Digitally signed by ayman21sa Date: 2007.12.30 18:22:57 +02'00' Fedora & Red Hat Enterprise Linux: The Complete Reference TM ® Richard Petersen New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright © 2007 by The McGraw-Hill Companies All rights reserved Manufactured in the United States of America Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher 0-07-151099-0 The material in this eBook also appears in the print version of this title: 0-07-148642-9 All trademarks are trademarks of their respective owners Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark Where such designations appear in this book, they have been printed with initial caps McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw-hill.com or (212) 904-4069 TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc (“McGraw-Hill”) and its licensors reserve all rights in and to the work Use of this work is subject to these terms Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited Your right to use the work may be terminated if you fail to comply with these terms THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE McGraw-Hill and its licensors not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom McGraw-Hill has no responsibility for the content of any information accessed through the work Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise DOI: 10.1036/0071486429 Professional Want to learn more? We hope you enjoy this McGraw-Hill eBook! If you’d like more information about this book, its author, or related books and websites, please click here To my nephews, Dylan, Christopher, and Justin About the Author Richard Petersen, MLIS, teaches UNIX and C/C++ courses at the University of California at Berkeley He is the author of Linux: The Complete Reference (all six editions), Red Hat Enterprise and Fedora Linux: The Complete Reference, Red Hat Linux, Linux Programming, Red Hat Linux Administrator’s Reference, Linux Programmer’s Reference, Introductory C with C++, Introductory Command Line Unix for Users, and many other books He is a contributor to the linux.syscon.com (LinuxWorld Magazine) with articles on IPv6, Fedora operating system, Yum, Fedora repositories, the Global File System (GFS), udev device management, and the Hardware Abstraction Layer (HAL) About the Technical Editor Dr Ibrahim Haddad is currently Director of Embedded & Open Source Technology at Motorola In this role he is responsible for defining and developing the requirements for Motorola Software Group’s open source initiatives Prior to Motorola, Dr Haddad managed the Carrier Grade Linux and Mobile Linux Initiatives at the Open Source Development Lab (OSDL) which included promoting the development and adoption of Linux and Open Source software in the communications industry He is the co-author of two books on Red Hat Linux and Fedora, a contributing editor of the Linux Journal, Linux Planet, and Enterprise Open Source Magazine, and a featured speaker and panelist at industry conferences such as Linux World, GlobalComm, Ottawa Linux Symposium, and at academic conferences hosted by IEEE, ACM, and USENIX He received his B.Sc and M.Sc in Computer Science from the Lebanese American University, and his Ph.D in Computer Science from Concordia University in Montreal, Canada Copyright © 2007 by The McGraw-Hill Companies Click here for terms of use For more information about this title, click here Contents Acknowledgments xxix Introduction xxxi Part I Getting Started Introduction to Red Hat and Fedora Linux Red Hat and Fedora Linux The Fedora Project Red Hat Enterprise Linux CENTOS: Community Enterprise Operating System Red Hat and Fedora Documentation Fedora Fedora Live CD Operating Systems and Linux History of Linux and Unix Unix Linux Linux Overview Open Source Software Linux Software Fedora Software Repositories Third-Party Linux Software Repositories Linux Office and Database Software Internet Servers Development Resources Online Linux Information Sources Linux Documentation 6 7 11 12 13 13 14 15 16 17 17 18 19 19 21 21 21 Installing Fedora Key Feature of Fedora Installation Minimal Install Strategy with Desktop Spins: Making Use of Repositories Minimal Install Strategy with Fedora Live CD: First Time Installs Obtaining the CDs and DVDs Installation Overview Install Sources Install Configurations Install Procedures Installing Dual-Boot Systems Simple Graphical Direct Install with DVD/CD-ROMs Hardware, Software, and Information Requirements Hardware Requirements Hard Drive Configuration Information Requirements 25 25 26 26 27 28 29 29 29 30 30 32 32 33 33 v vi Fedora & Red Hat Enterprise Linux: The Complete Reference CD-ROM, Hard Disk, and Mouse Information Network Configuration Information Boot Source Options Install Methods Virtual Network Computing Automating Installation with Kickstart Installing Linux Starting the Installation Program Install Hardware Detection Initial Setup: Upgrade or Install Partitions, RAID, and Logical Volumes Partition Custom and Review Partitioning Boot Loaders Network Configuration System Configuration Software Installation Finishing Installation GRUB on Restart Setup Firewall and SELinux Date and Time Hardware Profile Reporting Create User Sound Configuration Login and Logout Boot Disks Rescue Re-installing the Boot Loader Creating Your Own Fedora Install Spins with Pungi 33 34 34 35 36 36 37 38 39 39 39 40 40 43 43 44 44 46 46 47 47 47 48 48 48 48 49 49 50 50 Interface Basics: Login, Desktop, Help, Repositories, Multimedia, and Spins User Accounts Accessing Your Linux System The Display Manager: GDM The User Switcher Accessing Linux from the Command Line Interface Shutting Down Linux from the Command Line The GNOME and KDE Desktops Fedora Desktop GNOME GNOME Preferences GNOME Applets KDE Starting a GUI from the Command Line Desktop Operations Desktop Font Sizes Configuring Your Personal Information Sessions Beagle: Searching files 55 55 56 56 57 58 59 59 60 60 63 65 65 66 66 66 66 67 67 Contents Accessing File Systems, Devices, and Remote Hosts Using Removable Devices and Media Burning DVD/CDs with GNOME Installing Multimedia Support: MP3, DVD, and DivX Command Line Interface Help Resources Context-Sensitive Help Application Documentation The Man Pages The Info Pages Web Resources Using Fedora Software Repositories Using Repositories to Complete Your Installation Repository Incompatibilities Pirut Yum Extender: yumex Fedora Repository Livna Freshrpms Installing Some Popular Packages Java Applications: jpackage.org Windows Access and Applications Setting Up Windows Network Access: Samba Running Windows Software on Linux: Wine 69 70 71 71 72 73 73 73 74 75 75 75 76 77 77 77 79 79 80 81 83 84 84 85 System Configuration Fedora Administrative Tools Editing Configuration Files Directly Simple Administrative Tasks Login Screen Configuring Users Printer Configuration New Printers Editing Printers Remote Printers X Window System Configuration: system-config-display and Vendor Drivers system-config-display Video Graphics Card Driver Support: ATI, NVIDIA, and Livna Updating Fedora and Enterprise Linux: PUP and RHN Installing Software Packages Installing with Yum Pirut Package Manager: A Repository Model of Software Management Third-Party Kernel Module Updates Installing Packages Manually with the rpm Command Package Security Check Installing Source Code Applications Security Configuration Security Services Authentication Configuration 89 90 90 92 93 93 94 95 96 98 99 99 100 102 103 104 105 106 107 109 110 111 112 113 vii viii Fedora & Red Hat Enterprise Linux: The Complete Reference Unsupported Drivers Installing Access for Local Windows NTFS File Systems NTFS Read/Write Access: ntfs-3g NTFS Project Read-Only: Livna DKMS Bluetooth Bluetooth Configuration Personal Area Networks: PAN 114 115 115 116 117 117 117 118 Network Configuration Network Information: Dynamic and Static Network Manager Network Configuration with Fedora Network Tools system-config-network Configuring New Network Devices Manually Virtual Private Networks Interface Configuration Scripts: /etc/sysconfig/network-scripts Command Line PPP Access: wvdial Manual Wireless Configurations iwconfig iwpriv iwspy iwlist linux-wlan Setting Up Your Firewall: system-config-securitylevel InfiniBand Support Configuring a Local Area Network 119 119 121 122 123 126 128 128 129 131 131 132 133 133 133 133 134 135 Part II Environments GNOME Fedora Desktop Look and Feel GNOME 2.x Features GNOME 2.x Desktop Features GNOME 2.x File Manager Features GTK+ The GNOME Interface GNOME Components Quitting GNOME GNOME Help The GNOME Desktop Drag and Drop Files to the Desktop Applications on the Desktop GNOME Desktop Menu Window Manager The GNOME Volume Manager The GNOME File Manager: Nautilus Nautilus Window Nautilus Sidebar: Tree, History, and Notes 139 140 141 141 143 143 144 145 146 146 146 146 147 148 148 149 150 151 152 958 Fedora & Red Hat Enterprise Linux: The Complete Reference NTFS partitions, determining hard drive names for, 116 See also partitions NTFS project read-only access, using Livna for, 116 NTFS read/write access, obtaining, 115–116 NTFS support, availability to Fedora, 17–18 ntfs-3g NTFS driver, using, 115–116 NTP servers, enabling, 574 NVIDIA drivers, packages for, 100–101 nwid or domain parameter, using with iwconfig Wireless Tool, 132 O objects See panel objects octal numbers, calculating, 616 Office suites, descriptions of, 278–279 office versions of Linux, availability of, 19–20 OLDPWD shell variable, description of, 232 OO (OpenOffice) See OpenOffice (OO) OP RPIntegrated power management, controlling in GNOME 2.x, 142 open command, using with NcFTP client, 342 Open Sound System, Web site for, 296 Open Source Development Network (OSDN), Web site for, open source software, overview of, 16–17 Open With panel, using in Nautilus file manager, 156, 158 OpenHBCI home banking interface, Web site for, 283 OpenLDAP, Web site for, 623 OpenOffice (OO) database files available in, 280 features of, 279–280 support for, 277 Web site for, 277 OpenPGP Public Keyserver project, Web site for, 361 OpenSSH application, description of and Web site for, 112 OpenSSH packages, availability of, 407–408 OpenSSL, obtaining open source version of, 509 Openswan (Open Secure/Wide Area Network) project, Web site for, 395 Openwriter desktop editor, description of, 288 operating systems kernel as, 753 relationship to Linux, 12–13 operators for test command, functions of, 220 /opt directory, contents of, 663 options, using in Linux commands, 72–73 Options directive, using with Apache Web server, 497 options statement forwarders option for, 838 notify option for, 838 using directory option with, 837 using with DNS (Domain Name System), 837–840 Oracle database management system features of, 286 Web site for, 285 OSDN (Open Source Development Network), Web site for, OSTYPE macro, using with Sendmail, 537 OSTYPE shell variable, description of, 232 OUTPUT chain, use by kernel, 423 overviews, support in INN (InterNetNews) news server, 560–561 owners, changing for files, 614–615 ownership of files and directories, significance of, 614 ownership permissions, setting, 618–619 P package files obtaining list of, 108 querying, 108 package groups, specifying in Pungi, 53 package integrity, checking with rpm command, 109–110 Package Manager accessing, 45 features of, 105–106 package security check, performing, 109–110 Package Updater Program (PUP), using, 102–103 packages, 654–655 See also RPM packages; software authenticating, 109 installing, 81–83 installing and uninstalling, 107–108 installing with software repositories, 76 selecting with yumex, 78 packet filtering See also Netfilter firewalls executing in Netfilter firewalls, 420–421 explanation of, 11–23, 419–420 implementation of, 421–422 packet mangling tables, using in Netfilter firewalls, 433 packet redirection, implementing, 433 packet states, specifying, 429–430 packets accepting and denying, 424, 426 defining rules for, 430 routing, 818–820 tracking, 430–431 paint and image program, availability in KOffice, 281 Palm PDAs, accessing, 284–285 PAM module, relationship to LDAP, 629 PAM service, using with vsftpd, 485 PAMs (Pluggable Authorization Modules) description of and Web site for, 112 relationship to LDAP, 630–631 pand network configuration tool, description of, 120 panel objects adding, 162–163 adding menus to, 164 application launchers, 163 drawers, 163 folder and file launchers, 163 moving, removing, and locking, 162 types of, 162, 164 panels See also KDE panel (Kicker) adding directory folders to, 164 changing backgrounds of, 161–162 configuring and adding in GNOME, 160 displaying in GNOME, 161 features of, 159–160 moving, removing, and locking objects in, 162 moving and hiding in GNOME, 161 properties of, 160 relationship to applets, 162 PANs (Personal Area Networks), implementing with Bluetooth, 118 parent directories, referencing, 257 parent directory permissions, setting, 618 parity (RAID Level 4), explanation of, 707 parted command, using with hard drives, 684–685, 687 Index partition and file system creation tools, descriptions of, 685 partition configuration, example of, 41 partition labels, use in mounting file systems, 678–679 partition management packages, examples of, 33 partitions See also NTFS partitions configuring during installation, 39–40 creating, 42 creating, editing, and deleting, 40–41 creating manually, 41 editing, 42 formatting, 41 separating for RAID devices, 715 setting up boot partition, 41 passphrase, changing for SSH keys, 410 passwd command, use by root user, 570 password files /etc/passwd, 602 /etc/shadow and /etc/ gshadow, 603 maintaining for users, 601–603 Password Prompt variable, using with wvdial, 130 Password variable, using with wvdial, 130 passwords See also shadow passwords changing, 66, 94 controlling, 605–606 entering, 58 entering for printers, 98 managing in Kerberos, 416 specifying expiration dates for, 605–606 tools for, 603 using with Samba, 915–916 using with SWAT Samba configuration tool, 925 PATH variables adding directories to, 239 contents of, 657 customizing, 658 description of, 232 using, 235–236 pathmunge function, using with PATH variable, 240 pathnames identifying in URLs, 324 relationship to directories, 251–252 for user configuration files, 601–602 pax, using as alternative to tar, 267 PCHDTV video card, using for HDTV reception, 303 PCMCIA devices, support for, 744 PDAs accessing, 284–285 device name for, 285 pdfedit document viewer, description of, 284 percent (%) field specifier, using with Apache logs, 502 percent (%) prompt, use of, 194 percent (%) symbol, referencing background jobs with, 212 performance analysis tools and processes features of, 593 Frysk monitoring tool, 595 GKrellM, 596–597 GNOME Power Manager, 595–596 GNOME System Monitor, 594 KSysguard, 597 ps command, 594 System Tap, 595 Perl, Web site for, 21 -perm option, using with find command, 260 permission fields, using with udev rules, 731–732 permissions absolute permissions, 616–617 categories of, 611–612 changing with chmod command, 612–613 defaults for, 619–620 directory permissions, 617–618 on GNOME, 612 indicating empty status of, 612 operations for, 613 ownership permissions, 618–619 read, write, and execute permissions, 612 setting for application desktop links in KDE, 182 setting with symbols, 615–616 sticky bit permissions, 619 using binary masks with, 616–617 Permissions panel in Nautilus Properties box, explanation of, 157–158 persistent names, creating, 730 Personal Area Networks (PANs), implementing with Bluetooth, 118 personal information, configuring, 66–67 PGP (Pretty Good Privacy) sites, descriptions of, 356 Phone variable, using with wvdial, 130 photo management tools digiKam, 296 F-Spot Photo Manager, 295–296 photographs, selecting from Pictures folder, 66 PHP (PHP: Hypertext Preprocessor), features of, 507–508 Pictures folder, selecting photographs from, 66 pilot-link package, features of, 284 ping command, using with network startup scripts, 815 ping network tool, features of, 344–345 ping operations, controlling for ICMP packets, 427–428 ping program, monitoring networks with, 820–821 pipes (|), using in BASH (Bourne again) shell, 207, 209–210 Pirut features of, 77 using Kyum instead of, 173 Pirut Package Manager accessing, 45 features of, 105–106 pixmaps directory in Nautilus, contents of, 157 Places view in Nautilus, explanation of, 152 Pluggable Authentication Modules (PAMs), relationship to LDAP, 630–631 pmove command, using with LVM, 703 pointer (PTR) records, using, 845 policies, listing for removable storage devices, 736–737 policies in SELinux creating, 391–392 implementation of, 383–384 purpose of, 375 using apol tool with, 382 Policies panel, using with printers, 98 policy methods, using in SELinux, 383–384 policy module tools, using in SELinux, 391 POP (Post Office Protocol), capabilities of, 544–545 POP and IMAP servers, availability of, 546 POP mail servers, accessing mail on, 316–317 port access, controlling with Netfilter firewalls, 428–429 Port directive, using with Apache Web server, 496 port forwarding, using, 413–414 959 960 Fedora & Red Hat Enterprise Linux: The Complete Reference portmapper service, using with NFS servers, 892 POSIX (Portable Operating System Interface for Computer Environments) standard, significance of, 14–15 Post Office Protocol (POP), capabilities of, 544–545 Postfix Greylisting Policy Server, features of, 528 Postfix MTA (mail transfer agent) commands in, 526 configuration of, 526–528 configuring for use with SpamAssassin, 547 controlling user and host access in, 528–530 features of, 525–526 masquerading in, 528 parameters used with, 529–530 virtual domains in, 528 PostgreSQL database management system features of, 286 Web site for, 285 PostgreSQL database server, structure of, 562 POSTROUTING chain, using to masquerade hosts, 447 pound sign (#) prompt, use of, 194 power parameter, using with iwconfig Wireless Tool, 132 PowerDVD player, Web site for, 304 PPID shell variable, description of, 232 PPP, accessing from command line with wvdial, 129–131 ppp connections, listing modem devices, 127 pref command, using with NcFTP client, 342 preferences in GNOME desktop, 63–65 setting for Clock applet, 164 setting in Nautilus file manager, 158–159 Preferred Applications tool, using in Nautilus file manager, 156 PREROUTING chain, using to masquerade hosts, 447 presentation programs availability in KOffice, 281 in OpenOffice, 279 Preview preferences, setting in Nautilus file manager, 159 print job, explanation of, 551 -print option, using with find command, 260 printer connections, selecting, 95 printers accessing in Samba, 927–928 adding and editing, 95 configuring, 94 configuring remote printers on CUPS, 552–553 device files for, 550 displaying configurations for, 94 editing, 96, 98 installing with CUPS, 551–553 setting up remote printers, 98 printing enabling in Samba, 924 sites and resources for, 550 using spool directories in, 551 printing features, selecting defaults for, 98 printing files, 254 priorities, listing for system logs, 589–591 private groups, using, 609 private keys See also keys; public keys creating with ssh-keygen command, 409–410 generating for GPG (GNU Privacy Guard), 358 in SSH authentication, 406–407 /proc directory, contents of, 663 /proc file system contents of, 666, 721–722 subdirectories and files of, 668 processes ending in BASH (Bourne again) shell, 214 listing, 594 procmail, configuring to use SpamAssassin, 547 profile file, significance of, 238 profile scripts managing user environments with, 604 using with shells, 240–242 profiles, support in system-confignetwork tool, 125 program directories, contents of, 584, 664–665 program fields, relationship to /lib/udev directory, 728 programs See also applications installing, 111 locating, 258 location of, 657 project management capability, availability in KOffice, 281 prompt, marking beginning of command line with, 194 See also shell prompt prompt command, using with ftp program, 339–341 PROMPT_COMMAND system environment variable, description of, 233 properties, specifying device information with, 734–735 Properties box in Nautilus, panels in, 157–158 proxies use of, 420 use with browsers, 327–328 proxy servers, features of, 513–514 ps command listing processes with, 594 obtaining system process number with, 214 PS1 system environment variable configuring shell prompt with, 236–237 description of, 233 PS2 system environment variable configuring shell prompt with, 236–237 description of, 233 PSOTROUTING rule, using with SNAT targets, 432 PTR (pointer) records, using, 845 public keys See also keys; private keys authenticating RPM packages with, 109 creating with ssh-keygen command, 409 generating for GPG (GNU Privacy Guard), 358 importing for software packages, 365 making available in GPG (GNU Privacy Guard), 360–361 obtaining with GPG (GNU Privacy Guard), 361–362 in SSH authentication, 406–407 using in SSH (Secure Shell), 411 validating for software packages, 366 public licenses, protection of open source software by, 16 public-key encryption, using, 356 Pungi creating Fedora install spins with, 50–55 editing Yum configuration file for, 53 stages for creating spins, 54 Pungi actions, creating log for, 54 pungi.conf file, default for, 51 PUP (Package Updater Program) updating software with, 636–637 using, 102–103 Pure FTPD server, features of, 474 Index PVFS (Parallel Virtual File Systems), using, 902–903 pwd command, effect of, 255 PWD shell variable, description of, 232 PXE (Pre-Execution Environment), booting from, 35 Q -qi option, using with rpm command, 108 -ql option, using with rpm command, 108 -qpi option, using with rpm command, 108 -qpl option, using with rpm command, 108 Qt library, using in KDE (K Desktop Environment), 173 Qt Public License (QPL), explanation of, 16 QTDIR system environment variable, description of, 233 quataoff command, using, 621 question (?) mark, using in BASH (Bourne again) shell, 203–204, 207 queue command, using with lftp client, 341 quit command, using with ftp program, 338 quota command, using, 622 quotacheck command, using, 621 quotaon command, using, 621 quotas See disk quotas quotes, single quote (') versus back quote (`), 216–217 R r (read) permissions, setting, 615, 618 -r option, using with shutdown command, 59 racoon tool configuring gateway connections with, 404 configuring IPsec with, 401–403 radvd Router ADVertisement Daemon, using, 871 RAID (Redundant Arrays of Independent Disks) administration with mdadm, 708–709 configuring, 710–711 configuring bootable RAID, 714–715 creating spare groups for, 712 example of, 716–718 features of, 705 hardware RAID support, 705 support for, 693–694 RAID arrays creating, 711–712 managing, 713 monitoring, 713–714 starting and stopping, 713 RAID devices booting from, 708 configuring during installation, 39 creating and installing, 709 and partitions, 708 setting up with separate partitions, 715 RAID disks, creating, 43 RAID file systems, adding, 709–710 RAID levels, explanations of, 706–708 RAM disks, using, 768–769 RANDOM shell variable, description of, 232 rar archives, using unrar tool with, 267 Raven and Stronghold licensing, Web site for, 487 RBAC (role-based access control) security model, use by SELinux, 370–371, 383 rbac file, using in SELinux, 390 rc.local file, contents of, 451 rcp command, using, 349–351 rc.sysinit file, contents of, 451 read permissions, using, 612 Readline editing operations, using with BASH (Bourne again) shell, 195 RealPlayer, downloading, 302 rebooting, 49 records adding to LDAP directory database, 628 creating and inserting in SQL, 562 recovery, implementing via journaling, 673–674 Red Hat documentation for, 7–8 FTP site for, Red Hat Enterprise Linux See also Linux accessing documentation and help resources for, 73 downloading, install guides for, 25 updating, 102–103 versions of, 6–7 Red Hat Enterprise Linux, features of, red hat graphical boot (rhgb) tool, troubleshooting, 46–47 Red Hat Linux popularity of, Web sites related to, Red Hat Package Manager (RPM) See RPM (Red Hat Package Manager) redirection of packets, 433 and piping of standard errors in BASH (Bourne again) shell, 210–211 preventing with noclobber feature, 230 redirection operators (> and >>), using in BASH (Bourne again) shell, 206–208 redirection symbols in BASH (Bourne again) shell, execution of, 202 Redundant Arrays of Independent Disks (RAID) See RAID (Redundant Arrays of Independent Disks) regret command, using with ftp program, 338 regular expressions, using in BASH (Bourne again) shell, 224–226 ReiserFS, journaling in, 674 relabel option, using with security contexts, 392 relational database structure, use by MySQL and PostgreSQL, 562 relative versus absolute pathnames, 252 remote access commands, effects of, 349 remote access permission, obtaining, 350–351 remote anonymous stanza, using in IPsec configuration, 402 remote hosts, accessing, 69–70 remote locations, developing from, 658–659 remote login, performing with ssh client, 411–412 remote POP mail servers, accessing mail on, 316–317 remote printers, setting up, 98 removable devices accessing with GNOME Volume Manager, 149–150 listing, 69 listing policies for, 736–737 managing with HAL (Hardware Abstract Layer), 674 using, 70 repodata directory page, accessing Fedora packages from, 79 report generator, availability in KOffice, 281 repositories See also software repositories disabling, 77 for Fedora, 17–18 961 962 Fedora & Red Hat Enterprise Linux: The Complete Reference repositories (continued) incompatibilities with, 77 for third-party Linux software, 18–19 using for minimal install of Fedora, 26 repository configuration files, listing with yumex, 79 repquota command, using, 622 rescue CD, creating, 49 rescue mode, booting Linux in, 49 resolvers, use with DNS (Domain Name System), 827–828 resource records See also DNS (Domain Name System) format used by, 840 types of, 841 using aliases with, 845 using in DNSSEC, 861–862 restore command interactive mode shell commands for, 789 using, 787–788 restorecon command, using with security contexts, 392 Results pane in GConf configuration editor, description of, 168 reverse mapping files, using SOA records with, 842–843 reverse name format for IPv4, 850–851 for IPv6, 851–853 reverse proxy cache, configuring in Squid proxy server, 521 Review option for partitions, choosing during installation, 40 RFC 3513 (IPv6 addresses), Web site for, 805 rhgb (red hat graphical boot) tool, troubleshooting, 46–47 rlogin, availability of, 350 rlogin command, effect of, 349, 351 rm command effect of, 261 meaning of, 257 using asterisk (*) with, 203 using with files and directories, 263 rmdir command effect of, 255 using, 256 rmod command, unloading modules with, 748 roaming, setting on with iwpriv Wireless Tool, 132 role allow rules, managing in SELinux, 387 role and type declarations, managing in SELinux, 384–385 role-based access control (RBAC) security model, use by SELinux, 370–371, 383 roles in SELinux, purpose of, 374 root directory (/) role in FHS (File System Hierarchy Standard), 662–663 setting with chroot command, 49 significance of, 250 root partition, contents of, 41 root password, changing, 92 root servers, connecting DNS servers to, 857 root user becoming, 570 changing passwords for, 94 definition of, 569 logging in as, 48 password for, 570 root user access, obtaining, 570–571 root user account, logging into, 570 root user security levels, determining in SELinux, 394 rootnoverify option, using with GRUB, 599 rootpw command, using with LDAP servers, 624 rotatelogs utility, using with Apache, 502 routers, renumbering with IPv6 autoconfiguration, 869–870 routes deleting, 820 location of, 819 routing packets, 818–820 routing table, entries in, 819 RP records, using, 846 RPM (Red Hat Package Manager) features of, 643 options for, 645–646 packaging software with, 659 RPM archives, contents of, 633 RPM binary packages, repository for, 296 rpm command installing and updating packages with, 648–649 installing packages with, 107–109 options used with, 108 reinstalling files with, 49 using, 644–645 RPM databases, rebuilding, 651 RPM directory, importing Red Hat public keys from, 365 RPM discrepancy codes, explanations of, 650 RPM files, examining contents of, 648 RPM installation, verifying, 650 RPM packages See also packages; software authenticating with public keys, 109 checking public keys with, 366 installation example, 649 installing, 108 installing and uninstalling, 643–644 installing and updating, 648–649 installing from desktop, 644 query options for, 648 querying information from, 647–648 removing, 650 using, 103, 644 for video applications, 302–303 for XviD, 305 RPM source code files, installing software from, 651 RPM tools, using, 643–644 rpmbuild operation, using with SELinux, 388 rpm.livna.org, configuring Yum for, 80 rsh command, using, 350, 352 rsync command accessing FTP sites with, 478 making backups with, 779–780 rsync mirroring, implementing, 479 rsync servers, configuring, 478–479 rules, defining for packets, 430 rules.d file, using with udev hotplug tool, 723 Run Command, selecting in KDE, 181 runlevel command, using, 581 runlevels changing with telinit, 580 in initab, 580 for service scripts, 455 states of, 578–579 runtime configurations, using in SELinux, 383–384 runtime parameters, using with kernel, 755 ruptime command, effect of, 350 rwho command, effect of, 350 S \s shell prompt code, description of, 237 SA (security associations), using with IPsec connections, 399 sainfo anonymous section, using in IPsec configuration, 402 Samba See also SWAT Samba configuration tool accessing printers in, 927–928 allowing guest user access to, 925 Index applications for, 910–911 configuring firewalls for, 912 configuring with systemconfig-samba, 916–917 documentation for, 909–910 enabling printing in, 924 features of, 909 mounting shared directories in, 932–933 Printers section of, 925–926 services provided by, 910 setting up Windows network access with, 84–85 shares in, 926–927 starting up, 911–913 support for domain logons in, 929 testing from Linux, 912 user level security provided by, 913–916 using with Windows systems on GNOME, 149–150 variable substitutions in, 928 Samba access, configuring from Windows, 912–913 Samba clients, sharing Windows directories and printers with, 933–934 Samba configuration options for, 913 testing, 929 Samba daemon, configuring, 917–919 Samba passwords, using, 915–916 Samba resources, accessing from Windows systems, 934 Samba services, accessing with clients, 930–934 Samba shares See also shares accessing with smbclient utility, 931–932 configuring, 120 specifying with systemconfig-samba, 917 Samba users adding with system-configsamba, 917 managing, 916 sar command, using, 595 SASL (Simple Authentication and Security Layer), using with Sendmail, 542–544 /sbin directory contents of, 663–664 function of, 253 scheduled tasks, organizing, 576–577 scp client, using, 412–413 scp command, using, 351 Scribus desktop publishing tool, 277, 284 search operations, performing in SQL, 562 search servers, using, 558–560 Search tool in GNOME desktop, using, 258 seaudit tool, using with SELinux, 382 secret keys, using in DNS security, 860 Secure Shell (SSH) See SSH (Secure Shell) Secure Sockets Layer (SSL) See SSL (Secure Sockets Layer) security See also DNS security methods; GPG (GNU Privacy Guard); IPsec (Internet Security Protocol); SELinux (SecurityEnhanced Linux); SSH (Secure Shell); system-configsecuritylevel configuring, 111–114 digital signatures, 356 in Fedora, 20 implementing with nfs4 access lists, 891 implementing xinetd network security, 468–469 integrity checks, 356–357 public-key encryption, 356 in Samba, 913–916, 924 in Sendmail, 542–544 of Squid proxy server, 516–519 of Web servers, 508–511 security applications, descriptions of, 74 security associations (SA), using with IPsec connections, 399 security check, performing on packages, 109–110 security context files, managing in SELinux, 390 security contexts checking in SELinux, 376 determining for security identity, 373 locating defaults for, 394 relationship to Flask architecture, 370–371 setting up defaults for, 394 using in SELinux, 392 using relabel option with, 392 using restorecon command with, 392 security in SELinux, purpose of, 374 security issues, finding out about, 113 security models, use by SELinux, 370–371 security policy (SP), relationship to setkey in IPsec, 399–400 security services, availability of, 112–113 Security-Enhanced Linux (SELinux) See SELinux (Security-Enhanced Linux) select control structure, function of, 222 SELinux (Security-Enhanced Linux) See also security adding new users in, 392–393 checking messages in, 382 checking security context in, 376 checking status and statistics in, 376 configuration for, 384 configuring, 377–379 features of, 369–370 managing users in, 383 MCS (multicategory security) in, 375, 383 MLS (multilevel security) in, 375, 382–383 obtaining system administration access under, 372 policy methods in, 383–384 resources for, 370 runtime security contexts and types in, 383–384 security models used by, 370–371 turning off, 375 using security contexts in, 392 SELinux management tools audit2allow, 376–377, 380–381 descriptions of, 377 setools packages, 376 system-config-selinux, 377–379 SELinux modules, compiling, 388 SELinux Policy Analysis tool, features of, 382 SELinux policy configuration files application configuration and appconfig, 391 changing, 387–388 file interface files, 390 module files, 390 policy module tools, 391 security context files, 390 types files, 390 user configuration and roles, 390–391 SELinux policy packages, availability of, 371–372 SELinux policy rules access vector rules with allow, 386–387 constraint rules, 387 file contexts, 386 role allow rules, 387 963 964 Fedora & Red Hat Enterprise Linux: The Complete Reference SELinux policy rules (continued) transition and vector rule macros, 387 type and role declarations, 384–385 user roles, 386 SELinux reference policies, using, 382–383 SELinux screen, options on, 47 SELinux security application, description of and Web site for, 112 SELinux source configuration, using, 388–389 SELinux terminology domains, 373 identities, 373 policies, 375 roles, 374 security context, 374 transitions and labeling, 374 types, 374 SELinux troubleshooter, using, 380–381 semanage, using with SELinux, 381 semanage_module command, using in SELinux, 388, 391–392 semicolon (;) purpose in wvdial, 129 separating commands with, 195 semodule command, using with -i option in SELinux, 392 Sendmail access actions in, 543 configuring, 533–534, 536–537 configuring for centralized mail server, 540–541 configuring for simple network configuration, 540 configuring mail servers and mail clients with, 539–540 configuring workstations with direct ISP connections, 541 defining virtual domains in, 542 distribution of, 366 features of, 530, 532, 535–536 files and directories for, 531 LDAP support in, 532–533 mailer table in, 541–542 masquerading in, 537–539 security in, 542–544 specifying errors messages in, 543 SSL support in, 542 support for aliases in, 532–533 using divert command with, 537 using dnl command with, 537 using FEATURE macros with, 534, 536–537 using MAILER macro with, 534, 536–537 using OSTYPE macro with, 537 sens parameter, using with iwconfig Wireless Tool, 132 serial ports, relationship to terminal devices, 741 server daemons, managing startup and shutdown of, 453 ServerAlias directive, using with Apache Web server, 504 ServerName directive, using with Apache Web server, 496 ServerRoot directive, using with Apache Web server, 494 servers designating for printers, 98 listing, 45 server-side includes (SSIs), features of, 505–506 ServerTokens directive, using with Apache Web server, 494 service command starting and stopping Bluetooth with, 117 using, 583 using with Network Manager, 122 service management tools chkconfig, 458–461 system-config-services, 457–458 service script tags, using, 462–463 service scripts for Apache Web server, 491 in /etc/rc.d/init.d directory, 453–454 example of, 463–464 functions of, 461–462 installing, 465 runlevels for, 455 running, 454 starting and stopping services with, 456 services configuring to start up automatically at boot, 452 listing with chkconfig tool, 458 managing, 582–583 removing and adding services with, 460 starting and stopping manually, 453 starting and stopping with chkconfig, 459 starting automatically, 456–457 starting directly, 455 sessions saving, 67 starting for services, 455 sestatus command, using in SELinux, 376 set command using, 216 using with ignoreeof feature, 230 setenforce command, turning of SELinux with, 375 setkey, configuring IPsec connections with, 399–401 Settings option in KDE, using, 173 Setup Agent, running, 47 seuser command, using in SELinux, 393 seusers file, contents of, 394 sftp and sftp-server clients, using, 413 sh command, description of, 228 sh command, using, 217 sh extension, explanation of, 241 shadow passwords See also passwords description of and Web site for, 112 turning off, 603 share directories, contents of, 190 shared keys, using in IPsec configuration, 402 shares See also Samba shares configuring in Samba, 926–927 setting up, 85 using with printers, 98 shell command interpreter, features of, 193 shell feature variables, case of, 233 shell operations, controlling, 230 shell parameter variables assigning, 238–239 BASH_ENV, 236 EXINIT, 234 exporting, 238 features of, 233–234 HOME, 233–235 MAIL, 234 PATH, 234–235 PS1, 234 PS2, 234 SHELL, 234 using initialization files with, 234 using with news servers, 237–238 shell prompt, configuring, 236–237 See also prompt shell scripts arguments for, 218–219 executing, 217–218 SHELL system environment variable, description of, 233 Index shell variables, 232 shell-based programs, running in KDE (K Desktop Environment), 182 shells See also login shell commands for invocation of, 228 configuration directories and files for, 245 defining environment variables in, 231 definition of, 214–215 initialization and configuration files for, 244–245 leaving, 227 preventing logging out of, 230 system environment variables for, 232–233 types of, 227 using profile script with, 240–242 Web sites for, 194 SHLVL shell variable, description of, 232 shortcuts, use of symbolic links as, 263–264 shutdown command options for, 582 using, 581 using -h option with, 59 shutting down Linux systems, 49, 57 signature files, relationship to mail clients, 307 Simple Authentication and Security Layer (SASL), using with Sendmail, 542–544 single quote (') versus back quote (`), 216–217 using with aliases, 228–229 sites See Web sites -size option, using with find command, 260 slappasswd command, using with LDAP servers, 624 slash (/), placing after directory names, 228 slave records, using in DNS, 854–856 slave servers, using in DNS, 854–856 slave zones, using in DNS, 855 slogin command, using, 351 slrn newsreader, features of, 320 slrnpull utility, features of, 320 SMB services, restricting access to, 924 SMB shared remote printers, accessing, 98 smbclient utility accessing Samba shares with, 931–932 comparing to FTP clients, 930–931 smb.conf file example of, 922–923 SSL version of Apache Web server in, 510 using, 917–919 smbpasswd command, using, 915–916 Smolt hardware profile screen, features of, 48 snakeoil certificate, installing, 511 SNAT and DNAT targets, using, 431–432 SOA (Start of Authority) records, using with zones and reverse mapping files, 842–843 SOA records, using with zone files, 847–848 software See also packages; RPM packages checking digital signatures for, 365–367 compiling, 111, 654–655 configuring command options for, 655 decompressing and extracting, 652 determining installation of, 108 downloading, 104 extracting, 653–654 file extensions for, 635 installing, 44–46, 103–104 installing from compressed archives, 652–656 installing from RPM source code files, 651 installing manually with rpm command, 107–109 installing with Yum, 104–105 listing with Pirut Package Manager, 106 packaging with RPM, 659 removing, 108–109 types of, 635 updating with Yum and PUP, 636–637 software depositories, Web sites for, software directories, adding to /etc/profile file, 657 software repositories See Fedora software repositories; repositories downloading software from, 634–635 using Yum on, 76 sort command, using, 209 sound & MIDI software, Web site for, 296 sound applications availability of, 298 LAME, 301 for music, 301–302 sound cards detecting and testing, 92 installing, 742 sound drivers, selecting in GNOME desktop, 65 Sound panel, features of, 48 source code applications configuring, compiling, and installing, 110–111 extracting archives for, 110–111 source code, compiling kernel from, 759–762 source code packages (SRPMs), installing software from, 651 SourceForge hosting site, Web address for, 16, 296 sources, selecting for Fedora installation, 29 SP (security policy), relationship to setkey in IPsec, 399–400 space on file systems, determining, 671–672 SpamAssassin, features of, 546–547 spashimage option in GRUB, using, 598 Spatial view in Nautilus explanation of, 153 navigating, 154 special characters See also characters for regular expressions, 225 using in file searches, 225 spins downloading, 103 using with Fedora installations, 28 split DNS configuring views in, 864 internal and external views in, 864 spool directories, using printing, 551 spreadsheet applications in GNOME Office, 282–283 in KOffice, 281 in OpenOffice, 279–280 spreadsheet applications, availability in KOffice, 281 SQL databases (RDBMS) Informix, 286–287 MySQL database management system, 286 Oracle, 286 PostgreSQL, 286 SQL query language commands in, 562 use by database servers, 562–563 SQL-based databases, explanation of, 285 965 966 Fedora & Red Hat Enterprise Linux: The Complete Reference squashing users in NFS, explanation of, 889 Squid application, description of and Web site for, 112 Squid proxy server ACL (access control list) options for, 517 administrative settings in, 520 caches used by, 519–520 configuring cache memory in, 520 configuring client browsers for, 514–515 features of, 513–514 listing domains in, 518 logs in, 520 memory and disk configuration in, 520 order of http_access options in, 518 protocols supported by, 514 security of, 516–519 using reverse proxy cache in, 520–521 Web server acceleration in, 520–521 Web site for, 513 squid.conf file, location of, 516 SquirrelMail mail client, features of, 313 SRPMs (source code packages), installing software from, 651 SSH programs, use of, 113 SSH (Secure Shell) See also security authentication mechanics of, 407 authorized keys in, 411 configuration files for, 410 encryption methods used by, 406–407 functions of, 406 implementations of, 405 loading keys in, 411 and port forwarding (tunneling), 413–414 setup of, 408–409 versus SSL (Secure Sockets Layer), 509 ssh client, using, 411–412 SSH clients scp, 412–413 sftp and sftp-server, 413 ssh, 411–412 SSH Communications Security, Web site for, 405 SSH configuration files, managing, 414 SSH keys, creating with ssh-keygen, 409–410 SSH tools, using, 407–408 ssh-keygen command, using, 409–410 SSIs (server-side includes), features of, 505–506 SSL (Secure Sockets Layer) features of, 509–511 mod_ssl implementation of, 510 versus SSH (Secure Shell), 509 support in Sendmail, 542 standard errors, redirecting and piping in BASH (Bourne again) shell, 210–211 standard input (-) argument, using with commands, 210 standard input in BASH (Bourne again) shell explanation of, 205–206 receiving data from, 208–209 standard output in BASH (Bourne again) shell explanation of, 205–206 redirecting, 206, 208 Standard Resource Record Format, using with resource records, 840 StarOffice suite, Web site for, 277 Start of Authority (SOA) records, using with zones and reverse mapping files, 842–843 STARTTLS command, using with Sendmail, 542 startx command, starting desktops with, 66 state extension, detecting packet tracking information with, 429–430 static IP addresses, using with wireless connections, 128 static network information, obtaining, 120–121 steganography, definition of, 365 sticky bit permissions, setting, 619 storage devices, attaching file systems on, 671 Storage Media option, using in KDE, 177 storage.fdi file, contents of, 736–737 string comparisons, functions of, 220 striping (RAID Level 0), explanation of, 707 Stronghold and Raven licensing, Web site for, 487 Stronghold Enterprise Web server, Web site for, 488 stty command, listing terminal settings with, 741 Stupid Mode variable, using with wvdial, 130 su command, use by root user, 570–571 subdomain records, using in DNS, 854 subdomain zones, using in DNS, 854 Subversion software development, explanation of, 658–659 sudo command, controlling administrative access with, 572–573 suffix command, using with LDAP servers, 623 Sun Java System Web server, Web site for, 488 Sun Java, Web site for, 21, 331 superuser becoming, 570 changing passwords for, 94 definition of, 569 logging in as, 48 password for, 570 swap partitions allocating space for, 33 creating, 685 SWAT configuration pages, displaying, 921–922 SWAT Samba configuration tool, 920 See also Samba accessing, 920 activating, 919–920 creating shares with, 922 features of, 919 Global section of, 923–925 Homes section of, 925 security levels of, 924 using passwords with, 925 SWAT-generated smb.conf example, 922–923 switchdesk command, using, 66 Sybase database management system features of, 287 Web site for, 285 symbolic links support for, 263–264 using with udev hotplug tool, 726–728 SYMLINK rules, adding, 729 /sys directory, contents of, 663–664 /sys sysfs file system, contents of, 666–667, 721 sysconfig files, relationship to Fedora system administration tools, 588 sysctl, running for IP forwarding, 447 syslogd, facilities, priorities, and operators for, 590 syslogd and syslog.conf files, features of, 589 syslogd.conf files, features of, 589 system administration operations, performing, 569 system administration tools, descriptions of, 571 system administrator becoming, 570 changing passwords for, 94 Index definition of, 569 logging in as, 48 password for, 570 system bashrc file, contents and location of, 243 system configuration See also configurations tools for, 91 troubleshooting, 89 system directories See also directories configuration directories and files, 665 contents of, 252 descriptions of, 585, 664 functions of, 253 program directories, 584, 664–665 system environment variables, using with shells, 232–233 system GNOME directories, contents of, 167 system logs features of, 588 priorities for, 589–591 specifying actions and users in, 591–592 syslogd and syslog.conf, 589 syslogd.conf, 589 viewing, 588 System menus, explanations of, 141 System Monitor, using, 671 System option in KDE, using, 173–174 system process number, obtaining, 214 system resources, accessing from file manager in KDE, 176–177 system runlevels See runlevels system startup files and directories, 452 /etc/rc.d, 451 /etc/rc.d/init.d, 452–455 /etc/sysconfig, 451 rc.local, 451 rc.sysinit, 451 System Tap diagnostic tool, features of, 595 system time and date, setting, 573–574 system time, setting, 44 system tools, accessing in KDE, 173 System V init script tags, descriptions of, 463 system-config-authentication tool, description of and Web site for, 112 system-config-bind, description of, 120 system-config-cluster, managing GFS clusters with, 904 system-config-date utility, using, 573–574 system-config-display, changing display settings with, 99–100 system-config-httpd, description of, 120 system-config-lvm entering in terminal window, 695–697 using, 700–701 system-config-netboot, description of, 120 system-config-network configuring Ethernet cards with, 126 configuring IPSec with, 397–398 Devices panel in, 124–125 DNS panel in, 123 Hosts panel in, 123–124 profiles support in, 125 system-config-network, description of, 120 system-config-nfs, description of, 120 system-config-printer, starting, 94 system-config-samba adding Samba users with, 917 configuring Samba with, 916–917 description of, 120 specifying Samba shares with, 917 system-config-securitylevel See also security description of, 120 setting up firewalls with, 133–134 system-config-selinux description of and Web site for, 112 using, 377–379 system-config-services description of, 120 starting and stopping xinetd services with, 465–466 using, 452, 457–458, 583 using with network services, 136 system-config-services ON Demand panel, 466 system-config-users, managing groups with, 610 T \t shell prompt code, description of, 237 tables, creating in SQL, 562 tabs in Konqueror, opening folders as, 184 TANGO style guidelines, compliance of Cairo images with, 140 tape, archiving to, 271 tar (tape archive) tool creating archives with, 268 decompressing software with, 652 displaying archive contents with, 268 extracting archives with, 268–269 extracting software with, 653–654 features of, 267 versus pax, 267 tar archives, extracting in Konqueror, 184 tar command c option used with, 268 f option used with, 268 options for, 269 r option used with, 269 scheduling automatic backups with, 779 u option used with, 270 updating archives with, 270 using, 110 using to archive to floppy disks, 270 using with driver modules, 114 x option used with, 268 z option used with, 270, 272 targets in NAT (Network Address Translation), 431–432 relationship to Netfilter firewalls, 422–423 tasks organizing scheduled tasks, 576–577 scheduling with cron service, 574–578 TCP wrappers, using with xinetdmanaged servers, 471–472 tcpdump, capturing network packets with, 823 TCP/IP configuration files addresses for, 809 /etc/hosts file, 809–810 /etc/protocols file, 811 /etc/services file, 811 /etc/sysconfig/network file, 811 /etc/sysconfig/networking file, 810–811 /etc/sysconfig/networkscripts file, 810 TCP/IP network addresses and class-based IP addressing, 797–798 IPv4 addresses, 797 and netmasks, 798–799 TCP/IP protocol development groups, Web sites for, 794 967 968 Fedora & Red Hat Enterprise Linux: The Complete Reference TCP/IP protocol suite, components of, 793–796 tcsh command, description of, 228 TCSH shell defining environment variables in, 231 description of, 227 initialization and configuration files for, 244 TCSH Web site, accessing, 194 TE (type enforcement) security model, use by SELinux, 370–371 te policy configuration files, using in SELinux, 387–388 telinit command changing runlevels with, 580 using, 348–349 using with vendor drivers for video cards, 101–102 TERM system environment variable, description of, 233 termcap files, contents of, 741 terminals, installing and managing, 740–742 test command, using, 219–220 TeX typesetting tool, features of, 284 text files, editing, 90 themes clearlooks, 140 displaying GNOME desktop with, 145 selecting for KDE (K Desktop Environment), 178 using with Fedora desktop, 60 using with GDM (GNOME Display Manager), 57 third-party kernel drivers, availability of, 106–107 ThreadsPerChild directive, using with Apache Web server, 495 Thunderbird mail client enabling LDAP on, 630 using enigmail extension with, 358 Thunderbird mail client, features of, 310–311 tickets destroying, 417 viewing in Kerberos, 415 tilde (~), using with user names, 197 time, setting, 44 time and date, setting, 92, 573–574 Time To Live directives, using with zone files, in zone files, 841–842 Timeout directive, using with Apache Web server, 494 timeout option in GRUB, using, 598 TMOUT system environment variable, description of, 233 /tmp directory, contents of, 663–664 top command, using, 595 torrents, starting with BitTorrent, 636 Torvalds, Linus, 14 TOS targets, using, 432 traceroute network tool, features of, 345–346 transfer protocol, use with URL addresses, 324 TransferLog directive, using with Apache Web server, 502 transfers, controlling in DNS, 855–856 transition and vector rule macros, managing in SELinux, 387 transitions and labeling in SELinux, purpose of, 374 transmissions, tunneling, 403–404 Trash folder, system KDE directory for, 192 Tree pane in GConf configuration editor, description of, 168 tree structure, explanation of, 250 Tree view in Nautilus, explanation of, 152 Tripwire integrity checker, using, 367 troubleshooting, performing with audit2allow tool, 380–381 tset command, initializing terminal devices with, 742 TSIG keys, using in DNS security, 862–863 TSIG signatures and updates, using in DNS (Domain Name System), 858 tunneling, 403–404, 413–414 Tux Content Accelerator, features of, 487–488 TV devices device name for, 743 drivers for, 744 TV players, features of, 304–305 TXT records, using, 846 type and role declarations, managing in SELinux, 384–385 type enforcement (TE) security model, use by SELinux, 370–371 -type option, using with find command, 260 type structure, use in SELinux, 383 types files managing in SELinux, 390 and runtime security contexts in SELinux, 383–384 types in SELinux, purpose of, 374 U -U option, using with rpm command, 108 \u shell prompt code, description of, 237 udev, relationship to HAL (Hardware Abstract Layer), 670 udev hotplug tool See also devices configuring, 723–724 features of, 722–723 substitution codes for, 726 using symbolic links with, 726–728 udev rules creating, 728–729 fields for, 725 relationship to device names, 724–726 using ATTRS key with, 731–732 using permission fields with, 731–732 udevinfo command, using, 730–731 -uid option, using with find command, 260 UID shell variable, description of, 232–233 umask command, displaying permission defaults with, 619–620 UML (user-mode Linux), purpose of, 757 umount command mounting file systems manually with, 682 using with DVDs and CD-ROMs, 683 unalias command, using, 229 uncompress command, using, 273 unicast global addresses, using with IPv6, 807 unicast local use addresses, using with IPv6, 807 Universal Resource Locators (URLs), accessing Internet resources with, 324 Unix operating system development of, editors in, 291 history of, 13–14 Linux as version of, 13 unrar tool, accessing, 267 unset command, using, 216 until control structure, function of, 222 URL desktop files, creating in KDE (K Desktop Environment), 178 URL pathnames, using with Apache Web server, 498–499 URLs (Universal Resource Locators), accessing Internet resources with, 324 USB drives, booting from, 35 UseCanonicalName directive, using with Apache Web server, 496, 504 Usenet articles, reading with newsreaders, 319–320 Usenet news, features of, 318–319 Index user accounts creating, 48 creating and deleting, 94 locking and unlocking, 605 user and group management tools, descriptions of, 607 user authentication, requirement in Samba, 84 user configuration and roles, managing in SELinux, 390–391 user configuration files, pathnames for, 601–602 user environments, managing, 604–606 user interface, purpose of, 12 user login, returning to, 571 user names, using ~ (tilde) with, 197 user passwords, controlling, 605–606 user roles, managing in SELinux, 386 User Switcher, features of, 57–58 USER system environment variable, description of, 233 useradd command, using, 94, 607–608 user-defined rules, creating for firewalls, 443–444 userdel command, using, 94, 609 usermod command, using, 608 user-mode Linux (UML), purpose of, 757 usernames entering, 58 entering for printers, 98 users adding, 607–608 adding in SELinux (SecurityEnhanced-Linux), 392–393 configuring, 93–94 identifying logged-in status of, 601 managing in SELinux, 383 modifying, 608 password files for, 601–603 removing from system, 609 users and actions, specifying in system logs, 591–592 using CGI files, using with Apache Web server, 499–500 /usr directory contents of, 663–665 functions of, 253 V \v shell prompt code, description of, 237 values of variables, referencing, 215 /var directory contents of, 663–664, 666 function of, 253 subdirectories of, 667 variables See also environment variables assigning command results to, 216–217 assigning values to, 215 defining and evaluating in BASH (Bourne again) shell, 215–216 listing, 216 referencing values of, 215 removing, 216 substituting in Samba, 928 using $ (dollar) sign with, 197 /var/log/messages file, checking for events, 367 vgchange command, using in LVM, 699, 702, 704 vgcreate command, using in LVM, 698, 700–702, 704 vgextend command, using in LVM, 699, 702 Vi (visual) editor a (append) command for, 293 command and input modes in, 291 commands for, 292–293 entering text in, 293 exiting, 293 features of, 290–291 :help command for, 293 :q command for, 293 ZZ command for, 293 video applications, availability of, 302–305 video cards automatic configuration of, 33 changing settings for, 100 video CDs, playing in Fedora, 70 video devices device names for, 743 drivers for, 744 video graphics card drivers installing with Yum, 101 support for, 100–102 videoLAN project, Web site for, 303 vim command, executing, 291 Vim editor features of, 290 jumping to command mode in, 291 using gvim instead of, 294 virt-install, using with Xen Virtualization kernel, 774 virtual desktops changing number of, 180 support in KDE (K Desktop Environment), 179–180 virtual domains, configuring in Sendmail, 542 virtual hosting on Apache, 503–506 logs for, 506 using with vsftpd (Very Secure FTP Server), 485–486 Virtual Machine Manager (virtmanager), using, 770–771 Virtual Network Computing (VNC) installation, performing, 36 virtual private networks (VPNs) See VPNs (virtual private networks) VirtualDocumentRoot directive, using with Apache Web server, 504 virtualization, support for, 769–770 vmstat command, using, 595 VMware, features of, 279 VNC (Virtual Network Computing) installation, performing, 36 volume control, setting in GNOME desktop, 64–65 volume groups, activating in LVM (Logical Volume Management), 699 volumes, managing with GNOME Volume Manager, 149–150 See also LVM (Logical Volume Management) VPN Consortium, Web site for, 395 vpnc client, availability of, 395 VPNs (virtual private networks) features of, 128 implementation relative to IPSec, 397–398 using IPsec tunnel mode with, 403–404 vsftpd (Very Secure FTP Server) anonymous user permissions for, 482–483 configuring, 480–483 connection time limits for, 483 enabling login access in, 482 files for, 484 implementing virtual users in, 486 local user permissions for, 482 logging in, 483 messages in, 483 restricted command usage in, 485 running, 480 running as stand-alone server, 482 starting, stopping, and restarting, 480 using PAM service with, 485 virtual hosting in, 485–486 vsftpd access controls chroot_list_enable option, 484 deny_email_enable option, 484 userlist_enable option, 484 969 970 Fedora & Red Hat Enterprise Linux: The Complete Reference vsftpd server package and anonymous FTP, 475 using, 474–475 vsftpd.conf, configuration options for, 481 W w (write) permissions, setting, 615, 618 \w shell prompt code, description of, 237 \W shell prompt code, description of, 237 wait command, using with lftp client, 341 Web, accessing with Konqueror, 187–188 Web browsers See browsers Web clients browsers, 325–329 and URL addresses, 324 Web file types, descriptions of, 325 See also files Web protocols, descriptions of, 324 Web servers allowing access to, 441 alternatives to Apache, 488 security of, 508–511 Web sites AbiSource project, 283 AFE (Affix Frontend Environment), 117 AIM (AOL Instant Messenger), 347 ALSA (Advanced Linux Sound Architecture), 296 Apache Software Foundation, 489 Apache Web server resources, 489–490 Apache-SSL Web server, 488 ARIN (American Registry for Internet Numbers), 802 backup resources, 780 BASH (Bourne again) shell information, 193 Beryl compositing window manager, 148 BIND resources, 830 CD burners and rippers, 302 CENTOS (Community Enterprise Operating System), 7–8 Compiz compositing window manager, 148 creating, 329 CrossoverOffice program, 278 CUPS (Common Unix Printing System), 549 database and office software for Linux, 19–20 database resources, 561 DB2 database management system, 285, 287 device resources, 720 documentation for Fedora, 7–8 DVD::rip project, 304 Emacs, 313 Emacs editor, 289 Epiphany Web browser, 328 Fedora CD/DVD-ROM ISO images, 103 Fedora download, Fedora download site, 27 Fedora FAQ, Fedora Installation Guide, 25, 28 Fedora Live CD, 11 Fedora Portal page, 21 Fedora Project, Fedora repositories, 18 Fedora software, 104 Fedora support, 75 Flagship compiler, 285, 288 Flickr, 296 Freshrpms repository, F-Spot Photo Manager, 295 FTP servers, 474 GATOS (General ATI TV and Overlay Sofware), 743 GFS (Global File System) references, 904 GNOME, GNOME 2.x features, 141 GNOME desktop, 16 GNOME graphics tools, 297 GNOME Office project, 282 GNOME resources, 140 GNOME source code, 139 GNOME User’s Guide, 143 GNU SQL database management system, 285, 287 GNUPro development tools, GPG (GNU Privacy Guard) encryption tool, 112 gPhoto project, 297 graphic projects, 295 graphics tools, 298 GStreamer, 300 GStreamer framework, 299 HAL specification documentation, 732 IANA, 802 ICQ protocol, 347 IMAP and POP servers, 546 InfiniBand Project, 135 Informix database management system, 285–287 INN (InterNetNews) news server, 558 Internet Mail Consortium, 309 IPsec (Internet Security Protocol) resources, 395 Jakarta project, 332 Java packages and Web applications, 330 JPackage Project, 332 K Desktop themes, 178 KAME project, 395 KDE (K Desktop Environment), 16, 172 KDE Web Dev, 329 Kerberos, 112 Kerberos authentication, 406 kernel resources, 754 KOffice Suite for KDE, 281 KVM (Kernel-based Virtualization Machine) implementation, 771 LDAP (Lightweight Directory Access Protocol), 112 LDP (Linux Documentation Project), 21 lighthttpd Web server, 488 Linux Foundation, Linux Foundations, 15 Linux information and news, 22 Linux office and database software, 19 Linux Office suites, 278 Linux programming, 21 Linux software, 104, 634 Linux software downloads, 17 linux-wlan project, 133 Livna repository, LPRng (Line Printer, Next Generation), 550 Majordomo program, 318 MaxDB database management system, 285, 287 mirror sites for Fedora installation, 27 Mozilla project for Thunderbird mail client, 310 MPlayer multimedia player, 304 multimedia, 296 multimedia and sound applications, 299 multimedia applications, 298 multimedia applications for Fedora, 104 music applications, 301–302 MySQL database management system, 285–286 NCSA Web server, 488 Netfilter (iptables) security application, 112 Index Netfilter Project, 420 Netscape Enterprise Web server, 488 network security applications, 420 ntfs-3g NTFS driver, 115 office and database software for Linux, 19–20 Open Source movement, 16 OpenHBCI home banking interface, 283 OpenLDAP, 623 OpenOffice, 279 OpenPGP Public Keyserver project, 361 OpenSSH security application, 112 OpenSSL, 509 Openswan (Open Secure/ Wide Area Network) project, 395 Oracle database management system, 285–286 Perl, 21 PGP (Pretty Good Privacy), 356 PHP (PHP: Hypertext Preprocessor), 507 pilot-link package, 284 POP and IMAP servers, 546 PostgreSQL database management system, 285–286 PowerDVD player, 304 printing sites and resources, 550 Pure FTPD servers, 474 RealPlayer, 302 Red Hat Enterprise Linux download, for Red Hat Linux and Fedora resources, RFC 3513 (IPv6 addresses), 805 Scribus desktop publisher, 284 SELinux (Security-Enhanced Linux), 112 SELinux resources, 370 Sendmail, 530 Smolt registration of hardware configuration, 48 software depositories, sound and multimedia applications, 299 SourceForge hosting site, 16 Squid proxy server, 513 Squid security application, 112 SSH Communications Security, 405 Stronghold and Raven licensing, 487 Stronghold Enterprise Web server, 488 Sun Java, 21 Sun Java site, 331 Sun Java System Web server, 488 Sybase Adaptive Server Enterprise server, 287 Sybase database management system, 285 TANGO style guidelines, 140 TCP/IP protocol development groups, 794 TCSH, 194 third-party Linux software repositories, 19 TV players, 304–305 unrar tool, 267 video applications, 302–303 videoLAN project, 303 virtualization resources, 769 VMware, 279 VPN Consortium, 395 window managers, 60 Wine, 278 XBase database management system, 285 Xine player, 304 Zope application Web server, 488 Webalizer tool, generating reports on Web logs with, 501 wget client, features of, 335 while control structure function of, 222 using, 223–224 who network tool, features of, 345 wildcard matching symbols searching files with, 185 using with filenames, 261 using with TCP wrappers, 471 Window List applet, features of, 165 window managers starting up, 57 using with GNOME desktop, 148–149 Web sites for, 60 windows, moving in GNOME desktop, 62 See also KDE windows Windows directories, sharing with Samba clients, 933–934 Windows games, playing on Linux, 86 Windows network access, setting up with Samba, 84–85 Windows partitions, use in mounting file systems, 679 Windows printers, sharing with Samba clients, 934 Windows Samba shares, accessing from GNOME, 930–932 Windows software, running on Linux, 85–87 Windows systems, accessing Samba resources from, 934 Wine downloading and installing, 320 running Windows applications with, 85–87 Web site for, 278 Wineshark protocol analyzer, using, 821–823 wireless connections configuring, 127–128 configuring manually, 131–133 wireless devices displaying information about, 133 displaying statistics for, 132 wireless drivers, availability of, 133 Wireless Tools, descriptions of, 131 word processors, 281 in GNOME Office, 282–283 in OpenOffice, 279 Workgroup entry in smb.conf file, displaying, 923–924 working directory, searching, 259 Workspace Switcher applet, features of, 165 write permissions, using, 612 write support, enabling and disabling for Fedora, 17–18 Writer word processor in OpenOffice, features of, 280 wvdial network configuration tool accessing PPP from command line with, 129–131 description of, 120 starting, 131 variables for, 130 www hostname, significance of, 324 X x (execute) permissions setting, 615 setting with binary masks, 616–617 x (execute) permissions, setting, 618 X Window System graphic programs for, 297 graphics tools for, 298 Xbase database management system features of, 287–288 Web site for, 285 Xbase language, explanation of, 285–286 xconfig (qconf) kernel configuration tool, using, 762 971 972 Fedora & Red Hat Enterprise Linux: The Complete Reference XEmacs desktop editor, description of, 288 Xen virtual machines creating with configuration files, 775–776 managing with xm command, 776–777 Xen Virtualization kernel, using, 773–777 XFce4 desktop, features of, 65 See also desktops Xine player, features of, 83, 304 xinetd attributes, using, 469–470 xinetd daemon, configuring for services, 456–457 xinetd network security, implementing, 468–469 xinetd program, internal services for, 469 xinetd services attributes for, 467–468 configuration files for, 469 configuring, 466 configuring for use by chkconfig, 4601 disabling and enabling, 470–471 enabling and disabling with chkconfig, 460 logging, 466 starting and stopping, 465–466 using with CUPS (Common Unix Printing System), 551 xinetd.conf file, using, 466–469 xinetd-managed servers, using TCP wrappers with, 471–472 Xload command, using, 595 xm command, managing Xen virtual machines with, 776–777 xmkmf, using, 655–656 X.org, using with Fedora, 99 xpdf document viewer, description of, 284 XviD, running DivX files with, 305 Y Yelp GNOME Help browser, features of, 146 Yum (Yellowdog Update, Modified) accessing tips on use of, 105 configuring, 638–643 configuring to access rpm.livna.org, 80 installing Fedora packages with, 638 installing software packages with, 104–105 installing video graphics card drivers with, 101 repository files for, 639–640 updating software with, 636–637 using on software repositories, 76 Yum caches, managing, 642–643 yum command, updating software with, 637 Yum configuration file, editing for Pungi, 53 Yum repositories, creating, 642 yum updates, automating, 637 yumconf option, using with Pungi, 50–51 yumex Yum Extender, features of, 77–79 Z Z shell description of, 227 initialization and configuration files for, 244 Zip utility, compressing and decompressing files with, 274 zone files for Internet zones See also DNS (Domain Name System) address records, 848 address records with host names, 849 alias records, 849 directives, 847 inherited names, 849 loopback records, 849 MX (Mail Exchanger) records, 848–849 nameserver records, 848 resource records for, 840–846 SOA records, 847–848 Time To Live directives in, 841–842 zone keys, using in DNSSEC, 861 zone statement options for, 837 using with named.conf file, 834–836 zones, using SOA records with, 842–843 Zope application Web server, Web site for, 488 zsh command, description of, 228 ... Network, and Other Cards 71 9 72 0 72 0 72 1 72 1 72 2 72 3 72 4 72 6 72 8 72 8 72 9 73 0 73 1 73 2 73 3 73 3 73 3 73 4 73 5 73 7 73 8 73 8 73 9 74 0 74 0 74 1 74 1 74 1 74 2 74 2 74 2 xxiii xxiv Fedora & Red. .. 75 3 75 3 75 4 75 5 75 5 75 6 75 6 75 7 75 8 75 8 75 9 75 9 76 0 76 0 76 1 76 2 76 4 76 6 76 7 76 7 76 8 76 9 77 0 Backup Management: rsync, Amanda, and dump/restore Individual Backups: archive and. .. 570 570 572 573 573 574 574 574 575 575 576 576 576 576 577 578 578 578 578 580 580 581 581 582 582 583 583 583 584 584 585 585 5 87 588 589 589 589 591 591 592 593 594 594 595 595 595 xix xx Fedora