Essential System Administration THIRD EDITION Essential System Administration Æleen Frisch Beijing • Cambridge • Farnham • Köln • Paris • Sebastopol • Taipei • Tokyo Essential System Administration, Third Edition by Æleen Frisch Copyright © 2002, 1995, 1991 O’Reilly Media, Inc. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’ReillyMedia,Inc.booksmaybepurchasedforeducational,business,orsalespromotionaluse. Onlineeditionsarealsoavailableformosttitles(safari.oreilly.com).Formoreinformationcontact our corporate/institutional sales department: (800) 998-9938 [email protected]. Editor: Michael Loukides Production Editor: Leanne Clarke Soylemez Cover Designer: Edie Freedman Interior Designer: David Futato Printing History: August 2002: Third Edition. September 1995: Second Edition. October 1991: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarksofO’ReillyMedia,Inc.EssentialSystemAdministration,ThirdEdition,theimageofan armadillo,andrelatedtradedressaretrademarksofO’ReillyMedia,Inc.Manyofthedesignations usedbymanufacturersandsellerstodistinguishtheirproductsareclaimedastrademarks.Where thosedesignationsappearinthisbook,andO’ReillyMedia,Inc.wasawareofatrademarkclaim, the designations have been printed in caps or initial caps. Whileeveryprecautionhasbeentakeninthepreparationofthisbook,thepublisherandauthor assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein. Library of Congress Cataloging-in-Publication Data Frisch, AEleen Essential System Administration/by AEleen Frisch.--3rd ed. p. cm. Includes index. ISBN 0-596-00343-9 ISBN13 978-0-596-00343-2 1. UNIX (Computer file) 2. Operating systems (Computers) I. Title. QA76.76.063 F75 2002 005.4'32--dc21 2002023321 [M] [05/07] For Frank Willison “Part of the problem is passive-aggressive behavior,mypetpeeveandbêtenoire,andIdon’t like it either. Everyone should get off their high horse,particularlyifthathorseismybêtenoire. We all have pressures on us, and nobody’s pressure is more important than anyone else’s.” *** “ThanksalsofornotlendingothersyourO’Reilly books.Letothersbuythem.Buyersrespecttheir books.Youseemtorecognizethat‘lend’and‘lose’ are synonyms where books are concerned. If I had been prudent like you, I would still have Volume 3 (Cats–Dorc) of the Encyclopedia Britannica.” Table of Contents Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi 1. Introduction to System Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Thinking About System Administration 3 Becoming Superuser 6 Communicating with Users 12 About Menus and GUIs 14 Where Does the Time Go? 31 2. The Unix Way . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Files 33 Processes 53 Devices 61 3. Essential Administrative Tools and Techniques . . . . . . . . . . . . . . . . . . . . . . . . 74 Getting the Most from Common Commands 74 Essential Administrative Techniques 90 4. Startup and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 About the Unix Boot Process 127 Initialization Files and Boot Scripts 151 Shutting Down a Unix System 169 Troubleshooting: Handling Crashes and Boot Failures 173 5. TCP/IP Networking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Understanding TCP/IP Networking 180 Adding a New Network Host 202 Network Testing and Troubleshooting 219 vii 6. Managing Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Unix Users and Groups 222 Managing User Accounts 237 Administrative Tools for Managing User Accounts 256 Administering User Passwords 277 User Authentication with PAM 302 LDAP: Using a Directory Service for User Authentication 313 7. Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 Prelude: What’s Wrong with This Picture? 331 Thinking About Security 332 User Authentication Revisited 339 Protecting Files and the Filesystem 348 Role-Based Access Control 366 Network Security 373 Hardening Unix Systems 387 Detecting Problems 391 8. Managing Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 Managing DNS Servers 414 Routing Daemons 452 Configuring a DHCP Server 457 Time Synchronization with NTP 469 Managing Network Daemons under AIX 475 Monitoring the Network 475 9. Electronic Mail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 About Electronic Mail 521 Configuring User Mail Programs 532 Configuring Access Agents 537 Configuring the Transport Agent 542 Retrieving Mail Messages 596 Mail Filtering with procmail 599 A Few Final Tools 614 10. Filesystems and Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 Filesystem Types 617 Managing Filesystems 621 viii | Table of Contents
Description: