Ubuntu Server Administration

The Very Secure FTP Service

Before configuring the vsFTP server, you need to install it. One method is with the following command A multi-threaded TFTP server for multiple connections An FTP server with an SSL option other FTP servers are preferred in the Ubuntu documentation An FTP server that uses Kerberos for authentication A complex FTP server with support for chroot directories, quotas, and more The standard TFTP server, sometimes used for terminal servers A two-part FTP server, including an authenticating front-end...

Install Xfce

To install Xfce from the command line interface, you could install any or all of the Xfce packages available from the Hardy Heron repositories. But the implicit objective is not to install a standard GUI desktop, but to install a GUI with a fairly minimal number of packages. The apt-cache search xfce command reveals 108 packages. As Xfce is built from the same toolkit as GNOME, GNOME-based GUI administrative tools can also be installed on that desktop environment. Be aware, several described...

Ipstat Printer Status

Another handy command is the lpstat -t command, which provides an overall view of configured printers and current status. If CUPS is running properly, the first message is Other excerpts are shown here. First, the default printer is listed system default destination anIPPprinter Next, configured print classes are shown, with the individual printer members of each class members of class FirstClass LaserJet-4L UbuntuPrinter members of class MyPrintClass SamplePrinter1 SamplePrinter2 The devices...

Use the Kickstart Configuration Tool

The Kickstart configuration tool is a graphical tool. If you've installed Kickstart without a GUI on an Ubuntu Server system, Kickstart can be run from a remote system with a GUI. Just take the following steps 1. On the Ubuntu server, run the ifconfig command to look for the local IP address. An excerpt of the output should appear similar to the following. (In my case, the IP address is 192.168.0.102. Your IP address will probably be different.) eth0 Link encap Ethernet HWaddr 00 0c 29 15 2a 4e...

The portmap Service

The base configuration file for the port mapper daemon is etc default portmap. It suggests one command option that is fed to the etc init.d portmap script Options are fed to the service script, etc init.d portmap. This script starts the port mapper service, which enables NFS (and NIS) communication via regular TCP IP ports. Boolean (yes or no) option that can activate the network status monitor for remote procedure calls (RPCs) Port-based firewalls block NFS, unless the port for NFS related...

Choose a Mirror of the Ubuntu Archive

Select the Choose A Mirror Of The Ubuntu Archive option from the expanded Main Menu. It should allow you to set up a connection to the mirror of your choice. Before you continue, review the list of available mirrors at https wiki.ubuntu.com Mirrors. Generally, a mirror geographically close to you is best, but the wiki does not include other relevant information such as the connection speed between the mirror and the Internet. For my own system, since I'm geographically close to the kernel.org...

Configuring iptables

Firewalls based on the iptables command is organized in chains of rules. Each rule in a chain is compared against each network packet. Every iptables command specifies information that can be found in a packet header. If a match is found, it also specifies the actions to take. Firewalls are a complex subject for more information, see Linux Firewalls (Third Edition Novell Press, 2005), by Suehring and Ziegler. The iptables command is organized in the following format iptables -t tabletype <...

The Basics of fdisk

First, you need to know the device file of the drive to be configured. The easiest way to determine this is with the following command, which lists all connected drives if they're detected You'll see drive sizes, listed in order, as well as partitions configured on each drive. A sample output is shown in Figure 5-1. Note the partitions configured on the first two drives. The actual drive order varies by hardware portable drives such as those connected by USB and IEEE1394 devices appear after...

Create Physical Volumes

The first step to create a logical volume is to identify the available space on a physical disk. If you have just added an empty hard disk, you can create a PV on the entire disk. For example, if you've just added a fourth SATA hard disk ( dev sdd), you could set up a PV on that disk with the following command You can also configure a new PV on a properly configured partition, using the fdisk and parted utilities discussed earlier in this chapter. If you've added a new partition called dev...

Creating a Volume Group

You can create a VG from two or more PVs using a straightforward command just substitute the name of your choice for volgroupl sudo vgcreate volgroupl dev sdc1 dev sdd1 Once a VG is available, it's easy to add more room. In this example, I've created a PV on dev sdb1 for this purpose and want to add more room to the VG named volgroup1. To that end, I created a dev sdb1 partition, configured with the Linux LVM partition type, and applied the pvcreate command to that partition. I then add that...

Dynamic Host Configuration Protocol DHCP Services

A DHCP server automates the network configuration process for clients. In detail, DHCP allows a Linux computer to serve dynamic IP addresses. It supports the configuration of a range of IP addresses and allows you to reserve a specific IP address, based on the hardware address associated with a client's network card. It can assign more information such as the gateway and DNS IP address to every system that requests an IP address. DHCP servers can simplify and centralize network administration...

Add a Network Route

In Linux network configuration, the route command can be used to set up a default gateway for the network. Strictly speaking, a default gateway is the route used if the desired destination address does not exist elsewhere in the routing table. It's the gateway to the default IP address, 0.0.0.0. This output from the route -n command suggests no current default gateway address 192.168.0.0 * 255.255.255.0 U 0 0 eth0 Only a single host can be reached via this route. This entry was created by an...

The Configuration File

Now review the configuration of the DHCP3 server. The default version of the configuration file, etc dhcp3 dhcpd.conf, does not configure any IP addresses. So if you try to activate this server without modifying the configuration file, it won't assign any IP addresses. This section reviews default configuration directives, along with the directives you need to add to set up a DHCP3 server on a standard private IPv4 network. NOTE Be aware of the semicolon ( ) at the end of each line a common...

Extra App Armor Profiles

If you're looking for more control with AppArmor, additional profiles are available from the apparmor-profiles package, in the directory. Be aware that the profiles in this directory are not fully tested. When they are, expect to see more profiles in the etc apparmor.d directory. As of the Hardy Heron release, these profiles include commands such as man and passwd, applications such as Adobe Acrobat Reader and Evolution, clients such as dhclient and portmap, as well as services such as sendmail...

Device Drivers

There are a substantial number of settings associated with Device Drivers, more than just the hardware drivers available for Linux. Some settings in this area are divided into different categories, entitled Memory Technology Devices, Parallel Port Support, Plug and Play Support, Block Devices, Misc Devices ATA ATAPI MFM RLL Support, SCSI Device Support, and more. These categories are briefly explored here. Generic Driver Options These settings relate to firmware. Connector - Unified Userspace -...

Basic Xfce Tools

The Xfce desktop environment is similar to other GUI desktops, including GNOME, KDE, and even Apple Macintosh and Microsoft Windows. It includes a panel, a menu button, and icons. If you've installed the xubuntu-desktop meta-package described in the first part of the chapter, you've also installed a number of GNOME applications and utilities. Those of you who've used Xfce in the past may notice how it's evolving more toward GNOME. Figure 13-9 displays the Xfce desktop environment shown when the...

Sync Remotely

The rsync command transfers files between directories. It takes just as much time to copy files with the rsync command the first time. The power of the rsync command is revealed after the first time. The only data that's transmitted is data that has changed specifically, only the parts of each file that have changed. That makes rsync suitable for backups even over slow networks. If you're not experienced with the rsync command, try a basic version of this command. First, create a backup...

Mirror Configuration

There are two basic methods to synchronize a local client to a remote repository. The rsync command is the traditional method associated with synchronizing local and remote groups of files. The apt-mirror command is more focused, and in my opinion, a better choice at least for the initial mirroring of the remote repository. The focus of this section is on apt-mirror you could subsequently use the rsync command to keep the repository created up-to-date. As the apt-mirror package is rarely...

An NIS Client

NIS server systems already include the etc yp.conf configuration file and ypbind service for NIS clients. For systems in which you want to configure just an NIS client, the following command installs the needed packages You're prompted for the NIS domain name for the example discussed earlier, that name is example.org. As is done for the NIS server, the name you enter is included in the etc defaultdomain configuration file. The name can be reconfigured by directly editing that file or by...

The Ubuntu Server Installation Screen

Before we start the installation process, you should have an Ubuntu Server Edition CD available and know how to boot from the CD on your system. Insert the CD (or Ubuntu DVD) into the appropriate drive. Alternatively, use a virtual machine such as VMware Server, Virtualbox, or KVM as discussed in Chapter 20. Press a key (other than a function key or enter) within 30 seconds of loading the software to follow along with this section. You'll see a screen similar to that shown in Figure 2-3, with...

Install Ubuntu Server Step By Step

Finally, you get to see how Ubuntu Server Edition is installed, step by step, in Expert mode. I assume you know how to boot from the CD on your system. The same steps are required if you've set up an ISO file as a CD DVD on a virtual machine. 1. When you boot from the Ubuntu Server CD, you'll see a list of languages obscuring the screen. Select a language and press enter. 2. Once you see the menu shown in Figure 2-3, press F6 twice. In the pop-up menu that appears, highlight Expert Mode and...

Hardware Issues

Hardware virtualization doesn't work unless it's on a system with multiple CPUs (or a multi-core CPU). And then, if you want to run other unmodified operating systems such as Microsoft Windows on Linux with KVM (or Xen), you'll need a multi-core or multiple CPUs with hardware virtualization enabled. Some enterprises will want to run Windows on KVM (or Xen), such as those that continue to use a Microsoft authentication server while other services are converted to Linux. If you want to configure...

The Ubuntu Server

Because this book is designed for administrators, the focus is on the Ubuntu Server Edition. Built for security, it has a minimal number of open ports the default installation specifies only that software considered essential for smooth server operation. It includes a preconfig-ured option to install a stack of packages known as LAMP (Linux, Apache, MySQL, and PHP), which is designed to speed configuration of the Ubuntu Server as a web server. Lightweight, uses Fluxbox window manager, uses only...

Download the ISO File Online

Many Linux administrators download the installation program for the latest version of several Linux distributions, including Ubuntu Server Edition. These downloads correspond to the contents of the appropriate CD or DVD. In this context, an ISO file is a standard format for downloads that can be recorded to appropriate media. Downloadable ISO files are typically quite large and correspond to the size of the CD DVD media. NOTE In the context of CD DVD downloads, an ISO file is short for an ISO...

Download the ISO File from the Command Line

The advantage of downloading a large ISO file with certain commands is that such commands can handle interruptions in the download process. Specifically, the wget and curl commands can restart a download from the point of an interruption. If these commands don't already exist on a local Ubuntu system, they can be installed from packages of the same name using the following command These commands can then be used to download any file, based on a known URL. For example, if to download the first...

Virtualization

Hardware virtualization facilitates the configuration of multiple virtual machines on a single system. Linux supports several options for hardware virtualization. Red Hat enables Xen with a specialized kernel on its distributions. Newer releases of VMware products also take advantage of hardware virtualization. The default virtualization option for Ubuntu Server Edition is based on a Linux kernel module known as the Kernel-based Virtual Machine (KVM). The current trend towards virtualization...

Partition Device Files

Before you review how to create partitions, take a step back and examine how partition device files work. Partitions can be created on several different types of media PATA drives Since nearly the beginning of the PC era, the standard computer system has been configured to manage up to four IDE (Integrated Drive Electronics) hard drives, now known as PATA (Parallel Advanced Technology Attachment) drives. SATA drives Current PCs can also handle SATA (Serial ATA) drives. SCSI drives Servers...

Kernel Configuration Menus

Ubuntu Server Admin

As suggested, two kernel configuration menus are available. If you've installed the packages suggested so far in this chapter, you can start the ncurses-based tool. To do so, navigate to the usr src linux directory (or whatever directory contains the Linux kernel source code) and run the sudo make menuconfig command. The standard ncurses menu is shown in Figure 19-2. The Kernel Configuration menu as shown includes some clues. The top line indicates that it has imported settings from the .config...

Configure Forwarding

A router is a key device in network communication. Linux systems are commonly configured as routers. Router configuration is an important skill for Ubuntu administrators. To configure Ubuntu as a router, all you need to do is configure a kernel variable. The following command confirms the default for IPv4 addressing, where Linux is not configured as a router If the local computer has two or more network cards, you can configure the system as a router. To do so, enable IP forwarding in etc...

Simple Postfix Configuration

The first time the Postfix SMTP service is installed, you're prompted with questions during the installation process. For example, if you install Postfix with the following command, you're prompted to configure Postfix in a number of text-based screens. Figure 17-1 illustrates several choices, as described in Table 17-2. For the purpose of this chapter, press tab to highlight OK and then press enter to continue. Then select Internet Site to set up Postfix to send and receive e-mail with a...

Creating a Logical Volume

You can create a LV from the space configured for a VG using the lvcreate command. It's a straightforward command. The following command creates an LV on device dev volgroup1 logvol1 just substitute the name of your choice for volgroupl. sudo lvcreate -L 200M volgroupl -n logvoll There are many variations on the lvcreate command however, this usage is the most straightforward, as it specifies the size and name of the LV to be created. If you're in doubt about the space available in the VG, run...

About the Technical Editor

Elizabeth Zinkann is a logical Linux catalyst, a freelance technical editor, and an independent computer consultant. She was a contributing editor and review columnist for Sys Admin Magazine for 10 years. Some of her editing projects have included RHCE Red Hat Certified Engineer Linux Study Guide, Linux+ Certification Passport, Mastering Fedora Core Linux 5, Linux Patch Management, and Write Portable Code. She owns an iBook that thinks it's an UbuntuBook and is an avid digital photographer. In...

User and Group Configuration Tool

Ubuntu supports configuration of users and groups with the Users Settings GUI tool. It supports fairly fine-grained customization of user and group settings. Starting with the Hardy Heron release, permission to use this tool is limited by the PolicyKit package, as described in the last section of this chapter. If your account has permissions to manage system configuration tools, you can open Users Settings from a command line interface in the GUI with the following command NOTE Prior to the...

Keeping It Simple

Normally, the PolicyKit enables unlock access to administrative tools to members of the admin group, as configured in the etc group and etc gshadow configuration files. Members of this group who start an administrative tool can have access via the Unlock key, which is now included in most GNOME-based administrative tools. For example, when user bub opens the Users Settings tool with the users-admin command, full access is disabled by default. However, when user bub clicks the Unlock key, the...

Configure with the Policy Kit GUI Tool

True Linux geeks work from the command line. But more Microsoft administrators are converting to Linux. For this audience, many, and perhaps most, readers learn more about tools based on newer concepts from the GUI. To start the GUI PolicyKit configuration tool, run the following command It opens the Authorizations tool, shown in Figure 10-9. Monitor local virtuaiized syst Manage local virtuaiized sys v gnome Change system time zon Change syctcm time Configure hardware clock j freedesktop...

Implicit and Explicit Authorizations

Implicit Authentication

Two levels of authorization are possible in each of the PolicyKit categories just described. Implicit and explicit authorizations are discussed in the following sections. Implicit Authorizations As noted in the PolicyKit tool, implicit authorizations can be configured to authorize access by user or by console. Control can be based on user status on the console. Implicit authorizations are available in all of the policy areas described in the preceding section. Select the category of your...

Create a Samba Share

In this section, you'll examine how to configure a directory for sharing via the Samba server. This does not address any firewalls that may exist or network problems that may arise between server and client computers. This also assumes the gnome-system-tools, samba, and samba-common packages are installed, and your account has appropriate PolicyKit-based administrative privileges. Finally, the Shared Folders tool should be open in a GUI one method is by using the shares-admin command. As...

Create an NFS Share

In this section, you'll see how to configure a directory for sharing via the NFS kernel-based server. This does not address any firewalls that may exist or network problems that may arise between server and client computers. This also assumes the gnome-system-tools, samba, and samba-common packages are installed, and your account has appropriate PolicyKit-based administrative privileges. Finally, the Shared Folders tool should be open in a GUI one method is with the shares-admin command. As...

The Policykit

The PolicyKit is relatively new for Linux. Originally developed to enable finer grained policies with respect to hardware, the PolicyKit has been extended to allow access from regular, normally unprivileged users. For the Hardy Heron release of Ubuntu, it's focused primarily on GUI-based administrative tools and utilities. It's intended to provide a finer-grained control than is realistic or possible using the sudo and PAM tools discussed earlier in this chapter. In fact, starting with the...

Policy Kit Identifiers

Policies can be configured in several different categories. Some are accessible from the pane on the left of the Authorizations window (see Figure 10-9). The list you see may not include all available PolicyKit options. This depends in part on any additional services that might be installed or special PolicyKit settings that might be configured. Most options described normally apply to regular users who are not members of the admin group. NOTE I've split out major administrative settings in...

The Filesystem Hierarchy Standard

While there are variations, modern Unix Linux operating systems share several common directories. Some of these directories are dedicated for user files, drivers, kernels, logs, programs, utilities, and more. These directory categories, documented in the FHS, make it easier for users of other Unix-based operating systems to understand the basics of Linux. On every Linux distribution, the filesystem starts with the top-level root directory, also known by its symbol, the single forward slash ( )....

Manage Filesystems in etcfstab

While you can run the mount command to activate and copy data to newly formatted partitions, that's not enough. Such partitions aren't recognized during the boot process unless they're configured in the etc fstab configuration file. To understand what's configured in this file, review it with a command like less etc fstab. As you can see in Figure 5-2, different filesystems are configured on each line. As suggested by the opening comments in the file, there are six fields associated with each...

Check the CDROMs Integrity

If you have doubts about the CD or DVD you're using, the better time to check it was earlier in the process discussed back in the Download the ISO File Online section. But if you think you need to check the integrity of the media now, select the Check The CD-ROM(s) Integrity option from the expanded Main Menu. Be aware, if you're working with a mounted ISO file, say on a virtual machine, this option works equally well. NOTE Yes, the option and the title of this section does not follow the...

Analyze the Configuration File

If you want to configure a Samba server, you'll need to edit the main Samba configuration file, etc samba smb.conf. This file is long and includes a number of commands that require a good understanding of Microsoft Windows networking. Fortunately, the default version of this file also includes helpful documentation with suggestions and typical configurations that you can use. To help you with this process, I analyze the default Ubuntu version of this file. The code shown next is essentially a...

Network Configuration Files

There are a number of other important network configuration files included on an Ubuntu system. The information requested by a client can be customized by an appropriate DHCP client configuration file. Databases that translate domain names, such as www .mhprofessional.com, to IP addresses, such as 12.163.148.249, can be configured either locally in etc hosts or can be referenced by etc resolv.conf. To prevent conflicts, a name search order can be configured in either etc host.conf or etc...

Simple sendmail Configuration

If you choose to install the sendmail SMTP service, be prepared to do most configuration by directly editing an appropriate configuration file. When installing sendmail with the following command, several additional packages are installed (if they're not already included), as described in Table 17-3. A macro processor intended to compile the sendmail.mc file An MDA sometimes used by sendmail for local e-mail addresses Architecture-independent files for sendmail For user authentication databases...

Limit NFS Shares with Options

There are a number of options that regulate access to NFS shares. In the example etc exports file shown earlier, the pub directory is exported to all users as read-only (ro). It is also exported to one specific computer with read write (rw) privileges. The home directory is exported, with read write privileges, to any computer on the .example.net network. Finally, the tftpboot directory is exported with full read write privileges (even for root users, with the no_root_squash option) but the...

Major CUPS Configuration Files

CUPS does its good work based on the configuration files in the etc cups directory. Available configuration options go beyond what most administrators need. When the CUPS service starts, it loads the parallel printer module by default, as specified in the etc default cupsys configuration file. Yes, some computers including two of mine still have parallel ports. The basic functionality of other CUPS configuration files is described in Table 9-3. These files reflect the features available in CUPS...

The Universal Resource Identifier URI

Perhaps the most important bit of CUPS configuration data is the URI, which is a superset (inverse of subset) of the more well-known URL. In other words, a URI includes regular HTTP and FTP URLs, as well as IPP interfaces such as this DeviceURI ipp 192.16 8.0.30 printers LaserJonHP Local URIs are based on printers directly connected to the local system, and networked URIs are based on printers accessed over a network. First, I present several examples of local URIs, which are almost...

The Gui Dhcp Server Configuration Tool

Ubuntu now has a GUI configuration tool available, courtesy of the gdhcpd package. As it's built with GTK+ libraries, it does not require many additional packages on the Xfce (or even the GNOME) desktop environments. I prefer to customize most services directly through their text configuration files. However, one value I find for GUI tools is how it helps newer administrators learn more about subject services. Before running the tool, back up the current version of the configuration file. For...

Install LTSP Packages

Diskless clients are not dumb terminals they do require a bit of infrastructure. While local graphics hardware (video card, appropriate monitor) is required to display a GUI, a local hard drive isn't required. Diskless clients can be configured on systems where the network card and BIOS can be configured with the PXE. There are three parts to the infrastructure for diskless clients First, DHCP (Dynamic Host Configuration Protocol) services provide unique network addresses to each client, which...

The Installation CD Rescue Mode

Sometimes, you just need a rescue disk. The example of a missing GRUB configuration file is a good way to test the rescue mode available from the Ubuntu installation CD. For the purpose of this section, I run the following command to disable the GRUB menu sudo mv boot grub menu.lst home michael Now that GRUB is disabled, use the Ubuntu Server installation CD the ISO file described in Chapter 2 would work just as well. Boot from that CD, and when you get to the main Ubuntu Server installation...

Common Samba Commands

Some key commands associated with Samba are listed in Table 16-4. This table does not include commands that require extensive knowledge of Microsoft systems such as NT quotas or access control lists. Here are some examples of the use of some of these commands. The smbtree command, as shown in Figure 16-1, illustrates shared directories and printers from other Samba servers on a network. Note how it lists systems on workgroups (or domains) named WORKGROUP and MSHOME. The -U michael option adds...

General Log Configuration

You can configure what syslogd records through the etc syslog.conf configuration file. As shown in this section, the default version of the file includes a set of rules for different facilities (if the corresponding packages are installed). If you make changes to this file, just remember to restart the syslogd daemon with the etc init.d sysklogd restart command. In the analysis of any log file, it's important to understand the levels of log messages available. Each level is known as a priority....

Review Network Connections with netstat

You've already seen how the netstat -nr command can specify the current routing table. But it can do so much more on the local system. Try the netstat -altun command. Analyze the switches. The -a inspects all sockets where a service is listening and where a connection is established. The -l specifies all ports to which the local system is listening for connections. The -t specifies connections associated with TCP (Transmission Control Protocol) data the -u specifies connections associated with...

Remote GUI Access

Before proceeding to configure remote GUI access on Ubuntu, you need to know a couple of things about the workings of the Linux GUI. Normally on a network, the local computer is the client and the remote computer acts as the server. X Window clients and servers work on a different paradigm. The X server controls the graphics on the local computer. The X server draws images on the client screen and takes input from the local keyboard and mouse. In contrast, X clients are local or remote...

Upstart RCs Scripts and Services

If you haven't installed a new version of Linux lately, you might be in for a shock. There is no etc inittab configuration file in Ubuntu releases. Upstart, the replacement for the System V init program, is designed to meet the demands of the latest plug-and-play hotplug environments. During the boot process, Upstart is especially helpful with filesystems mounted on portable and network devices. NOTE This section assumes that you have some basic knowledge of services and runlevels thus, some of...

Install the LAMP Stack

This section is based on an Ubuntu server installation, with only the Secure Shell (SSH) server selected to support remote access. The following command is one way to install the LAMP stack of packages sudo apt-get install apache2 mysql-server libapache2-mod-php5 php5-mysql With dependencies, based on the Hardy Heron release, this command installs Apache version 2.2.8-1 and PHP5. If you want to install a legacy version of Apache or PHP, it's possible that Ubuntu will make it available in the...

Include a Patch

If you've downloaded the source code for a kernel, it can be patched. If you keep abreast of the latest Linux news, or at least the change log associated with patched kernels, you'll know the features or fixes available with the latest patch. Patches usually work fairly well if you're upgrading from one patch version to the next higher version. For example, the patch-2.6.24.2.gz or patch-2.6.24.2.bz2 file can be used to upgrade the kernel from version 2.6.24.1 to 2.6.24.2. There are also more...

Work with Landscape

Canonical Landscape Configuration

There are several basic tools associated with Landscape. But you need to know how to set up and register a client. You'll then learn how easy it is to monitor registered client systems. When you register with Landscape (even with a trial subscription), you should receive an e-mail confirmation, with an embedded link. Navigate to the associated URL and follow the instructions. Remember any included passphrase, as you'll need it when logging into Landscape, as shown in Figure 8-10. The passphrase...

Partition Information

The options shown in Figure 3-3 determine how partitions are configured. While it appears to support the configuration of standard and RAID Redundant Array of Independent Disks partitions, it does not currently support the configuration of LVM Logical Volume Management groups. The Clear Master Boot Record option configures Kickstart to wipe the MBR from an older hard disk. I've set up several partitions in Figure 3-3. If you're using a new hard drive or want to...

Basic Configuration

While an Ubuntu system includes an NTP client by default, an NTP server requires a bit more. To install the NTP server, run the following command It includes several configuration files. The first is etc default ntp, which includes options associated with the NTP daemon, usr sbin ntpd. The default setting in this file is this The -g switch allows the NTP service to adjust the time once by over the panic threshold of 1000 seconds. That can help if you've accidentally picked the wrong time zone...

Configure the Package Manager

Select the Configure The Package Manager option from the expanded Main Menu. If you configured a mirror earlier in the Choose A Mirror Of The Ubuntu Archive section, be ready with that mirror here. Then take the following steps. NOTE If any preceding steps have been skipped or there are problems such as a bad network connection to a mirror, this step prompts you to complete the missing steps. 1. You're prompted to configure a network mirror to supplement the packages available from the CD....

Partition Disks

Select the Partition Disks option from the expanded Main Menu. I've run this exercise on a virtual machine with 256MB of RAM. Make a note of the amount of RAM configured for your system. If the space configured doesn't match the steps shown, please feel free to deviate as needed. Be aware, there are more options under Partition Disks than I can clearly cover in a single section. Take the following steps 1. As shown in Figure 2-10, several options are available for partitioning method. If free...

Install DNS Packages

The default DNS packages are based on the Berkeley Internet Name Domain (BIND). Development of the basic BIND server continues under the auspices of the Internet Systems Consortium (ISC). There are several excellent alternative DNS services available. A search of the Hardy Heron repositories reveals nearly 200 DNS related packages, including several servers. One alternative that I like is the djbdns package from http cr.yp. to djbdns.html, even though the license does not support open...

The CUPS Configuration Tools

For the purpose of this chapter, I've configured a CUPS server on a system named ubuntuhardyserver.example.net. I've reconfigured the etc cups cupsd.conf configuration files to allow remote access and administration. Now to administer the CUPS server on a remote system, using the web-based interface, I open a browser and navigate to If needed, I accept the default website certificate. It opens the tool shown in Figure 9-1. The Printer Configuration tool can be installed on a Hardy Heron client...

How to Format a Filesystem

There are several commands available which can format a Linux filesystem. All are based on the mkfs command, which includes extensions that describe the filesystem format, such as mkfs.ext2, mkfs.ext3, and mkfs.reiserfs. Closely related is the mkswap command, which formats a Linux swap partition. Of course, the commands discussed in this section should not be run on a mounted filesystem. These commands are straightforward. The following command formats the dev sdbl partition to the ext2...

Quotas by Size and Inode

The edquota command can be used to create and customize disk quotas for users. This file edits the aquota.user or aquota.group file with the default editor. In this section, I'll edit quotas for user donna to restrict the amount of disk space she is allowed to use. I use the following command to edit user donna's quota configuration The -u switch is the default edquota command option if you want to edit the quotas of a group, the -g switch is appropriate. If the default editor is nano, you can...

Update Management Tools

Two of the popular alternatives to the apt-* commands are aptitude and the Synaptic Package Manager. The aptitude command works in two basic modes. As a command, aptitude can in most situations be used as a drop-in replacement for the apt-get command. As such, a separate section for aptitude as a command would be redundant. When run by itself, aptitude opens an intuitive tool that does not require a GUI. One more popular option is the Update Manager, available through the update-manager...

The Task Selector

The Task Selector is a simple tool to install groups of packages after an Ubuntu system is installed. Like the Update Manager and Synaptic Package Manager, it's a front end to the aptitude command which itself is a front end to the apt-get command. To open it, run the sudo tasksel command. The advantage, as shown in Figure 8-9, is the listing of major package groups. You can navigate with arrow and tab keys. To select a desired package group, highlight it and press the space bar to add an...

Special File Permissions

Permissions can be a risky business, but you need to give all users access to some programs. Setting full read, write, and execute permissions for all users on a Linux system can be dangerous. One alternative is setting the SUID and the SGID permission bits for a file. Specialized permissions are available, known as set user ID (S UID), set group ID (SGID), and the sticky bit. To review a file with SUID permissions, run the ls -l usr bin passwd command. The s that appears in the user execute...

The Installation of CUPS

Although the standard CUPS server packages are installed by default for the Ubuntu desktop, they're not included in the standard Ubuntu Server installation, unless the Print Server software group is selected during the installation process. Even if you've already installed CUPS, it's a good idea to see what CUPS packages are available and then choose Includes commands familiar to LPD LPRng administrators, such as lpq, lpr, and so on Supports both CUPS client and server packages Adds open source...

Using the GRUB Command Line

If the GRUB configuration file is accidentally erased, all is not lost. You could use a rescue mode as described in the next section. Alternatively, you could just enter the commands at the GRUB command line that appears when the GRUB configuration file is missing or misplaced. To follow along with this section, print out a copy of your GRUB configuration file, boot grub menu.lst, or refer to the file as described in the first half of this chapter. Minimal BASH-like editing is supported. For...

Mware Server

This section describes one way to install VMware Server version 2.0 Release Candidate 2 on an Ubuntu Hardy Heron system. To download the required tarball package, navigate to www.vmware.com products server . The final release of VMware Server 2.0 was made available just as this book goes to print. The version number listed in this section has already changed. While the look and feel of VMware Server version 1.0.x is quite different from version 2.0.x, the installation process on Linux systems...

Create a Virtual Machine on KVM

This section illustrates two methods to create a virtual machine, using KVM modules and utilities. I've tested these methods on my laptop system with a dual-core CPU. I use the Ubuntu JeOS system and ISO file described earlier for this purpose. One advantage of JeOS is that it requires relatively few resources. I illustrate the configuration of a virtual machine from the command line using the virt-install command as well as the GUI Virtual Machine Manager, which can be started with the...

The Tape Archive tar Command

The tar command is simple and filled with features. It can package groups of files into a single compressible archive. Packages created with the tar command are sometimes known as tarballs, which is still a common method for distributing packages. Tarballs are still an option for distributing packages for all major Linux distributions. It's time for an example. If you want to back up the files in user michael's home directory, the following command collects all files from the noted home...

The Basics of parted

Before you use parted to work with a partition, you need to know the device file of the drive to be configured. The easiest way to do this is with the following command, which in this case lists the partitions configured on the second SCSI or SATA drive You'll see the size of the noted drive, as well as partitions configured on that drive. The following code shows how I start the parted utility to open that second SCSI or SATA drive, dev sdb, to access the (parted) command line prompt Welcome...

Manage Accounts with chage

You can use the chage command to manage the expiration date of a password and an account. Password aging information is stored in the etc shadow file. For example, if you wanted to require that user test1 keep a password for at least two days, use the chage testl -m 2 command. Current password and account aging information is available for user michael with the following command Options for the chage command are described in Table 10-8. Dates can be expressed either in a total number of days...

Lpq Line Print Query

Any user can inspect the contents of a print queue with the lpq command. When run by itself, the lpq command displays the current queue on the default printer. When run with michael ubuntuhardyserver anlPPprinter printer is on device queuing is enabled printing is enabled no entries daemon present AnotherLaseri printer is on device queuing is enabled printing is enabled no entries daemon present FirstClass printer is on device queuing is enabled printing is enabled no entries daemon present...

More apt Commands

The apt-get command is just one of the many available apt- based commands. Others discussed in this section include apt-cache, apt-file, and apt-ftparchive. The apt-ftparchive command will be used to help to create a repository mirror later in this chapter. For a more complete list of apt- commands and options, see the Debian Linux apt HOWTO, available online from The simplest way to review available repositories for package information is with the apt-cache command. Assuming the local...

Create a Group

Now I'll show you how to create a new group using the Users Settings tool. From the Users Settings window, click Manage Groups. This opens the Groups Settings window. Click Add Group to open the New Group window shown in Figure 10-5. The options are straightforward. Like the username, group names must start with a lowercase letter. The Group Members window lists eligible users that you can select to make a part of the new group. The only slightly tricky bit for a special group is the Group ID...

Service Specific Log Files

To complete the discussion of collected log files, Table 7-4 lists typical logs and log directories in the var log directory these are related primarily to services such as Apache and Samba. Table 7-4 is not a complete list additional service-specific log files may be available. Specifies events related to the Advanced Configuration and Power Interface Notes authentication-related messages Now obsolete associated services replaced by Upstart Lists failed local or Telnet login attempts readable...

Components of Email Systems

E-mail systems include up to four major components. Most users have mail user agents (MUAs) as their e-mail clients. Many administrators already configure mail servers, also known as mail transfer agents (MTAs). But an MTA doesn't do everything a mail delivery agent (MDA) is required to carry the e-mail from a mail server to mailboxes. Finally, a mail retrieval agent (MRA) connects to files on a remote directory being used as a mailbox. Alternatives for each component are listed in Table 17-1....

Background in dpkg

The dpkg command is fundamental to the Debian packaging system used on Ubuntu releases. If you're familiar with Red Hat-style distributions, it's functionally equivalent to the rpm command. The options are rich and varied. As has been done for rpm, the options associated with dpkg could be collected into a book-length work. This section explains the switches that I use most often. To test these switches, you'll want a ready archive of packages. Even if this is a completely new installation, an...

Ubuntu Repository Organization

Ubuntu repositories for the United States are available from http us.archive.ubuntu .com. From this URL, examine the top level repository directories. Click the ubuntu subdirectory, and then click the dists subdirectory to see the listing shown in Figure 8-1. Figure 8-1. Ubuntu repository directories Figure 8-1. Ubuntu repository directories Includes standard files associated with Hardy Heron installation many of the packages contained can also be found on the installation CD hardy-backports...

Find the Right Mirror

During the installation process, you may have configured a connection to an appropriate national mirror. However, a national mirror may not be the best mirror for you. For example, when I trace the route to the http us.archive.ubuntu.com mirror from the US West Coast, it actually connects to a server in the United Kingdom. Any mirror located in the continental United States is more likely to better serve my systems. NOTE One way to trace the route to a remote server is with the traceroute...

Manage Those Log Files

To maintain a system and keep it secure, it's important to track what happens on the system. If you're aware of key events, such as when most users connect, log files can help you to spot unusual activity. Ubuntu systems use a number of packages to monitor activity on a system. These packages include utilities that can help you identify problems and their causes. There are several log-related scripts installed by default on Ubuntu systems. Three are related to the boot process but are currently...

Install an LDAP Server

To install the packages required for an LDAP server, run the following command sudo apt-get install ldap-account-manager ldap-auth-config ldapscripts slapd ldap-utils migrationtools With dependencies, this command installs all the packages required to configure and manage an LDAP server for network authentication. If various Apache server and LDAP client packages are not already installed, it includes those packages as dependencies. The installation process requires answers to several questions...

Install the GRUB Boot Loader on a Hard Disk

Select the Install The GRUB Boot Loader On A Hard Disk option from the expanded Main Menu shown in Figure 2-18. You're prompted to choose whether to install the GRUB on the master boot record (MBR) of the first hard drive. If you so select, the local system uses reads the MBR when booting, which refers to the boot grub menu.lst file for more information. If you want to install the GRUB boot loader on the MBR, select Yes. If you select No, you can install GRUB on a specific partition, which...

Upstart Scripts Replace etcinittab

If you remember the directives in the etc inittab configuration file, you'll recognize the contents of the other files in the etc event.d directory. As the hardware advantages of Upstart are essentially transparent to most users, this section focuses on how Upstart provides equivalent functionality to etc inittab. The first line in a standard etc inittab file specifies the default runlevel. To review, for Debian-based distributions including Ubuntu, the default runlevel as signified by the...

Recovery Mode

Earlier in this chapter, I suggested that you disable or at least password-protect the recovery mode option in the GRUB menu. The risk is that recovery mode does provide access to root administrative privileges on the local system. The title of the associated stanza in the GRUB configuration file will appear similar to this Ubuntu 8.04, kernel 2.6.24-16-server (recovery mode) If you select this option, Linux boots without hiding any boot messages. It then starts a Recovery Menu, as shown in...

Remote Access via XDMCP

Remote Ubuntu Server Admin

To configure access via XDMCP, you need a graphical login manager on both the client and the remote X server. To modify the GNOME graphical login manager, which is also used for the Xfce desktop environment, use the Login Window Preferences tool, Figure 13-10. Configure remote access available from the sudo gdmsetup command. As suggested by Figure 13-10, it's fairly easy to configure remote access using the login manager. Under the Remote tab, the Style drop-down text box can disable remote...

Get the Right Tools

You need additional packages to get the tools to compile and customize the kernel. The basic packages required to compile the kernel can be installed with the following command sudo apt-get install fakeroot linux-kernel-devel ccache The fakeroot package is especially important for Ubuntu systems, where the root administrative user is rarely enabled. It includes wrappers around key commands such as chown and chmod to enable a regular user to assume root...

Configure the X Server from the Command Line

Those of you familiar with other Linux distributions may be familiar with the command line configuration tool for the X server. On older distributions, it was known as xf86config on the latest distributions, it's known as xorgconfig. The dpkg-reconfigure xserver-xorg command brings the administrator through a similar series of steps. It's a straightforward process to use the noted command to configure the X server. But before starting this process, back up the current X server configuration...

Select a Baseline

If you're not patching a kernel, the next step is to select a baseline configuration. If you want to configure the current Ubuntu Server kernel as the baseline, the configuration is available from the boot config-vuname -rv file. This section assumes you've unpacked the source code for the current kernel in the usr src linux directory. It takes two steps to set up the current kernel for customization 1. Copy the current kernel configuration file sudo cp boot config- uname -rv usr src linux...

The Meaning of Root in Linux

There are several meanings associated with the word root in Linux. In GRUB, a directive such as root (hd0,1), which couples it with a partition, specifies the partition with the boot directory. Also in GRUB, a directive such as root dev hda5 in the kernel command line specifies the partition or device where the top-level root directory ( ) is mounted. The home directory for the root administrative user is root, which exists even if the root user isn't given a password (which is the default in...

Networking in the Boot Process

Ubuntu has a well-deserved reputation as an operating system that just works. But problems do arise. To understand what might go wrong, it's important to understand how networking starts and is configured during the boot process. As Linux is loaded, network hardware is eventually detected and appropriate network modules are loaded. If a problem occurs when hardware should be detected, it may be revealed through the kernel ring buffer discussed in Chapter 4 and available in the var log dmesg log...

Format and Configure a RAID Array

As data is stored in each component of a RAID array, each partition must be formatted. The method is the same as that for formatting a partition for direct use. For example, to format the target partitions to the ext3 filesystem, I run the following commands sudo mkfs.ext3 dev sdb1 sudo mkfs.ext3 dev sdc1 For this example, I've set up a spare partition on a fourth SCSI drive, dev sddl, which I've also formatted. I can configure a RAID array in Ubuntu with the mdadm command. I configure the two...

Basic Kernel Concepts

It's helpful to review some kernel concepts before proceeding. Kernels can be configured as one big monolithic file or organized with a core and a group of modules. There are many different kernel-related packages available. Updated kernels built by Ubuntu and uploaded to appropriate repositories are fairly easy to use. The kernel numbering system, if you aren't familiar with it, can be confusing. (Linux geeks should recognize that some readers may be converting from either Microsoft or...

Installation Method

In the Kickstart Configurator screen's left pane, select Installation Method. The options are straightforward. The Ubuntu version of this tool supports only new installations it does not support the Red Hat options associated with upgrades. The tool is somewhat interactive for example, if you select an FTP installation method, the Kickstart Configurator Assigns the default language for the installation and operating system. Sets the default keyboard normally associated with language. Configures...