Thursday, January 15, 2009

Starting the mysql command

To get started creating databases and tables, you can use the mysql command. From any Terminal window, open the mysql database on your computer by typing the following:
# mysql −u root −p mysql
Enter password: *********

Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with −A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 39 to server version: 3.23.36
Type 'help;' or '\h' for help. Type '\c' to clear the buffer
mysql>
Type in the root user's MySQL password as prompted. The mysql> prompt appears, ready to accept commands for working with the mysql default database on the localhost. If you are connecting to the MySQL server from another host computer, add a −h hostname to the command line (where hostname is the name or IP address of the computer on which the MySQL server is running). Remember, you can also login as any valid mysql login you created, regardless of which Linux login account you are currently logged in under. As the mysql text notes above, be sure to end each command that you type with a semi−colon (;) or a \g. If you type a command and it appears to be waiting for more input, it's probably because you forgot to put a semi−colon at the end.

MySQL Server

For Red Hat Linux, the MySQL server is off by default. To turn it on, however, is fairly simple. The /etc/init.d/mysqld start−up script is delivered with the mysql−server package. To start the server, you can either run the mysqld start−up script manually or set it to start each time your system boots. To start the MySQL server manually, type the following from a Terminal window as root user:
# /etc/init.d/mysqld start
To set the MySQL server to start automatically each time your computer reboots, type the following as root user:
# chkconfig mysqld on
This sets mysqld to start during most multi−user run states (levels 3, 4, and 5). To check that the service is turned on for those levels, type chkconfig −−list mysqld from a Terminal window.

Wednesday, January 14, 2009

Starting the Samba service

To start the Samba SMB and NMB daemons, you can run the /etc/init.d/smb start−up script by typing the following as the root user:
# /etc/init.d/smb start
This runs the Samba service during the current session. To set up Samba to start automatically when your Linux system starts, type the following:
# chkconfig smb on
This turns on the Samba service to start automatically in run levels 3, 4, or 5. At this point, you can open the Network Neighborhood icon from the Windows desktop on the local LAN for a user you have just set up. An icon representing the Linux Samba server you just configured should appear in the Network Neighborhood window. When you open the server icon, you should see an icon representing the user’s home directory (/home/user) and one icon for each shared printer available from the Linux Samba server.

Adding Samba users

Doing user−style Samba security means assigning a Linux user account to each person using the Linux file systems and printers from his or her Windows workstation. (You could assign users to a guest account instead, but in this example, all users have their own accounts.) Then you need to add SMB passwords for each user. For example, here is how you would add a user whose Windows 98 workstation login is chuckp:
1.Type the following as root user from a Terminal window to add a Linux user account:
# useradd −m chuckp
2.Add a Linux password for the new user as follows:
# passwd chuckp
Changing password for user chuckp
New UNIX password: ********
Retype new UNIX password: ********
3.Repeat the previous steps to add user accounts for all users from Windows workstations on your LAN that you want to give access to your Linux system to.
4.Type the following command to create the Samba password file (smbpasswd):
# cat /etc/passwd /usr/bin/mksmbpasswd.sh>/etc/samba/smbpasswd
5.Add an SMB password for the user as follows:
# smbpasswd chuckp
New SMB password: **********
Retype new SMB password: **********
Repeat this step for each user. Later, each user can log in to Linux and rerun the passwd and smbpasswd commands to set private passwords.

Configuring Samba server

The procedure in this section steps you through an example of a Red Hat Linux system configured as a Samba server. In this example, the Linux Samba server uses “user” security to share home directories and printers with users from Windows workstations on the local LAN. The procedure consists of three basic steps:
1.Editing the smb.conf file.
2.Adding Samba users.
3.Starting the Samba service.

Editing the smb.conf file
Using either SWAT or a regular text editor (as root user), create an /etc/samba/smb.conf file. Here is an example of an smb.conf file (with comment lines removed) that can be used to share printers and directories with several Windows systems on a single LAN:
[global]
workgroup = ESTREET
netbios name = MAPLE
server string = Samba Server on Maple
hosts allow = 192.168.0.
printcap name = /etc/printcap
load printers = yes
printing = lprng
log file = /var/log/samba/%m.log
max log size = 0
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
printable = yes
In the [global] section, the workgroup is set to ESTREET, the server is identified as the Samba Server on Maple, and only computers that are on the local network (192.168.0.) are allowed access to the Samba service.

Tuesday, January 13, 2009

Exporting the shared file systems

After you have added entries to your /etc/exports file, you can actually export the directories listed using the exportfs command. If you reboot your computer, the exportfs command is run automatically to export your directories. However, if you want to export them immediately, you can do so by running exportfs from the command line (as root). Here’s an example of the exportfs command:
# /usr/sbin/exportfs −a −v
exporting :/pub
exporting :/home
The −a option indicates that all directories listed in /etc/exports should be exported. The −v option says to print verbose output. In this example, the /pub and /home directories from the local server are now immediately available for mounting by client computers.

Configuring the /etc/exports file

As root user, you can use any text editor to configure the /etc/exports file to indicate what directories to share.
Here is an example of an /etc/exports file, including some entries that it could include:
/cal *.ourdomain.com(rw) # Company events
/pub (ro,insecure,all_squash) # Public dir
/home maple(rw,squash uids=0−99) spruce(rw,squash uids=0−99)

Here is what the entries in the /etc/exports file mean:
· /cal — Represents a directory that contains information about events related to the company. It is made accessible to everyone with accounts to any computers in the company’s domain (*.ourdomain.com). Users can write files to the directory as well as read them (indicated by the rw option). The comment (# Company events) simply serves as a reminder of what the directory contains.
· /pub — Represents a public directory. It allows any computer and user to read files from the directory (indicated by the ro option), but not to write files. The insecure option lets any computer, even those that don’t use a secure NFS port, to have access to the directory. The all_squash option causes all users (UIDs) and groups (GIDs) to be mapped to the anonymous user, giving them minimal permission to files and directories.
·/home — This is where you enable a set of users to have the same /home directory on different computers. Say, for example, that you are sharing /home from a computer named oak. The computers named maple and spruce could each mount that directory on their own /home directory. If you gave all users the same user name/UIDs on all machines, you could have the same /home/user directory available for each user, regardless of which computer they logged in to. The uids=0–99 is used to exclude any administrative login from another computer from changing any files in the shared directory.

Configuring the /etc/exports file

As root user, you can use any text editor to configure the /etc/exports file to indicate what directories to share.
Here is an example of an /etc/exports file, including some entries that it could include:
/cal *.ourdomain.com(rw) # Company events
/pub (ro,insecure,all_squash) # Public dir
/home maple(rw,squash uids=0−99) spruce(rw,squash uids=0−99)

Here is what the entries in the /etc/exports file mean:
· /cal — Represents a directory that contains information about events related to the company. It is made accessible to everyone with accounts to any computers in the company’s domain (*.ourdomain.com). Users can write files to the directory as well as read them (indicated by the rw option). The comment (# Company events) simply serves as a reminder of what the directory contains.
· /pub — Represents a public directory. It allows any computer and user to read files from the directory (indicated by the ro option), but not to write files. The insecure option lets any computer, even those that don’t use a secure NFS port, to have access to the directory. The all_squash option causes all users (UIDs) and groups (GIDs) to be mapped to the anonymous user, giving them minimal permission to files and directories.
·/home — This is where you enable a set of users to have the same /home directory on different computers. Say, for example, that you are sharing /home from a computer named oak. The computers named maple and spruce could each mount that directory on their own /home directory. If you gave all users the same user name/UIDs on all machines, you could have the same /home/user directory available for each user, regardless of which computer they logged in to. The uids=0–99 is used to exclude any administrative login from another computer from changing any files in the shared directory.

Sharing NFS file systems

To share an NFS file system from your Red Hat Linux system, you need to export it. Exporting is done in Red Hat Linux by adding entries into the /etc/exports file. Each entry identifies the directory in your local file system that you want to share. The entry identifies the other computers that can share the resource (or opens it to all computers) and includes other options that reflect permissions associated with the directory.
Remember that when you share a directory, you are sharing all files and subdirectories below that directory as well (by default). So, you need to be sure that you want to share everything in that directory structure. There are still ways to restrict access within that directory structure.

Setting Up an NFS File Server in Red Hat Linux

Instead of representing storage devices as drive letters (A, B, C, and so on), as they are in Microsoft operating systems, Red Hat Linux connects file systems from multiple hard disks, floppy disks, CD−ROMs, and other local devices invisibly to form a single Linux file system. The Network File System (NFS) facility lets you extend your Red Hat Linux file system in the same way, to connect file systems on other computers to your local directory structure as well.
Creating an NFS file server is an easy way to share large amounts of data among the users and computers in an organization. An administrator of a Red Hat Linux system that is configured to share its file systems using NFS has several things to do to get NFS working:
1. Set up the network — If a LAN or other network connection is already connecting the computer on which you want to use NFS (using TCP/IP as the network transport), you already have the network you need.
2. On the server, choose what to share — Decide which file systems on your Linux NFS server you want to be available to other computers. You can choose any point in the file system to make all files and directories below that point accessible to other computers.
3. On the server, set up security — There are several different security features that you can use to suit the level of security with which you are comfortable. Mount−level security lets you restrict the computers that can mount a resource and, for those allowed to mount it, lets you specify whether it can be mounted read/write or read−only. With user−level security, you map users from the client systems to users on the NFS server. In this way, users can rely on standard Linux read/write/execute permissions, file ownership, and group permissions to access and protect files.
4. On the client, mount the file system — Each client computer that is allowed access to the server’s NFS shared file system can mount it anywhere the client chooses. For example, you may mount a file system from a computer called maple on the /mnt/maple directory in your local file system. After it is mounted, you can view the contents of that directory by typing ls /mnt/maple. Then you can use the cd command below the /mnt/maple mount point to see the files and directories it contains.
Although it is often used as a file server (or other type of server), Red Hat Linux is a general−purpose operating system. So, any Red Hat Linux system can share file systems (export) as a server or use other computer’s file systems (mount) as a client. Contrast this with dedicated file servers, such as NetWare, which can only share files with client computers (such as Windows workstations) and will never act as a client.
A file system is usually a structure of files and directories that exists on a single device (such as a hard disk partition or CD−ROM). When I talk about the Linux file system, however, I am referring to the entire directory structure (which may include file systems from several disks or NFS resources), beginning from root (/) on a single computer. A shared directory in NFS may represent all or part of a computer's file system, which can be attached (from the shared directory down the directory tree) to another computer's file system.

Thursday, January 8, 2009

Run level directories

All of the programs within the /etc/rcX.d directories (where X is replaced by a run−level number) are symbolic links, usually to a file in /etc/init.d. The /etc/rcX.d directories include the following:
· /etc/rc0.d: Run level 0 directory
· /etc/rc1.d: Run level 1 directory
· /etc/rc2.d: Run level 2 directory
· /etc/rc3.d: Run level 3 directory
· /etc/rc4.d: Run level 4 directory
·/etc/rc5.d: Run level 5 directory
· /etc/rc6.d: Run level 6 directory

System Initialization

In the boot process, the transfer from the kernel phase (the loading of the kernel, probing for devices, and loading drivers) to init is indicated by the following lines:
INIT: version 2.78 booting
Welcome to Red Hat Linux

The init program, part of the SysVinit RPM package, is now in control. Known as “the father of all processes,” the output from ps always lists init as PID (process identifier) 1. Its actions are directed by the /etc/inittab file, which is reproduced next.
The following text shows the contents of the /etc/inittab file as it is delivered with Red Hat Linux:
#
# inittab This file describes how the INIT process should set up
the system in a certain run level.
#
# Author: Miquel van Smoorenburg,
# Modified for RHS Linux by Marc Ewing and Donnie Barnes
#
# Default runlevel. The runlevels used by RHS are:
# 0 − halt (Do NOT set initdefault to this)
# 1 − Single user mode
# 2 − Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 − Full multiuser mode
# 4 − unused
# 5 − X11
# 6 − reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
# System initialization.
si::sysinit:/etc/rc.d/rc.sysinit
l0:0:wait:/etc/rc.d/rc 0
l1:1:wait:/etc/rc.d/rc 1
l2:2:wait:/etc/rc.d/rc 2
l3:3:wait:/etc/rc.d/rc 3
l4:4:wait:/etc/rc.d/rc 4
l5:5:wait:/etc/rc.d/rc 5
l6:6:wait:/etc/rc.d/rc 6
# Things to run in every runlevel.
ud::once:/sbin/update
.
.
.
# Run xdm in runlevel 5
# xdm is now a separate service
x:5:respawn:/etc/X11/prefdm −nodaemon

Wednesday, January 7, 2009

Administrative configuration files

Configuration files are another mainstay of Linux administration. Almost everything you set up for your particular computer — user accounts, network addresses, or GUI preferences — is stored in plain−text files. This has some advantages and some disadvantages.
The advantage of plain−text files is that it is easy to read and change them. Any text editor will do. On the downside, however, is that as you edit configuration files, no error checking is going on. You have to run the program that reads these files to find out if you set up the files correctly. A comma or a quote in the wrong place can sometimes cause a whole interface to fail.
There are several locations in the Red Hat Linux file system where configuration files are stored. Here are some of the major locations:
$HOME — All users store information in their home directories that directs how their login accounts behave. Most configuration files begin with a dot (.), so they don’t appear as a user’s directory when you use a standard ls command (you need to type ls −a to see them). There are dot files that define how each user’s shell behaves, the look and feel of the desktop, and what options are used with your text editor. There are even files (such as .rhosts) that configure network permissions for each user.
/etc — This contains many of the most basic Linux system configuration files.
Here are some /etc configuration files that are of interest:
aliases — Can contain distribution lists used by the Linux mail service.
crontab — Sets cron environment and times for running automated tasks.
exports — Contains a list of local directories that are available to be shared by remote computers using the Network File System (NFS).
fstab — Identifies the devices for common storage media (hard disk, floppy, CD−ROM, etc.) and locations where they are mounted in the Linux system. This is used by the mount command to choose which file systems to mount.
group — Identifies group names and group IDs (GIDs) that are defined on the systems. Group
permissions in Red Hat Linux are defined by the second of three sets of rwx (read, write, execute) bits associated with each file and directory.
host.conf — Sets the locations in which domain names (e.g., redhat.com) are searched for on TCP/IP networks (such as the Internet). By default, the local hosts file is searched, then any nameserver entries in resolv.conf.
hosts — Contains IP addresses and hostnames that you can reach from your computer. (Usually this file is used just to store names of computers on your LAN or larger private network.)
xinetd.conf — Contains simple configuration information used by the xinetd daemon process.
This file mostly points to the /etc/xinetd.d directory for information about individual services (described later).
info−dir — Contains the top heading for information that is available from the info command.
inittab — Contains information that defines what programs start and stop when Red Hat Linux boots, shuts down, or goes into different states in between.
lilo.conf — Sets various parameters used by the Linux boot loader (lilo) to boot your Linux system. In particular, it lists information about the bootable partitions on your computer. (If you are using grub, which has replaced lilo as the default boot manager, the lilo.conf file is not used.)
passwd — Stores account information for all valid users for the system. Also includes other information, such as the home directory and default shell.
rpmfind — Contains configuration information used by the rpmfind command to search for RPM software packages on the Internet.
services — Defines TCP/IP services and their port assignments.
shadow — Contains encrypted passwords for users that are defined in the passwd file. (This is
viewed as a more secure way to store passwords than the original encrypted password in the passwd file. The passwd file needs to be publicly readable, whereas the shadow file can be unreadable by all but the root user.)
shells — Lists the shell command line interpreters (bash, sh, csh, etc.) that are available on the system, as well as their locations.
/etc/httpd — Contains a variety of files used to configure the behavior of your Apache Web server (specifically, the httpd daemon process).
/etc/init.d — Contains the permanent copies of run−level scripts. These scripts are linked to files in the /etc/rc?.d directories to have each service associated with a script started or stopped for the particular run level. The ? is replaced by the run level number (0 through 6).
/etc/xinetd.d — Contains a set of files, each of which defines a network service that the xinetd
daemon listens for on a particular port. When the xinetd daemon process receives a request for a service, it uses the information in these files to determine which daemon processes to start to handle the request.

Tuesday, January 6, 2009

Becoming Super User

Though the normal way to become the super user is to log in as root, sometimes that is not convenient. For example, you may be logged into a regular user account and just want to make a quick administrative change to your system without having to log out and log back in. Or, you may need to log in over the network to make a change to a Linux system but find that the system doesn’t allow root users in from over the network.
The answer is that you can use the su command. From any Terminal window or shell, you can simply type:
$ su
Password: ******
#

When you are prompted, type in the root user’s password. The prompt for the regular user ($) will be changed to the super user prompt (#). At this point, you have full permission to run any command and use any file on the system. However, one thing that the su command doesn’t do when used this way is read in the root user’s environment. As a result, you may type a command that you know is available and get the message "command not found." To fix this problem, you can use the su command with the dash (−) option instead, as follows:
$ su −
Password: ******
#

You still need to type the password, but after you do that, everything that normally happens at login for the root user will happen after the su command is completed. Your current directory will be root’s home directory (probably /root), and things like the root user’s PATH variable will be used. With the other way of running root, you would not have changed directories or the environment of the current login session.

Using the root Login

The root user has complete control of the operation of your Red Hat Linux system. That user can open any file or run any program. The root user also installs applications and adds accounts for other people who use the system.
When you first install Red Hat Linux, you should have added a password for the root user. You need to remember and protect this password. You will need it to log in as root or to obtain root permission while you are logged in as some other user. The home directory for the root user is /root. That and other information associated with the root user account is located in the /etc/passwd file. Here is what the root entry looks like in the /etc/passwd file:
root:x:0:0:root:/root:/bin/bash
This shows that for the user named root, the user ID is set to 0 (root user), the group ID is set to 0 (root group), the home directory is /root, and the shell for that user is /bin/bash. You can change the home directory or the shell used, if you like, by simply editing the values in this file.
Aliases for the rm, cp, and mv commands allow those commands to be run with the −i option. This prevents massive numbers of files being removed, copied, or moved by mistake. The −i option causes each deletion, copy, or move to prompt you before the actual change is made.

Sunday, January 4, 2009

Understanding System Administration

Red Hat Linux, like other UNIX systems, was intended for use by more than one person at a time. Multiuser features allow many people to have accounts in Red Hat Linux, with their data kept secure from others. Multitasking allows many people to use the computer at the same time. Sophisticated networking protocols and applications make it possible for a Red Hat Linux computer to extend its capabilities to network users and computers around the world. The person assigned to manage all of this stuff is referred to as the system administrator.
Even if you are the only person using a Red Hat Linux system, system administration is still set up to be separate from other computer use. To do most tasks, you need to be logged in as the root user (also referred to as the super user). Other users cannot change, or in some cases, even see some of the configuration information for a Red Hat Linux system. In particular, security features such as passwords are protected from general view.

Using the root Login
The root user has complete control of the operation of your Red Hat Linux system. That user can open any file or run any program. The root user also installs applications and adds accounts for other people who use the system.
When you first install Red Hat Linux, you should have added a password for the root user. You need to remember and protect this password. You will need it to log in as root or to obtain root permission while you are logged in as some other user. The home directory for the root user is /root. That and other information associated with the root user account is located in the /etc/passwd file. Here is what the root entry looks like in the /etc/passwd file:
root:x:0:0:root:/root:/bin/bash
This shows that for the user named root, the user ID is set to 0 (root user), the group ID is set to 0 (root group), the home directory is /root, and the shell for that user is /bin/bash. You can change the home directory or the shell used, if you like, by simply editing the values in this file.
Aliases for the rm, cp, and mv commands allow those commands to be run with the −i option. This prevents massive numbers of files being removed, copied, or moved by mistake. The −i option causes each deletion, copy, or move to prompt you before the actual change is made.

Saturday, January 3, 2009

Moving, copying, and deleting files

Commands for moving, copying, and deleting files are fairly straightforward. To change the location of a file, use the mv command. To copy a file from one location to another, use the cp command. To remove a file, use the rm command. Here are some examples:
$ mv abc def
$ mv abc ~
$ cp abc def
$ cp abc ~
$ rm abc
$ rm *
Of the two move (mv) commands, the first moves the file abc to the file def in the same directory (essentially renaming it), whereas the second moves the file abc to your home directory (~). The first copy command (cp) copies abc to the file def, whereas the second copies abc to you home directory (~). The first remove command (rm) deletes the abc file, whereas the second removes all the files in the current directory.

Friday, January 2, 2009

Understanding file permissions

After you’ve worked with Linux for a while, you are almost sure to get a Permission Denied message. Permissions associated with files and directories in Linux were designed to keep users from accessing other users’ private files and to protect important system files.
The nine bits assigned to each file for permissions define the access that you and others have to your file.
Permission bits appear as rwxrwxrwx. The first three bits apply to the owner’s permission, the next three apply to the owner’s group, and the last three apply to all others. The r stands for read, the w stands for write, and the x stands for execute permissions. If a dash appears instead of the letter, it means that permission is turned off for that associated read, write, or execute.
You can see the permission for any file or directory by typing the ls −ld command. The named file or directory appears as those shown in the example below:
$ ls −ld ch3 test
−rw−rw−r−− 1 chris sales 4983 Jan 18 22:13 ch3
drwxr−xr−x 2 chris sales 1024 Jan 24 13:47 test
The first line shows a file (ch3) that has read and write on for the owner and the group. All other users have read permission, which means they can view the file but cannot change its contents or remove it. The second line shows a directory (indicated by the letter d before the permission bits). The owner has read, write, and execute permission, while the group and other users have only read and execute permissions. As a result, only the owner can add, change, or delete files in that directory. Any other user, however, can only read the contents, change to that directory, and list the contents of the directory.
If you own a file, you can change the permission on it as you please. You can do this with the chmod command. For each of the three sets of permission on a file (read, write, and execute), the r is assigned to the number 4, w to 2, and x to 1. So to make permissions wide open for yourself as owner, you would set the first number to 7 (4 plus 2 plus 1). The same would be true for group and other permission. Any combination of permissions can result from 0 (no permission) through 7 (full permission).
Here are some examples of how to change permission on a file and what the resulting permission would be:
chmod 777 files -> rwxrwxrwx
chmod 755 files -> rwxr−xr−x
chmod 644 files -> rw−−r—−r−−
chmod 000 files -> −−−−−−−−−