Oracle® Linux

Administrator's Guide for Release 6

Oracle Legal Notices
Oracle Documentation License

E41138-30

December 2018


Table of Contents

Preface
I System Configuration
1 Yum
1.1 About Yum
1.2 About ULN
1.3 Yum Configuration
1.3.1 Configuring Use of a Proxy Server
1.3.2 Yum Repository Configuration
1.3.3 Downloading the Oracle Linux Yum Server Repository Files
1.3.4 Using Yum Utilities to Manage Configuration
1.4 Using Yum from the Command Line
1.5 Yum Groups
1.6 Installing and Using the Yum Security Plugin
1.7 Switching CentOS or Scientific Linux Systems to Use the Oracle Linux Yum Server
1.8 Creating and Using a Local ULN Mirror
1.9 Creating a Local Yum Repository Using an ISO Image
1.10 Setting up a Local Yum Server Using an ISO Image
1.11 For More Information About Yum
2 Ksplice
2.1 Overview of Oracle Ksplice
2.1.1 Supported Kernels
2.1.2 About Ksplice Updates
2.1.3 Patching and Updating Your System
2.2 About the Ksplice Client Software
2.2.1 About the Ksplice Enhanced Client
2.2.2 About the Ksplice Uptrack Client
2.3 Choosing a Ksplice Client
2.4 Preparing to Use Oracle Ksplice
3 Boot Configuration
3.1 About the Boot Process
3.2 About the GRUB Boot Loader
3.2.1 About the GRUB Configuration File
3.2.2 Configuring a GRUB Password
3.2.3 Using GRUB
3.3 About Run Levels
3.3.1 Displaying the Run Level
3.3.2 Changing the Run Level
3.3.3 Shutting down the System
3.3.4 About Service Scripts
3.3.5 About the Service Configuration GUI
3.3.6 Starting and Stopping Services
3.3.7 Configuring Services to Start at Different Run Levels
4 System Configuration Settings
4.1 About /etc/sysconfig Files
4.2 About the /proc Virtual File System
4.2.1 Virtual Files and Directories Under /proc
4.2.2 Changing Kernel Parameters
4.2.3 Parameters that Control System Performance
4.2.4 Parameters that Control Kernel Panics
4.3 About the /sys Virtual File System
4.3.1 Virtual Directories Under /sys
4.4 System Date and Time Settings
5 Kernel Modules
5.1 About Kernel Modules
5.2 Listing Information about Loaded Modules
5.3 Loading and Unloading Modules
5.4 About Module Parameters
5.5 Specifying Modules to be Loaded at Boot Time
6 Device Management
6.1 About Device Files
6.2 About the Udev Device Manager
6.3 About Udev Rules
6.4 Querying Udev and Sysfs
6.5 Modifying Udev Rules
7 Task Management
7.1 About Automating Tasks
7.2 Configuring cron Jobs
7.2.1 Controlling Access to Running cron Jobs
7.3 Configuring anacron Jobs
7.4 Running One-time Tasks
7.4.1 Changing the Behavior of Batch Jobs
8 System Monitoring and Tuning
8.1 About sosreport
8.1.1 Configuring and Using sosreport
8.2 About System Performance Tuning
8.2.1 About Performance Problems
8.2.2 Monitoring Usage of System Resources
8.2.3 Using the Graphical System Monitor
8.2.4 About OSWatcher Black Box
9 System Dump Analysis
9.1 About Kdump
9.1.1 Configuring and Using Kdump
9.1.2 Files Used by Kdump
9.1.3 Using Kdump with OCFS2
9.1.4 Using Kdump with a System Hang
9.2 Using the crash Debugger
9.2.1 Installing the crash Packages
9.2.2 Running crash
9.2.3 Kernel Data Structure Analysis Commands
9.2.4 System State Commands
9.2.5 Helper Commands
9.2.6 Session Control Commands
9.2.7 Guidelines for Examining a Dump File
II Networking and Network Services
10 Network Configuration
10.1 About Network Interfaces
10.2 About Network Configuration Files
10.2.1 /etc/hosts
10.2.2 /etc/nsswitch.conf
10.2.3 /etc/resolv.conf
10.2.4 /etc/sysconfig/network
10.3 Command-line Network Configuration Interfaces
10.4 Configuring Network Interfaces Using Graphical Interfaces
10.5 Configuring Network Interface Bonding
10.5.1 Using ifenslave to Create Bonded Interfaces
10.6 Configuring VLANs with Untagged Data Frames
10.6.1 Using vconfig to Create VLAN Devices
10.7 Configuring Network Routing
11 Network Address Configuration
11.1 About the Dynamic Host Configuration Protocol
11.2 Configuring a DHCP Server
11.3 Configuring a DHCP Client
11.4 About Network Address Translation
12 Name Service Configuration
12.1 About DNS and BIND
12.2 About Types of Name Servers
12.3 About DNS Configuration Files
12.3.1 /etc/named.conf
12.3.2 About Resource Records in Zone Files
12.3.3 About Resource Records for Reverse-name Resolution
12.4 Configuring a Name Server
12.5 Administering the Name Service
12.6 Performing DNS Lookups
13 Network Time Configuration
13.1 About the NTP Daemon
13.1.1 Configuring the ntpd Service
13.2 About PTP
13.2.1 Configuring the PTP Service
13.2.2 Using PTP as a Time Source for NTP
14 Web Service Configuration
14.1 About the Apache HTTP Server
14.2 Installing the Apache HTTP Server
14.3 Configuring the Apache HTTP Server
14.4 Testing the Apache HTTP Server
14.5 Configuring Apache Containers
14.5.1 About Nested Containers
14.6 Configuring Apache Virtual Hosts
15 Email Service Configuration
15.1 About Email Programs
15.2 About Email Protocols
15.2.1 About SMTP
15.2.2 About POP and IMAP
15.3 About the Postfix SMTP Server
15.4 About the Sendmail SMTP Server
15.4.1 About Sendmail Configuration Files
15.5 Forwarding Email
15.6 Configuring a Sendmail Client
16 Load Balancing and High Availability Configuration
16.1 About HAProxy
16.2 Installing and Configuring HAProxy
16.2.1 About the HAProxy Configuration File
16.3 Configuring Simple Load Balancing Using HAProxy
16.3.1 Configuring HAProxy for Session Persistence
16.4 About Keepalived
16.5 Installing and Configuring Keepalived
16.5.1 About the Keepalived Configuration File
16.6 Configuring Simple Virtual IP Address Failover Using Keepalived
16.7 Configuring Load Balancing Using Keepalived in NAT Mode
16.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing
16.7.2 Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing
16.8 Configuring Load Balancing Using Keepalived in DR Mode
16.8.1 Configuring Firewall Rules for Keepalived DR-Mode Load Balancing
16.8.2 Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing
16.9 Configuring Keepalived for Session Persistence and Firewall Marks
16.10 Making HAProxy Highly Available Using Keepalived
16.11 About Keepalived Notification and Tracking Scripts
16.12 Making HAProxy Highly Available Using Oracle Clusterware
III Storage and File Systems
17 Storage Management
17.1 About Disk Partitions
17.1.1 Managing Partition Tables Using fdisk
17.1.2 Managing Partition Tables Using parted
17.1.3 Mapping Partition Tables to Devices
17.2 About Swap Space
17.2.1 Viewing Swap Space Usage
17.2.2 Creating and Using a Swap File
17.2.3 Creating and Using a Swap Partition
17.2.4 Removing a Swap File or Swap Partition
17.3 About Logical Volume Manager
17.3.1 Initializing and Managing Physical Volumes
17.3.2 Creating and Managing Volume Groups
17.3.3 Creating and Managing Logical Volumes
17.4 About Software RAID
17.4.1 Creating Software RAID Devices
17.5 Creating Encrypted Block Devices
17.6 SSD Configuration Recommendations for btrfs, ext4, and swap
17.7 About iSCSI Storage
17.7.1 Configuring an iSCSI Target
17.7.2 Configuring an iSCSI Initiator
17.7.3 Updating the Discovery Database
17.8 About Device Multipathing
17.8.1 Configuring Multipathing
18 File System Administration
18.1 Making File Systems
18.2 Mounting File Systems
18.2.1 About Mount Options
18.3 About the File System Mount Table
18.4 Configuring the Automounter
18.5 Mounting a File Containing a File System Image
18.6 Creating a File System on a File
18.7 Checking and Repairing a File System
18.7.1 Changing the Frequency of File System Checking
18.8 About Access Control Lists
18.8.1 Configuring ACL Support
18.8.2 Setting and Displaying ACLs
18.9 About Disk Quotas
18.9.1 Enabling Disk Quotas on File Systems
18.9.2 Assigning Disk Quotas to Users and Groups
18.9.3 Setting the Grace Period
18.9.4 Displaying Disk Quotas
18.9.5 Enabling and Disabling Disk Quotas
18.9.6 Reporting on Disk Quota Usage
18.9.7 Maintaining the Accuracy of Disk Quota Reporting
19 Local File System Administration
19.1 About Local File Systems
19.2 About the Btrfs File System
19.3 Creating a Btrfs File System
19.4 Modifying a Btrfs File System
19.5 Compressing and Defragmenting a Btrfs File System
19.6 Resizing a Btrfs File System
19.7 Creating Subvolumes and Snapshots
19.7.1 Cloning Virtual Machine Images and Linux Containers
19.8 Using the Send/Receive Feature
19.8.1 Using Send/Receive to Implement Incremental Backups
19.9 Using Quota Groups
19.10 Replacing Devices on a Live File System
19.11 Creating Snapshots of Files
19.12 Converting an Ext2, Ext3, or Ext4 File System to a Btrfs File System
19.12.1 Converting a Non-root File System
19.12.2 Converting the root File System
19.12.3 Mounting the Image of the Original File System
19.12.4 Deleting the Snapshot of the Original File System
19.12.5 Recovering an Original Non-root File System
19.13 Installing a Btrfs root File System
19.13.1 Setting up a New NFS Server
19.13.2 Configuring an Existing NFS Server
19.13.3 Setting up a New HTTP Server
19.13.4 Configuring an Existing HTTP Server
19.13.5 Setting up a Network Installation Server
19.13.6 Installing from a Network Installation Server
19.13.7 About the Installation root File System
19.13.8 Creating Snapshots of the root File System
19.13.9 Mounting Alternate Snapshots as the root File System
19.13.10 Deleting Snapshots of the root File System
19.14 Converting a Non-root Ext2 File System to Ext3
19.15 Converting a root Ext2 File System to Ext3
19.16 Creating a Local OCFS2 File System
19.17 About the XFS File System
19.17.1 About External XFS Journals
19.17.2 About XFS Write Barriers
19.17.3 About Lazy Counters
19.18 Installing the XFS Packages
19.19 Creating an XFS File System
19.20 Modifying an XFS File System
19.21 Growing an XFS File System
19.22 Freezing and Unfreezing an XFS File System
19.23 Setting Quotas on an XFS File System
19.23.1 Setting Project Quotas
19.24 Backing up and Restoring XFS File Systems
19.25 Defragmenting an XFS File System
19.26 Checking and Repairing an XFS File System
20 Shared File System Administration
20.1 About Shared File Systems
20.2 About NFS
20.2.1 Configuring an NFS Server
20.2.2 Mounting an NFS File System
20.3 About Samba
20.3.1 Configuring a Samba Server
20.3.2 About Samba Configuration for Windows Workgroups and Domains
20.3.3 Accessing Samba Shares from a Windows Client
20.3.4 Accessing Samba Shares from an Oracle Linux Client
21 Oracle Cluster File System Version 2
21.1 About OCFS2
21.2 Installing and Configuring OCFS2
21.2.1 Preparing a Cluster for OCFS2
21.2.2 Configuring the Firewall
21.2.3 Configuring the Cluster Software
21.2.4 Creating the Configuration File for the Cluster Stack
21.2.5 Configuring the Cluster Stack
21.2.6 Configuring the Kernel for Cluster Operation
21.2.7 Starting and Stopping the Cluster Stack
21.2.8 Creating OCFS2 volumes
21.2.9 Mounting OCFS2 Volumes
21.2.10 Querying and Changing Volume Parameters
21.3 Troubleshooting OCFS2
21.3.1 Recommended Tools for Debugging
21.3.2 Mounting the debugfs File System
21.3.3 Configuring OCFS2 Tracing
21.3.4 Debugging File System Locks
21.3.5 Configuring the Behavior of Fenced Nodes
21.4 Use Cases for OCFS2
21.4.1 Load Balancing
21.4.2 Oracle Real Application Cluster (RAC)
21.4.3 Oracle Databases
21.5 For More Information About OCFS2
IV Authentication and Security
22 Authentication Configuration
22.1 About Authentication
22.2 About Local Oracle Linux Authentication
22.2.1 Configuring Local Access
22.2.2 Configuring Fingerprint Reader Authentication
22.2.3 Configuring Smart Card Authentication
22.3 About IPA
22.3.1 Configuring IPA
22.4 About LDAP Authentication
22.4.1 About LDAP Data Interchange Format
22.4.2 Configuring an LDAP Server
22.4.3 Replacing the Default Certificates
22.4.4 Creating and Distributing Self-signed CA Certificates
22.4.5 Initializing an Organization in LDAP
22.4.6 Adding an Automount Map to LDAP
22.4.7 Adding a Group to LDAP
22.4.8 Adding a User to LDAP
22.4.9 Adding Users to a Group in LDAP
22.4.10 Enabling LDAP Authentication
22.5 About NIS Authentication
22.5.1 About NIS Maps
22.5.2 Configuring an NIS Server
22.5.3 Adding User Accounts to NIS
22.5.4 Enabling NIS Authentication
22.6 About Kerberos Authentication
22.6.1 Configuring a Kerberos Server
22.6.2 Configuring a Kerberos Client
22.6.3 Enabling Kerberos Authentication
22.7 About Pluggable Authentication Modules
22.7.1 Configuring Pluggable Authentication Modules
22.8 About the System Security Services Daemon
22.8.1 Configuring an SSSD Server
22.9 About Winbind Authentication
22.9.1 Enabling Winbind Authentication
23 Local Account Configuration
23.1 About User and Group Configuration
23.2 Changing Default Settings for User Accounts
23.3 Creating User Accounts
23.3.1 About umask and the setgid and Restricted Deletion Bits
23.4 Locking an Account
23.5 Modifying or Deleting User Accounts
23.6 Creating Groups
23.7 Modifying or Deleting Groups
23.8 Configuring Password Ageing
23.9 Granting sudo Access to Users
24 System Security Administration
24.1 About System Security
24.2 Configuring and Using SELinux
24.2.1 About SELinux Administration
24.2.2 About SELinux Modes
24.2.3 Setting SELinux Modes
24.2.4 About SELinux Policies
24.2.5 About SELinux Context
24.2.6 About SELinux Users
24.2.7 Troubleshooting Access-Denial Messages
24.3 About Packet-filtering Firewalls
24.3.1 Controlling the Firewall Service
24.3.2 Listing Firewall Rules
24.3.3 Inserting and Replacing Rules in a Chain
24.3.4 Deleting Rules in a Chain
24.3.5 Saving Rules
24.4 About TCP Wrappers
24.5 About chroot Jails
24.5.1 Running DNS and FTP Services in a Chroot Jail
24.5.2 Creating a Chroot Jail
24.5.3 Using a Chroot Jail
24.6 About Auditing
24.7 About System Logging
24.7.1 Configuring Logwatch
24.8 About Process Accounting
24.9 Security Guidelines
24.9.1 Minimizing the Software Footprint
24.9.2 Configuring System Logging
24.9.3 Disabling Core Dumps
24.9.4 Minimizing Active Services
24.9.5 Locking Down Network Services
24.9.6 Configuring a Packet-filtering Firewall
24.9.7 Configuring TCP Wrappers
24.9.8 Configuring Kernel Parameters
24.9.9 Restricting Access to SSH Connections
24.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
24.9.11 Checking User Accounts and Privileges
25 OpenSSH Configuration
25.1 About OpenSSH
25.2 OpenSSH Configuration Files
25.2.1 OpenSSH User Configuration Files
25.3 Configuring an OpenSSH Server
25.4 Installing the OpenSSH Client Packages
25.5 Using the OpenSSH Utilities
25.5.1 Using ssh to Connect to Another System
25.5.2 Using scp and sftp to Copy Files Between Systems
25.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
25.5.4 Enabling Remote System Access Without Requiring a Password