Oracle® Linux

Administrator's Guide for Release 6

Oracle Legal Notices
Oracle Documentation License

E41138-33

April 2019


Table of Contents

Preface
I System Configuration
1 Yum
1.1 About Yum
1.2 About ULN
1.3 Yum Configuration
1.3.1 Configuring Use of a Proxy Server
1.3.2 Yum Repository Configuration
1.3.3 Downloading the Oracle Linux Yum Server Repository Files
1.3.4 Using Yum Utilities to Manage Configuration
1.4 Using Yum from the Command Line
1.5 Yum Groups
1.6 Installing and Using the Yum Security Plugin
1.7 Switching CentOS or Scientific Linux Systems to Use the Oracle Linux Yum Server
1.8 Creating and Using a Local ULN Mirror
1.9 Creating a Local Yum Repository Using an ISO Image
1.10 Setting up a Local Yum Server Using an ISO Image
1.11 For More Information About Yum
2 Ksplice
2.1 Overview of Oracle Ksplice
2.1.1 Supported Kernels
2.1.2 About Ksplice Updates
2.1.3 Patching and Updating Your System
2.2 About the Ksplice Client Software
2.2.1 About the Ksplice Enhanced Client
2.2.2 About the Ksplice Uptrack Client
2.3 Choosing a Ksplice Client
2.4 Preparing to Use Oracle Ksplice
3 Boot Configuration
3.1 About the Boot Process
3.2 About the GRUB Boot Loader
3.2.1 About the GRUB Configuration File
3.2.2 Configuring a GRUB Password
3.2.3 Using GRUB
3.3 About Run Levels
3.3.1 Displaying the Run Level
3.3.2 Changing the Run Level
3.3.3 Shutting down the System
3.3.4 About Service Scripts
3.3.5 About the Service Configuration GUI
3.3.6 Starting and Stopping Services
3.3.7 Configuring Services to Start at Different Run Levels
4 System Configuration Settings
4.1 About /etc/sysconfig Files
4.2 About the /proc Virtual File System
4.2.1 Virtual Files and Directories Under /proc
4.2.2 Changing Kernel Parameters
4.2.3 Parameters that Control System Performance
4.2.4 Parameters that Control Kernel Panics
4.3 About the /sys Virtual File System
4.3.1 Virtual Directories Under /sys
4.4 System Date and Time Settings
5 Kernel Modules
5.1 About Kernel Modules
5.2 Listing Information about Loaded Modules
5.3 Loading and Unloading Modules
5.4 About Module Parameters
5.5 Specifying Modules to be Loaded at Boot Time
6 Device Management
6.1 About Device Files
6.2 About the Udev Device Manager
6.3 About Udev Rules
6.4 Querying Udev and Sysfs
6.5 Modifying Udev Rules
7 Task Management
7.1 About Automating Tasks
7.2 Configuring cron Jobs
7.2.1 Controlling Access to Running cron Jobs
7.3 Configuring anacron Jobs
7.4 Running One-time Tasks
7.4.1 Changing the Behavior of Batch Jobs
8 System Monitoring and Tuning
8.1 About sosreport
8.1.1 Configuring and Using sosreport
8.2 About System Performance Tuning
8.2.1 About Performance Problems
8.2.2 Monitoring Usage of System Resources
8.2.3 Using the Graphical System Monitor
8.2.4 About OSWatcher Black Box
9 System Dump Analysis
9.1 About Kdump
9.1.1 Configuring and Using Kdump
9.1.2 Files Used by Kdump
9.1.3 Using Kdump with OCFS2
9.1.4 Using Kdump with a System Hang
9.2 Using the crash Debugger
9.2.1 Installing the crash Packages
9.2.2 Running crash
9.2.3 Kernel Data Structure Analysis Commands
9.2.4 System State Commands
9.2.5 Helper Commands
9.2.6 Session Control Commands
9.2.7 Guidelines for Examining a Dump File
10 Control Groups
10.1 About cgroups
10.2 Subsystems
10.2.1 blkio Parameters
10.2.2 cpu Parameters
10.2.3 cpuacct Parameters
10.2.4 cpuset Parameters
10.2.5 devices Parameters
10.2.6 freezer Parameter
10.2.7 memory Parameters
10.2.8 net_cls Parameter
10.3 Enabling the cgconfig Service
10.4 Enabling PAM to Work with cgroup Rules
10.5 Restarting the cgconfig Service
10.6 About the cgroups Configuration File
10.7 About the cgroup Rules Configuration File
10.8 Displaying and Setting Subsystem Parameters
10.9 Use Cases for cgroups
10.9.1 Pinning Processes to CPU Cores
10.9.2 Controlling CPU and Memory Usage
10.9.3 Restricting Access to Devices
10.9.4 Throttling I/O Bandwidth
10.10 For More Information About cgroups
II Networking and Network Services
11 Network Configuration
11.1 About Network Interfaces
11.2 About Network Configuration Files
11.2.1 /etc/hosts
11.2.2 /etc/nsswitch.conf
11.2.3 /etc/resolv.conf
11.2.4 /etc/sysconfig/network
11.3 Command-line Network Configuration Interfaces
11.4 Configuring Network Interfaces Using Graphical Interfaces
11.5 Configuring Network Interface Bonding
11.5.1 Using ifenslave to Create Bonded Interfaces
11.6 Configuring VLANs with Untagged Data Frames
11.6.1 Using vconfig to Create VLAN Devices
11.7 Configuring Network Routing
12 Network Address Configuration
12.1 About the Dynamic Host Configuration Protocol
12.2 Configuring a DHCP Server
12.3 Configuring a DHCP Client
12.4 About Network Address Translation
13 Name Service Configuration
13.1 About DNS and BIND
13.2 About Types of Name Servers
13.3 About DNS Configuration Files
13.3.1 /etc/named.conf
13.3.2 About Resource Records in Zone Files
13.3.3 About Resource Records for Reverse-name Resolution
13.4 Configuring a Name Server
13.5 Administering the Name Service
13.6 Performing DNS Lookups
14 Network Time Configuration
14.1 About the NTP Daemon
14.1.1 Configuring the ntpd Service
14.2 About PTP
14.2.1 Configuring the PTP Service
14.2.2 Using PTP as a Time Source for NTP
15 Web Service Configuration
15.1 About the Apache HTTP Server
15.2 Installing the Apache HTTP Server
15.3 Configuring the Apache HTTP Server
15.4 Testing the Apache HTTP Server
15.5 Configuring Apache Containers
15.5.1 About Nested Containers
15.6 Configuring Apache Virtual Hosts
16 Email Service Configuration
16.1 About Email Programs
16.2 About Email Protocols
16.2.1 About SMTP
16.2.2 About POP and IMAP
16.3 About the Postfix SMTP Server
16.4 About the Sendmail SMTP Server
16.4.1 About Sendmail Configuration Files
16.5 Forwarding Email
16.6 Configuring a Sendmail Client
17 Load Balancing and High Availability Configuration
17.1 About HAProxy
17.2 Installing and Configuring HAProxy
17.2.1 About the HAProxy Configuration File
17.3 Configuring Simple Load Balancing Using HAProxy
17.3.1 Configuring HAProxy for Session Persistence
17.4 About Keepalived
17.5 Installing and Configuring Keepalived
17.5.1 About the Keepalived Configuration File
17.6 Configuring Simple Virtual IP Address Failover Using Keepalived
17.7 Configuring Load Balancing Using Keepalived in NAT Mode
17.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing
17.7.2 Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing
17.8 Configuring Load Balancing Using Keepalived in DR Mode
17.8.1 Configuring Firewall Rules for Keepalived DR-Mode Load Balancing
17.8.2 Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing
17.9 Configuring Keepalived for Session Persistence and Firewall Marks
17.10 Making HAProxy Highly Available Using Keepalived
17.11 About Keepalived Notification and Tracking Scripts
17.12 Making HAProxy Highly Available Using Oracle Clusterware
III Storage and File Systems
18 Storage Management
18.1 About Disk Partitions
18.1.1 Managing Partition Tables Using fdisk
18.1.2 Managing Partition Tables Using parted
18.1.3 Mapping Partition Tables to Devices
18.2 About Swap Space
18.2.1 Viewing Swap Space Usage
18.2.2 Creating and Using a Swap File
18.2.3 Creating and Using a Swap Partition
18.2.4 Removing a Swap File or Swap Partition
18.3 About Logical Volume Manager
18.3.1 Initializing and Managing Physical Volumes
18.3.2 Creating and Managing Volume Groups
18.3.3 Creating and Managing Logical Volumes
18.4 About Software RAID
18.4.1 Creating Software RAID Devices
18.5 Creating Encrypted Block Devices
18.6 SSD Configuration Recommendations for btrfs, ext4, and swap
18.7 About iSCSI Storage
18.7.1 Configuring an iSCSI Target
18.7.2 Configuring an iSCSI Initiator
18.7.3 Updating the Discovery Database
18.8 About Device Multipathing
18.8.1 Configuring Multipathing
19 File System Administration
19.1 Making File Systems
19.2 Mounting File Systems
19.2.1 About Mount Options
19.3 About the File System Mount Table
19.4 Configuring the Automounter
19.5 Mounting a File Containing a File System Image
19.6 Creating a File System on a File
19.7 Checking and Repairing a File System
19.7.1 Changing the Frequency of File System Checking
19.8 About Access Control Lists
19.8.1 Configuring ACL Support
19.8.2 Setting and Displaying ACLs
19.9 About Disk Quotas
19.9.1 Enabling Disk Quotas on File Systems
19.9.2 Assigning Disk Quotas to Users and Groups
19.9.3 Setting the Grace Period
19.9.4 Displaying Disk Quotas
19.9.5 Enabling and Disabling Disk Quotas
19.9.6 Reporting on Disk Quota Usage
19.9.7 Maintaining the Accuracy of Disk Quota Reporting
20 Local File System Administration
20.1 About Local File Systems
20.2 About the Btrfs File System
20.3 Creating a Btrfs File System
20.4 Modifying a Btrfs File System
20.5 Compressing and Defragmenting a Btrfs File System
20.6 Resizing a Btrfs File System
20.7 Creating Subvolumes and Snapshots
20.7.1 Cloning Virtual Machine Images and Linux Containers
20.8 Using the Send/Receive Feature
20.8.1 Using Send/Receive to Implement Incremental Backups
20.9 Using Quota Groups
20.10 Replacing Devices on a Live File System
20.11 Creating Snapshots of Files
20.12 Converting an Ext2, Ext3, or Ext4 File System to a Btrfs File System
20.12.1 Converting a Non-root File System
20.12.2 Converting the root File System
20.12.3 Mounting the Image of the Original File System
20.12.4 Deleting the Snapshot of the Original File System
20.12.5 Recovering an Original Non-root File System
20.13 Installing a Btrfs root File System
20.13.1 Setting up a New NFS Server
20.13.2 Configuring an Existing NFS Server
20.13.3 Setting up a New HTTP Server
20.13.4 Configuring an Existing HTTP Server
20.13.5 Setting up a Network Installation Server
20.13.6 Installing from a Network Installation Server
20.13.7 About the Installation root File System
20.13.8 Creating Snapshots of the root File System
20.13.9 Mounting Alternate Snapshots as the root File System
20.13.10 Deleting Snapshots of the root File System
20.14 Converting a Non-root Ext2 File System to Ext3
20.15 Converting a root Ext2 File System to Ext3
20.16 Creating a Local OCFS2 File System
20.17 About the XFS File System
20.17.1 About External XFS Journals
20.17.2 About XFS Write Barriers
20.17.3 About Lazy Counters
20.18 Installing the XFS Packages
20.19 Creating an XFS File System
20.20 Modifying an XFS File System
20.21 Growing an XFS File System
20.22 Freezing and Unfreezing an XFS File System
20.23 Setting Quotas on an XFS File System
20.23.1 Setting Project Quotas
20.24 Backing up and Restoring XFS File Systems
20.25 Defragmenting an XFS File System
20.26 Checking and Repairing an XFS File System
21 Shared File System Administration
21.1 About Shared File Systems
21.2 About NFS
21.2.1 Configuring an NFS Server
21.2.2 Mounting an NFS File System
21.3 About Samba
21.3.1 Configuring a Samba Server
21.3.2 About Samba Configuration for Windows Workgroups and Domains
21.3.3 Accessing Samba Shares from a Windows Client
21.3.4 Accessing Samba Shares from an Oracle Linux Client
22 Oracle Cluster File System Version 2
22.1 About OCFS2
22.2 Installing and Configuring OCFS2
22.2.1 Preparing a Cluster for OCFS2
22.2.2 Configuring the Firewall
22.2.3 Configuring the Cluster Software
22.2.4 Creating the Configuration File for the Cluster Stack
22.2.5 Configuring the Cluster Stack
22.2.6 Configuring the Kernel for Cluster Operation
22.2.7 Starting and Stopping the Cluster Stack
22.2.8 Creating OCFS2 volumes
22.2.9 Mounting OCFS2 Volumes
22.2.10 Querying and Changing Volume Parameters
22.3 Troubleshooting OCFS2
22.3.1 Recommended Tools for Debugging
22.3.2 Mounting the debugfs File System
22.3.3 Configuring OCFS2 Tracing
22.3.4 Debugging File System Locks
22.3.5 Configuring the Behavior of Fenced Nodes
22.4 Use Cases for OCFS2
22.4.1 Load Balancing
22.4.2 Oracle Real Application Cluster (RAC)
22.4.3 Oracle Databases
22.5 For More Information About OCFS2
IV Authentication and Security
23 Authentication Configuration
23.1 About Authentication
23.2 About Local Oracle Linux Authentication
23.2.1 Configuring Local Access
23.2.2 Configuring Fingerprint Reader Authentication
23.2.3 Configuring Smart Card Authentication
23.3 About IPA
23.3.1 Configuring IPA
23.4 About LDAP Authentication
23.4.1 About LDAP Data Interchange Format
23.4.2 Configuring an LDAP Server
23.4.3 Replacing the Default Certificates
23.4.4 Creating and Distributing Self-signed CA Certificates
23.4.5 Initializing an Organization in LDAP
23.4.6 Adding an Automount Map to LDAP
23.4.7 Adding a Group to LDAP
23.4.8 Adding a User to LDAP
23.4.9 Adding Users to a Group in LDAP
23.4.10 Enabling LDAP Authentication
23.5 About NIS Authentication
23.5.1 About NIS Maps
23.5.2 Configuring an NIS Server
23.5.3 Adding User Accounts to NIS
23.5.4 Enabling NIS Authentication
23.6 About Kerberos Authentication
23.6.1 Configuring a Kerberos Server
23.6.2 Configuring a Kerberos Client
23.6.3 Enabling Kerberos Authentication
23.7 About Pluggable Authentication Modules
23.7.1 Configuring Pluggable Authentication Modules
23.8 About the System Security Services Daemon
23.8.1 Configuring an SSSD Server
23.9 About Winbind Authentication
23.9.1 Enabling Winbind Authentication
24 Local Account Configuration
24.1 About User and Group Configuration
24.2 Changing Default Settings for User Accounts
24.3 Creating User Accounts
24.3.1 About umask and the setgid and Restricted Deletion Bits
24.4 Locking an Account
24.5 Modifying or Deleting User Accounts
24.6 Creating Groups
24.7 Modifying or Deleting Groups
24.8 Configuring Password Ageing
24.9 Granting sudo Access to Users
25 System Security Administration
25.1 About System Security
25.2 Configuring and Using SELinux
25.2.1 About SELinux Administration
25.2.2 About SELinux Modes
25.2.3 Setting SELinux Modes
25.2.4 About SELinux Policies
25.2.5 About SELinux Context
25.2.6 About SELinux Users
25.2.7 Troubleshooting Access-Denial Messages
25.3 About Packet-filtering Firewalls
25.3.1 Controlling the Firewall Service
25.3.2 Listing Firewall Rules
25.3.3 Inserting and Replacing Rules in a Chain
25.3.4 Deleting Rules in a Chain
25.3.5 Saving Rules
25.4 About TCP Wrappers
25.5 About chroot Jails
25.5.1 Running DNS and FTP Services in a Chroot Jail
25.5.2 Creating a Chroot Jail
25.5.3 Using a Chroot Jail
25.6 About Auditing
25.7 About System Logging
25.7.1 Configuring Logwatch
25.8 About Process Accounting
25.9 Security Guidelines
25.9.1 Minimizing the Software Footprint
25.9.2 Configuring System Logging
25.9.3 Disabling Core Dumps
25.9.4 Minimizing Active Services
25.9.5 Locking Down Network Services
25.9.6 Configuring a Packet-filtering Firewall
25.9.7 Configuring TCP Wrappers
25.9.8 Configuring Kernel Parameters
25.9.9 Restricting Access to SSH Connections
25.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
25.9.11 Checking User Accounts and Privileges
26 OpenSSH Configuration
26.1 About OpenSSH
26.2 OpenSSH Configuration Files
26.2.1 OpenSSH User Configuration Files
26.3 Configuring an OpenSSH Server
26.4 Installing the OpenSSH Client Packages
26.5 Using the OpenSSH Utilities
26.5.1 Using ssh to Connect to Another System
26.5.2 Using scp and sftp to Copy Files Between Systems
26.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
26.5.4 Enabling Remote System Access Without Requiring a Password
V Virtualization
27 Linux Containers
27.1 About Linux Containers
27.1.1 Supported Oracle Linux Container Versions
27.2 Configuring Operating System Containers
27.2.1 Installing and Configuring the Software
27.2.2 Setting up the File System for the Containers
27.2.3 Creating and Starting a Container
27.2.4 About the lxc-oracle Template Script
27.2.5 About Veth and Macvlan
27.2.6 Modifying a Container to Use Macvlan
27.3 Logging in to Containers
27.4 Creating Additional Containers
27.5 Monitoring and Shutting Down Containers
27.6 Starting a Command Inside a Running Container
27.7 Controlling Container Resources
27.8 Configuring ulimit Settings for an Oracle Linux Container
27.9 Configuring Kernel Parameter Settings for Oracle Linux Containers
27.10 Deleting Containers
27.11 Running Application Containers
27.12 For More Information About Linux Containers