| 1 |
rane 06/01/01 09:01:19 |
| 2 |
|
| 3 |
Added: xml/htdocs/doc/en/articles lpi-101-advanced-p4.xml |
| 4 |
lpi-101-intermediate-p3.xml |
| 5 |
Log: |
| 6 |
#115044, two new articles, xmlified by Damian Kuras (ShadoWW) |
| 7 |
|
| 8 |
Revision Changes Path |
| 9 |
1.1 xml/htdocs/doc/en/articles/lpi-101-advanced-p4.xml |
| 10 |
|
| 11 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/lpi-101-advanced-p4.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
| 12 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/lpi-101-advanced-p4.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo |
| 13 |
|
| 14 |
Index: lpi-101-advanced-p4.xml |
| 15 |
=================================================================== |
| 16 |
<?xml version="1.0" encoding="UTF-8"?> |
| 17 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
| 18 |
<!-- $Header: --> |
| 19 |
|
| 20 |
<guide link="/doc/en/articles/lpi-101-advanced-p4.xml" disclaimer="articles"> |
| 21 |
<title>LPI certification 101 (release 2) exam prep, Part 4</title> |
| 22 |
|
| 23 |
<author title="Author"> |
| 24 |
<mail link="drobbins@g.o">Daniel Robbins</mail> |
| 25 |
</author> |
| 26 |
<author title="Author"> |
| 27 |
<mail link="chouser@g.o">Chris Houser</mail> |
| 28 |
</author> |
| 29 |
<author title="Author"> |
| 30 |
<mail link="agriffis@g.o">Aron Griffis</mail> |
| 31 |
</author> |
| 32 |
|
| 33 |
<abstract> |
| 34 |
In this tutorial, we'll introduce all popular filesystem on Linux. We'll teach |
| 35 |
you how to mount and unmount devices. In next chapter you'll know how to boot |
| 36 |
the system and how to work with runlevels. In next section of this tutorial, |
| 37 |
we'll introduce filesystem quotas, we will teach you how to set them and how to |
| 38 |
configure them. By the end of this tutorial you'll know a system logs. |
| 39 |
</abstract> |
| 40 |
|
| 41 |
<!-- The original version of this article was first published on IBM |
| 42 |
developerWorks, and is property of Westtech Information Services. This |
| 43 |
document is an updated version of the original article, and contains |
| 44 |
various improvements made by the Gentoo Linux Documentation team --> |
| 45 |
|
| 46 |
<version>1.0</version> |
| 47 |
<date>2005-12-17</date> |
| 48 |
|
| 49 |
<chapter> |
| 50 |
<title>Before you start</title> |
| 51 |
<section> |
| 52 |
<title>About this tutorial</title> |
| 53 |
<body> |
| 54 |
|
| 55 |
<p> |
| 56 |
Welcome to "Advanced administration," the last of four tutorials designed to |
| 57 |
prepare you for the Linux Professional Institute's 101 (release 2) exam. In |
| 58 |
this tutorial (Part 4), we'll bolster your knowledge of advanced Linux |
| 59 |
administration skills by covering a variety of topics including Linux |
| 60 |
filesystems, the Linux boot process, runlevels, filesystem quotas, and system |
| 61 |
logs. |
| 62 |
</p> |
| 63 |
|
| 64 |
<p> |
| 65 |
This tutorial is particularly appropriate for someone who may be serving as the |
| 66 |
primary sysadmin for the first time, since we cover a lot of low-level issues |
| 67 |
that all system administrators should know. If you are new to Linux, we |
| 68 |
recommend that you start with <uri |
| 69 |
link="/doc/en/articles/lpi-101-fundamentals-p1.xml">Part 1</uri> and work |
| 70 |
through the series from there. For some, much of this material will be new, but |
| 71 |
more experienced Linux users may find this tutorial to be a great way of |
| 72 |
"rounding out" their foundational Linux system administration skills and |
| 73 |
preparing for the next LPI certification level. |
| 74 |
</p> |
| 75 |
|
| 76 |
<p> |
| 77 |
By the end of this series of tutorials (eight in all covering the LPI 101 and |
| 78 |
102 exams), you will have the knowledge you need to become a Linux Systems |
| 79 |
Administrator and will be ready to attain an LPIC Level 1 certification from |
| 80 |
the Linux Professional Institute if you so choose. |
| 81 |
</p> |
| 82 |
|
| 83 |
<p> |
| 84 |
For those who have taken the <uri |
| 85 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxlpi4-i.html">release |
| 86 |
1 version</uri> of this tutorial for reasons other than LPI exam preparation, |
| 87 |
you probably don't need to take this one. However, if you do plan to take the |
| 88 |
exams, you should strongly consider reading this revised tutorial. |
| 89 |
</p> |
| 90 |
|
| 91 |
<p> |
| 92 |
The LPI logo is a trademark of Linux Professional Institute. |
| 93 |
</p> |
| 94 |
|
| 95 |
</body> |
| 96 |
</section> |
| 97 |
<section> |
| 98 |
<title>About the authors</title> |
| 99 |
<body> |
| 100 |
|
| 101 |
<p> |
| 102 |
For technical questions about the content of this tutorial, contact the |
| 103 |
authors: |
| 104 |
</p> |
| 105 |
|
| 106 |
<ul> |
| 107 |
<li>Daniel Robbins, at <mail>drobbins@g.o</mail></li> |
| 108 |
<li>Chris Houser, at <mail>chouser@g.o</mail></li> |
| 109 |
<li>Aron Griffis, at <mail>agriffis@g.o</mail>.</li> |
| 110 |
</ul> |
| 111 |
|
| 112 |
<p> |
| 113 |
Daniel Robbins lives in Albuquerque, New Mexico, and is the Chief Architect of |
| 114 |
<uri link="http://www.gentoo.org">Gentoo Technologies, Inc.</uri>, the creator |
| 115 |
of Gentoo Linux, an advanced Linux for the PC, and the Portage system, a |
| 116 |
next-generation ports system for Linux. He has also served as a contributing |
| 117 |
author for the Macmillan books Caldera OpenLinux Unleashed, SuSE Linux |
| 118 |
Unleashed, and Samba Unleashed. Daniel has been involved with computers in some |
| 119 |
fashion since the second grade, when he was first exposed to the Logo |
| 120 |
programming language as well as a potentially dangerous dose of Pac Man. This |
| 121 |
probably explains why he has since served as a Lead Graphic Artist at SONY |
| 122 |
Electronic Publishing/Psygnosis. Daniel enjoys spending time with his wife, |
| 123 |
Mary, and their daughter, Hadassah. |
| 124 |
</p> |
| 125 |
|
| 126 |
<p> |
| 127 |
Chris Houser, known to his friends as "Chouser," has been a UNIX proponent |
| 128 |
since 1994 when joined the administration team for the computer science network |
| 129 |
at Taylor University in Indiana, where he earned his Bachelor's degree in |
| 130 |
Computer Science and Mathematics. Since then, he has gone on to work in Web |
| 131 |
application programming, user interface design, professional video software |
| 132 |
support, and now Tru64 UNIX device driver programming at <uri |
| 133 |
link="http://www.compaq.com/">Compaq</uri>. He has also contributed to various |
| 134 |
free software projects, most recently to <uri |
| 135 |
link="http://www.gentoo.org">Gentoo Linux</uri>. He lives with his wife and two |
| 136 |
cats in New Hampshire. |
| 137 |
</p> |
| 138 |
|
| 139 |
<p> |
| 140 |
Aron Griffis graduated from Taylor University with a degree in Computer Science |
| 141 |
and an award that proclaimed him the "Future Founder of a Utopian UNIX |
| 142 |
Commune". Working towards that goal, Aron is employed by <uri |
| 143 |
link="http://www.compaq.com/">Compaq</uri> writing network drivers for Tru64 |
| 144 |
UNIX, and spending his spare time plunking out tunes on the piano or developing |
| 145 |
<uri link="http://www.gentoo.org">Gentoo Linux</uri>. He lives with his wife |
| 146 |
Amy (also a UNIX engineer) in Nashua, NH. |
| 147 |
</p> |
| 148 |
|
| 149 |
</body> |
| 150 |
</section> |
| 151 |
</chapter> |
| 152 |
|
| 153 |
<chapter> |
| 154 |
<title>Filesystems, partitions, and block devices</title> |
| 155 |
<section> |
| 156 |
<title>Introduction to block devices</title> |
| 157 |
<body> |
| 158 |
|
| 159 |
<p> |
| 160 |
In this section, we'll take a good look at disk-oriented aspects of Linux, |
| 161 |
including Linux filesystems, partitions, and block devices. Once you're familar |
| 162 |
with the ins and outs of disks and filesystems, we'll guide you through the |
| 163 |
process of setting up partitions and filesystems on Linux. |
| 164 |
</p> |
| 165 |
|
| 166 |
<p> |
| 167 |
To begin, I'll introduce "block devices". The most famous block device is |
| 168 |
probably the one that represents the first IDE drive in a Linux system: |
| 169 |
</p> |
| 170 |
|
| 171 |
<pre caption="First IDE drive in Linux"> |
| 172 |
/dev/hda |
| 173 |
</pre> |
| 174 |
|
| 175 |
<p> |
| 176 |
If your system uses SCSI drives, then your first hard drive will be: |
| 177 |
</p> |
| 178 |
|
| 179 |
<pre caption="First SCSI drive in Linux"> |
| 180 |
/dev/sda |
| 181 |
</pre> |
| 182 |
|
| 183 |
</body> |
| 184 |
</section> |
| 185 |
<section> |
| 186 |
<title>Layers of abstraction</title> |
| 187 |
<body> |
| 188 |
|
| 189 |
<p> |
| 190 |
The block devices above represent an abstract interface to the disk. User |
| 191 |
programs can use these block devices to interact with your disk without |
| 192 |
worrying about whether your drivers are IDE, SCSI, or something else. The |
| 193 |
program can simply address the storage on the disk as a bunch of contiguous, |
| 194 |
randomly-accessible 512-byte blocks. |
| 195 |
</p> |
| 196 |
|
| 197 |
</body> |
| 198 |
</section> |
| 199 |
<section> |
| 200 |
<title>Partitions</title> |
| 201 |
<body> |
| 202 |
|
| 203 |
<p> |
| 204 |
Under Linux, we create filesystems by using a special command called |
| 205 |
<c>mkfs</c> (or <c>mke2fs</c>, <c>mkreiserfs</c>, etc.), specifying a |
| 206 |
particular block device as a command-line argument. |
| 207 |
</p> |
| 208 |
|
| 209 |
<p> |
| 210 |
However, although it is theoretically possible to use a "whole disk" block |
| 211 |
device (one that represents the entire disk) like <path>/dev/hda</path> or |
| 212 |
<path>/dev/sda</path> to house a single filesystem, this is almost never done |
| 213 |
in practice. Instead, full disk block devices are split up into smaller, more |
| 214 |
manageable block devices called partititons. Partitions are created using a |
| 215 |
tool called <c>fdisk</c>, which is used to create and edit the partition table |
| 216 |
that's stored on each disk. The partition table defines exactly how to split up |
| 217 |
the full disk. |
| 218 |
</p> |
| 219 |
|
| 220 |
</body> |
| 221 |
</section> |
| 222 |
<section> |
| 223 |
<title>Introducing fdisk</title> |
| 224 |
<body> |
| 225 |
|
| 226 |
<p> |
| 227 |
We can take a look at a disk's partition table by running <c>fdisk</c>, |
| 228 |
specifying a block device that represents a full disk as an argument. |
| 229 |
</p> |
| 230 |
|
| 231 |
<note> |
| 232 |
Alternate interfaces to the disk's partition table include <c>cfdisk</c>, |
| 233 |
<c>parted</c>, and <c>partimage</c>. I recommend that you avoid using |
| 234 |
<c>cfdisk</c> (despite what the fdisk manual page may say) because it sometimes |
| 235 |
calculates disk geometry incorrectly. |
| 236 |
</note> |
| 237 |
|
| 238 |
<pre caption="Using fdisk on IDE drive"> |
| 239 |
# <i>fdisk /dev/hda</i> |
| 240 |
</pre> |
| 241 |
|
| 242 |
<pre caption="Using fidks on SCSI drive"> |
| 243 |
# <i>fdisk /dev/sda</i> |
| 244 |
</pre> |
| 245 |
|
| 246 |
<impo> |
| 247 |
You should <e>not</e> save or make any changes to a disk's partition table if |
| 248 |
any of its partitions contain filesystems that are in use or contain important |
| 249 |
data. Doing so will generally cause data on the disk to be lost. |
| 250 |
</impo> |
| 251 |
|
| 252 |
</body> |
| 253 |
</section> |
| 254 |
<section> |
| 255 |
<title>Inside fdisk</title> |
| 256 |
<body> |
| 257 |
|
| 258 |
<p> |
| 259 |
Once in <c>fdisk</c>, you'll be greeted with a prompt that looks like this: |
| 260 |
</p> |
| 261 |
|
| 262 |
<pre caption="fidsk greeting prompt"> |
| 263 |
Command (m for help): |
| 264 |
</pre> |
| 265 |
|
| 266 |
<p> |
| 267 |
Type <c>p</c> to display your disk's current partition configuration: |
| 268 |
</p> |
| 269 |
|
| 270 |
<pre caption="Displaying current parition configuration"> |
| 271 |
Command (m for help): p |
| 272 |
|
| 273 |
Disk /dev/hda: 240 heads, 63 sectors, 2184 cylinders |
| 274 |
Units = cylinders of 15120 * 512 bytes |
| 275 |
|
| 276 |
Device Boot Start End Blocks Id System |
| 277 |
/dev/hda1 1 14 105808+ 83 Linux |
| 278 |
/dev/hda2 15 49 264600 82 Linux swap |
| 279 |
/dev/hda3 50 70 158760 83 Linux |
| 280 |
/dev/hda4 71 2184 15981840 5 Extended |
| 281 |
/dev/hda5 71 209 1050808+ 83 Linux |
| 282 |
/dev/hda6 210 348 1050808+ 83 Linux |
| 283 |
/dev/hda7 349 626 2101648+ 83 Linux |
| 284 |
/dev/hda8 627 904 2101648+ 83 Linux |
| 285 |
/dev/hda9 905 2184 9676768+ 83 Linux |
| 286 |
|
| 287 |
Command (m for help): |
| 288 |
</pre> |
| 289 |
|
| 290 |
<p> |
| 291 |
This particular disk is configured to house seven Linux filesystems (each with |
| 292 |
a corresponding partition listed as "Linux") as well as a swap partition |
| 293 |
(listed as "Linux swap"). |
| 294 |
</p> |
| 295 |
|
| 296 |
</body> |
| 297 |
</section> |
| 298 |
<section> |
| 299 |
<title>Block device and partitioning overview</title> |
| 300 |
<body> |
| 301 |
|
| 302 |
<p> |
| 303 |
Notice the name of the corresponding partition block devices on the left side, |
| 304 |
starting with <path>/dev/hda1</path> and going up to <path>/dev/hda9</path>. In |
| 305 |
the early days of the PC, partitioning software only allowed a maximum of four |
| 306 |
partitions (called primary partitions). This was too limiting, so a workaround |
| 307 |
called extended partitioning was created. An extended partition is very similar |
| 308 |
to a primary partition, and counts towards the primary partition limit of four. |
| 309 |
However, extended partitions can hold any number of so-called logical |
| 310 |
partitions inside them, providing an effective means of working around the four |
| 311 |
partition limit. |
| 312 |
</p> |
| 313 |
|
| 314 |
</body> |
| 315 |
</section> |
| 316 |
<section> |
| 317 |
<title>Partitioning overview, continued</title> |
| 318 |
<body> |
| 319 |
|
| 320 |
<p> |
| 321 |
All partitions hda5 and higher are logical partitions. The numbers 1 through 4 |
| 322 |
are reserved for primary or extended partitions. |
| 323 |
</p> |
| 324 |
|
| 325 |
<p> |
| 326 |
In our example, hda1 through hda3 are primary partitions. hda4 is an extended |
| 327 |
partition that contains logical partitions hda5 through hda9. You would never |
| 328 |
actually use <path>/dev/hda4</path> for storing any filesystems directly -- it |
| 329 |
simply acts as a container for partitions hda5 through hda9. |
| 330 |
</p> |
| 331 |
|
| 332 |
</body> |
| 333 |
</section> |
| 334 |
<section> |
| 335 |
<title>Partition types</title> |
| 336 |
<body> |
| 337 |
|
| 338 |
<p> |
| 339 |
Also, notice that each partition has an "Id," also called a partition type. |
| 340 |
Whenever you create a new partition, you should ensure that the partition type |
| 341 |
is set correctly. 83 is the correct partition type for partitions that will be |
| 342 |
housing Linux filesystems, and 82 is the correct partition type for Linux swap |
| 343 |
partitions. You set the partition type using the t option in <c>fdisk</c>. The |
| 344 |
Linux kernel uses the partition type setting to auto-detect fileystems and swap |
| 345 |
devices on the disk at boot-time. |
| 346 |
</p> |
| 347 |
|
| 348 |
</body> |
| 349 |
</section> |
| 350 |
<section> |
| 351 |
<title>Using fdisk to set up partitions</title> |
| 352 |
<body> |
| 353 |
|
| 354 |
<p> |
| 355 |
Now that you've had your introduction to the way disk partitioning is done |
| 356 |
under Linux, it's time to walk through the process of setting up disk |
| 357 |
partitions and filesystems for a new Linux installation. In this process, we |
| 358 |
will configure a disk with new partitions and then create filesystems on them. |
| 359 |
These steps will provide us with a completely clean disk with no data on it |
| 360 |
that can then be used as a basis for a new Linux installation. |
| 361 |
</p> |
| 362 |
|
| 363 |
<impo> |
| 364 |
To follow these steps, you need to have a hard drive that does not contain any |
| 365 |
important data, since these steps will <e>erase</e> the data on your disk. If |
| 366 |
this is all new to you, you may want to consider just reading the steps, or |
| 367 |
using a Linux boot disk on a test system so that no data will be at risk. |
| 368 |
</impo> |
| 369 |
|
| 370 |
</body> |
| 371 |
</section> |
| 372 |
<section> |
| 373 |
<title>What the partitioned disk will look like</title> |
| 374 |
<body> |
| 375 |
|
| 376 |
<p> |
| 377 |
After we walk through the process of creating partitions on your disk, your |
| 378 |
partition configuration will look like this: |
| 379 |
</p> |
| 380 |
|
| 381 |
<pre caption="Look of our disk after creating partitions"> |
| 382 |
Disk /dev/hda: 30.0 GB, 30005821440 bytes |
| 383 |
240 heads, 63 sectors/track, 3876 cylinders |
| 384 |
Units = cylinders of 15120 * 512 = 7741440 bytes |
| 385 |
|
| 386 |
Device Boot Start End Blocks Id System |
| 387 |
/dev/hda1 * 1 14 105808+ 83 Linux |
| 388 |
/dev/hda2 15 81 506520 82 Linux swap |
| 389 |
/dev/hda3 82 3876 28690200 83 Linux |
| 390 |
|
| 391 |
Command (m for help): |
| 392 |
</pre> |
| 393 |
|
| 394 |
</body> |
| 395 |
</section> |
| 396 |
<section> |
| 397 |
<title>Sample partition commentary</title> |
| 398 |
<body> |
| 399 |
|
| 400 |
<p> |
| 401 |
In our suggested "newbie" partition configuration, we have three partitions. |
| 402 |
The first one (<path>/dev/hda1</path>) at the beginning of the disk is a small |
| 403 |
partition called a boot partition. The boot partition's purpose is to hold all |
| 404 |
the critical data related to booting -- GRUB boot loader information (if you |
| 405 |
will be using GRUB) as well as your Linux kernel(s). The boot partition gives |
| 406 |
us a safe place to store everything related to booting Linux. During normal |
| 407 |
day-to-day Linux use, your boot partition should remain unmounted for safety. |
| 408 |
If you are setting up a SCSI system, your boot partition will likely end up |
| 409 |
being <path>/dev/sda1</path>. |
| 410 |
</p> |
| 411 |
|
| 412 |
<p> |
| 413 |
It's recommended to have boot partitions (containing everything necessary for |
| 414 |
the boot loader to work) at the beginning of the disk. While not necessarily |
| 415 |
required anymore, it is a useful tradition from the days when the LILO boot |
| 416 |
loader wasn't able to load kernels from filesystems that extended beyond disk |
| 417 |
cylinder 1024. |
| 418 |
</p> |
| 419 |
|
| 420 |
<p> |
| 421 |
The second partition (<path>/dev/hda2</path>) s used for swap space. The kernel |
| 422 |
uses swap space as virtual memory when RAM becomes low. This partition, |
| 423 |
relatively speaking, isn't very big either, typically somewhere around 512 MB. |
| 424 |
If you're setting up a SCSI system, this partition will likely end up being |
| 425 |
called <path>/dev/hda2</path>. |
| 426 |
</p> |
| 427 |
|
| 428 |
<p> |
| 429 |
The third partition (<path>/dev/hda3</path>) is quite large and takes up the |
| 430 |
rest of the disk. This partition is called our root partition and will be used |
| 431 |
to store your main filesystem that houses the main Linux filesystem. On a SCSI |
| 432 |
system, this partition would likely end up being <path>/dev/hda3</path>. |
| 433 |
</p> |
| 434 |
|
| 435 |
</body> |
| 436 |
</section> |
| 437 |
<section> |
| 438 |
<title>Getting started</title> |
| 439 |
<body> |
| 440 |
|
| 441 |
<p> |
| 442 |
Okay, now to create the partitions as in the example and table above. First, |
| 443 |
enter fdisk by typing <c>fdisk /dev/hda</c> or <c>fdisk /dev/sda</c>, depending |
| 444 |
on whether you're using IDE or SCSI. Then, type <c>p</c> to view your |
| 445 |
current partition configuration. Is there anything on the disk that you need to |
| 446 |
keep? If so, stop now. If you continue with these directions, all existing data |
| 447 |
on your disk will be erased. |
| 448 |
</p> |
| 449 |
|
| 450 |
<impo> |
| 451 |
Following the instructions below will cause all prior data on your disk to be |
| 452 |
erased! If there is anything on your drive, please be sure that it is |
| 453 |
non-critical information that you don't mind losing. Also make sure that you |
| 454 |
have selected the correct drive so that you don't mistakenly wipe data from the |
| 455 |
wrong drive. |
| 456 |
</impo> |
| 457 |
|
| 458 |
</body> |
| 459 |
</section> |
| 460 |
<section> |
| 461 |
<title>Zapping existing partitions</title> |
| 462 |
<body> |
| 463 |
|
| 464 |
<p> |
| 465 |
Now, it's time to delete any existing partitions. To do this, type d and hit |
| 466 |
enter. You will then be prompted for the partition number you would like to |
| 467 |
delete. To delete a pre-existing <path>/dev/hda1</path>, you would type: |
| 468 |
</p> |
| 469 |
|
| 470 |
<pre caption="Deleting pre-existing partition"> |
| 471 |
Command (m for help): <i>d</i> |
| 472 |
Partition number (1-4): <i>1</i> |
| 473 |
</pre> |
| 474 |
|
| 475 |
<p> |
| 476 |
The partition has been scheduled for deletion. It will no longer show up if you |
| 477 |
type <c>p</c>, but it will not be erased until your changes have been saved. If |
| 478 |
you made a mistake and want to abort without saving your changes, type <c>q</c> |
| 479 |
immediately and hit enter and your partition will not be deleted. |
| 480 |
</p> |
| 481 |
|
| 482 |
<p> |
| 483 |
Now, assuming that you do indeed want to wipe out all the partitions on your |
| 484 |
system, repeatedly type <c>p</c> to print out a partition listing and then type |
| 485 |
<c>d</c> and the number of the partition to delete it. Eventually, you'll end |
| 486 |
up with a partition table with nothing in it: |
| 487 |
</p> |
| 488 |
|
| 489 |
<pre caption="Drives look after cleaning it"> |
| 490 |
|
| 491 |
Disk /dev/hda: 30.0 GB, 30005821440 bytes |
| 492 |
240 heads, 63 sectors/track, 3876 cylinders |
| 493 |
Units = cylinders of 15120 * 512 = 7741440 bytes |
| 494 |
|
| 495 |
Device Boot Start End Blocks Id System |
| 496 |
|
| 497 |
Command (m for help): |
| 498 |
</pre> |
| 499 |
|
| 500 |
</body> |
| 501 |
</section> |
| 502 |
<section> |
| 503 |
<title>Creating a boot partition</title> |
| 504 |
<body> |
| 505 |
|
| 506 |
<p> |
| 507 |
Now that the in-memory partition table is empty, we're ready to create a boot |
| 508 |
partition. To do this, type <c>n</c> to create a new partition, then <c>p</c> |
| 509 |
to tell fdisk you want a primary partition. Then type <c>1</c> to create the |
| 510 |
first primary partition. When prompted for the first cylinder, hit enter. When |
| 511 |
prompted for the last cylinder, type <c>+100M</c> to create a partition 100MB |
| 512 |
in size. Here's the output from these steps: |
| 513 |
</p> |
| 514 |
|
| 515 |
<pre caption="Creating a boot partition"> |
| 516 |
Command (m for help): <i>n</i> |
| 517 |
Command action |
| 518 |
e extended |
| 519 |
p primary partition (1-4) |
| 520 |
<i>p</i> |
| 521 |
Partition number (1-4): <i>1</i> |
| 522 |
First cylinder (1-3876, default 1): |
| 523 |
Using default value 1 |
| 524 |
Last cylinder or +size or +sizeM or +sizeK (1-3876, default 3876): <i>+100M</i> |
| 525 |
</pre> |
| 526 |
|
| 527 |
<p> |
| 528 |
Now, when you type <c>p</c>, you should see the following partition printout: |
| 529 |
</p> |
| 530 |
|
| 531 |
<pre caption="Partition printout"> |
| 532 |
Command (m for help): <i>p</i> |
| 533 |
|
| 534 |
Disk /dev/hda: 30.0 GB, 30005821440 bytes |
| 535 |
240 heads, 63 sectors/track, 3876 cylinders |
| 536 |
Units = cylinders of 15120 * 512 = 7741440 bytes |
| 537 |
|
| 538 |
Device Boot Start End Blocks Id System |
| 539 |
/dev/hda1 1 14 105808+ 83 Linux |
| 540 |
</pre> |
| 541 |
|
| 542 |
</body> |
| 543 |
</section> |
| 544 |
<section> |
| 545 |
<title>Creating the swap partition</title> |
| 546 |
<body> |
| 547 |
|
| 548 |
<p> |
| 549 |
Next, let's create the swap partition. To do this, type <c>n</c> to create a |
| 550 |
new partition, then <c>p</c> to tell fdisk that you want a primary partition. |
| 551 |
Then type <c>2</c> to create the second primary partition, |
| 552 |
<path>/dev/hda2</path> in our case. When prompted for the first cylinder, hit |
| 553 |
enter. When prompted for the last cylinder, type <c>+512M</c> to create a |
| 554 |
partition 512MB in size. After you've done this, type <c>t</c> to set the |
| 555 |
partition type, and then type <c>82</c> to set the partition type to "Linux |
| 556 |
Swap." After completing these steps, typing <c>p</c> should display a partition |
| 557 |
table that looks similar to this: |
| 558 |
</p> |
| 559 |
|
| 560 |
<pre caption="Partition table"> |
| 561 |
Command (m for help): <i>p</i> |
| 562 |
|
| 563 |
Disk /dev/hda: 30.0 GB, 30005821440 bytes |
| 564 |
240 heads, 63 sectors/track, 3876 cylinders |
| 565 |
Units = cylinders of 15120 * 512 = 7741440 bytes |
| 566 |
|
| 567 |
Device Boot Start End Blocks Id System |
| 568 |
/dev/hda1 1 14 105808+ 83 Linux |
| 569 |
/dev/hda2 15 81 506520 82 Linux swap |
| 570 |
</pre> |
| 571 |
|
| 572 |
</body> |
| 573 |
</section> |
| 574 |
<section> |
| 575 |
<title>Making it bootable</title> |
| 576 |
<body> |
| 577 |
|
| 578 |
<p> |
| 579 |
Finally, we need to set the "bootable" flag on our boot partition and then |
| 580 |
write our changes to disk. To tag <path>/dev/hda1</path> as a "bootable" |
| 581 |
partition, type <c>a</c> at the menu and then type 1 for the partition number. |
| 582 |
If you type <c>p</c> now, you'll now see that <path>/dev/hda1</path> has an "*" |
| 583 |
in the "Boot" column. Now, let's write our changes to disk. To do this, type |
| 584 |
<c>w</c> and hit enter. Your disk partitions are now properly configured for |
| 585 |
the installation of Linux. |
| 586 |
</p> |
| 587 |
|
| 588 |
<note> |
| 589 |
If fdisk instructs you to do so, please reboot to allow your system to detect |
| 590 |
the new partition configuration. |
| 591 |
</note> |
| 592 |
|
| 593 |
</body> |
| 594 |
</section> |
| 595 |
<section> |
| 596 |
<title>Extended and logical partitioning</title> |
| 597 |
<body> |
| 598 |
|
| 599 |
<p> |
| 600 |
In the above example, we created a single primary partition that will contain a |
| 601 |
filesystem used to store all our data. This means that after installing Linux, |
| 602 |
this main filesystem will get mounted at "<path>/</path>" and will contain a |
| 603 |
tree of directories that contain all our files. |
| 604 |
</p> |
| 605 |
|
| 606 |
<p> |
| 607 |
While this is a common way to set up a Linux system, there is another approach |
| 608 |
that you should be familiar with. This approach uses multiple partitions that |
| 609 |
house multiple filesystems and are then "linked" together to form a cohesive |
| 610 |
filesystem tree. For example, it is common to put <path>/home</path> and |
| 611 |
<path>/var</path> on their own filesystems. |
| 612 |
</p> |
| 613 |
|
| 614 |
<p> |
| 615 |
We could have made hda2 into an extended rather than a primary partition. Then, |
| 616 |
we could have created the hda5, hda6, and hda7 logical partitions (which would |
| 617 |
technically be contained "inside" hda2), which would house the <path>/</path>, |
| 618 |
<path>/home</path>, and <path>/var</path> filesystems respectively. |
| 619 |
</p> |
| 620 |
|
| 621 |
<p> |
| 622 |
You can learn more about these types of multi-filesystem configurations by |
| 623 |
studying the resources listed on the next page. |
| 624 |
</p> |
| 625 |
|
| 626 |
</body> |
| 627 |
</section> |
| 628 |
<section> |
| 629 |
<title>Partitioning resources</title> |
| 630 |
<body> |
| 631 |
|
| 632 |
<p> |
| 633 |
For more information on partitioning, take a look at the following partitioning |
| 634 |
tips: |
| 635 |
</p> |
| 636 |
|
| 637 |
<ul> |
| 638 |
<li> |
| 639 |
<uri link="/doc/en/articles/partition-planning-tips.xml">Partition planning |
| 640 |
tips</uri> |
| 641 |
</li> |
| 642 |
<li> |
| 643 |
<uri link="/doc/en/articles/partitioning-p2.xml">Partitioning in action: |
| 644 |
consolidating data</uri> |
| 645 |
</li> |
| 646 |
<li> |
| 647 |
<uri link="/doc/en/articles/partitioning-p1.xml">Partitioning in action: |
| 648 |
moving /home</uri>. |
| 649 |
</li> |
| 650 |
</ul> |
| 651 |
|
| 652 |
</body> |
| 653 |
</section> |
| 654 |
<section> |
| 655 |
<title>Creating filesystems</title> |
| 656 |
<body> |
| 657 |
|
| 658 |
<p> |
| 659 |
Now that the partitions have been created, it's time to set up filesystems on |
| 660 |
the boot and root partitions so that they can be mounted and used to store |
| 661 |
data. We will also configure the swap partition to serve as swap storage. |
| 662 |
</p> |
| 663 |
|
| 664 |
<p> |
| 665 |
Linux supports a variety of different types of filesystems; each type has its |
| 666 |
strengths and weaknesses and its own set of performance characteristics. We |
| 667 |
will cover the creation of ext2, ext3, XFS, JFS, and ReiserFS filesystems in |
| 668 |
this tutorial. Before we create filesystems on our example system, let's |
| 669 |
briefly review the various filesystems available under Linux. We'll go into |
| 670 |
more detail on the filesystems later in the tutorial. |
| 671 |
</p> |
| 672 |
|
| 673 |
</body> |
| 674 |
</section> |
| 675 |
<section> |
| 676 |
<title>The ext2 filesystem</title> |
| 677 |
<body> |
| 678 |
|
| 679 |
<p> |
| 680 |
ext2 is the tried-and-true Linux filesystem, but it doesn't have metadata |
| 681 |
journaling, which means that routine ext2 filesystem checks at startup time can |
| 682 |
be quite time-consuming. There is now quite a selection of newer-generation |
| 683 |
journaled filesystems that can be checked for consistency very quickly and are |
| 684 |
thus generally preferred over their non-journaled counterparts. Journaled |
| 685 |
filesystems prevent long delays when you boot your system and your filesystem |
| 686 |
happens to be in an inconsistent state. |
| 687 |
</p> |
| 688 |
|
| 689 |
</body> |
| 690 |
</section> |
| 691 |
<section> |
| 692 |
<title>The ext3 filesystem</title> |
| 693 |
<body> |
| 694 |
|
| 695 |
<p> |
| 696 |
ext3 is the journaled version of the ext2 filesystem, providing metadata |
| 697 |
journaling for fast recovery in addition to other enhanced journaling modes, |
| 698 |
such as full data and ordered data journaling. ext3 is a very good and reliable |
| 699 |
filesystem. It offers generally decent performance under most conditions. |
| 700 |
Because it does not extensively employ the use of "trees" in its internal |
| 701 |
design, it doesn't scale very well, meaning that it is not an ideal choice for |
| 702 |
very large filesystems or situations where you will be handling very large |
| 703 |
files or large quantities of files in a single directory. But when used within |
| 704 |
its design parameters, ext3 is an excellent filesystem. |
| 705 |
</p> |
| 706 |
|
| 707 |
<p> |
| 708 |
One of the nice things about ext3 is that an existing ext2 filesystem can be |
| 709 |
upgraded "in-place" to ext3 quite easily. This allows for a seamless upgrade |
| 710 |
path for existing Linux systems that are already using ext2. |
| 711 |
</p> |
| 712 |
|
| 713 |
</body> |
| 714 |
</section> |
| 715 |
<section> |
| 716 |
<title>The ReiserFS filesystem</title> |
| 717 |
<body> |
| 718 |
|
| 719 |
<p> |
| 720 |
ReiserFS is a B-tree-based filesystem that has very good overall performance |
| 721 |
and greatly outperforms both ext2 and ext3 when dealing with small files (files |
| 722 |
less than 4k), often by a factor of 10x-15x. ReiserFS also scales extremely |
| 723 |
well and has metadata journaling. As of kernel 2.4.18+, ReiserFS is now |
| 724 |
rock-solid and highly recommended for use both as a general-purpose filesystem |
| 725 |
and for extreme cases such as the creation of large filesystems, the use of |
| 726 |
many small files, very large files, and directories containing tens of |
| 727 |
thousands of files. ReiserFS is the filesystem we recommend by default for all |
| 728 |
non-boot partitions. |
| 729 |
</p> |
| 730 |
|
| 731 |
</body> |
| 732 |
</section> |
| 733 |
<section> |
| 734 |
<title>The XFS filesystem</title> |
| 735 |
<body> |
| 736 |
|
| 737 |
<p> |
| 738 |
XFS is a filesystem with metadata journaling. It comes with a robust |
| 739 |
feature-set and is optimized for scalability. We only recommend using this |
| 740 |
filesystem on Linux systems with high-end SCSI and/or fibre channel storage and |
| 741 |
a uninterruptible power supply. Because XFS aggressively caches in-transit data |
| 742 |
in RAM, improperly designed programs (those that don't take proper precautions |
| 743 |
when writing files to disk (and there are quite a few of them) can lose a good |
| 744 |
deal of data if the system goes down unexpectedly. |
| 745 |
</p> |
| 746 |
|
| 747 |
</body> |
| 748 |
</section> |
| 749 |
<section> |
| 750 |
<title>The JFS filesystem</title> |
| 751 |
<body> |
| 752 |
|
| 753 |
<p> |
| 754 |
JFS is IBM's own high performance journaling filesystem. It has recently become |
| 755 |
production-ready, and we would like to see a longer track record before |
| 756 |
commenting either positively nor negatively on its general stability at this |
| 757 |
point. |
| 758 |
</p> |
| 759 |
|
| 760 |
</body> |
| 761 |
</section> |
| 762 |
<section> |
| 763 |
<title>Filesystem recommendations</title> |
| 764 |
<body> |
| 765 |
|
| 766 |
<p> |
| 767 |
If you're looking for the most rugged journaling filesystem, use ext3. If |
| 768 |
you're looking for a good general-purpose high-performance filesystem with |
| 769 |
journaling support, use ReiserFS; both ext3 and ReiserFS are mature, refined |
| 770 |
and recommended for general use. |
| 771 |
</p> |
| 772 |
|
| 773 |
<p> |
| 774 |
Based on our example above, we will use the following commands to initialize |
| 775 |
all our partitions for use: |
| 776 |
</p> |
| 777 |
|
| 778 |
<pre caption="Initlizing partitions"> |
| 779 |
# <i>mke2fs -j /dev/hda1</i> |
| 780 |
# <i>mkswap /dev/hda2</i> |
| 781 |
# <i>mkreiserfs /dev/hda3</i> |
| 782 |
</pre> |
| 783 |
|
| 784 |
<p> |
| 785 |
We choose ext3 for our <path>/dev/hda1</path> boot partition because it is a |
| 786 |
robust journaling filesystem supported by all major boot loaders. We used |
| 787 |
<c>mkswap</c> for our <path>/dev/hda2</path> swap partition -- the choice is |
| 788 |
obvious here. And for our main root filesystem on <path>/dev/hda3</path> we |
| 789 |
choose ReiserFS, since it is a solid journaling filesystem offering excellent |
| 790 |
performance. Now, go ahead and initialize your partitions. |
| 791 |
</p> |
| 792 |
|
| 793 |
</body> |
| 794 |
</section> |
| 795 |
<section> |
| 796 |
<title>Making swap</title> |
| 797 |
<body> |
| 798 |
|
| 799 |
<p> |
| 800 |
<c>mkswap</c> is the command that used to initialize swap partitions: |
| 801 |
</p> |
| 802 |
|
| 803 |
<pre caption="Initalizing swap partition"> |
| 804 |
# <i>mkswap /dev/hda2</i> |
| 805 |
</pre> |
| 806 |
|
| 807 |
<p> |
| 808 |
Unlike regular filesystems, swap partitions aren't mounted. Instead, they are |
| 809 |
enabled using the <c>swapon</c> command: |
| 810 |
</p> |
| 811 |
|
| 812 |
<pre caption="Enabling swap partition"> |
| 813 |
# <i>swapon /dev/hdc6</i> |
| 814 |
</pre> |
| 815 |
|
| 816 |
<p> |
| 817 |
Your Linux system's startup scripts will take care of automatically enabling |
| 818 |
your swap partitions. Therefore, the <c>swapon</c> command is generally only |
| 819 |
needed when you need to immediately add some swap that you just created. To |
| 820 |
view the swap devices currently enabled, type <c>cat /proc/swaps</c>. |
| 821 |
</p> |
| 822 |
|
| 823 |
</body> |
| 824 |
</section> |
| 825 |
<section> |
| 826 |
<title>Creating ext2, ext3, and ReiserFS filesystems</title> |
| 827 |
<body> |
| 828 |
|
| 829 |
<p> |
| 830 |
You can use the <c>mke2fs</c> command to create ext2 filesystems: |
| 831 |
</p> |
| 832 |
|
| 833 |
<pre caption="Creating ext2 filesystem"> |
| 834 |
# <i>mke2fs /dev/hda1</i> |
| 835 |
</pre> |
| 836 |
|
| 837 |
<p> |
| 838 |
If you would like to use ext3, you can create ext3 filesystems using <c>mke2fs |
| 839 |
-j</c>: |
| 840 |
</p> |
| 841 |
|
| 842 |
<pre caption="Creating ext3 filesystem"> |
| 843 |
# <i>mke2fs /dev/hda3</i> |
| 844 |
</pre> |
| 845 |
|
| 846 |
<note> |
| 847 |
You can find out more about using ext3 under Linux 2.4 on <uri |
| 848 |
link="http://www.zip.com.au/~akpm/linux/ext3/ext3-usage.html">this site</uri> |
| 849 |
maintained by Andrew Morton. |
| 850 |
</note> |
| 851 |
|
| 852 |
<p> |
| 853 |
To create ReiserFS filesystems, use the <c>mkreiserfs</c> command: |
| 854 |
</p> |
| 855 |
|
| 856 |
<pre caption="Creating ReiserFS filesystem"> |
| 857 |
# <i>mkreiserfs /dev/hda3</i> |
| 858 |
</pre> |
| 859 |
|
| 860 |
</body> |
| 861 |
</section> |
| 862 |
<section> |
| 863 |
<title>Creating XFS and JFS filesystems</title> |
| 864 |
<body> |
| 865 |
|
| 866 |
<p> |
| 867 |
To create an XFS filesystem, use the <c>mkfs.xfs</c> command: |
| 868 |
</p> |
| 869 |
|
| 870 |
<pre caption="Creating XFS filesystem"> |
| 871 |
# <i>mkfs.xfs /dev/hda3</i> |
| 872 |
</pre> |
| 873 |
|
| 874 |
<note> |
| 875 |
You may want to add a couple of additional flags to the mkfs.xfs command: <c>-d |
| 876 |
agcount=3 -l size=32m</c>. The <c>-d agcount=3</c> command will lower the |
| 877 |
number of allocation groups. XFS will insist on using at least one |
| 878 |
allocation group per 4GB of your partition, so, for example, if you have a 20GB |
| 879 |
partition you will need a minimum agcount of 5. The <c>l size=32m</c> command |
| 880 |
increases the journal size to 32MB, increasing performance. |
| 881 |
</note> |
| 882 |
|
| 883 |
<p> |
| 884 |
To create JFS filesystems, use the <c>mkfs.jfs</c> command: |
| 885 |
</p> |
| 886 |
|
| 887 |
<pre caption="Creating JFS filesystem"> |
| 888 |
# <i>mkfs.jfs /dev/hda3</i> |
| 889 |
</pre> |
| 890 |
|
| 891 |
</body> |
| 892 |
</section> |
| 893 |
<section> |
| 894 |
<title>Mounting filesystems</title> |
| 895 |
<body> |
| 896 |
|
| 897 |
<p> |
| 898 |
Once the filesystem is created, we can mount it using the <c>mount</c> command: |
| 899 |
</p> |
| 900 |
|
| 901 |
<pre caption="Mounting filesystem"> |
| 902 |
# <i>mount /dev/hda3 /mnt</i> |
| 903 |
</pre> |
| 904 |
|
| 905 |
<p> |
| 906 |
To mount a filesystem, specify the partition block device as a first argument |
| 907 |
and a "mountpoint" as a second argument. The new filesystem will be "grafted |
| 908 |
in" at the mountpoint. This also has the effect of "hiding" any files that were |
| 909 |
in the <path>/mnt</path> directory on the parent filesystem. Later, when the |
| 910 |
filesystem is unmounted, these files will reappear. After executing the mount |
| 911 |
command, any files created or copied inside <path>/mnt</path> will be stored on |
| 912 |
the new ReiserFS filesystem you mounted. |
| 913 |
</p> |
| 914 |
|
| 915 |
<p> |
| 916 |
Let's say we wanted to mount our boot partition inside <path>/mnt</path>. We |
| 917 |
could do this by performing the following steps: |
| 918 |
</p> |
| 919 |
|
| 920 |
<pre caption="Mounting boot partition in /mnt"> |
| 921 |
# <i>mkdir /mnt/boot</i> |
| 922 |
# <i>mount /dev/hda1 /mnt/boot</i> |
| 923 |
</pre> |
| 924 |
|
| 925 |
<p> |
| 926 |
Now, our boot filesystem is available inside /mnt/boot. If we create files |
| 927 |
inside <path>/mnt/boot</path>, they will be stored on our ext3 filesystem that |
| 928 |
physically resides on <path>/dev/hda1</path>. If we create file inside |
| 929 |
<path>/mnt</path> but not <path>/mnt/boot</path>, then they will be stored on |
| 930 |
our ReiserFS filesystem that resides on <path>/dev/hda3</path>. And if we |
| 931 |
create files outside of <path>/mnt</path>, they will not be stored on either |
| 932 |
filesystem but on the filesystem of our current Linux system or boot disk. |
| 933 |
</p> |
| 934 |
|
| 935 |
<p> |
| 936 |
To see what filesystems are mounted, type <c>mount</c> by itself. Here is the |
| 937 |
output of <c>mount</c> on one of our currently-running Linux system, which has |
| 938 |
partitions configured identically to those in the example above: |
| 939 |
</p> |
| 940 |
|
| 941 |
<pre caption="Output of mount command"> |
| 942 |
/dev/root on / type reiserfs (rw,noatime) |
| 943 |
none on /dev type devfs (rw) |
| 944 |
proc on /proc type proc (rw) |
| 945 |
tmpfs on /dev/shm type tmpfs (rw) |
| 946 |
usbdevfs on /proc/bus/usb type usbdevfs (rw) |
| 947 |
/dev/hde1 on /boot type ext3 (rw,noatime) |
| 948 |
</pre> |
| 949 |
|
| 950 |
<p> |
| 951 |
You can also view similar information by typing cat <path>/proc/mounts</path>. |
| 952 |
The "root" filesystem, <path>/dev/hda3</path> gets mounted automatically by the |
| 953 |
kernel at boot-time, and gets the symbolic name <path>/dev/hda3</path>. On our |
| 954 |
system, both <path>/dev/hda3</path> and <path>/dev/root</path> point to the |
| 955 |
same underlying block device using a symbolic link: |
| 956 |
</p> |
| 957 |
|
| 958 |
<pre caption="Symbolic links"> |
| 959 |
# <i>ls -l /dev/root</i> |
| 960 |
lr-xr-xr-x 1 root root 33 Mar 26 20:39 /dev/root -> ide/host0/bus0/target0/lun0/part3 |
| 961 |
|
| 962 |
# <i>ls -l /dev/hda3</i> |
| 963 |
lr-xr-xr-x 1 root root 33 Mar 26 20:39 /dev/hde3 -> ide/host0/bus0/target0/lun0/part3 |
| 964 |
</pre> |
| 965 |
|
| 966 |
</body> |
| 967 |
</section> |
| 968 |
<section> |
| 969 |
<title>Even more mounting stuff</title> |
| 970 |
<body> |
| 971 |
|
| 972 |
<p> |
| 973 |
So, what is this "<path>/dev/ide/host0</path>...." file? Systems like mine that |
| 974 |
use the devfs device-management filesystem for <path>/dev</path> have longer |
| 975 |
official names for the partition and disk block devices than Linux used to have |
| 976 |
in the past. For example, <path>/dev/ide/host0/bus1/target0/lun0/part7</path> |
| 977 |
is the official name for <path>/dev/hdc7</path>, and <path>/dev/hdc7</path> |
| 978 |
itself is just a symlink pointing to the official block device. You can |
| 979 |
determine if your system is using devfs by checking to see if the |
| 980 |
<path>/dev/.devfsd</path> file exists; if so, then devfs is active. |
| 981 |
</p> |
| 982 |
|
| 983 |
<p> |
| 984 |
When using the mount command to mount filesystems, it attempts to auto-detect |
| 985 |
the filesystem type. Sometimes, this may not work and you will need to specify |
| 986 |
the to-be-mounted filesystem type manually using the -t option, as follows: |
| 987 |
</p> |
| 988 |
|
| 989 |
<pre caption="Mounting ext3 filesystem manually with -t option"> |
| 990 |
# <i>mount /dev/hda1 /mnt/boot -t ext3</i> |
| 991 |
</pre> |
| 992 |
|
| 993 |
<p>or</p> |
| 994 |
|
| 995 |
<pre caption="Mouting reiserfs filesystem manually with -t option"> |
| 996 |
# <i>mount /dev/hda3 /mnt -t reiserfs</i> |
| 997 |
</pre> |
| 998 |
|
| 999 |
</body> |
| 1000 |
</section> |
| 1001 |
<section> |
| 1002 |
<title>Mount options</title> |
| 1003 |
<body> |
| 1004 |
|
| 1005 |
<p> |
| 1006 |
It's also possible to customize various attributes of the to-be-mounted |
| 1007 |
filesystem by specifying mount options. For example, you can mount a filesystem |
| 1008 |
as "read-only" by using the "ro" option: |
| 1009 |
</p> |
| 1010 |
|
| 1011 |
<pre caption="Mouting filesystem as read-only"> |
| 1012 |
# <i>mount /dev/hdc6 /mnt -o ro</i> |
| 1013 |
</pre> |
| 1014 |
|
| 1015 |
<p> |
| 1016 |
With <path>/dev/hdc6</path> mounted read-only, no files can be modified in |
| 1017 |
<path>/mnt</path> -- only read. If your filesystem is already mounted |
| 1018 |
"read/write" and you want to switch it to read-only mode, you can use the |
| 1019 |
"remount" option to avoid having to unmount and remount the filesystem again: |
| 1020 |
</p> |
| 1021 |
|
| 1022 |
<pre caption="Using remount option"> |
| 1023 |
# <i>mount /mnt -o remount,ro</i> |
| 1024 |
</pre> |
| 1025 |
|
| 1026 |
<p> |
| 1027 |
Notice that we didn't need to specify the partition block device because the |
| 1028 |
filesystem is already mounted and <c>mount</c> knows that <path>/mnt</path> is |
| 1029 |
associated with <path>/dev/hdc6</path>. To make the filesystem writeable again, |
| 1030 |
we can remount it as read-write: |
| 1031 |
</p> |
| 1032 |
|
| 1033 |
<pre caption="Remounting filesystem as read-write"> |
| 1034 |
# <i>mount /mnt -o remount,rw</i> |
| 1035 |
</pre> |
| 1036 |
|
| 1037 |
<p> |
| 1038 |
Note that these remount commands will not complete successfully if any process |
| 1039 |
has opened any files or directories in <path>/mnt</path>. To familiarize |
| 1040 |
yourself with all the mount options available under Linux, type <c>man |
| 1041 |
mount</c>. |
| 1042 |
</p> |
| 1043 |
|
| 1044 |
</body> |
| 1045 |
</section> |
| 1046 |
<section> |
| 1047 |
<title>Introducing fstab</title> |
| 1048 |
<body> |
| 1049 |
|
| 1050 |
<p> |
| 1051 |
So far, we've seen how partition an example disk and mount filesystems manually |
| 1052 |
from a boot disk. But once we get a Linux system installed, how do we configure |
| 1053 |
that Linux system to mount the right filesystems at the right time? For |
| 1054 |
example, Let's say that we installed Gentoo Linux on our current example |
| 1055 |
filesystem configuration. How would our system know how to to find the root |
| 1056 |
filesystem on <path>/dev/hda3</path>? And if any other filesystems -- like swap |
| 1057 |
-- needed to be mounted at boot time, how would it know which ones? |
| 1058 |
</p> |
| 1059 |
|
| 1060 |
<p> |
| 1061 |
Well, the Linux kernel is told what root filesystem to use by the boot loader, |
| 1062 |
and we'll take a look at the linux boot loaders later in this tutorial. But for |
| 1063 |
everything else, your Linux system has a file called <path>/etc/fstab</path> |
| 1064 |
that tells it about what filesystems are available for mounting. Let's take a |
| 1065 |
look at it. |
| 1066 |
</p> |
| 1067 |
|
| 1068 |
</body> |
| 1069 |
</section> |
| 1070 |
<section> |
| 1071 |
<title>A sample fstab</title> |
| 1072 |
<body> |
| 1073 |
|
| 1074 |
<p> |
| 1075 |
Let's take a look at a sample <path>/etc/fstab</path> file: |
| 1076 |
</p> |
| 1077 |
|
| 1078 |
<pre caption="Sample /etc/fstab file"> |
| 1079 |
<fs> <mountpoint> <type> <opts> <dump/pass> |
| 1080 |
|
| 1081 |
/dev/hda1 /boot ext3 noauto,noatime 1 1 |
| 1082 |
/dev/hda3 / reiserfs noatime 0 0 |
| 1083 |
/dev/hda2 none swap sw 0 0 |
| 1084 |
/dev/cdrom /mnt/cdrom iso9660 noauto,ro,user 0 0 |
| 1085 |
# /proc should always be enabled |
| 1086 |
proc /proc proc defaults 0 0 |
| 1087 |
</pre> |
| 1088 |
|
| 1089 |
<p> |
| 1090 |
Above, each non-commented line in <path>/etc/fstab</path> specifies a partition |
| 1091 |
block device, a mountpoint, a filesystem type, the filesystem options to use |
| 1092 |
when mounting the filesystem, and two numeric fields. The first numeric field |
| 1093 |
is used to tell the <c>dump</c> backup command the filesystems that should be |
| 1094 |
backed up. Of course, if you are not planning to use <c>dump</c> on your |
| 1095 |
system, then you can safely ignore this field. The last field is used by the |
| 1096 |
<c>fsck</c> filesystem integrity checking program, and tells it the order in |
| 1097 |
which your filesystems should be checked at boot. We'll touch on <c>fsck</c> |
| 1098 |
again in a few panels. |
| 1099 |
</p> |
| 1100 |
|
| 1101 |
<p> |
| 1102 |
Look at the <path>/dev/hda1</path> line; you'll see that <path>/dev/hda1</path> |
| 1103 |
is an ext3 filesystem that should be mounted at the <path>/boot</path> |
| 1104 |
mountpoint. Now, look at <path>/dev/hda1</path>'s mount options in the opts |
| 1105 |
column. The noauto option tells the system to not mount <path>/dev/hda1</path> |
| 1106 |
automatically at boot time; without this option, <path>/dev/hda1</path> would |
| 1107 |
be automatically mounted to <path>/boot</path> at system boot time. |
| 1108 |
</p> |
| 1109 |
|
| 1110 |
<p> |
| 1111 |
Also note the noatime option, which turns off the recording of atime (last |
| 1112 |
access time) information on the disk. This information is generally not needed, |
| 1113 |
and turning off atime updates has a positive effect on filesystem performance. |
| 1114 |
</p> |
| 1115 |
|
| 1116 |
<p> |
| 1117 |
Now, take a look at the <path>/proc</path> line and notice the defaults option. |
| 1118 |
Use defaults whenever you want a filesystem to be mounted with just the |
| 1119 |
standard mount options. Since <path>/etc/fstab</path> has multiple fields, we |
| 1120 |
can't simply leave the option field blank. |
| 1121 |
</p> |
| 1122 |
|
| 1123 |
<p> |
| 1124 |
Also notice the <path>/etc/fstab</path> line for <path>/dev/hda2</path>. This |
| 1125 |
line defines <path>/dev/hda2</path> as a swap device. Since swap devices aren't |
| 1126 |
mounted like filesystems, none is specified in the mountpoint field. Thanks to |
| 1127 |
this <path>/etc/fstab</path> entry, our <path>/dev/hda2</path> swap device will |
| 1128 |
be enabled automatically when the system starts up. |
| 1129 |
</p> |
| 1130 |
|
| 1131 |
<p> |
| 1132 |
With an <path>/etc/fstab</path> entry for <path>/dev/cdrom</path> like the one |
| 1133 |
above, mounting the CD-ROM drive becomes easier. Instead of typing: |
| 1134 |
</p> |
| 1135 |
|
| 1136 |
<pre caption="Mounting CD-ROM without entry in fstab"> |
| 1137 |
# <i>mount -t iso9660 /dev/cdrom /mnt/cdrom -o ro</i> |
| 1138 |
</pre> |
| 1139 |
|
| 1140 |
<p> |
| 1141 |
We can now type: |
| 1142 |
</p> |
| 1143 |
|
| 1144 |
<pre caption="Mounting CD-ROM with entry in fstab"> |
| 1145 |
# <i>mount /dev/cdrom</i> |
| 1146 |
</pre> |
| 1147 |
|
| 1148 |
<p> |
| 1149 |
In fact, using <path>/etc/fstab</path> allows us to take advantage of the user |
| 1150 |
option. The user mount option tells the system to allow this particular |
| 1151 |
filesystem to be mounted by any user. This comes in handy for removable media |
| 1152 |
devices like CD-ROM drives. Without this fstab mount option, only the root user |
| 1153 |
would be able to use the CD-ROM drive. |
| 1154 |
</p> |
| 1155 |
|
| 1156 |
</body> |
| 1157 |
</section> |
| 1158 |
<section> |
| 1159 |
<title>Unmounting filesystems</title> |
| 1160 |
<body> |
| 1161 |
|
| 1162 |
<p> |
| 1163 |
Generally, all mounted filesystems are unmounted automatically by the system |
| 1164 |
when it is rebooted or shut down. When a filesystem is unmounted, any cached |
| 1165 |
filesystem data in memory is flushed to the disk. |
| 1166 |
</p> |
| 1167 |
|
| 1168 |
<p> |
| 1169 |
However, it's also possible to unmount filesystems manually. Before a |
| 1170 |
filesystem can be unmounted, you first need to ensure that there are no |
| 1171 |
processes running that have open files on the filesystem in question. Then, use |
| 1172 |
the <c>umount</c> command, specifying either the device name or mount point as |
| 1173 |
an argument: |
| 1174 |
</p> |
| 1175 |
|
| 1176 |
<pre caption="Using umount command"> |
| 1177 |
# <i>umount /mnt</i> |
| 1178 |
</pre> |
| 1179 |
|
| 1180 |
<p> |
| 1181 |
or |
| 1182 |
</p> |
| 1183 |
|
| 1184 |
<pre caption="Using umount command"> |
| 1185 |
# <i>umount /dev/hda3</i> |
| 1186 |
</pre> |
| 1187 |
|
| 1188 |
<p> |
| 1189 |
Once unmounted, any files in <path>/mnt</path> that were "covered" by the |
| 1190 |
previously-mounted filesystem will now reappear. |
| 1191 |
</p> |
| 1192 |
|
| 1193 |
</body> |
| 1194 |
</section> |
| 1195 |
<section> |
| 1196 |
<title>Introducing fsck</title> |
| 1197 |
<body> |
| 1198 |
|
| 1199 |
<p> |
| 1200 |
If your system crashes or locks up for some reason, the system won't have an |
| 1201 |
opportunity to cleanly unmount your filesystems. When this happens, the |
| 1202 |
filesystems are left in an inconsistent (unpredictable) state. When the system |
| 1203 |
reboots, the <c>fsck</c> program will detect that the filesystems were not |
| 1204 |
cleanly unmounted and will want to perform a consistency check of filesystems |
| 1205 |
listed in <path>/etc/fstab</path>. |
| 1206 |
</p> |
| 1207 |
|
| 1208 |
<impo> |
| 1209 |
For a filesystem to be checked by <c>fsck</c> it must have a non-zero number in |
| 1210 |
the "pass" field (the last field) in <path>/etc/fstab</path>. Typically, the |
| 1211 |
root filesystem is set to a passno of 1, specifying that it should be checked |
| 1212 |
first. All other filesystems that should be checked at startup time should have |
| 1213 |
a passno of 2 or higher. For some journaling filesystems like ReiserFS, it is |
| 1214 |
safe to have a passno of 0 since the journaling code (and not an external |
| 1215 |
<c>fsck</c>) takes care of making the filesystem consistent again. |
| 1216 |
</impo> |
| 1217 |
|
| 1218 |
<p> |
| 1219 |
Sometimes, you may find that after a reboot <c>fsck</c> is unable to fully |
| 1220 |
repair a partially damaged filesystem. In these instances, all you need to do |
| 1221 |
is to bring your system down to single-user mode and run <c>fsck</c> manually, |
| 1222 |
supplying the partition block device as an argument. As <c>fsck</c> performs |
| 1223 |
its filesystem repairs, it may ask you whether to fix particular filesystem |
| 1224 |
defects. In general, you should say <c>y</c> (yes) to all these questions and |
| 1225 |
allow <c>fsck</c> to do its thing. |
| 1226 |
</p> |
| 1227 |
|
| 1228 |
</body> |
| 1229 |
</section> |
| 1230 |
<section> |
| 1231 |
<title>Problems with fsck</title> |
| 1232 |
<body> |
| 1233 |
|
| 1234 |
<p> |
| 1235 |
One of the problems with <c>fsck</c> scans is that they can take quite a while |
| 1236 |
to complete, since the entirety of a filesystem's metadata (internal data |
| 1237 |
structure) needs to be scanned in order to ensure that it's consistent. With |
| 1238 |
extremely large filesystems, it is not unusual for an exhaustive fsck to take |
| 1239 |
more than an hour. |
| 1240 |
</p> |
| 1241 |
|
| 1242 |
<p> |
| 1243 |
In order to solve this problem, a new type of filesystem was designed, called a |
| 1244 |
journaling filesystem. Journaling filesystems record an on-disk log of recent |
| 1245 |
changes to the filesystem metadata. In the event of a crash, the filesystem |
| 1246 |
driver inspects the log. Because the log contains an accurate account of recent |
| 1247 |
changes on disk, only these parts of the filesystem metadata need to be checked |
| 1248 |
for errors. Thanks to this important design difference, checking a journalled |
| 1249 |
filesystem for consistency typically takes just a matter of seconds, regardless |
| 1250 |
of filesystem size. For this reason, journaling filesystems are gaining |
| 1251 |
popularity in the Linux community. For more information on journaling |
| 1252 |
filesystems, see the <uri |
| 1253 |
link="http://www-106.ibm.com/developerworks/library/l-fs.html">Advanced |
| 1254 |
filesystem implementor's guide, part 1: Journaling and ReiserFS</uri>. |
| 1255 |
</p> |
| 1256 |
|
| 1257 |
<p> |
| 1258 |
Let's cover the major filesystems available for Linux, along with their |
| 1259 |
associated commands and options. |
| 1260 |
</p> |
| 1261 |
|
| 1262 |
</body> |
| 1263 |
</section> |
| 1264 |
<section> |
| 1265 |
<title>The ext2 filesystem</title> |
| 1266 |
<body> |
| 1267 |
|
| 1268 |
<p> |
| 1269 |
The ext2 filesystem has been the standard Linux filesystem for many years. It |
| 1270 |
has generally good performance for most applications, but it does not offer any |
| 1271 |
journaling capability. This makes it unsuitable for very large filesystems, |
| 1272 |
since <c>fsck</c> can take an extremely long time. In addition, ext2 has some |
| 1273 |
built-in limitations due to the fact that every ext2 filesystem has a fixed |
| 1274 |
number of inodes that it can hold. That being said, ext2 is generally |
| 1275 |
considered to be an extremely robust and efficient non-journalled filesystem. |
| 1276 |
</p> |
| 1277 |
|
| 1278 |
<ul> |
| 1279 |
<li>In kernels: 2.0+</li> |
| 1280 |
<li>journaling: no</li> |
| 1281 |
<li>mkfs command: mke2fs</li> |
| 1282 |
<li>mkfs example: mke2fs /dev/hdc7</li> |
| 1283 |
<li>related commands: debugfs, tune2fs, chattr</li> |
| 1284 |
<li>performance-related mount options: noatime.</li> |
| 1285 |
</ul> |
| 1286 |
|
| 1287 |
</body> |
| 1288 |
</section> |
| 1289 |
<section> |
| 1290 |
<title>The ext3 filesystem</title> |
| 1291 |
<body> |
| 1292 |
|
| 1293 |
<p> |
| 1294 |
The ext3 filesystem uses the same on-disk format as ext2, but adds journaling |
| 1295 |
capabilities. In fact, of all the Linux filesystems, ext3 has the most |
| 1296 |
extensive journaling support, supporting not only metadata journaling but also |
| 1297 |
ordered journaling (the default) and full metadata+data journaling. These |
| 1298 |
"special" journaling modes help to ensure data integrity, not just short fscks |
| 1299 |
like other journaling implementations. For this reason, ext3 is the best |
| 1300 |
filesystem to use if data integrity is an absolute first priority. However, |
| 1301 |
these data integrity features do impact performance somewhat. In addition, |
| 1302 |
because ext3 uses the same on-disk format as ext2, it still suffers from the |
| 1303 |
same scalability limitations as its non-journalled cousin. Ext3 is a good |
| 1304 |
choice if you're looking for a good general-purpose journalled filesystem that |
| 1305 |
is also very robust. |
| 1306 |
</p> |
| 1307 |
|
| 1308 |
<ul> |
| 1309 |
<li>In kernels: 2.4.16+</li> |
| 1310 |
<li>journaling: metadata, ordered data writes, full metadata+data</li> |
| 1311 |
<li>mkfs command: mke2fs -j</li> |
| 1312 |
<li>mkfs example: mke2fs -j /dev/hdc7</li> |
| 1313 |
<li>related commands: debugfs, tune2fs, chattr</li> |
| 1314 |
<li>performance-related mount options: noatime</li> |
| 1315 |
<li> |
| 1316 |
other mount options: |
| 1317 |
<ul> |
| 1318 |
<li>data=writeback (disable journaling)</li> |
| 1319 |
<li> |
| 1320 |
data=ordered (the default, metadata journaling and data is written out |
| 1321 |
to disk with metadata) |
| 1322 |
</li> |
| 1323 |
<li> |
| 1324 |
data=journal (full data journaling for data and metadata integrity. Halves |
| 1325 |
write performance.) |
| 1326 |
</li> |
| 1327 |
</ul> |
| 1328 |
</li> |
| 1329 |
<li> |
| 1330 |
ext3 resources: |
| 1331 |
<ul> |
| 1332 |
<li> |
| 1333 |
<uri |
| 1334 |
link="http://www.zip.com.au/~akpm/linux/ext3/">Andrew Morton's ext3 |
| 1335 |
page</uri> |
| 1336 |
</li> |
| 1337 |
<li> |
| 1338 |
<uri |
| 1339 |
link="http://www.zip.com.au/~akpm/linux/ext3/ext3-usage.html">Andrew |
| 1340 |
Morton's excellent ext3 usage documentation (recommended)</uri> |
| 1341 |
</li> |
| 1342 |
<li> |
| 1343 |
<uri |
| 1344 |
link="http://www-106.ibm.com/developerworks/linux/library/l-fs7/"># |
| 1345 |
Advanced filesystem implementor's guide, part 7: Introducing ext3</uri> |
| 1346 |
</li> |
| 1347 |
<li> |
| 1348 |
<uri |
| 1349 |
link="http://www.gentoo.org/doc/en/articles/l-afig-p8.xml">Advanced |
| 1350 |
filesystem implementor's guide, part 8: Surprises in ext3.</uri> |
| 1351 |
</li> |
| 1352 |
</ul> |
| 1353 |
</li> |
| 1354 |
</ul> |
| 1355 |
|
| 1356 |
</body> |
| 1357 |
</section> |
| 1358 |
<section> |
| 1359 |
<title>The ReiserFS filesystem</title> |
| 1360 |
<body> |
| 1361 |
|
| 1362 |
<p> |
| 1363 |
ReiserFS is a relatively new filesystem that has been designed with the goal of |
| 1364 |
providing very good small file performance, very good general performance and |
| 1365 |
being very scalable. In general, ReiserFS offers very good performance in most |
| 1366 |
all situations. ReiserFS is preferred by many for its speed and scalability. |
| 1367 |
</p> |
| 1368 |
|
| 1369 |
<ul> |
| 1370 |
<li>In kernels: 2.4.0+ (2.4.18+ strongly recommended)</li> |
| 1371 |
<li>journaling: metadata</li> |
| 1372 |
<li>mkfs command: mkreiserfs</li> |
| 1373 |
<li>mkfs example: mkreiserfs /dev/hdc7</li> |
| 1374 |
<li>performance-related mount options: noatime, notail</li> |
| 1375 |
<li> |
| 1376 |
ReiserFS Resources: |
| 1377 |
<ul> |
| 1378 |
<li><uri link="http://www.namesys.com/">The home of ReiserFS</uri></li> |
| 1379 |
<li> |
| 1380 |
<uri |
| 1381 |
link="http://www-106.ibm.com/developerworks/library/l-fs.html">Advanced |
| 1382 |
filesystem implementor's guide, part 1: Journaling and ReiserFS</uri> |
| 1383 |
</li> |
| 1384 |
<li> |
| 1385 |
<uri |
| 1386 |
link="http://www-106.ibm.com/developerworks/library/l-fs2.html">Advanced |
| 1387 |
filesystem implementor's guide, part 2: Using ReiserFS and Linux |
| 1388 |
2.4.</uri> |
| 1389 |
</li> |
| 1390 |
</ul> |
| 1391 |
</li> |
| 1392 |
</ul> |
| 1393 |
|
| 1394 |
</body> |
| 1395 |
</section> |
| 1396 |
<section> |
| 1397 |
<title>The XFS filesystem</title> |
| 1398 |
<body> |
| 1399 |
|
| 1400 |
<p> |
| 1401 |
The XFS filesystem is an enterprise-class journaling filesystem being ported to |
| 1402 |
Linux by SGI. XFS is a full-featured, scalable, journaled file-system that is a |
| 1403 |
good match for high-end, reliable hardware (since it relies heavily on caching |
| 1404 |
data in RAM.) but not a good match for low-end hardware. |
| 1405 |
</p> |
| 1406 |
|
| 1407 |
<ul> |
| 1408 |
<li>In kernels: 2.5.34+ only, requires patch for 2.4 series</li> |
| 1409 |
<li>journaling: metadata</li> |
| 1410 |
<li>mkfs command: mkfs.xfs</li> |
| 1411 |
<li>mkfs example: mkfs.xfs /dev/hdc7</li> |
| 1412 |
<li>performance-related mount options: noatime</li> |
| 1413 |
<li> |
| 1414 |
XFS Resources: |
| 1415 |
<ul> |
| 1416 |
<li> |
| 1417 |
<uri |
| 1418 |
link="http://oss.sgi.com/projects/xfs/">The home of XFS (sgi.com)</uri> |
| 1419 |
</li> |
| 1420 |
<li> |
| 1421 |
<uri |
| 1422 |
link="http://www-106.ibm.com/developerworks/library/l-fs9.html">Advanced |
| 1423 |
filesystem implementor's guide, part 9: Introducing XFS</uri> |
| 1424 |
</li> |
| 1425 |
<li> |
| 1426 |
<uri |
| 1427 |
link="http://www-106.ibm.com/developerworks/library/l-fs10.html">Advanced |
| 1428 |
filesystem implementor's guide, part 10: Deploying XFS.</uri> |
| 1429 |
</li> |
| 1430 |
</ul> |
| 1431 |
</li> |
| 1432 |
</ul> |
| 1433 |
|
| 1434 |
</body> |
| 1435 |
</section> |
| 1436 |
<section> |
| 1437 |
<title>The JFS filesystem</title> |
| 1438 |
<body> |
| 1439 |
|
| 1440 |
<p> |
| 1441 |
JFS is a high-performance journaling filesystem ported to Linux by IBM. JFS is |
| 1442 |
used by IBM enterprise servers and is designed for high-performance |
| 1443 |
applications. You can learn more about JFS at <uri |
| 1444 |
link="http://www-124.ibm.com/developerworks/oss/jfs/index.html">the JFS project |
| 1445 |
Web site</uri>. |
| 1446 |
</p> |
| 1447 |
|
| 1448 |
<ul> |
| 1449 |
<li>In kernels: 2.4.20+</li> |
| 1450 |
<li>journaling: metadata</li> |
| 1451 |
<li>mkfs command: mkfs.jfs</li> |
| 1452 |
<li>mkfs example: mkfs.jfs /dev/hdc7</li> |
| 1453 |
<li>performance-related mount options: noatime</li> |
| 1454 |
<li> |
| 1455 |
JFS Resources: <uri |
| 1456 |
link="http://www-124.ibm.com/developerworks/oss/jfs/index.html">the JFS |
| 1457 |
project Web site (IBM).</uri> |
| 1458 |
</li> |
| 1459 |
</ul> |
| 1460 |
|
| 1461 |
</body> |
| 1462 |
</section> |
| 1463 |
<section> |
| 1464 |
<title>VFAT</title> |
| 1465 |
<body> |
| 1466 |
|
| 1467 |
<p> |
| 1468 |
The VFAT filesystem isn't really a filesystem that you would choose for storing |
| 1469 |
Linux files. Instead, it's a DOS-compatible filesystem driver that allows you |
| 1470 |
to mount and exchange data with DOS and Windows FAT-based filesystems. The VFAT |
| 1471 |
filesystem driver is present in the standard Linux kernel. |
| 1472 |
</p> |
| 1473 |
|
| 1474 |
</body> |
| 1475 |
</section> |
| 1476 |
</chapter> |
| 1477 |
|
| 1478 |
<chapter> |
| 1479 |
<title>Booting the system</title> |
| 1480 |
<section> |
| 1481 |
<title>About this section</title> |
| 1482 |
<body> |
| 1483 |
|
| 1484 |
<p> |
| 1485 |
This section introduces the Linux boot procedure. We'll cover the concept of a |
| 1486 |
boot loader, how to set kernel options at boot, and how to examine the boot log |
| 1487 |
for errors. |
| 1488 |
</p> |
| 1489 |
|
| 1490 |
</body> |
| 1491 |
</section> |
| 1492 |
<section> |
| 1493 |
<title>The MBR</title> |
| 1494 |
<body> |
| 1495 |
|
| 1496 |
<p> |
| 1497 |
The boot process is similar for all machines, regardless of which distribution |
| 1498 |
is installed. Consider the following example hard disk: |
| 1499 |
</p> |
| 1500 |
|
| 1501 |
<pre caption="Structure of a hard disk"> |
| 1502 |
+----------------+ |
| 1503 |
| MBR | |
| 1504 |
+----------------+ |
| 1505 |
| Partition 1: | |
| 1506 |
| Linux root (/) | |
| 1507 |
| containing | |
| 1508 |
| kernel and | |
| 1509 |
| system. | |
| 1510 |
+----------------+ |
| 1511 |
| Partition 2: | |
| 1512 |
| Linux swap | |
| 1513 |
+----------------+ |
| 1514 |
| Partition 3: | |
| 1515 |
| Windows 3.0 | |
| 1516 |
| (last booted | |
| 1517 |
| in 1992) | |
| 1518 |
+----------------+ |
| 1519 |
</pre> |
| 1520 |
|
| 1521 |
<p> |
| 1522 |
First, the computer's BIOS reads the first few sectors of your hard disk. These |
| 1523 |
sectors contain a very small program, called the "Master Boot Record," or |
| 1524 |
"MBR." The MBR has stored the location of the Linux kernel on the hard disk |
| 1525 |
(partition 1 in the example above), so it loads the kernel into memory and |
| 1526 |
starts it. |
| 1527 |
</p> |
| 1528 |
|
| 1529 |
</body> |
| 1530 |
</section> |
| 1531 |
<section> |
| 1532 |
<title>The kernel boot process</title> |
| 1533 |
<body> |
| 1534 |
|
| 1535 |
<p> |
| 1536 |
The next thing you see (although it probably flashes by quickly) is a line |
| 1537 |
similar to the following: |
| 1538 |
</p> |
| 1539 |
|
| 1540 |
<pre caption="Boot process line"> |
| 1541 |
Linux version 2.4.16 (root@×××××××××××××.org) (gcc version 2.95.3 20010315 (release)) #1 Sat Jan 12 19:23:04 EST 2002 |
| 1542 |
</pre> |
| 1543 |
|
| 1544 |
<p> |
| 1545 |
This is the first line printed by the kernel when it starts running. The first |
| 1546 |
part is the kernel version, followed by the identification of the user that |
| 1547 |
built the kernel (usually root), the compiler that built it, and the timestamp |
| 1548 |
when it was built. |
| 1549 |
</p> |
| 1550 |
|
| 1551 |
<p> |
| 1552 |
Following that line is a whole slew of output from the kernel regarding the |
| 1553 |
hardware in your system: the processor, PCI bus, disk controller, disks, serial |
| 1554 |
ports, floppy drive, USB devices, network adapters, sound cards, and possibly |
| 1555 |
others will each in turn report their status. |
| 1556 |
</p> |
| 1557 |
|
| 1558 |
</body> |
| 1559 |
</section> |
| 1560 |
<section> |
| 1561 |
<title>/sbin/init</title> |
| 1562 |
<body> |
| 1563 |
|
| 1564 |
<p> |
| 1565 |
When the kernel finishes loading, it starts a program called <c>init</c>. This |
| 1566 |
program remains running until the system is shut down. It is always assigned |
| 1567 |
process ID 1, as you can see: |
| 1568 |
</p> |
| 1569 |
|
| 1570 |
<pre caption="init process ID"> |
| 1571 |
$ <i>ps --pid 1</i> |
| 1572 |
PID TTY TIME CMD |
| 1573 |
1 ? 00:00:04 init.system |
| 1574 |
</pre> |
| 1575 |
|
| 1576 |
<p> |
| 1577 |
The <c>init</c> program boots the rest of your distribution by running a series |
| 1578 |
of scripts. These scripts typically live in <path>/etc/rc.d/init.d</path> or |
| 1579 |
<path>/etc/init.d</path>, and they perform services such as setting the |
| 1580 |
system's hostname, checking the filesystem for errors, mounting additional |
| 1581 |
filesystems, enabling networking, starting print services, etc. When the |
| 1582 |
scripts complete, <c>init</c> starts a program called <c>getty</c> which |
| 1583 |
displays the login prompt, and you're good to go! |
| 1584 |
</p> |
| 1585 |
|
| 1586 |
</body> |
| 1587 |
</section> |
| 1588 |
<section> |
| 1589 |
<title>Digging in: LILO</title> |
| 1590 |
<body> |
| 1591 |
|
| 1592 |
<p> |
| 1593 |
Now that we've taken a quick tour through the booting process, let's look more |
| 1594 |
closely at the first part: the MBR and loading the kernel. The maintenance of |
| 1595 |
the MBR is the responsibility of the "boot loader." The two most popular boot |
| 1596 |
loaders for x86-based Linux are "LILO" (LInux LOader) and "GRUB" (GRand Unified |
| 1597 |
Bootloader). |
| 1598 |
</p> |
| 1599 |
|
| 1600 |
<p> |
| 1601 |
Of the two, LILO is the older and more common boot loader. LILO's presence on |
| 1602 |
your system is reported at boot, with the short "LILO boot:" prompt. Note that |
| 1603 |
you may need to hold down the shift key during boot to get the prompt, since |
| 1604 |
often a system is configured to whiz straight through without stopping. |
| 1605 |
</p> |
| 1606 |
|
| 1607 |
<p> |
| 1608 |
There's not much fanfare at the LILO prompt, but if you press the <tab> |
| 1609 |
key, you'll be presented with a list of potential kernels (or other operating |
| 1610 |
systems) to boot. Often there's only one in the list. You can boot one of them |
| 1611 |
by typing it and pressing <enter>. Alternatively you can simply press |
| 1612 |
<enter> and the first item on the list will boot by default. |
| 1613 |
</p> |
| 1614 |
|
| 1615 |
</body> |
| 1616 |
</section> |
| 1617 |
<section> |
| 1618 |
<title>Using LILO</title> |
| 1619 |
<body> |
| 1620 |
|
| 1621 |
<p> |
| 1622 |
Occasionally you may want to pass an option to the kernel at boot time. Some of |
| 1623 |
the more common options are <c>root=</c> to specify an alternative root |
| 1624 |
filesystem, <c>init=</c> to specify an alternative init program (such as |
| 1625 |
<c>init=/bin/sh</c> to rescue a misconfigured system), and <c>mem=</c> to |
| 1626 |
specify the amount of memory in the system (for example <c>mem=512M</c> in the |
| 1627 |
case that Linux only autodetects 128M). You could pass these to the kernel at |
| 1628 |
the LILO boot prompt: |
| 1629 |
</p> |
| 1630 |
|
| 1631 |
<pre caption="LILO boot prompt"> |
| 1632 |
LILO boot: linux root=/dev/hdb2 init=/bin/sh mem=512M |
| 1633 |
</pre> |
| 1634 |
|
| 1635 |
<p> |
| 1636 |
If you need to regularly specify command-line options, you might consider |
| 1637 |
adding them to <path>/etc/lilo.conf</path>. The format of that file is |
| 1638 |
described in the <path>lilo.conf</path>(5) man-page. |
| 1639 |
</p> |
| 1640 |
|
| 1641 |
</body> |
| 1642 |
</section> |
| 1643 |
<section> |
| 1644 |
<title>An important LILO gotcha</title> |
| 1645 |
<body> |
| 1646 |
|
| 1647 |
<p> |
| 1648 |
Before moving on to GRUB, there is an important gotcha to LILO. Whenever you |
| 1649 |
make changes to <path>/etc/lilo.conf</path>, or whenever you install a new |
| 1650 |
kernel, you must run <c>lilo</c>. The <c>lilo</c> program rewrites the MBR to |
| 1651 |
reflect the changes you made, including recording the absolute disk location of |
| 1652 |
the kernel. The example here makes use of the -v flag for verboseness: |
| 1653 |
</p> |
| 1654 |
|
| 1655 |
<pre caption="Using lilo command with -v flag"> |
| 1656 |
# <i>lilo -v</i> |
| 1657 |
LILO version 21.4-4, Copyright (C) 1992-1998 Werner Almesberger |
| 1658 |
'lba32' extensions Copyright (C) 1999,2000 John Coffman |
| 1659 |
|
| 1660 |
Reading boot sector from /dev/hda |
| 1661 |
Merging with /boot/boot.b |
| 1662 |
Mapping message file /boot/message |
| 1663 |
Boot image: /boot/vmlinuz-2.2.16-22 |
| 1664 |
Added linux * |
| 1665 |
/boot/boot.0300 exists - no backup copy made. |
| 1666 |
Writing boot sector. |
| 1667 |
</pre> |
| 1668 |
|
| 1669 |
</body> |
| 1670 |
</section> |
| 1671 |
<section> |
| 1672 |
<title>Digging in: GRUB</title> |
| 1673 |
<body> |
| 1674 |
|
| 1675 |
<p> |
| 1676 |
The GRUB boot loader could be considered the next generation of boot loader, |
| 1677 |
following LILO. Most visibly to users, it provides a menu interface instead of |
| 1678 |
LILO's primitive prompt. For system administrators, the changes are more |
| 1679 |
significant. GRUB supports more operating systems than LILO, provides some |
| 1680 |
password-based security in the boot menu, and is easier to administer. |
| 1681 |
</p> |
| 1682 |
|
| 1683 |
<p> |
| 1684 |
GRUB is usually installed with the <c>grub-install</c> command. Once installed, |
| 1685 |
GRUB's menu is administrated by editing the file |
| 1686 |
<path>/boot/grub/grub.conf</path>. Both of these tasks are beyond the scope of |
| 1687 |
this document; you should read the GRUB info pages before attempting to install |
| 1688 |
or administrate GRUB. |
| 1689 |
</p> |
| 1690 |
|
| 1691 |
</body> |
| 1692 |
</section> |
| 1693 |
<section> |
| 1694 |
<title>Using GRUB</title> |
| 1695 |
<body> |
| 1696 |
|
| 1697 |
<p> |
| 1698 |
To give parameters to the kernel, you can press <c>e</c> at the boot menu. This |
| 1699 |
provides you with the opportunity to edit (by again pressing <c>e</c>) either |
| 1700 |
the name of the kernel to load or the parameters passed to it. When you're |
| 1701 |
finished editing, press <enter> then <c>b</c> to boot with your changes. |
| 1702 |
</p> |
| 1703 |
|
| 1704 |
</body> |
| 1705 |
</section> |
| 1706 |
<section> |
| 1707 |
<title>dmesg</title> |
| 1708 |
<body> |
| 1709 |
|
| 1710 |
<p> |
| 1711 |
The boot messages from the kernel and init scripts typically scroll by quickly. |
| 1712 |
You might notice an error, but it's gone before you can properly read it. In |
| 1713 |
that case, there are two places you can look after the system boots to see what |
| 1714 |
went wrong (and hopefully get an idea how to fix it). |
| 1715 |
</p> |
| 1716 |
|
| 1717 |
<p> |
| 1718 |
If the error occurred while the kernel was loading or probing hardware devices, |
| 1719 |
you can retrieve a copy of the kernel's log using the <c>dmesg</c> command: |
| 1720 |
</p> |
| 1721 |
|
| 1722 |
<pre caption="Retrieving kernel's log using dmesg command"> |
| 1723 |
Linux version 2.4.16 (root@×××××××××××××.org) (gcc version 2.95.3 20010315 (release)) #1 Sat Jan 12 19:23:04 EST 2002 |
| 1724 |
</pre> |
| 1725 |
|
| 1726 |
<p> |
| 1727 |
Hey, we recognize that line! It's the first line the kernel prints when it |
| 1728 |
loads. Indeed, if you pipe the output of <c>dmesg</c> into a pager, you can |
| 1729 |
view all of the messages the kernel printed on boot, plus any messages the |
| 1730 |
kernel has printed to the console in the meantime. |
| 1731 |
</p> |
| 1732 |
|
| 1733 |
</body> |
| 1734 |
</section> |
| 1735 |
<section> |
| 1736 |
<title>/var/log/messages</title> |
| 1737 |
<body> |
| 1738 |
|
| 1739 |
<p> |
| 1740 |
The second place to look for information is in the |
| 1741 |
<path>/var/log/messages</path> file. This file is recorded by the syslog |
| 1742 |
daemon, which accepts input from libraries, daemons, and the kernel. Each line |
| 1743 |
in the messages file is timestamped. This file is a good place to look for |
| 1744 |
errors that occurred during the init scripts stage of booting. For example, to |
| 1745 |
see the last few messages from the nameserver: |
| 1746 |
</p> |
| 1747 |
|
| 1748 |
<pre caption="greping /var/log/messages file"> |
| 1749 |
# <i>grep named /var/log/messages | tail -3</i> |
| 1750 |
Jan 12 20:17:41 time /usr/sbin/named[350]: listening on IPv4 interface lo, 127.0.0.1#53 |
| 1751 |
Jan 12 20:17:41 time /usr/sbin/named[350]: listening on IPv4 interface eth0, 10.0.0.1#53 |
| 1752 |
Jan 12 20:17:41 time /usr/sbin/named[350]: running |
| 1753 |
</pre> |
| 1754 |
|
| 1755 |
</body> |
| 1756 |
</section> |
| 1757 |
<section> |
| 1758 |
<title>Additional information</title> |
| 1759 |
<body> |
| 1760 |
|
| 1761 |
<p> |
| 1762 |
Additional information related to this section can be found here: |
| 1763 |
</p> |
| 1764 |
|
| 1765 |
<ul> |
| 1766 |
<li> |
| 1767 |
Tutorial: <uri |
| 1768 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxgrub-i.html">Getting |
| 1769 |
to know GRUB</uri> |
| 1770 |
</li> |
| 1771 |
<li><uri link="http://en.tldp.org/HOWTO/LILO.html">LILO Mini-HOWTO</uri></li> |
| 1772 |
<li><uri link="http://www.gnu.org/software/grub/">GRUB home</uri></li> |
| 1773 |
<li> |
| 1774 |
Kernel command-line options in |
| 1775 |
<path>/usr/src/linux/Documentation/kernel-parameters.txt</path>. |
| 1776 |
</li> |
| 1777 |
</ul> |
| 1778 |
|
| 1779 |
</body> |
| 1780 |
</section> |
| 1781 |
</chapter> |
| 1782 |
|
| 1783 |
<chapter> |
| 1784 |
<title>Runlevels</title> |
| 1785 |
<section> |
| 1786 |
<title>Single-user mode</title> |
| 1787 |
<body> |
| 1788 |
|
| 1789 |
<p> |
| 1790 |
Recall from the section regarding boot loaders that it's possible to pass |
| 1791 |
parameters to the kernel when it boots. One of the most often used parameters |
| 1792 |
is <c>s</c>, which causes the system to start in "single-user" mode. This mode |
| 1793 |
usually mounts only the root filesystem, starts a minimal subset of the init |
| 1794 |
scripts, and starts a shell rather than providing a login prompt. |
| 1795 |
Additionally, networking is not configured, so there is no chance of external |
| 1796 |
factors affecting your work. |
| 1797 |
</p> |
| 1798 |
|
| 1799 |
</body> |
| 1800 |
</section> |
| 1801 |
<section> |
| 1802 |
<title>Understanding single-user mode</title> |
| 1803 |
<body> |
| 1804 |
|
| 1805 |
<p> |
| 1806 |
So what "work" can be done with the system in such a state? To answer this |
| 1807 |
question, we have to realize a vast difference between Linux and Windows. |
| 1808 |
Windows is designed to normally be used by one person at a time, sitting at the |
| 1809 |
console. It is effectively always in "single-user" mode. Linux, on the other |
| 1810 |
hand, is used more often to serve network applications, or provide shell or X |
| 1811 |
sessions to remote users on the network. These additional variables are not |
| 1812 |
desirable when you want to perform maintenance operations such as restoring |
| 1813 |
from backup, creating or modifying filesystems, upgrading the system from CD, |
| 1814 |
etc. In these cases you should use single-user mode. |
| 1815 |
</p> |
| 1816 |
|
| 1817 |
</body> |
| 1818 |
</section> |
| 1819 |
<section> |
| 1820 |
<title>Runlevels</title> |
| 1821 |
<body> |
| 1822 |
|
| 1823 |
<p> |
| 1824 |
In fact, it's not actually necessary to reboot in order to reach single-user |
| 1825 |
mode. The <c>init</c> program manages the current mode, or "runlevel," for the |
| 1826 |
system. The standard runlevels for a Linux system are defined as follows: |
| 1827 |
</p> |
| 1828 |
|
| 1829 |
<ul> |
| 1830 |
<li>0: Halt the computer</li> |
| 1831 |
<li>1 or s: Single-user mode</li> |
| 1832 |
<li>2: Multi-user, no network</li> |
| 1833 |
<li>3: Multi-user, text console</li> |
| 1834 |
<li>4: Multi-user, graphical console</li> |
| 1835 |
<li>5: same as 4</li> |
| 1836 |
<li>6: Reboot the computer.</li> |
| 1837 |
</ul> |
| 1838 |
|
| 1839 |
<p> |
| 1840 |
These runlevels vary between distributions, so be sure to consult your distro's |
| 1841 |
documentation. |
| 1842 |
</p> |
| 1843 |
|
| 1844 |
</body> |
| 1845 |
</section> |
| 1846 |
<section> |
| 1847 |
<title>telinit</title> |
| 1848 |
<body> |
| 1849 |
|
| 1850 |
<p> |
| 1851 |
To change to single-user mode, use the <c>telinit</c> command, which instructs |
| 1852 |
<c>init</c> to change runlevels: |
| 1853 |
</p> |
| 1854 |
|
| 1855 |
<pre caption="Using telinit command"> |
| 1856 |
# <i>telinit 1</i> |
| 1857 |
</pre> |
| 1858 |
|
| 1859 |
<p> |
| 1860 |
You can see from the table above that you can also shutdown or reboot the |
| 1861 |
system in this manner. <c>telinit 0</c> will halt the computer; <c>telinit |
| 1862 |
6</c> will reboot the computer. When you issue the <c>telinit</c> command to |
| 1863 |
change runlevels, a subset of the <c>init</c> scripts will run to either shut |
| 1864 |
down or start up system services. |
| 1865 |
</p> |
| 1866 |
|
| 1867 |
</body> |
| 1868 |
</section> |
| 1869 |
<section> |
| 1870 |
<title>Runlevel etiquette</title> |
| 1871 |
<body> |
| 1872 |
|
| 1873 |
<p> |
| 1874 |
However, note that this is rather rude if there are users on the system at the |
| 1875 |
time (who may be quite angry with you). The <c>shutdown</c> command provides a |
| 1876 |
method for changing runlevels in a way that treats users reasonably. Similarly |
| 1877 |
to the <c>kill</c> command's ability to send a variety of signals to a process, |
| 1878 |
<c>shutdown</c> can be used to halt, reboot, or change to single-user mode. For |
| 1879 |
example, to change to single-user mode in 5 minutes: |
| 1880 |
</p> |
| 1881 |
|
| 1882 |
<pre caption="Changing to single-user mode with 5 minutes delay"> |
| 1883 |
# <i>shutdown 5</i> |
| 1884 |
Broadcast message from root (pts/2) (Tue Jan 15 19:40:02 2002): |
| 1885 |
The system is going DOWN to maintenance mode in 5 minutes! |
| 1886 |
</pre> |
| 1887 |
|
| 1888 |
<p> |
| 1889 |
If you press <control-c> at this point, you can cancel the pending switch |
| 1890 |
to single-user mode. The message above would appear on all terminals on the |
| 1891 |
system, so users have a reasonable amount of time to save their work and log |
| 1892 |
off. (Some might argue whether or not 5 minutes is "reasonable") |
| 1893 |
</p> |
| 1894 |
|
| 1895 |
</body> |
| 1896 |
</section> |
| 1897 |
<section> |
| 1898 |
<title>"Now" and halt</title> |
| 1899 |
<body> |
| 1900 |
|
| 1901 |
<p> |
| 1902 |
If you're the only person on the system, you can use "now" instead of an |
| 1903 |
argument in minutes. For example, to reboot the system right now: |
| 1904 |
</p> |
| 1905 |
|
| 1906 |
<pre caption="Using shutdown command with now option"> |
| 1907 |
# <i>shutdown -r now</i> |
| 1908 |
</pre> |
| 1909 |
|
| 1910 |
<p> |
| 1911 |
No chance to hit <control-c> in this case; the system is already on its |
| 1912 |
way down. Finally, the -h option halts the system: |
| 1913 |
</p> |
| 1914 |
|
| 1915 |
<pre caption="Halting the system"> |
| 1916 |
# <i>shutdown -h 1</i> |
| 1917 |
Broadcast message from root (pts/2) (Tue Jan 15 19:50:58 2002): |
| 1918 |
The system is going DOWN for system halt in 1 minute! |
| 1919 |
</pre> |
| 1920 |
|
| 1921 |
</body> |
| 1922 |
</section> |
| 1923 |
<section> |
| 1924 |
<title>The default runlevel</title> |
| 1925 |
<body> |
| 1926 |
|
| 1927 |
<p> |
| 1928 |
You've probably gathered at this point that the <c>init</c> program is quite |
| 1929 |
important on a Linux system. You can configure <c>init</c> by editing the file |
| 1930 |
<path>/etc/initttab</path>, which is described in the inittab(5) man-page. |
| 1931 |
We'll just touch on one key line in this file: |
| 1932 |
</p> |
| 1933 |
|
| 1934 |
<pre caption="Editing init configuration file"> |
| 1935 |
# <i>grep ^id: /etc/inittab</i> |
| 1936 |
id:3:initdefault: |
| 1937 |
</pre> |
| 1938 |
|
| 1939 |
<p> |
| 1940 |
On my system, runlevel 3 is the default runlevel. It can be useful to change |
| 1941 |
this value if you prefer your system to boot immediately into a graphical login |
| 1942 |
(usually runlevel 4 or 5). To do so, simply edit the file and change the value |
| 1943 |
on that line. But be careful! If you change it to something invalid, you'll |
| 1944 |
probably have to employ the <c>init=/bin/sh</c> trick we mentioned earlier. |
| 1945 |
</p> |
| 1946 |
|
| 1947 |
</body> |
| 1948 |
</section> |
| 1949 |
<section> |
| 1950 |
<title>Additional information</title> |
| 1951 |
<body> |
| 1952 |
|
| 1953 |
<p> |
| 1954 |
Additional information related to this section can be found at: |
| 1955 |
</p> |
| 1956 |
|
| 1957 |
<ul> |
| 1958 |
<li> |
| 1959 |
<uri |
| 1960 |
link="http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-init-boot-shutdown-init.html"> |
| 1961 |
Sysvinit docs at Red Hat</uri> |
| 1962 |
</li> |
| 1963 |
<li> |
| 1964 |
<uri link="http://www.linuxdoc.org/LDP/sag/init.html">Linux System |
| 1965 |
Administrator's Guide section on init</uri>. |
| 1966 |
</li> |
| 1967 |
</ul> |
| 1968 |
|
| 1969 |
</body> |
| 1970 |
</section> |
| 1971 |
</chapter> |
| 1972 |
|
| 1973 |
<chapter> |
| 1974 |
<title>Filesystem quotas</title> |
| 1975 |
<section> |
| 1976 |
<title>Introducing quotas</title> |
| 1977 |
<body> |
| 1978 |
|
| 1979 |
<p> |
| 1980 |
Quotas are a feature of Linux that let you track disk usage by user or by |
| 1981 |
group. They're useful for preventing any single user or group from using an |
| 1982 |
unfair portion of a filesystem, or from filling it up altogether. Quotas can |
| 1983 |
only be enabled and managed by the root user. In this section, I'll describe |
| 1984 |
how to set up quotas on your Linux system and manage them effectively. |
| 1985 |
</p> |
| 1986 |
|
| 1987 |
</body> |
| 1988 |
</section> |
| 1989 |
<section> |
| 1990 |
<title>Kernel support</title> |
| 1991 |
<body> |
| 1992 |
|
| 1993 |
<p> |
| 1994 |
Quotas are a feature of the filesystem; therefore, they require kernel support. |
| 1995 |
The first thing you'll need to do is verify that you have quota support in your |
| 1996 |
kernel. You can do this using grep: |
| 1997 |
</p> |
| 1998 |
|
| 1999 |
<pre caption="Checking kernel configuration for quota support"> |
| 2000 |
# <i>cd /usr/src/linux</i> |
| 2001 |
# <i>grep -i quota .config</i> |
| 2002 |
CONFIG_QUOTA=y |
| 2003 |
CONFIG_XFS_QUOTA=y |
| 2004 |
</pre> |
| 2005 |
|
| 2006 |
<p> |
| 2007 |
If this command returns something less conclusive (such as CONFIG_QUOTA is not |
| 2008 |
set) then you should rebuild your kernel to include quota support. This is not |
| 2009 |
a difficult process, but is outside of the scope of this section of the |
| 2010 |
tutorial. If you're unfamiliar with the steps to build and install a new |
| 2011 |
kernel, you might consider referencing this <uri |
| 2012 |
link="/doc/en/articles/linux-kernel-compiling.xml">tutorial</uri>. |
| 2013 |
</p> |
| 2014 |
|
| 2015 |
</body> |
| 2016 |
</section> |
| 2017 |
<section> |
| 2018 |
<title>Filesystem support</title> |
| 2019 |
<body> |
| 2020 |
|
| 2021 |
<p> |
| 2022 |
Before diving into the administration of quotas, please note that quota support |
| 2023 |
on Linux as of the 2.4.x kernel series is not complete. There are currently |
| 2024 |
problems with quotas in the ext2 and ext3 filesystems, and ReiserFS does not |
| 2025 |
appear to support quotas at all. This tutorial bases its examples on XFS, which |
| 2026 |
seems to properly <uri |
| 2027 |
link="http://oss.sgi.com/projects/xfs/faq.html#quotaswork">support |
| 2028 |
quotas</uri>. |
| 2029 |
</p> |
| 2030 |
|
| 2031 |
</body> |
| 2032 |
</section> |
| 2033 |
<section> |
| 2034 |
<title>Configuring quotas</title> |
| 2035 |
<body> |
| 2036 |
|
| 2037 |
<p> |
| 2038 |
To begin configuring quotas on your system, you should edit |
| 2039 |
<path>/etc/fstab</path> to mount the affected filesystems with quotas enabled. |
| 2040 |
For our example, we use an XFS filesystem mounted with user and group quotas |
| 2041 |
enabled: |
| 2042 |
</p> |
| 2043 |
|
| 2044 |
<pre caption="Configuring quotas"> |
| 2045 |
# <i>grep quota /etc/fstab</i> |
| 2046 |
/usr/users /mnt/hdc1 xfs usrquota,grpquota,noauto 0 0 |
| 2047 |
# <i>mount /usr/users</i> |
| 2048 |
</pre> |
| 2049 |
|
| 2050 |
<p> |
| 2051 |
Note that the usrquota and grpquota options don't necessarily enable quotas on |
| 2052 |
a filesystem. You can make sure quotas are enabled using the <c>quotaon</c> |
| 2053 |
command: |
| 2054 |
</p> |
| 2055 |
|
| 2056 |
<pre caption="Enabling quotas"> |
| 2057 |
# <i>quotaon /usr/users</i> |
| 2058 |
</pre> |
| 2059 |
|
| 2060 |
<p> |
| 2061 |
There is a corresponding <c>quotaoff</c> command should you desire to disable |
| 2062 |
quotas in the future: |
| 2063 |
</p> |
| 2064 |
|
| 2065 |
<pre caption="Disabling quotas"> |
| 2066 |
# <i>quotaoff /usr/users</i> |
| 2067 |
</pre> |
| 2068 |
|
| 2069 |
<p> |
| 2070 |
But for the moment, if you're trying some of the examples in this tutorial, be |
| 2071 |
sure to have quotas enabled. |
| 2072 |
</p> |
| 2073 |
|
| 2074 |
</body> |
| 2075 |
</section> |
| 2076 |
<section> |
| 2077 |
<title>The quota command</title> |
| 2078 |
<body> |
| 2079 |
|
| 2080 |
<p> |
| 2081 |
The <c>quota</c> command displays a user's disk usage and limits for all of the |
| 2082 |
filesystems currently mounted. The -v option includes in the list filesystems |
| 2083 |
where quotas are enabled, but no storage is currently allocated to the user. |
| 2084 |
</p> |
| 2085 |
|
| 2086 |
<pre caption="Using quota command"> |
| 2087 |
# <i>quota -v</i> |
| 2088 |
|
| 2089 |
Disk quotas for user root (uid 0): |
| 2090 |
Filesystem blocks quota limit grace files quota limit grace |
| 2091 |
/dev/hdc1 0 0 0 3 0 0 |
| 2092 |
</pre> |
| 2093 |
|
| 2094 |
<p> |
| 2095 |
The first column, blocks, shows how much disk space the root user is currently |
| 2096 |
using on each filesystem listed. The following columns, quota and limit, refer |
| 2097 |
to the limits currently in place for disk space. We will explain the difference |
| 2098 |
between quota and limit, and the meaning of the grace column later on. The |
| 2099 |
files column shows how many files the root user owns on the particular |
| 2100 |
filesystem. The following quota and limit columns refer to the limits for |
| 2101 |
files. |
| 2102 |
</p> |
| 2103 |
|
| 2104 |
</body> |
| 2105 |
</section> |
| 2106 |
<section> |
| 2107 |
<title>Viewing quota</title> |
| 2108 |
<body> |
| 2109 |
|
| 2110 |
<p> |
| 2111 |
Any user can use the <c>quota</c> command to view their own quota report as |
| 2112 |
shown in the previous example. However only the root user can look at the |
| 2113 |
quotas for other users and groups. For example, say we have a filesystem, |
| 2114 |
<path>/dev/hdc1</path> mounted on <path>/usr/users</path>, with two users: jane |
| 2115 |
and john. First, let's look at jane's disk usage and limits. |
| 2116 |
</p> |
| 2117 |
|
| 2118 |
<pre caption="Viewing quota for user"> |
| 2119 |
# <i>quota -v jane</i> |
| 2120 |
|
| 2121 |
Disk quotas for user jane (uid 1003): |
| 2122 |
Filesystem blocks quota limit grace files quota limit grace |
| 2123 |
/dev/hdc1 4100 0 0 6 0 0 |
| 2124 |
</pre> |
| 2125 |
|
| 2126 |
<p> |
| 2127 |
In this example, we see that jane's quotas are set to zero, which indicates no |
| 2128 |
limit. |
| 2129 |
</p> |
| 2130 |
|
| 2131 |
</body> |
| 2132 |
</section> |
| 2133 |
<section> |
| 2134 |
<title>edquota</title> |
| 2135 |
<body> |
| 2136 |
|
| 2137 |
<p> |
| 2138 |
Now let's say we want to give the user jane a quota. We do this with the |
| 2139 |
<c>edquota</c> command. Before we start editing quotas, let's see how much |
| 2140 |
space we have available on <path>/usr/users</path>: |
| 2141 |
</p> |
| 2142 |
|
| 2143 |
<pre caption="Checking available space on /usr/users"> |
| 2144 |
# <i>df /usr/users</i> |
| 2145 |
|
| 2146 |
Filesystem 1k-blocks Used Available Use% Mounted on |
| 2147 |
/dev/hdc1 610048 4276 605772 1% /usr/users |
| 2148 |
</pre> |
| 2149 |
|
| 2150 |
<p> |
| 2151 |
This isn't a particularly large filesystem, only 600MB or so. It seems prudent |
| 2152 |
to give jane a quota so that she can't use more than her fair share. When you |
| 2153 |
run <c>edquota</c>, a temporary file is created for each user or group you |
| 2154 |
specify on the command line. |
| 2155 |
</p> |
| 2156 |
|
| 2157 |
<p> |
| 2158 |
The <c>edquota</c> command puts you in an editor, which enables you to add |
| 2159 |
and/or modify quotas via this temporary file. |
| 2160 |
</p> |
| 2161 |
|
| 2162 |
<pre caption="Modifying quota"> |
| 2163 |
# <i>edquota jane</i> |
| 2164 |
|
| 2165 |
Disk quotas for user jane (uid 1003): |
| 2166 |
Filesystem blocks soft hard inodes soft hard |
| 2167 |
/dev/hdc1 4100 0 0 6 0 0 |
| 2168 |
</pre> |
| 2169 |
|
| 2170 |
<p> |
| 2171 |
Similar to the output from the <c>quota</c> command above, the blocks and |
| 2172 |
inodes columns in this temporary file refer to the disk space and number of |
| 2173 |
files jane is currently using. You cannot modify the number of blocks or |
| 2174 |
inodes; any attempt to do so will be summarily discarded by the system. The |
| 2175 |
soft and hard columns show jane's quota, which we can see is currently |
| 2176 |
unlimited (again, zero indicates no quota). |
| 2177 |
</p> |
| 2178 |
|
| 2179 |
</body> |
| 2180 |
</section> |
| 2181 |
<section> |
| 2182 |
<title>Understanding edquota</title> |
| 2183 |
<body> |
| 2184 |
|
| 2185 |
<p> |
| 2186 |
The soft limit is the maximum amount of disk usage that jane has allocated to |
| 2187 |
her on the filesystem (in other words, her quota). If jane uses more disk |
| 2188 |
space than is allocated in her soft limit, she will be issued warnings about |
| 2189 |
her quota violation via e-mail. The hard limit indicates the absolute limit on |
| 2190 |
disk usage, which a user can't exceed. If jane tries to use more disk space |
| 2191 |
than is specified in the hard limit, she will get a "Disk quota exceeded" |
| 2192 |
error and will not be able to complete the operation. |
| 2193 |
</p> |
| 2194 |
|
| 2195 |
</body> |
| 2196 |
</section> |
| 2197 |
<section> |
| 2198 |
<title>Making changes</title> |
| 2199 |
<body> |
| 2200 |
|
| 2201 |
<p> |
| 2202 |
So here we change jane's soft and hard limits and save the file: |
| 2203 |
</p> |
| 2204 |
|
| 2205 |
<pre caption="Changed soft and hard limits"> |
| 2206 |
|
| 2207 |
Disk quotas for user jane (uid 1003): |
| 2208 |
Filesystem blocks soft hard inodes soft hard |
| 2209 |
/dev/hdc1 4100 10000 11500 6 2000 2500 |
| 2210 |
</pre> |
| 2211 |
|
| 2212 |
<p> |
| 2213 |
Running the <c>quota</c> command, we can inspect our modifications: |
| 2214 |
</p> |
| 2215 |
|
| 2216 |
<pre caption="Checking quota for user jane"> |
| 2217 |
# <i>quota jane</i> |
| 2218 |
|
| 2219 |
Disk quotas for user jane (uid 1003): |
| 2220 |
Filesystem blocks quota limit grace files quota limit grace |
| 2221 |
/dev/hdc1 4100 10000 11500 6 2000 2500 |
| 2222 |
</pre> |
| 2223 |
|
| 2224 |
</body> |
| 2225 |
</section> |
| 2226 |
<section> |
| 2227 |
<title>Copying quotas</title> |
| 2228 |
<body> |
| 2229 |
|
| 2230 |
<p> |
| 2231 |
You'll remember that we also have another user, john, on this filesystem. If |
| 2232 |
we want to give john the same quota as jane, we can use the -p option to |
| 2233 |
<c>edquota</c>, which uses jane's quotas as a prototype for all following users |
| 2234 |
on the command line. This is an easy way to set up quotas for groups of users. |
| 2235 |
</p> |
| 2236 |
|
| 2237 |
<pre caption="Coping quotas"> |
| 2238 |
# <i>edquota -p jane john</i> |
| 2239 |
# <i>quota john</i> |
| 2240 |
|
| 2241 |
Disk quotas for user john (uid 1003): |
| 2242 |
Filesystem blocks quota limit grace files quota limit grace |
| 2243 |
/dev/hdc1 0 10000 11500 1 2000 2500 |
| 2244 |
</pre> |
| 2245 |
|
| 2246 |
</body> |
| 2247 |
</section> |
| 2248 |
<section> |
| 2249 |
<title>Group restrictions</title> |
| 2250 |
<body> |
| 2251 |
|
| 2252 |
<p> |
| 2253 |
We can also use <c>edquota</c> to restrict the allocation of disk space based |
| 2254 |
on the group ownership of files. For example, to edit the quotas for the users |
| 2255 |
group: |
| 2256 |
</p> |
| 2257 |
|
| 2258 |
<pre caption="Editing quotas for the users group"> |
| 2259 |
# <i>edquota -g users</i> |
| 2260 |
Disk quotas for group users (gid 100): Filesystem blocks soft hard inodes soft hard /dev/hdc1 4100 500000 510000 7 100000 125000 |
| 2261 |
</pre> |
| 2262 |
|
| 2263 |
<p> |
| 2264 |
Then to view the modified quotas for the users group: |
| 2265 |
</p> |
| 2266 |
|
| 2267 |
<pre caption="Viewing modified quotas"> |
| 2268 |
# <i>quota -g users</i> |
| 2269 |
Disk quotas for group users (gid 100): Filesystem blocks quota limit grace files quota limit grace /dev/hdc1 4100 500000 510000 7 100000 125000 |
| 2270 |
</pre> |
| 2271 |
|
| 2272 |
</body> |
| 2273 |
</section> |
| 2274 |
<section> |
| 2275 |
<title>The repquota command</title> |
| 2276 |
<body> |
| 2277 |
|
| 2278 |
<p> |
| 2279 |
Looking at each users' quotas using the <c>quota</c> command can be tedious if |
| 2280 |
you have many users on a filesytem. The <c>repquota</c> command summarizes the |
| 2281 |
quotas for a filesystem into a nice report. For example, to see the quotas for |
| 2282 |
all users and groups on <path>/usr/users</path>: |
| 2283 |
</p> |
| 2284 |
|
| 2285 |
<pre caption="Summarizing quotas"> |
| 2286 |
# <i>repquota -ug /usr/users</i> |
| 2287 |
*** Report for user quotas on device /dev/hdc1 |
| 2288 |
Block grace time: 7days; Inode grace time: 7days |
| 2289 |
Block limits File limits |
| 2290 |
User used soft hard grace used soft hard grace |
| 2291 |
---------------------------------------------------------------------- |
| 2292 |
root -- 0 0 0 3 0 0 |
| 2293 |
john -- 0 10000 11500 1 2000 2500 |
| 2294 |
jane -- 4100 10000 11500 6 2000 2500 |
| 2295 |
|
| 2296 |
*** Report for group quotas on device /dev/hdc1 |
| 2297 |
Block grace time: 7days; Inode grace time: 7days |
| 2298 |
Block limits File limits |
| 2299 |
Group used soft hard grace used soft hard grace |
| 2300 |
---------------------------------------------------------------------- |
| 2301 |
root -- 0 0 0 3 0 0 |
| 2302 |
users -- 4100 500000 510000 7 100000 125000 |
| 2303 |
</pre> |
| 2304 |
|
| 2305 |
</body> |
| 2306 |
</section> |
| 2307 |
<section> |
| 2308 |
<title>Repquota options</title> |
| 2309 |
<body> |
| 2310 |
|
| 2311 |
<p> |
| 2312 |
There are a couple of other options to repquota that are worth mentioning. |
| 2313 |
<c>repquota -a</c> will report on all currently mounted read-write filesystems |
| 2314 |
that have quotas enabled. <c>repquota -n</c> will not resolve uids and gids to |
| 2315 |
names. This can speed up the output for large lists. |
| 2316 |
</p> |
| 2317 |
|
| 2318 |
</body> |
| 2319 |
</section> |
| 2320 |
<section> |
| 2321 |
<title>Monitoring quotas</title> |
| 2322 |
<body> |
| 2323 |
|
| 2324 |
<p> |
| 2325 |
If you are a system administrator, you will want to have a way to monitor |
| 2326 |
quotas to ensure that they are not being exceeded. An easy way to do this is |
| 2327 |
to use <c>warnquota</c>. The <c>warnquota</c> command sends e-mail to users who |
| 2328 |
have exceeded their soft limit. Typically <c>warnquota</c> is run as a |
| 2329 |
cron-job. |
| 2330 |
</p> |
| 2331 |
|
| 2332 |
<p> |
| 2333 |
When a user exceeds his or her soft limit, the grace column in the output from |
| 2334 |
the <c>quota</c> command will indicate the grace period -- how long before the |
| 2335 |
soft limit is enforced for that filesystem. |
| 2336 |
</p> |
| 2337 |
|
| 2338 |
<pre caption="Checking grace period"> |
| 2339 |
Disk quotas for user jane (uid 1003): |
| 2340 |
Filesystem blocks quota limit grace files quota limit grace |
| 2341 |
/dev/hdc1 10800* 10000 11500 7days 7 2000 2500 |
| 2342 |
</pre> |
| 2343 |
|
| 2344 |
<p> |
| 2345 |
By default, the grace period for blocks and inodes is seven days. |
| 2346 |
</p> |
| 2347 |
|
| 2348 |
</body> |
| 2349 |
</section> |
| 2350 |
<section> |
| 2351 |
<title>Modifying the grace period</title> |
| 2352 |
<body> |
| 2353 |
|
| 2354 |
<p> |
| 2355 |
You can modify the grace period for filesystems using <c>equota</c>: |
| 2356 |
</p> |
| 2357 |
|
| 2358 |
<pre caption="Modyfing grace period"> |
| 2359 |
# <i>edquota -t</i> |
| 2360 |
</pre> |
| 2361 |
|
| 2362 |
<p> |
| 2363 |
This puts you in an editor of a temporary file that looks like this: |
| 2364 |
</p> |
| 2365 |
|
| 2366 |
<pre caption="Looks of a grace editor"> |
| 2367 |
Grace period before enforcing soft limits for users: |
| 2368 |
Time units may be: days, hours, minutes, or seconds |
| 2369 |
Filesystem Block grace period Inode grace period |
| 2370 |
/dev/hdc1 7days 7days |
| 2371 |
</pre> |
| 2372 |
|
| 2373 |
<p> |
| 2374 |
The text in the file is nicely explanatory. Be sure to leave your users enough |
| 2375 |
time to receive their warning e-mail and find some files to delete! |
| 2376 |
</p> |
| 2377 |
|
| 2378 |
</body> |
| 2379 |
</section> |
| 2380 |
<section> |
| 2381 |
<title>Checking quotas on boot</title> |
| 2382 |
<body> |
| 2383 |
|
| 2384 |
<p> |
| 2385 |
You may also want to check quotas on boot. You can do this using a script to |
| 2386 |
run the <c>quotacheck</c> command; there is an example script in the <uri |
| 2387 |
link="http://en.tldp.org/HOWTO/Quota.html">Quota Mini HOWTO</uri>. The |
| 2388 |
<c>quotacheck</c> command also has the ability to repair damaged quota files; |
| 2389 |
familiarize yourself with it by reading the quotacheck(8) man-page. |
| 2390 |
</p> |
| 2391 |
|
| 2392 |
<p> |
| 2393 |
Also remember what we mentioned previously regarding <c>quotaon</c> and |
| 2394 |
<c>quotaoff</c>. You should incorporate <c>quotaon</c> into your boot script so |
| 2395 |
that quotas are enabled. To enable quotas on all filesystems where quotas are |
| 2396 |
supported, use the -a option: |
| 2397 |
</p> |
| 2398 |
|
| 2399 |
<pre caption="Using -a option"> |
| 2400 |
# <i>quotaon -a</i> |
| 2401 |
</pre> |
| 2402 |
|
| 2403 |
</body> |
| 2404 |
</section> |
| 2405 |
</chapter> |
| 2406 |
|
| 2407 |
<chapter> |
| 2408 |
<title>System logs</title> |
| 2409 |
<section> |
| 2410 |
<title>Introducing syslogd</title> |
| 2411 |
<body> |
| 2412 |
|
| 2413 |
<p> |
| 2414 |
The syslog daemon provides a mature client-server mechanism for logging |
| 2415 |
messages from programs running on the system. Syslog receives a message from a |
| 2416 |
daemon or program, categorizes the message by priority and type, then logs it |
| 2417 |
according to administrator-configurable rules. The result is a robust and |
| 2418 |
unified approach to managing logs. |
| 2419 |
</p> |
| 2420 |
|
| 2421 |
</body> |
| 2422 |
</section> |
| 2423 |
<section> |
| 2424 |
<title>Reading logs</title> |
| 2425 |
<body> |
| 2426 |
|
| 2427 |
<p> |
| 2428 |
Let's jump right in and look at the contents of a syslog-recorded log file. |
| 2429 |
Afterward, we can come back to syslog configuration. The FHS (see <uri |
| 2430 |
link="/doc/en/articles/lpi-101-administration-p2.xml">Part 2</uri> of this |
| 2431 |
tutorial series) mandates that log files be placed in <path>/var/log</path>. |
| 2432 |
Here we use the <c>tail</c> command to display the last 10 lines in the |
| 2433 |
"messages" file: |
| 2434 |
</p> |
| 2435 |
|
| 2436 |
<pre caption="Reading logs"> |
| 2437 |
# <i>cd /var/log</i> |
| 2438 |
# <i>tail messages</i> |
| 2439 |
Jan 12 20:17:39 bilbo init: Entering runlevel: 3 |
| 2440 |
Jan 12 20:17:40 bilbo /usr/sbin/named[337]: starting BIND 9.1.3 |
| 2441 |
Jan 12 20:17:40 bilbo /usr/sbin/named[337]: using 1 CPU |
| 2442 |
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: loading configuration from '/etc/bind/named.conf' |
| 2443 |
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: no IPv6 interfaces found |
| 2444 |
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: listening on IPv4 interface lo, 127.0.0.1#53 |
| 2445 |
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: listening on IPv4 interface eth0, 10.0.0.1#53 |
| 2446 |
Jan 12 20:17:41 bilbo /usr/sbin/named[350]: running |
| 2447 |
Jan 12 20:41:58 bilbo gnome-name-server[11288]: starting |
| 2448 |
Jan 12 20:41:58 bilbo gnome-name-server[11288]: name server starting |
| 2449 |
</pre> |
| 2450 |
|
| 2451 |
<p> |
| 2452 |
You may remember from the text-processing whirlwind that the <c>tail</c> |
| 2453 |
command displays the last lines in a file. In this case, we can see that the |
| 2454 |
nameserver named was recently started on this system, which is named bilbo. If |
| 2455 |
we were deploying IPv6, we might notice that named found no IPv6 interfaces, |
| 2456 |
indicating a potential problem. Additionally, we can see that a user may have |
| 2457 |
recently started GNOME, indicated by the presence of gnome-name-server. |
| 2458 |
</p> |
| 2459 |
|
| 2460 |
</body> |
| 2461 |
</section> |
| 2462 |
<section> |
| 2463 |
<title>Tailing log files</title> |
| 2464 |
<body> |
| 2465 |
|
| 2466 |
<p> |
| 2467 |
An experienced system administrator might use <c>tail -f</c> to follow the |
| 2468 |
output to a log file as it occurs: |
| 2469 |
</p> |
| 2470 |
|
| 2471 |
<pre caption="Using tail -f command"> |
| 2472 |
# <i>tail -f /var/log/messages</i> |
| 2473 |
</pre> |
| 2474 |
|
| 2475 |
<p> |
| 2476 |
For example, in the case of debugging our theoretical IPv6 problem, running the |
| 2477 |
above command in one terminal while stopping and starting named would |
| 2478 |
immediately display the messages from that daemon. This can be a useful |
| 2479 |
technique when debugging. Some administrators even like to keep a constantly |
| 2480 |
running <c>tail -f</c> messages in a terminal where they can keep an eye on |
| 2481 |
system events. |
| 2482 |
</p> |
| 2483 |
|
| 2484 |
</body> |
| 2485 |
</section> |
| 2486 |
<section> |
| 2487 |
<title>Grepping logs</title> |
| 2488 |
<body> |
| 2489 |
|
| 2490 |
<p> |
| 2491 |
Another useful technique is to search a log file using the <c>grep</c> utility, |
| 2492 |
described in <uri link="/doc/en/articles/lpi-101-administration-p2.xml">Part |
| 2493 |
2</uri> of this tutorial series. In the above case, we might use grep to find |
| 2494 |
where "named" behavior has changed: |
| 2495 |
</p> |
| 2496 |
|
| 2497 |
<pre caption="Grepping logs"> |
| 2498 |
# <i>grep named /var/log/messages</i> |
| 2499 |
</pre> |
| 2500 |
|
| 2501 |
</body> |
| 2502 |
</section> |
| 2503 |
<section> |
| 2504 |
<title>Log overview</title> |
| 2505 |
<body> |
| 2506 |
|
| 2507 |
<p> |
| 2508 |
The following summarizes the log files typically found in <path>/var/log</path> |
| 2509 |
and maintained by syslog: |
| 2510 |
</p> |
| 2511 |
|
| 2512 |
<ul> |
| 2513 |
<li> |
| 2514 |
<path>messages</path>: Informational and error messages from general system |
| 2515 |
programs and daemons |
| 2516 |
</li> |
| 2517 |
<li> |
| 2518 |
<path>secure</path>: Authentication messages and errors, kept separate from |
| 2519 |
<path>messages</path> for extra security |
| 2520 |
</li> |
| 2521 |
<li><path>maillog</path>: Mail-related messages and errors</li> |
| 2522 |
<li><path>cron</path>: Cron-related messages and errors</li> |
| 2523 |
<li><path>spooler</path>: UUCP and news-related messages and errors.</li> |
| 2524 |
</ul> |
| 2525 |
|
| 2526 |
</body> |
| 2527 |
</section> |
| 2528 |
<section> |
| 2529 |
<title>syslog.conf</title> |
| 2530 |
<body> |
| 2531 |
|
| 2532 |
<p> |
| 2533 |
As a matter of fact, now would be a good time to investigate the syslog |
| 2534 |
configuration file, <path>/etc/syslog.conf</path>. (Note: If you don't have |
| 2535 |
<path>syslog.conf</path>, keep reading for the sake of information, but you may |
| 2536 |
be using an alternative syslog daemon.) Browsing that file, we see there are |
| 2537 |
entries for each of the common log files mentioned above, plus possibly some |
| 2538 |
other entries. The file has the format facility.priority action, where those |
| 2539 |
fields are defined as follows: |
| 2540 |
</p> |
| 2541 |
|
| 2542 |
<p> |
| 2543 |
facility: Specifies the subsystem that produced the message. The valid keywords |
| 2544 |
for facility are auth, authpriv, cron, daemon, kern, lpr, mail, news, syslog, |
| 2545 |
user, uucp and local0 through local7. |
| 2546 |
</p> |
| 2547 |
|
| 2548 |
<p> |
| 2549 |
priority: Specifies the minimum severity of the message, meaning that messages |
| 2550 |
of this priority and higher will be matched by this rule. The valid keywords |
| 2551 |
for priority are debug, info, notice, warning, err, crit, alert, and emerg. |
| 2552 |
</p> |
| 2553 |
|
| 2554 |
<p> |
| 2555 |
action: The action field should be either a filename, tty (such as |
| 2556 |
<path>/dev/console</path>), remote machine prefixed by @ , comma-separated list |
| 2557 |
of users, or to send the message to everybody logged on. The most common action |
| 2558 |
is a simple filename. |
| 2559 |
</p> |
| 2560 |
|
| 2561 |
</body> |
| 2562 |
</section> |
| 2563 |
<section> |
| 2564 |
<title>Reloading and additional information</title> |
| 2565 |
<body> |
| 2566 |
|
| 2567 |
<p> |
| 2568 |
Hopefully this overview of the configuration file helps you to get a feel for |
| 2569 |
the strength of the syslog system. You should read the syslog.conf(5) man-page |
| 2570 |
for more information prior to making changes. Additionally the syslogd(8) |
| 2571 |
man-page supplies lots more detailed information. |
| 2572 |
</p> |
| 2573 |
|
| 2574 |
<p> |
| 2575 |
Note that you need to inform the syslog daemon of changes to the configuration |
| 2576 |
file before they are put into effect. Sending it a SIGHUP is the right method, |
| 2577 |
and you can use the <c>killall</c> command to do this easily: |
| 2578 |
</p> |
| 2579 |
|
| 2580 |
<pre caption="Using killall command"> |
| 2581 |
# <i>killall -HUP syslogd</i> |
| 2582 |
</pre> |
| 2583 |
|
| 2584 |
</body> |
| 2585 |
</section> |
| 2586 |
<section> |
| 2587 |
<title>A security note</title> |
| 2588 |
<body> |
| 2589 |
|
| 2590 |
<p> |
| 2591 |
You should beware that the log files written to by syslogd will be created by |
| 2592 |
the program if they don't exist. Regardless of your current umask setting, the |
| 2593 |
files will be created world-readable. If you're concerned about the security, |
| 2594 |
you should chmod the files to be read-write by root only. Additionally, the |
| 2595 |
<c>logrotate</c> program (described below) can be configured to create new log |
| 2596 |
files with the appropriate permissions. The syslog daemon always preserves the |
| 2597 |
current attributes of an existing log file, so you don't need to worry about it |
| 2598 |
once the file is created. |
| 2599 |
</p> |
| 2600 |
|
| 2601 |
</body> |
| 2602 |
</section> |
| 2603 |
<section> |
| 2604 |
<title>logrotate</title> |
| 2605 |
<body> |
| 2606 |
|
| 2607 |
<p> |
| 2608 |
The log files in <path>/var/log</path> will grow over time, and potentially |
| 2609 |
could fill the filesystem. It is advisable to employ a program such as |
| 2610 |
<c>logrotate</c> to manage the automatic archiving of the logs. The |
| 2611 |
<c>logrotate</c> program usually runs as a daily cron job, and can be |
| 2612 |
configured to rotate, compress, remove, or mail the log files. |
| 2613 |
</p> |
| 2614 |
|
| 2615 |
<p> |
| 2616 |
For example, a default configuration of logrotate might rotate the logs weekly, |
| 2617 |
keeping 4 weeks worth of backlogs (by appending a sequence number to the |
| 2618 |
filename), and compress the backlogs to save space. Additionally, the program |
| 2619 |
can be configured to deliver a SIGHUP to syslogd so that the daemon will notice |
| 2620 |
the now-empty log files and append to them appropriately. |
| 2621 |
</p> |
| 2622 |
|
| 2623 |
<p> |
| 2624 |
For more information on <c>logrotate</c>, see the logrotate(8) man page, which |
| 2625 |
contains a description of the program and the syntax of the configuration file. |
| 2626 |
</p> |
| 2627 |
|
| 2628 |
</body> |
| 2629 |
</section> |
| 2630 |
<section> |
| 2631 |
<title>Advanced topic -- klogd</title> |
| 2632 |
<body> |
| 2633 |
|
| 2634 |
<p> |
| 2635 |
Before moving away from syslog, I'd like to note a couple of advanced topics |
| 2636 |
for ambitious readers. These tips may save you some grief when trying to |
| 2637 |
understand syslog-related topics. |
| 2638 |
</p> |
| 2639 |
|
| 2640 |
<p> |
| 2641 |
First, the syslog daemon is actually part of the sysklogd package, which |
| 2642 |
contains a second daemon called klogd. It's klogd's job to receive information |
| 2643 |
and error messages from the kernel, and pass them on to syslogd for |
| 2644 |
categorization and logging. The messages received by klogd are exactly the same |
| 2645 |
as those you can retrieve using the <c>dmesg</c> command. The difference is |
| 2646 |
that <c>dmesg</c> prints the current contents of a ring buffer in the kernel, |
| 2647 |
whereas klogd is passing the messages to syslogd so that they won't be lost |
| 2648 |
when the ring wraps around. |
| 2649 |
</p> |
| 2650 |
|
| 2651 |
</body> |
| 2652 |
</section> |
| 2653 |
<section> |
| 2654 |
<title>Advanced topic -- alternate loggers</title> |
| 2655 |
<body> |
| 2656 |
|
| 2657 |
<p> |
| 2658 |
Second, there are alternatives to the standard sysklogd package. The |
| 2659 |
alternatives attempt to be more efficient, easier to configure, and possibly |
| 2660 |
more featureful than sysklogd. <uri |
| 2661 |
link="http://www.balabit.hu/en/downloads/syslog-ng/">Syslog-ng</uri> and <uri |
| 2662 |
link="http://metalog.sourceforge.net/">Metalog</uri> seem to be some of the |
| 2663 |
more popular alternatives; you might investigate them if you find sysklogd |
| 2664 |
doesn't provide the level of power you need. |
| 2665 |
</p> |
| 2666 |
|
| 2667 |
<p> |
| 2668 |
Third, you can log messages in your scripts using the logger command. See the |
| 2669 |
logger(1) man page for more information. |
| 2670 |
</p> |
| 2671 |
|
| 2672 |
</body> |
| 2673 |
</section> |
| 2674 |
</chapter> |
| 2675 |
|
| 2676 |
<chapter> |
| 2677 |
<title>Summary and resources</title> |
| 2678 |
<section> |
| 2679 |
<title>Summary</title> |
| 2680 |
<body> |
| 2681 |
|
| 2682 |
<p> |
| 2683 |
Congratulations, you've reached the end of this tutorial! Well, almost. There |
| 2684 |
were a couple of topics that we were unable to include in our first four |
| 2685 |
tutorials due to space limitations. Fortunately, we have a couple of good |
| 2686 |
resources that will help you get up to speed on these topics in no time. Be |
| 2687 |
sure to cover these particular tutorials if you are planning to get your LPIC |
| 2688 |
level 1 certification. |
| 2689 |
</p> |
| 2690 |
|
| 2691 |
<p> |
| 2692 |
We didn't have quite enough room to cover the important topic of system backups |
| 2693 |
in this tutorial. Fortunately, IBM developerWorks already has a tutorial on |
| 2694 |
this subject, called <uri |
| 2695 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxbu-i.html">Backing up |
| 2696 |
your Linux machines</uri>. In this tutorial, you'll learn how to back up Linux |
| 2697 |
systems using a <c>tar</c> variant called star. You'll also learn how to use |
| 2698 |
the <c>mt</c> command to control tape functions. |
| 2699 |
</p> |
| 2700 |
|
| 2701 |
<p> |
| 2702 |
The second topic that we weren't quite able to fit in was periodic scheduling. |
| 2703 |
Fortunately, there's some good <uri |
| 2704 |
link="http://www.ussg.iu.edu/usail/automation/cron.html">cron |
| 2705 |
documentation</uri> available at Indiana University. <c>cron</c> is used to |
| 2706 |
schedule jobs to be executed at a specific time, and is an important tool for |
| 2707 |
any system administrator. |
| 2708 |
</p> |
| 2709 |
|
| 2710 |
<p> |
| 2711 |
On the next page, you'll find a number of resources that you will find helpful |
| 2712 |
in learning more about the subjects presented in this tutorial. |
| 2713 |
</p> |
| 2714 |
|
| 2715 |
</body> |
| 2716 |
</section> |
| 2717 |
<section> |
| 2718 |
<title>Resources</title> |
| 2719 |
<body> |
| 2720 |
|
| 2721 |
<p> |
| 2722 |
To find out more about quota support under Linux, be sure to check out the <uri |
| 2723 |
link="http://en.tldp.org/HOWTO/Quota.html">Linux Quota mini-HOWTO</uri>. Also |
| 2724 |
be sure to consult the quota(1), edquota(8), repquota(8), quotacheck(8), and |
| 2725 |
quotaon(8) man pages on your system. |
| 2726 |
</p> |
| 2727 |
|
| 2728 |
<p> |
| 2729 |
Additional information to the system boot process and boot loaders can be found |
| 2730 |
at: |
| 2731 |
</p> |
| 2732 |
|
| 2733 |
<ul> |
| 2734 |
<li> |
| 2735 |
IBM developerWorks' <uri |
| 2736 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxgrub-i.html">Getting |
| 2737 |
to know GRUB</uri> tutorial |
| 2738 |
</li> |
| 2739 |
<li><uri link="http://en.tldp.org/HOWTO/LILO.html">LILO Mini-HOWTO</uri></li> |
| 2740 |
<li><uri link="http://www.gnu.org/software/grub/">GRUB home</uri></li> |
| 2741 |
<li> |
| 2742 |
Kernel command-line options in |
| 2743 |
<path>/usr/src/linux/Documentation/kernel-parameters.txt</path> |
| 2744 |
</li> |
| 2745 |
<li> |
| 2746 |
<uri |
| 2747 |
link="http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-init-boot-shutdown-init.html">Sysvinit |
| 2748 |
docs at Redhat</uri>. |
| 2749 |
</li> |
| 2750 |
</ul> |
| 2751 |
|
| 2752 |
<p> |
| 2753 |
To learn more about Linux filesystems, read the multi-part advanced filesystem |
| 2754 |
implementor's guide on the IBM developerWorks Linux zone, covering: |
| 2755 |
</p> |
| 2756 |
|
| 2757 |
<ul> |
| 2758 |
<li> |
| 2759 |
<uri link="http://www-106.ibm.com/developerworks/library/l-fs.html">The |
| 2760 |
benefits of journalling and ReiserFS (Part 1)</uri> |
| 2761 |
</li> |
| 2762 |
<li> |
| 2763 |
<uri |
| 2764 |
link="http://www-106.ibm.com/developerworks/library/l-fs2.html">Setting up |
| 2765 |
a ReiserFS system (Part 2)</uri> |
| 2766 |
</li> |
| 2767 |
<li> |
| 2768 |
<uri link="http://www-106.ibm.com/developerworks/library/l-fs3.html">Using |
| 2769 |
the tmpfs virtual memory filesystem and bind mounts (Part 3)</uri> |
| 2770 |
</li> |
| 2771 |
<li> |
| 2772 |
<uri link="http://www-106.ibm.com/developerworks/library/l-fs4.html">The |
| 2773 |
benefits of devfs, the device management filesystem (Part 4)</uri> |
| 2774 |
</li> |
| 2775 |
<li> |
| 2776 |
<uri |
| 2777 |
link="http://www-106.ibm.com/developerworks/library/l-fs5.html">Beginning |
| 2778 |
the conversion to devfs (Part 5)</uri> |
| 2779 |
</li> |
| 2780 |
<li> |
| 2781 |
<uri |
| 2782 |
link="http://www-106.ibm.com/developerworks/linux/library/l-fs6/">Completing |
| 2783 |
the conversion to devfs using an init wrapper (Part 6)</uri> |
| 2784 |
</li> |
| 2785 |
<li> |
| 2786 |
<uri |
| 2787 |
link="/doc/en/articles/afig-ct-ext3-intro.xml">The |
| 2788 |
benefits of the ext3 filesystem (Part 7)</uri> |
| 2789 |
</li> |
| 2790 |
<li> |
| 2791 |
<uri link="/doc/en/articles/l-afig-p8.xml">An in-depth |
| 2792 |
look at ext3 and the latest kernel updates (Part 8)</uri> |
| 2793 |
</li> |
| 2794 |
<li> |
| 2795 |
<uri |
| 2796 |
link="http://www-106.ibm.com/developerworks/linux/library/l-fs9.html">An |
| 2797 |
introduction to XFS (Part 9)</uri>. |
| 2798 |
</li> |
| 2799 |
</ul> |
| 2800 |
|
| 2801 |
<p> |
| 2802 |
For more information on partitioning, take a look at the following partitioning |
| 2803 |
tips on the IBM developerWorks Linux zone: |
| 2804 |
</p> |
| 2805 |
|
| 2806 |
<ul> |
| 2807 |
<li> |
| 2808 |
<uri link="/doc/en/articles/partition-planning-tips.xml">Partition planning |
| 2809 |
tips</uri> |
| 2810 |
</li> |
| 2811 |
<li> |
| 2812 |
<uri link="/doc/en/articles/partitioning-p1.xml">Partitioning in action, |
| 2813 |
Part 1</uri> |
| 2814 |
</li> |
| 2815 |
<li> |
| 2816 |
<uri link="/doc/en/articles/partitioning-p2.xml">Partitioning in action, |
| 2817 |
Part 2</uri>. |
| 2818 |
</li> |
| 2819 |
</ul> |
| 2820 |
|
| 2821 |
<p> |
| 2822 |
ReiserFS Resources: |
| 2823 |
</p> |
| 2824 |
|
| 2825 |
<ul> |
| 2826 |
<li><uri link="http://www.namesys.com/">The home of ReiserFS</uri></li> |
| 2827 |
<li> |
| 2828 |
<uri |
| 2829 |
link="http://www-106.ibm.com/developerworks/library/l-fs.html">Advanced |
| 2830 |
filesystem implementor's guide, Part 1: Journalling and ReiserFS on |
| 2831 |
developerWorks</uri> |
| 2832 |
</li> |
| 2833 |
<li> |
| 2834 |
<uri |
| 2835 |
link="http://www-106.ibm.com/developerworks/library/l-fs2.html">Advanced |
| 2836 |
filesystem implementor's guide, Part 2: Using ReiserFS and Linux 2.4 on |
| 2837 |
developerWorks</uri>. |
| 2838 |
</li> |
| 2839 |
</ul> |
| 2840 |
|
| 2841 |
<p> |
| 2842 |
ext3 resources: |
| 2843 |
</p> |
| 2844 |
|
| 2845 |
<ul> |
| 2846 |
<li> |
| 2847 |
<uri link="http://www.zip.com.au/~akpm/linux/ext3/">Andrew Morton's ext3 |
| 2848 |
page</uri> |
| 2849 |
</li> |
| 2850 |
<li> |
| 2851 |
<uri link="http://www.zip.com.au/~akpm/linux/ext3/ext3-usage.html">Andrew |
| 2852 |
Morton's excellent ext3 usage documentation (recommended).</uri> |
| 2853 |
</li> |
| 2854 |
</ul> |
| 2855 |
|
| 2856 |
<p> |
| 2857 |
XFS and JFS resources: |
| 2858 |
</p> |
| 2859 |
|
| 2860 |
<ul> |
| 2861 |
<li> |
| 2862 |
<uri link="http://oss.sgi.com/projects/xfs">SGI XFS projects page</uri> |
| 2863 |
</li> |
| 2864 |
<li> |
| 2865 |
The IBM <uri |
| 2866 |
link="http://www-124.ibm.com/developerworks/oss/jfs/index.html">JFS project |
| 2867 |
Web site</uri>. |
| 2868 |
</li> |
| 2869 |
</ul> |
| 2870 |
|
| 2871 |
<p> |
| 2872 |
Don't forget <uri link="http://en.tldp.org/">linuxdoc.org</uri>. You'll find |
| 2873 |
linuxdoc's collection of guides, HOWTOs, FAQs, and man pages to be invaluable. |
| 2874 |
Be sure to check out <uri link="http://en.tldp.org/LDP/LG/current/">Linux |
| 2875 |
Gazette</uri> and <uri |
| 2876 |
link="http://en.tldp.org/linuxfocus/index.html">LinuxFocus</uri> as well. |
| 2877 |
</p> |
| 2878 |
|
| 2879 |
<p> |
| 2880 |
The Linux System Administrators guide, available from <uri |
| 2881 |
link="http://en.tldp.org/guides.html">Linuxdoc.org's "Guides" section</uri>, is |
| 2882 |
a good complement to this series of tutorials -- give it a read! You may also |
| 2883 |
find Eric S. Raymond's <uri |
| 2884 |
link="http://en.tldp.org/HOWTO/Unix-and-Internet-Fundamentals-HOWTO/">Unix and |
| 2885 |
Internet Fundamentals HOWTO</uri> to be helpful. |
| 2886 |
</p> |
| 2887 |
|
| 2888 |
<p> |
| 2889 |
In the Bash by example article series on developerWorks, Daniel shows you how |
| 2890 |
to use bash programming constructs to write your own bash scripts. This bash |
| 2891 |
series (particularly Parts 1 and 2) will be excellent additional preparation |
| 2892 |
for the LPIC Level 1 exam: |
| 2893 |
</p> |
| 2894 |
|
| 2895 |
<ul> |
| 2896 |
<li> |
| 2897 |
<uri |
| 2898 |
link="http://www.gentoo.org/doc/en/articles/bash-by-example-p1.xml">Bash by |
| 2899 |
example, part 1: Fundamental programming in the Bourne-again shell</uri> |
| 2900 |
</li> |
| 2901 |
<li> |
| 2902 |
<uri |
| 2903 |
link="http://www.gentoo.org/doc/en/articles/bash-by-example-p2.xml">Bash by |
| 2904 |
example, part 2: More bash programming fundamentals</uri> |
| 2905 |
</li> |
| 2906 |
<li> |
| 2907 |
<uri |
| 2908 |
link="http://www.gentoo.org/doc/en/articles/bash-by-example-p3.xml">Bash by |
| 2909 |
example, part 3: Exploring the ebuild system.</uri> |
| 2910 |
</li> |
| 2911 |
</ul> |
| 2912 |
|
| 2913 |
<p> |
| 2914 |
We highly recommend the <uri |
| 2915 |
link="http://www-106.ibm.com/developerworks/linux/library/l-faq/">Technical FAQ |
| 2916 |
by Linux Users</uri> by Mark Chapman, a 50-page in-depth list of |
| 2917 |
frequently-asked Linux questions, along with detailed answers. The FAQ itself |
| 2918 |
is in PDF (Adobe Acrobat) format. If you're a beginning or intermediate Linux |
| 2919 |
user, you really owe it to yourself to check this FAQ out. We also recommend |
| 2920 |
the <uri |
| 2921 |
link="http://www-106.ibm.com/developerworks/linux/library/l-gloss/index.html">Linux |
| 2922 |
glossary for Linux users</uri>, also from Mark. |
| 2923 |
</p> |
| 2924 |
|
| 2925 |
<p> |
| 2926 |
If you're not familiar with the vi editor, we strongly recommend that you check |
| 2927 |
out Daniel's <uri |
| 2928 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxvi-i.html">Vi intro |
| 2929 |
-- the cheat sheet method tutorial</uri>. This tutorial will give you a gentle |
| 2930 |
yet fast-paced introduction to this powerful text editor. Consider this |
| 2931 |
must-read material if you don't know how to use vi. |
| 2932 |
</p> |
| 2933 |
|
| 2934 |
</body> |
| 2935 |
</section> |
| 2936 |
<section> |
| 2937 |
<title>Feedback</title> |
| 2938 |
<body> |
| 2939 |
|
| 2940 |
<p> |
| 2941 |
Please send any tutorial feedback you may have to the authors: |
| 2942 |
</p> |
| 2943 |
|
| 2944 |
<ul> |
| 2945 |
<li>Daniel Robbins, at <mail>drobbins@g.o</mail></li> |
| 2946 |
<li>Chris Houser, at <mail>chouser@g.o</mail></li> |
| 2947 |
<li>Aron Griffis, at <mail>agriffis@g.o</mail>.</li> |
| 2948 |
</ul> |
| 2949 |
|
| 2950 |
</body> |
| 2951 |
</section> |
| 2952 |
</chapter> |
| 2953 |
</guide> |
| 2954 |
|
| 2955 |
|
| 2956 |
|
| 2957 |
1.1 xml/htdocs/doc/en/articles/lpi-101-intermediate-p3.xml |
| 2958 |
|
| 2959 |
file : http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/lpi-101-intermediate-p3.xml?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=gentoo |
| 2960 |
plain: http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/doc/en/articles/lpi-101-intermediate-p3.xml?rev=1.1&content-type=text/plain&cvsroot=gentoo |
| 2961 |
|
| 2962 |
Index: lpi-101-intermediate-p3.xml |
| 2963 |
=================================================================== |
| 2964 |
<?xml version="1.0" encoding="UTF-8"?> |
| 2965 |
<!DOCTYPE guide SYSTEM "/dtd/guide.dtd"> |
| 2966 |
<!-- $Header: /var/cvsroot/gentoo/xml/htdocs/doc/en/articles/lpi-101-intermediate-p3.xml,v 1.1 2006/01/01 09:01:19 rane Exp $ --> |
| 2967 |
|
| 2968 |
<guide link="/doc/en/articles/lpi-101-intermediate-p3.xml" disclaimer="articles"> |
| 2969 |
<title>LPI certification 101 (release 2) exam prep, Part 2</title> |
| 2970 |
|
| 2971 |
<author title="Author"> |
| 2972 |
<mail link="drobbins@g.o">Daniel Robbins</mail> |
| 2973 |
</author> |
| 2974 |
<author title="Author"> |
| 2975 |
<mail link="chouser@g.o">Chris Houser</mail> |
| 2976 |
</author> |
| 2977 |
<author title="Author"> |
| 2978 |
<mail link="agriffis@g.o">Aron Griffis</mail> |
| 2979 |
</author> |
| 2980 |
|
| 2981 |
<abstract> |
| 2982 |
In this tutorial we'll introduce you the Linux system documentation. We will |
| 2983 |
teach you how to change permissions and how to manage with Linux accounts. At |
| 2984 |
the end you'll learn how to tune your enviroment. |
| 2985 |
</abstract> |
| 2986 |
|
| 2987 |
<!-- The original version of this article was first published on IBM |
| 2988 |
developerWorks, and is property of Westtech Information Services. This |
| 2989 |
document is an updated version of the original article, and contains |
| 2990 |
various improvements made by the Gentoo Linux Documentation team --> |
| 2991 |
|
| 2992 |
<version>1.0</version> |
| 2993 |
<date>2005-12-11</date> |
| 2994 |
|
| 2995 |
<chapter> |
| 2996 |
<title>Befor You Start</title> |
| 2997 |
<section> |
| 2998 |
<title>About this tutorial</title> |
| 2999 |
<body> |
| 3000 |
|
| 3001 |
<p> |
| 3002 |
Welcome to "Intermediate administration," the third of four tutorials designed |
| 3003 |
to prepare you for the Linux Professional Institute's 101 (release 2) exam. |
| 3004 |
This tutorial (Part 3) is ideal for those who want to improve their knowledge |
| 3005 |
of fundamental Linux administration skills. We'll cover a variety of topics, |
| 3006 |
including system and Internet documentation, the Linux permissions model, user |
| 3007 |
account management, and login environment tuning. |
| 3008 |
</p> |
| 3009 |
|
| 3010 |
<p> |
| 3011 |
If you are new to Linux, we recommend that you start with <uri |
| 3012 |
link="/doc/en/articles/lpi-101-fundamentals-p1.xml">Part 1</uri> and <uri |
| 3013 |
link="/doc/en/articles/lpi-101-administration-p2.xml">Part 2</uri>. For some, |
| 3014 |
much of this material will be new, but more experienced Linux users may |
| 3015 |
find this tutorial to be a great way of "rounding out" their foundational Linux |
| 3016 |
system administration skills. |
| 3017 |
</p> |
| 3018 |
|
| 3019 |
<p> |
| 3020 |
By the end of this series of tutorials (eight in all covering the LPI 101 and |
| 3021 |
102 exams), you will have the knowledge you need to become a Linux Systems |
| 3022 |
Administrator and will be ready to attain an LPIC Level 1 certification from |
| 3023 |
the Linux Professional Institute if you so choose. |
| 3024 |
</p> |
| 3025 |
|
| 3026 |
<p> |
| 3027 |
For those who have taken the <uri |
| 3028 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxlpi3-i.html">release |
| 3029 |
1 version</uri> of this tutorial for reasons other than LPI exam preparation, |
| 3030 |
you probably don't need to take this one. However, if you do plan to take the |
| 3031 |
exams, you should strongly consider reading this revised tutorial. |
| 3032 |
</p> |
| 3033 |
|
| 3034 |
</body> |
| 3035 |
</section> |
| 3036 |
<section> |
| 3037 |
<title>About the authors</title> |
| 3038 |
<body> |
| 3039 |
|
| 3040 |
<p> |
| 3041 |
For technical questions about the content of this tutorial, contact the |
| 3042 |
authors: |
| 3043 |
</p> |
| 3044 |
|
| 3045 |
<ul> |
| 3046 |
<li>Daniel Robbins, at <mail>drobbins@g.o</mail></li> |
| 3047 |
<li>Chris Houser, at <mail>chouser@g.o</mail></li> |
| 3048 |
<li>Aron Griffis, at<mail>agriffis@g.o</mail>.</li> |
| 3049 |
</ul> |
| 3050 |
|
| 3051 |
<p> |
| 3052 |
Residing in Albuquerque, New Mexico, Daniel Robbins is the Chief Architect of |
| 3053 |
<uri link="http://www.gentoo.org/">Gentoo Linux</uri> an advanced ports-based |
| 3054 |
Linux metadistribution. Besides writing articles, tutorials, and tips for the |
| 3055 |
developerWorks Linux zone and Intel Developer Services, he has also served as a |
| 3056 |
contributing author for several books, including Samba Unleashed and SuSE Linux |
| 3057 |
Unleashed. Daniel enjoys spending time with his wife, Mary, and his daughter, |
| 3058 |
Hadassah. You can contact Daniel at <mail>drobbins@g.o</mail>. |
| 3059 |
</p> |
| 3060 |
|
| 3061 |
<p> |
| 3062 |
Chris Houser, known to his friends as "Chouser," has been a UNIX proponent |
| 3063 |
since 1994 when he joined the administration team for the computer science |
| 3064 |
network at Taylor University in Indiana, where he earned his Bachelor's degree |
| 3065 |
in Computer Science and Mathematics. Since then, he has gone on to work in Web |
| 3066 |
application programming, user interface design, professional video software |
| 3067 |
support, and now Tru64 UNIX device driver programming at <uri |
| 3068 |
link="http://www.compaq.com/">Compaq</uri>. He has also contributed to various |
| 3069 |
free software projects, most recently to <uri |
| 3070 |
link="http://www.gentoo.org/">Gentoo Linux</uri>). He lives with his wife and |
| 3071 |
two cats in New Hampshire. You can contact Chris at |
| 3072 |
<mail>chouser@g.o</mail>. |
| 3073 |
</p> |
| 3074 |
|
| 3075 |
<p> |
| 3076 |
Aron Griffis graduated from Taylor University with a degree in Computer Science |
| 3077 |
and an award that proclaimed, "Future Founder of a Utopian UNIX Commune." |
| 3078 |
Working towards that goal, Aron is employed by <uri |
| 3079 |
link="http://www.compaq.com/">Compaq</uri> writing network drivers for Tru64 |
| 3080 |
UNIX, and spending his spare time plunking out tunes on the piano or developing |
| 3081 |
<uri link="http://www.gentoo.org/">Gentoo Linux</uri>. He lives with his wife |
| 3082 |
Amy (also a UNIX engineer) in Nashua, New Hampshire. |
| 3083 |
</p> |
| 3084 |
|
| 3085 |
</body> |
| 3086 |
</section> |
| 3087 |
</chapter> |
| 3088 |
|
| 3089 |
<chapter> |
| 3090 |
<title>System and network documentation</title> |
| 3091 |
<section> |
| 3092 |
<title>Types of Linux system documentation</title> |
| 3093 |
<body> |
| 3094 |
|
| 3095 |
<p> |
| 3096 |
There are essentially three sources of documentation on a Linux system: manual |
| 3097 |
pages, info pages, and application-bundled documentation in |
| 3098 |
<path>/usr/share/doc</path>. In this section, we'll explore each of these |
| 3099 |
sources before looking "outside the box" for more information. |
| 3100 |
</p> |
| 3101 |
|
| 3102 |
</body> |
| 3103 |
</section> |
| 3104 |
<section> |
| 3105 |
<title>Manual pages</title> |
| 3106 |
<body> |
| 3107 |
|
| 3108 |
<p> |
| 3109 |
Manual pages, or "man pages", are the classic form of UNIX and Linux reference |
| 3110 |
documentation. Ideally, you can look up the man page for any command, |
| 3111 |
configuration file, or library routine. In practice, Linux is free software, |
| 3112 |
and some pages haven't been written or are showing their age. Nonetheless, man |
| 3113 |
pages are the first place to look when you need help. |
| 3114 |
</p> |
| 3115 |
|
| 3116 |
<p> |
| 3117 |
To access a man page, simply type <c>man</c> followed by your topic of inquiry. |
| 3118 |
A pager will be started, so you will need to press <c>q</c> when you're done |
| 3119 |
reading. For example, to look up information about the <c>ls</c> command, you |
| 3120 |
would type: |
| 3121 |
</p> |
| 3122 |
|
| 3123 |
<pre caption="Searching in man page"> |
| 3124 |
$ <i>man ls</i> |
| 3125 |
</pre> |
| 3126 |
|
| 3127 |
<p> |
| 3128 |
Knowing the layout of a man page can be helpful to jump quickly to the |
| 3129 |
information you need. In general, you will find the following sections in a |
| 3130 |
<c>man</c> page: |
| 3131 |
</p> |
| 3132 |
|
| 3133 |
<table> |
| 3134 |
<tr> |
| 3135 |
<ti>NAME</ti> |
| 3136 |
<ti>Name and one-line description of the command</ti> |
| 3137 |
</tr> |
| 3138 |
<tr> |
| 3139 |
<ti>SYNOPSIS</ti> |
| 3140 |
<ti>How to use the command</ti> |
| 3141 |
</tr> |
| 3142 |
<tr> |
| 3143 |
<ti>DESCRIPTION</ti> |
| 3144 |
<ti>In-depth discussion on the functionality of the command</ti> |
| 3145 |
</tr> |
| 3146 |
<tr> |
| 3147 |
<ti>EXAMPLES</ti> |
| 3148 |
<ti>Suggestions for how to use the command</ti> |
| 3149 |
</tr> |
| 3150 |
<tr> |
| 3151 |
<ti>SEE ALSO</ti> |
| 3152 |
<ti>Related topics (usually man pages)</ti> |
| 3153 |
</tr> |
| 3154 |
</table> |
| 3155 |
|
| 3156 |
</body> |
| 3157 |
</section> |
| 3158 |
<section> |
| 3159 |
<title>man page sections</title> |
| 3160 |
<body> |
| 3161 |
|
| 3162 |
<p> |
| 3163 |
The files that comprise manual pages are stored in <path>/usr/share/man</path> |
| 3164 |
(or in <path>/usr/man</path> on some older systems). Inside that directory, you |
| 3165 |
will find that the manual pages are organized into the following sections: |
| 3166 |
</p> |
| 3167 |
|
| 3168 |
<table> |
| 3169 |
<tr> |
| 3170 |
<ti>man1</ti> |
| 3171 |
<ti>User programs</ti> |
| 3172 |
</tr> |
| 3173 |
<tr> |
| 3174 |
<ti>man2</ti> |
| 3175 |
<ti>System calls</ti> |
| 3176 |
</tr> |
| 3177 |
<tr> |
| 3178 |
<ti>man3</ti> |
| 3179 |
<ti>Library functions</ti> |
| 3180 |
</tr> |
| 3181 |
<tr> |
| 3182 |
<ti>man4</ti> |
| 3183 |
<ti>Special files</ti> |
| 3184 |
</tr> |
| 3185 |
<tr> |
| 3186 |
<ti>man5</ti> |
| 3187 |
<ti>File formats</ti> |
| 3188 |
</tr> |
| 3189 |
<tr> |
| 3190 |
<ti>man6</ti> |
| 3191 |
<ti>Games</ti> |
| 3192 |
</tr> |
| 3193 |
<tr> |
| 3194 |
<ti>man7</ti> |
| 3195 |
<ti>Miscellaneous</ti> |
| 3196 |
</tr> |
| 3197 |
</table> |
| 3198 |
|
| 3199 |
</body> |
| 3200 |
</section> |
| 3201 |
<section> |
| 3202 |
<title>Multiple man pages</title> |
| 3203 |
<body> |
| 3204 |
|
| 3205 |
<p> |
| 3206 |
Some topics exist in more than one section. To demonstrate this, let's use the |
| 3207 |
<c>whatis</c> command, which shows all the available man pages for a topic: |
| 3208 |
</p> |
| 3209 |
|
| 3210 |
<pre caption="Using whatis command"> |
| 3211 |
$ <i>whatis printf</i> |
| 3212 |
printf (1) - format and print data |
| 3213 |
printf (3) - formatted output conversion |
| 3214 |
</pre> |
| 3215 |
|
| 3216 |
<p> |
| 3217 |
In this case, <c>man printf</c> would default to the page in section 1 ("User |
| 3218 |
Programs"). If we were writing a C program, we might be more interested in the |
| 3219 |
page from section 3 ("Library functions"). You can call up a man page from a |
| 3220 |
certain section by specifying it on the command line, so to ask for |
| 3221 |
<e>printf(3)</e>, we would type: |
| 3222 |
</p> |
| 3223 |
|
| 3224 |
<pre caption="Specifying section in man command"> |
| 3225 |
$ <i>man 3 printf</i> |
| 3226 |
</pre> |
| 3227 |
|
| 3228 |
</body> |
| 3229 |
</section> |
| 3230 |
<section> |
| 3231 |
<title>Finding the right man page</title> |
| 3232 |
<body> |
| 3233 |
|
| 3234 |
<p> |
| 3235 |
Sometimes it's hard to find the right man page for a given topic. In that case, |
| 3236 |
you might try using <c>man -k</c> to search the NAME section of the man pages. |
| 3237 |
Be warned that it's a substring search, so running something like <c>man -k |
| 3238 |
ls</c> will give you a lot of output! Here's an example using a more specific |
| 3239 |
query: |
| 3240 |
</p> |
| 3241 |
|
| 3242 |
<pre caption="Searching man using man -k command"> |
| 3243 |
$ <i>man -k whatis</i> |
| 3244 |
apropos (1) - search the whatis database for strings |
| 3245 |
makewhatis (8) - Create the whatis database |
| 3246 |
whatis (1) - search the whatis database for complete words |
| 3247 |
</pre> |
| 3248 |
|
| 3249 |
</body> |
| 3250 |
</section> |
| 3251 |
<section> |
| 3252 |
<title>All about apropos</title> |
| 3253 |
<body> |
| 3254 |
|
| 3255 |
<p> |
| 3256 |
The example on the previous panel brings up a few more points. First, the |
| 3257 |
<c>apropos</c> command is exactly equivalent to <c>man -k</c>. (In fact, I'll |
| 3258 |
let you in on a little secret. When you run <c>man -k</c>, it actually runs |
| 3259 |
<c>apropos</c> behind the scenes.) The second point is the <c>makewhatis</c> |
| 3260 |
command, which scans all the man pages on your Linux system and builds the |
| 3261 |
database for <c>whatis</c> and <c>apropos</c>. Usually this is run periodically |
| 3262 |
by root to keep the database updated: |
| 3263 |
</p> |
| 3264 |
|
| 3265 |
<pre caption="Building whatis and apropos database"> |
| 3266 |
# <i>makewhatis</i> |
| 3267 |
</pre> |
| 3268 |
|
| 3269 |
<p> |
| 3270 |
For more information on "man" and friends, you should start with its man page: |
| 3271 |
</p> |
| 3272 |
|
| 3273 |
<pre caption="Starting man page for man"> |
| 3274 |
$ <i>man man</i> |
| 3275 |
</pre> |
| 3276 |
|
| 3277 |
</body> |
| 3278 |
</section> |
| 3279 |
<section> |
| 3280 |
<title>The MANPATH</title> |
| 3281 |
<body> |
| 3282 |
|
| 3283 |
<p> |
| 3284 |
By default, the <c>man</c> program will look for man pages in |
| 3285 |
<path>/usr/share/man</path>, <path>/usr/local/man</path>, |
| 3286 |
<path>/usr/X11R6/man</path>, and possibly <path>/opt/man</path>. Sometimes, you |
| 3287 |
may find that you need to add an additional item to this search path. If so, |
| 3288 |
simply edit <path>/etc/man.conf</path> in a text editor and add a line that |
| 3289 |
looks like this: |
| 3290 |
</p> |
| 3291 |
|
| 3292 |
<pre caption="/etc/man.conf"> |
| 3293 |
MANPATH /opt/man |
| 3294 |
</pre> |
| 3295 |
|
| 3296 |
<p> |
| 3297 |
>From that point forward, any man pages in the <path>/opt/man/man*</path> |
| 3298 |
directories will be found. Remember that you'll need to rerun <c>makewhatis</c> |
| 3299 |
to add these new man pages to the whatis database. |
| 3300 |
</p> |
| 3301 |
|
| 3302 |
</body> |
| 3303 |
</section> |
| 3304 |
<section> |
| 3305 |
<title>GNU info</title> |
| 3306 |
<body> |
| 3307 |
|
| 3308 |
<p> |
| 3309 |
One shortcoming of man pages is that they don't support hypertext, so you can't |
| 3310 |
jump easily from one to another. The GNU folks recognized this shortcoming, so |
| 3311 |
they invented another documentation format: "info" pages. Many of the GNU |
| 3312 |
programs come with extensive documentation in the form of info pages. You can |
| 3313 |
start reading info pages with the <c>info</c> command: |
| 3314 |
</p> |
| 3315 |
|
| 3316 |
<pre caption="Using info command"> |
| 3317 |
$ <i>info</i> |
| 3318 |
</pre> |
| 3319 |
|
| 3320 |
<p> |
| 3321 |
Calling <c>info</c> in this way will bring up an index of the available pages |
| 3322 |
on the system. You can move around with the arrow keys, follow links (indicated |
| 3323 |
with a star) using the Enter key, and quit by pressing <c>q</c>. The keys are |
| 3324 |
based on Emacs, so you should be able to navigate easily if you're familiar |
| 3325 |
with that editor. For an intro to the Emacs editor, see the developerWorks |
| 3326 |
tutorial, <uri |
| 3327 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxemacs-i.html">Living |
| 3328 |
in Emacs</uri>. |
| 3329 |
</p> |
| 3330 |
|
| 3331 |
<p> |
| 3332 |
You can also specify an info page on the command line: |
| 3333 |
</p> |
| 3334 |
|
| 3335 |
<pre caption="Specifying info command"> |
| 3336 |
$ <i>info diff</i> |
| 3337 |
</pre> |
| 3338 |
|
| 3339 |
<p> |
| 3340 |
For more information on using the <c>info</c> reader, try reading its info |
| 3341 |
page. You should be able to navigate primitively using the few keys I've |
| 3342 |
already mentioned: |
| 3343 |
</p> |
| 3344 |
|
| 3345 |
<pre caption="Reading info info page"> |
| 3346 |
$ <i>info info</i> |
| 3347 |
</pre> |
| 3348 |
|
| 3349 |
</body> |
| 3350 |
</section> |
| 3351 |
<section> |
| 3352 |
<title>/usr/share/doc</title> |
| 3353 |
<body> |
| 3354 |
|
| 3355 |
<p> |
| 3356 |
There is a final source for help within your Linux system. Many programs are |
| 3357 |
shipped with additional documentation in other formats: text, PDF, PostScript, |
| 3358 |
HTML, to name a few. Take a look in <path>usr/share/doc</path> (or |
| 3359 |
<path>/usr/doc</path> on older systems). You'll find a long list of |
| 3360 |
directories, each of which came with a certain application on your system. |
| 3361 |
Searching through this documentation can often reveal some gems that aren't |
| 3362 |
available as man pages or info pages, such as tutorials or additional technical |
| 3363 |
documentation. A quick check reveals there's a lot of reading material |
| 3364 |
available: |
| 3365 |
</p> |
| 3366 |
|
| 3367 |
<pre caption="/usr/share/doc/"> |
| 3368 |
$ <i>cd /usr/share/doc</i> |
| 3369 |
$ <i>find . -type f | wc -l</i> |
| 3370 |
7582 |
| 3371 |
</pre> |
| 3372 |
|
| 3373 |
<p> |
| 3374 |
Whew! Your homework this evening is to read just half (3791) of those |
| 3375 |
documents. Expect a quiz tomorrow. ;-) |
| 3376 |
</p> |
| 3377 |
|
| 3378 |
</body> |
| 3379 |
</section> |
| 3380 |
<section> |
| 3381 |
<title>The Linux Documentation Project</title> |
| 3382 |
<body> |
| 3383 |
|
| 3384 |
<p> |
| 3385 |
In addition to system documentation, there are a number of excellent Linux |
| 3386 |
resources on the Internet. The <uri link="http://www.tldp.org/">Linux |
| 3387 |
Documentation Project</uri> is a group of volunteers who are working on putting |
| 3388 |
together the complete set of free Linux documentation. This project exists to |
| 3389 |
consolidate various pieces of Linux documentation into a location that is easy |
| 3390 |
to search and use. |
| 3391 |
</p> |
| 3392 |
|
| 3393 |
</body> |
| 3394 |
</section> |
| 3395 |
<section> |
| 3396 |
<title>An LDP overview</title> |
| 3397 |
<body> |
| 3398 |
|
| 3399 |
<p> |
| 3400 |
The LDP is made up of the following areas: |
| 3401 |
</p> |
| 3402 |
|
| 3403 |
<ul> |
| 3404 |
<li> |
| 3405 |
Guides - longer, more in-depth books, such as <uri |
| 3406 |
link="http://www.tldp.org/LDP/lpg/index.html">The Linux Programmer's |
| 3407 |
Guide</uri> |
| 3408 |
</li> |
| 3409 |
<li> |
| 3410 |
HOWTOs - subject-specific help, such as the <uri |
| 3411 |
link="http://www.tldp.org/HOWTO/DSL-HOWTO/index.html">DSL HOWTO</uri> |
| 3412 |
</li> |
| 3413 |
<li> |
| 3414 |
FAQs - Frequently Asked Questions with answers, such as the <uri |
| 3415 |
link="http://www.tldp.org/FAQ/faqs/BLFAQ">Brief Linux FAQ</uri> |
| 3416 |
</li> |
| 3417 |
<li> |
| 3418 |
Man pages - help on individual commands (these are the same manual pages |
| 3419 |
you get on your Linux system when you use the <c>man</c> command). |
| 3420 |
</li> |
| 3421 |
</ul> |
| 3422 |
|
| 3423 |
<p> |
| 3424 |
If you aren't sure which section to peruse, you can take advantage of the |
| 3425 |
search box, which allows you to find things by topic. |
| 3426 |
</p> |
| 3427 |
|
| 3428 |
<p> |
| 3429 |
The LDP additionally provides a list of Links and Resources such as <uri |
| 3430 |
link="http://www.tldp.org/LDP/LG/current/">Linux Gazette</uri> (see links in |
| 3431 |
<uri link="#resources">Resources</uri>) and <uri |
| 3432 |
link="http://www.tldp.org/linuxfocus/index.html">LinuxFocus</uri>, as well |
| 3433 |
links to mailing lists and news archives. |
| 3434 |
</p> |
| 3435 |
|
| 3436 |
</body> |
| 3437 |
</section> |
| 3438 |
<section> |
| 3439 |
<title>Mailing lists</title> |
| 3440 |
<body> |
| 3441 |
|
| 3442 |
<p> |
| 3443 |
Mailing lists provide probably the most important point of collaboration for |
| 3444 |
Linux developers. Often projects are developed by contributors who live far |
| 3445 |
apart, possibly even on opposite sides of the globe. Mailing lists provide a |
| 3446 |
method for each developer on a project to contact all the others, and to hold |
| 3447 |
group discussions via e-mail. One of the most famous development mailing lists |
| 3448 |
is the <uri link="http://www.tux.org/lkml/">Linux Kernel Mailing List</uri>. |
| 3449 |
</p> |
| 3450 |
|
| 3451 |
</body> |
| 3452 |
</section> |
| 3453 |
<section> |
| 3454 |
<title>More about mailing lists</title> |
| 3455 |
<body> |
| 3456 |
|
| 3457 |
<p> |
| 3458 |
In addition to development, mailing lists can provide a method for asking |
| 3459 |
questions and receiving answers from knowledgeable developers, or even other |
| 3460 |
users. For example, individual distributions often provide mailing lists for |
| 3461 |
newcomers. You can check your distribution's Web site for information on the |
| 3462 |
mailing lists it provides. |
| 3463 |
</p> |
| 3464 |
|
| 3465 |
<p> |
| 3466 |
If you took the time to read the LKML FAQ at the link on the previous panel, |
| 3467 |
you might have noticed that mailing list subscribers often don't take kindly to |
| 3468 |
questions being asked repeatedly. It's always wise to search the archives for a |
| 3469 |
given mailing list before writing your question. Chances are, it will save you |
| 3470 |
time, too! |
| 3471 |
</p> |
| 3472 |
|
| 3473 |
</body> |
| 3474 |
</section> |
| 3475 |
<section> |
| 3476 |
<title>Newsgroups</title> |
| 3477 |
<body> |
| 3478 |
|
| 3479 |
<p> |
| 3480 |
Internet "newsgroups" are similar to mailing lists, but are based on a protocol |
| 3481 |
called NNTP ("Network News Transfer Protocol") instead of e-mail. To |
| 3482 |
participate, you need to use an NNTP client such as <c>slrn</c> or <c>pan</c>. |
| 3483 |
The primary advantage is that you only take part in the discussion when you |
| 3484 |
want, instead of having it continually arrive in your inbox. :-) |
| 3485 |
</p> |
| 3486 |
|
| 3487 |
<p> |
| 3488 |
The newsgroups of primary interest start with comp.os.linux. You can browse the |
| 3489 |
<uri link="http://www.tldp.org/links/#ng">list on the LDP site</uri>. |
| 3490 |
</p> |
| 3491 |
|
| 3492 |
<p> |
| 3493 |
As with mailing lists, newsgroup discussion is often archived. A popular |
| 3494 |
newsgroup archiving site is <uri |
| 3495 |
link="http://groups.google.com/googlegroups/deja_announcement.html">Deja |
| 3496 |
News</uri>. |
| 3497 |
</p> |
| 3498 |
|
| 3499 |
</body> |
| 3500 |
</section> |
| 3501 |
<section> |
| 3502 |
<title>Vendor and third-party Web sites</title> |
| 3503 |
<body> |
| 3504 |
|
| 3505 |
<p> |
| 3506 |
Web sites for the various Linux distributions often provide updated |
| 3507 |
documentation, installation instructions, hardware |
| 3508 |
compatibility/incompatibility statements, and other support such as a knowledge |
| 3509 |
base search tool. For example: |
| 3510 |
</p> |
| 3511 |
|
| 3512 |
<ul> |
| 3513 |
<li><uri link="http://www.redhat.com/">Redhat Linux</uri></li> |
| 3514 |
<li><uri link="http://www.debian.org/">Debian Linux</uri></li> |
| 3515 |
<li><uri link="http://www.gentoo.org/">Gentoo Linux</uri></li> |
| 3516 |
<li><uri link="http://www.suse.com/">SuSE Linux</uri></li> |
| 3517 |
<li><uri link="http://www.caldera.com/">Caldera</uri></li> |
| 3518 |
<li><uri link="http://www.turbolinux.com/">Turbolinux</uri></li> |
| 3519 |
</ul> |
| 3520 |
|
| 3521 |
</body> |
| 3522 |
</section> |
| 3523 |
<section> |
| 3524 |
<title>Hardware and software vendors</title> |
| 3525 |
<body> |
| 3526 |
|
| 3527 |
<p> |
| 3528 |
Many hardware and software vendors have added Linux support to their products |
| 3529 |
in recent years. At their sites, you can find information about which hardware |
| 3530 |
supports Linux, software development tools, released sources, downloads of |
| 3531 |
Linux drivers for specific hardware, and other special Linux projects. For |
| 3532 |
example: |
| 3533 |
</p> |
| 3534 |
|
| 3535 |
<ul> |
| 3536 |
<li><uri link="http://www.ibm.com/linux/">IBM and Linux</uri></li> |
| 3537 |
<li> |
| 3538 |
<uri link="http://www.compaq.com/products/software/linux/">Compaq and |
| 3539 |
Linux</uri> |
| 3540 |
</li> |
| 3541 |
<li> |
| 3542 |
<uri link="http://www.sgi.com/developers/technology/linux/">SGI and |
| 3543 |
Linux</uri> |
| 3544 |
</li> |
| 3545 |
<li><uri link="http://www.hp.com/products1/linux/">HP and Linux</uri></li> |
| 3546 |
<li><uri link="http://www.sun.com/linux/">Sun and Linux</uri></li> |
| 3547 |
<li> |
| 3548 |
<uri link="http://technet.oracle.com/tech/linux/content.html">Oracle and |
| 3549 |
Linux</uri>. |
| 3550 |
</li> |
| 3551 |
</ul> |
| 3552 |
|
| 3553 |
</body> |
| 3554 |
</section> |
| 3555 |
<section> |
| 3556 |
<title>Developer resources</title> |
| 3557 |
<body> |
| 3558 |
|
| 3559 |
<p> |
| 3560 |
In addition, many hardware and software vendors have developed wonderful |
| 3561 |
resources for Linux developers and administrators. At the risk of sounding |
| 3562 |
self-promoting, one of the most valuable Linux resources run by a |
| 3563 |
hardware/software vendor is the <uri |
| 3564 |
link="http://www.ibm.com/developerworks/linux/">IBM developerWorks Linux |
| 3565 |
zone</uri>. |
| 3566 |
</p> |
| 3567 |
|
| 3568 |
</body> |
| 3569 |
</section> |
| 3570 |
</chapter> |
| 3571 |
|
| 3572 |
<chapter> |
| 3573 |
<title>The Linux permissions model</title> |
| 3574 |
<section> |
| 3575 |
<title>One user, one group</title> |
| 3576 |
<body> |
| 3577 |
|
| 3578 |
<p> |
| 3579 |
In this section, we'll take a look at the Linux permissions and ownership |
| 3580 |
model. We've already seen that every file is owned by one user and one group. |
| 3581 |
This is the very core of the permissions model in Linux. You can view the user |
| 3582 |
and group of a file in a <c>ls -l</c> listing: |
| 3583 |
</p> |
| 3584 |
|
| 3585 |
<pre caption="Listing files"> |
| 3586 |
$ <i>ls -l /bin/bash</i> |
| 3587 |
-rwxr-xr-x 1 root wheel 430540 Dec 23 18:27 /bin/bash |
| 3588 |
</pre> |
| 3589 |
|
| 3590 |
<p> |
| 3591 |
In this particular example, the <path>/bin/bash</path> executable is owned by |
| 3592 |
root and is in the wheel group. The Linux permissions model works by allowing |
| 3593 |
three independent levels of permission to be set for each filesystem object -- |
| 3594 |
those for the file's owner, the file's group, and all other users. |
| 3595 |
</p> |
| 3596 |
|
| 3597 |
</body> |
| 3598 |
</section> |
| 3599 |
<section> |
| 3600 |
<title>Understanding "ls -l"</title> |
| 3601 |
<body> |
| 3602 |
|
| 3603 |
<p> |
| 3604 |
Let's take a look at our <c>ls -l</c> output and inspect the first column of |
| 3605 |
the listing: |
| 3606 |
</p> |
| 3607 |
|
| 3608 |
<pre caption="Inspecting ls -l command"> |
| 3609 |
$ <i>ls -l /bin/bash</i> |
| 3610 |
-rwxr-xr-x 1 root wheel 430540 Dec 23 18:27 /bin/bash |
| 3611 |
</pre> |
| 3612 |
|
| 3613 |
<p> |
| 3614 |
This first field <e>-rwxr-xr-</e> contains a symbolic representation of this |
| 3615 |
particular files' permissions. The first character (-) in this field specifies |
| 3616 |
the type of this file, which in this case is a regular file. Other possible |
| 3617 |
first characters: |
| 3618 |
</p> |
| 3619 |
|
| 3620 |
<pre caption="First characters"> |
| 3621 |
'd' directory |
| 3622 |
'l' symbolic link |
| 3623 |
'c' character special device |
| 3624 |
'b' block special device |
| 3625 |
'p' fifo |
| 3626 |
's' socket |
| 3627 |
</pre> |
| 3628 |
|
| 3629 |
</body> |
| 3630 |
</section> |
| 3631 |
<section> |
| 3632 |
<title>Three triplets</title> |
| 3633 |
<body> |
| 3634 |
|
| 3635 |
<pre caption="ls -l /bin/bash"> |
| 3636 |
$ <i>ls -l /bin/bash</i> |
| 3637 |
-rwxr-xr-x 1 root wheel 430540 Dec 23 18:27 /bin/bash |
| 3638 |
</pre> |
| 3639 |
|
| 3640 |
<p> |
| 3641 |
The rest of the field consists of three character triplets. The first triplet |
| 3642 |
represents permissions for the owner of the file, the second represents |
| 3643 |
permissions for the file's group, and the third represents permissions for all |
| 3644 |
other users: |
| 3645 |
</p> |
| 3646 |
|
| 3647 |
<pre caption="Triplets in ls -l command"> |
| 3648 |
"rwx" |
| 3649 |
"r-x" |
| 3650 |
"r-x" |
| 3651 |
</pre> |
| 3652 |
|
| 3653 |
<p> |
| 3654 |
Above, the r means that reading (looking at the data in the file) is allowed, |
| 3655 |
the w means that writing (modifying the file, as well as deletion) is allowed, |
| 3656 |
and the x means that "execute" (running the program) is allowed. Putting |
| 3657 |
together all this information, we can see that everyone is able to read the |
| 3658 |
contents of and execute this file, but only the owner (root) is allowed to |
| 3659 |
modify this file in any way. So, while normal users can copy this file, only |
| 3660 |
root is allowed to update it or delete it. |
| 3661 |
</p> |
| 3662 |
|
| 3663 |
<p> |
| 3664 |
Above, the r means that reading (looking at the data in the file) is allowed, |
| 3665 |
the w means that writing (modifying the file, as well as deletion) is allowed, |
| 3666 |
and the x means that "execute" (running the program) is allowed. Putting |
| 3667 |
together all this information, we can see that everyone is able to read the |
| 3668 |
contents of and execute this file, but only the owner (root) is allowed to |
| 3669 |
modify this file in any way. So, while normal users can copy this file, only |
| 3670 |
root is allowed to update it or delete it. |
| 3671 |
</p> |
| 3672 |
|
| 3673 |
</body> |
| 3674 |
</section> |
| 3675 |
<section> |
| 3676 |
<title>Who am I?</title> |
| 3677 |
<body> |
| 3678 |
|
| 3679 |
<p> |
| 3680 |
Before we take a look at how to change the user and group ownership of a file, |
| 3681 |
let's first take a look at how to learn your current user id and group |
| 3682 |
membership. Unless you've used the <c>su</c> command recently, your current |
| 3683 |
user id is the one you used to log in to the system. If you use <c>su</c> |
| 3684 |
frequently, however, you may not remember your current effective user id. To |
| 3685 |
view it, type <c>whoami</c>: |
| 3686 |
</p> |
| 3687 |
|
| 3688 |
<pre caption="Using whoami command"> |
| 3689 |
# <i>whoami</i> |
| 3690 |
root |
| 3691 |
# <i>su drobbins</i> |
| 3692 |
$ <i>whoami</i> |
| 3693 |
drobbins |
| 3694 |
</pre> |
| 3695 |
|
| 3696 |
</body> |
| 3697 |
</section> |
| 3698 |
<section> |
| 3699 |
<title>What groups am I in?</title> |
| 3700 |
<body> |
| 3701 |
|
| 3702 |
<p> |
| 3703 |
To see what groups you belong to, use the <c>groups</c> command: |
| 3704 |
</p> |
| 3705 |
|
| 3706 |
<pre caption="Using groups command"> |
| 3707 |
$ <i>groups</i> |
| 3708 |
drobbins wheel audio |
| 3709 |
</pre> |
| 3710 |
|
| 3711 |
<p> |
| 3712 |
In the above example, I'm a member of the drobbins, wheel, and audio groups. |
| 3713 |
If you want to see what groups other user(s) are in, specify their usernames as |
| 3714 |
arguments: |
| 3715 |
</p> |
| 3716 |
|
| 3717 |
<pre caption="Specifying user argument"> |
| 3718 |
$ <i>groups root daemon</i> |
| 3719 |
root : root bin daemon sys adm disk wheel floppy dialout tape video |
| 3720 |
daemon : daemon bin adm |
| 3721 |
</pre> |
| 3722 |
|
| 3723 |
</body> |
| 3724 |
</section> |
| 3725 |
<section> |
| 3726 |
<title>Changing user and group ownership</title> |
| 3727 |
<body> |
| 3728 |
|
| 3729 |
<p> |
| 3730 |
To change the owner or group of a file or other filesystem object, use |
| 3731 |
<c>chown</c> or <c>chgrp</c>, respectively. Each of these commands takes a name |
| 3732 |
followed by one or more filenames. |
| 3733 |
</p> |
| 3734 |
|
| 3735 |
<pre caption="Using chown and chgrp commands"> |
| 3736 |
# <i>chown root /etc/passwd</i> |
| 3737 |
# <i>chgrp wheel /etc/passwd</i> |
| 3738 |
</pre> |
| 3739 |
|
| 3740 |
<p> |
| 3741 |
You can also set the owner and group simultaneously with an alternate form of |
| 3742 |
the <c>chown</c> command: |
| 3743 |
</p> |
| 3744 |
|
| 3745 |
<pre caption="Setting owner and group simultaneously"> |
| 3746 |
# <i>chown root:wheel /etc/passwd</i> |
| 3747 |
</pre> |
| 3748 |
|
| 3749 |
<p> |
| 3750 |
You may not use <c>chown</c> unless you are the superuser, but <c>chgrp</c> can |
| 3751 |
be used by anyone to change the group ownership of a file to a group to which |
| 3752 |
they belong. |
| 3753 |
</p> |
| 3754 |
|
| 3755 |
</body> |
| 3756 |
</section> |
| 3757 |
<section> |
| 3758 |
<title>Recursive ownership changes</title> |
| 3759 |
<body> |
| 3760 |
|
| 3761 |
<p> |
| 3762 |
Both <c>chown</c> and <c>chgrp</c> have a -R option that can be used to tell |
| 3763 |
them to recursively apply ownership and group changes to an entire directory |
| 3764 |
tree. For example: |
| 3765 |
</p> |
| 3766 |
|
| 3767 |
<pre caption="Using chown and chgrp with -R option"> |
| 3768 |
# <i>chown -R drobbins /home/drobbins</i> |
| 3769 |
</pre> |
| 3770 |
|
| 3771 |
</body> |
| 3772 |
</section> |
| 3773 |
<section> |
| 3774 |
<title>Introducing chmod</title> |
| 3775 |
<body> |
| 3776 |
|
| 3777 |
<p> |
| 3778 |
<c>chown</c> and <c>chgrp</c> can be used to change the owner and group of a |
| 3779 |
filesystem object, but another program -- called <c>chmod</c> -- is used to |
| 3780 |
change the rwx permissions that we can see in an <c>ls -l</c> listing. |
| 3781 |
<c>chmod</c> takes two or more arguments: a "mode", describing how the |
| 3782 |
permissions should be changed, followed by a file or list of files that should |
| 3783 |
be affected: |
| 3784 |
</p> |
| 3785 |
|
| 3786 |
<pre caption="Adding x permission with chmod"> |
| 3787 |
$ <i>chmod +x scriptfile.sh</i> |
| 3788 |
</pre> |
| 3789 |
|
| 3790 |
<p> |
| 3791 |
In the above example, our "mode" is +x. As you might guess, a +x mode tells |
| 3792 |
<c>chmod</c> to make this particular file executable for both the user and |
| 3793 |
group and for anyone else. |
| 3794 |
</p> |
| 3795 |
|
| 3796 |
<p> |
| 3797 |
If we wanted to remove all execute permissions of a file, we'd do this: |
| 3798 |
</p> |
| 3799 |
|
| 3800 |
<pre caption="Removing x permission with chmod"> |
| 3801 |
$ <i>chmod -x scriptfile.sh</i> |
| 3802 |
</pre> |
| 3803 |
|
| 3804 |
</body> |
| 3805 |
</section> |
| 3806 |
<section> |
| 3807 |
<title>User/group/other granularity</title> |
| 3808 |
<body> |
| 3809 |
|
| 3810 |
<p> |
| 3811 |
So far, our <c>chmod</c> examples have affected permissions for all three |
| 3812 |
triplets -- the user, the group, and all others. Often, it's handy to modify |
| 3813 |
only one or two triplets at a time. To do this, simply specify the symbolic |
| 3814 |
character for the particular triplets you'd like to modify before the + or - |
| 3815 |
sign. Use u for the "user" triplet, g for the "group" triplet, and o for the |
| 3816 |
"other/everyone" triplet: |
| 3817 |
</p> |
| 3818 |
|
| 3819 |
<pre caption="Using triplets"> |
| 3820 |
$ <i>chmod go-w scriptfile.sh</i> |
| 3821 |
</pre> |
| 3822 |
|
| 3823 |
<p> |
| 3824 |
We just removed write permissions for the group and all other users, but left |
| 3825 |
"owner" permissions untouched. |
| 3826 |
</p> |
| 3827 |
|
| 3828 |
</body> |
| 3829 |
</section> |
| 3830 |
<section> |
| 3831 |
<title>Resetting permissions</title> |
| 3832 |
<body> |
| 3833 |
|
| 3834 |
<p> |
| 3835 |
In addition to flipping permission bits on and off, we can also reset them |
| 3836 |
altogether. By using the = operator, we can tell <c>chmod</c> that we want the |
| 3837 |
specified permissions and no others: |
| 3838 |
</p> |
| 3839 |
|
| 3840 |
<pre caption="Flipping permission bits"> |
| 3841 |
$ <i>chmod =rx scriptfile.sh</i> |
| 3842 |
</pre> |
| 3843 |
|
| 3844 |
<p> |
| 3845 |
Above, we just set all "read" and "execute" bits, and unset all "write" bits. |
| 3846 |
If you just want to reset a particular triplet, you can specify the symbolic |
| 3847 |
name for the triplet before the = as follows: |
| 3848 |
</p> |
| 3849 |
|
| 3850 |
<pre caption="Reseting triplet"> |
| 3851 |
$ <i>chmod u=rx scriptfile.sh</i> |
| 3852 |
</pre> |
| 3853 |
|
| 3854 |
</body> |
| 3855 |
</section> |
| 3856 |
<section> |
| 3857 |
<title>Numeric modes</title> |
| 3858 |
<body> |
| 3859 |
|
| 3860 |
<p> |
| 3861 |
Up until now, we've used what are called symbolic modes to specify permission |
| 3862 |
changes to <c>chmod</c>. However, there's another common way of specifying |
| 3863 |
permissions: using a 4-digit octal number. Using this syntax, called numeric |
| 3864 |
permissions syntax, each digit represents a permissions triplet. For example, |
| 3865 |
in 1777, the 777 sets the "owner", "group", and "other" flags that we've been |
| 3866 |
discussing in this section. The 1 is used to set the special permissions bits, |
| 3867 |
which we'll cover later (see "<uri |
| 3868 |
link="https://www6.software.ibm.com/developerworks/education/l-lpir23/l-lpir23-3-23.html">The |
| 3869 |
elusive first digit</uri>" at the end of this section). This chart shows how |
| 3870 |
the second through fourth digits (777) are interpreted: |
| 3871 |
</p> |
| 3872 |
|
| 3873 |
<table> |
| 3874 |
<tr> |
| 3875 |
<th>Mode</th> |
| 3876 |
<th>Digit</th> |
| 3877 |
</tr> |
| 3878 |
<tr> |
| 3879 |
<ti>rwx</ti> |
| 3880 |
<ti>7</ti> |
| 3881 |
</tr> |
| 3882 |
<tr> |
| 3883 |
<ti>rw-</ti> |
| 3884 |
<ti>6</ti> |
| 3885 |
</tr> |
| 3886 |
<tr> |
| 3887 |
<ti>r-x</ti> |
| 3888 |
<ti>5</ti> |
| 3889 |
</tr> |
| 3890 |
<tr> |
| 3891 |
<ti>r--</ti> |
| 3892 |
<ti>4</ti> |
| 3893 |
</tr> |
| 3894 |
<tr> |
| 3895 |
<ti>-wx</ti> |
| 3896 |
<ti>3</ti> |
| 3897 |
</tr> |
| 3898 |
<tr> |
| 3899 |
<ti>-w-</ti> |
| 3900 |
<ti>2</ti> |
| 3901 |
</tr> |
| 3902 |
<tr> |
| 3903 |
<ti>--x</ti> |
| 3904 |
<ti>1</ti> |
| 3905 |
</tr> |
| 3906 |
<tr> |
| 3907 |
<ti>---</ti> |
| 3908 |
<ti>0</ti> |
| 3909 |
</tr> |
| 3910 |
</table> |
| 3911 |
|
| 3912 |
</body> |
| 3913 |
</section> |
| 3914 |
<section> |
| 3915 |
<title>Numeric permission syntax</title> |
| 3916 |
<body> |
| 3917 |
|
| 3918 |
<p> |
| 3919 |
Numeric permission syntax is especially useful when you need to specify all |
| 3920 |
permissions for a file, such as in the following example: |
| 3921 |
</p> |
| 3922 |
|
| 3923 |
<pre caption="Adding numeric permission"> |
| 3924 |
$ <i>chmod 0755 scriptfile.sh</i> |
| 3925 |
$ <i>ls -l scriptfile.sh</i> |
| 3926 |
-rwxr-xr-x 1 drobbins drobbins 0 Jan 9 17:44 scriptfile.sh |
| 3927 |
</pre> |
| 3928 |
|
| 3929 |
<p> |
| 3930 |
In this example, we used a mode of 0755, which expands to a complete |
| 3931 |
permissions setting of -rwxr-xr-x. |
| 3932 |
</p> |
| 3933 |
|
| 3934 |
</body> |
| 3935 |
</section> |
| 3936 |
<section> |
| 3937 |
<title>The umask</title> |
| 3938 |
<body> |
| 3939 |
|
| 3940 |
<p> |
| 3941 |
When a process creates a new file, it specifies the permissions that it would |
| 3942 |
like the new file to have. Often, the mode requested is 0666 (readable and |
| 3943 |
writable by everyone), which is more permissive that we would like. |
| 3944 |
Fortunately, Linux consults something called a "umask" whenever a new file is |
| 3945 |
created. The system uses the umask value to reduce the originally specified |
| 3946 |
permissions to something more reasonable and secure. You can view your current |
| 3947 |
umask setting by typing umask at the command line: |
| 3948 |
</p> |
| 3949 |
|
| 3950 |
<pre caption="Viewing current umask"> |
| 3951 |
$ <i>umask</i> |
| 3952 |
0022 |
| 3953 |
</pre> |
| 3954 |
|
| 3955 |
<p> |
| 3956 |
On Linux systems, the umask normally defaults to 0022, which allows others to |
| 3957 |
read your new files (if they can get to them) but not modify them. |
| 3958 |
</p> |
| 3959 |
|
| 3960 |
<p> |
| 3961 |
To make new files more secure by default, you can change the umask setting: |
| 3962 |
</p> |
| 3963 |
|
| 3964 |
<pre caption="Changing umask setting"> |
| 3965 |
$ <i>umask 0077</i> |
| 3966 |
</pre> |
| 3967 |
|
| 3968 |
<p> |
| 3969 |
This umask will make sure that the group and others will have absolutely no |
| 3970 |
permissions for any newly created files. So, how does the umask work? Unlike |
| 3971 |
"regular" permissions on files, the umask specifies which permissions should be |
| 3972 |
turned off. Let's consult our mode-to-digit mapping table so that we can |
| 3973 |
understand what a umask of 0077 means: |
| 3974 |
</p> |
| 3975 |
|
| 3976 |
<table> |
| 3977 |
<tr> |
| 3978 |
<th>Mode</th> |
| 3979 |
<th>Digit</th> |
| 3980 |
</tr> |
| 3981 |
<tr> |
| 3982 |
<ti>rwx</ti> |
| 3983 |
<ti>7</ti> |
| 3984 |
</tr> |
| 3985 |
<tr> |
| 3986 |
<ti>rw-</ti> |
| 3987 |
<ti>6</ti> |
| 3988 |
</tr> |
| 3989 |
<tr> |
| 3990 |
<ti>r-x</ti> |
| 3991 |
<ti>5</ti> |
| 3992 |
</tr> |
| 3993 |
<tr> |
| 3994 |
<ti>r--</ti> |
| 3995 |
<ti>4</ti> |
| 3996 |
</tr> |
| 3997 |
<tr> |
| 3998 |
<ti>-wx</ti> |
| 3999 |
<ti>3</ti> |
| 4000 |
</tr> |
| 4001 |
<tr> |
| 4002 |
<ti>-w-</ti> |
| 4003 |
<ti>2</ti> |
| 4004 |
</tr> |
| 4005 |
<tr> |
| 4006 |
<ti>--x</ti> |
| 4007 |
<ti>1</ti> |
| 4008 |
</tr> |
| 4009 |
<tr> |
| 4010 |
<ti>---</ti> |
| 4011 |
<ti>0</ti> |
| 4012 |
</tr> |
| 4013 |
</table> |
| 4014 |
|
| 4015 |
<p> |
| 4016 |
Using our table, the last three digits of 0077 expand to ---rwxrwx. Now, |
| 4017 |
remember that the <c>umask</c> tells the system which permissions to disable. |
| 4018 |
Putting two and two together, we can see that all "group" and "other" |
| 4019 |
permissions will be turned off, while "user" permissions will remain untouched. |
| 4020 |
</p> |
| 4021 |
|
| 4022 |
</body> |
| 4023 |
</section> |
| 4024 |
<section> |
| 4025 |
<title>Introducing suid and sgid</title> |
| 4026 |
<body> |
| 4027 |
|
| 4028 |
<p> |
| 4029 |
When you initially log in, a new shell process is started. You already know |
| 4030 |
that, but you may not know that this new shell process (typically bash) runs |
| 4031 |
using your user id. As such, the bash program can access all files and |
| 4032 |
directories that you own. In fact, we as users are totally dependent on other |
| 4033 |
programs to perform operations on our behalf. Because the programs you start |
| 4034 |
inherit your user id, they cannot access any filesystem objects for which you |
| 4035 |
haven't been granted access. |
| 4036 |
</p> |
| 4037 |
|
| 4038 |
<p> |
| 4039 |
For example, the passwd file cannot be changed by normal users directly, |
| 4040 |
because the "write" flag is off for every user except root: |
| 4041 |
</p> |
| 4042 |
|
| 4043 |
<pre caption="ls -l /etc/passwd"> |
| 4044 |
$ <i>ls -l /etc/passwd</i> |
| 4045 |
-rw-r--r-- 1 root wheel 1355 Nov 1 21:16 /etc/passwd |
| 4046 |
</pre> |
| 4047 |
|
| 4048 |
<p> |
| 4049 |
However, normal users do need to be able to modify /etc/passwd (at least |
| 4050 |
indirectly) whenever they need to change their password. But, if the user is |
| 4051 |
unable to modify this file, how exactly does this work? |
| 4052 |
</p> |
| 4053 |
|
| 4054 |
</body> |
| 4055 |
</section> |
| 4056 |
<section> |
| 4057 |
<title>suid</title> |
| 4058 |
<body> |
| 4059 |
|
| 4060 |
<p> |
| 4061 |
Thankfully, the Linux permissions model has two special bits called <c>suid</c> |
| 4062 |
and <c>sgid</c>. When an executable program has the <c>suid</c> bit set, it |
| 4063 |
will run on behalf of the owner of the executable, rather than on behalf of the |
| 4064 |
person who started the program. |
| 4065 |
</p> |
| 4066 |
|
| 4067 |
<p> |
| 4068 |
Now, back to the <path>/etc/passwd</path> problem. If we take a look at the |
| 4069 |
<c>passwd</c> executable, we can see that it's owned by root: |
| 4070 |
</p> |
| 4071 |
|
| 4072 |
<pre caption="Checking owner of /usr/bin/passwd file"> |
| 4073 |
$ <i>ls -l /usr/bin/passwd</i> |
| 4074 |
-rwsr-xr-x 1 root wheel 17588 Sep 24 00:53 /usr/bin/passwd |
| 4075 |
</pre> |
| 4076 |
|
| 4077 |
<p> |
| 4078 |
You'll also note that in place of an x in the user's permission triplet, |
| 4079 |
there's an s. This indicates that, for this particular program, the <c>suid</c> |
| 4080 |
and executable bits are set. Because of this, when <c>passwd</c> runs, it will |
| 4081 |
execute on behalf of the root user (with full superuser access) rather than |
| 4082 |
that of the user who ran it. And because <c>passwd</c> runs with root access, |
| 4083 |
it's able to modify the <path>/etc/passwd</path> file with no problem. |
| 4084 |
</p> |
| 4085 |
|
| 4086 |
</body> |
| 4087 |
</section> |
| 4088 |
<section> |
| 4089 |
<title>suid/sgid caveats</title> |
| 4090 |
<body> |
| 4091 |
|
| 4092 |
<p> |
| 4093 |
We've seen how <c>suid</c> works, and <c>sgid</c> works in a similar way. It |
| 4094 |
allows programs to inherit the group ownership of the program rather than that |
| 4095 |
of the current user. |
| 4096 |
</p> |
| 4097 |
|
| 4098 |
<impo> |
| 4099 |
Here's some miscellaneous yet important information about <c>suid</c> and |
| 4100 |
<c>sgid</c>. First, <c>suid</c> and <c>sgid</c> bits occupy the same space as |
| 4101 |
the x bits in a ls -l listing. If the x bit is also set, the respective bits |
| 4102 |
will show up as s (lowercase). However, if the x bit is not set, it will show |
| 4103 |
up as a S (uppercase). |
| 4104 |
</impo> |
| 4105 |
|
| 4106 |
<impo> |
| 4107 |
Another important note: suid and sgid come in handy in many circumstances, but |
| 4108 |
improper use of these bits can allow the security of a system to be breached. |
| 4109 |
It's best to have as few suid programs as possible. The passwd command is one |
| 4110 |
of the few that must be suid. |
| 4111 |
</impo> |
| 4112 |
|
| 4113 |
</body> |
| 4114 |
</section> |
| 4115 |
<section> |
| 4116 |
<title>Changing suid and sgid</title> |
| 4117 |
<body> |
| 4118 |
|
| 4119 |
<p> |
| 4120 |
Setting and removing the <c>suid</c> and <c>sgid</c> bits is fairly |
| 4121 |
straightforward. Here, we set the suid bit: |
| 4122 |
</p> |
| 4123 |
|
| 4124 |
<pre caption="Setting suid bit"> |
| 4125 |
# <i>chmod u+s /usr/bin/myapp</i> |
| 4126 |
</pre> |
| 4127 |
|
| 4128 |
<p> |
| 4129 |
And here, we remove the <c>sgid</c> bit from a directory. We'll see how the |
| 4130 |
<c>sgid</c> bit affects directories in just a few panels: |
| 4131 |
</p> |
| 4132 |
|
| 4133 |
<pre caption="Removing sgid bit"> |
| 4134 |
# <i>chmod g-s /home/drobbins</i> |
| 4135 |
</pre> |
| 4136 |
|
| 4137 |
</body> |
| 4138 |
</section> |
| 4139 |
<section> |
| 4140 |
<title>Permissions and directories</title> |
| 4141 |
<body> |
| 4142 |
|
| 4143 |
<p> |
| 4144 |
So far, we've been looking at permissions from the perspective of regular |
| 4145 |
files. When it comes to directories, things are a bit different. Directories |
| 4146 |
use the same permissions flags, but they are interpreted to mean slightly |
| 4147 |
different things. |
| 4148 |
</p> |
| 4149 |
|
| 4150 |
<p> |
| 4151 |
For a directory, if the "read" flag is set, you may list the contents of the |
| 4152 |
directory; "write" means you may create files in the directory; and "execute" |
| 4153 |
means you may enter the directory and access any sub-directories inside. |
| 4154 |
Without the "execute" flag, the filesystem objects inside a directory aren't |
| 4155 |
accessible. Without a "read" flag, the filesystem objects inside a directory |
| 4156 |
aren't viewable, but objects inside the directory can still be accessed as long |
| 4157 |
as someone knows the full path to the object on disk. |
| 4158 |
</p> |
| 4159 |
|
| 4160 |
</body> |
| 4161 |
</section> |
| 4162 |
<section> |
| 4163 |
<title>Directories and sgid</title> |
| 4164 |
<body> |
| 4165 |
|
| 4166 |
<p> |
| 4167 |
And, if a directory has the "sgid" flag enabled, any filesystem objects created |
| 4168 |
inside it will inherit the group of the directory. This particular feature |
| 4169 |
comes in handy when you need to create a directory tree to be used by a group |
| 4170 |
of people that all belong to the same group. Simply do this: |
| 4171 |
</p> |
| 4172 |
|
| 4173 |
<pre caption="Creating directory for a group of people"> |
| 4174 |
# <i>mkdir /home/groupspace</i> |
| 4175 |
# <i>chgrp mygroup /home/groupspace</i> |
| 4176 |
# <i>chmod g+s /home/groupspace</i> |
| 4177 |
</pre> |
| 4178 |
|
| 4179 |
<p> |
| 4180 |
Now, any users in the group mygroup can create files or directories inside |
| 4181 |
<path>/home/groupspace</path>, and they will be automatically assigned a group |
| 4182 |
ownership of mygroup as well. Depending on the users' umask setting, new |
| 4183 |
filesystem objects may or may not be readable, writable, or executable by other |
| 4184 |
members of the mygroup group. |
| 4185 |
</p> |
| 4186 |
|
| 4187 |
</body> |
| 4188 |
</section> |
| 4189 |
<section> |
| 4190 |
<title>Directories and deletion</title> |
| 4191 |
<body> |
| 4192 |
|
| 4193 |
<p> |
| 4194 |
By default, Linux directories behave in a way that may not be ideal in all |
| 4195 |
situations. Normally, anyone can rename or delete a file inside a directory, as |
| 4196 |
long as they have write access to that directory. For directories used by |
| 4197 |
individual users, this behavior is usually just fine. |
| 4198 |
</p> |
| 4199 |
|
| 4200 |
<p> |
| 4201 |
However, for directories that are used by many users, especially |
| 4202 |
<path>/tmp</path> and <path>/var/tmp</path>, this behavior can be bad news. |
| 4203 |
Since anyone can write to these directories, anyone can delete or rename anyone |
| 4204 |
else's files -- even if they don't own them! Obviously, it's hard to use |
| 4205 |
<path>/tmp</path> for anything meaningful when any other user can type <c>rm |
| 4206 |
-rf /tmp/*</c> at any time and destroy everyone's files. |
| 4207 |
</p> |
| 4208 |
|
| 4209 |
<p> |
| 4210 |
Thankfully, Linux has something called the sticky bit. When <path>/tmp</path> |
| 4211 |
has the sticky bit set (with a <c>chmod +t</c>), the only people who are able |
| 4212 |
to delete or rename files in <path>/tmp</path> are the directory's owner |
| 4213 |
(typically root), the file's owner, or root. Virtually all Linux distributions |
| 4214 |
enable <path>/tmp</path>'s sticky bit by default, but you may find that the |
| 4215 |
sticky bit comes in handy in other situations. |
| 4216 |
</p> |
| 4217 |
|
| 4218 |
</body> |
| 4219 |
</section> |
| 4220 |
<section> |
| 4221 |
<title>The elusive first digit</title> |
| 4222 |
<body> |
| 4223 |
|
| 4224 |
<p> |
| 4225 |
And to conclude this section, we finally take a look at the elusive first digit |
| 4226 |
of a numeric mode. As you can see, this first digit is used for setting the |
| 4227 |
sticky, <c>suid</c>, and <c>sgid</c> bits: |
| 4228 |
</p> |
| 4229 |
|
| 4230 |
<table> |
| 4231 |
<tr> |
| 4232 |
<th>suid</th> |
| 4233 |
<th>sgid</th> |
| 4234 |
<th>sticky</th> |
| 4235 |
<th>mode digit</th> |
| 4236 |
</tr> |
| 4237 |
<tr> |
| 4238 |
<ti>on</ti> |
| 4239 |
<ti>on</ti> |
| 4240 |
<ti>on</ti> |
| 4241 |
<ti>7</ti> |
| 4242 |
</tr> |
| 4243 |
<tr> |
| 4244 |
<ti>on</ti> |
| 4245 |
<ti>on</ti> |
| 4246 |
<ti>off</ti> |
| 4247 |
<ti>6</ti> |
| 4248 |
</tr> |
| 4249 |
<tr> |
| 4250 |
<ti>on</ti> |
| 4251 |
<ti>off</ti> |
| 4252 |
<ti>on</ti> |
| 4253 |
<ti>5</ti> |
| 4254 |
</tr> |
| 4255 |
<tr> |
| 4256 |
<ti>on</ti> |
| 4257 |
<ti>off</ti> |
| 4258 |
<ti>off</ti> |
| 4259 |
<ti>4</ti> |
| 4260 |
</tr> |
| 4261 |
<tr> |
| 4262 |
<ti>off</ti> |
| 4263 |
<ti>on</ti> |
| 4264 |
<ti>on</ti> |
| 4265 |
<ti>3</ti> |
| 4266 |
</tr> |
| 4267 |
<tr> |
| 4268 |
<ti>off</ti> |
| 4269 |
<ti>on</ti> |
| 4270 |
<ti>off</ti> |
| 4271 |
<ti>2</ti> |
| 4272 |
</tr> |
| 4273 |
<tr> |
| 4274 |
<ti>off</ti> |
| 4275 |
<ti>off</ti> |
| 4276 |
<ti>on</ti> |
| 4277 |
<ti>1</ti> |
| 4278 |
</tr> |
| 4279 |
<tr> |
| 4280 |
<ti>off</ti> |
| 4281 |
<ti>off</ti> |
| 4282 |
<ti>off</ti> |
| 4283 |
<ti>0</ti> |
| 4284 |
</tr> |
| 4285 |
</table> |
| 4286 |
|
| 4287 |
<p> |
| 4288 |
Here's an example of how to use a 4-digit numeric mode to set permissions for a |
| 4289 |
directory that will be used by a workgroup: |
| 4290 |
</p> |
| 4291 |
|
| 4292 |
<pre caption="Setting numeric permissions"> |
| 4293 |
# <i>chmod 1775 /home/groupfiles</i> |
| 4294 |
</pre> |
| 4295 |
|
| 4296 |
<p> |
| 4297 |
As homework, figure out the meaning of the 1755 numeric permissions setting. :) |
| 4298 |
</p> |
| 4299 |
|
| 4300 |
</body> |
| 4301 |
</section> |
| 4302 |
</chapter> |
| 4303 |
|
| 4304 |
<chapter> |
| 4305 |
<title>Linux account managment</title> |
| 4306 |
<section> |
| 4307 |
<title>Introducing /etc/passwd</title> |
| 4308 |
<body> |
| 4309 |
|
| 4310 |
<p> |
| 4311 |
In this section, we'll look at the Linux account management mechanism, starting |
| 4312 |
with the <path>/etc/passwd</path> file, which defines all the users that exist |
| 4313 |
on a Linux system. You can view your own <path>/etc/passwd</path> file by |
| 4314 |
typing less <path>/etc/passwd</path>. |
| 4315 |
</p> |
| 4316 |
|
| 4317 |
<p> |
| 4318 |
Each line in <path>/etc/passwd</path> defines a user account. Here's an example |
| 4319 |
line from my <path>/etc/passwd</path> file: |
| 4320 |
</p> |
| 4321 |
|
| 4322 |
<pre caption="/etc/passwd"> |
| 4323 |
drobbins:x:1000:1000:Daniel Robbins:/home/drobbins:/bin/bash |
| 4324 |
</pre> |
| 4325 |
|
| 4326 |
<p> |
| 4327 |
As you can see, there is quite a bit of information on this line. In fact, each |
| 4328 |
<path>/etc/passwd</path> line consists of multiple fields, each separated by a |
| 4329 |
:. |
| 4330 |
</p> |
| 4331 |
|
| 4332 |
<p> |
| 4333 |
The first field defines the username (drobbins)), and the second field contains |
| 4334 |
an x. On ancient Linux systems, this field contained an encrypted password to |
| 4335 |
be used for authentication, but virtually all Linux systems now store this |
| 4336 |
password information in another file. |
| 4337 |
</p> |
| 4338 |
|
| 4339 |
<p> |
| 4340 |
The third field (1000) defines the numeric user id associated with this |
| 4341 |
particular user, and the fourth field (1000) associates this user with a |
| 4342 |
particular group; in a few panels, we'll see where group 1000 is defined. |
| 4343 |
</p> |
| 4344 |
|
| 4345 |
<p> |
| 4346 |
The fifth field contains a textual description of this account -- in this case, |
| 4347 |
the user's name. The sixth field defines this user's home directory, and the |
| 4348 |
seventh field specifies the user's default shell -- the one that will be |
| 4349 |
automatically started when this user logs in. |
| 4350 |
</p> |
| 4351 |
|
| 4352 |
</body> |
| 4353 |
</section> |
| 4354 |
<section> |
| 4355 |
<title>/etc/passwd tips and tricks</title> |
| 4356 |
<body> |
| 4357 |
|
| 4358 |
<p> |
| 4359 |
You've probably noticed that there are many more user accounts defined in |
| 4360 |
<path>/etc/passwd</path> than actually log in to your system. This is because |
| 4361 |
various Linux components use user accounts to enhance security. Typically, |
| 4362 |
these system accounts have a user id ("uid") of under 100, and many of them |
| 4363 |
will have something like /bin/false listed as a default shell. Since the |
| 4364 |
<path>/bin/false</path> program does nothing but exit with an error code, this |
| 4365 |
effectively prevents these accounts from being used as login accounts -- they |
| 4366 |
are for internal use only. |
| 4367 |
</p> |
| 4368 |
|
| 4369 |
</body> |
| 4370 |
</section> |
| 4371 |
<section> |
| 4372 |
<title>/etc/shadow</title> |
| 4373 |
<body> |
| 4374 |
|
| 4375 |
<p> |
| 4376 |
So, user accounts themselves are defined in <path>/etc/passwd</path>. Linux |
| 4377 |
systems contain a companion file to <path>/etc/passwd</path> that's called |
| 4378 |
<path>/etc/shadow</path>. This file, unlike <path>/etc/passwd</path>, is |
| 4379 |
readable only by root and contains encrypted password information. Let's look |
| 4380 |
at a sample line from <path>/etc/shadow</path>: |
| 4381 |
</p> |
| 4382 |
|
| 4383 |
<pre caption="/etc/shadow"> |
| 4384 |
drobbins:$1$1234567890123456789012345678901:11664:0:-1:-1:-1:-1:0 |
| 4385 |
</pre> |
| 4386 |
|
| 4387 |
<p> |
| 4388 |
Each line defines password information for a particular account, and again, |
| 4389 |
each field is separated by a :. The first field defines the particular user |
| 4390 |
account with which this shadow entry is associated. The second field contains |
| 4391 |
an encrypted password. The remaining fields are described in the following |
| 4392 |
table: |
| 4393 |
</p> |
| 4394 |
|
| 4395 |
<table> |
| 4396 |
<tr> |
| 4397 |
<ti>field 3</ti> |
| 4398 |
<ti># of days since 1/1/1970 that the password was modified</ti> |
| 4399 |
</tr> |
| 4400 |
<tr> |
| 4401 |
<ti>field 4</ti> |
| 4402 |
<ti> |
| 4403 |
# of days before password will be allowed to be changed (0 for "change |
| 4404 |
anytime") |
| 4405 |
</ti> |
| 4406 |
</tr> |
| 4407 |
<tr> |
| 4408 |
<ti>field 5</ti> |
| 4409 |
<ti> |
| 4410 |
# of days before system will force user to change to a new password (-1 |
| 4411 |
for "never") |
| 4412 |
</ti> |
| 4413 |
</tr> |
| 4414 |
<tr> |
| 4415 |
<ti>field 6</ti> |
| 4416 |
<ti> |
| 4417 |
# of days before password expires that user will be warned about |
| 4418 |
expiration (-1 for "no warning") |
| 4419 |
</ti> |
| 4420 |
</tr> |
| 4421 |
<tr> |
| 4422 |
<ti>field 7</ti> |
| 4423 |
<ti> |
| 4424 |
# of days after password expiration that this account is automatically |
| 4425 |
# disabled by the system (-1 for "never disable") |
| 4426 |
</ti> |
| 4427 |
</tr> |
| 4428 |
<tr> |
| 4429 |
<ti>field 8</ti> |
| 4430 |
<ti> |
| 4431 |
# of days that this account has been disabled (-1 for "this account is |
| 4432 |
enabled") |
| 4433 |
</ti> |
| 4434 |
</tr> |
| 4435 |
<tr> |
| 4436 |
<ti>field 9</ti> |
| 4437 |
<ti>Reserved for future use</ti> |
| 4438 |
</tr> |
| 4439 |
</table> |
| 4440 |
|
| 4441 |
</body> |
| 4442 |
</section> |
| 4443 |
<section> |
| 4444 |
<title>/etc/group</title> |
| 4445 |
<body> |
| 4446 |
|
| 4447 |
<p> |
| 4448 |
Next, we take a look at the <path>/etc/group</path> file, which defines all the |
| 4449 |
groups on a Linux system. Here's a sample line: |
| 4450 |
</p> |
| 4451 |
|
| 4452 |
<pre caption="/etc/group"> |
| 4453 |
drobbins:x:1000: |
| 4454 |
</pre> |
| 4455 |
|
| 4456 |
<p> |
| 4457 |
The <path>/etc/group</path> field format is as follows. The first field defines |
| 4458 |
the name of the group; the second field is a vestigial password field that now |
| 4459 |
simply holds an x, and the third field defines the numeric group id of this |
| 4460 |
particular group. The fourth field (empty in the above example) defines any |
| 4461 |
users that are members of this group. |
| 4462 |
</p> |
| 4463 |
|
| 4464 |
<p> |
| 4465 |
You'll recall that our sample <path>/etc/passwd</path> line referenced a group |
| 4466 |
id of 1000. This has the effect of placing the drobbins user in the drobbins |
| 4467 |
group, even though the drobbins username isn't listed in the fourth field of |
| 4468 |
<path>/etc/group</path>. |
| 4469 |
</p> |
| 4470 |
|
| 4471 |
</body> |
| 4472 |
</section> |
| 4473 |
<section> |
| 4474 |
<title>Group notes</title> |
| 4475 |
<body> |
| 4476 |
|
| 4477 |
<p> |
| 4478 |
A note about associating users with groups: on some systems, you'll find that |
| 4479 |
every new login account is associated with an identically named (and usually |
| 4480 |
identically numbered) group. On other systems, all login accounts will belong |
| 4481 |
to a single users group. The approach that you use on the system(s) you |
| 4482 |
administrate is up to you. Creating matching groups for each user has the |
| 4483 |
advantage of allowing users to more easily control access to their own files by |
| 4484 |
placing trusted friends in their personal group. |
| 4485 |
</p> |
| 4486 |
|
| 4487 |
</body> |
| 4488 |
</section> |
| 4489 |
<section> |
| 4490 |
<title>Adding a user and group by hand</title> |
| 4491 |
<body> |
| 4492 |
|
| 4493 |
<p> |
| 4494 |
Now, I'll show you how to create your own user and group account. The best way |
| 4495 |
to learn how to do this is to add a new user to the system manually. To begin, |
| 4496 |
first make sure that your EDITOR environment variable is set to your favorite |
| 4497 |
text editor: |
| 4498 |
</p> |
| 4499 |
|
| 4500 |
<pre caption="Checking favorite text editor variable"> |
| 4501 |
# <i>echo $EDITOR</i> |
| 4502 |
vim |
| 4503 |
</pre> |
| 4504 |
|
| 4505 |
<p> |
| 4506 |
If it isn't, you can set EDITOR by typing something like: |
| 4507 |
</p> |
| 4508 |
|
| 4509 |
<pre caption="Setting EDITOR variable"> |
| 4510 |
# <i>export EDITOR=/usr/bin/emacs</i> |
| 4511 |
# <i>vipw</i> |
| 4512 |
</pre> |
| 4513 |
|
| 4514 |
<p> |
| 4515 |
You should now find yourself in your favorite text editor with the |
| 4516 |
<path>/etc/passwd</path> file loaded up on the screen. When modifying system |
| 4517 |
<path>passwd</path> and <path>group</path> files, it's very important to use |
| 4518 |
the <c>vipw</c> and <c>vigr</c> commands. They take extra precautions to ensure |
| 4519 |
that your critical <path>passwd</path> and <path>group</path> files are locked |
| 4520 |
properly so they don't become corrupted. |
| 4521 |
</p> |
| 4522 |
|
| 4523 |
</body> |
| 4524 |
</section> |
| 4525 |
<section> |
| 4526 |
<title>Editing /etc/passwd</title> |
| 4527 |
<body> |
| 4528 |
|
| 4529 |
<p> |
| 4530 |
Now that you have the <path>/etc/passwd</path> file up, go ahead and add the |
| 4531 |
following line: |
| 4532 |
</p> |
| 4533 |
|
| 4534 |
<pre caption="/etc/passwd"> |
| 4535 |
testuser:x:3000:3000:LPI tutorial test user:/home/testuser:/bin/false |
| 4536 |
</pre> |
| 4537 |
|
| 4538 |
<p> |
| 4539 |
We've just added a "testuser" user with a UID of 3000. We've added him to a |
| 4540 |
group with a GID of 3000, which we haven't created just yet. Alternatively, we |
| 4541 |
could have assigned this user to the GID of the users group if we wanted. This |
| 4542 |
new user has a comment that reads LPI tutorial test user; the user's home |
| 4543 |
directory is set to <path>/home/testuser</path>, and the user's shell is set to |
| 4544 |
<path>/bin/false</path> for security purposes. If we were creating an non-test |
| 4545 |
account, we would set the shell to <path>/bin/bash</path>. OK, go ahead and |
| 4546 |
save your changes and exit. |
| 4547 |
</p> |
| 4548 |
|
| 4549 |
</body> |
| 4550 |
</section> |
| 4551 |
<section> |
| 4552 |
<title>Editing /etc/shadow</title> |
| 4553 |
<body> |
| 4554 |
|
| 4555 |
<p> |
| 4556 |
Now, we need to add an entry in <path>/etc/shadow</path> for this particular |
| 4557 |
user. To do this, type <c>vipw -s</c>. You'll be greeted with your favorite |
| 4558 |
editor, which now contains the <path>/etc/shadow</path> file. Now, go ahead and |
| 4559 |
copy the line of an existing user account (one that has a password and is |
| 4560 |
longer than the standard system account entries): |
| 4561 |
</p> |
| 4562 |
|
| 4563 |
<pre caption="/etc/shadow"> |
| 4564 |
drobbins:$1$1234567890123456789012345678901:11664:0:-1:-1:-1:-1:0 |
| 4565 |
</pre> |
| 4566 |
|
| 4567 |
<p> |
| 4568 |
Now, change the username on the copied line to the name of your new user, and |
| 4569 |
ensure that all fields (particularly the password aging ones) are set to your |
| 4570 |
liking: |
| 4571 |
</p> |
| 4572 |
|
| 4573 |
<pre caption="Modifed /etc/shadow"> |
| 4574 |
testuser:$1$1234567890123456789012345678901:11664:0:-1:-1:-1:-1:0 |
| 4575 |
</pre> |
| 4576 |
|
| 4577 |
<p> |
| 4578 |
Now, save and exit. |
| 4579 |
</p> |
| 4580 |
|
| 4581 |
</body> |
| 4582 |
</section> |
| 4583 |
<section> |
| 4584 |
<title>Setting a password</title> |
| 4585 |
<body> |
| 4586 |
|
| 4587 |
<p> |
| 4588 |
You'll be back at the prompt. Now, it's time to set a password for your new |
| 4589 |
user: |
| 4590 |
</p> |
| 4591 |
|
| 4592 |
<pre caption="Setting password for new user"> |
| 4593 |
# <i>passwd testuser</i> |
| 4594 |
Enter new UNIX password: <comment>(enter a password for testuser)</comment> |
| 4595 |
Retype new UNIX password: <comment>(enter testuser's new password again)</comment> |
| 4596 |
</pre> |
| 4597 |
|
| 4598 |
</body> |
| 4599 |
</section> |
| 4600 |
<section> |
| 4601 |
<title>Editing /etc/group</title> |
| 4602 |
<body> |
| 4603 |
|
| 4604 |
<p> |
| 4605 |
Now that <path>/etc/passwd</path> and <path>/etc/shadow</path> are set up, it's |
| 4606 |
now time to get <path>/etc/group</path> configured properly. To do this, type: |
| 4607 |
</p> |
| 4608 |
|
| 4609 |
<pre caption="Configuring /etc/group"> |
| 4610 |
# <i>vigr</i> |
| 4611 |
</pre> |
| 4612 |
|
| 4613 |
<p> |
| 4614 |
Your <path>/etc/group</path> file will appear in front of you, ready for |
| 4615 |
editing. Now, if you chose to assign a default group of users for your |
| 4616 |
particular test user, you do not need to add any groups to |
| 4617 |
<path>/etc/groups</path>. However, if you chose to create a new group for this |
| 4618 |
user, go ahead and add the following line: |
| 4619 |
</p> |
| 4620 |
|
| 4621 |
<pre caption="Adding new group manually"> |
| 4622 |
testuser:x:3000: |
| 4623 |
</pre> |
| 4624 |
|
| 4625 |
<p> |
| 4626 |
Now save and exit. |
| 4627 |
</p> |
| 4628 |
|
| 4629 |
</body> |
| 4630 |
</section> |
| 4631 |
<section> |
| 4632 |
<title>Creating a home directory</title> |
| 4633 |
<body> |
| 4634 |
|
| 4635 |
<p> |
| 4636 |
We're nearly done. Type the following commands to create testuser's home |
| 4637 |
directory: |
| 4638 |
</p> |
| 4639 |
|
| 4640 |
<pre caption="Creating home directory"> |
| 4641 |
# <i>cd /home</i> |
| 4642 |
# <i>mkdir testuser</i> |
| 4643 |
# <i>chown testuser.testuser testuser</i> |
| 4644 |
# <i>chmod o-rwx testuser</i> |
| 4645 |
</pre> |
| 4646 |
|
| 4647 |
<p> |
| 4648 |
Our user's home directory is now in place and the account is ready for use. |
| 4649 |
Well, almost ready. If you'd like to use this account, you'll need to use vipw |
| 4650 |
to change testuser's default shell to <path>/bin/bash</path> so that the user |
| 4651 |
can log in. |
| 4652 |
</p> |
| 4653 |
|
| 4654 |
</body> |
| 4655 |
</section> |
| 4656 |
<section> |
| 4657 |
<title>Account admin utils</title> |
| 4658 |
<body> |
| 4659 |
|
| 4660 |
<p> |
| 4661 |
Now that you know how to add a new account and group by hand, let's review the |
| 4662 |
various time-saving account administration utilities available under Linux. Due |
| 4663 |
to space constraints, we won't cover a lot of detail describing these commands. |
| 4664 |
Remember that you can always get more information about a command by viewing |
| 4665 |
the command's man page. If you are planning to take the LPIC 101 exam, you |
| 4666 |
should spend some time getting familiar with each of these commands. |
| 4667 |
</p> |
| 4668 |
|
| 4669 |
<p> |
| 4670 |
newgrp |
| 4671 |
</p> |
| 4672 |
|
| 4673 |
<p> |
| 4674 |
By default, any files that a user creates are assigned to the user's group |
| 4675 |
specified in <path>/etc/passwd</path>. If the user belongs to other groups, he |
| 4676 |
or she can type newgrp thisgroup to set current default group membership to the |
| 4677 |
group thisgroup. Then, any new files created will inherit thisgroup membership. |
| 4678 |
</p> |
| 4679 |
|
| 4680 |
<table> |
| 4681 |
<tr> |
| 4682 |
<ti><c>chage</c></ti> |
| 4683 |
<ti> |
| 4684 |
The <c>chage</c> command is used to view and change the password aging |
| 4685 |
setting stored in <path>/etc/shadow</path>. |
| 4686 |
</ti> |
| 4687 |
</tr> |
| 4688 |
<tr> |
| 4689 |
<ti><c>gpasswd</c></ti> |
| 4690 |
<ti>A general-purpose group administration tool.</ti> |
| 4691 |
</tr> |
| 4692 |
<tr> |
| 4693 |
<ti><c>groupadd</c>/<c>groupdel</c>/<c>groupmod</c></ti> |
| 4694 |
<ti>Used to add/delete/modify groups in <path>/etc/group</path></ti> |
| 4695 |
</tr> |
| 4696 |
<tr> |
| 4697 |
<ti><c>useradd</c>/<c>userdel</c>/<c>usermod</c></ti> |
| 4698 |
<ti> |
| 4699 |
Used to add/delete/modify users in <path>/etc/passwd</path>. These commands |
| 4700 |
also perform various other convenience functions. See the man pages for |
| 4701 |
more information. |
| 4702 |
</ti> |
| 4703 |
</tr> |
| 4704 |
<tr> |
| 4705 |
<ti><c>pwconv</c>/<c>grpconv</c></ti> |
| 4706 |
<ti> |
| 4707 |
Used to convert <path>passwd</path> and <path>group</path> files to |
| 4708 |
"new-style" shadow passwords. Virtually all Linux systems already use |
| 4709 |
shadow passwords, so you should never need to use these commands. |
| 4710 |
</ti> |
| 4711 |
</tr> |
| 4712 |
</table> |
| 4713 |
|
| 4714 |
</body> |
| 4715 |
</section> |
| 4716 |
</chapter> |
| 4717 |
|
| 4718 |
<chapter> |
| 4719 |
<title>Tuning the user environment</title> |
| 4720 |
<section> |
| 4721 |
<title>Introducing "fortune"</title> |
| 4722 |
<body> |
| 4723 |
|
| 4724 |
<p> |
| 4725 |
Your shell has many useful options that you can set to fit your personal |
| 4726 |
preferences. So far, however, we haven't discussed any way to have these |
| 4727 |
settings set up automatically every time you log in, except for re-typing them |
| 4728 |
each time. In this section we will look at tuning your login environment by |
| 4729 |
modifying startup files. |
| 4730 |
</p> |
| 4731 |
|
| 4732 |
<p> |
| 4733 |
First, let's add a friendly message for when you first log in. To see an |
| 4734 |
example message, run <c>fortune</c>: |
| 4735 |
</p> |
| 4736 |
|
| 4737 |
<pre caption="Running fortune command"> |
| 4738 |
$ <i>fortune</i> |
| 4739 |
No amount of careful planning will ever replace dumb luck. |
| 4740 |
</pre> |
| 4741 |
|
| 4742 |
</body> |
| 4743 |
</section> |
| 4744 |
<section> |
| 4745 |
<title>.bash_profile</title> |
| 4746 |
<body> |
| 4747 |
|
| 4748 |
<p> |
| 4749 |
Now, let's set up <c>fortune</c> so that it gets run every time you log in. Use |
| 4750 |
your favorite text editor to edit a file named <path>.bash_profile</path> in |
| 4751 |
your home directory. If the file doesn't exist already, go ahead and create it. |
| 4752 |
Insert a line at the top: |
| 4753 |
</p> |
| 4754 |
|
| 4755 |
<pre caption="~/.bash_profile"> |
| 4756 |
fortune |
| 4757 |
</pre> |
| 4758 |
|
| 4759 |
<p> |
| 4760 |
Try logging out and back in. Unless you're running a display manager like xdm, |
| 4761 |
gdm, or kdm, you should be greeted cheerfully when you log in: |
| 4762 |
</p> |
| 4763 |
|
| 4764 |
<pre caption="Results of fortune command in .bash_profile file"> |
| 4765 |
mycroft.flatmonk.org login: chouser |
| 4766 |
Password: |
| 4767 |
Freedom from incrustations of grime is contiguous to rectitude. |
| 4768 |
$ |
| 4769 |
</pre> |
| 4770 |
|
| 4771 |
</body> |
| 4772 |
</section> |
| 4773 |
<section> |
| 4774 |
<title>The login shell</title> |
| 4775 |
<body> |
| 4776 |
|
| 4777 |
<p> |
| 4778 |
When bash started, it walked through the <path>.bash_profile</path> file in |
| 4779 |
your home directory, running each line as though it had been typed at a bash |
| 4780 |
prompt. This is called sourcing the file. |
| 4781 |
</p> |
| 4782 |
|
| 4783 |
<p> |
| 4784 |
Bash acts somewhat differently depending on how it is started. If it is started |
| 4785 |
as a login shell, it will act as it did above -- first sourcing the system-wide |
| 4786 |
<path>/etc/profile</path>, and then your personal <path>~/.bash_profile</path>. |
| 4787 |
</p> |
| 4788 |
|
| 4789 |
<p> |
| 4790 |
There are two ways to tell bash to run as a login shell. One way is used when |
| 4791 |
you first log in: bash is started with a process name of -bash. You can see |
| 4792 |
this in your process listing: |
| 4793 |
</p> |
| 4794 |
|
| 4795 |
<pre caption="Process listing"> |
| 4796 |
$ <i>ps u</i> |
| 4797 |
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND |
| 4798 |
chouser 404 0.0 0.0 2508 156 tty2 S 2001 0:00 -bash |
| 4799 |
</pre> |
| 4800 |
|
| 4801 |
<p> |
| 4802 |
You will probably see a much longer listing, but you should have at least one |
| 4803 |
COMMAND with a dash before the name of your shell, like -bash in the example |
| 4804 |
above. This dash is used by the shell to determine if it's being run as a login |
| 4805 |
shell. |
| 4806 |
</p> |
| 4807 |
|
| 4808 |
</body> |
| 4809 |
</section> |
| 4810 |
<section> |
| 4811 |
<title>Understanding --login</title> |
| 4812 |
<body> |
| 4813 |
|
| 4814 |
<p> |
| 4815 |
The second way to tell bash to run as a login shell is with the <c>--login</c> |
| 4816 |
command-line option. This is sometimes used by terminal emulators (like xterm) |
| 4817 |
to make their bash sessions act like initial login sessions. |
| 4818 |
</p> |
| 4819 |
|
| 4820 |
<p> |
| 4821 |
After you have logged in, more copies of your shell will be run. Unless they |
| 4822 |
are started with <c>--login</c> or have a dash in the process name, these |
| 4823 |
sessions will not be login shells. If they give you a prompt, however, they are |
| 4824 |
called interactive shells. If bash is started as interactive, but not login, it |
| 4825 |
will ignore <path>/etc/profile</path> and <path>~/.bash_profile</path> and will |
| 4826 |
instead source <path>~/.bashrc</path>. |
| 4827 |
</p> |
| 4828 |
|
| 4829 |
<table> |
| 4830 |
<tr> |
| 4831 |
<th>interactive</th> |
| 4832 |
<th>login</th> |
| 4833 |
<th>profile</th> |
| 4834 |
<th>rc</th> |
| 4835 |
</tr> |
| 4836 |
<tr> |
| 4837 |
<ti>yes</ti> |
| 4838 |
<ti>yes</ti> |
| 4839 |
<ti>source</ti> |
| 4840 |
<ti>ignore</ti> |
| 4841 |
</tr> |
| 4842 |
<tr> |
| 4843 |
<ti>yes</ti> |
| 4844 |
<ti>no</ti> |
| 4845 |
<ti>ignore</ti> |
| 4846 |
<ti>source</ti> |
| 4847 |
</tr> |
| 4848 |
<tr> |
| 4849 |
<ti>no</ti> |
| 4850 |
<ti>yes</ti> |
| 4851 |
<ti>source</ti> |
| 4852 |
<ti>ignore</ti> |
| 4853 |
</tr> |
| 4854 |
<tr> |
| 4855 |
<ti>no</ti> |
| 4856 |
<ti>no</ti> |
| 4857 |
<ti>ignore</ti> |
| 4858 |
<ti>ignore</ti> |
| 4859 |
</tr> |
| 4860 |
</table> |
| 4861 |
|
| 4862 |
</body> |
| 4863 |
</section> |
| 4864 |
<section> |
| 4865 |
<title>Testing for interactivity</title> |
| 4866 |
<body> |
| 4867 |
|
| 4868 |
<p> |
| 4869 |
Sometimes bash sources your <path>~/.bashrc</path>, even though it isn't really |
| 4870 |
interactive, such as when using commands like rsh and scp. This is important to |
| 4871 |
keep in mind because printing out text, like we did with the fortune command |
| 4872 |
earlier, can really mess up these non-interactive bash sessions. It's a good |
| 4873 |
idea to use the PS1 variable to detect whether the current shell is truly |
| 4874 |
interactive before printing text from a startup file: |
| 4875 |
</p> |
| 4876 |
|
| 4877 |
<pre caption="Testing PS1 varibale"> |
| 4878 |
if [ -n "$PS1" ]; then |
| 4879 |
fortune |
| 4880 |
fi |
| 4881 |
</pre> |
| 4882 |
|
| 4883 |
</body> |
| 4884 |
</section> |
| 4885 |
<section> |
| 4886 |
<title>/etc/profile and /etc/skel</title> |
| 4887 |
<body> |
| 4888 |
|
| 4889 |
<p> |
| 4890 |
As a system administrator, you are in charge of <path>/etc/profile</path>. |
| 4891 |
Since it is sourced by everyone when they first log in, it is important to keep |
| 4892 |
it in working order. It is also a powerful tool in making things work correctly |
| 4893 |
for new users as soon as they log into their new account. |
| 4894 |
</p> |
| 4895 |
|
| 4896 |
<p> |
| 4897 |
However, there are some settings that you may want new users to have as |
| 4898 |
defaults, but also allow them to change easily. This is where the |
| 4899 |
<path>/etc/skel</path> directory comes in. When you use the <c>useradd</c> |
| 4900 |
command to create a new user account, it copies all the files from |
| 4901 |
<path>/etc/skel</path> into the user's new home directory. That means you can |
| 4902 |
put helpful <path>.bash_profile</path> and <path>.bashrc</path> files in |
| 4903 |
<path>/etc/skel</path> to get new users off to a good start. |
| 4904 |
</p> |
| 4905 |
|
| 4906 |
</body> |
| 4907 |
</section> |
| 4908 |
<section> |
| 4909 |
<title>export</title> |
| 4910 |
<body> |
| 4911 |
|
| 4912 |
<p> |
| 4913 |
Variables in bash can be marked so that they are set the same in any new shells |
| 4914 |
that it starts; this is called being marked for export. You can have bash list |
| 4915 |
all of the variables that are currently marked for export in your shell |
| 4916 |
session: |
| 4917 |
</p> |
| 4918 |
|
| 4919 |
<pre caption="results of export command"> |
| 4920 |
$ <i>export</i> |
| 4921 |
declare -x EDITOR="vim" |
| 4922 |
declare -x HOME="/home/chouser" |
| 4923 |
declare -x MAIL="/var/spool/mail/chouser" |
| 4924 |
declare -x PAGER="/usr/bin/less" |
| 4925 |
declare -x PATH="/bin:/usr/bin:/usr/local/bin:/home/chouser/bin" |
| 4926 |
declare -x PWD="/home/chouser" |
| 4927 |
declare -x TERM="xterm" |
| 4928 |
declare -x USER="chouser" |
| 4929 |
</pre> |
| 4930 |
|
| 4931 |
</body> |
| 4932 |
</section> |
| 4933 |
<section> |
| 4934 |
<title>Marking variables for export</title> |
| 4935 |
<body> |
| 4936 |
|
| 4937 |
<p> |
| 4938 |
If a variable is not marked for export, any new shells that it starts will not |
| 4939 |
have that variable set. However, you can mark a variable for export by passing |
| 4940 |
it to the <c>export</c> built-in: |
| 4941 |
</p> |
| 4942 |
|
| 4943 |
<pre caption="Marking variable for export"> |
| 4944 |
$ <i>FOO=foo</i> |
| 4945 |
$ <i>BAR=bar</i> |
| 4946 |
$ <i>export BAR</i> |
| 4947 |
$ <i>echo $FOO $BAR</i> |
| 4948 |
foo bar |
| 4949 |
$ <i>bash</i> |
| 4950 |
$ <i>echo $FOO $BAR</i> |
| 4951 |
bar |
| 4952 |
</pre> |
| 4953 |
|
| 4954 |
<p> |
| 4955 |
In this example, the variables FOO and BAR were both set, but only BAR was |
| 4956 |
marked for export. When a new bash was started, it had lost the value for FOO. |
| 4957 |
If you exit this new bash, you can see that the original one still has values |
| 4958 |
for both FOO and BAR: |
| 4959 |
</p> |
| 4960 |
|
| 4961 |
<pre caption="Checking settings in original bash"> |
| 4962 |
$ <i>exit</i> |
| 4963 |
$ <i>echo $FOO $BAR</i> |
| 4964 |
foo bar |
| 4965 |
</pre> |
| 4966 |
|
| 4967 |
</body> |
| 4968 |
</section> |
| 4969 |
<section> |
| 4970 |
<title>Export and set -x</title> |
| 4971 |
<body> |
| 4972 |
|
| 4973 |
<p> |
| 4974 |
Because of this behavior, variables can be set in <path>~/.bash_profile</path> |
| 4975 |
or <path>/etc/profile</path> and marked for export, and then never need to be |
| 4976 |
set again. There are some options that cannot be exported, however, and so they |
| 4977 |
must be put in put in your <path>~/.bashrc</path> and your <e>profile</e> in |
| 4978 |
order to be set consistently. These options are adjusted with the set built-in: |
| 4979 |
</p> |
| 4980 |
|
| 4981 |
<pre caption="Using set command"> |
| 4982 |
$ <i>set -x</i> |
| 4983 |
</pre> |
| 4984 |
|
| 4985 |
<p> |
| 4986 |
The <c>-x</c> option causes bash to print out each command it is about to run: |
| 4987 |
</p> |
| 4988 |
|
| 4989 |
<pre caption="Checking results of -x option"> |
| 4990 |
$ <i>echo $FOO</i> |
| 4991 |
$ <i>echo foo</i> |
| 4992 |
foo |
| 4993 |
</pre> |
| 4994 |
|
| 4995 |
<p> |
| 4996 |
This can be very useful for understanding unexpected quoting behavior or |
| 4997 |
similar strangeness. To turn off the <c>-x</c> option, do <c>set +x</c>. See |
| 4998 |
the bash man page for all of the options to the set built-in. |
| 4999 |
</p> |
| 5000 |
|
| 5001 |
</body> |
| 5002 |
</section> |
| 5003 |
<section> |
| 5004 |
<title>Setting variables with "set"</title> |
| 5005 |
<body> |
| 5006 |
|
| 5007 |
<p> |
| 5008 |
The <c>set</c> built-in can also be used for setting variables, but when used |
| 5009 |
that way, it is optional. The bash command <c>set FOO=foo</c> means exactly the |
| 5010 |
same as <c>FOO=foo</c>. Un-setting a variable is done with the <c>unset</c> |
| 5011 |
built-in: |
| 5012 |
</p> |
| 5013 |
|
| 5014 |
<pre caption="Un-setting variable"> |
| 5015 |
$ <i>FOO=bar</i> |
| 5016 |
$ <i>echo $FOO</i> |
| 5017 |
bar |
| 5018 |
$ <i>unset FOO</i> |
| 5019 |
$ <i>echo $FOO</i> |
| 5020 |
</pre> |
| 5021 |
|
| 5022 |
</body> |
| 5023 |
</section> |
| 5024 |
<section> |
| 5025 |
<title>Unset vs. FOO=</title> |
| 5026 |
<body> |
| 5027 |
|
| 5028 |
<p> |
| 5029 |
This is <e>not</e> the same as setting a variable to nothing, although it is |
| 5030 |
sometimes hard to tell the difference. One way to tell is to use the <c>set</c> |
| 5031 |
built-in with no parameters to list all current variables: |
| 5032 |
</p> |
| 5033 |
|
| 5034 |
<pre caption="Comparison of unset and FOO="> |
| 5035 |
$ <i>FOO=bar</i> |
| 5036 |
$ <i>set | grep ^FOO</i> |
| 5037 |
FOO=bar |
| 5038 |
$ <i>FOO=</i> |
| 5039 |
$ <i>set | grep ^FOO</i> |
| 5040 |
FOO= |
| 5041 |
$ <i>unset FOO</i> |
| 5042 |
$ <i>set | grep ^FOO</i> |
| 5043 |
</pre> |
| 5044 |
|
| 5045 |
<p> |
| 5046 |
Using <c>set</c> with no parameters like this is similar to using the |
| 5047 |
<c>export</c> built-in, except that <c>set</c> lists all variables instead of |
| 5048 |
just those marked for export. |
| 5049 |
</p> |
| 5050 |
|
| 5051 |
</body> |
| 5052 |
</section> |
| 5053 |
<section> |
| 5054 |
<title>Exporting to change command behavior</title> |
| 5055 |
<body> |
| 5056 |
|
| 5057 |
<p> |
| 5058 |
Often, the behavior of commands can be altered by setting environment |
| 5059 |
variables. Just as with new bash sessions, other programs that are started from |
| 5060 |
your bash prompt will only be able to see variables that are marked for export. |
| 5061 |
For example, the command <c>man</c> checks the variable PAGER to see what |
| 5062 |
program to use to step through the text one page at a time. |
| 5063 |
</p> |
| 5064 |
|
| 5065 |
<pre caption="Exporting PAGER variable"> |
| 5066 |
$ <i>PAGER=less</i> |
| 5067 |
$ <i>export PAGER</i> |
| 5068 |
$ <i>man man</i> |
| 5069 |
</pre> |
| 5070 |
|
| 5071 |
<p> |
| 5072 |
With PAGER set to <c>less</c>, you will see one page at a time, and pressing |
| 5073 |
the space bar moves on to the next page. If you change PAGER to <c>cat</c>, the |
| 5074 |
text will be displayed all at once, without stopping. |
| 5075 |
</p> |
| 5076 |
|
| 5077 |
<pre caption="Setting PAGER variable to cat"> |
| 5078 |
$ <i>PAGER=cat</i> |
| 5079 |
$ <i>man man</i> |
| 5080 |
</pre> |
| 5081 |
|
| 5082 |
</body> |
| 5083 |
</section> |
| 5084 |
<section> |
| 5085 |
<title>Using "env"</title> |
| 5086 |
<body> |
| 5087 |
|
| 5088 |
<p> |
| 5089 |
Unfortunately, if you forget to set PAGER back to <c>less</c>, <c>man</c> (as |
| 5090 |
well as some other commands) will continue to display all their text without |
| 5091 |
stopping. If you wanted to have PAGER set to <c>cat</c> just once, you could |
| 5092 |
use the <c>env</c> command: |
| 5093 |
</p> |
| 5094 |
|
| 5095 |
<pre caption="Using env command to set variable"> |
| 5096 |
$ <i>PAGER=less</i> |
| 5097 |
$ <i>env PAGER=cat man man</i> |
| 5098 |
$ <i>echo $PAGER</i> |
| 5099 |
less |
| 5100 |
</pre> |
| 5101 |
|
| 5102 |
<p> |
| 5103 |
This time, PAGER was exported to <c>man</c> with a value of <c>cat</c>, but the |
| 5104 |
PAGER variable itself remained unchanged in the bash session. |
| 5105 |
</p> |
| 5106 |
|
| 5107 |
</body> |
| 5108 |
</section> |
| 5109 |
</chapter> |
| 5110 |
|
| 5111 |
<chapter> |
| 5112 |
<title>Summary and resources</title> |
| 5113 |
<section> |
| 5114 |
<title>Summary</title> |
| 5115 |
<body> |
| 5116 |
|
| 5117 |
<p> |
| 5118 |
Congratulations on finishing Part 3 of this tutorial series! At this point, you |
| 5119 |
should know how to locate information in system and Internet documentation, and |
| 5120 |
you should have a good grasp of the Linux permissions model, user account |
| 5121 |
management, and login environment tuning. |
| 5122 |
</p> |
| 5123 |
|
| 5124 |
</body> |
| 5125 |
</section> |
| 5126 |
<section id="resources"> |
| 5127 |
<title>Resources</title> |
| 5128 |
<body> |
| 5129 |
|
| 5130 |
<p> |
| 5131 |
Be sure to check out the various Linux documentation resources covered in this |
| 5132 |
tutorial -- particularly the <uri link="http://www.tldp.org/">Linux |
| 5133 |
Documentation Project</uri>. You'll find its collection of guides, HOWTOs, |
| 5134 |
FAQs, and man pages to be invaluable. Be sure to check out <uri |
| 5135 |
link="http://www.tldp.org/LDP/LG/current/">Linux Gazette</uri> and <uri |
| 5136 |
link="http://www.tldp.org/linuxfocus/index.html">LinuxFocus</uri> as well. |
| 5137 |
</p> |
| 5138 |
|
| 5139 |
<p> |
| 5140 |
The <uri link="http://www.tldp.org/guides.html">Linux System Administrators |
| 5141 |
guide</uri> (available from the "Guides" section at www.tldp.org) is a good |
| 5142 |
complement to this series of tutorials -- give it a read! You may also find |
| 5143 |
Eric S. Raymond's <uri |
| 5144 |
link="http://www.tldp.org/HOWTO/Unix-and-Internet-Fundamentals-HOWTO/">Unix and |
| 5145 |
Internet Fundamentals HOWTO</uri> to be helpful. |
| 5146 |
</p> |
| 5147 |
|
| 5148 |
<p> |
| 5149 |
You can read the GNU Project's online documentation for the GNU info system |
| 5150 |
(also called "texinfo") at <uri |
| 5151 |
link="http://www.gnu.org/manual/texinfo/index.html">GNU's texinfo documentation |
| 5152 |
page</uri>. |
| 5153 |
</p> |
| 5154 |
|
| 5155 |
<p> |
| 5156 |
Browse the <uri link="http://www.tldp.org/links/#ng">Linux newsgroup list</uri> |
| 5157 |
on the LDP site, and the newsgroup archives at <uri |
| 5158 |
link="http://groups.google.com/googlegroups/deja_announcement.html">Deja |
| 5159 |
News</uri>. |
| 5160 |
</p> |
| 5161 |
|
| 5162 |
<p> |
| 5163 |
In the Bash by example article series on developerWorks, Daniel shows you how |
| 5164 |
to use bash programming constructs to write your own bash scripts. This bash |
| 5165 |
series (particularly Parts 1 and 2) is good preparation for the LPIC Level 1 |
| 5166 |
exam and reinforces the concepts covered in this tutorial's "Tuning the user |
| 5167 |
environment" section: |
| 5168 |
</p> |
| 5169 |
|
| 5170 |
<ul> |
| 5171 |
<li> |
| 5172 |
<uri link="/doc/en/articles/bash-by-example-p1.xml">Bash by example, Part |
| 5173 |
1: Fundamental programming in the Bourne-again shell</uri> |
| 5174 |
</li> |
| 5175 |
<li> |
| 5176 |
<uri link="/doc/en/articles/bash-by-example-p2.xml">Bash by example, Part |
| 5177 |
2: More bash programming fundamentals</uri> |
| 5178 |
</li> |
| 5179 |
<li> |
| 5180 |
<uri link="/doc/en/articles/bash-by-example-p3.xml">Bash by example, Part |
| 5181 |
3: Exploring the ebuild system.</uri> |
| 5182 |
</li> |
| 5183 |
</ul> |
| 5184 |
|
| 5185 |
<p> |
| 5186 |
We highly recommend the <uri |
| 5187 |
link="http://www-106.ibm.com/developerworks/linux/library/l-faq/">Technical FAQ |
| 5188 |
by Linux Users</uri> by Mark Chapman, a 50-page in-depth list of |
| 5189 |
frequently-asked Linux questions, along with detailed answers. The FAQ itself |
| 5190 |
is in PDF (Adobe Acrobat) format. If you're a beginning or intermediate Linux |
| 5191 |
user, you really owe it to yourself to check this FAQ out. We also recommend |
| 5192 |
the <uri |
| 5193 |
link="http://www-106.ibm.com/developerworks/linux/library/l-gloss/index.html">Linux |
| 5194 |
glossary for Linux users</uri>, also from Mark. |
| 5195 |
</p> |
| 5196 |
|
| 5197 |
<p> |
| 5198 |
If you're not familiar with the vi editor, check out Daniel's <uri |
| 5199 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxvi-i.html">Vi intro |
| 5200 |
-- the cheat sheet method tutorial</uri>. This tutorial will give you a gentle |
| 5201 |
yet fast-paced introduction to this powerful text editor. Consider this |
| 5202 |
must-read material if you don't know how to use vi. |
| 5203 |
</p> |
| 5204 |
|
| 5205 |
<p> |
| 5206 |
For an intro to the Emacs editor, see the developerWorks tutorial, <uri |
| 5207 |
link="http://www-106.ibm.com/developerworks/edu/l-dw-linuxemacs-i.html">Living |
| 5208 |
in Emacs</uri>. |
| 5209 |
</p> |
| 5210 |
|
| 5211 |
</body> |
| 5212 |
</section> |
| 5213 |
<section> |
| 5214 |
<title>Feedback</title> |
| 5215 |
<body> |
| 5216 |
|
| 5217 |
<p> |
| 5218 |
Please let us know whether this tutorial was helpful to you and how we could |
| 5219 |
make it better. We'd also like to hear about other tutorial topics you'd like |
| 5220 |
to see covered in developerWorks tutorials. |
| 5221 |
</p> |
| 5222 |
|
| 5223 |
<p> |
| 5224 |
For questions about the content of this tutorial, contact the authors: |
| 5225 |
</p> |
| 5226 |
|
| 5227 |
<ul> |
| 5228 |
<li>Daniel Robbins, at <mail>drobbins@g.o</mail></li> |
| 5229 |
<li>Chris Houser, at <mail>chouser@g.o</mail></li> |
| 5230 |
<li>Aron Griffis, at <mail>agriffis@g.o</mail>.</li> |
| 5231 |
</ul> |
| 5232 |
|
| 5233 |
</body> |
| 5234 |
</section> |
| 5235 |
</chapter> |
| 5236 |
</guide> |
| 5237 |
|
| 5238 |
|
| 5239 |
|
| 5240 |
-- |
| 5241 |
gentoo-doc-cvs@g.o mailing list |
Archives