Linux the complete reference

Đây là bộ sách tiếng anh cho dân công nghệ thông tin chuyên về bảo mật,lập trình.Thích hợp cho những ai đam mê về công nghệ thông tin,tìm hiểu về bảo mật và lập trình.

The Complete Reference,

Sixth Edition

courses at the University of California at Berkeley He

is the author of Linux: The Complete Reference (all six editions), Red Hat Enterprise and Fedora Linux: The Complete Reference, Red Hat Linux, Linux Programming, Red Hat Linux Administrator's Reference, Linux

Programmer's Reference, Introductory C with C++, Introductory Command Line Unix for Users, and many

other books He is a contributor to linux.sys-con.com

(Linux World Magazine) with articles on IPv6, the

Fedora operating system, Yum, Fedora repositories, the Global File System (GFS), udev device

management, and the Hardware Abstraction Layer (HAL)

About the Technical Editor

Dean Henrichsmeyer has served as technical editor

for a previous edition of Linux: The Complete Reference and for several editions of another book, Red Hat Linux: The Complete Reference He holds a B.S in

Computer Science and has been working with Linux for more than a decade He is currently a site director for SourceForge, Inc., the media group responsible for websites such as SourceForge.net, Linux.com,

Slashdot.org, freshmeat.net, and ThinkGeek.com

Linux: The Complete

The material in this eBook also appears in the print version of this title: 0-07-149247-X.

All trademarks are trademarks of their respective owners Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark Where such designations appear in this book, they have been printed with initial caps

McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw-hill.com or (212) 904-4069

dis-if you fail to comply with these terms

THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUD- ING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE McGraw-Hill and its licensors do not war- rant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause,

in the work or for any damages resulting therefrom McGraw-Hill has no responsibility for the content of any information accessed through the work Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, conse- quential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise

We hope you enjoy this McGraw-Hill eBook! If you’d like more information about this book, its author, or related books and websites,

Want to learn more?

Part I Introduction

1 Introduction to Linux 3

2 Getting Started 17

Part II The Linux Shell and File Structure 3 The Shell 35

4 The Shell Scripts and Programming 65

5 Shell Confi guration 89

6 Linux Files, Directories, and Archives 115

Part III Desktop 7 The X Window System, Xorg, and Display Managers 145

8 GNOME 169

9 KDE 197

Part IV Linux Software 10 Software Management 219

11 Offi ce and Database Applications 237

12 Graphics Tools and Multimedia 255

13 Mail and News Clients 265

14 Web, FTP, and Java Clients 281

15 Network Tools 301

Part V Security 16 Encryption, Integrity Checks, and Signatures 313

17 Security-Enhanced Linux 327

18 IPsec and Virtual Private Networks 349

19 Secure Shell and Kerberos 359

20 Firewalls 373

vii

Part VI Internet and Network Services

21 Managing Services 401

22 FTP Servers 423

23 Web Servers 443

24 Proxy Servers 467

25 Mail Servers 477

26 Print, News, Search, and Database Servers 503

Part VII System Administration 27 Basic System Administration 523

28 Managing Users 551

29 File Systems 583

30 RAID and LVM 615

31 Devices and Modules 639

32 Kernel Administration 671

33 Backup Management 693

Part VIII Network Administration Services 34 Administering TCP/IP Networks 707

35 Network Autoconfi guration with IPv6, DHCPv6, and DHCP 745

36 NFS and NIS 761

37 Distributed Network File Systems 777

A Where to Obtain Linux Distributions 785

Index 787

Acknowledgments xxix

Introduction xxxi

Part I Introduction 1 Introduction to Linux 3

Linux Distributions 4

Operating Systems and Linux 6

History of Linux and Unix 6

Unix 7

Linux 7

Linux Overview 8

Open Source Software 9

Linux Software 10

Software Repositories 10

Third-Party Linux Software Repositories 11

Linux Offi ce and Database Software 11

Internet Servers 12

Development Resources 13

Online Linux Information Sources 13

Linux Documentation 13

2 Getting Started 17

Install Issues 17

Accessing Your Linux System 19

The Display Managers: GDM and KDM 19

Switching Users 20

Accessing Linux from the Command Line Interface 20

The GNOME and KDE Desktops 22

KDE 22

XFce4 22

GNOME 22

GNOME and KDE Applets 23

Starting a GUI from the Command Line 24

Desktop Operations 24

Desktop Themes 24

Fonts 25

Confi guring Your Personal Information 26

Sessions 27

Using Removable Devices and Media 27

Installing Multimedia Support: MP3, DVD, and DivX 27

Command Line Interface 27

ix

Help Resources 28

Context-Sensitive Help 29

Application Documentation 29

The Man Pages 29

The Info Pages 29

Software Repositories 30

Windows Access and Applications 30

Setting Up Windows Network Access: Samba 30

Running Windows Software on Linux: Wine 31

Part II The Linux Shell and File Structure 3 The Shell 35

The Command Line 35

Command Line Editing 37

Command and Filename Completion 38

History 40

History Events 40

History Event Editing 42

Confi guring History: HISTFILE and HISTSAVE 43

Filename Expansion: *, ?, [ ] 43

Matching Multiple Characters 45

Matching Single Characters 45

Matching a Range of Characters 46

Matching Shell Symbols 46

Generating Patterns 47

Standard Input/Output and Redirection 47

Redirecting the Standard Output: > and >> 48

The Standard Input 50

Pipes | 50

Redirecting and Piping the Standard Error: >&, 2> 51

Jobs: Background, Kills, and Interruptions 52

Running Jobs in the Background 53

Referencing Jobs 54

Job Notifi cation 54

Bringing Jobs to the Foreground 54

Canceling Jobs 55

Suspending and Stopping Jobs 55

Ending Processes: ps and kill 55

The C Shell: Command Line Editing and History 56

C Shell Command Line Editing 57

C Shell History 57

The TCSH Shell 62

TCSH Command Line Completion 62

TCSH History Editing 62

The Z-shell 63

4 The Shell Scripts and Programming 65

Shell Variables 66

Defi nition and Evaluation of Variables: =, $, set, unset 66

Variable Values: Strings 67

Values from Linux Commands: Back Quotes 70

Shell Scripts: User-Defi ned Commands 70

Executing Scripts 71

Script Arguments 71

Environment Variables and Subshells: export and setenv 73

Shell Environment Variables 75

TCSH/C Shell Environment Variables 76

Control Structures 77

Test Operations 77

Conditional Control Structures 78

Loop Control Structures 81

TCSH/C Shell Control Structures 81

Test Expressions 82

TCSH Shell Conditions: if-then, if-then-else, switch 82

TCSH Shell Loops: while and foreach 86

5 Shell Confi guration 89

Shell Initialization and Confi guration Files 90

Confi guration Directories and Files 90

Aliases 91

Aliasing Commands and Options 92

Aliasing Commands and Arguments 92

Aliasing Commands 93

Controlling Shell Operations 93

Environment Variables and Subshells: export 94

Confi guring Your Shell with Shell Parameters 94

Shell Parameter Variables 95

Confi guring Your Login Shell: bash_profi le 101

Confi guring the BASH Shell: bashrc 105

The BASH Shell Logout File: bash_logout 106

The TCSH Shell Confi guration 107

TCSH/C Aliases 107

TCSH/C Shell Feature Variables: Shell Features 108

TCSH/C Special Shell Variables for Confi guring Your System 109

TCSH/C Shell Initialization Files: login, tcshrc, logout 111

6 Linux Files, Directories, and Archives 115

Linux Files 116

The File Structure 117

Home Directories 118

Pathnames 118

System Directories 119

Listing, Displaying, and Printing Files: ls, cat, more, less, and lpr 119

Displaying Files: cat, less, and more 120

Printing Files: lpr, lpq, and lprm 121

Managing Directories: mkdir, rmdir, ls, cd, and pwd 121

Creating and Deleting Directories 122

Displaying Directory Contents 123

Moving Through Directories 123

Referencing the Parent Directory 124

File and Directory Operations: fi nd, cp, mv, rm, and ln 124

Searching Directories: fi nd 124

Copying Files 126

Moving Files 129

Copying and Moving Directories 129

Erasing Files and Directories: The rm Command 130

Links: The ln Command 130

The mtools Utilities: msdos 132

Archiving and Compressing Files 133

Archiving and Compressing Files with File Roller 133

Archive Files and Devices: tar 134

File Compression: gzip, bzip2, and zip 138

Part III Desktop 7 The X Window System, Xorg, and Display Managers 145

The X Protocol 146

Xorg 147

Xorg Confi guration: /etc/X11/xorg.conf 149

Screen 150

Files, Modules, and ServerFlags 151

Input Device 152

Monitor 153

Device 154

ServerLayout 154

Multiple Monitors 155

X Window System Command Line Arguments 155

X Window System Commands and Confi guration Files 156

XFS Fonts 158

X Resources 158

X Commands 160

Display Managers: XDM, GDM, and KDM 160

Xsession 162

The X Display Manager (XDM) 163

The GNOME Display Manager 164

The K Display Manager (KDM) 166

X Window System Command Line Startup: startx, xinit, and xinitrc 167

8 GNOME 169

GNOME 2.x Features 170

GTK+ 171

The GNOME Interface 171

GNOME Components 173

Quitting GNOME 173

GNOME Help 173

The GNOME Desktop 174

Drag and Drop Files to the Desktop 174

Applications on the Desktop 175

GNOME Desktop Menu 175

Window Manager 175

The GNOME Volume Manager 176

The GNOME File Manager: Nautilus 178

Nautilus Window 178

Nautilus Sidebar: Tree, History, and Notes 180

Displaying Files and Folders 180

Nautilus Menu 181

Navigating Directories 181

Managing Files 182

Application Launcher 184

File and Directory Properties 184

Nautilus Preferences 186

Nautilus as a FTP Browser 186

The GNOME Panel 187

Panel Properties 187

Panel Objects 189

Special Panel Objects 191

GNOME Applets 191

Workspace Switcher 192

GNOME Window List 192

GNOME Confi guration 193

GNOME Directories and Files 193

GNOME User Directories 194

The GConf Confi guration Editor 194

9 KDE 197

The Qt Library 198

Confi guration and Administration Access with KDE 199

The KDE Desktop 199

KDE Menus 200

Quitting KDE 201

KDE Desktop Operations 201

Accessing System Resources from the File Manager 202

Confi guring Your Desktop 203

Desktop Link Files and URL Locations 203

KDE Windows 204

Virtual Desktops: The KDE Desktop Pager 205

KDE Panel: Kicker 205

The KDE Help Center 206

Applications 207

Mounting Devices from the Desktop 208

KDE File Manager and Internet Client: Konqueror 208

Konqueror Window 209

Navigation Panel 210

Search 211

Navigating Directories 211

Copy, Move, Delete, Rename, and Link Operations 212

Web and FTP Access 213

Confi guring Konqueror 213

KDE Confi guration: KDE Control Center 214

.kde and Desktop User Directories 215

MIME Types and Associated Applications 215

KDE Directories and Files 216

Part IV Linux Software 10 Software Management 219

Software Package Types 219

Downloading ISO and DVD Distribution Images with BitTorrent 220

Red Hat Package Manager (RPM) 221

The rpm Command 222

Querying Information from RPM Packages and Installed Software 224

Installing and Updating Packages with rpm 226

Removing RPM Software Packages 226

RPM: Verifying an RPM Installation 226

Rebuilding the RPM Database 227

Debian 227

Installing Software from Compressed Archives: tar.gz 228

Decompressing and Extracting Software in One Step 228

Decompressing Software Separately 229

Selecting an Install Directory 230

Extracting Software 230

Compiling Software 231

Confi gure Command Options 232

Development Libraries 232

Shared and Static Libraries 232

Makefi le File 233

Command and Program Directories: PATH 233

/etc/profi le 234

.bash_profi le 234

Subversion and CVS 235

Packaging Your Software with RPM 235

11 Offi ce and Database Applications 237

Running Microsoft Offi ce on Linux: CrossOver 238

OpenOffi ce.org 239

KOffi ce 241

KOffi ce Applications 241

KParts 242

GNOME Offi ce 243

Document Viewers (PostScript, PDF, and DVI) 244

PDA Access 245

Database Management Systems 245

SQL Databases (RDMS) 245

Xbase Databases 248

Editors 248

GNOME Editor: Gedit 248

K Desktop Editors: Kate, KEdit, and KJots 248

The Emacs Editor 249

The Vi Editor: Vim and Gvim 250

12 Graphics Tools and Multimedia 255

Graphics Tools 255

Photo Management Tools: F-Spot and digiKam 256

KDE Graphics Tools 257

GNOME Graphics Tools 257

X Window System Graphic Programs 257

Multimedia 258

GStreamer 259

Sound Applications 260

CD Burners and Rippers 261

Video Applications 262

13 Mail and News Clients 265

Mail Clients 265

MIME 266

Evolution 267

Thunderbird 268

GNOME Mail Clients: Evolution, Balsa, and Others 269

The K Desktop Mail Client: KMail 270

SquirrelMail Web Mail Client 270

Emacs 271

Command Line Mail Clients 271

Notifi cations of Received Mail 273

Accessing Mail on Remote POP Mail Servers 274

Mailing Lists 275

Usenet News 275

Newsreaders 277

News Transport Agents 278

14 Web, FTP, and Java Clients 281

Web Clients 281

URL Addresses 282

Web Browsers 282

Creating Your Own Website 286

Java for Linux 287

Sun, Java-like, JPackage, and Blackdown 287

Installing the Java Runtime Environment: JRE 289

Enabling the Java Runtime Environment for Mozilla/Firefox 289

The Java Applications 289

The Java 2 Software Development Kit 289

FTP Clients 290

Network File Transfer: FTP 290

Web Browser–Based FTP: Firefox 291

The K Desktop File Manager: Konqueror 292

GNOME Desktop FTP: Nautilus 292

gFTP 292

wget 293

curl 293

ftp 293

Automatic Login and Macros: netrc 297

lftp 298

NcFTP 299

15 Network Tools 301

Network Information: ping, fi nger, traceroute, and host 301

GNOME Network Tools: gnome-nettool 301

ping 302

fi nger and who 303

host 303

traceroute 303

Network Talk and Messenger Clients: VoIP, ICQ, IRC, AIM, and Talk 304

Ekiga 304

ICQ 305

Instant Messenger 305

Telnet 306

RSH, Kerberos, and SSH Remote Access Commands 307

Remote Access Information 308

Remote Access Permission: k5login 308

rlogin, slogin, rcp, scp, rsh, and ssh 309

Part V Security 16 Encryption, Integrity Checks, and Signatures 313

Public Key Encryption, Integrity Checks, and Digital Signatures 313

Public-Key Encryption 314

Digital Signatures 314

Integrity Checks 314

Combining Encryption and Signatures 315

GNU Privacy Guard 316

GnuPG Setup: gpg 318

Using GnuPG 321

Checking Software Package Digital Signatures 323

Importing Public Keys 323

Validating Public Keys 324

Checking RPM Packages 324

Intrusion Detection: Tripwire and AIDE 325

Encrypted File Systems 326

17 Security-Enhanced Linux 327

Flask Architecture 327

System Administration Access 328

Terminology 329

Identity 329

Domains 330

Types 330

Roles 330

Security Context 331

Transition: Labeling 331

Policies 331

Multi-Level Security (MLS) and Multi-Category Security (MCS) 331

Management Operations for SELinux 332

Turning Off SELinux 332

Checking Status and Statistics 332

Checking Security Context 333

SELinux Management Tools 333

semanage 334

The Security Policy Analysis Tool: apol 334

Checking SELinux Messages: seaudit 334

Allowing Access: chcon and audit2allow 334

The SELinux Reference Policy 335

Multi-Level Security (MLS) 336

Multi-Category Security (MCS) 336

Policy Methods 336

Type Enforcement 336

Role-Based Access Control 336

SELinux Users 336

Policy Files 337

SELinux Confi guration 337

SELinux Policy Rules 337

Type and Role Declarations 338

File Contexts 339

User Roles 339

Access Vector Rules: allow 339

Role Allow Rules 340

Transition and Vector Rule Macros 340

Constraint Rules 340

SELinux Policy Confi guration Files 340

Compiling SELinux Modules 341

Using SELinux Source Confi guration 341

Interface Files 342

Types Files 343

Module Files 343

Security Context Files 343

User Confi guration: Roles 343

Policy Module Tools 343

Application Confi guration: appconfi g 344

Creating an SELinux Policy: make and checkpolicy 344

SELinux: Administrative Operations 345

Using Security Contexts: fi xfi les, setfi les, restorecon, and chcon 345

Adding New Users 345

RuntimeSecurity Contexts and Types: contexts 346

18 IPsec and Virtual Private Networks 349

IPsec Protocols 349

IPsec Modes 350

IPsec Security Databases 350

IPsec Tools 351

Confi guring Connections with setkey 351

Security Associations: SA 351

Security Policy: SP 352

Receiving Hosts 352

Two-Way Transmissions 353

Confi guring IPsec with racoon: IKE 354

Certifi cates 355

Connection Confi guration with racoon 355

IPsec and IP Tables: Net Traversal 355

IPsec Tunnel Mode: Virtual Private Networks 356

19 Secure Shell and Kerberos 359

The Secure Shell: OpenSSH 359

SSH Encryption and Authentication 360

SSH Tools 361

SSH Setup 362

SSH Clients 365

Port Forwarding (Tunneling) 367

SSH Confi guration 368

Kerberos 368

Kerberos Servers 369

Authentication Process 369

Kerberized Services 371

Confi guring Kerberos Servers 371

20 Firewalls 373

Firewalls: IPtables, NAT, and ip6tables 373

IPtables 374

ip6tables 374

Modules 375

Packet Filtering 375

Chains 375

Targets 376

Firewall and NAT Chains 376

Adding and Changing Rules 376

IPtables Options 379

Accepting and Denying Packets: DROP and ACCEPT 379

User-Defi ned Chains 380

ICMP Packets 381

Controlling Port Access 382

Packet States: Connection Tracking 383

Specialized Connection Tracking: ftp, irc, Amanda, tftp 384

Network Address Translation (NAT) 384

Adding NAT Rules 384

NAT Targets and Chains 385

NAT Redirection: Transparent Proxies 386

Packet Mangling: The Mangle Table 386

IPtables Scripts 387

An IPtables Script Example: IPv4 387

IP Masquerading 395

Masquerading Local Networks 395

Masquerading NAT Rules 396

IP Forwarding 396

Masquerading Selected Hosts 396

Part VI Internet and Network Services

21 Managing Services 401

System Startup Files: /etc/rc.d 401

rc.sysinit and rc.local 401

/etc//init.d 402

SysV Init: init.d Scripts 403

Starting Services: Standalone and xinetd 404

Starting Services Directly 405

Starting and Stopping Services with Service Scripts 406

Starting Services Automatically 406

Service Management: chkconfi g, services-admin, rrconf, sysv-rc-conf, and update-rc.d 407

chkconfi g 407

rcconf, services-admin, sysv-rc-conf, and update-rc.d 410

Service Scripts: /etc/init.d 412

Service Script Functions 412

Service Script Tags 413

Service Script Example 414

Installing Service Scripts 415

Extended Internet Services Daemon (xinetd) 415

Starting and Stopping xinetd Services 416

xinetd Confi guration: xinetd.conf 416

xinetd Service Confi guration Files: /etc/xinetd.d Directory 417

Confi guring Services: xinetd Attributes 418

Disabling and Enabling xinetd Services 418

TCP Wrappers 421

22 FTP Servers 423

FTP Servers 423

Available Servers 424

FTP Users 424

Anonymous FTP: vsftpd 425

The FTP User Account: anonymous 425

FTP Group 425

Creating New FTP Users 426

Anonymous FTP Server Directories 426

Anonymous FTP Files 427

Using FTP with rsync 427

Accessing FTP Sites with rsync 427

Confi guring an rsync Server 428

rsync Mirroring 429

The Very Secure FTP Server 429

Running vsftpd 429

Confi guring vsftpd 430

vsftpd Access Controls 433

vsftpd Virtual Hosts 434

vsftpd Virtual Users 435

Professional FTP Daemon: ProFTPD 436

Install and Startup 436

Authentication 436proftpd.confi g and ftpaccess 436Anonymous Access 438Virtual FTP Servers 440

23 Web Servers 443

Tux 443Alternate Web Servers 444Apache Web Server 444Java: Apache Jakarta Project 445Linux Apache Installations 446Apache Multiprocessing Modules: MPM 447Starting and Stopping the Web Server 447Apache Confi guration Files 448Apache Confi guration and Directives 448Global Confi guration 449Server Confi guration 451Directory-Level Confi guration: htaccess and <Directory> 452Access Control 453URL Pathnames 453MIME Types 454CGI Files 455Automatic Directory Indexing 455Authentication 456Log Files 457Virtual Hosting on Apache 458IP-Based Virtual Hosting 459Name-Based Virtual Hosting 459Dynamic Virtual Hosting 459Server-Side Includes 462PHP 463Apache Confi guration Tool 463Web Server Security: SSL 464

24 Proxy Servers 467

Confi guring Client Browsers 468The squid.conf File 469Security 470Caches 473Connecting to Caches 473Memory and Disk Confi guration 474Administrative Settings 474Logs 474Web Server Acceleration: Reverse Proxy Cache 474

25 Mail Servers 477

Mail Transport Agents 477Received Mail: MX Records 478Postfi x 479Postfi x Commands 479Postfi x Confi guration: main.cf 480

Postfi x Greylisting Policy Server 482Controlling User and Host Access 483Sendmail 484Aliases and LDAP 485Sendmail Confi guration 487Sendmail Masquerading 491Confi guring Mail Servers and Mail Clients 493Confi guring Sendmail for a Simple Network Confi guration 494Confi guring Sendmail for a Centralized Mail Server 494Confi guring a Workstation with Direct ISP Connection 495The Mailer Table 495Virtual Domains: virtusertable 496Security 496POP and IMAP Server: Dovecot 498Dovecot 499Other POP and IMAP Servers 499Spam: SpamAssassin 500

26 Print, News, Search, and Database Servers 503

Printer Servers: CUPS 503Printer Devices and Confi guration 504Printer Device Files 504Spool Directories 505Installing Printers with CUPS 505Confi guring CUPS on GNOME 505Confi guring CUPS on KDE 505CUPS Web Browser-Based Confi guration Tool 506Confi guring Remote Printers on CUPS 507CUPS Printer Classes 507CUPS Confi guration 508cupsd.conf 508CUPS Directives 508CUPS Command Line Print Clients 509lpr 509lpc 510lpq and lpstat 510lprm 510CUPS Command Line Administrative Tools 510lpadmin 511lpoptions 511enable and disable 512accept and reject 512lpinfo 512News Servers 512News Servers: INN 513Newsreader Access 514Overviews 514INN Implementation 515Database Servers: MySQL and PostgreSQL 515Relational Database Structure 516SQL 516

MySQL 517PostgreSQL 520

Part VII System Administration

27 Basic System Administration 523

Superuser Control: The Root User 523Root User Password 524Root User Access: su 524Controlled Administrative Access: sudo 525System Time and Date 526Scheduling Tasks: cron 527crontab Entries 527Environment Variables for cron 528The cron.d Directory 528The crontab Command 529Editing in cron 529Organizing Scheduled Tasks 529Running cron Directory Scripts 530cron Directory Names 531Anacron 531System Runlevels: telinit, initab, and shutdown 531Runlevels 531Runlevels in initab 533Changing Runlevels with telinit 533The runlevel Command 534Shutdown 534System Directories 536Program Directories 537Confi guration Directories and Files 537Confi guration Files: /etc 537System Logs: /var/log and syslogd 537syslogd and syslog.conf 537Entries in syslog.conf 539Priorities 540Actions and Users 540

An Example for /etc/syslog.conf 541The Linux Auditing System: auditd 541Performance Analysis Tools and Processes 542GNOME System Monitor 543The ps Command 543vmstat, top, free, Xload, iostat, and sar 544System Tap 544Frysk 544GNOME Power Manager 545GKrellM 545KDE Task Manager and Performance Monitor (KSysguard) 546Grand Unifi ed Bootloader (GRUB) 547

28 Managing Users 551

GUI User Managment Tools: users-admin and KUser 551User Confi guration Files 552The Password Files 553/etc/passwd 553/etc/shadow and /etc/gshadow 554Password Tools 554Managing User Environments 554Profi le Scripts 554/etc/skel 555/etc/login.defs 555/etc/login.access 555Controlling User Passwords 556Adding and Removing Users with useradd, usermod, and userdel 557useradd 558usermod 559userdel 559Managing Groups 559/etc/group and /etc/gshadow 559User Private Groups 560Group Directories 560Managing Groups Using groupadd, groupmod, and groupdel 561Controlling Access to Directories and Files: chmod 561Permissions 561chmod 563Ownership 563Changing a File’s Owner or Group: chown and chgrp 565Setting Permissions: Permission Symbols 566Absolute Permissions: Binary Masks 566Directory Permissions 568Ownership Permissions 569Sticky Bit Permissions 569Permission Defaults: umask 570Disk Quotas 571Quota Tools 571edquota 571quotacheck, quotaon, and quotaoff 572repquota and quota 572Lightweight Directory Access Protocol 573LDAP Clients and Servers 573LDAP Confi guration Files 574Confi guring the LDAP server: /etc/slapd.conf 574LDAP Directory Database: ldif 575LDAP Tools 579LDAP and PAM 580LDAP and the Name Service Switch Service 580Pluggable Authentication Modules 580PAM Confi guration Files 581PAM Modules 581

29 File Systems 583

File Systems 584File System Hierarchy Standard (FHS) 584Root Directory: / 584System Directories 585The /usr Directory 587The /media Directory 587The /mnt Directory 587The /home Directory 588The /var Directory 588The /proc File System 589The sysfs File System: /sys 589Device Files: /dev, udev, and HAL 590Mounting File Systems 593File System Information 593Journaling 594ext3 Journaling 595ReiserFS 595Mounting File Systems Automatically: /etc/fstab 596HAL and fstab 596fstab Fields 596Auto Mounts 598mount Options 598Boot and Disk Check 598fstab Sample 599Partition Labels: e2label 600Windows Partitions 600Linux Kernel Interfaces 601noauto 601Mounting File Systems Manually: mount and umount 601The mount Command 602The umount Command 603Mounting Floppy Disks 604Mounting CD-ROMs 604Mounting Hard Drive Partitions: Linux and Windows 605Creating File Systems: mkfs, mke2fs, mkswap, parted, and fdisk 606fdisk 606parted 608mkfs 609mkswap 610CD-ROM and DVD-ROM Recording 610mkisofs 611cddrecord 612DVD+RW Tools 613Mono and NET Support 613

30 RAID and LVM 615

Logical Volume Manager (LVM) 616LVM Structure 616Creating LVMs During Installation 617

Distribution Confi guration Tools 617LVM Tools: Using the LVM Commands 617Using LVM to Replace Drives 622LVM Example for Partitions on Different Hard Drives 623LVM Snapshots 625Confi guring RAID Devices 625Motherboard RAID Support: dmraid 626Linux Software RAID Levels 627RAID Devices and Partitions: md and fd 629Booting from a RAID Device 629RAID Administration: mdadm 629Creating and Installing RAID Devices 630Corresponding Hard Disk Partitions 635RAID Example 636

31 Devices and Modules 639

The sysfs File System: /sys 639The proc File System: /proc 641udev: Device Files 641udev Confi guration 642Device Names and udev Rules: /etc/udev/rules.d 643Symbolic Links 645Program Fields, IMPORT{program} keys, and /lib/udev 648Creating udev Rules 648SYMLINK Rules 649Persistent Names: udevinfo 650Hardware Abstraction Layer: HAL 652The HAL Daemon and hal-device-manager (hal-gnome) 653HAL Confi guration: /etc/hal/fdi, and /usr/share/hal/fdi 653Device Information Files: fdi 654Properties 654Device Information File Directives 656Manual Devices 657Device Types 658MAKEDEV 658mknod 659Installing and Managing Terminals and Modems 660Serial Ports 660mingetty, mgetty, and agetty 661termcap and inittab Files 661tset 661Input Devices 662Installing Sound, Network, and Other Cards 662Sound Devices 662Video and TV Devices 663PCMCIA Devices 664Modules 664Kernel Module Tools 664Module Files and Directories: /lib/modules 665Managing Modules with modprobe 666

The depmod Command 666The modprobe Command 666The insmod Command 667The rmmod Command 667modprobe confi guration 667Installing New Modules from Vendors: Driver Packages 669Installing New Modules from the Kernel 670

32 Kernel Administration 671

Kernel Versions 671References 672Kernel Tuning: Kernel Runtime Parameters 673Installing a New Kernel Version 673CPU Kernel Packages 674Installing Kernel Packages: /boot 674Precautionary Steps for Modifying a Kernel of the Same Version 675Boot Loader 675Compiling the Kernel from Source Code 676Installing Kernel Sources: Kernel Archives and Patches 677Confi guring the Kernel 677Kernel Confi guration Tools 677Important Kernel Confi guration Features 679Compiling and Installing the Kernel 681Installing the Kernel Image Manually 682Kernel Boot Disks 683Boot Loader Confi gurations: GRUB 684Module RAM Disks 684Virtualization 685Virtual Machine Manager: virt-manager (Red Hat) 686Kernel-Based Virtualization Machine (KVM): Hardware

Virtualization 687Xen Virtualization Kernel 688

33 Backup Management 693

Individual Backups: archive and rsync 693BackupPC 694Amanda 695Amanda Commands 695Amanda Confi guration 695Enabling Amanda on the Network 697Using Amanda 697Backups with dump and restore 698The dump Levels 698Recording Backups 700Operations with dump 700Recovering Backups 701

Part VIII Network Administration Services

34 Administering TCP/IP Networks 707

TCP/IP Protocol Suite 707

Confi guring Networks on GNOME and KDE 710Zero Confi guration Networking (zeroconf): Avahi and Link

Local Addressing 710IPv4 and IPv6 711TCP/IP Network Addresses 712IPv4 Network Addresses 712Class-Based IP Addressing 712Netmask 713Classless Interdomain Routing (CIDR) 714Obtaining an IP Address 717Broadcast Addresses 719Gateway Addresses 719Name Server Addresses 719IPv6 Addressing 720IPv6 Address Format 720IPv6 Interface Identifi ers 721IPv6 Address Types 721IPv6 and IPv4 Coexistence Methods 723TCP/IP Confi guration Files 723Identifying Hostnames: /etc/hosts 723/etc/resolv.conf 725/etc/services 725/etc/protocols 725Domain Name Service (DNS) 725host.conf 726/etc/nsswitch.conf: Name Service Switch 727Network Interfaces and Routes: ifconfi g and route 729ifconfi g 729Routing 731Wireless Networking 733Network Manager: GNOME 733Manual Wireless Confi gurations 735Command Line PPP Access: wvdial 737Monitoring Your Network: ping, netstat, tcpdump, EtherApe,

Ettercap, and Wireshark 739ping 739Ettercap 739Wireshark 739tcpdump 741netstat 742

IP Aliasing 742Infi niBand Support 743

35 Network Autoconfi guration with IPv6, DHCPv6, and DHCP 745

IPv6 Stateless Autoconfi guration 745Generating the Local Address 746Generating the Full Address: Router Advertisements 746Router Renumbering 746IPv6 Stateful Autoconfi guration: DHCPv6 748Linux as an IPv6 Router: radvd 749

DHCP for IPv4 750Confi guring DHCP IPv4 Client Hosts 750Confi guring the DHCP IPv4 Server 751Dynamic IPv4 Addresses for DHCP 754DHCP Dynamic DNS Updates 755DHCP Subnetworks 757DHCP Fixed Addresses 759

36 NFS and NIS 761

Network File Systems: NFS and /etc/exports 761NFSv4 761NFS Daemons 762Starting and Stopping NFS 762NFS Confi guration: /etc/exports 762NFS File and Directory Security with NFS4 Access Lists 766Controlling Accessing to NFS Servers 766Mounting NFS File Systems: NFS Clients 768Network Information Service: NIS 770NIS Servers 771Netgroups 774NIS Clients 774

37 Distributed Network File Systems 777

Parallel Virtual File System (PVFS) 777Coda 778Red Hat Global File System (GFS and GFS 2) 779GFS 2 Packages (Fedora Core 6 and On) 780GFS 2 Service Scripts 780Implementing a GFS 2 File System 781GFS Tools 781GFS File System Operations 783GFS 1 784

A Where to Obtain Linux Distributions 785 Index 787

I would like to thank all those at McGraw-Hill who made this book a reality, particularly

Jane Brownlow, sponsoring editor, for her continued encouragement and analysis as well as management of such a complex project; Dean Henrichsmeyer, the technical editor, whose analysis and suggestions proved very insightful and helpful; Jennifer Housh, acquisitions coordinator, who provided needed resources and helpful advice; Sally

Engelfried, copy editor, for her excellent job editing as well as insightful comments; project manager, Sam RC who, along with editorial manager, Patty Mon, incorporated the large number of features found in this book as well as coordinated the intricate task of generating the final version Thanks also to Scott Rogers, who initiated the project

Special thanks to Linus Torvalds, the creator of Linux, and to those who continue to develop Linux as an open, professional, and effective operating system accessible to anyone Thanks also to the academic community whose special dedication has developed Unix as a flexible and versatile operating system I would also like to thank professors and students at the University of California, Berkeley, for the experience and support in developing new and different ways of understanding operating system technologies

I would also like to thank my parents, George and Cecelia, and my brothers, George, Robert, and Mark, for their support and encouragement of such a difficult project Also Valerie and Marylou and my nieces and nephews, Aleina, Larisa, Justin, Christopher, and Dylan, for their support and deadline reminders

xxix

The Linux operating system has become one of the major operating systems in use

today, bringing to the PC all the power and flexibility of a Unix workstation as well

as a complete set of Internet applications and a fully functional desktop interface This book is designed not only to be a complete reference on Linux, but also to provide clear and detailed explanations of Linux features No prior knowledge of Unix is assumed; Linux

is an operating system anyone can use

With the large number of Linux distributions available, it is easy to lose sight of the fact that most of their operations are the same They all use the same desktops, shell, file systems, servers, administration support, and network configurations Many distributions provide their own GUI tools, but these are just front ends to the same underlying Linux commands This book is distribution independent, providing a concise and detailed explanation of those tasks common to all Linux systems As much as 95 percent of a Linux system involves operations that are the same for all distributions You can use this book no matter what particular Linux distribution you are using

Linux distributions include features that have become standard, like the desktops; Unix compatibility; network servers; and numerous software applications such as office,

multimedia, and Internet applications GNOME and the K Desktop Environment (KDE) have become standard desktop Graphical User Interfaces (GUI) for Linux, noted for their power, flexibility, and ease of use Both have become integrated components of Linux, with applications and tools for every kind of task and operation

Linux is also a fully functional Unix operating system It has all the standard features of

a powerful Unix system, including a complete set of Unix shells such as BASH, TCSH, and the Z shell Those familiar with the Unix interface can use any of these shells, with the same Unix commands, filters, and configuration features

A wide array of applications operate on Linux Numerous desktop applications are continually released on the distribution repositories The GNU General Public License (GPL) software provides professional-level applications such as programming development tools, editors, and word processors, as well as numerous specialized applications such as those for graphics and sound

How to Use This Book

This book identifies seven major Linux topics: shell environments, desktops, applications, security, servers, system administration, and network administration It is really several books in one—a desktop book, a shell-user book, a security book, a server book, and an administration book—how you choose to use it depends upon how you want to use your

xxxi

Linux system Almost all Linux operations can be carried out using either the GNOME or KDE interface You can focus on the GNOME and KDE chapters and their corresponding tools and applications in the different chapters throughout the book On the other hand, if you want to delve deeper into the Unix aspects of Linux, you can check out the shell chapters and the corresponding shell-based applications in other chapters If you only want

to use Linux for its applications and Internet clients, then concentrate on the applications section If you want to use Linux as a multiuser system servicing many users or integrate it into a local network, you can use the detailed system, file, and network administration information provided in the administration chapters None of these tasks are in any way exclusive If you are working in a business environment, you will probably make use of all three aspects Single users may concentrate more on the desktops and applications, whereas administrators may make more use of the security and networking features

Part Topics

The first part of this book provides a general overview and covers some startup topics that users may find helpful It provides an introduction to Linux listings of resources, software sites, documentation sites, newsgroups and Linux news and development sites Distributions are covered briefly The next chapter covers startup topics such as general install issues, GNOME and KDE basics, as well as Windows access

Part II of this book deals with Linux shell environments, covering the BASH and TCSH shells, shell scripts, shell configuration, and the Linux file system All these chapters operate from a command line interface, letting you access and manage files and shells directly

Part III of this book covers desktops and their GUI support tools like the X Window System and display managers Here you are introduced to the KDE and GNOME desktops

Different features such as applets, the Panel, and configuration tools are described in detail

Part IV of this book discusses in detail the many office, multimedia, and Internet applications you can use on your Linux system, beginning with office suites like OpenOffice.org and KOffice The different database management systems available are also discussed, along with the website locations where you can download them Linux automatically installs mail, news, FTP, and web browser applications, as well as FTP and web servers Both KDE and GNOME come with a full set of mail, news, FTP clients and web browsers

Part V demonstrates how to implement security precautions using encryption, authentication, and firewalls Coverage of the GNU Privacy Guard (GPG) shows you how to implement public- and private key-based encryption With Luks (Linux Unified Key Setup) you can easily encrypt file systems SE Linux provides comprehensive and refined control of all your network and system resources IPsec tools let you use the IPSEC protocol to encrypt and authentication network transmissions Network security topics cover firewalls and encryption using Netfilter (IPtables) to protect your system, the Secure Shell (SSH) to provide secure remote transmissions, and Kerberos to provide secure authentication

Part VI discusses Internet servers you can run on Linux, including FTP, web, and mail servers The Apache web server chapter covers standard configuration directives like those for automatic indexing as well as the newer virtual host directives Sendmail, Postfix, IMAP, and POP mail servers are also covered, and the INN news server, the CUPS print server, the MySQL database server, and the Squid proxy server are examined

Part VII discusses system administration topics including user, software, file system, system, device, and kernel administration There are detailed descriptions of the configuration files used in administration tasks and how to make entries in them First, basic system

administration tasks are covered, such as selecting runlevels, monitoring your system, and scheduling shutdowns Then, aspects of setting up and controlling users and groups are discussed Different methods of virtualization are covered, such as full (KVM) and para-virtualizaton (Xen) Different file system tasks are covered, such as mounting file systems, managing file systems with HAL and udev, and configuring RAID devices and LVM volumes

Devices are automatically detected with udev and the Hardware Abstraction Layer (HAL)

Part VIII covers network administration topics such as configuring network interfaces and IP addressing.You also learn how to implement your own IPv4 Dynamic Host

Configuration Protocol (DHCP) server to dynamically assign hosts IP addresses and how IPv6 automatic addressing and renumbering operates The various network file system (NFS) interfaces and services such as GFS version 2, NFS for Unix, and NIS networks are presented

Introduction to Linux

CHAPTER 2Getting Started

PART

Introduction to Linux

Linux is a fast and stable open source operating system for personal computers (PCs)

and workstations that features professional-level Internet services, extensive development tools, fully functional graphical user interfaces (GUIs), and a massive number of applications ranging from office suites to multimedia applications Linux was developed in the early 1990s by Linus Torvalds, along with other programmers around the world As an operating system, Linux performs many of the same functions as Unix, Macintosh, Windows, and Windows NT However, Linux is distinguished by its power and flexibility, along with being freely available Most PC operating systems, such as Windows, began their development within the confines of small, restricted PCs, which have only recently become more versatile machines Such operating systems are constantly being upgraded to keep up with the ever-changing capabilities of PC hardware Linux, on the other hand, was developed in a different context Linux is a PC version of the Unix

operating system that has been used for decades on mainframes and minicomputers and is currently the system of choice for network servers and workstations Linux brings the speed, efficiency, scalability, and flexibility of Unix to your PC, taking advantage of all the capabilities that PCs can now provide

Technically, Linux consists of the operating system program, referred to as the kernel,

which is the part originally developed by Linus Torvalds But it has always been distributed with a massive number of software applications, ranging from network servers and security programs to office applications and development tools Linux has evolved as part of the open source software movement, in which independent programmers joined together to provide free, high-quality software to any user Linux has become the premier platform for open source software, much of it developed by the Free Software Foundation’s GNU project Many of these applications are bundled as part of standard Linux distributions Currently, thousands of open source applications are available for Linux from sites like SourceForge,

Inc.’s sourceforge.net, K Desktop Environment’s (KDE’s) kde-apps.org, and GNU Network Object Model Environment’s (GNOME’s) gnomefiles.org Most of these applications are also

incorporated into the distribution repository, using packages that are distribution compliant.Along with Linux’s operating system capabilities come powerful networking features, including support for Internet, intranets, and Windows networking As a norm, Linux distributions include fast, efficient, and stable Internet servers, such as the web, File Transfer Protocol (FTP), and DNS servers, along with proxy, news, and mail servers In other words, Linux has everything you need to set up, support, and maintain a fully functional network

3

CHAPTER

With both GNOME and KDE, Linux also provides GUIs with that same level of flexibility and power Unlike Windows and the Mac, Linux enables you to choose the interface you want and then customize it further, adding panels, applets, virtual desktops, and menus, all with full drag-and-drop capabilities and Internet-aware tools.

Linux does all this at the right price Linux is free, including the network servers and GUI desktops Unlike the official Unix operating system, Linux is distributed freely under a GNU general public license as specified by the Free Software Foundation, making it available to anyone who wants to use it GNU (the acronym stands for “GNUs Not Unix”)

is a project initiated and managed by the Free Software Foundation to provide free software

to users, programmers, and developers Linux is copyrighted, not public domain However,

a GNU public license has much the same effect as the software’s being in the public domain

The GNU GPL is designed to ensure Linux remains free and, at the same time, standardized Linux is technically the operating system kernel—the core operations—and only one official Linux kernel exists People sometimes have the mistaken impression that Linux is somehow less than a professional operating system because it is free Linux is, in fact, a PC, workstation, and server version of Unix Many consider it far more stable and much more powerful than Windows This power and stability have made Linux an operating system of choice as a network server

To appreciate Linux completely, you need to understand the special context in which the Unix operating system was developed Unix, unlike most other operating systems, was developed in a research and academic environment In universities, research laboratories, data centers, and enterprises, Unix is the system most often used Its development has paralleled the entire computer and communications revolution over the past several decades Computer professionals often developed new computer technologies on Unix, such as those developed for the Internet Although a sophisticated system, Unix was designed from the beginning to

be flexible The Unix system itself can be easily modified to create different versions In fact, many different vendors maintain different official versions of Unix IBM, Sun, and Hewlett-Packard all sell and maintain their own versions of Unix The unique demands of research programs often require that Unix be tailored to their own special needs This inherent flexibility in the Unix design in no way detracts from its quality In fact, this flexibility attests

to the ruggedness of Unix, allowing it to adapt to practically any environment This is the context in which Linux was developed Linux is, in this sense, one other version of Unix—

a version for the PC The development of Linux by computer professionals working in a researchlike environment reflects the way Unix versions have usually been developed Linux

is publicly licensed and free—and reflects the deep roots Unix has in academic institutions, with their sense of public service and support Linux is a top-rate operating system accessible

to everyone, free of charge

Linux Distributions

Although there is only one standard version of Linux, there are actually several different distributions Different companies and groups have packaged Linux and Linux software in slightly different ways Each company or group then releases the Linux package, usually on

a CD-ROM Later releases may include updated versions of programs or new software

Some of the more popular distributions are Red Hat, Ubuntu, Mepis, SUSE, Fedora, and

Debian The Linux kernel is centrally distributed through kernel.org All distributions use

this same kernel, although it may be configured differently