Modify Permissions with chmod

The chmod command uses the numeric value of permissions associated with the owner, group, and others. In Linux, permissions are assigned the following numeric values r 4, w 2, and x 1. For example, if you were crazy enough to give read, write, and execute permissions on fdisk to all users, you would run the sudo chmod 777 sbin fdisk command. If you wanted to give read and write permissions to the Samba configuration file to the administrative user and read-only permissions to all other users,...

Service Specific Log Files

To complete the discussion of collected log files, Table 7-4 lists typical logs and log directories in the var log directory these are related primarily to services such as Apache and Samba. Table 7-4 is not a complete list additional service-specific log files may be available. Specifies events related to the Advanced Configuration and Power Interface Notes authentication-related messages Now obsolete associated services replaced by Upstart Lists failed local or Telnet login attempts readable...

Upstart Scripts Replace etcinittab

If you remember the directives in the etc inittab configuration file, you'll recognize the contents of the other files in the etc event.d directory. As the hardware advantages of Upstart are essentially transparent to most users, this section focuses on how Upstart provides equivalent functionality to etc inittab. The first line in a standard etc inittab file specifies the default runlevel. To review, for Debian-based distributions including Ubuntu, the default runlevel as signified by the...

Creating a Logical Volume

You can create a LV from the space configured for a VG using the lvcreate command. It's a straightforward command. The following command creates an LV on device dev volgroup1 logvol1 just substitute the name of your choice for volgroupl. sudo lvcreate -L 200M volgroupl -n logvoll There are many variations on the lvcreate command however, this usage is the most straightforward, as it specifies the size and name of the LV to be created. If you're in doubt about the space available in the VG, run...

Manage Filesystems in etcfstab

While you can run the mount command to activate and copy data to newly formatted partitions, that's not enough. Such partitions aren't recognized during the boot process unless they're configured in the etc fstab configuration file. To understand what's configured in this file, review it with a command like less etc fstab. As you can see in Figure 5-2, different filesystems are configured on each line. As suggested by the opening comments in the file, there are six fields associated with each...

The Forward Zone File

To create a master DNS server, you'll need to create at least a forward zone file. Based on the configuration so far, the forward zone will be configured in a db.example.org file in the etc bind directory. To create this file, I start from the forward zone file for the localhost system, etc bind db.local, with the following command sudo cp etc bind db.local etc bind db.example.org Now to decipher some of the language in this file TTL 604800 means that the default Time To Live (TTL) for data on...

Manage With Landscape

Landscape is Canonical's web-based system management service. It allows administrators to manage the Ubuntu systems on their networks from a single web-based interface. While Landscape is not freely available, it is a convenient administrative front end that makes it possible to monitor and administer individual systems without always having to connect to each system. For readers familiar with other system management tools, Landscape is functionally similar to the Red Hat Network, Microsoft's...

Choose a Language

Select the Choose Language option from the Main Menu shown in Figure 2-5, and then take the following steps 1. Select a language for the installation process, which will also be used for the default language for the installed system. Other languages can be added after installation is complete. For the purpose of this chapter, select English and press enter to continue. 2. Based on the language, you might see choices of different countries for example, the English language is associated with...

An NIS Client

NIS server systems already include the etc yp.conf configuration file and ypbind service for NIS clients. For systems in which you want to configure just an NIS client, the following command installs the needed packages You're prompted for the NIS domain name for the example discussed earlier, that name is example.org. As is done for the NIS server, the name you enter is included in the etc defaultdomain configuration file. The name can be reconfigured by directly editing that file or by...

Select and Install Software

Select the Select And Install Software option from the expanded Main Menu. A few moments after selecting the option, you'll see the menu shown in Figure 2-16. Rl Lilt iiiuiiiurll, urily Lhe cure uf Lht I > . i inslalleU. Tu lune Ihe system to your needs, you can choose to install one or more of the following predefined collections of software. Rl Lilt iiiuiiiurll, urily Lhe cure uf Lht I > . i inslalleU. Tu lune Ihe system to your needs, you can choose to install one or more of the...

Graphical Environment Options

Ubuntu focuses on three main options for the graphical environment GNOME, KDE, and Xfce. While there are many other excellent graphical environments available, these are associated with the three main Linux desktop releases from Canonical Ubuntu (GNOME), Kubuntu (KDE), and Xubuntu (Xfce). However, all of these releases, as well as Ubuntu Server, share the same repositories. In other words, you can install KDE on Ubuntu, GNOME on Xubutnu, and Xfce on Ubuntu Server. You'll see how to install all...

How to Format a Filesystem

There are several commands available which can format a Linux filesystem. All are based on the mkfs command, which includes extensions that describe the filesystem format, such as mkfs.ext2, mkfs.ext3, and mkfs.reiserfs. Closely related is the mkswap command, which formats a Linux swap partition. Of course, the commands discussed in this section should not be run on a mounted filesystem. These commands are straightforward. The following command formats the dev sdbl partition to the ext2...

Ubuntu Repository Organization

Ubuntu repositories for the United States are available from http us.archive.ubuntu .com. From this URL, examine the top level repository directories. Click the ubuntu subdirectory, and then click the dists subdirectory to see the listing shown in Figure 8-1. Figure 8-1. Ubuntu repository directories Figure 8-1. Ubuntu repository directories Includes standard files associated with Hardy Heron installation many of the packages contained can also be found on the installation CD hardy-backports...

Virtual Box

The open source edition of VirtualBox is the virtual machine manager created by Sun Microsystems and released under the GPL. There is a more complete edition available for noncommercial use at This discussion is limited to the open source version. Installation is as simple as that of any other package one method is to use the following command sudo aptitude install virtualbox-ose virtualbox-ose-modules- uname -rv The installation process adds a vboxusers group to the etc group and etc gshadow...

Cupsctl Review and Modify cupsdconf

The cupsctl command provides another way to modify the settings in the etc cups cupsd.conf configuration file. If you're unsure about the syntax of CUPS, the cupsctl command may work better for you. By itself, cupsctl highlights important directives. Several major options are highlighted in Table 9-5. Enables remote administration via other CUPS tools Allows configured printers to be browsed Supports connections from systems other than localhost Allows a user to cancel any print job NOTE Be...

Apache Default Settings

The default Apache settings in the etc default apache2 configuration file relate to local caching, using the mod_disk_cache module. The cache is regulated using the htcacheclean command. The first directive, shown here, means that the command is run only if the module is activated. You can activate the module with the following command The other options in the etc default apache2 configuration file are fairly well explained in the comments each option is associated with the htcacheclean command...

App Armor Commands

The apparmor_status command was described earlier. The apparmor_parser command is called during the AppArmor initialization process. The remaining AppArmor commands are aa-* commands. The following command reveals them as links to other scripts, also in the usr sbin directory Sets unconfined execute (disables AppArmor protection) Sets unconfined execute (child processes also run without AppArmor protection) Works only with programs with AppArmor profiles Works...

Device Drivers

There are a substantial number of settings associated with Device Drivers, more than just the hardware drivers available for Linux. Some settings in this area are divided into different categories, entitled Memory Technology Devices, Parallel Port Support, Plug and Play Support, Block Devices, Misc Devices ATA ATAPI MFM RLL Support, SCSI Device Support, and more. These categories are briefly explored here. Generic Driver Options These settings relate to firmware. Connector - Unified Userspace -...

Simple sendmail Configuration

If you choose to install the sendmail SMTP service, be prepared to do most configuration by directly editing an appropriate configuration file. When installing sendmail with the following command, several additional packages are installed (if they're not already included), as described in Table 17-3. A macro processor intended to compile the sendmail.mc file An MDA sometimes used by sendmail for local e-mail addresses Architecture-independent files for sendmail For user authentication databases...

The Tape Archive tar Command

The tar command is simple and filled with features. It can package groups of files into a single compressible archive. Packages created with the tar command are sometimes known as tarballs, which is still a common method for distributing packages. Tarballs are still an option for distributing packages for all major Linux distributions. It's time for an example. If you want to back up the files in user michael's home directory, the following command collects all files from the noted home...

Dots and Double Dots

The dot (.) and double dot ( ) offer a couple of command options. A single dot represents files in the current directory. This notation is a handy way to copy regular and hidden files from the current directory. For example I created a new user (katie) manually and then copied default shell configuration files from the etc skel directory with the following command A single dot can also be useful for scripts that are not in the current value of PATH. The current directory is typically not in any...

Background in dpkg

The dpkg command is fundamental to the Debian packaging system used on Ubuntu releases. If you're familiar with Red Hat-style distributions, it's functionally equivalent to the rpm command. The options are rich and varied. As has been done for rpm, the options associated with dpkg could be collected into a book-length work. This section explains the switches that I use most often. To test these switches, you'll want a ready archive of packages. Even if this is a completely new installation, an...

General Log Configuration

You can configure what syslogd records through the etc syslog.conf configuration file. As shown in this section, the default version of the file includes a set of rules for different facilities (if the corresponding packages are installed). If you make changes to this file, just remember to restart the syslogd daemon with the etc init.d sysklogd restart command. In the analysis of any log file, it's important to understand the levels of log messages available. Each level is known as a priority....

The Installation CD Rescue Mode

Sometimes, you just need a rescue disk. The example of a missing GRUB configuration file is a good way to test the rescue mode available from the Ubuntu installation CD. For the purpose of this section, I run the following command to disable the GRUB menu sudo mv boot grub menu.lst home michael Now that GRUB is disabled, use the Ubuntu Server installation CD the ISO file described in Chapter 2 would work just as well. Boot from that CD, and when you get to the main Ubuntu Server installation...

Fundamental apt Commands

The early part of this chapter described one of the problems with the dpkg command installation trouble when dependencies exist. While it is possible to force a package installation, overriding existing dependencies can be risky. Installed packages without access to dependencies can lead to problems with associated commands and applications. Figure 8-2. The Software Sources tool Figure 8-2. The Software Sources tool That's where the apt-* commands can help. Specifically, the apt-get install...

Restore Default Policy Kit Settings

If there are problems with the PolicyKit and you don't remember the default settings based on the PolicyKit Authorizations tool or any other commands that have been run, they can be reset with the following commands. The first two commands reset the defaults for system administration tools and user customization tools polkit-action --reset-defaults org.freedesktop.systemtoolsbackends.set polkit-action --reset-defaults The following two commands reset the defaults for users who can revoke the...

The Ubuntu Server Installation Screen

Before we start the installation process, you should have an Ubuntu Server Edition CD available and know how to boot from the CD on your system. Insert the CD (or Ubuntu DVD) into the appropriate drive. Alternatively, use a virtual machine such as VMware Server, Virtualbox, or KVM as discussed in Chapter 20. Press a key (other than a function key or enter) within 30 seconds of loading the software to follow along with this section. You'll see a screen similar to that shown in Figure 2-3, with...

Ipadmin Administer the Printer

The lpadmin command can adjust and modify printers, as configured in the etc cups printers.conf configuration file. The following command sets the default printer to SamplePrinter1 Printers can be limited by user if you'd like to keep a couple of users from accessing a printer, just substitute deny for allow lpadmin -p SamplePrinter1 -u allow michael,donna If you want to correct an error in a printer's URI, the following command enters a different URI lpadmin -p SamplePrinter2 -v Try this...

Find the Right Mirror

During the installation process, you may have configured a connection to an appropriate national mirror. However, a national mirror may not be the best mirror for you. For example, when I trace the route to the http us.archive.ubuntu.com mirror from the US West Coast, it actually connects to a server in the United Kingdom. Any mirror located in the continental United States is more likely to better serve my systems. NOTE One way to trace the route to a remote server is with the traceroute...

TCP Wrappers with etchostsallow and etchostsdeny

There is a specific format associated with directives in both etc hosts.allow and etc hosts.deny. The basic format for commands in each file is as follows One simple directive for these files is This directive specifies all services (daemons) and makes the rule applicable to all hosts (clients) on all IP addresses. If this line is configured in etc hosts.deny (without other information in etc hosts.allow), access is blocked to all services that transmit TCP packets. Most administrators will...

More apt Commands

The apt-get command is just one of the many available apt- based commands. Others discussed in this section include apt-cache, apt-file, and apt-ftparchive. The apt-ftparchive command will be used to help to create a repository mirror later in this chapter. For a more complete list of apt- commands and options, see the Debian Linux apt HOWTO, available online from The simplest way to review available repositories for package information is with the apt-cache command. Assuming the local...

The Task Selector

The Task Selector is a simple tool to install groups of packages after an Ubuntu system is installed. Like the Update Manager and Synaptic Package Manager, it's a front end to the aptitude command which itself is a front end to the apt-get command. To open it, run the sudo tasksel command. The advantage, as shown in Figure 8-9, is the listing of major package groups. You can navigate with arrow and tab keys. To select a desired package group, highlight it and press the space bar to add an...

Port Security Concepts

Linux networking is associated primarily with the TCP IP protocol stack, also known as the Internet Protocol suite. The TCP IP stack is organized in several layers. Two of the more important protocols in the stack are TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). Equivalent is the Internet Control Message Protocol (ICMP) associated with the ping command. Data transmitted with these protocols use 1 or more of approximately 65,000 ports. Many of these ports are defined in...

Remote Access via XDMCP

To configure access via XDMCP, you need a graphical login manager on both the client and the remote X server. To modify the GNOME graphical login manager, which is also used for the Xfce desktop environment, use the Login Window Preferences tool, Figure 13-10. Configure remote access available from the sudo gdmsetup command. As suggested by Figure 13-10, it's fairly easy to configure remote access using the login manager. Under the Remote tab, the Style drop-down text box can disable remote...

A Dhcp Relay

If you need to configure a connection to another network, it would be simplest to configure the DHCP server on a gateway system with direct connections to all target networks. But that's not always possible. In that case, you'll want to install the dhcp3-relay package on a gateway computer with a connection to the network with the DHCP server as well as the remote target network. One installation method uses the following command When installing the dhcp3-relay package, you're asked to specify...

TIP Before reporting a bug use available tools to search for existing bug reports If you add credible new information

Searching the Existing Bug List Before reporting a problem as a bug (or perhaps a feature request), you should check the list of existing bugs in one of two ways. One method is with the reportbug-ng command, installed from the package of the same name, which opens a GUI tool. A sample list of current bugs for the samba package is shown in Figure 1-1. 454770 bdiamielj> LureAdb bhuuld nul be kepL in elt hdrtiba OulhLdiidiiig seiiuus 2007-12-30 461627 samba crash in 433449 samba nmbd shuts down...

Dynamic Host Configuration Protocol DHCP Services

The basic configuration of a DHCP server was covered in Chapter 14. This section covers special directives required to support a diskless client. Pointing PXE clients to the proper LTSP files depends on whether you already have an existing DHCP server for the local network. If you do, you'll need to add the following to the main DHCP server configuration file. Don't forget to substitute the actual IP address of the LTSP DHCP server for ipaddress Now for the DHCP server on the LTSP system, open...

Sync Remotely

The rsync command transfers files between directories. It takes just as much time to copy files with the rsync command the first time. The power of the rsync command is revealed after the first time. The only data that's transmitted is data that has changed specifically, only the parts of each file that have changed. That makes rsync suitable for backups even over slow networks. If you're not experienced with the rsync command, try a basic version of this command. First, create a backup...

Common Samba Commands

Some key commands associated with Samba are listed in Table 16-4. This table does not include commands that require extensive knowledge of Microsoft systems such as NT quotas or access control lists. Here are some examples of the use of some of these commands. The smbtree command, as shown in Figure 16-1, illustrates shared directories and printers from other Samba servers on a network. Note how it lists systems on workgroups (or domains) named WORKGROUP and MSHOME. The -U michael option adds...

Prepare Apache Documentation for Web Access

If you'd rather have the Apache documentation available on the local network, it's a fairly easy process to install it. Just take the following steps 1. Run the sudo apt-get install apache2-doc to install the noted package. This action installs the current Apache documentation primarily in the usr share doc apache2-doc manual directory in several languages. 2. Review the apache2-doc configuration file in the etc apache2 conf.d directory. With the Alias directive shown here, Alias manual usr...

Client Configuration in etcypconf

The etc yp.conf configuration file is the primary NIS client configuration file. With reliable network connections, all that's required in this file is to add the hostname or IP address of NIS master and slave servers. The following directives assume NIS servers on the noted IP addresses ypserver 192.168.0.104 ypserver 192.168.0.50 If you're uncertain about the hostnames or IP addresses of NIS servers, you could add a broadcast directive. But because it's important to limit access to NIS, a...

Basic Xfce Tools

The Xfce desktop environment is similar to other GUI desktops, including GNOME, KDE, and even Apple Macintosh and Microsoft Windows. It includes a panel, a menu button, and icons. If you've installed the xubuntu-desktop meta-package described in the first part of the chapter, you've also installed a number of GNOME applications and utilities. Those of you who've used Xfce in the past may notice how it's evolving more toward GNOME. Figure 13-9 displays the Xfce desktop environment shown when the...

The Ubuntu Server

Because this book is designed for administrators, the focus is on the Ubuntu Server Edition. Built for security, it has a minimal number of open ports the default installation specifies only that software considered essential for smooth server operation. It includes a preconfig-ured option to install a stack of packages known as LAMP (Linux, Apache, MySQL, and PHP), which is designed to speed configuration of the Ubuntu Server as a web server. Lightweight, uses Fluxbox window manager, uses only...

Mirror Configuration

There are two basic methods to synchronize a local client to a remote repository. The rsync command is the traditional method associated with synchronizing local and remote groups of files. The apt-mirror command is more focused, and in my opinion, a better choice at least for the initial mirroring of the remote repository. The focus of this section is on apt-mirror you could subsequently use the rsync command to keep the repository created up-to-date. As the apt-mirror package is rarely...

Simple Postfix Configuration

The first time the Postfix SMTP service is installed, you're prompted with questions during the installation process. For example, if you install Postfix with the following command, you're prompted to configure Postfix in a number of text-based screens. Figure 17-1 illustrates several choices, as described in Table 17-2. For the purpose of this chapter, press tab to highlight OK and then press enter to continue. Then select Internet Site to set up Postfix to send and receive e-mail with a...

Index of kick

Name Last modified Size Description g ksl.cfg 28-Feb-2008 13 09 1.2K g ks2.cfg 28-Feb-2008 13 09 1.1K Ap che 2.2.8 (Ubuntu) PHP 5.2.4-2ubuntu4 with Suhosin-Patch Server at 192.168.0.102 Port 80 Figure 3-7. Accessible Kickstart configuration files You could boot the target server with a CD using the technique described in Chapter 2, from the boot prompt. If you boot from an Ubuntu Server CD, you'll see the standard boot menu. Press the esc key, and then when prompted that to leave the Graphical...

Cupsenable and cupsdisable Printer Management

Printers can be activated and deactivated with the cupsenable and cupsdisable commands. The commands are straightforward. The cupsdisable printer command disables the noted printer. After the cupsdisable command is run, print jobs are still accepted by a printer, but you'll see the following message associated with printer in the output to the lpc status command But the cupsdisable command isn't the only thing that can disable a printer. Ordinary problems such as a printer running out of paper...

The X Server Configuration File xorgconf

This section examines the etc X11 xorg.conf file in detail. If you haven't configured the X server in some time, the directives in xorg.conf are similar to previous etc X11 XF86Config files on older Linux distributions. In either case, xorg.conf is organized into stanzas. The directives in this file reflect just one configuration you may see more or fewer directives in your version of xorg.conf. In some cases, settings that are automatically detected and or are defaults may not appear in the...

Configure the Clock

Select the Configure The Clock option from the expanded Main Menu. Then take the following steps 1. If you're confident in the stability of your network connection, accept the option to Set The Clock Using NTP, associated with the Network Time Protocol. It's especially important to synchronize actions between different servers in geographically distant locations. However, this can lead to delays during the boot process. Use the tab key to choose Yes or No and press enter to continue. (I select...

The portmap Service

The base configuration file for the port mapper daemon is etc default portmap. It suggests one command option that is fed to the etc init.d portmap script Options are fed to the service script, etc init.d portmap. This script starts the port mapper service, which enables NFS (and NIS) communication via regular TCP IP ports. Boolean (yes or no) option that can activate the network status monitor for remote procedure calls (RPCs) Port-based firewalls block NFS, unless the port for NFS related...

Load Installer Components from the CD

Select the Load Installer Components From The CD option from the Main Menu. It opens a menu with additional installer components all but four are as shown in Figure 2-6. These components are described in Table 2-3. For the purposes of this chapter, I selected the asterisked components to customize the mirror, download the latest version of the installer, and configure logical volumes, RAID devices, and remote access during the installation process. Be warned that the selections you make can...

Install the LAMP Stack

This section is based on an Ubuntu server installation, with only the Secure Shell (SSH) server selected to support remote access. The following command is one way to install the LAMP stack of packages sudo apt-get install apache2 mysql-server libapache2-mod-php5 php5-mysql With dependencies, based on the Hardy Heron release, this command installs Apache version 2.2.8-1 and PHP5. If you want to install a legacy version of Apache or PHP, it's possible that Ubuntu will make it available in the...

Virtualization

Hardware virtualization facilitates the configuration of multiple virtual machines on a single system. Linux supports several options for hardware virtualization. Red Hat enables Xen with a specialized kernel on its distributions. Newer releases of VMware products also take advantage of hardware virtualization. The default virtualization option for Ubuntu Server Edition is based on a Linux kernel module known as the Kernel-based Virtual Machine (KVM). The current trend towards virtualization...

The Very Secure FTP Service

Before configuring the vsFTP server, you need to install it. One method is with the following command A multi-threaded TFTP server for multiple connections An FTP server with an SSL option other FTP servers are preferred in the Ubuntu documentation An FTP server that uses Kerberos for authentication A complex FTP server with support for chroot directories, quotas, and more The standard TFTP server, sometimes used for terminal servers A two-part FTP server, including an authenticating front-end...

Head and tail

While the head and tail commands are related, they are separate commands that work in opposite ways. By default, the head filename command looks at the first 10 lines of a file, and the tail filename command looks at the last 10 lines of a file. You can specify a different number of lines with the -nxy switch. For example, the tail -n15 etc passwd command lists the last 15 lines of the etc passwd file. The tail -f logfile command is commonly used as a way to monitor log messages as they appear....

Configuring iptables

Firewalls based on the iptables command is organized in chains of rules. Each rule in a chain is compared against each network packet. Every iptables command specifies information that can be found in a packet header. If a match is found, it also specifies the actions to take. Firewalls are a complex subject for more information, see Linux Firewalls (Third Edition Novell Press, 2005), by Suehring and Ziegler. The iptables command is organized in the following format iptables -t tabletype <...

Install Xfce

To install Xfce from the command line interface, you could install any or all of the Xfce packages available from the Hardy Heron repositories. But the implicit objective is not to install a standard GUI desktop, but to install a GUI with a fairly minimal number of packages. The apt-cache search xfce command reveals 108 packages. As Xfce is built from the same toolkit as GNOME, GNOME-based GUI administrative tools can also be installed on that desktop environment. Be aware, several described...

The Configuration File

Now review the configuration of the DHCP3 server. The default version of the configuration file, etc dhcp3 dhcpd.conf, does not configure any IP addresses. So if you try to activate this server without modifying the configuration file, it won't assign any IP addresses. This section reviews default configuration directives, along with the directives you need to add to set up a DHCP3 server on a standard private IPv4 network. NOTE Be aware of the semicolon ( ) at the end of each line a common...

Create a Virtual Machine on KVM

This section illustrates two methods to create a virtual machine, using KVM modules and utilities. I've tested these methods on my laptop system with a dual-core CPU. I use the Ubuntu JeOS system and ISO file described earlier for this purpose. One advantage of JeOS is that it requires relatively few resources. I illustrate the configuration of a virtual machine from the command line using the virt-install command as well as the GUI Virtual Machine Manager, which can be started with the...

Configure at Jobs

While the cron daemon supports jobs run on a regular schedule, the at daemon (atd) supports jobs run on a one-time basis. Think of the at daemon as functionally similar to the print process. Jobs associated with this daemon are spooled in the var spool cron at directory and run at the specified time. You can configure the at daemon to run the script or command of your choice. For example, as user michael, I've created a script named dreamliner in my home directory to process some airplane sales...

Configure Forwarding

A router is a key device in network communication. Linux systems are commonly configured as routers. Router configuration is an important skill for Ubuntu administrators. To configure Ubuntu as a router, all you need to do is configure a kernel variable. The following command confirms the default for IPv4 addressing, where Linux is not configured as a router If the local computer has two or more network cards, you can configure the system as a router. To do so, enable IP forwarding in etc...

Configure Virtual Hosts

Before you configure a virtual host, make a copy of the 000-default file in the etc apache2 sites-enabled directory. For the purpose of this chapter, you could do so with the following commands cd etc apache2 sites-enabled sudo cp 000-default website1 Then create a dedicated web page and logging directories. I've specified some arbitrary directories here. The directory names you use must also be specified in the virtual host file. sudo mkdir var www website1 sudo mkdir var log apache2 website1...

Basic Kernel Concepts

It's helpful to review some kernel concepts before proceeding. Kernels can be configured as one big monolithic file or organized with a core and a group of modules. There are many different kernel-related packages available. Updated kernels built by Ubuntu and uploaded to appropriate repositories are fairly easy to use. The kernel numbering system, if you aren't familiar with it, can be confusing. (Linux geeks should recognize that some readers may be converting from either Microsoft or...

App Armor Packages

The default AppArmor packages are apparmor and apparmor-utils. These and other related packages are described in Table 18-3. If AppArmor is your security package of choice, read the table and decide which of these packages to install. Detailed information associated with AppArmor is available from the apparmor-docs package. It stores the latest available technical documentation in PDF format, compressed using the gzip system. The file is techdoc.pdf.gz, in the usr share doc apparmor-docs...

The Window Manager

A window manager is a system that controls the placement and appearance of windows in a GUI. While the major desktop environments include their own window managers, several other window managers can be installed. For example, current versions of Ubuntu include the Compiz window manager. Many Linux window managers were developed from the F Virtual Window Manager (FVWM) and Tom's Window Manager (TWM). Both FVWM and TWM also provide minimalist desktop environments. The code from these window...

NIS Security

You've already learned about one NIS security measure how access can be limited to hosts on specific IP addresses in the etc ypserv.securenets configuration file. You've also learned how ports can be fixed in the etc default nis configuration file. Fixed NIS ports enable security and access using the iptables command discussed in Chapter 18. As NIS uses TCP packets, security can also be configured through the TCP wrappers files, also discussed in Chapter 18. The three services that apply are...

Current ifconfig Settings

When run by itself, the ifconfig command displays current settings associated with configured NICs on the local system. The following output displays two NIC adapters. The eth0 adapter is the first Ethernet adapter on this system, and the lo adapter is known as the loopback device, which verifies proper installation of basic network software. Consider the first line from the output, shown next. Note the hardware address (HWaddr), associated with the first Ethernet card (eth0). eth0 Link encap...

About the Technical Editor

Elizabeth Zinkann is a logical Linux catalyst, a freelance technical editor, and an independent computer consultant. She was a contributing editor and review columnist for Sys Admin Magazine for 10 years. Some of her editing projects have included RHCE Red Hat Certified Engineer Linux Study Guide, Linux+ Certification Passport, Mastering Fedora Core Linux 5, Linux Patch Management, and Write Portable Code. She owns an iBook that thinks it's an UbuntuBook and is an avid digital photographer. In...

Ipstat Printer Status

Another handy command is the lpstat -t command, which provides an overall view of configured printers and current status. If CUPS is running properly, the first message is Other excerpts are shown here. First, the default printer is listed system default destination anIPPprinter Next, configured print classes are shown, with the individual printer members of each class members of class FirstClass LaserJet-4L UbuntuPrinter members of class MyPrintClass SamplePrinter1 SamplePrinter2 The devices...

Policy Kit Identifiers

Policies can be configured in several different categories. Some are accessible from the pane on the left of the Authorizations window (see Figure 10-9). The list you see may not include all available PolicyKit options. This depends in part on any additional services that might be installed or special PolicyKit settings that might be configured. Most options described normally apply to regular users who are not members of the admin group. NOTE I've split out major administrative settings in...

Install Ubuntu Server Step By Step

Finally, you get to see how Ubuntu Server Edition is installed, step by step, in Expert mode. I assume you know how to boot from the CD on your system. The same steps are required if you've set up an ISO file as a CD DVD on a virtual machine. 1. When you boot from the Ubuntu Server CD, you'll see a list of languages obscuring the screen. Select a language and press enter. 2. Once you see the menu shown in Figure 2-3, press F6 twice. In the pop-up menu that appears, highlight Expert Mode and...

Cupsaccept and cupsreject Queue Management

The queues on every configured printer can be managed with the cupsaccept and cupsreject commands. The commands are straightforward the cupsreject printer command disables the queue on the noted printer. After the cupsreject command is run, any job that is sent to that printer leads to the following message lpr Destination printer is not accepting jobs. You can review the result in the output to the lpc status command as you can see here, queuing is disabled for the printer. Similar information...

Create an NFS Share

In this section, you'll see how to configure a directory for sharing via the NFS kernel-based server. This does not address any firewalls that may exist or network problems that may arise between server and client computers. This also assumes the gnome-system-tools, samba, and samba-common packages are installed, and your account has appropriate PolicyKit-based administrative privileges. Finally, the Shared Folders tool should be open in a GUI one method is with the shares-admin command. As...

The Filesystem Hierarchy Standard

While there are variations, modern Unix Linux operating systems share several common directories. Some of these directories are dedicated for user files, drivers, kernels, logs, programs, utilities, and more. These directory categories, documented in the FHS, make it easier for users of other Unix-based operating systems to understand the basics of Linux. On every Linux distribution, the filesystem starts with the top-level root directory, also known by its symbol, the single forward slash ( )....

Special File Permissions

Permissions can be a risky business, but you need to give all users access to some programs. Setting full read, write, and execute permissions for all users on a Linux system can be dangerous. One alternative is setting the SUID and the SGID permission bits for a file. Specialized permissions are available, known as set user ID (S UID), set group ID (SGID), and the sticky bit. To review a file with SUID permissions, run the ls -l usr bin passwd command. The s that appears in the user execute...

Get the Right Tools

You need additional packages to get the tools to compile and customize the kernel. The basic packages required to compile the kernel can be installed with the following command sudo apt-get install fakeroot linux-kernel-devel ccache The fakeroot package is especially important for Ubuntu systems, where the root administrative user is rarely enabled. It includes wrappers around key commands such as chown and chmod to enable a regular user to assume root...

Update Management Tools

Two of the popular alternatives to the apt-* commands are aptitude and the Synaptic Package Manager. The aptitude command works in two basic modes. As a command, aptitude can in most situations be used as a drop-in replacement for the apt-get command. As such, a separate section for aptitude as a command would be redundant. When run by itself, aptitude opens an intuitive tool that does not require a GUI. One more popular option is the Update Manager, available through the update-manager...

Recovery Mode

Earlier in this chapter, I suggested that you disable or at least password-protect the recovery mode option in the GRUB menu. The risk is that recovery mode does provide access to root administrative privileges on the local system. The title of the associated stanza in the GRUB configuration file will appear similar to this Ubuntu 8.04, kernel 2.6.24-16-server (recovery mode) If you select this option, Linux boots without hiding any boot messages. It then starts a Recovery Menu, as shown in...

Create Physical Volumes

The first step to create a logical volume is to identify the available space on a physical disk. If you have just added an empty hard disk, you can create a PV on the entire disk. For example, if you've just added a fourth SATA hard disk ( dev sdd), you could set up a PV on that disk with the following command You can also configure a new PV on a properly configured partition, using the fdisk and parted utilities discussed earlier in this chapter. If you've added a new partition called dev...

Apache Global Settings

Global settings for the Apache web server are configured by default in the etc apache2 apache2.conf configuration file. Most numbers specified in this file are in seconds. This section describes the configured directives in that file. First, there's the ServerRoot directive, which specifies the top-level directory associated with Apache As Apache can spawn many additional processes for additional clients, some processes use the AcceptMutex directive (when set to flock or fcntl) to add the noted...

Work with Landscape

There are several basic tools associated with Landscape. But you need to know how to set up and register a client. You'll then learn how easy it is to monitor registered client systems. When you register with Landscape (even with a trial subscription), you should receive an e-mail confirmation, with an embedded link. Navigate to the associated URL and follow the instructions. Remember any included passphrase, as you'll need it when logging into Landscape, as shown in Figure 8-10. The passphrase...

The BIOS Sequence

The BIOS is sometimes also known as a type of firmware. Some BIOSs serve as the overall firmware for computers, and other BIOSs are dedicated for individual components such as hard drive controllers, video cards, sound cards, and more. At one time, BIOS information was stored in read-only memory (ROM). Today, BIOS firmware on most components can be upgraded. NOTE BIOS firmware upgrades are another issue for Linux administrators. Many manufacturers make updates available only via Microsoft-based...

App Armor Modes

There are four modes associated with AppArmor. Each mode can protect a command or process, configure when systems are logged, disable profile enforcement, or disable AppArmor completely. enforce Protects the noted process access is limited as specified in the associated profile. complain Sets up learning mode, which logs appropriate information similar to SELinux's permissive mode. audit Sets up a logging mode similar to SELinux's permissive mode. not confined Does not apply AppArmor...

Select a Baseline

If you're not patching a kernel, the next step is to select a baseline configuration. If you want to configure the current Ubuntu Server kernel as the baseline, the configuration is available from the boot config-vuname -rv file. This section assumes you've unpacked the source code for the current kernel in the usr src linux directory. It takes two steps to set up the current kernel for customization 1. Copy the current kernel configuration file sudo cp boot config- uname -rv usr src linux...

The CUPS Configuration Tools

For the purpose of this chapter, I've configured a CUPS server on a system named ubuntuhardyserver.example.net. I've reconfigured the etc cups cupsd.conf configuration files to allow remote access and administration. Now to administer the CUPS server on a remote system, using the web-based interface, I open a browser and navigate to If needed, I accept the default website certificate. It opens the tool shown in Figure 9-1. The Printer Configuration tool can be installed on a Hardy Heron client...

Mware Server

This section describes one way to install VMware Server version 2.0 Release Candidate 2 on an Ubuntu Hardy Heron system. To download the required tarball package, navigate to www.vmware.com products server . The final release of VMware Server 2.0 was made available just as this book goes to print. The version number listed in this section has already changed. While the look and feel of VMware Server version 1.0.x is quite different from version 2.0.x, the installation process on Linux systems...

Major CUPS Configuration Files

CUPS does its good work based on the configuration files in the etc cups directory. Available configuration options go beyond what most administrators need. When the CUPS service starts, it loads the parallel printer module by default, as specified in the etc default cupsys configuration file. Yes, some computers including two of mine still have parallel ports. The basic functionality of other CUPS configuration files is described in Table 9-3. These files reflect the features available in CUPS...

Creating a User

To create a user in the Users Settings tool, click Add User. This opens the New User Account window shown in Figure 10-2. This window includes three tabs Account, User Privileges, and Advanced. Standard user information can be configured under the Figure 10-1. The Users Settings tool Figure 10-2. Basic account information Account tab, as described in Table 10-5. When you add a user, the changes can affect all four files of the standard authentication database etc passwd, etc group, etc shadow,...

Implicit and Explicit Authorizations

Implicit Authentication

Two levels of authorization are possible in each of the PolicyKit categories just described. Implicit and explicit authorizations are discussed in the following sections. Implicit Authorizations As noted in the PolicyKit tool, implicit authorizations can be configured to authorize access by user or by console. Control can be based on user status on the console. Implicit authorizations are available in all of the policy areas described in the preceding section. Select the category of your...

Configure the Package Manager

Select the Configure The Package Manager option from the expanded Main Menu. If you configured a mirror earlier in the Choose A Mirror Of The Ubuntu Archive section, be ready with that mirror here. Then take the following steps. NOTE If any preceding steps have been skipped or there are problems such as a bad network connection to a mirror, this step prompts you to complete the missing steps. 1. You're prompted to configure a network mirror to supplement the packages available from the CD....

If You Need to Deactivate the Shadow Password Suite

If you prefer a system in which the Shadow Password Suite is disabled, the shadowconfig command can help. It's a simple command While sudo shadowconfig off disables the Shadow Password Suite, sudo shadowconfig on enables it. Older releases used commands such as pwconv and grpconv to activate coupled with pwunconv and grpunconv to deactivate the suite. In contrast, take a look at the script in the sbin shadowconfig file. You'll see those commands appropriately configured within the script.

Download Installer Components

Select the Download Installer Components option from the expanded Main Menu. It should automatically take the mirror and proxy server information described earlier to support access to the screen shown in Figure 2-9. Just about all of these components are described earlier in Table 2-3, except crypto-modules, used for decrypting certain installation package. fill components of the installer needed to complete the install mill be loaded automatically and are not listed here. Some other optional...

Installation Method

In the Kickstart Configurator screen's left pane, select Installation Method. The options are straightforward. The Ubuntu version of this tool supports only new installations it does not support the Red Hat options associated with upgrades. The tool is somewhat interactive for example, if you select an FTP installation method, the Kickstart Configurator Assigns the default language for the installation and operating system. Sets the default keyboard normally associated with language. Configures...

Choose a Mirror of the Ubuntu Archive

Select the Choose A Mirror Of The Ubuntu Archive option from the expanded Main Menu. It should allow you to set up a connection to the mirror of your choice. Before you continue, review the list of available mirrors at https wiki.ubuntu.com Mirrors. Generally, a mirror geographically close to you is best, but the wiki does not include other relevant information such as the connection speed between the mirror and the Internet. For my own system, since I'm geographically close to the kernel.org...

Quota Grace Periods

The grace period is the number of days a user is allowed to exceed the soft limits of the implemented quota. After the grace period is over, the user must get under exceeded soft limits to continue. The default grace period for all users is seven days, and cannot be customized by the user. To change the grace period, run the edquota -t command. When I run this command on a user, I see the following output Grace period before enforcing soft limits for users Time units may be days, hours,...

Partition Information

The options shown in Figure 3-3 determine how partitions are configured. While it appears to support the configuration of standard and RAID Redundant Array of Independent Disks partitions, it does not currently support the configuration of LVM Logical Volume Management groups. The Clear Master Boot Record option configures Kickstart to wipe the MBR from an older hard disk. I've set up several partitions in Figure 3-3. If you're using a new hard drive or want to...

Continue Installation Remotely Using SSH

You don't have to select the Continue Installation Remotely Using SSH option from the expanded Main Menu. If you do and I do so to demonstrate the capability , it should allow you to continue the installation process from another client on your local network. One of the problems with SSH-based installation is that it becomes more difficult to access to the console and system-related messages. If a break in the network connection occurs, you might even need to restart the installation. After...

Manage Accounts with chage

You can use the chage command to manage the expiration date of a password and an account. Password aging information is stored in the etc shadow file. For example, if you wanted to require that user test1 keep a password for at least two days, use the chage testl -m 2 command. Current password and account aging information is available for user michael with the following command Options for the chage command are described in Table 10-8. Dates can be expressed either in a total number of days...

Partition Disks

Select the Partition Disks option from the expanded Main Menu. I've run this exercise on a virtual machine with 256MB of RAM. Make a note of the amount of RAM configured for your system. If the space configured doesn't match the steps shown, please feel free to deviate as needed. Be aware, there are more options under Partition Disks than I can clearly cover in a single section. Take the following steps 1. As shown in Figure 2-10, several options are available for partitioning method. If free...