Bible Linux

Linux ^®

Bible

Ninth Edition

Linux ^®

BIBLE

Ninth Edition

Christopher Negus

John Wiley & Sons, Inc.

10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com

Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada

ISBN: 978-1-118-99987-5 ISBN: 978-1-118-99989-9 (ebk) ISBN: 978-1-118-99988-2 (ebk)

Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/

permissions.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS.

THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEB SITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit

www.wiley.com.

Library of Congress Control Number: 2015937667

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Linux is a registered trademark of Linus Torvalds. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

As always, I dedicate this book to my wife, Sheree.

Chris Negus is a Red Hat Certifi ed Instructor (RHCI), Red Hat Certifi ed Examiner (RHCX), Red Hat Certifi ed Architect (RHCA), and Principal Technical Writer for Red Hat Inc. In more than six years with Red Hat, Chris has taught hundreds of IT professionals aspiring to become Red Hat Certifi ed Engineers (RHCE).

In his current position at Red Hat, Chris produces articles for the Red Hat Customer Portal.

The projects he works on include Red Hat Enterprise Linux 7, Red Hat Enterprise OpenStack Platform, Red Hat Enterprise Virtualization and Linux containers in Docker format.

Besides his RHCA certifi cation, Chris is a Red Hat Certifi ed Virtualization Administrator (RHCVA) and Red Hat Certifi ed Datacenter Specialist (RHCDS). He also has certifi cates of expertise in Deployment and Systems Management, Clustering and Storage Management, Cloud Storage, and Server Hardening.

Before joining Red Hat, Chris wrote or co-wrote dozens of books on Linux and UNIX, includ- ing Red Hat Linux Bible (all editions), CentOS Bible, Fedora Bible, Linux Troubleshooting Bible, Linux Toys and Linux Toys II. Chris also co-authored several books for the Linux Toolbox series for power users: Fedora Linux Toolbox, SUSE Linux Toolbox, Ubuntu Linux Toolbox, Mac OS X Toolbox, and BSD UNIX Toolbox.

For eight years Chris worked with the organization at AT&T that developed UNIX before moving to Utah to help contribute to Novell’s UnixWare project in the early 1990s. When not writing about Linux, Chris enjoys playing soccer and just hanging out with his wife, Sheree, and son, Seth.

About the Technical Editor

Richard Blum, LPIC-1, has worked in the IT industry for more than 20 years as both a systems and network administrator and has published numerous Linux and open source books. He has administered UNIX, Linux, Novell, and Microsoft servers, as well as helped design and maintain a 3,500-user network utilizing Cisco switches and routers. He has used Linux servers and shell scripts to perform automated network monitoring and has written shell scripts in most of the common Linux shell environments. Rich is an online instruc- tor for an Introduction to Linux course that is used by colleges and universities across the United States. When he isn’t being a computer nerd, Rich plays electric bass in a couple of different church worship bands, and enjoys spending time with his wife, Barbara, and two daughters, Katie Jane and Jessica.

Credits

Project Editor Martin V. Minner Technical Editor Richard Blum Production Manager Kathleen Wisor Copy Editor Gwenette Gaddis Manager of Content Development & Assembly Mary Beth Wakefield Marketing Director David Mayhew Marketing Manager Carrie Sherrill

Professional Technology & Strategy Director

Barry Pruett Business Manager Amy Knies

Associate Publisher Jim Minatel

Project Coordinator, Cover Brent Savage

Proofreader Amy Schneider Indexer John Sleeva Cover Designer Wiley

S

ince I was hired by Red Hat Inc. more than six years ago, I have been exposed to many of the best Linux developers, testers, support professionals and instructors in the world. Since I can’t thank everyone individually, I instead salute the culture of cooperation and excellence that serves to improve my own Linux skills every day.

I don’t speak well of Red Hat because I work there; I work at Red Hat because it lives up to the ideals of open source software in ways that match my own beliefs. There are a few people at Red Hat I would like to acknowledge particularly. Discussions with Victor Costea, Andrew Blum, and other Red Hat instructors have helped me adapt my ways of thinking about how people learn Linux. I’m able to work across a wide range of technologies because of the great support I get from my supervisor, Adam Strong, and my senior manager, Sam Knuth, who both point me toward cool projects but never hold me back.

In this edition, particular help came from Ryan Sawhill Aroha, who helped me simplify my writing on encryption technology. For the new content I wrote in this book on Linux cloud technologies, I’d like to thank members of OpenStack, Docker, and RHEV teams, who help me learn cutting-edge cloud technology every day.

As for the people at Wiley, thanks for letting me continue to develop and improve this book over the years. Marty Minner has helped keep me on task through a demanding schedule.

Mary Beth Wakefi eld and Ken Brown have been there to remind me at the times I forgot it was a demanding schedule. Thanks to Richard Blum for his reliably thorough job of tech editing. Thanks to Margot Maley Hutchison from Waterside Productions for contracting the book for me with Wiley and always looking out for my best interests.

Finally, thanks to my wife, Sheree, for sharing her life with me and doing such a great job raising Seth and Caleb.

Acknowledgments

Acknowledgments ... xi

Introduction ... xxxiii

Part I: Getting Started . . . 1

Chapter 1: Starting with Linux ... 3

Chapter 2: Creating the Perfect Linux Desktop ... 29

Part II: Becoming a Linux Power User . . . 63

Chapter 3: Using the Shell ... 65

Chapter 4: Moving around the Filesystem ... 97

Chapter 5: Working with Text Files ... 117

Chapter 6: Managing Running Processes ...137

Chapter 7: Writing Simple Shell Scripts ...153

Part III: Becoming a Linux System Administrator . . . 171

Chapter 8: Learning System Administration ...173

Chapter 9: Installing Linux ...201

Chapter 10: Getting and Managing Software ...233

Chapter 11: Managing User Accounts ...259

Chapter 12: Managing Disks and Filesystems ...283

Part IV: Becoming a Linux Server Administrator . . . 313

Chapter 13: Understanding Server Administration ...315

Chapter 14: Administering Networking ...347

Chapter 15: Starting and Stopping Services ...377

Chapter 16: Confi guring a Print Server ...423

Chapter 17: Confi guring a Web Server ...449

Chapter 18: Confi guring an FTP Server ...477

Chapter 19: Confi guring a Windows File Sharing (Samba) Server ...499

Chapter 20: Confi guring an NFS File Server ...527

Chapter 21: Troubleshooting Linux ... 551

Part V: Learning Linux Security Techniques . . . 589

Chapter 22: Understanding Basic Linux Security ...591

Chapter 23: Understanding Advanced Linux Security ...627

Chapter 24: Enhancing Linux Security with SELinux ...669

Chapter 25: Securing Linux on a Network...699

Contents at a Glance

Part VI: Extending Linux into the Cloud . . . 727

Chapter 26: Using Linux for Cloud Computing ...729

Chapter 27: Deploying Linux to the Cloud ... 749

Part VII: Appendixes . . . 769

Appendix A: Media ...771

Appendix B: Exercise Answers...781

Index ...839

Acknowledgments . . . . xi

Introduction . . . xxxiii

Part I: Getting Started 1 Chapter 1: Starting with Linux . . . . 3

Understanding What Linux Is ... 4

Understanding How Linux Differs from Other Operating Systems ... 6

Exploring Linux History ... 6

Free-fl owing UNIX culture at Bell Labs ... 7

Commercialized UNIX ... 9

Berkeley Software Distribution arrives ... 9

UNIX Laboratory and commercialization ... 10

GNU transitions UNIX to freedom ...11

BSD loses some steam ... 13

Linus builds the missing piece ... 13

OSI open source defi nition ... 14

Understanding How Linux Distributions Emerged ... 16

Choosing a Red Hat distribution ... 17

Using Red Hat Enterprise Linux ... 17

Using Fedora... 18

Choosing Ubuntu or another Debian distribution ... 19

Finding Professional Opportunities with Linux Today ... 20

Understanding how companies make money with Linux ... 21

Becoming Red Hat certifi ed ... 22

RHCSA topics ... 23

RHCE topics ... 24

Summary ... 26

Chapter 2: Creating the Perfect Linux Desktop . . . . 29

Understanding Linux Desktop Technology ... 30

Starting with the Fedora GNOME Desktop Live image ... 32

Using the GNOME 3 Desktop ... 33

After the computer boots up ... 33

Navigating with the mouse ... 34

Contents

Navigating with the keyboard ... 38

Setting up the GNOME 3 desktop ...41

Extending the GNOME 3 desktop ... 42

Using GNOME shell extensions ... 42

Using the GNOME Tweak Tool ... 44

Starting with desktop applications ... 45

Managing fi les and folders with Nautilus ... 45

Installing and managing additional software ... 46

Playing music with Rhythmbox ... 48

Stopping the GNOME 3 desktop ... 49

Using the GNOME 2 Desktop ... 49

Using the Metacity window manager ... 50

Changing GNOME’s appearance ... 52

Using the GNOME panels ... 53

Using the Applications and System menus ... 54

Adding an applet ... 54

Adding another panel ... 55

Adding an application launcher ... 55

Adding a drawer ... 56

Changing panel properties ... 57

Adding 3D effects with AIGLX ... 58

Summary ... 60

Exercises ...61

Part II: Becoming a Linux Power User 63 Chapter 3: Using the Shell . . . . 65

About Shells and Terminal Windows ... 66

Using the shell prompt ... 67

Using a terminal window ... 68

Using virtual consoles ... 69

Choosing Your Shell ... 69

Running Commands ... 70

Understanding command syntax ... 71

Locating commands ...74

Recalling Commands Using Command History...76

Command-line editing ... 77

Command-line completion ... 79

Command-line recall ... 80

Connecting and Expanding Commands ... 82

Piping between commands ... 82

Sequential commands ... 83

Background commands ... 83

Expanding commands ... 84

Expanding arithmetic expressions ... 84

Expanding variables ... 85

Using Shell Variables ... 85

Creating and using aliases ... 87

Exiting the shell ... 88

Creating Your Shell Environment ... 88

Confi guring your shell ... 88

Setting your prompt ... 89

Adding environment variables ... 91

Getting Information about Commands ... 92

Summary ... 94

Exercises ... 95

Chapter 4: Moving around the Filesystem  . . . . 97

Using Basic Filesystem Commands ...100

Using Metacharacters and Operators ...102

Using fi le-matching metacharacters ...102

Using fi le-redirection metacharacters ...103

Using brace expansion characters ...105

Listing Files and Directories ...105

Understanding File Permissions and Ownership ...109

Changing permissions with chmod (numbers) ... 111

Changing permissions with chmod (letters) ... 111

Setting default fi le permission with umask ...112

Changing fi le ownership...113

Moving, Copying, and Removing Files ... 114

Summary ... 115

Exercises ... 115

Chapter 5: Working with Text Files . . . 117

Editing Files with vim and vi ... 117

Starting with vi ... 119

Adding text ... 119

Moving around in the text ...120

Deleting, copying, and changing text ...121

Pasting (putting) text ...122

Repeating commands ...122

Exiting vi ...122

Skipping around in the fi le ...123

Searching for text ...124

Using ex mode ...124

Learning more about vi and vim ...124

Finding Files...125

Using locate to fi nd fi les by name ...125

Searching for fi les with fi nd ...127

Finding fi les by name ...127

Finding fi les by size ...128

Finding fi les by user...128

Finding fi les by permission ...129

Finding fi les by date and time ...130

Using ‘not’ and ‘or’ when fi nding fi les ...131

Finding fi les and executing commands ...131

Searching in fi les with grep...132

Summary ...134

Exercises ...134

Chapter 6: Managing Running Processes . . . . 137

Understanding Processes ...137

Listing Processes ...138

Listing processes with ps ...138

Listing and changing processes with top ...140

Listing processes with System Monitor ...142

Managing Background and Foreground Processes ...144

Starting background processes ...144

Using foreground and background commands ...145

Killing and Renicing Processes ...146

Killing processes with kill and killall ...146

Using kill to signal processes by PID ... 147

Using killall to signal processes by name ...148

Setting processor priority with nice and renice ...148

Limiting Processes with cgroups...149

Summary ... 151

Exercises ... 151

Chapter 7: Writing Simple Shell Scripts . . . . 153

Understanding Shell Scripts ...153

Executing and debugging shell scripts ...154

Understanding shell variables ...154

Special shell positional parameters ...156

Reading in parameters ...157

Parameter expansion in bash ...157

Performing arithmetic in shell scripts ...158

Using programming constructs in shell scripts...159

The “if…then” statements ...159

The case command ...162

The “for…do” loop ...163

The “while…do” and “until…do” loops ...164

Trying some useful text manipulation programs ...164

The general regular expression parser ...165

Remove sections of lines of text (cut) ...165

Translate or delete characters (tr) ...165

The stream editor (sed) ...166

Using simple shell scripts ...167

Telephone list ...167

Backup script ...168

Summary ...168

Exercises ...169

Part III: Becoming a Linux System Administrator 171 Chapter 8: Learning System Administration . . . 173

Understanding System Administration ...173

Using Graphical Administration Tools ... 175

Using system-confi g-* tools ... 175

Using browser-based admin tools ...177

Using the root user account ...177

Becoming root from the shell (su command) ... 178

Allowing administrative access via the GUI ...180

Gaining administrative access with sudo ...180

Exploring Administrative Commands, Confi guration Files, and Log Files ...182

Administrative commands ...182

Administrative confi guration fi les ...183

Administrative log fi les and systemd journal ...188

Using journalctl to view the systemd journal ...188

Managing log messages with rsyslogd ...189

Using Other Administrative Accounts ...189

Checking and Confi guring Hardware ...190

Checking your hardware ...191

Managing removable hardware ...194

Working with loadable modules ...197

Listing loaded modules ...197

Loading modules ...198

Removing modules ...198

Summary ...199

Exercises ...199

Chapter 9: Installing Linux . . . . 201

Choosing a Computer ...202

Installing Fedora from Live media ...203

Installing Red Hat Enterprise Linux from Installation Media ...208

Understanding Cloud-Based Installations ...211

Installing Linux in the Enterprise ...211

Exploring Common Installation Topics ...213 Upgrading or installing from scratch ...213 Dual booting ...214 Installing Linux to run virtually ...216 Using installation boot options ...216 Boot options for disabling features ...217 Boot options for video problems ...217 Boot options for special installation types ...218 Boot options for kickstarts and remote repositories ...218 Miscellaneous boot options ...219 Using specialized storage ...219 Partitioning hard drives ...220 Understanding different partition types ...221 Reasons for different partitioning schemes ...222 Tips for creating partitions ...222 Using the GRUB boot loader ...224 Using GRUB Legacy (version 1) ...225 Using GRUB 2 ...229 Summary ...231 Exercises ...231

Chapter 10: Getting and Managing Software . . . . 233

Managing Software on the Desktop ...233 Going Beyond the Software Window ...235 Understanding Linux RPM and DEB Software Packaging ...236 Understanding DEB packaging ...237 Understanding RPM packaging ...238 What is in an RPM? ...238 Where do RPMs come from? ...239 Installing RPMs ...239 Managing RPM Packages with YUM ...240 Understanding how yum works ... 241 1. Checking /etc/yum.conf ...242 2. Checking /etc/sysconfi g/rhn/up2date (RHEL only) ...242 3. Checking /etc/yum.repos.d/*.repo fi les ...243 4. Downloading RPM packages and metadata from a YUM repository ...243 5. RPM packages installed to Linux fi le system ...244 6. Store YUM repository metadata to local RPM database ...244 Using YUM with third-party software repositories...244 Managing software with the YUM command ...245 Searching for packages ...246 Installing and removing packages ... 247 Updating packages ...249 Updating groups of packages ...250

Maintaining your RPM package database and cache ... 251 Downloading RPMs from a yum repository ...252 Installing, Querying, and Verifying Software

with the rpm Command ...252 Installing and removing packages with rpm ...253 Querying rpm information ...254 Verifying RPM packages ...255 Managing Software in the Enterprise ...256 Summary ...257 Exercises ...258

Chapter 11: Managing User Accounts  . . . . 259

Creating User Accounts ...259 Adding users with useradd ...262 Setting user defaults ...265 Modifying users with usermod ...266 Deleting users with userdel ...268 Understanding Group Accounts ...268 Using group accounts ...269 Creating group accounts ...270 Managing Users in the Enterprise ...270 Setting permissions with Access Control Lists ...271 Setting ACLs with setfacl ...272 Setting default ACLs ...273 Enabling ACLs... 274 Adding directories for users to collaborate ... 276 Creating group collaboration directories (set GID bit) ... 276 Creating restricted deletion directories (sticky bit) ...278 Centralizing User Accounts ...278 Using the Users window ...279 Using the Authentication Confi guration window ...279 Summary ...281 Exercises ...281

Chapter 12: Managing Disks and Filesystems  . . . . 283

Understanding Disk Storage ...283 Partitioning Hard Disks ...285 Understanding partition tables ...286 Viewing disk partitions ...286 Creating a single-partition disk ...288 Creating a multiple-partition disk ...292 Using Logical Volume Management Partitions ...295 Checking an existing LVM ...296 Creating LVM logical volumes ...299 Growing LVM logical volumes ...300

Mounting Filesystems ...301 Supported fi lesystems ...301 Enabling swap areas ...303 Disabling a swap area ...304 Using the fstab fi le to defi ne mountable fi le systems ...305 Using the mount command to mount fi le systems ...307 Mounting a disk image in loopback ...308 Using the umount command ...309 Using the mkfs Command to Create a Filesystem ...310 Summary ... 311 Exercises ... 311

Part IV: Becoming a Linux Server Administrator 313

CHAPTER 13: Understanding Server Administration . . . . 315

Starting with Server Administration ...316 Step 1: Install the server ...316 Step 2: Confi gure the server ...318 Using confi guration fi les ...318 Checking the default confi guration ...319 Step 3: Start the server ...319 Step 4: Secure the server...321 Password protection ...321 Firewalls ...321 TCP Wrappers ...322 SELinux ...322 Security settings in confi guration fi les ...322 Step 5: Monitor the server ...322 Confi gure logging...322 Run system activity reports ...323 Keep system software up to date ...323 Check the fi lesystem for signs of crackers ...323 Managing Remote Access with the Secure Shell Service ...323 Starting the openssh-server service ...324 Using SSH client tools ...326 Using ssh for remote login ...326 Using ssh for remote execution ...328 Copying fi les between systems with scp and rsync ...329 Interactive copying with sftp ...332 Using key-based (passwordless) authentication ...332 Confi guring System Logging ...334 Enabling system logging with rsyslog ...334 Understanding the rsyslog.conf fi le ...335 Understanding the messages log fi le ...337

Setting up and using a loghost with rsyslogd ...337 Watching logs with logwatch ...339 Checking System Resources with sar ...340 Checking System Space...341 Displaying system space with df ...342 Checking disk usage with du ...342 Finding disk consumption with fi nd ...343 Managing Servers in the Enterprise ...344 Summary ...344 Exercises ...345

Chapter 14: Administering Networking . . . . 347

Confi guring Networking for Desktops...348 Checking your network interfaces ...350 Checking your network from NetworkManager ...350 Checking your network from the command line ...352 Confi guring network interfaces ...355 Setting IP addresses manually ...355 Setting IP address aliases ...356 Setting routes ...357 Confi guring a network proxy connection ...358 Confi guring Networking from the Command Line ...360 Editing a connection ...360 Understanding networking confi guration fi les ...362 Network interface fi les ...363 Other networking fi les...365 Setting alias network interfaces ...367 Setting up Ethernet channel bonding ...368 Setting custom routes ...370 Confi guring Networking in the Enterprise ...371 Confi guring Linux as a router ...371 Confi guring Linux as a DHCP server ...372 Confi guring Linux as a DNS server ...372 Confi guring Linux as a proxy server ...373 Summary ... 374 Exercises ... 374

Chapter 15: Starting and Stopping Services  . . . . 377

Understanding the Initialization Daemon (init or systemd) ...378 Understanding the classic init daemons ...380 Understanding the Upstart init daemon ...386 Learning Upstart init daemon basics ...386 Learning Upstart’s backward compatibility to SysVinit ...388 Understanding systemd initialization ...392

Learning systemd basics ...392 Learning systemd’s backward compatibility to SysVinit...397 Checking the Status of Services ...399 Checking services for SysVinit systems ...400 Checking services for Upstart systems ...401 Checking services for systemd systems ...402 Stopping and Starting Services ...403 Stopping and starting SysVinit services ...403 Stopping and starting Upstart services ...405 Stopping and starting systemd services ...406 Stopping a service with systemd ...406 Starting a service with systemd ...406 Restarting a service with systemd ...407 Reloading a service with systemd ...407 Enabling Persistent Services ...408 Confi guring persistent services for SysVinit ...408 Confi guring persistent services for Upstart ...409 Confi guring persistent services for systemd ... 410 Enabling a service with systemd ... 410 Disabling a service with systemd ... 411 Confi guring a Default Runlevel or Target Unit ... 412 Confi guring the SysVinit default runlevel ... 412 Confi guring the default runlevel in Upstart ... 413 Confi guring the default target unit for systemd ... 413 Adding New or Customized Services ... 414 Adding new services to SysVinit ... 414 Step 1: Create a new or customized service script fi le ... 415 Step 2: Add the service script to /etc/rc.d/init.d ... 416 Step 3: Add the service to runlevel directories ... 417 Adding new services to Upstart ... 417 Adding new services to systemd ... 419 Step 1: Create a new or customized service confi guration unit fi le ... 419 Step 2: Move the service confi guration unit fi le ...420 Step 3: Add the service to the Wants directory ...420 Summary ...422 Exercises ...422

Chapter 16: Confi guring a Print Server . . . . 423

Common UNIX Printing System ...423 Setting Up Printers ...425 Adding a printer automatically ...425 Using web-based CUPS administration ...426 Using the Print Settings window ...428 Confi guring local printers with the Print Settings window ...429

Confi guring remote printers ...432 Adding a remote CUPS printer ...433 Adding a remote UNIX (LDP/LPR) printer ...433 Adding a Windows (SMB) printer ...434 Working with CUPS Printing ...435 Confi guring the CUPS server (cupsd.conf) ...436 Starting the CUPS server ...437 Confi guring CUPS printer options manually ...438 Using Printing Commands ...439 Printing with lpr ...440 Listing status with lpc ...440 Removing print jobs with lprm ...441 Confi guring Print Servers ...441 Confi guring a shared CUPS printer ...442 Confi guring a shared Samba printer ...443 Understanding smb.conf for printing ... 444 Setting up SMB clients ...445 Summary ...446 Exercises ...446

Chapter 17: Confi guring a Web Server . . . . 449

Understanding the Apache Web Server ...449 Getting and Installing Your Web Server ...450 Understanding the httpd package ...450 Installing Apache ...453 Starting Apache ...454 Securing Apache ...455 Apache fi le permissions and ownership ...455 Apache and iptables ...455 Apache and SELinux ...456 Understanding the Apache confi guration fi les ...457 Using directives ...457 Understanding default settings ...460 Adding a virtual host to Apache ...462 Allowing users to publish their own web content ...464 Securing your web traffi c with SSL/TLS ...465 Understanding how SSL is confi gured ...467 Generating an SSL key and self-signed certifi cate ...469 Generating a certifi cate signing request ... 470 Troubleshooting Your Web Server ... 471 Checking for confi guration errors ... 472 Accessing forbidden and server internal errors ... 474 Summary ... 475 Exercises ... 475

Chapter 18: Confi guring an FTP Server  . . . . 477

Understanding FTP ...477 Installing the vsftpd FTP Server ... 479 Starting the vsftpd Service...480 Securing Your FTP Server ...483 Opening up your fi rewall for FTP ...483 Allowing FTP access in TCP wrappers ...486 Confi guring SELinux for your FTP server ...486 Relating Linux fi le permissions to vsftpd ...488 Confi guring Your FTP Server ...488 Setting up user access ...488 Allowing uploading ...489 Setting up vsftpd for the Internet ...491 Using FTP Clients to Connect to Your Server ...492 Accessing an FTP server from Firefox ...493 Accessing an FTP server with the lftp command ...493 Using the gFTP client ...495 Summary ...496 Exercises ...497

Chapter 19: Confi guring a Windows File Sharing (Samba) Server . . . . 499

Understanding Samba ...499 Installing Samba ...500 Starting and Stopping Samba ...502 Starting the Samba (smb) service ...503 Starting the NetBIOS (nmbd) name server ...505 Stopping the Samba (smb) and NetBIOS (nmb) services ...506 Securing Samba ...506 Confi guring fi rewalls for Samba ...507 Confi guring SELinux for Samba ...508 Setting SELinux Booleans for Samba...508 Setting SELinux fi le contexts for Samba ... 510 Confi guring Samba host/user permissions ... 510 Confi guring Samba ... 511 Using system-confi g-samba ... 511 Choosing Samba server settings ... 511 Confi guring Samba user accounts ... 512 Creating a Samba shared folder ... 513 Checking the Samba share ... 514 Confi guring Samba in the smb.conf fi le ... 516 Confi guring the [global] section ... 516 Confi guring the [homes] section ... 518 Confi guring the [printers] section ... 519 Creating custom shared directories ... 519

Accessing Samba Shares ...521 Accessing Samba shares in Linux ...522 Accessing Samba shares in Windows ...524 Using Samba in the Enterprise ...525 Summary ...525 Exercises ...526

Chapter 20: Confi guring an NFS File Server . . . . 527

Installing an NFS Server ...529 Starting the NFS service ...530 Sharing NFS Filesystems ...531 Confi guring the /etc/exports fi le ...532 Hostnames in /etc/exports ...533 Access options in /etc/exports ...534 User mapping options in /etc/exports ...534 Exporting the shared fi lesystems ...535 Securing Your NFS Server ...536 Opening up your fi rewall for NFS ...537 Allowing NFS access in TCP wrappers ...539 Confi guring SELinux for your NFS server ...539 Using NFS Filesystems ...540 Viewing NFS shares ...540 Manually mounting an NFS fi lesystem ...541 Mounting an NFS fi lesystem at boot time ...542 Mounting noauto fi lesystems ...543 Using mount options ...543 Using autofs to mount NFS fi lesystems on demand ...545 Automounting to the /net directory ...546 Automounting home directories ...547 Unmounting NFS fi lesystems ...549 Summary ...549 Exercises ...550

Chapter 21: Troubleshooting Linux . . . . 551

Boot-Up Troubleshooting ... 551 Understanding Startup Methods ...552 Starting with System V init scripts ...552 Starting with systemd ...553 Starting with Upstart ...554 Starting from the fi rmware (BIOS or UEFI) ...554 Troubleshooting BIOS setup ...555 Troubleshooting boot order ...556 Troubleshooting the GRUB boot loader ...557 Starting the kernel ...559 Troubleshooting the initialization system ...560

Troubleshooting System V initialization ...560 Troubleshooting rc.sysinit ...561 Troubleshooting runlevel processes ...562 Troubleshooting systemd initialization ...566 Troubleshooting Software Packages ...568 Fixing RPM databases and cache ...572 Troubleshooting Networking ...573 Troubleshooting outgoing connections ...573 View network interfaces ... 574 Check physical connections ... 574 Check routes ...575 Check hostname resolution ... 576 Troubleshooting incoming connections ...577 Check if the client can reach your system at all...577 Check if the service is available to the client ...578 Check the fi rewall on the server ...578 Check the service on the server ...579 Troubleshooting Memory ...580 Uncovering memory issues ...581 Checking for memory problems ...583 Dealing with memory problems ...584 Troubleshooting in Rescue Mode ...585 Summary ...587 Exercises ...587

Part V: Learning Linux Security Techniques 589

Chapter 22: Understanding Basic Linux Security . . . . 591

Understanding Security Basics ...591 Implementing physical security ...591 Implementing disaster recovery...592 Securing user accounts ...593 One user per user account ...593 Limit access to the root user account ...594 Setting expiration dates on temporary accounts ...594 Removing unused user accounts...595 Securing passwords ...596 Choosing good passwords...597 Setting and changing passwords ...598 Enforcing best password practices ...599 Understanding the password fi les and password hashes ...601 Securing the fi lesystem ...603 Managing dangerous fi lesystem permissions ...603 Securing the password fi les ...604

Locking down the fi lesystem ...606 Managing software and services ...607 Updating software packages ...607 Keeping up with security advisories ...607 Advanced implementation ...608 Monitoring Your Systems ...608 Monitoring log fi les ...608 Monitoring user accounts ... 612 Detecting counterfeit new accounts and privileges ... 612 Detecting bad account passwords ... 614 Monitoring the fi lesystem ... 615 Verifying software packages ... 615 Scanning the fi lesystem ... 616 Detecting viruses and rootkits ... 618 Auditing and Reviewing Linux ...622 Conducting compliance reviews ...623 Conducting security reviews ...623 Summary ...624 Exercises ...624

Chapter 23: Understanding Advanced Linux Security . . . . 627

Implementing Linux Security with Cryptography ...627 Understanding hashing ...628 Understanding encryption/decryption ...630 Understanding cryptographic ciphers ...630 Understanding cryptographic cipher keys ...631 Understanding digital signatures ...637 Implementing Linux cryptography ...639 Ensuring fi le integrity ...639 Encrypting a Linux fi lesystem ...640 Encrypting a Linux directory ...642 Encrypting a Linux fi le...645 Encrypting Linux with miscellaneous tools ...645 Using Encryption from the Desktop ...646 Implementing Linux Security with PAM ...648 Understanding the PAM authentication process ...649 Understanding PAM contexts ...650 Understanding PAM control fl ags ... 651 Understanding PAM modules ...652 Understanding PAM system event confi guration fi les ...653 Administering PAM on your Linux system ...654 Managing PAM-aware application confi guration fi les ...654 Managing PAM system event confi guration fi les ...655 Implementing resources limits with PAM ...657 Implementing time restrictions with PAM ...658

Enforcing good passwords with PAM ...660 Encouraging sudo use with PAM ...664 Locking accounts with PAM ...665 Obtaining more information on PAM ...667 Summary ...668 Exercises ...668

Chapter 24: Enhancing Linux Security with SELinux . . . . 669

Understanding SELinux Benefi ts ...669 Understanding How SELinux Works ...671 Understanding type enforcement ...671 Understanding multi-level security ...672 Implementing SELinux security models ...673 Understanding SELinux operational modes ...673 Understanding SELinux security contexts ... 674 Understanding SELinux policy types ...677 Understanding SELinux policy rule packages ...678 Confi guring SELinux ...679 Setting the SELinux mode ...680 Setting the SELinux policy type ...682 Managing SELinux security contexts ...683 Managing the user security context ...684 Managing the fi le security context ...684 Managing the process security context ...685 Managing SELinux policy rule packages ...686 Managing SELinux via booleans ...688 Monitoring and Troubleshooting SELinux ...689 Understanding SELinux logging ...689 Reviewing SELinux messages in the audit log...690 Reviewing SELinux messages in the messages log ...690 Troubleshooting SELinux logging ...691 Troubleshooting common SELinux problems ...692 Using a nonstandard directory for a service ...692 Using a nonstandard port for a service ...693 Moving fi les and losing security context labels ...693 Booleans set incorrectly ...694 Putting It All Together ...694 Obtaining More Information on SELinux ...695 Summary ...695 Exercises ...696

Chapter 25: Securing Linux on a Network  . . . . 699

Auditing Network Services ...699 Evaluating access to network services with nmap ...701 Using nmap to audit your network services advertisements ...704

Controlling access to network services ...708 Working with Firewalls ...710 Understanding fi rewalls ...710 Implementing fi rewalls ... 711 Starting with fi rewalld ...712 Understanding the iptables utility ...713 Using the iptables utility...716 Summary ...724 Exercises ...724

Part VI: Extending Linux into the Cloud 727

Chapter 26: Using Linux for Cloud Computing  . . . . 729

Overview of Linux and Cloud Computing ...729 Cloud hypervisors (a.k.a. compute nodes) ...730 Cloud controllers ...730 Cloud storage ...731 Cloud authentication ...731 Cloud deployment and confi guration ...732 Cloud platforms ...732 Trying Basic Cloud Technology ...732 Setting Up a Small Cloud ...734 Confi guring hypervisors ...735 Step 1: Get Linux software ...735 Step 2: Check your computers ...735 Step 3: Install Linux on hypervisors ...736 Step 4: Start services on the hypervisors ...737 Step 5: Edit /etc/hosts or set up DNS ...738 Confi guring storage ...738 Step 1: Install Linux software ...738 Step 2: Confi gure NFS share ...739 Step 3: Start the NFS service ...739 Step 4: Mount the NFS share on the hypervisors ...740 Creating virtual machines ...740 Step 1: Get images to make virtual machines ... 741 Step 2: Check the network bridge ... 741 Step 3: Start Virtual Machine Manager (virt-manager) ... 741 Step 4: Check connection details ... 742 Step 5: Create a new virtual machine ... 743 Managing virtual machines ...744 Migrating virtual machines ... 745 Step 1: Identify other hypervisors... 745 Step 2: Migrate running VM to another hypervisor ...746 Summary ... 747

Chapter 27: Deploying Linux to the Cloud. . . 749

Getting Linux to Run in a Cloud ... 749 Creating Linux Images for Clouds ... 751 Confi guring and running a cloud-init cloud instance ... 751 Investigating the cloud instance ...753 Cloning the cloud instance ...754 Trying an Ubuntu cloud image ...756 Expanding your cloud-init confi guration ...757 Adding ssh keys with cloud-init ...757 Adding network interfaces with cloud-init ...758 Adding software with cloud-init ...758 Using cloud-init in enterprise computing ...759 Using OpenStack to Deploy Cloud Images ...760 Starting from the OpenStack Dashboard ... 761 Confi guring your OpenStack virtual network ... 761 Confi guring keys for remote access ... 763 Launching a virtual machine in OpenStack ...764 Accessing the virtual machine via ssh ...765 Using Amazon EC2 to Deploy Cloud Images ...765 Summary ...766

Part VII: Appendixes 769

Appendix A: Media  . . . . 771

Appendix B: Exercise Answers . . . . 781

Index . . . . 839

Introduction

Y

ou can’t learn Linux without using it.

I’ve come to that conclusion over more than a decade of teaching people to learn Linux. You can’t just read a book; you can’t just listen to a lecture. You need someone to guide you and you need to jump in and do it.

In 1999, Wiley published my Red Hat Linux Bible. The book’s huge success gave me the opportunity to become a full-time, independent Linux author. For about a decade, I wrote dozens of Linux books and explored the best ways to explain Linux from the quiet of my small home offi ce.

In 2008, I hit the road. I was hired by Red Hat, Inc., as a full-time instructor, teaching Linux to professional system administrators seeking Red Hat Certifi ed Engineer (RHCE) certifi cation. In my three years as a Linux instructor, I honed my teaching skills in front of live people whose Linux experience ranged from none to experienced professional.

In the previous edition, I turned my teaching experience into text to take a reader from someone who has never used Linux to someone with the skills to become a Linux professional. In this edi- tion, I set out to extend those skills into the cloud. The focus of this ninth edition of the Linux Bible can be summed up in these ways:

■ Beginner to certified professional: As long as you have used a computer, mouse, and keyboard, you can start with this book. I tell you how to get Linux, begin using it, step through critical topics, and ultimately excel at administering and securing it.

■ System administrator–focused: When you are fi nished with this book, you will know how to use Linux and how to modify and maintain it. All the topics needed to become a Red Hat Certifi ed Engineer are covered in this book. That said, many software developers have also used this book to understand how to work on a Linux system as a development platform or target for their applications.

■ Emphasis on command-line tools: Although point-and-click interfaces for managing Linux have improved greatly in recent years, many advanced features can only be utilized by typing commands and editing confi guration fi les manually. I teach you how to become profi cient with the Linux command-line shell and occasionally compare shell features with graphical tools for accomplishing the same tasks.

■ Aimed at fewer Linux distributions: In previous editions, I described about 18 different Linux distributions. With only a few notable exceptions, most popular Linux distributions are either Red Hat–based (Red Hat Enterprise Linux, Fedora, CentOS, and so on) or Debian- based (Ubuntu, Linux Mint, KNOPPIX, and so on). Although this book most thoroughly cov- ers Red Hat distributions, I have increased coverage of Ubuntu throughout in this edition

■ Many, many demos and exercises: Instead of just telling you what Linux does, I actually show you what it does. Then, to make sure you got it, you have the oppor- tunity to try exercises yourself. Every procedure and exercise has been tested to work in Fedora or Red Hat Enterprise Linux. Most work in Ubuntu as well.

■ Lead into cloud technologies: Linux is at the heart of most technological advances in cloud computing today. That means you need a solid understanding of Linux to work effectively in tomorrow’s data centers. Learn Linux basics in the front of this book. Then in the last few chapters, I demonstrate how you can try out Linux systems as hypervisors, cloud controllers, and virtual machines, as well as manage virtual networks and networked storage.

How This Book Is Organized

The book is organized to enable you to start off at the very beginning with Linux and grow to become a professional Linux system administrator and power user.

Part I, “Getting Started,” includes two chapters designed to help you understand what Linux is and get you started with a Linux desktop:

■ Chapter 1, “Starting with Linux,” covers topics such as what the Linux operating system is, where it comes from, and how to get started using it.

■ Chapter 2, “Creating the Perfect Linux Desktop,” provides information on how you can create a desktop system and use some of the most popular desktop features.

Part II, “Becoming a Linux Power User,” provides in-depth details on how to use the Linux shell, work with fi lesystems, manipulate text fi les, manage processes, and use shell scripts:

■ Chapter 3, “Using the Shell,” includes information on how to access a shell, run commands, recall commands (using history), and do tab completion. The chapter also describes how to use variables, aliases, and man pages (traditional Linux com- mand reference pages).

■ Chapter 4, “Moving around the Filesystem,” includes commands for listing, creat- ing, copying, and moving fi les and directories. More advanced topics in this chapter include fi lesystem security, such as fi le ownership, permissions, and access control lists.

■ Chapter 5, “Working with Text Files,” includes everything from basic text editors to tools for fi nding fi les and searching for text within fi les.

■ Chapter 6, “Managing Running Processes,” describes how to see what processes are running on your system and change those processes. Ways of changing processes include killing, pausing, and sending other types of signals.

■ Chapter 7, “Writing Simple Shell Scripts,” includes shell commands and functions you can gather together into a fi le to run as a command itself.

In Part III, “Becoming a Linux System Administrator,” you learn how to administer Linux systems:

■ Chapter 8, “Learning System Administration,” provides information on basic graphical tools, commands, and confi guration fi les for administering Linux systems.

■ Chapter 9, “Installing Linux,” covers common installation tasks, such as disk partitioning and initial software package selection, as well as more advanced installation tools, such as installing from kickstart fi les.

■ Chapter 10, “Getting and Managing Software,” provides an understanding of how software packages work and how to get and manage software packages.

■ Chapter 11, “Managing User Accounts,” discusses tools for adding and deleting users and groups, as well as how to centralize user account management.

■ Chapter 12, “Managing Disks and Filesystems,” provides information on adding partitions, creating fi lesystems, and mounting fi lesystems, as well as working with logical volume management.

In Part IV, “Becoming a Linux Server Administrator,” you learn to create powerful network servers and the tools needed to manage them:

■ Chapter 13, “Understanding Server Administration,” covers remote logging, monitoring tools, and the Linux boot process.

■ Chapter 14, “Administering Networking,” discusses how to confi gure networking.

■ Chapter 15, “Starting and Stopping Services,” provides information on starting and stopping services.

■ Chapter 16, “Confi guring a Print Server,” describes how to confi gure printers to use locally on your Linux system or over the network from other computers.

■ Chapter 17, “Confi guring a Web Server,” describes how to confi gure an Apache Web server.

■ Chapter 18, “Confi guring an FTP Server,” covers procedures for setting up a vsftpd FTP server that can be used to enable others to download fi les from your Linux system over the network.

■ Chapter 19, “Confi guring a Windows File Sharing (Samba) Server,” covers Windows fi le server confi guration with Samba.

■ Chapter 20, “Confi guring an NFS File Server,” describes how to use

Network File System features to share folders of fi les among systems over a network.

■ Chapter 21, “Troubleshooting Linux,” covers popular tools for troubleshooting your Linux system.

In Part V, “Learning Linux Security Techniques,” you learn how to secure your Linux sys- tems and services:

■ Chapter 22, “Understanding Basic Linux Security,” covers basic security concepts and techniques.

■ Chapter 23, “Understanding Advanced Linux Security,” provides information on using Pluggable Authentication Modules (PAM) and cryptology tools to tighten sys- tem security and authentication.

■ Chapter 24, “Enhancing Linux Security with SELinux,” shows you how to enable Security Enhanced Linux (SELinux) to secure system services.

■ Chapter 25, “Securing Linux on the Network,” covers network security features, such as firewalld and iptables fi rewalls, to secure system services.

Part VI, “Extending Linux into the Cloud,” takes you into cutting-edge cloud technologies:

■ Chapter 26, “Using Linux for Cloud Computing,” introduces concepts of cloud com- puting in Linux by describing how to set up hypervisors, build virtual machines, and share resources across networks.

■ Chapter 27, “Deploying Linux to the Cloud,” describes how to deploy Linux images to different cloud environments, including OpenStack, Amazon EC2, or a local Linux system confi gured for virtualization.

Part VII contains two appendixes to help you get the most from your exploration of Linux.

Appendix A, “Media,” provides guidance on downloading Linux distributions. Appendix B,

“Exercise Answers,” provides sample solutions to the exercises included in chapters 2 through 26.

Conventions Used in This Book

Throughout the book, special typography indicates code and commands. Commands and code are shown in a monospaced font:

This is how code looks.

In the event that an example includes both input and output, the monospaced font is still used, but input is presented in bold type to distinguish the two. Here’s an example:

$ ftp ftp.handsonhistory.com Name (home:jake): jake Password: ******

As for styles in the text:

■ New terms and important words appear in italics when introduced.

■ Keyboard strokes appear like this: Ctrl+A. This means to hold the Ctrl key as you

■ Filenames, URLs, and code within the text appear like so: persistence.

properties.

The following items call your attention to points that are particularly important.

A Note box provides extra information to which you need to pay special attention.

A Tip box shows a special way of performing a particular task.

A Caution box alerts you to take special care when executing a procedure, or damage to your computer hardware or software could result.

Jumping into Linux

If you are new to Linux, you might have vague ideas about what it is and where it came from. You may have heard something about it being free (as in cost) or free (as in freedom to use it as you please). Before you start putting your hands on Linux (which we will do soon enough), Chapter 1 seeks to answer some of your questions about the origins and fea- tures of Linux.

Take your time and work through this book to get up to speed on Linux and how you can make it work to meet your needs. This is your invitation to jump in and take the fi rst step to becoming a Linux expert!

Visit the Linux Bible website

To fi nd links to various Linux distributions, tips on gaining Linux certifi cation, and corrections to the book as they become available, go to http://www.wiley.com/go/linuxbible9 .

Part I

Getting Started

IN THIS PART

Chapter 1

Starting with Linux Chapter 2

Creating the Perfect Linux Desktop

Starting with Linux

IN THIS CHAPTER

Learning what Linux is Learning where Linux came from Choosing Linux distributions

Exploring professional opportunities with Linux Becoming certifi ed in Linux

L

inux is one of the most important technology advancements of the twenty-fi rst century.

Besides its impact on the growth of the Internet and its place as an enabling technology for a range of computer-driven devices, Linux development has been a model for how collaborative projects can surpass what single individuals and companies can do alone.

Google runs thousands upon thousands of Linux servers to power its search technology. Its Android phones are based on Linux. Likewise, when you download and run Google’s Chrome OS, you get a browser that is backed by a Linux operating system.

Facebook builds and deploys its site using what is referred to as a LAMP stack (Linux, Apache web server, MySQL database, and PHP web scripting language)—all open source projects. In fact, Facebook itself uses an open source development model, making source code for the applications and tools that drive Facebook available to the public. This model has helped Facebook shake out bugs quickly, get contributions from around the world, and fuel Facebook’s exponential growth.

Financial organizations that have trillions of dollars riding on the speed and security of their operating systems also rely heavily on Linux. These include the New York Stock Exchange, the Chicago Mercantile Exchange, and the Tokyo Stock Exchange.

As “cloud” continues to be one of the hottest buzzwords today, a part of the cloud that isn’t hype is that Linux and other open source technologies are the foundation on which today’s greatest cloud innovations are being built. Every software component you need to build a private or public cloud (such as hypervisors, cloud controllers, network storage, virtual networking, and authentication) is freely available for you to start using from the open source world.

1

The widespread adoption of Linux around the world has created huge demand for Linux expertise. This chapter starts you on a path to becoming a Linux expert by helping you understand what Linux is, where it came from, and what your opportunities are for becoming profi cient in it. The rest of this book provides you with hands-on activities to help you gain that expertise. Finally, I show you how you can apply that expertise to cloud technologies.

Understanding What Linux Is

Linux is a computer operating system. An operating system consists of the software that manages your computer and lets you run applications on it. The features that make up Linux and similar computer operating systems include the following:

■ Detecting and preparing hardware—When the Linux system boots up (when you turn on your computer), it looks at the components on your computer (CPU, hard drive, network cards, and so on) and loads the software (drivers and modules) needed to access those particular hardware devices.

■ Managing processes—The operating system must keep track of multiple processes running at the same time and decide which have access to the CPU and when. The system also must offer ways of starting, stopping, and changing the status of processes.

■ Managing memory—RAM and swap space (extended memory) must be allocated to applications as they need memory. The operating system decides how requests for memory are handled.

■ Providing user interfaces—An operating system must provide ways of accessing the system. The fi rst Linux systems were accessed from a command-line interpreter called a shell. Today, graphical desktop interfaces are commonly available as well.

■ Controlling filesystems—Filesystem structures are built into the operating system (or loaded as modules). The operating system controls ownership of and access to the fi les and directories (folders) that the fi lesystems contain.

■ Providing user access and authentication—Creating user accounts and allowing boundaries to be set between users is a basic feature of Linux. Separate user and group accounts enable users to control their own fi les and processes.

■ Offering administrative utilities—In Linux, hundreds (perhaps thousands) of commands and graphical windows are available to do such things as add users, manage disks, monitor the network, install software, and generally secure and manage your computer.

■ Starting up services—To use printers, handle log messages, and provide a variety of system and network services, processes called daemon processes run in the background, waiting for requests to come in. Many types of services run in Linux.

1

Linux provides different ways of starting and stopping these services. In other words, while Linux includes web browsers to view web pages, it can also be the computer that serves up web pages to others. Popular server features include web, mail, database, printer, fi le, DNS, and DHCP servers.

■ Programming tools—A wide variety of programming utilities for creating applications and libraries for implementing specialty interfaces are available with Linux.

As someone managing Linux systems, you need to learn how to work with those

features just described. While many features can be managed using graphical interfaces, an understanding of the shell command line is critical for someone administering Linux systems.

Modern Linux systems now go way beyond what the fi rst UNIX systems (on which Linux was based) could do. Advanced features in Linux, often used in large enterprises, include the following:

■ Clustering—Linux can be confi gured to work in clusters so that multiple systems can appear as one system to the outside world. Services can be confi gured to pass back and forth between cluster nodes, while appearing to those using the services that they are running without interruption.

■ Virtualization—To manage computing resources more effi ciently, Linux can run as a virtualization host. On that host, you could run other Linux systems, Microsoft Windows, BSD, or other operating systems as virtual guests. To the outside world, each of those virtual guests appears as a separate computer. KVM and Xen are two technologies in Linux for creating virtual hosts.

■ Cloud computing—To manage large-scale virtualization environments, you can use full-blown cloud computing platforms based on Linux. Projects such as OpenStack and Red Hat Enterprise Virtualization can simultaneously manage many virtualiza- tion hosts, virtual networks, user and system authentication, virtual guests, and networked storage.

■ Real-time computing—Linux can be confi gured for real-time computing, where high-priority processes can expect fast, predictable attention.

■ Specialized storage—Instead of just storing data on the computer’s hard disk, many specialized local and networked storage interfaces are available in Linux.

Shared storage devices available in Linux include iSCSI, Fibre Channel, and Infi niband. Entire open source storage platforms include projects such as Ceph (http://ceph.com) and GlusterFS (http://gluster.org).

Some of these advanced topics are not covered in this book. However, the features covered here for using the shell, working with disks, starting and stopping services, and confi g- uring a variety of servers should serve as a foundation for working with those advanced features.

Understanding How Linux Differs from Other Operating Systems

If you are new to Linux, chances are good that you have used a Microsoft Windows or Apple Mac OS operating system. Although Mac OS X has its roots in a free software operating system, referred to as the Berkeley Software Distribution (more on that later), operating systems from both Microsoft and Apple are considered proprietary operating systems. What that means is:

■ You cannot see the code used to create the operating system.

■ You, therefore, cannot change the operating system at its most basic levels if it doesn’t suit your needs—and you can’t use the operating system to build your own operating system from source code.

■ You cannot check the code to fi nd bugs, explore security vulnerabilities, or simply learn what that code is doing.

■ You may not be able to easily plug your own software into the operating system if the creators of that system don’t want to expose the programming interfaces you need to the outside world.

You might look at those statements about proprietary software and say, “What do I care? I’m not a software developer. I don’t want to see or change how my operating system is built.”

That may be true. But the fact that others can take free and open source software and use it as they please has driven the explosive growth of the Internet (think Google), mobile phones (think Android), special computing devices (think Tivo), and hundreds of technology companies. Free software has driven down computing costs and allowed for an explosion of innovation.

Maybe you don’t want to use Linux—as Google, Facebook, and other companies have done—

to build the foundation for a multi-billion-dollar company. But those and other companies who now rely on Linux to drive their computer infrastructures need more and more people with the skills to run those systems.

You may wonder how a computer system that is so powerful and fl exible has come to be free as well. To understand how that could be, you need to see where Linux came from. So the next section of this chapter describes the strange and winding path of the free software movement that led to Linux.

Exploring Linux History

Some histories of Linux begin with this message posted by Linus Torvalds to the comp.

os.minix newsgroup on August 25, 1991 (http://groups.google.com/group/comp.

os.minix/msg/b813d52cbc5a044b?pli=1):

1

Linus Benedict Torvalds

Hello everybody out there using minix -

I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is start- ing to get ready. I’d like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the fi le-system (due to practical reasons, among other things)…Any suggestions are welcome, but I won’t promise I’ll implement them :-)

Linus ([email protected].fi )

PS. Yes — it’s free of any minix code, and it has a multi-threaded fs. It is NOT protable [sic] (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that’s all I have :-(.

Minix was a UNIX-like operating system that ran on PCs in the early 1990s. Like Minix, Linux was also a clone of the UNIX operating system. With few exceptions, such as Microsoft Windows, most modern computer systems (including Mac OS X and Linux) were derived from UNIX operating systems, created originally by AT&T.

To truly appreciate how a free operating system could have been modeled after a proprietary system from AT&T Bell Laboratories, it helps to understand the culture in which UNIX was created and the chain of events that made the essence of UNIX possible to reproduce freely.

To learn more about how Linux was created, pick up the book Just for Fun: The Story of an Accidental Revolutionary by Linus Torvalds (HarperCollins Publishing, 2001).

Free-fl owing UNIX culture at Bell Labs

From the very beginning, the UNIX operating system was created and nurtured in a communal environment. Its creation was not driven by market needs, but by a desire to overcome impediments to producing programs. AT&T, which owned the UNIX trademark originally, eventually made UNIX into a commercial product, but by that time, many of the concepts (and even much of the early code) that made UNIX special had fallen into the public domain.

If you are not old enough to remember when AT&T split up in 1984, you may not remember a time when AT&T was “the” phone company. Up until the early 1980s, AT&T didn’t have to think much about competition because if you wanted a phone in the United States, you had to go to AT&T. It had the luxury of funding pure research projects. The mecca for such projects was the Bell Laboratories site in Murray Hill, New Jersey.

After a project called Multics failed in around 1969, Bell Labs employees Ken Thompson and Dennis Ritchie set off on their own to create an operating system that would offer an improved environment for developing software. Up to that time, most programs were written on punch cards that had to be fed in batches to mainframe computers. In a 1980 lecture on “The Evolution of the UNIX Time-sharing System,” Dennis Ritchie summed up the spirit that started UNIX:

What we wanted to preserve was not just a good environment in which to do programming, but a system around which a fellowship could form. We knew from experience that the essence of communal computing as supplied by

remote-access, time-shared machines is not just to type programs into a terminal instead of a keypunch, but to encourage close communication.

The simplicity and power of the UNIX design began breaking down barriers that, until this point, had impeded software developers. The foundation of UNIX was set with several key elements:

■ The UNIX filesystem—Because it included a structure that allowed levels of sub- directories (which, for today’s desktop users, looks like folders inside folders), UNIX could be used to organize the fi les and directories in intuitive ways. Furthermore, complex methods of accessing disks, tapes, and other devices were greatly simpli- fi ed by representing those devices as individual device fi les that you could also access as items in a directory.

■ Input/output redirection—Early UNIX systems also included input redirec- tion and pipes. From a command line, UNIX users could direct the output of a command to a fi le using a right-arrow key (>). Later, the concept of pipes (|) was added where the output of one command could be directed to the input of another command. For example, the following command line concatenates (cat) fi le1 and fi le2, sorts (sort) the lines in those fi les alphabetically, paginates the sorted text for printing (pr), and directs the output to the computer’s default printer (lpr):

$ cat file1 file2 | sort | pr | lpr

This method of directing input and output enabled developers to create their own specialized utilities that could be joined with existing utilities. This modularity made it possible for lots of code to be developed by lots of different people. A user could just put together the pieces as needed.

■ Portability—Simplifying the experience of using UNIX also led to it becoming extraordinarily portable to run on different computers. By having device drivers (represented by fi les in the fi lesystem tree), UNIX could present an interface to applications in such a way that the programs didn’t have to know about the details of the underlying hardware. To later port UNIX to another system, developers had only to change the drivers. The application programs didn’t have to change for different hardware!