General Admin - the Tao of Linux/Unix administration

• Do a minimal OS install
• Use RCS! You will never be able to keep tabs on the really relevant adjustments if you don't snapshot configuration files before you change them.
• Keep notes about system state in /root, and use RCS to provide a change trail
  general notes
  chkconfig --list
  crontab -l
  rpm -qa
  ... and other system wide state
• Do create a crontab that dumps df -lh and ls -lh /var/spool/mail to a mail address you monitor regularly.
• View/purge root mail before it's mail spool gets bigger than a few MBytes. It is better to have a small root mail spool that can be easily opened and read than to have a gianormous one that may be difficult to open when system is under stress.

Text Editing - Use vi!

GRUB

# chroot /mnt/sysimage
# /sbin/grub-install /dev/hda

Making a CD

Recently kernel and accoiated boot files are now too big to fit on a floppy! How do you create an emergency boot media then?

# uname -a
Linux linuxdv2 2.4.22-1.2114.nptlsmp #1 SMP ...
# mkbootdisk --device /root/boot.iso 2.4.22-1.2115.nptlsmp -v --iso
 ...

Now use a CD burning package create bootable CD from iso file

LILO

Most computers decide how to boot by looking at a magic spot on the default hard drive. This magic spot is excluded from hard partiiotning and file system formatting. This magic spot is called the MBR (Master Boot Record).

lilois a Linux tool for writing boot instructions to the MBR. There are other tools by Microsoft and alternatives to lilo for Linux for writing to the MBR, but they essentially do nothing more than what lilo does (more about that later). As of this writing the latest lilo handles modern BIOS's that can see past 8 GBytes (see Hard Disks and Linux for more about this). If you happen to be using an older lilo, you will need to make sure any bootable partitions start below the 8 GByte threshold.

Since the MBR is read every time a system boots, you only need to run lilo if you want to change how a system boots. Before you run lilo you need to make sure a valid /etc/lilo.conf exists.

Basic /etc/lilo.conf boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=50 message=/boot/message lba32 default=linux image=/boot/vmlinuz-2.4.2-2 label=linux read-only root=/dev/hda2 other=/dev/hda1 optional label=dos

Funky /etc/lilo.conf boot=/dev/fd0 map=/boot/map install=/boot/boot.b #prompt #timeout=50 #message=/boot/message lba32 default=linux image=/boot/vmlinuz-2.4.2-2 label=linux vga=835 # vga=835 24 bit (e.g. Compaq Presario 1800T) # vga-834 16 bit read-only root=/dev/hda2 other=/dev/hda1 optional label=dos

The Basic listing above will prepare lilo to overwrite the MBR on /dev/hda (the first IDE hard drive) with the specified boot instructions. To run lilo you need to be root. Warning - running lilo will overwrite any existing booting instructions in the MBR (more on how to restore altnative boot loaders later). If you are ready to give it a go ...

# /sbin/lilo
Added linux *
Added dos

Bang! You you just overwrote the MBR /dev/hda. If you reboot (and no floppy, cdrom, or other device is bootable) you will see your new boot sequence execute.

The Funky listing above disables the pause and prompt before launching the OS after boot. The vga=835 will boot with the console in framebuffer mode - which looks like a super wide and tall console (like you would see on a Sun or high end Unix box). The boot=/dev/fd0 is for making a boot floppy - sort of.

Making a Boot Floppy

Using the Funky /etc/lilo.conf listed above and running /sbin/lilo is a no frills ways to make a boot floppy. Warning, floppy disks don't have a magic MBR area, they just use the raw data area for boot instructions. This means that lilo will obliterate any file system on the floppy, but now the floppy can be used to boot the system (which is handy if the MBR on the hard disk gets wacked).

Some distros have a mkbootdisk command. This is probably a better way to create a boot floppy. This will add an actual kernel to the floppy and some other neat stuff.

# uname -a
Linux localhost.localdomain 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown
# mkbootdisk 2.4.2-2 /dev/fd0

Neat Floppy Boot Tricks

Lets say your MBR got wiped and you didn't make a boot floppy for the system. You can use a boot floppy from another system, or even the install CD for many distros to get to a boot: prompt. If you remember the partition that has a bootable OS you can punt manually ... boot: linux root=/dev/hda2 single initrd= (where hda2 is root partition, initrd will bypass boot cd installer, single - um well just because) After boot edit /etc/lilo.conf and run lilo, or try your hand at running mkbootdisk

Related ... Boot CD Elsewhere ... Rescue boot from a RedHat CD

Microsoft Boot Loaders

Windows NT and more recently Windows 2000 have their own MBR boot tools. When these OS's install, they overwrite the MBR with their own boot instructions. If you want to to enable their boot loader to offer an option for boot to your Linux partition you need to

1. Make a boot floppy with lilo (see Funky /etc/lilo.conf above)
2. Extract the boot instructions from the first part of the floppy raw data area into a file

   # dd if=/dev/fd0 of=bootsect.red bs=512 count=1

3. Copy that file to the Windows main boot partition,
4. Add an entry to BOOT.INI that points to this file with a label that its for launching Linux.

   [boot loader]
   timeout=30
   default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
   [operating systems]
   multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows 2000 Advanced Server" /fastdetect
   C:\bootsect.red="RedHat Linux: hda2"

5. After a boot, can peek at what boot arguments were used

   $ cat /proc/cmdline

The reason a floppy was used above was so the MBR on the primary boot hardisk isn't disturbed. If you don't mind overwriting the MBR, you could have LILO use /dev/hda instead of /dev/fd0 . But since you are trying to get the NT boot loader to launch Linux, overwriting the MBR would mean you would have to reinstall the NT boot loader. Messy, but if you have a flakey floppy disk or other reason it is possible.

More ...
Linux & NT/W2000
Linux & Windows 9X

Hard Disks and Linux

# fdisk -l

  Disk /dev/sda: 18.2 GB, 18210036736 bytes
  255 heads, 63 sectors/track, 2213 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sda1   *           1          33      265041   83  Linux
  /dev/sda2              34          98      522112+  82  Linux swap / Solaris
  /dev/sda3              99        2213    16988737+  83  Linux

  Disk /dev/sdb: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdb1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sdc: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdc1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sdd: 36.4 GB, 36420075008 bytes
  255 heads, 63 sectors/track, 4427 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdd1               1        4427    35559846   8e  Linux LVM

  Disk /dev/sde: 123.5 GB, 123522417152 bytes
  255 heads, 63 sectors/track, 15017 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sde1   *           1       15017   120624021    7  HPFS/NTFS

# df -ha

  Filesystem            Size  Used Avail Use% Mounted on
  /dev/sda3              16G  1.7G   14G  11% /
  /dev/proc                0     0     0   -  /proc
  /dev/sys                 0     0     0   -  /sys
  /dev/devpts              0     0     0   -  /dev/pts
  /dev/sda1             251M  9.5M  229M   4% /boot
  /dev/shm              252M     0  252M   0% /dev/shm
  /dev/mapper/vg1-lvpublic
                         99G   74G   20G  79% /public
  none                     0     0     0   -  /proc/sys/fs/binfmt_misc
  sunrpc                   0     0     0   -  /var/lib/nfs/rpc_pipefs
  automount(pid1733)       0     0     0   -  /net
  nfsd                     0     0     0   -  /proc/fs/nfsd
  /public/new/hagrid_root.iso
                        7.9G  3.1G  4.4G  42% /mnt/h0

Beware that fdisk may show conflicting disk size information. The following fdisk reports 500.1 GBytes, but actually holds only 465.7 GBytes = 500107862016 / 1024G / 1024M /1024K .

# fdisk -l

  Disk /dev/sda: 500.1 GB, 500107862016 bytes
  255 heads, 63 sectors/track, 60801 cylinders
  Units = cylinders of 16065 * 512 = 8225280 bytes

     Device Boot      Start         End      Blocks   Id  System
  /dev/sda1   *           1       60801   488384001    c  W95 FAT32 (LBA)

With fdisk you can use the P command to show a partition summary. Use D to delete a partition, and N to create one. Use T to respecify partition type.

You might notice that the first partition is named something like hda1 (for first IDE drive). You can have four partitions per disk. In an extended partition you can create logical partitions. The first logical partition will be something like hda5 (for first IDE drive). The /dev directory on root shows all the poosible names for devices and their partitions.

Drives formatted on Sparc systems and/or formatted natively under Solaris use a peculiar partioning scheme. In some cases it may be necessary to obliterate the partition table using badblock write mode option before partitioning it with fdisk. Symptoms of this are inexplicable mkfs errors.

Hard Disk Formatting

Use mkfs thusly ...

mkfs -t [file system] /dev/[partition]

ext2 is the file system used most with Linux. msdos and other alternative formats can be specified fi you like.

Whoa! Huge Disks and Linux

Command (m for help): p

Disk /dev/hda: 247 heads, 228 sectors, 22505 cylinders
Units = cylinders of 56316 * 512 bytes

   Device Boot    Start       End    Blocks   Id  System
/dev/hda1             1       452  12714880+   5  Extended
Partition 1 does not end on cylinder boundary:
     phys=(1023, 15, 63) should be (1023, 246, 228)
/dev/hda5             1       452  12714849   83  Linux

Note: there appears to be a limitation in most distributions such that the root partition must be within the first 8 GBytes.

The Art of Disk Mounting

Here's an example of a command to mount an IDE partition ...

mount -t ext2 /dev/hdb2 /mnt/secoundIDEpartition2

The directory /mnt/secoundIDEpartition2 needs to be created before the mount command is given. The same partition can be unmounted thusly ...

umount /dev/hdb2

To have partitions mounted during bootup edit /etc/fstab. Here's a sample fstab file I edited ...

/dev/sda1       /               ext2    defaults        1 1
/dev/sda2       swap            swap    defaults        0 0
/dev/fd0        /mnt/floppy     ext2    noauto          0 0
/dev/cdrom      /mnt/cdrom      iso9660 noauto,ro       0 0
none            /proc           proc    defaults        0 0
/dev/hda1       /mnt/tempdisk   ext2    defaults        1 2

Note the 1 2 flags on /dev/hda1 . Its a good idea to peruse man fstab before adding entries to this file. For the most part find a line similar to what you want, copy it, and tweak for you purpose.

Miscellanious Mount Hints

mount -t vfat /partition/xp_share /mount_point

File System/Partition Checking

Generally file system integrity is checked automatically. However, for additional disk partitions you have created and for other reasons you may wish to know how to do this. Use fsck /dev/[partition] . Note, it is dangerous to fsck a partition that is mounted. If possible, unmount it first before fsck'ing it.

 

Partition / File System Labels More recent version of Linux use a more sophisticated technique for declaring how a given partion should be mounted. A file system volume label can be written to the a given partition, then when mounting occurs, the mount location can be derived from the file system itself. Paradoxically, the volume label is often the same as the mount destination so the extra abstraction may seem a bit overwrought over simple specifying the raw mount location during mount time. However, it can help from 'accidentally' mounting the wrong partition. A hypothetical example is accidentally specifying a root partition as a tmp partition during a freak boot, the root parition could be wiped if it didn't have a disk label saying it was something other than /tmp. # mkfs.ext3 -L /tmp /dev/sda5 ... # e2label /dev/sda5 /tmp Elsewhere FedoraNEWS.ORG RedHat 7.3 Manual (old)

# tune2fs -l /dev/sda1 tune2fs 1.35 (28-Feb-2004) Filesystem volume name: /boot Last mounted on: Filesystem UUID: 05509a4a-7ba5-4412-a61b-31a09b7257dc Filesystem magic number: 0xEF53 Filesystem revision #: 1 (dynamic) Filesystem features: ext_attr resize_inode filetype sparse_super Default mount options: (none) Filesystem state: not clean Errors behavior: Continue Filesystem OS type: Linux Inode count: 66264 Block count: 265040 Reserved block count: 13252 Free blocks: 249058 Free inodes: 66226 First block: 1 Block size: 1024 Fragment size: 1024 Blocks per group: 8192 Fragments per group: 8192 Inodes per group: 2008 Inode blocks per group: 251 Filesystem created: Thu Apr 27 17:48:41 2006 Last mount time: Wed May 3 16:32:18 2006 Last write time: Wed May 3 16:32:18 2006 Mount count: 2 Maximum mount count: 25 Last checked: Wed May 3 11:51:55 2006 Check interval: 15552000 (6 months) Next check after: Mon Oct 30 10:51:55 2006 Reserved blocks uid: 0 (user root) Reserved blocks gid: 0 (group root) First inode: 11 Inode size: 128 Default directory hash: tea Directory Hash Seed: 33dc61c3-0da3-4d03-beca-1f169b9aeb93

iSCSI

Can install from a SCSI CD, but can't mount it once Linux is installed

Try this, as root:

rm /dev/cdrom
rm /dev/scd0
cd /dev
./MAKEDEV scd0
ln -s scd0 cdrom

SCSI Tape Devices

# up2date -du mt-st --nosig

# rpm -qf /bin/mt

# su -

# mt -f /dev/st0 tell

# mt -f /dev/st0 status

# mt -f /dev/st0 rewind

# tar -cvf /dev/st0 *

# mt -f /dev/st0 rewind

Table of contents
# tar -ztvf /dev/st0

# tar -zxvf /dev/st0 /.../...

Logical Volume Manager (LVM)

# fdisk /dev/hda
[ create /dev/hda4 as a Linux LVM partition ]
n
4
...
t
8e (Linux LVM)

# vgscan
... builds/populates /etc/lvmtab

# Low-level format partition for LVM
# pvcreate /dev/hda4
...

# vgcreate vg1 /dev/hda4
create

# vgchange -a n vg1 
deactivate

# vgchange -a y vg1 
activate

# vgchange -a n vg1 
deactivate

# vgremove vg1
remove
 
# vgcreate -s 16k vg1 /dev/hda4
create 16k PE size 

# mkdir /mnt/lv1

# lvcreate -L 100M -n lv1 vg1

# mkfs -t ext2 /dev/vg1/lv1
...

# mount /dev/vg1/lv1 /mnt/lv1
...

# lsof +D /mnt/lv1

# umount /mnt/lv1

# lvextend -L +10m /dev/vg1/lv1 /dev/hda4

# e2fsck -f /dev/vg1/lv1

# resize2fs /dev/vg1/lv1

# mount /mnt/lv1

# e2fsadm -L +20m /dev/vg1/lv1
[ no live mount error ]

# umount /mnt/lv1
...

# e2fsadm -L +20m /dev/vg1/lv1
...

# mount /mnt/lv1

Elsewhere
e2fsadm

Dump, Restore

cdrecord

$ cdrecord -scanbus
  ...

$ # -v          verbose
$ # -eject      eject cd after burn completes
$ # dev=6,0     use the drive ID you see reported from cdrecord -scanbus
$ # foobar.iso  a prepared cd image ready for burning directly to disc
$ cdrecord -v -eject dev=6,0 foobar.iso
  ... watch and wait ...

dd tricks

Creating a CD iso. The source partition can't be mounted during the process.

# dd if=/dev/cdrom of=cd.iso

Mounting a phantom device from CD iso file

# mount -o loop /public/new/hagrid_root.iso /mnt/h0

# ls /mnt/h0/
  bin   dev  home    lib         misc  opt   public  sbin  tmp  var
  boot  etc  initrd  lost+found  mnt   proc  root    sys   usr

# df -lh
  Filesystem            Size  Used Avail Use% Mounted on
  /dev/sda3              16G  1.7G   14G  11% /
  /dev/sda1             251M  9.5M  229M   4% /boot
  /dev/shm              252M     0  252M   0% /dev/shm
  /dev/mapper/vg1-lvpublic
                         99G   74G   20G  79% /public
  /public/new/hagrid_root.iso
                        7.9G  3.1G  4.4G  42% /mnt/h0

The Art of Dual Booting Linux and Windows9X
On most systems it should be possible install both Linux and Windows9X. A prompt after boot is used to select which OS, and if nothing is entered after a few seconds a default selection is made.

If you decide to setup a system to dual-boot, make sure it has NO IMPORTANT DATA ON IT! Also, prepare for complications and DON'T RUSH! It is very easy to miss a critical step and have go back and redo a lot of work.

Steps

• Linux FDISK
  • Create 2 primary partions:
    1. BOOT, about 10 MBytes in size. This will be used later for LILO which will run before any OS can boot
    2. WINDOWS, about 50% of harddisk
    3. Leave remaing 50% of disk unpartitioned
• Windows9X FDISK, Install
  • Replace 2nd partition
    1. Delete 2nd partition
    2. Create 2nd partition, about 50% of harddisk
    3. Make 2nd partion active
    4. Reboot
  • Format C: (if necesary)
  • Install Windows9X from CD or from copied install files on C: . Note, Windows install will overwrite the MBR after the 2nd or 3rd reboot. Make sure it has been rebooted enough times so that this doesn't happen again once the Linux installation occurs next
• Linux FDISK, Install
  • Create 3rd partition
    1. Create a 3rd extended partition using remaining 50% of disk
       
    2. Create logical swap partition in extended partiion 128-512 MBytes aproximately
       
    3. Create logical root partition using all remaining extended partition
       
  • Install Linux using
    /boot for 1st partiotn
    SWAP in lesser partition of extended partition
    /root in remaining partition in extended partition

X Windows Tips

kdmrc - enabling root login from X login screen

AllowRootLogin=true

Xconfigurator - once Linux is booting to a login prompt on a system's default video device, Xconfigurator is the command to attempt to configure it for the X Windows graphics environment. Its best to know what your graphics card/chip and monitor capabilites are before running this. If you succeed in having it detect your graphics capability, it is highly recomended that you decline having graphics enabled on bootup. Instead stay with text only login and use startx to bring up the graphics on demand. This will reduce headaches significantly if and when your graphics capabilities inevitably change.

startx - some handy tidbits ...

startx -- -bpp 16

Ctrl Alt Bksp will force X to exit. This is handy if an app crashes or otherwise renders an X Windows session unusable

Also, don't forget that on many systems Ctrl Alt + and Ctrl Alt - will switch between screen resolutions of the same color depth

Configuring X Windows Desktop Environments (DE) - Gnome, Afterstep, FWM, KDE, ...
On some distributions (notably RedHat 6.1) even when KDE Workstation is selected during installation X Windows still launches the Gnome DE (as indicated by the stupid enlightenment initializer, retched over stylized poseur foot print logo, and gianormous precious space wasting icons at the bottom of the screen ... puff puff, rant off). To have a different DE, check for and create if necessary a desktop file in /etc/sysconfig. Edit this file and place KDE as the only text in it. To get Another Level or other non-Gnome DE ... peruse the system files that man startx references.

inittab - disabling X Windows at boot
Changing /etc/inittab initdefault value next will change the runlevel entered after the next reboot.

...
# Default runlevel. The runlevels used by RHS are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
# 
id:3:initdefault:
...

Autoconf - configure make install

Here's a quick overview of the peculiar command sequence many Linux apps use to install themselves:

Basic $ ./configure --help $ ./configure $ make $ make install

Funky (Should automake be run before autoconf?) $ autoconf $ automake (Makefile.am -> Makefile.in) $ CFLAGS="-g -O0" ./configure (Makefile.in -> Makefile) $ make $ make install

xmkmf, Imakefile

This is yet another peculiar method for compiling and installing software under Linux. If you unpack some software and find Imakefile files sprinkled around it is a good bet that it expects you use xmkmf to generate a Makefile. Once a Makefile is created, should be as simple as running make much like with configure make install. It is amazing how much software uses Imakefile's but doesn't mention in the install instructions that xmkmf is the command you need to use to get things working properly.

chkconfig

Executables that run in the background to offer network services are usually started automatically when a system is started. The mechanism that starts and stops services uses settings kept in /etc/rc.d . Sometimes automatic startup the settings for a service need to adjusted. One could learn the particular details of files in /etc/rc.d , or you could just use the chkconfig command and specify the service, the run levels to change, and the state

> chkconfig --list
...
> chkconfig --level 2345 sshd on
...

nfs - network file system

nfs has a server and a client side.  Most Linux distributions install the necessary files by default, but do not active them.

Server # hostname foobar # rpm -qa | grep -i nfs-utils nfs-utils-1.0.9-42.el5 # rpm -qi nfs-utils The nfs-utils package provides a daemon for the kernel NFS server and related tools ... # cat /etc/exports /public 10.17.0.0/255.255.0.0(ro) # service nfs ...

Client # ls /mnt/coolmntpt empty # mount foobar:/public /mnt/coolmntpt # ls -l /mnt/coolmntpt lots of files ... # df -h | grep cool foobar:/public ... /mnt/coolmntpt # umount /mnt/coolmntpt

Security - It is easy for a client request to be spoofed allowing unauthorized access to a nfs server volume.  In general it good practice to only expose nfs volumes across LAN links and not expose them to the broader Internet.

Persistence - A nfs server may not stay online indefinetly.  If you regularly mount nfs volumes (i.e. you are nfs client), be familiar enough with the nfs server to know when mounting it may not be a good idea.  In some cases mounting a volume from a server not online can cause unexpected delays and worst case file corruption.  If you serve nfs mount points, you may want to configure your system to automatically restart nfs at boot time.

Run Levels - Make sure portmap service is running.  Typically portmap is on for levels 3 and 5, but not for run level 2.

Additional info

• /etc/fstab - allows nfs mount presets and automatic mounting after reboot
• chkconfig - allows nfs server to be restarted after reboot
• RHEL4

Majordomo

Tips

Linux Documentation Project

FTP

May need to tweak configurations files for inetd or xinetd to allow service to be enabled. Following is the /etc/xinetd.d/xinetd.conf from a RH71 install ...

# default: on
# description: The wu-ftpd FTP server serves FTP connections. It uses \
#       normal, unencrypted usernames and passwords for authentication.
service ftp
{
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/in.ftpd
        server_args             = -l -a
        log_on_success          += DURATION USERID
        log_on_failure          += USERID
        nice                    = 10
#       disable                 = yes
}

In more recent ftp service limit access to their user directory. This can be overridden on a per user basis in /etc/ftpaccess .

# rcsdiff ftpaccess
===================================================================
*** 11,24 ****
  # Chroot all users to their home directory by default
  # (comment this out if you don't want to chroot most of your users)
! guestuser *
  # If you wish to allow user1 and user2 to access other
  # directories, use the line below:
! # realuser user1,user2

--- 11,24 ----
  # Chroot all users to their home directory by default
  # (comment this out if you don't want to chroot most of your users)
! # guestuser *
  # If you wish to allow user1 and user2 to access other
  # directories, use the line below:
! realuser fredness,eddie

Anonymous FTP

If anonymous ftp capability is desired, install the anonftp-... RPM. A /home/ftp directory should now exist that anonymous users can access.

SaMBa - file sharing services that interface well with Microsoft Windows

$ cat /etc/redhat-release
  Fedora Core release 4 (Stentz)

$ rpm -qa | grep -i samba
  samba-common-3.0.14a-2
  samba-client-3.0.14a-2
  samba-3.0.14a-2

Restarting SMB ...

/etc/rc.d/init.d/smb status

/etc/rc.d/init.d/smb stop

/etc/rc.d/init.d/smb start

Importable registry files for enabling MS Windows clients can be found at ...

/usr/doc/samba-2.0.3/docs/

Acknowledging the presence of a dedicated WINS server. Here's an excerpt from a smb.conf that does this ...

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    wins server = 192.168.30.200

diff -r1.1 /etc/samba/smb.conf
16a17,20
> #  netbios name = sony-samba
>    netbios name = hpserv
>
18c22
<    workgroup = MYGROUP
---
>    workgroup = WORKGROUP
28c32
< ;  hosts allow = 192.168.1. 192.168.2. 127.
---
>    hosts allow = 192.168.1. 192.168.2. 127.
53c57,58
<    security = user
---
>    security = share
234a240,251
> # GeeWiz production folder
> [geewiz]
>    comment = GeeWiz production folder
>    path = /geewiz
>    public = yes
>    writable = yes

# rcsdiff smb.conf
  18c18
  <    workgroup = MYGROUP
  ---
  >    workgroup = WORKGROUP
  21c21
  <    server string = Samba Server
  ---
  >    server string = morpheus.us.wizbang.com
  58c58,59
  <    security = user
  ---
  > #  security = user
  >    security = share
  228,233c229,234
  < ;[public]
  < ;   comment = Public Stuff
  < ;   path = /home/samba
  < ;   public = yes
  < ;   read only = yes
  < ;   write list = @staff
  ---
  > [public]
  >     comment = Public Stuff
  >     path = /public
  >     public = yes
  >     read only = yes
  >     write list = @staff

SaMBa - encrypted passwords

Most version of Microsoft Windows expect encrypted passwords to be enabled. If a machine can see a SaMBa server but issues a connect/bad password error when attempting to open the server, it is a pretty good bet that the SaMBa server does not have encrypted passwords enabled. Quick way to get around this is to tweak the REGISTRY on each MS Windows system to disable encripted passwords (see above). A more compatible way to resolve this is to enable encrypted passwords.

First, uncomment the following lines in the /etc/smb.conf ...

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes
smb passwd file = /etc/smbpasswd

# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
#        the encrypted SMB passwords. They allow the Unix password
#        to be kept in sync with the SMB password.
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*
all*authentication*tokens*updated*successfully*

Second, create a user and password pair ...

>smbpasswd -a jsmith

>cat smbusers

>cat smbpasswd

SaMBa - Domain/Group and Anonymous

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = ZAPTECH

There is no anonymous user built into SaMBa that I am aware of. However, the nobody user can be given a smbpasswd of nothing. This will present users with a user passwd requestor that can be dismissed by using nobody and CR. Such users typically won't have write access. Alternatively, dispense with user authentication entirely by changing smb.conf security setting to share (see example above).

RCS (revision control system)

CVS (centralized source code version control)

Most Linux distributions install the /usr/bin/cvs command by default. What may not be obvious is that this executable is used both for command line operations and for establishing a service daemon. Unless you have a non-standard distribution, you will need to manually enable cvs services by adding a line to the /etc/inetd.conf, and then restarting it. Add the following to /etc/inetd.conf ...

# CVS service
cvspserver stream tcp nowait root /usr/sbin/tcpd /usr/bin/cvs --allow-root=/home/cvsroot pserver

For more recent xinetd make a /etc/xinetd.d/cvspserver file containing something like ...

# default: off
# description: cvs server
service cvspserver
{
	socket_type		= stream
 	protocol		= tcp
	wait			= no
	user			= root
	server			= /usr/bin/cvs
	server_args		= -f --allow-root=/home/home/cvsroot pserver
}

Above based loosely on similar file for enabling telnetd . Caution: watch out for white space! These files may require tabs instead of spaces for indenting purposes. The following is a bit more elaborate. Note: log_on_success may in some situations introduce connect delays. If so consider log_on_failure instead.

# default: off
# description: cvs server
service cvspserver
{
        socket_type		= stream
        protocol		= tcp
        wait			= no
        log_on_success		+= USERID
        user			= root
        passenv			=
        server			= /usr/bin/cvs
        server_args		= -f --allow-root=/home/home/cvsroot pserver
}

Now, initialize the repository ...

> cvs -d /home/cvsroot init

CVS - Multiple Repositories
Yes its true, you can have more than one CVS repository on a server. The critical bit that allows this is adding another --allow-root=[path] to /etc/xinetd.d/cvspserver for each additional repository. Each repository will need to be initialized seperately.

CVS Port = 2401
Remote clients use this port to establish a connection to cvspserver (consult /etc/services for more details)

cvspserver     2401/tcp     # CVS client/server operations
cvspserver     2401/udp     # CVS client/server operations

CVS - Module Creation (Importing)
This is can be tricky. Sometimes it is easier to create a dummy folder containing a single file, import just that, then add any other files using more straightforward cvs add

export CVSROOT=":pserver:fredness@mail.zaptech.com:/home/cvsroot"

cvs login

cvs import -m "blah blah blah" modulename bogusvender firsttag

cvs logout

cat ./cvspass

CVS - Allowing Anonymous Access

Create a file called readers (e.g. /home/cvsroot/CVSROOT/readers) so that it contains ...

anonymous

Now create another files called passwd so that it contains ...

anonymous:ndt015Yw.To5Y:nobody

It can be awkward to create a null password with the passwd command. The following perl script does the job though ...

> cat cryptout.pl
#!/usr/bin/perl

srand(time());
my $randletter = "(int (rand (26)) + (int (rand (1) + .5) % 2 ? 65 : 97))";
my $salt = sprintf ("%c%c", eval $randletter, eval $randletter);
my $plaintext = shift;
my $crypttext = crypt($plaintext, $salt);
print "${crypttext}\n";

(Optional) You may also need to create a writers file that contains users who can commit changes...

fredness
leighster
ian

Add nobody to cvs group

CVS - Read Only Users

Add the username (see below) then add username to the readers file (see above). No passwd file is required for this.

Annoying /root/.cvsignore Permission denied warning messages

This is a harmless 'bug' and is supposed to fixed in CVS 1.10.8

Additional Info

- Tips

- Akadia

MySQL Setup

Following works with redhat 7.1

# su -
...
# rpm -ivh mysql-3.23.36-1.i386.rpm
...
# rpm -ivh mysql-server-3.23.36-1.i386.rpm
...
# /etc/rc.d/init.d/mysqld status
...
# /etc/rc.d/init.d/mysqld start
...
# exit
# mysql
  -> \h
  -> \q
#

More

HOWTO MySQL

Which System Libraries are Installed

Check /usr/lib to see what libs are installed. Also, you can take a look at /etc/ld.so.conf to see what libs are installed and in what dir they are installed in.

To find our what libraries an executable uses ...

ldd [file]

If you have manually added a library to one of the existing library directories, make sure you run ldconfig to register it. Alternatively, try setting LD_LIBRARY_PATH env var to point to the desired library directory.

Use nm to figure out which library any symbol is in.  For example, the following will locate which library containts the symbol 'XGetExtensionVersion'.

$ nm -Bog /usr/X11/lib/*.so | grep XGetExtensionVersion 

bash

Bourne Again SHell (BASH), is probably the most ubiquitous command line interpreter enabled by default on Linux/Unix systems as of this writing. As such, there are many powerful commands and other capabilities built into bash that are important to master to effective manage and administer a wide variety of computer systems.

screen

Useful way to to detach a session from the current login session, then resurrect it later.  Very hand for monitoring/running commands that take a very long time to complete, and not having to be sitting at the hardware.

$ screen -ls

  No Sockets found in /var/run/screen/S-ricks.

$ screen

    $ screen -ls

      There is a screen on:
      1067.pts-1.clamps	(Detached)

    $ [ctrl-A]d

      [ ... detaches from current session ... ]

$ screen -ls

  There is a screen on:
  1067.pts-1.clamps	(Detached)

$ screen -r 1067.pts-1.clamps

    $ exit

$ screen -ls

  No Sockets found in /var/run/screen/S-ricks.

awk

Elsewhere

• SHELLdorado

fortune, configuring your own fortune teller

$ cat foo

  fortune test 1
  %
  fortune text 2
  %
  fortune text 3

$ strfile foo

$ ls foo*

  foo
  foo.dat

$ fortune foo
  ...

Java

Install Notes

rsync

-a includes everything including subdirs, z is for compression v is for verbose

rsync -azv -e 'ssh' sourcedir user@host:/destdir

Telnet & Xinetd Services

On newer systems xinetd has replaced inetd. Instead of a single /etc/inetd.conf file there is /etc/xinetd.d/ directory with different small files for each service to enable.

# default: on
# description: The telnet server serves telnet sessions; it uses \
#       unencrypted username/password pairs for authentication.
service telnet
{
        disable         = no
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/sbin/in.telnetd
        log_on_failure  += USERID
# restrict telnet access to internal network
        only_from       = 192.168.1.0/24
#       disable         = yes
}

nmap

$ nmap -A -T4 cp2.foobar.com

  Interesting ports on 216.240.133.161:
  (The 1671 ports scanned but not shown below are in state: filtered)
  PORT    STATE SERVICE VERSION
  22/tcp  open  ssh     OpenSSH 3.9p1 (protocol 2.0)
  80/tcp  open  http    Apache httpd 2.0.52 ((Red Hat))
  873/tcp open  rsync    (protocol version 28)

  Nmap finished: 1 IP address (1 host up) scanned in 38.079 seconds

$ nmap -A -T4 cp1.foobar.com

  Interesting ports on 216.240.159.214:
  (The 1669 ports scanned but not shown below are in state: filtered)
  PORT    STATE  SERVICE  VERSION
  20/tcp  closed ftp-data
  21/tcp  open   ftp      vsftpd 2.0.1
  22/tcp  open   ssh      OpenSSH 3.9p1 (protocol 2.0)
  80/tcp  open   http     Apache httpd 2.0.52 ((Red Hat))
  443/tcp closed https
  Service Info: OS: Unix

  Nmap finished: 1 IP address (1 host up) scanned in 55.310 seconds

lp & a2ps

Under RH7.1 (should work for most distros) the following will format foo.c in postscript with two pages/page and send it to lp printer port at 192.168.11.21 ...

a2ps -Plp@192.168.11.21 foo.c

a2ps -s duplex -Plp@192.168.11.21 foo.c

a2ps -Plp@192.168.11.21 foo.c --columns=1 -s duplex -L66

This following will dump the text to the printer unformatted ...

lp -d @192.168.11.21 foo.c

Linux/Unix, Netscape/Mozilla Print Command
Following works for the ColorLaserJet 5MP (Mmmm, color postscrpt :-) I have setup on the home office LAN at IP address 192.168.1.192

lp -d @192.168.1.192

talk

On older systems may need to install talkd and inetd before remote chat session will be permitted. Once installed, may need to restart system (although appropriate init.d command will probably to the trick without rebooting).

named - Internet DNS (Domain Name Service)

$ host -t any zaptech.com r2d2.inow.com

  Using domain server:
  Name: r2d2.inow.com
  Address: 198.144.96.10#53
  Aliases:

  zaptech.com has SOA record public.zaptech.com. info.zaptech.com. 2005021501 10800 1800 604800 86400
  zaptech.com name server r2d2.inow.com.
  zaptech.com name server public.zaptech.com.
  zaptech.com has address 198.144.98.62
  zaptech.com mail is handled by 10 mail.zaptech.com.


$ dig @b.root-servers.net scpns.org

  ; <<>> DiG 9.2.3rc1 <<>> @b.root-servers.net scpns.org
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28076
  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 8

  ;; QUESTION SECTION:
  ;scpns.org.                     IN      A

  ;; AUTHORITY SECTION:
  org.                    172800  IN      NS      TLD1.ULTRADNS.NET.
  org.                    172800  IN      NS      TLD2.ULTRADNS.NET.
  org.                    172800  IN      NS      TLD3.ULTRADNS.org.
  org.                    172800  IN      NS      TLD4.ULTRADNS.org.
  org.                    172800  IN      NS      TLD5.ULTRADNS.INFO.
  org.                    172800  IN      NS      TLD6.ULTRADNS.CO.UK.

  ;; ADDITIONAL SECTION:
  TLD1.ULTRADNS.NET.      172800  IN      AAAA    2001:502:d399::1
  TLD1.ULTRADNS.NET.      172800  IN      A       204.74.112.1
  TLD2.ULTRADNS.NET.      172800  IN      A       204.74.113.1
  TLD3.ULTRADNS.org.      172800  IN      A       199.7.66.1
  TLD4.ULTRADNS.org.      172800  IN      AAAA    2001:502:100e::1
  TLD4.ULTRADNS.org.      172800  IN      A       199.7.67.1
  TLD5.ULTRADNS.INFO.     172800  IN      A       192.100.59.11
  TLD6.ULTRADNS.CO.UK.    172800  IN      A       198.133.199.11

  ;; Query time: 27 msec
  ;; SERVER: 192.228.79.201#53(b.root-servers.net)
  ;; WHEN: Tue Jul  4 01:43:21 2006
  ;; MSG SIZE  rcvd: 341


$ dig @TLD2.ULTRADNS.NET scpns.org

  ; <<>> DiG 9.2.3rc1 <<>> @TLD2.ULTRADNS.NET scpns.org
  ;; global options:  printcmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53360
  ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

  ;; QUESTION SECTION:
  ;scpns.org.                     IN      A

  ;; AUTHORITY SECTION:
  scpns.org.              86400   IN      NS      ns1.zaptech.org.
  scpns.org.              86400   IN      NS      ns1.sparkworx.com.

  ;; ADDITIONAL SECTION:
  ns1.zaptech.org.        86400   IN      A       64.32.175.104

  ;; Query time: 25 msec
  ;; SERVER: 204.74.113.1#53(TLD2.ULTRADNS.NET)
  ;; WHEN: Tue Jul  4 01:59:23 2006
  ;; MSG SIZE  rcvd: 100

$ dig @172.16.4.20 howtolabs.net axfr

  ; <<>> DiG 9.3.1 <<>> @172.16.4.20 howtolabs.net axfr
  ; (1 server found)
  ;; global options:  printcmd
  howtolabs.net.          86400   IN      SOA     ns1.zaptech.org. info.zaptech.com. 2006052001 28800 7200 604800 86400
  howtolabs.net.          86400   IN      NS      ns1.zaptech.org.
  howtolabs.net.          86400   IN      NS      ns1.sparkworx.com.
  howtolabs.net.          86400   IN      TXT     "v=spf1 include:fc5.zaptech.org ~all"
  howtolabs.net.          86400   IN      MX      10 fc5.zaptech.org.
  howtolabs.net.          86400   IN      A       64.32.175.104
  www.howtolabs.net.      86400   IN      A       64.32.175.104
  howtolabs.net.          86400   IN      SOA     ns1.zaptech.org. info.zaptech.com. 2006052001 28800 7200 604800 86400
  ;; Query time: 21 msec
  ;; SERVER: 172.16.4.20#53(172.16.4.20)
  ;; WHEN: Mon Jul 17 16:35:42 2006
  ;; XFR size: 8 records (messages 1)

Security-Enhanced Linux

Nagios

Nagios is a popular web service that is employed to monitor various systems and services.  It's become much easier to setup recently, but still suffers from being 'over-engineered' and brittle to the extend that it will stop working for no apparent reason.  Still, its popularity is steadily increasing and overall it seems to be becoming easier to setup and more stable.

nagios Service Dies, Restart Keeps Dying

Nagios tends to die for having too large a file open (signal SIGXFSZ).  It turns out that performance data is being written to a file that is not rotated by default, so it grows until it is too large to open.

An entry in the logrotate configuration is needed, so the file will be rotated and compressed on a weekly basis, followed by restarting Nagios.  Hopefully that keeps the problem from recurring.

$ pwd

  /usr/local/nagios/var

$ ls -lh 

  total 2.3G
  drwxrwxr-x 2 nagios nagios  16K Jan 11 16:41 archives
  -rw-rw-r-- 1 nagios nagios 552K Jan 14 09:06 nagios.debug
  -rw-rw-r-- 1 nagios nagios 977K Jan 14 09:06 nagios.debug.old
  -rw-r--r-- 1 nagios nagios    5 Jan 14 08:03 nagios.lock
  -rw-rw-r-- 1 nagios nagios  45K Jan 14 09:03 nagios.log
  -rw-r--r-- 1 nagios nagios 416K Jan 14 08:03 objects.cache
  -rw------- 1 nagios nagios 505K Jan 14 09:03 retention.dat
  drwxrwsr-x 2 nagios nagios 4.0K Jan 14 08:03 rw
  -rw-rw-r-- 1 nagios nagios 879K Jan 14 09:06 service-perfdata
  -rw-rw-r-- 1 nagios nagios 267M Jan 14 08:05 service-perfdata.1.gz
  -rw-rw-r-- 1 nagios nagios 2.0G Jun 14  2009 service-perfdata.save
  drwxrwxr-x 3 nagios nagios 4.0K Jan 16  2009 spool
  -rw-rw-r-- 1 nagios nagios 502K Jan 14 09:06 status.dat 

$ cat /etc/logrotate.conf 

  ...

  # system-specific logs may be also be configured here.
  /usr/local/nagios/var/service-perfdata {
	rotate 52
	compress
	nocreate
	postrotate
	/sbin/service nagios restart
	endscript
  } 

SuSE/Novell Distribution Notes

Yum - RPM Manager

Fedora Distribution Notes

rpm anomolies
Recent kernels may get out of step with rpm and make it difficult to perform system updates. It may be possible to regress what kernel calls should be used to launch programs.

# rpm -q rpm
rpmdb: unable to join the environment
error: db4 error(11) from dbenv->open: Resource temporarily unavailable
error: cannot open Packages index using db3 - Resource temporarily
unavailable (11)
error: cannot open Packages database in /var/lib/rpm
package rpm is not installed

Now it works when the following is done!!!!!

# rm /var/lib/rpm/__*

# export LD_ASSUME_KERNEL=2.2.5

# rpm -q rpm
rpm-4.2.1-0.30

Red Hat Distribution Notes

Unsupported Hardware

RedHat Network

The rhnsd service provides ... stay tuned.

# service rhnsd status

  rhnsd (pid 6262) is running...

# chkconfig --list | grep rhn

  rhn-virtualization-host	0:off	1:off	2:on	3:on	4:on	5:on	6:off
  rhnsd          	0:off	1:off	2:on	3:on	4:on	5:on	6:off

# rhn_check

Changing Host Name

Typically this requires editing /etc/sysconfig/network and rebooting.

$ cat /etc/sysconfig/network

  NETWORKING=yes
  HOSTNAME=public.zaptech.com
  GATEWAY=192.168.1.1

Hostname is a somewhat abstract concept. By itself it is just a simple name used by the system internally. Classic example is the host identifier text of a shell prompt. Strictly speaking this value is not known by a system until it is set sometime after boot. Red Hat convention is to place fully qualified hostname (shortname.domain.com) value in /etc/sysconfig/network which is read early during system boot (changing this will only affect system after next boot). Another convention is to place the short hostname at the end of the /etc/hosts line for 127.0.0.1/localhost. This is allows internal processes to access local resources using network connection protocols. Lastly, there is a system command called hostname. It is the key to retrieving and changing a system's internal hostname. Note: the hostname command specifically DOES NOT save any state for the next time the system boots.

Gnome is used instead of the desired desktop environment

(see X Windows)

Expert Install Mode
Even a simple install may require expert install mode if a SCSI controller or network card support is desired. Also, as of RedHat 6.X, the installer no longer allows full custom disk partitioning with fdisk unless you specify boot: expert text at install prompt and later indicate a full custom installation

Evil hosts file - the localhost entry in a hosts file should never contain the hostname, especailly if a fixed IP address is used. If it does, this can freak out other systems on the same network. If you need to declare your hostname in the hosts file, make a dedicated entry for it to you fixed IP address. This will allow NetBIOS, SaMBa, and other net browser protocals to properly resolve your system. For example ...

127.0.0.1 localhost
192.168.30.33 fredness fredness.cacheon.com
207.5.50.250 mail.zaptech.com mail

/etc/passwd, /etc/group

$ man 5 passwd
(see Red Hat)