Deployment Guide

Deployment Guide

Red Hat Enterprise Linux

Copyright © 2007 Red Hat, Inc.

Legal Notice

January 2008

Revision History
Revision 5.0.0-20 Wed Feb 07 2007 Michael Hideo
 Smith
Resolves: #223810
Fix complete. English only
Revision 5.0.0-17 Thu Jan 23 2007 Michael Hideo
 Smith
Resolves: #223924
Translation Build Chain Development
Revision 5.0.0-15 Thu Jan 18 2007 Jeff
 Fearn
Resolves: #222997
Fix Repeated entries in change log
Revision 5.0.0-14 Thu Jan 9 2007 Michael Hideo
 Smith
Resolves: #221247
Fix to broken rpm
Revision 5.0.0-13 Thu Jan 04 2007 Michael Hideo
 Smith
Resolves: #221247
Fix to broken rpm
Revision 5.0.0-12 Thu Dec 21 2006 Michael Hideo
 Smith
Resolves: #218359
Includes translations and content revisions.
Abstract

This Deployment Guide documents relevant information regarding the deployment, configuration and administration of Red Hat Enterprise Linux 5.0

Introduction
1. Document Conventions
2. Send in Your Feedback
I. File Systems
1. File System Structure
1.1. Why Share a Common Structure?
1.2. Overview of File System Hierarchy Standard (FHS)
1.2.1. FHS Organization
1.3. Special File Locations Under Red Hat Enterprise Linux
2. The ext3 File System
2.1. Features of ext3
2.2. Creating an ext3 File System
2.3. Converting to an ext3 File System
2.4. Reverting to an ext2 File System
3. The proc File System
3.1. A Virtual File System
3.1.1. Viewing Virtual Files
3.1.2. Changing Virtual Files
3.2. Top-level Files within the proc File System
3.2.1. /proc/apm
3.2.2. /proc/buddyinfo
3.2.3. /proc/cmdline
3.2.4. /proc/cpuinfo
3.2.5. /proc/crypto
3.2.6. /proc/devices
3.2.7. /proc/dma
3.2.8. /proc/execdomains
3.2.9. /proc/fb
3.2.10. /proc/filesystems
3.2.11. /proc/interrupts
3.2.12. /proc/iomem
3.2.13. /proc/ioports
3.2.14. /proc/kcore
3.2.15. /proc/kmsg
3.2.16. /proc/loadavg
3.2.17. /proc/locks
3.2.18. /proc/mdstat
3.2.19. /proc/meminfo
3.2.20. /proc/misc
3.2.21. /proc/modules
3.2.22. /proc/mounts
3.2.23. /proc/mtrr
3.2.24. /proc/partitions
3.2.25. /proc/pci
3.2.26. /proc/slabinfo
3.2.27. /proc/stat
3.2.28. /proc/swaps
3.2.29. /proc/sysrq-trigger
3.2.30. /proc/uptime
3.2.31. /proc/version
3.3. Directories within /proc/
3.3.1. Process Directories
3.3.2. /proc/bus/
3.3.3. /proc/driver/
3.3.4. /proc/fs
3.3.5. /proc/ide/
3.3.6. /proc/irq/
3.3.7. /proc/net/
3.3.8. /proc/scsi/
3.3.9. /proc/sys/
3.3.10. /proc/sysvipc/
3.3.11. /proc/tty/
3.4. Using the sysctl Command
3.5. Additional Resources
3.5.1. Installed Documentation
3.5.2. Useful Websites
4. Redundant Array of Independent Disks (RAID)
4.1. What is RAID?
4.2. Who Should Use RAID?
4.3. Hardware RAID versus Software RAID
4.3.1. Hardware RAID
4.3.2. Software RAID
4.4. RAID Levels and Linear Support
4.5. Configuring Software RAID
4.5.1. Creating the RAID Partitions
4.5.2. Creating the RAID Devices and Mount Points
5. Swap Space
5.1. What is Swap Space?
5.2. Adding Swap Space
5.2.1. Extending Swap on an LVM2 Logical Volume
5.2.2. Creating an LVM2 Logical Volume for Swap
5.2.3. Creating a Swap File
5.3. Removing Swap Space
5.3.1. Reducing Swap on an LVM2 Logical Volume
5.3.2. Removing an LVM2 Logical Volume for Swap
5.3.3. Removing a Swap File
5.4. Moving Swap Space
6. Managing Disk Storage
6.1. Standard Partitions using parted
6.1.1. Viewing the Partition Table
6.1.2. Creating a Partition
6.1.3. Removing a Partition
6.1.4. Resizing a Partition
6.2. LVM Partition Management
7. Implementing Disk Quotas
7.1. Configuring Disk Quotas
7.1.1. Enabling Quotas
7.1.2. Remounting the File Systems
7.1.3. Creating the Quota Database Files
7.1.4. Assigning Quotas per User
7.1.5. Assigning Quotas per Group
7.1.6. Setting the Grace Period for Soft Limits
7.2. Managing Disk Quotas
7.2.1. Enabling and Disabling
7.2.2. Reporting on Disk Quotas
7.2.3. Keeping Quotas Accurate
7.3. Additional Resources
7.3.1. Installed Documentation
7.3.2. Related Books
8. Access Control Lists
8.1. Mounting File Systems
8.1.1. NFS
8.2. Setting Access ACLs
8.3. Setting Default ACLs
8.4. Retrieving ACLs
8.5. Archiving File Systems With ACLs
8.6. Compatibility with Older Systems
8.7. Additional Resources
8.7.1. Installed Documentation
8.7.2. Useful Websites
9. LVM (Logical Volume Manager)
9.1. What is LVM?
9.1.1. What is LVM2?
9.2. LVM Configuration
9.3. Automatic Partitioning
9.4. Manual LVM Partitioning
9.4.1. Creating the /boot/ Partition
9.4.2. Creating the LVM Physical Volumes
9.4.3. Creating the LVM Volume Groups
9.4.4. Creating the LVM Logical Volumes
9.5. Using the LVM utility system-config-lvm
9.5.1. Utilizing uninitialized entities
9.5.2. Adding Unallocated Volumes to a volume group
9.5.3. Migrating extents
9.5.4. Adding a new hard disk using LVM
9.5.5. Adding a new volume group
9.5.6. Extending a volume group
9.5.7. Editing a Logical Volume
9.6. Additional Resources
9.6.1. Installed Documentation
9.6.2. Useful Websites
II. Package Management
10. Package Management with RPM
10.1. RPM Design Goals
10.2. Using RPM
10.2.1. Finding RPM Packages
10.2.2. Installing
10.2.3. Uninstalling
10.2.4. Upgrading
10.2.5. Freshening
10.2.6. Querying
10.2.7. Verifying
10.3. Checking a Package's Signature
10.3.1. Importing Keys
10.3.2. Verifying Signature of Packages
10.4. Practical and Common Examples of RPM Usage
10.5. Additional Resources
10.5.1. Installed Documentation
10.5.2. Useful Websites
10.5.3. Related Books
11. Package Management Tool
11.1. Listing and Analyzing Packages
11.2. Installing and Removing Packages
12. Red Hat Network
III. Network-Related Configuration
13. Network Interfaces
13.1. Network Configuration Files
13.2. Interface Configuration Files
13.2.1. Ethernet Interfaces
13.2.2. IPsec Interfaces
13.2.3. Channel Bonding Interfaces
13.2.4. Alias and Clone Files
13.2.5. Dialup Interfaces
13.2.6. Other Interfaces
13.3. Interface Control Scripts
13.4. Network Function Files
13.5. Additional Resources
13.5.1. Installed Documentation
14. Network Configuration
14.1. Overview
14.2. Establishing an Ethernet Connection
14.3. Establishing an ISDN Connection
14.4. Establishing a Modem Connection
14.5. Establishing an xDSL Connection
14.6. Establishing a Token Ring Connection
14.7. Establishing a Wireless Connection
14.8. Managing DNS Settings
14.9. Managing Hosts
14.10. Working with Profiles
14.11. Device Aliases
14.12. Saving and Restoring the Network Configuration
15. Controlling Access to Services
15.1. Runlevels
15.2. TCP Wrappers
15.2.1. xinetd
15.3. Services Configuration Tool
15.4. ntsysv
15.5. chkconfig
15.6. Additional Resources
15.6.1. Installed Documentation
15.6.2. Useful Websites
16. Berkeley Internet Name Domain (BIND)
16.1. Introduction to DNS
16.1.1. Nameserver Zones
16.1.2. Nameserver Types
16.1.3. BIND as a Nameserver
16.2. /etc/named.conf
16.2.1. Common Statement Types
16.2.2. Other Statement Types
16.2.3. Comment Tags
16.3. Zone Files
16.3.1. Zone File Directives
16.3.2. Zone File Resource Records
16.3.3. Example Zone File
16.3.4. Reverse Name Resolution Zone Files
16.4. Using rndc
16.4.1. Configuring /etc/named.conf
16.4.2. Configuring /etc/rndc.conf
16.4.3. Command Line Options
16.5. Advanced Features of BIND
16.5.1. DNS Protocol Enhancements
16.5.2. Multiple Views
16.5.3. Security
16.5.4. IP version 6
16.6. Common Mistakes to Avoid
16.7. Additional Resources
16.7.1. Installed Documentation
16.7.2. Useful Websites
16.7.3. Related Books
17. OpenSSH
17.1. Features of SSH
17.1.1. Why Use SSH?
17.2. SSH Protocol Versions
17.3. Event Sequence of an SSH Connection
17.3.1. Transport Layer
17.3.2. Authentication
17.3.3. Channels
17.4. Configuring an OpenSSH Server
17.4.1. Requiring SSH for Remote Connections
17.5. OpenSSH Configuration Files
17.6. Configuring an OpenSSH Client
17.6.1. Using the ssh Command
17.6.2. Using the scp Command
17.6.3. Using the sftp Command
17.7. More Than a Secure Shell
17.7.1. X11 Forwarding
17.7.2. Port Forwarding
17.7.3. Generating Key Pairs
17.8. Additional Resources
17.8.1. Installed Documentation
17.8.2. Useful Websites
18. Network File System (NFS)
18.1. How It Works
18.1.1. Required Services
18.2. NFS Client Configuration
18.2.1. Mounting NFS File Systems using /etc/fstab
18.3. autofs
18.3.1. What's new in autofs version 5?
18.3.2. autofs Configuration
18.3.3. autofs Common Tasks
18.4. Common NFS Mount Options
18.5. Starting and Stopping NFS
18.6. NFS Server Configuration
18.6.1. Exporting or Sharing NFS File Systems
18.6.2. Command Line Configuration
18.6.3. Hostname Formats
18.7. The /etc/exports Configuration File
18.7.1. The exportfs Command
18.8. Securing NFS
18.8.1. Host Access
18.8.2. File Permissions
18.9. NFS and portmap
18.9.1. Troubleshooting NFS and portmap
18.10. Using NFS over TCP
18.11. Additional Resources
18.11.1. Installed Documentation
18.11.2. Useful Websites
18.11.3. Related Books
19. Samba
19.1. Introduction to Samba
19.1.1. Samba Features
19.2. Samba Daemons and Related Services
19.2.1. Samba Daemons
19.3. Connecting to a Samba Share
19.3.1. Command Line
19.3.2. Mounting the Share
19.4. Configuring a Samba Server
19.4.1. Graphical Configuration
19.4.2. Command Line Configuration
19.4.3. Encrypted Passwords
19.5. Starting and Stopping Samba
19.6. Samba Server Types and the smb.conf File
19.6.1. Stand-alone Server
19.6.2. Domain Member Server
19.6.3. Domain Controller
19.7. Samba Security Modes
19.7.1. User-Level Security
19.7.2. Share-Level Security
19.8. Samba Account Information Databases
19.9. Samba Network Browsing
19.9.1. Domain Browsing
19.9.2. WINS (Windows Internetworking Name Server)
19.10. Samba with CUPS Printing Support
19.10.1. Simple smb.conf Settings
19.11. Samba Distribution Programs
19.12. Additional Resources
19.12.1. Installed Documentation
19.12.2. Related Books
19.12.3. Useful Websites
20. Dynamic Host Configuration Protocol (DHCP)
20.1. Why Use DHCP?
20.2. Configuring a DHCP Server
20.2.1. Configuration File
20.2.2. Lease Database
20.2.3. Starting and Stopping the Server
20.2.4. DHCP Relay Agent
20.3. Configuring a DHCP Client
20.4. Additional Resources
20.4.1. Installed Documentation
21. Apache HTTP Server
21.1. Apache HTTP Server 2.2
21.1.1. Features of Apache HTTP Server 2.2
21.2. Migrating Apache HTTP Server Configuration Files
21.2.1. Migrating Apache HTTP Server 2.0 Configuration Files
21.2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.0
21.3. Starting and Stopping httpd
21.4. Apache HTTP Server Configuration
21.4.1. Basic Settings
21.4.2. Default Settings
21.5. Configuration Directives in httpd.conf
21.5.1. General Configuration Tips
21.5.2. Configuration Directives for SSL
21.5.3. MPM Specific Server-Pool Directives
21.6. Adding Modules
21.7. Virtual Hosts
21.7.1. Setting Up Virtual Hosts
21.8. Apache HTTP Secure Server Configuration
21.8.1. An Overview of Security-Related Packages
21.8.2. An Overview of Certificates and Security
21.8.3. Using Pre-Existing Keys and Certificates
21.8.4. Types of Certificates
21.8.5. Generating a Key
21.8.6. How to configure the server to use the new key
21.9. Additional Resources
21.9.1. Useful Websites
22. FTP
22.1. The File Transport Protocol
22.1.1. Multiple Ports, Multiple Modes
22.2. FTP Servers
22.2.1. vsftpd
22.3. Files Installed with vsftpd
22.4. Starting and Stopping vsftpd
22.4.1. Starting Multiple Copies of vsftpd
22.5. vsftpd Configuration Options
22.5.1. Daemon Options
22.5.2. Log In Options and Access Controls
22.5.3. Anonymous User Options
22.5.4. Local User Options
22.5.5. Directory Options
22.5.6. File Transfer Options
22.5.7. Logging Options
22.5.8. Network Options
22.6. Additional Resources
22.6.1. Installed Documentation
22.6.2. Useful Websites
23. Email
23.1. Email Protocols
23.1.1. Mail Transport Protocols
23.1.2. Mail Access Protocols
23.2. Email Program Classifications
23.2.1. Mail Transport Agent
23.2.2. Mail Delivery Agent
23.2.3. Mail User Agent
23.3. Mail Transport Agents
23.3.1. Sendmail
23.3.2. Postfix
23.3.3. Fetchmail
23.4. Mail Transport Agent (MTA) Configuration
23.5. Mail Delivery Agents
23.5.1. Procmail Configuration
23.5.2. Procmail Recipes
23.6. Mail User Agents
23.6.1. Securing Communication
23.7. Additional Resources
23.7.1. Installed Documentation
23.7.2. Useful Websites
23.7.3. Related Books
24. Lightweight Directory Access Protocol (LDAP)
24.1. Why Use LDAP?
24.1.1. OpenLDAP Features
24.2. LDAP Terminology
24.3. OpenLDAP Daemons and Utilities
24.3.1. NSS, PAM, and LDAP
24.3.2. PHP4, LDAP, and the Apache HTTP Server
24.3.3. LDAP Client Applications
24.4. OpenLDAP Configuration Files
24.5. The /etc/openldap/schema/ Directory
24.6. OpenLDAP Setup Overview
24.6.1. Editing /etc/openldap/slapd.conf
24.7. Configuring a System to Authenticate Using OpenLDAP
24.7.1. PAM and LDAP
24.7.2. Migrating Old Authentication Information to LDAP Format
24.8. Migrating Directories from Earlier Releases
24.9. Additional Resources
24.9.1. Installed Documentation
24.9.2. Useful Websites
24.9.3. Related Books
25. Authentication Configuration
25.1. User Information
25.2. Authentication
25.3. Options
25.4. Command Line Version
IV. System Configuration
26. Console Access
26.1. Disabling Shutdown Via Ctrl-Alt-Del
26.2. Disabling Console Program Access
26.3. Defining the Console
26.4. Making Files Accessible From the Console
26.5. Enabling Console Access for Other Applications
26.6. The floppy Group
27. The sysconfig Directory
27.1. Files in the /etc/sysconfig/ Directory
27.1.1. /etc/sysconfig/amd
27.1.2. /etc/sysconfig/apmd
27.1.3. /etc/sysconfig/arpwatch
27.1.4. /etc/sysconfig/authconfig
27.1.5. /etc/sysconfig/autofs
27.1.6. /etc/sysconfig/clock
27.1.7. /etc/sysconfig/desktop
27.1.8. /etc/sysconfig/dhcpd
27.1.9. /etc/sysconfig/exim
27.1.10. /etc/sysconfig/firstboot
27.1.11. /etc/sysconfig/gpm
27.1.12. /etc/sysconfig/hwconf
27.1.13. /etc/sysconfig/i18n
27.1.14. /etc/sysconfig/init
27.1.15. /etc/sysconfig/ip6tables-config
27.1.16. /etc/sysconfig/iptables-config
27.1.17. /etc/sysconfig/irda
27.1.18. /etc/sysconfig/keyboard
27.1.19. /etc/sysconfig/kudzu
27.1.20. /etc/sysconfig/named
27.1.21. /etc/sysconfig/netdump
27.1.22. /etc/sysconfig/network
27.1.23. /etc/sysconfig/nfs
27.1.24. /etc/sysconfig/ntpd
27.1.25. /etc/sysconfig/radvd
27.1.26. /etc/sysconfig/samba
27.1.27. /etc/sysconfig/selinux
27.1.28. /etc/sysconfig/sendmail
27.1.29. /etc/sysconfig/spamassassin
27.1.30. /etc/sysconfig/squid
27.1.31. /etc/sysconfig/system-config-securitylevel
27.1.32. /etc/sysconfig/system-config-selinux
27.1.33. /etc/sysconfig/system-config-users
27.1.34. /etc/sysconfig/system-logviewer
27.1.35. /etc/sysconfig/tux
27.1.36. /etc/sysconfig/vncservers
27.1.37. /etc/sysconfig/xinetd
27.2. Directories in the /etc/sysconfig/ Directory
27.3. Additional Resources
27.3.1. Installed Documentation
28. Date and Time Configuration
28.1. Time and Date Properties
28.2. Network Time Protocol (NTP) Properties
28.3. Time Zone Configuration
29. Keyboard Configuration
30. The X Window System
30.1. The X11R7.1 Release
30.2. Desktop Environments and Window Managers
30.2.1. Desktop Environments
30.2.2. Window Managers
30.3. X Server Configuration Files
30.3.1. xorg.conf
30.4. Fonts
30.4.1. Fontconfig
30.4.2. Core X Font System
30.5. Runlevels and X
30.5.1. Runlevel 3
30.5.2. Runlevel 5
30.6. Additional Resources
30.6.1. Installed Documentation
30.6.2. Useful Websites
31. X Window System Configuration
31.1. Display Settings
31.2. Display Hardware Settings
31.3. Dual Head Display Settings
32. Users and Groups
32.1. User and Group Configuration
32.1.1. Adding a New User
32.1.2. Modifying User Properties
32.1.3. Adding a New Group
32.1.4. Modifying Group Properties
32.2. User and Group Management Tools
32.2.1. Command Line Configuration