changing the password for user "paul" [root@bigboy root]# passwd paul Changing password for user paul. New password:

(23)

Chapter 1 : Adding Linux Users 17

passwd: all authentication tokens updated successfully. [root@bigboy root]#

• Users may wish to change their passwords at a future date. Here is how unprivileged user "paul" would change his own password.

[paul@bigboy paul]$ passwd Changing password for paul

Old password: your current password

Enter the new password (minimum of 5, maximum of 8 characters)

Please use a combination of upper and lower case letters and numbers. New password: your new password

Re-enter new password: your new password Password changed.

[paul@bigboy paul]$

How To Delete Users

• The userdel command is used. The "-r" flag removes all the contents of the user's home directory [root@bigboy tmp]# userdel -r paul

How To Tell The Groups To Which A User Belongs

• Use the "groups" command with the username as the argument [root@bigboy root]# groups paul

paul : parents

[root@bigboy root]#

(24)

(25)

Chapter 1 : Adding Linux Users 19

Chapter 2 Using Sudo

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In This Chapter

Chapter 2 Using Sudo

What is sudo?

Download and Install The sudo Package The visudo Command

The /etc/sudoers File How To Use sudo

Using syslog To Track All sudo Commands

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Y

ou can give selected users temporary "root" privileges using the "sudo" command, here's how.

What is sudo?

• Sudo is a command that allows users defined in the /etc/sudoers configuration file to have temporary root access to run certain privileged commands.

• The command you want to run must first begin with the word "sudo" followed by the regular command syntax.

(26)

• You may run other privileged commands using sudo within a five minute period without being re-prompted for a password

• All commands run as sudo are logged in the log file /var/log/messages

Download and Install The sudo Package

Fortunately the package is installed by default by RedHat

The visudo Command

• "visudo" is the command used to edit the /etc/sudoers configuration file. It is not recommended that you use any other editor to modify your sudo parameters. "visudo" uses the same commands as the "vi" text editor.

• "visudo" is best run as user "root"

The /etc/sudoers File

General Guidelines

o The /etc/sudoers file has the general format:

usernames/group target-servername = command

o Groups are the same as user groups and are differentiated from regular users by a % at the beginning

o The "#" at the beginning of a line signifies a comment line o You can have multiple usernames per line separated by commas

o Multiple commands can be separated by commas too. Spaces are considered part of the command.

o The keyword "ALL" can mean all usernames, groups, commands and servers.

o If you run out of space on a line, you can end it with a "\" and continue on the next line. o The NOPASSWD keyword provides access without you being prompted for your password

Simple Examples

o Users "paul" and "mary" have full access to all privileged commands

(27)

Chapter 2 : Using Sudo 21

o Users with a groupid of "operator" has full access to all commands and won't be prompted for a password when doing so.

%operator ALL=(ALL) NOPASSWD: ALL

How To Use sudo

• In this example, user "paul" attempts to view the contents of the /etc/sudoers file

[paul@bigboy paul]$ more /etc/sudoers /etc/sudoers: Permission denied

[paul@bigboy paul]$

• Paul tries again using sudo and his regular user password and is successful

[paul@bigboy paul]$ sudo more /etc/sudoers Password: ... ... ... [paul@bigboy paul]$

Using syslog To Track All sudo Commands

All sudo commands are logged in the log file /var/log/messages. Here is sample output from the above example.

[root@bigboy tmp]# grep sudo /var/log/messages

Nov 18 22:50:30 bigboy sudo(pam_unix)[26812]: authentication failure; logname=paul uid=0 euid=0 tty=pts/0 ruser= rhost= user=paul

Nov 18 22:51:25 bigboy sudo: paul : TTY=pts/0 ; PWD=/etc ; USER=root ; COMMAND=/bin/more sudoers

(28)

(29)

23

Chapter 3 Installing RPM Software

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In This Chapter

Chapter 3 Installing RPM Software

Where To Get Commonly Used RPMs

How to Easily Access CD RPMs With Automount Downloading RPMS To Your Linux Box

Getting RPMs Using Web Based FTP

Getting RPMs Using Command Line Anonymous FTP How To Install The RPMs

How to Install Source RPMs How To List Installed RPMs How Uninstall RPMs RedHat Up2date

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

A

lot of Linux system software is available using RPM packages for default Linux installs, and source RPMs for non standard installations. As the procedure for installing source RPMs involves compiling source code, they more easily installed across a wide variety of Linux flavors, thereby making life easier for the software developer who wrote the package.

Where To Get Commonly Used RPMs

(30)

RPMs On Your Installation CDs

This is usually easier than having to download files from a remote website. See the section about using Automount to easily access your CDROM drive to obtain RPM files.

RPMs Downloaded From Redhat

Advanced searches for all versions of RedHat can be done using this web link:

http://www.redhat.com/apps/download/advanced_search.html

RedHat also has a highly used FTP site, ftp.redhat.com, start your search in the /pub/redhat/linux/ directory and move down the directory tree. If you’re new to FTP, don’t worry, FTP downloading it’ll be explained later.

RPMs Downloaded From Speakeasy

RedHat only has their approved software on their site. A good general purpose source is RPMfind. Always remember to select the RPM that matches your version of Linux

http://speakeasy.rpmfind.net/

How to Easily Access CD RPMs With Automount

Using the Linux installation CDs is usually easier, though you run the risk of some of the packages being obsolete due to newer releases on the RedHat website.

It is usually simplest to configure your system to Automount your CDROM. This makes the files on it immediately accessible whenever you access it without having to use the "mount" command. This will make your Linux system act more like Windows.

• Autofs is the package that supports Automount is installed by default with newer versions of RedHat Linux. You can check this using the following commands.

[root@bigboy tmp]# rpm -qa | grep autofs autofs-3.1.7-33

[root@bigboy tmp]#

• You can then ensure that it runs when the system boots using the chkconfig command.

[root@bigboy tmp]# chkconfig --level 345 autofs on [root@bigboy tmp]#

(31)

Chapter 3 : Installing RPM Software 25

• There are two automount configuration files in /etc, one called auto.master and the other called auto.misc. My auto.master looks like this:

/misc /etc/auto.misc --timeout 60

The default version of this file normally has this line commented out so you’ll have to remove the "#" at the beginning of the line for the configuration to take effect when autofs is restarted. The first entry is not the mount point. It's where the set of autofs mount points will be. The second entry is a reference to the default map file /etc/auto.misc and the third option says that the mounted

filesystems can try to unmount themselves 60 seconds after use.

• You can create mount points for each of your removable devices, "floppy", "cdrom" and "zip" with the following commands.

[root@bigboy tmp]# mkdir /misc/cdrom [root@bigboy tmp]# mkdir /misc/floppy [root@bigboy tmp]# mkdir /misc/zip [root@bigboy tmp]# ll /misc

total 3

drwxr-xr-x 2 root root 1024 Nov 10 16:06 cdrom drwxr-xr-x 2 root root 1024 Nov 10 16:06 floppy drwxr-xr-x 2 root root 1024 Nov 10 16:06 zip [root@bigboy tmp]#

• Edit your auto.misc file to include the CDROM. It should have an entry like this.

cdrom -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom

You'll find other entries such as "floppy" and "zip" commented out with a "#". If you need them, just delete the "#". The first column (the "key") is the mount point under directory /misc, so in this case you'll be doing auto mounting when you access /misc/cdrom.

• Restart autofs.

[root@bigboy /tmp]# /etc/init.d/autofs restart Stopping automount:[ OK ]

Starting automount:[ OK ] [root@bigboy /tmp]#

Downloading RPMS To Your Linux Box

For casual searching and installing, I recommend using the http links above. If you are doing industrial strength stuff, then use a real FTP client such as (WSFTP or CuteFTP for GUI) or the command line.

(32)

Getting RPMs Using Web Based FTP

Let’s say you are running RedHat 8.0 and need to download an RPM for the DHCP server.

RedHat

• Use your web browser to go to the RedHat link above • Type in dhcp in the search box

• Click the search button

• Scroll down for the RPM you need for the DHCP server • Click on the appropriate "download" link

• Click on the FTP link

• Save the file to Linux box's hard drive

Speakeasy

• Go to the Speakeasy link • Type in dhcp in the search box • Click the search button

• Scroll down for the RPM that matches your version of RedHat

• The right hand column has the links with the actual names of the rpm files • Click the link

• Save the file to Linux box's hard drive

It is best to download RPMs to a directory named "RPM", so you can find them later.

Getting RPMs Using Command Line Anonymous FTP

The Web based method above transparently uses anonymous File Transfer Protocol (FTP). Anonymous FTP allows you to log in and download files from a FTP server using the username

“anonymous” and a password that matches your email address. This way anyone can access the data.

• Let's try to FTP the SSH package from ftp.redhat.com

[root@bigboy tmp]# ftp ftp.redhat.com Trying 66.77.185.38...

(33)

Chapter 3 : Installing RPM Software 27

220 Red Hat FTP server ready. All transfers are logged. Name (ftp.redhat.com:root): anonymous

331 Please specify the password. Password:

230 Login successful. Have fun. Remote system type is UNIX.

Using binary mode to transfer files. ftp> ls

227 Entering Passive Mode (66,77,185,38,50,122) 150 Here comes the directory listing.

drwxr-xr-x 5 0 0 4096 Jun 09 04:20 pub 226 Directory send OK.

ftp>

• Let's see the available help commands

ftp> help

Commands may be abbreviated. Commands are: ! $ account append ascii bell binary bye case cd cdup chmod close cr delete debug dir disconnect exit form get glob hash help idle image lcd ls macdef Mdelete mdir mget mkdir mls mode modtime mput newer nmap nlist ntrans open prompt passive proxy sendport put pwd quit quote recv reget rstatus rhelp rename reset restart rmdir runique send site size status struct system sunique tenex tick trace type user umask verbose ? ftp>

• The commands you'll most likely use are:

FTP Commands

Command Description

binary Copy files in binary mode

cd Change directory on the FTP server

dir List the names of the files in the current _{remote directory}

(34)

Command Description

get Get a file from the FTP server

lcd Change the directory on the local machine ls Same as dir

mget Same as get, but you can use wildcards like "*" mput Same as put, but you can use wildcards like "*" passive Make the file transfer passive mode

put Put a file from the local machine onto the FTP server pwd Give the directory name on the local machine

• By using the search feature on the website ahead of time, I know that the RedHat 8.0RPMs are located in the pub/redhat/linux/8.0/en/os/i386/RedHat/RPMS directory.

ftp> cd pub/redhat/linux/8.0/en/os/i386/RedHat/RPMS 250 Directory successfully changed.

ftp> ls open*

227 Entering Passive Mode (66,77,185,38,45,180) 150 Here comes the directory listing.

-rw-r--r-- 1 0 0 11191 Sep 03 21:32 open-1.4-16.i386.rpm -rw-r--r-- 1 0 0 2006950 Sep 03 21:32 openh323-1.9.3-4.i386.rpm -rw-r--r-- 1 0 0 256971 Sep 03 21:32 openh323-devel-1.9.3-4.i386.rpm ... ... -rw-r--r-- 1 0 0 217326 Sep 03 21:33 openssh-3.4p1-2.i386.rpm ... ...

226 Directory send OK. ftp>

• Get the file we need and place it in the local directory /usr/rpm. Also print "#" hash signs on the screen during the download.

ftp> hash

Hash mark printing on (1024 bytes/hash mark). ftp> lcd /usr/rpm

Local directory now /usr/rpm ftp>

ftp> get openssh-3.4p1-2.i386.rpm

local: openssh-3.4p1-2.i386.rpm remote: openssh-3.4p1-2.i386.rpm 227 Entering Passive Mode (66,77,185,38,57,102)

150 Opening BINARY mode data connection for openssh-3.4p1-2.i386.rpm (217326 bytes).

##################################################################### #####################################################################

(35)

Chapter 3 : Installing RPM Software 29

#################################################################### 226 File send OK.

217326 bytes received in 87.7 secs (2.4 Kbytes/sec) ftp> • Bye bye ftp> exit 221 Goodbye. [root@bigboy tmp]#

How To Install The RPMs

Using Downloaded Files

• Download the source RPMs which usually have a file extension ending with (.rpm) into a temporary directory such as /tmp

• As user root, issue the following command:

[root@bigboy tmp]# rpm -Uvh filename.rpm

Using CDROMs

• Insert the CDROM and check the files in /misc/cdrom/RedHat/RPMS

[root@bigboy tmp]# cd /misc/cdrom/RedHat/RPMS [root@bigboy RPMS]# ls filename*

filename.rpm

[root@bigboy RPMS]# rpm -Uvh filename.rpm

• When finished, eject the CDROM

[root@bigboy RPMS]# cd /tmp [root@bigboy tmp]# eject cdrom [root@bigboy tmp]#

How to Install Source RPMs

Sometimes the packages you want to install need to be compiled in order to match your kernel version. This requires you to use source RPM files.

• Download the source RPMs or locate them on your CD collection. They usually have a file extension ending with (.src.rpm)

(36)

• Run the following commands as root:

Newer Linux Versions

Compiling and installing source RPMs with newer RedHat Linux versions can be done simply with the rpmbuild command

[root@bigboy tmp]# rpmbuild --rebuild filename.src.rpm

o Here is an example in which we install the tacacs plus package.

[root@bigboy rpm]# rpmbuild --rebuild tac_plus-4.0.3-2.src.rpm Installing tac_plus-4.0.3-2.src.rpm

Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.61594 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf tac_plus-4.0.3 + /usr/bin/gzip -dc /usr/src/redhat/SOURCES/tac_plus-4.0.3.tgz + tar -xvvf - drwxr-xr-x nsen/25 0 1999-08-04 00:33:15 tac_plus-4.0.3/ -rw-r--- root/root 9029 1999-04-02 22:03:45 tac_plus-4.0.3/CHANGES ... ... ... ... ... ...

Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/tacacsd

Wrote: /usr/src/redhat/RPMS/i386/tac_plus-4.0.3-2.i386.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.60207

+ umask 022

+ cd /usr/src/redhat/BUILD + cd tac_plus-4.0.3

+ rm -rf /var/tmp/tacacsd + exit 0

Executing(--clean): /bin/sh -e /var/tmp/rpm-tmp.60207 + umask 022

+ cd /usr/src/redhat/BUILD + rm -rf tac_plus-4.0.3 + exit 0

[root@bigboy rpm]#

o Here we see that the regular RPM file, not the source RPM, has been installed correctly. [root@bigboy rpm]# rpm -qa | grep tac_plus

tac_plus-4.0.3-2 [root@bigboy rpm]#

(37)

Chapter 3 : Installing RPM Software 31

Older Linux Versions

The process is more complicated with older RedHat Linux versions as can be seen below. o The source files are first exported into the directory /usr/src/redhat/SPECS with the rpm

command.

o You then have to run the rpm command again to compile the source files into a regular RPM file which will be placed in either the /usr/src/packages/RPMS/i386/ or the

/usr/src/redhat/RPMS/i386/ directories.

o You then have to install the new RPM file from this directory.

[root@bigboy tmp]# rpm -Uvh filename.src.rpm [root@bigboy SPECS]# cd /usr/src/redhat/SPECS [root@bigboy SPECS]# rpm –ba filename

[root@bigboy tmp]# cd /usr/src/redhat/RPM/i386 [root@bigboy i386]# rpm -Uvh filename.rpm

How To List Installed RPMs

• The rpm –qa command will list all the packages installed on your system [root@bigboy tmp]# rpm –qa perl-Storable-1.0.14-15 smpeg-gtv-0.4.4-9 e2fsprogs-1.27-9 libstdc++-3.2-7 audiofile-0.2.3-3 … … … [root@bigboy tmp]#

• You can also pipe the output of this command through the grep command if you are interested in only a specific package. In this example we are looking for all packages containing the string “ssh” in the name, regardless of case (“-i” meaning ignore case)

[root@bigboy tmp]# rpm -qa | grep -i ssh openssh-server-3.4p1-2 openssh-clients-3.4p1-2 openssh-askpass-gnome-3.4p1-2 openssh-3.4p1-2 openssh-askpass-3.4p1-2 [root@bigboy tmp]#

(38)

How Uninstall RPMs

• The rpm –e command will erase an installed package. The package name given must match that listed in the rpm –qa command as the version of the package is important.

[root@bigboy tmp]# rpm –e package-name

RedHat Up2date

RedHat has a program called up2date which will update your Linux installation with the latest revisions of the RPMs from the RedHat website via a HTTPS/SSL connection running in the background. Here’s what to do:

• After installing the operating system issue the up2date command. It will prompt you to change the initial settings. Just quit by typing “q” and up2date will give you the command to run to get the encryption keys from RedHat.

[root@bigboy tmp]# up2date 0. debug No 1. isatty Yes 2. depslist [] … … …

Enter number of item to edit <return to exit, q to quit without saving>:

Your GPG keyring does not contain the Red Hat, Inc. public key. Without it, you will be unable to verify that packages Update Agent downloads are securely signed by Red Hat.

Your Update Agent options specify that you want to use GPG.

To install the key, run the following as root:

rpm --import /usr/share/rhn/RPM-GPG-KEY

[root@bigboy tmp]#

• Issue the rpm command to get the keys

[root@bigboy tmp]# rpm --import /usr/share/rhn/RPM-GPG-KEY [root@bigboy tmp]#

(39)

Chapter 3 : Installing RPM Software 33

• Issue the up2date command again and it will prompt you through a number of registration screens which will ask for information such as:

o The login name & password of your choice o Your, name, address and email address o A profile name for your server

• It will then present you with a list of all the packages installed on your server and ask you whether you want to register this software information with RedHat

• The up2date updater will then register your system and exit back to the command prompt. • Now you have to actually update the software using up2date. This is done with the up2date –u

command. This is what it looks like: [root@bigboy tmp]# up2date -u

Fetching package list for channel: redhat-linux-i386-8.0... ########################################

Fetching Obsoletes list for channel: redhat-linux-i386-8.0... ########################################

Fetching rpm headers...

#######################################

Testing package set / solving RPM inter-dependencies... ######################################## cups-libs-1.1.17-0.2.i386.r ########################## Done. … … … Preparing ########################################### [100%] Installing... 1:cups-libs ########################################### [100%] 2:cvs ########################################### [100%] 3:cyrus-sasl ########################################### [100%] … … …

The following Packages were marked to be skipped by your configuration:

Name Version Rel Reason

--- kernel 2.4.18 24.8.0Pkg name/pattern

(40)

Some Necessary Facts About up2date

o You can update your contact information afterwards using the link http://www.redhat.com/network

o RedHat will regularly send you emails with the packages you need to update. You can selectively update the package mentioned in each email using the command:

[root@bigboy tmp]# up2date package-name

o Only one profile per login name is free. All additional profiles under the login name have an annual fee.

o up2date uses HTTPS/SSL to do its updating. If you have a firewall protecting your system, you will need TCP port 443 access to the internet

o Updating packages could cause programs written by you to stop functioning especially if they rely on the older version’s features or syntax.

o Some RPMs won’t install unless other RPMs have been installed previously. up2date automatically figures out these package inter-dependencies and will install all the required foundation packages as well.

o You can write a small script to periodically update your system. The “–u” switch will update all packages and the “-p” will register any additional packages you have installed without using up2date. Here is a sample script that you can run weekly using cron

#!/bin/sh #

# Updates system every week #

up2date -p up2date -u

(41)

(42)

(43)

37

Chapter 4 The Linux Boot Process

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In This Chapter

Chapter 4 The Linux Boot Process

The RedHat Boot Sequence

Determining The Default Boot runlevel Get A GUI Console

Get A Basic Text Terminal Without Exiting The GUI System Shutdown And Rebooting

How To Set Which Programs Run At Each runlevel

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

T

he way Linux boots up is very important information to know. You can alter it to change the type of login screen you get and also which programs get started.

The RedHat Boot Sequence

When RedHat boots, the boot process will run a number of scripts located in subdirectories under directory /etc/rc.d. The boot process first runs the scripts found in /etc/rc.d/rc1.d which provides only the most basic functionality and the ability to only handle a single user. This stage is known as “single user mode”. After completing this first phase, the boot process will run scripts in only one of the other directories depending on the startup mode (aka. run level). These are listed below.

(44)

Mode/Run Level Directory Run Level Description 0 1 2 3 4 5 6 /etc/rc.d/rc0.d /etc/rc.d/rc1.d /etc/rc.d/rc2.d /etc/rc.d/rc3.d /etc/rc.d/rc4.d /etc/rc.d/rc5.d /etc/rc.d/rc6.d Halt Single-user mode Not used (user-definable)

Full multi-user mode (No GUI interface) Not used (user-definable)

Full multi-user mode (With GUI interface) Reboot

Determining The Default Boot runlevel

The default boot runlevel is set in the file /etc/inittab with the "initdefault" variable. When set it to “3”, the system boots up with the text interface on the VGA console; when set to “5”, you get the GUI. Here is a sample snippet of the file: (Delete the initdefault line you don't need)

# Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this)

# 1 - Single user mode

# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)

# 3 - Full multiuser mode # 4 - unused

# 5 - X11

# 6 - reboot (Do NOT set initdefault to this) #

id:3:initdefault: # Console Text Mode

id:5:initdefault: # Console GUI Mode

• Most home users boot up with a Windows like GUI (Run Level 5)

• Most techies will tend to boot up with a plain text based command line type interface (Run level 3)

• Changing "initdefault" from 3 to 5 or vice-versa will only have an effect upon your next reboot. See the section below on how to get a GUI login all the time until the next reboot.

Get A GUI Console

You have two main options if your system comes up in a text terminal mode on the VGA console and you want to get the GUI:

• Manual Method: You can start the X terminal GUI application each time you need it by running the “startx” command at the VGA console. Remember that when you log out you will get the regular text based console again.

(45)

Chapter 4 : The Linux Boot Process

[root@bigboy tmp]# startx

• Automatic Method: You can have Linux automatically start the X terminal GUI console for every login attempt until your next reboot by using the init command. You will need to edit your “initdefault” variable in your /etc/inittab file as mentioned in the preceding section to keep this functionality even after you reboot.

[root@bigboy tmp]# init 5

Get A Basic Text Terminal Without Exiting The GUI

Using A GUI Terminal Window

You can open a GUI based window with a command prompt inside by doing the following: o Click on the “Red Hat” Start button in the bottom left hand corner of the screen. o Click on Systems Tools, then Terminal

Using Virtual Terminals

Linux actually has seven virtual console sessions running on the VGA console. o Sessions one through six are text sessions. If the GUI is running, it will run under

session number seven.

o You can step through each text session by using the <CTL> <ALT> <F1> through <F6> key sequence. You'll get a new login prompt for each attempt.

o You can get the GUI login with the sequence <CTL> <ALT> <F7>, only in run level 5, or if the GUI is running after launching "startx"

System Shutdown And Rebooting

The "init" command will allow you to change the current runlevel.

Halt / Shutdown The System

Reboot The System

(46)

How To Set Which Programs Run At Each runlevel

Most RedHat packages place a startup script in the directory /etc/init.d and place symbolic links (pointers) to this script in the appropriate /etc/rc.d/rc.X directory. The typical home/SOHO user doesn't have to be a scripting / symbolic linking guru to make sure everything works right because RedHat comes with a nifty utility called "chkconfig" to do it for you.

• Use this command to get a full listing of packages listed in /etc/init.d and the runlevels at which they will be "on" or "off"

[root@bigboy tmp]# chkconfig --list

keytable 0:off 1:on 2:on 3:on 4:on 5:on 6:off atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off gpm 0:off 1:off 2:on 3:on 4:on 5:on 6:off kudzu 0:off 1:off 2:off 3:on 4:on 5:on 6:off wlan 0:off 1:off 2:on 3:on 4:on 5:on 6:off sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off network 0:off 1:off 2:on 3:on 4:on 5:on 6:off random 0:off 1:off 2:on 3:on 4:on 5:on 6:off ...

...

Chkconfig Examples

You can use chkconfig to change runlevels for particular packages. Here we see

Sendmail will start with a regular startup at runlevel 3 or 5. Let’s change it so that Sendmail doesn't startup at boot.

Use Chkconfig To Get A Listing Of Sendmail's Current Startup Options

[root@bigboy tmp]# chkconfig --list | grep mail

sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off [root@bigboy tmp]#

Switch Off Sendmail Starting Up In Levels 3 and 5

[root@bigboy tmp]# chkconfig --level 35 sendmail off [root@bigboy tmp]#

Doublecheck That Sendmail Will Not Startup

[root@bigboy tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@bigboy tmp]#

(47)

Chapter 4 : The Linux Boot Process

Turn it back on again

[root@bigboy tmp]# chkconfig --level 35 mail on [root@bigboy tmp]# chkconfig --list | grep mail sendmail 0:off 1:off 2:off 3:on 4:off 5:on 6:off [root@bigboy tmp]#

Final Tips On chkconfig

• In most cases you'll want to modify runlevels 3 and 5 simultaneously AND with the same values.

• Don't add/remove anything to other runlevels unless you absolutely know what you are doing. Don't experiment.

• Chkconfig doesn’t start the programs in the /etc/init.d directory, it just configures them to be started or ignored when the system boots up. The commands for starting and stopping the programs covered in this book are covered in each respective chapter.

(48)

(49)

43

Chapter 5 Why Host Your Own Site?

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In This Chapter

Chapter 5 Why Host Your Own Site?

Network Diagram

Alternatives To Home Web Hosting

Factors To Consider Before Hosting Yourself How To Migrate From An External Provider

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

W

e have assumed you want to host your website in your home or home office using a topology similar to that in the diagram below. Before you do, you should at least weigh the merits of such a move.

(50)

Alternatives To Home Web Hosting

It is easy to find virtual hosting companies on the Web which will offer to host a simple website for about $10 per month.

The steps are fairly straight forward:

• Sign up for the virtual hosting service. They will provide you with a login name and password, the IP address of your site plus the name of a private directory on a shared web server in which you’ll place your web pages.

• Register your domain name, such as www.my-site.com, with companies like Register.com, Verisign or RegisterFree.com. You must make sure your new domain name’s DNS records point to the DNS server of the virtual hosting company.

• Upload your web pages to your private virtual hosting directory.

• Test viewing your site using your IP address in your web browser. It takes about 3-4 days for DNS to propagate across the Web, so you’ll probably have to wait at least that long before you’ll be able to view your site using your domain, www.my-site.com.

The virtual hosting provider will also offer free backups of your site, technical support, a number of email addresses and an easy to use web based GUI to manage your settings. For an additional charge, many will also provide an e-commerce feature which will allow you to have a shopping cart and

customer loyalty programs.

Factors To Consider Before Hosting Yourself

Virtual hosting is the ideal solution for many small websites. There are a number of reasons why you may want to move your website to your home or small office.

Home Based Websites

Pros

o Cost: It is possible to host a website on most DSL connections. A website can be hosted on this data circuit for the only additional hardware cost of a network switch and a web server. You should be able to buy this equipment second hand for about $100. If your home already has DSL there would be no additional network connectivity costs. So for a savings of $10 per month the project should pay for itself in less than a year.

o New Skills: There is also the additional benefit of learning the new skills required to set up the site. Changes can be made with little delay.

o Availability: Reliable virtual hosting facilities may not be available in your country and/or you may not have access to the foreign currency to host your site abroad.

Cons

o Lost Services: You lose the convenience of many of the services such as backups, security audits, load balancing, DNS, redundant hardware, data base services and technical support offered by the virtual hosting company. For the home based website these are usually not big issues.