Professional Documents
Culture Documents
at info@pcb.gov.pk
Table of Contents
1.Steps to Get You Started 1.1. Is Your Hardware Compatible? 1.2. Do You Have Enough Disk Space? 1.3. Can You Install Using the CD-ROM or DVD 1.3.1. Alternative Boot Methods 1.3.2. Making an Installation Boot CD-ROM 1.4. Preparing for a Hard Drive Installation 2. Installing on Intel and AMD Systems 2.1. The Graphical Installation Program User Interface 2.1.1. A Note about Virtual Consoles 2.2. The Text Mode Installation Program User Interface 2.2.1. Using the Keyboard to Navigate 2.3. Starting the Installation Program 2.3.1. Booting the Installation Program on x86, AMD64, and Intel 64 Systems 2.3.2. Booting the Installation Program on Itanium Systems 2.3.3. Additional Boot Options 2.4. Selecting an Installation Method 2.5. Installing from DVD/CD-ROM 2.5.1. What If the IDE CD-ROM Was Not Found? 2.6. Installing from a Hard Drive 2.7. Welcome to Red Hat Enterprise Linux 2.8. Language Selection 2.9. Keyboard Configuration 2.10. Enter the Installation Number 2.11. Disk Partitioning Setup 2.12. Advanced Storage Options 2.13. Create Default Layout 2.14. Partitioning Your System 2.14.1. Graphical Display of Hard Drive(s) 2.14.2. Disk Druid's Buttons 1 1 1 1 2 2 3 5 5 6 7 9 9 10 11 12 14 15 15 16 17 17 18 19 20 22 24 26 27 28
I
2.14.3. Partition Fields 2.14.4. Recommended Partitioning Scheme 2.14.5. Adding Partitions 2.14.6. Editing Partitions 2.14.7. Deleting a Partition 2.15. x86, AMD64, and Intel 64 Boot Loader Configuration 2.15.1. Advanced Boot Loader Configuration 2.15.2. Rescue Mode 2.15.3. Alternative Boot Loaders 2.15.4. SMP Motherboards and GRUB 2.16. Time Zone Configuration 2.17. Set Root Password 2.18. Package Group Selection 2.19. Preparing to Install 2.19.1. Prepare to Install 2.20. Installing Packages 2.21. Installation Complete 2.22.Itanium Systems Booting Your Machine and PostInstallation Setup 2.22.1. Post-Installation Boot Loader Options 2.22.2. Booting Red Hat Enterprise Linux Automatically 3. Removing Red Hat Enterprise Linux 4. Troubleshooting Installation on an Intel or AMD System 4.1. You are Unable to Boot Red Hat Enterprise Linux 4.1.1. Are You Unable to Boot With Your RAID Card? 4.1.2. Is Your System Displaying Signal 11 Errors? 4.2. Trouble Beginning the Installation 4.2.1. Problems with Booting into the Graphical Installation 4.3. Trouble During the Installation 4.3.1. No devices found to install Red Hat Enterprise Linux Error Message 4.3.2. Saving Traceback Messages Without a Diskette Drive 4.3.3. Trouble with Partition Tables 4.3.4. Using Remaining Space
29 30 33 35 36 36 38 40 41 42 42 43 45 47 47 48 48 49 49 50 53 55 55 55 55 56 56 57 57 57 57 58
II
4.3.5. Other Partitioning Problems 4.3.6. Other Partitioning Problems for Itanium System Users 4.3.7. Are You Seeing Python Errors? 4.4. Problems After Installation 4.4.1. Trouble With the Graphical GRUB Screen on an x86based System? 4.4.2. Booting into a Graphical Environment 4.4.3. Problems with the X Window System (GUI) 4.4.4. Problems with the X Server Crashing and Non-Root Users 4.4.5. Problems When You Try to Log In 4.4.6. Is Your RAM Not Being Recognized? 4.4.7. Your Printer Does Not Work 4.4.8. Problems with Sound Configuration 4.4.9. Apache-based httpd service/Sendmail Hangs During Startup 5. The GRUB Boot Loader 5.1. Boot Loaders and System Architecture 5.2. GRUB 5.2.1. GRUB and the x86 Boot Process 5.2.2. Features of GRUB 5.3. Installing GRUB 5.4. GRUB Terminology 5.4.1. Device Names 5.4.2. File Names and Block lists 5.4.3. The Root File System and GRUB 5.5. GRUB Interfaces 5.5.1. Interfaces Load Order 5.6. GRUB Commands 5.7. GRUB Menu Configuration File 5.7.1. Configuration File Structure 5.7.2. Configuration File Directives 5.8. Changing Run levels at Boot Time 5.9. Additional Resources 5.9.1. Installed Documentation
58 58 59 60 60 61 62 62 63 64 65 65 65 66 66 66 67 68 68 69 69 71 72 72 73 74 76 76 77 79 79 79
III
79
81 81 82 82 83 83 84 85 85 86 86 87 87 88 89 91 92 92 95 95 96 96 97 97 98 99 99 100 101 102
IV
9.2.1. Finding RPM Packages 9.2.2. Installing 9.2.3. Uninstalling 9.2.4. Upgrading 9.2.5. Freshening 9.2.6. Querying 9.2.7. Verifying 9.3. Checking a Package's Signature 9.3.1. Importing Keys 9.3.2. Verifying Signature of Packages 9.4. Practical and Common Examples of RPM Usage 9.5. Additional Resources 9.5.1. Installed Documentation 9.5.2. Useful Websites 9.5.3. Related Books 10. Network File System (NFS) 10.1. How It Works 10.1.1. Required Services 10.2. NFS Client Configuration 10.2.1. Mounting NFS File Systems using /etc/fstab 10.3. autofs 10.3.1. What's new in autofsversion 5? 10.3.2. autofsConfiguration 10.3.3. autofsCommon Tasks 10.4. Common NFS Mount Options 10.5. Starting and Stopping NFS 10.6. NFS Server Configuration 10.6.1. Exporting or Sharing NFS File Systems 10.6.2. Command Line Configuration 10.6.3. Hostname Formats 10.7. The /etc/exportsConfiguration File 10.7.1. The exportfsCommand 10.8. Securing NFS
102 102 105 105 106 107 108 109 110 110 111 113 113 113 113 114 114 115 116 117 118 119 120 122 127 129 130 131 135 136 137 140 142
V
10.8.1. Host Access 10.8.2. File Permissions 10.9. NFS and portmap 10.9.1. Troubleshooting NFS and portmap 10.10. Using NFS over TCP 10.11. Additional Resources 10.11.1. Installed Documentation 10.11.2. Useful Websites 10.11.3. Related Books 11. Samba 11.1. Introduction to Samba 11.1.1. Samba Features 11.2. Samba Daemons and Related Services 11.2.1. Samba Daemons 12. Date and Time Configuration 12.1. Time and Date Properties 12.2. Network Time Protocol (NTP) Properties 12.3. Time Zone Configuration 13. The X Window System 13.1. The X11R7.1 Release 13.2. Desktop Environments and Window Managers 13.2.1. Desktop Environments 13.2.2. Window Managers 13.3. X Server Configuration Files 13.3.1. xorg.conf 13.4. Fonts 13.4.1. Fontconfig 13.4.2. Core X Font System 13.5. Runlevels and X 13.5.1. Runlevel 3 13.5.2. Runlevel 5 14. X Window System Configuration 14.1. Display Settings
142 144 144 145 146 147 147 148 148 149 149 149 150 150 151 152 154 155 157 157 158 159 159 161 162 172 173 174 177 177 178 180 180
VI
14.2. Display Hardware Settings 14.3. Dual Head Display Settings 15. Users and Groups 15.1. User and Group Configuration 15.1.1. Adding a New User 15.1.2. Modifying User Properties 15.1.3. Adding a New Group 15.1.4. Modifying Group Properties 15.2. User and Group Management Tools 15.2.1. Command Line Configuration 15.2.2. Adding a User 15.2.3. Adding a Group 15.2.4. Password Aging 15.2.5. Explaining the Process 15.3. Standard Users 15.4. Standard Groups 15.5. User Private Groups 15.5.1. Group Directories 16. MySql 16.1. What is SQL 16.2. Why MySQL 16.3. What are databases and why do we need them? 16.4. Downloading MySQL 16.5. Installing MySQL on Linux 16.6. Creating MySQL database on Linux system 16.7. Creating tables 16.8. Using a database 16.9. Creating tables 16.10. MySQL lesson - MySQL tables 16.11. MySQL Table details - describe table command 16.12. Inserting data in MySQL tables 16.13. Querying MySQL tables 16.14. Querying tables with MySQL Select - Another example
181 182 184 184 186 188 189 190 190 191 191 192 192 196 197 199 201 201 204 204 204 204 205 206 207 209 211 212 213 213 214 215 217
VII
16.15. Ordering data 16.16. Limiting data retrieval 16.17. Extracting Subsets 16.18. The DISTINCT keyword 16.19. Finding the minimum and maximum values 16.20. MySQL MIN () - Minimum value 16.21. MySQL MAX () - Maximum value 16.22. Finding the average and sum 16.23. MySQL AVG() - Finding the Average 16.24. Naming Columns 16.25. Counting 16.26. The MySQL GROUP BY clause 16.27. Sorting the data in MySQL 16.28. HAVING clause 16.29. A little more on the MySQL SELECT statement 16.30. MySQL programming - MySQL mathematical Functions 16.31. Updating records 16.32. MySQL Date column type part 1 16.33. Specifying date ranges in MySQL 16.34. MySQL programming - MySQL Date column type part 2 16.35. Null column type 16.36. MySQL manual - MySQL table joins 16.37. Deleting entries from tables 16.38. Dropping tables 16.39. MySQL database Column Types 16.40. MySQL Numeric Column Types 16.41. Column Types part 2
230 233 234 235 237 237 238 238 239 240 240 241 242 244 245 248 254 255 258 259 262 263 265 265 266 266 267 269
VIII
Finally, issue the following command to create the ISO image file: mkisofs -o file.iso -b isolinux.bin -c boot.cat -noemul-boot \ -boot-load-size 4 -boot-info-table -R -J -v -T isolinux/ Note
The above command was split into two lines for printing purposes only. When you execute this command, be sure to type it as a single command, all on the same line. Burn the resulting ISO image (named file.iso and located in <path-to-workspace>) to a CD-ROM as you normally would.
Hard drive installations require the use of the ISO (or DVD/CD-ROM) images. An ISO image is a file containing an exact copy of a DVD/CD-ROM image. After placing the required ISO images (the binary Red Hat Enterprise Linux DVD/CD-ROMs) in a directory, choose to install from the hard drive. You can then point the installation program at that directory to perform the installation. To prepare your system for a hard drive installation, you must set the system up in one of the following ways: Using a set of CD-ROMs, or a DVD Create ISO image files from each installation CD-ROM, or from the DVD. For each CD-ROM (once for the DVD), execute the following command on a Linux system: dd if=/dev/cdrom of=/tmp/file-name.iso Using ISO images transfer these images to the system to be installed. Verifying that ISO images are intact before you attempt an installation, helps to avoid problems. To verify the ISO images are intact prior to performing an
Pakistan Computer Bureau
installation, use an md5sum program (many md5sum programs are available for various operating systems). An md5sum program should be available on the same Linux machine as the ISO images. Note
The Red Hat Enterprise Linux installation program has the ability to test the integrity of the installation media. It works with the CD / DVD, hard drive ISO, and NFS ISO installation methods. Red Hat recommends that you test all installation media before starting the installation process, and before reporting any installation-related bugs (many of the bugs reported are actually due to improperly-burned CDs). To use this test, type the following command at the boot: prompt (prepend with elilo for Itanium systems):
linux mediacheck
This chapter explains how to perform a Red Hat Enterprise Linux installation from the DVD/CD-ROM, using the graphical, mouse-based installation program. The following topics are discussed: Becoming familiar with the installation program's user interface Starting the installation program Selecting an installation method Configuration steps during the installation (language, keyboard, mouse, partitioning, etc.) Finishing the installation
prompt: linux text It is highly recommended that installs be performed using the GUI installation program. The GUI installation program offers the full functionality of the Red Hat Enterprise Linux installation program, including LVM configuration which is not available during a text mode installation. Users who must use the text mode installation program can follow the GUI installation instructions and obtain all needed information.
Note
If you are using an Itanium system, and you do not wish to use the GUI installation program, the text mode installation program is also available. To start the text mode installation program, type the following command at the EFI Shell prompt:
Here is a list of the most important widgets shown in Figure 2.1, Installation Program Widgets as seen in Boot Loader Configuration and Figure 2.2, Installation Program Widgets as seen in Disk Druid: Window Windows (usually referred to as dialogs in this manual) appear on your screen throughout the installation process. At times, one window may overlay another; in these cases, you can only interact with the window on top. When you are finished in that window, it disappears, allowing you to continue working in the window underneath. Checkbox Checkboxes allow you to select or deselect a feature. The box displays either an asterisk (selected) or a space (unselected). When the cursor is within a checkbox, press Space to select or deselect a feature. Text Input Text input lines are regions where you can enter information required by the installation program. When the cursor rests on a text input line, you may enter and/or edit information on that line. Text Widget Text widgets are regions of the screen for the display of text. At times, text widgets may also contain other widgets, such as checkboxes. If a text widget contains more information than can be displayed in the space reserved for it, a scroll bar appears; if you position the cursor within the text widget, you can then use the Up and Down arrow keys to scroll through all the information available. Your current position is shown on the scroll bar by a # character, which moves up and down the scroll bar as you scroll.
Pakistan Computer Bureau 8
Scroll Bar Scroll bars appear on the side or bottom of a window to control which part of a list or document is currently in the window's frame. The scroll bar makes it easy to move to any part of a file. Button Widget Button widgets are the primary method of interacting with the installation program. You progress through the windows of the installation program by navigating these buttons, using the Tab and Enter keys. Buttons can be selected when they are highlighted. Cursor Although not a widget, the cursor is used to select (and interact with) a particular widget. As the cursor is moved from widget to widget, it may cause the widget to change color, or the cursor itself may only appear positioned in or next to the widget.
Note
Occasionally, some hardware components require a driver diskette during the installation. A driver diskette adds support for hardware that is not otherwise supported by the installation program.
2.3.1. Booting the Installation Program on x86, AMD64, and Intel 64 Systems
You can boot the installation program using any one of the following media (depending upon what your system can support): Red Hat Enterprise Linux DVD/CD-ROM Your machine supports a bootable DVD/CD-ROM drive and you have the Red Hat Enterprise Linux CD-ROM set or DVD. Boot CD-ROM Your machine supports a bootable CD-ROM drive and you want to perform network or hard drive installation. USB pen drive Your machine supports booting from a USB device. PXE boot via network Your machine supports booting from the network. This is an advanced installation path. Insert the boot media and reboot the system. Your BIOS settings may need to be changed to allow you to boot from the CD-ROM or USB device. Tip
To change your BIOS settings on an x86, AMD64, or Intel 64 system, watch the instructions provided on your display when your computer first boots. A line of text appears, telling you which key to press to enter the BIOS settings.
Once you have entered your BIOS setup program, find the section where you can alter your boot sequence. The default is often C, A or A, C (depending on whether you boot from your hard drive [C] or a diskette drive [A]). Change this sequence so that the CD-ROM is first in your boot order and that C or A (whichever is your typical boot default) is second. This instructs the computer to first look at the CD-ROM drive for bootable media; if it does not find bootable media on the CD-ROM drive, it then checks your hard drive or diskette drive. Save your changes before exiting the BIOS. For more information, refer to the documentation that came with your system.
Pakistan Computer Bureau 10
After a short delay, a screen containing the boot: prompt should appear. The screen contains information on a variety of boot options. Each boot option also has one or more help screens associated with it. To access a help screen, press the appropriate function key as listed in the line at the bottom of the screen. As you boot the installation program, be aware of two issues: Once the boot: prompt appears, the installation program automatically begins if you take no action within the first minute. To disable this feature, press one of the help screen function keys. If you press a help screen function key, there is a slight delay while the help screen is read from the boot media. Normally, you only need to press Enter to boot. Be sure to watch the boot messages to review if the Linux kernel detects your hardware. If your hardware is properly detected, continue to the next section. If it does not properly detect your hardware, you may need to restart the installation and use one of the boot options provided further.
You must create an LS-120 boot image file diskette from the boot image file on CD #1: images/boot.img. To create this diskette in Linux, insert a blank LS120 diskette and type the following command at a shell prompt: dd if=boot.img of=/dev/hda bs=180k Replace boot.img with the full path to the boot image file and /dev/hda with the correct device name for the LS-120 diskette drive. If you are not using the Red Hat Enterprise Linux CD, the installation program starts in text mode and you must choose a few basic options for your system. To boot from an LS-120 diskette follow these steps: 1. Insert the LS-120 diskette you made from the boot image file boot.img. If you are performing a local CD-ROM installation but booting off the LS-120 diskette, insert the Red Hat Enterprise Linux CD #1 also. If you are performing a hard drive, NFS, FTP, or HTTP installation, you do not need the CDROM. 2. From the Boot Option menu choose EFI Shell. 3. At the Shell> prompt, change the device to the LS-120 drive by typing the command fs0: using the example map output above. 4. Type elilo linux to boot into the installation program.
12
To perform a text mode installation, at the installation boot prompt, type: linux text ISO images have an md5sum embedded in them. To test the checksum integrity of an ISO image, at the installation boot prompt, type: linux mediacheck The installation program prompts you to insert a CD or select an ISO image to test, and select OK to perform the checksum operation. This checksum operation can be performed on any Red Hat Enterprise Linux CD and does not have to be performed in a specific order (for example, CD #1 does not have to be the first CD you verify). It is strongly recommended to perform this operation on any Red Hat Enterprise Linux CD that was created from downloaded ISO images. This command works with the CD, DVD, hard drive ISO, and NFS ISO installation methods. Also in the images/ directory is the boot.iso file. This file is an ISO image than can be used to boot the installation program. To use the boot.iso, your computer must be able to boot from its CD-ROM drive, and its BIOS settings must be configured to do so. You must then burn the boot.iso file onto a recordable/rewriteable CD-ROM. If you need to perform the installation in serial mode, type the following command: linux console=<device> For text mode installations, use: linux text console=<device> In the above command, <device> should be the device you are using (such as ttyS0 or ttyS1). For example, linux text console=ttyS0. Text mode installations using a serial terminal work best when the terminal supports UTF-8. Under UNIX and Linux, Kermit supports UTF-8. For Windows, Kermit '95 works well. A Non-UTF-8 capable terminal works as long as only English is used during the installation process. An enhanced serial display can be used by passing the utf8 command as a boot-time option to the installation program. For example: linux console=ttyS0 utf8
13
14
FTP If you are installing directly from an FTP server, use this method. You need a boot CD-ROM (use the linux askmethod boot option). HTTP If you are installing directly from an HTTP (Web) server, use this method. You need a boot CD-ROM (use the linux askmethod boot option).
If your CD-ROM drive is not detected, and it is a SCSI CD-ROM, the installation program prompts you to choose a SCSI driver. Choose the driver that most closely resembles your adapter. You may specify options for the driver if necessary; however, most drivers detect your SCSI adapter automatically. If the DVD/CD-ROM drive is found and the driver loaded, the installer will present you with the option to perform a media check on the DVD/CD-ROM. This will take some time, and you may opt to skip over this step. However, if you later encounter problems with the installer, you should reboot and perform the media check before calling for support. From the media check dialog, continue to the next stage of the installation process.
the interface the unit is connected to, and whether it is configured as master or slave (also known as primary and secondary): a first IDE controller, master b first IDE controller, slave c second IDE controller, master d second IDE controller, slave If you have a third and/or fourth controller, continue assigning letters in alphabetical order, going from controller to controller, and master to slave.
Enter the device name of the partition containing the Red Hat Enterprise Linux ISO images. This partition must be formatted with a ext2 or vfat filesystem, and cannot be a logical volume. There is also a field labeled Directory holding images. If the ISO images are in the root (top-level) directory of a partition, enter a /. If the ISO images are located in a subdirectory of a mounted partition, enter the
Pakistan Computer Bureau 16
name of the directory holding the ISO images within that partition. For example, if the partition on which the ISO images is normally mounted as /home/, and the images are in /home/new/, you would enter /new/. After you have identified the disk partition, the Welcome dialog appears.
your time zone configuration later in the installation. The installation program tries to define the appropriate time zone based on what you specify on this screen.
18
Tip
To change your keyboard layout type after you have completed the installation, use the Keyboard Configuration Tool. Type the system-config-keyboard command in a shell prompt to launch the Keyboard Configuration Tool. If you are not root, it prompts you for the root password to continue.
19
20
Warning
The Update Agent downloads updated packages to /var/cache/yum/ by default. If you partition the system manually, and create a separate /var/ partition, be sure to create the partition large enough (3.0 GB or more) to download package updates.
If you choose to create a custom layout using Disk Druid, refer to Section 18, Partitioning Your System. Warning
If you receive an error after the Disk Partitioning Setup phase of the installation saying something similar to: "The partition table on device hda was unreadable. To create new partitions it must be initialized, causing the loss of ALL DATA on this drive."
You may not have a partition table on that drive or the partition table on the drive may not be recognizable by the partitioning software used in the
Pakistan Computer Bureau
21
installation program. Users who have used programs such as EZ-BIOS have experienced similar problems, causing data to be lost (assuming the data was not backed up before the installation began). No matter what type of installation you are performing, backups of the existing data on your systems should always be made.
From this screen you can choose to disable a dmraid device, in which case the individual elements of the dmraid device will appear as separate hard drives. You can also choose to configure an iSCSI (SCSI over TCP/IP) target. To configure an ISCSI target invoke the 'Configure ISCSI Parameters' dialog by selecting 'Add ISCSI target' and clicking on the 'Add Drive' button. Fill in the details for the ISCSI target IP and provide a unique ISCSI initiator name to identify this system. Click the 'Add target' button to attempt connection to the SCSI target using this information.
22
Please note that you will be able to reattempt with a different ISCSI target IP should you enter it incorrectly, but in order to change the ISCSI initiator name you will need to restart the installation.
23
Remove Linux partitions on selected drives and create default layout select this option to remove only Linux partitions (partitions created from a previous Linux installation). This does not remove other partitions you may have on your hard drive(s) (such as VFAT or FAT32 partitions). Use free space on selected drives and create default layout select this option to retain your current data and partitions, assuming you have enough free space available on your hard drive(s).
24
Using your mouse, choose the storage drive(s) on which you want Red Hat Enterprise Linux to be installed. If you have two or more drives, you can choose which drive(s) should contain this installation. Unselected drives, and any data on them, are not touched. Caution
It is always a good idea to back up any data that you have on your systems. For example, if you are upgrading or creating a dual-boot system, you should back up any data you wish to keep on your drive(s). Mistakes do happen and can result in the loss of all your data.
Tip
If you have a RAID card, be aware that some BIOSes do not support booting from the RAID card. In cases such as these, the /boot/ partition must be created on a partition outside of the RAID array, such as on a separate hard drive. An internal hard drive is necessary to use for partition creation with problematic RAID cards.
25
A /boot/ partition is also necessary for software RAID setups. If you have chosen to automatically partition your system, you should select Review and manually edit your /boot/ partition. To review and make any necessary changes to the partitions created by automatic partitioning, select the Review option. After selecting Review and clicking Next to move forward, the partitions created for you in Disk Druid appear. You can make modifications to these partitions if they do not meet your needs. Click Next once you have made your selections to proceed.
If you chose to create a custom layout, you must tell the installation program where to install Red Hat Enterprise Linux. This is done by defining mount points for one or more disk partitions in which Red Hat Enterprise Linux is installed. You may also need to create and/or delete partitions at this time. Note
If you have not yet planned how to set up your partitions, At a bare minimum, you need an appropriately-sized root partition, and a swap partition equal to twice the amount of RAM you have on the system. Itanium system users should have a /boot/efi/ partition of approximately 100 MB and of type FAT (VFAT), a swap partition of at least 512 MB, and an appropriately-sized root (/) partition.
26
Figure 2.15. Partitioning with Disk Druid on x86, AMD64, and Intel 64 Systems
The partitioning tool used by the installation program is Disk Druid. With the exception of certain esoteric situations, Disk Druid can handle the partitioning requirements for a typical installation.
27
28
LVM: Allows you to create an LVM logical volume. The role of LVM (Logical Volume Manager) is to present a simple logical view of underlying physical storage space, such as a hard drive(s). LVM manages individual physical disks or to be more precise, the individual partitions present on them. It should only be used if you have experience using LVM. To read more about LVM, refer to the Red Hat Enterprise Linux Deployment Guide. Note, LVM is only available in the graphical installation program. To create an LVM logical volume, you must first create partitions of type physical volume (LVM). Once you have created one or more physical volume (LVM) partitions, select LVM to create an LVM logical volume.
29
been created.
A swap partition (at least 256 MB) swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing. If you are unsure about what size swap partition to create, make it twice the amount of RAM on your machine. It must be of type swap. Creation of the proper amount of swap space varies depending on a number of factors including the following (in descending order of importance): The applications running on the machine. The amount of physical RAM installed on the machine. The version of the OS. Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and then an additional 1x physical RAM for any amount above 2 GB, but never less than 32 MB. So, if: M = Amount of RAM in GB, and S = Amount of swap in GB, then
30
If M < 2 S = M *2 Else S=M + 2 Using this formula, a system with 2 GB of physical RAM would have 4 GB of swap, while one with 3 GB of physical RAM would have 5 GB of swap. Creating a large swap space partition can be especially helpful if you plan to upgrade your RAM at a later time. For systems with really large amounts of RAM (more than 32 GB) you can likely get away with a smaller swap partition (around 1x, or less, of physical RAM). A root partition (3.0 GB - 5.0 GB) this is where "/" (the root directory) is located. In this setup, all files (except those stored in /boot/efi) are on the root partition. A 3.0 GB partition allows you to install a minimal installation, while a 5.0 GB root partition lets you perform a full installation, choosing all package groups. 18.4.2. x86, AMD 64, and Intel@ 64 systems Unless you have a reason for doing otherwise, we recommend that you create the following partitions for x86, AMD64, and Intel 64 systems: A swap partition (at least 256 MB) swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing. If you are unsure about what size swap partition to create, make it twice the amount of RAM on your machine. It must be of type swap. Creation of the proper amount of swap space varies depending on a number of factors including the following (in descending order of importance): The applications running on the machine. The amount of physical RAM installed on the machine.
31
The version of the OS. Swap should equal 2x physical RAM for up to 2 GB of physical RAM, and then an additional 1x physical RAM for any amount above 2 GB, but never less than 32 MB. So, if: M = Amount of RAM in GB, and S = Amount of swap in GB, then
If M < 2 S = M *2 Else S = M + 2 Using this formula, a system with 2 GB of physical RAM would have 4 GB of swap, while one with 3 GB of physical RAM would have 5 GB of swap. Creating a large swap space partition can be especially helpful if you plan to upgrade your RAM at a later time. For systems with really large amounts of RAM (more than 32 GB) you can likely get away with a smaller swap partition (around 1x, or less, of physical RAM). A /boot/ partition (100 MB) the partition mounted on /boot/ contains the operating system kernel (which allows your system to boot Red Hat Enterprise Linux), along with files used during the bootstrap process. Due to limitations, creating a native ext3 partition to hold these files is required. For most users, a 100 MB boot partition is sufficient. Tip
If your hard drive is more than 1024 cylinders (and your system was manufactured more than two years ago), you may need to create a /boot/partition if you want the / (root) partition to use all of the remaining space on your hard drive.
Tip
If you have a RAID card, be aware that some BIOSes do not support booting from the RAID card. In cases such as these, the /boot/ partition must be created on a partition
32
A root partition (3.0 GB - 5.0 GB) this is where "/" (the root directory) is located. In this setup, all files (except those stored in /boot) are on the root partition. A 3.0 GB partition allows you to install a minimal installation, while a 5.0 GB root partition lets you perform a full installation, choosing all package groups. 2.14.5. Adding Partitions To add a new partition, select the New button. A dialog box appears (refer to Figure 2.16, Creating a New Partition). Note
You must dedicate at least one partition for this installation, and optionally more.
33
Mount Point: Enter the partition's mount point. For example, if this partition should be the root partition, enter /; enter /boot for the /boot partition, and so on. You can also use the pull-down menu to choose the correct mount point for your partition. For a swap partition the mount point should not be set setting the filesystem type to swap is sufficient. File System Type: Using the pull-down menu, select the appropriate file system type for this partition. Allowable Drives: This field contains a list of the hard disks installed on your system. If a hard disk's box is highlighted, then a desired partition can be created on that hard disk. If the box is not checked, then the partition will never be created on that hard disk. By using different checkbox settings, you can have Disk Druid place partitions where you need them, or let Disk Druid decide where partitions should go. Size (MB): Enter the size (in megabytes) of the partition. Note, this field starts with 100 MB; unless changed, only a 100 MB partition will be created. Additional Size Options: Choose whether to keep this partition at a fixed size, to allow it to "grow" (fill up the available hard drive space) to a certain point, or to allow it to grow to fill any remaining hard drive space available. If you choose Fill all space up to (MB), you must give size constraints in the field to the right of this option. This allows you to keep a certain amount of space free on your hard drive for future use. Force to be a primary partition: Select whether the partition you are creating should be one of the first four partitions on the hard drive. If unselected, the partition is created as a logical partition. OK: Select OK once you are satisfied with the settings and wish to create the partition. Cancel: Select Cancel if you do not want to create the partition. 2.14.5.1. File System Types Red Hat Enterprise Linux allows you to create different partition types, based on the file system they will use. The following is a brief description of the different
Pakistan Computer Bureau 34
file systems available, and how they can be utilized. ext2 An ext2 file system supports standard Unix file types (regular files, directories, symbolic links, etc). It provides the ability to assign long file names, up to 255 characters. ext3 The ext3 file system is based on the ext2 file system and has one main advantage journaling. Using a journaling file system reduces time spent recovering a file system after a crash as there is no need to fsck the file system. The ext3 file system is selected by default and is highly recommended. physical volume (LVM) Creating one or more physical volume (LVM) partitions allows you to create an LVM logical volume. LVM can improve performance when using physical disks. For more information regarding LVM, refer to the Red Hat Enterprise Linux Deployment Guide. software RAID Creating two or more software RAID partitions allows you to create a RAID device. For more information regarding RAID, refer to the chapter RAID (Redundant Array of Independent Disks) in the Red Hat Enterprise Linux Deployment Guide. Swap Swap partitions are used to support virtual memory. In other words, data is written to a swap partition when there is not enough RAM to store the data your system is processing. Refer to the Red Hat Enterprise Linux Deployment Guide for additional information. Vfat The VFAT file system is a Linux file system that is compatible with Microsoft Windows long filenames on the FAT file system. This file system must be used for the /boot/efi/
35
Note
If the partition already exists on your disk, you can only change the partition's mount point. To make any other changes, you must delete the partition and recreate it.
36
If you do not want to install GRUB as your boot loader, click Change boot loader, where you can choose not to install a boot loader at all. If you already have a boot loader that can boot Red Hat Enterprise Linux and do not want to overwrite your current boot loader, choose Do not install a boot loader by clicking on the Change boot loader button. Caution
If you choose not to install GRUB for any reason, you will not be able to boot the system directly, and you must use another boot method (such as a commercial boot loader application). Use this option only if you are sure you have another way of booting the system!
Every bootable partition is listed, including partitions used by other operating systems. The partition holding the system's root file system has a Label of Red Hat Enterprise Linux (for GRUB). Other partitions may also have boot labels. To
37
add or change the boot label for other partitions that have been detected by the installation program, click once on the partition to select it. Once selected, you can change the boot label by clicking the Edit button. Select Default beside the preferred boot partition to choose your default bootable OS. You cannot move forward in the installation unless you choose a default boot image. Note
The Label column lists what you must enter at the boot prompt, in non-graphical boot loaders, in order to boot the desired operating system.
Once you have loaded the GRUB boot screen, use the arrow keys to choose a boot label or type e for edit. You are presented with a list of items in the configuration file for the boot label you have selected. Boot loader passwords provide a security mechanism in an environment where physical access to your server is available. If you are installing a boot loader, you should create a password to protect your system. Without a boot loader password, users with access to your system can pass options to the kernel which can compromise your system security. With a boot loader password in place, the password must first be entered before selecting any non-standard boot options. However, it is still possible for someone with physical access to the machine to boot from a diskette, CD-ROM, or USB media if the BIOS support it. Security plans which include boot loader passwords should also address alternate boot methods. If you choose to use a boot loader password to enhance your system security, be sure to select the checkbox labeled Use a boot loader password. Once selected, enter a password and confirm it. To configure more advanced boot loader options, such as changing the drive order or passing options to the kernel, be sure Configure advanced boot loader options is selected before clicking Next.
38
where you want the boot loader to be installed. You may install the boot loader in one of two places: The master boot record (MBR) This is the recommended place to install a boot loader, unless the MBR already starts another operating system loader, such as System Commander. The MBR is a special area on your hard drive that is automatically loaded by your computer's BIOS, and is the earliest point at which the boot loader can take control of the boot process. If you install it in the MBR,when your machine boots, GRUB presents a boot prompt. You can then boot Red Hat Enterprise Linux or any other operating system that you have configured the boot loader to boot. The first sector of your boot partition This is recommended if you are already using another boot loader on your system. In this case, your other boot loader takes control first. You can then configure that boot loader to start GRUB, which then boots Red Hat Enterprise Linux.
39
Tip
If you have a RAID card, be aware that some BIOSes do not support booting from the RAID card. In cases such as these, the boot loader should not be installed on the MBR of the RAID array. Rather, the boot loader should be installed on the MBR of the same drive as the /boot/ partition was created.
If your system only uses Red Hat Enterprise Linux, you should choose the MBR. Click the Change Drive Order button if you would like to rearrange the drive order or if your BIOS does not return the correct drive order. Changing the drive order may be useful if you have multiple SCSI adapters, or both SCSI and IDE adapters, and you want to boot from the SCSI device. The Force LBA32 (not normally required) option allows you to exceed the 1024 cylinder limit for the /boot/ partition. If you have a system which supports the LBA32 extension for booting operating systems above the 1024 cylinder limit, and you want to place your /boot/ partition above cylinder 1024, you should select this option. Tip
While partitioning your hard drive, keep in mind that the BIOS in some older systems cannot access more than the first 1024 cylinders on a hard drive. If this is the case, leave enough room for the /boot Linux partition on the first 1024 cylinders of your hard drive to boot Linux. The other Linux partitions can be after cylinder 1024.
In parted, 1024 cylinders equals 528MB. For more information, refer to:
http://www.pcguide.com/ref/hdd/bios/size MB504-c.html
To add default options to the boot command, enter them into the Kernel parameters field. Any options you enter are passed to the Linux kernel every time it boots.
40
hard drive. Using rescue mode, you can access the files stored on your system's hard drive, even if you cannot actually run Red Hat Enterprise Linux from that hard drive. If you need to use rescue mode, try the following method: Using the CD-ROM to boot an x86, AMD64, or Intel 64 system, type linux rescue at the installation boot prompt. Itanium users should type elilo linux rescue to enter rescue mode.
41
Note
Boot loaders such as LOADLIN and System Commander are considered to be thirdparty boot loaders and are not supported by Red Hat.
42
Select System Clock uses UTC if you know that your system is set to UTC. Tip
To change your time zone configuration after you have completed the installation, use the Time and Date Properties Tool.
Type the system-config-date command in a shell prompt to launch the Time and Date Properties Tool. If you are not root, it prompts you for the root password to continue. To run the Time and Date Properties Tool as a text-based application, use the command timeconfig.
43
Note
The root user (also known as the superuser) has complete access to the entire system; for this reason, logging in as the root user is best done only to perform system maintenance or administration.
44
Use the root account only for system administration. Create a non-root account for your general use and su - to root when you need to fix something quickly. These basic rules minimize the chances of a typo or an incorrect command doing damage to your system. Tip
To become root, type su - at the shell prompt in a terminal window and then press Enter. Then, enter the root password and press Enter.
The installation program prompts you to set a root password2 for your system. You cannot proceed to the next stage of the installation process without entering a root password. The root password must be at least six characters long; the password you type is not echoed to the screen. You must enter the password twice; if the two passwords do not match, the installation program asks you to enter them again.
45
You should make the root password something you can remember, but not something that is easy for someone else to guess. Your name, your phone number, qwerty, password, root, 123456, and anteater are all examples of bad passwords. Good passwords mix numerals with upper and lower case letters and do not contain dictionary words: Aard387vark or 420BMttNT, for example. Remember that the password is case-sensitive. If you write down your password, keep it in a secure place. However, it is recommended that you do not write down this or any password you create. Note
Do not use one of the example passwords offered in this manual. Using one of these passwords could be considered a security risk.
Tip
To change your root password after you have completed the installation, use the Root Password Tool.
Type the system-config-rootpassword command in a shell prompt to launch the Root Password Tool. If you are not root, it prompts you for the root password to continue.
46
Note
Users of Itanium systems who want support for developing or running 32-bit applications are encouraged to select the Compatibility Arch Support and Compatibility Arch Development Support packages to install architecure specific support for their systems.
To select a component, click on the checkbox beside it (refer to Figure 2.23, Package Group Selection).
Select each component you wish to install. Once a package group has been selected, if optional components are available you can click on Optional packages to view which packages are installed by default, and to add or remove optional packages from that group. If there are no optional components this button will be disabled.
47
48
To cancel this installation process, press your computer's Reset button or use the Control-Alt-Delete key combination to restart your machine.
49
50
Linux to use 1024 MB of memory. To pass options to the boot loader, enter the following at the EFI Shell prompt (replace linux with the label name of the kernel you want to boot and option with the boot options you want to pass to the kernel): elilo linux option
51
selecting it and pressing the d key. After changing the boot order, choose Save changes to NVRAM. Choose Exit to return to the Main Menu. 9. Optionally, you can change the boot timeout value by choosing Set Auto Boot TimeOut => Set Timeout Value from the Main Menu. 10. Return to the EFI Boot Manager by selecting Exit.
52
In DOS and Windows, use the Windows fdisk utility to create a new MBR with the undocumented flag /mbr. This ONLY rewrites the MBR to boot the primary DOS partition. The command should look like the following: fdisk /mbr If you need to remove Linux from a hard drive and have attempted to do this with the default DOS (Windows) fdisk, you will experience the Partitions exist but they do not exist problem. The best way to remove non-DOS partitions is with a tool that understands partitions other than DOS. To begin, insert the Red Hat Enterprise Linux CD #1 and boot your system. Once you have booted off the CD, a boot prompt appears. At the boot prompt, type: linux rescue. This starts the rescue mode program. You are prompted for your keyboard and language requirements. Enter these values as you would during the installation of Red Hat Enterprise Linux. Next, a screen appears telling you that the program attempts to find a Red Hat Enterprise Linux install to rescue. Select Skip on this screen. After selecting Skip, you are given a command prompt where you can access the partitions you would like to remove. First, type the command list-harddrives. This command lists all hard drives on your system that are recognizable by the installation program, as well as their sizes in megabytes.
53
Warning
Be careful to remove only the necessary Red Hat Enterprise Linux partitions. Removing other partitions could result in data loss or a corrupted system environment.
To remove partitions, use the partitioning utility parted. Start parted, where /dev/had is the device on which to remove the partition: parted /dev/hda Using the print command, view the current partition table to determine the minor number of the partition to remove: print The print command also displays the partition's type (such as linux-swap, ext2, ext3, and so on). Knowing the type of the partition helps you in determining whether to remove the partition. Remove the partition with the command rm. For example, to remove the partition with minor number 3: rm 3 Important
The changes start taking place as soon as you press [Enter], so review the command before committing to it.
After removing the partition, use the print command to confirm that it is removed from the partition table. Once you have removed the Linux partitions and made all of the changes you need to make, type quit to quit parted. After quitting parted, type exit at the boot prompt to exit rescue mode and reboot your system, instead of continuing with the installation. The system should reboot automatically. If it does not, you can reboot your computer using Control-Alt-Delete.
54
This appendix discusses some common installation problems and their solutions.
4.1. You are Unable to Boot Red Hat Enterprise Linux 4.1.1. Are You Unable to Boot With Your RAID Card?
If you have performed an installation and cannot boot your system properly, you may need to reinstall and create your partitions differently. Some BIOSes do not support booting from RAID cards. At the end of an installation, a text-based screen showing the boot loader prompt (for example, GRUB: ) and a flashing cursor may be all that appears. If this is the case, you must repartition your system. Whether you choose automatic or manual partitioning, you must install your /boot partition outside of the RAID array, such as on a separate hard drive. An internal hard drive is necessary to use for partition creation with problematic RAID cards. You must also install your preferred boot loader (GRUB or LILO) on the MBR of a drive that is outside of the RAID array. This should be the same drive that hosts the /boot/ partition. Once these changes have been made, you should be able to finish your installation and boot the system properly.
55
Ensure that you have the latest installation updates and images from Red Hat. Review the online errata to see if newer versions are available. If the latest images still fail, it may be due to a problem with your hardware. Commonly, these errors are in your memory or CPU-cache. A possible solution for this error is turning off the CPU-cache in the BIOS, if your system supports this. You could also try to swap your memory around in the motherboard slots to check if the problem is either slot or memory related. Another option is to perform a media check on your installation CD-ROMs. The Red Hat Enterprise Linux installation program has the ability to test the integrity of the installation media. It works with the CD, DVD, hard drive ISO, and NFS ISO installation methods. Red Hat recommends that you test all installation media before starting the installation process, and before reporting any installation-related bugs (many of the bugs reported are actually due to improperly-burned CDs). To use this test, type the following command at the boot: or yaboot: prompt (prepend with elilo for Itanium systems): linux mediacheck For more information concerning signal 11 errors, refer to: http://www.bitwizard.nl/sig11/
4.2. Trouble Beginning the Installation 4.2.1. Problems with Booting into the Graphical Installation
There are some video cards that have trouble booting into the graphical installation program. If the installation program does not run using its default settings, it tries to run in a lower resolution mode. If that still fails, the installation program attempts to run in text mode. One possible solution is to try using the resolution= boot option. This option may be most helpful for laptop users. Another solution to try is the driver= option to specify the driver that should be loaded for your video card. If this works, it should be reported as a bug as the installer has failed to autodetect your videocard.
56
Note
To disable frame buffer support and allow the installation program to run in text mode, try using the nofb boot option. This command may be necessary for accessibility with some screen reading hardware.
4.3. Trouble during the Installation 4.3.1. No devices found to install Red Hat Enterprise Linux Error Message
If you receive an error message stating No devices found to install Red Hat Enterprise Linux, there is probably a SCSI controller that is not being recognized by the installation program. You can also refer to the Red Hat Hardware Compatibility List, available online at: http://hardware.redhat.com/hcl/
Users who have used programs such as EZ-BIOS have experienced similar problems, causing data to be lost (assuming the data was not backed up before the installation began) that could not be recovered. No matter what type of installation you are performing, backups of the existing data on your systems should always be made.
58
A /boot/efi/ partition of type VFAT A / (root) partition A <swap> partition of type swap Tip
When defining a partition's type as swap, you do not have to assign it a mount point. Disk Druid automatically assigns the mount point for you.
59
If you experience such an error, first try to download any available errata for anaconda. Errata can be found at: http://www.redhat.com/support/errata/ The anaconda website may also be a useful reference and can be found online at: http://rhlinux.redhat.com/anaconda/ You can also search for bug reports related to this problem. To search Red Hat's bug tracking system, go to: http://bugzilla.redhat.com/bugzilla/ Finally, if you are still facing problems related to this error, register your product and contact our support team. To register your product, go to: http://www.redhat.com/apps/activate/
4.4. Problems After Installation 4.4.1. Trouble With the Graphical GRUB Screen on an x86-based System?
If you are experiencing problems with GRUB, you may need to disable the graphical boot screen. To do this, become the root user and edit the /boot/grub/grub.conf file. Within the grub.conf file, comment out the line which begins with splashimage by inserting the # character at the beginning of the line. Press Enter to exit the editing mode. Once the boot loader screen has returned, type b to boot the system. Once you reboot, the grub.conf file is reread and any changes you have made take effect. You may re-enable the graphical boot screen by uncommenting (or adding) the above line back into the grub.conf file.
Pakistan Computer Bureau 60
61
Warning
Change only the number of the default runlevel from 3 to 5.
Your changed line should look like the following: id:5:initdefault: When you are satisfied with your change, save and exit the file using the Ctrl-Q keys. A window appears and asks if you would like to save the changes. Click Save. The next time you log in after rebooting your system, you are presented with a graphical login prompt.
62
A key indicator is 100% full or a percentage above 90% or 95% on a partition. The /home/ and /tmp/ partitions can sometimes fill up quickly with user files. You can make some room on that partition by removing old files. After you free up some disk space, try running X as the user that was unsuccessful before.
63
65
When a computer with Red Hat Enterprise Linux is turned on, the operating system is loaded into memory by a special program called a boot loader. A boot loader usually exists on the system's primary hard drive (or other media device) and has the sole responsibility of loading the Linux kernel with its required files or (in some cases) other operating systems into memory.
This chapter discusses commands and configuration options for the GRUB boot loader included with Red Hat Enterprise Linux for the x86 architecture.
5.2. GRUB
The GNU GRand Unified Boot loader (GRUB) is a program which enables the selection of the installed operating system or kernel to be loaded at system boot time. It also allows the user to pass arguments to the kernel.
66
67
Warning
During installation, Microsoft's DOS and Windows installation programs completely overwrite the MBR, destroying any existing boot loaders. If creating a dual-boot system, it is best to install the Microsoft operating system first.
68
use the GRUB package from the installation CD-ROMs. For instructions on installing packages, refer to the chapter titled Package Management with RPM in the Red Hat Enterprise Linux Deployment Guide. Once the GRUB package is installed, open a root shell prompt and run the command /sbin/grub-install <location>, where <location> is the location that the GRUB Stage 1 boot loader should be installed. For example, the following command installs GRUB to the MBR of the master IDE device on the primary IDE bus: /sbin/grub-install /dev/hda The next time the system boots, the GRUB graphical boot loader menu appears before the kernel loads into memory. Important
If GRUB is installed on a RAID 1 array, the system may become unbootable in the event of disk failure. An unsupported workaround is provided online at the following URL:
http://www.dur.ac.uk/a.d.stribblehill/mirrored_grub.html
69
http://www.gnu.org/software/grub/manual/. The <bios-device-number> is the BIOS device number. The primary IDE hard drive is numbered 0 and a secondary IDE hard drive is numbered 1. This syntax is roughly equivalent to that used for devices by the kernel. For example, the a in hda for the kernel is analogous to the 0 in hd0 for GRUB, the b in hdb is analogous to the 1 in hd1, and so on. The <partition-number> specifies the number of a partition on a device. Like the <bios-device-number>, most types of partitions are numbered starting at 0. However, BSD partitions are specified using letters, with a corresponding to 0, b corresponding to 1, and so on.
Tip The numbering system for devices under GRUB always begins with 0, not 1. Failing to make this distinction is one of the most common mistakes made by new users.
To give an example, if a system has more than one hard drive, GRUB refers to the first hard drive as (hd0) and the second as (hd1). Likewise, GRUB refers to the first partition on the first drive as (hd0,0) and the third partition on the second hard drive as (hd1,2). In general the following rules apply when naming devices and partitions under GRUB: It does not matter if system hard drives are IDE or SCSI, all hard drives begin with the letters hd. The letters fd are used to specify 3.5 diskettes. To specify an entire device without respect to partitions, leave off the comma and the partition number. This is important when telling GRUB to configure the MBR for a particular disk. For example, (hd0) specifies the MBR on the first device and (hd3) specifies the MBR on the fourth device. If a system has multiple drive devices, it is very important to know how the drive boot order is set in the BIOS. This is a simple task if a system has only IDE or SCSI drives, but if there is a mix of devices, it becomes critical that the type of drive with the boot partition be accessed first.
70
71
chainloader +1
Menu Interface This is the default interface shown when GRUB is configured by the installation program. A menu of operating systems or preconfigured kernels are displayed as a list, ordered by name. Use the arrow keys to select an operating system or kernel version and press the Enter key to boot it. If you do nothing on this screen, then after the time out period expires GRUB will load the default option. Press the e key to enter the entry editor interface or the c key to load a command line interface.
72
Menu Entry Editor Interface To access the menu entry editor, press the e key from the boot loader menu. The GRUB commands for that entry are displayed here, and users may alter these command lines before booting the operating system by adding a command line (o inserts a new line after the current line and O inserts a new line before it), editing one (e), or deleting one (d). After all changes are made, the b key executes the commands and boots the operating system. The Esc key discards any changes and reloads the standard menu interface. The c key loads the command line interface. Tip
For information about changing runlevels using the GRUB menu entry editor, refer to Section 5.8, Changing Runlevels at Boot Time.
Command Line Interface The command line interface is the most basic GRUB interface, but it is also the one that grants the most control. The command line makes it possible to type any relevant GRUB commands followed by the Enter key to execute them. This interface features some advanced shell-like features, including Tab key completion based on context, and Ctrl key combinations when typing commands, such as Ctrl-a to move to the beginning of a line and Ctrl-e to move to the end of a line. In addition, the arrow, Home, End, and Delete keys work as they do in the bash shell.
73
correct the problem based on the error reported by GRUB. If the correction fails, GRUB reports an error and reloads the menu interface.
<stage-1>
74
Signifies a device, partition, and file where the first boot loader image can be found, such as (hd0,0)/grub/stage1. <install-disk> Specifies the disk where the stage 1 boot loader should be installed, such (hd0).
as
<stage-2> Passes the stage 2 boot loader location to the stage 1 boot loader, such as (hd0,0)/grub/stage2. p<config-file> This option tells the install command to look for the menu configuration file specified by <config-file>, such as (hd0,0)/grub/grub.conf. Warning
The install command overwrites any information already located on the MBR.
kernel </path/to/kernel><option-1><option-N> ... Specifies the kernel file to load when booting the operating system. Replace </path/to/kernel> with an absolute path from the partition specified by the root command. Replace <option-1> with options for the Linux kernel, such as root=/dev/VolGroup00/LogVol00 to specify the device on which the root partition for the system is located. Multiple options can be passed to the kernel in a space separated list. The following is an example kernel command: kernel /vmlinuz-2.6.8-1.523 ro root=/dev/VolGroup00/LogVol00 The option in the previous example specifies that the root file system for Linux is located on the hda5 partition. root (<device-type><device-number>,<partition>) Configures the root partition for GRUB, such as (hd0,0), and mounts the partition. The following is an example root command: root (hd0,0)
rootnoverify (<device-type><device-number>,<partition>)
Pakistan Computer Bureau 75
Configures the root partition for GRUB, just like the root command, but does not mount the partition. Other commands are also available; type help --all for a full list of commands. For a description of all GRUB commands, refer to the documentation available online at http://www.gnu.org/software/grub/manual/.
76
Note
Note that the default is specified as an integer. This refers to the first title line in the GRUB configuration file. For the Windows section to be set as the default in the previous example, change the default=0 to default=1.
77
kernel </path/to/kernel><option-1><option-N> Specifies the kernel file to load when booting the operating system. Replace </path/to/kernel> with an absolute path from the partition specified by the root directive. Multiple options can be passed to the kernel when it is loaded. password=<password> Prevents a user who does not know the password from editing the entries for this menu option. Optionally, it is possible to specify an alternate menu configuration file after the password=<password> directive. In this case, GRUB restarts the second stage boot loader and uses the specified alternate configuration file to build the menu. If an alternate menu configuration file is left out of the command, a user who knows the password is allowed to edit the current configuration file. For more information about securing GRUB, refer to the chapter titled Workstation Security in the Red Hat Enterprise Linux Deployment Guide. root (<device-type><device-number>,<partition>) Configures the root partition for GRUB, such as (hd0,0), and mounts the partition. rootnoverify (<device-type><device-number>,<partition>) Configures the root partition for GRUB, just like the root command, but does not mount the partition. timeout=<integer> Specifies the interval, in seconds, that GRUB waits before loading the entry designated in the default command. splashimage=<path-to-image> Specifies the location of the splash screen image to be used when GRUB boots. title group-title Specifies a title to be used with a particular group of commands used to load a kernel or operating system. To add human-readable comments to the menu configuration file, begin the line with the hash mark character (#).
78
79
http://kbase.redhat.com/faq/FAQ_43_4053.shtm Details booting operating systems other than Linux. http://www.linuxgazette.com/issue64/kohli.html An introductory article discussing the configuration of GRUB on a system from scratch, including an overview of GRUB command line options.
80
81
Important
File systems and LVM2 volumes assigned as swap space cannot be in use when being modified. For example, no system processes can be assigned the swap space, as well as no amount of swap should be allocated and used by the kernel. Use the free and cat /proc/swaps commands to verify how much and where swap is in use. The best way to achieve swap space modifications is to boot your system in rescue mode, and then follow the instructions (for each scenario) in the remainder of this chapter. Refer to the Red Hat Enterprise Linux Installation Guide for instructions on booting into rescue mode. When prompted to mount the file system, select Skip.
3. Format the new swap space: # mkswap /dev/VolGroup00/LogVol01 4. Enable the extended logical volume: # swapon va 5. Test that the logical volume has been extended properly: # cat /proc/swaps # free
83
4.
5.
The next time the system boots, it enables the new swap file. 6. After adding the new swap file and enabling it, verify it is enabled by viewing the output of the command cat /proc/swaps or free.
84
85
# swapoff -v /dev/VolGroup00/LogVol02
2. Remove the LVM2 logical volume of size 512 MB: # lvm lvremove /dev/VolGroup00/LogVol02 3. Remove the following entry from the /etc/fstab file: /dev/VolGroup00/LogVol02 swap swap defaults 0 0 4. Test that the logical volume has been extended properly: # cat /proc/swaps # free
86
Command
check minor-num cp fromto Help mktable label mkfs minor-numfile-systemtype mkpart part-typefstypestart-mbend-mb Mkpartfs part-typefstypestart-mbend-mb Pakistan Computer Bureau
Description
Perform a simple check of the file system Copy file system from one partition to another; from and to are the minor numbers of the partitions Display list of available commands Create a disk label for the partition table Create a file system of type file-system-type Make a partition without creating a new file system Make a partition and create the specified file system 87
move minor-numstart-mbendmb name minor-numname Print Quit rescuestart-mbend-mb resize minor-numstartmbend-mb rm minor-num select device set minor-numflagstate toggle [NUMBER [FLAG] unit UNIT Name the partition for Mac and PC98 Display the partition table Quit parted Rescue a lost partition from start-mb to end-mb Resize the partition from start-mb to endmb Remove the partition Select a different device to configure Set the flag on a partition; state is either on or off Toggle the state of FLAG on partition NUMBER Set the default unit to UNIT
root
lvm
The first line contains the disk type, manufacturer, model number and interface, and the second line displays the disk label type. The remaining output below the fourth line shows the partition table. In the partition table, the Minor number is the partition number. For example, the partition with minor number 1 corresponds to /dev/sda1. The Start and End values are in megabytes. Valid Types are metadata, free, primary, extended, or logical. The File system is the file system type, which can be any of the following: ext2 ext3 fat16
Pakistan Computer Bureau 88
fat32 hfs jfs linux-swap ntfs reiserfs hp-ufs sun-ufs xfs If a File system of a device shows no value, this means that its file system type is unknown. The Flags column lists the flags set for the partition. Available flags are boot, root, swap, hidden, raid, lvm, or lba. Tip
To select a different device without having to restart parted, use the select command followed by the device name (for example, /dev/sda). Doing so allows you to view or configure the partition table of a device.
Before creating a partition, boot into rescue mode (or unmount any partitions on the device and turn off any swap space on the device). Start parted, where /dev/sda is the device on which to create the partition: parted /dev/sda View the current partition table to determine if there is enough free space: print If there is not enough free space, you can resize an existing partition.
Tip
If you use the mkpartfs command instead, the file system is created after the partition is created. However, parted does not support creating an ext3 file system. Thus, if you wish to create an ext3 file system, use mkpart and create the file system with the mkfs command as described later.
The changes start taking place as soon as you press Enter, so review the command before executing to it. After creating the partition, use the print command to confirm that it is in the partition table with the correct partition type, file system type, and size. Also remember the minor number of the new partition so that you can label it. You should also view the output of cat /proc/partitions to make sure the kernel recognizes the new partition.
The first column should contain LABEL= followed by the label you gave the partition. The second column should contain the mount point for the new partition, and the next column should be the file system type (for example, ext3 or swap). If you need more information about the format, read the man page with the command man fstab. If the fourth column is the word defaults, the partition is mounted at boot time. To mount the partition without rebooting, as root, type the command: mount /work
Before removing a partition, boot into rescue mode (or unmount any partitions on the device and turn off any swap space on the device). Start parted, where /dev/sda is the device on which to remove the partition: parted /dev/sda View the current partition table to determine the minor number of the partition to remove: print Remove the partition with the command rm. For example, to remove the partition with minor number 3: rm 3 The changes start taking place as soon as you press Enter, so review the command before committing to it. After removing the partition, use the print command to confirm that it is removed from the partition table. You should also view the output of cat /proc/partitions to make sure the kernel knows the partition is removed. The last step is to remove it from the /etc/fstab file. Find the line that declares the removed partition, and remove it from the file.
91
Before resizing a partition, boot into rescue mode (or unmount any partitions on the device and turn off any swap space on the device). Start parted, where /dev/sda is the device on which to resize the partition: parted /dev/sda View the current partition table to determine the minor number of the partition to resize as well as the start and end points for the partition: print To resize the partition, use the resize command followed by the minor number for the partition, the starting place in megabytes, and the end place in megabytes. For example: resize 3 1024 2048 Warning
A partition cannot be made larger than the space available on the device
After resizing the partition, use the print command to confirm that the partition has been resized correctly, is the correct partition type, and is the correct file system type. After rebooting the system into normal mode, use the command df to make sure the partition was mounted and is recognized with the new size.
Description
Dump the active configuration List the available metadata formats Display the help commands Change the attributes of logical volume(s) Create a logical volume Display information about a logical volume Add space to a logical volume Due to use of the device 92
lvmdiskscan lvmsadc lvmsar lvreduce lvremove lvrename lvresize lvs lvscan pvchange pvcreate pvdata pvdisplay pvmove pvremove pvresize pvs pvscan segtypes vgcfgbackup vgcfgrestore vgchange vgck vgconvert vgcreate vgdisplay vgexport vgextend Pakistan Computer Bureau
mapper, this command has been deprecated List devices that may be used as physical volumes Collect activity data Create activity report Reduce the size of a logical volume Remove logical volume(s) from the system Rename a logical volume Resize a logical volume Display information about logical volumes List all logical volumes in all volume groups Change attributes of physical volume(s) Initialize physical volume(s) for use by LVM Display the on-disk metadata for physical volume(s) Display various attributes of physical volume(s) Move extents from one physical volume to another Remove LVM label(s) from physical volume(s) Resize a physical volume in use by a volume group Display information about physical volumes List all physical volumes List available segment types Backup volume group configuration Restore volume group configuration Change volume group attributes Check the consistency of a volume group Change volume group metadata format Create a volume group Display volume group information Unregister a volume group from the system Add physical volumes to a 93
volume group Register exported volume group with system Merge volume groups Create the special files for volume group devices in /dev/ Remove a physical volume from a volume group Remove a volume group Display information about volume groups Search for all volume groups Move physical volumes into a new volume group Display software and driver version information
94
Files and directories have permission sets for the owner of the file, the group associated with the file, and all other users for the system. However, these permission sets have limitations. For example, different permissions cannot be configured for different users. Thus, Access Control Lists (ACLs) were implemented. The Red Hat Enterprise Linux 5 kernel provides ACL support for the ext3 file system and NFS-exported file systems. ACLs are also recognized on ext3 file systems accessed via Samba. Along with support in the kernel, the acl package is required to implement ACLs. It contains the utilities used to add, modify, remove, and retrieve ACL information. The cp and mv commands copy or move any ACLs associated with files and directories.
95
8.1.1. NFS
By default, if the file system being exported by an NFS server supports ACLs and the NFS client can read ACLs, ACLs are utilized by the client system. To disable ACLs on NFS shares when configuring the server, include the no_acl option in the /etc/exports file. To disable ACLs on an NFS share when mounting it on a client, mount it with the no_acl option via the command line or the /etc/fstab file.
96
m:<perms> Sets the effective rights mask. The mask is the union of all permissions of the owning group and all of the user and group entries. o:<perms> Sets the access ACL for users other than the ones in the group for the file. White space is ignored. Permissions (<perms>) must be a combination of the characters r, w, and x for read, write, and execute. If a file or directory already has an ACL, and the setfacl command is used, the additional rules are added to the existing ACL or the existing rule is modified. For example, to give read and write permissions to user andrius: setfacl -m u:andrius:rw /project/somefile To remove all the permissions for a user, group, or others, use the -x option and do not specify any permission (s): setfacl -x <rules><files> For example, to remove all permissions from the user with UID 500: setfacl -x u:500 /project/somefile
97
The above command returns the following output: # file: home/john/picture.png # owner: john # group: john user::rwgroup::r-- other::r-If a directory with a default ACL is specified, the default ACL is also displayed as illustrated below. [john@main /]$ getfacl home/sales/# file: home/sales/ # owner: john # group: john user::rw- user:barryg:r-- group::r-- mask::r-other::r-- default:user::rwx default:user:john:rwx default:group::r-x default:mask::rwx default:other::rx
The star utility is similar to the tar utility in that it can be used to generate archives of files. The star package is required to use this utility. The command line options for Star are as follows Option
-c -n
Description
Creates an archive file. Do not extract the files; use in conjunction with -x to show what extracting the files does. Replaces files in the archive. The files are written to the end of the archive file, replacing any files with the same path and file name. Displays the contents of the archive file. Updates the archive file. The files are written to the end of the archive if they do not exist in the archive or if the files are newer than the files of the same name in the archive. This option only work if the archive is a file or an unblocked tape that may backspace.
-r
-t -u
98
-x
-help -xhelp -/
-acl
Extracts the files from the archive. If used with -U and a file in the archive is older than the corresponding file on the file system, the file is not extracted. Displays the most important options. Displays the least important options. Do not strip leading slashes from file names when extracting the files from an archive. By default, they are striped when files are extracted. When creating or extracting, archive or restore any ACLs associated with the files and directories.
99
The RPM Package Manager (RPM) is an open packaging system, which runs on Red Hat Enterprise Linux as well as other Linux and UNIX systems. Red Hat, Inc. encourages other vendors to use RPM for their own products. RPM is distributed under the terms of the GPL. The utility works only with packages built for processing by the rpm package. For the end user, RPM makes system updates easy. Installing, uninstalling, and upgrading RPM packages can be accomplished with short commands. RPM maintains a database of installed packages and their files, so you can invoke powerful queries and verifications on your system. If you prefer a graphical interface, you can use the Package Management Tool to perform many RPM commands. Important
When installing a package, please ensure it is compatible with your operating system and architecture. This can usually be determined by checking the package name.
During upgrades, RPM handles configuration files carefully, so that you never lose your customizations something that you cannot accomplish with regular .tar, .gz files. For the developer, RPM allows you to take software source code and package it into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create. This clear delineation between pristine sources and your patches along with build instructions eases the maintenance of the package as new versions of the software are released. Note
Because RPM makes changes to your system, you must be logged in as root to install, remove, or upgrade an RPM package.
100
Upgradability
With RPM, you can upgrade individual components of your system without completely reinstalling. When you get a new release of an operating system based on RPM (such as Red Hat Enterprise Linux), you do not need to reinstall on your machine (as you do with operating systems based on other packaging systems). RPM allows intelligent, fully-automated, in-place upgrades of your system. Configuration files in packages are preserved across upgrades, so you do not lose your customizations. There is no special upgrade files needed to upgrade a package because the same RPM file is used to install and upgrade the package on your system.
Powerful Querying
RPM is designed to provide powerful querying options. You can do searches through your entire database for packages or just for certain files. You can also easily find out what package a file belongs to and from where the package came. The files an RPM package contains are in a compressed archive, with a custom binary header containing useful information about the package and its contents, allowing you to query individual packages quickly and easily.
System Verification
Another powerful RPM feature is the ability to verify packages. If you are worried that you deleted an important file for some package, you can verify the package. You are then notified of any anomalies, if any at which point, you can reinstall the package if necessary. Any configuration files that you modified are preserved during reinstallation.
Pristine Sources
A crucial design goal was to allow the use of pristine software sources, as distributed by the original authors of the software. With RPM, you have the pristine sources along with any patches that were used, plus complete build instructions. This is an important advantage for several reasons. For instance, if a new version of a program is released, you do not necessarily have to start
101
from scratch to get it to compile. You can look at the patch to see what you might need to do. All the compiled-in defaults, and all of the changes that were made to get the software to build properly, are easily visible using this technique. The goal of keeping sources pristine may seem important only for developers, but it results in higher quality software for end users, too.
9.2.2. Installing
RPM packages typically have file names like foo-1.0-1.i386.rpm. The file name includes the package name (foo), version (1.0), release (1), and architecture (i386). To install a package, log in as root and type the following command at a shell prompt: rpm -ivh foo-1.0-1.i386.rpm Alternatively, the following command can also be used: rpm -Uvh foo-1.0-1.i386.rpm If the installation is successful, the following output is displayed: Preparing... ########################################### [100%]
102
1:foo ########################################### [100%] As you can see, RPM prints out the name of the package and then prints a succession of hash marks as a progress meter while the package is installed. The signature of a package is checked automatically when installing or upgrading a package. The signature confirms that the package was signed by an authorized party. For example, if the verification of the signature fails, an error message such as the following is displayed: error: V3 DSA signature: BAD, key ID 0352860f If it is a new, header-only, signature, an error message such as the following is displayed: error: Header V3 DSA signature: BAD, key ID 0352860f If you do not have the appropriate key installed to verify the signature, the message contains the word NOKEY such as: warning: V3 DSA signature: NOKEY, key ID 0352860f Warning
If you are installing a kernel package, you should use rpm -ivh instead.
103
If you are installing a package from the Red Hat Enterprise Linux CDROM set, it usually suggests the package(s) needed to resolve the dependency. Find the suggested package(s) on the Red Hat Enterprise Linux CDROMs or from Red Hat Network, and add it to the command: rpm -ivh foo-1.0-1.i386.rpm bar-2.0.203.i386.rpm If installation of both packages is successful, output similar to the following is displayed: Preparing... ########################################### [100%] 1:foo ########################################### [ 50%] 2:bar ########################################### [100%] If it does not suggest a package to resolve the dependency, you can try the
Pakistan Computer Bureau 104
redhat provides option to determine which package contains the required file. You need the rpmdb-redhat package installed to use this option. rpm -q --redhatprovides bar.so.2 If the package that contains bar.so.2 is in the installed database from the rpmdbredhat package, the name of the package is displayed: bar-2.0.20-3.i386.rpm To force the installation anyway (which is not recommended since the package may not run correctly), use the --nodeps option.
9.2.3. Uninstalling
Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt: rpm -e foo Note
Notice that we used the package namefoo, not the name of the original package filefoo-1.0-1.i386.rpm. To uninstall a package, replace foo with the actual package name of the original package.
You can encounter a dependency error when uninstalling a package if another installed package depends on the one you are trying to remove. For example:
error: Failed dependencies: foo is needed by (installed) bar-2.0.20-3.i386.rpm
To make RPM ignore this error and uninstall the package anyway (which may break the package dependent on it) use the --nodeps option.
9.2.4. Upgrading
Upgrading a package is similar to installing one. Type the following command at a shell prompt: rpm -Uvh foo-2.0-1.i386.rpm As part of upgrading a package, RPM automatically uninstalls any old versions of the foo package. Note that -U will also install a package even when there are no previous versions of the package installed.
105
Tip
It is not advisable to use the -U option for installing kernel packages, because RPM replaces the previous kernel package. This does not affect a running system, but if the new kernel is unable to boot during your next restart, there would be no other kernel to boot instead.Using the -i option adds the kernel to your GRUB boot menu (/etc/grub.conf). Similarly, removing an old, unneeded kernel removes the kernel from GRUB.
Because RPM performs intelligent upgrading of packages with configuration files, you may see a message like the following: saving /etc/foo.conf as /etc/foo.conf.rpmsave This message means that changes you made to the configuration file may not be forward compatible with the new configuration file in the package, so RPM saved your original file and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible, to ensure that your system continues to function properly. If you attempt to upgrade to a package with an older version number (that is, if a more updated version of the package is already installed), the output is similar to the following: package foo-2.0-1 (which is newer than foo-1.01) is already installed To force RPM to upgrade anyway, use the --oldpackage option: rpm -Uvh --oldpackage foo-1.0-1.i386.rpm
9.2.5. Freshening
Freshening is similar to upgrading, except that only existent packages are upgraded. Type the following command at a shell prompt: rpm -Fvh foo-1.2-1.i386.rpm RPM's freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed
106
by RPM's freshen option, it is upgraded to the newer version. However, RPM's freshen option does not install a package if no previously-installed package of the same name exists. This differs from RPM's upgrade option, as an upgrade does install packages whether or not an older version of the package was already installed. Freshening works for single packages or package groups. If you have just downloaded a large number of different packages, and you only want to upgrade those packages that are already installed on your system, freshening does the job. Thus, you do not have to delete any unwanted packages from the group that you downloaded before using RPM. In this case, issue the following command: rpm -Fvh *.rpm RPM automatically upgrades only those packages that are already installed.
9.2.6. Querying
The RPM database stores information about all RPM packages installed in your system. It is stored in the directory /var/lib/rpm/, and is used to query what packages are installed, what versions each package is, and any changes to any files in the package since installation, among others. To query this database, use the -q option. The rpm -q package name command displays the package name, version, and release number of the installed package name. For example, using rpm -q foo to query installed package foo might generate the following output: foo-2.0-1 You can also use the following Package Selection Options with -q to further refine or qualify Your query: -a queries all currently installed packages. -f <filename> queries the RPM database for which package owns <filename>. When specifying a file, specify the absolute path of the file (for example, rpm -f /bin/ls). -p <packagefile> queries the uninstalled package <packagefile>.
Pakistan Computer Bureau 107
There are a number of ways to specify what information to display about queried packages. The following options are used to select the type of information for which you are searching. These are called Information Query Options. -i displays package information including name, description, release, size, build date, install date, vendor, and other miscellaneous information. -l displays the list of files that the package contains. -s displays the state of all the files in the package. -d displays a list of files marked as documentation (man pages, info pages, READMEs, etc.). -c displays a list of files marked as configuration files. These are the files you edit after installation to adapt and customize the package to your system (for example, sendmail.cf, passwd, inittab, etc.).
9.2.7. Verifying
Verifying a package compares information about files installed from a package with the same information from the original package. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file. The command rpm -V verifies a package. You can use any of the Package Verify Options listed for querying to specify the packages you wish to verify. A simple use of verifying is rpm -V foo, which verifies that all the files in the foo package are as they were when they were originally installed. For example: To verify a package containing a particular file: rpm -Vf /usr/bin/foo In this example, /usr/bin/foo is the absolute path to the file used to query a package. To verify ALL installed packages throughout the system: rpm -Va
108
rpm -Vp foo-1.0-1.i386.rpm This command can be useful if you suspect that your RPM databases are corrupt. If everything verified properly, there is no output. If there are any discrepancies, they are displayed. The format of the output is a string of eight characters (a c denotes a configuration file) and then the file name. Each of the eight characters denotes the result of a comparison of one attribute of the file to the value of that attribute recorded in the RPM database. A single period (.) means the test passed. The following characters denote specific discrepancies: 5 S L T D U G M ? MD5 checksum file size symbolic link file modification time device user group mode (includes permissions and file type) unreadable file
If you see any output, use your best judgment to determine if you should remove the package, reinstall it, or fix the problem in another way.
109
downloaded package is trustworthy. GnuPG is a tool for secure communication; it is a complete and free replacement for the encryption technology of PGP, an electronic privacy program. With GnuPG, you can authenticate the validity of documents and encrypt/decrypt data to and from other recipients. GnuPG is capable of decrypting and verifying PGP 5.x files as well. During installation, GnuPG is installed by default. That way you can immediately start using GnuPG to verify any packages that you receive from Red Hat. Before doing so, you must first import Red Hat's public key.
110
111
/usr/share/man/man1/tload.1.gz /usr/share/man/man1/top.1.gz /usr/share/man/man1/uptime.1.gz /usr/share/man/man1/w.1.gz /usr/share/man/man1/watch.1.gz /usr/share/man/man5/sysctl.conf.5.gz /usr/share/man/man8/sysctl.8.gz /usr/share/man/man8/vmstat.8.gz You may find a new RPM, but you do not know what it does. To find information about it, use the following command: rpm -qip crontabs-1.10-7.noarch.rpm The output would be similar to the following: Name : crontabs Relocations: (not relocatable) Version : 1.10 Vendor: Red Hat, Inc. Release : 7 Build Date: Mon 20 Sep 2004 05:58:10 PM EDT Install Date: (not installed) Build Host: tweety.build.redhat.com Group : System Environment/Base Source RPM: crontabs-1.10-7.src.rpm Size : 1004 License: Public Domain Signature : DSA/SHA1, Wed 05 Jan 2005 06:05:25 PM EST, Key ID 219180cddb42a60e Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Summary : Root crontab files used to schedule the execution of programs. Description : The crontabs package contains root crontab files. Crontab is the program used to install, uninstall, or list the tables used to drive the cron daemon. The cron daemon checks the crontab files to see when particular commands are scheduled to be executed. If commands are scheduled, then it executes them. Perhaps you now want to see what files the crontabs RPM installs. You would enter the following: rpm -qlp crontabs-1.10-5.noarch.rpm The output is similar to the following: /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly /etc/crontab /usr/bin/run-parts These are just a few examples. As you use RPM, you may find more uses for it.
Pakistan Computer Bureau
112
113
A Network File System (NFS) allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network. This chapter focuses on fundamental NFS concepts and supplemental information.
Note
TCP is the default transport protocol for NFS under Red Hat Enterprise Linux. UDP can be used for compatibility purposes as needed, but is not recommended for wide usage. All the RPC/NFS daemon have a '-p' command line option that can set the port, making firewall configuration easier.
After the client is granted access by TCP wrappers, the NFS server refers to its configuration file, /etc/exports, to determine whether the client is allowed to access any of the exported file systems. Once access is granted, all file and directory operations are available to the user. Note f FS to work with a default installation of Red
Red Hat Enterprise Linux with a firewall enabled, IPTables with the default TCP port 20410 must be configured. Without proper IPTables configuration, NFS does not function properly.The NFS initialization script and rpc.nfsd process now allow binding to any specified port during system start up. However, this can be error prone if the port is unavailable or conflicts with another daemon.
115
NFSv4. The following RPC processes facilitate NFS services: rpc.mountd This process receives mount requests from NFS clients and verifies the requested file system is currently exported. This process is started automatically by the nfs service and does not require user configuration. This is not used with NFSv4. rpc.nfsd Allows explicit NFS versions and protocols the server advertises to be defined. It works with the Linux kernel to meet the dynamic demands of NFS clients, such as providing server threads each time an NFS client connects. This process corresponds to the NFS service. rpc.lockd allows NFS clients to lock files on the server. If rpc.lockd is not started, file locking will fail. rpc.lockd implements the Network Lock Manager (NLM) protocol. This process corresponds to the nfslock service. This is not used with NFSv4. rpc.statd This process implements the Network Status Monitor (NSM) RPC protocol which notifies NFS clients when an NFS server is restarted without being gracefully brought down. This process is started automatically by the nfslock service and does not require user configuration. This is not used with NFSv4. rpc.rquotad This process provides user quota information for remote users. This process is started automatically by the NFS service and does not require user configuration. rpc.idmapd This process provides NFSv4 client and server upcalls which map between on-the-wire NFSv4 names (which are strings in the form of user@domain) and local UIDs and GIDs. For idmapd to function with NFSv4, the /etc/idmapd.conf must be configured. This service is required for use with NFSv4.
116
mount -t <nfs-type> -o <options><host>:</remote/export></local/directory> Replace <nfs-type> with either nfs for NFSv2 or NFSv3 servers, or nfs4 for NFSv4 servers. Replace <options> with a comma separated list of options for the NFS file system. Replace <host> with the remote host, </remote/export> with the remote directory being mounted, and </local/directory> with the local directory where the remote file system is to be mounted. If accessing an NFS share by manually issuing the mount command, the file system must be remounted manually after the system is rebooted. Red Hat Enterprise Linux offers two methods for mounting remote file systems automatically at boot time: the /etc/fstab file or the autofs service.
117
Replace <server> with the hostname, IP address, or fully qualified domain name of the server exporting the file system. Replace </remote/export> with the path to the exported directory.Replace </local/directory> with the local file system on which the exported directory is mounted. This mount point must exist before /etc/fstab is read or the mount fails. eplace <nfs-type> with either nfs for NFSv2 or NFSv3 servers, or nfs4 for NFSv4 servers. Replace <options> with a comma separated list of options for the NFS file system.
10.3. autofs
One drawback to using /etc/fstab is that, regardless of how infrequently a user accesses the NFS mounted file system, the system must dedicate resources to keep the mounted file system in place. This is not a problem with one or two mounts, but when the system is maintaining mounts to many systems at one time, overall system performance can be affected. An alternative to /etc/fstab is to use the kernel-based automount utility. An automounter consists of two components. One is a kernel module that implements a file system, while the other is a user-space daemon that performs all of the other functions. The automount utility can mount and unmount NFS file systems automatically (on demand mounting) therefore saving system resources. The automount utility can be used to mount other file systems including AFS, SMBFS, CIFS and local file systems. autofs uses /etc/auto.master (master map) as its default primary configuration file. This can be changed to use another supported network source and name using the autofs configuration (in /etc/sysconfig/autofs) in conjunction with the Name Service Switch mechanism. An instance of the version 4 daemon was run for each mount point configured in the master map and so it could be run manually from the command line for any given mount point. This is not possible with version 5 because it uses a single daemon to manage all configured mount points, so all automounts must be configured in the master map. This is in line with the usual requirements of other industry standard automounters. Mount point, hostname, exported directory, and options can all be specified in a set of files (or other supported network sources) rather than configuring them manually for each host. Please ensure that you have the autofs package installed if you wish to use this service.
118
Autofs version 5, on the other hand, is a complete implementation. See the manual page for nsswitch.conf for more information on the supported syntax of this file. Please note that not all NSS databases are valid map sources and the parser will reject ones that are invalid. Valid sources are files, yp, nis, nisplus, ldap and hesiod. Multiple master map entries per autofs mount point One thing that is frequently used but not yet mentioned is the handling of multiple master map entries for the direct mount point "/-". The map keys for each entry are merged and behave as one map. An example is seen in the connectathon test maps for the direct mounts below: /- /tmp/auto_dcthon /- /tmp/auto_test3_direct /- /tmp/auto_test4_direct
120
This has been changed to meet our primary goal of mixed environment compatibility. The following is a sample /etc/auto.master file: $ cat /etc/auto.master /home /etc/auto.misc The general format of maps is similar to the master map, however the "options" appear between the mount point and the location instead of at the end of the entry as in the master map: <mount-point> [<options>] <location> where: <mount-point> is the autofs mount point. This can be a single directory name for an indirect mount or the full path of the mount point for direct mounts. Each direct and indirect map entry key (<mount-point> above) may be followed by a space separated list of offset directories (sub directory names each beginning with a "/") making them what is known as a mutli-mount entry. <options> if supplied, are the mount options for the map entries that do not specify their own options. <location> is the file system location such as a local file system path (preceded with the Sun map format escape character ":" for map names beginning with "/"), an NFS file system or other valid file system location. The following is a sample map file: $ cat /etc/auto.misc payroll -fstype=nfs personnel:/dev/hda3 sales -fstype=ext3 :/dev/hda4 The first column in a map file indicates the autofs mount point (sales and payroll from the server called personnel). The second column indicates the options for the autofs mount while the third column indicates the source of the mount. Following the above configuration, the autofs mount points will be /home/payroll and /home/sales. The -fstype= option is often omitted and is generally not needed for correct operation.
121
The automounter will create the directories if they do not exist. If the directories exist before the automounter was started, the automounter will not remove them when it exits. You can start or restart the automount daemon by issuing the following command: $/sbin/service autofs start or $/sbin/service autofs restart Using the above configuration, if a process requires access to an autofs unmounted directory such as /home/payroll/2006/July.sxc, the automount daemon automatically mounts the directory. If a timeout is specified, the directory will automatically be unmounted if the directory is not accessed for the timeout period. You can view the status of the automount daemon by issuing the following command in your terminal: $/sbin/service/autofs status
10.3.3. autofs Common Tasks 10.3.3.1. Overriding or augmenting site configuration files
It can be useful to override site defaults for a specific mount point on a client system. For example, assuming that the automounter maps are stored in NIS and the /etc/nsswitch.conf file has the following directive: automount: files nis
and the NIS auto.master map file contains the following: /home auto.home Also assume the NIS auto.home map contains the following: bethfileserver.example.com:/export/home/beth joe fileserver.example.com:/export/home/joe * fileserver.example.com:/export/home/& and the file map /etc/auto.home does not exist. For the above example, lets assume that the client system needs to mount home directories from a different server. In this case, the client will need to use the following /etc/auto.master map: /home /etc/auto.home2
122
+auto.master And the /etc/auto.home2 map contains the entry: *labserver.example.com:/export/home/& Because only the first occurrence of a mount point is processed, /home will contain the contents of /etc/auto.home2 instead of the NIS auto.home map. Alternatively, if you just want to augment the site-wide auto.home map with a few entries, create a /etc/auto.home file map, and in it put your new entries and at the end, include the NIS auto.home map. Then the /etc/auto.home file map might look similar to: mydir someserver:/export/mydir +auto.home Given the NIS auto.home map listed above, an ls of /home would now give: $ ls /home beth joe mydir This last example works as expected because autofs knows not to include the contents of a file map of the same name as the one it is reading and so moves on to the next map source in the nsswitch configuration. 10.3.3.2. Using LDAP to Store Automounter Maps LDAP client libraries must be installed on all systems which are to retrieve automounter maps from LDAP. On RHEL 5, the openldap package should be installed automatically as a dependency of the automounter. To configure LDAP access, modify /etc/openldap/ldap.conf. Ensure that BASE and URI are set appropriately for your site. Please also ensure that the schema is set in the configuration. The most recently established schema for storing automount maps in LDAP is described by rfc2307bis. To use this schema it is necessary to set it in the autofs configuration (/etc/sysconfig/autofs) by removing the comment characters from the schema definition. For example: DEFAULT_MAP_OBJECT_CLASS="automountMap"
Pakistan Computer Bureau 123
DEFAULT_ENTRY_OBJECT_CLASS="automount" DEFAULT_MAP_ATTRIBUTE="automountMapName" DEFAULT_ENTRY_ATTRIBUTE="automountKey" DEFAULT_VALUE_ATTRIBUTE="automountInformation" Ensure that these are the only schema entries not commented in the configuration. Please also note that the automountKey replaces the cn attribute in the rfc2307b is schema. An LDIF of a sample configuration is described below: # extended LDIF # # LDAPv3 # base <> with scope subtree # filter: (&(objectclass=automountMap)(automountMapName=auto.mas ter)) # requesting: ALL # # auto.master, example.com dn: automountMapName=auto.master,dc=example,dc=com objectClass: top objectClass: automountMap automountMapName: auto.master # extended LDIF # # LDAPv3 # base <automountMapName=auto.master,dc=example,dc=com> with scope subtree # filter: (objectclass=automount) # requesting: ALL # # /home, auto.master, example.com dn: automountMapName=auto.master,dc=example,dc=com objectClass: automount cn: /home automountKey: /home automountInformation: auto.home # extended LDIF # # LDAPv3 # base <> with scope subtree
124
# filter: (&(objectclass=automountMap)(automountMapName=auto.hom e)) # requesting: ALL # # auto.home, example.com dn: automountMapName=auto.home,dc=example,dc=com objectClass: automountMap automountMapName: auto.home # extended LDIF # # LDAPv3 # base <automountMapName=auto.home,dc=example,dc=com> with scope subtree # filter: (objectclass=automount) # requesting: ALL # # foo, auto.home, example.com dn: automountKey=foo,automountMapName=auto.home,dc=example ,dc=com objectClass: automount automountKey: foo automountInformation: filer.example.com:/export/foo # /, auto.home, example.com dn: automountKey=/,automountMapName=auto.home,dc=example,d c=com objectClass: automount automountKey: / automountInformation: filer.example.com:/export/&
Any number of maps can be combined into a single map in this manner. This feature is no longer present in v5. This is because Version 5 supports included maps which can be used to attain the same results. Consider the following multimap example: /home file/etc/auto.home -- nis auto.home This can be replaced by the following configuration for v5: /etc/nsswitch.conf must list: automount: files nis /etc/auto.master should contain: /home auto.home /etc/auto.home should contain: <entries for the home directory> +auto.home In this way, the entries from /etc/auto.home and the nis auto.home map are combined.
126
both an NIS auto.master and an LDAP auto.master. This limitation can be overcome by creating a master maps that have a different name in the source. In the example above if we had an LDAP master map named auto.master.ldap we could also add "+auto.master.ldap" to the file based master map and provided that "ldap" is listed as a source in our nsswitch configuration it would also be included. 10.4. Common NFS Mount Options Beyond mounting a file system via NFS on a remote host, other options can be specified at the time of the mount to make it easier to use. These options can be used with manual mount commands, /etc/fstab settings, and autofs. The following are options commonly used for NFS mounts: fsid=num Forces the file handle and file attributes settings on the wire to be num, instead of a number derived from the major and minor number of the block device on the mounted file system. The value 0 has special meaning when used with NFSv4. NFSv4 has a concept of a root of the overall exported file system. The export point exported with fsid=0 is used as this root. hard or soft Specifies whether the program using a file via an NFS connection should stop and wait (hard) for the server to come back online, if the host serving the exported file system is unavailable, or if it should report an error (soft). If hard is specified, the user cannot terminate the process waiting for the NFS communication to resume unless the intr option is also specified. If soft is specified, the user can set an additional timeo=<value> option, where <value> specifies the number of seconds to pass before the error is reported. Note
Using soft mounts is not recommended as they can generate I/O errors in very congested networks or when using a very busy server.
intr Allows NFS requests to be interrupted if the server goes down or cannot be reached.
127
nfsvers=2 or nfsvers=3 Specifies which version of the NFS protocol to use. This is useful for hosts that run multiple NFS servers. If no version is specified, NFS uses the highest supported version by the kernel and mount command. This option is not supported with NFSv4 and should not be used. noacl Turns off all ACL processing. This may be needed when interfacing with older versions of Red Hat Enterprise Linux, Red Hat Linux, or Solaris, since the most recent ACL technology is not compatible with older systems. nolock Disables file locking. This setting is occasionally required when connecting to older NFS servers. noexec Prevents execution of binaries on mounted file systems. This is useful if the system is mounting a non-Linux file system via NFS containing incompatible binaries. nosuid Disables set-user-identifier or set-group-identifier bits. This prevents remote users from gaining higher privileges by running a setuid program. port=num Specifies the numeric value of the NFS server port. If num is 0 (the default), then mount queries the remote host's portmapper for the port number to use. If the remote host's NFS daemon is not registered with its portmapper, the standard NFS port number of TCP 20410 is used instead. rsize=num and wsize=num These settings speed up NFS communication for reads (rsize) and writes (wsize) by setting a larger data block size, in bytes, to be transferred at one time. Be careful when changing these values; some older Linux kernels and network cards do not work well with larger block sizes. For NFSv2 or NFSv3, the default values for both parameters is set to 81102. For NFSv4, the default values for both parameters is set to 32768. sec=mode Specifies the type of security to utilize when authenticating an NFS connection.
128
sec=sys is the default setting, which uses local UNIX UIDs and GIDs by means of
sec=krb5 uses Kerberos V5 instead of local UNIX UIDs and GIDs to authenticate users. sec=krb5i uses Kerberos V5 for user authentication and performs integrity checking of NFS operations using secure checksums to prevent data tampering. sec=krb5p uses Kerberos V5 for user authentication, integrity checking, and encrypts NFS traffic to prevent traffic sniffing. This is the most secure setting, but it also has the most performance overhead involved. tcp Specifies for the NFS mount to use the TCP protocol. udp Specifies for the NFS mount to use the UDP protocol. Many more options are listed on the mount and nfs man pages.
set to on, this implies that you will need to manually run the /sbin/service nfslock start each time the computer starts. To set nfslock to automatically start on boot, type the following command in a terminal chkconfig nfslock on.
The restart option is a shorthand way of stopping and then starting NFS. This is the most efficient way to make configuration changes take effect after editing the configuration file for NFS. To restart the server, as root, type: /sbin/service nfs restart The condrestart (conditional restart) option only starts NFS if it is currently running. This option is useful for scripts, because it does not start the daemon if it is not running. To conditionally restart the server, as root, type: /sbin/service nfs condrestart To reload the NFS server configuration file without restarting the service, as root, type: /sbin/service nfs reload By default, the NFS service does not start automatically at boot time. To configure the NFS to start up at boot time, use an initscript utility, such as /sbin/chkconfig, /usr/sbin/ntsysv, or the Services Configuration Tool program.
130
To start the application, click on System => Administration => Server Settings => NFS. You can also type the command system-config-nfs in a terminal. The NFS Server Configuration tool window is illustrated below.
Based on certain firewall settings, you may need to configure the NFS daemon processes to use specific networking ports. The NFS server settings allows you to specify the ports for each process instead of using the random ports assigned by the portmapper. You can set the NFS Server settings by clicking on the Server Settings button. The figure below illustrates the NFS Server Settings window.
The NFS Server Configuration Tool can be used to configure a system as an NFS server. To add an NFS share, click the Add button. The Basic tab requires the following information: Directory Specify the directory to share, such as /tmp. Host(s) Specify the host(s) with which to share the directory. Basic permissions Specify whether the directory should have readonly or read/write permissions.
Add Share
132
Allow connections from port 1024 and higher Services started on port numbers less than 1024 must be started as root. Select this option to allow the NFS service to be started by a user other than root. This option corresponds to insecure. Allow insecure file locking Do not require a lock request. This option corresponds to insecure_locks. Disable subtree checking If a subdirectory of a file system is exported, but the entire file system is not exported, the server checks to see if the requested file is in the subdirectory exported. This check is called subtree checking. Select this option to disable subtree checking. If the entire file system is exported, selecting to disable subtree checking can increase the transfer rate. This option corresponds to no_subtree_check. Sync write operations on request Enabled by default, this option does not allow the server to reply to requests before the changes made by the request are written to the disk. This option corresponds to sync. If this is not selected, the
133
async option is used. Force sync of write operations immediately Do not delay writing to disk. This option corresponds to no_wdelay. Hide filesystems beneath turns the nohide option on or off. When the nohide option is off, nested directories are revealed. The clients can therefore navigate through a filesystem from the parent without noticing any changes. Export only if mounted sets the mountpoint option which allows a directory to be exported only if it has been mounted. Optional Mount Point specifies the path to an optional mount point. Click on the Browse to navigate to the preferred mount point or type the path if known. Set explicit Filesystem ID: sets the fsid=X option. This is mainly used in a clustered setup. Using a consistent filesystem ID in all clusters avoids having stale NFS filehandles.
Treat remote root user as local root By default, the user and group IDs of the root user are both 0. Root squashing maps the user ID 0 and the group ID 0 to the user and group IDs of anonymous so that root on the client does not have root privileges on the NFS server. If this option is selected, root is not mapped to anonymous, and root on a client has root privileges to exported directories. Selecting this option can greatly decrease the security of the system. Do not select it unless it is absolutely necessary. This option corresponds to no_root_squash. Treat all client users as anonymous users If this option is selected, all user and group IDs are mapped to the anonymous user. This option corresponds to all_squash. Specify local user ID for anonymous users If Treat all client users as anonymous users is selected, this option lets you specify a user ID for the anonymous user. This option corresponds to anonuid. Specify local group ID for anonymous users If Treat all client users as anonymous users is selected, this option lets you specify a group ID for the anonymous user. This option corresponds to anongid. To edit an existing NFS share, select the share from the list, and click the Properties button. To delete an existing NFS share, select the share from the list, and click the Delete button. After clicking OK to add, edit, or delete an NFS share from the list, the changes take place immediately the server daemon is restarted and the old configuration file is saved as /etc/exports.bak. The new configuration is written to /etc/exports. The NFS Server Configuration Tool reads and writes directly to the /etc/exports configuration file. Thus, the file can be modified manually after using the tool, and the tool can be used after modifying the file manually (provided the file was modified with correct syntax).
135
The next this section discusses manually editing /etc/exports and using the /usr/sbin/exportfs command to export NFS file systems.
NOTE:
Be careful with spaces in the /etc/exports file. If there are no spaces between the hostname and the options in parentheses, the options apply only to the hostname. If there is a space between the hostname and the options, the options apply to the rest of the world. For example, examine the following lines:
/misc/export
The first line grants users from speedy.example.com read-write access and denies all other users. The second line grants users from speedy.example.com read-only access (the default) and allows the rest of the world read-write access.
136
Each time you change /etc/exports, you must inform the NFS daemon of the change, or reload the configuration file with the following command: /sbin/service nfs reload
Netgroups In the format @group-name, where group-name is the NIS netgroup name.
<export><host1>(<options>) <hostN>(<options>)... In this structure, replace <export> with the directory being exported, replace <host1> with the host or network to which the export is being shared, and replace <options> with the options for that host or network. Additional hosts can be specified in a space separated list. The following methods can be used to specify host names: single host Where one particular host is specified with a fully qualified domain name, hostname, or IP address. wildcards Where a * or ? character is used to take into account a grouping of fully qualified domain names that match a particular string of letters. Wildcards should not be used with IP addresses; however, it is possible for them to work accidentally if reverse DNS lookups fail. Be careful when using wildcards with fully qualified domain names, as they tend to be more exact than expected. For example, the use of *.example.com as a wildcard allows sales.example.com to access an exported file system, but not bob.sales.example.com. To match both possibilities both *.example.com and *.*.example.com must be specified. IP networks Allows the matching of hosts based on their IP addresses within a larger network. For example, 1102.168.0.0/28 allows the first 16 IP addresses, from 1102.168.0.0 to 1102.168.0.15, to access the exported file system, but not 1102.168.0.16 and higher. netgroups Permits an NIS netgroup name, written as @<groupname>, to be used. This effectively puts the NIS server in charge of access control for this exported file system, where users can be added and removed from an NIS group without affecting /etc/exports. In its simplest form, the /etc/exports file only specifies the exported directory and the hosts permitted to access it, as in the following example: /exported/directory bob.example.com
138
In the example, bob.example.com can mount /exported/directory/. Because no options are specified in this example, the following default NFS options take effect: ro Mounts of the exported file system are read-only. Remote hosts are not able to make changes to the data shared on the file system. To allow hosts to make changes to the file system, the read/write (rw) option must be specified. wdelay Causes the NFS server to delay writing to the disk if it suspects another write request is imminent. This can improve performance by reducing the number of times the disk must be accessed by separate write commands, reducing write overhead. The no_wdelay option turns off this feature, but is only available when using the sync option. root_squash Prevents root users connected remotely from having root privileges and assigns them the user ID for the user nfsnobody. This effectively "squashes" the power of the remote root user to the lowest local user, preventing unauthorized alteration of files on the remote server. Alternatively, the no_root_squash option turns off root squashing. To squash every remote user, including root, use the all_squash option. To specify the user and group IDs to use with remote users from a particular host, use the anonuid and anongid options, respectively. In this case, a special user account can be created for remote NFS users to share and specify (anonuid=<uid-value>,anongid=<gid-value>), where <uid-value> is the user ID number and <gid-value> is the group ID number. Important
By default, access control lists (ACLs) are supported by NFS under Red Hat Enterprise Linux. To disable this feature, specify the no_acl option when exporting the file system.
Each default for every exported file system must be explicitly overridden. For example, if the rw option is not specified, then the exported file system is shared as read-only. The following is a sample line from /etc/exports which overrides two default options:
139
/another/exported/directory 1102.168.0.3(rw,sync)
In this example 1102.168.0.3 can mount /another/exported/directory/ read/write and all transfers to disk are committed to the disk before the write request by the client is completed. Additionally, other options are available where no default value is specified. These include the ability to disable sub-tree checking, allow access from insecure ports, and allow insecure file locks (necessary for certain early NFS client implementations Warning
The format of the /etc/exports file is very precise, particularly in regards to use of the space character. Remember to always separate exported file systems from hosts and hosts from one another with a space character. However, there should be no other space characters in the file except on comment lines. For example, the following two lines do not mean the same thing:
/home bob.example.com(rw) /home bob.example.com (rw) The first line allows only users from bob.example.com read/write access to the /home directory. The second line allows users from bob.example.com to mount the directory as read-only (the default), while the rest of the world can mount it read/write.
140
writes the exported file systems to /var/lib/nfs/xtab. Since rpc.mountd refers to the xtab file when deciding access privileges to a file system, changes to the list of exported file systems take effect immediately. The following is a list of commonly used options available for
/usr/sbin/exportfs: -r Causes all directories listed in /etc/exports to be exported by constructing a new export list in /etc/lib/nfs/xtab. This option effectively refreshes the export list with any changes that have been made to /etc/exports. -a Causes all directories to be exported or unexported, depending on what other options are passed to /usr/sbin/exportfs. If no other options are specified, /usr/sbin/exportfs exports all file systems specified in /etc/exports. -o file-systems Specifies directories to be exported that are not listed in /etc/exports. Replace file-systems with additional file systems to be exported. These file systems must be formatted in the same way they are specified in /etc/exports. -i Ignores /etc/exports; only options given from the command line are used to define exported file systems. -u Unexports all shared directories. The command /usr/sbin/exportfs-ua suspends NFS file sharing while keeping all NFS daemons up. To re-enable NFS sharing, type exportfs -r. -v Verbose operation, where the file systems being exported or unexported are displayed in greater detail when the exportfs command is executed. If no options are passed to the /usr/sbin/exportfs command, it displays a list of currently exported file systems.
141
systems. When typed in a terminal with no arguments, the exportfs command shows all the exported directories. Since NFSv4 no longer utilizes the rpc.mountd protocol as was used in NFSv2 and NFSv3, the mounting of file systems has changed. An NFSv4 client now has the ability to see all of the exports served by the NFSv4 server as a single file system, called the NFSv4 pseudo-file system. On Red Hat Enterprise Linux, the pseudo-file system is identified as a single, real file system, identified at export with the fsid=0 option. For example, the following commands could be executed on an NFSv4 server: mkdir /exports mkdir /exports/opt mkdir /exports/etc mount --bind /usr/local/opt /exports/opt mount --bind /usr/local/etc /exports/etc exportfs -o fsid=0,insecure,no_subtree_check gss/krb5p:/exports exportfs -o rw,nohide,insecure,no_subtree_check gss/krb5p:/exports/opt exportfs -o rw,nohide,insecure,no_subtree_check gss/krb5p:/exports/etc In this example, clients are provided with multiple file systems to mount, by using the --bind option which creates unbreakeable links. Because of the pseudo-file systems feature, NFS version 2, 3 and 4 export configurations are not always compatible. For example, given the following directory tree: /home /home/sam /home/john /home/joe and the export: /home *(rw,fsid=0,sync) Using NFS version 2,3 and 4 the following would work: mount server:/home /mnt/home ls /mnt/home/joe Using v4 the following would work: mount -t nfs4 server:/ /mnt/home ls /mnt/home/joe
142
The difference being "server:/home" and "server:/". To make the exports configurations compatible for all version, one needs to export (read only) the root filesystem with an fsid=0. The fsid=0 signals the NFS server that this export is the root. / *(ro,fsid=0) /home *(rw,sync,nohide) Now with these exports, both "mount server:/home /mnt/home" and "mount -t nfs server:/home /mnt/home" will work as expected.
143
from being used in the way it was originally intended. Additionally, if an attacker gains control of the DNS server used by the system exporting the NFS file system, the system associated with a particular hostname or fully qualified domain name can be pointed to an unauthorized machine. At this point, the unauthorized machine is the system permitted to mount the NFS share, since no username or password information is exchanged to provide additional security for the NFS mount. Wildcards should be used sparingly when exporting directories via NFS as it is possible for the scope of the wildcard to encompass more systems than intended. It is also possible to restrict access to the portmap service via TCP wrappers. Access to ports used by portmap, rpc.mountd, and rpc.nfsd can also be limited by creating firewall rules with iptables.
NFSv4 includes ACL support based on the Microsoft Windows NT model, not the POSIX model, because of its features and because it is widely deployed. NFSv2 and NFSv3 do not have support for native ACL attributes. Another important security feature of NFSv4 is its removal of the rpc.mountd daemon. The rpc.mountd daemon presented possible security holes because of the way it dealt with filehandlers. For more information on the RPCSEC_GSS framework, including how rpc.svcgssd and rpc.gssd inter operate, refer to http://www.citi.umich.edu/projects/nfsv4/gssd/.
144
The portmapper maps RPC services to the ports they are listening on. RPC processes notify portmap when they start, registering the ports they are listening on and the RPC program numbers they expect to serve. The client system then contacts portmap on the server with a particular RPC program number. The portmap service redirects the client to the proper port number so it can communicate with the requested service. Because RPC-based services rely on portmap to make all connections with incoming client requests, portmap must be available before any of these services start. The portmap service uses TCP
Pakistan Computer Bureau 145
wrappers for access control, and access control rules for portmap affect all RPCbased services. Alternatively, it is possible to specify access control rules for each of the NFS RPC daemons. The man pages for rpc.mountd and rpc.statd contain information regarding the precise syntax for these rules.
146
the rpcinfo command. Refer to the rpcinfo man page for more information.
147
Error detection. When a TCP connection breaks (due to the server being unavailable) the client stops sending data and restarts the connection process once the server becomes available. With UDP, since it's connection-less, the client continues to pound the network with data until the server reestablishes a connection. The main disadvantage is that there is a very small performance hit due to the overhead associated with the TCP protocol.
An NFSv4 for Linux 2.6 kernel resource. http://www.nfsv4.org1 The home of NFS version 4 and all related standards. http://www.vanemery.com/Linux/NFSv4/NFSv4-norpcsec.html Describes the details of NFSv4 with Fedora Core 2, which includes the 2.6 kernel. http://www.nluug.nl/events/sane2000/papers/pawlows ki.pdf An excellent whitepaper on the features and enhancements of the NFS Version 4 protocol. http://wiki.autofs.net The Autofs wiki, discussions, documentation and enhancements.
Ricardo Labiaga; O'Reilly & Associates Makes an excellent reference guide for the many different NFS export and mount options available. NFS Illustrated by Brent Callaghan; Addison-Wesley Publishing Company Provides comparisons of NFS to other network file systems and shows, in detail, how NFS communication occurs.
149
Samba is an open source implementation of the Server Message Block (SMB) protocol. It allows the networking of Microsoft Windows, Linux, UNIX, and other operating systems together, enabling access to Windows-based file and printer shares. Samba's use of SMB allows it to appear as a Windows server to Windows clients.
149
Join a Windows NT/2000/2003 PDC What Samba cannot do: Act as a BDC for a Windows PDC (and vice versa) Act as an Active Directory domain controller
150
user / group information understandable by UNIX platforms. This is achieved by using Microsoft RPC calls, Pluggable Authentication Modules (PAM), and the Name Service Switch (NSS). This allows Windows NT domain users to appear and operate as UNIX users on a UNIX machine. Though bundled with the Samba distribution, the winbind service is controlled separately from the smb service. The winbindd daemon is controlled by the winbind service and does not require the smb service to be started in order to operate. Winbindd is also used when Samba is an Active Directory member, and may also be used on a Samba domain controller (to implement nested groups and/or interdomain trust). Because winbind is a client-side service used to connect to Windows NT-based servers, further discussion of winbind is beyond the scope of this manual.
151
The Time and Date Properties Tool allows the user to change the system date and time, to configure the time zone used by the system, and to setup the Network Time Protocol (NTP) daemon to synchronize the system clock with a time server. You must be running the X Window System and have root privileges to use the tool. There are three ways to start the application: From the desktop, go to Applications (the main menu on the panel) => System Settings => Date & Time From the desktop, right-click on the time in the toolbar and select Adjust Date and Time. Type the command system-config-date, system-config-time, or dateconfig at a shell prompt (for example, in an XTerm or a GNOME terminal).
152
To change the date, use the arrows to the left and right of the month to change the month, use the arrows to the left and right of the year to change the year, and click on the day of the week to change the day of the week. To change the time, use the up and down arrow buttons beside the Hour, Minute, and Second in the Time section. Clicking the OK button applies any changes made to the date and time, the NTP
Pakistan Computer Bureau 153
daemon settings, and the time zone settings. It also exits the program.
The Network Time Protocol (NTP) daemon synchronizes the system clock with a remote time server or time source. The application allows you to configure an NTP daemon to synchronize your system clock with a remote server. To enable this feature, select Enable Network Time Protocol. This enables the NTP Servers list and other options. You can choose one of the predefined servers, edit a predefined server by clicking the Edit or add a new server name by clicking Add. Your system does not start synchronizing with the NTP server until you click OK. After clicking OK, the configuration is saved and the NTP daemon is started (or restarted if it is already running). Clicking the OK button applies any changes made to the date and time, the NTP
154
daemon settings, and the time zone settings. It also exits the program.
155
If your system clock is set to use UTC, select the System clock uses UTC option. UTC stands for the Universal Time, Coordinated, also known as Greenwich Mean Time (GMT).
156
While the heart of Red Hat Enterprise Linux is the kernel, for many users, the face of the operating system is the graphical environment provided by the X Window System, also called X. Other windowing environments have existed in the UNIX world, including some that predate the release of the X Window System in June 1984. Nonetheless, X has been the default graphical environment for most UNIX-like operating systems, including Red Hat Enterprise Linux, for many years. The graphical environment for Red Hat Enterprise Linux is supplied by the X.Org Foundation, an open source organization created to manage development and strategy for the X Window System and related technologies. X.Org is a largescale, rapidly developing project with hundreds of developers around the world. It features a wide degree of support for a variety of hardware devices and architectures, and can run on a variety of different operating systems and platforms. This release for Red Hat Enterprise Linux specifically includes the X11R7.1 release of the X Window System. The X Window System uses a client-server architecture. The X server (the Xorg binary) listens for connections from X client applications via a network or local loopback interface. The server communicates with the hardware, such as the video card, monitor, keyboard, and mouse. X client applications exist in the user-space, creating a graphical user interface (GUI) for the user and passing user requests to the X server.
157
In the X11R7.1 release, all libraries, headers, and binaries now live under /usr/ instead of /usr/X11R6. The /etc/X11/ directory contains configuration files for X client and server applications. This includes configuration files for the X server itself, the xfs font server, the X display managers, and many other base components. The configuration file for the newer Fontconfig-based font architecture is still /etc/fonts/fonts.conf. For more on configuring and adding fonts, refer to Section 4, Fonts. Because the X server performs advanced tasks on a wide array of hardware, it requires detailed information about the hardware it works on. The X server automatically detects some of this information; other details must be configured. The installation program installs and configures X automatically, unless the X11R7.1 release packages are not selected for installation. However, if there are any changes to the monitor, video card or other devices managed by the X server, X must be reconfigured. The best way to do this is to use the X Configuration Tool (system-config-display), particularly for devices that are not detected manually. In Red Hat Enterprise Linux's default graphical environment, the X Configuration Tool is available at System (on the panel) => Administration => Display. Changes made with the X Configuration Tool take effect after logging out and logging back in. For more information about X Configuration Tool, refer to X Window System Configuration. In some situations, reconfiguring the X server may require manually editing its configuration file, /etc/X11/xorg.conf. For information about the structure of this file, refer to Section 3, X Server Configuration Files.
Mwm The Motif Window Manager (mwm) is a basic, stand-alone window manager. Since it is designed to be a stand-alone window manager, it should not be used in conjunction with GNOME or KDE. To run this window manager, you need to install the openmotif package. Twm The minimalist Tab Window Manager (twm, which provides the most basic tool set of any of the window managers, can be used either as a stand-alone or with a desktop environment. It is installed as part of the X11R7.1 release. To run any of the aforementioned window managers, you will first need to boot into Runlevel 3. For instructions on how to do this, refer to Section 13.2.2.1, Runlevels. Once you are logged in to Runlevel 3, you will be presented with a terminal prompt, not a graphical environment. To start a window manager, type xinit e <path-to-window-manager> at the prompt. <path-to-window-manager> is the location of the window manager binary file. The binary file can be located by typing which windowmanager-name, where window-manager-name is the name of the window manager you want to run. For example:
user@host# which twm/usr/bin/twm user@host# xinit -e /usr/bin/twm
The first command above returns the absolute path to the twm window manager, the second command starts twm. To exit a window manager, close the last window or press Ctrl-AltBackspace. Once you have exited the window manager, you can log back into Runlevel 5 by typing startx at the prompt.
160
13.2.2.1. Runlevels
Before you can configure access to services, you must understand Linux runlevels. A runlevel is a state, or mode, that is defined by the services listed in the directory /etc/rc.d/rc<x>.d, where <x> is the number of the runlevel. The following runlevels exist: 0 Halt 1 Single-user mode 2 Not used (user-definable) 3 Full multi-user mode 4 Not used (user-definable) 5 Full multi-user mode (with an X-based login screen) 6 Reboot If you use a text login screen, you are operating in runlevel 3. If you use a graphical login screen, you are operating in runlevel 5. The default runlevel can be changed by modifying the /etc/inittab file, which contains a line near the top of the file similar to the following:
id:5:initdefault:
Change the number in this line to the desired runlevel. The change does not take effect until you reboot the system.
161
To load optional modules, they must be specified in the X server configuration file, /etc/X11/xorg.conf. For more information about loading modules, refer to Section 3.1.5, Module. When Red Hat Enterprise Linux 5.0.0 is installed, the configuration files for X are created using information gathered about the system hardware during the installation process.
13.3.1. xorg.conf
While there is rarely a need to manually edit the /etc/X11/xorg.conf file, it is useful to understand the various sections and optional parameters available, especially when troubleshooting.
162
13.3.1.2. ServerFlags
The optional ServerFlags section contains miscellaneous global X server settings. Any settings in this section may be overridden by options placed in the ServerLayout section (refer to Section 3.1.3, ServerLayout for details). Each entry within the ServerFlags section is on its own line and begins with the term Option followed by an option enclosed in double quotation marks ("). The following is a sample ServerFlags section:
Section "ServerFlags" Option "DontZap" "true" EndSection
The following lists some of the most useful options: "DontZap" "<boolean>" When the value of <boolean> is set to true, this setting prevents the use of the Ctrl-Alt-Backspace key combination to immediately terminate the X server. "DontZoom" "<boolean>" When the value of <boolean> is set to true, this setting prevents cycling through configured video resolutions using the Ctrl-Alt-Keypad-Plus and Ctrl-Alt-Keypad-Minus key combinations.
13.3.1.3. ServerLayout
The ServerLayout section binds together the input and output devices controlled by the X server. At a minimum, this section must specify one output device and one input device. By default, a monitor (output device) and keyboard (input device) are specified. The following example illustrates a typical ServerLayout section:
Section "ServerLayout" Identifier "Default Layout" Screen 0 "Screen0" 0 0 InputDevice "Mouse0" "CorePointer" InputDevice "Keyboard0" "CoreKeyboard" EndSection
163
Identifier Specifies a unique name for this ServerLayout section. Screen Specifies the name of a Screen section to be used with the X server. More than one Screen option may be present. The following is an example of a typical Screen entry:
Screen 0 "Screen0" 0 0
The first number in this example Screen entry (0) indicates that the first monitor connector or head on the video card uses the configuration specified in the Screen section with the identifier "Screen0". An example of a Screen section with the identifier "Screen0" can be found in Section 13.3.1.9, Screen. If the video card has more than one head, another Screen entry with a different number and a different Screen section identifier is necessary .
The numbers to the right of "Screen0" give the absolute X and Y coordinates for the upper-left corner of the screen (0 0 by default). InputDevice Specifies the name of an Input Device section to be used with the X server. It is advisable that there be at least two InputDevice entries: one for the default mouse and one for the default keyboard. The options CorePointer and CoreKeyboard indicate that these are the primary mouse and keyboard. Option "<option-name>" An optional entry which specifies extra parameters for the section. Any options listed here override those listed in the ServerFlags section. Replace <option-name> with a valid option listed for this section in the xorg.conf main page. It is possible to put more than one ServerLayout section in the /etc/X11/xorg.conf file. By default, the server only reads the first one it encounters, however.
164
If there is an alternative ServerLayout section, it can be specified as a command line argument when starting an X session.
13.3.1.4. Files
The Files section sets paths for services vital to the X server, such as the font path. This is an optional section, these paths are normally detected automatically. This section may be used to override any automatically detected defaults. The following example illustrates a typical Files section:
Section "Files" RgbPath "/usr/share/X11/rgb.txt" FontPath "unix/:7100" EndSection
The following entries are commonly used in the Files section: RgbPath Specifies the location of the RGB color database. This database defines all valid color names in X and ties them to specific RGB values.
FontPath Specifies where the X server must connect to obtain fonts from the xfs font server. By default, the FontPath is unix/:7100. This tells the X server to obtain font information using UNIX-domain sockets for inter-process communication (IPC) on port 7100. Refer to Section 4, Fonts for more information concerning X and fonts. ModulePath An optional parameter which specifies alternate directories which store X server modules.
165
13.3.1.5. Module
By default, the X server automatically loads the following modules from the /usr/lib/xorg/modules/ directory: extmod dbe glx freetype type1 record dri The default directory for loading these modules can be changed by specifying a different directory with the optional ModulePath parameter in the Files section. Refer to Section 3.1.4, Files for more information on this section. Adding a Module section to /etc/X11/xorg.conf instructs the X server to load the modules listed in this section instead of the default modules. For example, the following typical Module section: Section "Module" Load "fbdevhw" EndSection instructs the X server to load the fbdevhw instead of the default modules. As such, if you add a Module section to /etc/X11/xorg.conf, you will need to specify any default modules you want to load as well as any extra modules.
166
13.3.1.6. InputDevice
Each InputDevice section configures one input device for the X server. Systems typically have at least one InputDevice section for the keyboard. It is perfectly normal to have no entry for a mouse, as most mouse settings are automatically detected. The following example illustrates a typical InputDevice section for a keyboard:
Section "InputDevice" Identifier "Keyboard0" Driver "kbd" Option "XkbModel" "pc105" Option "XkbLayout" "us" EndSection
The following entries are commonly used in the InputDevice section: Identifier Specifies a unique name for this InputDevice section. This is a required entry. Driver Specifies the name of the device driver X must load for the device. Option Specifies necessary options pertaining to the device. A mouse may also be specified to override any autodetected defaults for the device. The following options are typically included when adding a mouse in the xorg.conf: Protocol Specifies the protocol used by the mouse, such as IMPS/2. Device Specifies the location of the physical device. Emulate3Buttons Specifies whether to allow a two-button mouse to act like a three-button mouse when both mouse buttons are pressed simultaneously. Consult the xorg.conf man page for a list of valid options for this section.
167
13.3.1.7. Monitor
Each Monitor section configures one type of monitor used by the system. This is an optional entry as well, as most monitors are now automatically detected. The easiest way to configure a monitor is to configure X during the installation process or by using the X Configuration Tool. For more information about using the X Configuration Tool, refer to X Window System Configuration. This example illustrates a typical Monitor section for a monitor: Section "Monitor" Identifier "Monitor0" VendorName "Monitor Vendor" ModelName "DDC Probed Monitor - ViewSonic G773-2" DisplaySize 320 240 HorizSync 30.0 - 70.0 VertRefresh 50.0 - 180.0 EndSection Warning
Be careful when manually editing values in the Monitor section of /etc/X11/xorg.conf. Inappropriate values can damage or destroy a monitor. Consult the monitor's documentation for a listing of safe operating parameters.
The following are commonly entries used in the Monitor section: Identifier Specifies a unique name for this Monitor section. This is a required entry. VendorName An optional parameter which specifies the vendor of the monitor. ModelName An optional parameter which specifies the monitor's model name. DisplaySize An optional parameter which specifies, in millimeters, the physical size of the monitor's picture area. HorizSync Specifies the range of horizontal sync frequencies compatible with the monitor in kHz. These values help the X server determine the validity of built-in or specified Modeline entries for the monitor.
168
VertRefresh Specifies the range of vertical refresh frequencies supported by the monitor, in kHz. These values help the X server determine the validity of built in or specified Modeline entries for the monitor. Modeline An optional parameter which specifies additional video modes for the monitor at particular resolutions, with certain horizontal sync and vertical refresh resolutions. Refer to the xorg.conf man page for a more detailed explanation of Modeline entries. Option "<option-name>" An optional entry which specifies extra parameters for the section. Replace <option-name> with a valid option listed for this section in the xorg.conf man page.
13.3.1.8. Device
Each Device section configures one video card on the system. While one Device section is the minimum, additional instances may occur for each video card installed on the machine. The best way to configure a video card is to configure X during the installation process or by using the X Configuration Tool. For more about using the X Configuration Tool, refer to X Window System Configuration. The following example illustrates a typical Device section for a video card: Section "Device" Identifier "Videocard0" Driver "mga" VendorName "Videocard vendor" BoardName "Matrox Millennium G200" VideoRam 8192 Option "dpms" EndSection The following entries are commonly used in the Device section: Identifier Specifies a unique name for this Device section. This is a required entry. Driver Specifies which driver the X server must load to utilize the video card. A list of drivers can be found in
169
/usr/share/hwdata/videodrivers, which is installed with the hwdata package. VendorName An optional parameter which specifies the vendor of the video card. BoardName An optional parameter which specifies the name of the video card. VideoRam An optional parameter which specifies the amount of RAM available on the video card in kilobytes. This setting is only necessary for video cards the X server cannot probe to detect the amount of video RAM. BusID An entry which specifies the bus location of the video card. On systems with only one video card a BusID entry is optional and may not even be present in the default /etc/X11/xorg.conf file. On systems with more than one video card, however, a BusID entry must be present. Screen An optional entry which specifies which monitor connector or head on the video card the Device section configures. This option is only useful for video cards with multiple heads. If multiple monitors are connected to different heads on the same video card, separate Device sections must exist and each of these sections must have a different Screen value. Values for the Screen entry must be an integer. The first head on the video card has a value of 0. The value for each additional head increments this value by one. Option "<option-name>" An optional entry which specifies extra parameters for the section. Replace <option-name> with a valid option listed for this section in the xorg.conf man page. One of the more common options is "dpms" (for Display Power Management Signaling, a VESA standard), which activates the Service Star energy compliance setting for the monitor.
170
13.3.1.9. Screen
Each Screen section binds one video card (or video card head) to one monitor by referencing the Device section and the Monitor section for each. While one Screen section is the minimum, additional instances may occur for each video card and monitor combination present on the machine. The following example illustrates a typical Screen section:
Section "Screen" Identifier "Screen0" Device "Videocard0" Monitor "Monitor0" DefaultDepth 16 SubSection "Display" Depth 24 Modes "1280x1024" "1280x960" "1152x864" "1024x768" "800x600" "640x480" EndSubSection SubSection "Display" Depth 16 Modes "1152x864" "1024x768" "800x600" "640x480" EndSubSection EndSection
The following entries are commonly used in the Screen section: Identifier Specifies a unique name for this Screen section. This is a required entry. Device Specifies the unique name of a Device section. This is a required entry. Monitor Specifies the unique name of a Monitor section. This is only required if a specific Monitor section is defined in the xorg.conf file. Normally, monitors are automatically detected. DefaultDepth Specifies the default color depth in bits. In the previous example, 16 (which provides thousands of colors) is the default. Only one DefaultDepth is permitted, although this can be overridden with the Xorg command line option -depth <n>,where <n> is any additional depth specified. SubSection "Display" Specifies the screen modes available at a particular color depth. The Screen section can have multiple Display subsections, which are entirely optional since screen modes are automatically detected. This subsection is normally used to override autodetected modes. Option "<option-name>" An optional entry which specifies extra parameters for the section.
Pakistan Computer Bureau 171
Replace <option-name> with a valid option listed for this section in the xorg.conf man page.
13.3.1.10. DRI
The optional DRI section specifies parameters for the Direct Rendering Infrastructure (DRI). DRI is an interface which allows 3D software applications to take advantage of 3D hardware acceleration capabilities built into most modern video hardware. In addition, DRI can improve 2D performance via hardware acceleration, if supported by the video card driver. This section rarely appears, as the DRI Group and Mode are automatically initialized to default values. If a different Group or Mode is desired, then adding this section to the xorg.conf file will override those defaults. The following example illustrates a typical DRI section: Section "DRI" Group 0 Mode 0666 EndSection Since different video cards use DRI in different ways, do not add to this section without first referring to http://dri.sourceforge.net/.
13.4. Fonts
Red Hat Enterprise Linux uses two subsystems to manage and display fonts under X: Fontconfig and xfs. The newer Fontconfig font subsystem simplifies font management and provides advanced display features, such as anti-aliasing. This system is used automatically for applications programmed using the Qt 3 or GTK+ 2 graphical toolkit. For compatibility, Red Hat Enterprise Linux includes the original font subsystem, called the core X font subsystem. This system, which is over 15 years old, is based around the X Font Server (xfs). This section discusses how to configure fonts for X using both systems.
172
13.4.1. Fontconfig
The Fontconfig font subsystem allows applications to directly access fonts on the system and use Xft or other rendering mechanisms to render Fontconfig fonts with advanced anti-aliasing. Graphical applications can use the Xft library with Fontconfig to draw text to the screen. Over time, the Fontconfig/Xft font subsystem replaces the core X font subsystem. Important
The Fontconfig font subsystem does not yet work for OpenOffice.org, which uses its own font rendering technology.
It is important to note that Fontconfig uses the etc/fonts/fonts.conf configuration file, which should not be edited by hand. Tip
Due to the transition to the new font system, GTK+ 1.2 applications are not affected by any changes made via the Font Preferences dialog (accessed by selecting System (on the panel) => Preferences => Fonts). For these applications, a font can be configured by adding the following lines to the file .gtkrc.mine: style "user-font" { fontset = "<font-specification>" } widget_class "*" style "user-font"
Replace <font-specification> with a font specification in the style used by traditional X applications, such as -adobe-helvetica-medium-rnormal--*-120-*-*-*-*-*-*. A full list of core fonts can be obtained by running xlsfonts or created interactively using the xfontsel command.
173
174
The X server connects to the xfs server on a specified port to acquire font information. For this reason, the xfs service must be running for X to start.
deferglyphs Specifies whether to defer loading glyphs (the graphic used to visually
175
represent a font). To disable this feature use none, to enable this feature for all fonts use all, or to turn this feature on only for 16-bit fonts use 16. error-file Specifies the path and file name of a location where xfs errors are logged. no-listen Prevents xfs from listening to particular protocols. By default, this option is set to tcp to prevent xfs from listening on TCP ports for security reasons. Tip
If xfs is used to serve fonts over the network, remove this line.
port Specifies the TCP port that xfs listens on if no-isten does not exist or is commented out. use-syslog Specifies whether to use the system error log.
176
13.5.1. Runlevel 3
When in runlevel 3, the best way to start an X session is to log in and type startx. The startx command is a front-end to the xinit command, which launches the X server (Xorg) and connects X client applications to it. Because the user is already logged into the system at runlevel 3, startx does not launch a display manager or authenticate users. Refer to Section 5.2, Runlevel 5 for more information about display managers. When the startx command is executed, it searches for the .xinitrc file in the user's home directory to define the desktop environment and possibly other X client applications to run. If no .xinitrc file is present, it uses the system default /etc/X11/xinit/xinitrc file instead. The default xinitrc script then searches for user-defined files and default system files, including .Xresources, .Xmodmap, and .Xkbmap in the user's home directory, and Xresources, Xmodmap, and Xkbmap in the /etc/X11/ directory. The Xmodmap and Xkbmap files, if they exist, are used by the xmodmap utility to configure the keyboard. The Xresources file is read to assign specific preference values to applications. After setting these options, the xinitrc script executes all scripts located in the /etc/X11/xinit/xinitrc.d/ directory. One important script in this directory is xinput.sh, which configures settings such as the default language.
177
Next, the xinitrc script attempts to execute .Xclients in the user's home directory and turns to /etc/X11/xinit/Xclients if it cannot be found. The purpose of the Xclients file is to start the desktop environment or, possibly, just a basic window manager. The .Xclients script in the user's home directory starts the user-specified desktop environment in the .Xclients-default file. If .Xclients does not exist in the user's home directory, the standard /etc/X11/xinit/Xclients script attempts to start another desktop environment, trying GNOME first and then KDE followed by twm. When in runlevel 3, the user is returned to a text mode user session after ending an X session.
13.5.2. Runlevel 5
When the system boots into runlevel 5, a special X client application called a display manager is launched. A user must authenticate using the display manager before any desktop environment or window managers are launched. Depending on the desktop environments installed on the system, three different display managers are available to handle user authentication. GNOME The default display manager for Red Hat Enterprise Linux, GNOME allows the user to configure language settings, shutdown, restart or log in to the system. KDE KDE's display manager which allows the user to shutdown, restart or log in to the system. xdm A very basic display manager which only lets the user log in to the system. When booting into runlevel 5, the prefdm script determines the preferred display manager by referencing the /etc/sysconfig/desktop file. A list of options for this file is available in this file: /usr/share/doc/initscripts-<versionnumber>/sysconfig.txt where <version-number> is the version number of the initscripts package.
Pakistan Computer Bureau 178
Each of the display managers reference the /etc/X11/xdm/Xsetup_0 file to set up the login screen. Once the user logs into the system, the /etc/X11/xdm/GiveConsole script runs to assign ownership of the console to the user. Then, the /etc/X11/xdm/Xsession script runs to accomplish many of the tasks normally performed by the xinitrc script when starting X from runlevel 3, including setting system and user resources, as well as running the scripts in the /etc/X11/xinit/xinitrc.d/ directory. Users can specify which desktop environment they want to utilize when they authenticate using the GNOME or KDE display managers by selecting it from the Sessions menu item (accessed by selecting System (on the panel) => Preferences => More Preferences => Sessions). If the desktop environment is not specified in the display manager, the /etc/X11/xdm/Xsession script checks the .xsession and .Xclients files in the user's home directory to decide which desktop environment to load. As a last resort, the /etc/X11/xinit/Xclients file is used to select a desktop environment or window manager to use in the same way as runlevel 3. When the user finishes an X session on the default display (:0) and logs out, the /etc/X11/xdm/TakeConsole script runs and reassigns ownership of the console to the root user. The original display manager, which continues running after the user logged in, takes control by spawning a new display manager. This restarts the X server, displays a new login window, and starts the entire process over again. The user is returned to the display manager after logging out of X from runlevel 5. For more information on how display managers control user authentication, refer to the /usr/share/doc/gdm-<version-number>/README (where <version-number> is the version number for the gdm package installed) and the xdm man page.
179
During installation, the system's monitor, video card, and display settings are configured. To change any of these settings after installation, use the X Configuration Tool. To start the X Configuration Tool, go to System (on the panel) => Administration => Display, or type the command system-configdisplay at a shell prompt (for example, in an XTerm or GNOME terminal). If the X Window System is not running, a small version of X is started to run the program. After changing any of the settings, log out of the graphical desktop and log back in to enable the changes.
180
181
To change the monitor type or any of its settings, click the corresponding Configure button. To change the video card type or any of its settings, click the Configure button beside its settings.
182
To enable use of Dual head, check the Use dual head checkbox. To configure the second monitor type, click the corresponding Configure button. You can also configure the other Dual head settings by using the corresponding drop-down list. For the Desktop layout option, selecting Spanning Desktops allows both monitors to use an enlarged usable workspace. Selecting Individual Desktops shares the mouse and keyboard among the displays, but restricts windows to a single display.
183
The control of users and groups is a core element of Red Hat Enterprise Linux system administration. Users can be either people (meaning accounts tied to physical users) or accounts which exist for specific applications to use. Groups are logical expressions of organization, tying users together for a common purpose. Users within a group can read, write, or execute files owned by that group. Each user and group has a unique numerical identification number called a userid (UID) and a groupid (GID), respectively. A user who creates a file is also the owner and group owner of that file. The file is assigned separate read, write, and execute permissions for the owner, the group, and everyone else. The file owner can be changed only by the root user, and access permissions can be changed by both the root user and file owner. Red Hat Enterprise Linux also supports access control lists (ACLs) for files and directories which allow permissions for specific users outside of the owner to be set.
184
To view a list of local users on the system, click the Users tab. To view a list of local groups on the system, click the Groups tab. To find a specific user or group, type the first few letters of the name in the Search filter field. Press Enter or click the Apply filter button. The filtered list is displayed. To sort the users or groups, click on the column name. To view a list of local users on the system, click the Users tab. To view a list of local groups on the system, click the Groups tab. To find a specific user or group, type the first few letters of the name in the Search filter field. Press Enter or click the Apply filter button. The filtered list is displayed. To sort the click on the column name, the users or groups are sorted according to the value of that column. Red Hat Enterprise Linux reserves user IDs below 500 for system users. By default, User Manager does not display system users. To view all users, including the system users, go to Edit => Preferences and uncheck
Pakistan Computer Bureau 185
Select a login shell. If you are not sure which shell to select, accept the default value of /bin/bash. The default home directory is /home/<username>/. You can change the home directory that is created for the user, or you can choose not to create the home directory by unselecting Create home directory. If you select to create the home directory, default configuration files are copied from the /etc/skel/ directory into the new home directory. Red Hat Enterprise Linux uses a user private group (UPG) scheme. The UPG scheme does not add or change anything in the standard UNIX way of handling groups; it offers a new convention. Whenever you create a new user, by default, a unique group with the same name as the user is created. If you do not want to create this group, unselect Create a private group for the user. To specify a user ID for the user, select Specify user ID manually. If the option is not selected, the next available user ID above 500 is assigned to the new user. Because Red Hat Enterprise Linux reserves user IDs below 500 for system users, it is not advisable to manually assign user IDs 1-499. Click OK to create the user.
186
To configure more advanced user properties, such as password expiration, modify the user's properties after adding the user.
187
User Data
added the user. Use this tab to change the user's full name, password, home directory, or login shell.
Account Info
want the account to expire on a certain date. Enter the date in the provided fields. Select Local password is locked to lock the
188
user account and prevent the user from logging into the system. Password Info Displays the date that the user's password last changed. To force the user to change passwords after a certain number of days, select Enable password expiration and enter a desired value in the Days
before change required: field. The number of days before the user's password expires, the number of days before the user is warned to change passwords, and days before the account becomes inactive can also be changed.
Groups Allows you to view and configure the Primary Group of the
user. As well as other groups that you want the user to be a member of it.
Click OK to create the group. The new group appears in the group list.
189
The Group Users tab displays which users are members of the group. Use this tab to add or remove users from the group. Click OK to save your changes.
190
The following command line tools can also be used to manage users and groups:
useradd, usermod, and userdel Industry-standard methods of adding, deleting and modifying user accounts
groupadd, groupmod, and groupdel Industry-standard methods of adding, deleting, and modifying user groups
pwconv, pwunconv Tools used for the conversion of passwords to shadow passwords and back to standard passwords
191
Option
-g<gid>
Description
Group ID for the group, which must be unique and greater than Create a system group with a GID less than 500 When used with -g<gid> and <gid> already exists, groupaddwill choose another unique <gid> for the
Table 15.2. group add Command Line Options
-r -f
192
Option
Description
-m<days>
Specifies the minimum number of days between which the user must change passwords. If the value is 0, the password does not expire. Specifies the maximum number of days for which th password is valid. When the number of days specified by this option plus the number of days specified with the -d option is less than the current day, the user must chang Specifies the number of days since January 1, 1970 the password was changed Specifies the number of inactive days after the password expiration before locking the account. If the value is 0, the account is not locked after the password expires.
-M<days>
-d<days> -I<days>
-E<date>
Specifies the date on which the account is locked, in the format YYYY-MM-DD. Instead of the date, the number of days since January 1, 1970 can also be used. Specifies the number of days before the password expiration date to warn the user.
Table 15.3 chage Command Line Options
-W<days>
Tip
If the chage command is followed directly by a username (with no options), it displays the current password aging values and allows them to be changed.
You can configure a password to expire the first time a user logs in. This forces users to change passwords the first time they log in.
193
Note
This process will not work if the user logs in using the SSH protocol.
1.
Lock the user password If the user does not exist, use the useradd command to create the user account, but do not give it a password so that it remains locked. If the password is already enabled, lock it with the command:
usermod -L username
2. Force immediate password expiration command: Type
the following
chage -d 0 username This command sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.
3.
Unlock the account There are two common approaches to this step. The administrator can assign an initial password or assign a null password.
Warning
Do not use the passwd command to set the password as it disables the immediate password expiration just configured.
Start the command line Python interpreter with the python command. It displays the following:
4.1.1-9)] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>>
194
2 of the following: any alphanumeric character, the slash (/) character or a dot (.): import crypt; print crypt.crypt("<password>","<salt>") The output is the encrypted password, similar to '12CsGd8FRcMSM'.
Press Ctrl-D to exit the Python interpreter. At the shell, enter the following command (replacing <encrypted-
password> with the encrypted output of the Python interpreter): usermod -p "<encrypted-password>" <username>
Alternatively, you can assign a null password instead of an initial password. To do this, use the following command:
In either case, upon initial log in, the user is prompted for a new password.
195
A new line for juan is created in /etc/passwd. The line has the following characteristics:
It begins with the username juan. There is an x for the password field indicating that the system is using shadow passwords.
A UID greater than 499 is created. (Under Red Hat Enterprise Linux, UIDs and GIDs below 500 are reserved for system use.)
2.
A GID greater than 499 is created. The optional GECOS information is left blank. The home directory for juan is set to /home/juan/. The default shell is set to /bin/bash.
A new line for juan is created in /etc/shadow. The line has the following characteristics: begins with the username juan.
It
exclamation points (!!) appear in the password field of the /etc/shadow file, which locks the account.
Two
Note
If an encrypted password is passed using the -p flag, it is placed in the /etc/shadow file on the new line for the user.
The 3.
A new line for a group named juan is created in /etc/group. A group with the same name as a user is called a user private group. For more information on user private groups, refer to
196
Section 15.1.1, Adding a New User. The line created in /etc/group has the following characteristics:
An x appears in the password field indicating that the system is using shadow group passwords. The GID matches the one listed for user juan in /etc/passwd.
4.
A new line for a group named juan is created in /etc/gshadow. The line has the following characteristics: It begins with the group name juan.
An exclamation point (!) appears in the password field of the /etc/gshadow file, which locks the group.
5.
A directory for user juan is created in the /home/ directory. This directory is owned by user juan and group juan. However, it has read, write, and execute privileges only for the user juan. All other permissions are denied.
6.
The files within the /etc/skel/ directory (which contain default user settings) are copied into the new /home/juan/ directory.
At this point, a locked account called juan exists on the system. To activate it, the administrator must next assign a password to the account using the passwd command and, optionally, set password aging guidelines.
User
UID
GID
Home Directory
Shell
Root
/root
/bin/bash
197
Bin daemon Adm Lp Sync shutdown Halt Mail News Uucp operator Games gopher ftp nobody Rpm Vcsa Dbus Ntp Canna Nscd Rpc postfix mailman Named amanda postgres Exim Sshd rpcuser nsfnobody Pvm apache Xfs Gdm Htt Mysql
1 2 3 4 5 6 7 8 9 10 11 12 13 14 99 37 69 81 38 39 28 32 89 41 25 33 26 93 74 29 65534 24 48 43 42 100 27
/bin /sbin /var/adm /var/spool/lpd /sbin /sbin /sbin /var/spool/mail /etc/news /var/spool/uucp /root /usr/games /var/gopher /var/ftp / /var/lib/rpm /dev / /etc/ntp /var/lib/canna / / /var/spool/post /var/mailman /var/named var/lib/amanda/ /var/lib/pgsql /var/spool/exim /var/empty/sshd /var/lib/nfs /var/lib/nfs /usr/share/pvm3 /var/www /etc/X11/fs /var/gdm /usr/lib/im /var/lib/mysql
/sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /bin/sync /sbin/shutd /sbin/halt /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /bin/false /bin/bash /bin/bash /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /bin/bash /sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /bin/bash
198
webalizer mailnull smmsp Squid Ldap netdump Pcap radiusd Radvd quagga Wnn dovecot
67 47 51 23 55 34 77 95 75 92 49 97
67 47 51 23 55 34 77 95 75 92 49 97
/var/www/usage /var/spool/mque /var/spool/mque /var/spool/squi /var/lib/ldap /var/crash /var/arpwatch / / /var/run/quagga /var/lib/wnn /usr/libexec/do
/sbin/nolog /sbin/nolog /sbin/nolog /sbin/nolog /bin/false /bin/bash /sbin/nolog /bin/false /sbin/nolog /sbin/login /sbin/nolog /sbin/nolog
199
ftp Lock Nobody Users Rpm Utmp Floppy Vcsa dbus ntp canna rpc postdrop postfix mailman exim named postgres sshd rpcuser apache xfs gdm htt mysql webalizer mailnull smmsp squid ldap netdump pcap quaggavt quagga radvd slocate wnn
200
dovecot radiusd
scheme,
is created whenever a new user is added to the system. A UPG has the same name as the user for which it was created and that user is the only member of the UPG. make it safe to set default permissions for a newly created file or directory, allowing both the user and the group of that user to make modifications to the file or directory.
UPGs
The setting which determines what permissions are applied to a newly created file or directory is called a umask and is configured in the /etc/bashrc file. Traditionally on UNIX systems, the umask is set to 022, which allows only the user who created the file or directory to make modifications. Under this scheme, all other users, including members of the creator's group, are not allowed to make any modifications. However, under the UPG scheme, this "group protection" is not necessary since every user has their own private group.
201
the group which owns the directory. Let us say, for example, that a group of people need to work on files in the /usr/share/emacs/site-lisp/ directory. Some people are trusted to modify the directory, but certainly not everyone is trusted. First create an emacs group, as in the following command: /usr/sbin/groupadd emacs To associate the contents of the directory with the emacs group, type: chown -R root.emacs /usr/share/emacs/site-lisp Now, it is possible to add the proper users to the group with the gpasswd command: /usr/bin/gpasswd -a <username> emacs To allow users to create files within the directory, use the following command: chmod 775 /usr/share/emacs/site-lisp When a user creates a new file, it is assigned the group of the user's default private group. Next, set the setgid bit, which assigns everything created in the directory the same group permission as the directory itself (emacs). Use the following command: chmod 2775 /usr/share/emacs/site-lisp At this point, because the default umask of each user is 002, all members of the emacs group can create and edit files in the /usr/share/emacs/site-lisp/ directory without the administrator having to change file permissions every time users write new files. In multiuser environments it is very important to use shadow passwords by the shadow-utils package). Doing so enhances the security of system authentication files. For this reason, the installation program enables shadow passwords by default. The following lists the advantages of shadow passwords have over the
Pakistan Computer Bureau 202
(provided
system security by moving encrypted password hashes from the world-readable /etc/passwd file to /etc/shadow, which is readable only by the root user.
Stores information about password aging. Allows the use the /etc/login.defs file to enforce security policies. Most utilities provided by the shadow-utils package work properly whether or not shadow passwords are enabled. However, since password aging information is stored exclusively in the /etc/ shadow file, any commands which create or modify password aging information do not work. The following is a list of commands which do not work without first enabling shadow passwords:
203
204
Become the superuser if you are working in your account. (Type "su" and
Change to the directory that has the RPM download. Type the following command at the prompt:
205
Similarly you can also install the MySQL client and MySQL development RPMs if you've downloaded them. Alternatively, you can install the RPMs through GnoRPM (found under System).
5.
Now we'll set a password for the root user. Issue the following at the
prompt.
6. mysqladmin -u root password mysqldata
where mysqldata is the password for the root. (Change this to anything you like). It is now time to test the programs. Typing the following at the prompt starts the mysql client program.
7.
8. mysql -u root -p
The system asks for the the password. Type the root password (mysqldata). If you don't get the prompt for password, it might be because MySQL Server is not running. To start the server, change to /etc/rc.d/init.d/ directory and issue the command ./mysql start (or mysql start depending on the value of the PATH variable on your system). Now invoke mysql client program. Once MySQL client is running, you should get the mysql> prompt. Type the following at this prompt:
9. show databases;
10.
Okay, we've successfully installed MySQL on your system. Now let's look at some MySQL basics.
206
3.
mysql -u root -p
The system prompts for the MySQL root password that you set up in Installing MySQL on Linux. (Note: This is not the Linux root password but the MySQL root password). Enter the password, which is not displayed for security reasons. Once you are successfully logged in, the system prints a welcome message and displays the mysql prompt ... something like
Welcome to the MySQL monitor. \g. Your MySQL connection id is 1 to server version: 3.22.32 Type 'help' for help. mysql> Commands end with ; or
4.
Now we are ready for creating the employees database. Issue the
command:
5. create database employees;
(Note: The command ends with a semi-colon) An important point to note is that this database is created by the root and so will not be accessible to any other user unless permitted by the root. Thus, in order to use this database from my account (called manish), I have to set the permissions by issuing the following command:
6.
7.
IDENTIFIED BY "eagle"
The above command grants my account (manish@localhost) all the permissions on employees database and sets my password to eagle. You
207
should replace manish with your user name and choose an appropriate password. Close the mysql session by typing quit at the prompt. Exit from superuser and come back to your account. (Type exit). 9. To connect to MySQL from your account, type:
8.
10.
mysql -u user_name -p
Type in the password when prompted. (This password was set by the GRANTS ALL... command above) . The system displays the welcome message once you have successfully logged on to MySQL. Here is how your session should look like:
[manish@localhost manish]$ mysql -u manish -p Enter password: Welcome to the MySQL monitor. \g. Your MySQL connection id is 3 to server version: 3.22.32 Type 'help' for help. mysql> Commands end with ; or
11.
Typing the command SHOW DATABASES; will list all the databases
+----------------+
208
20.
21. Enter quit at the mysql> prompt to come out of the mysql client program
Age 28 32 48 19
The table above contains four columns that store the name, age, country and email. Each row contains data for one individual. This is called a record. To find the country and email of Alexander, you'd first pick the name from the first column and and then look in the third and fourth columns of the same row. A database can have many tables; it is tables, that contain the actual data. Hence, we can segregate related (or unrelated) data in different tables. For our employees database we'll have one table that stores company details of the employees. The other table would contain personal information. Let's make the first table. The SQL command for creating tables looks complex when you view it for the first time. Don't worry if you get confused, we'll be discussing this in more detail in later sessions.
CREATE TABLE employee_data ( emp_id int unsigned not null auto_increment primary key, f_name varchar(20),
209
l_name varchar(20), title varchar(30), age int, yos int, salary int, perks int, email varchar(60) );
Note: In MySQL, commands and column names are not case-sensitive; however, table and database names might be sensitive to case depending on the platform (as in Linux). You can thus, use create table instead of CREATE TABLE. The CREATE TABLE keywords are followed by the name of the table we want to create, employee_data. Each line inside the parenthesis represents one column. These columns store the employee id, first name, last name, title, age, years of service with the company, salary, perks and emails of our employees and are given descriptive names emp_id, f_name, l_name, title, age, yos, salary, perks and email, respectively. Each column name is followed by the column type. Column types define the type of data the column is set to contain. In our example, columns, f_name, l_name, title and email would contain small text strings, so we set the column type to varchar, which means varriable characters. The maximum number of characters for varchar columns is specified by a number enclosed in parenthesis immediately following the column name. Columns age, yos, salary and perks would contain numbers (integers), so we set the column type to int. Our first column (emp_id) contains an employee id. Its column type looks really mean, yeh?. Let's break it down. int: specifies that the column type is an integer (a number). unsigned: determines that the number will be unsigned (positive integer). not null: specifies that the value cannot be null (empty); that is, each row in the column would have a value. auto_increment: When MySQl comes across a column with an auto_increment attribute, it generates a new value that is one greater than the largest value in the column. Thus, we don't need to supply values for this column, MySQL generates it for us! Also, it follows that each value in this column would be unique. (We'll discuss the benefits of having unique values very shortly). primary key: helps in indexing the column that help in faster searches. Each value has to be unique.
Why have a column with unique values?
Our company Bignet has grown tremendously over the past two years. We've recruited thousands. Don't you think there is a fair chance that two employees might have the same name? Now, when that happens, how can
210
we distinguish the records of these two employees unless we give them unique identification numbers? If we have a column with unique values, we can easily distinguish the two records. The best way to assign unique numbers is to let MySQL do it!
The above shows that no database has been selected. Actually, everytime we work with mysql client, we have to specify which database we plan to use. There are several ways of doing it.
Specifying the database name at the start; type the folowing at the system prompt:
mysql>USE employees;
Specifying the database with \u at the mysql prompt:
mysql>\u employees; It's necessary to specify the database we plan to use, else MySQL will throw an error.
211
Note: When you press the enter key after typing the first line, the mysql prompt changes to a ->. This means that mysql understands that the command is not complete and prompts you for additional statements. Remember, each mysql command ends with a semi-colon and each column declaration is separated by a comma. Also, you can type the entire command on one line if you so want. You screen should look similar to:
mysql> CREATE TABLE employee_data -> ( -> emp_id int unsigned not null auto_increment primary key, -> f_name varchar(20), -> l_name varchar(20), -> title varchar(30), -> age int, -> yos int, -> salary int, -> perks int, -> email varchar(60) -> );
212
+--------+------------------+------+-----+---------+---------------+ | emp_id | int(10) unsigned | auto_increment | | f_name | varchar(20) | | YES | PRI | 0 | | NULL | |
213
| | | | | | |
| | | | | | |
DESCRIBE lists all the column names along with their column types of the table. Now let's see how we can insert data into our table.
The INSERT SQL statement impregnates our table with data. Here is a general form of INSERT.
INSERT into table_name (column1, column2....) values (value1, value2...);
where table_name is the name of the table into which we want to insert data; column1, column2 etc. are column names and value1, value2 etc. are values for the respective columns. This is quite simple, isn't it? The following statement inserts the first record in employee_data table.
INSERT INTO employee_data (f_name, l_name, title, age, yos, salary, perks, email) values ("Manish", "Sharma", "CEO", 28, 4, 200000, 50000, "manish@bignet.com");
214
As with other MySQL statements, you can enter this command on one line or span it in multiple lines. Some important points:
The values for columns f_name, l_name, title and email are text strings and surrounded with quotes. Values for age, yos, salary and perks are numbers (intergers) and without quotes. You'll notice that we've inserted data in all columns except emp_id. This is because, we leave this job to MySQL, which will check the column for the largest value, increment it by one and insert the new value.
Once you type the above command correctly in the mysql client, it displays a success message.
mysql> INSERT INTO employee_data -> (f_name, l_name, title, age, yos, salary, perks, email) -> values -> ("Manish", "Sharma", "CEO", 28, 4, 200000, -> 50000, "manish@bignet.com"); Query OK, 1 row affected (0.00 sec)
The conditions part of the statement is optional (we'll go through this later). Basically, you require to know the column names and the table name from which to extract the data. For example, in order to extract the first and last names of all employees, issue the following command.
SELECT f_name, l_name from employee_data;
215
The statement tells MySQL to list all the rows from columns f_name and l_name.
mysql> SELECT f_name, l_name from employee_data; +---------+------------+ | f_name | Manish | John | Ganesh | Mary | Fred | John | Edward | Alok | Hassan | Paul | Arthur | Kim | Roger | Danny | Mike | Monica | Hal | Joseph | Peter | l_name | Sharma | Hagan | Pillai | Anchor | Kruger | Sakamuro | Nanda | Rajabi | Simon | Hoopla | Hunter | Lewis | Gibson | Harper | Sehgal | Simlai | Irvine | Champion | | | | | | | | | | | | | | | | | | | | | +---------+------------+
| Anamika | Pandit
| MacFarland |
| Shahida | Ali
On close examination, you'll find that the display is in the order in which the data was inserted. Furthermore, the last line indicates the number of rows our table has (21). To display the entire table, we can either enter all the column names or use a simpler form of the SELECT statement.
216
Some of you might recognize the in the above statement as the wildcard. Though we don't use that term for the character here, it serves a very similar function. The means 'ALL columns'. Thus, the above statement lists all the rows of all columns.
* *
Selecting f_name, l_name and age columns would display something like:
mysql> SELECT f_name, l_name, age from employee_data; +---------+------------+------+ | f_name | Manish | John | Ganesh | Mary | Fred | John | Edward | Alok | Hassan | Paul | Arthur | Kim | Roger | Danny | Mike | Monica | Hal | Joseph | l_name | Sharma | Hagan | Pillai | Anchor | Kruger | Sakamuro | Nanda | Rajabi | Simon | Hoopla | Hunter | Lewis | Gibson | Harper | Sehgal | Simlai | Irvine | age | | | | | | | | | | | | | | | | | | | +---------+------------+------+ 28 | 32 | 32 | 27 | 26 | 31 | 34 | 25 | 32 | 33 | 43 | 32 | 32 | 35 | 34 | 36 | 30 | 27 | 27 | 217
| Anamika | Pandit
| MacFarland |
| |
32 | 36 |
Now, we know that the conditions are optional (we've seen several examples in the last session... and you would have encountered them in the assignments too). The SELECT statement without conditions lists all the data in the specified columns. The strength of RDBMS lies in letting you retrieve data based on certain specified conditions. In this session we'll look at the SQL Comparison Operators.
This displays the first and last names of all employees whose first names are John. Note that the word John in the condition is surrounded by single quotes. You can also use double quotes. The quotes are important since MySQL will throw an error if they are missing. Also, MySQL comparisions are case insensitive; which means "john", "John" or even "JoHn" would work!
218
SELECT f_name,l_name from employee_data where title="Programmer"; +--------+------------+ | f_name | l_name | Fred | John | Alok | Kruger | | | | +--------+------------+ | MacFarland | | Nanda
| Edward | Sakamuro
Selects the first and last names of all employees who are programmers.
SELECT f_name, l_name from employee_data where age = 32; +---------+--------+ | f_name | John | Ganesh | Alok | Arthur | Kim | l_name | | Hagan | Nanda | | +---------+--------+ | Pillai | | Hoopla | | Hunter | |
| Shahida | Ali
This lists the first and last names of all empoyees 32 years of age. Remember that the column type of age was int, hence it's not necessary to surround 32 with quotes. This is a subtle difference between text and integer column types. The != means 'not equal to' and is the opposite of the equality operator.
219
Now, let's list all employees who have had less than 3 years of service in the company.
SELECT f_name, l_name from employee_data where yos < 3; +--------+----------+ | f_name | l_name | Mary | Anchor | | +--------+----------+
220
| Edward | Sakamuro | | Paul | Kim | Roger | Danny | Mike | Hal | Simon | Hunter | Lewis | Gibson | Harper | Simlai | | | | | | | | | Arthur | Hoopla
| Joseph | Irvine
16.14.4 The <= and >= operators for selecting MySQL data
Used primarily with integer data, the less than equal (<=) and greater than equal (>=)operators provide additional functionality.
select f_name, l_name, age, salary from employee_data where age >= 33; +--------+------------+------+--------+ | f_name | l_name | John | Paul | Roger | Danny | Mike | Peter | age | salary | 80000 | 90000 | 85000 | 90000 | +--------+------------+------+--------+ | MacFarland | | | | | | | | Simon | Lewis | Gibson | Harper | Champion 34 | 33 | 43 | 34 | | Hassan | Rajabi
Selects the names, ages and salaries of employees who are more than or equal to 33 years of age..
select f_name, l_name from employee_data where yos <= 2; +--------+----------+ Pakistan Computer Bureau 221
| f_name | l_name | Mary | Paul | Kim | Roger | Danny | Mike | Hal | Anchor | Simon | Hunter | Lewis | Gibson | Harper | Simlai
| | | | | | | | | |
| Joseph | Irvine
Displays employee names who have less than or equal to 2 years of service in the company.
What if we wanted to display employees whose first names begin with the alphabet J? SQL allows for some pattern matching with string data. Here is how it works.
Pakistan Computer Bureau 222
select f_name, l_name from employee_data where f_name LIKE "J%"; +--------+------------+ | f_name | l_name | John | John | Hagan | | | +--------+------------+ | MacFarland |
| Joseph | Irvine
You'll notice that we've replaced the Equal To sign with LIKE and we've used a percentage sign (%) in the condition. The % sign functions as a wildcard (similar to the usage of * in DOS and Linux systems). It signifies any character. Thus, "J%" means all strings that begin with the alphabet J. Similarly "%S" selects strings that end with S and "%H%", strings that contain the alphabet H. Okay, let's list all the employees that have Senior in their titles.
select f_name, l_name, title from employee_data where title like '%senior%'; +--------+--------+----------------------------+ | f_name | l_name | title | John | Kim | Mike | Hagan | Senior Programmer | | | | +--------+--------+----------------------------+ | Ganesh | Pillai | Senior Programmer | Hunter | Senior Web Designer
Listing all employees whose last names end with A is very simple
mysql> select f_name, l_name from employee_data where l_name like '%a'; +--------+--------+ | f_name | l_name | Pakistan Computer Bureau 223
+--------+--------+ | Manish | Sharma | | Alok | Nanda | | Arthur | Hoopla | +--------+--------+ 3 rows in set (0.00 sec)
Their usage is quite simple. Here is a SELECT statement that lists the names of employees who draw more than $70000 but less than $90000.
SELECT f_name, l_name from employee_data where salary > 70000 AND salary < 90000; +--------+------------+ | f_name | l_name | Mary | Fred | John | Paul | Anchor | Kruger | | | | | | | +--------+------------+
| MacFarland | | Simon
Let's display the last names of employees whose last names start with the alphabet S or A.
SELECT l_name from employee_data where
224
l_name like 'S%' OR l_name like 'A%'; +----------+ | l_name | Sharma | Anchor | Simon | Sehgal | Simlai | Ali | | | | | | | +----------+
| Sakamuro |
Okay here is a more complex example... listing the names and ages of employees whose last names begin with S or P and who are less than 30 years of age.
SELECT f_name, l_name , age from employee_data where (l_name like 'S%' OR l_name like 'A%') AND age < 30; +--------+----------+------+ | f_name | l_name | Manish | Sharma | Mary | Hal | Anchor | Simlai | age | | | | +--------+----------+------+ 28 | 26 | 25 | 27 |
| Edward | Sakamuro |
Note the usage of parenthesis in the statement above. The parenthesis are meant to separate the various logical conditions and remove any abiguity. The NOT operator helps in listing all non programmers. (Programmers include Senior programmers, Multimedia Programmers and Programmers).
225
SELECT f_name, l_name, title from employee_data where title NOT LIKE "%programmer%"; +---------+----------+----------------------------+ | f_name | Manish | Mary | Kim | Roger | Danny | Mike | Monica | Hal | Joseph | Peter | l_name | Sharma | Anchor | Hunter | Lewis | Gibson | Harper | Sehgal | Simlai | Irvine | title | CEO | Web Designer | Web Designer | Senior Web Designer | System Administrator | System Administrator | Marketing Executive | Marketing Executive | Marketing Executive | Customer Service Manager | | | | | | | | | | | | +---------+----------+----------------------------+ | Anamika | Pandit
| Shahida | Ali
A final example before we proceed to the assignments. Displaying all employees with more than 3 years or service and more than 30 years of age.
select f_name, l_name from employee_data where yos > 3 AND age > 30; +--------+------------+ | f_name | l_name | John | John | Peter | Hagan | | | | +--------+------------+ | Ganesh | Pillai | Champion
| MacFarland |
226
| System Administrator |
SQL also provides an easier method with IN. Its usage is quite simple.
SELECT f_name, l_name, title from -> employee_data where title -> IN ('Web Designer', 'System Administrator'); +---------+--------+----------------------+ | f_name | l_name | title | | | +---------+--------+----------------------+ | Anamika | Pandit | Web Designer | Mary | Roger | Danny | Anchor | Web Designer | Lewis
| System Administrator |
227
Suffixing NOT to IN will display data that is NOT found IN the condition. The following lists employees who hold titles other than Programmer and Marketing Executive.
SELECT f_name, l_name, title from -> employee_data where title NOT IN -> ('Programmer', 'Marketing Executive'); +---------+----------+----------------------------+ | f_name | Manish | John | Ganesh | Mary | Hassan | Paul | Arthur | Kim | Roger | Danny | Mike | Peter | l_name | Sharma | Hagan | Pillai | Anchor | Rajabi | Simon | Hoopla | Hunter | Lewis | Gibson | Harper | title | CEO | Senior Programmer | Senior Programmer | Web Designer | Web Designer | Multimedia Programmer | Multimedia Programmer | Multimedia Programmer | Senior Web Designer | System Administrator | System Administrator | Customer Service Manager | | | | | | | | | | | | | | +---------+----------+----------------------------+
| Anamika | Pandit
| Shahida | Ali
BETWEEN is employed to specify integer ranges. Thus instead of age >= 32 AND age <= 40, we can use age BETWEEN 32 and 40.
select f_name, l_name, age from -> employee_data where age BETWEEN -> 32 AND 40; +---------+------------+------+ | f_name | l_name | age | 228
+---------+------------+------+ | John | Ganesh | John | Alok | Hassan | Arthur | Kim | Roger | Danny | Mike | Peter | Hagan | Pillai | Nanda | Rajabi | Hoopla | Hunter | Lewis | Gibson | Harper | Champion | | | | | | | | | | | 32 | 32 | 34 | 32 | 33 | 32 | 32 | 35 | 34 | 36 | 32 | 36 |
| MacFarland |
| Shahida | Ali
You can use NOT with BETWEEN as in the following statement that lists employees who draw salaries less than $90000 and more than $150000.
select f_name, l_name, salary -> from employee_data where salary -> NOT BETWEEN -> 90000 AND 150000; +---------+------------+--------+ | f_name | Manish | Mary | Fred | John | Edward | Alok | Paul | Arthur | l_name | Sharma | Anchor | Kruger | Sakamuro | Nanda | Simon | Hoopla | salary | | 200000 | | | | | | | 85000 | 75000 | 80000 | 75000 | 70000 | 85000 | 75000 | +---------+------------+--------+
| MacFarland |
229
| Hal | Joseph
| Simlai | Irvine
| | |
| Shahida | Ali
| MacFarland | John
| Anamika |
| | | | |
| Anamika | Pandit
| Shahida | Ali
| MacFarland |
231
| | |
36 | 36 | 43 |
The ORDER BY clause can sort in an ASCENDING (ASC) or DESCENDING (DESC) order depending upon the argument supplied. To list employee first names in descending order, we'll use the statement below.
SELECT f_name from employee_data ORDER by f_name DESC; +---------+ | f_name | +---------+ | Shahida | | Roger | Peter | Paul | Monica | Mike | Mary | Manish | Kim | Joseph | John | John | Hassan | Hal | Ganesh | Fred | Edward | Danny | Arthur | | | | | | | | | | | | | | | | | |
| Anamika |
232
| Alok
These are the first five entries in our table. You can couple LIMIT with ORDER BY. Thus, the following displays the 4 senior most employees.
SELECT f_name, l_name, age from employee_data ORDER BY age DESC LIMIT 4; +--------+----------+------+ | f_name | l_name | age |
233
| Champion |
+--------+------------+
234
+----------------------------+
235
You'll notice that the display contains multiple occurences of certain data. The SQL DISTINCT clause lists only unique data. Here is how you use it.
select DISTINCT title from employee_data; +----------------------------+ | title | CEO | Customer Service Manager | Finance Manager | Marketing Executive | Multimedia Programmer | Programmer | Senior Programmer | Senior Web Designer | System Administrator | Web Designer 11 rows in set (0.00 sec) | | | | | | | | | | | +----------------------------+
+----------------------------+
This shows we have 11 unique titles in the company. Also, you can sort the unique entries using ORDER BY.
select DISTINCT age from employee_data ORDER BY age; +------+ | age | | | | | +------+ 25 | 26 | 27 | 28 |
236
| | | | | | | |
30 | 31 | 32 | 33 | 34 | 35 | 36 | 43 |
is often used with the COUNT aggregate function, which we'll meet in later sessions.
DISTINCT
237
16.22 Finding the average and sum 16.22.1 Totalling column values with MySQL SUM
The SUM() aggregate function calculates the total of values in a column. You require to give the column name, which should be placed inside parenthesis. Let's see how much Bignet spends on salaries.
select SUM(salary) from employee_data; +-------------+ | SUM(salary) | +-------------+ | 1997000 | +-------------+ 1 row in set (0.00 sec)
238
This shows a hidden gem of the SELECT command. You can add, subtract, multiply or divide values. Actually, you can write full blown arithemetic expressions. Cool!
This displays the average age of employees in Bignet and the following displays the average salary.
select avg(salary) from employee_data; +-------------+ | avg(salary) | +-------------+ | 95095.2381 | +-------------+ 1 row in set (0.00 sec)
239
Such pseudo names make will the display more clear to users. The important thing to remember here is that if you assign pseudo names that contain spaces, enclose the names in quotes. Here is another example:
select (SUM(perks)/SUM(salary) * 100) AS 'Perk Percentage' from employee_data; +-----------------+ | Perk Percentage | +-----------------+ | 19.53 | +-----------------+ 1 row in set (0.00 sec)
16.25 Counting
The COUNT() aggregate functions counts and displays the total number of entries. For example, to count the total number of entries in the table, issue the command below.
select COUNT(*) from employee_data; +----------+ | COUNT(*) |
240
As you have learnt, the * sign means "all data" Now, let's count the total number of employees who hold the "Programmer" title.
select COUNT(*) from employee_data where title = 'Programmer'; +----------+ | COUNT(*) | +----------+ | 4 | +----------+ 1 row in set (0.01 sec)
241
| |
+----------------------------+
You'll notice that this is similar to the usage of DISTINCT, which we encountered in a previous session. Okay, here is how you can count the number of employees with different titles.
select title, count(*) from employee_data GROUP BY title; +----------------------------+----------+ | title | CEO | Customer Service Manager | Finance Manager | Marketing Executive | Multimedia Programmer | Programmer | Senior Programmer | Senior Web Designer | System Administrator | Web Designer 11 rows in set (0.00 sec) | count(*) | | | | | | | | | | | 1 | 1 | 1 | 3 | 3 | 4 | 1 | 2 | 1 | 2 | 2 | +----------------------------+----------+
+----------------------------+----------+
For the command above, MySQL first groups different titles and then executes count on each group.
from employee_data GROUP BY title ORDER BY Number; +----------------------------+--------+ | title | CEO | Customer Service Manager | Finance Manager | Senior Web Designer | Senior Programmer | System Administrator | Web Designer | Marketing Executive | Multimedia Programmer | Programmer 11 rows in set (0.00 sec) | Number | | | | | | | | | | | 1 | 1 | 1 | 1 | 1 | 2 | 2 | 2 | 3 | 3 | 4 | +----------------------------+--------+
+----------------------------+--------+
243
+----------------------------+-------------+
Now, suppose you want to list only the departments where the average salary is more than $100000, you can't do it, even if you assign a pseudo name to AVG(salary) column. Here, the HAVING clause comes to our rescue.
select title, AVG(salary) from employee_data GROUP BY title HAVING AVG(salary) > 100000; +----------------------------+-------------+ | title | CEO | AVG(salary) | | 200000.0000 | +----------------------------+-------------+
244
| Finance Manager | Senior Programmer | Senior Web Designer 5 rows in set (0.00 sec)
+----------------------------+-------------+
245
246
Obviously you can provide pseudo names for these columns using AS.
select 'Manish Sharma' as Name; +---------------+ | Name | +---------------+ | Manish Sharma | +---------------+ 1 row in set (0.00 sec)
247
| John MacFarland | Edward Sakamuro | Alok Nanda 4 rows in set (0.00 sec)
| | |
+-----------------------------+
You can also give descriptive names to these columns using AS.
select CONCAT(f_name, " ", l_name) AS Name from employee_data where title = 'Marketing Executive'; +---------------+ | Name | +---------------+ | Monica Sehgal | | Hal Simlai | | Joseph Irvine | +---------------+ 3 rows in set (0.00 sec)
248
249
16.30.4 POWER(x,y)
Calculates the value of x raised to the power of y.
select POWER(4,3); +------------+ | POWER(4,3) | +------------+
250
64.000000 |
16.30.5 SQRT(x)
Calculates the square root of x.
select SQRT(3); +----------+ | SQRT(3) | +----------+ | 1.732051 | +----------+ 1 row in set (0.00 sec)
251
select ROUND(-12.773); +----------------+ | ROUND(-12.773) | +----------------+ | -13 | +----------------+ 1 row in set (0.00 sec) select ROUND(7.235651, 3); +--------------------+ | ROUND(7.235651, 3) | +--------------------+ | 7.236 | +--------------------+ 1 row in set (0.00 sec)
16.30.7 FLOOR(x)
Returns the largest integer that is less than or equal to x.
select FLOOR(23.544); +---------------+ | FLOOR(23.544) | +---------------+ | 23 | +---------------+ 1 row in set (0.00 sec) select FLOOR(-18.4); +--------------+ | FLOOR(-18.4) | +--------------+ | -19 | +--------------+ 1 row in set (0.00 sec)
252
16.30.8 CEILING(x)
Returns the smallest integer that is greater than or equal to x.
select CEILING(54.22); +----------------+ | CEILING(54.22) | +----------------+ | 55 | +----------------+ 1 row in set (0.00 sec) select CEILING(-62.23); +-----------------+ | CEILING(-62.23) | +-----------------+ | -62 | +-----------------+ 1 row in set (0.00 sec)
253
Obviously, like other SQL commands, you can type in in one line or multiple lines. Let's look at some examples. Bignet has been doing good business, the CEO increases his salary by $20000 and perks by $5000. His previous salary was $200000 and perks were $50000.
UPDATE employee_data SET salary=220000, perks=55000 WHERE title='CEO'; Query OK, 1 row affected (0.02 sec) Rows matched: 1 Changed: 1 Warnings: 0
You can test this out by listing the data in the table.
select salary, perks from employee_data WHERE title = 'CEO'; +--------+-------+ | salary | perks | +--------+-------+ | 220000 | 55000 | +--------+-------+ 1 row in set (0.00 sec)
254
Actually, you don't need to know the previous salary explicitly. You can be cheeky and use arithmetic operators. Thus, the following statement would have done the same job without us knowing the original data beforehand.
UPDATE employee_data SET salary = salary + 20000, perks = perks + 5000 WHERE title='CEO'; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0
Another progressive (???) step Bignet takes is changing the titles of Web Designer to Web Developer.
mysql> update employee_data SET -> title = 'Web Developer' -> WHERE title = 'Web Designer'; Query OK, 2 rows affected (0.00 sec) Rows matched: 2 Changed: 2 Warnings: 0
It's important that you take a long hard look at the condition part in the statement before executing update, else you might update the wrong data. Also, an UPDATE statement without conditions will update all the data in the column in all rows! Be very caferul.
+------------+------------------+------+-----+--------+-------+
255
| int(10) unsigned | | varchar(60) | int(11) | varchar(60) | YES | YES | YES | YES | YES | YES | YES | YES
| | | | | | | | |
| birth_date | date | | sex | | m_status | | s_name | | children | | enum('M','F') | enum('Y','N') | varchar(40) | int(11)
Notice that column birth_date has date as column type. we've also introduced another column type ENUM, which we'll discuss later. e-id: are employee ids, same as that in table employee_data address: Addresses of employees phone: Phone numbers p_email: Personal email addresses birth_date: Birth dates sex: The sex of the employee, Male or Female m_status: Marital status,Yes or No. s_name: Name of Spouse (NULL if employee is unmarried) children: Number of children (NULL if employee is unmarried) < MySQL of> MySQL dates are ALWAYS represented with the year followed by the month and then the date. Often you'll find dates written as YYYY-MM-DD, where YYYY is 4 digit year, MM is 2 digit month and DD, 2 digit date. We'll look at DATE and related column types in the session on column types.
256
Operations on Date
Date column type allow for several operations such as sorting, testing conditions using comparision operators etc.
Using = and != operators on dates
select p_email, phone from employee_per where birth_date = '1969-12-31'; +---------------------------+---------+ | p_email | phone | +---------------------------+---------+ | killeratlarge@elmmail.com | 6666666 | +---------------------------+---------+ 1 row in set (0.00 sec)
Note:
select e_id, birth_date from employee_per where birth_date >= '1970-01-01'; +------+------------+ | e_id | birth_date | +------+------------+ | | | | | | | 1 | 1972-03-16 | 4 | 1972-08-09 | 5 | 1974-10-13 | 8 | 1975-01-12 | 17 | 1970-04-18 | 18 | 1973-10-09 | 19 | 1973-01-20 |
257
+------+------------+ 6 rows in set (0.00 sec) select e_id, birth_date from employee_per where birth_date >= '1969-01-01' AND birth_date <= '1974-01-01'; +------+------------+ | e_id | birth_date | +------+------------+ | | | | | | 1 | 1972-03-16 | 4 | 1972-08-09 | 6 | 1969-12-31 | 17 | 1970-04-18 | 18 | 1973-10-09 | 19 | 1973-01-20 |
+------+------------+
258
16.34 MySQL programming - MySQL Date column type part 2 16.34.1 Using Date to sort data
select e_id, birth_date from employee_per ORDER BY birth_date; +------+------------+ | e_id | birth_date | +------+------------+ | | | | | | | | | | | | | | | | | | | | | 11 | 1957-11-04 | 16 | 1964-03-06 | 21 | 1964-06-13 | 14 | 1965-04-28 | 15 | 1966-06-23 | 7 | 1966-08-20 | 10 | 1967-07-06 | 20 | 1968-01-25 | 12 | 1968-02-15 | 2 | 1968-04-02 | 9 | 1968-05-19 | 13 | 1968-09-03 | 3 | 1968-09-22 | 6 | 1969-12-31 | 17 | 1970-04-18 | 1 | 1972-03-16 | 4 | 1972-08-09 | 19 | 1973-01-20 | 18 | 1973-10-09 | 5 | 1974-10-13 | 8 | 1975-01-12 |
+------+------------+
259
Be careful when using month names as they are case sensitive. Thus, January will work but JANUARY will not! Similarly, you can select employees born in a specific year or under specific dates. select e_id, birth_date from employee_per where year(birth_date) = 1972;
260
+------+------------+ 2 rows in set (0.00 sec) select e_id, birth_date from employee_per where DAYOFMONTH(birth_date) = 20; +------+------------+ | e_id | birth_date | +------+------------+ | | 7 | 1966-08-20 | 19 | 1973-01-20 |
Current dates We had seen in the session on SELECT statement that current date, month and year can be displayed with CURRENT_DATE argument to DAYOFMONTH(), MONTH() and YEAR() clauses, respectively. The same can be used to select data from tables. select e_id, birth_date from employee_per where MONTH(birth_date) = MONTH(CURRENT_DATE); +------+------------+ | e_id | birth_date | +------+------------+ | 8 | 1975-01-12 |
261
| |
19 | 1973-01-20 | 20 | 1968-01-25 |
The above lists ids and no. of children of all employees who have children.
Pakistan Computer Bureau 262
select CONCAT(f_name, " ", l_name) AS Name, s_name as 'Spouse Name' from employee_data, employee_per where m_status = 'Y' AND emp_id = e_id; +-----------------+-----------------+ | Name | Manish Sharma | John Hagan | Ganesh Pillai | Anamika Sharma | Alok Nanda | Paul Simon | Arthur Hoopla | Kim Hunter | Danny Gibson | Mike Harper | Monica Sehgal | Peter Champion | Spouse Name | Anamika Sharma | Jane Donner | Sandhya Pillai | Manish Sharma | Manika Nanda | Rina Brighton | Matt Shikari | Betty Cudly | Stella Stevens | Edgar Alan | Ruby Richer | | | | | | | | | | | | | +-----------------+-----------------+
| Muriel Lovelace |
263
The FROM clause takes the names of the two tables from which we plan to extract data. Also, we specify that data has to be retrieved for only those entries where the emp_id and e_id are same. The names of columns in the two tables are unique. However, this may not true always, in which case we can explicitly specify column names along with table name using the dot notation.
select CONCAT(employee_data.f_name, " ", employee_data.l_name) AS Name, employee_per.s_name AS 'Spouse Name' from employee_data, employee_per where employee_per.m_status = 'Y' AND employee_data.emp_id = employee_per.e_id; +-----------------+-----------------+ | Name | Manish Sharma | John Hagan | Ganesh Pillai | Anamika Sharma | Alok Nanda | Paul Simon | Arthur Hoopla | Kim Hunter | Danny Gibson | Mike Harper | Monica Sehgal | Peter Champion | Spouse Name | Anamika Sharma | Jane Donner | Sandhya Pillai | Manish Sharma | Manika Nanda | Rina Brighton | Matt Shikari | Betty Cudly | Stella Stevens | Edgar Alan | Ruby Richer | | | | | | | | | | | | | +-----------------+-----------------+
| Muriel Lovelace |
+-----------------+-----------------+
264
One of the Multimedia specialists 'Hasan Rajabi' (employee id 10) leaves the company. We'll delete his entry. DELETE from employee_data WHERE emp_id = 10; Query OK, 1 row affected (0.00 sec)
265
DROP TABLE employee_data; Query OK, 0 rows affected (0.01 sec) Now, we won't get this table in SHOW TABLES; listing
266
where x can range from 1 to 255. VARCHAR(x): x ranges from 1 - 255 TINYTEXT: small text, case insensitive TEXT: slightly longer text, case insensitive MEDIUMTEXT: medium size text, case insensitive LONGTEXT: really long text, case insensitive TINYBLOB: Blob means a Binary Large OBject. You should use blobs for case sensitive searches. BLOB: slightly larger blob, case sensitive. MEDIUMBLOB: medium sized blobs, case sensitive. LONGBLOB: really huge blobs, case sensitive. ENUM: Enumeration data type have fixed values and the column can take only one value from the given set. The values are placed in parenthesis following ENUM declaration. An example, is the marital status column we encountered in employee_per table.
CHAR(x):
Thus, m_status column will take only Y or N as values. If you specify any other value with the INSERT statement, MYSQL will not return an error, it just inserts a NULLvalue in the column. SET: An extension of ENUM. Values are fixed and placed after the SET declaration; however, SET columns can take multiple values from the values provided. Consider a column with the SET data type as
Pakistan Computer Bureau 267
"Computing")
You can have 0 or all the four values in the column. INSERT tablename (hobbies) values ("Surfing", "Computing");
268
Training Schedule Linux System Administrator Training Course Duration: 8 Weeks Working Days: 48
Day 1,2 Steps to Get You Started Is Your Hardware Compatible? Do You Have Enough Disk Space? Can You Install Using the CD-ROM or DVD Alternative Boot Methods Making an Installation Boot CD-ROM Preparing for a Hard Drive Installation Day 3,4,5,6 Installing on Intel and AMD Systems The Graphical Installation Program User Interface A Note about Virtual Consoles The Text Mode Installation Program User Interface Using the Keyboard to Navigate Starting the Installation Program Booting the Installation Program on x86, AMD64, and 64 Systems Booting the Installation Program on Itanium Systems Additional Boot Options Selecting an Installation Method Installing from DVD/CD-ROM What If the IDE CD-ROM Was Not Found? Installing from a Hard Drive Welcome to Red Hat Enterprise Linux Language Selection Keyboard Configuration Enter the Installation Number Disk Partitioning Setup Advanced Storage Options Create Default Layout Partitioning Your System
269
Intel
Graphical Display of Hard Drive(s) Disk Druid's Buttons Partition Fields Recommended Partitioning Scheme Adding Partitions Editing Partitions Deleting a Partition x86, AMD64, and Intel 64 Boot Loader Configuration Advanced Boot Loader Configuration Rescue Mode Alternative Boot Loaders SMP Motherboards and GRUB Time Zone Configuration Set Root Password Package Group Selection Preparing to Install Prepare to Install Installing Packages Installation Complete Itanium Systems - Booting Your Machine and PostInstallation Setup Post-Installation Boot Loader Options Booting Red Hat Enterprise Linux Automatically Day 7 Removing Red Hat Enterprise Linux Day 8,9,10 Troubleshooting Installation on an Intel or AMD System You are Unable to Boot Red Hat Enterprise Linux Are You Unable to Boot With Your RAID Card? Is Your System Displaying Signal 11 Errors? Trouble Beginning the Installation Problems with Booting into the Graphical Installation Trouble During the Installation No devices found to install Red Hat Enterprise Linux Error Message Saving Traceback Messages Without a Diskette Drive
270
Trouble with Partition Tables Using Remaining Space Other Partitioning Problems Other Partitioning Problems for Itanium System Users Are You Seeing Python Errors? Problems After Installation Trouble With the Graphical GRUB Screen on an x86-based System? Booting into a Graphical Environment Problems with the X Window System (GUI) Problems with the X Server Crashing and Non-Root Users Problems When You Try to Log In Is Your RAM Not Being Recognized? Your Printer Does Not Work Problems with Sound Configuration Apache-based httpd service/Sendmail Hangs During Startup Day 11,12,13 The GRUB Boot Loader Boot Loaders and System Architecture GRUB GRUB and the x86 Boot Process Features of GRUB Installing GRUB GRUB Terminology Device Names File Names and Block lists The Root File System and GRUB GRUB Interfaces Interfaces Load Order Commands GRUB Menu Configuration File Configuration File Structure Configuration File Directives Changing Run levels at Boot Time
271
Additional Resources Installed Documentation Useful Websites Day 14,15,16 Swap Space
What is Swap Space? Adding Swap Space Extending Swap on an LVM2 Logical Volume Creating an LVM2 Logical Volume for Swap Creating a Swap File. Removing Swap Space Reducing Swap on an LVM2 Logical Volume Removing an LVM2 Logical Volume for Swap Removing a Swap File Moving Swap Space
Finding RPM Packages Installing Uninstalling Upgrading Freshening Querying Verifying Checking a Package's Signature Importing Keys Verifying Signature of Packages Practical and Common Examples of RPM Usage Additional Resources Installed Documentation Useful Websites Related Books
Common NFS Mount Options Starting and Stopping NFS NFS Server Configuration Exporting or Sharing NFS File Systems Command Line Configuration Hostname Formats The /etc/exportsConfiguration File The exportfsCommand
273
Securing NFS Host Access File Permissions NFS and portmap Troubleshooting NFS and portmap Using NFS over TCP Additional Resources Installed Documentation Useful Websites Related Books
Day 43,44,45
MySql
What is SQL Why MySQL What are databases and why do we need them? Downloading MySQL Installing MySQL on Linux Creating MySQL database on Linux system Creating tables Using a database Creating tables MySQL lesson - MySQL tables MySQL Table details - describe table command
275
Inserting data in MySQL tables Querying MySQL tables Querying tables with MySQL Select - Another example Ordering data Limiting data retrieval Extracting Subsets The DISTINCT keyword Finding the minimum and maximum values MySQL MIN () - Minimum value MySQL MAX () - Maximum value Finding the average and sum MySQL AVG() - Finding the Average Naming Columns Counting The MySQL GROUP BY clause Sorting the data in MySQL HAVING clause A little more on the MySQL SELECT statement MySQL programming - MySQL mathematical Functions Updating records MySQL Date column type part 1 Specifying date ranges in MySQL MySQL programming - MySQL Date column type part 2 Null column type MySQL manual - MySQL table joins Deleting entries from tables Dropping tables MySQL database Column Types MySQL Numeric Column Types Column Types part 2