Fedora 7 Reference

Managing Samba Users smbasswd and pdbedit

The easiest way to manage Samba users is to use the system-config-samba tool. Click Preferences to select Samba Users. In this window you can then add, edit, or remove Samba users. In the SWAT tool you would use the Password panel. To manage users you can either use the smbpasswd command or the pdbedit tool. The smbpasswd command with the -a option will add a user and the -x option will remove one. To enable or disable users you would use the -e and -d options. The smbpasswd command will...

Saving IPtables Rules

Once you are satisfied that your IPtables rules are working correctly, you can save your rules to the etc sysconfig iptables file (for IPv6 you use etc sysconfig ip6tables). Use the iptables service script with the save option. Now your rules will be read automatically when your system starts up. You can think of the save operation as installing your IPtables rules on your system, making them part of your system setup whenever you start your system. To make changes, modify your iptables script,...

GNOME Preferences

Fedora provides several tools for configuring your GNOME desktop. These are listed in the System Preferences menu. Configuration preference tools are organized into several submenus Personal, Look and Feel, Internet and Network, Hardware, and System. Those that do not fall into any category are listed directly. The GNOME preferences are listed in Table 3-1. Several are discussed in different sections in this and other chapters. The Help button on each preference window will display detailed...

Sendmail Configuration

The main Sendmail configuration file is sendmail.cf, located in the etc directory. This file consists of a sometimes lengthy list of mail definitions that set general options, designate MTAs, and define the address rewrite rules. A series of options set features, such as the maximum size of mail messages or the name of host files. The MTAs are those mailers through which Sendmail routes messages. The rewrite rules rewrite a mail address to route through the appropriate Internet connections to...

Printing Files Ipr Ipq and Iprm

With the printer commands such as lpr and lprm, you can perform printing operations such as printing files or canceling print jobs (see Table 10-2). When you need to print files, use the lpr command to send files to the printer connected to your system. See Chapter 26 to learn more about printing. In the next example, the user prints the mydata file If you want to print several files at once, you can specify more than one file on the command line after the lpr command. In the next example, the...

LDAP Directory Database Idif

A record (also known as entry) in an LDAP database begins with a name, known as a distinguishing name, followed by a set of attributes and their values. The distinguishing name uniquely identifies the record. For example, a name could be a username and the attribute would be the user's e-mail address, the address being the attribute's value. Allowable attributes are determined by schemas defined in the etc openldap schema directory. This directory will hold various schema definition files, each...

Amanda Commands

Amanda has its own commands corresponding to the common backup tasks, beginning with am, such as amdump, amrestore, and amrecover. The commands are listed in Table 34-2. The amdump command is the primary backup operation. Perform automatic backups for the file systems listed in the disklist configuration file. Use to directly back up data from the holding disk to a tape. Clean up if there is a system failure on the server. Select backups to restore using an interactive shell. Restore backups,...

Grand Unified Bootloader GRUB

The Grand Unified Bootloader (GRUB) is a multiboot boot loader used for Fedora and Red Hat Linux. With GRUB, users can select operating systems to run from a menu interface displayed when a system boots up. Use arrow keys to move to an entry and press enter. Type e to edit a command, letting you change kernel arguments or specify a different kernel. The c command places you in a command line interface. Provided your system BIOS supports very large drives, GRUB can boot from anywhere on them....

The proc File System proc

The proc file system (see Chapter 30) is an older file system that was used to maintain information about kernel processes, including devices. It maintains special information files for your devices, though many of these are now supported by the sysfs file system. The proc devices file lists your installed character and block devices along with their major numbers. IRQs, DMAs, and I O ports currently used for devices are listed in the interrupts, dma, and ioports files, respectively. Certain...

Classless Interdomain Routing CIDR

Currently, the class-based organization of IP addresses is being replaced by the CIDR format. CIDR was designed for midsized networks, those between a class C and classes with numbers of hosts greater than 256 and smaller than 65,534. A class C network-based IP address using only one segment for hosts uses only one segment, an 8-bit integer, with a maximum value of 256. A class B network-based IP address uses two segments, which make up a 16-bit integer whose maximum value is 65,534. You can...

Pv4 Inaddrarpa Reverse Mapping Format

In IPv4, the zone entry for a reverse mapping in the named.conf file uses a special domain name consisting of the IP address in reverse, with an IN-ADDR.ARPA extension. This reverse IP address becomes the zone domain referenced by the symbol in the reverse mapping file. For example, the reverse mapping zone name for a domain with the IP address of 192.168.43 would be 43.168.192.IN-ADDR.ARPA. In the following example, the reverse domain name for the domain address 192.168.0 is...

Pv6 IP6ARPA Reverse Mapping Format

In IPv6, reverse mapping can be handled either with the current IP6.ARPA domain format, or with the older IP6.INT format. With IP6.ARPA, the address is represented by a bit-level representation that places the hexadecimal address within brackets. The first bracket is preceded by a backslash. The address must be preceded by an x indicating that it is a hexadecimal address. Following the address is a number indicating the number of bits referenced. In a 128-bit address, usually the first 64 bits...

IP Virtual Domains

IP-based virtual hosting allows more than one IP address to be used for a single machine. If a machine has two registered IP addresses, either one can be used to address the machine. If you want to treat the extra IP address as another host in your domain, you need only create an address record for it in your domain's zone file. The domain name for the host would be the same as your domain name. If you want to use a different domain name for the extra IP, however, you have to set up a virtual...

Install Methods

Fedora supports various methods for installation. Other than the graphical install, you can user a text install or a low-resolution (lowres) graphical install, which is helpful if your graphics card was not correctly detected. If you have difficulty with detecting your hardware, you can use the noprobe option, which will let you provide your own drivers, or the expert option, which will let you choose all your hardware. You may also need to use nofb for some LCD monitors, or set acpi off to...

Linux as an IPv6 Router radvd

For a Linux system that operates as a router, you use the radvd Router ADVertisement Daemon to advertise addresses, specifying a network prefix in the etc radvd.conf file. The radvd daemon will detect router network address requests from hosts, known as router solicitations, and provide them with a network address using a router advertisement. These router advertisements will also be broadcast to provide the network address to any hosts that do not send in requests. For radvd to work, you will...

Device Files dev udev and HAL

To mount a file system, you have to specify its device name. The interfaces to devices that may be attached to your system are provided by special files known as device files. The names of these device files are the device names. Device files are located in the dev directories and usually have abbreviated names ending with the number of the device. For example, fd0 may reference the first floppy drive attached to your system. The prefix sd references SCSI hard drives, so sda2 would reference...

GNOME 2x Desktop Features

Some of GNOME desktop features added since version 2.0 are described here Seahorse integrates GPG encryption, decryption, and signing of files and text (System Encryption Preferences). GNOME uses a TANGO-compliant icon images theme, CAIRO. The GNOME Control Center for basic preferences is integrated into Fedora as submenus in the System Preferences menu. An easy-to-use file permissions dialog allows changing permissions for all files in a folder, as well as setting SELinux attributes. Mouse and...

SELinux Management Tools

SELinux provides a number of tools to let you manage your SELinux configuration and policy implementation, including semanage to configure your policy. The Fedora system configuration tool for SELinux is system-config-selinux. The setools packages provides SELinux configuration and analysis tools including apol, the Security Policy Analysis tool for domain transition analysis, sediffx for policy differences, and seaudit to examine the auditd logs (see Table 17-2). The setools collection also...

SELinux Troubleshooting and audit2allow

Fedora includes the SELinux troubleshooter, which notifies problems that SELinux detects. Whenever SELinux denies access to a file or application, the kernel issues an AVC notice. These are analyzed by SELinux troubleshooter to detect problems that users may have to deal with. When a problem is detected, the SELinux troubleshooter notification will be displayed in the desktop notification area along with the a troubleshooter icon. Clicking on the icon or notice will open the SELinux...

Configuring Your Shell with Shell Parameters

When you log in to your account, the system generates a shell for you. This shell is referred to as either your login shell or your user shell. When you execute scripts, you are generating subshells of your user shell. You can define variables within your user shell, and you can also define environment variables that can be referenced by any subshells you generate. When you log in, Linux will set certain parameters for your login shell. These parameters can take the form of variables or...

System Shell Profile Script

Your Linux system also has its own profile file that it executes whenever any user logs in. This system initialization file is simply called profile and is found in the etc directory, etc profile. This file contains parameter variable definitions the system needs to provide for each user. A copy of the system's .profile file follows. Fedora and Red Hat use a pathmunge function to generate a directory list for the PATH variable. Normal user paths will lack the system directories (those with sbin...

BIND Servers and Tools

The BIND DNS server software consists of a name server daemon, several sample configuration files, and resolver libraries. As of 1998, a new version of BIND, beginning with the series number 8.x, implemented a new configuration file using a new syntax. Version 9.0 adds new security features and support for IPv6. Older versions, which begin with the number 4.x, use a different configuration file with an older syntax. Most distributions currently install the newer 9.x version of BIND. The name of...

Installing Kernel Sources with Fedora Core SRPM

You can obtain a recent version of the kernel source code from the Fedora distribution's SRPMS directory. It is no longer included with the binary RPMS files. It will have the name kernel-source. New versions of the Fedora source can be downloaded by directly accessing the Fedora distribution's FTP site. You simply install them as you would any RPM package. You can also use Firefox to download the package. You have use the rpm command in a terminal window as shown here rpm -ivh kernel-...

The dump Levels

The dump utility uses dump levels to determine to what degree you want your system backed up. A dump level of 0 will copy file systems in their entirety. The remaining dump levels perform incremental backups, backing up only files and directories that have been created or modified since the last lower-level backup. A dump level of 1 will back up only files that have changed since the last level 0 backup. The dump level 2, in turn, will back up only files that have changed since the last level 1...

Creating File Systems mkfs mke2fs mkswap parted and fdisk

Linux provides a variety of tools for creating and managing file systems, letting you add new hard disk partitions, create CD images, and format floppies. To use a new hard drive, you will have to first partition it and then create a file system on it. You can use either parted or fdisk to partition your hard drive. To create the file system on the partitions, you use the mkfs command, which is a front end for various file system builders. For swap partitions, you use a special tool, mkswap,...

File System Information

The file systems on each storage device are formatted to take up a specified amount of space. For example, you may have formatted your hard drive partition to take up 3 GB. Files installed or created on that file system take up part of the space, while the remainder is available for new files and directories. To find out how much space you have free on a file system, you can use the df command or, on the desktop, either the GNOME System Monitor (System Administration System Monitor) or the Disk...

The mount Command

The mount command takes two arguments the storage device through which Linux accesses the file system, and the directory in the file structure to which the new file system is attached. The mountpoint is the directory on your main directory tree where you want the files on the storage device attached. The device is a special device file that connects your system to the hardware device. The syntax for the mount command is as follows As noted previously, device files are located in the dev...

Mountcifs mount t cifs

Using the mount command with the -t cifs option., a Linux or Unix client can mount a shared directory onto its local system. The cifs option invokes the mount.cifs command to perform the mount operation. The syntax for the mount.cifs command is similar to that for the smbclient command, with many corresponding options. The mount.cifs command takes as its arguments the Samba server and shared directory, followed by the local directory where you want to mount the directory. The following example...

DivX and Xvid on Linux

DivX is a commercial video compression technology (free for personal use) for providing DVD-quality video with relatively small file sizes. You can compress 60 minutes of DVD video into about 400 MB, while maintaining very good quality. DivX is based on the MPEG-4 compression format, whereas DVD is MPEG-2. You can download the Linux version of DivX for free from labs.divx.com DivXLinuxCodec. You have to manually install the package. If you download with Firefox, you can choose to extract the...

Fedora Live CD

With the Fedora Live CD you can run Fedora from any CD-ROM drive. In effect, you can carry your operating system with you on just a CD-ROM. New users could also use the Live-CD to check out Fedora to see if they like it. Files and data can be written to removable devices like USB drives. You could also mount partitions from hard drives on the system you are running the Live CD on. You can find out more about the Fedora Live CD at The Live CD provide by Fedora includes a very limited set of...

Window Manager

However, desktop functionality, such as drag-and-drop capabilities and the GNOME workspace switcher (discussed later), works only with window managers that are GNOME-compliant. The current release of GNOME uses the Metacity window manager. It is completely GNOME-compliant and is designed to integrate with the GNOME desktop without any duplication of functionality. Other window managers such as Enlightenment, IceWM, and Window Maker can also be used. Check a...

Usenet News

Usenet is an open mail system on which users post messages that include news, discussions, and opinions. It operates like a mailbox that any user on your Linux system can read or send messages to. Users' messages are incorporated into Usenet files, which are distributed to any system signed up to receive them. Each system that receives Usenet files is referred to as a site. Certain sites perform organizational and distribution operations for Usenet, receiving messages from other sites and...

KDE Directories and Files

When KDE is installed on your system, its system-wide application, configuration, and support files may be installed in the same system directories as other GUIs and user applications. On Red Hat Enterprise Linux and Fedora, KDE is installed in the standard system directories with some variations, such as usr bin for KDE program files, usr lib kde3, which holds KDE libraries, and usr include kde, which contains KDE header files used in application development. The directories located in share...

Fedora Software Repositories

For Fedora, you can update to the latest software from the Fedora Yum repository using the software updater (see Chapter 4). For Red Hat Enterprise Linux, you can automatically download upgrades for your system using the Red Hat Network. Updates for Red Hat Enterprise are handled directly by Red Hat, whereas updates for Fedora use Fedora Yum software repositories. Your software updater is already configured to access the standard repositories. The Fedora distribution provides a comprehensive...

Packet Mangling the Mangle Table

The packet mangling table is used to actually modify packet information. Rules applied specifically to this table are often designed to control the mundane behavior of packets, like routing, connection size, and priority. Rules that actually modify a packet, rather than simply redirect or stop it, can be used only in the mangle table. For example, the TOS target can be used directly in the mangle table to change the Type of Service field to modifying a packet's priority. A TCPMSS target could...

RSH Kerberos and SSH Remote Access Commands

The remote access commands were designed for smaller networks, such as intranets. They enable you to log in remotely to another account on another system and to copy files from one system to another. You can also obtain information about another system, such as who is currently logged on (see Table 15-3). Many of the remote commands have comparable network communication utilities used for the Internet. For example, rlogin, which remotely logs in to a system, is similar to telnet. The rcp...

Kernel Configuration Tools

You can configure the kernel using one of several available configuration tools config, menuconfig, xconfig (qconf), and gconfig (gkc). You can also edit the configuration file directly. These tools perform the same configuration tasks but use different interfaces. The config tool is a simple configure script providing line-based prompts for different configuration options. The menuconfig tool provides a cursor-based menu, which you can still run from the command line. Menu entries exist for...

Network File Transfer FTP

With File Transfer Protocol (FTP) clients you can transfer extremely large files directly from one site to another. FTP can handle both text and binary files. This is one of the TCP IP protocols, and it operates on systems connected to networks that use the TCP IP protocols, such as the Internet. FTP performs a remote login to another account on another system connected to you on a network. Once logged in to that other system, you can transfer files to and from it. To log in, you need to know...

GNOME Desktop FTP Nautilus

The easiest way to download files is to use the built-in FTP capabilities of the GNOME file manager, Nautilus. On GNOME, the desktop file manager Nautilus has a built-in FTP capability much like the KDE file manager. The FTP operation has been seamlessly integrated into standard desktop file operations. Downloading files from an FTP site is as simple as dragging files from one directory window to another, where one of the directories happens to be located on a remote FTP site. Just as local...

Ptables Rules etcsysconfigiptables and systemconfigsecuritylevel

The etc sysconfig iptables script is automatically generated by system-config-securitylevel, which is run during the installation process. When you first start up your system, the etc sysconfig iptables file will contain the IPtables rules for the configuration you selected when you ran system-config-securitylevel. If you run system-config-securitylevel again, changing your configuration, the etc sysconfig iptables file will be overwritten with the new IPtables rules. You can access...

Configuring Remote Printers on CUPS

To install a remote printer that is attached to a Windows system or another Linux system running CUPS, you specify its location using special URL protocols. For another CUPS printer on a remote host, the protocol used is ipp, (Internet Printing Protocol), whereas for a Windows printer, it would be smb. Older Unix or Linux systems using LPRng would use the lpd protocol. As shown in Chapter 4, you can use system-config-printer to configure a remote printer with CUPS. Create a new printer and...

Creating Your Own Fedora Install Spins with Pungi

You can create your own distribution discs with Pungi. The Pungi tool uses configuration files in the etc pungi directory. It will generate a basic collection of packages, downloading them from the Fedora repository. Default settings are listed in the pungi.conf file. The packages to add to the spin are listed by category in the minimal-manifest file. It uses the same syntax as kickstart. The comps.xml file in the etc pungi directory defines the package grouping for your release. The etc pungi...

Third Party Kernel Module Updates

Third-party kernel drivers are provided for certain devices and system support, such as the ATI or NVIDIA Linux graphics drivers for their video cards. You could download and try to install these drivers directly, but it is recommended that you use a third-party package designed for use with Fedora. There are two approaches to providing additional kernel modules a precompiled module for each kernel version, or a dynamically compiled version using Dynamic Kernel Module Support (DKMS). The issue...

Managing YUM Caches

With the keepcache option enabled, Yum will keep its downloaded packages in the var cache yum directory. Should you want to save or copy any particular packages, you can locate them there. Caching lets you easily uninstall and reinstall packages without having to download them again. The package is retained in the cache. If caching is disabled, then packages are automatically deleted after they are installed. Packages will be organized into subdirectories according to their respective...

Enabling Amanda on the Network

To use Amanda on the network, you need to run two servers on the Amanda server as well as an Amanda client on each network host. Access must be enabled for both the clients and the server. The Amanda server runs through xinetd, using xinetd service files located in etc xinetd.d. The two service files are amidxtape and amandaidx. You can turn these on with chkconfig or with system-config-services On Demand Services panel. You only need to do this once. chkconfig amidxtape on chkconfig amandaidx...

The Gnome Volume Manager

Managing DVD CD-ROMs, card readers, floppy disks, digital cameras, and other removable media is the task of the GNOME Volume Manager. This is a lower-level utility that remains transparent to the user, though how you treat removable media can be configured with the Drives and Removable Media preferences tool. The GNOME Volume Manager allows you not only to access removable media, but to access all your mounted file systems, remote and local, including any Windows shared directories accessible...

Yum Extender yumex

The Yum Extender is an alternative GUI interface for managing software packages on your Yum repositories (see Figure 3-10) yumex is included with Fedora. Open Add Remove Software and on the Browse panel select Base System, then Administration Tools, and then Q.74-17.fr he Samba Suite of programs 3.0.24-10.fc Samba (SMB) client programs. noarc 1.2.39-1.fc7 Samba server configuration tool This prckaoe 5 roup all mi van to sho.-e flics between Linn* and Hi WimkR tm) click the Optional Packages to...

Newsreaders

You read Usenet articles with a newsreader, such as KNode, Pan, Mozilla, trn, or tin, which enables you to first select a specific newsgroup and then read the articles in it. A newsreader operates like a user interface, enabling you to browse through and select available articles for reading, saving, or printing. Most newsreaders employ a sophisticated retrieval feature called threads that pulls together articles on the same discussion or topic. Newsreaders are designed to operate using certain...

Vsftpd Virtual Hosts

Though the capability is not inherently built in to vsftpd, you can configure and set up the vsftpd server to support virtual hosts. Virtual hosting is where a single FTP server operates as if it has two or more IP addresses. Several IP addresses can then be used to access the same server. The server will then use a separate FTP user directory and files for each host. With vsftpd, this involves manually creating separate FTP users and directories for each virtual host, along with separate...

Other POP and IMAP Servers

Fedora also includes the Cyrus IMAP server, which you can install and use instead of Dovecot. In addition, several other IMAP and POP servers are available for use on Linux The University of Washington POP and IMAP servers (ftp.cac.washington.edu imap) are part of the University of Washington's imap RPM package. The POP server daemons are called ipop2d and ipop3d. Your Linux system then runs as a POP2 and POP3 server for your network. These servers are run through xinetd. The POP3 server uses...

TCPIP Network Addresses

As noted previously, the traditional IPv4 TCP IP address is organized into four segments, consisting of numbers separated by periods. This kind of address is still in widespread use and is what people commonly refer to as an IP address. Part of an IP address is used for the network address, and the other part is used to identify a particular interface on a host in that network. You should realize that IP addresses are assigned to interfaces such as Ethernet cards or modems and not to the host...

Photo Management Tools FSpot and digiKam

The F-Spot Photo Manager provides a simple and powerful way to manage, display, and import your photos and images (www.f-spot.org). Photos can be organized by different categories such as events, people, and places. You can perform standard display operations This site holds a massive amount of multimedia software for Linux, much under development sourceforge.net KDE supports an extensive set of multimedia software Many multimedia applications have been developed for GNOME Lists a wide range of...

The BASH Shell Logout File bashlogout

The .bash_logout file is also a configuration file, but it is executed when the user logs out. It is designed to perform any operations you want done whenever you log out. Instead of variable definitions, the .bash_logout file usually contains shell commands that form a kind of shutdown procedure actions you always want taken before you log out. One common logout command is to clear the screen and then issue a farewell message. As with .bash_profile, you can add your own shell commands to...

Configuration with systemconfigselinux

With system-config-selinux you can manage and configure your SELinux policies, though you cannot create new policies (see Figure 17-1). You can access system-config-selinux from the System Administration menu by selecting the SELinux Management entry. The system-config-selinux window will list several panes with a sidebar menu for Status, Boolean, File Labeling, User Mapping, SELinux User, Translation, Network Port, and Policy Module. system-config-selinux will invoke the SELinux management...

Video and DVD Players

Access to current DVD and media players is provided at dvd.sourceforge.net. Here you will find links for players like VideoLAN, MPlayer, and Xine. The VideoLAN project (www.videolan.org) offers network streaming support for most media formats, including MPEG-4, x264, and MPEG-2. It includes a multimedia player, VLC, that can work on any kind of system. MPlayer is one of the most popular and capable multimedia DVD players in use. It is a cross-platform open source alternative to RealPlayer and...

Creating and Installing RAID Devices

If you created your RAID devices and their partitions during the installation process, you should already have working RAID devices. Your RAID devices will be configured in the etc mdadm.conf file, and the status of your RAID devices will be listed in the proc mdstat file. You can manually start or stop your RAID devices with the raidstart and mdadm commands. The -a option operates on all of them, though you can specify particular devices if you want. To create a new RAID device manually for an...

GNU Privacy Guard

To protect messages that you send by e-mail, most Linux distributions provide GNU Privacy Guard (GnuPG) encryption and authentication (www.gnupg.org). GnuPG is GNU open source software that works much like Pretty Good Privacy (PGP) encryption. It is the OpenPGP encryption and signing tool, and OpenPGP is the open source version of PGP. With GnuPG, you can both encrypt your messages and digitally sign them protecting the message and authenticating that it is from you. Currently, Evolution and...

Configuration and Administration Access with KDE

KDE uses a different set of menus and access points than GNOME for accessing system administration tools. There are also different ways to access KDE configuration tasks, as well as KDE system administration tools not available through GNOME. Access Fedora system administration tools from the Main Menu Administration entry. Here you will find system-config Fedora administration tools like Users and Groups, Printing, Display, and Network. One significant addition is Kyum, which you can use to...

Fedora Administration Tools

On Fedora, most administration tasks can be handled by a set of separate specialized administrative tools developed and supported by Red Hat Linux and Fedora, such as those for user management and display configuration. Many of these are GUI-based and will work on any X Window System environment, such as GNOME or KDE. To access the GUI-based Red Hat and Fedora tools, you log in as the root user to the GNOME desktop and select the System menu. System administrative tools are listed on the...

Adding and Removing Users with useradd usermod and userdel

Linux also provides the useradd, usermod, and userdel commands to manage user accounts. All these commands take in all their information as options on the command line. If an option is not specified, they use predetermined default values. These are command line operations. To use them on your desktop you first need to open a terminal window (right-click on the desktop and select Open Terminal), and then enter the commands at the shell prompt. If you are using a desktop interface with Red Hat...

Initialization and Configuration Files

Each type of shell has its own set of initialization and configuration files. The BASH shell configuration files were discussed previously. The TCSH shell uses .login, .tcshrc, and .logout files in place of .bash_profile, .bashrc, and .bash_logout. The Z shell has several initialization files .zshenv, .zlogin, .zprofile, .zschrc, and .zlogout. See Table 9-5 for a listing. Check the Man pages for each shell to see how they are usually configured. When you install a shell, default versions of...

Network Configuration

The Network Configuration screen displays entries in the top part for the different network devices on your computer. The screen displays segments for your network devices, hostname, and miscellaneous settings. If you use DHCP to automatically configure your network connection, as most networks do, you will most likely not need to do anything on this screen. your logical volumes. You first need to assign the LVM physical partitions to volume groups. Volume groups are essentially logical hard...

NTFS Read Write Access ntfs3g

The simplest and easiest approach is to use the ntfs-3g NTFS driver. The ntfs-3g drivers developed from the NTFS Project. Check the ntfs-3g Web site for more details, www.ntfs-3g.org. As noted, ntfs-3g uses the same support tools, ntfsprogs. Unlike the original NTFS Project driver, ntfs-3g provides write support. You can write to and delete from NTFS partitions. Though writing should work, for safety's sake, you have the option to turn off write capability. Once ntfs-3g is installed, there is...

Fstab Fields

An entry in an fstab file contains several fields, each separated from the next by a space or tab. These are described as the device, mountpoint, file system type, options, dump, and fsck fields, arranged in the sequence shown here < device> < mountpoint> < filesystemtype> < options> < dump> < fsck> The first field is the name of the file system to be mounted. This entry can be either a device name or an ext2 or ext3 file system label. A device name usually begins with...

Mounting Floppy Disks

As noted previously, to access a file on a floppy disk, the disk first has to be mounted on your Linux system. The device name for your floppy drive is fd0, and it is located in the directory dev. Entering dev fd0 references your floppy drive. Notice the number 0 after fd. If you have more than one floppy drive, the additional drives are represented by fdl, fd2, and so on. You can mount to any directory you want. Red Hat Enterprise creates a convenient directory to use for floppy disks, media...

The sysfs File System sys

The system file system is designed to hold detailed information about system devices. This information can be used by hotplug tools like udev to create device interfaces as they are needed. Instead of having a static and complete manual configuration for a device, the sysfs system is used to maintain configuration information about the device, which is then used as needed by the hotplugging system to create device interfaces when a device is attached to the system. More and more devices are now...

DHCP Fixed Addresses

Instead of using a pool of possible IP addresses for your hosts, you may want to give each one a specific addresses. Using the DHCP server still gives you control over which address will be assigned to a given host. However, to assign an address to a particular host, you need to know the hardware address for that host's network interface card (NIC). In effect, you have to inform the DHCP server that it has to associate a particular network connection device with a specified IP address. To do...

Network Talk and Messenger Clients VoIp Icq Irc Aim and Talk

You may, at times, want to communicate directly with other users on your network. You can do so with VoIP, Talk, ICQ, instant messenger, and IRC utilities, provided the other user is also logged in to a connected system at the same time (see Table 15-2). With Voice over the Internet Protocol applications, you can speak over Internet connections, talking as if on a telephone. The Talk utility operates like a two-way text messaging tool, enabling you to have a direct two-way conversation with...

Nautilus as a FTP Browser

Nautilus works as an operational FTP browser. You can use the Location box (toggle to box view) or the Open Location entry on the File menu to access any FTP site. Just enter the URL for the FTP site in the Location box and press enter (you do not need to specify ftp ). Folders on the FTP site will be displayed, and you can drag files to a local directory to download them. The first time you connect to a site, an Authentication dialog will open letting you select either Anonymous access or...

The crontab Command

You use the crontab command to install your entries into a crontab file. To do this, first create a text file and type your crontab entries. Save this file with any name you want, such as mycronfile. Then, to install these entries, enter crontab and the name of the text file. The crontab command takes the contents of the text file and creates a crontab file in the var spool cron directory, adding the name of the user who issued the command. In the following example, the root user installs the...

Running cron Directory Scripts

Each directory contains scripts that are all run at the same time. The scheduling for each group is determined by an entry in the etc crontab file. The actual execution of the scripts is performed by the usr bin run-parts script, which runs all the scripts and programs in a given directory. Scheduling for all the tasks in a given directory is handled by an entry in the etc crontab file. Fedora provides entries with designated times, which you may change for your own needs. The default Fedora...

Security Services

Fedora includes several security services for protecting your system and your network transmissions (see Table 4-3). Using GNU Privacy Guard (GPG), you can encrypt your e-mail messages or files you want to send, as well as sign them with an encrypted digital signature authenticating that the message was sent by you. The digital signature also includes encrypted modification digest information that provides an integrity check, allowing the recipient to verify that the message received is the...

Kernel Tuning Kernel Runtime Parameters

Several kernel features, such as IP forwarding or the maximum number of files, can be turned on or off without compiling and installing a new kernel or module. These tunable parameters are controlled by the files in proc sys directory. Parameters that you set are made in the etc sysctl.conf file. Fedora installs this file with basic configuration entries such as those for IP forwarding and debugging control. You use the sysctl command directly. The -p option causes sysctl to read parameters...

File System Management

Files reside on physical storage devices such as hard drives, CD-ROMs, or floppy disks. The files on each storage device are organized into a file system. The storage devices on your Linux system are presented as a collection of file systems that you can manage. When you want to add a new storage device, you need to format it as a file system and then attach it to your Linux file structure. Hard drives can be divided into separate storage devices called partitions, each of which has its own...

The HAL Daemon and haldevicemanager halgnome

The HAL daemon, hald, is run as the haldaemon process. You can start and stop it using the haldaemon service script, as well as with system-config-services. Information provided by the HAL daemon for all your devices can be displayed using the HAL device manager. The HAL device manager is part of the hal-gnome package. You can access it, once installed, from the System Administration Hardware menu entry. The actual Hal device manager program is named hal-device-manager. When you run the...

Pcmcia Devices

PCMCIA devices are card readers commonly found on laptops to connect devices like modems or wireless cards, though they are becoming standard on many desktop systems as well. The same PCMCIA device can support many different kinds of devices, including network cards, modems, hard disks, and Bluetooth devices. PCMCIA support is now managed by udev and HAL. You no longer use the cardmgr pcmcia service. PCMCIA devices are now considered hotplugged devices managed by HAL and udev directly. Card...

Samba Applications

The Samba software package consists of two server daemons and several utility programs (see Table 39-1). One daemon, smbd, provides file and printer services to SMB clients and other systems, such as Windows, that support SMB. The nmbd utility is a daemon that provides NetBIOS name resolution and service browser support. The smbclient utility provides FTP-like access by Linux clients to Samba services. mount.cifs and umount.cifs enable Linux clients to mount and unmount Samba shared directories...

Changing Runlevels with telinit

No matter what runlevel you start in, you can change from one runlevel to another with the telinit command. If your default runlevel is 3, you power up in runlevel 3, but you can change to, say, runlevel 5 with telinit 5. The command telinit 0 shuts down your system. In the next example, the telinit command changes to runlevel 1, the administrative state The telinit command is really a symbolic link (another name for a command) to the init command. The init command performs the actual startup...

Termcap and inittab Files

The etc inittab file holds instructions for your system on how to manage terminal devices. A line in the etc inittab file has four basic components an ID, a runlevel, an action, and a process. Terminal devices are identified by ID numbers, beginning with 1 for the first device. The runlevel at which the terminal operates is usually 1. The action is usually respawn, which means to run the process continually. The process is a call to the mingetty, mgetty, or agetty with the terminal device name....

Recovering Backups

You use the restore command either to restore an entire file system or to just retrieve particular files. restore will extract files or directories from a backup archive and copy them to the current working directory. Make sure you are in the directory you want the files restored to when you run restore. restore will also generate any subdirectories as needed. restore has several options for managing the restore operation (see Table 34-4). To recover individual files and directories, you run...

Implementing a GFS 2 File System

To set up a GFS 2 file system, you first need to create cluster devices using the physical volumes and organizing them into logical volumes. You use the CLVM (Clustering Logical Volume Manager) to set up logical volumes from physical partitions (in the past you used a volume manager called pool to do this). You can then install GFS file systems on these logical volumes directly. CLVM operates like LVM, using the same commands. It works over a distributed network and requires that the clvmd...

Network Manager

Fedora uses Network Manager to detect your network connections, both wired and wireless. Network Manager makes use of the automatic device detection capabilities of udev and HAL to configure your connections. Network Manager is not turned on by default. Use the Services tool under the System Administration Servers menu to start both the Network Manager daemon and the Network Manager dispatcher. Once started, Network Manager will display a Network icon to the right on the top panel. Left-click...

ICMP Packets

Firewalls often block certain Internet Control Message Protocol (ICMP) messages. ICMP redirect messages, in particular, can take control of your routing tasks. You need to enable some ICMP messages, however, such as those needed for ping, traceroute, and particularly destination-unreachable operations. In most cases, you always need to make sure destination-unreachable packets are allowed otherwise, domain name queries could hang. Some of the more common ICMP packet types are listed in Table...

Downloading ISO and DVD Distribution Images with Bit Torrent

Very large files like distribution ISO images can be downloaded using BitTorrent. BitTorrent is a distributed download operation, where many users on the Internet participate in the same download, each uploading parts that others can in turn download. The file is cut into small IP packets, and each packet is individually uploaded and downloaded as if it were a separate file. Your BitTorrent client will automatically combine the packets into the complete file. There is no shared disk space like...

Anonymous User Permissions

You can also allow anonymous users to upload and delete files, as well as create or remove directories. Uploading by anonymous users is enabled with the anon_upload_enable option. To let anonymous users also rename or delete their files, you set the anon_other_ write_enable option. To also let them create directories, you set the anon_mkdir_write_ enable option. The anon_world_readable_only option will make uploaded files read only (downloadable), restricting write access to the user that...

Web Server Security SSL

Web server security deals with two different tasks protecting your Web server from unauthorized access, and providing security for transactions carried out between a Web browser client and your Web server. To protect your server from unauthorized access, you use a proxy server such as Squid. Squid is a GNU proxy server often used with Apache on Linux systems. (See Chapter 24 for a detailed explanation of the Squid server.) Apache itself has several modules that provide security capabilities....

Device Types

Linux implements several types of devices, the most common of which are block and character. A block device, such as a hard disk, transmits data a block at a time. A character device, such as a printer or modem, transmits data one character at a time, or rather as a continuous stream of data, not as separate blocks. Device driver files for character devices have a c as the first character in the permissions segment displayed by the ls command. Device driver files for block devices have a b. In...

Nautilus Sidebar Tree History and Notes

The sidebar has several different views, selectable from a pop-up menu, for displaying additional information about files and directories Places, Information, Tree, History, and Notes. Places show your file system locations that you would normally access, starting with your home directory. File System places you at the top of the file system, letting you move to any accessible part of it. Information displays detailed information about the current directory or selected file. For example, if you...

Command Line PPP Access wvdial

If, for some reason, you have been unable to set up a modem connection on your X Window System, you may have to set it up from the command line interface instead of a desktop. For a dial-up PPP connection, you can use the wvdial dialer, which is an intelligent dialer that not only dials up an ISP service but also performs login operations, supplying your username and password. The wvdial program first loads its configuration from the etc wvdial.conf file. In here, you can place modem and...

Lynx and ELinks Line Mode Browsers

Lynx is a line-mode browser you can use without the X Window System. A Web page is displayed as text only. A text page can contain links to other Internet resources but does not display any graphics, video, or sound. Except for the display limitations, Lynx is a fully functional Web browser. You can use Lynx to download files or to make Telnet connections. All information on the Web is still accessible to you. Because it does not require much of the overhead that graphics-based browsers need,...

Controlling User Passwords

Once you have created a user account, you can control the user's access to it. Both the system-config-users and the passwd tool let you lock and unlock a user's account. You use the passwd command with the -l option to lock an account, invalidating its password, and you use the -u option to unlock it. You can also force a user to change his or her password at given intervals by setting an expiration date for that password. Both system-config-users and the chage command let you specify an...

The iptables Service Script etcrcdinitdiptables and etcsysconfigiptablesconfig

You should think of the iptables service script that Red Hat Fedora provides as a versatile management tool, not as a service startup script. The use of the service command for this script can be confusing. The iptables script only manages IPtables rules, flushing, adding, or reporting them. It does not start and stop the IPtables service. If Netfilter is not running, you will need to specify that it be started up when your system boots. For this, you can use system-config-service (Services in...

Sendmail Masquerading

For a mail server that is relaying messages from local hosts to the Internet, you may want to masquerade the source of the messages. In large networks that have their own mail servers connected to the Internet, Sendmail masquerading can make messages sent by local hosts dnl My sendmail.mc file OSTYPE('linux') A sendmail.mc file usually contains many more entries, particularly for parameters and features. Check the etc mail sendmail.mc file on your Red Hat or Fedora system to see the standard...

Spam Spam Assassin

With SpamAssassin, you can filter sent and received e-mail for spam. The filter examines both headers and content, drawing on rules designed to detect common spam messages. When they are detected, it then tags the message as spam, so that a mail client can then discard it. SpamAssassin will also report spam messages to spam detection databases. The version of SpamAssassin distributed for Linux is the open source version developed by the Apache project, located at spamassassin.apache.org. There...

Location of Bind Server Files etcnamedchroot

Both the configuration and zone files used by BIND are placed in a special subdirectory called chroot located within the var named directory, var named chroot. The chroot directory sets up a chroot jail, creating a virtual root directory for any users of the DNS service. This prevents access by DNS users to any other part of the system. When the BIND server starts up, the chroot command is run on the named service making var named chroot the root directory for any users of the DNS service....

Logging xinetd Services

You can further add a variety of other attributes such as logging information about connections and server priority (nice). In the following example, the log_on_success attribute logs the duration (DURATION) and the user ID (USERID) for connections to a service, log_on_failure logs the users that failed to connect, and nice sets the priority of the service to 10. log_on_success + DURATION USERID log_on_failure + USERID nice 10 The default attributes defined in the defaults block often set...

Desktop Editors Kate KEdit and KJots

All the K Desktop editors provide full mouse support, implementing standard GUI operations, such as cut and paste to move text, and click and drag to select text. The K Desktop editors are accessible from the Utilities Editors menu on the K Desktop (you have to log in using the K-Desktop, check KDE entry in login screen's Options Select Session menu), though you can start any of them up from GNOME using the terminal window and the command name. Kate is an advanced editor, with such features as...

Mail Transport Agents

Red Hat Linux and Fedora automatically install and configure both Sendmail and Postfix for you. On starting your system, you can send and receive messages between local users using Sendmail or Postfix. Red Hat and Fedora include a special tool called the Mail Transport Agent Switcher, accessible from the System Settings menu or window, to let you switch between the two. You can also set up your Linux system to run a POP server. Sendmail mail transfer agent, supported by the Sendmail consortium...

Public Key Encryption Integrity Checks and Digital Signatures

Encrypting data is the only sure way to secure data transmitted over a network. Encrypt data with a key, and the receiver or receivers can later decrypt it. To fully protect data transmitted over a network, you should not only encrypt it but also check that it has not been modified, as well as confirm that it was actually created by the claimed author. An encrypted message could still be intercepted and modified, and then reencrypted. Integrity checks such as modification digests make sure that...

Directory Level Configuration htaccess and

One of the most flexible aspects of Apache is its ability to configure individual directories. With the Directory directive, you can define a block of directives that apply only to a particular directory. Such a directive can be placed in the httpd.conf or access.conf configuration files. You can also use a .htaccess file within a particular directory to hold configuration directives. Those directives are then applied only to that directory. The name .htaccess is actually set with the...