Fedora Linux Servers with systemd: third edition To Aleina and Larisa in sync again Fedora Linux Servers with systemd: third edition Richard Petersen Surfing Turtle Press Alameda, CA www.surfingturtlepress.com Please send inquiries to: editor@surfingturtlepress.com ISBN: ISBN-13: Copyright Richard Petersen, 2018 All rights reserved Copyright 2018 by Richard Petersen All rights reserved Printed in the United States of America Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication Information has been obtained by Surfing Turtle Press from sources believed to be reliable However, because of the possibility of human or mechanical error by our sources, Surfing Turtle Press, the author Richard Petersen, or others, Surfing Turtle Press does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from use of such information Limit of Liability and Disclaimer of Warranty: The publisher and the author make no representation or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose The information and code in this book are provided on "as is" basis No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services Surfing Turtle Press and anyone else who has been involved in the creation or production of the included code cannot and not warrant the performance or results that may be obtained by using the code Trademark Acknowledgements UNIX is a trademark of The Open Group Microsoft and MS-DOS are registered trademarks of Microsoft Corporation IBM and PC are registered trademarks of the International Business Machines Corporation Red Hat and Fedora are trademarks of Red Hat, Inc and are trademarks of Red Hat, Inc Fedora and the Infinity design logo are trademarks of Red Hat, Inc See www.fedoraproject.org/wiki/Logo/ for more information is a trademark of Surfing Turtle Press Preface This book is designed as a server reference for Fedora Linux with systemd This second edition is based on Fedora Linux 28 Administration tools are covered as well as the underlying configuration files and system implementations The emphasis is on what administrators will need to know to perform key networking and server tasks Topics covered include the systemd service manager, the systemd service and target files for each server, server roles, and the FirewallD firewall Key servers are examined, including Web, FTP, CUPS printing, NFS, and Samba (Windows shares) Network support servers and applications covered include the Squid proxy server, the Domain Name System server, and DHCP The book is organized into five parts: system tools, Internet servers, shared resources, network support, and administration topics Part focuses on system tools such as the systemd service manager, the FirewallD firewall, and shell scripts A Getting Started chapter covers the basics of the GNOME desktop, software management, and desktop terminals Part examines Internet servers Configuration and implementation of the Postfix and Sendmail mail server, the vsftpd and ProFTPD FTP servers, and the Apache Web server are covered in detail Part deals with servers that provide shared resources on a local network or the Internet Services examined include the Cups printing server, NFS network file server, the Samba Windows file and printing server, and the GFS distributed file system Part covers servers that provide network support such as the Squid proxy server, the Bind Domain Name System (DNS) servers, IPv6 auto-configuration, and DHCP servers Part covers administration topics such as basic administration tasks, configuring the shell, and TCP/IP networks Overview Preface Overview Contents Part 1: System Tools Fedora Linux Introduction Getting Started systemd: unit files and server management Firewalls Shell Variables and Scripts Part 2: Internet Servers Mail Servers FTP Web Servers News and Database Services Part 3: Shared Resources 10 Print Services 11 Network File Systems and Network Information Service: NFS and NIS 12 Samba 13 Distributed Network File Systems Part 4: Network Support 14 Proxy Servers: Squid 15 Domain Name System: BIND 16 Network Autoconfiguration with IPv6, DHCP Part 5: Administration Topics 17 Basic System Administration 18 Shell Configuration 19 Administering TCP/IP Networks Table Listing Figure Listing Index A B C D E F G H I K L M N O P Q R S T U V W X Z Contents Preface Overview Contents Part 1: System Tools Fedora Linux Introduction Fedora Linux Fedora Documentation Fedora Servers Getting Fedora Linux Getting Started Fedora Server startup Using the Command Line Interface Changing the hostname: hostnamectl Application Documentation The Man Pages The Info Pages Accessing USB drives from the Command line Interface on a Server Setting the date and time Editing files with the command line interface: text editors Fedora Desktop Network Connections Network Information: Dynamic and Static NetworkManager Managing Network Connections with nmcli Desktop Network Configuration using GNOME Settings Wi-Fi and Network tabs Configuring a network with systemd-networkd Predictable and unpredictable network device names Network device path names Renaming network device names with udev rules Renaming network device names for systemd-networkd with systemd.link Managing Software Managing Software with DNF GNOME Software (Software) PackageKit Updating Fedora Update with the dnf command Automatic DNF Updates with dnf-automatic Server Roles and rolekit Terminal Window Controlled Administrative Access: sudo and su Running Desktop Applications with Administrative Access Logging In to the Root User Account Directly sudo su su Root User Password sudo Configuration systemd: unit files and server management systemd systemd basic configuration files units unit file syntax special targets Modifying unit files: /etc/systemd/system Drop in files: d directories /etc/systemd/system Execution Environment Options service unit files On Demand and Standalone Services (socket) Path units Template unit files Runlevels and Special Targets systemd and automatically mounting file systems: /etc/fstab systemd slice and scope units System V: /etc/rc.d/init.d Shutdown and Poweroff Managing Services Enabling services: starting a service automatically at boot Managing services manually Cockpit The service Command Extended Internet Services Daemon (xinetd) Firewalls Dynamic and Static Firewalls: FirewallD and the iptables command Dynamic Firewall with FirewallD firewall-config firewall-cmd Firewall Rules: Netfilter, NAT, mangle Modules Packet Filtering Chains Targets Firewall and NAT Chains Adding and Changing Rules IPtables Options Accepting and Denying Packets: DROP and ACCEPT User-Defined Chains ICMP Packets Controlling Port Access Packet States: Connection Tracking Specialized Connection Tracking: ftp, irc, Amanda, tftp Network Address Translation (NAT) Adding NAT Rules Nat Targets and Chains Nat Redirection: Transparent Proxies Packet Mangling: the Mangle Table Static Firewall Commands ip6tables arptables ebtables xtables Static Firewall using iptables Configuring Static IPtables with system-config-firewall Saving IPtables rules IPtables Scripts An IPtables Script Example: IPv4 Drop Policy IP Spoofing Server Access Firewall Outside Access Blocking Outside Initiated Access Local Network Access Listing Rules User-Defined Rules Masquerading Local Networks Controlling ICMP Packets Simple LAN Configuration LAN Configuration with Internet Services on the Firewall System IP Masquerading Masquerading Local Networks Masquerading NAT Rules Masquerading Selected Hosts Shell Variables and Scripts Shell Variables Definition and Evaluation of Variables: =, $, set, unset Variable Values: Strings Quoting Strings: Double Quotes, Single Quotes, and Backslashes Quoting Commands: Single Quotes Values from Linux Commands: Back Quotes Shell Scripts: User-Defined Commands Executing Scripts Script Arguments Environment Variables Shell Environment Variables Control Structures Test Operations Conditional Control Structures Loop Control Structures Part 2: Internet Servers Mail Servers Mail Transport Agents Postfix P Pacemaker, link Pacemaker Configuration System, link PackageKit, link browsing, link categories, link install, link Packet Mangling, link passwd, link PATH, link pcs, link pdbedit, link, link PDC, link logon configuration, link Master Browser configuration, link PHP, link ping, link POP, link portmapper, link, link Ports firewall, link, link Postfix, link, link configuration, link greylisting, link virtual domains, link PostgreSQL, link, link poweroff, link predictable network device names, link, link link files, link systemd-networkd, link udev, link print servers configuration, link CUPS, link CUPS configuration tool, link cupsd.conf, link, link lpadmin, link Print services, link printers.conf, link Printing configuration, link configuration files, link CUPS, link lpc, link lpq, link lpr, link lprm, link lpstat, link Samba, link Samba printer, link system-config-printer, link Universal Resource Identifier (URI), link Web vonfiguration interface, link private networks IPv4 Reserved Addresses, link processes, link GNOME System Monitor, link kill, link ps, link profile, link proftpd, link ProFTPD, link ftpcount, link ftpshut, link ftpwho, link virtual servers, link prompt, link Protocol TCP/IP, link Proxy servers, link Squid, link ps, link Public Domain Controller, link pureftpd, link Q quotes strings, link R radvd, link reee, link reject printing, link remote printers CUPS, link system-config-printers, link rescue, link resource records, link Response Policy Zones (RPZ), link reverse mapping IPv6, link reverse mapping file, link rolectl, link rolekit, link root user su, link sudo, link root user account, link router renumbering, link routes, link routing, link rsync, link configure, link runlevels, link /etc/rc.d/init.d, link S Samba, link cifs, link clients, link firewall-config, link global, link GNOME, link homes, link ldbsam, link master browser configuration, link Microsoft Domain Security, link mount, link pdbedit, link, link PDC, link printer, link Printers, link Public Domain Controller, link shared resources, link, link shares, link smb.conf, link smbclient, link smbpasswd, link, link tdbsam, link testparm, link user level security, link variables, link winbindd, link Windows, link, link schedule tasks, link cron, link systemd timers, link scope unit files, link scripts, link arguments, link control structures, link environment variables, link Security arptables, link ebtables, link IP masquerading, link IP Spoofing, link IPtables, link xtables, link Sendmail, link, link configuring, link mailer table, link masquerading, link security, link sendmail.cf, link sendmail.mc, link, link virtusertable, link, link Server Message Block (SMB), link Server Roles, link server side includes, link servers rolekit, link Server Roles, link service, link, link services, link Services, link /etc/systemd/system, link /lib/systemd/system, link, link execution environment options, link graphical target, link mount units, link path units, link runlevels, link service, link service units, link socket units, link systemd, link target units, link, link template units, link unit files, link Settings Wi-Fi, link severs Mail, link shared resources GNOME, link NFS, link Samba, link Windows, link, link shares, link Shell bash_logout, link bash_profile, link bashrc, link aliases, link back quotes, link bash_completion.d, link configuration files, link environment variables, link, link evaluation of variables, link HOME, link PATH, link profile, link prompt, link quotes, link script arguments, link scripts, link strings, link system environment variables, link variables, link, link Shell configuration, link Shell initialization, link Shell Programming control structures, link for-in, link if, link if-then, link Loop, link script arguments, link strings, link test, link variables, link while, link Shell Scripts, link shutdown, link slice unit files, link, link smb.conf, link smbclient, link smbpasswd, link Software automatic updates, link categories, link GNOME Software, link installation, link installing software packages DNF, link PackageKit, link rolectl, link rolekit, link Server Roles, link updating, link Software Managers dnf command, link spam Amsvisd-new, link SpamAssassin, link split DNS, link Squid, link cache, link client browsers, link security, link squid.conf, link SSL Apache Web server, link SSSD, link authselect, link Start of Authority (SOA) record, link Static IP address, link strings, link quotes, link su, link subdomain, link subscription.conf, link subshells, link sudo, link sudoers, link visudo, link sudoers, link sysconfig, link system administration sudo, link System Configuration, link system directories, link System Security Services Daemon, link System Tools GNOME System Monitor, link System V, link system-config, link system-config-firewall, link system-config-httpd, link virtual hosts, link system-config-printer, link system-config-printers, link remote printers, link systemd, link /etc/systemd/system, link /lib/systemd/system, link, link execution enironment options, link file systems, link graphical target, link logind, link mount units, link path units, link runlevels, link scope units, link service units, link slice units, link socket units, link special targets, link systemd timers, link systemd-networkd, link target units, link template units, link unit files, link systemd timers, link systemd-networkd, link renaming device names, link T tabs terminal window, link targets graphical r, link TCP/IP, link configuration Files, link tcpdump, link tdbsam, link template unit files, link terminal window, link tabs, link test, link testparm, link Time date, link hwclock, link Time To Live, link top, link traceroute, link Trusted interfaces, link Trusted services, link trusted-keys, link TSIG, link U udev predictable network device names, link, link unique-local addresses, link units execution environment, link fstab, link mount units, link paths, link runlevels, link scope, link service, link slice, link sockets, link special targets, link targets, link templates, link unit files, link Universal Resource Identifier, link Universal Time Coordinated, link updates dnf, link dnf-automatic, link USB drives, link Usenet News service, link User Datagram Protocol, link user level security Samba, link UserDir, link UTC, link V Variables, link back auotes, link definition, link evaluation, link strings, link Very Secure FTP Server, link vi, link view clause, link views, link, link vim, link virtual domains, link virtual hosting, link Apache Web server, link DNS, link dynamic virtual hosting, link IP address–based, link name-based virtual hosting, link virtual hosts Apache Web server, link virtusertable, link, link virus Amsvisd-new, link visudo, link vmstat, link vsftpd, link, link access controls, link authentication, link firewall, link user access, link virtual users, link W Web server, link Apache, link authentication, link configuration, link, link directory-level configuration, link dynamic virtual hosting, link Lighttpd, link logs, link name-based virtual hosting, link NGINX, link PHP, link server side includes, link SSL, link system-config-httpd, link UserDir, link virtual hosting, link virtual hosts, link Webalizer, link Webalizer, link while, link who, link Wi-Fi airplane mode, link winbindd, link Windows, link Samba, link, link shared resources, link, link wired Network (Settings), link nmcli, link wireless nmcli, link Wi-Fi (Settings), link Wireshark, link filters, link X xload, link xtables, link Z Zero Configuration Networking, link Zeroconf, link Avahi, link zone, link, link Zone Files, link map file format, link .. .Fedora Linux Servers with systemd: third edition To Aleina and Larisa in sync again Fedora Linux Servers with systemd: third edition Richard Petersen Surfing... Overview Contents Part 1: System Tools Fedora Linux Introduction Fedora Linux Fedora Documentation Fedora Servers Getting Fedora Linux Getting Started Fedora Server startup Using the Command... https://fedoraproject.org Fedora Project https://getfedora.org Fedora download page https://download.fedoraproject.org Fedora repository, mirror link https://admin.fedoraproject.org/mirrormanager/ Fedora