From the Publisher

What is this book about?

Professional Red Hat Enterprise Linux 3 is a complete professional guide to setting up, configuring, and deploying Red Hat Enterprise Linux in the corporate production environment. The book focuses on Enterprise Server and Advanced Server features, including the key areas of high availability with the Red Hat Cluster Suite, Red Hat Network Control Center, and Red Hat Enterprise applications such as the Content Management System and portal server. Other key unique features include kernel tuning for various performance profiles; advanced Apache configuration; Tux installation/maintenance; building high-performance FTP servers; building high-performance mail servers (which means replacing Sendmail); Mailing list management; how to efficiently add, remove, or modify 100 users at the same time; and a discussion of disk quota management and monitoring.

What does this book cover?

The key features of the book include the following:

• How to install and setup RHEL 3
• How to deploy RHEL 3 in production environment
• How to manage an RHEL system using Perl and shell scripting
• Advanced administration tools
• How to use Red Hat network service
• Details on installation and setup of security tools
• Ability to use and deploy High Availability solutions provided with RHEL 3
• Performance tuning
• How to use monitoring tools
• Ability to use RHEL to provide scalable infrastructure solutions.

Product Details

• Table of Contents
• Read a Sample Chapter

Table of Contents

Read a Sample Chapter

Professional Red Hat Enterprise Linux 3

John Wiley & Sons

Chapter One

This chapter discusses some of the basics of Red Hat Enterprise Linux 3 (RHEL 3). RHEL 3 is an enterprise-class Linux distribution that provides security, stability, and may different choices in tools and applications.

The basics of using RHEL 3 includes doing such tasks as file and user management. These tasks will be crucial in the day-to-day use and maintenance of RHEL 3. Other tasks, such as listing the running processes and available resources, are important in keeping a system running once it has been set up and configured.

The topics discussed in this chapter are:

How to use nested desktop sessions

How to use GConf

Virtual terminals and applications used for GUI terminals when using the desktop

* Basic overview of the shells installed with RHEL 3 and coverage of some of the features and topics that will be used later in this chapter

* The configuration of hardware, including detecting hardware and running utilities to use kernel modules for hardware

* Text editors, Internet browsers, Nautilus, and the GNOME help system

* Viewing the system logs, system performance, and disk management

* Managing users both through the command line and with GUI utilities

* Copying, moving, deleting, and renaming files with Nautilus and by using the command line

* Using the GUI and terminal to monitor processes running on the server

Desktop Overview

A Linux desktop environment includes a graphical server, a windowing environment, a session manager, and the applications that run within the rest of the desktop environment. The GNU Network Object Model Environment (GNOME) and K Desktop Environment (KDE) are collections of all of these things running together to generate what a user experiences as one cohesive desktop environment.

GNOME and KDE are two popular desktop environments and are based on the GIMP Toolkit (GTK) and Qt widget sets, respectively. The desktop environment that a user prefers is usually a matter of experience and taste If you were to go to a newsgroup and post the question, "Which is better, GNOME or KDE?" you'd have to don a flame-retardant suit for the heated debate that would ensue. Depending on the settings of each, GNOME and KDE applications can look wildly different from one another, because the font and color settings for the GNOME environment don't have any affect on KDE applications, and vice versa.

To simplify look-and-feel issues, RHEL 3 layers a set of themes called Bluecurve over each desktop environment, using the same fonts and colors for KDE and Gnome.

GNOME

The default desktop environment for RHEL 3 is the GNOME desktop environment. GNOME is based on the GTK tool kit, which is a GNU toolkit used for drawing the elements of the windows. GNOME is from stem to stern an entirely open source project and is distributed under the GNU license. It runs on many other platforms in addition to RHEL 3, including FreeBSD, Mac OS X, and commercial Unix software such as Solaris.

The graphical server on which the rest of the GNOME environment runs is XFree86 server. The XFree86 server is discussed in more detail in the XFree86 section later in this chapter.

Configuring GDM

GNOME Display Manager (GDM) provides a mechanism to authenticate users with a graphical login that uses the look and feel of GNOME. Depending on how GDM is configured, users can even start up different desktop environments, such as KDE. Administrators and experienced users can also configure GDM to support a variety of security policies and appearances.

To launch the configuration utility for GDM, click System Settings [right arrow] Login Screen (the command name is gdmsetup). If you are not logged into the desktop as the root user, you will be prompted for the root password before the configuration utility opens. The configuration utility opens in a window with five tabs: General, Standard Greeter, Graphical Greeter, Security, and XCDMCP.

Under the General tab, there is a section for selecting the Greeter and for setting up automatic logins. The Greeter is the screen that is displayed when prompting a user to log in. The standard greeter displays a plain login window on a colored background. The graphical greeter has images and uses different fonts, and themes can be downloaded and installed for the graphical greeter. Automatic logins and timed logins enable a user to be logged into the desktop when a server is started. However, this is not desirable in most server environments; it poses a security risk by bypassing the login mechanism.

Automatic logins allow the server to log into a session of the desktop when the computer is booted or restarted. This behavior could be convenient for terminals or kiosks where a restricted user is automatically logged in if the machine is restarted. However, automatically logging in as the root user is not a good idea, because it allows anyone with physical access to do anything as root. The automatic login will not even present the GDM screens-the desktop will log in automatically once the server is started.

Timed logins are like automatic logins because they log a user in to a desktop session upon startup or the rebooting of a server. However, the Timed Login feature pauses for the number of seconds given in the configuration before logging the user in to a desktop session.

Using Nested Sessions

A command called gdmflexiserver allows users to log in as other users in a new, smaller window that is nested inside the main desktop. To log in as a different user in a nested window, type:

# gdmflexiserver -xnest

This command will open a new, nested window that displays the GDM login. The -xnest parameter tells gdmflexiserver to nest the new session in the existing one. You can log into this screen as a different user to use the desktop exactly as the user would experience it. It is very important to avoid logging in as the same user who is using the main window. For instance, if you are logged in as jdoe in the main desktop, do not log in as jdoe in the nested window. The login process will allow you to do it, but you will encounter some serious issues as applications start up.

Nested login sessions can be used to debug issues that a specific user is experiencing in his or her environment. The nested session will use user's home directories and files just as it would if the login were not nested. When you are finished, use Actions [right arrow] Log Out to log out of the session. The nested window will then close.

Using GConf

GConf is an application that allows system administrators to set up preferences for the GNOME desktop environment without having to edit configuration files. GConf also can send signals to applications when a configuration value has been modified.

GConf allows administrators to have fine-grained control over the desktop environments by allowing preference keys to have mandatory and default values that can be defined by the administrator. When the administrator sets a mandatory value on a preference, a user cannot change the preference; however, a default value can be changed by a user.

There are so many configuration keys in the GConf repository that there is not enough room to go over them here. However, the keys can be listed by using the command-line gconftool-2 utility with the -recursive-list option. For example, to open a terminal and at the command line, type:

# gconftool-2 -recursive-list /apps

This command will list all of the keys and subdirectories that are underneath the /apps directory. A much shorter list that contains only the first level of subdirectories can be listed by using the -all-dirs parameter instead of the -recursive-list parameter:

# gconftool-2 -all-dirs /apps

The configuration keys contain the configuration of the overall GNOME desktop and of various GNOME applications.

As an administrator, you might not want users to be able to view hidden files with Nautilus, the default file manager for GNOME. Hidden files are files and directories that either begin with a dot (.) or are listed in the directory's .hidden file. The configuration key that Nautilus reads is /desktop/gnome/ file_views/show_hidden_files in order to determine whether or not to display hidden files. Setting the value of this key to true will tell Nautilus to show all files; setting this value to false tells Nautilus not to display hidden files. The configuration value can be set by using the gconftool-2 command, but before making any changes to the GConf repository make sure that all users are logged out of GNOME and that the gconfd-2 daemon is not running. After the gconfd-2 daemon has been shut down, type the following at the command line:

# gconftool-2 -direct -config-source xml:readwrite:/etc/gconf/gconf.xml .mandatory -type bool -set /desktop/gnome/file_views/show_hidden_files false

The -direct parameter tells gconftool-2 to access the configuration database directly, without going through the server. The -config-source parameter allows a configuration file to be defined, which in this case is xml:readwrite:/etc/gconf/gconf.xml.mandatory. The type of the value is set by -type bool, and finally the key is set by -set /desktop/gnome/file_views/ show_hidden_files false, where /desktop/gnome/file_views/show_hidden_files is the key to be set and false is the value to which the key is set.

The graphical GConf repository editor is the Configuration Editor, which can be found in the Applications [right arrow] System Tools menu; it will remind MicrosoftWindows administrators of the regedit utility. It should be used with the same care, since making mistakes or being careless with this tool can cause some serious issues with the GNOME desktop environment. A few additional touches that make this tool nice to use is the ability to bookmark keys so that they can easily be referenced later. Also, there is built-in documentation for the keys and preferences that describes how keys are used.

The graphical GConf editor can also be started by using the gconf-editor command at the command line.

More Information

More information about the GNOME desktop environment can be found at gnome.org.

XFree86

The desktop environments use an X server to draw the components on the screen and to get input from devices such as pointers and keyboards. The X server software that comes with RHEL 3 is from the XFree86 project. The XFree86 software is network-transparent, which means that the desktop can run applications over the network without any additional software. More about running applications over a network is discussed in the "Exporting a display" section.

Configuration

If a desktop environment was selected during the installation of RHEL 3, XFree86 should already be configured and ready to go after you select the system's hardware configuration, such as the monitor, graphics card, keyboard, and mouse. Occasionally, the configuration is not completed properly or does not function properly, which might lead to XFree86 not starting. If XFree86 cannot start, the desktop environment will be unavailable. There are four ways to configure XFree86. The first two ways are to run either the xf86configure or xf86cfg utility on the command line. The third method of configuring the server is to type XFree86 -configure on the command line.

Finally, the display sections of XFree86 can be configured using the redhat-config-xfree86 command or by using the System Settings [right arrow] Display menu item to start redhat-config-xfree86. This tool allows the configuration of the display resolution, monitor settings, and video card settings. For configuring the mouse, use System Settings [right arrow] Mouse.

More Information

For more documentation on the XFree86 project, see xfree86.org.

Exporting a Display

A very useful feature of the XFree86 project is that it is a network-based X server. That means that any GUI application using XFree86 can be displayed back to a different host, network and host security settings permitting. This is often referred to as exporting a display-the actual display of an application isexported from one computer to another. Every X-enabled application, when launched, looks to the DISPLAY variable to see if the variable is set to anything aside from localhost or blank. If the DISPLAY variable is set to the name or IP address of another server, or host, the application attempts to display itself on the client identified by the DISPLAY variable. The application is executed on the server on which it was invoked, but is displayed on the client. For information about setting and unsetting the DISPLAY variable, see "Bash Shell Basics" later in this chapter.

xhost

The xhost command can be used to grant or revoke permissions for remote servers (systems) to display X applications on the client on which xhost is run. The xhost command adds and subtracts hosts to and from an access list that controls which remote hosts can generate a display on the local client. The access list prevents unauthorized access so that remote hosts cannot display applications on a local client.

The xhost command can take a + as a parameter without specifying an IP address, which tells the X server to accept connections from any host. Unless you have really good reasons for doing this-being lazy not among them-making your X client so promiscuous is not a good idea.

To run an application on a server named remote server but display it on a server named local.server, set up the access list on local.server by typing as a manual user:

# xhost +remote.server

Secure Shell (ssh)

Because of security concerns, ssh is installed rather than Telnet by default in RHEL 3. The ssh client also supports exporting displays, with the added bonus of sending the data over an encrypted connection. The ssh client forwards the application display when the -X parameter is used with ssh to connect to a remote server.

Troubleshooting

Even if a client has been configured to allow connections using xhost, other settings may prevent it from being able to display remote applications. A client must be listening on a TCP port (by default port 6000) to display an exported application, and that port must not be blocked by a firewall.

The /etc/X11/gdm/gdm.conf file is a configuration file that tells X how to start. The command variable in the file is set to the command that is used to start the X server. When the X server is started, one of the optional commands is -nolisten tcp, which tells X to not listen on a TCP port.

Continues...

---

Excerpted from Professional Red Hat Enterprise Linux 3 by Kapil Sharma Mohammed J. Kabir Peter C. Norton Nathan Good Tony Steidler-Dennison Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

---