While the command line remains the hearth and home of many sysadmins, GUI tools can do a thing or two.
One of the great challenges of Linux is that it can mean many things to many people. This is one of its great strengths too. Some people think of Linux as a distribution; a collection of software that makes a computer function. To others, Linux is nothing more than the kernel, the code that interfaces between programs and hardware. Even calling Linux an “operating system” is misleading. The term “Linux” is unambiguous when you’re talking about the kernel, but when you’re
talking about a distribution, it becomes more of a moving target. The contents of the various Linux distributions can vary quite a bit, and the fact that typical installation procedures offer tremendous flexibility in selecting exactly which operating system components are installed only compounds this effect. The difference between two Linux systems can be far more radical than with other flavors of UNIX. When you walk up to an unfamiliar Linux system, you never really know what you are going
to find. On the other hand, this variability also brings
flexibility, and Linux offers system administrators much more control over their system than many other UNIX variants.
The software that makes up the current Linux distributions comes from a variety of sources: the Linux kernel itself, commands and utilities created as part of the GNU (GNU’sNot Unix) project, other free UNIX software, programs and facilities written specifically for Linux, and other software created by the folks who put out the various distributions. Given all these different points of origin, it’s not surprising that it is hard to classify Linux in terms of the two dominant UNIX families: System V and BSD.
For those whose UNIX history is a little rusty, perhaps a quick refresher is in order. UNIX was originally written at AT&T’s Bell Labs in 1969. Bell Labs made the source code available to universities that were doing OS research, one of which was the University of California at Berkeley. AT&T and Berkeley each began developing their own variants of the original UNIX, and thus began the two separate branches of the UNIX family tree; System V from AT&T, and BSD (Berkeley Software Distribution) from UC Berkeley.
Table 1: Roots of Major Linux Facilities
| BSD|| Sys V|| Custom|
| Backup and restore|| *|| *|
| Booting || *|
| Common commands|| *|| *|| *|
| Disk partitioning|| *|
| Filesystems|| *|
| GUI system admin tools|| *|
| Networking|| *|| *|
| Paging/swapping|| *|
| Performance monitoring|| *|
| Printing|| *|
| Process priorities|| *|
| Shutdown|| *|
| System monitoring tools|| *|
| Users and Groups||*|
Linux developers have freely borrowed the best parts of either system, making Linux into something of a hybrid. From a system administration point of view, I would characterize Linux as about three-quarters BSD; but System V looms large in several major subsystems. Linux also contains much that is unique to it. Table 1 gives a summary of the origins of the major Linux administrative areas.
In this article I’ll give an overview of a few of the major administrative tasks and issues under Linux, organized as a walking tour of a typical system. The screen shots and command examples I use come from a system running Red Hat Linux 6.0.
The Basic Administrative Toolkit
System administrators manage the various system components on a Linux system by using the commands and configuration files that the operating system provides. Some of these can seem quite obscure to the novice administrator. Fortunately, there are a few graphical system administration tools that provide a menu and dialog-driven interface to the raw Linux commands and configuration settings. Among the most popular of these tools are linuxconf, LISA and YaST. My examples are based on linuxconf running in the GNOME environment (specifically GNOME version 1.16r1-1).
|Figure 1: The linuxconf main menu.|
Linuxconf’s main menu appears in Figure 1. The menu is divided into two primary sections, Config and Control. As you can see, common system administration options can be accessed from this tool. Most of the first-level options shown in Figure 1 can be expanded to reveal more specific sysadmin options.
GUI-based system administration facilities like linuxconf can make your job more convenient and efficient, especially if you are new to Linux. However, they are not panaceas. Accordingly, a couple of caveats about linuxconf and GUI system administration tools are in order. First, they are incomplete; for example, as of this writing, linuxconf is able to define new printers but can not manage them or the jobs within their associated queues, and it has no capability at all for managing processes (running programs).
Second, GUI tools bring risks along with their benefits because they make advanced system features accessible to a beginning administrator without emphasizing the subtleties and dangers associated with them or providing any but the most superficial error checking. An unskilled linuxconf user can use his LILO configuration features incorrectly and make the system unbootable. Finally and most importantly, mastering these tools is no substitute for truly understanding the workings of Linux. In the end, someone has to know how things really work; it should be you.
Finding Your Way Around
|Figure 2: Basic layout of the Linux filesystem.|
Most Linux distributions adhere to the Linux File System Standard, which defines the locations and purposes of system subdirectories (see http://www.pathname.com/fhs for more information). This scheme mirrors that of most modern UNIX operating systems, and much of it will be familiar to UNIX administrators. The basic Linux filesystem structure is illustrated in Figure 2. In this layout, the /dev directory holds the special files that are used to access system devices. The /bin and /sbin directories contain essential binaries (these are executable files) needed for the system boot process. General-purpose (bin) and administrative (sbin) commands are also stored in these directories. /lib holds the library files upon which these commands depend. On Linux systems, /etc contains a variety of files related to system configuration, but no command binaries. Often /etc files are organized via subsystem-specific subdirectories.
The bulk of the Linux system files are found under the /usr directory. For example /usr/bin, /usr/sbin,and /usr/lib hold general-purpose and administrative executables and their associated library files, respectively. The /usr/local subdirectory is made up of a similar tree but this directory is designed to hold software that is specific to the local system (in other words; Software that you’ve installed yourself, but that was not a part of the original distribution). Files that are modified under normal system operation are located within the /var — named for “varying” — subdirectory tree. System log files, files used by the printing subsystem, and lock files used by various subsystems are stored in the /var/log, /var/ spool, and /var/lock directories.
Linux systems also contain a few directories that may be unfamiliar to UNIX administrators. The /boot directory contains files used by LILO (Linux Loader), the program used to boot Linux. The /proc subdirectory tree contains information about current processes and other kernel data structures, organized as a file system. Text files within the tree hold the actual data, and their contents are updated automatically by the operating system. For example, the file /proc/ uptime contains two values: the amount of time since the system was last rebooted and the CPU time consumed by the idle process (both are expressed in seconds). The actual uptime command uses the first value to generate its familiar output, and other programs and scripts are free to make use of this data as well as the other information available under /proc.
The actual files and directories within the Linux filesystem are stored on various hard disk partitions. These partitions are activated and merged into the file system via a process known as “mounting,” which usually occurs automatically when the system boots. Once a partition is mounted, it is seamlessly merged into the overall system directory tree, and users don’t need to concern themselves with its actual location on disk.
Sometimes disk partitions need to be mounted or unmounted manually,or perhaps a new disk partition needs to be added to the filesystem. In cases like these, you’ll need to know that devices on Linux systems are accessed through a series of special files residing in the /dev directory. Disk partitions, for example, are accessed via special files with names in the form of /dev/hdxn (for IDE drives) and /dev/sdxn (SCSI), where x indicates the specific disk drive (beginning witha) and n is a number indicating the partition on that drive (beginning with 1). The special files /dev/ floppy and /dev/cdrom are links to the floppy and CD-ROM devices. Serial and parallel ports are accessed via the /dev/ttyn and /dev/lpnspecial files (here n again indicates the specific port).
Finally, the /dev/mouse special file is a link to the proper device for accessing the mouse.
|Figure 3: Viewing available disk space: A GUI version of df.|
You can see which disk partitions hold what part of the filesystem usinglinuxconf’s “Control=>Viewing system state=>System=>Disk usage” menu path; its results are illustrated in Figure 3. As its first line indicates, this dialog displays the output of the df command.
This system uses two disk partitions to hold its filesystem: the first partition on the first IDE disk, and the second partition on the second IDE disk. The directory sub-tree under /data resides on the latter, and the remainder of this system’s files reside on the former. The display also indicates the total size and amount of free space within each disk partition.
Note that you can also run the df command by hand (linuxconf is really overkill in this case). When you do, try including its -h option, which displays the numbers in more intuitive, human-readable units.
Linuxconf can also be used to mount or unmount disk partitions and to add new ones. To mount, use the “Control=>Control Panel=> Mount/Unmount file systems=> Control configured local drives” menu path. Once the list of defined local drives (these are formatted disk partitions with a defined location within the filesystem) is displayed, select the one you want and a mount/unmount dialog will appear. Be aware that the partition mounted as the rootdirectory cannot be unmounted while the system is running, and that other partitions can only be unmounted if there are no open files within them (in other words, when no one is currently using them).
|Figure 4: Configuring disk partitions.|
The “Config=>File systems=>Access local drive” menu path may be used to add a new disk partition to the filesystem and to modify the settings of partitions already in use. Its main display is illustrated in the upper dialog in Figure 4. This list displays the partition’s special file, mount point, format type, partition size, partition type and current mount status for each entry. For example, on this system, the directory tree under /data resides on the second partition on the second hard disk (as we’ve already seen), which is formatted in MS-DOS format. There are also entries in this list for mounting floppy disks and CD-ROMs.
Disk partitions within the filesystem are configured via the lower dialog in Figure 4. The illustration shows the second of its four panels. The Basepanel specifies the location of the partition and its mount point and other basic settings; the Displayed panel is used for specifying additional mount options for this partition. In this case, the selections indicate that it will be mounted automatically at system boots (Not mount at boot time unchecked) in read-write mode (Read only unchecked), that users with sufficient privilege are allowed to mount and unmount it (the second option), that programs residing on it may be run, but special files and SETUID programs are ignored (options 5 through 7) and that disk quotas are not in use (the final two check boxes). The two fields at the bottom of the dialog specify settings related to the dump backup facility and to the fsckfilesystem consistency checking utility.
The other two panels in the dialog can be used to specify the characteristics of other partitions. In addition, most networked Linux systems will also have remote filesystems mounted locally, which can be managed by Linuxconf. Note that all of this filesystem configuration information is stored in the /etc/fstab configuration file, which can be accessed via linuxconf.
Managing User Accounts
Administering user accounts is another area where linuxconf simplifies life for the system administrator. A user account consists of a user name and numeric user ID and a variety of other settings associated with these defining items: group memberships, home directory location, password and other security settings, etc. The actual data is stored in several different configurations files on the system: /etc/passwd defines the basic characteristics of each user account, /etc/shadow holds the encoded user passwords, /etc/groupcontains group definitions and supplementary group membership information-mation, and /etc/conf.linuxconf holds some user privilege information. The items under the “Config=> User accounts” menu path may be used to add and modify user accounts. The userconf utility also provides direct access to this portion of linuxconf, with a prettier initial screen.
|Figure 5: Modifying a user account.|
Figure 5 illustrates a user account in the process of being modified, in this case the account aefrisch. The leftmost dialog is the main window for userconf. The front dialog shows the Base info panel, and the dialog at the back left shows the Params panel.
The Base info panel specifies the contents of traditional passwd (/etc/ passwd) file fields: the username, the user’s full name, primary group membership, home directory, default shell, and numeric user ID (which can be assigned automatically when the user account is created). The panel also allows you to specify supplementary group memberships and whether this account is enabled or not. The contents of the group popup menu are derived from the group file /etc/ group, and the available command interpreters menu comes from the configuration file /etc/shells. In this case, we see that the owner of this account is Æleen Frisch, and that user aefrisch is a member of the chem group in addition to her primary group; her home directory
is located at /home/aefrisch, and her default shell is /bin/tcsh.
The other panels available from this window allow you to specify other account attributes. They contain fieldsholding this account’s password aging settings (Params panel), e-mail alias definitions (Mail aliases panel), and a substantial number of security-related settings, which vary according to the specific facilities installed on the local system (Privileges panel).
Linux’s password aging facility (derived from the shadow password package) allows the administrator to specify a variety of parameters controlling how often and under what conditions passwords may (or must) be modified. You can specify how often a password must be changed, how long a new password must be kept before it can be changed again (this setting prevents users from simply changing the password right back to its old value after they’ve been forced to change it), when advanced users are warned about upcoming password expiration, and an account expiration date and inactivity time period. The Params panel in this case shows the settings for an account where the user is not ever required to change her password and her account on the system never expires.
Printer management is an area where your GUI tool must be combined with the command line to get the job done. Linuxconf provides no support for printing at the moment; you must use the printtool utility instead. Printtool is very useful for setting up new printers, but it can’t handle day-to-day management of print queues and the jobs within them. If you want to manipulate an individual print job, you must use the familiar lpr, lpq, lprm commands, which spool a print job, list the contents of a print queue, and remove jobs from print queues, respectively.
Higher-level administration of the printing subsystem takes place in three distinct areas: the definition of the printers; the daemon process, which provides the required services to user and administrative commands; and the print queues, which hold jobs destined for each particular printer. The printtool utility can handle the first two of these. For example, the line printer daemon, lpd, is started automatically at boot time and is typically administered manually (it must occasionally be killed and restarted); If you don’t wish to do this manually, printtool’s “lpd=>Restart lpd” menupath will restart the daemon via a single step. The items on its Tests menu may be used to send various test output pages to a printer.
Listing One: Configuring your Printer
Printtool is most useful for setting up printers. At the lowest level, the print queues themselves are defined in the /etc/printcap configuration file. Listing One illustrates a sample entry defining the various characteristics of a print queue named matisse.This entry specifies the name of the print queue via the label on its initial line. Other attributes are specified via a series of colon-enclosed fields consisting of the (generally mysterious) attribute name, a character (usually =) that separates, and finally the value to be assigned to that attribute. In this case, the printcap entry specifies the location of this print queue’s spooling directory (/var/spool /lpd/lp), the maximum size (mx#) of a print job which may be sent to it (set here to 0, meaning that no limit is applied), the device to which the queue should send print jobs (here, located on the first parallel port: lp0), and the filter used to process print jobs before they are spooled to the actual device.
|Figure 6: Using the printtool utility to manage printers.|
Manually creating and editing printcap entries can be tedious and, as you can see from Figure 6, printtool greatly simplifies the process. The upper window displays the list of defined printers on this system. The left hand lower window shows the settings that correspond to the matisse print queue. They are much easier to create and modify in this form than in the raw printcap file format. The printtool facility is aware of the characteristics of a variety of popular printers and lets the system administrator specify settings by simply picking the appropriate printer type. In this case, we can see that the printer corresponding to print queue matisse is a Canon BJC-600 model.
The right hand lower window displays the settings for another printer named gaughin, a remote printer located on a remote system named mango which happens to be a Windows NT computer. It is accessed via the Samba facility, but the system administrator can set this up using a dialog similar to that of a local printer.
The third aspect of print subsystemmanagement consists of managing the printers and print queues on an ongoing basis. The lpc utility is designed for this purpose. Running the lpc command starts up the line printer control facility, which operates as a pseudo-shell accepting a series of internally defined subcommands. Most of them are focused on managing individual print queues. For example, the start and stop subcommands pause and restart printing from the queue specified as their argument (allowing the currently printing job to complete and new jobs to still be added to the queue while it is paused), while the enable and disablesubcommands control whether or not new jobs may be added to a queue (regardless of whether printing from it is active or not). The abort subcommand works like stop, but it also kills any currently printing job. The up and down subcommands are shortcut equivalents to enable then start and disable then stop, respectively.
The Linux version of lpc includes clean, which is not found in some other UNIXes. clean attempts to identify and remove unneeded junk files which may have accumulated within the spooling directories.
Startup and Shutdown
Finally, basic operations related to system startup and shutdown may also be performed from within the linuxconf tool. Before we consider them, some background information is in order. Once LILO, the Linux boot loader program, has started the kernel, higher levels of system initialization operations take place via the System V inittab-based configuration file scheme. This approach conceptually defines various operating system states as a series of run levels numbered from 0 to 9. On Linux systems, run level 0 represents a halted system, and run level 1 corresponds to single user mode (which may also be referred to as run level s or S). Run levels 2 and 3 correspond to a normally booted system,fully available to users, with and without networking enabled (respectively). Under run level 5, the system functions entirely in a graphical mode running the X Window System, placing system access and login authentication under the control of the window manager.
Run level 6 is special in that it initiates an immediate system reboot. Currently, run levels 4 and 7 through 9 are undefined and can be customized. The actions taken upon entering or leaving any given run level are specified in the /etc/inittab configuration file. Currently, you can use linuxconf to specify the default run level via the “Config=>Miscellaneous services=>Initial system services” menu path. You can also specify the operation of the LILO boot loader via the items under the “Config=> boot mode=>Lilo menu” path. (For more on inittab, see this month’s Guru Guidance. -Ed.)
A system shutdown can also be initiated from linuxconf, via the Control=>Control panel=>Shutdown/Reboot” menu path. It lets you specify the amount of time before the shutdown occurs, whether the shutdown should be followed by a reboot or by halting the system, and the shutdown message you send to your users.
When you are not concerned with informing users in advance, the fastest way to change run levels on a Linux system is to use the telinit command, which takes the new target run level at its argument. For example, telinit 6 is a quick way to initiate a system reboot.
We will conclude this article by considering the most important topic of all: how to get help. While Linux provides the usual man command traditionally found on UNIX systems, you may be disconcerted to discover that the man pages for many commands inform you that they are no longer the authoritative source of information. In these cases, use the info command instead. This facility is a slightly more sophisticated version of man that lets you jump to a specific point within a page of documentation (run the info info command to learn more). And don’t neglect the myriad of readme, faq, how-to and other documentation files provided with every Linux distribution. Use the GUI configuration tools to get started with Linux system administration, but don’t be afraid to learn more about the guts of how things work. Above all, have some fun as you go.
Æleen Frisch is the author of O’Reilly & Associates’ Essential System Administration. She can be reached at email@example.com.