Oracle® Linux

Administrator's Guide for Release 6

Oracle Legal Notices

E41138-12

September 2014

Abstract

This manual provides an introduction to administering various features of Oracle Linux systems.

Document generated on: 2014-09-10 (revision: 2251)


Table of Contents

Preface
I System Configuration
1 The Unbreakable Linux Network
1.1 About the Unbreakable Linux Network
1.2 About ULN Channels
1.3 About Software Errata
1.4 Registering as a ULN User
1.5 Registering an Oracle Linux 6 or Oracle Linux 7 System
1.6 Registering an Oracle Linux 4 or Oracle Linux 5 System
1.7 Configuring an Oracle Linux 5 System to Use yum with ULN
1.8 Disabling Package Updates
1.9 Subscribing Your System to ULN Channels
1.10 Browsing and Downloading Errata Packages
1.11 Downloading Available Errata for a System
1.12 Updating System Details
1.13 Deleting a System
1.14 About CSI Administration
1.14.1 Becoming a CSI Administrator
1.14.2 Listing Active CSIs and Transferring Their Registered Servers
1.14.3 Listing Expired CSIs and Transferring Their Registered Servers
1.14.4 Removing a CSI Administrator
1.15 Switching from RHN to ULN
1.16 For More Information About ULN
2 Yum
2.1 About Yum
2.2 Yum Configuration
2.2.1 Configuring Use of a Proxy Server
2.2.2 Yum Repository Configuration
2.3 Downloading the Oracle Public Yum Repository Files
2.4 Using Yum from the Command Line
2.5 Yum Groups
2.6 Installing and Using the Yum Security Plugin
2.7 Switching CentOS or Scientific Linux Systems to Use the Oracle Public Yum Server
2.8 Creating and Using a Local ULN Mirror
2.8.1 Prerequisites for the Local ULN Mirror
2.8.2 Setting up a Local ULN Mirror
2.8.3 ULN Mirror Configuration
2.8.4 Updating the Repositories on a Local ULN Mirror
2.8.5 Configuring yum on a Local ULN Mirror
2.8.6 Configuring Oracle Linux Yum Clients of a Local ULN Mirror
2.9 Creating a Local Yum Repository Using an ISO Image
2.10 Setting up a Local Yum Server Using an ISO Image
2.11 For More Information About Yum
3 Ksplice Uptrack
3.1 About Ksplice Uptrack
3.1.1 Supported Kernels
3.2 Registering to Use Ksplice Uptrack
3.3 Installing Ksplice Uptrack
3.4 Configuring Ksplice Uptrack
3.5 Managing Ksplice Updates
3.6 Patching and Updating Your System
3.7 Removing the Ksplice Uptrack software
3.8 About Ksplice Offline Client
3.8.1 Modifying a Local Yum Server to Act as a Ksplice Mirror
3.8.2 Configuring Ksplice Offline Clients
3.9 For More Information About Ksplice Uptrack
4 Boot Configuration
4.1 About the Boot Process
4.2 About the GRUB Boot Loader
4.2.1 About the GRUB Configuration File
4.2.2 Configuring a GRUB Password
4.2.3 Using GRUB
4.3 About Run Levels
4.3.1 Displaying the Run Level
4.3.2 Changing the Run Level
4.3.3 Shutting down the System
4.3.4 About Service Scripts
4.3.5 About the Service Configuration GUI
4.3.6 Starting and Stopping Services
4.3.7 Configuring Services to Start at Different Run Levels
5 System Configuration Settings
5.1 About /etc/sysconfig Files
5.2 About the /proc Virtual File System
5.2.1 Virtual Files and Directories Under /proc
5.2.2 Changing Kernel Parameters
5.2.3 Parameters that Control System Performance
5.2.4 Parameters that Control Kernel Panics
5.3 About the /sys Virtual File System
5.3.1 Virtual Directories Under /sys
6 Kernel Modules
6.1 About Kernel Modules
6.2 Listing Information about Loaded Modules
6.3 Loading and Unloading Modules
6.4 About Module Parameters
6.5 Specifying Modules to be Loaded at Boot Time
7 Device Management
7.1 About Device Files
7.2 About the Udev Device Manager
7.3 About Udev Rules
7.4 Querying Udev and Sysfs
7.5 Modifying Udev Rules
8 Task Management
8.1 About Automating Tasks
8.2 Configuring cron Jobs
8.2.1 Controlling Access to Running cron Jobs
8.3 Configuring anacron Jobs
8.4 Running One-time Tasks
8.4.1 Changing the Behavior of Batch Jobs
9 System Monitoring and Tuning
9.1 About sosreport
9.1.1 Configuring and Using sosreport
9.2 About System Performance Tuning
9.2.1 About Performance Problems
9.2.2 Monitoring Usage of System Resources
9.2.3 Using the Graphical System Monitor
9.2.4 About OSWatcher Black Box
10 System Dump Analysis
10.1 About Kdump
10.1.1 Configuring and Using Kdump
10.1.2 Files Used by Kdump
10.1.3 Using Kdump with OCFS2
10.1.4 Using Kdump with a System Hang
10.2 Using the crash Debugger
10.2.1 Installing the crash Packages
10.2.2 Running crash
10.2.3 Kernel Data Structure Analysis Commands
10.2.4 System State Commands
10.2.5 Helper Commands
10.2.6 Session Control Commands
10.2.7 Guidelines for Examining a Dump File
II Networking and Network Services
11 Network Configuration
11.1 About Network Interfaces
11.2 About Network Configuration Files
11.2.1 /etc/hosts
11.2.2 /etc/nsswitch.conf
11.2.3 /etc/resolv.conf
11.2.4 /etc/sysconfig/network
11.3 Command-line Network Configuration Interfaces
11.4 Configuring Network Interfaces Using Graphical Interfaces
11.5 Configuring Network Interface Bonding
11.5.1 Using ifenslave to Create Bonded Interfaces
11.6 Configuring VLANs with Untagged Data Frames
11.6.1 Using vconfig to Create VLAN Devices
11.7 Configuring Network Routing
12 Network Address Configuration
12.1 About the Dynamic Host Configuration Protocol
12.2 Configuring a DHCP Server
12.3 Configuring a DHCP Client
12.4 About Network Address Translation
13 Name Service Configuration
13.1 About DNS and BIND
13.2 About Types of Name Servers
13.3 About DNS Configuration Files
13.3.1 /etc/named.conf
13.3.2 About Resource Records in Zone Files
13.3.3 About Resource Records for Reverse-name Resolution
13.4 Configuring a Name Server
13.5 Administering the Name Service
13.6 Performing DNS Lookups
14 Web Service Configuration
14.1 About the Apache HTTP Server
14.2 Installing the Apache HTTP Server
14.3 Configuring the Apache HTTP Server
14.4 Testing the Apache HTTP Server
14.5 Configuring Apache Containers
14.5.1 About Nested Containers
14.6 Configuring Apache Virtual Hosts
15 Email Service Configuration
15.1 About Email Programs
15.2 About Email Protocols
15.2.1 About SMTP
15.2.2 About POP and IMAP
15.3 About the Postfix SMTP Server
15.4 About the Sendmail SMTP Server
15.4.1 About Sendmail Configuration Files
15.5 Forwarding Email
15.6 Configuring a Sendmail Client
III Storage and File Systems
16 Storage Management
16.1 About Disk Partitions
16.1.1 Managing Partition Tables Using fdisk
16.1.2 Managing Partition Tables Using parted
16.1.3 Mapping Partition Tables to Devices
16.2 About Swap Space
16.2.1 Viewing Swap Space Usage
16.2.2 Creating and Using a Swap File
16.2.3 Creating and Using a Swap Partition
16.2.4 Removing a Swap File or Swap Partition
16.3 About Logical Volume Manager
16.3.1 Initializing and Managing Physical Volumes
16.3.2 Creating and Managing Volume Groups
16.3.3 Creating and Managing Logical Volumes
16.4 About Software RAID
16.4.1 Creating Software RAID Devices
16.5 Creating Encrypted Block Devices
16.6 About iSCSI Storage
16.6.1 Configuring an iSCSI Target
16.6.2 Configuring an iSCSI Initiator
16.6.3 Updating the Discovery Database
16.7 About Device Multipathing
16.7.1 Configuring Multipathing
17 File System Administration
17.1 Making File Systems
17.2 Mounting File Systems
17.2.1 About Mount Options
17.3 About the File System Mount Table
17.4 Configuring the Automounter
17.5 Mounting a File Containing a File System Image
17.6 Creating a File System on a File
17.7 Checking and Repairing a File System
17.7.1 Changing the Frequency of File System Checking
17.8 About Access Control Lists
17.8.1 Configuring ACL Support
17.8.2 Setting and Displaying ACLs
17.9 About Disk Quotas
17.9.1 Enabling Disk Quotas on File Systems
17.9.2 Assigning Disk Quotas to Users and Groups
17.9.3 Setting the Grace Period
17.9.4 Displaying Disk Quotas
17.9.5 Enabling and Disabling Disk Quotas
17.9.6 Reporting on Disk Quota Usage
17.9.7 Maintaining the Accuracy of Disk Quota Reporting
18 Local File System Administration
18.1 About Local File Systems
18.2 About the Btrfs File System
18.3 Creating a Btrfs File System
18.4 Modifying a Btrfs File System
18.5 Compressing and Defragmenting a Btrfs File System
18.6 Resizing a Btrfs File System
18.7 Creating Subvolumes and Snapshots
18.7.1 Cloning Virtual Machine Images and Linux Containers
18.8 Using the Send/Receive Feature
18.8.1 Using Send/Receive to Implement Incremental Backups
18.9 Using Quota Groups
18.10 Replacing Devices on a Live File System
18.11 Creating Snapshots of Files
18.12 Converting an Ext2, Ext3, or Ext4 File System to a Btrfs File System
18.12.1 Converting a Non-root File System
18.12.2 Converting the root File System
18.12.3 Mounting the Image of the Original File System
18.12.4 Deleting the Snapshot of the Original File System
18.12.5 Recovering an Original Non-root File System
18.13 Installing a Btrfs root File System
18.13.1 Setting up a New NFS Server
18.13.2 Configuring an Existing NFS Server
18.13.3 Setting up a New HTTP Server
18.13.4 Configuring an Existing HTTP Server
18.13.5 Setting up a Network Installation Server
18.13.6 Installing from a Network Installation Server
18.13.7 About the Installation root File System
18.13.8 Creating Snapshots of the root File System
18.13.9 Mounting Alternate Snapshots as the root File System
18.13.10 Deleting Snapshots of the root File System
18.14 Converting a Non-root Ext2 File System to Ext3
18.15 Converting a root Ext2 File System to Ext3
18.16 Creating a Local OCFS2 File System
18.17 About the XFS File System
18.17.1 About External XFS Journals
18.17.2 About XFS Write Barriers
18.17.3 About Lazy Counters
18.18 Installing the XFS Packages
18.19 Creating an XFS File System
18.20 Modifying an XFS File System
18.21 Growing an XFS File System
18.22 Freezing and Unfreezing an XFS File System
18.23 Setting Quotas on an XFS File System
18.23.1 Setting Project Quotas
18.24 Backing up and Restoring XFS File Systems
18.25 Defragmenting an XFS File System
18.26 Checking and Repairing an XFS File System
19 Shared File System Administration
19.1 About Shared File Systems
19.2 About NFS
19.2.1 Configuring an NFS Server
19.2.2 Mounting an NFS File System
19.3 About Samba
19.3.1 Configuring a Samba Server
19.3.2 About Samba Configuration for Windows Workgroups and Domains
19.3.3 Accessing Samba Shares from a Windows Client
19.3.4 Accessing Samba Shares from an Oracle Linux Client
20 Oracle Cluster File System Version 2
20.1 About OCFS2
20.2 Installing and Configuring OCFS2
20.2.1 Preparing a Cluster for OCFS2
20.2.2 Configuring the Firewall
20.2.3 Configuring the Cluster Software
20.2.4 Creating the Configuration File for the Cluster Stack
20.2.5 Configuring the Cluster Stack
20.2.6 Configuring the Kernel for Cluster Operation
20.2.7 Starting and Stopping the Cluster Stack
20.2.8 Creating OCFS2 volumes
20.2.9 Mounting OCFS2 Volumes
20.2.10 Querying and Changing Volume Parameters
20.3 Troubleshooting OCFS2
20.3.1 Recommended Tools for Debugging
20.3.2 Mounting the debugfs File System
20.3.3 Configuring OCFS2 Tracing
20.3.4 Debugging File System Locks
20.3.5 Configuring the Behavior of Fenced Nodes
20.4 Use Cases for OCFS2
20.4.1 Load Balancing
20.4.2 Oracle Real Application Cluster (RAC)
20.4.3 Oracle Databases
20.5 For More Information About OCFS2
IV Authentication and Security
21 Authentication Configuration
21.1 About Authentication
21.2 About Local Oracle Linux Authentication
21.2.1 Configuring Local Access
21.2.2 Configuring Fingerprint Reader Authentication
21.2.3 Configuring Smart Card Authentication
21.3 About IPA
21.3.1 Configuring IPA
21.4 About LDAP Authentication
21.4.1 About LDAP Data Interchange Format
21.4.2 Configuring an LDAP Server
21.4.3 Replacing the Default Certificates
21.4.4 Creating and Distributing Self-signed CA Certificates
21.4.5 Initializing an Organization in LDAP
21.4.6 Adding an Automount Map to LDAP
21.4.7 Adding a Group to LDAP
21.4.8 Adding a User to LDAP
21.4.9 Adding Users to a Group in LDAP
21.4.10 Enabling LDAP Authentication
21.5 About NIS Authentication
21.5.1 About NIS Maps
21.5.2 Configuring an NIS Server
21.5.3 Adding User Accounts to NIS
21.5.4 Enabling NIS Authentication
21.6 About Kerberos Authentication
21.6.1 Configuring a Kerberos Server
21.6.2 Configuring a Kerberos Client
21.6.3 Enabling Kerberos Authentication
21.7 About Pluggable Authentication Modules
21.7.1 Configuring Pluggable Authentication Modules
21.8 About the System Security Services Daemon
21.8.1 Configuring an SSSD Server
21.9 About Winbind Authentication
21.9.1 Enabling Winbind Authentication
22 Local Account Configuration
22.1 About User and Group Configuration
22.2 Changing Default Settings for User Accounts
22.3 Creating User Accounts
22.3.1 About umask and the setgid and Restricted Deletion Bits
22.4 Locking an Account
22.5 Modifying or Deleting User Accounts
22.6 Creating Groups
22.7 Modifying or Deleting Groups
22.8 Configuring Password Ageing
22.9 Granting sudo Access to Users
23 System Security Administration
23.1 About System Security
23.2 Configuring and Using SELinux
23.2.1 About SELinux Administration
23.2.2 About SELinux Modes
23.2.3 Setting SELinux Modes
23.2.4 About SELinux Policies
23.2.5 About SELinux Context
23.2.6 About SELinux Users
23.2.7 Troubleshooting Access-Denial Messages
23.3 About Packet-filtering Firewalls
23.3.1 Controlling the Firewall Service
23.3.2 Listing Firewall Rules
23.3.3 Inserting and Replacing Rules in a Chain
23.3.4 Deleting Rules in a Chain
23.3.5 Saving Rules
23.4 About TCP Wrappers
23.5 About chroot Jails
23.5.1 Running DNS and FTP Services in a Chroot Jail
23.5.2 Creating a Chroot Jail
23.5.3 Using a Chroot Jail
23.6 About Auditing
23.7 About System Logging
23.7.1 Configuring Logwatch
23.8 About Process Accounting
23.9 Security Guidelines
23.9.1 Minimizing the Software Footprint
23.9.2 Configuring System Logging
23.9.3 Disabling Core Dumps
23.9.4 Minimizing Active Services
23.9.5 Locking Down Network Services
23.9.6 Configuring a Packet-filtering Firewall
23.9.7 Configuring TCP Wrappers
23.9.8 Configuring Kernel Parameters
23.9.9 Restricting Access to SSH Connections
23.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
23.9.11 Checking User Accounts and Privileges
24 OpenSSH Configuration
24.1 About OpenSSH
24.2 OpenSSH Configuration Files
24.2.1 OpenSSH User Configuration Files
24.3 Configuring an OpenSSH Server
24.4 Installing the OpenSSH Client Packages
24.5 Using the OpenSSH Utilities
24.5.1 Using ssh to Connect to Another System
24.5.2 Using scp and sftp to Copy Files Between Systems
24.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
24.5.4 Enabling Remote System Access Without Requiring a Password