SECTION ONE: BASIC ADMINISRATION
CHAPTER 1 WHERE TO START 3
Suggested background 4
Linux’s relationship to UNIX 4
Linux in historical context 5
Linux distributions 6
So what’s the best distribution? 8
Distribution-specific administration tools 9
Notation and typographical conventions 9
System-specific information 10
Where to go for information 11
Organization of the man pages 12
man: read manual pages 13
Other sources of Linux information 13
How to find and install software 14
Essential tasks of the system administrator 16
Adding, removing, and managing user accounts 16
Adding and removing hardware 16
Performing backups 17
Installing and upgrading software 17
Monitoring the system 17
Troubleshooting 17
Maintaining local documentation 17
Vigilantly monitoring security 17
Helping users 18 System administration under duress 18
System Administration Personality Syndrome 18
Recommended reading 19
Exercises 20
CHAPTER 2 BOOTING AND SHUTTING DOWN 21
Bootstrapping 21
Automatic and manual booting 22
Steps in the boot process 22
Kernel initialization 23
Hardware configuration 23
Kernel threads 23
Operator intervention (manual boot only) 24
Execution of startup scripts 25
Multiuser operation 25
Booting PCs 25
Using boot loaders: LILO and GRUB 26
GRUB: The GRand Unified Boot loader 26
LILO: The traditional Linux boot loader 28
Kernel options 29
Multibooting on PCs 30
GRUB multiboot configuration 30
LILO multiboot configuration 31
Booting single-user mode 31
Single-user mode with GRUB 32
Single-user mode with LILO 32
Working with startup scripts 32
init and run levels 33
Red Hat and Fedora startup scripts 36
SUSE startup scripts 38
Debian and Ubuntu startup scripts 40
Rebooting and shutting down 40
Turning off the power 41
shutdown: the genteel way to halt the system 41
halt: a simpler way to shut down 42
reboot: quick and dirty restart 42
telinit: change init’s run level 42
poweroff: ask Linux to turn off the power 42
Exercises 43
CHAPTER 3 ROOTLY POWERS 44
Ownership of files and processes 44
The superuser 46
Choosing a root password 47
Becoming root 48
su: substitute user identity 48
sudo: a limited su 48
Other pseudo-users 51
bin: legacy owner of system commands 51
daemon: owner of unprivileged system software 51
nobody: the generic NFS user 51
Exercises 52
CHAPTER 4 CONTROLLING PROCESSES 53
Components of a process 53
PID: process ID number 54
PPID: parent PID 54
UID and EUID: real and effective user ID 54
GID and EGID: real and effective group ID 55
Niceness 55
Control terminal 56
The life cycle of a process 56
Signals 57
kill and killall: send signals 60
Process states 60
nice and renice: influence scheduling priority 61
ps: monitor processes 62
top: monitor processes even better 65
The /proc filesystem 65
strace: trace signals and system calls 66
Runaway processes 67
Recommended reading 69
Exercises 69
CHAPTER 5 THE FILESYSTEM 70
Pathnames 72
Filesystem mounting and unmounting 73
The organization of the file tree 75
File types 76
Regular files 78
Directories 78
Character and block device files 79
Local domain sockets 80
Named pipes 80
Symbolic links 80
File attributes 81
The permission bits 81
The setuid and setgid bits 82
The sticky bit 82
Viewing file attributes 82
chmod: change permissions 84
chown: change ownership and group 86
umask: assign default permissions 86
Bonus flags 87
Access control lists 88
ACL overview 88
Default entries 91
Exercises 92
CHAPTER 6 ADDING NEW USERS 93
The /etc/passwd file 93
Login name 94
Encrypted password 96
UID (user ID) number 96
Default GID number 97
GECOS field 98
Home directory 98
Login shell 98
The /etc/shadow file 99
The /etc/group file 101
Adding users 102
Editing the passwd and shadow files 103
Editing the /etc/group file 104
Setting an initial password 104
Creating the user’s home directory 105
Copying in the default startup files 105
Setting the user’s mail home 106
Verifying the new login 106
Recording the user’s status and contact information 107
Removing users 107
Disabling logins 108
Managing accounts 108
Exercises 110
CHAPTER 7 ADDING A DISK 111
Disk interfaces 111
The PATA interface 112
The SATA interface 114
The SCSI interface 114
Which is better, SCSI or IDE? 118
Disk geometry 119
Linux filesystems 120
Ext2fs and ext3fs 120
ReiserFS 121
XFS and JFS 122
An overview of the disk installation procedure 122
Connecting the disk 122
Formatting the disk 123
Labeling and partitioning the disk 124
Creating filesystems within disk partitions 125
Mounting the filesystems 126
Setting up automatic mounting 127
Enabling swapping 129
hdparm: set IDE interface parameters 129
fsck: check and repair filesystems 131
Adding a disk: a step-by-step guide 133
Advanced disk management: RAID and LVM 138
Linux software RAID 139
Logical volume management 139
An example configuration with LVM and RAID 140
Dealing with a failed disk 144
Reallocating storage space 146
Mounting USB drives 147
Exercises 148
CHAPTER 8 PERIODIC PROCESSES 150
cron: schedule commands 150
The format of crontab files 151
Crontab management 153
Some common uses for cron 154
Cleaning the filesystem 154
Network distribution of configuration files 155
Rotating log files 156
Other schedulers: anacron and fcron 156
Exercises 157
CHAPTER 9 BACKUPS 158
Motherhood and apple pie 159
Perform all dumps from one machine 159
Label your media 159
Pick a reasonable backup interval 159
Choose filesystems carefully 160
Make daily dumps fit on one piece of media 160
Make filesystems smaller than your dump device 161
Keep media off-site 161
Protect your backups 161
Limit activity during dumps 162
Verify your media 162
Develop a media life cycle 163
Design your data for backups 163
Prepare for the worst 163
Backup devices and media 163
Optical media: CD-R/RW, DVD±R/RW, and DVD-RAM 164
Removable hard disks (USB and FireWire) 165
Small tape drives: 8mm and DDS/DAT 166
DLT/S-DLT 166
AIT and SAIT 166
VXA/VXA-X 167
LTO 167
Jukeboxes, stackers, and tape libraries 167
Hard disks 168
Summary of media types 168
What to buy 168
Setting up an incremental backup regime with dump 169
Dumping filesystems 169
Dump sequences 171
Restoring from dumps with restore 173
Restoring individual files 173
Restoring entire filesystems 175
Dumping and restoring for upgrades 176
Using other archiving programs 177
tar: package files 177
cpio: archiving utility from ancient times 178
dd: twiddle bits 178
Using multiple files on a single tape 178
Bacula 179
The Bacula model 180
Setting up Bacula 181
Installing the database and Bacula daemons 181
Configuring the Bacula daemons 182
bacula-dir.conf: director configuration 183
bacula-sd.conf: storage daemon configuration 187
bconsole.conf: console configuration 188
Installing and configuring the client file daemon 188
Starting the Bacula daemons 189
Adding media to pools 190
Running a manual backup 190
Running a restore job 192
Monitoring and debugging Bacula configurations 195
Alternatives to Bacula 197
Commercial backup products 197
ADSM/TSM 197
Veritas 198
Other alternatives 198
Recommended reading 198
Exercises 198
CHAPTER 10 SYSLOG AND LOG FILES 201
Logging policies 201
Throwing away log files 201
Rotating log files 202
Archiving log files 204
Linux log files 204
Special log files 206
Kernel and boot-time logging 206
logrotate: manage log files 208
Syslog: the system event logger 209
Alternatives to syslog 209
Syslog architecture 210
Configuring syslogd 210
Designing a logging scheme for your site 214
Config file examples 214
Sample syslog output 216
Software that uses syslog 217
Debugging syslog 217
Using syslog from programs 218
Condensing log files to useful information 220
Exercises 222
CHAPTER 11 SOFTWARE AND CONFIGURATION MANAGEMENT 223
Basic Linux installation 223
Netbooting PCs 224
Setting up PXE for Linux 225
Netbooting non-PCs 226Kickstart: the automated installer for Enterprise Linux and Fedora 226
AutoYaST: SUSE’s automated installation tool 230
The Debian and Ubuntu installer 231
Installing from a master system 232
Diskless clients 232
Package management 234
Available package management systems 235
rpm: manage RPM packages 235
dpkg: manage Debian-style packages 237
High-level package management systems 237
Package repositories 239
RHN: the Red Hat Network 240
APT: the Advanced Package Tool 241
Configuring apt-get 242
An example /etc/apt/sources.list file 243
Using proxies to make apt-get scale 244
Setting up an internal APT server 244
Automating apt-get 245
yum: release management for RPM 246
Revision control 247
Backup file creation 247
Formal revision control systems 248
RCS: the Revision Control System 249
CVS: the Concurrent Versions System 251
Subversion: CVS done right 253
Localization and configuration 255
Organizing your localization 256
Testing 257
Local compilation 258
Distributing localizations 259
Resolving scheduling issues 260
Configuration management tools 260
cfengine: computer immune system 260
LCFG: a large-scale configuration system 261
The Arusha Project (ARK) 261
Template Tree 2: cfengine helper 262
DMTF/CIM: the Common Information Model 262
Sharing software over NFS 263
Package namespaces 264
Dependency management 265
Wrapper scripts 265
Implementation tools 266
Recommended software 266
Recommended reading 268
Exercises 268
SECTION TWO: NETWORKING
CHAPTER 12 TCP/IP NETWORKING 271
TCP/IP and the Internet 272
A brief history lesson 272
How the Internet is managed today 273
Network standards and documentation 274
Networking road map 275
Packets and encapsulation 276
The link layer 277
Packet addressing 279
Ports 281
Address types 281
IP addresses: the gory details 282
IP address classes 282
Subnetting and netmasks 282
The IP address crisis 285
CIDR: Classless Inter-Domain Routing 287
Address allocation 288
Private addresses and NAT 289
IPv6 addressing 291
Routing 293
Routing tables 294
ICMP redirects 295
ARP: the address resolution protocol 296
Addition of a machine to a network 297
Hostname and IP address assignment 298
ifconfig: configure network interfaces 299
mii-tool: configure autonegotiation and other media-specific options 302
route: configure static routes 303
Default routes 305
DNS configuration 306
The Linux networking stack 307
Distribution-specific network configuration 307
Network configuration for Red Hat and Fedora 308
Network configuration for SUSE 309
Network configuration for Debian and Ubuntu 310
DHCP: the Dynamic Host Configuration Protocol 311
DHCP software 312
How DHCP works 312
ISC’s DHCP server 313
Dynamic reconfiguration and tuning 314
Security issues 316
IP forwarding 316
ICMP redirects 317
Source routing 317
Broadcast pings and other forms of directed broadcast 317
IP spoofing 317
Host-based firewalls 318
Virtual private networks 318
Security-related kernel variables 319
Linux NAT 319
PPP: the Point-to-Point Protocol 320Addressing PPP performance issues 321
Connecting to a network with PPP 321
Making your host speak PPP 321
Controlling PPP links 321
Assigning an address 322
Routing 322
Ensuring security 323
Using chat scripts 323
Configuring Linux PPP 323
Linux networking quirks 330
Recommended reading 331
Exercises 332
CHAPTER 13 ROUTING 334
Packet forwarding: a closer look 335
Routing daemons and routing protocols 337
Distance-vector protocols 338
Link-state protocols 339
Cost metrics 340
Interior and exterior protocols 340
Protocols on parade 341
RIP: Routing Information Protocol 341
RIP-2: Routing Information Protocol, version 2 341
OSPF: Open Shortest Path First 342
IGRP and EIGRP: Interior Gateway Routing Protocol 342
IS-IS: the ISO “standard” 343
MOSPF, DVMRP, and PIM: multicast routing protocols 343
Router Discovery Protocol 343
routed: RIP yourself a new hole 343
gated: gone to the dark side 344
Routing strategy selection criteria 344
Cisco routers 346
Recommended reading 348
Exercises 349
CHAPTER 14 NETWORK HARDWARE 350
LAN, WAN, or MAN? 351
Ethernet: the common LAN 351
How Ethernet works 351
Ethernet topology 352
Unshielded twisted pair 353
Connecting and expanding Ethernets 355
Wireless: nomad’s LAN 359
Wireless security 360
Wireless switches 360
FDDI: the disappointing, expensive, and outdated LAN 361
ATM: the promised (but sorely defeated) LAN 362
Frame relay: the sacrificial WAN 363
ISDN: the indigenous WAN 364
DSL and cable modems: the people’s WAN 364
Where is the network going? 365
Network testing and debugging 366
Building wiring 366
UTP cabling options 366
Connections to offices 367
Wiring standards 367
Network design issues 368
Network architecture vs building architecture 368
Existing networks 369
Expansion 369
Congestion 369
Maintenance and documentation 370
Management issues 370
Recommended vendors 371
Cables and connectors 371
Test equipment 371
Routers/switches 372
Recommended reading 372
Exercises 372
CHAPTER 15 DNS: THE DOMAIN NAME SYSTEM 373
DNS for the impatient: adding a new machine 374
The history of DNS 375
BIND implementations 376
Other implementations of DNS 376
Who needs DNS? 377
The DNS namespace 378
Masters of their domains 381
Selecting a domain name 382
Domain bloat 382
Registering a second-level domain name 383
Creating your own subdomains 383
How DNS works 383
Delegation 383
Caching and efficiency 384
The extended DNS protocol 386
What’s new in DNS 386
The DNS database 389
Resource records 389
The SOA record 392
NS records 395
A records 396
PTR records 396
MX records 397
CNAME records 399
The CNAME hack 400
LOC records 401
SRV records 402
TXT records 403
IPv6 resource records 404
IPv6 forward records 404
IPv6 reverse records 405
Security-related records 405
Commands in zone files 405
Glue records: links between zones 407
The BIND software 409
Versions of BIND 410
Finding out what version you have 410
Components of BIND 411
named: the BIND name server 412
Authoritative and caching-only servers 412
Recursive and nonrecursive servers 413
The resolver library 414
Shell interfaces to DNS 415
Designing your DNS environment 415
Namespace management 415
Authoritative servers 416
Caching servers 417
Security 417
Summing up 418
A taxonomy of DNS/BIND chores 418
BIND client issues 418
Resolver configuration 418
Resolver testing 420
Impact on the rest of the system 420
BIND server configuration 420
Hardware requirements 421
Configuration files 421
The include statement 423
The options statement 423
The acl statement 429
The key statement 430
The trusted-keys statement 430
The server statement 431
The masters statement 432
The logging statement 432
The zone statement 432
The controls statement 436
Split DNS and the view statement 438
BIND configuration examples 439
The localhost zone 439
A small security company 441
The Internet Systems Consortium, isc.org 444
Starting named 446
Updating zone files 447
Zone transfers 447
Dynamic updates 448
Security issues 451
Access control lists revisited 451
Confining named 453
Secure server-to-server communication with TSIG and TKEY 453
DNSSEC 456
Negative answers 463
Microsoft and DNS 464
Testing and debugging 466
Logging 466
Sample logging configuration 470
Debug levels 471
Debugging with rndc 471
BIND statistics 473
Debugging with dig 473
Lame delegations 475
doc: domain obscenity control 476
Other DNS sanity checking tools 478
Performance issues 478
Distribution specifics 478
Recommended reading 481
Mailing lists and newsgroups 481
Books and other documentation 481
On-line resources 482
The RFCs 482
Exercises 482
CHAPTER 16 THE NETWORK FILE SYSTEM 484
General information about NFS 484
NFS protocol versions 484
Choice of transport 485
File locking 486
Disk quotas 486
Cookies and stateless mounting 486
Naming conventions for shared filesystems 487
Security and NFS 487
Root access and the nobody account 488
Server-side NFS 489
The exports file 490
nfsd: serve files 492
Client-side NFS 492
Mounting remote filesystems at boot time 495
Restricting exports to insecure ports 495
nfsstat: dump NFS statistics 495
Dedicated NFS file servers 496
Automatic mounting 497
automount: mount filesystems on demand 497
The master file 498
Map files 499
Executable maps 499
Recommended reading 500
Exercises 501
CHAPTER 17 SHARING SYSTEM FILES 502
What to share 503
nscd: cache the results of lookups 504
Copying files around 505
rdist: push files 505
rsync: transfer files more securely 508
Pulling files 510
NIS: the Network Information Service 511
Understanding how NIS works 512
Weighing advantages and disadvantages of NIS 514
Prioritizing sources of administrative information 515
Using netgroups 517
Setting up an NIS domain 517
Setting access control options in /etc/ypserv.conf 519
Configuring NIS clients 519
NIS details by distribution 520
LDAP: the Lightweight Directory Access Protocol 520
The structure of LDAP data 521
The point of LDAP 522
LDAP documentation and specifications 523
OpenLDAP: LDAP for Linux 523
NIS replacement by LDAP 525
LDAP and security 526
Recommended reading 526
Exercises 527
CHAPTER 18 ELECTRONIC MAIL 528
Mail systems 530
User agents 531
Transport agents 532
Delivery agents 532
Message stores 533
Access agents 533
Mail submission agents 533
The anatomy of a mail message 534
Mail addressing 535
Mail header interpretation 535
Mail philosophy 539
Using mail servers 540
Using mail homes 542
Using IMAP or POP 542
Mail aliases 544
Getting mailing lists from files 546
Mailing to files 547
Mailing to programs 547
Aliasing by example 548
Forwarding mail 549
The hashed alias database 551
Mailing lists and list wrangling software 551
Software packages for maintaining mailing lists 551
LDAP: the Lightweight Directory Access Protocol 555
sendmail: ringmaster of the electronic mail circus 557
Versions of sendmail 557
sendmail installation from sendmail.org 559
sendmail installation on Debian and Ubuntu systems 561
The switch file 562
Modes of operation 562
The mail queue 563
sendmail configuration 565
Using the m4 preprocessor 566
The sendmail configuration pieces 567
Building a configuration file from a sample .mc file 568
Changing the sendmail configuration 569
Basic sendmail configuration primitives 570
The VERSIONID macro 570
The OSTYPE macro 570
The DOMAIN macro 572
The MAILER macro 573
Fancier sendmail configuration primitives 574
The FEATURE macro 574
The use_cw_file feature 574
The redirect feature 575
The always_add_domain feature 575
The nocanonify feature 576
Tables and databases 576
The mailertable feature 578
The genericstable feature 579
The virtusertable feature 579
The ldap_routing feature 580
Masquerading and the MASQUERADE_AS macro 581
The MAIL_HUB and SMART_HOST macros 583
Masquerading and routing 583
The nullclient feature 584
The local_lmtp and smrsh features 585
The local_procmail feature 585
The LOCAL_* macros 586
Configuration options 586
Spam-related features in sendmail 588
Relaying 589
The access database 591
User or site blacklisting 594
Header checking 595
Rate and connection limits 596
Slamming 597
Miltering: mail filtering 597
Spam handling 598
SpamAssassin 598
SPF and Sender ID 599
Configuration file case study 599
Client machines at sendmail.com 599
Master machine at sendmail.com 600
Security and sendmail 603
Ownerships 603
Permissions 604
Safer mail to files and programs 605
Privacy options 606
Running a chrooted sendmail (for the truly paranoid) 607
Denial of service attacks 608
Forgeries 608
Message privacy 610
SASL: the Simple Authentication and Security Layer 610
sendmail performance 611
Delivery modes 611
Queue groups and envelope splitting 611
Queue runners 613
Load average controls 613
Undeliverable messages in the queue 613
Kernel tuning 614
sendmail statistics, testing, and debugging 615
Testing and debugging 616
Verbose delivery 617
Talking in SMTP 618
Queue monitoring 619
Logging 619
The Exim Mail System 621
History 621
Exim on Linux 621
Exim configuration 622
Exim/sendmail similarities 622
Postfix 623
Postfix architecture 623
Receiving mail 624
The queue manager 624
Sending mail 625
Security 625
Postfix commands and documentation 625
Configuring Postfix 626
What to put in main.cf 626
Basic settings 626
Using postconf 627
Lookup tables 627
Local delivery 629
Virtual domains 630
Virtual alias domains 630
Virtual mailbox domains 631
Access control 632
Access tables 633
Authentication of clients 634
Fighting spam and viruses 634
Black hole lists 635
SpamAssassin and procmail 636
Policy daemons 636
Content filtering 636
Debugging 637
Looking at the queue 638
Soft-bouncing 638
Testing access control 638
Recommended reading 639
Exercises 640
CHAPTER 19 NETWORK MANAGEMENT AND DEBUGGING 643
Network troubleshooting 644
ping: check to see if a host is alive 645
traceroute: trace IP packets 647
netstat: get network statistics 649
Inspecting interface configuration information 649
Monitoring the status of network connections 651
Identifying listening network services 652
Examining the routing table 652
Viewing operational statistics for network protocols 653
sar: inspect live interface activity 654
Packet sniffers 655
tcpdump: king of sniffers 656
Wireshark: visual sniffer 657
Network management protocols 657
SNMP: the Simple Network Management Protocol 659
SNMP organization 659
SNMP protocol operations 660
RMON: remote monitoring MIB 661
The NET-SMNP agent 661
Network management applications 662
The NET-SNMP tools 663
SNMP data collection and graphing 664
Nagios: event-based SNMP and service monitoring 665
Commercial management platforms 666
Recommended reading 667
Exercises 668
CHAPTER 20 SECURITY 669
Is Linux secure? 670
How security is compromised 671
Social engineering 671
Software vulnerabilities 672
Configuration errors 673
Certifications and standards 673
Certifications 674
Standards 675
Security tips and philosophy 676
Packet filtering 677
Unnecessary services 677
Software patches 677
Backups 677
Passwords 677Vigilance 677
General philosophy 678
Security problems in /etc/passwd and /etc/shadow 678
Password checking and selection 679
Password aging 680
Group logins and shared logins 680
User shells 680
Rootly entries 681
PAM: cooking spray or authentication wonder? 681
POSIX capabilities 683
Setuid programs 683
Important file permissions 684
Miscellaneous security issues 685
Remote event logging 685
Secure terminals 685
/etc/hosts.equiv and ~/.rhosts 685
Security and NIS 685
Security and NFS 686
Security and sendmail 686
Security and backups 686
Viruses and worms 686
Trojan horses 687
Rootkits 688
Security power tools 688
Nmap: scan network ports 688
Nessus: next generation network scanner 690
John the Ripper: find insecure passwords 690
hosts_access: host access control 691
Samhain: host-based intrusion detection 692
Security-Enhanced Linux (SELinux) 693
Cryptographic security tools 694
Kerberos: a unified approach to network security 695
PGP: Pretty Good Privacy 696
SSH: the secure shell 697
One-time passwords 698
Stunnel 699
Firewalls 701
Packet-filtering firewalls 701
How services are filtered 702
Service proxy firewalls 703
Stateful inspection firewalls 703
Firewalls: how safe are they? 704
Linux firewall features: IP tables 704
Virtual private networks (VPNs) 708
IPsec tunnels 709
All I need is a VPN, right? 710
Hardened Linux distributions 710
What to do when your site has been attacked 710
Sources of security information 712
CERT: a registered service mark of Carnegie Mellon University 712
SecurityFocus.com and the BugTraq mailing list 713
Crypto-Gram newsletter 713
SANS: the System Administration, Networking, and Security Institute 713
Distribution-specific security resources 713
Other mailing lists and web sites 714
Recommended reading 715
Exercises 716
CHAPTER 21 WEB HOSTING AND INTERNET SERVERS 719
Web hosting basics 720
Uniform resource locators 720
How HTTP works 720
Content generation on the fly 722
Load balancing 722
HTTP server installation 724
Choosing a server 724
Installing Apache 724
Configuring Apache 726
Running Apache 726
Analyzing log files 727
Optimizing for high-performance hosting of static content 727
Virtual interfaces 727
Using name-based virtual hosts 728
Configuring virtual interfaces 728
Telling Apache about virtual interfaces 729
The Secure Sockets Layer (SSL) 730 Generating a certificate signing request 731
Configuring Apache to use SSL 732
Caching and proxy servers 733
The Squid cache and proxy server 733
Setting up Squid 734
Anonymous FTP server setup 734
Exercises 736
SECTION THREE: BUNCH O' STUFF
CHAPTER 22 THE X WINDOW SYSTEM 741
The X display manager 743
Running an X application 744
The DISPLAY environment variable 744
Client authentication 745
X connection forwarding with SSH 747
X server configuration 748
Device sections 750
Monitor sections 750
Screen sections 751
InputDevice sections 752
ServerLayout sections 753
Troubleshooting and debugging 754
Special keyboard combinations for X 754
When good X servers go bad 755
A brief note on desktop environments 757
KDE 758
GNOME 758
Which is better, GNOME or KDE? 759
Recommended Reading 759
Exercises 759
CHAPTER 23 PRINTING 761
Printers are complicated 762
Printer languages 763
PostScript 763
PCL 763
PDF 764
XHTML 764
PJL 765
Printer drivers and their handling of PDLs 765
CUPS architecture 767
Document printing 767
Print queue viewing and manipulation 767
Multiple printers 768
Printer instances 768
Network printing 768
The CUPS underlying protocol: HTTP 769
PPD files 770
Filters 771
CUPS server administration 772
Network print server setup 773
Printer autoconfiguration 774
Network printer configuration 774
Printer configuration examples 775
Printer class setup 775
Service shutoff 776
Other configuration tasks 777
Paper sizes 777
Compatibility commands 778
Common printing software 779
CUPS documentation 780
Troubleshooting tips 780
CUPS logging 781
Problems with direct printing 781
Network printing problems 781
Distribution-specific problems 782
Printer practicalities 782
Printer selection 782
GDI printers 783
Double-sided printing 783
Other printer accessories 783
Serial and parallel printers 784
Network printers 784
Other printer advice 784
Use banner pages only if you have to 784
Provide recycling bins 785
Use previewers 785
Buy cheap printers 785
Keep extra toner cartridges on hand 786
Pay attention to the cost per page 786
Consider printer accounting 787
Secure your printers 787
Printing under KDE 788
kprinter: printing documents 789
Konqueror and printing 789
Recommended reading 790
Exercises 790
CHAPTER 24 MAINTENANCE AND ENVIRONMENT 791
Hardware maintenance basics 791
Maintenance contracts 792
On-site maintenance 792
Board swap maintenance 792
Warranties 793
Electronics-handling lore 793
Static electricity 793
Reseating boards 794
Monitors 794
Memory modules 794
Preventive maintenance 795
Environment 796
Temperature 796
Humidity 796
Office cooling 796
Machine room cooling 797
Temperature monitoring 798
Power 798
Racks 799
Data center standards 800
Tools 800
Recommended reading 800
Exercises 802
CHAPTER 25 PERFORMANCE ANALYSIS 803
What you can do to improve performance 804
Factors that affect performance 806
System performance checkup 807
Analyzing CPU usage 807
How Linux manages memory 809
Analyzing memory usage 811
Analyzing disk I/O 813
Choosing an I/O scheduler 815
sar: Collect and report statistics over time 816
oprofile: Comprehensive profiler 817
Help! My system just got really slow! 817
Recommended reading 819
Exercises 819
CHAPTER 26 COOPERATING WITH WINDOWS 821 Logging in to a Linux system from Windows 821
Accessing remote desktops 822
Running an X server on a Windows computer 823
VNC: Virtual Network Computing 824
Windows RDP: Remote Desktop Protocol 824
Running Windows and Windows-like applications 825
Dual booting, or why you shouldn’t 826
The OpenOffice.org alternative 826
Using command-line tools with Windows 826
Windows compliance with email and web standards 827
Sharing files with Samba and CIFS 828
Samba: CIFS server for UNIX 828
Samba installation 829
Filename encoding 830
Network Neighborhood browsing 831
User authentication 832
Basic file sharing 833
Group shares 833
Transparent redirection with MS DFS 834
smbclient: a simple CIFS client 835
The smbfs filesystem 835
Sharing printers with Samba 836
Installing a printer driver from Windows 838
Installing a printer driver from the command line 839
Debugging Samba 840
Recommended reading 841
Exercises 842
CHAPTER 27 SERIAL DEVICES 843
The RS-232C standard 844
Alternative connectors 847
The mini DIN-8 variant 847
The DB-9 variant 848
The RJ-45 variant 849
The Yost standard for RJ-45 wiring 850
Hard and soft carrier 852
Hardware flow control 852
Cable length 853
Serial device files 853
setserial: set serial port parameters 854
Software configuration for serial devices 855
Configuration of hardwired terminals 855
The login process 855
The /etc/inittab file 856
Terminal support: the termcap and terminfo databases 858
Special characters and the terminal driver 859
stty: set terminal options 860
tset: set options automatically 861
Terminal unwedging 862
Modems 862
Modulation, error correction, and data compression protocols 863
minicom: dial out 864
Bidirectional modems 864
Debugging a serial line 864
Other common I/O ports 865
USB: the Universal Serial Bus 865
Exercises 866
CHAPTER 28 DRIVERS AND THE KERNEL 868
Kernel adaptation 869
Drivers and device files 870
Device files and device numbers 870
Creating device files 871 sysfs: a window into the souls of devices 872
Naming conventions for devices 872
Why and how to configure the kernel 873
Tuning Linux kernel parameters 874
Building a Linux kernel 876
If it ain’t broke, don’t fix it 876
Configuring kernel options 876
Building the kernel binary 878
Adding a Linux device driver 878
Device awareness 880
Loadable kernel modules 880
Hot-plugging 882
Setting bootstrap options 883
Recommended reading 884
Exercises 884
CHAPTER 29 DAEMONS 885
init: the primordial process 886
cron and atd: schedule commands 887
xinetd and inetd: manage daemons 887
Configuring xinetd 888
Configuring inetd 890
The services file 892
portmap: map RPC services to TCP and UDP ports 893
Kernel daemons 893
klogd: read kernel messages 894
Printing daemons 894
cupsd: scheduler for the Common UNIX Printing System 894
lpd: manage printing 894
File service daemons 895
rpc.nfsd: serve files 895
rpc.mountd: respond to mount requests 895
amd and automount: mount filesystems on demand 895
rpc.lockd and rpc.statd: manage NFS locks 895
rpciod: cache NFS blocks 896
rpc.rquotad: serve remote quotas 896
smbd: provide file and printing service to Windows clients 896
nmbd: NetBIOS name server 896
Administrative database daemons 896
ypbind: locate NIS servers 896
ypserv: NIS server 896
rpc.ypxfrd: transfer NIS databases 896
lwresd: lightweight resolver library server 897
nscd: name service cache daemon 897
Electronic mail daemons 897
sendmail: transport electronic mail 897
smtpd: Simple Mail Transport Protocol daemon 897
popd: basic mailbox server 897
imapd: deluxe mailbox server 897
Remote login and command execution daemons 898
sshd: secure remote login server 898
in.rlogind: obsolete remote login server 898
in.telnetd: yet another remote login server 898
in.rshd: remote command execution server 898
Booting and configuration daemons 898
dhcpd: dynamic address assignment 899
in.tftpd: trivial file transfer server 899
rpc.bootparamd: advanced diskless life support 899
hald: hardware abstraction layer (HAL) daemon 899
udevd: serialize device connection notices 899
Other network daemons 900
talkd: network chat service 900
snmpd: provide remote network management service 900
ftpd: file transfer server 900
rsyncd: synchronize files among multiple hosts 900
routed: maintain routing tables 900
gated: maintain complicated routing tables 901
named: DNS server 901
syslogd: process log messages 901
in.fingerd: look up users 901
httpd: World Wide Web server 901
ntpd: time synchronization daemon 902
Exercises 903
CHAPTER 30 MANAGEMENT, POLICY, AND POLITICS 904
Make everyone happy 904
Components of a functional IT organization 906
The role of management 907
Leadership 907
Hiring, firing, and personnel management 908
Assigning and tracking tasks 911
Managing upper management 913
Conflict resolution 913
The role of administration 915
Sales 915
Purchasing 916
Accounting 917
Personnel 917
Marketing 918
Miscellaneous administrative chores 919
The role of development 919
Architectural principles 920
Anatomy of a management system 922
The system administrator’s tool box 922
Software engineering principles 923
The role of operations 924
Aim for minimal downtime 925
Document dependencies 925
Repurpose or eliminate older hardware 926
The work of support 927
Availability 927
Scope of service 927
Skill sets 929
Time management 930
Documentation 930
Standardized documentation 931
Hardware labeling 933
User documentation 934
Request-tracking and trouble-reporting systems 934
Common functions of trouble ticket systems 935
User acceptance of ticketing systems 935
Ticketing systems 936
Ticket dispatching 937
Disaster recovery 938
Backups and off-line information 939
Staffing your disaster 939
Power and HVAC 940
Network redundancy 941
Security incidents 941
Second-hand stories from the World Trade Center 942
Written policy 943
Security policies 945
User policy agreements 946
Sysadmin policy agreements 948
Legal Issues 949
Encryption 949
Copyright 950
Privacy 951
Click-through EULAs 953
Policy enforcement 953
Control = liability 954
Software licenses 955
Regulatory compliance 956
Software patents 957
Standards 958
LSB: the Linux Standard Base 959
POSIX 959
ITIL: the Information Technology Interface Library 960
COBIT: Control Objectives for Information and related Technology 960
Linux culture 961
Mainstream Linux 962
Organizations, conferences, and other resources 964
Conferences and trade shows 965
LPI: the Linux Professional Institute 967
Mailing lists and web resources 967
Sysadmin surveys 968
Recommended Reading 968
Infrastructure 968
Management 969
Policy and security 969
Legal issues, patents, and privacy 969
General industry news 970
Exercises 970
INDEX 973
ABOUT THE CONTRIBUTORS 999
ABOUT THE AUTHORS 1001
鄂公网安备 42010302001612号 