SUSE Linux Enterprise Server Guide
Installing sendmail
As mentioned previously, sendmail is never installed by default on a SUSE system. To install sendmail, you will need to remove Postfix, the default MTA on SUSE Linux systems, or any other MTA that you may previously have installed. SUSE's use of RPM as a core database for tracking installed packages and associated files simplifies adding and removing entire packages, but YaST makes the process even easier. To install sendmail on your SUSE Linux system, do the following 1. Start YaST, select...
Office Formats
OpenOffice.org opens almost all Microsoft Word .doc, Excel .xls, and PowerPoint .ppt files, as well as its own and StarOffice native formats. As noted earlier in the chapter, to quickly extract the text from a Word file, antiword can be useful. The other office applications on Linux (AbiWord, Gnumeric, Koffice) are generally not as good as OpenOffice.org at opening alien files. You can try to educate your contacts to understand that if they want to send you a shopping list, it's not actually...
ToPDC or Not to PDC
A domain controller is a server that supplies authentication information for a Windows domain. If you want your Samba server to join an existing Windows domain, you probably do not want it to act as a primary domain controller because a primary domain controller will already exist (probably in the form of a Windows server). Starting a second primary domain controller on an existing Windows domain will certainly confuse any Windows systems that are already members of that domain and will...
Using the CUPS Web Interface
The CUPS web interface can be viewed from a browser using port 631 see Figure 19-8 . By default, SUSE's settings allow only administrative changes through the browser interface when connecting from the local machine. This can be changed in the cupsd.conf file, but for now we will look at administering the server from a browser running on itself. So from the local machine, you need to browse to http localhost 631. Some of the functions that are available simply provide information. Others can...
Printing in Linux The Role of Post Script
As we hinted previously, the essentials of printing in Linux have their origins in the way printing was handled in traditional Unix systems, which originally printed to line printers that were only capable of printing lines of text characters. The first printers with graphical capabilities used the PostScript language. As a result PostScript became a standard page description language. PostScript was introduced by Adobe Systems and dates back to 1982. It is both a page description language and...
Understanding the Display Environment Variable
As you'll see in the next few sections, the DISPLAY environment variable tells X Window system applications which device they should contact in order to display their output. In most cases, you won't have to set this variable because the default is always your local machine. However, in general, the DISPLAY environment variable is declared using a command such as the following The displayname specification uses the following form When specifying a DISPLAY, hostname specifies the machine on...
The CUPS Command Line Tools and Configuration Files
CUPS also provides a set of command-line tools that can do all the administration that the web interface allows. These are the commands provided by the cups-client package. In particular, the lpinfo, lpadmin, and lpoptions commands provide the functionality that the web interface provides, but from the command line. In general, to avoid problems, you should use the available tools in the following order of preference The YaST printer module for basic setup The CUPS command-line tools In other...
Vsftpd as an Anonymous FTP Server
An FTP server is most commonly used as a server for anonymous downloads. We look at this setup first. An anonymous FTP server is a server that allows anyone to log in with one of the two standard usernames ftp or anonymous and download files. If you use a browser to access an anonymous FTP site, the browser passes the login information to the site without the user having to think about it. User FTP, which we consider later, refers to an FTP server on which specified users have accounts that...
Virtual Machines Using QEMU
QEMU is an open source hardware emulator. It can emulate an x86 system on x86, but can also both emulate and run on some other architectures. In particular, it can emulate and run on the PowerPC architecture. QEMU packages are included in the SUSE distribution. QEMU is developed by the French genius Fabrice Bellard, and the latest version is always available from http fabrice .bellard.free.fr qemu . You can install most x86 operating systems in QEMU, including most versions of Windows and most...
Mware Virtual Machines
VMware is a commercial and proprietary virtualization product. VMware began as a desktop product for running Windows under Linux and vice versa, but now a number of products are offered, including expensive server versions (the VMware GSX and ESX servers) that allow server consolidation by letting you migrate a variety of servers running different operating systems onto a single physical server. You must pay for the Workstation product, but there are also two free download versions, VMware...
Starting and Stopping DHCP Clients
To be able to use DHCP, your client machines must know how to actually send DHCP requests to the network for configuration. In SUSE, you can use the Network Configuration of YaST Network Devices O Network Card to configure a network interface to use DHCP. Another useful way to send a DHCP request is with ifup-dhcp and ifdown-dhcp. If you are using a wireless network, or you want to bring up a network interface temporarily using DHCP, then you can use the ifup-dhcp command Starting DHCP Client...
Setting Up Desktop Effects
To get desktop effects to work, you need a suitable modern graphics card. Having installed SUSE, the easy way, particularly if you have done a GNOME install, is to run the Gnome Control Center and choose the icon Desktop Effects.'' This will attempt to install an appropriate driver for your card, reconfigure your graphics using sax2 to use that driver, and rewrite your display manager configuration ( etc sysconfig displaymanager), so that GDM or KDM starts the Xgl server rather than X. The...
Kernel Parameters at Boot Time
You can pass parameters to the kernel at boot time either permanently by editing the GRUB configuration file or temporarily by typing at the boot prompt. These control the behavior of the kernel when it boots in various ways. Current versions of SUSE use the showopts keyword in the GRUB configuration file, which has the unfortunate effect of hiding the parameters that are being passed. Actually what this keyword does is to hide the options that are listed before it and show those that appear...
Using YaST to Set Up Samba Client Services
The YaST module for Samba client services is labeled Windows Domain Membership in the network Services menu. This can be started manually from the command line with the command YaST's Samba client module allows you to set the current machine as a member of a Windows Domain or workgroup. In the case of a traditional Windows NT-style domain or Active Directory domain, selecting the box ''Also use SMB information for Linux Authentication'' allows you to authenticate against the Windows Domain....
Working with the Winbind Daemon
The Winbind daemon, winbindd, enables the Linux name switch service (nsswitch) to retrieve user and group information from a Windows primary domain controller (PDC). This provides a networked authentication mechanism similar to the Network Information System (NIS and NIS+) often used in computing environments that make heavy use of Sun's Network File System (NFS). The Winbind daemon enables Windows users to log in on a Linux machine using the Windows credentials provided by the PDC without...
Window Managers
The X server itself knows how to display the output of a program, but it does not know how to manage the different programs that it is displaying that is the job of the window manager. The window manager looks after the behavior of the application windows, their decorations, the look and feel of their borders and control widgets (such as close and maximize buttons), the way they interact with the mouse and keyboard, and so on. There are a variety of window managers that range from the very...
Pluggable Authentication Modules
Before Pluggable Authentication Modules (PAM) came along, any application that needed to authenticate a user had to read the etc passwd and etc shadow files directly. This restricted how data about users was stored because the data always had to be in a text file. PAM provides authentication modules that can obtain user accounts from numerous sources an LDAP server, a SQL database, or a Windows Active directory, for example. PAM works by having a configuration file for each service that needs...
Logging with syslogng
In the previous section, we talked about the shortcomings of the syslog method of logging. The syslog-ng method goes further with the logging process by allowing you to specify regular expressions based on what the message contains for logging and by logging to specific files based on what the message contains. For example, the Linux firewall command iptables enables you to specify a logging prefix. If you were to use syslog-ng, you could specify that if the message that was intercepted by...
Putting It All Together
We have talked about many technical aspects of Linux in the book, and this chapter has been included for two reasons to help you see where Linux fits in with the enterprise, and to help you see where the components we have talked about fit into a typical organization. The final part of this chapter deals with the best practices we have come across for Linux in the enterprise. A typical organization's IT infrastructure relies heavily on three things file and print services, e-mail, and user...
Configuring a Firewall with iptables
To configure a firewall on Linux, you need to get used to the iptables command, which is used to manipulate the kernel packet filtering settings from user space. (Refer to Chapter 6 for more information on TCP IP because an understanding of TCP IP is needed.) f - - r The terms ''user space'' and ''kernel space'' are used a lot in the Unix community. rr when something runs in kernel space, it is under the control and the constraints of the kernel. Something running in kernel space could be a...
File Attributes
This is an additional layer of control over files above and beyond the standard Unix permissions system. File attributes are controlled by the chattr command. In general and in most situations, the attributes that this system allows are not widely used and not all of them are implemented on every filesystem, but most of the functionality of chattr is available on the common filesystems (ext2, ext3, and reiserfs). The one attribute that is particularly interesting and that can be set with this...
Postfix maincf file Example
Queue_directory var spool postfix command_directory usr sbin daemon_directory usr lib postfix unknown_local_recipient_reject_code 550 debug_peer_level 2 debugger_command xxgdb daemon_directory process_name process_id & sleep 5 sendmail_path usr sbin sendmail newaliases_path usr bin newaliases mailq_path usr bin mailq setgid_group maildrop manpage_directory usr share man sample_directory usr share doc packages postfix samples readme_directory mail_spool_directory var mail canonical_maps hash...
Stopping Spam
Spam, or unsolicited commercial e-mail (UCE), is the bane of any Internet user's life, and an administrator is more than aware of how much mail is worthless junk. To combat this, you can use Postfix's UCE controls to limit the amount of spam that travels through your systems. We have already touched upon the restriction of relaying through your mail server, which is part of the problem of spam. Another way to stop spam is by making sure connections to the mail server are true to the RFC SMTP...
Creating and Managing the Samba Password File
The Samba server uses its own password file to authenticate users connecting from clients. On SUSE systems this is the file etc samba smbpasswd. Users that already exist on the system (in etc passwd, having their encrypted passwords in etc shadow) are not automatically added as Samba users. To add a samba user, you need to use the smbpasswd command, which adds or modifies a user in the file etc samba smbpasswd. To add a Samba user, run smbpasswd with the - a (add) option smbpasswd -a roger New...
YaST Modules
The YaST system is split into nine main menus, each one providing a number of modules. i- i j If you want to load a YaST module without loading the main menu, you can enter 'j- .,.',' . yast2 modulename. For a list of modules available in your installed YaST environment, type yast2 -l. Most (but not all) of the module names are fairly self-explanatory. To load the software management module, type yast2 sw.single. Tables 9-1 through 9-9 comprise a list of YaST modules (as seen on an openSUSE...
Xgl and Compiz
Around the time of the original release of SUSE 10.0 and SLED 10, there was considerable interest among Linux desktop circles about the introduction of exciting new features on the desktop. These were the use of Xgl as an alternative to X and a compositing window manager. Put in those terms, this does not sound very interesting, but what you can do with these features is novel and compelling. If you have the right hardware and drivers, you can have extraordinary visual effects on the desktop,...
Sld Nld and SLED
SUSE first offered a business desktop version in 2002 this was the SUSE Linux Desktop (SLD), which was based on the code of SLES 8. It was essentially similar to SUSE Personal Professional 8.1, but had some extra features including a bundled licensed version of CrossOver Office (a commercial version of the Wine Windows emulation software discussed in Chapter 28) and a Citrix client. Take-up was not particularly strong, despite the good publicity that came out of the Munich announcement. There...
Getting Started with Squid on SUSE
The SUSE installation media contain the Squid installation package first, you need to install this in the usual way using YaST. Squid is included in the YaST installation selection Network Server. For this discussion, we assume that you are setting up Squid on a machine on your network that can connect freely to the outside world. Start Squid with the command rcsquid start. The first time that Squid is started, it creates a hierarchy of cache directories under var cache squid . If you look in...
Adding Information
When the LDAP server is up and running, you can populate the server with your information. Some tools available for LDAP help with the initial population of LDAP data, as well as migrating existing users on the system to the LDAP directory. Here, we will populate the server with information using an LDIF (LDAP Data Interchange Format) file. j r - - r PADL (the reverse of LDAP) provides some infrastructure tools that integrate with LDAP, providing a much easier environment for an administrator...
Advanced Shell Features
If useful shell features such as command history and completion intrigue you, just wait This section highlights some of the other powerful capabilities that are built into the bash shell. Most of these features are present in the other shells discussed earlier in this chapter, but this section focuses on bash because it is the standard shell used on Linux systems. f - - r You may want to skip over this section if you are new to Linux and are just trying to learn how to perform some standard...
Strings ghex khexedit and antiword
If you are confronted with a file that the file command doesn't give very useful information about (perhaps it just reports data), it may be worth trying to view it with cat -v, with less, or with a text editor. If all you see is binary junk, you may still be able to find out something useful using the strings command, which searches inside a binary file for text strings and outputs them. The output may give some useful clues. The applications ghex or khexedit may also be useful. These are...
The NFS Server
Two NFS server implementations are available on SUSE. One is the kernel-based NFS server the other is an implementation that runs in user space and is included in the package nfs-server. If you use the kernel-based NFS server, you need the package nfs-kernel-server (or, in older SUSE versions nfs-utils). If you install the user space nfs-server package, you need to uninstall nfs-kernel-server (or nfs-utils) because the packages conflict. The description that follows is valid whichever...
IP Addresses
Every machine that takes part in a TCP IP network such as the Internet has an IP address. If you dial up and check your e-mail, you are given an IP address to distinguish you from other machines so that machines you communicate with know how to find you. An IP address is something called a dotted decimal number. We will take a private IP address (which we talk about later in the chapter) of 192.168.0.1 as an example. 192.168.0.1 is a dotted decimal number. The dots split up the number into...
Network Address Translation
Network Address Translation (NAT) is a technology that allows you to ''hide'' your private IP network from the Internet. All traffic, whether it is to a web server or a mail server or so forth is seen at its destination as having come from your NAT box. The NAT box then does the reverse translation when the server you are communicating with needs to send you data back and will change the destination IP address to that of your private machine. The web mail server you are communicating with has...
Updated Postfix maincf Configuration
Mail_spool_directory var mail canonical_maps hash etc postfix canonical virtual_maps hash etc postfix virtual relocated_maps hash etc postfix relocated transport_maps hash etc postfix transport sender_canonical_maps hash etc postfix sender_canonical masquerade_exceptions root masquerade_classes envelope_sender, header_sender, header_recipient myhostname laptop.palmcoder.net program_directory usr lib postfix inet_interfaces 127.0.0.1, 192.168.0.4 masquerade_domains palmcoder.net mydestination...
Configuration Using YaST
YaST's module for configuring Apache is contained in the package yast2-http-server. The module appears in the YaST menus in the Network Services section labeled HTTP Server. To call the module from the command line, type yast2 http-server. When the Apache packages are installed, a default set of configuration files are also installed. If YaST finds that these have not yet been changed in any way, the module runs in wizard mode to create a customized configuration. Clearly, the number of...
The RPM Header
Summary Logcheck system log analyzer Vendor Craig Rowland < crowland psionic.com> Packager Justin Davies < justin palmcoder.net> Logcheck is a software package that is designed to automatically run and check system log files for security violations and unusual activity. Logcheck utilizes a program called logtail that remembers the last position it read from in a log file and uses this position on subsequent runs to process new information. Some of the header options are...
Setting Up a Simple Print Server on the Local Network
If you have successfully set up a printer on the local machine, you have also successfully set up a print server for the local network. The SUSE default settings in the CUPS configuration file etc cups cupsd.conf ensure this. In the Browsing Options section of etc cups cupsd.conf, this is controlled by the lines The CUPS server advertises itself on the local network and is ready to accept jobs from other machines after they have been set up correctly to print to it. Of course, you can change...
Setting Up and Using a Samba Client
If you are working on a Linux desktop computer in a mixed networked environment where Windows systems are in use, you are very likely to want to be able to access shares on those Windows systems. If you only run a Samba client, you will not be able to share resources on the Linux machine so that they show up as shares that can be used on Windows. To do that you need to set up a Samba server. Let's look at the command-line options for mounting an SMB CIFS share. If a Windows machine on the...
The Novell Customer Center
As with most companies today, Novell provides a central site for people searching for customer support, answers to questions, software updates and patches, and so on. To reach the Customer Center, go to www.novell.com and select the link Customer Center,'' as shown in Figure 5-7. You will be required to log in with a Novell login. SLES and SLED customers will have a Novell login that takes them to a page where they can check their registration status, manage their subscriptions, raise support...
Installing an RPM
To install an RPM, you can use the YaST package selection tool we talked about in Chapter 1 or install manually. YaST will happily install RPMs that belong to the SUSE version it is running on, or which are available from an installation source that YaST has previously been informed about. But you cannot use YaST to install a single isolated third-party RPM package. Installing an RPM manually involves using the command-line features of rpm as opposed to using the YaST package manager. We will...
Using chkconfig to Control Runlevels
The command chkconfig is a program that allows you to add and remove services from the runlevel directory of a specific runlevel. If this program did not exist, you could in theory create your own links to move from one runlevel to another for example, in the directory etc init.d rc3.d to etc init.d to make sure a process starts and stops in an order you dictate. The services that you can control with the chkconfig command are all of the scripts in the etc init.d directory. However, on a SUSE...
Etcinitdrc6d
The directories associated with different runlevels contain both scripts that the init process will execute when entering a runlevel (known as Start scripts) and scripts that it will execute when it leaves a runlevel (known as Kill scripts). Start scripts are scripts whose name begins with an uppercase S. Kill scripts are those whose name begins with an uppercase K. j r - - r When we say enters and leaves with respect to runlevels, we are talking about , changing from one runlevel to another...
NFS Security Considerations
As with SMB shares, you certainly should not make it available beyond the private network. The lists of allowed client IPs or hostnames in the exports file are no defense against someone who is able to alter a machine's IP address (which, with physical access, in practice means anyone). The problem referred to earlier about UIDs failing to match between server and client means that a user may have the wrong permissions on another user's files on the server,...
Looking at the Configuration of the Running Kernel
Root bible proc zcat config.gz more Automatically generated make config don't edit CONFIG_X86 y CONFIG_MMU y CONFIG_UID16 y CONFIG_EXPERIMENTAL y CONFIG_CLEAN_COMPILE y When you get bored with reading this, type q to quit more. It is instructive to page through this file and look at the various options that refer to the hardware, filesystems, and so on that are to be supported by the kernel. The y at the end of lines means that the support for the relevant item is compiled into the kernel....
Output of route n
In this example, the IP address of the machine called bible is 192.168.131.70 255.255.255.0. As you can see from the routing table, there is a route to the 192.168.131.0 network through the eth0 device. The 0.0.0.0 IP address we talked about before can be seen in the code output, and this refers to the default router we are using if our routing table does not understand how to communicate with a machine we specify. In this case, the default route is 192.168.131.254. This is the IP address of a...
Setting Up a Samba Server Using YaST
YaST's Samba Server module can be found in the Network Services section of the YaST menus, or can be started using the command yast2 samba-server. 1. As with other Samba modules, the Samba Server module behaves differently according to whether YaST finds a previous configuration already in existence or not. If there is no previous configuration it runs as a wizard asking essential questions until it has the information to create a configuration. If a previous configuration already exists, it...
Figure 2821
Installing Windows 2003 as a Xen virtual machine windows Virtual Machine Console < roger-amd64> Configuration Files and Command-Line Tools Each virtual machine has a configuration file in etc xen vm. If you use file-based virtual machines (in other words, the virtual disk is a file), these are stored by default under var lib xen images . The following is an example of a configuration file name opensuse ostype opensuse extra disk vif 'mac 00 16 3e 10 ab 98', vfb 'type vnc,vncunused 1' This...
Finding Files with find and locate
The find command searches the filesystem for files that match a specified pattern. The locate command provides a faster way to find files but depends on a database that it creates and refreshes at regular intervals. The locate command is fast and convenient, but the information it displays may not always be up-to-date this depends on whether its database is up-to-date. To use the locate command, you need to have the package findutils-locate installed. If the package is installed, the database...
Export Pathpathusrfrobulatorbin
To one of the startup files such as the user-specific bash configuration file .bashrc in your home directory. i- i . Any environment variable preceded by a dollar sign ( ) means that you are referring to the value of that variable, not its name. That is why the command shown previously, in which we changed PATH, works. We are changing the value of PATH to be its old value ( PATH) with the and the additional path appended to it. r r. When you've set an environment variable, you can unset it at...
Mail Facility Logging via syslog
The format of the syslog.conf file is relatively simple. The first field (on the left in Listing 7-2) specifies the name of the logging facility, followed by the logging level. The second field (on the right in the preceding listing) is the file or host to log this message to. j f - - p You will find that a lot of naming conventions in Linux, and Unix in general, are ' - > standardized in an unofficial way. The prefix.suffix notation is found in a few configuration files. In the syslog...
Vanilla kernel packages built for openSUSE are available at httpdownload opensuseorgrepositoriesKernel Vani 11
A Linux kernel has a version number such as 2.6.23.12 (the latest stable version of the kernel at the time of this writing). The convention is that the stable kernel series has a middle number that is even. Thus 2.0, 2.2, 2.4, and 2.6 are successive stable kernel series. The odd numbers represent the development series. For a long period while the 2.4 kernels were the stable series, 2.5 kernels were being issued in the development toward the current stable 2.6 kernel. The third and fourth...
Compressing Files
Two compression programs are in common use on Linux, gzip and bzip2. While gzip is more common, in general, bzip2 leads to somewhat smaller file sizes. To compress a file using gzip, do the following user bible temp gzip afile user bible temp ls afile.gz The file afile has been compressed to the file afile.gz. To restore the original file, you can use the gunzip command (or the equivalent gzip -d). Notice how each time the original is no longer there. If you want to keep the original file while...
Output of the ifconfig Command
Eth0 Link encap Ethernet HWaddr 00 03 FF 69 68 12 inet addr 192.168.131.70 Bcast 192.168.131.255 Mask 255.255.255.0 i net6 addr fe80 203 ffff fe69 6812 64 Scope Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU 1500 Metric 1 RX packets 30256 errors 0 dropped 0 overruns 0 frame 0 TX packets 35690 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 4048565 (3.8 Mb) TX bytes 34473633 (32.8 Mb) Interrupt 11 Base address 0x1080 lo Link encap Local Loopback UP LOOPBACK...
Manually Partitioning an Existing Windows System
If the SUSE installer cannot repartition an existing Windows partition automatically, you can always use the Linux parted (Partition Editor) utility to manually resize an existing partition, usually when your entire disk is occupied by a Windows partition. The parted utility is available from the SUSE install disk when you select the Rescue System option from the main menu of the SUSE install CD or DVD. For more information about booting the rescue system, see the section The SUSE Rescue...
Also do this on the command line using rcSuSEfirewall2 start or rcSuSEfirewal stop
To select the network interfaces that will take part in the firewall configuration, click Interfaces. It is very important that you get this right otherwise, your configuration will be the wrong way 'round and will not work as you expect. In the sample network configuration previously in the chapter, you had eth0 as the internal network interface and ethl as the external public interface, so set that here as well (see Figure 24-5). I In this chapter, we have looked at firewalls on systems with...
The SUSE Manuals
Your copy of openSUSE, SUSE Linux Enterprise Desktop, or SUSE Linux Enterprise Server comes with official documentation that which can be installed to disk and (if you wish) printed. When installed, the manuals can be found under the directory usr share doc manual . The packages containing the English language versions of the manuals for openSUSE are named as follows Versions for many other languages exist with en replaced by the relevant code for the language. These packages provide the same...
Using NTP Time Services
Network Time Protocol (NTP) synchronizes your machine time with a centralized time server of your choosing. Time servers available on the Internet are usually a secondary source to a machine that acts as a central time server. Central (or primary) time servers are usually linked into an extremely accurate clock mechanism. To specify an NTP time source, select the Network Service icon in the left pane after starting YaST, and then select the NTP Client option from the right pane, or type yast2...
IC M w SB lv Si
& *S- - irfiSamfi . , i f-y M ** I v * V fx -.v' toF-f '1 x ' i- ' v . ' sM sas 3 ' i.T1 - WF&s S The most important part of getting Linux up and running is installing the system. Some aspects of the Linux installation process may seem unfamiliar and slightly alien when you see them for the first time. This chapter demystifies the process by helping you through the installation, explaining the general principles, pointing out any stumbling blocks that you may hit upon, and offering suggestions...
Completing Installation
Once you have finished with your hardware configuration, click Next. It has been a long road, but you have successfully installed SUSE at this point (see Figure 1-33). Pat yourself on the back if you are new to the world of Linux. Although installing Linux is much easier now than it used to be, you have begun a journey in which you will learn a great deal and join a worldwide community of Linux users whose help and insights (thanks to the Internet) are never far away. V welcome Syiitenttouljiia...
The Start of Authority
At the start of the zone, you have the SOA record. The Start of Authority dictates that this zone is authoritative for the domain in question, palmcoder.net. j f - - p Notice that palmcoder.net ends in a full stop (a period). This is extremely impor- , tant in the zone file for any domain. A full stop is the delimiter for the end of the DNS tree, following the palmcoder.net domain all the way up the tree, the full domain name is palmcoder.net (with the full stop). If a full stop is not found,...
Burning CDs and DVDs Using k3b
The easiest way to create CDs and DVDs is by using k3b, which is a graphical tool included with all current versions of SUSE. Figure 14-7 shows a CD being burned in k3b. The k3b application makes it easy for you to burn audio CDs, data CDs, mixed-mode CDs, video CDs (VCDs), eMovix CDs, audio DVDs, data DVDs, video DVDs, and eMovix DVDs from a convenient graphical interface. To specify the type of project that you want to create, select the appropriate type of project from the File O New Project...
Configuring an Interface with ifconfig
To configure an address for an interface with ifconfig, you need to specify the interface in question, the IP address, and traditionally the state of the interface (up or down). Consider the following example, which assigns an IP address to an interface with ifconfig bible ifconfig eth0 192.168.0.1 up This configures the device eth0 with an IP address of 192.168.0.1 and sets the interface into an active configuration. When you are setting an IP address, the network and broadcast addresses are...
Printer Configuration
One of the biggest annoyances for Linux users in the past was the configuration of printers. In the Windows world, the addition of a printer is painless, but in Linux it seemed the process was always marred by problems with drivers and configuration options. The Common Unix Printing System (CUPS) print drivers have helped to provide a unified printer architecture for Unix in general, and with distributions such as SUSE providing powerful configuration front ends, printer configuration has...
Mount devsda1 mnt o nosuid
This command mounts the partition dev sda1 on the directory mint and ensures that no programs in that filesystem whose s bit is set will be able to take advantage of that fact to execute as a privileged (or specific other) user. Three final mount options that are generally useful are ro, rw, and remount. When mounting external or remote partitions, you may occasionally want to mount them read-only so that you cannot accidentally change their contents. You would do this by specifying the ro...
Setting Up a Windows Client to Print to the CUPS Server
Recent versions of Windows support the IPP protocol, so you can set them up to print to a CUPS server. f - - r Older versions of Windows require an additional program to make use of IPP T- - , -r . printing. To use IPP printing on Windows 95 and 98, you need to download the file wpnpins.exe from Printing from a Windows client using IPP is an alternative to using Samba as the print server on Linux. The printer does not appear as a Windows shared printer from the point of view of the Windows...
The CUPS Logs
CUPS logs its activity in three log files var log cups access_log, var log cups page_log, and var log cups error_log. The names are self-explanatory. The file access_log shows access to the CUPS server in a rather similar way to the Apache web server logs. It shows the requesting host name and the date for each access to the CUPS server. The file page_log shows the user and the job name, as well as the number of pages printed. Each page printed shows in the file as a serial number against the...
Output of route n with NoDefault Route
Bible route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo As you can see, this example uses the -n option to suppress the use of name resolution. When you suppress name resolution, it speeds up the execution of the command because it will not try to resolve an IP address to a name using your name resolver, which could at best be your local host's file or at worst be your...
Postfix Terminology and
The configuration options we just discussed represent only a small amount of what can be done with Postfix. We now talk about how this all works together and what it provides to you as a mail server administrator. Any parameter that starts with an SMTPD controls some part of an incoming SMTP-based connection. Similarly, any parameters starting with SMTP refer to outgoing (to other SMTP servers) connections. Configuring and Securing Your Relay Policy Postfix's relaying policy (allowing users to...
Setting Up a NIS Server Using YaST
NIS is widely used as a distributed authentication mechanism as it is freely available on almost all Unix and Unix-like systems. It is also easy to set up, and far less complex than LDAP. You will not be surprised to find that YaST has a module for setting up a NIS server. To get a basic NIS configuration using this module is very straightforward. The YaST module for NIS Server configuration The YaST module for NIS Server configuration You call the YaST NIS Server module from the YaST menus...
All group passwd rpc
The network information that was entered in the final stage of the YaST configuration is stored in the file var yp securenets. To set up a NIS server entirely from the command line, use the following steps. 1. To set the NIS domain name, use the following ypdomainname disruptive.org.uk 2. To go through a set of configuration steps to define, run the program usr lib yp ypinit (note that this is not in the path by default, so you need to call it with its full path) 3. At this point, we have to...
Changing the Default Runlevel
Runlevels are discussed in detail in Chapter 4. Basically, a system's runlevel determines the services that are automatically started when your system boots. The YaST Expert Installation Settings screen can be used to change the default runlevel of the system by clicking the Default Runlevel heading in YaST's Installation Settings panel or by clicking the Change button and selecting Default Runlevel from the pop-up menu. As you can see in Figure 1-22, you can choose to boot your SUSE system in...
Using pureftpd
The principles discussed in this chapter with reference to vsftpd apply equally to pure-ftpd, but there are some differences in detail. You can set up pure-ftpd to start in one of two ways either as a service that starts at boot time or from xinetd as described for vsftpd. If you choose the first method, you need to edit the configuration file etc pure-ftpd pure-ftpd.conf and then run the command rcpure-ftpd start. To ensure that it starts at boot time, you need to run the command chkconfig...
Troubleshooting DHCP Clients
Most of the problems that you may see in DHCP environments are related to DHCP clients that somehow retrieve erroneous information from a DHCP server. This is almost always the result of people starting DHCP servers on other systems that either serve the same range of IP addresses as your DHCP server or serve an entirely different set of IP addresses. If a DHCP client on your system retrieves an IP address that is in the same range as those delivered by your DHCP server but any other aspect of...
Allowing ICMP Traffic
It is all well and good having a secure firewall, but you still need to be able to receive ICMP traffic so that your users, you, and other Internet users are aware if there is a problem. Internet Control Message Protocol (ICMP) is integral to the working of the Internet. ICMP is used to send status and error messages about the state of the network to interested parties. For example, when you ping a machine, the ping packet and its echo are sent over ICMP. If you cannot access a machine because...
Troubleshooting DHCP Servers
If clients cannot contact the DHCP server, the dhcping utility that is part of the dhcp-tools package may be useful. Here is an example of how this is used dhcping -h 00 15 C5 0C 2F 5A -c 192.168.1.66 -s 192.168.1.254 Got answer from 192.168.1.254 Roughly this means Is the server -s 192.168.1.254 willing to provide the address 192.168.1.66 to the client -c with hardware address -h 00 15 C5 0C 2F 5A In this case, the reply was affirmative. For more details of how to use this tool, see the man...
The Apache Configuration Files
Older versions of Apache had all the configuration information in a single file, such as etc httpd.conf. In Apache 2 on SUSE, the configuration is modularized, and there is a set of configuration files under the directory etc apache2 . The main configuration file etc apache2 httpd.conf references (and describes in comments) the other configuration files in the same directory. In each case, a directive starting with the key word Include is used to pull in the content of the subsidiary...
Logging with syslog
The traditional Linux logging facility is syslogd. Current versions of SLES and openSUSE offer both syslogd and syslog-ng (ng for new generation''). syslog-ng is now the default in openSUSE and SLES. The basic concepts of logging facilities and log levels apply to both methods syslog-ng (discussed later in the chapter) is essentially an extension of syslogd that has more flexibility and is easier to use as a central log host in a large networked environment. Here we look first at syslogd and...
Persistent Naming of Network Interfaces
Historically, some versions of Linux have had the rather irritating problem that not all network interface names were stable. In the past, there were workarounds for this such as including a variable PERSISTENT_NAME in the configuration file corresponding to the specific device in the directory etc sysconfig network . In recent versions of SUSE, the persistent naming of Ethernet devices is handled in a much more elegant way through the udev kernel device management subsystem. If you find that...
The Graphical Mail Clients
For Linux users, the choice of mail client usually boils down to the desktop product they use. KDE comes with the kmail client, whereas Gnome comes with the Evolution mail client. Both are quite different beasts. kmail is a very nice, well-rounded mail client that can connect to POP, IMAP, and also local mail spools to read your mail. You can set up mail rules to send mail to specific folders based on certain parameters and can also connect to mail servers over SSL. Evolution is more of an...
Syslogng Configuration for iptables Source
include internal syslog-ng messages note the internal() source is required the following line will be replaced by the socket list generated by SuSEconfig using variables from etc sysconfig syslog unix-dgram( var lib ntp dev log ) uncomment to process log messages from network Listing 7-4 shows the source definition for the entire syslog-ng process. This example shows two logging sources, dev log (for the standard kernel logging device) and var lib ntp dev log.A separate entry is necessary...
Getting a File from a T610 over Bluetooth
Thinkpad - obexftp -b 00 0E 07 24 7E D5 --get telecom devinfo.txt No custom transport Connecting bt 1 done Receiving telecom devinfo.txt done Disconnecting done In this use of obexftp, we made sure it used Bluetooth (-b), the Bluetooth address, the process (get), and the file we wanted to transfer. In this case, the file devinfo.txt will be downloaded to the current directory. To have full communication with a Bluetooth device, you need to pair with it. This may involve setting the device to...
The bochs PC Emulator
The bochs project goes back a long way. It is a free (licensed under the GNU LGPL) PC hardware emulator that provides a complete emulation of PC hardware in software. As is the case with QEMU and VMware (see later in the chapter), you can install an operating system into bochs. However, bochs does not offer virtualization of the underlying hardware to the guest. This means that it can be built and run on any Unix-like platform on any hardware architecture, but it also means that it is slow. For...
Setting Up SCPM
SUSE Configuration and Profile Manager (SCPM) is a profile manager for the SUSE system. Profiles allow you to define multiple configurations for the same system and switch between them. This is particularly useful for laptop users who, for example, need different network, proxy, and printer settings at home and at work. We will configure this same environment as a quick introduction to what can be achieved with SCPM. It is an extremely powerful component of the SUSE system that can profile any...
Taking Part in an IPX Network
The IPX protocol is closely associated with Novell NetWare. Traditionally NetWare setups used networking over the IPX protocol rather than TCP IP. Now, IPX is becoming rarer, but it is still in use. Novell NetWare has been extremely good at managing large pools of users (in the thousands), and this is why it is so popular with large organizations. A large proportion of universities have tens of thousands of user accounts that they must manage in an efficient manner. Linux is able to communicate...
Using telnet as a Protocol Tester
This is a test mail that I am sending you. We have used the SMTP protocol to specify that we are sending an e-mail to the user justin palmcoder.net from the user justin bible from the machine localhost (ehlo localhost). This is a standard SMTP protocol transaction that can be used to quickly test an SMTP server's ability to send mail to a specific user. We discuss mail servers and provide a further example of using Telnet to test a service in Chapter 17. The command line used, telnet localhost...
Testing an MTA from the Command Line
You can test a remote mail server from the command line by using telnet to connect to it on port 25. Suppose you want to test the mail server for the domain disruptive.org.uk. First, you can look up the mail server for that domain with the dig command (see Chapter 21) The relevant part of the output that you get is ANSWER SECTION disruptive.org.uk. 172800 IN MX 10 a.mx.disruptive.org.uk. disruptive.org.uk. 172800 IN MX 20 b.mx.disruptive.org.uk. So the preferred mail server for the domain is...
The exportfs Command
The exportfs command can be used to handle the exporting of directories directly from the command line. To export all directories listed in etc exports, use exportfs -a. If etc exports has changed, exportfs -r rereads etc exports and changes the state of the directories being exported accordingly. This is like using rcnfsserver reload. Configuring the NFS server with YaST Configuring the NFS server with YaST You can export a directory that is not mentioned in etc exports by using something like...
User Authentication
A common requirement is to add user authentication so that only known users within the network can get web access via Squid. The simplest way to do this is to make use of whatever authentication methods are available on the machine where Squid is running, using PAM (Pluggable Authentication Modules). To do this, you need something like the following in etc squid squid.conf auth_param basic program usr sbin pam_auth This line says that you should use PAM for authentication Whatever...
The Files in varlog
Our initial installation was based on the default, so the contents of var log should be very similar to what we will talk about in this section. If you have installed other applications, such as Samba or BIND, you will find more log files on your system. Core services such as Apache, Samba, and BIND log to a subdirectory under var log as their files can grow quite large, and the subdirectory structure provides a more structured view of your system. Having a single directory that all of your...
Partitioning Examples
On the x86 architecture, there are limitations on the number of partitions a disk can contain. There can be at most four primary partitions, one of which can be an extended partition. The extended partition can contain multiple logical partitions (up to a maximum of 60 on an IDE disk or 12 on a SCSI disk). When working with partitioning tools, you should always ensure that any partitions you are going to change are not mounted before you start. You should also be absolutely sure that you know...
Setting Up an Installation Server
The package name of the YaST module that simplifies the process of setting up an installation server is yast2-instserver. This is not installed by default, so the first thing you will need to do if you want to use it is to install it in the usual way. Once installed, the module can be started from the Misc section of YaST, or using the command yast2 instserver You will see the screen in Figure 9-30. YaST installation server initial screen YaST installation server initial screen You are offered...
Using Squid as a Transparent Proxy
One of the difficulties in running a web proxy is that each client browser has to be configured to use it. A much neater solution is to force all attempts to access a web site to go through the proxy. This can be achieved quite simply by using iptables firewall rules on the machine where Squid runs. What you want to do is to intercept all outbound packets to external hosts on port 80 (and certain others perhaps) and redirect them to port 3128 on the server. Squid will then do the proxying. So...
Adding or Editing Groups
To create or edit groups in your system, select Security and UsersOGroup Management or, from the command line, type yast2 groups. Similar to the User section, you are presented with a list of groups currently on the system (see Figure 9-24). You can select a group from the list and click Edit to change settings for that group, or click Add to create a new group. You can choose to filter the list to show all system groups or local groups only (that is, the groups made up of real human users)....
The YaST Autoinstallation Module
The purpose of this module is to help you create the AutoYaST XML control file. You can start the module with or by selecting the icon in the YaST Misc screen (the one with the wonderful pineapple icon). When you start the module you will see a screen like Figure 9-33. The module enables you to create a configuration by going through any or all of the possible steps that would be taken during a real installation, using an interface almost identical to YaST during installation. Alternatively,...
Running Microsoft Windows Applications with Wine
According to the Wine web site at www.winehq.org Wine officially stands for wine is not an emulator. Wine is an open source implementation of the Windows API on top of X, OpenGL, and Unix. Think of Wine as a compatibility layer for running Windows programs. Wine does not require Microsoft Windows, as it is a completely free alternative implementation of the Windows API consisting of 100 percent non-Microsoft code. However Wine can optionally use native Windows DLLs if they are available. Wine...
Runlevel Editor
Throughout the book, we have talked about enabling services at boot time. This is very important when dealing with Unix systems. A mail server would be useless if the server process itself did not start up at boot time. You would have to manually start the mail server every time the system booted, which is inefficient and time-consuming. The Runlevel Editor can be used to turn on and off system services at system boot in different runlevels. To load the Runlevel Editor, start YaST and select...
The YaST Online Update Module
YaST's online update module can be started from within YaST by selecting the Software icon in YaST's left pane and then selecting the Online update icon in YaST's right pane. YOU (Yast Online Update) can also be started either from the susewatcher Start online update button (which of course requires you to type a root password) or by typing YaST examines the system against the patches available, and in the main screen it informs you of the patches that you may want to install. An indication of...
Starting sendmail
Installing sendmail as described in the previous section also installs the sendmail startup script etc init.d sendmail and creates symbolic links that automatically start and stop sendmail at run levels 3 ( etc init.d rc3.d S14sendmail and etc init.d rc3.d K08sendmail, respectively) and 5 ( etc init.d rc5.d S14sendmail and etc init.d rc5.d K08sendmail, respectively). To start sendmail, execute the startup script manually, as in the following example To verify that sendmail is running and its...
Mount devhda5 mint o notail
Another option that you can specify when mounting a ReiserFS filesystem is to disable journaling. To turn off journaling, add the nolog parameter to the options that you supply to the mount command. At the time of this writing, the Reiser filesystem actually still executes its journaling algorithm internally when this option is specified but simply does not write this data to disk, so this option provides only a slight increase in performance at the potential detriment of reliability should...