4 Basic Configuration and Administration CERTIFICATION OBJECTIVES 4.01 Adding, Deleting, and Modifying User Accounts 4.02 The Basic User Environment 4.03 Filesystem Configuration 4.04 Using the Red Hat Package Manager 4.05 Basic Networking 4.06 The Basic Boot Process 4.07 Virtual Consoles 4.08 Other Configuration Tools 4.09 Mounting Floppy Disks and Removable Media ✓ Two-Minute Drill Q&A Self Test CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 Blind Folio 4:181 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 Blind Folio 4:181 D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:37 AM Color profile: Generic CMYK printer profile Composite Default screen 182 Chapter 4: Basic Configuration and Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 A fter installation is complete on your Red Hat Linux system, you still have some work to do to customize the system to meet your needs. User accounts need to be set up, filesystems must be configured, and additional packages may need to be added or removed. This chapter will get you started with the basics that every Red Hat Linux administrator should know. At the end of this chapter, you should know how to manage user accounts and environments; configure and mount filesystems; use RPM to manage packages; manage system daemons; and configure virtual consoles, keyboards, and mice. CERTIFICATION OBJECTIVE 4.01 Adding, Deleting, and Modifying User Accounts The default Red Hat installation gives you just a single login account: root. You should set up more accounts. Even if you’re going to be the only user on the system, it’s a good idea to create at least one nonadministrative account to do your day-to-day work. Then you can use the root account only when it’s necessary to administer the system. Accounts can be added to Red Hat Linux systems using various utilities, including the vi text editor (the manual method), the useradd command (the command line method), and the Red Hat User Manager utility (the graphical method). User Account Categories Linux user accounts are of three basic types: administrative (root), regular, and service. The account that you have to create when you install Linux is the root user account, with administrative privileges to all services on your Linux computer. Crackers would love a chance to take control of this account, for it would help them take full control of your system. Nevertheless, there are times when it is appropriate to log in as an administrator (i.e., as the root user). Red Hat Linux builds in safeguards for root users. Run the alias command. You’ll see entries such as: alias rm='rm -i' D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:37 AM Color profile: Generic CMYK printer profile Composite Default screen Adding, Deleting, and Modifying User Accounts 183 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 which prompt for confirmation before the rm command deletes a file. Unfortunately, a command such as rm -rf directoryname would supersede this safety setting. In the world of Linux, hackers are good people who just want to improve software. Crackers are people who are interested in breaking into computer systems for malicious purposes. Regular users have the necessary privileges to perform standard tasks on a Linux computer. They can access programs such as word processors, databases, Web browsers. They can store files in their own home directories. Since regular users do not normally have administrative privileges, they cannot accidentally delete configuration files. You can assign a regular account to most users, safe in the knowledge that they can’t disrupt your system with the privileges that they have on that account. Services such as Apache, Samba, mail, games, and printing have their own individual service accounts. These accounts exist to allow each of these services to interact with your computer. Normally, you won’t need to change any service account; but if you see that someone has logged in through one of these accounts, be wary. Someone may have broken into your system. To review recent logins, run the utmpdump /var/log/wtmp | less command. If the login is from a remote location, it will be associated with a specific IP address. Basic Command Line Tools You have two basic ways of adding users through the command line interface. You can do it directly by editing the /etc/passwd file in your favorite text editor. As discussed in Chapter 1, the text editor of choice for most Linux administrators is vi. Open it up, and then scroll to the bottom of /etc/passwd. You should see lines like the following: mj:x:500:500:Michael Jang:/home/mj:/bin/bash Each entry in /etc/passwd is delineated by a colon. The seven types of entries are described in Table 4-1, using the example of the preceding line of code. When you edit /etc/passwd, you can substitute the information of your choice. Just make sure not to duplicate the username. There’s a standard series of files in the /etc/skel directory that you can copy to the new user’s home directory to help set up a default environment. The /etc/skel directory is covered in more detail later in this chapter. Now that you’ve created a new user, you need to create a home directory for that user. For example, if you’ve just created user mj, you need to create directory /home/mj. You’ll D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:37 AM Color profile: Generic CMYK printer profile Composite Default screen 184 Chapter 4: Basic Configuration and Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 also need to make sure that mj has ownership permissions on that directory and all of the files that you’re going to put in that directory. Normally, every Linux user needs configuration files. The files in the /etc/skel directory contain default configuration files. Alternatively, you can automate this process with the useradd command. If you wanted to add a new user named pm, you could just type useradd pm to add this user to the /etc/passwd file. By default, it creates a home directory, /home/pm, adds standard files from the /etc/skel directory, and assigns the default shell, /bin/bash. But useradd is versatile. It includes a number of command options, shown in Table 4-2. You can now use the passwd username command to assign a new password to that user. For example, the passwd pm command lets you assign a new password Field Purpose mj The user logs in with this name. The login name should contain only alphanumeric characters. It can also include hyphens (-) or underscores (_). In almost all cases, the login name should not contain uppercase letters. Although a login name can be up to 256 characters, you typically want to keep it to 10 or less, for ease of account maintenance. x The password. Don’t enter anything here. You can set this password from the command line interface with the passwd username command. If the entry in this field is “x,” the actual password is encrypted in /etc/ shadow. Otherwise, the encrypted password is shown here, with a group of seemingly random letters and numbers. 500 The unique numeric user ID (UID) for that user. By default, Red Hat Linux starts user IDs at 500. 500 The numeric group ID (GID) the user will belong to. By default, Red Hat Linux creates a new group for every new user. If you want all your users to be in the Users group (GID=100), enter 100 here. Michael Jang You can enter the information of your choice in this field. While it’s helpful to enter the full name of the user here, you can also enter other identifying information such as the user’s telephone number, e-mail address, or physical location. No entry is required. /home/mj By default, Red Hat Linux places new home directories in /home/username. /bin/bash By default, Red Hat Linux assigns the bash shell as the login shell for each new user. TABLE 4-1 /etc/passwd Categories D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:37 AM Color profile: Generic CMYK printer profile Composite Default screen Adding, Deleting, and Modifying User Accounts 185 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 to user pm. You’re prompted to enter a password twice. While passwords based on dictionary words or shorter than six characters are discouraged for security reasons, they are legal, and such a password is accepted by the passwd command when you type it in a second time. If passwords are encrypted in /etc/shadow, as discussed in Table 4-1, then you’ll also need to run the pwconv command to secure any passwords that you create for new users. Good passwords are important. Any cracker who may have tapped into the communications channels on your network can try to match the password of any of your users. If it’s a dictionary word or based on a simple pattern, a password cracking program may be able to find that password in a matter of minutes. In contrast, a more complex password such as Ila451MS (which could stand for “I live at 451 Main Street”) may take hours for that same program to crack. The Red Hat User Manager The Red Hat User Manager can be run only from the Linux graphical user interface (GUI), also known as X or X11. If you have already configured X and are running a graphical desktop, enter redhat-config-users from a command line interface. If your username does not have root privileges, you’ll be prompted for a root password. Figure 4-1 shows the Red Hat User Manager window. Option Purpose -u UID Overrides the default assigned UID, which is normally the number in sequence after the one assigned to the newest user. -g GID Overrides the default assigned GID, which normally corresponds to the UID. -c info Enters the comment of your choice about the user, such as his or her name. -d dir Overrides the default home directory for the user, /home/username. -s shell Overrides the default shell for the user, /bin/bash. TABLE 4-2 useradd Command Options D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:37 AM Color profile: Generic CMYK printer profile Composite Default screen EXERCISE 4-1 Adding a User with the Red Hat User Manager To add a user with the Red Hat User Manager: 1. Run redhat-config-users from a command line terminal such as Konsole or gnome-terminal in a GUI. 2. Click the New User button, or click Action | New Users. (This notation indicates you should click the Action button on the toolbar, then click New Users in the pop-up menu that appears.) This will open the Create New User window, as shown here: Ill 4-1 186 Chapter 4: Basic Configuration and Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 FIGURE 4-1 The Red Hat User Manager D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:38 AM Color profile: Generic CMYK printer profile Composite Default screen Adding, Deleting, and Modifying User Accounts 187 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 3. Complete the form. All entries are required, except Full Name. The entries are fairly self-explanatory; see the previous sections for more information on each field. The password should be at least six characters (you’ll get an error message if it’s less than six characters) and should contain a mix of upper- and lowercase letters, numbers, and symbols to keep it from being easily found by one of the standard password cracking programs. Enter the identical password in the Confirm Password field. Click OK when you are done. 4. When you have finished adding users, select Cancel to return to the Red Hat User Manager. User Account Management Tips Although creating user accounts may seem to be a straightforward process, you have a few things to watch out for: ■ Red Hat Linux by default configures individual private group IDs (GID) for each user. As this provides additional security, this is also known as the Red Hat User Private Group scheme. In the default Red Hat scenario, everyone has a unique private GID, and nobody has access to other users’ home directories. These users can still share access to special directories; see Chapter 11 for more information. D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:38 AM Color profile: Generic CMYK printer profile Composite Default screen 188 Chapter 4: Basic Configuration and Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 ■ If your configuration doesn’t require each user to have his or her own GID, assign your users to the Users group, which is GID 100. There’s rarely a need for each user to have an individual GID, and having most users assigned to the Users group makes system administration easier. ■ Discourage the use of shared accounts, where several people use a single account. Shared accounts are almost always unnecessary and are easily compromised. ■ If you’ll be using the Network File System (NFS), make sure all users have the same UID on every system on the network. The Network Information System (NIS) can provide centralized management of all user accounts for NFS across all participating computers. This greatly simplifies account maintenance at the expense of adding both administrative and network overhead. The Red Hat standard where every user is a member of its own exclusive group is known as the User Private Group scheme. Deleting a User Account Removing user accounts is as straightforward as adding them, with a few exceptions. The simplest method is with the userdel command. By default, this command retains files in the user’s home directory. Alternatively, the userdel -r username command would remove all of these files. Modifying a User Account You may want to add some limitations to an individual user account. The easiest way to illustrate these features is through the Red Hat User Manager. Start redhat-config- users from a GUI text console, select a currently configured user, and then click Action | Properties to open the User Properties dialog box. Click the Account Info tab for the account expiration information shown in Figure 4-2. As shown in Figure 4-3, you can set up temporary accounts that expire on a specific date, or you can disable an account by locking it. Click the Password Info tab. As shown in Figure 4-3, you can set several characteristics related to an individual user’s password. Even when you set good passwords, frequent password changes can help provide additional security. The categories shown in Figure 4-3 are self-explanatory. Click the Groups tab. Users can belong to more than one group in Linux. Under the Group properties tab shown in Figure 4-4, you can assign the subject user to other groups. For example, D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:38 AM Color profile: Generic CMYK printer profile Composite Default screen if you want to collect the files for a specific project together in a directory, you can give access to these files to the group named project. You can then assign members of that project team to the project group through the Groups tab. You may not have access to a GUI during part of the RHCE exam. Therefore, you need to know how to manage users independent of any tool such as redhat-config-users. Regular User Management Commands While the redhat-config-users GUI utility is convenient, you still need to know how to perform the associated administrative functions at the command line interface. The other key commands that have not yet been addressed are usermod and chage. Adding, Deleting, and Modifying User Accounts 189 CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 FIGURE 4-2 User Properties, Account Info FIGURE 4-3 User Properties, Password Info D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:38 AM Color profile: Generic CMYK printer profile Composite Default screen usermod The usermod command modifies various settings in /etc/passwd. In addition, you can use it to set an expiration date for an account or an additional group. For example, the following command sets the account associated with user test1 to expire on June 8, 2003: # /usr/sbin/usermod -e 2003-06-08 test1 The following command makes user test1 a member of the special group: # /usr/sbin/usermod -G special test1 chage You can use the chage command to manage the expiration date of a password. This is all related to the /etc/shadow file; password age characteristics are part of each user entry in this file. In order, the columns in /etc/shadow are shown in Table 4-3. The associated switch is shown with the description. For example, if you wanted to make user test1 keep a password for at least two days, use the chage test1 -m 2 command. 190 Chapter 4: Basic Configuration and Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 FIGURE 4-4 User Properties, Groups Column Description 1 User name 2 Encrypted password 3 Number of days of the last password change after 1/1/1970. 4 Minimum number of days which you must keep a password (-m) TABLE 4-3 Entries in /etc/shadow D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:38 AM Color profile: Generic CMYK printer profile Composite Default screen [...]... Chapter 4 Basic Configuration and Administration To authenticate your RPMs using the GPG system, import the key file using the command (assuming it’s a CD-based keyfile, mounted on the /mnt/cdrom directory): # rpm import /mnt/cdrom/RPM_GPG_KEY You can then verify both the integrity and the authenticity of an RPM with a command like this (assuming you’re checking the integrity of an RPM on the standard... Guide / Jang / 222485-1 / Chapter 4 Basic Configuration and Administration Like many other Linux commands, rpm has short and long versions of the same switch For example, -i is the same as install (note the double dash before the long version) You can learn which options have “long” equivalents by checking the man page for that command CERTIFICATION OBJECTIVE 4.05 Basic Networking The network is where... the Internet, the rpm command logs onto the FTP server anonymously and downloads the file If the FTP server requires a username and password, you can use the following format: ftp://username:password @hostname:port/path/to/remote/package/file.rpm, where username and password are the username and password you need to log on to this system, and port, if required, specifies a nonstandard port used on the... included in /etc/skel and their purposes are listed in Table 4-4 D:\omh\CertPrs8\485-1\ch04.vp Wednesday, September 18, 2002 9:49:38 AM Color profile: Generic CMYK printer profile CertPrs8 Composite Default screen 192 Chapter 4: TABLE 4-4 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 Basic Configuration and Administration Purpose bashrc The basic bash configuration file... following command: # rpm redhatprovides /etc/passwd The redhatprovides feature is a recent update to the rpm command, version 4.1, included with Red Hat Linux 8.0 and above Adding and Removing RPM Packages RPM makes it easy to add and remove software packages to your system It maintains a database regarding the proper way to add, upgrade, and remove packages This makes it relatively simple to add and remove... Guide / Jang / 222485-1 / Chapter 4 Basic Configuration and Administration If you have the kernel source RPMs loaded on your system, you can see which filesystems any version or distribution of Linux currently supports Navigate to the /usr/src/linux-2.x.y directory (where x and y represent the actual version number of your kernel Run the make menuconfig command and use your arrow keys to navigate to... Chapter 4 Basic Configuration and Administration Starting a Build You can build an RPM with the rpm build switch, -b By itself, rpm -b calls the scripts specified in the Prep, Build, and Install parts of the spec file Normally, you’ll modify the -b with an “a,” which makes RPM go through the build process, step by step The RPM build operation is directed at a spec file For example, the command # rpm... RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 Basic Configuration and Administration The Prep Section The prep section prepares the source files for packaging Usually it starts by deleting leftover files from previous builds with a command such as rm -rf Then it unarchives the source files and applies any required patches A sample prep section might look like this: %prep... for ext3, the standard Linux filesystem The ext3 filesystem is essentially ext2 with journaling Third Extended (ext3) The standard Linux filesystem NFS The Network File System This is the system most commonly used to share files and printers between Linux and Unix computers SMB Server Message Block (SMB) is based on Microsoft and IBM network protocols Linux can use SMB to share files and printers with... Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 Basic Configuration and Administration Description /etc/sysconfig/clock Contains defaults for the system clock, including time zone, UTC settings, and ARC (Alpha CPU-based) settings If UTC=true, the BIOS is set to Greenwich Mean Time /etc/sysconfig/mouse Contains mouse configuration data: FULLNAME is a generic text description of the . 4 Basic Configuration and Administration CERTIFICATION OBJECTIVES 4.01 Adding, Deleting, and Modifying User Accounts 4.02 The Basic User Environment 4.03. screen 188 Chapter 4: Basic Configuration and Administration CertPrs8 / RHCE Red Hat Certified Engineer Linux Study Guide / Jang / 222485-1 / Chapter 4 ■ If your configuration