Red Hat Enterprise Linux 6 Deployment Guide en US

Jaromr Hradlek Douglas Silas Martin PrpiStephen Wadeley Eva Kopalov Ella LackeyTom apek Petr Kov Miroslav SvobodaPetr Boko John Ha David O'BrienMichael Hideo Don Domingo

Red Hat Enterprise Linux 6Deployment Guide

Deployment, Configuration and Administration of Red Hat EnterpriseLinux 6

Red Hat Enterprise Linux 6 Deployment Guide

Deployment, Configuration and Administration of Red Hat EnterpriseLinux 6

Jaromr HradlekRed Hat Engineering Cont ent Servicesjhradilek@redhat .com

Douglas SilasRed Hat Engineering Cont ent Servicessilas@redhat .com

Mart in PrpiRed Hat Engineering Cont ent Servicesmprpic@redhat .com

St ephen WadeleyRed Hat Engineering Cont ent Servicesswadeley@redhat .com

Eva KopalovRed Hat Engineering Cont ent Servicesekopalova@redhat .com

Ella LackeyRed Hat Engineering Cont ent Servicesdlackey@redhat .com

Tom apekRed Hat Engineering Cont ent Servicest capek@redhat .com

Pet r KovRed Hat Engineering Cont ent Servicespkovar@redhat .com

Miroslav SvobodaRed Hat Engineering Cont ent Servicesmsvoboda@redhat .com

Pet r BokoRed Hat Engineering Cont ent Servicespbokoc@redhat .com

John Ha

Red Hat Engineering Cont ent Services

David O'BrienRed Hat Engineering Cont ent Services

Michael HideoRed Hat Engineering Cont ent Services

Don DomingoRed Hat Engineering Cont ent Services

Legal NoticeCopyright 20102013 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hatunder a Creative Commons AttributionShare Alike 3.0 Unported license ("CC-BY-SA"). An explanation ofCC-BY-SA is available at . In accordance with CC-BY-SA, if you distribute this document or an adaptationof it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waivesthe right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted byapplicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, theInfinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and othercountries. Linux is the registered trademark of Linus Torvalds in the United States and other countries.Java is a registered trademark of Oracle and/or its aff iliates. XFS is a trademark of Silicon GraphicsInternational Corp. or its subsidiaries in the United States and/or other countries. MySQL is a registeredtrademark of MySQL AB in the United States, the European Union and other countries. All othertrademarks are the property of their respective owners. 1801 Varsity Drive Raleigh, NC 27606-2072 USAPhone: +1 919 754 3700 Phone: 888 733 4281 Fax: +1 919 754 3701KeywordsAbstractThe Deployment Guide documents relevant information regarding the deployment, configuration andadministration of Red Hat Enterprise Linux 6. It is oriented towards system administrators with a basicunderstanding of the system.

212121242426262727

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

28. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29293132

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3535353637383839

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4 242424243434345454646474850505151

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

525253545454

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

56. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Table of ContentsPreface

1. Target Audience2. How to Read this Book3. Document Conventions

3.1. Typographic Conventions3.2. Pull-quote Conventions3.3. Notes and Warnings

4. Feedback5. Acknowledgments

Part I. Basic System ConfigurationChapter 1. Keyboard Configuration

1.1. Changing the Keyboard Layout1.2. Adding the Keyboard Layout Indicator1.3. Setting Up a Typing Break

Chapter 2. Date and Time Configuration2.1. Date/T ime Properties Tool

2.1.1. Date and Time Properties2.1.2. Network T ime Protocol Properties2.1.3. T ime Zone Properties

2.2. Command Line Configuration2.2.1. Date and Time Setup2.2.2. Network T ime Protocol Setup

Chapter 3. Managing Users and Groups3.1. Introduction to Users and Groups

3.1.1. User Private Groups3.1.2. Shadow Passwords

3.2. Using the User Manager Tool3.2.1. Viewing Users and Groups3.2.2. Adding a New User3.2.3. Adding a New Group3.2.4. Modifying User Properties3.2.5. Modifying Group Properties

3.3. Using Command Line Tools3.3.1. Adding a New User

Explaining the Process3.3.2. Adding a New Group3.3.3. Creating Group Directories

3.4. Additional Resources3.4.1. Installed Documentation

Chapter 4 . Gaining Privileges4.1. The su Command4.2. The sudo Command4.3. Additional Resources

Installed DocumentationOnline Documentation

Part II. Package Management


6

575757575858626666676768696970717172727273737475

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

797979808081828282828284858686878788888891929393939799

100101101102

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 5. Registering a System and Managing Subscriptions5.1. Using Red Hat Subscription Manager Tools

5.1.1. Launching the Red Hat Subscription Manager GUI5.1.2. Running the subscription-manager Command-Line Tool

5.2. Registering and Unregistering a System5.2.1. Registering from the GUI5.2.2. Registering from the Command Line5.2.3. Unregistering

5.3. Attaching and Removing Subscriptions5.3.1. Attaching and Removing Subscriptions through the GUI

5.3.1.1. Attaching a Subscription5.3.1.2. Removing Subscriptions

5.3.2. Attaching and Removing Subscriptions through the Command Line5.3.2.1. Attaching Subscriptions5.3.2.2. Removing Subscriptions from the Command Line

5.4. Redeeming Vendor Subscriptions5.4.1. Redeeming Subscriptions through the GUI5.4.2. Redeeming Subscriptions through the Command Line

5.5. Attaching Subscriptions from a Subscription Asset Manager Activation Key5.6. Setting Preferences for Systems

5.6.1. Setting Preferences in the UI5.6.2. Setting Service Levels Through the Command Line5.6.3. Setting a Preferred Operating System Release Version in the Command Line

5.7. Managing Subscription Expiration and NotificationsChapter 6. Yum

6.1. Checking For and Updating Packages6.1.1. Checking For Updates6.1.2. Updating Packages

Updating a Single PackageUpdating All Packages and Their DependenciesUpdating Security-Related Packages

6.1.3. Preserving Configuration File Changes6.2. Packages and Package Groups

6.2.1. Searching Packages6.2.2. Listing Packages6.2.3. Displaying Package Information6.2.4. Installing Packages

Installing Individual PackagesInstalling a Package Group

6.2.5. Removing PackagesRemoving Individual PackagesRemoving a Package Group

6.2.6. Working with Transaction HistoryListing TransactionsExamining TransactionsReverting and Repeating TransactionsStarting New Transaction History

6.3. Configuring Yum and Yum Repositories6.3.1. Setting [main] Options6.3.2. Setting [repository] Options6.3.3. Using Yum Variables6.3.4. Viewing the Current Configuration6.3.5. Adding, Enabling, and Disabling a Yum Repository

Adding a Yum RepositoryEnabling a Yum Repository

Table of Contents

7

102102103103104104111112112113113114114116118119119120

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

122. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123123123124125126126127127

129130129

130130132132

133135133

135136136138

139140139

141

141142141

142144144146

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Disabling a Yum Repository6.3.6. Creating a Yum Repository

6.4. Yum Plug-ins6.4.1. Enabling, Configuring, and Disabling Yum Plug-ins6.4.2. Installing Additional Yum Plug-ins6.4.3. Plug-in Descriptions

6.5. Additional ResourcesChapter 7. PackageKit

7.1. Updating Packages with Software UpdateSetting the Update-Checking Interval

7.2. Using Add/Remove Software7.2.1. Refreshing Software Sources (Yum Repositories)7.2.2. Finding Packages with Filters7.2.3. Installing and Removing Packages (and Dependencies)7.2.4. Installing and Removing Package Groups7.2.5. Viewing the Transaction Log

7.3. PackageKit Architecture7.4. Additional Resources

Part III. NetworkingChapter 8. NetworkManager

8.1. The NetworkManager Daemon8.2. Interacting with NetworkManager

8.2.1. Connecting to a Network8.2.2. Configuring New and Editing Existing Connections8.2.3. Connecting to a Network Automatically8.2.4. User and System Connections

8.3. Establishing Connections8.3.1. Establishing a Wired (Ethernet) Connection

Configuring the Connection Name, Auto-Connect Behavior, and Availability SettingsConfiguring the Wired TabSaving Your New (or Modified) Connection and Making Further Configurations

8.3.2. Establishing a Wireless ConnectionQuickly Connecting to an Available Access PointConnecting to a Hidden Wireless NetworkEditing a Connection, or Creating a Completely New OneConfiguring the Connection Name, Auto-Connect Behavior, and Availability SettingsConfiguring the Wireless TabSaving Your New (or Modified) Connection and Making Further Configurations

8.3.3. Establishing a Mobile Broadband ConnectionSaving Your New (or Modified) Connection and Making Further ConfigurationsConfiguring the Mobile Broadband Tab

8.3.4. Establishing a VPN ConnectionConfiguring the Connection Name, Auto-Connect Behavior, and Availability SettingsConfiguring the VPN TabSaving Your New (or Modified) Connection and Making Further Configurations

8.3.5. Establishing a DSL ConnectionConfiguring the Connection Name, Auto-Connect Behavior, and Availability SettingsConfiguring the DSL TabSaving Your New (or Modified) Connection and Making Further Configurations

8.3.6. Establishing a Bond ConnectionSaving Your New (or Modified) Connection and Making Further ConfigurationsConfiguring the Bond Tab

8.3.7. Establishing a VLAN Connection


8

146147147148149149149150151151152153153154155155156157157158158162162163169170173174175177177179179180180181181182182182

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

183. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184184185185186186186186187187188188

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Saving Your New (or Modified) Connection and Making Further ConfigurationsConfiguring the VLAN Tab

8.3.8. Establishing an IP-over-InfiniBand (IPoIB) ConnectionSaving Your New (or Modified) Connection and Making Further ConfigurationsConfiguring the InfiniBand Tab

8.3.9. Configuring Connection Settings8.3.9.1. Configuring 802.1x Security

8.3.9.1.1. Configuring TLS (Transport Layer Security) Settings8.3.9.1.2. Configuring Tunneled TLS Settings8.3.9.1.3. Configuring Protected EAP (PEAP) Settings

8.3.9.2. Configuring Wireless Security8.3.9.3. Configuring PPP (Point-to-Point) Settings8.3.9.4. Configuring IPv4 Settings

Setting the Method8.3.9.5. Configuring IPv6 Settings8.3.9.6. Configuring Routes

8.4. NetworkManager ArchitectureChapter 9. Network Interfaces

9.1. Network Configuration Files9.2. Interface Configuration Files

9.2.1. Ethernet Interfaces9.2.2. Specific ifcfg Options for Linux on System z9.2.3. Required ifcfg Options for Linux on System z9.2.4. Ethtool9.2.5. Channel Bonding Interfaces9.2.6. Network Bridge9.2.7. Setting Up 802.1q VLAN Tagging9.2.8. Alias and Clone Files9.2.9. Dialup Interfaces9.2.10. Other Interfaces

9.3. Interface Control Scripts9.4. Static Routes and the Default Gateway

Static RoutesThe Default GatewayIP Command Arguments FormatNetwork/Netmask Directives Format

9.5. Network Function Files9.6. Additional Resources

9.6.1. Installed Documentation9.6.2. Useful Websites

Part IV. Infrastructure ServicesChapter 10. Services and Daemons

10.1. Configuring the Default Runlevel10.2. Configuring the Services

10.2.1. Using the Service Configuration Utility10.2.1.1. Enabling and Disabling a Service10.2.1.2. Starting, Restarting, and Stopping a Service10.2.1.3. Selecting Runlevels

10.2.2. Using the ntsysv Utility10.2.2.1. Enabling and Disabling a Service10.2.2.2. Selecting Runlevels

10.2.3. Using the chkconfig Utility10.2.3.1. Listing the Services

Table of Contents

9

188189190190190190190191191191192192192193194196196198199200200200201201201201202202202202203203203204204204205206207207207208208208209211212212215216216217219220221

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10.2.3.2. Enabling a Service10.2.3.3. Disabling a Service

10.3. Running Services10.3.1. Determining the Service Status10.3.2. Starting a Service10.3.3. Stopping a Service10.3.4. Restarting a Service

10.4. Additional Resources10.4.1. Installed Documentation10.4.2. Related Books

Chapter 11. Configuring Authentication11.1. Configuring System Authentication

11.1.1. Launching the Authentication Configuration Tool UI11.1.2. Selecting the Identity Store for Authentication

11.1.2.1. Configuring LDAP Authentication11.1.2.2. Configuring NIS Authentication11.1.2.3. Configuring Winbind Authentication11.1.2.4. Using Kerberos with LDAP or NIS Authentication

11.1.3. Configuring Alternative Authentication Features11.1.3.1. Using Fingerprint Authentication11.1.3.2. Setting Local Authentication Parameters11.1.3.3. Enabling Smart Card Authentication11.1.3.4. Creating User Home Directories

11.1.4. Configuring Authentication from the Command Line11.1.4.1. T ips for Using authconfig11.1.4.2. Configuring LDAP User Stores11.1.4.3. Configuring NIS User Stores11.1.4.4. Configuring Winbind User Stores11.1.4.5. Configuring Kerberos Authentication11.1.4.6. Configuring Local Authentication Settings11.1.4.7. Configuring Fingerprint Authentication11.1.4.8. Configuring Smart Card Authentication11.1.4.9. Managing Kickstart and Configuration Files

11.1.5. Using Custom Home Directories11.2. Using and Caching Credentials with SSSD

11.2.1. About SSSD11.2.2. Setting up the sssd.conf File

11.2.2.1. Creating the sssd.conf File11.2.2.2. Using a Custom Configuration File

11.2.3. Starting and Stopping SSSD11.2.4. SSSD and System Services11.2.5. Configuring Services: NSS

11.2.5.1. About NSS Service Maps and SSSD11.2.5.2. Configuring NSS Services to Use SSSD11.2.5.3. Configuring SSSD to Work with NSS

11.2.6. Configuring Services: PAM11.2.7. Configuring Services: autofs

11.2.7.1. About Automount, LDAP, and SSSD11.2.7.2. Configuring autofs Services in SSSD

11.2.8. Configuring Services: sudo11.2.8.1. About sudo, LDAP, and SSSD11.2.8.2. Configuring sudo with SSSD

11.2.9. Configuring Services: OpenSSH and Cached Keys11.2.9.1. Configuring OpenSSH to Use SSSD for Host Keys11.2.9.2. Configuring OpenSSH to Use SSSD for User Keys


10

222226226229230233233234234235235235236236238241243244245

247250254254255255256256257258258259259260260261261

247

267267267267268268269269270270270271272272273275277277

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

11.2.10. SSSD and Identity Providers (Domains)11.2.11. Creating Domains: LDAP

11.2.11.1. Parameters for Configuring an LDAP Domain11.2.11.2. LDAP Domain Example

11.2.12. Creating Domains: Identity Management (IdM)11.2.13. Creating Domains: Active Directory

11.2.13.1. SSSD and Active Directory11.2.13.1.1. Mapping Active Directory Securiy IDs and Linux User IDs

11.2.13.1.1.1. The Mechanism of ID Mapping11.2.13.1.1.2. ID Mapping Parameters11.2.13.1.1.3. Mapping Users11.2.13.1.1.4. Active Directory Users and Range Retrieval Searches11.2.13.1.1.5. Performance and LDAP Referrals

11.2.13.1.2. Configuring an Active Directory Identity Provider11.2.13.1.3. Configuring Active Directory as an LDAP Provider

11.2.14. Domain Options: Setting Username Formats11.2.15. Domain Options: Enabling Offline Authentication11.2.16. Domain Options: Setting Password Expirations11.2.17. Domain Options: Using DNS Service Discovery11.2.18. Domain Options: Using IP Addresses in Certificate Subject Names (LDAP Only)11.2.19. Creating Domains: Proxy11.2.20. Creating Domains: Kerberos Authentication11.2.21. Creating Domains: Access Control

11.2.21.1. Using the Simple Access Provider11.2.21.2. Using the LDAP Access Filter

11.2.22. Creating Domains: Primary Server and Backup Servers11.2.23. Installing SSSD Utilities11.2.24. Creatig Local System Users11.2.25. Seeding Users into the SSSD Cache During Kickstart11.2.26. Managing the SSSD Cache

11.2.26.1. Purging the SSSD Cache11.2.26.2. Deleting Domain Cache Files

11.2.27. Using NSCD with SSSD11.2.28. Troubleshooting SSSD

11.2.28.1. Setting Debug Logs for SSSD Domains11.2.28.2. Checking SSSD Log Files11.2.28.3. Problems with SSSD Configuration

Chapter 12. OpenSSH12.1. The SSH Protocol

12.1.1. Why Use SSH?12.1.2. Main Features12.1.3. Protocol Versions12.1.4. Event Sequence of an SSH Connection

12.1.4.1. Transport Layer12.1.4.2. Authentication12.1.4.3. Channels

12.2. Configuring OpenSSH12.2.1. Configuration Files12.2.2. Starting an OpenSSH Server12.2.3. Requiring SSH for Remote Connections12.2.4. Using a Key-Based Authentication

12.2.4.1. Generating Key Pairs12.2.4.2. Configuring ssh-agent

12.3. OpenSSH Clients12.3.1. Using the ssh Utility

Table of Contents

11

278279280280280281281281283. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284284284284287287288289289291292293293

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

294294294294295295295296302304304305305309309309310311311311312312313313313313314315315316316

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

12.3.2. Using the scp Utility12.3.3. Using the sftp Utility

12.4. More Than a Secure Shell12.4.1. X11 Forwarding12.4.2. Port Forwarding

12.5. Additional Resources12.5.1. Installed Documentation12.5.2. Useful Websites

Part V. ServersChapter 13. DHCP Servers

13.1. Why Use DHCP?13.2. Configuring a DHCP Server

13.2.1. Configuration File13.2.2. Lease Database13.2.3. Starting and Stopping the Server13.2.4. DHCP Relay Agent

13.3. Configuring a DHCP Client13.4. Configuring a Multihomed DHCP Server

13.4.1. Host Configuration13.5. DHCP for IPv6 (DHCPv6)13.6. Additional Resources

13.6.1. Installed DocumentationChapter 14 . DNS Servers

14.1. Introduction to DNS14.1.1. Nameserver Zones14.1.2. Nameserver Types14.1.3. BIND as a Nameserver

14.2. BIND14.2.1. Configuring the named Service

14.2.1.1. Common Statement Types14.2.1.2. Other Statement Types14.2.1.3. Comment Tags

14.2.2. Editing Zone Files14.2.2.1. Common Directives14.2.2.2. Common Resource Records14.2.2.3. Comment Tags14.2.2.4. Example Usage

14.2.2.4.1. A Simple Zone File14.2.2.4.2. A Reverse Name Resolution Zone File

14.2.3. Using the rndc Utility14.2.3.1. Configuring the Utility14.2.3.2. Checking the Service Status14.2.3.3. Reloading the Configuration and Zones14.2.3.4. Updating Zone Keys14.2.3.5. Enabling the DNSSEC Validation14.2.3.6. Enabling the Query Logging

14.2.4. Using the dig Utility14.2.4.1. Looking Up a Nameserver14.2.4.2. Looking Up an IP Address14.2.4.3. Looking Up a Hostname

14.2.5. Advanced Features of BIND14.2.5.1. Multiple Views14.2.5.2. Incremental Zone Transfers (IXFR)


12

316316317317317317318318320320320320320321321321321322322322350351353354354354355355356356357361361361

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

363363363363363364364365366366366366367367367368368368369369

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

14.2.5.3. Transaction SIGnatures (TSIG)14.2.5.4. DNS Security Extensions (DNSSEC)14.2.5.5. Internet Protocol version 6 (IPv6)

14.2.6. Common Mistakes to Avoid14.2.7. Additional Resources

14.2.7.1. Installed Documentation14.2.7.2. Useful Websites14.2.7.3. Related Books

Chapter 15. Web Servers15.1. The Apache HTTP Server

15.1.1. New Features15.1.2. Notable Changes15.1.3. Updating the Configuration15.1.4. Running the httpd Service

15.1.4.1. Starting the Service15.1.4.2. Stopping the Service15.1.4.3. Restarting the Service15.1.4.4. Checking the Service Status

15.1.5. Editing the Configuration Files15.1.5.1. Common httpd.conf Directives15.1.5.2. Common ssl.conf Directives15.1.5.3. Common Multi-Processing Module Directives

15.1.6. Working with Modules15.1.6.1. Loading a Module15.1.6.2. Writing a Module

15.1.7. Setting Up Virtual Hosts15.1.8. Setting Up an SSL Server

15.1.8.1. An Overview of Certificates and Security15.1.8.2. Enabling the mod_ssl Module15.1.8.3. Using an Existing Key and Certificate15.1.8.4. Generating a New Key and Certificate

15.1.9. Additional Resources15.1.9.1. Installed Documentation15.1.9.2. Useful Websites

Chapter 16. Mail Servers16.1. Email Protocols

16.1.1. Mail Transport Protocols16.1.1.1. SMTP

16.1.2. Mail Access Protocols16.1.2.1. POP16.1.2.2. IMAP16.1.2.3. Dovecot

16.2. Email Program Classifications16.2.1. Mail Transport Agent16.2.2. Mail Delivery Agent16.2.3. Mail User Agent

16.3. Mail Transport Agents16.3.1. Postfix

16.3.1.1. The Default Postfix Installation16.3.1.2. Basic Postfix Configuration16.3.1.3. Using Postfix with LDAP

16.3.1.3.1. The /etc/aliases lookup example16.3.2. Sendmail

16.3.2.1. Purpose and Limitations

Table of Contents

13

369370371372372373374375375375376376376376377377378379379380380380381383383383383384384385385387387387387388388389389390391391392394396396396396396397397397398398399

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

16.3.2.2. The Default Sendmail Installation16.3.2.3. Common Sendmail Configuration Changes16.3.2.4. Masquerading16.3.2.5. Stopping Spam16.3.2.6. Using Sendmail with LDAP

16.3.3. Fetchmail16.3.3.1. Fetchmail Configuration Options16.3.3.2. Global Options16.3.3.3. Server Options16.3.3.4. User Options16.3.3.5. Fetchmail Command Options16.3.3.6. Informational or Debugging Options16.3.3.7. Special Options

16.3.4. Mail Transport Agent (MTA) Configuration16.4. Mail Delivery Agents

16.4.1. Procmail Configuration16.4.2. Procmail Recipes

16.4.2.1. Delivering vs. Non-Delivering Recipes16.4.2.2. Flags16.4.2.3. Specifying a Local Lockfile16.4.2.4. Special Conditions and Actions16.4.2.5. Recipe Examples16.4.2.6. Spam Filters

16.5. Mail User Agents16.5.1. Securing Communication

16.5.1.1. Secure Email Clients16.5.1.2. Securing Email Client Communications

16.6. Additional Resources16.6.1. Installed Documentation16.6.2. Useful Websites16.6.3. Related Books

Chapter 17. Directory Servers17.1. OpenLDAP

17.1.1. Introduction to LDAP17.1.1.1. LDAP Terminology17.1.1.2. OpenLDAP Features17.1.1.3. OpenLDAP Server Setup

17.1.2. Installing the OpenLDAP Suite17.1.2.1. Overview of OpenLDAP Server Utilities17.1.2.2. Overview of OpenLDAP Client Utilities17.1.2.3. Overview of Common LDAP Client Applications

17.1.3. Configuring an OpenLDAP Server17.1.3.1. Changing the Global Configuration17.1.3.2. Changing the Database-Specific Configuration17.1.3.3. Extending Schema

17.1.4. Running an OpenLDAP Server17.1.4.1. Starting the Service17.1.4.2. Stopping the Service17.1.4.3. Restarting the Service17.1.4.4. Checking the Service Status

17.1.5. Configuring a System to Authenticate Using OpenLDAP17.1.5.1. Migrating Old Authentication Information to LDAP Format



14

3994 00400400400401401401403403404404404404405405406406406407407408408409410410412412412412413413413414415415415416416416421421422422422423423424424425425426426427428

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17.1.6.3. Related Books

Chapter 18. File and Print Servers18.1. Samba

18.1.1. Introduction to Samba18.1.1.1. Samba Features

18.1.2. Samba Daemons and Related Services18.1.2.1. Samba Daemons

18.1.3. Connecting to a Samba Share18.1.3.1. Command Line18.1.3.2. Mounting the Share

18.1.4. Configuring a Samba Server18.1.4.1. Graphical Configuration18.1.4.2. Command Line Configuration18.1.4.3. Encrypted Passwords

18.1.5. Starting and Stopping Samba18.1.6. Samba Server Types and the smb.conf File

18.1.6.1. Stand-alone Server18.1.6.1.1. Anonymous Read-Only18.1.6.1.2. Anonymous Read/Write18.1.6.1.3. Anonymous Print Server18.1.6.1.4. Secure Read/Write File and Print Server

18.1.6.2. Domain Member Server18.1.6.2.1. Active Directory Domain Member Server18.1.6.2.2. Windows NT4-based Domain Member Server

18.1.6.3. Domain Controller18.1.6.3.1. Primary Domain Controller (PDC) using tdbsam18.1.6.3.2. Primary Domain Controller (PDC) with Active Directory

18.1.7. Samba Security Modes18.1.7.1. User-Level Security

18.1.7.1.1. Domain Security Mode (User-Level Security)18.1.7.1.2. Active Directory Security Mode (User-Level Security)18.1.7.1.3. Server Security Mode (User-Level Security)

18.1.7.2. Share-Level Security18.1.8. Samba Account Information Databases18.1.9. Samba Network Browsing

18.1.9.1. Domain Browsing18.1.9.2. WINS (Windows Internet Name Server)

18.1.10. Samba with CUPS Printing Support18.1.10.1. Simple smb.conf Settings

18.1.11. Samba Distribution Programs18.1.12. Additional Resources

18.1.12.1. Installed Documentation18.1.12.2. Related Books18.1.12.3. Useful Websites

18.2. FTP18.2.1. The File Transfer Protocol18.2.2. The vsftpd Server18.2.3. Files Installed with vsftpd18.2.4. Starting and Stopping vsftpd

18.2.4.1. Starting Multiple Copies of vsftpd18.2.5. vsftpd Configuration Options

18.2.5.1. Daemon Options18.2.5.2. Log In Options and Access Controls18.2.5.3. Anonymous User Options18.2.5.4. Local User Options

Table of Contents

15

4294294304314334334334334344344344354364374384404424424424434434444454454464474484484484 50. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4 51451451452453454454455456456456456457458459460460461461462463463464464

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

18.2.5.5. Directory Options18.2.5.6. File Transfer Options18.2.5.7. Logging Options18.2.5.8. Network Options


18.3. Printer Configuration18.3.1. Starting the Printer Configuration Tool18.3.2. Starting Printer Setup18.3.3. Adding a Local Printer18.3.4. Adding an AppSocket/HP JetDirect printer18.3.5. Adding an IPP Printer18.3.6. Adding an LPD/LPR Host or Printer18.3.7. Adding a Samba (SMB) printer18.3.8. Selecting the Printer Model and Finishing18.3.9. Printing a Test Page18.3.10. Modifying Existing Printers

18.3.10.1. The Settings Page18.3.10.2. The Policies Page

18.3.10.2.1. Sharing Printers18.3.10.2.2. The Access Control Page18.3.10.2.3. The Printer Options Page18.3.10.2.4. Job Options Page18.3.10.2.5. Ink/Toner Levels Page

18.3.10.3. Managing Print Jobs18.3.11. Additional Resources

18.3.11.1. Installed Documentation18.3.11.2. Useful Websites

Part VI. Monitoring and AutomationChapter 19. System Monitoring Tools

19.1. Viewing System Processes19.1.1. Using the ps Command19.1.2. Using the top Command19.1.3. Using the System Monitor Tool

19.2. Viewing Memory Usage19.2.1. Using the free Command19.2.2. Using the System Monitor Tool

19.3. Viewing CPU Usage19.3.1. Using the System Monitor Tool

19.4. Viewing Block Devices and File Systems19.4.1. Using the lsblk Command19.4.2. Using the blkid Command19.4.3. Using the findmnt Command19.4.4. Using the df Command19.4.5. Using the du Command19.4.6. Using the System Monitor Tool

19.5. Viewing Hardware Information19.5.1. Using the lspci Command19.5.2. Using the lsusb Command19.5.3. Using the lspcmcia Command19.5.4. Using the lscpu Command

19.6. Monitoring Performance with Net-SNMP19.6.1. Installing Net-SNMP


16

4654654654654664664674674674684694694714714724724744774774 78478478478479479482486487487488489490490491494494495495495

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4 96496496496497497497497498499500501501501501

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

19.6.2. Running the Net-SNMP Daemon19.6.2.1. Starting the Service19.6.2.2. Stopping the Service19.6.2.3. Restarting the Service

19.6.3. Configuring Net-SNMP19.6.3.1. Setting System Information19.6.3.2. Configuring Authentication

Configuring SNMP Version 2c CommunityConfiguring SNMP Version 3 User

19.6.4. Retrieving Performance Data over SNMP19.6.4.1. Hardware Configuration19.6.4.2. CPU and Memory Information19.6.4.3. File System and Disk Information19.6.4.4. Network Information

19.6.5. Extending Net-SNMP19.6.5.1. Extending Net-SNMP with Shell Scripts19.6.5.2. Extending Net-SNMP with Perl

19.7. Additional Resources19.7.1. Installed Documentation

Chapter 20. Viewing and Managing Log Files20.1. Configuring rsyslog

20.1.1. Global Directives20.1.2. Modules20.1.3. Rules

20.1.3.1. Filter Conditions20.1.3.2. Actions20.1.3.3. Templates

20.1.3.3.1. Generating dynamic file names20.1.3.3.2. Properties20.1.3.3.3. Template Examples

20.1.4. rsyslog Command Line Configuration20.2. Locating Log Files

20.2.1. Configuring logrotate20.3. Viewing Log Files20.4. Adding a Log File20.5. Monitoring Log Files20.6. Additional Resources

20.6.1. Installed Documentation20.6.2. Useful Websites

Chapter 21. Automating System Tasks21.1. Cron and Anacron

21.1.1. Installing Cron and Anacron21.1.2. Running the Crond Service

21.1.2.1. Starting and Stopping the Cron Service21.1.2.2. Stopping the Cron Service21.1.2.3. Restarting the Cron Service

21.1.3. Configuring Anacron Jobs21.1.3.1. Examples of Anacron Jobs

21.1.4. Configuring Cron Jobs21.1.5. Controlling Access to Cron21.1.6. Black and White Listing of Cron Jobs

21.2. At and Batch21.2.1. Installing At and Batch21.2.2. Running the At Service

Table of Contents

17

502502502502503503504504504505506508514515516517517518520520522525525526526526526527528529

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

531531532532532535535535536537537538539540541541542542542543546546546546

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

21.2.2.1. Starting and Stopping the At Service21.2.2.2. Stopping the At Service21.2.2.3. Restarting the At Service

21.2.3. Configuring an At Job21.2.4. Configuring a Batch Job21.2.5. Viewing Pending Jobs21.2.6. Additional Command Line Options21.2.7. Controlling Access to At and Batch

21.3. Additional ResourcesChapter 22. Automatic Bug Reporting Tool (ABRT)

22.1. Installing ABRT and Starting its Services22.2. Using the Graphical User Interface22.3. Using the Command Line Interface

22.3.1. Viewing Problems22.3.2. Reporting Problems22.3.3. Deleting Problems

22.4. Configuring ABRT22.4.1. ABRT Events22.4.2. Standard ABRT Installation Supported Events22.4.3. Event Configuration in ABRT GUI22.4.4. ABRT Specific Configuration22.4.5. Configuring ABRT to Detect a Kernel Panic22.4.6. Automatic Downloads and Installation of Debuginfo Packages22.4.7. Configuring Automatic Reporting22.4.8. Uploading and Reporting Using a Proxy Server

22.5. Configuring Centralized Crash Collection22.5.1. Configuration Steps Required on a Dedicated System22.5.2. Configuration Steps Required on a Client System22.5.3. Saving Package Information22.5.4. Testing ABRT's Crash Detection

Chapter 23. OProfile23.1. Overview of Tools23.2. Configuring OProfile

23.2.1. Specifying the Kernel23.2.2. Setting Events to Monitor

23.2.2.1. Sampling Rate23.2.2.2. Unit Masks

23.2.3. Separating Kernel and User-space Profiles23.3. Starting and Stopping OProfile23.4. Saving Data23.5. Analyzing the Data

23.5.1. Using opreport23.5.2. Using opreport on a Single Executable23.5.3. Getting more detailed output on the modules23.5.4. Using opannotate

23.6. Understanding /dev/oprofile/23.7. Example Usage23.8. OProfile Support for Java

23.8.1. Profiling Java Code23.9. Graphical Interface23.10. OProfile and SystemTap23.11. Additional Resources

23.11.1. Installed Docs23.11.2. Useful Websites


18

54 7. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54 8548549550550550552552553555555

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

556556557559560561562563563563564569569570

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

571571571571571572572572572573574575576576577577578578578579579580581582582583583

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Part VII. Kernel, Module and Driver ConfigurationChapter 24 . Manually Upgrading the Kernel

24.1. Overview of Kernel Packages24.2. Preparing to Upgrade24.3. Downloading the Upgraded Kernel24.4. Performing the Upgrade24.5. Verifying the Initial RAM Disk Image

Verifying the Initial RAM Disk Image and Kernel on IBM eServer System i24.6. Verifying the Boot Loader

24.6.1. Configuring the GRUB Boot Loader24.6.2. Configuring the OS/400 Boot Loader24.6.3. Configuring the YABOOT Boot Loader

Chapter 25. Working with Kernel Modules25.1. Listing Currently-Loaded Modules25.2. Displaying Information About a Module25.3. Loading a Module25.4. Unloading a Module25.5. Setting Module Parameters25.6. Persistent Module Loading25.7. Specific Kernel Module Capabilities

25.7.1. Using Multiple Ethernet Cards25.7.2. Using Channel Bonding

25.7.2.1. Bonding Module Directives25.8. Additional Resources

Manual Page DocumentationInstallable and External Documentation

Chapter 26. The kdump Crash Recovery Service26.1. Installing the kdump Service26.2. Configuring the kdump Service

26.2.1. Configuring the kdump at First Boot26.2.1.1. Enabling the Service26.2.1.2. Configuring the Memory Usage

26.2.2. Using the Kernel Dump Configuration Utility26.2.2.1. Enabling the Service26.2.2.2. The Basic Settings Tab26.2.2.3. The Target Settings Tab26.2.2.4. The Filtering Settings Tab26.2.2.5. The Expert Settings Tab

26.2.3. Configuring kdump on the Command Line26.2.3.1. Configuring the Memory Usage26.2.3.2. Configuring the Target Type26.2.3.3. Configuring the Core Collector26.2.3.4. Changing the Default Action26.2.3.5. Enabling the Service

26.2.4. Testing the Configuration26.3. Analyzing the Core Dump

26.3.1. Running the crash Utility26.3.2. Displaying the Message Buffer26.3.3. Displaying a Backtrace26.3.4. Displaying a Process Status26.3.5. Displaying Virtual Memory Information26.3.6. Displaying Open Files26.3.7. Exiting the Utility

Table of Contents

19

584584584585585585586586

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

587587588588589590590591591592593593594595595596596598598598598

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

599599599600600601601602602602603604605605606606607608609609609610610611

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

26.4. Additional Resources26.4.1. Installed Documentation26.4.2. Useful Websites

Consistent Network Device NamingA.1. Affected SystemsA.2. System RequirementsA.3. Enabling and Disabling the FeatureA.4. Notes for Administrators

RPMB.1. RPM Design GoalsB.2. Using RPM

B.2.1. Finding RPM PackagesB.2.2. Installing and Upgrading

B.2.2.1. Package Already InstalledB.2.2.2. Conflicting FilesB.2.2.3. Unresolved Dependency

B.2.3. Configuration File ChangesB.2.4. UninstallingB.2.5. FresheningB.2.6. QueryingB.2.7. Verifying

B.3. Checking a Package's SignatureB.3.1. Importing KeysB.3.2. Verifying Signature of Packages

B.4. Practical and Common Examples of RPM UsageB.5. Additional Resources

B.5.1. Installed DocumentationB.5.2. Useful WebsitesB.5.3. Related Books

The X Window SystemC.1. The X ServerC.2. Desktop Environments and Window Managers

C.2.1. Desktop EnvironmentsC.2.2. Window Managers

C.3. X Server Configuration FilesC.3.1. The Structure of the ConfigurationC.3.2. The xorg.conf.d DirectoryC.3.3. The xorg.conf File

C.3.3.1. The InputClass sectionC.3.3.2. The InputDevice sectionC.3.3.3. The ServerFlags sectionC.3.3.4. The ServerLayout SectionC.3.3.5. The Files sectionC.3.3.6. The Monitor sectionC.3.3.7. The Device sectionC.3.3.8. The Screen sectionC.3.3.9. The DRI section

C.4. FontsC.4.1. Adding Fonts to Fontconfig

C.5. Runlevels and XC.5.1. Runlevel 3C.5.2. Runlevel 5

C.6. Additional Resources


20

611611612612612612615617617617618618620621622623623624624625626626627627627628628629629629630630

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

631631631632632633633633634634635635636636636637638638639639639639

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

C.6.1. Installed DocumentationC.6.2. Useful Websites

The sysconfig DirectoryD.1. Files in the /etc/sysconfig/ Directory

D.1.1. /etc/sysconfig/arpwatchD.1.2. /etc/sysconfig/authconfigD.1.3. /etc/sysconfig/autofsD.1.4. /etc/sysconfig/clockD.1.5. /etc/sysconfig/dhcpdD.1.6. /etc/sysconfig/firstbootD.1.7. /etc/sysconfig/i18nD.1.8. /etc/sysconfig/initD.1.9. /etc/sysconfig/ip6tables-configD.1.10. /etc/sysconfig/keyboardD.1.11. /etc/sysconfig/ldapD.1.12. /etc/sysconfig/namedD.1.13. /etc/sysconfig/networkD.1.14. /etc/sysconfig/ntpdD.1.15. /etc/sysconfig/quaggaD.1.16. /etc/sysconfig/radvdD.1.17. /etc/sysconfig/sambaD.1.18. /etc/sysconfig/saslauthdD.1.19. /etc/sysconfig/selinuxD.1.20. /etc/sysconfig/sendmailD.1.21. /etc/sysconfig/spamassassinD.1.22. /etc/sysconfig/squidD.1.23. /etc/sysconfig/system-config-usersD.1.24. /etc/sysconfig/vncserversD.1.25. /etc/sysconfig/xinetd

D.2. Directories in the /etc/sysconfig/ DirectoryD.3. Additional Resources

D.3.1. Installed DocumentationThe proc File System

E.1. A Virtual File SystemE.1.1. Viewing Virtual FilesE.1.2. Changing Virtual Files

E.2. Top-level Files within the proc File SystemE.2.1. /proc/buddyinfoE.2.2. /proc/cmdlineE.2.3. /proc/cpuinfoE.2.4. /proc/cryptoE.2.5. /proc/devicesE.2.6. /proc/dmaE.2.7. /proc/execdomainsE.2.8. /proc/fbE.2.9. /proc/filesystemsE.2.10. /proc/interruptsE.2.11. /proc/iomemE.2.12. /proc/ioportsE.2.13. /proc/kcoreE.2.14. /proc/kmsgE.2.15. /proc/loadavgE.2.16. /proc/locksE.2.17. /proc/mdstat

Preface

21

640641641642643643643644645645646646646646648648649649650650650651653654655655658660661661662663664664664665. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665665666669671672673674675676676677679680681682685689

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

E.2.18. /proc/meminfoE.2.19. /proc/miscE.2.20. /proc/modulesE.2.21. /proc/mountsE.2.22. /proc/mtrrE.2.23. /proc/partitionsE.2.24. /proc/slabinfoE.2.25. /proc/statE.2.26. /proc/swapsE.2.27. /proc/sysrq-triggerE.2.28. /proc/uptimeE.2.29. /proc/version

E.3. Directories within /proc/E.3.1. Process Directories

E.3.1.1. /proc/self/E.3.2. /proc/bus/E.3.3. /proc/bus/pciE.3.4. /proc/driver/E.3.5. /proc/fsE.3.6. /proc/irq/E.3.7. /proc/net/E.3.8. /proc/scsi/E.3.9. /proc/sys/

E.3.9.1. /proc/sys/dev/E.3.9.2. /proc/sys/fs/E.3.9.3. /proc/sys/kernel/E.3.9.4. /proc/sys/net/E.3.9.5. /proc/sys/vm/

E.3.10. /proc/sysvipc/E.3.11. /proc/tty/E.3.12. /proc/PID/

E.4. Using the sysctl CommandE.5. Additional Resources

E.5.1. Installed DocumentationE.5.2. Useful Websites

Revision HistoryIndex

SymbolsABCDEFGHIKLMNOPR


22

691697698699699700701

STUVWXY

Preface

23


24

PrefaceThe Deployment Guide contains information on how to customize the Red Hat Enterprise Linux 6 systemto fit your needs. If you are looking for a comprehensive, task-oriented guide for configuring andcustomizing your system, this is the manual for you.

This manual discusses many intermediate topics such as the following:

Installing and managing packages using the graphical PackageKit and command line Yum packagemanagersSetting up a networkfrom establishing an Ethernet connection using NetworkManager toconfiguring channel bonding interfaces to increase server bandwidthConfiguring DHCP, BIND, Apache HTTP Server, Postfix, Sendmail and other enterprise-classservers and softwareGathering information about your system, including obtaining user-space crash data with theAutomatic Bug Reporting Tool, and kernel-space crash data with kdumpEasily working with kernel modules and upgrading the kernel

1. Target AudienceThe Deployment Guide assumes you have a basic understanding of the Red Hat Enterprise Linuxoperating system. If you need help with the installation of this system, refer to the Red Hat EnterpriseLinux 6 Installation Guide.

2. How to Read this BookThis manual is divided into the following main categories:

Part I, Basic System ConfigurationThis part covers basic system administration tasks such as keyboard configuration, date andtime configuration, managing users and groups, and gaining privileges.

Chapter 1, Keyboard Configuration covers basic keyboard setup. Read this chapter if you needto change the keyboard layout, add the Keyboard Indicator applet to the panel, or enforce aperiodic typing brake.

Chapter 2, Date and Time Configuration covers the configuration of the system date and time.Read this chapter if you need to change the date and time setup, or configure the system tosynchronize the clock with a remote Network T ime Protocol (NTP) server.

Chapter 3, Managing Users and Groups covers the management of users and groups in agraphical user interface and on the command line. Read this chapter if you need to manageusers and groups on your system, or enable password aging.

Chapter 4, Gaining Privileges documents how to gain administrative privileges. Read thischapter to learn how to use the su and sudo commands.

Part II, Package ManagementThis part focuses on product subscriptions and entitlements, and describes how to managesoftware packages on Red Hat Enterprise Linux using both Yum and the PackageKit suite ofgraphical package management tools.

Chapter 5, Registering a System and Managing Subscriptions provides an overview ofsubscription management in Red Hat Enterprise Linux and the Red Hat Subscription Manager

Preface

25

tools which are available. Read this chapter to learn how to register or unregister a system,activate a machine, and handle product subscriptions and entitlements.

Chapter 6, Yum describes the Yum package manager. Read this chapter for information how tosearch, install, update, and uninstall packages on the command line.

Chapter 7, PackageKit describes the PackageKit suite of graphical package managementtools. Read this chapter for information how to search, install, update, and uninstall packagesusing a graphical user interface.

Part III, NetworkingThis part describes how to configure the network on Red Hat Enterprise Linux.

Chapter 8, NetworkManager focuses on NetworkManager, a dynamic network control andconfiguration system that attempts to keep network devices and connections up and activewhen they are available. Read this chapter for information how to run the NetworkManagerdaemon, and how to interact with it using the corresponding applet for the notification area.

Chapter 9, Network Interfaces explores various interface configuration files, interface controlscripts, and network function files located in the /etc/sysconfig/network-scripts/directory. Read this chapter for information how to use these files to configure networkinterfaces.

Part IV, Infrastructure ServicesThis part provides information how to configure services and daemons, configureauthentication, and enable remote logins.

Chapter 10, Services and Daemons explains the concept of runlevels, and describes how to setthe default one. It also covers the configuration of the services to be run in each of theserunlevels, and provides information on how to start, stop, and restart a service. Read thischapter to learn how to manage services on your system.

Chapter 11, Configuring Authentication describes how to configure user information retrievalfrom Lightweight Directory Access Protocol (LDAP), Network Information Service (NIS), andWinbind user account databases, and provides an introduction to the System Security ServicesDaemon (SSSD). Read this chapter if you need to configure authentication on your system.

Chapter 12, OpenSSH describes how to enable a remote login via the SSH protocol. It coversthe configuration of the sshd service, as well as a basic usage of the ssh, scp, sftp clientutilities. Read this chapter if you need a remote access to a machine.

Part V, ServersThis part discusses various topics related to servers such as how to set up a web server orshare files and directories over the network.

Chapter 13, DHCP Servers guides you through the installation of a Dynamic Host ConfigurationProtocol (DHCP) server and client. Read this chapter if you need to configure DHCP on yoursystem.

Chapter 14, DNS Servers introduces you to Domain Name System (DNS), explains how toinstall, configure, run, and administer the BIND DNS server. Read this chapter if you need toconfigure a DNS server on your system.

Chapter 15, Web Servers focuses on the Apache HTTP Server 2.2 , a robust, full-featuredopen source web server developed by the Apache Software Foundation. Read this chapter if


26

you need to configure a web server on your system.

Chapter 16, Mail Servers reviews modern email protocols in use today, and some of theprograms designed to send and receive email, including Postfix, Sendmail, Fetchmail, andProcmail. Read this chapter if you need to configure a mail server on your system.

Chapter 17, Directory Servers covers the installation and configuration of OpenLDAP 2.4 , anopen source implementation of the LDAPv2 and LDAPv3 protocols. Read this chapter if youneed to configure a directory server on your system.

Chapter 18, File and Print Servers guides you through the installation and configuration ofSamba , an open source implementation of the Server Message Block (SMB) protocol, andvsftpd, the primary FTP server shipped with Red Hat Enterprise Linux. Additionally, it explainshow to use the Printer Configuration tool to configure printers. Read this chapter if you needto configure a file or print server on your system.

Part VI, Monitoring and AutomationThis part describes various tools that allow system administrators to monitor systemperformance, automate system tasks, and report bugs.

Chapter 19, System Monitoring Tools discusses applications and commands that can be usedto retrieve important information about the system. Read this chapter to learn how to gatheressential system information.

Chapter 20, Viewing and Managing Log Files describes the configuration of the rsyslogdaemon, and explains how to locate, view, and monitor log files. Read this chapter to learn howto work with log files.

Chapter 21, Automating System Tasks provides an overview of the cron, at, and batchutilities. Read this chapter to learn how to use these utilities to perform automated tasks.

Chapter 22, Automatic Bug Reporting Tool (ABRT) concentrates on ABRT , a system serviceand a set of tools to collect crash data and send a report to the relevant issue tracker. Readthis chapter to learn how to use ABRT on your system.

Chapter 23, OProfile covers OProfile , a low overhead, system-wide performance monitoringtool. Read this chapter for information how to use OProfile on your system.

Part VII, Kernel, Module and Driver ConfigurationThis part covers various tools that assist administrators with kernel customization.

Chapter 24, Manually Upgrading the Kernel provides important information how to manuallyupdate a kernel package using the rpm command instead of yum . Read this chapter if youcannot update a kernel package with the Yum package manager.

Chapter 25, Working with Kernel Modules explains how to display, query, load, and unloadkernel modules and their dependencies, and how to set module parameters. Additionally, itcovers specific kernel module capabilities such as using multiple Ethernet cards and usingchannel bonding. Read this chapter if you need to work with kernel modules.

Chapter 26, The kdump Crash Recovery Service explains how to configure, test, and use the kdump service in Red Hat Enterprise Linux, and provides a brief overview of how to analyze theresulting core dump using the crash debugging utility. Read this chapter to learn how to enablekdump on your system.

Preface

27

Appendix A, Consistent Network Device NamingThis appendix covers consistent network device naming for network interfaces, a feature thatchanges the name of network interfaces on a system in order to make locating anddifferentiating the interfaces easier. Read this appendix to learn more about this feature andhow to enable or disable it.

Appendix B, RPMThis appendix concentrates on the RPM Package Manager (RPM), an open packaging systemused by Red Hat Enterprise Linux, and the use of the rpm utility. Read this appendix if youneed to use rpm instead of yum .

Appendix C, The X Window SystemThis appendix covers the configuration of the X Window System, the graphical environmentused by Red Hat Enterprise Linux. Read this appendix if you need to adjust the configuration ofyour X Window System.

Appendix D, The sysconfig DirectoryThis appendix outlines some of the files and directories located in the /etc/sysconfig/directory. Read this appendix if you want to learn more about these files and directories, theirfunction, and their contents.

Appendix E, The proc File SystemThis appendix explains the concept of a virtual file system, and describes some of the top-levelfiles and directories within the proc file system (that is, the /proc/ directory). Read thisappendix if you want to learn more about this file system.

3. Document ConventionsThis manual uses several conventions to highlight certain words and phrases and draw attention tospecific pieces of information.

In PDF and paper editions, this manual uses typefaces drawn from the Liberation Fonts set. TheLiberation Fonts set is also used in HTML editions if the set is installed on your system. If not, alternativebut equivalent typefaces are displayed. Note: Red Hat Enterprise Linux 5 and later includes theLiberation Fonts set by default.

3.1. Typographic ConventionsFour typographic conventions are used to call attention to specific words and phrases. Theseconventions, and the circumstances they apply to, are as follows.

Mono-spaced Bold

Used to highlight system input, including shell commands, file names and paths. Also used to highlightkeys and key combinations. For example:

To see the contents of the file my_next_bestselling_novel in your current workingdirectory, enter the cat my_next_bestselling_novel command at the shell promptand press Enter to execute the command.

The above includes a file name, a shell command and a key, all presented in mono-spaced bold and all


28

distinguishable thanks to context.

Key combinations can be distinguished from an individual key by the plus sign that connects each part ofa key combination. For example:

Press Enter to execute the command.

Press Ctrl+Alt+F2 to switch to a virtual terminal.

The first example highlights a particular key to press. The second example highlights a key combination:a set of three keys pressed simultaneously.

If source code is discussed, class names, methods, functions, variable names and returned valuesmentioned within a paragraph will be presented as above, in mono-spaced bold. For example:

File-related classes include filesystem for file systems, file for files, and dir fordirectories. Each class has its own associated set of permissions.

Proportional Bold

This denotes words or phrases encountered on a system, including application names; dialog box text;labeled buttons; check-box and radio button labels; menu titles and sub-menu titles. For example:

Choose System Preferences Mouse from the main menu bar to launch MousePreferences. In the Buttons tab, click the Left-handed mouse check box and clickClose to switch the primary mouse button from the left to the right (making the mousesuitable for use in the left hand).

To insert a special character into a gedit file, choose Applications Accessories Character Map from the main menu bar. Next, choose Search Find from theCharacter Map menu bar, type the name of the character in the Search field and clickNext. The character you sought will be highlighted in the Character Table. Double-clickthis highlighted character to place it in the Text to copy field and then click the Copybutton. Now switch back to your document and choose Edit Paste from the gedit menubar.

The above text includes application names; system-wide menu names and items; application-specificmenu names; and buttons and text found within a GUI interface, all presented in proportional bold and alldistinguishable by context.

Mono-spaced Bold Italic or Proportional Bold Italic

Whether mono-spaced bold or proportional bold, the addition of italics indicates replaceable or variabletext. Italics denotes text you do not input literally or displayed text that changes depending oncircumstance. For example:

To connect to a remote machine using ssh, type ssh [email protected] at a shellprompt. If the remote machine is example.com and your username on that machine isjohn, type ssh [email protected] .

The mount -o remount file-system command remounts the named file system. Forexample, to remount the /home file system, the command is mount -o remount /home.

To see the version of a currently installed package, use the rpm -q package command. Itwill return a result as follows: package-version-release.

Note the words in bold italics above username, domain.name, file-system, package, version andrelease. Each word is a placeholder, either for text you enter when issuing a command or for text

Chapter 1. Keyboard Configuration

29

displayed by the system.

Aside from standard usage for presenting the title of a work, italics denotes the first use of a new andimportant term. For example:

Publican is a DocBook publishing system.

3.2. Pull-quote ConventionsTerminal output and source code listings are set off visually from the surrounding text.

Output sent to a terminal is set in mono-spaced roman and presented thus:

books Desktop documentation drafts mss photos stuff svnbooks_tests Desktop1 downloads images notes scripts svgs

Source-code listings are also set in mono-spaced roman but add syntax highlighting as follows:

package org.jboss.book.jca.ex1;

import javax.naming.InitialContext;

public class ExClient{ public static void main(String args[]) throws Exception { InitialContext iniCtx = new InitialContext(); Object ref = iniCtx.lookup("EchoBean"); EchoHome home = (EchoHome) ref; Echo echo = home.create();

System.out.println("Created Echo");

System.out.println("Echo.echo('Hello') = " + echo.echo("Hello")); }}

3.3. Notes and WarningsFinally, we use three visual styles to draw attention to information that might otherwise be overlooked.

Note

Notes are tips, shortcuts or alternative approaches to the task at hand. Ignoring a note shouldhave no negative consequences, but you might miss out on a trick that makes your life easier.

Important

Important boxes detail things that are easily missed: configuration changes that only apply to thecurrent session, or services that need restarting before an update will apply. Ignoring a boxlabeled 'Important' will not cause data loss but may cause irritation and frustration.


30

Warning

Warnings should not be ignored. Ignoring warnings will most likely cause data loss.

4. FeedbackIf you find a typographical error in this manual, or if you have thought of a way to make this manualbetter, we would love to hear from you! Please submit a report in Bugzilla against the product Red HatEnterprise Linux 6 .

When submitting a bug report, be sure to provide the following information:

Manual's identifier: doc-Deployment_GuideVersion number: 6

If you have a suggestion for improving the documentation, try to be as specific as possible whendescribing it. If you have found an error, please include the section number and some of the surroundingtext so we can find it easily.

5. AcknowledgmentsCertain portions of this text first appeared in the Deployment Guide, copyright 2007 Red Hat, Inc.,available at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/index.html.

Section 19.6, Monitoring Performance with Net-SNMP is based on an article written by Michael Solberg.

The authors of this book would like to thank the following people for their valuable contributions: AdamTk, Andrew Fitzsimon, Andrius Benokraitis, Brian Cleary Edward Bailey, Garrett LeSage, Jeffrey Fearn,Joe Orton, Joshua Wulf, Karsten Wade, Lucy Ringland, Marcela Malov, Mark Johnson, MichaelBehm, Miroslav Lichvr, Radek Vokl, Rahul Kavalapara, Rahul Sundaram, Sandra Moore, Zbyek Mrz,Jan Velk, Peter Hutterer and James Antill, among many others.


31

Part I. Basic System ConfigurationThis part covers basic system administration tasks such as keyboard configuration, date and timeconfiguration, managing users and groups, and gaining privileges.


32

Chapter 1. Keyboard ConfigurationThis chapter describes how to change the keyboard layout, as well as how to add the KeyboardIndicator applet to the panel. It also covers the option to enforce a typing break, and explains bothadvantages and disadvantages of doing so.

1.1. Changing the Keyboard LayoutThe installation program allowed you to configure a keyboard layout for your system. However, thedefault settings may not always suit your current needs. To configure a different keyboard layout afterthe installation, use the Keyboard Preferences tool.

To open Keyboard Layout Preferences, select System Preferences Keyboard from thepanel, and click the Layouts tab.

Figure 1.1. Keyboard Layout Preferences

You will be presented with a list of available layouts. To add a new one, click the Add... button belowthe list, and you will be prompted to chose which layout you want to add.


33

Figure 1.2. Choosing a layout

Currently, there are two ways how to chose the keyboard layout: you can either find it by the country it isassociated with (the By country tab), or you can select it by the language (the By language tab). Ineither case, first select the desired country or language from the Country or Language pulldown menu,then specify the variant from the Variants menu. The preview of the layout changes immediately. Toconfirm the selection, click Add.

Figure 1.3. Selecting the default layout

The layout should appear in the list. To make it the default, select the radio button next to its name. Thechanges take effect immediately. Note that there is a text-entry field at the bottom of the window whereyou can safely test your settings. Once you are satisfied, click Close to close the window.

Figure 1.4 . Testing the layout


34

Disable separate layout for each window

By default, changing the keyboard layout affects the active window only. This means that if youchange the layout and switch to another window, this window will use the old one, which might beconfusing. To turn this behavior off, unselect the Separate layout for each windowcheckbox.

Doing this has its drawbacks though, as you will no longer be able to chose the default layout byselecting the radio button as shown in Figure 1.3, Selecting the default layout. To make thelayout the default, simply drag it at the beginning of the list.

1.2. Adding the Keyboard Layout IndicatorIf you want to see what keyboard layout you are currently using, or you would like to switch betweendifferent layouts with a single mouse click, add the Keyboard Indicator applet to the panel. To do so,right-click the empty space on the main panel, and select the Add to Panel... option from the pulldownmenu.

Figure 1.5. Adding a new applet

You will be presented with a list of available applets. Scroll through the list (or start typing keyboard tothe search field at the top of the window), select Keyboard Indicator, and click the Add button.

Chapter 2. Date and Time Configuration

35

Figure 1.6. Selecting the Keyboard Indicator

The applet appears immediately, displaying the shortened name of the country the current layout isassociated with. To display the actual variant, hover the pointer over the applet icon.

Figure 1.7. The Keyboard Indicator applet

1.3. Setting Up a Typing BreakTyping for a long period of time can be not only tiring, but it can also increase the risk of serious healthproblems, such as carpal tunnel syndrome. One way of preventing this is to configure the system toenforce the typing break. Simply select System Preferences Keyboard from the panel, click theTyping Break tab, and select the Lock screen to enforce typing break checkbox.


36

Figure 1.8. Typing Break Properties

To increase or decrease the amount of time you want to be allowed to type before the break is enforced,click the up or down button next to the Work interval lasts label respectively. You can do the samewith the Break interval lasts setting to alter the length of the break itself. Finally, select the Allowpostponing of breaks checkbox if you want to be able to delay the break in case you need to finishthe work. The changes take effect immediately.

Figure 1.9. Taking a break


37

Next time you reach the time limit, you will be presented with a screen advising you to take a break, anda clock displaying the remaining time. If you enabled it, the Postpone Break button will be located atthe bottom right corner of the screen.


38

Chapter 2. Date and Time ConfigurationThis chapter covers setting the system date and time in Red Hat Enterprise Linux, both manually andusing the Network T ime Protocol (NTP), as well as setting the adequate time zone. Two methods arecovered: setting the date and time using the Date/Time Properties tool, and doing so on the commandline.

2.1. Date/Time Properties ToolThe Date/Time Properties tool allows the user to change the system date and time, to configure thetime zone used by the system, and to set up the Network T ime Protocol daemon to synchronize thesystem clock with a time server. Note that to use this application, you must be running the X WindowSystem (see Appendix C, The X Window System for more information on this topic).

To start the tool, select System Administration Date & Time from the panel, or type the system-config-date command at a shell prompt (e.g., xterm or GNOME Terminal). Unless you arealready authenticated, you will be prompted to enter the superuser password.

Figure 2.1. Authentication Query

2.1.1. Date and Time PropertiesAs shown in Figure 2.2, Date and Time Properties, the Date/Time Properties tool is divided into twoseparate tabs. The tab containing the configuration of the current date and time is shown by default.


39

Figure 2.2. Date and Time Properties

To set up your system manually, follow these steps:

1. Change the current date. Use the arrows to the left and right of the month and year to change themonth and year respectively. Then click inside the calendar to select the day of the month.

2. Change the current time. Use the up and down arrow buttons beside the Hour, Minute, andSecond, or replace the values directly.

Click the OK button to apply the changes and exit the application.

2.1.2. Network Time Protocol PropertiesIf you prefer an automatic setup, select the checkbox labeled Synchronize date and time overthe network instead. This will display the list of available NTP servers as shown in Figure 2.3,Network T ime Protocol Properties.


40

Figure 2.3. Network Time Protocol Properties

Here you can choose one of the predefined servers, edit a predefined server by clicking the Editbutton, or add a new server name by clicking Add. In the Advanced Options, you can also selectwhether you want to synchronize the system clock before starting the service, and if you wish to use alocal time source.

Note

Your system does not start synchronizing with the NTP server until you click the OK button at thebottom of the window to confirm your changes.

Click the OK button to apply any changes made to the date and time settings and exit the application.

2.1.3. Time Zone PropertiesTo configure the system time zone, click the Time Zone tab as shown in Figure 2.4, T ime ZoneProperties.


41

Figure 2.4 . Time Zone Properties

There are two common approaches to the time zone selection:

1. Using the interactive map. Click zoom in and zoom out buttons next to the map, or click on themap itself to zoom into the selected region. Then choose the city specific to your time zone. A redX appears and the time zone selection changes in the list below the map.

2. Use the list below the map. To make the selection easier, cities and countries are grouped withintheir specific continents. Note that non-geographic time zones have also been added to addressneeds in the scientific community.

If your system clock is set to use UTC, select the System clock uses UTC option. UTC stands forthe Universal Time, Coordinated, also known as Greenwich Mean Time (GMT). Other time zones aredetermined by adding or subtracting from the UTC time.

Click OK to apply the changes and exit the program.

2.2. Command Line ConfigurationIn case your system does not have the Date/Time Properties tool installed, or the X Window Server isnot running, you will have to change the system date and time on the command line. Note that in order toperform actions described in this section, you have to be logged in as a superuser:

~]$ su -Password:

2.2.1. Date and Time SetupThe date command allows the superuser to set the system date and time manually:

1. Change the current date. Type the command in the following form at a shell prompt, replacing the


42

YYYY with a four-digit year, MM with a two-digit month, and DD with a two-digit day of the month:

~]# date +%D -s YYYY-MM-DD

For example, to set the date to 2 June 2010, type:

~]# date +%D -s 2010-06-02

2. Change the current time. Use the following command, where HH stands for an hour, MM is a minute,and SS is a second, all typed in a two-digit form:

~]# date +%T -s HH:MM:SS

If your system clock is set to use UTC (Coordinated Universal T ime), add the following option:

~]# date +%T -s HH:MM:SS -u

For instance, to set the system clock to 11:26 PM using the UTC, type:

~]# date +%T -s 23:26:00 -u

You can check your current settings by typing date without any additional argument:

Example 2.1. Displaying the current date and t ime

~]$ dateWed Jun 2 11:58:48 CEST 2010

2.2.2. Network Time Protocol SetupAs opposed to the manual setup described above, you can also synchronize the system clock with aremote server over the Network T ime Protocol (NTP). For the one-time synchronization only, use thentpdate command:

1. Firstly, check whether the selected NTP server is accessible:

~]# ntpdate -q server_address

For example:

~]# ntpdate -q 0.rhel.pool.ntp.org

2. When you find a satisfactory server, run the ntpdate command followed by one or more serveraddresses:

~]# ntpdate server_address...

For instance:

~]# ntpdate 0.rhel.pool.ntp.org 1.rhel.pool.ntp.org

Unless an error message is displayed, the system time should now be set. You can check thecurrent by setting typing date without any additional arguments as shown in Section 2.2.1, Dateand Time Setup.

Chapter 3. Managing Users and Groups

43

3. In most cases, these steps are sufficient. Only if you really need one or more system services toalways use the correct time, enable running the ntpdate at boot time:

~]# chkconfig ntpdate on

For more information about system services and their setup, see Chapter 10, Services andDaemons.

Note

If the synchronization with the time server at boot time keeps failing, i.e., you find a relevanterror message in the /var/log/boot.log system log, try to add the following line to /etc/sysconfig/network:

NETWORKWAIT=1

However, the more convenient way is to set the ntpd daemon to synchronize the time at boot timeautomatically:

1. Open the NTP configuration file /etc/ntp.conf in a text editor such as vi or nano, or create anew one if it does not already exist:

~]# nano /etc/ntp.conf

2. Now add or edit the list of public NTP servers. If you are using Red Hat Enterprise Linux 6, the fileshould already contain the following lines, but feel free to change or expand these according toyour needs:

server 0.rhel.pool.ntp.orgserver 1.rhel.pool.ntp.orgserver 2.rhel.pool.ntp.org

Speed up initial synchronization

To speed the initial synchronization up, add the iburst directive at the end of each serverline:

server 0.rhel.pool.ntp.org iburstserver 1.rhel.pool.ntp.org iburstserver 2.rhel.pool.ntp.org iburst

3. Once you have the list of servers complete, in the same file, set the proper permissions, giving theunrestricted access to localhost only:

restrict default kod nomodify notrap nopeer noqueryrestrict -6 default kod nomodify notrap nopeer noqueryrestrict 127.0.0.1restrict -6 ::1

4. Save all changes, exit the editor, and restart the NTP daemon:


44

~]# service ntpd restart

5. Make sure that ntpd daemon is started at boot time:

~]# chkconfig ntpd on


45

Chapter 3. Managing Users and GroupsThe control of users and groups is a core element of Red Hat Enterprise Linux system administration.This chapter explains how to add, manage, and delete users and groups in the graphical user interfaceand on the command line, and covers advanced topics, such as enabling password aging or creatinggroup directories.

3.1. Introduction to Users and GroupsWhile users can be either people (meaning accounts tied to physical users) or accounts which exist forspecific applications to use, groups are logical expressions of organization, tying users together for acommon purpose. Users within a group can read, write, or execute files owned by that group.

Each user is associated with a unique numerical identification number called a user ID (UID). Likewise,each group is associated with a group ID (GID). A user who creates a file is also the owner and groupowner of that file. The file is assigned separate read, write, and execute permissions for the owner, thegroup, and everyone else. The file owner can be changed only by root, and access permissions can bechanged by both the root user and file owner.

Additionally, Red Hat Enterprise Linux supports access control lists (ACLs) for files and directories whichallow permissions for specific users outside of the owner to be set. For more information about thisfeature, refer to the Access Control Lists chapter of the Storage Administration Guide.

3.1.1. User Private GroupsRed Hat Enterprise Linux uses a user private group (UPG) scheme, which makes UNIX groups easier tomanage. A user private group is created whenever a new user is added to the system. It has the samename as the user for which it was created and that user is the only member of the user private group.

User private groups make it safe to set default permissions for a newly created file or directory, allowingboth the user and the group of that user to make modifications to the file or directory.

The setting which determines what permissions are applied to a newly created file or directory is calleda umask and is configured in the /etc/bashrc file. Traditionally on UNIX systems, the umask is set to 022, which allows only the user who created the file or directory to make modifications. Under thisscheme, all other users, including members of the creator's group, are not allowed to make anymodifications. However, under the UPG scheme, this group protection is not necessary since everyuser has their own private group.

3.1.2. Shadow PasswordsIn environments with multiple users, it is very important to use shadow passwords provided by theshadow-utils package to enhance the security of system authentication files. For this reason, theinstallation program enables shadow passwords by default.

The following is a list of the advantages shadow passwords have over the traditional way of storingpasswords on UNIX-based systems:

Shadow passwords improve system security by moving encrypted password hashes from the world-readable /etc/passwd file to /etc/shadow, which is readable only by the root user.Shadow passwords store information about password aging.Shadow passwords allow the /etc/login.defs file to enforce security policies.

Most utilities provided by the shadow-utils package work properly whether or not shadow passwords areenabled. However, since password aging information is stored exclusively in the /etc/shadow file, anycommands which create or modify password aging information do not work. The following is a list ofutilities and commands that do not work without first enabling shadow passwords:


46

The chage utility.The gpasswd utility.The usermod command with the -e or -f option.The useradd command with the -e or -f option.

3.2. Using the User Manager ToolThe User Manager application allows you to view, modify, add, and delete local users and groups in thegraphical user interface. To start the application, either select System Administration Usersand Groups from the panel, or type system-config-users at a shell prompt. Note that unless youhave superuser privileges, the application will prompt you to authenticate as root.

3.2.1. Viewing Users and GroupsThe main window of the User Manager is divided into two tabs: The Users tab provides a list of localusers along with additional information about their user ID, primary group, home directory, login shell, andfull name. The Groups tab provides a list of local groups with information about their group ID and groupmembers.

Figure 3.1. Viewing users and groups

To find a specific user or group, type the first few letters of the name in the Search filter field andeither press Enter, or click the Apply filter button. You can also sort the items according to any ofthe available columns by clicking the column header.

Red Hat Enterprise Linux reserves user and group IDs below 500 for system users and groups. Bydefault, the User Manager does not display the system users. To view all users and groups, selectEdit Preferences to open the Preferences dialog box, and clear the Hide system users andgroups checkbox.

3.2.2. Adding a New UserTo add a new user, click the Add User button. A window as shown in Figure 3.2, Adding a new userappears.


47

Figure 3.2. Adding a new user

The Add New User dialog box allows you to provide information about the newly created user. In orderto create a user, enter the username and full name in the appropriate fields and then type the user'spassword in the Password and Confirm Password fields. The password must be at least sixcharacters long.

Password security advice

It is advisable to use a much longer password, as this makes it more difficult for an intruder toguess it and access the account without permission. It is also recommended that the passwordnot be based on a dictionary term: use a combination of letters, numbers and special characters.

The Login Shell pulldown list allows you to select a login shell for the user. If you are not sure whichshell to select, accept the default value of /bin/bash.

By default, the User Manager application creates the home directory for a new user in /home/username/. You can choose not to create the home directory by clearing the Create homedirectory checkbox, or change this directory by editing the content of the Home Directory textbox. Note that when the home directory is created, default configuration files are copied into it from the /etc/skel/ directory.

Red Hat Enterprise Linux uses a user private group (UPG) scheme. Whenever you create a new user, aunique group with the same name as the user is created by default. If you do not want to create thisgroup, clear the Create a private group for the user checkbox.

To specify a user ID for the user, select Specify user ID manually. If the option is not selected,the next available user ID above 500 is assigned to the new user. Because Red Hat Enterprise Linux


48

reserves user IDs below 500 for system users, it is not advisable to manually assign user IDs 1499.

Clicking the OK button creates the new user. To configure more advanced user properties, such aspassword expiration, modify the user's properties after adding the user.

3.2.3. Adding a New GroupTo add a new user group, select Add Group from the toolbar. A window similar to Figure 3.3, NewGroup appears. Type the name of the new group. To specify a group ID for the new group, selectSpecify group ID manually and select the GID. Note that Red Hat Enterprise Linux also reservesgroup IDs lower than 500 for system groups.

Figure 3.3. New Group

Click OK to create the group. The new group appears in the group list.

3.2.4 . Modifying User PropertiesTo view the properties of an existing user, click on the Users tab, select the user from the user list, andclick Properties from the menu (or choose File Properties from the pulldown menu). A windowsimilar to Figure 3.4, User Properties appears.

Figure 3.4 . User Properties

The User Properties window is divided into multiple tabbed pages:

User Data Shows the basic user information configured when you added the user. Use this tab


49

to change the user's full name, password, home directory, or login shell.Account Info Select Enable account expiration if you want the account to expire on acertain date. Enter the date in the provided fields. Select Local password is locked to lock theuser account and prevent the user from logging into the system.Password Info Displays the date that the user's password last changed. To force the user tochange passwords after a certain number of days, select Enable password expiration andenter a desired value in the Days before change required: field. The number of days beforethe user's password expires, the number of days before the user is warned to change passwords,and days before the account becomes inactive can also be changed.Groups Allows you to view and configure the Primary Group of the user, as well as other groupsthat you want the user to be a member of.

3.2.5. Modifying Group PropertiesTo view the properties of an existing group, select the group from the group list and click Propertiesfrom the menu (or choose File Properties from the pulldown menu). A window similar to Figure 3.5,Group Properties appears.

Figure 3.5. Group Properties

The Group Users tab displays which users are members of the group. Use this tab to add or removeusers from the group. Click OK to save your changes.

3.3. Using Command Line ToolsThe easiest way to manage users and groups on Red Hat Enterprise Linux is to use the UserManager application as described in Section 3.2, Using the User Manager Tool. However, if you prefercommand line tools or do not have the X Window System installed, you can use command line utilitiesthat are listed in Table 3.1, Command line utilities for managing users and groups.


50

Table 3.1. Command line utilit ies for managing users and groups

Utilit ies Descriptionuseradd, usermod, userdel Standard utilities for adding, modifying, and deleting user

accounts.groupadd, groupmod, groupdel

Standard utilities for adding, modifying, and deleting groups.

gpasswd Standard utility for administering the /etc/group configurationfile.

pwck, grpck Utilities that can be used for verification of the password, group,and associated shadow files.

pwconv, pwunconv Utilities that can be used for the conversion of passwords toshadow passwords, or back from shadow passwords tostandard passwords.

3.3.1. Adding a New UserTo add a new user to the system, typing the following at a shell prompt as root:

useradd [options] username

where options are command line options as described in Table 3.2, useradd command line options.

By default, the useradd command creates a locked user account. To unlock the account, run thefollowing command as root to assign a password:

passwd username

Optionally, you can set password aging policy. Refer to Red Hat Enterprise Linux 6 Security Guide forinformation on how to enable password aging.


51

Table 3.2. useradd command line options

Option Description-c 'comment' comment can be replaced with any string. This option is generally used

to specify the full name of a user.-d home_directory Home directory to be used instead of default /home/username/.-e date Date for the account to be disabled in the format YYYY-MM-DD.-f days Number of days after the password expires until the account is

disabled. If 0 is specified, the account is disabled immediately after thepassword expires. If -1 is specified, the account is not be disabledafter the password expires.

-g group_name Group name or group number for the user's default group. The groupmust exist prior to being specified here.

-G group_list List of additional (other than default) group names or group numbers,separated by commas, of which the user is a member. The groupsmust exist prior to being specified here.

-m Create the home directory if it does not exist.-M Do not create the home directory.-N Do not create a user private group for the user.-p passwor

Documents

Red Hat Enterprise Linux 6 Deployment Guide en US