Docstoc

file

Document Sample
file Powered By Docstoc
					Red Hat Enterprise
      Linux
 主要内容
• Linux Usage Basics

• Running Commands and Getting Help

• Browsing the Filesystem

• Users, Groups and Permissions

• Standard I/O and Pipes

• vim: An Advanced Text Editor

• Basic System Configuration Tools

• Finding and Processing Files

• Network Clients

• The Linux Filesystem In-Depth
Unit 1

Linux Usage Basics
Logging in to a Linux System
• Two types of login screens: virtual consoles
 (text-based) and graphical logins (called
 display managers)
• Login using login name and password

• Each user has a home directory for personal
 file storage
Switching between virtual consoles and
the graphical environment
 • A typical Linux system will run six virtual consoles
  and one graphical console
   Server   systems often have only virtual consoles
   Desktops   and workstations typically have both
 • Switch among virtual consoles by typing: Ctrl-Alt-
  F[1-6]
 • Access the graphical console by typing Ctrl-Alt-F7
Elements of the X Window System

• The X Window System is Linux's graphical
 subsystem
• Xorg is the particular version of the X Window
 System used by Red Hat
  Open   source implementation of X
• Look and behavior largely controlled by the
 desktop environment
• Two desktop environments provided by Red
 Hat:
  GNOME:    the default desktop environment
  KDE:   an alternate desktop environment
Starting the X server
• On some systems, the X server starts
 automatically at boot time
• Otherwise, if systems come up in virtual
 consoles, users must start the X server
 manually
  TheX server must be pre-configured by the
  system administrator
  Log   into a virtual console and run startx
  The   X server appears on Ctrl-Alt-F7
Changing Your Password
• Passwords control access to the system

• General guidelines for best security:

  Change    the password the first time you log in
  Change    it regularly thereafter
  Select   a password that is hard to guess
• To change your password using GNOME,
 navigate to System->Preferences->About Me and
 then click Change Password.
• To change your password from a terminal:
 passwd
The root user
• The root user: a special administrative account

  Also   called the superuser
  root   has near complete control over the system
    •   ...and a nearly unlimited capacity to damage it!

• Do not login as root unless necessary

        (unprivileged) users' potential to do
  Normal
  damage is more limited
Changing Identities
• su - creates new shell as root

• id shows information on the current user
Editing text files
• The nano editor

  Easy    to learn, easy to use
  Not   as feature-packed as some advanced editors
• Other editors:

  gedit,    a simple graphical editor
  vim,    an advanced, full feature editor
  gvim,    a graphical version of the vim editor
    •   yum install vim-X11
Unit 2

Running Commands and Getting
Help
Running Commands
• Commands have the following syntax:

  command      options arguments
• Each item is separated by a space

• Options modify a command's behavior

  Single-letter   options usually preceded by -
   •   Can be passed as -a -b -c or -abc

  Full-word   options usually preceded by --
   •   Example: --help

• Arguments are filenames or other data needed
 by the command
Some Simple Commands
• date - display date and time

• cal - display calendar
Getting Help
• Many levels of help

  whatis

  command     --help
  man   and info
  /usr/share/doc/

  Red   Hat documentation
The whatis Command
• Displays short descriptions of commands

• Uses a database that is updated nightly

• Often not available immediately after install

 $ whatis cal
 cal   (1) - displays a calendar
The --help Option
• Displays usage summary and argument list

• Used by most, but not all, commands

$ date --help
Usage: date [OPTION]... [+FORMAT] or: date [-u|--
utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
Display the current time in the given FORMAT, or set
the system date. ...argument list omitted...
Reading Usage Summaries
• Printed by --help, man and others

• Used to describe the syntax of a command

  Arguments    in [] are optional
  Arguments    in CAPS or <> are variables
  Text   followed by ... represents a list
  x|y|z   means "x or y or z"
  -abc   means "any mix of -a, -b or -c"
The man Command
• Provides documentation for commands

• Almost every command has a man "page"

• Pages are grouped into "chapters"

• Collectively referred to as the Linux Manual

• man [<chapter>] <command>
The info Command
• Similar to man, but often more in-depth

• Run info without args to list all page

• info pages are structured like a web site

  Each    page is divided into "nodes"
  Links   to nodes are preceded by *
  info   [command]
Extended Documentation
• The /usr/share/doc directory

• Subdirectories for most installed packages

• Location of docs that do not fit elsewhere

  Example    configuration files
  HTML/PDF/PS     documentation
  License   details
Red Hat Documentation
• Available on Red Hat website
 http://www.redhat.com/docs/
  Installation   Guide
  Deployment     Guide
  Virtualization   Guide
• Knowledge base: http://kbase.redhat.com

  Common    questions and their solution
Unit 3

Browsing the Filesystem
Linux File Hierarchy Concepts
• Files and directories are organized into a
 single-rooted inverted tree structure
• Filesystem begins at the root directory,
 represented by a lone / (forward slash)
 character.
• Names are case-sensitive

• Paths are delimited by /
Some Important Directories
• Home Directories: /root,/home/username

• User Executables: /bin, /usr/bin, /usr/local/bin

• System Executables: /sbin, /usr/sbin, /usr/local/sbin

• Other Mountpoints: /media, /mnt

• Configuration: /etc

• Temporary Files: /tmp

• Kernels and Bootloader: /boot

• Server Data: /var, /srv

• System Information: /proc, /sys

• Shared Libraries: /lib, /usr/lib, /usr/local/lib
Current Working Directory
• Each shell and system process has a current
 working directory(cwd)
• pwd

  Displays   the absolute path to the shell's cwd
File and Directory Names
• Names may be up to 255 characters

• All characters are valid, except the forward-
 slash
  Itmay be unwise to use certain special characters
  in file or directory names
  Somecharacters should be protected with quotes
  when referencing them
• Names are case-sensitive

  Example:    MAIL, Mail, mail, and mAiL
  Again,   possible, but may not be wise
Absolute and Relative Pathnames

• Absolute pathnames

  Begin   with a forward slash
  Complete   "road map" to file location
     be used anytime you wish to specify a file
  Can
  name
• Relative pathnames

  Do   not begin with a slash
  Specifylocation relative to your current working
  directory
     be used as a shorter way to specify a file
  Can
  name
Changing Directories
• cd changes directories

• To an absolute or relative path:

  cd   /home/joshua/work
  cd   project/docs
• To a directory one level up:

  cd   ..
• To your home directory:

  cd

• To your previous working directory:

  cd   -
Listing Directory Contents
• Lists the contents of the current directory or a
 specified directory
• Usage:

  ls   [options] [files_or_dirs]
• Example:

  ls   -a (include hidden files)
  ls   -l (display extra information)
  ls   -R (recourse through directories)
  ls   -ld (directory and symlink information)
Copying Files and Directories
• cp - copy files and directories

• Usage:

   cp   [options] file destination
• More than one file may be copied at a time if
 the destination is a directory:
   cp   [options] file1 file2 dest
Copying Files and Directories: The
Destination
• If the destination is a directory, the copy is
 placed there
• If the destination is a file, the copy overwrites
 the destination
• If the destination does not exist, the copy is
 renamed
Moving and Renaming Files and
Directories
• mv - move and/or rename files and directories

• Usage:

  mv   [options] file destination
• More than one file may be moved at a time if
 the destination is a directory:
  mv   [options] file1 file2 destination
• Destination works like cp
Creating and Removing Files
• touch - create empty files or update file timestamps

• rm - remove files

• Usage:

  rm   [options] <file>...
• Example:

  rm   -i file (interactive)
  rm   -r directory (recursive)
  rm   -f file (force)
Creating and Removing Directories

• mkdir creates directories

• rmdir removes empty directories

• rm -r recursively removes directory trees
Using Nautilus
• Gnome graphical filesystem browser

• Can run in spatial or browser mode

• Accessed via...

  Desktop     icons
    •   Home: Your home directory
    •   Computer: Root filesystem, network resources and
        removable media

  Applications->System       Tools->File Browser
Moving and Copying in Nautilus
• Drag-and-Drop

  Drag: Move on same filesystem, copy on different
  filesystem
  Drag   + Ctrl: Always copy
      + Alt: Ask whether to copy, move or create
  Drag
  symbolic link (alias)
• Context menu

  Right-click   to rename, cut, copy or paste
Determining File Content
• Files can contain many types of data

• Check file type with file before opening to
 determine appropriate command or application
 to use
• file [options] <filename>...
Unit 4

Users, Groups and Permissions
Users
• Every user is assigned a unique User ID
 number (UID)
  UID   0 identifies root
  User   accounts normally start at UID 500
• Users' names and UIDs are stored in
 /etc/passwd
• Users are assigned a home directory and a
 program that is run when they log in (usually a
 shell)
• Users cannot read, write or execute each
 others' files without permission
Groups
• Users are assigned to groups

• Each group is assigned a unique Group ID
 number (gid)
• GIDs are stored in /etc/group

• Each user is given their own private group

  Canbe added to other groups for additional
  access
• All users in a group can share files that belong
 to the group
Linux File Security
• Every file is owned by a UID and a GID

• Every process runs as a UID and one or more
 GIDs
  Usually   determined by who runs the process
• Three access categories:

  Processes    running with the same UID as the file
  (user)
  Processes    running with the same GID as the file
  (group)
  All   other processes (other)
Permission Types
• Four symbols are used when displaying
permissions:
    permission to read a file or list a directory's
  r:
  contents
  w:permission to write to a file or create and
  remove files from a directory
  x:permission to execute a program or change
  into a directory and do a long listing of the
  directory
  -:   no permission (in place of the r, w, or x)
Examining Permissions
• File permissions may be viewed using ls -l

 $ ls -l /bin/login
 -rwxr-xr-
 x 1 root root 19080 Apr 1 18:26 /bin/login
• File type and permissions represented by a 10-
 character string
Changing File Ownership
• Only root can change a file's owner

• Only root or the owner can change a file's
 group
• Ownership is changed with chown:

  chown   [-R] user_name file|directory ...
• Group-Ownership is changed with chgrp:

  chgrp   [-R] group_name file|directory ...
Changing Permissions - Symbolic Method

• To change access modes:

  chmod     [-R] mode file
• Where mode is:

  u,g   or o for user, group and other
 +     or - for grant or deny
  r,   w or x for read, write and execute
• Examples:

  ugo+r:     Grant read access to all
  o-wx:    Deny write and execute to others
Changing Permissions - Numeric Method

• Uses a three-digit mode number

  first   digit specifies owner's permissions
  second     digit specifies group permissions
  third   digit represents others' permissions
• Permissions are calculated by adding:

 4   (for read)
 2   (for write)
 1   (for execute)
• Example:

  chmod      640 myfile
Unit 5

Using the bash Shell
Command Line Shortcuts File Globbing

• Globbing is wildcard expansion:

 *   - matches zero or more characters
 ?   - matches any single character
  [0-9]   - matches a range of numbers
  [abc]   - matches any of the character in the list
  [^abc]   - matches all except the characters in the
  list
Command Line Shortcuts-The Tab Key

• Type Tab to complete command lines:

     the command name, it will complete a
  For
  command name
  For   an argument, it will complete a file name
• Examples:

 $   xte<Tab>
 $   xterm
 $   ls myf<Tab>
 $   ls myfile.txt
Command Line Shortcuts-History
• bash stores a history of commands you've
 entered, which can be used to repeat
 commands
• Use history command to see list of
 "remembered" commands
• $ history

  14   cd /tmp
  15   ls -l 16 cd
  17 cp /etc/passwd .
   18 vi passwd ... output truncated ...
More History Tricks
• Use the up and down keys to scroll through
 previous commands
• Type Ctrl-r to search for a command in
 command history.
  (reverse-i-search)`':

• To recall last argument from previous
 command:
  Esc,.   (the escape key followed by a period)
       (hold down the alt key while pressing the
  Alt-.
  period)
  !$   (only valid for the last command)
Command Line Expansion-The tilde
• Tilde ( ~ )

• May refer to your home directory

 $   cat ~/.bash_profile
• May refer to another user's home directory

 $   ls ~julie/public_html
Command Line Expansion
Commands and Braced Sets
• Command Expansion: $() or ``

  Printsoutput of one command as an argument to
   another
• $ echo "This system's name is $(hostname)"
 This system's name is server1.example.com
• Brace Expansion: { }

  Shorthand   for printing repetitive strings
• $ echo file{1,3,5} file1 file3 file5 $ rm -
 f file{1,3,5}
Bash Variables
• Variables are named values

  Useful   for storing data or command output
• Set with VARIABLE=VALUE

• Referenced with $VARIABLE

• $ HI="Hello, and welcome to $(hostname)."
 $ echo $HI Hello, and welcome to stationX.
Command Editing Tricks
• Ctrl-a moves to beginning of line

• Ctrl-e moves to end of line

• Ctrl-u deletes to beginning of line

• Ctrl-k deletes to end of line

• Ctrl-arrow moves left or right by word
gnome-terminal
• Applications->Accessories->Terminal

• Graphical terminal emulator that supports
 multiple "tabbed" shells
  Ctrl-Shift-t   creates a new tab
  Ctrl-PgUp/PgDn     switches to next/prev tab
  Ctrl-Shift-c   copies selected text
  Ctrl-Shift-v   pastes text to the prompt
  Shift-PgUp/PgDn     scrolls up and down a screen at
  a time
Unit 6

Standard I/O and Pipes
Standard Input and Output
• Linux provides three I/O channels to Programs

• Standard input (STDIN) - keyboard by default

• Standard output (STDOUT) - terminal window
 by default
• Standard error (STDERR) - terminal window by
 default
Redirecting Output to a File
• STDOUT and STDERR can be redirected to files:

  command     operator filename
• Supported operators include:

 >   Redirect STDOUT to file
  2>   Redirect STDERR to file
  &>   Redirect all output to file
• File contents are overwritten by default. >>
 appends.
Redirecting Output to a File
Examples
• This command generates output and errors
 when run as non-root:
 $ find /etc -name passwd
• Operators can be used to store output and
 errors:
 $ find /etc -name passwd > find.out
 $ find /etc -name passwd 2> /dev/null
 $ find /etc -name passwd > find.out 2> find.err
Redirecting STDOUT to a Program
(Piping)
• Pipes (the | character) can connect commands:

 command1 | command2
       STDOUT of command1 to STDIN of
  Sends
  command2 instead of the screen.
  STDERR   is not forwarded across pipes
• Used to combine the functionality of multiple
 tools
  command1   | command2 | command3... etc
Redirecting STDOUT to a Program
Examples
• less: View input one page at a time:

 $ ls -l /etc | less
  Input   can be searched with /
• mail: Send input via email:

 $ echo "test email" | mail -s "test" user@example.com

• lpr : Send input to a printer

 $ echo "test print" | lpr$ echo "test print" | lpr -P printer_name
Combining Output and Errors
• Some operators affect both STDOUT and
 STDERR
• &>: Redirects all output:

 $ find /etc -name passwd &> find.all

• 2>&1: Redirects STDERR to STDOUT

  Useful   for sending all output through a pipe
 $ find /etc -name passwd 2>&1 | less

• (): Combines STDOUTs of multiple programs

 $ ( cal 2007 ; cal 2008 ) | less
Redirecting STDIN from a File
• Redirect standard input with <

• Some commands can accept data redirected to
 STDIN from a file:
 $ tr 'A-Z' 'a-z' < .bash_profile

       command will translate the uppercase
   This
   characters in .bash_profile to lowercase
• Equivalent to:

 $ cat .bash_profile | tr 'A-Z' 'a-z'
Sending Multiple Lines to STDIN

• Redirect multiple lines from keyboard to
 STDIN with <<WORD
• All text until WORD is sent to STDIN

• Sometimes called a heretext
 $ mail -s "Please Call" jane@example.com <<END > Hi Jane,
 >
 > Please give me a call when you get in. We may need
 > to do some maintenance on server1.
 >
 > Details when you're on-site,
 > Boris
 > END
Unit 7

Text Processing Tools
Tools for Extracting Text
• File Contents: less and cat

• File Excerpts: head and tail

• Extract by Column or Field: cut

• Extract by Keyword: grep
Viewing File Contents
less and cat
• cat: dump one or more files to STDOUT

  Multiple    files are concatenated together
• less: view file or STDIN one page at a time

  Useful    commands while viewing:
    •   /text searches for text
    •   n/N jumps to the next/previous match
    •   v opens the file in a text editor

  less   is the pager used by man
Viewing File Excerpts
head and tail
• head: Display the first 10 lines of a file

  Use    -n to change number of lines displayed
• tail: Display the last 10 lines of a file

  Use    -n to change number of lines displayed
  Use    -f to "follow" subsequent additions to the file
    •   Very useful for monitoring log files!
Extracting Text by Keyword
grep
• Prints lines of files or STDIN where a pattern is matched

• $ grep 'john' /etc/passwd$ date --help | grep year

• Use -i to search case-insensitively

• Use -n to print line numbers of matches

• Use -v to print lines not containing pattern

• Use -AX to include the X lines after each match

• Use -BX to include the X lines before each match

• Use -r to recursively search a directory

• Use --color=auto to highlight the match in color
Tools for Analyzing Text
• Text Stats: wc

• Sorting Text: sort

• Comparing Files: diff and patch

• Spell Check: aspell
Gathering Text Statistics
wc (word count)
• Counts words, lines, bytes and characters

• Can act upon a file or STDIN

• $ wc story.txt

  39   237   1901 story.txt
• Use -l for only line count

• Use -w for only word count

• Use -c for only byte count

• Use -m for character count (not displayed)
Sorting Text
sort
• Sorts text to STDOUT - original file unchanged
• $ sort [options] file(s)

• Common options
  -r   performs a reverse (descending) sort
  -n   performs a numeric sort
  -f   ignores (folds) case of characters in strings
  -u   (unique) removes duplicate lines in output
  -t   c uses c as a field separator
  -k   X sorts by c-delimited field X
    •   Can be used multiple times
Eliminating Duplicate Lines
sort and uniq
• sort -u: removes duplicate lines from input

• uniq: removes duplicate adjacent lines from
 input
  Use   -c to count number of occurrences
  Use   with sort for best effect:
• $ sort userlist.txt | uniq -c
Comparing Files
diff
• Compares two files for differences

• $ diff foo.conf-broken foo.conf-works

  5c5   < use_widgets = no --- >
  use_widgets    = yes
  Denotes    a difference (change) on line 5
• Use gvimdiff for graphical diff

  Provided   by vim-X11 package
Duplicating File Changes
patch
• diff output stored in a file is called a
 "patchfile"
  Use   -u for "unified" diff, best in patchfiles
• patch duplicates changes in other files (use
 with care!)
  Use   -b to automatically back up changed files
• $ diff -u foo.conf-broken foo.conf-
 works > foo.patch
• $ patch -b foo.conf-broken foo.patch
Spell Checking with aspell
• Interactively spell-check files:

• $ aspell check letter.txt

• Non-interactively list mis-spelled words in
 STDIN
• $ aspell list < letter.txt$ aspell list < letter.txt |
 wc -l
Unit 8

vim: An Advanced Text Editor
Introducing vim
• Newer version of vi, the standard Unix text editor

     Executing vi runs vim by default
• gvim: Graphical version of vim

     Applications + Programming -> Vi IMproved
     Provided by vim-X11 package
• Advantages:

     Speed: Do more with fewer keystrokes
     Simplicity: No dependence on mouse/GUI
     Availability: Included with most Unix-like OSes
• Disadvantages

     Difficulty: Steeper learning curve than simpler editors
       •   Key bindings emphasize speed over intuitiveness
vim: A Modal Editor
• Keystroke behavior is dependent upon vim's
 "mode"
• Three main modes:

  Command   Mode (default): Move cursor, cut/paste
  text, change mode
  Insert   Mode: Modify text
  Ex   Mode: Save, quit, etc
• Esc exits current mode

• EscEsc always returns to command mode
vim Basics
• To use vim, you must learn to:

• Open a file

• Modify a file (insert mode)

• Save a file (ex mode)
Opening a file in vim
• To start vim:

 $ vim filename
• If the file exists, the file is opened and the
 contents are displayed
• If the file does not exist, vi creates it when the
 edits are saved for the first time
Modifying a File
Insert Mode
• i begins insert mode at the cursor

• Many other options exist

 A   append to end of line
 I   insert at beginning of line
 o   insert new a line (below)
 O   insert new line (above)
Saving a File and Exiting vim
Ex Mode
• Enter Ex Mode with :

  Creates    a command prompt at bottom-left of
  screen
• Common write/quit commands:

  :w    writes (saves) the file to disk
  :wq    writes and quits
  :q!   quits, even if changes are lost
Using Command Mode
• Default mode of vim

• Keys describe movement and text
 manipulation commands
• Commands repeat when preceded by a number

• Example

  Right   Arrow moves right one character
  5,   Right Arrow moves right five characters
Moving Around Command Mode

• Move by character: Arrow Keys, h, j, k, l

  Non-arrow keys useful for remote connections to
  older systems
• Move by word: w, b

• Move by sentence: ), (

• Move by paragraph: }, {

• Jump to line x: xG or :x

• Jump to end: G
Search and Replace
Command Mode
• Search as in less

  /,   n, N
• Search/Replace as in sed

  Affects     current line by default
  Use   x,y ranges or % for every line
    •   :1,5s/cat/dog/
    •   :%s/cat/dog/gi
Manipulating Text
Command Mode


               Change      Delete   Yank (copy)
               (replace)   (cut)
   Line              cc        dd       yy
   Letter            cl       dl        yl
   Word             cw        dw        yw
   Sentence          c)       d)        y)
   ahead
   Sentence          c(       d(        y(
   behind
   Paragraph        c}        d}        y}
   above
   Paragraph        c{        d{        y{
   below
Put (paste)
• Use p or P to put (paste) copied or deleted
 data
• For line oriented data:

 p   puts the data below the current line
 P   puts the data above the current line
• For character oriented data:

 p   puts the data after the cursor
 P   puts the data before the cursor
Undoing Changes Command Mode

• u undo most recent change

• U undo all changes to the current line since the
 cursor landed on the line
• Ctrl-r redo last "undone" change
Learning more
• vi/vim built-in help

  :help

  :help   topic
  Use   :q to exit help
• vimtutor command
Unit 9

Basic System Configuration Tools
TCP/IP Network Configuration
• Important network settings:

• IP Configuration

• Device Activation

• DNS Configuration

• Default Gateway
Managing Ethernet Connections

• Network interfaces are named sequentially:
 eth0, eth1, etc
  Multipleaddresses can be assigned to a device
  with aliases
  Aliases   are labeled eth0:1, eth0:2, etc.
  Aliases   are treated like separate interfaces
• View interface configuration with ifconfig [ethX]

• Enable interface with ifup ethX

• Disable interface with ifdown ethX
Graphical Network Configuration
system-config-network
• System->Administration->Network

• Activate/Deactivate interfaces

• Assign IP Addresses/DHCP

• Modify DNS settings

• Modify gateway address
Network Configuration Files
Ethernet Devices
• Device configuration is stored in text files

     /etc/sysconfig/network-scripts/ifcfg-ethX
• Complete list of options in /usr/share/doc/initscripts-
 */sysconfig.txt


      Dynamic Configuration       Static Configuration

      DEVICE=ethX                 DEVICE=ethX
      HWADDR=0:02:8A:A6:30:4      HWADDR=0:02:8A:A6:30:4
      5 BOOTPROTO=dhcp            5 IPADDR=192.168.0.123
      ONBOOT=yes                  NETMASK=255.255.255.0
      Type=Ethernet               GATEWAY=192.168.0.254
                                  ONBOOT=yes
                                  Type=Ethernet
Network Configuration Files
Other Global Network Settings
• Global Settings in /etc/sysconfig/network

• Many may be provided by DHCP

• GATEWAY can be overridden in ifcfg file


 NETWORKING=yes
 HOSTNAME=server1.example.com

 GATEWAY=192.168.2.254
Network Configuration Files
DNS Configuration
• Domain Name Service translates hostnames to
 network addresses
• Server address is specified by dhcp or in
 /etc/resolv.conf


     search example.com cracker.org
     nameserver 192.168.0.254
     nameserver 192.168.1.254
Unit 10

Investigating and Managing
Processes
What is a Process?
• A process is a set of instructions loaded into
 memory
• Numeric Process ID (PID) used for
 identification
• UID, GID and SELinux context determines
 filesystem access
  Normally   inherited from the executing user
Listing Processes
• View Process information with ps

    Shows processes from the current terminal by default
    a includes processes on all terminals
    x includes processes not attached to terminals
    u prints process owner information
    f prints process parentage
    o PROPERTY1,PROPERTY2,... prints custom information:
      •   pid, comm, %cpu, %mem, state, tty, euser, ruser, etc.

• Example:

    ps axo pid,%cpu,comm
Finding Processes
• Most flexible: ps options | other commands

  ps   axo comm,tty | grep ttyS0
• By predefined patterns: pgrep

 $   pgrep -U root$ pgrep -G student
• By exact program name: pidof

 $   pidof bash
Signals
• Most fundamental inter-process
 communication
• Sent directly to processes, no user-interface
 required
• Programs associate actions with each signal
• Signals are specified by name or number when
 sent:
  Signal   15, TERM (default) - Terminate cleanly
  Signal   9, KILL - Terminate immediately
  Signal   1, HUP - Re-read configuration files
  man   7 signal shows complete list
Sending Signals to Processes
• By PID: kill [signal] pid ...

• By Name: killall [signal] comm ...

• By pattern: pkill [-signal] pattern
Scheduling Priority
• Scheduling priority determines access to the
 CPU
• Priority is affected by a process' nice value

• Values range from -20 to 19 but default to 0

  Lower   nice value means higher CPU priority
• Viewed with ps o comm,nice
Altering Scheduling Priority
• Nice values may be altered...

  When    starting a process:
• $ nice -n 5 command

  After   starting:
• $ renice 5 PID

• Only root may decrease nice values
Interactive Process Management Tools

• CLI: top

• GUI: gnome-system-monitor

• Capabilities

  Display   real-time process information
  Allow   sorting, killing and re-nicing
Job Control
• Run a process in the background

  Append  an ampersand to the command line:
  firefox &
• Temporarily halt a running program

  Use    Ctrl-z or send signal 19 (STOP)
• Manage background or suspended jobs

  List   job numbers and names: jobs
  Resume     in the background: bg [%jobnum]
  Resume     in the foreground: fg [%jobnum]
  Send    a signal: kill [-SIGNAL] [%jobnum]
Scheduling a Process To Execute Later

• One-time jobs
 use, recurring
 jobs use crontab
• Non-redirected
 output is mailed               at          crontab
 to the user      Createat      time        crontab -e
• root can modify
 jobs for other
 users              Listat      -l          crontab -l
                    Detailsat   -c jobnum   N/A


                    Removeat    -d jobnum   crontab -r


                    Edit        N/A         crontab -e
Crontab File Format
• Entry consists of five space-delimited fields
 followed by a command line
  One   entry per line, no limit to line length
• Fields are minute, hour, day of month, month,
 and day of week
• Comment lines begin with #

• See man 5 crontab for details
Grouping Commands
• Two ways to group commands:

• Compound: date; who | wc -l

  Commands      run back-to-back
• Subshell: (date; who | wc -l) >> /tmp/trace

  All   output is sent to a single STDOUT and STDERR
Exit Status
• Processes report success or failure with an
 exit status
 0   for success, 1-255 for failure
    stores the exit status of the most recent
  $?
  command
  exit     [num] terminates and sets status to num
• Example:

 $   ping -c1 -W1 station999 &> /dev/null
 $   echo $?
        2
Conditional Execution Operators
• Commands can be run conditionally based on
exit status
  &&    represents conditional AND THEN
  ||   represents conditional OR ELSE
• Examples:

 $ grep -q no_such_user /etc/passwd
  || echo 'No such user' No such user$ ping -c1 -
  W2 station1 &> /dev/null \
  > && echo "station1 is up"       \
  > || (echo 'station1 is unreachable'; exit 1)
  station1 is up
The test Command
• Evaluates boolean statements for use in
 conditional execution
  Returns   0 for true
  Returns   1 for false
• Examples in long form:

 $ test "$A" = "$B" && echo "Strings are equal"
  $ test "$A" -eq "$B" && echo "Integers are equal"
• Examples in shorthand notation:

 $ [ "$A" = "$B" ] && echo "Strings are equal"
  $ [ "$A" -eq "$B" ] && echo "Integers are equal"
File Tests
• File tests:

• -f tests to see if a file exists and is a regular
 file
• -d tests to see if a file exists and is a directory

• -x tests to see if a file exists and is executable

  [   -f ~/lib/functions ] && source ~/lib/functions
Unit 11

Configuring the Bash Shell
Environment Variables
• Bash variables are local to a single shell by
 default
  Set   with VARIABLE=VALUE
• Environment variables are inherited by child
 shells
  Set   with export VARIABLE=VALUE
  Accessed   by some programs for configuration
Some Common Variables
• Configuration variables

  PS1:   Appearance of the bash prompt
  PATH:    Directories to look for executables in
  EDITOR:    Default text editor
  HISTFILESIZE:     Number of commands in bash
  history
  Information   variables
  HOME:    User's home directory
  EUID:   User's effective UID
Aliases
• Aliases let you create shortcuts to commands

 $   alias dir='ls -laF'
• Use alias by itself to see all set aliases

• Use alias followed by an alias name to see
 alias value
 $   alias dir alias dir='ls -laF'
How bash Expands a Command Line
•   Split the line into words
•   Expand aliases
•   Expand curly-brace statements ({})
•   Expand tilde statements (~)
•   Expand variables ($) and Command-
    substitution ($() and ``)
•   Split the line into words again
•   Expand file globs (*, ?, [abc], etc)
•   Prepare I/O redirections (<, >)
•   Run the command!
Preventing Expansion
• Backslash ( \ ) makes the next character
 literal
• $ echo Your cost: \$5.00
  Your    cost: $5.00
• Quoting prevents expansion

  Single    quotes (') inhibit all expansion
  Double     quotes (") inhibit all expansion, except:
    •   $ (dollar sign) - variable expansion
    •   ` (backquotes) - command substitution
    •   \ (backslash) - single character inhibition
    •   ! (exclamation point) - history substitution
Login vs non-login shells
• Startup is configured differently for login and
 non-login shells
• Login shells are:

  Any      shell created at login (includes X login)
  su   -
• Non-login shells are:

  su

  graphical     terminals
  executed      scripts
  any      other bash instances
Bash startup tasks: profile
• Stored in /etc/profile (global) and
 ~/.bash_profile (user)
• Run for login shells only

• Used for

  Setting   environment variables
  Running   commands (eg mail-checker script)
Bash startup tasks: bashrc
• Stored in /etc/bashrc (global) and ~/.bashrc
 (user)
• Run for all shells

• Used for

• Setting local variables

• Defining aliase
Sourcing files
• Changes to profile and bashrc files need to be
 sourced
• Two methods:

 .

  source

• Shell scripts can source other files:

 .   ~/.bashrc
Bash exit tasks
• Stored in ~/.bash_logout (user)

• Run when a login shell exits

• Used for

  Creating   automatic backups
  Cleaning   out temporary files
Unit 12

Finding and Processing Files
locate
• Queries a pre-built database of paths to files
 on the system
  Database    must be updated by administrator
  Full   path is searched, not just filename
• May only search directories where the user has
 read and execute permission
locate Examples
 # locate passwd
 Search for files with "passwd" in the name or
 path
• Useful options

  -i   performs a case-insensitive search
  -n   X lists only the first X matches
  -eDIR1,DIR2,... excludes the search from the
  directories DIR1, DIR2, etc
find
 # find [dir1 dir2 ...] [criteria...]
• Searches directory trees in real-time

  Slower    but more accurate than locate
  CWD     is used if no starting directory given
  All   files are matched if no criteria given
• Can execute commands on found files

• May only search directories where the user has
 read and execute permission
Basic find Examples
• find -name snow.png

     Search for files named snow.png in the current directory
• find -iname snow.png

     Case-insensitive search for files named snow.png, Snow.png,
      SNOW.PNG, etc. in the current directory
• find / -name *.txt

     Search for files anywhere on the system that end in .txt
• find /etc -name *pass*

     Search for files in /etc/ that contain pass in their name
• find /home -user joe -group joe

     Search for files owned by the user joe and the group joe in
      /home/
find and Logical Operators
• Criteria are ANDed together by default.

• Can be OR'd or negated with -o or -not

• Parentheses can be used to determine logic
 order, but must be escaped in bash.
  find   -user joe -not -group joe
  find   -user joe -o -user jane
  find   -not \( -user joe -o -user jane \)
find and Permissions
• Can match ownership by name or id

  find   / -user joe -o -uid 500
• Can match octal or symbolic permissions

  find   -perm 755
    •   matches if mode is exactly 755

  find   -perm +222
    •   matches if anyone can write

  find   -perm -222
    •   matches if everyone can write

  find   -perm -002
    •   matches if other can write
find and Numeric Criteria
• Many find criteria take numeric values

• find -size 10M

  Files   with a size of exactly 10 megabytes
• find -size +10M

  Files   with a size over 10 megabytes
• find -size -10M

  Files   with a size less than 10 megabytes
• Other modifiers are available such as k for KB,
 G for GB, etc.
Executing Commands with find
• Commands can be executed on found files

• Command must be preceded with -exec or -ok

  -ok   prompts before acting on each file
• Command must end with Space\;

• Can use {} as a filename placeholder

• find -size +100M -ok mv {} /tmp/largefiles/ \;
find Execution Examples
• find -name "*.conf" -exec cp {} {}.orig \;

     Back up configuration files from the current directory,
      adding a .orig extension
• find /tmp -ctime +3 -user joe -ok rm {} \;

     Prompt to remove Joe's tmp files that are over 3 days old
• find ~ -perm -002 -exec chmod o-w {} \;

     Fix other-writable files in your home directory
• find /home -type d -ls

     Do an ls -l style listing of all directories in /home/
• find /data -type f -perm 644 -name *.sh -
 ok chmod 755 {} \;
     Find files that end in .sh found in the /data/ directory with a
      current permission of 644, and ask to make them executable
The Gnome Search Tool
• Places->Search for Files...

• Graphical tool for searching by

  name

  content

  owner/group

  size

  modification   time
Unit 13

Network Clients
Web Clients
• GUI and Non-GUI web browsers
Firefox
• Fast, lightweight, feature-rich web browser

  Tabbed    browsing
  Popup    blocking
  Cookie   management
  Multi-engine   search bar
  Support   for many popular plug-ins
  Themes    and Extensions
links
• links a non-GUI web browser

• Provided by the elinks rpm

• Full support for frames and ssl

• Examples

  links   http://www.redhat.com
  links   -dump http://www.redhat.com
  links   -source http://www.redhat.com
OpenSSH: Secure Remote Shell
• Secure replacement for older remote-access
 tools
• Allows authenticated, encrypted access to
 remote systems
  ssh   [user@]hostname
  ssh   [user@]hostname command
OpenSSH Key-based Authentication

• Optional, password-less, but still secure,
 authentication
• Uses two keys generated by ssh-keygen:

  private   key stays on your system
    •   Usually passphrase-protected (recommended)

  public   key is copied to destination with ssh-copy-
  id
    •   ssh-copy-id -i ~/.ssh/id_rsa.pub [user@]host
FTP Clients
• CLI: lftp

 $ lftp ftp.example.com$ lftp -u joe ftp.example.com

   Automated     transfers with lftpget
• GUI: gFTP

   Applications->Internet->gFTP

   Allows    Drag-and-Drop transfers
   Anonymous      or authenticated access
   Optional   secure transfer via ssh (sftp)
smbclient
• FTP-like client to access SMB/CIFS resources

• Examples:

  smbclient   -L //server1 lists shares on server1
  smbclient -U student //server1/homes
  accesses a share
File Transfer with Nautilus
• Places->Connect to Server

• Graphically browse with multiple protocols

• Allows drag-and-drop file transfers

• Supported connection types: FTP, SFTP, SMB,
 WebDAV, Secure WebDAV
• Can also connect via url:

  File->Open   Location
Network Diagnostic Tools
• ping

• traceroute

• host

• dig

• netstat
Unit 15

Advanced Topics in Users, Groups and
Permissions
User and Group ID Numbers
• User names map to user ID numbers

• Group names map to group ID numbers

• Data stored on the hard disk is stored
 numerically
/etc/passwd, /etc/shadow, and
/etc/group files
Authentication information is stored in plain
 text files:
• /etc/passwd

• /etc/shadow 存的是用户口令

• /etc/group

• /etc/gshadow 创建用户组时用户组存的口令
User Management Tools
• Graphical tools

  system-config-users   图形化工具下创建用户
• Command-line

  useradd

  Usermod   对用户属性进行更改
  userdel删除用户帐号     不删除用户对应的主目录
  Userdel   [-r]删除用户对应的主目录
System Users and Groups
• Server programs such as web or print servers
 typically run as unprivileged users, not as root
  Examples:   daemon, mail, lp, nobody
• Running programs in this way limits the
 amount of damage any single program can do
 to the system
Monitoring Logins 查看系统登录状态
• Connected users: w 查看当前系统登录

• Recent Logins: last(前几天登录系统的帐号), lastb
(查看最近几天登录系统失败的帐号), lastlog (查看本
地系统所有帐号最近几天登录帐号)
Default Permissions 默认权限
• Default permission for directories is 777 minus
 umask
• Default permission for files is the directory
 default without execute permission.
• umask is set with the umask command.

• Non-privileged users' umask is 002

  Files   will have permissions of 664
  Directories   will have permissions of 775
• root's umask is 022
Special Permissions for Executables
Special permissions for executables:
• suid: command run with permissions of the
 owner of the command, not executor of the
 command 只针对可执行文件,而不针对非可执行文件和
 文本文件
• sgid: command runs with group affiliation of
 the group of the command
Special Permissions for Directories
• Special permissions for directories:

• sticky bit: files in directories with the sticky bit
 set can only be removed by the owner and root,
 regardless of the write permissions of the
 directory置了粘粘位权限 只能被文件所有者和根用户删除
• sgid: files created in directories with the sgid
 bit set have group affiliations of the group of
 the directory
Unit 15

The Linux Filesystem In-Depth
Partitions and Filesystems
• Disk drives are divided into partitions

• Partitions are formatted with filesystems,
 allowing users to store data
• Default filesystem: ext3, the Third Extended
 Linux Filesystem
• Other common filesystems:

  ext2   and msdos (typically used for floppies)
  iso9660   (typically used for CDs)
  GFS    and GFS2 (typically for SANs)
Inodes
• An inode table contains a list of all files in an
 ext2 or ext3 filesystem
• An inode (index node) is an entry in the table,
 containing information about a file (the
 metadata), including:
  file   type, permissions, UID, GID
  thelink count (count of path names pointing to
  this file)
  the    file's size and various time stamps
  pointers   to the file's data blocks on disk
  other    data about the file
Directories
• The computer's reference for a file is the inode
 number
• The human way to reference a file is by file
 name
• A directory is a mapping between the human
 name for the file and the computer's inode
 number
Inodes and Directories
cp and inodes
• The cp command:

  Allocatesa free inode number, placing a new
  entry in the inode table
         a dentry in the directory, associating a
  Creates
  name with the inode number
  Copies   data into the new file
mv and inodes
• If the destination of the mv command is on the
 same file system as the source, the mv
 command:
  Creates   a new directory entry with the new file
  name
  Deletes   the old directory entry with the old file
  name
• Has no impact on the inode table (except for a
 time stamp) or the location of data on the disk:
 no data is moved!
• If the destination is a different filesystem, mv
 acts as a copy and remove
rm and inodes
• The rm command:

  Decrementsthe link count, thus freeing the inode
  number to be reused
  Places   data blocks on the free list
  Removes     the directory entry
• Data is not actually removed, but will be
 overwritten when the data blocks are used by
 another file
Hard Links不能跨分区 节约iload的号
• A hard link adds an additional dentry to
 reference a single file
  One    physical file on the filesystem
  Each    directory references the same inode number
  Increments      the link count
    •   The rm command decrements the link count
    •   File exists as long as at least one link remains
    •   When the link count is zero, the file is removed

  Cannot     span drives or partitions
• Syntax:

  ln   filename [linkname]
Symbolic (or Soft) Links 能跨分区 节约磁盘

• A symbolic link points to another file

  ls   -l displays the link name and the referenced file
 lrwxrwxrwx 1 joe joe 11 Sep 25 18:02 pf -> /etc/passwd

  File   type: l for symbolic link
  The  content of a symbolic link is the name of the
  file that it references
• Syntax:

  ln   -s filename linkname
Checking Free Space 查看磁盘空间
• df - Reports disk space usage 针对每个磁盘容量

  Reports total kilobytes, kilobytes used, kilobytes
  free per file system
  -h   and -H display sizes in easier to read units
• du - Reports disk space usage 针对每个目录的容量

  Reports    kilobytes used per directory
  Includes    subtotals for each subdirectory
   •    -s option only reports single directory summary

  Also   takes -h and -H options
• Applications->System Tools->Disk Usage
Analyzer or baobab - Reports disk space usage
graphically
Removable Media
• Mounting integrates a foreign filesystem into
 the main tree.
• Before accessing, media must be mounted

• Before removing, media must be unmounted

• In Gnome and KDE, devices auto-mount under
 /media/
• In console, root manually mounts devices
 under /mnt/
    # mkdir /mnt/floppy
    # mount /dev/fd0 /mnt/floppy
    # umount /dev/fd0
CDs and DVDs
• Automatically mounted in Gnome/KDE

  Accessible   from:
    •   Computer desktop icon, CD-ROM
    •   CD-ROM Desktop icon
    •   /media/disk_label or /media/CDROM

• Ejected with:

  Right   Click->Eject
  eject   /dev/cdrom
USB Media
• Detected by the kernel as SCSI devices

  /dev/sda,    /dev/sdaX, /dev/sdb, /dev/sdbX, etc.
• Automatically mounted in Gnome/KDE

  Similar   location as CDs
   •   /media/disk_label or /media/disk

  Unmounted      with:
   •   Right Click->Eject
   •   umount /dev/sdaX
Floppy Disks
• DOS floppies can be accessed with mtools

  Mounts   and unmounts device transparently
  Can   be used by non-root users
  Uses   DOS naming conventions
   •   mdir a:
   •   mcopy /home/file.txt a:

• Otherwise, users must mount floppies
 manually
Archiving Files and Compressing
Archives
• Archiving places many files into one target file

  Easier   to back up, store, and transfer
  tar   - standard Linux archiving command
• Archives are commonly compressed

  Algorithm   applied that compresses file
  Uncompressing     restores the original file
     natively supports compression using gzip and
  tar
  gunzip, or bzip2 and bunzip2
Creating, Listing, and Extracting File
Archives
• Action arguments (one is required):

  -c   create an archive
  -t   list an archive
  -x   extract files from an archive
• Typically required:

  -f   archivename name of file archive
• Optional arguments:

  -z   use gzip compression
  -j   use bzip2 compression
  -v   be verbose
Creating File Archives: Other Tools

• zip and unzip

   Supports    pkzip-compatible archives
   Example:

• zip -r etc.zip /etc unzip etc.zip

• file-roller

   Graphical,   multi-format archiving tool
Unit 16

Package Management
About yum
• Front-end to rpm

• Designed to resolve package dependencies

• Can locate packages across multiple
 repositories
• Replacement for up2date
yum: Installation and Removal
• yum install package...

• yum localinstall rpmfile...

• yum groupinstall packagegroup...

• yum remove package...

• yum update [package...]

  .rpmnew   versus .rpmsave
yum: Queries
• Searching packages

  yum   search searchterm
  yum   list [all] [package_glob]
  yum list
  (available|updates|installed|extras|obsoletes
  [package_glob])
  yum   info package
  yum   groupinfo packagegroup
• Searching files

  yum   whatprovides filename
Configuring Additional Repositories
• Create a file in /etc/yum.repos.d/ for your
 repository, name ending in .repo, containing:
  [repo-name]

  name=A    nice description
  baseurl=http://yourserver.com/path/to/repo

  enabled=1

  gpgcheck=1

• Repository information is cached. To clear the
 cache:
  yum   clean dbcache|all
Red Hat Network
• Centralized platform for systems management

  Provides   Red Hat software packages
  Shows    if errata are available for systems
  Can   update many systems at once
  Allows   full life cycle management
• Web based management interface

• Uses HTTPS for all transactions
Red Hat Network Server
• rhn.redhat.com or local Satellite/Proxy

  Web   based management of machines
  RHN   Proxy caches RHN traffic
  RHN   Satellite provides an autonomous RHN
• RHN Accounts

  RHNUsers for registration of machines and web
  based management
  SystemID for automatic authentication of
  systems
RHN Entitlements
• Grant access to software channels

  Base    Channel
  Child   Channel(s)
• Define level of service

  Update

  Management

  Provisioning

  Monitoring
Red Hat Network Client
• Registration

     Run rhn_register
     Select the updates location (RHN or local satellite/proxy)
     Enter Account information
• Interactive usage

     yum plug-in for downloading packages from RHN
     Configuration in /etc/yum/pluginconf.d/rhnplugin.conf
• Remote management

     rhnsd polls RHN every four hours
     rhn_check polls immediately
RPM Package Manager
• Under the hood of yum and RHN

• RPM Components

  Local   database
  rpm   and related executables or frontends
  Package   files
• Primary Functions

  Install/Remove

  Query

  Verify
rpm: Installation and Removal
• Primary RPM options:

  Install:   rpm -i | --install rpmfile...
  Upgrade:     rpm -F | --freshen rpmfile...
  Upgrade     or Install: rpm -U | --upgrade rpmfile...
  Removal:     rpm -e | --erase package...
• Output options: -v, -h

• Many other install-options are available to
 address special cases: --replacepkgs, --
 oldpackage, etc.
• URL support: ftp:// (with globbing), http://
rpm: Queries
• Four basic types of queries:

  rpm    -qa
  rpm    -q package
  rpm    -qf file_path_name
  rpm    -qp rpmfile
• Types of information to query:

  -i   general information about package
  -l   list of files in package
  Many     others
rpm: Verification
• Installed package file verification:

  rpm   -V package
  rpm   -Vp rpmfile
  rpm   -Va
• Signature verification BEFORE package install:

  rpm   --import RPM-GPG-KEY-redhat-release
  rpm   -K rpmfile
Updating a Kernel RPM
• Make sure to install kernel updates

  yum handles this transparently with either update
  or install
  Do   not use rpm -U or rpm -F ! Use rpm -i !
• Updating a kernel

  yum    update kernel
  Boot   new kernel to test
  Revert   to old kernel if a problem arises
  yum    remove kernel-oldversion if no problems
Unit 17

System Initialization
Boot Sequence Overview
• BIOS initialization

• Bootloader

• Kernel initialization

• init starts and enters desired run level by
 executing:
  /etc/rc.d/rc.sysinit

  /etc/rc.d/rc   and /etc/rc.d/rc[0-6].d/
  /etc/rc.d/rc.local

  Virtual   consoles
 X   Display Manager if appropriate
BIOS Initialization
• Peripherals detected

• Boot device selected

• First sector of boot device read and executed
Starting the Boot Process: GRUB
• Image selection

        with space followed by up/down arrows on
  Select
  the boot splash screen
• Argument passing

  Change   an existing stanza in menu editing mode
      boot commands interactively on the GRUB
  Issue
  command line
Bootloader Components
• Bootloader

  1st   Stage - small, resides in MBR or boot sector
  2nd   Stage - loaded from boot partition
• Minimum specifications for Linux:

        kernel location, OS root filesystem and
  Title,
  location of the initial ramdisk (initrd)
• Minimum specification for other OS:

  Title,   boot device
GRUB and grub.conf
• GRUB “the GRand Unified Bootloader”

  Command-line    interface available at boot prompt
  Bootfrom ext2/ext3, ReiserFS, JFS, FAT, minix, or
  FFS file systems
  Supports   MD5 password protection
• /boot/grub/grub.conf

• Changes to grub.conf take effect immediately

• If MBR on /dev/hda is corrupted, reinstall the
 first stage bootloader with:
  /sbin/grub-install   /dev/hda
Kernel Initialization
• Kernel boot time functions

• Device detection

• Device driver initialization

• Mounts root filesystem read only

• Loads initial process (init)
init Initialization
• init reads its config: /etc/inittab

• Initial run level

• System initialization scripts

• Run level specific script directories

• Trap certain key sequences

• Define UPS power fail / restore scripts

• Spawn gettys on virtual consoles

• Initialize X in run level 5
Run Levels
• init defines run levels 0-6, S, emergency

• The run level is selected by either

  Default   in /etc/inittab at boot
• id:5:initdefault:

  Passing   an argument from the bootloader
  Using   the command init new_runlevel
• Show current and previous run levels

  /sbin/runlevel
/etc/rc.d/rc.sysinit
• Important tasks include:

• Activate udev and selinux

• Sets kernel parameters in /etc/sysctl.conf

• Sets the system clock

• Loads keymaps

• Enables swap partitions

• Sets hostname

• Root filesystem check and remount

• Activate RAID and LVM devices

• Enable disk quotas
• Check and mount other filesystems

• Cleans up stale locks and PID files
/etc/rc.d/rc
• /etc/rc.d/rc defines which services to start

• l5:5:wait:/etc/rc.d/rc 5

• Each run level has a corresponding directory:

  /etc/rc.d/rc5.d/

• The System V init scripts reside in:

  /etc/rc.d/init.d/

• Symbolic links in the run level directories call
 the init.d scripts with a start or stop argument
/etc/rc.d/rc.local
• Run after the run level specific scripts

• Common place for custom modification

• In most cases it is recommended that you
 create a System V init script in
 /etc/rc.d/init.d/ unless the service you are
 starting is so trivial it does not warrant it.
 Existing scripts can be used as a starting point
The xinetd service
• Manages transient services upon demand

  Less-frequently   needed services
  Host-based    authentication
  Service   statistics and logging
  Service   IP redirection
• Configuration files: /etc/xinetd.conf,
 /etc/xinetd.d/service
Controlling Services
• Utilities to control default service startup
  system-config-services:   graphical utility that
  requires an X interface
  ntsysv:ncurses based utility usable in virtual
  consoles
  chkconfig: a fast, versatile command line utility
  that works well and is usable with scripts and
  Kickstart installations
• Utilities to control services manually

  service:   immediately start or stop a standalone
  service
           immediately starts and stops xinetd-
  chkconfig:
  managed services
Unit 18

Kernel Services
The Linux Kernel
• The kernel constitutes the core part of the Linux
 operating system
• Kernel duties:

     System initialization: detects hardware resources and boots
      up the system
     Process scheduling: determines when processes should run
      and for how long
     Memory management: allocates memory on behalf of
      running processes
     Security: constantly verifies filesystem permissions, SELinux
      contexts and firewall rules
     Provides buffers and caches to speed up hardware access
     Implements standard network protocols and filesystem
      formats
• Documentation available in the kernel-doc RPM package
Kernel Images and Variants
• Architectures supported: x86, x86_64,
 IA64/Itanium, PowerPC64, s390x
• Three kernel versions available for x86:

  Regular:    one or more processors but 4GB of RAM
     or less
  PAE:   multiple processors and up to 16GB of RAM
  Xen:   needed for virtualization
• Kernels always installed under /boot/vmlinuz-
 *
Kernel Modules
• Modules are small kernel extensions that may
 be loaded and unloaded at will
• Can implement drivers, filesystems, firewall,
 and more
• Are located under /lib/modules/$(uname -r)/

• Compiled for a specific kernel version and are
 provided with the kernel RPM
• Third party modules may be added
Kernel Module Utilities
• lsmod provides a list of loaded modules

• modprobe can load and unload modules

• modinfo displays information about any
 available module
• /etc/modprobe.conf used for module
 configuration:
  Parameters    to pass to a module whenever it is
  loaded
  Aliases   to represent a module name
  Commands     to execute when a module is loaded or
  unloaded
The Chicken/Egg Module Problem and
the Initial RAM Disk
• To mount the root filesystem, the kernel typically needs
 to load modules
     Examples: ext3, jbd, raid1, scsi_mod
• An initial RAM disk provides modules

     Compressed cpio archive containing modules, other material
     Created at install time
     Specific to a particular hardware and software platform
     Made available to the kernel by GRUB
• Use mkinitrd to rebuild

     mkinitrd /boot/initrd-$(uname -r).img $(uname -r)
Kernel Configuration With /proc
• /proc used to get or set kernel configuration

• Virtual filesystem: files not stored on hard disk

• Entries not persistent: modifications get
 reinitialized after a reboot
• Used to display process information, memory
 resources, hardware devices, kernel memory,
 etc.
• Can be used to modify network and memory
 subsystems or modify kernel features
• Modifications apply immediately
/proc Examples
• Read-only files:
  /proc/cpuinfo

  /proc/1/*

  /proc/partitions

  /proc/meminfo

• Read-Write entries under /proc/sys/:
  /proc/sys/kernel/hostname

  /proc/sys/net/ipv4/ip_forward

  /proc/sys/vm/drop_caches

  /proc/sys/vm/swappiness
sysctl : Persistent Kernel Configuration

• sysctl adds persistence to /proc/sys settings

• Statements added to /etc/sysctl.conf
 automatically processed during boot
• Configuration maintained or monitored using
 the sysctl command:
  List   all current settings: sysctl -a
  Reprocess     settings from sysctl.conf: sysctl -p
  Seta /proc value dynamically: sysctl -w
  net.ipv4.ip_forward=1
Exploring Hardware Devices
• A snapshot of all connected devices is
 maintained by HAL: Hardware Abstraction
 Layer
• hal-device lists all devices in text mode

• hal-device-manager displays all devices on a
 graphical window
• lspci and lsusb list devices connected to the
 PCI and USB buses, respectively
• The /proc and /sys filesystems also contain
 bus and device specific information
Monitoring Processes and Resources

• Information available under /proc/ can be
 hard to understand
• Interfaces are available to format the data and
 make it more accessible:
  Memory:    free, vmstat, swapon -s, pmap
  Processes:   ps, top, gnome-system-monitor
  Kernel   state: uname, uptime, tload
Unit 19

System Services
Console Access
• Physical Console

• Virtual Console

• Serial Console

• System Console

• Pseudoterminal
XOrg: The X11 Server
• Foundation for the Red Hat Enterprise Linux
 graphical user interface(GUI)
• Open source implementation of X11

• Client / server architecture

• Core server with dynamically loaded modules

  Drivers:   ati, nv, mouse, keyboard, etc.
  Extensions:   dri, glx, and extmod
• Font rendering

  Native   server: xfs
  Fontconfig/Xft   libraries
XOrg Server Configuration
• Auto-configured as part of installation or even
 at runtime
• Post-install manual configuration:

  system-config-display   [--reconfig]
  Stored   in /etc/X11/xorg.conf
• /etc/sysconfig/desktop

  Runlevel   3: startx
  Runlevel   5: prefdm
SSH: Secure Shell
• Encrypted remote shell

• Frequently used for remote system
 administration
• Can copy files securely

• Can execute commands remotely

• ssh root@host 'ifconfig eth0'

• Supports key based authentication
VNC: Virtual Network Computing
• Allows to access or share a complete desktop over the
 network
• Uses significantly less bandwidth than pure remote X desktops
• Server
     Individual users can start a VNC server with the command:
      vncserver
     Runs $HOME/.vnc/xstartup upon startup
     Requires a VNC password which should not be identical to the
      system password
     Servers can automatically be started via /etc/init.d/vncserver
• Client
     Connects to a remote VNC server with vncviewer host:screen
     Unique screen numbers distinguish between multiple VNC servers
      running on the same host
     Supports tunneling through SSH: vncviewer -via user@host
      localhost:1
System Logging
• Centralized logging daemons: syslogd, klogd,
 auditd
• Log file examples:
  /var/log/dmesg:     Kernel boot messages
  /var/log/messages:     Standard system error
  messages
  /var/log/maillog:   Mail system messages
  /var/log/secure:    Security, authentication, and
  xinetd messages
  /var/log/audit/audit.log:   Kernel auditing messages
• Application log files and directories also reside
 in /var/log
syslog Configuration
• syslog System V initialization script in
 /etc/rc.d/init.d/ controls both the syslogd and
 the klogd daemons
• /etc/syslog.conf

  Configures   system logging
• /etc/sysconfig/syslog

  Setsswitches used when starting syslogd and
  klogd from the System V initialization script
cron
• Used to schedule recurring events

• Use crontab to edit, install, and view job
 schedules
  crontab   [-u user] file
  crontab   [-l|-r|-e]
• Restrict / allow user access to crond

  /etc/cron.allow

  /etc/cron.deny
System crontab Files
• Different format than user crontab files

• Master crontab file /etc/crontab runs
 executables in
  /etc/cron.hourly

  /etc/cron.daily

  /etc/cron.weekly

  /etc/cron.monthly

• /etc/cron.d/ directory contains additional
 system crontab files
Daily Cron Jobs
• tmpwatch

     Cleans old files in specific directories
     Keeps /tmp from filling up
• logrotate

     Keeps log files from getting to large
     Highly configurable in /etc/logrotate.conf
• logwatch

     Provides a summary about system activity
     Reports suspicious messages
     Configuration file: /etc/logwatch/conf/logwatch.conf
The anacron System
• anacron runs cron jobs that did not run when the
 computer is down
     Assumes computers are not up continually
     Vital for laptops, desktops, workstations, and other systems
      that are not up continually
     Useful for servers that need to be taken down temporarily
• Configuration file: /etc/anacrontab

     Field 1: If the job has not been run in this many days...
     Field 2: wait this number of minutes after reboot and then
      run it
     Field 3: job identifier
     Field 4: the job to run
Unit 20

Filesystem Management
Overview: Adding New Filesystems to
the Filesystem Tree
• Identify device

• Partition device

• Make filesystem

• Label filesystem

• Create entry in /etc/fstab

• Mount new filesystem
Device Recognition
• Master Boot Record ( MBR ) contains:

• Executable code to load operating system

• Space for partition table information, including:

  Partition   id or type
  Starting    cylinder for partition
  Number      of cylinders for partition
Disk Partitioning
• An extended partition points to additional
 partition descriptors
• Total maximum number of partitions
 supported by the kernel:
  63   for IDE drives
  15   for SCSI drives
• Why partition drives?

  containment,   performance, quotas, recovery
Managing Partitions
• Create partitions using:

  fdisk

  sfdisk

  GNU parted - advanced partition manipulation
  (create, copy, resize, etc.)
• partprobe - reinitializes the kernel's in-
 memory version of the partition table
Making Filesystems
• mkfs

• mkfs.ext2, mkfs.ext3, mkfs.msdos

• Specific filesystem utilities can be called
 directly
  mke2fs   [options] device
Filesystem Labels
• Alternate way to refer to devices

• Device independent

• e2label special_dev_file [fslabel]

• mount [options] LABEL=fslabel mount_point

• blkid can be used to see labels and filesystem
 type of all devices
tune2fs
• Adjusts filesystem parameters

  Reserved   blocks
  Default   mount options
  fsck   frequency
• View current settings with dumpe2fs
Mount Points and /etc/fstab
• Configuration of the filesystem hierarchy

• Used by mount, fsck, and other programs

• Maintains the hierarchy between system
 reboots
• May use filesystem volume labels in the device
 field
• The mount -a command can be used to mount
 all filesystems listed in the /etc/fstab
Mounting Filesystems with mount
• mount [options] device mount_point

• -t vfstype (normally not needed)

• -o options

• Default options: rw, suid, dev, exec, and async
Unmounting Filesystems
• umount [options] device | mount_point

• Cannot unmount a filesystem that is in use

  Use   fuser to check and/or kill processes
• Use the remount option to change a mounted
 filesystem's options atomically
  mount   -o remount,ro /data
Handling Swap Files and Partitions
• Swap space is a supplement to system RAM

• Basic setup involves:

• Creating a swap partition or file

• Writing special signature using mkswap

• Adding appropriate entries to /etc/fstab

• Activating swap space with swapon -a
Mounting NFS Filesystems
• Makes a remote NFS filesystem work as
 though it were a local filesystem
• /etc/fstab can be used to specify persistent
 network mounts
• NFS shares are mounted at boot time by
 /etc/init.d/netfs
• Exports can be mounted manually with the
 mount command.
• mkdir /mnt/server1 mount -
 t nfs server1:/var/ftp/pub /mnt/server1
Automounter
• Processes monitor access, mounting on demand,
 unmounting after interval of inactivity
• Indirect maps control the entire directory, creating the
 subdirectory/mountpoint on demand:
• /etc/auto.master: /misc /etc/auto.misc /etc/auto.misc:
 server1   -ro,soft   server1:/var/ftp/pub
• Metacharacters can support wildcard directory names *
 and &
• Special map -hosts to “browse” all NFS exports on the
 network
• Direct maps include absolute path names and do not
 obscure local directory structure
Unit 21

User Administration
Adding a New User Account
• Most common method is useradd:

  useradd    [options] username
• Running useradd is equivalent to:

         /etc/passwd, /etc/shadow, /etc/group,
  editing
  /etc/gshadow
  creating   and populating home directory
  setting   permissions and ownership
• Set account password using passwd

• Accounts may be added in a batch with
 newusers
User Private Groups
• When user accounts are created, a private
 group is also created with the same name
  Users    are assigned to this private group
  User's   new files affiliated with this group
• Advantage: Prevents new files from belonging
 to a “public” group
• Disadvantage: May encourage making files
 “world-accessible”
Modifying / Deleting User Accounts
• To change fields in a user's /etc/passwd entry
 you can:
  Edit   the file by hand
  Use    usermod [options] username
• To remove a user either:

  Manuallyremove the user from /etc/passwd,
  /etc/shadow, /etc/group, /etc/gshadow,
  /var/spool/mail, etc.
  Use    userdel [-r] username
Password Aging Policies
• By default, passwords do not expire

• Forcing passwords to expire is part of a strong
 security policy
• Modify default expiration settings in
 /etc/login.defs
• To modify password aging for existing users,
 use the chage command
  chage   [options] username
Group Administration
• Entries added to /etc/group and
 /etc/gshadow
• groupadd

• groupmod

• groupdel
Switching Accounts
• Syntax

  su   [-] [user]
  su   [-] [user] -c command
• Allows the user to temporarily become another
 user
  Default   user is root
• The “-” option makes the new shell a login
 shell
sudo
• Users listed in /etc/sudoers execute
 commands with:
  an   effective user id of 0
  group   id of root's group
  execution   being logged
• Edit /etc/sudoers with visudo

• An administrator will be contacted if a user not
 listed in /etc/sudoers attempts to use sudo
SUID and SGID Executables
• Normally processes started by a user run
 under the user and group identity of that user
• SUID and/or SGID bits set on an executable
 file cause it to run under the user and/or
 group identity of the file's owner and/or group
SGID Directories
• Used to create a collaborative directory

• Normally, files created in a directory belong to
 the user's default group
• When a file is created in a directory with the
 SGID bit set, it belongs to the same group as
 the directory
The Sticky Bit
• Normally users with write permissions to a
 directory can delete any file in that directory
 regardless of that file's permissions or
 ownership
• With the sticky bit set on a directory, only the
 owner of a file can delete the file
• Example:

• ls -ld /tmp
 drwxrwxrwt 12 root root 4096 Nov 2 15:44 /t
 mp    ^
Default File Permissions
• Read and write (not execute) for all is the
 default for files
• Read, write and execute is the default for
 directories
• umask can be used to withhold permissions on
 file creation
• Non-system users' umask is 002

  Files   will have permissions of 664
  Directories   will have permissions of 775
  These    permissions facilitate group collaboration
Unit 22

Network Configuration
Network Interfaces
• Networking scripts refer to logical interface
 names:
  Ethernet:   eth0, eth1 ...
  Dial-up:   ppp0, ppp1 ...
  Loopback:    lo
• Interface configured in:

  /etc/sysconfig/network-scripts/ifcfg-ethX

• Display network interfaces/configuration by
 using:
  ip   [-s] link [show [ethX]]
  ip   addr [show [ethX]]
Driver Selection
• All drivers for network interface cards are built
 as modules
• /etc/modprobe.conf maps logical names to
 specific modules:
  alias   eth0 3c59x
• Secondary “card selection” can be specified in
 the interface configuration file, ifcfg-ethX
  HWADDR=00:0D:60:FB:CA:61
IPv4 Interface Configuration
• Dynamic configuration:

  BOOTPROTO=dhcp

• Static configuration:

  IPADDR=10.0.0.1

  NETMASK=255.255.255.0

• To apply changes:

  ifdown   ethX ; ifup ethX
Device Aliases
• Useful for virtual hosting

• Bind multiple IP addresses to a single NIC

  eth1:1

  eth1:2

  eth1:3

• Create a separate interface configuration file
 for each device alias:
  ifcfg-ethX:xxx

  Must   use static networking
Routing Table
• Defines path to all systems

• Local destinations are physically transmitted
 to directly
• Remote destinations are physically
 transmitted to local “gateway”
• View table with:

• # ip route
 10.0.0.0/24 dev eth0 proto kernel scope link sr
 c 10.0.0.1 default via 10.0.0.254 dev eth0
Default Gateway
• Used when no route entry is matched

• Might be obtained dynamically with DHCP

• Can be statically configured:

  GATEWAY=10.53.0.254

  Globally   in: /etc/sysconfig/network
  OR, per interface in the interface configuration file,
  ifcfg-ethX
Custom Routes
• To control traffic flow when there is more than
 one router
• Static routes defined per interface

  /etc/sysconfig/network-scripts/route-ethX

  Uses   ip route add syntax
• Dynamic routes learned via daemon(s)

  quagga

  Support   for various forms of RIP, OSPF, and BGP
Verifying IP Connectivity
• ping

  Network    packet loss and latency measurement
  tool
• traceroute

  Displays   network path to a destination
• mtr

  Combines  the functionality of traceroute and ping
  in a single tool
Defining the Local Host Name
• View/Set local hostname with hostname

• Initially defined in /etc/sysconfig/network:

  HOSTNAME=stationX.example.com

• Might “pull” name from network

  dhclient   daemon
  “Reverse   DNS Lookup”
Local Resolver
• Resolver performs forward and reverse
 lookups
• /etc/hosts

      database of hostname to IP address
  Local
  mappings
  Useful   for small isolated networks
  Normally,   checked before DNS
Remote Resolvers
• /etc/resolv.conf

  Domains     to search
  Strict   order of name servers to use
  May   be updated by dhclient
• /etc/nsswitch.conf

  Precedence    of DNS versus /etc/hosts
• Verify DNS with host or dig
Network Configuration Utilities
• system-config-network

  system-config-network-gui

  system-config-network-tui

• Profile Selection

  system-config-network-cmd

  netprofile   kernel argument
Unit 23

Advanced User Administration
Network Users
• Information about users may be centrally
 stored and managed on a remote server
• Two types of information must always be
 provided for each user account
  Accountinformation: UID number, default shell,
  home directory, group memberships, and so on
  Authentication:a way to tell that the password
  provided on login for an account is correct
• NSS - Name Service Switch

  getent   database [record]
• PAM - Pluggable Authentication Module
Authentication Configuration
• system-config-authentication

  GUI   tool to configure authentication
  For   text-based tool, use authconfig-tui
  Load     authconfig-gtk RPM
• Supported account information services:

  (local   files), NIS, LDAP, Hesiod, Winbind
• Supported authentication mechanisms:

  (NSS),    Kerberos, LDAP, SmartCard, SMB, Winbind
Filesystem Support (ACL)
• Linux does not allow users to chown files

• ACLs allow users to share files without the
 risks of chmod 777
• Implemented as a mount option

  mount   -o acl /mountpoint
• Set on the filesystem at install time

  tune2fs   -l /dev/sda1 | grep options
Access Control Lists (ACLs)
• Grant rwx access to files and directories for
 multiple users or groups
  getfacl   file|directory
  setfacl   -m u:gandolf:rwx file|directory
  setfacl   -m g:nazgul:rw file|directory
  setfacl   -m d:u:frodo:rw directory
  setfacl   -x u:samwise file|directory
• Automatic ACL setting

  New   files inherit default ACL (if set) from directory
     mv command and the -p option in the cp
  The
  command preserve ACLs
Configuring the Quota System
• Overview

  Implemented       within the kernel
  Enabled      on a per-filesystem basis
  Individual    policies for groups or users
    •   Limit by the number of blocks or inodes
    •   Implement both soft and hard limits

• Initialization

  Partition    mount options: usrquota, grpquota
  Initialize   database: quotacheck -cugm /filesystem
Setting Quotas for Users
• Implementation

• Start or stop quotas: quotaon, quotaoff

• Edit quotas directly: edquota username

• From a shell:

• setquota username 4096 5120 40 50 /foo

• Define prototypical users:

• edquota -p user1 user2
Reporting Quota Status
• Reporting

• User inspection: quota

• Quota overviews: repquota

• Miscellaneous utilities: warnquota
SELinux
• Mandatory Access Control (MAC) -vs-
 Discretionary Access Control (DAC)
• A rule set called the policy determines how
 strict the control
• Processes are either restricted or unconfined

• The policy defines which resources a restricted
 process is allowed to access
• Any action that is not explicitly allowed is, by
 default, denied
SELinux Security Context
• All files and processes have a security context

• The context has several elements, depending
 on the security needs
   user:role:type:sensitivity:category

   user_u:object_r:tmp_t:s0:c0

   Not   all systems will display s0:c0
• ls -Z

• ps -Z

   Usually   paired with other options, such as -e
SELinux: Targeted Policy
• The targeted policy is loaded at install time

• Most local processes are unconfined

• Principally uses the type element for type
 enforcement
• The security context can be changed with
 chcon
  chcon   -t tmp_t /etc/hosts
• Safer to use restorecon

  restorecon   /etc/hosts
SELinux: Management
• Modes: Enforcing, Permissive, Disabled

     /etc/sysconfig/selinux
     system-config-securitylevel
     getenforce and setenforce 0 | 1
     Disable from GRUB with selinux=0
• Policy adjustments: Booleans, file contexts, ports, etc.

     system-config-selinux (from policycoreutils-gui package)
     getsebool and setsebool
     semanage
• Troubleshooting
     Advises on how to avoid errors, not ensure security!
     setroubleshootd and sealert -b
Unit 24

Advanced Filesystem Management
Archiving Tools
• tar

• dump/restore

• rsync

• Project Amanda

• 3rd party utilities
Archiving tools: tar
• tar can backup to a file or tape device

• Supports GZIP and BZIP2 compression

• Can preserve file permissions, ownership and
 timestamps
• Supports extended attributes

• Uses rmt to write to a remote tape device
Archiving Tools: dump/restore
• Back up and restore ext2/3 filesystems

  Does   not work with other filesystems
  dump  should only be used on unmounted
  filesystems or filesystems that are read-only.
• Can do full or incremental backups

• Examples:

• dump -0u -f /dev/nst0 /dev/hda2 restore -
 rf /dev/nst0
Archiving Tools: rsync
• Efficiently copies files to or from remote
 systems
• Uses secure ssh connections for transport

  rsync   *.conf barney:/home/joe/configs/
• Faster than scp - copies differences in like files
What is Software RAID?
• Multiple disks grouped together into "arrays"
 to provide better performance, redundancy or
 both.
• mdadm - provides the administration interface
 to software RAID.
• Many "RAID Levels" supported, including RAID
 0, 1, 5 and 6.
• Spare disks add extra redundancy

• RAID devices are named, /dev/md0,
 /dev/md1, /dev/md2, /dev/md3 and so on
Software RAID Configuration
• Create and define RAID devices using mdadm
• mdadm -C /dev/md0 -a yes -l 1 -n 2 -
 x 1 elements...
• Format each RAID device with a filesystem
• mke2fs -j /dev/md0

• Test the RAID devices

  mdadm allows you to check the status of your
  RAID devices
• mdadm --detail /dev/md0

  mdmonitor   provides notification services on the
  status
Software RAID Testing and Recovery

• Simulating disk failures

• mdadm /dev/md0 -f /dev/sda1

• Recovering from a software RAID disk failure

  Replace   the failed hard drive and power on
  Reconstruct   partitions on the replacement drive
  mdadm     /dev/md0 -a /dev/sda1
• mdadm, /proc/mdstat, and syslog messages

• Disassemble or auto-assemble disk array

• mdadm -S /dev/md0 mdadm -A -s
What is Logical Volume Manager (LVM)?
• A layer of abstraction that allows easy manipulation of
    volumes. Including resizing of filesystems
• Allows reorganization of filesystems across multiple
    physical devices
       Devices are designated as Physical Volumes
       One or more Physical Volumes are used to create a Volume
        Group
       Volume Groups are defined with Physical Extents of a fixed
        size
       Logical Volumes are created on Volume Groups and are
        composed of Physical Extents
       Filesystems may be created on
    Logical Volumes
•
Creating Logical Volumes
• Create physical volumes

• pvcreate /dev/hda3

• Assign physical volumes to volume groups

• vgcreate vg0 /dev/hda3

• Create logical volumes from volume groups

• lvcreate -L 256M -n data vg0 mke2fs -
 j /dev/vg0/data
Resizing Logical Volumes
• Growing volumes

    lvextend can grow logical volumes
    resize2fs can grow ext3 filesystems online or offline
• Shrinking volumes

    Must be done offline (umount)
    Requires a filesystem check (e2fsck) first
    Filesystem then reduced (resize2fs)
    Lastly, lvreduce can then reduce the volume
• Volume Groups can be enlarged with vgextend

• Volume Groups can be reduced with:

• pvmove /dev/hda3 vgreduce vg0 /dev/hda3
Unit 25

Installation
anaconda, the Red Hat Enterprise Linux
Installer
• Supports different modes

  Kickstart   offers automated installation
  Upgrade performs an update of an existing Red
  Hat Enterprise Linux installation
  Rescuemode allows troubleshooting of unbootable
  systems
• Consists of two stages:

  First   stage starts the installation
  Second     stage performs the installation
First Stage: Starting the Installation

• The first stage consists of a installation kernel
 and an initrd.img
• Can be started with any supported bootloader
• Tasks of the First Stage:
  Initializes   the installer
  Parses    command line arguments
  Auto-detects     hardware
  Loads   additional drivers
  Selects   language, keyboard layout and installation
  method
  Sets   up networking if required for installation
First Stage: Boot Media
• Supported boot media:

  boot.iso   or Installation CD/DVD
  USB    drive containing diskboot.img
  Network    boot with PXE
  Other   bootloaders such as GRUB
  Boot   floppies no longer supported
• Boot media can be modified for custom
installations
Accessing the Installer
• Graphical installation
     Default installation type
     Useful switches: lowres, resolution, skipddc
• VNC based installation
     Activate with vnc and protect the session with
      vncpassword=password
     Set network parameters with ip=IPAddress and
      netmask=NetworkMask
• Text based installation
     Started with the text switch
     Menu-based terminal interface
• Serial installation
     Used automatically when no graphic card is detected
     Enable with: serial=device
First Stage: Installation Method
• Available Installation Methods:
     Local CDROM
     Hard drive
     NFS image
     FTP
     HTTP
• Media sets:
     Two available: Client and Server
     Can be downloaded from Red Hat Network
     May contain packages from additional layered products
     An “Installation Number” must be entered to unlock
      additional content
     Extra packages can also be installed after installation
      through RHN.
Second Stage: Installation Overview

• Installation number

• Disk partitioning

• Bootloader configuration

• Network and time zone configuration

• Package selection
Configuring File Systems
• Must select mount points, partition sizes, and
 file system types in the installer
  Can   set up manually or automatically
• There are many layouts which may be used

 /   must include /etc, /lib, /bin, /sbin
  Swap   space is typically 2x physical RAM
         mount points: /boot, /home, /usr, /var,
  Typical
  /tmp, /usr/local, /opt
Alternative Partitioning
• Software RAID

  Create new partitions and select Software RAID as
  “filesystem” type
  Combine    RAID partitions into a RAID device with
  RAID
• LVM

  Select   Physical Volume to create physical volumes
  LVM   creates a Volume Group
  Add   creates new Logical Volumes
Package Selection
• A default set of packages is automatically
 installed
• Select Customize now to change the default
 set of packages
• Customizing is necessary to add support for
 additional languages
• Anaconda automatically resolves package
 dependencies
• Easily customized after install with yum or
 system-config-packages
First Boot: Post-Install Configuration

• Configure X Window System if necessary

• Firewall and SELinux Setup

• Kdump setup

• Set date and time

• Register with Red Hat Network and get
 updated RPMs
• Create a first user

• Configure sound card

• Install additional RPMs or Red Hat
 documentation from CDROM
Kickstart
• Scripted installation method

• Supports all anaconda features

• /root/anaconda-ks.cfg is automatically
 created during any installation
• Configuration utility: system-config-kickstart

• Syntax checker: ksvalidator
Starting a Kickstart Installation
• Anaconda enters Kickstart mode, when the ks
 boot option is specified
• ks queries DHCP for the Kickstart location

• ks=url gets the file via HTTP, FTP, or NFS

• From a local medium: ks=floppy, ks=cdrom, or
 ks=hd:device:/path/to/file
Anatomy of a Kickstart File
• Commands section
  Configures   the system
  Omitted    directives are prompted to the user
• %packages section

  Selects   packages and groups for installation
  Dependencies    are always resolved
• Scripts section(s)

  Optional   section to customize the system
  %pre   scripts are run before installation
  %post   scripts are run after installation
Kickstart: Commands Section
Starting the Installation
• Installation Mode

  install   performs a fresh install.
  upgrade     upgrades an existing installation.
• Installation Method:

• cdrom url --url url nfs --server host --
 path directory harddrive --partition=device --
 dir=/path/to/install_tree
Kickstart: Commands Section
Important Directives
• Required Directives
• Must be specified, otherwise the installer
 configures them interactively
• Localization options: keyboard, lang, timezone
• Authentication: rootpw, authconfig

• Bootloader: bootloader

• Optional Directives
• Network: network [options]

• Security: firewall, selinux, services
• Installer behavior: firstboot, poweroff|reboot,
 interactive, text
Kickstart: Packages Section
• Add single packages with package_name
 without any version number
• Add package groups with @package_group
• Remove packages from the list: -
 package_name
• Use wildcards to specify multiple packages

• Dependencies are always resolved
• Add support for additional languages with
 @lang-support
• Packages from layered products can be
 installed when an installation number is
 specified with the key directive in the
 commands section.
Kickstart: %pre, %post
• %pre gives you the first word

  Executes   as a bash shell script
  Executes   after Kickstart file is parsed
• %post gives you the final word

  Can   specify interpreter (bash is default)
  chrooted   by default, but may be run without
  chroot
Creating a private repository
• Create a directory to hold your packages

• Make this directory available by http/ftp

• Install the createrepo RPM

• Run createrepo -v /package-directory

• This will create a repodata subdirectory and
 the needed support files
• To support Anaconda on the same server:

  cp   /package-directory/repodata/comps*.xml /tmp
  createrepo   -g /tmp/comps*.xml /package-
  directory

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:20
posted:11/16/2012
language:English
pages:308