Advanced System Administration I - Student Manual

SUSELINUX EnterpriseServerAdvancedSystemAdministrationI

SUSELINUX AG

4 038564 010803

SUSELINUX AGTrainingDocument– Article No. 45441-3INT

SUSELINUX Enterprise Server – AdvancedSystemAdministration I

Release:February2004(SUSELINUX EnterpriseServer 8)

Feedbackto: [email protected]

All programs,illustrationsand information containedin this manualwere compiledto our bestknowledgeandtestedcarefully. This, however, doesnot excludethepossibilityof errors.For thisreason,the programmaterialcontainedin this presentmanualshall not constituteany obligationor guaranteeof any kind. The authorsof SUSELINUX AG will thusacceptno responsibilityorin any way beheld liable for damagesof any kind which mayresultfrom theuseof this programmaterial,partsthereof,or for any resultingviolationof thelaw by third parties.

The representationof registerednames,tradenames,the namingof goodsetc. in this trainingmanualdoesnot give theright, evenwherenot specificallystipulated,to assumethatsuchnames,in termsof tradenamesor protectionof tradenamelegislation,canberegardedasfreeandthusbeput to useby anybodywhosoever.

All tradenamesareusedwithout the guaranteefor their free useandmay possiblybe registeredtrademarks.SUSELINUX AG essentiallyadheresto theguidelinesof themanufacturers.Otherproductsnamedheremaybetrademarksof a respective manufacturer.

This work is protectedby copyright. All rights in connectionwith the reproductionor copyingof this trainingmanualor partsthereofarereserved. This alsoappliesto translationsthereof. Nopart of this work may, in any form whatsoever (print, photocopy, microfilm or any otherproce-dures)andalsonot for trainingpurposes,bereproducedor electronicallyprocessed,duplicated,ordisseminatedwithout thewrittenpermissionof thepublisher.

© 2004SUSELINUX AG

Internet:http://www.suse.de/training/

© 2004,SUSELINUX AG (http://www.suse.de/training/)

Contents

1 UserAdministration 1

1.1 UsersandGroups . . . . . . . . . 2

1.2 Filesfor UserAdministration . . . . . . . 3

1.2.1 /etc/passwd . . . . . . . . 4

1.2.2 /etc/shadow . . . . . . . . 5

1.2.3 Checking/etc/passwd and/etc/shadow . . 6

1.2.4 /etc/group . . . . . . . . 7

1.2.5 /etc/gshadow . . . . . . . . 8

1.3 UserandGroupAdministrationwith YaST . . . . . 8

1.4 UserandGroupAdministrationwith ShellCommands . . . 12

1.4.1 useradd, usermod, userdel, passwd . . . 12

1.4.2 Group Administration: groupadd, groupmod, groupdel,gpasswd . . . . . . . . . 16

1.4.3 Tips for UserAdministration . . . . . . 18

1.5 DefaultSettingsfor theUser . . . . . . . 19

1.6 ChangingtheCurrentUID andGID . . . . . . 21

1.6.1 ChangingtheUID with su . . . . . . 21

1.6.2 ChangingtheGID with newgrp . . . . . 22

1.6.3 ChangingtheUID in KDE . . . . . . 23

1.7 DelegatingAdministrativeTaskswith sudo . . . . 24

1.8 PAM . . . . . . . . . . . . 25

1.9 faillog . . . . . . . . . . . 28

1.10 Quotas . . . . . . . . . . . 29

© 2004,SUSELINUX AG (http://www.suse.de/training/) i

Contents

2 Bootmanager 37

2.1 Whatis aBootManager? . . . . . . . . 38

2.2 TheBootManagerGRUB . . . . . . . . 38

2.2.1 ConfiguringtheBootManagerGRUB . . . . 39

2.2.2 TheGRUB Shell . . . . . . . . 41

2.3 TheBootManagerLILO . . . . . . . . 42

2.4 Additional Information . . . . . . . . 43

3 The Runlevel Concept 45

3.1 TheOrderof EventsWhentheSystemStarts . . . . 46

3.2 Theinit Program . . . . . . . . . 47

3.3 TheRunlevels . . . . . . . . . . 47

3.4 TheFile /etc/inittab . . . . . . . . 49

3.5 Theinit Scripts . . . . . . . . . 50

3.6 ChangingtheRunlevel . . . . . . . . 53

3.6.1 shutdown andhalt . . . . . . . 54

4 YaST and SuSEconfig 59

4.1 YaST . . . . . . . . . . . . 60

4.2 /etc/sysconfig/ andSuSEconfig . . . . . 62

5 SystemMonitoring 65

5.1 TheSyslogDaemon . . . . . . . . . 66

5.2 ImportantLog Files . . . . . . . . . 70

5.3 Archiving Log Files . . . . . . . . . 71

5.4 MonitoringHardDriveSpace . . . . . . . 73

ii © 2004,SUSELINUX AG (http://www.suse.de/training/)

Contents

6 Data Backups 77

6.1 DataBackupStrategies . . . . . . . . 78

6.2 BackupToolsin Linux . . . . . . . . 80

6.2.1 DataBackupwith tar . . . . . . . 80

6.2.2 Mirroring Directorieswith rsync . . . . . 84

6.2.3 Copying Datawith dd . . . . . . . 85

6.3 Workingwith MagneticTapes . . . . . . . 86

6.4 AutomatingDataBackups . . . . . . . . 88

7 Integrating Hardware 91

7.1 AddingaHardDisk to theSystem . . . . . . 92

7.1.1 PartitioningaHardDisk . . . . . . . 92

7.1.2 CreatingaFile System . . . . . . . 96

7.1.3 MountingtheFile System . . . . . . 98

7.1.4 TheFile /etc/fstab . . . . . . . 98

7.2 KernelModules . . . . . . . . . . 99

7.2.1 Commandsfor UsingModules . . . . . 100

7.2.2 TheFile /etc/modules.conf . . . . . 101

8 The X Window System 103

8.1 TheX Window System . . . . . . . . 104

8.1.1 DisplayNames . . . . . . . . 105

8.2 StartingtheX Window SystemStepby Step . . . . 106

8.3 StartingtheX Serverwith aWindow Manager . . . . 110

8.3.1 StartingaSecondX Server . . . . . . 110

8.3.2 Log File for theX Server . . . . . . 110

8.4 GraphicalLogin . . . . . . . . . . 112

8.5 Protectionfrom UnauthorizedAccess . . . . . . 113

8.5.1 xhost . . . . . . . . . . 114

8.5.2 xauth . . . . . . . . . . 114

8.5.3 ssh . . . . . . . . . . 115

8.6 ConfiguringtheX Server . . . . . . . . 116

© 2004,SUSELINUX AG (http://www.suse.de/training/) iii

Contents

9 Printing 119

9.1 Basics . . . . . . . . . . . . 120

9.1.1 Thecupsd PrinterDaemon . . . . . . 121

9.1.2 Filteringor ConvertingtheDatato Print . . . . 122

9.2 Configurationof aLocalPrinter . . . . . . . 123

9.3 PrintCommands . . . . . . . . . . 125

9.3.1 SubmittingaPrint Job:lpr, lp . . . . . 125

9.3.2 DisplayingPrint Jobs:lpq, lpstat . . . . 126

9.3.3 CancelingPrint Jobs:lprm, cancel . . . . 126

9.3.4 Configurationof aQueue:lpoptions . . . . 127

9.4 PrinterAdministration . . . . . . . . . 128

9.4.1 ManagingPrinterQueues . . . . . . 128

9.4.2 LoggingErrorMessages . . . . . . . 128

10 RescueSystem 133

10.1 PossibleCausesof Interruptionof theBootProcess . . . 134

10.2 Bootingfrom CD ThenAccessingInstalledSystem . . . 134

10.3 TheSUSERescueSystem . . . . . . . . 135

10.4 Bootingin aShell . . . . . . . . . 137

10.5 CheckingtheFile System . . . . . . . . 137

A A Summary of Important Commands 143

B Abbreviations 149

iv © 2004,SUSELINUX AG (http://www.suse.de/training/)

1 User Administration

Learning Aims

In this chapter, youwill learn

• whataUID andaGID areandhow to querythem

• theuserandgroupadministrationfiles:/etc/passwd, /etc/shadow, /etc/group, /etc/gshadow

• how to create,edit,anddeletegroupsanduserswith YaST

• theuseradministrationcommands:useradd, usermod, userdel, passwd

• thegroupadministrationcommands:groupadd, groupmod, groupdel, gpasswd

• thefiles containingdefault settingsfor usersandpasswords:/etc/login.defs, /etc/default/useradd

• how to changethecurrentUID or GID with su andnewgrp

• how to delegateadministrative tasksto otheruserswith thecommandsudo

• how to configurethefile /etc/sudoers with visudo

• how to configuretheuserauthenticationin aflexible waywith PAM modules

• thepurposeof thePAM modulespam_nologin andpam_securetty

• how to lock an accountautomaticallywith faillog following a set numberoffailedlogin attempts

• how to usequotasto limit theharddisk spacefor usersandgroups

© 2004,SUSELINUX AG (http://www.suse.de/training/) 1


1.1 Users and Groups

Linux is amultiusersystem,i.e. severaluserscanwork onthesystemat thesametime. Forthis reasonthesystemmustbe ableto uniquelyidentify all users.To achieve this, everyusermustlog in

• with ausernameand

• with apassword.

Sincetheoperatingsystemcanhandlenumbersmuchbetterthanstrings,usersareadmin-istratedinternally as numbers. The numberwhich a userreceives is the so-calledUID(UserID).

EveryLinux systemhasaprivilegeduser, theuserroot. ThisuseralwayshastheUID 0.

Userscanbegroupedtogether:

• “normal” usersareusuallyin thegroupusers,

• all userswho intendsto createweb pages,for example,are placedin the groupwebedit, etc.

Of course,file permissionsfor the directoryin which the web pagesarelocatedmustbesetsothatthegroupwebeditis ableto write there.

As with users,thegroupsarealsoallocatedanumberinternally: theGID (GroupID).

With thecommandid a useris given informationon his UID andthegroupshebelongsto.

tux@earth:~ > iduid=500(tux) gid=100(users) groups=100(users),14(uucp),16(dialout),17(audio),33(video)

id providesthefollowing information:

• Who I am:uid=500(tux)

• Whatmy “effective”, i.e. currentGID is: gid=100(users)

• In whichgroupsI amamember:groups=...

2 © 2004,SUSELINUX AG (http://www.suse.de/training/)

1.2 Files for User Administration

If you just want informationon the groupsin which you area member, you canusethecommandgroups:

tux@earth:~ > groupsusers uucp dialout audio video

Both with id andwith groups you canoptionallyspecifya username.With thecom-mandid root youobtaininformationon theuserroot.

Additional information about local users can be queried with the commandfinger user:

geeko@earth:~> finger tuxLogin: tux Name: tuxDirectory: /home/tux Shell: /bin/bashOn since Thu Oct 23 13:21 (CEST) on pts/0 from 192.168.5.16New mail received Wed Oct 22 11:54 2003 (CEST)

Unread since Wed Oct 22 11:54 2003 (CEST)No Plan.

Exercise: Users in Lin ux

Usingthecommandsid andgroups, find out

1. whichUID youhave

2. whatyoureffectiveGID is

3. in whichgroupsyouareamember,

4. in whichgroupstheuserroot is amember.


Informationon usersandgroupsis storedin four files, the structureof which shouldbeknown to thesystemadministrator:

• /etc/passwd

• /etc/shadow

• /etc/group

• /etc/gshadow

Thesefour filesarebriefly introducedbelow.



1.2.1 /etc/passwd

In the past,Unix/Linux userswereadministratedin a singlefile: /etc/passwd. Heretheusername,theUID, thehomedirectory, thestandardshellandtheencryptedpasswordwerelocated.

Thepassword wasencryptedusingthefunctioncrypt (man 3 crypt). In principleitis not possibleto deducetheplain text password from theencryptedpassword. Thereareprograms,however (suchasjohn), which usedictionariesto encryptvariouspasswordswith crypt andcomparethe resultswith the entriesin the file /etc/passwd. Withthecalculationpower of moderncomputers,thefirst passwordswill have been“guessed”within amatterof minutes.

Themainproblemwith thefile /etc/passwd is thefact that thefile hasto bereadableby all. In orderthata usercanfind out to whoma specificfile belongs,hemustbeabletoallocatetheUID to ausername(becauseonly theUID is savedin theinodeof afile). Thisallocationtakesplacein thefile /etc/passwd. The logical consequenceof this wastostorethe password field in its own file which canonly be readby root: /etc/shadow(seeSection1.2.2on thefacingpage).

Thestructureof thefile /etc/passwd is quitestraightforward. Thefollowing diagramsummarizesthestructureof this file.

tux:x:606:100:The Linux penguin:/home/tux:/bin/bash

Standard shell

Home directory

Comments field

GID of primary group

UID

Password

User name

Figure1.1: A line from thefile /etc/passwd

Thefollowing shouldbenotedaboutindividual fieldsin /etc/passwd:

• Username

This is thenamewith which theuseris loggedin to thesystem(login name).Linuxcanalsohandlelongerusernames,but herethey shouldberestrictedto a maximumof eightcharacters,sothatthelogin-namemayalsobeusedby olderprograms.



• Password

Thereis usuallyan “x” in this field, which meansthat the password itself canbefoundin thefile /etc/shadow.

• UID

The UID 0 is reserved for the userroot. In accordancewith the Linux standard1

therearetwo numberrangeswhicharereserved:

– therange0 – 99 for thesystemitself

– therange100– 499for special“systemusers”(services,programs,etc.)

“Normal” usersstartfrom UID 500.

• Commentsfield

Normallythefull nameof theuseris writtenhere.Oftentheroomnumber, telephonenumberandotherinformationis alsostoredhere.

• Homedirectory

Usuallythepersonaldirectoryof theuseris in thedirectory/home andhasexactlythesamenameastheusernameor thelogin name.

• Standardshell

This is the shell which is startedfor a userafter he hassuccessfullyloggedin. InLinux this is normallybash(BourneAgainShell). It mustbenotedherethattheshellmustbe listed in thefile /etc/shells. Eachusercanchangehis standardshellwith thecommandchsh.

Informationon thisfile is providedby man 5 passwd.

1.2.2 /etc/shadow

The file /etc/shadow containsthe encryptedpassword andother informationon thepassword. This file shouldonly bereadableby theuserroot.

earth:~ # ls -l /etc/passwd /etc/shadow-rw-r--r-- 1 root root 2757 Jul 19 17:40 /etc/passwd-rw-r----- 1 root shadow 1262 Aug 16 14:01 /etc/shadow

Thefollowing diagramshows thestructureof a line in thefile /etc/shadow.

1http://www.linuxbase.org



tux:khMXCG8NPkeg2:11568:0:99999:7:0:12134:

Day on which account is locked(days since 1.1.1970)

encrypted passwordUser name

For how many days is password valid, although password has expired.

How many days before password expires should user be warned?

Days after which password must be changed

Days after which password may be changed

Date of last change (days since 1.1.1970)

Figure1.2: A line from /etc/shadow

Theabovediagramshowstheentryfor theusertuxwith theencryptedpassword. Theplaintext passwordwassuse.

Theencryptedpassword is codedwith thecrypt functionandis always13 charactersinlength.Theencryptedword consistsof letters,digits,andthespecialcharacters“.” (dot)and“/” (slash).

If aninvalid characteroccursin thepasswordfield (suchas“*” or “!”), thenthatuserhasan invalid password. Many users,suchaswwwrunor bin have an asterisk(“*”) in thepassword field. This meansthattheseusersdo not log in to thesystem,but insteadplay arole for specificprograms.Theuserwwwrunis required,for example,to run theApacheWebserver.

If the password field is empty, then the usercan log in to the systemwithout giving apassword. A passwordshouldalwaysbesetin amultiusersystem.

1.2.3 Checking /etc/passwd and /etc/shadow

Becauseusersareadministratedvia two files(/etc/passwd and/etc/shadow), thesefilesmustbematchedto eachother, i.e. all usersmustbelistedin bothfiles. But especiallywhenyou areworking manuallyon thesefiles, discrepanciesmay occur. For suchcasesthereareprogramswhichcheck/etc/passwd and/etc/shadow.



Example:

earth:~ # tail -3 /etc/passwd /etc/shadow==> /etc/passwd <==user1:x:500:100:SUSE example user:/home/user1:/bin/bashtux:x:501:100::/home/tux:/bin/bashgeeko:x:502:100::/home/geeko:/bin/bash

==> /etc/shadow <==user1:ghvkuzfFGW6cw:11484:0:99999:7:0::tux:khMXCG8NPkeg2:11568:0:99999:7:0::

Theusergeeko is only enteredin /etc/passwd, but not in /etc/shadow. In ordertocorrectsuchentries,theprogrampwconv exists:

earth:~ # pwconvearth:~ # tail -3 /etc/passwd /etc/shadow==> /etc/passwd <==user1:x:500:100:SUSE example user:/home/user1:/bin/bashtux:x:501:100::/home/tux:/bin/bashgeeko:x:502:100::/home/geeko:/bin/bash

==> /etc/shadow <==user1:ghvkuzfFGW6cw:11484:0:99999:7:0::tux:khMXCG8NPkeg2:11568:0:99999:7:0::geeko:x:11568:0:99999:7:::

Apart from pwconv thereis thecommandpwck (password check). This checksthe in-tegrity of datain /etc/passwd and/etc/shadow.

earth:~ # pwckuser fixadm: program /bin/ksh does not existuser fib: program /bin/ksh does not existuser fixlohn: program /bin/ksh does not existuser geeko: no group 102user geeko: directory /home/geeko does not exist

1.2.4 /etc/group

Groupadministrationalsotakesplacein two files:

• /etc/group and

• /etc/gshadow.

Thefile /etc/group containsthegroupname,theGID (GroupID) andthemembersofthegroup,for example:

webedit:x:101:tux,geeko

This is the entry for the groupwebeditin /etc/group. This grouphasthe GID 101.Theuserstux andgeeko aremembersof this group. Thesecondfield (x) is thepasswordfield. In thesamewayaswith useradministration,thepassword itself alsohasits own file,which is /etc/gshadow.



1.2.5 /etc/gshadow

Passwordscanalsobesetfor groups,which arethenstoredin thefile /etc/gshadow.The password is only of significanceif the active (effective) group is changedwith thecommandnewgrp (seeSection1.6.2on page22).

webedit:!::tux,geeko

In thisexamplethegroupwebedithasnovalid password(“!”, cf. Section1.2.2onpage6).A groupadministratorcanbedefinedin thethird field. Thegroupadministratormayaddnew membersto agroup,removeusersfrom agroupandchangethegrouppassword. Thisfield is emptyin theaboveexample.Thefourthandfinal field denotesthegroupmembers.

Attention! The files /etc/passwd, /etc/shadow, /etc/group and/etc/gshadow should, if possible, not be modified with an editor. Errorsin thesefiles (especiallyin /etc/shadow) can leadto the userno longerbeingableto log in, andin theworstcase,theuserroot is involved.Thereareanumberoftoolsfor useradministration,which in all casesshouldbeused,ratherthananeditor(seeSection1.4on page12).

Exercises: Modifying the standar d shell

Exercise 1

1. Modify thestandardshell for useruser1with thecommandchsh. Setthefile /usr/bin/passwd asthestandardshell.

2. Testtheresultby loggingin astheuseruser1onanotherterminal.

3. Undothechangesyouhavemade.

Exercise 2

1. Remove the entry/usr/bin/passwd from the file /etc/shells(asuserroot).

2. Repeatexercise1.

1.3 User and Group Administration with YaST

From the main window of YaST, the useradministrationcan be accessedby meansofthe item Security and Users. The userandgroupadministrationmodulescanbe



usedto createnew accountsor maintainexisting accounts(changingthe shell, the homedirectory, thegroupaffiliation, etc.).

Froma terminalwindow, theuseradministrationmodulecanbestarteddirectly with thecommandyast2 users ’users’. The groupadministrationmodulecanbe starteddirectlywith thecommandyast2 users ’groups’.

Figure1.3: Modulefor CreatingandEditingUsers

In theYaSTwindow for userandgroupadministration(seeFigure1.3),theradiobuttonsatthetopcanbeusedto switchbetweentheuseradministrationandthegroupadministration.

Theuseradministrationdialogdisplaystheexisting useraccounts.If you wantthesystemaccounts(UID from 0 to 499) to be displayed,checkthe respective box (Also viewsystem users).

The dialogsfor creatingandediting accountsare identical. Whenediting accounts,thefieldscontainthedataof theselectedaccount(seeFigure1.4on thenext page).



Figure1.4: CreatingaNew User

To configurevariouspassword parameters(suchasthevalidity of thethepassword),clickPassword settings in the upperwindow. The buttonDetails opensa dialog inwhich theUID, homedirectory, andgroupaffiliation canbespecified(seeFigure1.5).

Figure1.5: CreatingUsers,Details



In thedialogfor creatingandeditinggroups(seeFigure1.6),youcanspecifyaname,GID,andpassword for agroupandaddmembersto thegroup.

Figure1.6: CreatingGroups

YaST writes the information enteredin the dialog to the user administrationfiles:/etc/passwd, /etc/shadow, /etc/gpasswd und /etc/gshadow (see frompage4).

Note! Newly createduseraccountsareautomaticallyaddedto variousgroups(thiscanbechanged,seeFigure1.5 on thefacingpage).In SUSELINUX EnterpriseServer 8,theaffectedgroupsareaudio, dialout, uucp, andvideo. This default settingis definedin thefile /usr/share/YaST2/include/users/ui.ycp andcanbechangedin thisfile.



1.4 User and Group Administration with Shell Com-mands

Apart from YaST, anumberof otherprogramscanbeusedfor managingusersandgroups:

for users: useradd for groups: groupaddusermod groupmoduserdel groupdelpasswd gpasswd

Table 1.1: Shell commandsfor the administrationof usersandgroups

Below weshalldescribeadministrationusingshellprograms.

1.4.1 useradd, usermod, userdel, passwd

With theprogramsuseradd, usermod anduserdel userscanbeadded,modifiedanddeleted.The password of a usercanbe editedwith passwd. The syntaxis simpleandthereis goodonlinedocumentationin theform of manualpages.

useradd

Thecommanduseradd is usedto addusersto thesystem.In thesimplestcase,user-add is calledupwith theusernameasanargument:

earth:~ # useradd tux

With useradd tux theusertux wascreatedin /etc/passwd and/etc/shadow.

earth:~ # grep tux /etc/passwd /etc/shadow/etc/passwd:tux:x:501:100::/home/tux:/bin/bash/etc/shadow:tux:!:11569:0:99999:7:0::

The line from thefile /etc/shadow shows that thereis only anexclamationmark “!”in thepasswordfield. Thismeansthattheuserdoesnothaveavalid password. If you lookin thedirectory/home/, youwill seethattheuserdirectoryhasnotbeencreated:

earth:~ # ls /home. .. user1

Soif no optionis specified,thecommanduseradd createsa userwithout a homedirec-tory andwithoutavalid password.


1.4 User and Group Administration with Shell Commands

Themostimportantoptionsof thecommanduseradd are:

• -m

Thisoptionautomaticallygeneratesthehomedirectoryfor theuser. Without furtherarguments,the directory is createdunder/home/. In addition, a seriesof filesand directoriesare copiedto this directory. As a templatefor this, the directory/etc/skel/ (from skeleton) is used.

• -c

With theoption-c (comment) thecommentfield canbemodified.For example:

earth:~ # useradd -c "Tux the penguin" -m tuxearth:~ # grep tux /etc/passwd/etc/passwd:tux:x:501:100:Tux the penguin:/home/tux:/bin/bash

• -g

This definesthe primary groupof the user. You canspecifyeitherthe GID or thenameof thegroup.

• -p

with this optionyouprovide theuserwith apassword.

Attention! Theencryptedpasswordmustbegivenhere,nottheplaintext password.The programmkpasswd canbe usedto generateencryptedpasswords. Theprogramis locatedin thepackagewhois.

Example:

earth:~ # useradd -m -p "ghvkuzfFGW6cw" tux

• -e

Theoption-e (expiredate) is usedto setanexpiry datefor theuseraccount,in theform of YYYY-MM-DD, for example:

earth:~ # useradd -m -e 2002-03-21 tux

A descriptionof furtheroptionscanbeseenwith man 8 useradd.

The quickestway to createa new useris a combinationof the programsuseradd andpasswd. With useradd the useris created,andwith passwd the password is deter-mined:

earth:~ # useradd -m -c "Tux the penguin" tuxearth:~ # passwd tuxNew password:Re-enter new password:Password changed



passwd

As describedabove, you canchangea user’s password with the commandpasswd. Ifpasswd is runwithoutausernameasanargument,thenthecorrespondingusercanchangehisown password.

Apart from theoptionof beingableto changea user’s password, thepasswd commandhassomeotherfunctions:

• Lockingauseraccount:

With theoption-l (lock), ausercanbelockedout,andwith theoption-u (unlock),hecanbereactivated:earth:~ # passwd -l tuxPassword changed.

• Statusof auseraccount:

Theoption-S issuesthestatusof auseraccount:

earth:~ # passwd -S tuxtux L 09/04/2001 0 99999 7 0

Thestatusfollowsdirectlyaftertheusername.L (locked) heremeansthattheuserislockedout. OtheroptionsareNP (nopassword)orP (valid password). Thenthedateof thelastpassword changeappears,theminimumlengthof validity, themaximumlengthof validity, andthewarningperiodsandinactivity periodswhena passwordexpires.

• Changingpassword times:

With passwd thevariouspassword timescanbechanged.Optionsare:

Option Meaning

-x number is usedto setthemaximumnumberof daysapassword re-mainsvalid. After number daysthepassword is requiredto bechanged.

-n number is usedto settheminimumnumberof daysbeforea pass-wordmaybechanged.

-w number is usedto warntheuser, thatnumber daystheirpasswordwill expire.

-i number is usedto disablean accountafter the password hasbeenexpiredfor number days.

Table1.2:passwd: Optionsfor changingthepassword times



An example:

earth:~ # passwd -x 30 -w 5 tux

Thepassword of theusertux remains30 daysvalid. After thesedaysthepasswordis requiredto be changedby tux. 5 daysbefore,he receives a warning, that hispasswordwill beexpire in 5 days.

usermod

With usermod you canmodify an alreadyexisting useraccount,for examplethe UID,thestandardshell,thehomedirectoryor theprimarygroup.Theoptionsof usermod arethesameastheoptionsof theuseradd command.Herearesomeexamples:

• Changingthehomedirectory:

earth:~ # usermod -d /newhome/tux -m tux

• ChangingtheUID:

earth:~ # usermod -u 1001 tux

userdel

Thefinal importantcommandfor useradministrationisuserdel. With this,userscanberemovedfrom thesystem.

earth:~ # userdel tux

Without options, userdel removes the user from the files /etc/passwd,/etc/shadow, /etc/group and /etc/gshadow. The home directory is notdeleted,however. If the homedirectory is also to be deleted,then the option -r mustbegiven.

earth:~ # userdel -r tux

Exercise: Creating, Editing, and Deleting Accounts

1. Createtheuserharlequinin suchawaythathemustchangehispasswordevery thirty daysandreceivesa noticethreedaysin advance.Thehomedirectoryshouldbecreatedautomatically.

2. Changethepasswordof harlequin.

3. Lock theaccountof harlequin. Thenlog in to thesystemasharlequin.Whathappens?



4. Querythestatusof harlequin. Which informationdoyou receive?

5. Reactivatetheaccountof harlequin. Log in to thesystemasharlequin.Whathappens?

6. Changethepassword timesof harlequin:

• Maximumvalidity of thepassword: 20 days

• Notificationprior to theexpiry of thepassword: 5 days

7. Querythestatusof harlequin. Which informationdoyou receive?

8. ChangetheUID of harlequinto 1000.Whathappensto hishomedirec-tory?

9. Deleteharlequintogetherwith hishomedirectory.

1.4.2 Group Administration: groupadd, groupmod, groupdel,gpasswd

With theprogramsgroupadd, groupmod andgroupdel, groupscanbeadded,mod-ified anddeleted.Groupsandtheir passwordscanbeeditedwith gpasswd.

groupadd

Creatingagroupis doneveryeasilywith thecommandgroupadd. If noGID is specified,thenext freeGID is used.With theoption-g, youcanspecifyaGID:

earth:~ # groupadd pinguineearth:~ # groupadd -g 200 peanutsearth:~ # tail -5 /etc/groupsapdb:x:61:sapdbusers:x:100:user1nogroup:x:65534:rootpinguine:x:101:peanuts:x:200:

groupmod

With thecommandgroupmod, youcanchangethename(with theoption-n) or theGID(with theoption-g) of anexisting group.

earth:~ # groupmod -n penguins pinguineearth:~ # tail -5 /etc/groupsapdb:x:61:sapdbusers:x:100:user1nogroup:x:65534:rootpeanuts:x:200:penguins:x:101:



groupdel

Deletinga groupis donewith thecommandgroupdel. As anargumentthegroupnameof thegroupto bedeletedis specified.Thereareno optionsfor this command.A groupcanonly bedeletedif no userhasthisgroupashisprimarygroup.

earth:~ # groupdel penguins

gpasswd

With thecommandgpasswd theadministratorcansetandmodify grouppasswords.Butthatis not its mostimportantfunction.Grouppasswordsarehardlyused,in fact.With thiscommandyou canalsonamemembersof groups,remove usersfrom groupsandspecifygroupadministrators.

• Addinggroupmembersto agroup:

You canaddusersto a groupwith theoption-a. In thefollowing exampletheusersnoopyis addedto thegrouppeanuts:

earth:~ # gpasswd -a snoopy peanutsAdding user snoopy to group peanuts

• Nominatingagroupadministrator:

Option-A allows you to nameoneor moregroupadministrators.Theseareableto addusersto the group, remove themandchangedthe grouppassword. In thefollowing examplelucybecomestheadministratorof thegrouppeanuts:

earth:~ # gpasswd -A lucy peanutsearth:~ # tail -1 /etc/gshadowpeanuts:!:lucy:snoopy

• Removing usersfrom agroup:

The new administrator, lucy first wantsto remove the usersnoopyfrom the grouppeanuts. Theoption-d (delete) helpsherto do this:

lucy@earth:~ > gpasswd -d snoopy peanutsRemoving user snoopy from group peanuts



Exercise: Creating and Editing Accounts (Group Adminis-tration)

1. Createtwo new users— samsonandbert:

• Thehomedirectoriesshouldbecreatedautomatically.

• Thepasswordsshouldbevalid for tendays.

• Theusersshouldbenotifiedtwo daysbeforethepasswordexpires.

• Contentof thecommentfield: “courseparticipant”.

2. Querythepassword statusof samsonandbert andcheckif all informa-tion is correct.

3. Now performthefollowing tasks(besureto usethecorrectusersfor theindividual tasks):

(a) Add samsonto thegroupwheel(normallythisgroupalreadyexists).

(b) Createanew groupcalledtraining.

(c) bert shouldbetheadministratorof thegrouptraining.

(d) bert shouldincludesamsonin hisgroup.

(e) bert shouldrenamehisgrouptraining to exam.

(f) bert shouldremovesamsonfrom hisgroup.

(g) Deletethegroupexam.

1.4.3 Tips for User Administration

• How canI createausersothathemustchangehispasswordwhenhefirst logsin?

This is possiblewith a small trick. The dateof the last password changeis set to1.1.1970andtheusermustchangespasswordfor exampleevery9999days.(approx.27 years).This meansthatheis forcedto changehis password thefirst time helogsin. The next time would be in 27 years. This canbe achieved with the commandchage:

earth:~ # chage -M 9999 -d 0 tux

Theoption-M specifiesfor how many daysthepassword is valid, and-d specifiesthedateof thelastmodification(0 = 1.1.1970).

• How canI quickly generatea largenumberof users?I alreadyhave theusernamesandthecleartext passwordsin a text file.

This is possibleusinga shell script,or usingthecommandnewusers. Theuserswhichyouwantto createshouldbein afile whichhasthesamestructureas/etc/-passwd, wherebythe password is given in cleartext. Sucha file could appearasfollows:


1.5 Default Settings for the User

bart:carumba:601:100:Bart Simpson:/home/bart:/bin/bashhomer:meltdown:602:100:Homer Simpson:/home/homer:/bin/bashlisa:sax:603:100:Lisa Simpson:/home/lisa:/bin/bash

Thecommandnewusers generatesthecorrespondingentriesin /etc/passwdand/etc/shadow from thisfile andcreatesthehomedirectories:

earth:~ # newusers new_user.txt

This canbe donemoreflexibly usingshell scripts(see“SUSE LINUX EnterpriseServer: ShellProgrammingwith theBashShell”) .

• A maximumof how many userscanI create?

Fromkernelversion2.4,32bitsarereservedfor bothUID andGID. Thismeansthatin theory232 � 1 users/groupscanbecreated(that is, 4294967295).Thatoughttobesufficient for mostinstallations.You mustbearin mind thatnot all file systemssupport32-bitUIDs (e.g.NFSv2).

1.5 Default Settings for the User

The administratoris allowed to createdefaults for users. By default, itemssuchas theminimum password lengthor standardfile permissionsaremeant.Thesesettingscanbefoundin thefile /etc/login.defs. Documentationonthis is availablein manualpageformat:man 5 login.defs. Themostimportantsettingsarebriefly explainedhere:

• FAIL_DELAY 3If youenterawrongpasswordwhenloggingin, thereis aslightdelayandyoucannotlog in again immediately. The lengthof this delayis specifiedwith the instructionFAIL_DELAY in seconds.You shouldnot specify0 here,sincethis would make itpossibleto setupanautomatedattackusingasuitableprogram.

• FAILLOG_ENAB yesIf thevaluehereis yes, thenall failedlogin attemptsarelogged(cf. Section1.9onpage28).

• LASTLOG_ENAB yesAll loginsto thesystemareloggedin thefile /var/log/lastlog. This file canbe readwith the commandlastlog and containsinformation for eachuseronwhenhewaslastloggedin.

• OBSCURE_CHECKS_ENAB yesWith this you canactivatea very simplepassword check.Theminimumlengthforthe password is checked andwhetherthe password matchesthe username. Thisshoulddefinitelybesetto yes.



• UMASK 022This specifieswith which file permissionsthe homedirectoriesof new usersarecreated.With thedefault valueof 022 thepermissionsrwxr-xr-x aresetfor alluserdirectorieswhicharecreated.If youwantto establishthatnootherusersshouldhavereadpermissionsfor thehomedirectories,youshouldsetthisto avalueof 077.

• PASS_MAX_DAYS 99999PASS_MIN_DAYS 0PASS_MIN_LEN 5PASS_MAX_LEN 8This settingconcernsthepassword.

– PASS_MAX_DAYS definesthemaximumtime thatapassword is valid,

– PASS_MIN_DAYS definestheminimumtime thatapassword is valid,

– PASS_MIN_LEN definestheminimumlengthfor apasswordand

– PASS_MAX_LEN definesthemaximumlength.

Attention! The maximumlengthof the password is eight characters.Nothing isgainedby settinga largervaluehere.If youwantto uselongerpasswords,thenyoumustsetupadifferentencryptionmechanism(suchasmd5, usingPAM).

Exercise: Default Settings (User Administration)

Configureyoursystemin suchaway that

• after a wrong password hasbeenentered,you mustwait four secondsbeforeyoucanretry login,

• theuserpasswords(for new accounts)arevalid for a maximumof fiftydays,

• thepermissionsof newly createduserdirectoriesaresettorwx------.


1.6 Changing the Current UID and GID


In Linux, which is a multiusersystem,severaluserscanwork at thesametime. Normally,thesystemadministratoris loggedin asa normaluserandonly assumesthe root identityfor the purposeof performingtasksthat requireroot permissions.Programscanbe runbothon thecommandline andin theKDE desktopusingadifferentUID/GID.

1.6.1 Changing the UID with su

su is anabbreviationof switch user. Thiscommandis usedto assumetheUID of theuserroot or of otherusers.

Thegeneralsyntaxof su is:

su [options] ...[-] [user [argument]]

If theusertux wantsto changeto theusergeeko, thenheenters:

tux@earth:~ > su geeko

If theusertux wantsto changeto theuserroot, thenheenters:

tux@earth:~ > su root

To becomeroot, you canalsoomit theusername,i.e. su root is thesameassu. If youwantto starta login shellwhenchangingto theuserroot, youcanenter:

tux@earth:~ > su -

To becomeroot andsimultaneouslyrunacommandwith hisUID enter:

tux@earth:~ > su - -c "grep tux /etc/shadow"Password:tux:UmQbtZSkpw4Lg:11569:0:99999:7:0::

Theoption-c enablesyou to runacommandusinganotherUID.

Thefollowing tablesummarizestheoptionsmentionedabove:

Option Meaning

-, -l, --login Startsa login shellwhentheuseris changed.-c command Whenchangingto theuserroot, thisoptionenablestheexecution

of acommandwith theUID of root.--help Displaysthehelpfor thecommandsu.

Table1.3: Commandsu: Options



Exercise: su

1. Log in to thesystemasanormaluser.

2. Use the commandsu to switch to the userroot (with startinga loginshell).Thenswitchbackto thenormaluser.

3. Switchto theusersamson. Switchbackagain.

4. Switchto theuserroot andenteracommandthatdisplaystheentriesforsamsonandbert in thefiles/etc/shadow and/etc/passwd.

1.6.2 Changing the GID with newgrp

A usermay be a memberof many differentgroups,but only oneGID is his “effective”(current)GID at any onetime. Normally this is theprimarygroup,which is specifiedinthe file /etc/passwd. If the usercreatesdirectoriesor files thenthesefiles belongtothisuserandto theeffectivegroup:

tux@earth:~ > iduid=601(tux) gid=100(users) groups=100(users),200(peanuts)tux@earth:~ > mkdir subdir1tux@earth:~ > ls -ld subdir1drwxr-xr-x 2 tux users 35 Sep 4 17:00 subdir1tux@earth:~ >

With thecommandnewgrp theusercanchangehis effective GID. Only groupmembersmay performsucha groupchange,unlessa grouppassword wasdefinedwhich the userknows.

tux@earth:~ > newgrp peanutstux@earth:~ > iduid=601(tux) gid=200(peanuts) groups=100(users),200(peanuts)tux@earth:~ > mkdir subdir2tux@earth:~ > ls -ld subdir*drwxr-xr-x 2 tux users 35 Sep 4 17:00 subdir1drwxr-xr-x 2 tux peanuts 35 Sep 4 17:01 subdir2tux@earth:~ >

Theaboveexampleshows thatafterenteringnewgrp peanuts, new filesbelongto thegrouppeanuts.

TheoriginaleffectiveGID canberecoveredby enteringexit or pressing�� Ctrl

��D .



1.6.3 Changing the UID in KDE

In KDE youcanstartany programwith adifferentUID (aslongasyouknow thepassword).To do thisyoucanopenamini commandline to enteracommand,with

�� Alt

��F2 . Via the

buttonOptions button in this window you canreachoptionswhich allow you to run aprogramasadifferentuser, seeFigure1.7.

Figure1.7: Themini commandline in KDE with extendedoptionsin Options.

In this mini commandline you could also just enterkdesu program, anda windowopenspromptingyou to entertheroot password,seeFigure1.8.

Figure1.8: Thekdesu window



1.7 Delegating Administrative Tasks with sudo

Sometimesit is necessaryto allow a normaluseraccessto a commandwhich is usuallyreservedfor root. Theadministratormaywanta colleagueto take over someof his tasks(shuttingdown the computer, creatingusers,etc.) in his absence(a week’s training). Toenablethis, thereis thecommandsudo.

tux@earth:~ > sudo /sbin/shutdown -h now

We trust you have received the usual lecture from the local SystemAdministrator. It usually boils down to these two things:

#1) Respect the privacy of others.#2) Think before you type.

Password:

sudo doesnotexpecttheroot passwordhere,but thepasswordof theuserwhoentersthecommand.

Theadministratorcanspecifypreciselywhichcommandsausermayor maynotenter. Theconfigurationof sudo canbefoundin thefile /etc/sudoers. Thisfile canbechangedwith its own command:visudo

Documentationandconfigurationexamplescanbefoundby enteringman 5 sudoers.

Thegeneralstructureof theconfigurationfile:

user/group host = command1, command2 ...

Example:

tux ALL = /sbin/shutdown

With this, the user tux is able to carry out the command/sbin/shutdown with thepermissionsof rootonall computers(ALL). A morecomplex exampleshouldillustratethepossibilitiesofferedby sudo:

User_Alias ADMINS = tux, geekoUser_Alias WEBMASTER = willyUser_Alias SUBSTITUTE = olli, klaas

# Cmnd alias specification

Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprmCmnd_Alias SHUTDOWN = /sbin/shutdownCmnd_Alias APACHE = /etc/init.d/apache

# User privilege specificationroot ALL=(ALL) ALL

ADMINS ALL = NOPASSWD: ALL, !/usr/bin/passwd, /usr/bin/passwd[A-z]*, !/usr/bin/passwd rootWEBMASTER ALL = APACHESUBSTITUTE ALL = SHUTDOWN, PRINTING


1.8 PAM

In the above configuration,so-calledaliasesaredefined. This canbe donefor the user(User_Alias), computer(Host_Alias) andfor commands(Cmnd_Alias).

In the example the two users tux and geeko are groupedtogetherin User_AliasADMINS. Thefinal threelinesshow how thesealiasescanbeusedin theactualrules:

ADMINS ALL = NOPASSWD: ALL, !/usr/bin/passwd, /usr/bin/passwd[A-z]*, !/usr/bin/passwd root

ADMINS is theUser_Alias for the two userstux andgeeko. both of themmay carryout all commandswith root privilegeson all hosts. But they may not run thepasswdcommandwithout arguments(!/usr/bin/passwd), i.e. they maynot changetherootpassword. They maychangethepasswordsof otherusers,however(/usr/bin/passwd[A-z]*).

Exercise: sudo

Setupasudo configurationwhichallows theuseruser1to do thefollowing:

• createusers,

• changetheir passwords,

• accepttheseusersinto existinggroups,

• preventhim from changingtheroot password.

1.8 PAM

Wecannotcover this topic in detailin thecontext of thiscourse.But acertainbasicknowl-edgeof PAM is requiredfor systemadministrationpurposes2. PAM standsfor PluggableAuthenticationModulesand is a collection of sharedlibraries for the authenticationofusers.

As shown in figure 1.9 on the following page,thereis a variety of applicationswhichperformuserauthentication(login, passwd, su . . . ). If userauthenticationis to bechanged,for examplea fingerprintscaninsteadof usernameandpassword, thena wholeseriesof applicationswould have to be newly compiled. PAM helpsout here: its ownmodulestake over the task of authentication. If a new authenticationmethodis to beused,thenyou needto changethemoduleandthePAM configurationof theprogramsinquestion.

2Thesubjectis treatedin moredetailin thecourse“SUSELINUX EnterpriseSecurity:BasicsandtechnicalConcepts”.



User

Applications

PAM library

loginftpxlockpasswdsu...

Configuration:/etc/pam.d/*

Figure1.9: Flexible userauthenticationwith PAM.

Module type Control flag Module path Arguments

auth

account

session

password

required

requisite

optional

sufficient

debug

no_warn

use_first_pass

try_first_pass

��

�� "!#��$��%��

!&�� '&��$(��'&�� )*��+��"��

��,-��!&��"��.%��'

/0��21�%��"$�� 3!#��"��'&4

��1� ��51��6��'#�� /0/0��'&� �# � � 37� �0��"��$��4

��%��#/0�%� /0!&� � � �

��%��#/0�%� /0!&� � � �

�#'#'&� �� $(��4#$��"3�� )

��%.8�#�� )*/0� ��#)��

��%!&��".8� ��'9$(��/!&�� /0��'&��

�#��1��5#� $�� 2$��#� � �"5!&��"��.%��'9��'�#)�� 4

Figure1.10:Structureof aPAM configurationfile.

ThePAM configurationfilesarelocatedin thedirectory/etc/pam.d/3:

earth:~ # ls /etc/pam.d/. chage chsh login passwd pure-ftpd squid su useradd xlock.. chfn cups other ppp shadow ssdh sudo xdm

3Insteadof thefiles in thedirectory/etc/pam.d/, otherLinux systemsusea singleconfigurationfile:pam.conf.


1.8 PAM

Eachapplicationhas its own configurationfile, the one for the programpasswd, forexample, is called/etc/pam.d/passwd. The structureof sucha file is illustratedroughlyin Figure1.10on theprecedingpage.

Wewill notgointo detailabouttheconfiguration,but two examplesbelow shouldillustratewhatit cando.

The Module pam_securetty.so

With this moduleyou determinewhich terminalscanbe regardedas“secure”. Only theuserroot maylog in at theseterminals.

Thefollowing line in thefile /etc/pam.d/login

auth required pam_securetty.so

activates the module pam_securetty.so for the program login. In the file/etc/securetty the“secure”terminalsarethenspecified:

earth:~ # cat /etc/securetty## This file contains the device names of tty lines (one per line,# without leading /dev/) on which root is allowed to login.#tty1tty2tty3tty4tty5tty6...

Becauseof thisPAM moduleit is notpossiblefor root to log in via telnet.

The Module pam_nologin.so

If the administratordoesnot want usersto be logged in to the system,then he canuse the module pam_nologin.so. This is also listed in the configuration file/etc/pam.d/login :

auth required pam_nologin.so

If this PAM moduleis integrated,thenevery type of login by userscanbe preventedbygeneratingthefile /etc/nologin.

earth:~ # touch /etc/nologin

A good and detaileddocumentationon the subjectof PAM can be found in the file/usr/share/doc/packages/pam/.



1.9 faillog

If the variableFAILLOG_ENAB in the file /etc/login.defs is set to yes, all un-successfullogin attemptswill be loggedin the file /var/log/faillog.4 With thecommandfaillog, thefile /var/log/faillog is shown in a formattedform:

earth:~ # faillogUsername Failures Maximum Latestroot 0 0 Mon Jun 11 13:28:13 +0200 2001 on tty1tux 1 0 Fri Sep 7 09:21:18 +0200 2001 on 3geeko 2 0 Fri Sep 7 09:21:34 +0200 2001 on 3

In thecolumnMaximum themaximumallowednumberof failed login attemptsis speci-fied. With

earth:~ # faillog -m 4

youcansetthegeneralmaximumto four attempts.In orderthattheuserroot is not lockedout in thisway, aspecialmaximumis specifiedfor him:

earth:~ # faillog -u root -m 0

Thesemaximumvaluesjust createdcannow beseenin theoutputof faillog:

earth:~ # faillog -aUsername Failures Maximum Latestroot 0 0 Mon Jun 11 13:28:13 +0200 2001 on tty1tux 1 4 Fri Sep 7 09:21:18 +0200 2001 on 3geeko 5 4 Fri Sep 7 09:37:24 +0200 2001 on 3

Thelastline impliesthatthenext time theusergeeko logsin to thesystemwith hiscorrectpassword,hewill notgainaccessto thesystem,but receiveanerrormessageinstead:

earth login: geekoPassword:exceeded failure limit for ‘geeko’localhost

Exercise: faillog

1. Setamaximumof threefailedlogin attemptsfor theusersamson.

2. As usersamson, log in threetimeswith the wrong password, andthenusethecorrectpassword.

3. As the administrator, how canyou causethe userto be able to log inagain?Usethemanualpagesfor this.

4Thisonly appliesto login processeswhichusetheprogramlogin: loggingin to theconsolestty1 to tty6andvia Telnet.


1.10 Quotas

1.10 Quotas

Drive spacewas, is and will continueto be a problem. Whereas100 KB usedto be aluxury, now several100MB arequickly usedup. In thesameproportionthatcomputersarebecomingfasterandcapacitieslarger, so the needfor disk spaceis also increasing.Undisciplined,a usercaneasilyfill up his 4 GB harddrive with pictures,greatsoftware,etc.

The quota systemof Linux (Unix) supportsuserdiscipline. Here you can specify, forevery user, how muchspacehecanoccupy, andhow many files hemaycreate.As well asuserquotas,therearealsogroupquotas.In SUSELINUX EnterpriseServer thepackagequota is required.

/ /export /var

Quotafor user1

Quotafor user1

/aquota.user /export/aquota.user

No quotason /var

Figure1.11:Quotas

Disk quotasupportis alreadyincludedin the kernel in SUSELINUX EnterpriseServer.Disk quotascanbeimplementedfor partitionswith theext2, ext3 or reiserfile system.



Theconfigurationof quotascomprisesfour steps:

1. Preparingthefile systemfor quotas(mountoptions)

2. Initializing thequotaconfigurationfile(quotacheck)

3. Settingquotas(edquota)

4. Starting(rcquota start) andactivating(insserv quota) thequotaservice

Preparing the File System

Whenthe systemis startedthe quotasfor the file systemmustbe activated. For this, itneedsto bespecifiedfor which file systemsthequotasareto beactivated,andthis is donevia entriesin thefile /etc/fstab (seebelow). Therethekeywordusrquota mustbeenteredfor quotason theusernamelevel, or grpquota for groupquotas,for example:

/dev/sda2 swap swap defaults 0 0/dev/sda1 / ext2 usrquota,grpquota 1 1/dev/sda3 /export ext2 usrquota,grpquota 1 2/dev/sda4 /var reiserfs defaults 1 2none /proc proc defaults 0 0none /dev/pts devpts defaults 0 0

Here both quotapossibilitiesare activatedfor the file systems/ and/export. It isnecessaryto remountthecorrespondingfile system:

earth:~ # mount -o remount /earth:~ # mount -o remount /export

Initializing the Quota Configuration File

Afterwardsthe quotasystemmustbe initialized. This is doneusing thequotacheckcommand.This commandchecksthepartitionsspecified,for which quotasshouldbeac-tivated,in termsof alreadyoccupieddatablocksand inodes,andstoresthe determinedvaluesin thefilesaquota.user (for userquotas)andaquota.group (for groupquo-tas).

Attention! Up to kernel version 2.4 these files were called quota.user andquota.group andhadto becreatedbeforequotacheck wasrun.


1.10 Quotas

If youexecutethecommand

earth:~ # quotacheck -avug

all mountedfile systems(-a) arecheckedfor datablocksandinodeswhich areoccupiedby users(-u) andgroups(-g). Theoption-v providesa detailedoutput.Whencheckingmountedfile systems,theoption-m mustsometimesalsobegiven,to forcethecheck.

After thecommandquotacheck hasbeenrun, thefollowing fileswill exist:

earth:~ # ls -l /aquota*-rw------- 1 root root 6144 May 21 11:57 /aquota.group-rw------- 1 root root 7168 May 21 11:57 /aquota.userearth:~ # ls -l /export/aquota*-rw------- 1 root root 6144 May 21 11:57 /export/aquota.group-rw------- 1 root root 7168 May 21 11:57 /export/aquota.user

Configuring Quotas

Thesefiles containinformation in binary format abouthow muchspaceis occupiedbywhich useror whichgroup,andonwhatquotasaresetup.

With thecommandedquota theadministratorcansetupandconfigurequotas:

• edquota -u user for settingupuserquotas.

• edquota -g group for settingupgroupquotas.

Example:

earth:~ # edquota -u tux

With theoutput

Disk quotas for user tux (uid 500):Filesystem blocks soft hard inodes soft hard/dev/sda5 7820 10000 20000 590 0 0

blocks specifieshow muchspaceis currentlyused,inodes specifieshow many filesbelongto theuseron thefile system.Thevaluesfor blocks aregivenin blocksof 1 KB,independentof theblockssizefor theext2 file system.Thevalue7820 thereforemeansthattheusertux currentlyoccupiessome8 MB of harddrivespace.

Hissoft limit is setat10MB, hishard limit at20MB. A limit of 0meansnolimitation.Thesoft limits arethelimits whichmaynotbepermanentlyexceeded.

If thehard limits arereached,thenno morespaceat all maybeused.If theusernow goesbeyondthesoft limits, thenhehasa fixedtime available,determinedby thequotasystem,to make spacefor this by deletingfiles or blocks. If heneglectsto do so, thenhecanno



longercreateanythingnew if thebordersof thehardlimits arecrossed,but canonly deletefiles.

At thesepointsyoumustnow enterhow many files theusermaypossessand/orhow muchharddrivespacehemayoccupy.

With edquota -t thesetime limits arespecified:

Grace period before enforcing soft limits for users:Time units may be: days, hours, minutes, or secondsFilesystem Block grace period Inode grace period/dev/sda1 7days 7days/dev/sda3 7days 7days

By entering

earth:~ # edquota -p tux geeko

youcancopy theuserquotasalreadysetup for theusertux to theusergeeko.

With thecommandrepquota youobtainanoverview of thequotasused:

earth:~ # repquota -aug*** Report for user quotas on device /dev/sda4Block grace time: 7days; Inode grace time: 7days

Block limits File limitsUser used soft hard grace used soft hard grace----------------------------------------------------------------------root -- 40 0 0 4 0 0tux +- 20000 10000 20000 6days 5 0 0

Star ting and Activ ating the Quota Service

In orderfor thequotasystemto be initialized whenthesystemis booted,theappropriatelinks mustbemadein therunlevel directories:

earth:~ # insserv quota

Thenthequotasystemcanbestarted:

earth:~ # /etc/init.d/quota start

Thequotasystemcanalsobestartedor stoppedwith thefollowing commands:

/usr/sbin/quotaon filesystem/usr/sbin/quotaoff filesystem

Theoption-a canbeusedto activateanddeactivateall automaticallymountedfile systems(exceptNFS)with quotas.Additionaloptionscanbeviewedwith man quotaon.


1.10 Quotas

Exercise: Quotas

1. Usinga suitablepartition (ext2, ext3 or Reiserfile system),ensurethattheuseruser1maynotexceedasoft limit of 100MB andahardlimit of150MB.

2. Thegroupusers shouldbeallowedto usea maximumof 100inodesonthispartition.

3. Discusshow youcancheckyourquotaconfiguration.

Summar y

• TheUID (userID) is thenumberby meansof which thesystemidentifiesauser.

• TheGID (groupID) is thenumberby meansof which thesystemidentifiesa groupwith which usersareassociated.

• ProcessesalwaysrununderacertainUID.

• The commandsid andgroups provide information on the UID and the groupmembershipof auser.

• The commandsu can be used to changethe effective UID and the commandnewgrp to changetheeffectiveGID of auser.

• Thecommandsudo:

– Canbeusedto delegateadministrative tasksto otherusers.

– Theconfigurationfile is /etc/sudoers.

– Thecommandvisudo canbeusedto edit this configurationfile.

• Thecommandfaillog:

– Failedlogin attemptscanbeloggedin thefile /var/log/faillog.

– Thecommandfaillog returnsthecontentof this file in formattedform. Itcanalsobeusedto limit themaximumnumberof failedlogin attempts.



• Overview of importantadministrationtools:

Command Meaning

faillog Used to display the content of the filevar/log/faillog

groups Displaysinformationon thegroupsauserbelongsto.id Information on the UID and the group membershipof a

user.newgrp Usedto changetheeffectiveGIDsu Usedto changetheeffectiveUID.sudo Usedto delegatetasksof theadministratorto anotherusers.visudo Usedto modify thefile /etc/sudoers.

Table1.4: Administrationtools

• Default settings for the users and passwords can be found in the files/etc/login.defs and/etc/default/useradd.

• Importantfiles to administrateusersandgroupsare:

/etc/passwd/etc/shadow/etc/group/etc/gshadow

• YaSTcanbeusedto create,edit,anddeleteusersandgroups.

• Theshellcommandsfor managingusersandgroupsareasfollows:

Command Meaning

gpasswd Setsandmodifiesgrouppasswords;addsor deletesgroupmembers;nominatesagroupadministrator

groupadd Createsanew groupgroupdel Deletesagroupgroupmod Changesthenameor theGID of agrouppasswd Changes,locksandactivatesauser’spassworduseradd Createsanew useruserdel Deletesauserusermod Modifiesauseraccount

Table1.5: Commandsfor theadministrationof usersandgroups


1.10 Quotas

• PAM:

– PAM modulesenabletheflexible configurationof theuserauthentication.

– The files of the PAM configurations can be found in the directory/etc/pam.d/.

– ImportantPAM modulesare:pam_nologin, pam_securetty

• Quotasserve the limitation of the harddisk spacefor usersandgroups.The com-mandsareasfollows:

Command Meaning

edquota Usedto setup andconfigurequotasquotacheck Usedto initialise thequotasystemquotaoff Usedto deactivatethequotasystemquotaon Usedto activatethequotasystemrepquota Used to display the files aquota.user and

aquota.group

Table1.6: Commandsfor theadministrationof thequotasystem




2 Bootmana ger

Learning Aim


• aboutthepurposeof a bootmanager

• functionsof stage1andstage2of abootmanager

• themainpropertiesof thebootmanagerGRUB

• the structureand the most importantparametersof the GRUB configurationfile/boot/grub/menu.lst

• how the boot processcan be configuredinteractively with the help of the GRUBshell

• thealternativebootmanagerLILO andthemaindifferencesfrom GRUB


2 Bootmanager

2.1 What is a Boot Manager?

To bootthesystem,aprogramthatis ableto boottherespectiveoperatingsystemis needed.This program– theboot loader – loadstheoperatingsystemkernelwhich thenloadsthesystem.In SUSELINUX, this taskis handledby thebootmanagerGRUB (GRandUnifiedBootloader) (thedefault bootmanager)or thebootmanagerLILO (LInuxLOader).

A bootmanagercan

• bootvariousoperatingsystems,

• specifyparametersfor thekernel.

Thegeneralstructureof abootmanageris asfollows:

Stage 1 Thefirst stageof a bootmanageris usuallyinstalledin theMasterBoot Record(MBR) of the hard disk. As the spacein the MBR is limited to 446 bytes, thisprogramcodemerelycontainstheinformationfor loadingthenext stage.

Stage1 cannotonly beinstalledin theMBR but alsoin thebootsectorsof partitionsor onafloppy disk.

Stage 2 Thisstageusuallycontainstheactualbootmanager. Thefilesof thebootmanagerarelocatedin thedirectory/boot.

2.2 The Boot Manager GRUB

GRUB is the standardboot managerin SUSELINUX EnterpriseServer. It featuresthefollowing interestingcharacteristics:

• Stage2 includesfile systemdriversfor ReiserFS,ext2, ext3, Minix, JFS,XFS,FAT,andFFS(BSD).Thus,thebootmanagercanbeusedto accessfilesby meansof filesnamesevenbeforetheoperatingsystemis loaded.For example,thisfeatureis usefulfor searchingfor thekernelandloadingit if thebootmanagerconfigurationis faulty.

• ThebootmanagerGRUB hasits own shellwhich enablesthe interactive controlofthebootmanager.



2.2.1 Configuring the Boot Manager GRUB

ThebootmanagerGRUB is configuredby meansof thefile /boot/grub/menu.lst.Thegeneralstructureof this file is asfollows:

• First thegeneraloptionssuchasthebackgroundcolorof thebootmanagermenuarelisted:

color white/blue black/light-gray

• This is followedby optionsfor thevariousoperatingsystemsthatcanbebootedwiththe boot manager. Eachentry for an operatingsystembegins with the commandtitle, e.g.:

title linuxkernel (hd0,0)/boot/vmlinuz root=/dev/hda1initrd (hd0,0)/boot/initrd

Thefollowing exampleshowsasimpleconfigurationfile /boot/grub/menu.lst:

default 0timeout 8

title linuxkernel (hd0,0)/boot/vmlinuz root=/dev/hda1initrd (hd0,0)/boot/initrd

Thelinesmean:

• default 0

Thefirst entry(numberingfrom ”0”) is thedefault bootentrywhich is startedauto-maticallyif no otherentryis selectedwith thekeyboard.

• timeout 8

Thedefault bootentryis startedautomaticallyafter8 seconds.

• title linux

This is thefirst entryin thebootmenu.By default, this entryis started.

• kernel (hd0,0)/boot/vmlinuz

This entrydescribesthekernellocation: first partitionof thefirst harddisk. Pleasenotethefollowing regardingthedesignationsfor harddisksandpartitions:

– GRUB doesnot distinguishbetweenIDE andSCSIharddisks. Theharddiskthat is recognizedby theBIOS asthefirst harddisk is designatedashd0, thesecondharddiskashd1 etc.


2 Bootmanager

– Thefirst partitionon thefirst harddisk is calledhd0,0, thesecondpartitionhd0,1 etc.

• root=/dev/hda1 root= servesthe specificationof the root partition. This isfollowedby otherkernelparameters.

• initrd (hd0,0)/boot/initrd

Specifiesthelocationof theinitial ramdisk(initrd).

Exercise: Configuring GRUB

1. In your GRUB configurationfile, add the new entry testrun to thebootmenu;specifytheparametervga=normal for thekernel.

2. Testyournew configurationby rebootingthecomputer.

Solution proposal Structureof thefile /boot/grub/menu.lst:

gfxmenu (hd0,2)/boot/messagecolor white/blue black/light-graydefault 0timeout 8

title linuxkernel (hd0,2)/boot/vmlinuz root=/dev/hda3 vga=791initrd (hd0,2)/boot/initrd

title testrunkernel (hd0,2)/boot/vmlinuz root=/dev/hda3 vga=normalinitrd (hd0,2)/boot/initrd



2.2.2 The GRUB Shell

As mentionedabove, the boot managerGRUB hasits own shell. The advantage:if theLinux systemdoesnot startdueto anerror in thebootmanager, this built-in shellcanbeusedto bootthesystemmanually. TheGRUB shellcanbestarted

1. in therunningsystemor

2. at thebootprompt.

Star ting the GRUB Shell in the Running System

In orderto starttheGRUB shellduringoperation,enterthecommandgrub asroot:

earth:~ # grubProbing devices to guess BIOS drives. This may take a long time.

GRUB version 0.92 (640K lower / 3072K upper memory)

[ Minimal BASH-like line editing is supported. For the first word, TABlists possible command completions. Anywhere else TAB lists thepossible completions of a device/filename. ]

grub>

Like in the Bash,GRUB shell commandscanalsobe completedwith the:; < =Tab key. In

orderto find outwhichpartitioncontainsthekernel,usethecommandfind:

grub> find /boot/vmlinuzhd(0,2)

The kernel (/boot/vmlinuz) is locatedin the third partition of the first hard disk(hd0,2).

Exercise: Star ting the GRUB shell in the running system

• StarttheGRUB shell in therunningsystem.

• Press:; <=Tab . Whathappens?(A list of availablecommandsis displayed.)

• Enterthefirst few charactersof a commandandcompletethecommandwith

:; <=Tab .

• Findoutwhichpartitionthekernelis locatedin.


2 Bootmanager

Star ting the GRUB Shell at the Boot Prompt

Proceedasfollows in orderto starttheGRUB shellat thebootprompt:

1. In thegraphicalbootselectionmenu,press:; <=Esc . You will betakento a text-based

menu.

2. StarttheGRUB shell(commandline) with:;�<=c .

Exercise: Star ting the GRUB shell at the boot prompt

1. RebootthecomputerandopenaGRUB shellat thebootprompt.

2. In the shell, searchfor the kernel (/boot/vmlinuz) and the initialramdisk(/boot/initrd).

3. Boot thekernelin theshell. To do this, you have to specifythelocationof thekernelandtheramdisk:

kernel (hdn1,n2)/boot/vmlinuz root=/dev/hdan3initrd (hdn1,n2)/boot/initrd

Usethecommandboot to bootthespecifiedkernel.

2.3 The Boot Manager LILO

LILO standsfor LInuxLOader. As LILO is not thedefaultbootmanagerof SUSELINUXEnterpriseServer, it is only coveredbriefly in thissection.

The LILO configurationfile is /etc/lilo.conf. Its structureis similar to that ofthe GRUB configurationfile. Refer to the manualpagefor more information (man 5lilo.conf).

Attention! Whenthe configurationfile /etc/lilo.conf is modified, the commandlilo hasto beexecutedin orderfor thechangesto beapplied.


2.4 Additional Information

2.4 Additional Information

Referto thefollowing sourcesfor additionalinformationonthebootmanagersGRUB andLILO:

• In electronicform in theLinux system:

– Manualpagesandinfo files:

* info grub

* man grub

* man grub-install

* man grub-md5-crypt

* man lilo

* man 5 lilo.conf

– README files:

* In thedirectory/usr/share/doc/packages/grub

* In thedirectory/usr/share/doc/packages/lilo

• On theInternet:

– http://www.gnu.org/software/grub/


2 Bootmanager

Summar y

• Thepurposeof abootmanageris to loadtheoperatingsystem.

• Thedefault bootmanagerof SUSELINUX EnterpriseServer is GRUB.

• Thefunctionsof stage1andstage2of abootmanagerareasfollows:

– stage1 is usuallyinstalledin theMBR andcontainsthefile systemdrivers.

– stage2containstheactualbootmanager.

• Thefiles of thebootmanagerarelocatedin thedirectory/boot/.

• TheGRUB configurationfile is /boot/grub/menu.lst.

• TheGRUB bootmanagerhasanownshellwhichcanbestartedfromthebootpromptaswell asin therunningsystem.

• Apart from GRUB, thebootmanagerLILO canalsobeused.TheLILO configura-tion file is /etc/lilo.conf.

• Importantcommandsin this chapter:

Command Description

boot Bootsthekernelin theGRUB shell.find Shows thelocationof thekernel(partition,harddisk).grub StartstheGRUB shell in therunningsystem.lilo Applies changes to the LILO configuration file

/etc/lilo.conf.Table2.1: Commandsfor usingbootmanagers


3 The Runle vel Concept

Learning Aims


• how thesystemboots

• thefunctionof theinitial ramdiskinitrd

• thefunctionof theinit processandits configurationfile /etc/inittab

• which runlevelsarepredefinedandwhatthey mean

• how servicesarestartedandstoppedby meansof thescriptsin /etc/init.d/

• themeaningof thespecialscripts:/etc/init.d/boot,/etc/init.d/halt,/etc/init.d/rc

• how to activateanddeactivateserviceswith thecommandinsserv

• how to usetheYaSTRunlevel Editor to activateanddeactivateservicesin arunlevel

• how to stopandstartserviceswhenchangingtherunlevel

• how to halt andrebootthesystemby changingtherunlevel


3 The Runlevel Concept

3.1 The Order of Events When the System Star ts

Thefollowing diagramrepresentsthebasicstepswhenthecomputeris booted:in

itrd

does

n’t e

xist

=>

driv

ers

to m

ount

the

root

file

sys

tem

are

alre

ady

in th

e ke

rnel

loads in memory

linuxrc loads

boots from harddisk

init starts

BIOS routines

kernel

mounts

kernel starts

kernel unmounts

starts

modules

initrd available

BIOS

boot manager (GRUB)

kernel

kernel

initrd

initrd

linuxrc

initrd

init

processes, scripts

decompresses itself

looks for the RAM disk

to mount the root file system

Figure3.1: TheSystemStart


3.2 The init Program

BIOS > GRUB > kernel: the first threesignificantstepswhen a Linux computerisstarted. The kernel uncompressesitself (UncompressingLinux . . . ) and organizesthesubsequentbootingof the system.It searchesfor the RAM disk, providing oneis avail-able. This dependson whetherGRUB (Grand Unified Bootloader) hasloadedinitrd(/boot/initrd). If initrd exists,it is integratedinto thekernel.Thenlinuxrc isstarted.linuxrc loadsthe modulesrequiredto mountthe root file system.Whenthisscript is finished,thekernelremovesinitrd from thesystem.If noinitrd exists,thedriversto mountthefile systemarealreadyin thekernel.

Now thekernelcanbootfrom theharddriveandstartsthefirst process:init. Thisstartsall furtherprocessesandscriptsrequiredto initialize thesystem.Thesystemis thenupandrunning.

3.2 The init Program

As mentionedabove, initialization of thesystemis doneby /sbin/init, startedby thekernelasthefirst processof thesystem.This processor oneof its child processesstartsall further processes.init thuscontrolsthe entirebootingof the systemaswell astheshuttingdown, becauseinit is thelastprocessrunning,ensuringthatall otherprocessesarecorrectlyended.Becauseof this positionof priority, signal9 (SIGKILL), with whichall processescannormallybeended,hasno effect.

The centralconfigurationfile of init is /etc/inittab. In this file, it is determinedwhatis to happenin theindividual runlevels.Variousscriptsarestartedby init, depend-ing on theseentries.All thesescriptsarelocatedin thedirectory/etc/init.d.

3.3 The Runle vels

In Linux, variousrunlevelsdefinethestateof thesystem.Whichrunlevel thesystemstartsin whenit is bootedis definedin thefile /etc/inittab by theentryinitdefault.This standardrunlevel is normally3 or 5. However, it is alsopossibleto boot to anotherrunlevel. GRUB offers,by default at systemstart-up,threechoices:

LinuxfloppyLinux - Safe Settings

Whenoneof thoseentriesis chosen,therespectiveoptionsaredisplayedin thefieldbootoptions. For theentryLinux, this is theoptionstartingroot=/dev/hd..., whichis usedto tell the kernel the location of the root partition of the system. Furthermore,theoptionvga=..., with the resolutionfor the framebuffer device, is specifiedin most



cases.At this point, therunlevel to which thesystemshallbootmaybeadded,too. Thisparameteris passedto init.

An exampleentryatboot options:

root=/dev/hda4 vga=791 1

As rootpartition,/dev/hda4 is transmittedto thekernel.Theframebuffer is configured,thesystembootsto runlevel 1 (singleusermodefor administration).

Thesystemadministratorcanalsochangeto anotherrunlevel ata latertime, for example:

earth:~ # init 1

In the sameway, changebackto the standardrunlevel in which all programsneededforoperationarerunandwhereindividualusersareableto log in to thesystem.

Theavailablerunlevelsare:

Runlevel Meaning

0 Halt1 Single-usermode2 Multiusermodewithoutnetwork serverservices3 Multiusermodewith network (default)4 Not used5 Multiusermodewith network anddisplaymanager6 Reboot

Table3.1: Runlevelsin Linux andtheirMeanings

Hint: If thepartition/usr of asystemis mountedvia NFS,runlevel 2 shouldnotbeused,becauseNFSfile systemsarenotavailablein this runlevel.

A systemcanbestoppedwith

earth:~ # init 0

andrestartedwith

earth:~ # init 6

Changingthe standardrunlevel is done with the YaST2 runlevel editor (yast2 >System > Runlevel Editor). If the standardrunlevel is 5, userscan log in di-rectly in thegraphicalinterface.If it is setto 3, nographicallogin is available.


3.4 The File /etc/inittab

Attention: A corrupt/etc/inittab canleadto thesystemnolongerbootingcorrectly.Youshouldthereforeproceedwith greatcarewhenmakingchangesto thisfile. If anerrorstill occurs,it is still possibleto bootthesystem.To do so,insertanadditionalparameterin the GRUB boot menu(seeSection3.3 on page47). Insteadof therunlevel, insertinit=/bin/bash:

root=/dev/hda1 vga=791 init=/bin/bash

In this way, theinit processis replacedby a shell (soinittab is not read)andyoucanrepairthesystemmanually.

3.4 The File /etc/inittab

Theactionsconnectedto thevariousrunlevelsarespecifiedin thefile /etc/inittab.Theinit processensuresthatall actionsspecifiedtherearecarriedout.

Theformatof this file is:

id:rl:action:process

id is a uniquenamefor the entry in /etc/inittab; it canbe up to four charactersin length. rl refersto one or more runlevels in which this entry shouldbe evaluated.action describeswhatinit is to do.process is theprocessconnectedto thisentry.

The/etc/inittab containsthefollowing entries:

id:5:initdefault:

Theentryinitdefault signalsto theinit processto which level it shouldbring thesystem.This canbeoverwrittenat thebootpromptby enteringa differentlevel there(seeabove).

si:bootwait:/etc/init.d/boot

bootwait meanscarryout this commandwhile bootingandwait until it hasfinished.

Thenext entriesdescribetheactionsfor runlevels0 to 6.

l0:0:wait:/etc/init.d/rc 0l1:1:wait:/etc/init.d/rc 1l2:2:wait:/etc/init.d/rc 2l3:3:wait:/etc/init.d/rc 3#l4:4:wait:/etc/init.d/rc 4l5:5:wait:/etc/init.d/rc 5l6:6:wait:/etc/init.d/rc 6

wait meansthat when changingto the level in question,the appropriatecommandiscarriedout andinit waits until it hasbeencompleted.wait alsomeansthat furtherentriesfor thelevel areonly performedafterthis processis completed.



Thesingleusermodeis aspecialcase.

# what to do in single-user models:S:wait:/etc/init.d/rc S~~:S:respawn:/sbin/sulogin

First, thecommandto initialize thelevel is performed,asabove. Runlevel S is usedby thescriptsthatarerun whenchangingto runlevel 1. Thenthecommandsulogin is started.respawn meansthatinit waitsfor theendof theprocessthenrestartsit. sulogin isintendedonly for thesystemadministratorto log in.

For thoseaccustomedto PCs,Linux alsohasthe:; <=Ctrl

:; < =Alt

:; <=Del key combinationfor

restartingavailable.

ca::ctrlaltdel:/sbin/shutdown -r -t 4 now

Theactionctrlaltdel is carriedoutby theinit processonly if thesekeysarepressed.Shouldthisnotbeallowed,removeor disablethisentryby enteringa“#” at thebeginningof theline.

Thefinal largeblock describesin which runlevelsgetty processes(login processes)arestarted.

1:2345:respawn:/sbin/mingetty --noclear tty12:2345:respawn:/sbin/mingetty tty23:2345:respawn:/sbin/mingetty tty34:2345:respawn:/sbin/mingetty tty45:2345:respawn:/sbin/mingetty tty56:2345:respawn:/sbin/mingetty tty6

Thegetty processesprovide thelogin promptandin returnexpecta usernameasinput.They arestartedin runlevels2, 3, and5.1 If a sessionwasended,theprocessesarestartedagain by init. If a line is disabledhere,no furtherlogin is possibleat thecorrespondingvirtual console.

3.5 The init Scripts

In thedirectory/etc/init.d, all thescriptsusedto startandstopservicesarelocated.Thesescriptscanbecalledup in differentways:

• Calledup directly by init whenthesystemis bootedor whenthesystemis shutdown, stoppedwith

:; <=Ctrl

:; <=Alt

:; <=Del , or in thecaseof apower failure.

• Called up indirectly by init when changingthe runlevel. Here, it is the script/etc/init.d/rc that runsthe necessaryscriptsin the correctorderduring therunlevel change.

1Also in runlevel 4, if this runlevel is used.


3.5 The init Scripts

• Calledupdirectlyby/etc/init.d/script start or stop

This canalsoberun with rcscript start or stop if correspondinglinks aresetin /sbin/ or /usr/sbin/.

When changingto anotherrunlevel, the stop scripts of the current runlevel and thestart scripts of the new runlevel are called up via symbolic links to the correspond-ing subdirectory(/etc/init.d/rcrl.d). Theselinks are createdby the program/sbin/insserv. It alsoensuresthat the scriptsarerun in the correctorder (see3.6on page53). Whethera serviceis startedin a specificrunlevel dependson whethertherearelinks in thecorrespondingrc directoryto its startandstopscripts.By usingsymboliclinks in the subdirectories,only the script in /etc/init.d/ needsto be modified ifchangesaremadeto thestartscript,but not theentriesin thedirectoriesfor therunlevels.

Eachof thesescriptsin /etc/init.d/ is runbothasastartscriptandastopscript.Forthis reason,they mustunderstanddifferentparameters:

Parameter Description

start Startsaservicethatis not running.restart Stopsa runningserviceandrestartsit.stop Stopsa runningservice.reload Rereadsthe configurationof the servicewithout stoppingand

restartingtheserviceitself.status Displaysthecurrentstatusof theservice.

Table 3.2: Parameters for the Scripts in the Directory/etc/init.d/

To createyour own scripts,usethefile /etc/init.d/skeleton asa template.Theinit-info block at the beginning of the script determineswhich scriptsshouldor shouldnot run. Dependenciesmayalsobespecifiedhere.insserv thenensuresthat thecorre-spondinglinks arecreatedandthatthescriptsarerun in thecorrectorder.

### BEGIN INIT INFO# Provides: syslog# Required-Start: network# Required-Stop: network# Default-Start: 2 3 5# Default-Stop:# Description: Start the system logging daemons### END INIT INFO



Importantscriptsarebriefly describedbelow:

• boot

Thisscriptis starteddirectlybyinitwhenthesystemstarts.It is runonceandonceonly. It evaluatesthe directory/etc/init.d/boot.d andstartsall the scriptslinked to file nameswith an “S” at the beginning of their names. Thesescriptsperformanumberof tasks:

– Thekerneldaemonis started,which takesover theautomaticloadingof kernelmodules.

– Thefile systemsarechecked.

– Superfluousfiles in /var/lock/ aredeleted.

– Thesystemtime is set.

– Plug-and-Playhardwareis configuredwith theisapnp tools.

– In thescript/etc/init.d/boot.local, yourown systemextensionscanbeadded,whichareonly activatedonceeachtime thecomputerstarts.

• halt

This script is run if runlevel 0 or 6 is started.It is calledup eitherwith halt (thesystemis completelyshutdown) or with reboot (the systemis shutdown thenrebooted).

• rc

This script is responsiblefor the correctchangefrom onerunlevel to anotherone.It runsthestopscriptsfor thecurrentrunlevel thenthestartscriptsfor thenew one(seealsoSection3.6on thefacingpage).

The servicesin a runlevel canbe activatedanddeactivatedfrom the commandline withthecommandinsserv or in amorecomfortablewayusingtheadministrationtool YaST.TheYaSTRunlevelEditorcanbeaccessedfromtheYaSTmenuSystem > RunlevelEditor or starteddirectlywith yast runlevel.

Exercise: Activ ating and Deactiv ating Services

1. Normally, the SSHdaemon(sshd) is startedin the runlevels 3 and5.Deactivatethis servicewith thecommandinsserv.

2. Whatis theeasiestway to checkif thedeactivationwassuccessful?

3. ReactivatetheSSHdaemon.


3.6 Changing the Runlevel

3.6 Changing the Runle vel

Whenthe runlevel is changed,first the stopscriptsof the currentrunlevel arerun, thenthestartscriptsof thenew runlevel. Here,only theprogramsof theold runlevel thatarenot wantedor requiredin the new runlevel areendedandonly thoseprogramsthat werenot runningin the old runlevel but areneededin the new onearestarted. Thesescriptsfor eachrunlevel are locatedin the directories/etc/init.d/rcrl.d. All the startscriptsbegin with an “S” (e.g.,S08portmap, S08sshd, S08syslog) and the stopscriptswith a “K” (e.g.,K03inetd, K12autofs, K12cron). Thenumberthat followsdeterminesin which orderscriptsarestartedor stopped,sono dependency conflictsoccurbetweenprograms.Thesenumbersaregeneratedby theprogram/sbin/insserv afterthe packagesareinstalled. All dependenciesof the startscriptsin /etc/init.d/ arefreshlycalculatedandthecorrespondingstartandstopnumbersarerenewed.

The following example(changingfrom runlevel 3 to runlevel 5) illustrateshow suchachangetakesplace.

1. Thesystemis runningin runlevel 3. If thesystemadministrator(root) now enters

earth:~ # init 5

heinformstheinit processthattherunlevel shouldbechanged.

2. init consultsthe configurationfile /etc/inittab to find out which script torunwhenchangingto this runlevel: /etc/init.d/rc with theparameter5.

3. Now the programrc comparesall the stopscriptsof runlevel 3 (the scriptsin thedirectory/etc/init.d/rc3.d thatbegin with “K”) with thestartscriptsof run-level 5 (thescriptsin thedirectory/etc/init.d/rc5.d thatbegin with “S”). Ifthereis nomatchingstartscriptfor astopscript,thestopscriptis started,endingtheservice.Thescriptsareprocessedin theorderspecifiedby thenumberafterthe“K”.If astartscriptfor thestopscriptexists,theservicewill continueto run.

4. Thenthestartscriptsof runlevel 5 arecomparedwith thestopscriptsof runlevel 3.If thereis nomatchingstopscript— if theserviceis not runningin runlevel 3 — thestartscript is started,startingthe service.As with the stopscripts,the startscriptsarealsostartedin theorderspecifiedby thenumberin thename.

If youwantinittab to berereadwithout changingtherunlevel, enter:

earth:~ # init q

init will thenjust load/etc/inittab again, look for any changesin it, andmodifytherunlevel accordingly.



Exercises: Runle vel

Exercise 1

1. While thesystemis still running,changeto runlevel 2.

2. Changebackagain to thepreviousrunlevel.

Exercise 2

1. Changethestandardrunlevel to 1.

2. Shutdown thesystem.

3. Restartthecomputerandobserve thechanges.

3.6.1 shutdown and halt

Like mostmodernoperatingsystems,Linux reactssensitively to beingswitchedoff with-out warning. The leastthat canhappenis that the file systemsneedto be checked andcorrectedbeforethesystemcanbeusedagain. For this reason,thesystemshouldalwaysbeshutdown properly. With theappropriatehardware,Linux canalsoswitchoff thema-chineasthelaststageof shuttingdown.

As alreadymentionedin Section3.3 on page48, the systemadministratorcan halt thesystemby changingto runlevel 0 andrestartingin runlevel 6. Therearesomeotherusefulcommandsfor properlyshuttingdown thesystemor restartingit:

Command Description

halt Ensuresanimmediate,controlledsystemhalt. All pro-cessesarestoppedandthe systemno longer reactstoany input. You cannow switchoff thecomputer, if it isnot configuredto switchoff automatically.

poweroff Hasthe sameeffect ashalt, exceptthat the machineis switchedoff automatically, if this is possible.

reboot Rebootsthesystem.shutdown -h time Shutsdown the systemafter the specifiedtime: +m

(number of minutes from now), hh:mm (time inhours:minutes, when Linux should shut down),now (systemis stoppedimmediately).With theoption-r insteadof -h, the systemis rebooted(runlevel 6).Without options,it changesto runlevel 1 (single usermode).

Table3.3: Commandsfor HaltingandRebootingtheSystem



shutdown controlstheshutdown of thesystemin a specialway, comparedto theotherstopcommands.It informsall usersthatthesystemwill beshutdown anddoesnot allowother usersto log in beforeit shutsdown. The commandcan also be suppliedwith awarningmessage,suchas:

earth:~ # shutdown +5 The new hard drive has arrived

If theshutdownplannedfor alatertimeshouldnotbecarriedoutafterall, it canberevoked:

earth:~ # shutdown -c

Exercise: Shutting Down and Rebooting the Machine

1. Usethecommandshutdown to shutdown your machinein two min-utes.Thenrebootthemachine.

2. Enterthecommandshutdown asdescribed.

3. Preventthemachinefrom beingshutdown.

Summar y

• Thestageswhenbootingthesystemareasfollows: BIOS > bootmanager> kernel> rootpartitionis mounted> init is started

• Theinitial ramdiskinitrd containsthedrivers(kernelmodules)neededfor boot-ing thesystem.

• init is the centralprocessof the Linux systemthat startsall otherprocesses.Itsconfigurationfile is /etc/inittab. The actionsassociatedwith the respectiverunlevel aredefinedin thisfile.

• Thefollowing runlevelsarepredefined:

Runlevel Meaning

0 Halt1 Single-usermode2 Multiusermodewithoutnetwork serverservices3 Multiusermodewith network (default)4 Not used5 Multiusermodewith network anddisplaymanager6 Reboot

Table3.4: Runlevelsin Linux andTheirMeanings



• Specialscripts:

– /etc/init.d/boot

This script is starteddirectly by init whenthesystemis booted.It readsthedirectory/etc/init.d/boot.d/ andstartsall scriptspointedto by linksstartingwith “S”.

– /etc/init.d/halt

This script is executedwhenchangingto therunlevels0 (commandhalt) or6 (commandreboot).

– /etc/init.d/rc

Startstheneededscriptsin /etc/init.d/ in thecorrectorderwhenchang-ing therunlevel.

• Services are started and stopped by means of the scripts in the directory/etc/init.d/:

– Whenthesystemis booted

– Whentherunlevel is changed

– Manuallywith:/etc/init.d/script start andstop orrcscript start andstop

Thesescriptssupportthefollowing parameters:

Parameter Description

start Startsaservicethatis not running.restart Stopsa runningserviceandrestartsit.stop Stopsa runningservice.reload Rereadsthe configurationof the servicewithout stopping

andrestartingtheserviceitself.status Displaysthecurrentstatusof theservice.

Table 3.5: Parameters for the Scripts in the Directory/etc/init.d/

• Thecommandinsserv canbeusedto activateanddeactivateservices.

• TheYaSTRunlevel Editor canbeusedto activateanddeactivateservicesin a run-level.

• Thesystemcanbehaltedandrebootedby changingtherunlevel.



• Overview of themostimportantcommandsin this chapter:

Command Description

halt Stopsthesystemin acontrolledmanner.init RL Changesto thespecifiedrunlevelRL. Theoption-q

reloadsthefile /etc/inittab.insserv Activatesor deactivatesaservice.poweroff Stops the system in a controlled manner and

switchesthemachineoff (if this is possible).rcscript startor stop

Startsor stopsaservice.

reboot Rebootsthesystem.shutdown Shutsdown the system(option -h; Runlevel 0),

shutsit down andrebootsit (option-r, runlevel 6),or changesto runlevel 1 (if no optionis specified).

Table3.6: Commandsfor StartingandStoppingthe SystemandServices




4 YaST and SuSEconfig

Learning Aims


• thebasicsof usingtheadministrationtool YaST

• how to useYaSTin text mode(ncursesinterface)

• how to startindividualYaSTmodules

• themeaningof theconfigurationfiles in thedirectory/etc/sysconfig/

• thefunctionof thescriptSuSEconfig



4.1 YaST

YaSTstandsfor Yet anotherSetupTool. Many configurationtaskswithin thescopeof thesystemadministrationof SUSELINUX EnterpriseServer caneasilybehandledwith thistool.

The appearanceof the userinterface(ncursesor Qt) dependson the commandusedforstartingYaSTandonwhetheryouusethegraphicalsystemor thecommandline.

Terminal in X Window Command line

yast2 Qt ncursesyast ncurses ncurses

Table4.1: VariousWaysto StartYaST

In thegraphicalinterface,YaSTcanbecontrolledintuitively with themouse.

Figure4.1: Appearanceof YaSTuponStart-upin theGraphicalSystem(with yast2)


4.1 YaST

Thencursesinterfaceis controlledexclusively with thekeyboard.

Figure4.2: YaSTin Text Mode(ncurses)

Press:; <=Tab to move from onebox to anotheror to thetext buttons.To go backto thepre-

viousbox,press:; <=Alt +

:; < =Tab . Usethearrow keys to navigatewithin thebox. Highlighted

menuitemscanbemarkedby pressing:; <=

. To selectamenuitem,press:;?<=@BA . Often,

youcanpress:; <=Alt andthehighlightedletterto accessanitemdirectly.

Exceptfor thecontrolsandtheappearance,thegraphicalmodeandthetext modeof YaSTareidentical.

Individual modulescanalsobestarteddirectly. Availablemodulescanbe listedwith thecommandyast -l or yast --list. An individual modulesuchasthesoftwarein-stallationmodulecanbestartedby specifyingits name.Example:

earth:~ # yast sw_single

The samerule applieshere: yast sw_single – text mode,yast2 sw_single –graphicalmode.

OtherYaSToptionscanbelistedwith yast --help or yast -h.



4.2 /etc/sysconfig/ and SuSEconfig

All changesperformedwith YaSTcanbedistinguishedin two categories:

• Directmodificationof configurationfiles. Examples:

– Installationof software:changesto theRPM database.

– The printer configurationis written directly to the configurationfiles of thecups print system:/etc/cups/.

– The runlevel editor modifies/etc/inittab and the links in the runleveldirectories/etc/init.d/rcRL.d

• YaSTmodifiestheconfigurationfiles in /etc/sysconfig. Examples:

– Thenetwork configurationis savedin /etc/sysconfig/network.

– The mail configuration is saved in /etc/sysconfig/mail and/etc/sysconfig/postfix.

– TheDMA modefor harddisksis setin /etc/sysconfig/hardware.

A large part of the configurationof SUSELINUX is basedon the files in the directory/etc/sysconfig/. Thesefiles canbe editedby meansof the YaSTmodules,with asimple text editor, or with the specialYaSTeditor for /etc/sysconfig. The YaSTeditorfor /etc/sysconfig canbestartedwith yast2 sysconfig.

After performing changes with YaST, YaST automatically starts the script/sbin/SuSEconfig. One of the main functions of SuSEconfig is the adap-tion of variousconfigurationfiles to the files in /etc/sysconfig/. If the files in/etc/sysconfig/ areeditedmanuallywith aneditor, thescriptSuSEconfig shouldbe run in order to write all changesto the actualconfigurationfiles. Someof the filesin /etc/sysconfig/ are interpretedby start scripts in /etc/init.d/ for theconfigurationof services.

For reasonsof clarity, SuSEconfig consistsof several subscripts. Theseare lo-cated in the directory /sbin/conf.d/ and begin with “SuSEconfig.” (e.g.,SuSEconfig.fonts, SuSEconfig.hostname).


4.2 /etc/sysconfig/ and SuSEconfig

After editingafile in thedirectory/etc/sysconfig/ andupdatingall affectedfilesbyrunningSuSEconfig, all involvedservicesmustberestarted.For thenetwork, this canbedonewith thefollowing command:

earth:~ # /etc/init.d/network stopearth:~ # /etc/init.d/network start

or

earth:~ # /etc/init.d/network restart

For large-scalechangesto the systemconfiguration,the following procedureis recom-mended:

1. Changeto thesingle-usermode(runlevel 1) with:

earth:~ # init 1

If youneedseveralconsoles,youcanalsoswitchto runlevel 2:

earth:~ # init 2

2. Perform the respective changes to the configuration files in the directory/etc/sysconfig/ (with aneditoror with YaST).

3. StartSuSEconfig manually(unlessyou performedthe changeswith YaST) inorderto makesurethattheaffectedconfigurationfilesareupdated.

4. Changebackto thepreviousrunlevel:

earth:~ # init 3

Exercise: /etc/sysconfig and SuSEconfig

Exercise 1

How can you find out which scripts in /etc/init.d read the file/etc/sysconfig/hardware?

Exercise 2

1. Makeacopy of thefile /etc/sysconfig/security.

2. Start the YaSTSecuritymodulewith yast security and increasethesecuritylevel to 3 (network server).

3. Now comparethe current/etc/sysconfig/security with thecopy youmade.

4. Discussthe changein the file /etc/sysconfig/security. Howcanyoufind out theeffectof this changeon thesystem?



Summar y

• YaSTcanbe controlledgraphically(Qt interface)andin text mode(ncursesinter-face).

• Theindividualmodulescanbestarteddirectly: yast2 modulename.

• Thecentralconfigurationof SUSELINUX EnterpriseServer is basedon thefiles inthedirectory/etc/sysconfig/.

• SuSEconfig makes surethat changesto the files in /etc/sysconfig/ areadoptedby theindividualprogram-specificconfigurationfiles.

• SuSEconfig consists of several subscripts located in the directory/sbin/conf.d/.


5 System Monitoring

Learning Aims


• aboutthefunctionsof thesyslogdaemon

• how to configurethesyslogdaemon

• thecentrallog file /var/log/messages

• how to view log filesandbootmessages

• how to archive log file with theprogramlogrotate

• how to monitorthefreeandusedharddiskspacewith df anddu


5 System Monitoring

5.1 The Syslog Daemon

Thesyslogdaemonis usedby many servicesto log systemevents.Theadvantagein usingonesingleservicefor loggingis thatall thiscanbemanagedfrom onesingleconfigurationfile.

The syslogdaemonacceptsmessagesfrom systemservicesand logs themaccordingtoinformationin its configurationfile, /etc/syslog.conf:

# /etc/syslog.conf - Configuration file for syslogd(8)## For info about the format of this file, see "man syslog.conf".#

# print most on tty10 and on the xconsole pipe#kern.warn;*.err;authpriv.none /dev/tty10kern.warn;*.err;authpriv.none |/dev/xconsole*.emerg *

# enable this, if you want that root is informed# immediately, e.g. of logins#*.alert root...

Thefile /etc/syslog.conf containsoneruleperline. Eachruleconsistsof two fields,separatedby spacesor tabs.Thecategory is given in thefirst field, which is alwaysallo-cateda priority, separatedby a dot. Thesecondfield specifieswhatshouldbedonewiththecorrespondingsystemmessages.

Thecategory refersto thesubsystemthatprovidesthecorrespondingmessage.Eachpro-gramthat usessyslogfor logging is assignedsucha category. The following categoriesexist:

authpriv, cron, daemon, kern, lpr, mail, news, syslog, user,uucp, local0 to local7

Thecategoriesaredefinedasfollows:

authpriv Usedby all servicesthathave anything to do with systemsecurityor autho-rization. All PAM messagesusethis category. The ssh daemonusesthe authcategory.

cron Acceptsmessagesfrom thecron andat daemons.

daemon Usedby variousdaemonsthatdo not have their own category, suchasthepppdaemon.

kern A category for all kernelmessages.



lpr Messagesfrom theprintersystem.

mail Category only for messagesfrom the mail system;this is important,sincemanymessagesmayarrivehereveryquickly.

news Category for messagesfrom thenews system;aswith themail system,many mes-sagesmayneedto beloggedin ashorttime.

syslog Internalmessagesof thesyslogdaemon.

user Generalcategory for messageson a userlevel. It is usedby login, for example,to log failedlogin attempts.

uucp Messagesof theuucp system.

local0 – local7 Eight categoriesareavailable that you candefineyourself. All ofthe local categoriescanbe usedin your own programs.With this, messagesfromyour own programscan be administeredindividually through entries in the file/etc/syslog.conf.

Thepriority givesdetailsabouttheurgency of themessage.Thefollowing prioritiesexist(increasingdegreeof urgency):

debug, info, notice, warning, err, crit, alert, emerg

Theprioritiesareusedasfollows:

debug Shouldreally only beusedfor debuggingpurposes,asall messagesof this cate-goryandhigherarelogged.

info Priority for messagesthatarepurelyinformative.

notice Messagesthatdescribenormalsystemstatesandshouldbenoted.

warning Priority for messagesdisplayingdeviationsfrom thenormalstate.

err This priority displaystheoccurrenceof anerror.

crit Informsof critical conditionsfor theprogramconcerned.

alert For messagesof this priority level, the systemadministratoris requiredto takeimmediateactionto keepthesystemfunctioning.

emerg Messageswith this priority are really too late, sincethis value warns that thesystemis no longerusable.


5 System Monitoring

As mentionedbefore,thesecondfield in theentriesdetermineswhatwill bedonewith thecorrespondingmessage.Thefollowing optionsareavailablehere:

• Outputof afile

Addinga “-” beforethefile namespecifiesthatthefile is notsynchronizedfor eachentry.1

Example:

mail.* -/var/log/mail

• Specifyingthedevicefile for a text console

All correspondingmessagesaresentto theconsolespecified.

Example:

kern.warn;*.err;authpriv.none /dev/tty10

• SpecifyingaFIFO file (namedpipe) by puttingthepipecharacter’|’ in front of thefile name

All correspondingmessagesarewritten into theFIFO file. For example:

kern.warn;*.err;authpriv.none |/dev/xconsole

• Specifyingauserlist

All usersmentionedwhoareloggedin receiveamessageontheir text terminal(doesnot functionwith all terminaltypes).

Example:

*.alert root,tux

• Specifyingacomputernamewith aprefixed“@”

Messagesareforwardedto the computerspecifiedandloggedthereby syslog,de-pendingon theconfigurationon thatcomputer.

Example:

*.* @mars.example.com

• “*”

All usersloggedin receiveamessagevia wall.

Example:

*.crit *

1Files may be lost without immediatesynchronization(e.g., if the systemcrashes).But immediatesyn-chronizationtakeslonger.



Theruleslistedarealwaysvalid for thespecifiedpriority andall higherpriorities:

• By addinganequalsign“=” beforethepriority, therule is setonly for messagesofthis priority.

Example:

*.=warn;*.=err -/var/log/warn

• If anexclamationmark(“!”) is setbeforethepriority, this andall higherprioritiesareexcludedfrom logging.

Example:

mail.*;mail.!=info /var/adm/mail

• If an“*” is given,this standsfor “all categories”or “all priorities”.

• To excludeacertaincategory from logging,set“none” asthepriority.

Example:

*.*;mail.none;news.none -/var/log/messages

Parameters for the syslog daemon may be specified in the file/etc/sysconfig/syslog. The variable KERNEL_LOGLEVEL determinesthelogging level for the kernel log daemon(klogd). The variableSYSLOGD_PARAMSmay be usedto passstart parametersto the daemon. For example, if you want a hostto log messagesof other hosts, the syslog daemonof the host that should acceptthemessagesfrom a remotesyslogmustbestartedwith theoption“-r”. Theentryin thefile/etc/sysconfig/syslog thenappearsasfollows:

## if not empty: parameters for syslogd# for example SYSLOGD_PARAMS="-r -s my.dom.ain"#SYSLOGD_PARAMS="-r"

Exercise: Syslog Daemon

For this exercise,cooperatewith oneof yourclassmates.

1. StudentA is to configurehis system’s syslogdaemonin sucha waythatmessagesof anothersyslogdaemonareacceptedover thenetwork(optionin /etc/sysconfig/syslog).

2. StudentB is to insert an entry in the file /etc/syslog.conf bymeansof which systemmessagesareforwardedto the hostof studentA, e.g.:

*.* @earth1


5 System Monitoring

3. Restartthe syslog daemonson both system. Take a look at the file/var/log/messages on thesystemof studentA.

5.2 Impor tant Log Files

Thelog file to whichmostmessagesarewritten is thefile /var/log/messages. Oftenhintscanbefoundhereaboutwhy, for example,aservicedoesnot functionproperlywhenit starts. The entry “-- MARK --” is written to the file by the syslogdaemoneverytwentyminutesif no othermessagesto log exist. This makesit easyto checkwhetherthesyslogdaemonwasrunningthe whole time or, if the entries“-- MARK --” in the file/var/log/messages aremissing,if thedaemonhasbeenrestarted.

Log files canbestbereadwith thecommandtail. Entering

earth:~ # tail /var/log/messages

displaysthe last ten linesof thefile, which arealsothemostcurrententries.With tail-n, specifythe numberof lines to display. If you want to have new messagesdisplayedimmediately, usetheinteractivemodewith tail -f. Entering

earth:~ # tail -20f /var/log/messages

switchestail to interactive mode.Thelast20 linesof thefile /var/log/messagesaredisplayed.If new messagesareaddedthesearedisplayedimmediately. Thedisplayisclosedwith CD EFCtrl CD�EFC .

Messagesfrom the mail systemarewritten by default to the file /var/log/mail andthoseof the news systemto files in the directory/var/log/news, becausethesetwosubsystemsoftengeneratemany messages,soasinglelog file wouldquickly becomeverylargeandunwieldy.

Whenthesystemis booted,all messagesof thebootscriptsaredisplayedonthefirst virtualconsole.This oftenhappensso fastthatyou cannotreadall themessages.It is possible,however, to readthebootmessagesin thefile /var/log/boot.msg. Themessagesofthekernelduringthebootprocedurecanbedisplayedwith thecommand/bin/dmesg.

Another importantfile is /var/log/wtmp. This file exists in a binary form. Its con-tentscanonly bedisplayedwith thecommandlast (/usr/bin/last). Informationisrecordedhereaboutwhich userwasloggedon from whereandfor how long. Becauseofthebinaryformat,it is difficult to manipulateentriesin this file.


5.3 Archiving Log Files

5.3 Archiving Log Files

It is importantto ensurethat log files do not getto largeor to complex or requireto muchspaceinsidethesystem.For this reason,thesizeandageof log files aremonitoredauto-matically. Thisis thefunctionof theprogramlogrotate (/usr/sbin/logrotate).

logrotate is run daily by the cron daemon(/etc/cron.daily/logrotate).Theprogramchecksall listedlog files for thegivenparametersby meansof its configura-tion files. This way, files maybecompressedor deletedeitherin regularintervalsor whenadeterminedsizeis reached.In thesamewayit maybedeterminedhow many compressedversionsof a log file arekeptover whatperiodof time. Also, the forwardingof log filesvia e-mail is possible.

Theconfigurationfile of logrotate is/etc/logrotate.conf. Generalparametersarespecifiedhere:

# see "man logrotate" for details# rotate log files weeklyweekly

# keep 4 weeks worth of backlogsrotate 4

# create new (empty) log files after rotating old onescreate

# uncomment this if you want your log files compressed#compress

# uncomment these to switch compression to bzip2#compresscmd /usr/bin/bzip2#uncompresscmd /usr/bin/bunzip2

# RPM packages drop log rotation information into this directoryinclude /etc/logrotate.d...

In theexample,thelog files arecreatedor replaced,respectively, oncea week(weekly).Onthatoccasion,theold file is savedunderanew nameandanew, emptylog file is created(create). Unlesstheoptionrotate is specified,theold files aredeleted.In this exam-ple, the last four versionsof the log file arekept (rotate 4). If theoptioncompressis activated,thecopiesarestoredin a compressedform. Thoseoptions,however, maybesupersededby theentriesof thefiles to monitor.

All the files to monitor must be listed. This will either be donethroughthe entriesin/etc/logrotate.conf (seeabove,entry/var/log/wtmp [options]) or in theform of separateconfigurationfiles. Many RPM packagescontainpreconfiguredfiles fortheevaluationof logrotate, which arestoredin thedirectory/etc/logrotate.d.The files containedin that directory are read by logrotate by meansof the entryinclude /etc/logrotate.d in thefile /etc/logrotate.conf.


5 System Monitoring

The log files that are createdby the basepackageaaa_base are enteredinto the file/etc/logrotate.d/aaa_base. The treatmentof the log files written by syslogisdeterminedin /etc/logrotate.d/syslog:

/var/log/mail /var/log/news/* ... /var/log/warn /var/log/messages ... {compressdateextmaxage 365rotate 99missingoknotifemptysize +4096kcreate 644 root rootsharedscriptspostrotate

/etc/init.d/syslog reloadendscript

}

Thosefiles will not be “rotated” weekly but assoonasthey cometo a sizeof 4096kB(size +4096k). Ninety-nineversionsof eachof thefiles will bekept (rotate 99),with old log filesstoredcompressed(compress). As soonasoneof thecompressedfilesis older than365 days,it is deleted(maxage 365). If a log file is empty, no rotationtakesplace(notifempty). New log filesarecreatedaftertherotationandowner, group,andpermissionsarespecified(create 644 root root). Scriptsmaybecalledafterthe rotation (postrotate . . .endscript). Someservices,for instance,have to berestartedafterlog files havebeenchanged.In this example,thesyslogdaemonwill rereadits configurationfilesaftertherotation(/etc/init.d/syslog reload).

A completelist of all possibleoptionsis given in the manpagelogrotate. Most ofthe serviceswhoselog files shouldbe monitoredcomewith preconfiguredfiles, so onlyminor adjustmentsare normally necessary. The generalparametersfor the behavior oflogrotate arespecifiedin thefile /etc/logrotate.conf. Every log file to moni-tor mustbelistedin /etc/logrotate.conf or theparametersfor themonitoringmaybespecifiedin aseparatefile in thedirectory/etc/logrotate.d.


5.4 Monitoring Hard Drive Space


The commanddf (disk free) is usedto monitor harddrive space.For all mountedparti-tions, it displayshow muchspaceis still occupiedandavailable. With theoption-h (forhumanreadable) theoutputis givenin unitsof GB or MB, which is easierto interpret.

tux@earth:~ > df -hFilesystem Size Used Avail Use% Mounted on/dev/hda1 500M 152M 348M 31% //dev/hda2 2.0G 551M 1.4G 27% /opt/dev/hda3 7.0G 1.3G 5.7G 18% /rest/dev/hda5 500M 141M 359M 29% /tmp/dev/hda6 3.0G 2.5G 521M 84% /usr/dev/hda7 2.0G 119M 1.8G 6% /varshmfs 374M 0 373M 0% /dev/shm/dev/hda8 19.0G 5.4G 13G 29% /home

To find outhow largeindividual filesor directoriesare,usethecommanddu (diskusage).Withoutany options,it displays,for eachsubdirectoryandthecurrentdirectory, how largethesearein unitsof 1 kB. Someusefuloptions:

Option Description

-h Providesaneasierto readoutputin kB andMB.-c Displaysthe total as the final value. Useful to determinehow much

spaceis takenupby all fileswith aspecificextension(e.g.,.tex).-s Showsonly thetotalamount;usefulto find outhow muchspaceis taken

upby directories.-a Displaysthesizeof directoriesandfiles.

Table5.1: Commanddf: Importantoptions

Examples:

tux@earth:~ > du4 ./Letters400 .tux@earth:~ > du -h4.0k ./Letters400k .tux@earth:~ > du -ha4.0k ./Letters4.0k ./file14.0k ./file2308k ./file376k ./file4400k .


5 System Monitoring

With

earth:~ # du -h -c /home/tux

first the sizeof the directoriesin the homedirectoryof the usertux is given then,withtotal, the total sizeof the directory(herethe sizeof files it containsis alsotaken intoaccount).

Exercise: Monitoring hard drive space

1. Findouthow full thepartitionson yoursystemare.

2. Have displayedhow much hard drive spaceis occupiedby the homedirectoryof theuseruser1.

Summar y

• The syslog-daemonlogs system messagesby means of entries in the file/etc/syslog.conf. Messagesaresortedaccordingto categoryandpriority andwritten to files or forwardedto specificusersor remotecomputers.

• Themostimportantlog filesof thesystemcanbefoundin thedirectory/var/log.Themainlog file is /var/log/messages.

• You caneasilyview thecontentof a log file with tail -f. Thelast tenlinesof afile aredisplayed.Usetheoption-f to starttheinteractivemodein whichtheoutputis updatedautomatically.

• Bootmessagesarewritten to thefile /var/log/boot.msg.

• Thecommanddmesg canbeusedto getthebootmessagesof thekernel.

• Log files aremonitoredfor sizeandageby logrotate, which in turn is calledatregularintervalsbycron. If required,log filesarecompressed,archived,or deleted.

• You canmonitor how full partitionsor directoriesarewith the commandsdf anddu.



• An overview of importantcommandsandprograms:

Command Meaning

df Shows theamountof occupiedandfreeharddiskspace.dmesg Produceskernelmessagesduringthebootprocedure.du Shows thesizeof filesanddirectories.last Displaysthecontentof thefile /var/log/wtmp.logrotate Monitorsthesizeandageof log files.tail Displaysthe last ten lines of a file. Usethe option-f to

starttheinteractivemode.Table5.2: Commandsfor systemmonitoring

• An overview of importantfiles anddirectories:

File or dir ectory Meaning

/etc/logrotate.conf Configuration file of the programlogrotate.

/etc/logrotate.d/ Directory containing preconfiguredfiles for evaluationby logrotate.

/etc/sysconfig/syslog Thisfile containsparametersof thesys-log daemon.

/etc/syslog.conf Configurationfile of the syslog dae-mon.

/var/log/boot.msg Log file for bootmessages./var/log/mail Log file for themail system./var/log/messages Most important log file of the Linux

system./var/log/news/ Directory containinglog files for the

newssystem./var/log/wtmp Logs which userwas loggedin when,

from where,andfor how long.Table5.3: Filesanddirectoriesfor systemmonitoring


5 System Monitoring


6 Data Backups

Learning Aims


• aboutthemostimportantbackupmedia

• aboutincrementalanddifferentialbackupstrategies

• how to create,view, andextractarchiveswith tar

• thecommandsfor compressinganddecompressingdata

• how to synchronizelocaldirectorieswith rsync

• how to createpartitionimageswith dd

• how to usemt to controltapedrives

• how to automatebackupswith cron


6 Data Backups

6.1 Data Backup Strategies

Backingup dataon a suitablemediumis oneof themostimportanttasksa systemadmin-istratorhas.Usually largeamountsof dataareinvolvedwhich mustbebackedup,sothatfirst a decisionhasto be taken on which mediaare to be used. Tapedrivesareusuallyusedbecausethesestill have thebestpriceto capacityratio. TheseareSCSIdrives,sothatit is all thesameto Linux whatsortof drivesareultimatelyavailable(DAT, EXABYTE,DLT . . . ). Apart from this, tapeshave theadvantagethatthey canbereusedrelatively sim-ply. Othermediafor databackupincludewritableCDs or DVDs, removableharddrivesandMO (Magnetic-Optical) drives. More andmorefrequently, so-calledStorage AreaNetworks(SAN) canbefound: herea network is setup which servesonly to backup datafrom differentcomputersonacentralbackupserver. But evenherethebackupis ultimatelymadeonmagnetictapes.

Whenorganizingdatabackups,acompromisemustbemadebetweenthedifferentrequire-ments.On theonehand,reconstructionof lost datashouldhappenasquickly aspossible,on theother, theamountof datato bebackedup shouldbekeptassmallaspossible,thatis, only thatdatais savedwhich haschangedsincethe lastbackup.Themoredatathereis to besaved,themoreresourcesarerequired(suchasthenumberof tapes,thecapacityof thenetwork . . . ). How oftena backupis carriedout dependson the importanceof thedata.If thedatais highly sensitive (i.e. thefutureof thecompany is dependenton it) thena completedaily backupis unavoidable.With lessersensitivity, it is sufficient to carryoutacompletebackuponceaweek.

Fundamentally, varioustapesmustbeavailablewhichareoverwrittenin a rolling process.

Incrementalanddifferentialbackupsaretwo frequently-usedstrategies.

• Incr emental: backupof thechangessincethelastbackup.

• Differ ential: backupof thechangessincethelastfull backup.


6.1 Data Backup Strategies

Mon Full backupTueWedThuFri

Incr ementalbackup

Mon Full backupTueWedThuFri

Differ ential backup

Figure6.1: IncrementalandDifferentialBackupStrategy

Dependingon thebackupscheme,several tapesareneeded.Thefollowing tableshows acommonbackupschemefor which 21 tapesareneeded:

Monthly backup 12 tapesWeeklybackup 5 tapesDaily backup 4 tapes(incrementalor differential)

∑ 21 tapes

Thebackuptapesshouldbestoredseparatelyfrom theserver. Thiswill preventthebackupsfrom beinglost in caseof fire in the server room, for example. Sensitive datathereforebelongsin asafe,ideallyatacompletelydifferentlocation.


6 Data Backups

6.2 Backup Tools in Lin ux

Linux hasa largevarietyof toolsfor databackupandthreeof themareintroducedbelow.Eachof the tools hasdifferentfeatures,even thoughthey canall be usedfor a “normal”backup.

6.2.1 Data Backup with tar

tar (tape archiver) is the most commonlyusedtool for databackup. It archives filesin a specialformat,eitherdirectly on a correspondingmedium(suchasmagnetictapeorformattedfloppy disk), or to a so-calledarchive file. Normally though,the datais notcompressed.By convention, namesof archive files end in .tar. If archive files arecompressed(usuallywith thecommandgzip; seepage82), thentheextensionof thefilenameis either.tar.gz or .tgz. Thecommandfirst expectsanoption(which is why itcanalsobeusedwithout a minussign),thenthenameof thearchive to bewritten (or thedevicefile) andthenameof thedirectoryto bebackedup. All directoriesandfilesbeneaththisarealsosaved.Directoriesaretypically backedupwith:

earth:~ # tar -cvf /dev/st0 /home

This commandbacksup thecompletecontentsof thedirectory/home to thetapedevice/dev/st0 (this is thefirst SCSItapedrive). Theoption-c (create) standsfor creatingthearchive. Theoption-v (verbose) providesa detailedlist, that is, thenameof eachfilejustbackedup is displayed.After theoption-f (file) thenameof thearchive to becreatedis given.Thiscaneitherbeadevicefile (suchasa tapedrive)or astandardfile:

earth:~ # tar -cvf /backup/etc.tar /etc

With this commandthe archive etc.tar is created,which containsall files from thedirectory/etc. Whenanarchive is created,absolutepathsareby default maderelative,thatis theleading“/” is removed.Thismessageappears:

tar: Removing leading ‘/’ from member names

To packfiles from anarchivebacktogetheragain,enter:

earth:~ # tar -xvf /dev/st0

Thiscausesall files in thearchive to bewritten to thecurrentdirectory. Dueto therelativepathspecificationsin thetar archive,thedirectorystructureis createdhere.If youwanttoextractto anotherdirectory, thiscanbedonewith theoption-C, followedby thedirectoryname.If just onesinglefile is to beextracted,thenameof this file mustbespecified:

earth:~ # tar -xvf /test1/test.tar -C /test2 home/user1/.bashrc


6.2 Backup Tools in Linux

Someotherimportantoptions:

Option Meaning

-r Appendsfiles to anarchive.-u Only includesfiles in anarchivewhicharenewer thattheversionin the

archive (update).-d Comparesfiles in thearchivewith thosein thefile system.

Table6.1: Commandtar: Importantoptions

If specificfilesareto beexcludedfrom thebackup,a list of thesemustbewritten in afile,line by line. This list is thenpassedon to tar with theoption-X:

earth:~ # cat exclude.files/home/user1/.bashrc/home/user2/Text*earth:~ # tar -cvf /dev/st0 /home -X exclude.files

In this examplethe file /home/user1/.bashrc andall files in the directoriesof theuseruser2whichstartwith thestringText arenot savedto tape.

Thecontentsof anarchivecanbedisplayedwith thefollowing command:

earth:~ # tar -tvf /dev/st0

If only filesareto bebackedupwhicharemorerecentthanaspecificfile, thenit is besttouseacombinationof thecommandsfind andtar, for example:

earth:~ # find /home -newer last_backup -type f -exec tar -rvf neu.tar {} \;

Now all files (-type f) are backed up which are more recent than the filelast_backup. It is importantto usetar herewith the option-r (appendfiles to anarchive). If the option-c is used,thenthe archiveswill alwaysbe newly created(over-written),andonly thelastfile to befoundwill exist in thefinal archive.

Exercise: tar Archives

1. Createthetar archive/tmp/home.tar containingyourentirehomedirectory( G ).

2. Changeto the directory/tmp and extract only one file, e.g. the file.bashrc.

3. Comparetheownerandtimestampof theextractedfile andof theorigi-nal file.


6 Data Backups

Compressing and Decompressing Data

Linux offersvarioustoolsfor compressinganddecompressingdata:

• gzip [options] file

Thiscommandcanbeusedto compressanddecompressdata.Thecompresseddatais marked with the suffix .gz. This commandis only suitablefor compressingindividual files. To save several files or entiredirectoriesin a compressedfile, usethe commandtar (seeSection6.2.1on page80). The following aresomeusefuloptionsof gzip:

Option Meaning

-c,--stdout,--to-stdout

Compressesthe file without modifying the originalfile. Theresultis writtento thestandardoutput(usu-ally thescreen).Fromthere,it canberedirectedto afile with “>”.

-d,--decompress,--uncompress

Decompressesthespecifiedfile insteadof compress-ing it (comparegunzip; seebelow).

-n,--fast,--best

Controls the compressionspeed. -1 means--fast andcausesa quick compressionbut pro-duceslarger files. -9 correspondsto --best andrequiresmorecomputingtime but producessmallerfiles. Thedefault settingis -6.

-r,--recursive

Also compressesanddecompressesfiles in all sub-directories.

Table6.2: Commandgzip: Importantoptions

Examples:

earth:~ # gzip *.tex

This commandcompressesall .tex files in thecurrentdirectory, resultingin fileswith thesuffix .tex.gz.

earth:~ # gzip -c price_list > price_list_backup.gz

This commandcompressesthe file price_list. The file itself is not modified.Theresultof thecompressionis written to thefile price_list_backup.gz.

• gunzip file.gz

This commanddecompressesa file compressedwith gzip andremovesthesuffix.gz. This functioncorrespondsto thecommandgzip -d file.



• bzip2 [options] file

This is anothercommandfor compressingfiles, resultingin files that are usuallyabouttwenty to thirty percentsmallerthan the files compressedwith gzip. Thedisadvantageis thatmorecomputingtime is requiredfor thecompression.Herearesomeimportantoptions:

Option Meaning

-c,--stdout,--to-stdout

Compressesthe file without modifying the originalfile. Theresultis writtento thestandardoutput(usu-ally thescreen).Fromthere,it canberedirectedto afile with “>” (seegzip above).

-d,--decompress,--uncompress

Decompressesthespecifiedfile insteadof compress-ing it (comparebunzip2; seebelow).

-1 to -9 Determineshow muchmemoryis allocatedfor thecompression:-1 requires1.1 MB, -9 requires6.7MB. Thedefault settingis -9 andproducesthebestresult.

Table6.3: Commandbzip2: Importantoptions

• bunzip2 file.bz2

Thiscommanddecompressesafile compressedwith bzip2 andremovesthesuffixbz2. Its functioncorrespondsto thecommandbzip2 -d file.

• zcat file.gz

This commandcanbe usedto decompressfiles compressedwith gzip andwritethemto thestandardoutput(usuallythescreen).Thecompressedfile is notmodified.Thefunctionof zcat correspondsto thecommandgunzip -c -d.

tar archivescanbecompressedin two differentways:

1. In two separatestages:

(a) Creationof thetar archive

(b) Compressionwith gzip or bzip2

2. With asinglecommand:

tar -czf userlist.tar.gz ...The tar option -z (or --gzip) compressesor decompressesthe tar archiveimmediately. Theoption-j (or--bzip2) compressesor decompressesthearchivewith bzip2.


6 Data Backups

6.2.2 Mirr oring Directories with rsync

The commandrsync (remotesynchronization) is actually intendedto createcopiesofcompletedirectoriesacrossa network to a differentcomputer. But it canalsobeusedtocarryout local mirroring of directories.In doingso,only thosefiles arecopiedwhich arenot alreadyin the target directory, or only exist in older versions.Actually only partsofa file arecopiedwhich have changed(andnot theentirefiles). Themirroring of all homedirectoriescanbecarriedoutby runningthefollowing command:

earth:~ # rsync -a /home /shadow

In thisexamplethemirroringis madeto thedirectory/shadow. Therethedirectoryhomeis first created,andthenbeneathit, theactualhomedirectoriesof theusers.If instead,thehomedirectoriesareto be createddirectly beneaththe target directoryspecified(that is,for example/shadow/tux), thenthis is achievedwith thefollowing command:

earth:~ # rsync -a /home/. /shadow

Specifying“/.” at theendof thedirectoryto bemirroredhastheeffect thatthisdirectoryis not includedin the copy. The option -a usedin the examplesputsrsync into theso-calledarchive mode.This is a combinationof variousotheroptions(namelyrlptg),whichensuresthatthecharacteristicsof thefiles to becopiedareidenticalto theoriginals.Thefollowing featuresareretained:

• symboliclinks,

• accesspermissions,

• owners,

• groupmembershipandtimestamp.

Theoption-r ensuresin additionthatdirectoriesarecopiedrecursively. Otherimportantoptionsfor rsync:

Option Meaning

-x Only files on onefile systemaresaved,which meansthatsymboliclinks to otherfile systemsarenot followed.

--delete Fileswhichnolongerexist in theoriginaldirectoryarealsodeletedfrom themirroreddirectory.

--exclude-from Specifiesa file containingfile nameswhich shouldnot bebackedup.

Table6.4: Commandrsync: Importantoptions



Thelastoptioncanbeusedasfollows:

earth:~ # rsync -a --exclude-from=/home/exclude /home/. /shadow/home

Hereall files locatedin thefile /home/exclude arenotbackedup. Emptylinesor linesbeginningwith “;” or “#” areignored.

6.2.3 Copying Data with dd

With the commanddd files canbe convertedandcopiedbyte-wise. Normally dd readsfrom thestandardinputandwritestheresultto thestandardoutput.With thecorrespondingparameters,however, files canalsobeaddresseddirectly. You cancopy all kindsof fileswith this command,includingdevice files,which meansentirepartitions.Exactcopiesofaninstalledsystem(or justpartsof it) canthusbecreatedverysimply. In thesimplestcaseafile canbecomparedwith thecommand:

earth:~ # dd if=/etc/protocols of=protocols.org12+1 records in12+1 records out

With theoptionif= (input file) thefile to becopiedis specified,andwith theoptionof=(outputfile), the nameof the copy. Copying files in this way is doneon the basisof so-calledrecords. Thestandardsizeis 512bytes.Theabove outputthereforemeansthat12completerecordsof thestandardsizeandafurtherincompleterecord(thatis, lessthan512bytes)werecopied.If therecordsizeis now modifiedby theoptionbs= (block size), thentheoutputwill alsobemodified:

earth:~ # dd if=/etc/protocols of=protocols.old bs=16561+0 records in6561+0 records out

A file listing shows thattheir sizesareidentical:

earth:~ # ls -l protocols*-rw-r--r-- 1 root root 6561 2002-08-31 11:46 protocols.old-rw-r--r-- 1 root root 6561 2002-08-31 11:45 protocols.org

If a completepartition is now to be copied,thenthe correspondingdevice file shouldbegivenastheinput:

earth:~ # dd if=/dev/sda1 of=boot.partition32066+0 records in32066+0 records out

dd canbeusedto createabackupcopy of theMBR (MasterBootRecord):

earth:~ # dd if=/dev/sda of=/tmp/mbr_copy bs=512 count=1

This commandcopiesoneblock (count=1) of 512 bytes(bs=512) from the first harddisk (/dev/sda) to thefile /tmp/mbr_copy.


6 Data Backups

While filesarecopiedusingdd, they canalsobeconvertedatthesametime. Theoptionforthis is conv=. Thevariousconversionsarepassedto theoptionasparameters,separatedby commas.Themostimportantparametersare:

Parameter Meaning

lcase Conversionof all uppercaselettersto lowercase.ucase Conversionof all lowercaselettersto uppercase.ascii Conversionfrom EBCDIC to ASCII.ebcdic Conversionfrom ASCII to EBCDIC.

Table6.5: Commanddd: Parametersfor ConvertingFiles

A typical useof thecommanddd is to createa bootdisk. Herea specialkernelis writtento anunformattedfloppy disk (thatis, withoutafile system).

6.3 Working with Magnetic Tapes

To work with magnetictapes,Linux hasthe commandmt. With this, tapescanbe po-sitioned,compressioncanbe switchedon or off (with someSCSI-2tapedrives)andthestatuscanbequeried.Magnetictapedrivesin Linux arealwaysSCSIdevicesandcanbeaddressedby variousnames:

• /dev/st0 refersto thefirst tapedrive.

• /dev/nst0 addressesthe sametapedrive in the no rewind mode,that is, afterwriting or reading,the taperemainsat thatpositionandis not rewoundbackto thebeginning.

For reasonsof compatibility to other Unix conversions, two symbolic links exist:/dev/rmt0 and/dev/nrmt0.

Thestatusof thetapeis givenby entering:

earth:~ # mt -f /dev/st0 statusdrive type = Generic SCSI-2 tapedrive status = 620756992sense key error = 0residue count = 0file number = 0block number = 0Tape block size 0 bytes. Density code 0x25 (unknown).Soft error count since last status=0General status bits on (41010000):BOT ONLINE IM_REP_EN


6.3 Working with Magnetic Tapes

The most importantinformationhereis the detailsof the file number(file number,startingat 0) andthe block numbers(block number, startingat 0), wherethe tapeispositioned. In this examplethe tapeis positionedat the beginning of the first file. Topositionthetapeat thenext file, thefollowing commandis used:

earth:~ # mt -f /dev/nst0 fsf 1

Thetapewill now startbeforethefirst block of thesecondfile. This canbeseenfrom theoutputof thecommand:

earth:~ # mt -f /dev/nst0 statusdrive type = Generic SCSI-2 tapedrive status = 620756992sense key error = 0residue count = 0file number = 1block number = 0Tape block size 0 bytes. Density code 0x25 (unknown).Soft error count since last status=0General status bits on (81010000):EOF ONLINE IM_REP_EN

On theonehandthefile numberis now setto 1, on theother, thefinal line of theoutputnow containsEOF (endof file) insteadof BOT (beginningof tape). With theoptionbsfthe tapecanberepositionedbackby a correspondingnumberof files. If the tapeis to bepositionedseveral files further, thena differentnumberinsteadof 1 shouldbe given asthe lastparameter. In generalwhenpositioningthe tape,/dev/nst0 shouldalwaysbespecifiedasthedevicefile.

If this file is now read(for example,a tar archive is unpacked), thenthe tapewill beattheendof thefile (recognizableby avaluedifferentto 0 for theblocknumber):

earth:~ # mt -f /dev/nst0 statusdrive type = Generic SCSI-2 tapedrive status = 620756992sense key error = 0residue count = 0file number = 1block number = 18Tape block size 0 bytes. Density code 0x25 (unknown).Soft error count since last status=0General status bits on (1010000):ONLINE IM_REP_EN

If thetapeis to bespooledbackto thebeginningafter thereadingor writing process,thisis doneby entering:

earth:~ # mt -f /dev/nst0 rewind

Thetapeis now at thebeginning. If you want it to beejectedfrom thedrive thenyou usethecommand:

earth:~ # mt -f /dev/nst0 offline


6 Data Backups

Normally tapesshouldalwaysbewritten without compression,becauseotherwiseit is nolongerpossibleto recover the subsequentdatain caseof a write or readerror. To checkwhetherdatacompressionis switchedon or off, this commandis used:

earth:~ # mt -f /dev/st0 datcompressionCompression on.

Thecommandshowswhetherdatacompressionis switchedonor off. If theparameteronoroff is specifiedat theend,thendatacompressionwill beswitchedonor off. By defaultcompressionis switchedon (asin thisexample).

If thetapesareto bewritten to or readfrom differentUnix systems,problemsmayoccur,at leastwith DAT drives. In mostcasesthis is becauseof thedifferentblock sizes.Withtar thesecanbe specified(option-b), but alsothe default settingsof the drive canbechanged:

earth:~ # mt -f /dev/st0 setblk 512

Thiscommandsetstheblocksizeto 512bytes.

6.4 Automating Data Backups

Backing up datais a task which shouldbe carriedout regularly. In Linux this can beautomatedwith thecron service.

System jobs are controlled via the file /etc/crontab and the files in thedirectory /etc/cron.d, and they are defined via the scripts in the direc-tories /etc/cron.hourly, /etc/cron.daily, /etc/cron.weekly and/etc/cron.monthly.

Specifying which users may create cron jobs is done through the files/var/spool/cron/allow and /etc/spool/cron/deny, which are evalu-atedin preciselythis order. If bothfilesdonotexist thenonly root maydefinejobs.

Thejobsof individualusersarestoredin files in thedirectoryvar/spool/cron/tabswith namesmatching the user names. Thesefiles are processedwith the commandcrontab (seeman crontab).

An exampleof a job:

0 22 * * 5 /root/bin/backup

Thescript/root/bin/backup is startedeveryFridayat10o’clock in theevening.Theformatfor theline is describedin man 5 crontab.


6.4 Automating Data Backups

Summar y

• Variousmediaareavailablefor backups:tapedrives,CD, DVD, removabledrives,MO drives.

• Thefollowing strategiesareoftenusedfor backups:

– Incr emental: backupof thechangessincethelastbackup.

– Differ ential: backupof thechangessincethelastfull backup.

• tar is themostfrequently-usedbackuptool.

• The following commandscan be usedto compressand decompressdata: gzip,gunzip, bzip2, bunzip2, zcat.

• With thecommandrsync youcanperformlocalmirroringof directories.

• With thecommanddd files canbecopiedandconvertedbyteby byte.

• Linux providesthecommandmt for working with magnetictapes.

• Automaticbackupscanbecarriedoutusingthecron service.

• An overview of importantcommandsin thischapter:

Command Description

crontab For processingfiles for cron jobs.dd Copiesandconvertsfiles byteby byte.bunzip2 Decompressesafile compressedwith bzip2.bzip2 Compressesanddecompressesafile.gunzip Decompressesafile compressedwith gzip.gzip Compressesanddecompressesafile.mt For workingwith tapes.rsync Createscopiesof entiredirectorieson anotherhostor mirrorsdi-

rectorieslocally.tar Archivesfiles onamediumor in anarchivefile.zcat Writesa file compressedwith gzip to thedefault outputin de-

compressedform.Table6.6: Commandsfor databackups


6 Data Backups


7 Integrating Hardware

Learning Aims

In this chapteryouwill learn

• how to usefdisk to checkandmodify thepartitioningof aharddisk

• how to createext2, ext3, andReiserfile systems

• how to mountafile system

– with thecommandmount

– by meansof thefile /etc/fstab

• aboutkernelmodulesandtheir directory/lib/modules/

• themostimportantcommandsfor handlingkernelmodules:lsmod, insmod, modprobe, depmod

• theconfigurationfile /etc/modules.conf



7.1 Adding a Hard Disk to the System

In orderto integratea harddisk into theLinux-SystemsothatLinux automaticallyrecog-nizeit andyoucanaccessit immediately, threestepsarenecessary:

1. partitiontheharddisk,

2. createafile system,

3. mountthefile system.

VariousLinux toolsareavailableto do this.

7.1.1 Partitioning a Hard Disk

Theprogramfdisk is usedfor partitioningharddisks. Whenstartingfdisk you enterthe nameof the harddisk or the device nameasa parameter. To do this you mustknowwhich harddrive is involved(IDE, SCSI)andwhich “rank” it has(thefirst IDE harddiskin thesystem,thesecondIDE harddisk in thesystem).This resultsin namessuchas:

• /dev/hda — IDE harddisk,masteron thefirst IDE controller

• /dev/hdb — IDE harddisk,slaveon thefirst IDE controller

• /dev/hdc — IDE harddisk,masteron thesecondIDE controller

• /dev/sda — first SCSIharddisk

• /dev/sdb — secondSCSIharddisk

Sofdisk is run like this:

earth:~ # fdisk /dev/hdb

fdisk is usedwith the keyboard: a letter, followed by CD?EFHBI, carriesout an action, for

example:

Letter Action

d Deletesapartition.m Givesashortsummaryof thefdisk commands.n Createsanew partition.p Shows a list of partitionswhich arecurrentlyavailableon theharddisk

specified.



Letter Action

q Endstheprogramfdisk without saving changes.t Setsthetypeof apartition.w Savesthechangesmadeto theharddisk.

Table7.1: KeyboardShortcutsfor fdisk

A maximumof four primarypartitionscanbesetup on a harddisk (Intel)1. If you needmorepartitions,thenyoudeclareoneof thesefour asan“extended”partitionandthenyoucancreatefurther “logical” partitionsin it (SCSIharddisks: max. 14; IDE-drives: max.63).

For anemptyharddisk this will first appearasfollows:

Command (m for help): p

Disk /dev/hdb: 32 heads, 63 sectors, 528 cylindersUnits = cylinders of 2016 * 512 bytes

Device Boot Start End Blocks Id System

Command (m for help):

A primarypartitionis createdwith n:

Command (m for help): nCommand action

e extendedp primary partition (1-4)

pPartition number (1-4): 1First cylinder (1-528): 1Last cylinder or +size or +sizeM or +sizeK (1-528, default 528): +128M


Enteringthecommandp displaysthepartitiontablewith thecurrentsettings:



Device Boot Start End Blocks Id System/dev/hdb1 1 131 132016+ 83 Linux


1In thevariousarchitectures(Intel, SUN,Alpha,PowerPC)therearedifferentpartitioningtypes.



Thispartitiontablecontainsall therelevantinformationon thepartitioncreated:

• This is thefirst partitionof this harddisk (Device, hdb1).

• It beginsat cylinder1 (Start) andendsat cylinder131(End).

• It consistsof 132016 blocks(Blocks).

• Its so-calledHex code(Id) is 83 (seepage95).

• Its typeis Linux (System).

Furtherpartitionscanbesetup, for exampleanextendedpartition. This is alsodonewithn, afterwardse is selected:


e extendedp primary partition (1-4)

ePartition number (1-4): 2First cylinder (132-528): 132Last cylinder or +size or +sizeM or +sizeK (132-528, default 528): 528



Device Boot Start End Blocks Id System/dev/hdb1 1 131 132016+ 83 Linux/dev/hdb2 132 528 400176 5 Extended


If anextendedpartitionhasbeencreated,thenlogical partitionscanbesetup:


l logical (5 or over)p primary partition (1-4)

5First cylinder (132-528, default 132): 132Last cylinder or +size or +sizeM or +sizeK (132-528, default 528): +128M


Disk /dev/hda: 32 heads, 63 sectors, 528 cylindersUnits = cylinders of 2016 * 512 bytes

Device Boot Start End Blocks Id System/dev/hdb1 1 131 132016+ 83 Linux/dev/hdb2 132 528 400176 5 Extended/dev/hdb5 132 262 132016+ 83 Linux




The standardtype for thesepartitionsis Linux. If a swappartition is to be created,forexample,thenthetypemustbechanged.

Command (m for help): tPartition number (1-5): 5Hex code (type L to list codes): 82Changed system type of partition 5 to 82 (Linux swap)



Device Boot Start End Blocks Id System/dev/hdb1 1 131 132016+ 83 Linux/dev/hdb2 132 528 400176 5 Extended/dev/hdb5 132 262 132016+ 82 Linux swap


With thecommandL or l you receiveaHex codelist to changethepartitiontype:

0 Empty 1b Hidden Win95 FA 63 GNU HURD or Sys b7 BSDI fs1 FAT12 1c Hidden Win95 FA 64 Novell Netware b8 BSDI swap2 XENIX root 1e Hidden Win95 FA 65 Novell Netware c1 DRDOS/sec (FAT-3 XENIX usr 24 NEC DOS 70 DiskSecure Mult c4 DRDOS/sec (FAT-4 FAT16 <32M 39 Plan 9 75 PC/IX c6 DRDOS/sec (FAT-5 Extended 3c PartitionMagic 80 Old Minix c7 Syrinx6 FAT16 40 Venix 80286 81 Minix / old Lin da Non-FS data7 HPFS/NTFS 41 PPC PReP Boot 82 Linux swap db CP/M / CTOS / .8 AIX 42 SFS 83 Linux de Dell Utility9 AIX bootable 4d QNX4.x 84 OS/2 hidden C: e1 DOS accessa OS/2 Boot Manag 4e QNX4.x 2nd part 85 Linux extended e3 DOS R/Ob Win95 FAT32 4f QNX4.x 3rd part 86 NTFS volume set e4 SpeedStorc Win95 FAT32 (LB 50 OnTrack DM 87 NTFS volume set eb BeOS fse Win95 FAT16 (LB 51 OnTrack DM6 Aux 8e Linux LVM ee EFI GPTf Win95 Ext’d (LB 52 CP/M 93 Amoeba ef EFI (FAT-12/16/10 OPUS 53 OnTrack DM6 Aux 94 Amoeba BBT f1 SpeedStor11 Hidden FAT12 54 OnTrackDM6 9f BSD/OS f4 SpeedStor12 Compaq diagnost 55 EZ-Drive a0 IBM Thinkpad hi f2 DOS secondary14 Hidden FAT16 <3 56 Golden Bow a5 BSD/386 fd Linux raid auto16 Hidden FAT16 5c Priam Edisk a6 OpenBSD fe LANstep17 Hidden HPFS/NTF 61 SpeedStor a7 NeXTSTEP ff BBT18 AST Windows swa

Theprocedureis completedby enteringthecommandw, whichwriteschangesto thetable.

Attention! Whenthenew tableis writtenyouarenotaskedfor confirmationif you reallywantto do this.

Exercise: Partitioning a hard disk

Onyourharddisk,create3 additionalpartitionsof 500MB each.



7.1.2 Creating a File System

mkfs

Creatingfile systems(ext2, ext3, MS-DOS, MINIX, XFS, JFS) is performedwith thecommandmkfs (make file system). mkfs is a front-endfor the commandsfor creat-ing file systems.Thestructureis mkfs.type, for examplemkfs.ext2, mkfs.ext3,mkfs.msdos, mkfs.xfs, or mkfs.minix. For this reason,thefile systemtypemustbespecifiedtogetherwith thecommand(with theoption-t type). If no type is speci-fied, thecommandautomaticallycreatesanext2 file system.

If anext2 or ext3 file systemis createdwith mkfs, thenvariousparametersmaybespeci-fied:

Option Meaning

-b blocksize This determinesthe sizeof the datablocks in the filesystem.Valuesof 1024,2048,. . . , 16384areallowedfor theblock size.

-i bytes_per_inode This determineshow many inodesare createdon thefile system.For bytes_per_inode thesamevaluesarepossibleasfor theblocksize.A largervalueshouldbe chosenfor the block size,however, sinceit makeslittle senseto have a largernumberof inodesthandatablocks.

-j Thiscreatesanext3 Journalon thefile system.Table7.2: TheCommandmkfs: Optionsfor Creatinganext2 orext3 File System

If thefirst two parametersarenot given,thedatablock sizesandthenumberof inodesischosenby mkfs, dependingon thesizeof thepartitions.

Thecommandmke2fs (correspondsto mkfs.ext2 andmkfs.ext3) canalsobeusedto createanext2 or ext3 file system(seeman mke2fs).



mkreiserfs

To createaReiserfile system,thecommandmkreiserfs is used.Variousparametersoroptionsmaybegivenhere,suchas:

Option Meaning

number_of_blocks Here the size of the partition is specifiedin numberofblocks. If this parameteris not given,mkreiserfs willdeterminetheblocksizeautomatically.

--format format Specifiestheformatof theReiserfile system::3.5 or3.6Table7.3: TheCommandmkreiserfs: Optionsfor CreatingaReiserFile System

An example of creating a par tition with an ext2 file system

earth:~ # mkfs -t ext2 /dev/hdb1mke2fs 1.17, 26-Oct-1999 for EXT2 FS 0.5b, 95/08/09Linux ext2 filesystem formatFilesystem label=25688 inodes, 102400 blocks5120 blocks (5.00%) reserved for the super userFirst data block=1Block size=1024 (log=0)Fragment size=1024 (log=0)13 block groups8192 blocks per group, 8192 fragments per group1976 inodes per groupSuperblock backups stored on blocks:

8193, 16385, 24577, 32769, 40961, 49153, 57345, 65537,73729, 81921, 90113, 98305

Writing inode tables: doneWriting superblocks and filesystem accounting information: doneearth:~ #

Herea 100MB partitionwasformattedwith thestandardvalues,thatis:

• 5120 blocks (5.00%) reserved for the super user

5% of the entirespaceis reserved for the systemadministrator;if the harddisk is95%full, thenanormalusermaynotuseany morespace.

• 25688 inodes, 102400 blocks

Thenumberof bytesperinodeis 4 KB.

• Block size=1024 (log=0)

The block sizeis 1 KB. this is the smallestunits which canbe allocated(eachfileoccupiesaminimumof 1 KB).



Exercise: Creating a file system

Createan ext2, an ext3, anda Reiserfile systemon the threenewly createdpartitions.

7.1.3 Mounting the File System

After thefile systemhasbeencreated,thepartition in questionneedsto bemounted.Todo this, thepartitionis linkedto adirectorywith themount command:

earth:~ # mount -t ext2 /dev/hdb1 /mnt

Or, for apartitionwith ReiserFS:

earth:~ # mount -t reiserfs /dev/hdb2 /mnt

Thecommandmount canalsoberunwithoutgiving detailsof thefile systemtype(option-t). In thiscasethefile systemtypeis automaticallydetectedandthepartitionis mountedcorrespondingly.

Thefile systemcanbeunmountedwith thecommandumount.

earth:~ # umount /mnt

If you want the file systemto be automaticallymountedthe next time the systemboots,thenacorrespondingentrymustbemadein thefile /etc/fstab.

7.1.4 The File /etc/fstab

The file /etc/fstab specifieswhich device files aremountedto the file system,withwhichfile systemtypeandwith whichoptions,whenthesystemis booted.Eachline standsfor onedevicefile andis dividedinto six fields.

An example:

/dev/hdb1 /reallynew ext2 usrquota,grpquota 1 2

Thefieldsmean:

Field 1 Nameof thedevicefile.

Field 2 Themountpoint, thatis, thedirectorywherethefile systemis to bemounted.Thedirectoryspecifiedheremustalreadyexist.

Field 3 Typeof file system(e.g.ext2, reiserfs).


7.2 Kernel Modules

Field 4 Mountingoptions.Multiple optionsareseparatedby commas(e.g. defaults,noauto, ro). Theoptionuser impliesthatevennormalusers(e.g.,tux) areautho-rizedto mountthedevicefile in theLinux system.ThisusuallyaffectstheCD-ROMdrive (/dev/cdrom) andthefloppy diskdrive (/dev/fd0).

Field 5 This determineswhetherthe file systemis to be backed up by the databackupprogramdump. 0 standsfor do notprocess.

Field 6 This specifiesin which order the file systemcheck (with the programfsck)shouldrunwhenrebooting:

• 0 for file systemswhichshouldnotbechecked,

• 1 for routedirectories,

• 2 for all otherfile systemswhichcanbemodified.

At this point theorderis alsodefinedin which individual file systemsaremounted(e.g.first /var/, then/var/tmp/).

In theabove example(seepage98) thefirst partitionof theIDE harddisk is linkedto thedirectory/reallynew whenthe systemboots,andcanbe reachedvia this path. Theoptionsusrquota,grpquota ensurethat theselimitations are supportedby the filesystem(quotasmustbeactivatedseparately, however).

Exercise: Mounting the file system

Mountthethreenew partitionsin thefile systemsatthemountpoints/data1,/data2, and/data3.

7.2 Kernel Modules

Driversandfeaturesof theLinux kernelcaneitherbecompiledinto thekernelor beloadedaskernelmodules.Thesemodulescanbeloadedlater, while thesystemis running,withouthaving to rebootthe computer. Especiallykernelcomponentswhich arenot requiredtobootthesystemareintegratedasmodules,sothekernelmaybekeptrelatively small.

Thekernelmodulesarelocatedin thedirectory/lib/modules/version/kernel,so for example the modules of the 2.4.19 kernel can be found in the directory/lib/modules/2.4.19-4GB/kernel.



7.2.1 Commands for Using Modules

Thefollowing commandsareavailableto work with modules:

• lsmod

lists thecurrentlyloadedmodulesin thekernel.

• insmod module

loadsthegivenmoduleinto thekernel.For this, it mustbeavailablein thedirectory/lib/modules/version/. It is recommended,however, to usemodprobe forloadingmodules(seebelow).

• rmmod module

removesthegivenmodulefrom thekernel. It canonly beremoved,however, if noprocessesareaccessinghardwareconnectedto it or correspondingservices.rmmod-a removesfrom memoryall modulescurrentlynot required.

• modprobe module

loadsthe given moduleinto the kernel. In contrastto insmod, dependenciesofothermodulesare taken into accountwhenthis is done. In addition,modprobereadsin thefile /etc/modules.conf.

The command can only be used if the file/lib/modules/version/modules.dep (see below) exists. For moredetailedinformation,seeman modprobe.

Thekerneldaemon(Kmod sincekernelversion2.2.x)ensuresthatmodulesneededin the runningoperationareautomaticallyloadedusingmodprobe (for example,to accesstheCD-ROM drive).

• depmod -a

createsthe file /lib/modules/version/modules.dep. This containsthedependenciesof individual moduleson eachother. Whena moduleis loaded(forexamplewith modprobe), it is ensuredthat all modulesdependenton it arealsoloaded.

If it doesnotexist, thefile modules.dep is loadedautomaticallywhenthesystemstarts,by thestartscript/etc/init.d/boot.

Thusit is notnecessaryto createthisfile manually.


7.2 Kernel Modules

An exampleof amodulelist displayedwith lsmod:

Module Size Used by Not taintedparport_probe 2980 0 (autoclean)parport_pc 5600 0 (autoclean)parport 6884 0 (autoclean) [parport_probe parport_pc]minix 22360 1 (autoclean)loop 7456 2 (autoclean)es1371 23628 2soundcore 2148 4 [es1371]nfsd 150528 3 (autoclean)eepro100 12112 1 (autoclean)hisax 97016 1 (uninitialized)isdn 82060 0 [hisax]slhc 4300 0 [isdn]

In this list it canbe seenwhich modulesarecurrently loaded(1st field: Module), thesizeof themodules(2ndfield: Size) andhow often (3rd field: Used) they areusedbyothermodules(4th field: by). Memory spaceoccupiedby the modulesis thenreleased.Modulescanalsoberemovedwith rmmod -a (seeabove).

7.2.2 The File /etc/modules.conf

This file is theconfigurationfile for thekernelmodules.For example,it containsparam-etersfor the moduleswhich accesshardwaredirectly. It thusplaysan importantrole inloadingmodules.Variouscommandtypescanbefoundin it, for example:

• alias instructionsdeterminewhichkernelmoduleis to beloadedfor whichdevicefile.

Example:alias eth0 8139too

• options instructionsareoptionsfor loadingamodule.

Example:options ne io=0x300



Summar y

• A maximumof four primary partitionscanbe createdon a harddisk (Intel). Fur-therpartitionscanbemadewith an“extended”partition,in which further“logical”partitionsaresetup.

• The commandfdisk canbe usedto checkandmodify the partitioningof a harddisk.

• File systemscanbemounted

– with thecommandmount,

– by meansof thefile /etc/fstab. This file specifieswhich file systemsaremountedautomaticallywhenthesystemis booted.

• Kernelmodules:

– Kernelmodulesarekernelcomponentsthat are loadeddynamically(usuallyhardwaredrivers).

– They arelocatedin thedirectory/lib/modules/.

– Theconfigurationfile for kernelmodulesis /etc/modules.conf.

• Themostimportantcommandsfor handlingkernelmodulesare:lsmod, insmod, modprobe, depmod

• The file modules.dep containsall moduledependencies.For the 2.4.19kernelthesearein thedirectory/lib/modules/2.4.19-4GB.

• An overview of importantcommandsin this chapter:

Command Description

depmod Createsthefile modules.dep.fdisk Partitionsaharddiskinsmod Loadsamoduleinto thekernel.lsmod Listscurrentkernelmodules.mke2fs Createsaext2 or ext3 file system.mkfs Createsafile system.mkreiserfs CreatesaReiserfile system.modprobe Loadsamoduleinto thekernel,takinginto accountmodule

dependencies.mount Mountsafile systemto theLinux system.rmmod Removesamodulefrom thekernel.umount Unmountsafile system.

Table7.4: Commandsfor IntegratingHardware


8 The X Windo w System

Learning Aims


• theclient/serverarchitectureof theX Window System

• how to startthecomponentsof theX Window Systemstepby step

• two possibilitiesfor startingtheX Window System(startx, xdm/kdm)

• startingasecondX server

• accesscontrolpossibilities

• configurationoptionsfor theX server


8 The X Window System

8.1 The X Windo w System

The X Window System(or simply X or X11) allows you to control the input andoutputof several applicationsin differentwindows of a graphicalinterface. You needto distin-guishherebetweengraphicalapplications,whichrunin theirown windows,andtext-basedapplications,whicharecarriedout in a terminalwindow.

TheX Window Systemwascreatedin 1984at MIT (MassachusettsInstituteof Technol-ogy). The aim of the developmentwasto be ableto usegraphicalapplicationsacrossanetwork, independentlyof hardware.Thismeansit is possiblewith theX Window Systemto displayandoperategraphicalapplicationson any monitors,without runningthemonthe machinesto which thesemonitorsareconnected.The basisfor this is the separationinto a server component(X server) and the applicationitself (client application),whichcommunicatewith eachotherby wayof variouscommunicationchannels.

X server — The X server controlsthe graphicalscreen.This correspondsroughly withwhatwould becalleda “graphicsdriver” on othersystems.In addition,it managestheinput devices,suchaskeyboardandmouse,andtransmitstheir actionsto theXclient. TheX server, however, hasnothingto do with theappearanceof thewindowand the desktop;this is the task of the window manager. XFree863.3.x and itssuccessorXFree864.x arefree implementations.SUSELINUX EnterpriseServerdefaultsto usingXFree864.x.

Client application – Theclientapplicationis agraphicalapplicationthatusestheservicesof the X server to receive keyboardandmouseactionsandto have its own outputdisplayedon thescreen.

Window managersarespecializedclient applications.A window managerworkstogetherwith theX serverandprovidesadditionalfunctionality. Its tasksare:

• providing controlelements

• managingvirtual desktops

• providing functionalityof window frames(for example,changingtheir size)

TheX Window Systemis not linkedto any specificwindow managerandthusnot to anyparticularlook andfeel.

SUSELINUX EnterpriseServer is currently releasedwith somewindow managers,in-cludingkwin (theKDE window manager),mwm (Motif Window Manager),andtwm (TabWindow Manager).


8.1 The X Window System

Desktopenvironmentsgofarbeyondthelook andfeelwindow managersprovidefor desk-topsandmanipulatingwindows. Theaim is to provideclientswith aunifiedlook andfeel.KDE is thestandardgraphicaldesktopfor SUSELINUX EnterpriseServer.

As canbeseenin Figure8.1, theX server is runningon thecomputerearth, while theXapplicationsarerunningon themachinessunandvenus. Thedisplayof theclientapplica-tions,however, is performedby theX server on themachineearth. Thesecomputersmayhavedifferentarchitectures.

Network

venus

X−application from

venus

sun fromX−applic.

earth

sun

J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�JJ�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�J�JK�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�KK�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K�K

LMLMLLMLMLLMLMLLMLMLLMLMLLMLMLLMLMLNMNNMNNMNNMNNMNNMNNMN

O�O�O�O�O�O�OO�O�O�O�O�O�OO�O�O�O�O�O�OP�P�P�P�P�P�PP�P�P�P�P�P�PP�P�P�P�P�P�P

Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�QQ�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�Q�QR�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�RR�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R�R

Figure8.1: X ServerandClient ApplicationsRunonDifferentComputers

8.1.1 Displa y Names

On onecomputer, a numberof X serversmay be runningto which, in turn, a numberofmonitorscanbeconnected.For a client applicationto know on which X server input andoutputis performed,it is informedof thedisplayname.Thesyntaxfor this is asfollows;

host:display_nr.screen_nr

host Name(or IP address)of the computerto which the monitor is connected.If nocomputeris given,thelocalmonitoris used.



display_nr definesthenumberof thedisplay. A displayis aunit consistingof amon-itor (or several monitors),a keyboard,and a mouse. Normally, the display is 0,becausecomputersonly haveonedisplay. Largemultiusersystemsmayquitepossi-bly havea numberof displays,eachof which havea uniquenumber. Normally theyarecountedupwards,startingwith 0 for the first display, 1 for the seconddisplay,etc.

To startasecondX serveronacomputerwith only onedisplay, youalsoneedto setthedisplaynumberfor this to anothervalue(e.g.,1) (seeSection8.3.1onpage110).

screen_nr Displaysmayhavemorethanonemonitorastheirdisplayunit. Thisnumberspecifieson whichmonitorclientapplicationsshoulddisplaytheir output.

Normally thedisplaynameis given in theenvironmentvariable,DISPLAY, but it canbepassedon to anclientapplicationwith theoption-display display_name.

8.2 Star ting the X Windo w System Step by Step

The saiddistinctionof the X server, client application,andwindow manageris not per-ceivableduringnormaloperation;onceyou have loggedin by way of thegraphicallogin,theentireenvironmentis at yourcommand.

However, in orderto identify thestructuremoreclearly, theindividualcomponentscanalsobestartedindividually. For thispurpose,terminatetherunningX serverwith thefollowingcommand:

earth:~ # init 3

Then start the X server by executing the command X from a text console./usr/X11R6/bin/X is a link to /var/X11R6/bin/X. This, in turn, is a link to theactualX server/usr/X11R6/bin/XFree86.

tux@earth:~ > X &

The resultof this commandis a gray areawith a mousepointercross. Userscannotusethe pureX server in a meaningfulway, but X applicationscanusethe X server for thegraphicaloutput.TheX servercanbeterminatedwith CD EFCtrl CD EFAlt CD EFSTU .

If you starta graphicalapplicationfrom the sameconsolefrom which the X server wasstartedin thebackground,thefollowing errormessageis displayed:

tux@earth:~ > xtermxterm Xt error: Can’t open display: %s

Theapplicationxterm lacksthe informationon theX server to use.TheX server needsto be addressedspecifically, as it may be active on the samemachineor on a differentmachine,or severalX serversmaybeactiveononemachine.


8.2 Starting the X Window System Step by Step

GraphicalapplicationsinterpretthevariableDISPLAY , which containstheneededinfor-mation. However, in theabove examplethis variableis not set. If this variableis set,theprogramcommandwill work andanxterm window will appearon thegraysurface.

tux@earth:~ > DISPLAY=localhost:0 xterm &

or

tux@earth:~ > DISPLAY=:0 xterm &

Figure8.2: TheX Serverwith aTerminal

If youmove themousepointerover thewindow, commandscanbeenteredin thewindow.

You cannow startanapplicationor awindow manager.



Star ting an Application

To startanapplicationon this X server (suchasxterm), enterin a terminal:

tux@earth:~ > xterm -g 80x25-0+30 &

Figure8.3: TheX Serverwith Two Terminals

Thenumbersafter-g definethegeometryof theapplicationstarted:

• sizeof theapplicationwindow, for example,80x25. This meansthewindow is 80characterswideand25 charactershigh.

• Positionof theapplication,suchas-0+30. Thismeansthewindow is 0 pointsawayfrom theright-handedgedisplayand30pointsfrom theupperedgeof thedisplay.

“+” means:distancefrom theleft or uppermargin“-” means:distancefrom theright or lowermargin

Important: Processesin the terminal shouldonly be startedin the background,so theshell is still availablefor furtherprocesses.

However, thesizeandthepositionof thewindow cannotbechangedafterwards.A windowmanageris requiredto do this.


8.2 Starting the X Window System Step by Step

Star ting a Windo w Manager

To startawindow manager(suchasmwm), enterin theterminal:

tux@earth:~ > mwm &

Figure8.4: TheX Serverwith aTerminalandthemwm Window Manager

The window managerchangesthe appearanceof the desktopandthe framesof existingwindows,whichalsofeaturea title bar.

Thefunctionalityandbehavior of theX desktoparealsoredefinedwhenthewindow man-ageris started.

Exercise: Star t X Server and Application

1. Switch to a virtual terminal (e.g., tty1) and terminatethe running Xserverwith thecommandinit 3.

2. StartanX serverwith X.

3. Startanxterm with xterm -g 80x25-0+30 &

4. From the xterm window, start a window manager(twm, mwm, orkwin).



8.3 Star ting the X Server with a Windo w Manager

Without a window manager, the X desktopis restrictedin its use. For this reason,the Xserver is normallystartedtogetherwith awindow manager.

In runlevel 3 (no graphicallogin), usethescriptstartx. To ensurea securestart-upofthe X server, the script /usr/X11R6/bin/startx performsa systemcheck. Thenit startsthe applicationxinit, which in turn startstheX server. The environmentvari-ableWINDOWMANAGER is interpreted.Uponstart-up,startx activatesthesharedplain-text cookiesthatplay a role in connectionwith thesecuritymechanismxauth (seeSec-tion 8.5.2on page114,man Xsecurity). If necessary, the systemadministratorcanreplacestartx with acustomscript.

8.3.1 Star ting a Second X Server

Normally, only oneX server is started.To starta secondX server, for example,asroot,this is donewith:

earth: # startx -- :1

Enteringthis startsa secondX server with its output on tty8 (this can be reachedwithCD EFCtrl CD EFAlt CD�EFF8 ). Thefirst X server canbereached,asbefore,with CD EFCtrl CD EFAlt CD�EFF7 . Inthisway, it is alsopossibleto starta third or fourthX server. With

earth: # startx -- :2

anotherX server is startedwith outputon tty9 (canbereachedwith CD EFCtrl CD EFAlt CD EFF9 ).

Exercise: Star t a Second X Server

1. StartasecondX serveronyourcomputer.

2. Alternatebetweenthetwo X servers.

8.3.2 Log File for the X Server

Whenit starts,theX server generatesa detailedlog file, which canbehelpful in findingproblemswith the X server. The XFree864.x X server createsthis file accordingto thefollowing pattern:

/var/log/XFree86.display_nr.log

Becausethe first X server startedautomaticallyhasthe display number0 (for displaynumbers,seeSection8.1.1onpage105),thenameof its log file is:

/var/log/XFree86.0.log


8.3 Starting the X Server with a Window Manager

Thebeginningof this log file lookslike this:

XFree86 Version 4.2.0 / X Window System(protocol Version 11, revision 0, vendor release 6600)Release Date: 18 January 2003

If the server is older than 6-12 months, or if your card isnewer than the above date, look for a newer version beforereporting problems. (See http://www.XFree86.Org/)

Operating System: SuSE Linux [ELF] SuSEModule Loader presentMarkers: (--) probed, (**) from config file, (==) default setting,

(++) from command line, (!!) notice, (II) informational,(WW) warning, (EE) error, (NI) not implemented, (??) unknown.

(==) Log file: "/var/log/XFree86.0.log", Time: Thu Febr 21 08:33:23 2003(==) Using config file: "/etc/X11/XF86Config"(==) ServerLayout "Layout[all]"(**) |-->Screen "Screen[0]" (0)(**) | |-->Monitor "Monitor[0]"(**) | |-->Device "Device[0]"(**) |-->Input Device "Keyboard[0]"...

Thefirst line shows theversionof theX server. You canseeon whatsortof systemtheXserver wascompiledin the line beginningwith Operating System:. Thentherearethelog entries,including:

• Markers: lists whatthemarkersbeforeindividualentriesmean.Themostimpor-tantare:

Mark ers Meaning

(--) Valuesderivedfrom systemhardwaredetection.(**) Settingstakenfrom theconfigurationfile.(==) Default settingsfor theX server.(++) Valuespassedfrom thecommandline.(WW) HintsaboutsettingstheX serverdoesnot carryout.(EE) Messagesthatcausedthestartprocessor theX serverto crash.

In theselines, you will normally find the reasonwhy the Xserverdid not startcorrectly.

(II) Information messagesabout version numbersof X servermodules,etc.Table8.1: Markersin theLog File of theX Server

• Log file: displaysthenameof this log file.

• Time: stateswhenthis log file wascreated— preciselywhenthis X server wasstarted.

• Using config file: displaysthe nameof the configurationfile for the Xserver.



Exercise: Displa y the log file

1. Displaythelog files of theX servers.

8.4 Graphical Login

If the Linux systemis configuredaccordinglyand an X server is running on the localmachine,afterthesystemhasbooted,thewelcomewindow of theX interfacestarts,insteadof thelogin promptatavirtual console.This login window is generatedbyxdm orkdm. Ifthewindow managerGNOME is used,gdm is usedfor the login. Theseprogramsdo nothave to runon thelocalhost;they canalsouseit asamereX terminal.

• xdm

Theconfigurationfiles of xdm arelocatedin thedirectory/etc/X11/xdm/. Thecentralconfigurationfile is /etc/X11/xdm/xdm-config.

• kdm

The configuration files of kdm — the login manager of KDE — are lo-catedin the directory/etc/opt/kde3/share/config/kdm/. The centralconfiguration files are /etc/opt/kde3/share/config/kdm/kdmrc and/opt/kde3/share/config/kdm/kdmrc.

• gdm

The configurationfiles of gdm — the login managerof GNOME — are locatedin the directory /etc/opt/gnome2/gdm/. The central configurationfile is/etc/opt/gnome2/gdm/gdm.conf.

The kdm display managerprovides every userwho hasloggedin to the systemwith achoiceof window managers.After usernameandpasswordhavebeenentered,thedisplaymanagerexecutesthe instructionsof the file G /.xsession plus (in SUSELinux) theinstructionsof the file G /.xinitrc and startsthe window manageror userinterfaceselectedby theuser.

When the last X client entered in G /.xsession (usually the window manager)is terminated, the X server, too, is terminated and restarted, after which the lo-gin screenof the X server is displayed. If the file G /.xsession doesnot exist,only the file G /.xinitrc is evaluated. If this file is not available either, the file/etc/X11/xdm/sys.xsession is read. If this, too, is missing,the file xinitrc(without the dot) in /usr/X11R6/lib/X11/xinit/ or in /etc/X11/xinit/ isread.


8.5 Protection from Unauthorized Access

The login screenof the X server can also be relayedto a remotehost. To do this, thefollowing settingis requiredin thefile /etc/sysconfig/displaymanager on thehostwhoselogin screenshouldbeused:

DISPLAYMANAGER\_REMOTE\_ACCESS="yes"

ThenrunSuSEconfig. Thisprogramwill disablethefollowing line in theconfigurationfile of xdm (/etc/X11/xdm/xdm-config):

!DisplayManager.requestPort: 0

Thenyoucangetthelogin screenby enteringthefollowing on theremotehost:

X -query host :1

Enter“:1” if youalreadyhavearunningX serveronyour localhost(canbeaccessedwithCD EFCtrl CD EFAlt CDVEFF7 ). Thelogin screenfrom theremotehostcanbeaccessedwith CD EFCtrl CD EFAlt

CD EFF8 .

8.5 Protection from Unauthoriz ed Access

Dueto thefollowing characteristicsof theX Window System:

• it is dividedinto serverandclient components

• it communicatesacrossanetwork

• it is easyfor anclientapplicationto makeaconnectionto anX server

a seriesof securityproblemsarises.To avoid suchsecurityproblems,severalmechanismsweredevelopedto provide protectionfrom unauthorizedaccess(seeman Xsecurity),for example:

• xhost— Host-basedaccessmonitoring

• xauth — Key-basedaccessprotection

• ssh— Network accessesvia asecureshell



8.5.1 xhost

xhost only providesa very simpleform of accessmonitoring,allowing or denying spe-cific computersor usersaccessto the X server. The following optionsfor xhost arepossible:

Option Meaning

+host Thehostspecifiedwith host is allowedaccessto theX server.The+ canalsobeomitted.

-host Deniesaccessto the X server to the host specifiedwith host(whowaspreviouslygrantedaccesswith xhost +).

+ Allowsall hostsaccessto theX server.- Deniesall hostsaccessto the X server, which hadbeengranted

with xhost +.Table8.2: Commandxhost: Options

By merelyenteringxhost, list usersandmachineswho aregrantedaccess.If you wantto grantcertainusersor machinespermanentaccess,it is bestto enterthis into the localconfigurationfile G /.xinitrc. Thedisadvantageof xhost is thateveryuserwho logsin to ahostwith accessauthorizationwill alsohaveaccessto theX server.

8.5.2 xauth

Accessprotectionvia xauth is basedon a magic cookie— a key (hexkey) every userneedswho wantsaccessto the X server. By default in SUSELinux, whenan X serverstarts,sucha key is generatedandwritten to the file G /.Xauthority1. The keys arehex numberswith 33 digits.

When a user starts a client application, this first reads the key from the fileG /.Xauthority thenpassesit on, with a connectionrequest,to the X server. If thekey matches,theX serverallows theconnection.Otherwiseit will berejected.

With thecommandxauth list, a list of all keys for known displaysis given,for exam-ple:

tux@earth:~ > xauth listearth.example.com:0 MIT-MAGIC-COOKIE-1 a92b6ab18556b6c39899d78dff69abb4earth/unix:0 MIT-MAGIC-COOKIE-1 a92b6ab18556b6c39899d78dff69abb4

It is possiblewith xauth add andxauth remove to add or remove a key and itsdisplayto or from this list.

1If required,suchakey canalsobegeneratedmanuallywith theprogramkeygen.


8.5 Protection from Unauthorized Access

Thexauth procedureis user-based.Thexhost procedureis computer-based.If xauthis used,accessfrom all hoststo theX servershouldberefusedwith

xhost -

8.5.3 ssh

With the secureshell, an encryptedcommunicationbetweenhostsis possibleover a po-tentially insecurenetwork. Eachhostshasa privateanda public hostkey. Authenticationbetweenhostsis carriedout by onehostencryptingits requestwith thepublic key of theotherhostandsendingit to thathost. Only theotherhostcandecodetherequestwith itsprivatekey. Theentiresessionbetweenthehostsis additionallysecuredvia a sessionkey,which, for securityreasons,is only locatedin the main memoryof the computerand isregularly regenerated.

If, for example,theusertux wantsto log in via ssh on themachinesun, hemusttype inthefollowing:

tux@earth:~ > ssh sunEnter passphrase for RSA-key ’tux@earth’:The authenticity of host ’sun (192.168.0.22)’ can’t be established.RSA1 key fingerprint is 8f:04:ed:b9:56:c9:16:c0:f4:11:43:c8:88:3b:e5:c2.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added ’sun,192.168.0.22’ (RSA1) to the list of knownhosts.tux@sun password:Have a lot of fun...tux@sun:~ >

With theoption-l, theusernamecanalsobegiven:

tux@earth:~ > ssh -l tux sun

To redirectinput andoutputon thehostsunto thehostearth (automaticdisplayredirec-tion), for example,enter:2

tux@earth:~ > ssh -X sun

Here,theX protocolis forwardedthroughanX tunnel(X11forwarding).

Exercise

Exercise 1: Using ssh

On your neighbor’s computer, startanxterm throughanssh tunnel,whichis thendisplayedonyourmonitor.

2With SSH,suchanX tunnelis setupby default. With OpenSSH,youmustspecify-X to achieve this.



Exercise 2: Using ssh

1. Log in onyourcomputerasanormaluserwith:ssh -X -l user localhost

2. Startanxterm in thebackground.

3. Log outagainwith exit. Whathappens?

4. Closetheterminalopenedin thesecondstepwith exit. Whathappens?

Exercise 3: Using ssh and xauth

1. Executeecho $DISPLAY in orderto checkwhich valuethe variablecontains(usually:0.0).

2. Log in to yourcomputerasroot using:

ssh -X -l root localhost

3. Enter:echo $DISPLAY

What do you notice in the output? (Now the variable containslocalhost:10.0.) How canyouexplain this?

4. Startanxterm in thebackground.Is it possible?

5. Enterxauth list. Whatcanyousee?

6. Enter xauth remove host/unix:10, and then xauth list.Whatcanyousee?

7. Try again to start an xterm in the background. Explain why thisdoes not succeed(message:connection rejected becauseof wrong authentication)

8.6 Configuring the X Server

Varioustoolsareavailablefor configuringtheX server (XFree864.x):

SaX2 (Packagesax2) SaX2supportsthe X server andcan thereforebe usedwith themouse.

/usr/X11R6/bin/xf86config In contrastto SaX2,this is a text-basedprogramforconfiguringtheX server.

/usr/X11R6/bin/xvidtune This programcanbe usedto configurethe screendi-mension(width, height).Themodelinesthatdefinethescreensizearecontainedinthefile /etc/X11/XF86Config undersection "Modes".


8.6 Configuring the X Server

Theconfigurationfile of theX server is /etc/X11/XF86Config. It containsspecifi-cationssuchasthemousesettings,thekeyboard,theresolution,andthefrequency.

Default valuesfor someX applications(e.g.,xterm, xclock) are definedin the fileG /.Xdefaults andcanalsobemodifiedhere,if necessary. Furthermore,thereis a filecalled G /.Xresources. However, this is merelya link to the file G /.Xdefaults.If thesefiles aremodified,theX server mustberestartedor thecommandxrdb mustbeexecutedto rereadthefile G /.Xdefaults (theneededoptionscanbeviewedwith xrdb--help). KDE andGNOMEapplicationsusedifferentconfigurationfiles.

More detailedinformationaboutconfiguringthe X server is provided by the files in thedirectory/usr/share/doc/packages/xf86/.

Summar y

• TheX Window Systemconsistsof a server component(X server) andclient appli-cations.

• A displaynamehasthefollowing structure:

host:display_nr.screen_nr

Example:mars.example.com:0.0

• The X server (/usr/X11R6/bin/XFree86) can be startedwith or without awindow manager, usingthefollowing commands:

Command Meaning

X StartX serverwithoutwindow manager.startx StartX serverwith window manager.

Table8.3: Commandsfor StartingtheX Server

• Displaymanagers(xdm, kdm, gdm) enablea graphicallogin. Importantfiles of thedisplaymanagers:

– Files containinginstructionsthat the displaymanagerloadsthenstartingtheuserinterface:

G /.xinitrcG /.xsession/etc/X11/xdm/sys.xsession/etc/X11/xinit/xinitrc



– Configurationfile for xdm:

/etc/X11/xdm/xdm-config

– Configurationfiles for kdm (KDE):

/etc/opt/kde3/share/config/kdm/kdmrc/opt/kde3/share/config/kdm/kdmrc

– Configurationfile for gdm (GNOME):

/etc/opt/gnome2/gdm/gdm.conf

• SeveralX serverscanbestartedononemachine.For example,youcanstartasecondX server from a text consolewith startx -- :1.

• Uponstart-up,every X server createsa log file in thedirectory/var/log/. Thelog file of thefirst X server is /var/log/XFree86.0.log.

• Thefollowing applicationsprovideprotectionagainstunauthorizedaccess:

– xhost (host-basedaccesscontrol)

– xauth (key-basedaccesscontrol)

– ssh (network accessvia secureshell)

• Thefollowing toolscanbeusedto configuretheX server:

– SaX2

– xf86config

– vidtune

• Importantfilesof theX server:

File Meaning

/etc/X11/XF86Config X serverconfigurationfileG /.Xdefaults Containsdefault valuesfor someX applica-

tionsG /.Xresources Link to G /.Xdefaults

Table8.4: Filesof theX Server


9 Printing

Learning Aims


• aboutthefunctionsof theprint systemin amultiuserenvironment

• thestandardprint systemCUPS(CommonUnix Printing System)

• how to administerqueues

• how print dataarefilteredandconverted

• how to startandstoptheprint service

• how to configurea localprinterwith YaST

• otherwaysto configuretheprinter(webfrontend,programlpadmin)

• theconfigurationfile of theprinterdaemoncupsd, thelog file, andotherimportantfiles

• how to generate,list, or deleteaprint job

• how to configure,stop,andreactivatequeues

• how to setqueuesto rejectandacceptprint jobs


9 Printing

9.1 Basics

Addressinga printer underLinux is a complex operation,becausein a multiusersystemseveralusersmaysubmitjobs to a printerat thesametime. Furthermore,thedatais notsentdirectly to theprinter, but is first convertedto aprinter-specificformat.1

Severalprogramsareinsertedbetweentheuserandtheprinter for theorganizationof theprintingprocess.In thecaseof thedefaultprintingsystemof theSUSELINUX EnterpriseServer, CUPS(CommonUnix Printing System), thefollowing sequenceof eventshappensbetweensubmittingaprint job andgettingtheactualprintouton theprinter:

1. Theprint job is createdby auseror aprogram.

2. The file to print is saved in a queue.This createstwo files for the print job in thedirectory/var/spool/cups. Oneof thefiles containsthedatato print andtheothercontainsinformationabouttheprint job, for instance,who submittedtheprintjob andwhichprinteris addressed.

3. Theprinterdaemoncupsd collectsthefile to print from thequeue,determinesthetypeof thedatato print, andconvertsit to theprinter-specificformat. Afterwards,thedatais transmittedto theprinter.

4. Theprinterreceivesthedataandprintsit. Whentheprint job is ended— it hasbeentransmittedcompletelyto theprinter— it will beremovedfrom thequeue.

This sequenceof eventsensuresthata usermaysubmitprint jobsat any time and,at thesametime, that he will not be botheredwith the actualprocessing.Moreover, the queueprincipleensures,amongotherthings,thattheprint jobsareprocessedoneaftertheotherandno job is lost. In that context, the queuesfunction asintermediatestorage,enablinguninterruptedwork on thecomputerandthesubmissionof severalprint jobsto aqueue.

1Standardprinter languagesincludeASCII text, PostScript(thestandardprinter languageunderUnix andLinux) PCL3,PCL5e,andESC/P.


9.1 Basics

Post−Script Ghost−

script

printerlanguage

Post−

Script

Filtering

file formatthe PostScript

convert towith pstops

filtering convert to

languageprinter

language

spec.

printer

Post−Scriptprinter

anotherprinter

file

prin

t que

ue

specify

Figure9.1: ThePrintFilteringProcess

9.1.1 The cupsd Printer Daemon

The printer daemoncupsd is a backgroundprocessandis startedat systemstart-upbythescript/etc/init.d/cups . Its configurationfile is /etc/cups/cupsd.conf.Theuserrootmaystartor stoptheprinterdaemonmanuallywith thefollowing commands:

/etc/init.d/cups start or rccups start/etc/init.d/cups stop or rccups stop

The command /etc/init.d/cups reload or rccups reload can beused during runtime to reread changesmade manually to the configuration file/etc/cups/cupsd.conf.

The tasksof the printer daemonare,in particular, the administrationof the local queues(for detailsaboutqueues,seepage123)andthefiltering or conversionof thedatato printto theprinter-specificformat:

Administration of the Queues

• cupsd getsthesubmittedprint jobsfrom thequeueandsendsthemto theprinter.

• Thedaemonis responsiblefor anorderlyexecutionof theprint jobs.

• It controlsthestateof thequeuesanddisplaysinformationaboutit, if queried.


9 Printing

9.1.2 Filtering or Conver ting the Data to Print

Thefiltering or convertingthedatato print proceedsin thefollowing way:

1. Conversionto PostScript:

(a) Thedatatypeis determinedwith thehelpof /etc/cups/mime.types.

(b) The data is converted to PostScript by means of the tool specified in/etc/cups/mime.convs.

2. Accounting:

After that, the number of pages is determined with the tool pstops(/usr/lib/cups/filter/pstops). Thenumberof pagesis written into thefile /var/log/cups/page_log.

If necessary, furtherfiltering functionsof pstops areenabled,dependingonwhichoptionswerechosenfor the printing, for example,if only particularpagesshouldbeprinted(thepsselect optionof pstops) or if severalpagesshouldappearononesheetof paper(theps-n-up optionof pstops).

3. Conversionto printer-specificformat:

ThePPD(PostScriptPrinter Descriptions) files in /etc/cups/ppd/ definehowtheconversionis to takeplace.

• Non-PostScriptprinters:

To print data on a non-PostScript printer, a filter is started thatconverts the data into the printer-specific format, for example,/usr/lib/cups/filter/cupsomatic, whichcallsGhostscript.

The entry *cupsFilter in a printer-specific PPD file in the directory/etc/cups/ppd/ determinesthefilter to beused.Thatfilter processesalldevice-dependentprint options,suchasresolutionandpapersize.

• PostScriptprinters:

PPDfilesfor PostScriptprinterdonothavean*cupsFilter entry. Thedatado not needto beconverted.ThePPDfile containsprinter-specificparameterssuchastheresolution,PostScriptlevel, andpapersize.

4. Outputonprinter:

To print the data on the printer itself, an additional filter is started,dependingon how the printer is connected. Those filters are containedin the directory/usr/lib/cups/backend.

tux@earth:~ > ls /usr/lib/cups/backend/. .. canon epson http ipp lpd parallel serial socket usb


9.2 Configuration of a Local Printer

9.2 Configuration of a Local Printer

A printer may be connectedto a Linux systemvia the parallel,serial,or USB port. Ac-cordingly, the particular“back-end” filter, parallel, serial, or usb, in the direc-tory /usr/lib/cups/backend is started(compareto point 4 on theprecedingpageabove).

The configurationof a local printer is bestdonewith YaST2. The printer configurationmaybestarted

• eitherthroughtheYaST2moduleyast2 W Hardware W Printer

• or by enteringthefollowing commandson a text console:

earth:~ # yast2 printer

YaST2looksfor theconnectedprinterandtriesto determinetheprintermodel.Theresultis displayed.That“found” printermaybeconfiguredby choosingConfigure. If Quickautomatic setup hasbeenchosen,all queuesthatarepossiblefor thatprinterwill beconfigured,for example,lp (asdefaultqueuefor black-and-whiteprinting)andcolor (asqueuefor color printing). They aredisplayedin thenext window. Thosequeuesareusedto addressaprinter. A print job is notsentto aprinter, but to aparticularqueueof aprinter.For thatreason,thespecificationof severalqueuesfor a printeris sensible,for instance,iftheprinteris acolorprinterandshouldbeusedto print bothtext (black-and-whiteprinting)andgraphics(colorprinting).

For someprinters,theconfigurationwith Quick automatic setup is not available.In sucha case,chooseNormal setup with option to change values. Awindow opensin which to enterthenameof theprint queue(for thedefault queue,lp),thedescriptionof theprinter, andits location.YaST2alreadydisplaysentriesthat,in mostcases,do notneedto bechanged.

After that, theconfigurationof thequeuefollows. Thereareseveralprinterdriverslistedfrom which to select, for instance,for black-and-whiteprinting (e.g., monochrome720dpi) or for colorprinting (e.g.,color 720dpi).

The options for the queue,suchas resolutionand papersize, may be specifiedunderAdvanced settings. Additionally, it is possible

• to specifyaccessrestrictionsfor particularusers,

• to determinethestatusof thequeue(printingor not, receiveprint jobsor not),and

• to definebannersfor thestartingandfor thelastpage.


9 Printing

Thosesettingsare written into the file /etc/cups/printers.conf, in which thequeuesconfiguredby YaST2arelisted. An entryfor a queuestartswith<Printer queue>andendswith</Printer>.

# Printer configuration file for CUPS v1.1.15# Written by cupsd on Fre 30 Aug 2002 12:17:27 GMT

<Printer color>Info EPSON Stylus COLOR 670Location USB printer on /dev/usb/lp0DeviceURI usb:/dev/usb/lp0State IdleAccepting YesJobSheets none noneQuotaPeriod 0PageLimit 0KLimit 0</Printer>...

...<Printer lp>Info EPSON Stylus COLOR 670Location USB printer on /dev/usb/lp0DeviceURI usb:/dev/usb/lp0State IdleAccepting YesJobSheets none noneQuotaPeriod 0PageLimit 0KLimit 0</Printer>...

Each queuehas its own configurationfile. Thosefiles are containedin the directory/etc/cups/ppd, for example,color.ppd andlp.ppd. Thosefiles containinfor-mation,suchastheresolutionor thepapersize,usedwhenprintingover thequeue.

The namesof the individual queuesarecontainedin the file /etc/printcap2 . Thisfile is automaticallycreatedor updated.

# This file was automatically generated by cupsd(1m) from the# /etc/cups/printers.conf file. All changes to this file# will be lost.best:color:high:lp:photo:

Thoseentriesareof importancefor particularapplications(e.g.,OpenOffice.org) thatdis-play theentriesof /etc/printcap in your printerdialogwindow. For thatreason,this

2In caseof the LPRng printing system, this file containsthe queues,comparableto the entries in/etc/cups/printers.conf.


9.3 Print Commands

file mustnotbechangedmanually.

Apart from YaST, thereareanumberof otherwaysto configuretheprinter:

• Printer configurationwith YaST (the printer modulecan be startedwith: yastprinter or yast2 printer)

• Configurationvia theCUPSwebfront-end:http://localhost:631

• Configurationfrom thecommandline: lpadmin

• Manualeditingof theconfigurationfiles

Exercise: Configuring Printer s

• Configurea printer queues that you canprint on the trainer’s printer.Follow theinstructionsof thetrainer.

• Print theYaSTtestpage.

9.3 Print Commands

CUPSprovidestwo kinds of commands:Berkeley3 andSystemV. The SystemV com-mandsmayalsobeusedto configurequeues(seeSection9.3.4onpage127).

9.3.1 Submitting a Print Job: lpr, lp

Berkeley: lpr -P queue file

SystemV: lp -d queue file

Example:

tux@earth:~ > lpr -P color chart.ps

or

tux@earth:~ > lp -d color chart.ps

Thefile chart.ps is printedover thequeuecolor. Theparameter-o maybeusedtospecifyoptionsregardingtheprintout.

3TheBerkeley commandsarethecommandsknown from theprintingsystemLPRng.


9 Printing

tux@earth:~ > lpr -P lp -o duplex=none order.ps

or

tux@earth:~ > lp -d lp -o duplex=none order.ps

Thefile order.ps is submittedto thequeuelp andtheduplex functionof theprinterisdisabledfor theprintout(duplex=none).

Informationaboutthecommandscanbefound

• with man lpr andman lp,

• under/usr/share/doc/packages/cups/sum.html#USING_SYSTEM or

• /usr/share/doc/packages/cups/sum.html#STANDARD_PARAMETER

9.3.2 Displa ying Print Jobs: lpq, lpstat

Berkeley: lpq -P queue

SystemV: lpstat -o queue

If noqueuewasspecified,all queuesaredisplayed.Here,lpstat -o displaystheactiveprint jobsin thefollowing way:

queue-jobnumber

More informationbecomesavailablewith:

lpstat -l -o queue -p queue

All availableinformationis displayedwith:

lpstat -t or lpstat -l -t


• with man lpq andman lpstat, and

• under/usr/share/doc/packages/cups/sum.html#USING_SYSTEM

9.3.3 Canceling Print Jobs: lprm, cancel

Berkeley: lprm -P queue job_no

SystemV: cancel queue-job_no


• with man lpq andman lpstat and

• under/usr/share/doc/packages/cups/sum.html#USING_SYSTEM


9.3 Print Commands

9.3.4 Configuration of a Queue: lpoptions

Theprinter-specificoptionsto determinethekind of theprintoutarespecifiedin thePPDfile (in thedirectory/etc/cups/ppd) belongingto aqueue.Everyusermaydisplaytheoptionswith thecommand:

lpoptions -p queue -l

Theoutputhasthefollowing structure:

option/text: value value value ...

An examplemayappearasfollows:

PageSize/Page Size: A3 *A4 A5 Legal LetterResolution/Resolution: 150 *300 600

The character“*” in front of a valueindicatesthe currentsetting. In the exampleabovethepaperformatis setto A4 andtheresolutionto 300dpi. Theoptionsof a queuecanbechangedwith thefollowing command:

lpoptions -p queue -o option=value

For example,to changethepaperformatfor thequeuelp to Letter, enter:

lpoptions -p lp -o PageSize=Letter

Whichusersthesenew settingsaffectdependsonwhoentersthem:

• If anormaluser(e.g.,tux) entersthatcommand,thechangeonly affectshimselfandwill besavedin thefile .lpoptions in hishomedirectory.

• If root entersthecommand,thesettingswill becomepreferencesfor every useronthe local computerandthey will be saved in the file /etc/cups/lpoptions.ThecorrespondingPPDfile will remainunchanged.

Hardware-independentstandardoptionsregarding the kind of printout are describedin/usr/share/doc/packages/cups/sum.html#STANDARD_OPTIONS.Informationaboutsaving optionscanbefoundin/usr/share/doc/packages/cups/sum.html#SAVING_OPTIONS.


9 Printing

9.4 Printer Administration

9.4.1 Managing Printer Queues

To disableprintingon aqueue,usethecommand/usr/bin/disable queue.

Subsequently, print jobswill beacceptedbut not printed.To enableprinting on thequeue,enter/usr/bin/enable queue.

Example:

earth:~ # lpqlj4050 is readyno entries

earth:~ # /usr/bin/disable lj4050

earth:~ # lpqlj4050 is not readyno entries

If theprinter is not availablefor anextendedperiod(e.g.,dueto repairwork), print jobscanberejectedfor thisprinterqueue.Thiscanbedonewith thecommand/usr/sbin/reject queue.Theprintercanbeactivatedwith/usr/sbin/accept queue .

Example:

earth:~ # /usr/sbin/reject lj4050earth:~ # lpr /etc/fstablpr: unable to print file: server-error-not-accepting-jobs

earth:~ # /usr/sbin/accept lj4050earth:~ # lpr /etc/fstab

9.4.2 Log ging Error Messages

Messages from the daemon cupsd are written into the file/var/log/cups/error_log. By default, only inquiries and statuschangesareloggedin thatfile. If errorsshouldbeloggedaswell, changetheLogLevel optionin theconfigurationfile of theprinterdaemon(/etc/cups/cupsd.conf):



## LogLevel: controls the number of messages logged to the ErrorLog# file and can be one of the following:## debug2 Log everything.# debug Log almost everything.# info Log all requests and state changes.# warn Log errors and warnings.# error Log only errors.# none Log nothing.#

LogLevel debug2

A reasonablechoicefor theLogLevel, whichensuresenoughinformationfor evaluation,is debug2. After changingtheconfigurationfile, rereadit with:

earth:~ # rccups reload

Summar y

• Printingin amultiusersystemis organizedby meansof printerqueues.

• The standardprint systemin SUSELINUX EnterpriseServer is CUPS(CommonUnix Printing System).

• Theprinterdaemoncupsd hasthefollowing functions:

– Queuemanagement:

* Consecutiveprocessingof theprint jobs,

* Statusmonitoringof thequeue,

– Filteringor conversionof theprint data.

• Themainstagesof theprint job filtering areasfollows:

1. Identificationof thefile type

2. If necessary, conversionto PostScript

3. Filteringpstops

4. If necessary, conversionto a printer-specificformat(Ghostscript)

• Theprint servicecanbestartedandstoppedasfollows:

/etc/init.d/cups start or rccups start/etc/init.d/cups stop or rccups stop


9 Printing

• During operation, the configuration file of the printer daemon/etc/cups/cupsd.conf canbereloadedwith:

/etc/init.d/cups reload or rccups reload

• Local printerscanbe easilybe configuredwith YaST. Otherwaysto configuretheprinter: webfront-end(http://localhost:631), lpadmin.

• Importantfilesof theprint system:

– /etc/cups/cupsd.conf

Configurationfile of theprinterdaemoncupsd. Containsinformationon thequeuesconfiguredby YaST.

– /etc/cups/ppd/*

Every queue has a separate configuration file in the directory/etc/cups/ppd/.

– /etc/printcap

Thisfile containsthenamesof theconfiguredqueuesthatappearin theprinterselectiondialogof certainapplications(e.g.,OpenOffice.org).

– /var/log/cups/error_log

Errorsof theCUPSdaemonareloggedin thisfile.

• Print jobscanbe

– generatedwith lp or lpr,

– listedwith lpq or lpstat,

– deletedwith lprm or cancel.

• Queuescanbe

– configuredwith lpoptions,

– disabled with /usr/bin/disable and enabled with/usr/bin/enable,

– setto rejectprint jobswith /usr/bin/reject andto acceptprint jobswith/usr/bin/accept.

• Importantprint commandsare:

Command Meaning

cancel Removesprint jobs.lp Createsaprint job.lpoptions Configuresqueues.



Command Meaning

lpq Displaysprint jobs.lpr Createsaprint job.lprm Removesprint jobs.lpstat Displaysprint jobs.

Table9.1: Commandsfor Printingin Linux

• Commandsfor administeringprinterqueues:

Command Meaning

/usr/bin/accept Setsqueueto acceptprint jobsafterit wassetto rejectprint jobswith reject.

/usr/bin/disable Disablesaqueue./usr/bin/enable Enablesaqueuethatwasdisabled./usr/bin/reject Setsqueueto rejectprint jobs.

Table9.2: Commandsfor AdministeringPrinterQueues


9 Printing


10 Rescue System

Learning Aims


• how to detectthecausesof interruptionsto thebootprocess

• abouttheuseof theSUSErescuesystemandhow to accesstheinstalledsystemfromthere

• how to bootdirectly to ashell

• how to carryoutafile systemcheck


10 Rescue System

10.1 Possib le Causes of Interruption of the Boot Process

Thereis a varietyof circumstancesthat could leadto thesystemno longerbooting. Thebootprocedurecouldbeinterruptedat variouspoints,dependingon thecause.

ThebootmanagerGRUB is loadedin thefirst stepof thebootprocess.If thebootmanageris damaged,problemswill bealreadyencounteredat thatstage.In sucha case,thesystemshouldbestartedfrom aCD. GRUB mustbereinstalled(seeSection10.2).

Thebootmanagerwill loadthekernelinto thememory. If anew kernelshouldbeinstalled,a correspondingentrymustbewritten into /boot/grub/menu.lst. It mayalsohap-penthataself-compiledkerneldoesnotcontainall necessarymodulesandtheloadattemptwill endwith a “kernelpanic”. Here,it is recommendedto usethesameapproachasforproblemswith GRUB or, if available,anotherkernelshouldbeusedto accessthesystem.

If thekernelis loaded,therootfile systemis mounted.If thereis anerrorin thefile system,thebootingprocessis interruptedatthispoint. Thenit is necessaryto starttheSUSErescuesystem(seeSection10.3on the facingpage)andrepairthe file systemwith e2fsck orreiserfsck (seeSection10.5onpage137).

Thelaststepof thebootprocedureis therunningof init (/sbin/init). Here,variousscriptsare run that, amongother things, mount further partitions. If oneof the centralconfigurationfiles of thesystem(e.g.,/etc/inittab or /etc/fstab) is faulty, theboot processwill breakoff at this point. Here,the rescuesystemmustalsobe used(seeSection10.3on thefacingpage)or youmustbootdirectly into ashell(seeSection10.4onpage137). Thesameprocedureis recommendedif the root password hasbeenforgottenandneedsto bechanged.

10.2 Booting from CD Then Accessing Installed System

TheSUSELINUX EnterpriseServercontainsabootableCD.YaST2cancreateabootdiskfor systemsthatarenotableto bootfrom aCD (seeSection10.3on thefacingpage).

This CD enablesaccessto the installed system in case the boot loader GRUB orthe installed kernel are defective and the systemno longer boots. In this case,pro-ceedasduring the installation,but selectBoot installed system insteadof Newinstallation. In this way, theinstalledsystemis not startedwith thekernelinstalledon theharddisk but with thekernelon theCD. Now accessto theinstalledsystemshouldbepossible.For example,if GRUB is defective anddoesnot start,usethefollowing com-mand:

earth:~ # grub --batch </etc/grub.conf

Thatwill reinstallthebootmanagerGRUB.


10.3 The SUSE Rescue System

If thesystemmistakenly bootsfrom theCD becauseyou left theCD in thedrive,you canselecttheentryBoot Installed OS. In thisway, youwill betakento thenormalbootpromptanddonotneedto restartthemachinein orderto bootfrom theharddisk.

Exercise: Booting the System from CD

1. Createabackupcopy of thecurrentkernel:cp /boot/vmlinuz /boot/vmlinuz.bak

2. Now overwritethedatablocksof thecurrentkernelby copying any fileto /boot/vmlinuz, for example:cp /etc/grub.conf /boot/vmlinuz

3. Try to rebootthesystem.

4. If this is not successful,bootfrom CD thenloadtheinstalledsystem.

5. Renamethebackupcopy of thekernelto vmlinuz:mv /boot/vmlinuz.bak /boot/vmlinuz

6. Test,by rebooting,if thesystemcannow bebootedagainnormally.

10.3 The SUSE Rescue System

The SUSErescuesystemmakesa standardsystemavailablethat is loadedentirely froman external medium(floppy disk or CD). The rescuefloppy disk is not includedin theSUSELINUX EnterpriseServer, soyoumustcreateit yourself.Theeasiestway to do thisis with YaST2via the moduleSystem W Create boot, rescue or modulefloppy disk.

To startthe rescuesystem,selectthe menuentryRescue System whenbootingfromCD. Therescuesystemis loadedentirely to themainmemoryof thesystem.To achievethis, thefile system(themostimportantdirectorieswith somebasicprograms)is writtento a RAM disk in memory. This canbeeasilycheckedaftertherescuesystemhasstarted,usingdf:

Rescue:~ # df -hFilesystem Size Used Avail Use% Mounted on/dev/root 18M 17M 1.0M 95% /shmfs 234M 0 234M 0% /dev/shm

Six text consolesareavailablein therescuesystemonwhichyoucanlogin asrootwithouthaving to giveapassword. Onthetenthconsole(thiscanbereachedvia XY Z[Ctrl XY Z[Alt XY Z[F10 )messagesfrom thekernelandsyslogdaemonsaredisplayed,aswith “normal” systems.

In the file system,which is loadedentirely from the boot medium,you will find all thestandardapplicationsneededfor a systemrecovery (e.g.,/bin/bash, /bin/mount,


10 Rescue System

/sbin/fdisk, /sbin/e2fsck, /sbin/reiserfsck, /usr/bin/vi, and/usr/bin/telnet).

To gainaccessto theinstalledsystem,first mounttherelevantpartitions(therootpartitionof theinstalledsystem),for example:

mount /dev/hda3 /mnt

mountspartition3 soit canbeaddressedvia themountpoint/mnt in therescuesystem.If thismountingfails,checkthefile system(seeSection10.5on thenext page).

If configurationfiles in theinstalledsystemneedto bechangedor if a new root passwordshouldbeset,thecommandchroot is usefulhere.With chroot, a new root directoryis createdfor the commandssubsequentlyissued.The following exampleallows you tochangetheroot password of theinstalledsystem(theroot partitionof theinstalledsystemis mountedat/mnt):

Rescue:~ # chroot /mnt passwdNew password:Re-enter new password:Password changedRescue:~ #

By runningchroot /directory , a subshellis openedwith achroot environment.Now severalcommandscanbeexecutedin this changedenvironment.With exit, returnto theoriginal environment. In this way, thefile /etc/fstab of the installedsystemischangedin thefollowing example:

Rescue:~ # chroot /mntRescue:/ # vi /etc/fstab...Rescue:/ # exitRescue:~ #

After thefile systemhasbeenrepairedwith e2fsck or reiserfsck or thefaulty con-figurationfileshavebeencorrected,it shouldbepossibleto rebootthesystem.

Exercise: SUSE Rescue System

1. StarttheSUSErescuesystemfrom CD.

2. Mount therootpartitionof your installedsystemon/mnt.

3. Changetherootpassword.

4. Rebootthesystem.


10.4 Booting in a Shell

10.4 Booting in a Shell

Thefollowing entriesaredisplayedin theGRUB menuat systemstart-up:

LinuxfloppyLinux - Safe Settings

If Linux is selected,the options applied at boot time are shown in the field bootoptions. Here,addtheparameterinit=/bin/bash to startdirectly in ashell:

root=/dev/hda1 vga=791 init=/bin/bash

You areloggedin directly asthe systemadministratorandthe root partition is mountedread-only. To gain properaccessto thesystem,theroot partitionshouldbechangedto awritablestate:

init-2.05# mount -o remount,rw /

Now configurationfiles canbemodifiedor theroot password canbechangedby runningpasswd.

Exercise: Booting in a Shell

1. Bootdirectly in ashell.

2. Changetherootpasswordof your installedsystem.

10.5 Checking the File System

Switchingoff the systemwithout unmountingpartitions(for examplewhena power cutoccurs)can lead to errorsin the file system. When the systemis next booted,the factthat the computerwasnot shutdown correctly is detected.Thena file systemcheckisperformed.If errorsarefound in thefile system,the rescuesystemwill needto beused.Dependingon thefile systemtype,eithere2fsck or reiserfsck is used.Thesetoolscheckthefile systemfor a correctsuperblock(theblock at thebeginningof thepartitioncontaininginformationon the structureof the file system),faulty datablocks,or faultyallocationof datablocks.

The most frequentproblemin the ext2 file systemis damageto the superblock. Here,you can first view the location of all copiesof the superblockin the file system,usingdumpe2fs. Then,with e2fsck, oneof thebackupcopiesis copiedto thebeginningofthefile system.Usuallyabackupcopy of thesuperblockis storedevery8192blocks.


10 Rescue System

With

Rescue:~ # e2fsck -f -b 8193 /dev/hda1

the superblocklocated at data block 8193 in the ext2 file system of the partition/dev/hda1 is copiedto thebeginningof thefile system.

With reiserfsck, the file systemis subjectedto a consistency check. The Jour-nal is examined to see if certain transactionsneed to be repeated. With the option--fix-fixable, errors,suchaswrong file sizes,areremedieddirectly whenthe filesystemis checked. With anerror in thebinarytree,it is possibleto have this rebuilt usingreiserfsck --rebuild-tree.

Exercise: Checking the file system

1. StarttheSUSErescuesystem.

2. Do afile systemcheckonanext2/ext3 formattedpartitionandonaReis-erFSformattedpartitionwith e2fsck andreiserfsck, respectively.

3. Payattentionto theoutputof e2fsck andreiserfsck.

Summar y

• If thebootprocessis interruptedbecauseof anerror in GRUB or in thekernel,youcanstartagain from abootmediumthenaccesstheinstalledsystem.

• If the installedsystemcanno longerbe started,the SUSERescueSystemcanbeused.Here,for example,afile systemcheckcanbeperformed.

• It is possibleto bootdirectly to ashell,thusgainingaccessto thesystemasroot.

• Importantcommandsin this chapter:

Command Meaning

chroot Createsanew rootdirectory.df Specifieswhereharddrivesandtheirpartitionsor other

drivesaremountedin the file system,andhow muchspacethey occupy.

dump2fs Providesinformationon thestateof thefile system.e2fsck Checksandrepairsaext2 andext3 file system.exit Changesfrom the chroot environment back to the

original environment.grub ReinstallsthebootmanagerGRUB.


10.5 Checking the File System

Command Meaning

mount Mountsapartition.reiserfsck ChecksandrepairsaReiserfile system.

Table10.1:SystemRescueCommands


10 Rescue System


Appendix


A A Summar y of Impor tant Commands

Detailedinformation on individual commandscan be obtainedby enteringman com-mand.

alias definesanew aliasname.

bg continuesaninterruptedprocessin thebackground.

boot startsthekernelin theGRUB shell.

bunzip2 decompressesfiles compressedwith bzip2.

bzip2 compressesanddecompressesfiles.

cat displaysthecontentsof afile on thestandardoutput.

cd changesto anotherdirectory.

chattr changestheversionof thefile aswell astheext2 file systemattributes.

chgrp changesthegroupmembershipof files.

clear deletesthecontentsof thescreenor text console.

chmod changestheaccesspermissionsof files.

chown changestheownerof files.

chroot createsanew rootdirectory.

chsh changesthelogin shellof theuser.

cp copiesfiles.

crontab maintainscrontab files for individualusers.

cut cutsspecificfieldsfrom all linesof a file anddisplaystheselectedareas.

date printsor setsthesystemdateandtime.

dd transmitsdatabetweendifferentstoragemediabyte-wise(floppy disk,harddrive,. . . ).


A A Summary of Important Commands

debugfs is anext2 file systemdebugger.

depmod generatesthefile /etc/modules.conf.

df specifieswhereharddrivesandtheir partitionsor otherdrivesaremountedin thefilesystem,andhow muchspacethey occupy.

dmesg showsmessagesdisplayedby thekernelduringthebootprocess.

du providesinformationon thespaceoccupiedby filesanddirectories.

dumpe2fs providesinformationon thestateof thefile system.

e2fsck checksandrepairsa ext2 andext3 file system.

echo outputsthegivenstringto thestandardoutput.

edquota setsupquotas.

expand convertstabsto spaces.

faillog displaystheformattedfile /var/log/faillog.

fdformat carriesouta low-level formattingof afloppy disk,onwhichafile systemcanthenbeinstalled(usingmformat or mkfs).

fdisk partitionsaharddrive.

file determinesthefile type,suchastext file, HTML document.

find searchesfor files.

fmt is a simpletext formatter, which formatsthecontentof a text file or of thestandardinputparagraphby paragraph.

fsck checkstheconsistency of thefile systemandcarriesout repairsif necessary.

gpasswd allocatesa password to a groupor changesit. Groupscanalsobe managedwith thiscommand.

grep searchesthroughoneor morefiles for astringanddisplaysthematchinglines.

groupadd createsanew group.

groupdel deletesanexistinggroup.

groupmod modifiesagroup.

groups providesauserwith informationonhisgroupmemberships.



grub startsthe GRUB shell while the systemis running, reinstallsthe boot managerGRUB.

gunzip decompressesfiles compressedwith gzip.

gzip compressesor decompressesfiles.

halt endsall processescurrentlyrunning.

head displaysthebeginningof afile to stout(by default,10 lines).

history lists thelastcommandscarriedout.

id providesauserwith informationonhisUID andhisgroupmembership.

info startstheonlinehelpsystemwith thesamename.

insmod loadsamoduleinto thekernel.

insserv createssymboliclinks in thedirectories/etc/init.d/rcrl.d.

ipchains is usedto setup, maintain,andinspectthe tablesof IP packet filter rulesintheLinux kernel2.2.

iptables is usedto setup, maintain,andinspectthe tablesof IP packet filter rulesintheLinux kernel2.4.0or newer.

join joins thelinesof two (alphabetically)sortedfiles usingkey fields.

kill passeson signalsto processes(thePID is specified).

killall passesonsignalsto processes(thecommandnameof theprocessis specified).

less displaysfiles pageby pageto stdoutaus,andcanalsodisplaythecontentsof com-pressedfiles.

lilo readschangesdonein theLILO configurationfile /etc/lilo.conf.

ln createslinks.

locate searchesapreviouslycreateddatabasefor files.

lp sendsoff aprint job.

lpc managestheprint queue.

lpq displaysprint jobs.

lpr sendsoff aprint job.



lprm removesaprint job from thequeue.

ls lists thecontentsof adirectory.

lsattr displaysthestateof theext2 file systemattributes.

lsmod lists thekernelmodules.

lsof lists openfiles.

man displaysonlineinformationfor agivencommand.

mkdir createsoneor moredirectories.

mke2fs createsanext2 or ext3 file system.

mkfifo generatesaFIFO file.

mkfs createsafile systemonastoragemedium.

mknod setsupanew devicefile in thedirectory/dev.

mkreiserfs createsafile systemin theReiserfile systemformat.

modprobe loadsamoduleinto thekernel,takinginto accountmoduledependencies.

more displaysfiles pageby pageto stdout.Doesnothaveasmany functionsasless.

mount mountsafile system.

mt usedto work with magnetictapes.

mv movesafile to adifferentdirectoryor renamesafile.

newgrp changestheeffectivegroup.

nice startsaprocesswith achangedpriority (by settingthenice value).

nl numbersthelinesof afile.

nohup startsaprocessor program,whichcontinuesrunningafterlogout.

od displaysfiles in octal,decimalor hexadecimalformat(octal dump).

passwd allocatestheuserapasswordor changesit.

paste addsthelinesof severalfiles togetherhorizontally.

poweroff ensuresanimmediate,controlledsystemhalt.



pr formatstext files for printingandprintsthepageswith aheader(date,time,file name,numberof pages).

ps lists processes.

pstree displayscurrentlyrunningprocessesin theform of aprocesstree.

pwck checkstheintegrity of datain thefiles/etc/passwd and/etc/shadow.

pwconv synchronizestheentriesin thefiles/etc/passwd and/etc/shadow.

pwd specifiesthepathof thecurrentdirectory.

quotacheck initializesthequotasystem.

quotaoff disablesthequotasystem.

quotaon enablesthequotasystem.

reboot endsall runningprocessesandthenrebootsthecomputer.

reiserfsck checksandrepairsaReiserfile system.

renice changesthepriority of runningprocess(setsanew nice value).

repquota lists thequotasused.

rm deletesoneor morefiles.

rmdir deletesoneor moreemptydirectories.

rmmod removesamodulefrom thekernel.

rpm managespackagesin theRPM format.

rsync createscopiesof entiredirectoriesonadifferenthostor mirrorsdirectorieslocally.

set displaysall variablesknown to theshell.

shutdown shutsdown theLinux system.

sort sortslinesof a text file alphabeticallyaccordingto fields. Sortedfiles canalsobejoinedinto onesinglefile.

split splitsafile into severalsmallerfiles.

su allowsyou to changeto theUID of anotheruser.

sudo allowsanormaluserto carryout root commands.



SuSEconfig transfers changesto the file /etc/sysconfig to the individualprogram-specificconfigurationfiles.

tac displaysfiles,wherebythelastfield is shown first (thereverseof cat).

tail displaystheendof afile to stdout(by default,10 lines).

tar generatesor unpacksanarchiveconsistingof anumberof files and/ordirectories.

tee branchestheoutputto stdoutandat thesametime to oneor morefiles.

top lists processesaccordingto computertime used.

touch changesthetimestampof afile or createsanew file with asizeof 0 bytes.

tr replacesor deletescharactersfrom thestandardinputandwritesto thestandardoutput.

tune2fs adjuststunablefile systemparametersonanext2 file system.

umask putslimitationsonaccessmodesfor newly createdfilesanddirectories.

umount removesadevicefile from thefile system.

unalias removesanaliasname.

uname shows thenameof theoperatingsystem(Linux).

unexpand convertsspacesto tabs.

uniq removesduplicatelinesfrom asortedfile.

unset deletesashellvariable.

useradd createsanew user.

userdel deletesauser.

usermod changestheuseraccount.

wc shows thenumberof characters,wordsandlines.

whereis locatesthebinary, source,andmanualpagefiles for acommand.

which shows thefull pathof (shell)commands.

whoami showsaswhichuseryouarecurrentlyloggedin to thesystem.

zcat displaysthedecompressedcontentof afile compressedwith gzip on thestandardoutput.


B Abbre viations

AES AdvancedEncryptionStandard

AIX AdvancedIBM Unix

ASCII AmericanStandardCodefor InformationInterchange

AT&T AmericanTelephone& TelegraphCompany

Bash BourneAgain Shell

BIOS BasicInput/OutputSystem

BSD Berkeley SoftwareDistribution

BSDI Berkeley SoftwareDesign,Inc.

CDB ComponentDatabase

CDE CommonDesktopEnviroment

CD-ROM CompactDisk - ReadOnly Memory

CERN ConseilEuropeanpourla RecherchéNucleaire

CPU CentralProcessingUnit

CUPS CommonUnix PrintingSystem

Daemon Disk And ExecutionMonitor

DAT Digital Audio Disc

DEC Digital EquipmentCorporation

DES DataEncryptionStandard

DOS Disk OperatingSystem

DPMS DisplayPowerManagementSystem

EFF ElectronicFrontierFoundation

FAQ FrequentlyAskedQuestion


B Abbreviations

FAT File AllocationTable

FHS FilesystemHierarchy Standard

FIFO First In First Out

FFS FastFiling System(BSD)

FSF FreeSoftwareFoundation

GCC GNU C Compiler

GDM GNOMEDisplayManager

GE GeneralElectrics

GID GroupID

GNOME GNU Network ObjectModelEnvironment

GNU GNU is Not UNIX

GRUB GrandUnifiedBootloader

GPL GNU GeneralPublicLicense

HP Hewlett-Packard

HPFS High PerformanceFile System

HTML Hypertext MarkupLanguage

HTTP HyperText TransferProtocol

I20 IntelligentInput/OutputTechnology

IDE IntegratedDriveElectronics

IEEE TheInstituteof ElectricalandElectronicsEngineers

IRIX SiloconGraphicsUnix-likeOperatingSystem

JFS JournaledFile System

KDE “K” DesktopEnvironment

KDM KDE DisplayManager

LDP Linux DocumentationProject

LGPL GNU LesserGeneralPublicLicense


B Abbreviations

LILO Linux Loader

LPR Line Printer

LPRng Line Printernext generation

MAC MediumAccessControl

MBR MasterBootRecord

MIT MassachusettsInstituteof Technology

MPL Mozilla PublicLicense

MTBF MeanTime BetweenFailure

MWM Motif Window Manager

NCP NetwareCoreProtocol

NFS Network File System

NIST NationalInstituteof StandardsandTechnology

NTFS New TechnologyFile System(MicrosoftWindowsNT/2000/XP)

PAM PluggableAuthenticationModules

PARC PaloAlto ResearchCenter

PGP PrettyGoodPrivacy

PID ProcessIdentification

PPD PostScriptPrinterDefinition/Description

PPID ParentProcessIdentification

QPL Q PublicLicense

RAM RandomAccessMemory

RFC Requestfor Comments

RPM RedHatPackageManager

SaX SUSEadvancedX configuration

SAN StorageAreaNetwork

SANE ScannerAccessNow Easy


B Abbreviations

SCO TheSantaCruzOperation,Inc.

SCSI SmallComputerSystemInterface

SGID SetGroupID

SMB ServerMessageBlock

SSH SecureShell

SUID SetUserID

TTY Teletype

TWM TabWindow Manager

UID UserID

UPS UninterruptiblePowerSupply

USB UniversalSerialBus

USL Unix SystemLaboratories

VFAT Virtual File AllocationTable

VFS Virtual FilesystemSwitch

Vim Vi Improved

WWW World Wide Web

XDM X Window DisplayManager

XFS ExtendedFile System

YaST YetAnotherSetupTool


Index

symbols\ /.Xauthority . . . . 114\ /.Xdefaults . . . . . 117\ /.Xresources . . . . 117\ /.lpoptions . . . . . 127\ /.xinitrc . . . 112,114\ /.xsession . . . . . . 112/boot/ . . . . . . . . . . . . . . . 38/boot/grub/

menu.lst . . . 39,134/boot/initrd . . . . . . 47/boot/vmlinuz . . . . . 41/dev/nrmt0 . . . . . . . . . 86/dev/nst0 . . . . . . . 86,87/dev/rmt0 . . . . . . . . . . . 86/dev/st0 . . . . . . . . . . . . 86/etc/X11/

XF86Config . . . . 117/etc/X11/xdm/ . . . . 112/etc/X11/xdm/

sys.xsession . 112/etc/X11/xdm/

xdm-config 112,113/etc/X11/xinit/

xinitrc . . . . . . . . 112/etc/cron.d/ . . . . . . 88/etc/cron.daily/ . 88/etc/cron.hourly/ 88/etc/cron.monthly/ .

88/etc/cron.weekly/ 88/etc/crontab . . . . . . 88/etc/cups/

cupsd.conf 121,128

/etc/cups/lpoptions . . . . . 127

/etc/cups/mime.convs . . . . 122

/etc/cups/mime.types . . . . 122

/etc/cups/ppd/ . . . 124/etc/cups/

printers.conf 124/etc/fstab . 30,98,134,

136/etc/group . . . . . . . . . . 7/etc/gshadow . . . . . . . . 8/etc/init.d/ . . 47,50,

51,53/etc/init.d/boot 52,

100/etc/init.d/

boot.d/ . . . . . . . . . 52/etc/init.d/boot.local

52/etc/init.d/cups 121/etc/init.d/halt . 52/etc/init.d/rc 50,52,

53/etc/init.d/reboot .

52/etc/init.d/

skeleton . . . . . . . . 51/etc/inittab . . 47,49,

53,134/etc/lilo.conf . . . . 42/etc/login.defs . . 19,

28

/etc/logrotate.conf71,72

/etc/logrotate.d/ . .71,72

/etc/logrotate.d/aaa_base . . . . . . . . 71

/etc/logrotate.d/syslog . . . . . . . . . . . 72

/etc/modules.conf . .100,101

/etc/nologin . . . . . . 27/etc/opt/gnome2/

gdm/ . . . . . . . . . . . . 112/etc/opt/gnome2/

gdm/gdm.conf . 112/etc/opt/kde3/

share/config/kdm/ . . . . . . . . . . . . 112

/etc/opt/kde3/share/config/kdm/kdmrc . . . . . 112

/etc/pam.d/ . . . . . . . . 26/etc/pam.d/login . 27/etc/passwd . . . 4, 6, 12/etc/printcap . . . . 124/etc/securetty . . . . 27/etc/shadow . . . 5, 6, 12/etc/shells . . . . . . . . . 5/etc/skel/ . . . . . . . . . 13/etc/sudoers . . . . . . 24/etc/sysconfig/ . . 62/etc/sysconfig/

displaymanager . .113


Index

/etc/sysconfig/syslog . . . . . . . . . . . 69

/etc/syslog.conf 66,67

/lib/modules/ . . . . . 99/mnt/ . . . . . . . . . . . . . . . 136/opt/kde3/share/

config/kdm/kdmrc112

/sbin/ . . . . . . . . . . . . . . . 51/sbin/init . . . . . . . . . 47/usr/X11R6/lib/

X11/xinit/xinitrc . . . . . . . . 112

/usr/bin/disable 128/usr/bin/enable . 128/usr/lib/cups/

backend/ . . . . . . . 122/usr/sbin/ . . . . . . . . . 51/usr/sbin/accept 128/usr/sbin/reject 128/var/lock/ . . . . . . . . . 52/var/log/boot.msg 70/var/log/cups/

error_log . . . . . 128/var/log/cups/

page_log . . . . . . . 122/var/log/faillog . 28/var/log/lastlog . 19/var/log/mail . . . . . 70/var/log/messages 70/var/log/news/ . . . . 70/var/log/wtmp . . . . . 70/var/spool/cron/

tabs/ . . . . . . . . . . . . 88

Aabbreviations . . . . . . . . . 149accounts. . . . . . . . . . . . . . . . 9addingharddisk . . . . . . . . 92alias . . . . . . . . . . . . . . . 143alias instructions. . . . 101aquota.group . . . . . . 30aquota.user . . . . . . . . 30at . . . . . . . . . . . . . . . . . . . . 66automatingtasks . . . . . . . 88

Bbackuptapes. . . . . . . . . . . 79bash . . . . . . . . . . . . . . . . 136bg . . . . . . . . . . . . . . . . . . . 143BIOS . . . . . . . . . . . . . . . . . . 47boot . . . . . . . . . . . . . 42,143bootingin ashell . . . . . . 137bootloader . . . . . . . . . . . . 38bootmanager. . . . . . . . . . 38bootprocedure. . . . . . . . 134bunzip2 . . . . . . . . . 83,143bzip2 . . . . . . . . . . . 83,143

Ccancel . . . . . . . . . . . . . 126cat . . . . . . . . . . . . . . 81,143categories. . . . . . . . . . . . . . 66cd . . . . . . . . . . . . . . . . . . . 143chage . . . . . . . . . . . . . . . . 18changepartitiontype . . . . 95chattr . . . . . . . . . . . . . 143chgrp . . . . . . . . . . . . . . . 143chmod . . . . . . . . . . . . . . . 143chown . . . . . . . . . . . . . . . 143chroot . . . . . . . . . 136,143chsh . . . . . . . . . . . . . . 5, 143clear . . . . . . . . . . . . . . . 143clientapplication. . . . . . 104compressingdata . . . . . . . 82cp . . . . . . . . . . . . . . . . . . . 143createbootdisk . . . . . . . . 86cron . . . . . . . . . . . . . . 66,88crontab . . . . . . . . . 88,143CUPS . . . . . . . . . . . . . . . . 120

filtering . . . . . . . . . . . . 122logging . . . . . . . . . . . . . 128

cupsd . . . . . . . . . . 120,121cut . . . . . . . . . . . . . . . . . . 143

Ddatabackup. . . . . . . . . . . . 78date . . . . . . . . . . . . . . . . 143dd . . . . . . . . . . . . . . . . 85,143debugfs . . . . . . . . . . . . 144decompressingdata . . . . . 82depmod . . . . . . . . . 100,144df . . . . . . . . . . . 73,135,144

displaymanager. . . . . . . . . . . . 112name. . . . . . . . . . . . . . . 105number. . . . . . . . . . . . . 106

DISPLAY, variable . . . 106,107

dmesg . . . . . . . . . . . 70,144du . . . . . . . . . . . . . . . . 73,144dump . . . . . . . . . . . . . . . . . 99dumpe2fs . . . . . . 137,144

Ee2fsck 134,136,137,144echo . . . . . . . . . . . . . . . . 144edquota . . . . . . . . . 31,144exit . . . . . . . . . . . . . . . . 136expand . . . . . . . . . . . . . 144ext2 file system. . . . . . . . . 96ext3 file system. . . . . . . . . 96extendedpartition . . . 93,94

Ffaillog . . . . . . . . . 28,144FAILLOG_ENAB, variable .

28fdformat . . . . . . . . . . . 144fdisk . . . . . . . 92,136,144FIFO . . . . . . . . . . . . . . . . . . 68file . . . . . . . . . . . . . . . . 144file system

check . . . . . . . . . . . . . . 137create . . . . . . . . . . . . . . . 96mount . . . . . . . . . . . . . . . 98

find . . . . . . . . . 41,81,144finger . . . . . . . . . . . . . . . . 3fmt . . . . . . . . . . . . . . . . . . 144fsck . . . . . . . . . . . . . 99,144

Ggetty . . . . . . . . . . . . . . . . 50Ghostscript. . . . . . . . . . . 122GID . . . . . . . . . . . . . . . . . . . . 2gpasswd . . . . . . . . . 17,144grep . . . . . . . . . 12,21,144groupadd . . . . . . . 16,144groupdel . . . . . . . 17,144groupmod . . . . . . . 16,144groupquotas. . . . . . . . . . . 29


Index

groups. . . . . . . . . . . . . . . . . . 9groups . . . . . . . . . . . 3, 144grub . . . . . . . . 41,134,145GRUB . . . . . . . . . 38,47,134

configuration. . . . . . . . . 39menu. . . . . . . . . . . . . . . 137shell . . . . . . . . . . . . . . . . 41

gunzip . . . . . . . . . . 82,145gzip . . . . . . . . . . . . . 82,145

Hhalt . . . . . . . . . . . . . 54,145hardware

plug-and-play. . . . . . . . 52head . . . . . . . . . . . . . . . . 145hex codelist . . . . . . . . . . . 95history . . . . . . . . . . . . 145homedirectory . . . . . . . . . . 5

Iid . . . . . . . . . . . . . 2, 22,145info . . . . . . . . . . . . . . . . 145init 49,50,106,134,137init process. . . . . . . . . . 47insmod . . . . . . . . . 100,145insserv . . . . . . . . . 51,145ipchains . . . . . . . . . . . 145iptables . . . . . . . . . . . 145isapnp . . . . . . . . . . . . . . . 52

Jjohn . . . . . . . . . . . . . . . . . . 4join . . . . . . . . . . . . . . . . 145

KKDE . . . . . . . . . . . . . . . . . 105kdesu . . . . . . . . . . . . . . . . 23kernel . . . . . . . . . . . . . . 41,47

modules. . . . . . . . . . . . . 99KERNEL_LOGLEVEL,

variable . . . . . . . . . . . 69kerneldaemon. . . . . . . . . 52keyboardcontrols . . . . . . 61keywordgrpquota . . . . . . . . . . 30usrquota . . . . . . . . . . 30

kill . . . . . . . . . . . . . . . . 145killall . . . . . . . . . . . . 145

klogd . . . . . . . . . . . . . . . . 69kwin . . . . . . . . . . . . . . . . 104

Llast . . . . . . . . . . . . . . . . . 70lastlog . . . . . . . . . . . . . 19less . . . . . . . . . . . . . . . . 145lilo . . . . . . . . . . . . . 42,145LILO . . . . . . . . . . . . . . 38,42linux loader . . . . . . . . 38,42linuxrc . . . . . . . . . . . . . 47ln . . . . . . . . . . . . . . . . . . . 145locate . . . . . . . . . . . . . 145log files . . . . . . . . . . . . 70,71logicalpartition . . . . . 93,94login . . . . . . . . . . . . . . . . 67logrotate . . . . . . . . . . . 71lp . . . . . . . . . . . . . . 125,145lpc . . . . . . . . . . . . . . . . . . 145lpoptions . . . . . . . . . 127lpq . . . . . . . . . . . . . 126,145lpr . . . . . . . . . . . . . 125,145lprm . . . . . . . . . . . . 126,146lpstat . . . . . . . . . . . . . 126ls . . . . . . . . . . . . . . . . 22,146lsattr . . . . . . . . . . . . . 146lsmod . . . . . . 100,101,146lsof . . . . . . . . . . . . . . . . 146

Mmagiccookie . . . . . . . . . 114magnetic-opticaldrives . 78magnetictapes. . . . . . 78,86man . . . . . . . . . . . . . . . . . . 146masterbootrecord . . . . . . 38MBR . . . . . . . . . . . . . . . . . . 38messages

from kernel . . . . . . . . . . 66from mail system. . . . . 67from news system. . . . 67from printersystem. . . 67of uucp system. . . . . . 67of syslogdaemon. . . . . 67

mirroringdirectory . . . . . 84mkdir . . . . . . . . . . . 22,146mke2fs . . . . . . . . . . 96,146mkfifo . . . . . . . . . . . . . 146

mkfs . . . . . . . . . . . . . 96,146mkfs.ext2 . . . . . . . . . . . 96mkfs.ext3 . . . . . . . . . . . 96mkfs.minix . . . . . . . . . 96mkfs.msdos . . . . . . . . . 96mkfs.xfs . . . . . . . . . . . . 96mknod . . . . . . . . . . . . . . . 146mkreiserfs . . . . . 97,146modelines. . . . . . . . . . . . 116modprobe . . . . . . 100,146MO drives . . . . . . . . . . . . . 78modules. . . . . . . . . . . . . . . 99

load . . . . . . . . . . . . . . . . 100remove . . . . . . . . . . . . . 100

modules.dep . . . . . . . 100more . . . . . . . . . . . . . . . . 146mount . . . 30,98,136,137,

146mountpoint . . . . . . . 98,136mt . . . . . . . . . . . . . . . . 86,146multiusermode. . . . . . . . . 48mv . . . . . . . . . . . . . . . . . . . 146mwm . . . . . . . . . . . . . . . . . . 104

Nnamedpipe . . . . . . . . . . . . 68ncurses. . . . . . . . . . . . . . . . 60newgrp . . . . . . . . 8, 22,146newusers . . . . . . . . . . . . 18NFS . . . . . . . . . . . . . . . . . . . 48nice . . . . . . . . . . . . . . . . 146nl . . . . . . . . . . . . . . . . . . . 146nohup . . . . . . . . . . . . . . . 146no rewind mode . . . . . . . . 86

Ood . . . . . . . . . . . . . . . . . . . 146options instructions. 101

PPAM . . . . . . . . . . . . . . . . . . 66pam_nologin.so . . . . 27pam_securetty.so . 27partitions . . . . . . . . . . . . . . 93partitiontable . . . . . . . . . . 93passwd . . . . . . 14,137,146password . . . . . . . . . . . . . . . 5passwords . . . . . . . . . . . . . 10


Index

password settings. . . . . . . 10paste . . . . . . . . . . . . . . . 146PostScript. . . . . . . . . . . . 122poweroff . . . . . . . 54,146pppd . . . . . . . . . . . . . . . . . 66pr . . . . . . . . . . . . . . . . . . . 147primarypartition . . . . . . . 93printer

commands. . . . . . . . . . 125configuration . . . . . . . 123daemon. . . . . . . . . . . . 121queue. . . . . . . . . . . . . . 123

printing . . . . . . . . . . . . . . 120print job

canceling. . . . . . . . . . . 126displaying . . . . . . . . . . 126submitting . . . . . . . . . . 125

priority . . . . . . . . . . . . . 67,69ps . . . . . . . . . . . . . . . . . . . 147pstops . . . . . . . . . . . . . 122pstree . . . . . . . . . . . . . 147pwck . . . . . . . . . . . . . . 7, 147pwconv . . . . . . . . . . . 7, 147pwd . . . . . . . . . . . . . . . . . . 147

Qqueue. . . . . . . . . . . . . . . . 120

configuration . . . . . . . 127quota . . . . . . . . . . . . . . . . . . 29quota . . . . . . . . . . . . . 29,32quota.group . . . . . . . . 30quota.user . . . . . . . . . 30quotacheck . . . . . 30,147quotad . . . . . . . . . . . . . . . 32quotaoff . . . . . . . 32,147quotaon . . . . . . . . . 32,147

RRAM disk . . . . . . . . . . . . . 47reboot . . . . . . . 52,54,147reiserfsck . . . . . . . 134,

136–138,147renice . . . . . . . . . . . . . 147repquota . . . . . . . 32,147rescuefloppy disk . . . . . 135rescuesystem. . . . . . . . . 135rm . . . . . . . . . . . . . . . . . . . 147

rmdir . . . . . . . . . . . . . . . 147rmmod . . . . . . . . . . 100,147rpm . . . . . . . . . . . . . . . . . . 147rsync . . . . . . . . . . . 84,147runlevel . . . . . . . . . . . . . . . 47

changing . . . . . . . . . . . . 53

SSAN . . . . . . . . . . . . . . . . . . 78sax2 . . . . . . . . . . . . . . . . 116SaX2 . . . . . . . . . . . . . . . . . 116screennumber . . . . . . . . 106secureshell . . . . . . . . . . . 115set . . . . . . . . . . . . . . . . . . 147setroot passwort . . . . . . 136sharedlibraries . . . . . . . . . 25shutdown . . . . . . . 54,147SIGKILL, signal . . . . . . . 47sort . . . . . . . . . . . . . . . . 147split . . . . . . . . . . . . . . . 147ssh . . . . . . . . . . . . . 113,115SSH . . . . . . . . . . . . . . . . . 115sshd . . . . . . . . . . . . . . . . . 66standardshell . . . . . . . . . . . 5startinglogin processes. 50startscript . . . . . . . . . . 50,53startx . . . . . . . . . . . . . 110stopscript . . . . . . . . . . 50,53StorageAreaNetworks . 78su . . . . . . . . . . . . . . . . 21,147sudo . . . . . . . . . . . . . 24,147sulogin . . . . . . . . . . . . . 50SuSEconfig . . . . . . . . 148SuSEconfig . 62,63,113swappartition . . . . . . . . . . 95syslogd . . . . . . . . . . . . . 66SYSLOGD_PARAMS,

variable . . . . . . . . . . . 69syslogdaemon. . . . . . . . . 66system

reboot . . . . . . . . . . . . . . . 48start . . . . . . . . . . . . . . . . . 46stop . . . . . . . . . . . . . . . . . 48

Ttac . . . . . . . . . . . . . . . . . . 148tail . . . . . . . . . . . 7, 70,148

tar . . . . . . . . . . . . . . 80,148tee . . . . . . . . . . . . . . . . . . 148telnet . . . . . . . . . . . . . 136top . . . . . . . . . . . . . . . . . . 148touch . . . . . . . . . . . . . . . 148tr . . . . . . . . . . . . . . . . . . . 148tune2fs . . . . . . . . . . . . 148twm . . . . . . . . . . . . . . . . . . 104

UUID . . . . . . . . . . . . . . . . . . 2, 5umask . . . . . . . . . . . . . . . 148umount . . . . . . . . . . 98,148unalias . . . . . . . . . . . . 148uname . . . . . . . . . . . . . . . 148unexpand . . . . . . . . . . . 148uniq . . . . . . . . . . . . . . . . 148unset . . . . . . . . . . . . . . . 148userquotas . . . . . . . . . . . . 29useradd . . . . . . . . . 12,148userdel . . . . . . . . . 15,148usermod . . . . . . . . . 15,148username. . . . . . . . . . . . . . . 4users . . . . . . . . . . . . . . . . . . . 9uucp-System. . . . . . . . . . 67

Vvi . . . . . . . . . . . . . . . . . . . 136visudo . . . . . . . . . . . . . . . 24

Wwc . . . . . . . . . . . . . . . . . . . 148whereis . . . . . . . . . . . . 148which . . . . . . . . . . . . . . . 148whoami . . . . . . . . . . . . . 148WINDOWMANAGER, variable

110

XX . . . . . . . . . . . . . . . . . . . . 106X11 forwarding . . . . . . . 115xauth . . . . . . . . . . 113,114X client . . . . . . . . . . . . . . 104xf86config . . . . . . . . 116xhost . . . . . . . . . . 113,114xrdb . . . . . . . . . . . . . . . . 117X server . . . . . . . . . . . . . . 104

configure . . . . . . . . . . . 116


Index

xterm . . . . . . . . . . 106,108xvidtune . . . . . . . . . . . 116X Window System. . . . . 104

YYaST . . . . . . . . . . . . . . . . . . 59

startingmodules. . . . . . 61

Zzcat . . . . . . . . . . . . . 83,148


Documents

Advanced System Administration I - Student Manual