linux notes
Linux Administration (Elective)
UNIT-I System Administration
Managing User Accounts:-
All users must have accounts on the system. Fedora uses the /etc/passwd file to hold
information on user accounts. Each user, regardless of type, has a one-line entry of
account information stored in the /etc/passwd text file.
Each account entry contains a username and password field containing an x.
Adding New Users
The command-line approach to adding any user is actually quite simple and can be
accomplished on a single line. In the example shown here, the sysadmin uses the useradd
command to add the new user “king”. The command adduser is a symbolic link to useradd,
so both commands work the same.
#adduser king or
# useradd –c “bcs3 students” -d/home/bcs3 king
The –c option is the full name of the person, -d option is the home directory that we would
want to create for new user.
The sysadmin can also use the graphical interface that Fedora provides, as shown in Figure.
These are the steps we used to add the same account as shown in the preceding
command, but using the graphical User Manager graphical interface:
1. Launch the Fedora User Manager graphical interface by clicking on the Users and Groups
menu item found in the System, Administration.
2. Click the Add User button to bring up the Add User dialog window.
3. Fill in the form with the appropriate information, as described in the first paragraph in this
section.
4. Click the drop-down Login Shell menu to select the bash shell.
5. Check the Specify User ID box to permit access to the UID dialog.
6. Using the arrows found in the UID dialog, increment the UID to 5413.
7. Click OK to save the settings
Note that the user is being manually assigned the UID of 549 because that is her UID on
another system machine that will be connected to this machine
A computer is, by its very nature, a number-oriented machine. It identifies users and
groups by numbers known as the user ID (UID) and group ID (GID).
Managing Groups:-
Groups can make managing users a lot easier. Rather than having to assign individual
permissions to every user, you can use groups to grant or revoke permissions to a large
number of users quickly and easily. Setting group permissions allows you to set up
workspaces for collaborative working and also to control what devices can be used, such as
external drives or DVD writers. All the groups are listed in /etc/group file.
Group Management Tools:-
Fedora provides several command-line tools for managing groups as well as graphical tools.
Many experienced sysadmins prefer the command-line tools because they are quick and
easy to use
§ groupadd This command creates and adds a new group.
# groupadd mit
§ groupdel This command removes an existing group.
# groupdel mit.
§ gpasswd This command creates a group password. Every group can have a group
passwo rd and an administrator. Use the -A argument to assign a user as group
administrator.
# gpasswd -A jack
§ useradd –G The -G argument adds a user to a group during the initial user creation.
(More arguments are used to create a user.)
#useradd jack
§ usermod –G This command enables you to add a user to a group as long as the user
is not logged in at the time.
# usermod -G jack mit
The sysadmin can also use the graphical interface that Fedora provides, as shown in
Figure. It is accessed as the Users and Groups item from the System Settings
menu item.
You will note that the full set of group commands and options are not available from the
graphical interface, limiting the usefulness of the GUI to a subset of the most frequently
used commands.
Managing Users:-
The sysadmin can manage the users. Users must be created, assigned a UID, provided a home
directory,
provided an initial set of files for their home directory, Fedora provides several commandline
tools for managing users, as well as graphical tools. Many experienced sysadmins prefer
the command-line tools because they are quick and easy to use.
Here are the most commonly used commands for managing users:
Useradd: -This command is used to add a new user account to the system. Its options permit
the sysadmin to specify the user’s home directory and initial group or to create the user with
the default home directory.
#useradd -c”student of bcs” -d/home/bcs3 jack
Useradd :- G-This command sets the system defaults for creating the user’s home directory,
account expiration date, default group, and command shell. See the specific options in man
useradd. Used without any arguments, it displays the defaults for the system. The default set
of files for a user.
#useradd –G jack
Userdel:- This command is used to remove a specified user account from the system.
-r option use to remove user’s from home directory.
#userdel –r jack
Usermod:- This command changes several user attributes. The most commonly used
arguments are -s to change the shell and -u to change the UID. No changes can be made
while the user is logged in or running a process.
Passwd:- This command updates the authentication tokens used by the password
management system.
Managing Permissions:-
Under Linux (and Unix), everything in the file system, including directories and devices, is a
file. And every file on your system has an accompanying set of permissions based on
ownership. These permissions form the basis for security under Linux, and designate each
file’s read, write, and execute permission for you, members of your group, and all others on
the system. The ls command’s long-format listing, like this:
$ ls -l file
-rw-rw-r-- 1 andrew andrew 0 Nov 11 12:28 file
A blank (which is represented by a dash in the preceding example) designates a plain file, d
designates a directory, c designates a character device.
Permissions—Read, write, and execute permissions for the owner, group, and all others on
the system.
The owner: - The account that created or owns the file
The group:-The group of users allowed to access the file.
The other user:- The others not in a file’s group.
Assigning Permissions
Under Linux, permissions are grouped by owner, group, and others, with read, write, and
execute permission assigned to each, like so:-
Owner Group Others
rwx rwx rxw
The mnemonic forms of chmod’s options (when used with a plus character, +, to add, or a
minus sign, -, to take away) designate the following:
u—Adds or removes user (owner) read, write, or execute permission
g—Adds or removes group read, write, or execute permission
o—Adds or removes read, write, or execute permission for others not in a file’s group
a—Adds or removes read, write, or execute permission for all users
r—Adds or removes read permission
w—Adds or removes write permission
x—Adds or removes execution permission.
4 indicates read permission.
2 indicates write permission.
1 indicates execute permission.
In octal notation, the previous example file has a permission setting of 664 (read+write or
4+2, read+write or 4+2, read-only or 4).
To restore read and write permission for only you as the owner, use the plus sign and the u
and rw options like so:
$ chmod u+rw readme.txt
$ ls -l readme.txt
-rw------- 1 andrew andrew 12 Jan 2 16:48 readme.txt
To modify a file’s permissions so that only you, the owner, can read and write a file. Use the
chmod command and a file permission of 600, like this:
$ chmod 600 readme.txt
Managing Passwords:-
Passwords are an integral part of Linux security, and they are the most visible part to the User.
An effective password policy is a fundamental part of a good system administration plan.
The policy should cover
. Allowed and forbidden passwords
. Frequency of mandated password changes
. Retrieval or replacement of lost or forgotten passwords
. Password handling by users
The Password File
The password file is /etc/passwd, and it is the database file for all users on the system.
The format of each line is as follows:
username:password:uid:gid:gecos:homedir:shell
passwd command in Linux is used to change the user account passwords. The root user
reserves the privilege to change the password for any user on the system, while a normal user
can only change the account password for his or her own account.
Syntax:
passwd [options] [username]
root]# passwd user1
Processing in passwd command:
1. Verify current user password : Once the user enters passwd command, it prompts
for current user password, which is verified against the password stored in
/etc/shadow file user. The root user can bypass this step and can directly change the
password, so as the forgotten passwords may be recovered.
2. Verify password aging information : In Linux, a user password can be set to expire
after a given period of time. Also, a user can be prohibited to change his/her password
for a period. This password aging information (and the password itself) is stored in a
file /etc/shadow.
3. Change the password : After authentication, the user is prompted to enter the new
password and verify it by retyping the password.
/etc/shadow file: The shadow file is a list of colon separated values with 9 fields, as
shown below:
# cat /etc/shadow
root:*:13121:0:99999:7:::
daemon:*:13121:0:99999:7:::
bin:*:13121:0:99999:7:::
sys:*:13121:0:99999:7:::
sync:*:13121:0:99999:7:::
games:*:13121:0:99999:7:::
man:*:13121:0:99999:7:::
· field 1: User name.
· field 2: Encrypted Password.
· field 3: Number of days since January 1, 1970 to when the password was last
changed.
· field 4: Minimum number of days for which password can not be changed. (value 0
means it can be changed anytime).
· field 5: Number of days after password must be changed. (value 99999 means that the
password never expires).
· field 6: Number of days to warn user for expiring password.
· field 7: Number of days after password expires that the account is disabled.
· field 8: The number of days from January 1, 1970 to the date when an account was
disabled.
· field 9: This field is reserved for some possible future use.
passwd options:
· -d, –delete: This option deletes the user password and makes the account passwordless.
· -e, –expire: This option immediately expires the account password and forces the
user to change password on their next login.
· -h, –help: Display help related to the passwd command.
· -i, –inactive INACTIVE_DAYS: This option is followed by an integer, INACTIVE_DAYS, which is
the number of days after the password expires that the account will be deactivated.
· -l, –lock: Lock the password of user.
· -S, –status: Shows the password status
· -u, –unlock: Unlock the password of an account.
Granting System Administrator Privileges to Regular Users:-
It may be necessary for regular users to run a command as if they were the root user.
There are two ways to run commands with root privileges: The first is useful if you are the
super-user and the user; the second if you are not the regular user
The su command spawns a new shell, changing both the UID and GID of the existing
user and automatically changes the environmental variables associated with that user.
This behavior is known as inheriting the environment.
The syntax for the su command is
$ su option username arguments
Note that the working directory has not changed. By executing the following, you become
root and inherit root’s environment:
$ su -
By executing the following, you become that user and inherit the super-user’s environment—
a pretty handy tool
To become another user, specify a different user’s name on the command line:
$ su - other_user
For example, while logged on as a regular user,
$ su – root
the system prompts for a password:
Password:
When the password is entered correctly, the root user’s prompt appears:
#
To return to the regular user’s identity, just type
# exit
This takes you to the regular user’s prompt:
$
This makes sense because no single individual will always be available to perform super-user
functions. The problem is that unix permissions come with an all or nothing authority. Enter
sudo, an application that permits the assignment of one, several, or all of the root-only system
commands.
After it is configured, using sudo is simple. An authorized user merely precedes the
superuser-authority-needed command with the sudo command, like so
$ sudo command
After getting the user’s password, sudo checks the /etc/sudoers file to see whether that user
is authorized to execute that particular command; if so, sudo generates a “ticket” for a
specific length of time that authorizes the use of that command. The user is then prompted for
his password and then the command is run as if root had issued it.
Disk Quotas:-
On large systems with many users, you need to control the amount of disk space a user has
access to. Disk quotas are designed for this purpose. Quotas, managed per each partition, can
be set for both individual users as well as groups.
When files are created, both a user and a group own them; ownership of the files is always
part of the metadata about the files. This makes quotas based on both users and groups easy
to manage. To manage disk quotas, you must have the quota package installed on your
system; it is usually installed by default.
Sysadmins use the family of quota commands, such as quotacheck to initialize the quota
database files, edquota to set and edit user quotas, setquota to configure disk quotas, and
quotaon or quotaoff to control the service.
For example, one line in /etc/fstab shows that quotas are enabled for the /home partition:
/dev/hda5 /home ext3 defaults,usrquota,grpquota 1 1
To initialize disk quotas, the partitions must be remounted. This is easily accomplished with
the following:
# mount -o ro,remount partition_to_be_remounted mount_point
The underlying console tools are:-
· quotaon, quotaoff—Toggles quotas on a partition
· repquota—A summary status report on users and groups
· quotacheck—Updates the status of quotas, it is run after fsck.
· edquota—A very basic quota management command
UNIT-II Automating Tasks
#Running Services at Bootup:-
Although most people consider a computer to be either on or off, in Fedora there are
a number of states in between. Known as runlevels, they control what system
services are started at bootup. These services are simply applications running in the
background that provide some needed function to your system, such as getting
information from your mouse and sending it to the display; or a service could monitor
the partitions to see whether they have enough free space left on them.
1. Beginning the Boot Loading Process
The BIOS is an application stored in a chip on the motherboard that initializes the
hardware on the motherboard. The BIOS gets the system ready to load and run the
software that we recognize as the operating system.
As a last step, the BIOS code looks for a special program known as the boot loader
or boot code. The instructions in this little bit of code tell the BIOS where the Linux
kernel is located, how it should be loaded into memory, and how it should be started.
If all goes well, the BIOS looks for a bootable volume such as a floppy disk, CDROM,
hard drive, RAM disk, or other media and then boots from the first bootable
volume it finds.
2. Loading the Linux Kernel
The Linux kernel loads and runs a process named init, which is also known as the
“father of all processes” because it starts every subsequent process. The init process
looks for a list of instructions in a file named /etc/rc.d/rc.sysinit. That script issues a
number of commands that are run only once—each time the system is turned on.
3. System Services and Runlevels
After finishing with rc.sysinit script during the bootloading process, the init command
uses the Linux system initialization table found in /etc/inittab to boot Fedora to a
specific system state. The state of the system is commonly referred to as its runlevel.
Runlevels determine which of the many available system services are started, as
well as in which order they start.
Runlevel Definitions
. Runlevel 0—Known as “halt,” this runlevel is used to shut down the system.
. Runlevel 1—This is a special runlevel, defined as “single,” which boots Fedora to a
root access shell prompt where only the root user may log in. Networking, X,
and multiuser access are turned off.
. Runlevel 2—This runlevel dictates that Fedora be booted to a console, or text-ased
mode, with multiuser access.
. Runlevel 3—This runlevel is identical to runlevel 2, except that it also starts any
networking services.
. Runlevel 4—This runlevel is undefined, and it can readily be configured to boot
Fedora to a custom system state.
. Runlevel 5—This runlevel boots Fedora to a networking, multiuser state with an
active X session. This is the most common runlevel for home users who want a
graphical interface.
. Runlevel 6—This runlevel is used to reboot the system.
4. Booting into the Default Run
Entries in /etc/inittab use a field-based notation that determines the runlevel—when
to execute the process, whether or not the process is executed when booting,
whether or not to wait for the process to complete, and when to execute the process
during booting. The default choices are adequate and need be changed only in
unique circumstances that the average user is not likely to encounter.
The value of the default entry, or the initdefault line in /etc/inittab, determines the
particular system state in which Fedora is when the login prompt is finally presented.
For example:- id:5:initdefault:
#Understanding init Scripts and the Final Stage of Initialization:-
Each /etc/rc.d/init.d script, or init script, contains logic that determines what to do
when receiving a start or stop value. The logic might be a simple switch statement
for execution, as in this example:
case “$1” in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
reload)
reload
;;
status)
rhstatus
;;
condrestart)
[ -f /var/lock/subsys/smb ] && restart || :
;;
*)
echo $”Usage: $0 {start|stop|restart|status|condrestart}”
exit 1
esac
Although the scripts can be used to customize the way that the system runs from
power on, absent the replacement of the kernel, this script approach also means that
the system does not have to be halted in total to start, stop, upgrade, or install new
services.
After all the system scripts have been run, your system is configured and all the
necessary system services have been started.
#Controlling Services at Boot with Administrative Tools:-
As the master control file for system startup, /etc/inittab and its corresponding
system of symbolic links control system services. You can manage /etc/inittab and its
symbolic links, using these graphical and nongraphical administrative tools:
· chkconfig—A small script that helps you configure system services.
· ntsysv—A graphical interface for the chkconfig configuration script.
· system-config-services—A full graphical services configuration client. This
application is found in the System Services/Sever settings menu as the
Services menu item.
1.Using the chkconfig Text-Based Command-Line Tool:-
It is an effective, text-based command-line tool that you can use to display,
diagnose, or change the starting or stopping of system services (as available under
/etc/rc.d/init.d) in each runlevel.
For example, to list all services that are turned on in runlevel 5, you can pipe the
output of chkconfig through the grep command like this:
# /sbin/chkconfig --list | grep ‘5:on’ | sort
The chkconfig command can be used to reassign start or stop values for each
runlevel and each service. it alters the scripts that start or stop a service, or it can
report on the status of a service.
2. Ntsysv:-
ntsysv is a graphical interface you can use to access chkconfig and use a graphical
interface.
ntsysv is an ncurses-based interface, meaning that it offers crude, block graphics
and elements you can tab through and select by pressing the spacebar.
The ntsysv utility manages only which services are started in the current runlevel.
Use the --level option to modify other runlevels.
When you have the ntsysv application open, you can scroll through the list of
services and toggle a service on or off by pressing the spacebar on the keyboard.
When finished, use the Tab key to highlight the OK or Cancel button.
3.Using the GUI-Based Service Configuration Tool
These tools provide an easier-to-use interface and don’t require memorization or
lookup of command-line options. Fedora provides its own Service Configuration tool
for the control and administration of services.
You can access the GUI menu selection from the System Settings/Server Settings
menu, and then select Services. The command-line name of this tool is
system-config-services.
The new Service Configuration tool enables you to select runlevels to edit, displays
all the available services, and provides an explanation of what the service does.
#Starting and Stopping Services Manually:-
If you change a configuration file for a system service, it is usually necessary to stop
and restart the service to make it read the new configuration. If you are reconfiguring
the X server, it is often convenient to change from runlevel 5 to runlevel 3 to make
testing easier and then switch back to runlevel 5 to re-enable the graphical login. If a
service is improperly configured, it is easier to stop and restart it until you have it
configured correctly than it is to reboot the entire machine.
There are several ways to manually start or stop services or to change runlevels
while using Fedora. The traditional way to manage a service (as root) is to call the
service’s /etc/rc.d/init.d name on the command line with an appropriate keyword,
such as start, status, or stop. For example, to start the automated nightly update of
the yum RPM package database, call the /etc/rc.d/init.d/yum script like this:
# /etc/rc.d/init.d/yum start
Enabling nightly yum update: [ OK ]
The script executes the proper programs and reports their status. Stopping services
is equally easy, and in fact, you can also check the status of some services by using
the status keyword like this:
# /etc/rc.d/init.d/yum status
Nightly yum update is enabled.
In this example, the yum script reports that the daemon is running. This information
might be useful for other system management tasks.
Using service, you do not have to know the full pathname to the system service; you
need know only the name of the system service you want to manipulate. Using this
approach, the previous yum example looks like this:
# service yum start
Nightly yum update is enabled: [ OK ]
Of course, the GUI tools mentioned earlier also have the functionality to start and
stop specific services in your current runlevel. The tool you choose is a matter of
personal preference; a good system administrator is aware of them all.
#Scheduling Tasks:-
There are three ways to schedule commands in Fedora, all of which work in different
ways. The first is the at command, which specifies a command to run at a specific
time and date relative to today. The second is the batch command, which is actually
a script that redirects you to the at command with some extra options set so that
your command runs when the system is quiet. The last option is the cron daemon,
which is the Linux way of executing tasks at a given time.
1.Using at and batch to Schedule Tasks for Later
To use at, you need to tell it the time at which you want to run and then press Enter.
You then see a new prompt that starts with at>, and everything you type there—until
you press Ctrl+D comprises the commands you want at to run.
When the designated time arrives, at performs each action individually and in order,
which means later commands can rely on the results of earlier commands.
There is an alternative command, batch, which is really just a shell script that calls at
with a few extra options. These options (-q b -m now, if you were interested) set at to
run on queue b (-q b), mailing the user on completion (-m), and running immediately
(now). The queue part is what is important: Jobs scheduled on queue b are executed
only when the system load falls below 0.8—that is, when the system is not running at
full load. Furthermore, they run with a lower niceness, meaning queue a jobs usually
have a niceness of 2, whereas queue b jobs have a niceness of 4.
Because batch always specifies now as its time, you need not specify your own time;
it simply runs as soon as the system is quiet. Having a default niceness of 4 means
that batched commands get fewer system resources than queue jobs (at’s default)
and fewer system resources than most other programs.
2.Using cron to Run Jobs Repeatedly
Instead, there is the crond daemon for running tasks repeatedly based on system—
and user—requests. cron has a similar permissions system to at: Users listed in the
cron.deny file are not allowed to use cron, and users listed in the cron.allow file are.
An empty cron.deny file—the default—means everyone can set jobs. An empty
cron.allow file means that no one (except root) can set jobs.
Scheduling Tasks 251
11There are two types of jobs: system jobs and user jobs. Only root can edit system
jobs, whereas any user whose name appears in cron.allow or does not appear in
cron.deny can run user jobs. System jobs are controlled through the /etc/crontab file,
which by default.
UNIT-III System-Monitoring Tools
#Console-Based Monitoring:-
Processes can also be controlled at the command line, which is important because
you might sometimes have only a command-line interface. Whenever an application
or command is launched, either from the command line or a clicked icon, the process
that comes from the kernel is assigned an identification number called a process ID
or PID for short.
The process ID you can get a quick list of your processes by using the ps command
like this:
# ps
PID TTY TIME CMD
4242 pts/0 00:00:00 su
4245 pts/0 00:00:00 bash
4286 pts/0 00:00:00 consolehelper-g
4287 pts/0 00:00:00 userhelper
4290 pts/0 00:00:00 system-config-d
4291 pts/0 00:00:00 python2
4293 pts/0 00:00:00 ps
The /proc directory contains quite a few files—some of which include constantly
updated hardware information (such as battery power levels, and so on). Linux
administrators often pipe the output of ps through a member of the grep family of
commands to display information about a specific program, perhaps like this:
root]# ps aux | grep system-config-display
root 4286 0.0 0.3 13056 3172 pts/0 S 11:57 0:00 system-config-display
This example returns the owner (the user who launched the program) and the PID,
along with other information, such as the percentage of CPU and memory usage,
size of the command (code, data, and stack), time (or date) the command was
launched, and name of the command. Processes can also be queried by PID like
this:
root]# ps 4286
4286 pts/0 S 0:00 system-config-display
You can use the PID to stop a running process by using the shell’s built-in kill
command.
# Using the kill Command to Control Processes:-
The kill command is a basic Unix system command. You can communicate with a
running process by entering a command into its interface, such as when you type
into a text editor. But some processes (usually system processes rather than
application processes) run without such an interface, and you need a way to
communicate with them as well, so we use a system of signals. The kill system
accomplishes that by sending a signal to a process, and you can use it to
communicate with any process. The general format of the kill command is:
# kill option PID
A number of signal options can be sent as words or numbers, but most are of
interest only to programmers. One of the most common is
# kill PID
This tells the process with PID to stop; you supply the actual PID.
# kill -9 PID
is the signal for kill (9 is the number of the SIGKILL signal); use this combination
when the plain kill shown previously does not work.
# Using Priority Scheduling and Control:-
The kernel’s primary function is to manage the system resources equitably. It does
this by assigning a priority to each process so that some processes get better access
to system resources and some processes might have to wait longer until their turn
arrives. Priority scheduling can be an important tool in managing a system
supporting critical applications or in a situation in which CPU and RAM usage must
be reserved or allocated for a specific task. Two legacy applications included with
Fedora include the nice and renice commands.
The nice command is used with its -n option, along with an argument in the range of
-20 to 19, in order from highest to lowest priority (the lower the number, the higher
the priority).
For example, to run the gkrellm client with a low priority, use the nice command like
this: $ nice -n 12 gkrellm &
The nice command is typically used for disk- or CPU-intensive tasks that might be
obtrusive or cause system slowdown.
The renice command can be used to reset the priority of running processes or
control the priority and scheduling of all processes owned by a user. Regular users
can only numerically increase process priorities with this command, but the root
operator can use the full nice range of scheduling (-20 to 19).
Nearly all graphical process-monitoring tools include some form of process control or
management. Many of the early tools ported to Linux were clones of legacy Unix
utilities. One familiar monitoring (and control) program is top. Based on the ps
command, the top command provides a text-based display of constantly updated
console-based output showing the most CPU-intensive processes currently running.
It can be started like this:
# top
After you press Enter, you see a display. The top command has a few interactive
commands: Pressing h displays the help screen; pressing k prompts you to enter the
pid of a process to kill; pressing n prompts you to enter the pid of a process to
change its nice value. The top man page describes other commands and includes a
detailed description of what all the columns of information top can display actually
represent.
# Graphical Process and System Management Tools:-
The GNOME and KDE desktop environments offer a rich set of network and system
monitoring tools. Graphical interface elements, such as menus and buttons, and
graphical output.
Fedora no longer includes the xosview client, which provided load, CPU, memory
and swap usage, disk I/O usage and activity, page swapping information, network
activity, I/O activity, I/O rates, serial port status, and if APM is enabled, the battery
level (such as for a laptop). However, a great replacement is GKrellM, which
provides a much neater interface and a host of additional plugins. You have to use
this command to retrieve GKrellM:
#yum install gkrellm
and after installed it can be found under Applications, System Tools. GKrellM is
shown in Figure.
Some of the graphical system- and process-monitoring tools that come with Fedora
include the following:
1. vncviewer:- AT&T’s open source remote session manager, which can be used to
view and run a remote desktop session locally. This software requires an active,
background, X session on the remote computer.
2. gnome-nettool:- A GNOME-developed tool that enables system administrators to
carry out a wide range of diagnostics on network interfaces, including port scanning
and route tracing.
3. ethereal:-This graphical network protocol analyzer can be used to save or display
packet data in real time and has intelligent filtering to recognize data signatures or
patterns from a variety of hardware and data captures from third-party data capture
programs, including compressed files. Some protocols include AppleTalk, Andrew
File System (AFS), AOL’s Instant Messenger, various Cisco protocols, and many
more.
4. gnome-system-monitor:- This tool is a simple process monitor offering three
views: a list view, a moving graph, and a storage status overview. To access it
choose System, Administration and select the System Monitor entry.
# KDE Process and System-Monitoring Tools:-
KDE provides several process- and system-monitoring clients. Integrate the KDE
graphical clients into the desktop taskbar by right-clicking on the taskbar and
following the menus.
These KDE monitoring clients include the following:
kdf:- A graphical interface to your system’s file system table that displays free disk
space and enables you to mount and unmount file systems with a pointing device.
ksysguard:- Another panel applet that provides CPU load and memory use
information in animated graphs.
UNIT-IV Backing Up
# Choosing a Backup Strategy
Your first step in formulating and learning to use an effective backup strategy is to
choose the strategy that is right for you.
Why Data Loss Occurs:-
Files disappear for any number of reasons: They can be lost because the hardware
fails and causes data loss; your attention might wander and you accidentally delete
or overwrite a file. Some data loss occurs as a result of natural disasters such as a
tornado, flood or earthquake could strike, the water pipes could burst, or the building
could catch on fire.
All these accidents and disasters offer important reasons for having a good backup
Strategy.
On a home system, most files never change, a few change daily, and some change
weekly. A good strategy for home use is to back up (to any kind of removable media)
critical data frequently and back up configuration and other files weekly.
At the enterprise level on a larger system with multiple users, a different approach is
called for. Some critical data is changing constantly, and it could be expensive to recreate;
Whatever backup scheme you choose, be sure to incorporate in it these three
principles:-
1. Have a plan:- Design a plan that is right for your needs and have equipment
appropriate to the task. This involves assessing all the factors that affect the data
you are backing up.
2. Follow the plan:- Faithfully complete each part of your backup strategy, and then
verify the data stored in the backups. Backups with corrupt data are of no use to
anyone. Even backup operations can go wrong.
3. Practice your skills—Practice restoring data from your backup systems from
time to time, so when disaster strikes, you are ready (and able) to benefit from the
strength of your backup plan Keep in mind that it is entirely possible that the flaws in
your backup plan will become apparent only when you try restoring!
Evaluating Backup Strategies
Now that you are convinced you need backups, you need a strategy. It is difficult to
be specific about an ideal strategy because each user or administrator’s strategy will
be highly individualized, but here are a few general examples:
1. Home user: - The home user should back up any configuration files that have
been altered, keep an archive of any files that have been downloaded, and keep an archive of any data files created while using any applications. Unless the home user
has a special project in which constant backups are useful, a weekly backup is
adequate. The home user is likely to use a DVD-RW drive or other removable media
for backups.
2. Small office: - Many small offices tend to use the same strategy as home users,
but are more likely to back up critical data daily and use manually changed tape
drives. If they have a tape drive with adequate storage, they will likely have a full
system backup as well because restoring from the tape is quicker than reinstalling
from the CDs. They also might be using CD-RW or DVD writers for backups.
Although they will use scripts to automate backups, most of it is probably done by
hand.
3. Small enterprise: - Here is where backups begin to require higher-end equipment
such as autoloading tape drives with fully automated backups. Commercial backup
software usually makes an introduction at this level, but a skillful system
administrator on a budget can use one of the basic applications. Backups are highly
structured and supervised by a dedicated system administrator.
4. Large enterprise:-These are the most likely settings for the use of expensive,
proprietary, highly automated backup solutions. At this level, data means money, lost
data means lost money, and delays in restoring data means money lost as well.
These system administrators know that backups are necessary insurance and plan
accordingly.
Does all this mean that enterprise-level backups are better than those done by a
home user? Not at all.
The following sections examine a few of the many strategies in use today. Many
strategies are based on these sample schemes.
Simple Strategy
If you need to back up just a few configuration files and some small data files, copy
them to a USB stick, engage the write-protect tab, and keep it someplace safe. If you
need just a bit more backup storage capacity, you can copy the important files to a
Zip disk.
Full Backup on a Periodic Basis
This backup strategy involves a backup of the complete file system on a weekly,
biweekly, or other periodic basis. The frequency of the backup depends on the
amount of data being backed up, the frequency of changes to the data, and the cost
of losing those changes.
Full Backups with Incremental Backups
This scheme involves performing a full backup of the entire system once a week,
along with a daily incremental backup of only those files that have changed in the
previous day, and it begins to resemble what a sysadmin of a medium to large
system would traditionally use. This backup scheme can be advanced in two ways.
In one way, each incremental backup can be made with reference to the original full
backup. In other words, a level 0 backup is followed by a series of level 1 backups.
The benefit of this backup scheme is that a restoration requires only two tapes (the
full backup and the most recent incremental backup).
Alternatively, each incremental backup could reference the previous incremental
backup. This would be a level 0 backup followed by a level 1, followed by a level 2,
and so on. Incremental backups are quicker (less data each time), but require every
tape to restore a full system. Again, it is a classic trade-off decision.
Mirroring Data or RAID Arrays
Given adequate (and often expensive) hardware resources, you can always mirror
the data somewhere else, essentially maintaining a real-time copy of your data on
hand. This is often a cheap, workable solution if no large amounts of data are
involved. The use of RAID arrays (in some of their incarnations—refer to Chapter 35,
“Managing the File System,” for more information on RAID) provides for a recovery if
a disk fails.
# Choosing Backup Hardware and Media
Any device that can store data can be used to back it up. Many people use what
hardware they already have for their backup operations. Most consumer-grade
workstations have a CD-RW drive,
You learn about some of the most common backup hardware available and how to
evaluate its appropriateness for your backup needs.
Removable Storage Media
Choosing the right media for you isn’t as easy as it used to be back when floppy
drives were the only choice. Today, most machines have CD-ROM drives that can
read, but not write, CDs, which rules them out for backup purposes. Instead, USB
hard drives and solid-state “pen” drives have taken over the niche previously held by
floppy drives. A 500GB USB hard drive costs about $150. The biggest benefits of
USB drives are data transfer speed and portability.
FireWire Drives
FireWire (IEEE-1394) hard drives are similar to USB drives; they just use a different
interface to your computer. Many digital cameras and portable MP3 players use
FireWire. Kernel support is available if you have this hardware. The cost of FireWire
devices is now essentially.
CD-RW and DVD+RW/-RW Drives
Compared to floppy drives and some removable drives, CD-RW drives and their
cousins, DVD+RW/-RW drives, can store large amounts of data and are useful for a
home or small business. Although very expensive in the past, CD writers and media
are at commodity prices today, but automated CD changing machines, necessary for
automatically backing up large amounts of data, are still quite costly. A benefit of CD
and DVD storage over tape devices is that the archived uncompressed file system
can be mounted and its files accessed randomly just like a hard drive, making the
recovery of individual files easier. Each CD-RW disk can hold 650MB–700MB of
data.
DVD+RW/-RW is similar to CD-RW, but it is more expensive and can store up to
8GB of uncompressed data per disk.
Network Storage
For network backup storage, remote arrays of hard drives provide one solution to
data storage. With the declining cost of mass storage devices and the increasing
need for larger storage space, network storage (NAS, or Network Attached Storage)
is available and supported in Linux. These are cabinets full of hard drives and their
associated controlling circuitry, as well as special software to manage all of it. These
NAS systems are connected to the network and act as a huge (and expensive) mass
storage device.
More modest and simple network storage can be done on a remote desktop-style
machine that has adequate storage space, but then that machine has to deal with all
the problems of backing up, preserving, and restoring its own data.
Tape Drive Backup
Tape drives have been used in the computer industry from the beginning. Tape drive
storage has been so prevalent in the industry that the tar command is derived from
the words Tape ARchive. Modern tape drives use tape cartridges that can hold
70GB of data (or more in compressed format).
Capacities and durability of tapes vary from type to type and range from a few
gigabytes to hundreds of gigabytes with commensurate increases in cost for the
equipment and media. Auto loading tape-drive systems can accommodate archives
that exceed the capacity of the file systems.
Tape equipment is well supported in Linux and, when properly maintained, is
extremely reliable. The tapes themselves are inexpensive, given their storage
capacity and their opportunity for reuse. Be aware, however, that tapes do
deteriorate over time and, being mechanical, tape drives can and will fail.
# Using Backup Software
Linux offers many backup tools. Along with command-line
tools such as tar and dd, Fedora also provides a graphical archiving tool, File Roller,
that can create and extract files from archives. Finally, Fedora provides support for
the Amanda backup application—a sophisticated backup application that works well
over network connections and can be configured to automatically back up all the
computers on your network. Amanda works with drives as well as tapes.
tar: The Most Basic Backup Tool
The tar tool, the bewhiskered old man of archiving utilities, is installed by default. It is
an excellent tool for saving entire directories full of files. For example, here is the
command used to back up the /etc directory:
# tar cvf etc.tar /etc
Here, the options use tar to create an archive, are verbose in the message output,
and use the filename etc.tar as the archive name for the contents of the directory
/etc. Alternatively, if the output of tar is sent to the standard output and redirected to
a file, the command appears as follows:
# tar cv /etc > etc.tar
The result is the same.
All files in the /etc directory will be saved to a file named etc.tar. With an impressive
array of options (see the man page), tar is quite flexible and powerful
Creating Full and Incremental Backups with tar
If you want to create a full backup,
# tar cjvf fullbackup.tar.bz2 /
creates a bzip2-compressed tarball (the j option) of the entire system.
To perform an incremental backup, you must locate all the files that have been
changed since the last backup. For simplicity, assume that you do incremental
backups on a daily basis. To locate the files, use the find command:
# find / -newer name_of_last_backup_file ! -a -type f –print
When run alone, find generates a list of files systemwide and prints it to the screen.
The ! -a -type eliminates everything but regular files from the list; otherwise, the
entire directory would be sent to tar even if the contents were not all changed.
Pipe the output of the find command to tar as follows:
# find / -newer name_of_last_backup_file ! -type d -print |\
tar czT - backup_file_name_or_device_name
Here, the T - option gets the filenames from a buffer
The tar command can back up to a raw device (one with no file system) as well as a
formatted partition. For example,
# tar cvzf /dev/hdd /boot /etc /home
backs up those directories to device /dev/hdd (not /dev/hda1, but to the unformatted
device itself).
The tar command can also back up over multiple floppy disks:
# tar czvMf /dev/fd0 /home.
Restoring Files from an Archive with tar
The xp option in tar restores the files from a backup and preserves the file attributes
as well, and tar creates any subdirectories it needs. Be careful when using this
option because the backups might have been created with either relative or absolute
paths. You should use the tvf option with tar to list the files in the archive before
extracting them so that you know where they will be placed.
For example, to restore a tar archive compressed with bzip2,
# tar xjvf fedoratest.tar.bz2
The GNOME File Roller
The GNOME desktop file archiving graphical application File Roller (file-roller) views,
extracts, and creates archive files using tar, gzip, bzip, compress, zip, rar, lha, and
several other compression formats. Note that File Roller is only a front end to the command-line utilities that actually provide these compression formats; if they are
not installed, File Roller cannot use that format.
File Roller is well integrated with the GNOME desktop environment to provide
convenient drag-and-drop functionality with the Nautilus file manager. To create a
new archive, select Archive, New to open the New Archive dialog box and navigate
to the directory where you want the archive to be kept. Type your archive’s name in
the Selection: /root text box at the bottom of the New Archive dialog box. Use the
Archive type drop-down menu to select a compression method.
Using the Amanda Backup Application
Provided with Fedora, Amanda is a powerful network backup application created by
the University of Maryland at College Park. Amanda is a robust backup and restore
application best suited to unattended backups with an autoloading tape drive of
adequate capacity. It benefits from good user support and documentation.
Amanda’s features include compression and encryption. It is intended for use with
highcapacity tape drives, optical, CD-R, and CD-RW devices.
There is no GUI interface for Amanda. Configuration is done in the time-honored
Unix tradition of editing text configuration files located in /etc/amanda. The default
installation in Fedora includes a sample cron file because it is expected that you will
be using cron to run Amanda regularly.
# Copying Files:-
when you have only a few files that you need to protect from loss or corruption, it
might make better sense to simply copy the individual files to another storage
medium rather than to create an archive of them. You can use the tar, cp, rsync, or
even the cpio commands to do this.
Copying Files Using tar
One choice for copying files into another location is to use the tar command where
you would create a tar file that would be piped to tar to be uncompressed in the new
location.
# tar cvf - files | (cd target_directory ; tar xpf -)
where files are the filenames you want to include; use * to include the entire current
directory.
Here is how the command shown works: You have already changed to the source
directory and executed tar with the cvf - arguments that tell tar to
· c Create an archive.
· v Be Verbose; lists the files processed so we can see that it is working.
· f Use the filename of the archive will be what follows. (In this case, it is -.)
· - Use a buffer; a place to hold data temporarily.
compress the contents of a designated directory, and then decompress
the compressed and encrypted archive stream into a designated directory on a
remote host:
$ tar cvzf - data_folder | ssh remote_host `( cd ~/mybackup_dir; tar xvzf - )’
The tar command is used to create, list, and compress the files in the directory
named data_folder. The output is piped through the ssh (secure shell) command and
sent to the remote computer named remote_host. On the remote computer, the
stream is then extracted and saved in the directory named /mybackup_dir.
Copying Files Using cp:
To copy files, we could use the cp command. The general format of the command
when used for simple copying is
$ cp -a source_directory target_directory
The -a argument is the same as giving -dpR, which would be
-d Dereferences symbolic links (never follows symbolic links) and copies the files
to which they point, instead of copying the links.
-p—Preserves all file attributes if possible. (File ownership might interfere.)
-R—Copies directories recursively.
You can also use the cp command to quickly replicate directories and retain
permissions by using the -avR command-line options. Using these options preserves
file and directory permissions, gives verbose output, and recursively copies and recreates
subdirectories.
You can also create a log of the backup during the backup by redirecting the
standard output like this:
# cp -avR directory_to_backup destination_vol_or_dir 1>/root/backup_log.txt
or
# cp -avR fedora /test2 1>/root/backup_log.txt
This example makes an exact copy of the directory named /fedora on the volume
named /test2, and saves a backup report named backup_log.txt under /root.
UNIT-V Networking and TC/IP
#Using Network Configuration Tools
If you add or replace networking hardware after your initial installation, you must configure the new
hardware. You can use either the command line or the graphical configuration tools to do so. To
configure a network client host using the command line, you can use a combination of commands or
edit specific files under the /etc/sysconfig directory. To configure the hardware through a graphical
interface, you can use system-config-network or the console-based netconfig command.
Using Graphical Configuration Tools:-
The graphical configuration tool is your best method for configuring new hardware in Fedora.
Like most graphical tools, system-config-network enables you to fill in the blanks; press the proper
buttons, and the tool modifies the required files and issues the proper commands. Remember, you
must be root to run system-config-network.
There are two ways to start system-config-network: from the command line of an X11 terminal
window with the command system-config-network, using the panel’s Run Application menu item, or
by clicking the System Setting’s Network menu item from a GNOME or KDE desktop panel menu.
After it is started, system-config-network might ask whether you would like to create a new device. If
you have installed Fedora on a computer with an existing network card, the appears after you start
system-config-network.
Click the DNS tab to configure your system’s DNS settings, hostname, or DNS search path. Click the
Hosts tab, and then click either the New or Edit button (after selecting a host) to create or edit an entry
in your system’s /etc/hosts file—for example, to add the IP addresses, hostnames, and aliases of hosts
on your network.
Click the Devices tab, and then either click New or select an existing setting and click Edit to
automatically or manually set up an ethernet device. Shows the Add New Device Type dialog box
with all necessary information in place for a static, or fixed, IP address assignment. Choose how your
card will get its configuration: manually from Dynamic Host Control Protocol (see the next section)
or from Bootp. Just fill in the blanks as needed.
When you finish configuring your NIC or editing an IP address or assignment scheme for a NIC, save
your changes, using the File menu’s Save menu item. Note that you can also use the Profile menu to
create different network configurations and IP address assignments for your installed NICs.
Command-Line Network Interface Configuration:-
You can configure a network interface from the command line, using the basic Linux networking
utilities. You configure your network client hosts with the command line by using commands to
change your current settings or by editing a number of system files. Two commands, ifconfig and
route, are used for network configuration. The netstat command displays information about the
network connections.
/sbin/ifconfig
ifconfig is used to configure your network interface. You can use it to . Activate or deactivate your
NIC or change your NIC’s mode
1. Change your machine’s IP address, netmask, or broadcast address
2. Create an IP alias to allow more than one IP address on your NIC
3. Set a destination address for a point-to-point connection
You can change as many or as few of these options as you’d like with a single command.
The basic structure for the command is as follows:
/sbin/ifconfig [network device] options
The ifconfig man page shows other options that enable your machine to interface with a number of
network types such as AppleTalk, Novell, IPv6, and others. Again, read the man page for details on
these network types.
#Advanced Wireless Networking
Linux has had support for wireless networking since the first standards were developed in the early
1990s.
The Linux kernel that ships with Fedora provides extensive support for wireless networking.
Related wireless tools for configuring, managing, or displaying information about a wireless
connection include
iwconfig—Sets the network name, encryption, transmission rate, and other features of a wireless
network interface
iwlist—Displays information about a wireless interface, such as rate, power level, or frequency
used
iwpriv—Uses i to set optional features, such as roaming, of a wireless network interface
iwspy—Shows wireless statistics of a number of nodes
Support varies for wireless devices—most likely in the form of a PCMCIA adapter although some
USB wireless devices now work with Linux. In general, Linux wireless device software (usually in
the form of a kernel module) supports the creation of an Ethernet device that can be managed by
traditional interface tools such as ifconfig with wireless features of the device managed by the various
wireless software tools.
TCP/IP Addressing
To understand networking with Linux, you need to know the basics of TCP/IP addressing. Internet IP
addresses are assigned (for the United States and some other hosts) by the American Registry for
Internet Numbers, available at http://www.arin.net/. The agency assigns Internet service providers
(ISPs) one or more blocks of IP addresses, which the ISPs can then assign to their subscribers.
You will quickly recognize the current form of TCP/IP addressing, known as IPv4 (IP version 4).
The first octet usually determines what class the network belongs to. There are three classes of
networks. The classes are:
1. Class A—Consists of networks with the first octet ranging from 1 to 126. There are only 126 Class
A networks—each composed of up to 16,777,214 hosts.
2. Class B—Consists of networks defined by the first two octets, with the first ranging
from 128 to 191.
3. Class C—Consists of a network defined by the first three octets, with the first ranging
from 192 to 223.
#Dynamic Host Configuration Protocol
Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to dynamically
assign an IP address to nay device, or node, on a network so they can communicate using IP
(Internet Protocol). DHCP automates and centrally manages these configurations. There is no need
to manually assign IP addresses to new devices. Therefore, there is no requirement for any user
configuration to connect to a DHCP based network.
DHCP can be implemented on local networks as well as large enterprise networks. DHCP is the
default protocol used by the most routers and networking equipment.
DHCP does the following:
DHCP manages the provision of all the nodes or devices added or dropped from the
network.
DHCP maintains the unique IP address of the host using a DHCP server.
It sends a request to the DHCP server whenever a client/node/device, which is
configured to work with DHCP, connects to a network. The server acknowledges by
providing an IP address to the client/node/device.
DHCP is also used to configure the proper subnet mask, default gateway and DNS server information
on the node or device.
How DHCP works
DHCP runs at the application layer of the TCP/IP protocol stack to dynamically assign IP
addresses to DHCP clients/nodes and to allocate TCP/IP configuration information to the
DHCP clients. Information includes subnet mask information, default gateway, IP addresses
and domain name system addresses.
DHCP is based on client-server protocol in which servers manage a pool of unique IP
addresses, as well as information about client configuration parameters, and assign addresses
out of those address pools.
The DHCP works process as follows:
First of all, a client (network device) must be connected to the internet.
DHCP clients request an IP address. Typically, client broadcasts a query for this
information.
DHCP server responds to the client request by providing IP server address and other
configuration information. This configuration information also includes time period,
called a lease, for which the allocation is valid.
When refreshing an assignment, a DHCP clients request the same parameters, but the
DHCP server may assign a new IP address. This is based on the policies set by the
administrator.
Benefits of DHCP
There are following benefits of DHCP:
Centralized administration of IP configuration: DHCP IP configuration information can
be stored in a single location and enables that administrator to centrally manage all IP address
configuration information.
Dynamic host configuration: DHCP automates the host configuration process and
eliminates the need to manually configure individual host. When TCP/IP (Transmission
control protocol/Internet protocol) is first deployed or when IP infrastructure changes are
required.
Seamless IP host configuration: The use of DHCP ensures that DHCP clients get accurate
and timely IP configuration IP configuration parameter such as IP address, subnet mask,
default gateway, IP address of DND server and so on without user intervention.
Flexibility and scalability: Using DHCP gives the administrator increased flexibility,
allowing the administrator to move easily change IP configuration when the infrastructure
changes.
#Setting Up a Telnet Server
the Telnet server installation packages
under Legacy Network Server in the Add or Remove Packages dialog box. You need to
select it from the Details selection because it is not one of the default selections for the
package group. After it’s installed, select System Settings, Server Settings, Services and
enable Telnet for runlevel 5. Note your IP address while you are here (switch to root and
run ifconfig).
With that done, you can now fire up your other Linux box and type telnet <your IP>.
If you are unsure of your IP address, switch to root and use the ifconfig command. You
are prompted to enter your username and password. The whole conversation should look
like this:
[paul@susannah ~]$ telnet 10.0.0.1
Trying 10.0.0.1…
Connected to 10.0.0.1 (10.0.0.1)
Escape character is ‘^]’.
Welcome to Caitlin
Running Fedora Core
* All access is logged *
login: paul
Password:
Last login: Sat Jul 9 12:05:41 from 10.0.0.5
[paul@caitlin ~]$
#Setting Up an SSH Server
The OpenSSH server is set up to be automatically installed and run in Fedora, which means it should
already be working on your system. However, if you have disabled it, you can re-enable it by
selecting System Settings, Server Settings, Services and selecting the sshd box. As you might have
gathered, sshd is the name for the SSH server daemon.
Two different versions of SSH exist, called SSH1 and SSH2. The latter is newer, is more
secure, comes with more features, and is the default in Fedora Core Linux.
To do this, edit the /etc/ssh/sshd_config file and look for this line:
#Protocol 2,1
Edit this line so that it becomes:
Protocol 2
This removes the comment sign (#) and tells sshd that you want it to only allow SSH2
connections. Save the file and exit your editor. The next step is to tell sshd to reread its
configuration file, by executing this command:
kill -HUP `cat /var/run/sshd.pid`
You can test this change by trying to connect to your SSH server in SSH1 mode. From the
same machine, type this:
ssh -1 localhost
The -1 switch forces SSH1 mode.
PRINTING WITH FEDORA
Installing Apache Server:-
Open the Terminal (Command Prompt) window on your Linux machine. You can use
the Terminal window to easily download and install the Apache server on your computer.
Depending on your Linux version:
Steps1:-
Click the icon on the top-left to open the Dash, type "Terminal," and hit ⏎ Return or ↵
Enter.
Press the Ctrl+Alt+T keyboard shortcut.
Click the Applications tab on the menu bar, select Accessories, and click Terminal.
Step2:-
Type sudo apt-get install apache2 in Terminal. This command will download
and install the Apache server on your Linux machine.
This command will work in Ubuntu and other Debian Linux versions.
For Fedora / RHEL / Cent OS and Red Hat Enterprise Linux, type yum
install httpd
Step3:-
Press ↵ Enter or ⏎ Return on your keyboard. This will run the command, and prompt
you to enter your user/root password.
Step4:-
Enter your user/root password. This will confirm your action, and start downloading
Apache on your computer.
Press ↵ Enter or ⏎ Return to confirm your password.:-
Step5:-
Press Y to continue. When you're prompted to install the required extra packages, type
"Y" and press ↵ Enter or ⏎ Return to proceed.
This will install all the required packages, and start your Apache server on your
computer.
You will see a message saying "Starting web server apache2" in Terminal when your
installation is finished.
Step6:-
Open your internet browser. You can use any internet browser to check if your
Apache server is successfully installed.
Step7:-
Type localhost in your browser's address bar. Your Apache server should
automatically start running on your localhost when it's finished installing.
Step8:-
*Press ↵ Enter or ⏎ Return on your keyboard. The localhost page should open up to
the Apache2 Default Page.
*If you see the Apache2 Default Page, your Apache server is up and running on this
computer.
If your Apache server isn't running, you'll see a message saying "Unable to connect."
Starting and Stopping Apache:-
SystemD is the service manager for newer Red-Hat based distributions (RHEL and CentOS
7 and later versions). Similarly, for Red Hat distributions, Apache service is referred to as
httpd.
To start the Apache webserver service, we use the command:
sudo systemctl start httpd
To stop the Apache webserver service, we use the command:
sudo systemctl stop httpd
Whenever we make any changes to Apache’s web server configuration, we need to restart the
Apache service. To restart the service, we use the command:
sudo systemctl restart httpd
To start the Apache webserver service in older versions, we use the command:
sudo service httpd start
To stop the Apache webserver service in older versions, we use the command:
sudo service httpd stop
To restart the Apache service in older versions, we use the command:
sudo service httpd restart
Network File System(NFS):-
Network File System(NFS) is a file system implemented by Sun Microsystems, Inc. It is a
client/server system that lets the users access files across a network and work on them as if
they are present in a local file directory.
For example, if we are using a computer connected to a second computer via NFS, we can
access the files of the second computer as if they are located in a directory on the first
computer. This is done by exporting(the process through which an NFS server gives remote
clients access to its files) and mounting(the process by which the client maps NFS shared file
system).
For NFS, we should have the client and server machine configuration.
Steps to configure the NFS server machine:-
Become a root user, with the command:
su –
To verify if the package nfs is installed in the system, with the command:
rpm -qa | grep nfs
If not installed, run the command to install:
yum install nfs-utils libnfsidmap
Enable and start the nfs services by running commands one by one:
systemctl enable rpcbind
systemctl enable nfs-server
systemctl start rpcbind
systemctl start nfs-server
systemctl start rpc-statd
systemctl start nfs-idmapd
To check the status of a service, for example: rpc-statd, run the command:
systemctl status rpc-statd
Create an nfs shared directory and assign permissions with the following steps:
Create a directory mypretzels at the / location with the commands:
cd /
mkdir mypretzels
Assign permissions to the directory with the command:
chmod a+rwx mypretzels/
Create files a, b, c, and kramer inside the mypretzels directory with the commands:
cd mypretzels/
touch a b c
touch Kramer
Add some content to the kramer file, with the command:
echo "These pretzels are making me thirsty" > Kramer
To get the contents of the mypretzels directory, run the command:
ls -ltr
Edit the /etc/exports file with the command:
vi /etc/exports
In the insert mode, add the following lines:
/mypretzels *(rw,sync,no_root_squash)
Save and quit.
:wq!
Export the nfs filesystem with the command:
exportfs -rv
Check the IP address of the server machine, with the command:
Ifconfig
The IP address of the server machine is 192.168.1.18.
Steps to configure NFS client machine:-
Become a root user, with the command:
su –
Check the IP address, with the command:
ip addr
The IP address of the client machine is 192.168.1.11
Install the nfs package with the command:
yum install nfs-utils
Install the rpcbind package with the command:
yum install rpcbind -y
Once installed, enable and start the rpcbind package with the command:
systemctl start rpcbind
Check the status of the rpcbind package with the command:
systemctl status rpcbind
Ensure that the firewalld or iptable are stopped, with the command:
ps –ef | egrep “firewall|iptable”
Show mount from the nfs server with the command:
showmount -e 192.168.1.18
192.168.1.18 is the IP address of the server machine.
Create a mount point with the command:
mkdir /mnt/kramer
Mount the nfs filesystem with the command:
mount 192.168.1.18:/mypretzels /mnt/Kramer
Verify the mounting system with the command:
df –h
Putting Samba to Work:-
1.Configuring Samba with System config-samba:-
Samba (SMB) is an open source and free software suite that runs on Linux/UNIX based
system but it also communicate with Windows client like a native application. It is a file
sharing server. It is used to share files between Windows and Linux/UNIX systems. Samba is
able to provide this service by employing the common Internet File System (CIFS). The
heart of CIFS is the Server Message Block (SMB).
you can configure SAMBA server in Linux systems. Follow the below steps.
Step #1 . First you will need to create a directory where you want to keep data and share with
other remote system such as Solaris,Windows, UNIX etc.
# mkdir /data
Step #2. Now you will need to install Samba server on system.
On RHEL/Fedora/CentOS
# yum install samba
On Ubuntu/Debian
$sudo apt-get install samba
Step #3. After installing samba server, configure it using it’s main configuration file
“/etc/samba/smb.conf“.
# vim /etc/samba/smb.conf
workgroup = windows-group.
server string = Linux-Share
[sharedfolder]
comment = secured shared folder
path = /srv/samba/data
Valid users = sagar faeem
guest ok = no
writable = yes
privatable = no
browsable = yes
Save and exit
Where:
Workgroup : Where this server belongs. When windows user try to access any
network resource they first try to access my network place and then search for
workgroup then to server.
server string : Name of this samba server search, Here that name is Linux-Share.
[sharedfolder] : Share name, When any users access samba server through network
this will be visible as folder shared.
comment : Use for any comment, which help to know what is this share for.
path : Location of shared folder, this is used to specific which folder you want to
share.
valid users : Specifies which user is having access on this folder.
writable : Privide the access control to user whether users are able to write or not. In
this example they can read and write.
privatable : It indecate whether this folder is private or not.
browsable : It is used to specify whether the folder content is browsable or not.
Step #4. Now create password for the users. So that users can access this samba share
remotely.
#smbpasswd -a sagar
#smbpasswd -a faeem
Set the password for above users, password is stored in ” /etc/samba/smbpasswd ” file.
Step #5. Execute the below command for syntax check for smb.conf file.
# testparm
Step #6. Now restart samba service.
# service smb restart
Step #7. Keep on samba service on during booting time, samba service will start if server
restarted.
#chkconfig smb on
2.Configuring Samba with SWAT:-
SWAT should be installed to run via the network super-daemon. Depending on which system
your UNIX/Linux system has, you will have either an inetd - or xinetd -based system.
The nature and location of the network super-daemon varies with the operating system
implementation. The control file (or files) can be located in the file /etc/inetd.conf or in
the directory /etc/[x]inet[d].d or in a similar location.
The control entry for the older style file might be:
# swat is the Samba Web Administration Tool
swat stream tcp nowait.400 root /usr/sbin/swat swat
A control file for the newer style xinetd could be:
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait = no
only_from = localhost
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}
In the above, the default setting for disable is yes. This means that SWAT is disabled. To
enable use of SWAT, set this parameter to no as shown.
Both of the previous examples assume that the swat binary has been located in the
/usr/sbin directory. In addition to the above, SWAT will use a directory access point from
which it will load its Help files as well as other control information. The default location for
this on most Linux systems is in the directory /usr/share/samba/swat. The default location
using Samba defaults will be /usr/local/samba/swat.
Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user, the
only permission allowed is to view certain aspects of configuration as well as access to the
password change facility. The buttons that will be exposed to the non-root user are HOME,
STATUS, VIEW, and PASSWORD. The only page that allows change capability in this case
is PASSWORD.
As long as you log onto SWAT as the user root , you should obtain full change and commit
ability. The buttons that will be exposed include HOME, GLOBALS, SHARES, PRINTERS,
WIZARD, STATUS, VIEW, and PASSWORD.
Configuring and Managing Print Services:-
Your task as a system administrator (or root operator of your workstation) is to properly define local or
remote printers and to ensure that printing services are enabled and running properly. Fortunately,
Fedora includes a graphical print service configuration tool that makes this job easy.
You can configure printing services using either the command line system-config-printer-tui program
or the
system-config-printer-gui graphical interface. Most of the detailed information in this chapter refers to
the use of the GUI.
GUI-Based Printer Configuration Quickstart:-
Configuring a printer for Fedora is easy but you must use root permission to do it. Make sure that the
cupsd daemon is installed and running. If you elect to use printing support when you install Fedora,
the daemon and related software will be installed. If you’re not sure whether cupsd is running, you can
quickly drop to a terminal and use the service command with the name of the service and the status
keyword like so:
# service cups status
You will see either
cupsd is stopped
or, if cupsd is running, an acknowledgement, along with its process ID, such as
cupsd (pid 2378) is running...
If cupsd is installed but not running, start the daemon like so:
# /etc/rc.d/init.d/cups start
You can also use the service command to start the daemon, like so:
# service cups start
If you are using the desktop, select System, Administration, Printing. You will be asked to enter the
root password. If not, you are using X as root, which is a bad idea. Log out, and then log back in as a
regular user! After you enter the root password, the printer configuration dialog appears.
You then simply follow the prompts to define your printer and add local or remote printing services.
You should print a test page before saving your changes. Use the printer configuration client or the
File menu’s Print menu item from a GNOME or KDE client.
Managing Printing Services:-
After defining a printer, you can use the command line to view and control your print jobs, or if root, all
print jobs and printers on your system..
Most Linux systems use PostScript as the default document format for printing. Fedora uses the gs
command along with CUPS to manage local and remote print jobs and the type of data transferred
during a print job. The gs command is used to translate the document stream into a format accepted
by the destination printer (which most likely uses HPCL).
You can use the Ghostscript interpreter gs to display its built-in printer devices by using the gs
interpreter with its --help command-line option like this:
# gs –help
The gs command outputs many lines of help text on command-line usage and then lists built-in printer
and graphics devices. Another way to get this information is to start gs and then use the devicenames
== command like this:
# gs
Creating and Configuring Local Printers:-
Creating a local printer for your Fedora system can be accomplished in six easy steps. You must have
root permission to use the system-config-printer client. The cupsd daemon should also be running
before you begin.
To launch system-config-printer, go to System, Administration and choose the Printing
menu option or use the command line of an X terminal window like this:
# system-config-printer &
Creating the Print Queue:-
The Fedora system-config-printer tool walks you through a process to create a new print queue, which
effectively defines a new printer on your system. To begin configuration of a local (attached) printer,
click the New Printer toolbar button in system-configprinter’s main window. An Add a New Printer
configuration dialog appears, as shown in Figure 8.1.
The Printer Name dialog appears. Type a desired name for the new printer (such as lp), enter a short
description and optional location information and then click the Forward button. The Connection Type
dialog appears, as shown in Figure 8.2. Select the connection type that is appropriate for you. You
can select a number of different connection types, depending on your specific requirements. Normally
you will use the LPT#1 option if your printer is connected by a standard Parallel (or what used to be
called Centronics) cable. Alternatively, if you are connecting to a printer that has a JetDirect port (most HP networkcapable printers fit in this category) then select the appropriate option and enter the network address
for the printer.
FIGURE 8.1 Click the New Printer toolbar button to start the configuration of a new printer
for your system..
8
FIGURE 8.2 Select the appropriate connection method for your printer and enter the relevant details.
Next up you need to select the make/manufacturer of the printer that you are setting up, shown in
Figure 8.3 .
FIGURE 8.3 Select the make or manufacturer of your printer from this dialog box to help Fedora
narrow down the driver options.
Note that you can configure a printer for Fedora even if it is not attached to your computer. After you
select your printer’s manufacturer, a list of printers from that manufacturer (such as HP, as shown in
Figure 8.4) appears. Select your printer from the list, and then click the Forward button.
Do not worry if you do not see your printer listed in the selection; it is possible to select a related,
although different, printer model and still be able to print to your printer. For example, many HP
printers can be used by selecting the DeskJet 500 for monochrome or 500C model for color printing.
You can experiment to see which printer selection works best for your printer if its model is not listed.
You might not be able to use all the features of your printer, but you will be able to set up printing
service. Click Next when you have made your choice.
FIGURE 8.4 Select your printer from the list and click the Forward button to finish the configuration
of a locally connected printer.
The final screen summarizes what system-config-printer is about to do. If you are happy with the
details, click the Apply button to commit your changes to the system.
FIGURE 8.5 Double-check your settings before you commit to creating a new printer entry in
/etc/printcap; when the settings are right, click Finish to create the new print queue.
When the print queue has been created, you are asked whether you would like to print a test page.
Click Yes to save your new printer setup and to print a test page. If you click No, a test page is not
printed, and you have to delete the new printer entry or save or cancel your changes before you quit
system-config-printer.
You can see the new printer defined in the system-config-printer main window as shown in Figure 8.6.
FIGURE 8.6 New printer entries created in /etc/printcap displayed in system-configprinter’s main
window.
Editing Printer Settings:-
You also use the system-config-printer tool to edit the newly defined printers. To edit the printer
settings, highlight the printer’s listing in the printer browser window. You can
then select specific settings related to that printer by using the tabs that appear in the right side of the
dialog box. The Printer Options dialog, part of the printer settings is shown in Figure 8.7.
FIGURE 8.7 Edit a printer’s settings by using tabs in system-config-printer
The first tab in this dialog enables you to assign a new name for the printer. In this example, the
printer has the name laserjet. Other tabs in this dialog enable you to change the queue type or queue
options (such as whether to print a banner page or set the image area of a page), to select or update
the driver, or to choose available driver options for the printer (shown in Figure 8.8).
FIGURE 8.8 A printer’s driver settings can be changed on the Settings tab of system-config-printer’
When you finish editing your printer definition (or queue), click the OK button. Use the Apply
command in the Action menu to save the definition and automatically restart the cupsd daemon. This
step is extremely important; you have to update the printer settings and restart the cupsd daemon to
force it to reread your new settings. Click Quit from the Action menu when finished.
Network and Remote Printing:-
Setting up remote printing service involves configuring a print server and then creating a
remote printer entry on one or more computers on your network. This is a quick method of
enabling printing from one Linux workstation to another Linux computer on a LAN.
Enabling Network Printing on a LAN
To set up printing from one Linux workstation to another across a LAN, you need root
permission and access to both computers, but the process is simple and easy to perform.
First, log in or ssh to the computer to which the printer is attached. This computer is the
printer server. Use the hostname or ifconfig commands to obtain the hostname or IP address
and write down or note the name of the printer queue.
This enables incoming print requests with the proper queue name (name of the local printer)
from any remote host to be routed to the printer. After you finish, log out and go to a remote
computer on your LAN without an attached printer.
If the computer with an attached printer is using Fedora and you want to set up the system
for print serving, again use the system-config-printer client. You can create a new printer, but
the easiest approach is to publish details of your printer across the network.
To enable sharing, start system-config-printer, and then select the Server Settings option in
the left pane. All you need to do is select Share Published Printers Connected to This
System to automatically allow access to all your printers, as shown in Figure 19.9.
FIGURE 19.9 Sharing enables you to offer a locally attached printer as a remote printer on
your network.
By default, all users are allowed access to the printer. You can change this setting by
selecting the Access Control tab and adding users into the list.
Finally you need to allow Fedora to publish your selected shared printers across the
network. Click the Server Settings and make sure the Share Published Printers Connected
to This System option is checked.
When finished, click the Apply button and then select Quit from the Action menu to exit.
To create a printer queue to access a remote Unix print server, use system-config-printer to
create a printer but select the Internet Printing Protocol (IPP) type. Click Forward and enter a
printer name and description; you are then asked to enter the hostname (or IP address) of
the remote computer with a printer, along with the printer name, as shown in Figure 19.10.
FIGURE 19.10 Enter the hostname or IP address of the remote computer with a printer,
along with the remote printer’s queue name.
Click the Forward button after entering this information; then continue to configure the new
entry as if the remote printer were attached locally (use the same print driver setting as the
remote printer). When finished, do not forget to save the changes!
You can also test the new remote printer by clicking the Tests menu item and using one of
the test page items, such as the ASCII or PostScript test pages. The ASCII test page prints a
short amount of text to test the spacing and page width; the PostScript test page prints a
page of text with some information about your printer, a set of radial lines one degree apart,
and a color wheel (if you use a color printer).
Comments
Post a Comment