Oracle® Linux

Administrator's Guide for Release 7

Oracle Legal Notices
Oracle Documentation License

E54669-50

December 2017


Table of Contents

Preface
I System Configuration
1 The Unbreakable Linux Network
1.1 About the Unbreakable Linux Network
1.2 About ULN Channels
1.3 About Software Errata
1.4 Registering as a ULN User
1.5 Registering an Oracle Linux 7 System
1.6 Disabling Package Updates
1.7 Subscribing Your System to ULN Channels
1.8 Browsing and Downloading Errata Packages
1.9 Downloading Available Errata for a System
1.10 Updating System Details
1.11 Deleting a System
1.12 About CSI Administration
1.12.1 Becoming a CSI Administrator
1.12.2 Listing Active CSIs and Transferring Their Registered Servers
1.12.3 Listing Expired CSIs and Transferring Their Registered Servers
1.12.4 Removing a CSI Administrator
1.13 Installing Java SE on Oracle Linux from ULN
1.14 Switching from RHN to ULN
1.15 For More Information About ULN
2 Yum
2.1 About Yum
2.2 Yum Configuration
2.2.1 Configuring Use of a Proxy Server
2.2.2 Yum Repository Configuration
2.3 Downloading the Oracle Linux Yum Server Repository Files
2.4 Using Yum from the Command Line
2.5 Yum Groups
2.6 Using the Yum Security Plugin
2.7 Switching CentOS or Scientific Linux Systems to Use the Oracle Linux Yum Server
2.8 Creating and Using a Local ULN Mirror
2.9 Creating a Local Yum Repository Using an ISO Image
2.10 Setting up a Local Yum Server Using an ISO Image
2.11 For More Information About Yum
3 Ksplice Uptrack
3.1 About Ksplice Uptrack
3.1.1 Supported Kernels
3.2 Registering to Use Ksplice Uptrack
3.3 Installing Ksplice Uptrack
3.4 Configuring Ksplice Uptrack
3.5 Managing Ksplice Updates
3.6 Patching and Updating Your System
3.7 Removing the Ksplice Uptrack software
3.8 About Ksplice Offline Client
3.8.1 Modifying a Local Yum Server to Act as a Ksplice Mirror
3.8.2 Configuring Ksplice Offline Clients
3.9 For More Information About Ksplice Uptrack
4 Boot and Service Configuration
4.1 About systemd
4.2 About the Boot Process
4.3 About the GRUB 2 Boot Loader
4.4 Kernel Boot Parameters
4.5 Modifying Kernel Boot Parameters Before Booting
4.6 Modifying Kernel Boot Parameters in GRUB 2
4.7 About System-State Targets
4.7.1 Displaying the Default and Active System-State Targets
4.7.2 Changing the Default and Active System-State Targets
4.7.3 Shutting Down, Suspending, or Rebooting the System
4.7.4 Starting and Stopping Services
4.7.5 Enabling and Disabling Services
4.7.6 Displaying the Status of Services
4.7.7 Controlling Access to System Resources
4.7.8 Modifying systemd Configuration Files
4.7.9 Running systemctl on a Remote System
5 System Configuration Settings
5.1 About /etc/sysconfig Files
5.2 About the /proc Virtual File System
5.2.1 Virtual Files and Directories Under /proc
5.2.2 Changing Kernel Parameters
5.2.3 Parameters that Control System Performance
5.2.4 Parameters that Control Kernel Panics
5.3 About the /sys Virtual File System
5.3.1 Virtual Directories Under /sys
6 Kernel Modules
6.1 About Kernel Modules
6.2 Listing Information about Loaded Modules
6.3 Loading and Unloading Modules
6.4 About Module Parameters
6.5 Specifying Modules to be Loaded at Boot Time
7 Device Management
7.1 About Device Files
7.2 About the Udev Device Manager
7.3 About Udev Rules
7.4 Querying Udev and Sysfs
7.5 Modifying Udev Rules
8 Task Management
8.1 About Automating Tasks
8.2 Configuring cron Jobs
8.2.1 Controlling Access to Running cron Jobs
8.3 Configuring anacron Jobs
8.4 Running One-time Tasks
8.4.1 Changing the Behavior of Batch Jobs
9 System Monitoring and Tuning
9.1 About sosreport
9.1.1 Configuring and Using sosreport
9.2 About System Performance Tuning
9.2.1 About Performance Problems
9.2.2 Monitoring Usage of System Resources
9.2.3 Using the Graphical System Monitor
9.2.4 About OSWatcher Black Box
10 System Dump Analysis
10.1 About Kdump
10.1.1 Configuring and Using Kdump
10.1.2 Files Used by Kdump
10.1.3 Using Kdump with OCFS2
10.2 Using the crash Debugger
10.2.1 Installing the crash Packages
10.2.2 Running crash
10.2.3 Kernel Data Structure Analysis Commands
10.2.4 System State Commands
10.2.5 Helper Commands
10.2.6 Session Control Commands
10.2.7 Guidelines for Examining a Dump File
II Networking and Network Services
11 Network Configuration
11.1 About Network Interfaces
11.2 About Network Interface Names
11.3 About Network Configuration Files
11.3.1 /etc/hosts
11.3.2 /etc/nsswitch.conf
11.3.3 /etc/resolv.conf
11.3.4 /etc/sysconfig/network
11.4 Command-line Network Configuration Interfaces
11.5 Configuring Network Interfaces Using Graphical Interfaces
11.6 About Network Interface Bonding
11.6.1 Configuring Network Interface Bonding
11.7 About Network Interface Teaming
11.7.1 Configuring Network Interface Teaming
11.7.2 Adding Ports to and Removing Ports from a Team
11.7.3 Changing the Configuration of a Port in a Team
11.7.4 Removing a Team
11.7.5 Displaying Information About Teams
11.8 Configuring VLANs with Untagged Data Frames
11.8.1 Using the ip Command to Create VLAN Devices
11.9 Configuring Network Routing
12 Network Address Configuration
12.1 About the Dynamic Host Configuration Protocol
12.2 Configuring a DHCP Server
12.3 Configuring a DHCP Client
12.4 About Network Address Translation
13 Name Service Configuration
13.1 About DNS and BIND
13.2 About Types of Name Servers
13.3 About DNS Configuration Files
13.3.1 /etc/named.conf
13.3.2 About Resource Records in Zone Files
13.3.3 About Resource Records for Reverse-name Resolution
13.4 Configuring a Name Server
13.5 Administering the Name Service
13.6 Performing DNS Lookups
14 Network Time Configuration
14.1 About the chronyd Daemon
14.1.1 Configuring the chronyd Service
14.2 About the NTP Daemon
14.2.1 Configuring the ntpd Service
14.3 About PTP
14.3.1 Configuring the PTP Service
14.3.2 Using PTP as a Time Source for NTP
15 Web Service Configuration
15.1 About the Apache HTTP Server
15.2 Installing the Apache HTTP Server
15.3 Configuring the Apache HTTP Server
15.4 Testing the Apache HTTP Server
15.5 Configuring Apache Containers
15.5.1 About Nested Containers
15.6 Configuring Apache Virtual Hosts
16 Email Service Configuration
16.1 About Email Programs
16.2 About Email Protocols
16.2.1 About SMTP
16.2.2 About POP and IMAP
16.3 About the Postfix SMTP Server
16.4 About the Sendmail SMTP Server
16.4.1 About Sendmail Configuration Files
16.5 Forwarding Email
16.6 Configuring a Sendmail Client
17 Load Balancing and High Availability Configuration
17.1 About HAProxy
17.2 Installing and Configuring HAProxy
17.2.1 About the HAProxy Configuration File
17.3 Configuring Simple Load Balancing Using HAProxy
17.3.1 Configuring HAProxy for Session Persistence
17.4 About Keepalived
17.5 Installing and Configuring Keepalived
17.5.1 About the Keepalived Configuration File
17.6 Configuring Simple Virtual IP Address Failover Using Keepalived
17.7 Configuring Load Balancing Using Keepalived in NAT Mode
17.7.1 Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing
17.7.2 Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing
17.8 Configuring Load Balancing Using Keepalived in DR Mode
17.8.1 Configuring Firewall Rules for Keepalived DR-Mode Load Balancing
17.8.2 Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing
17.9 Configuring Keepalived for Session Persistence and Firewall Marks
17.10 Making HAProxy Highly Available Using Keepalived
17.11 About Keepalived Notification and Tracking Scripts
17.12 Making HAProxy Highly Available Using Oracle Clusterware
18 VNC Service Configuration
18.1 About VNC
18.2 Configuring a VNC Server
18.3 Connecting to VNC Desktop
III Storage and File Systems
19 Storage Management
19.1 About Disk Partitions
19.1.1 Managing Partition Tables Using fdisk
19.1.2 Managing Partition Tables Using parted
19.1.3 Mapping Partition Tables to Devices
19.2 About Swap Space
19.2.1 Viewing Swap Space Usage
19.2.2 Creating and Using a Swap File
19.2.3 Creating and Using a Swap Partition
19.2.4 Removing a Swap File or Swap Partition
19.3 About Logical Volume Manager
19.3.1 Initializing and Managing Physical Volumes
19.3.2 Creating and Managing Volume Groups
19.3.3 Creating and Managing Logical Volumes
19.3.4 Creating Logical Volume Snapshots
19.3.5 Creating and Managing Thinly-Provisioned Logical Volumes
19.3.6 Using snapper with Thinly-Provisioned Logical Volumes
19.4 About Software RAID
19.4.1 Creating Software RAID Devices
19.5 Creating Encrypted Block Devices
19.6 SSD Configuration Recommendations for btrfs, ext4, and swap
19.7 About Linux-IO Storage Configuration
19.7.1 Configuring an iSCSI Target
19.7.2 Configuring an iSCSI Initiator
19.7.3 Updating the Discovery Database
19.8 About Device Multipathing
19.8.1 Configuring Multipathing
20 File System Administration
20.1 Making File Systems
20.2 Mounting File Systems
20.2.1 About Mount Options
20.3 About the File System Mount Table
20.4 Configuring the Automounter
20.5 Mounting a File Containing a File System Image
20.6 Creating a File System on a File
20.7 Checking and Repairing a File System
20.7.1 Changing the Frequency of File System Checking
20.8 About Access Control Lists
20.8.1 Configuring ACL Support
20.8.2 Setting and Displaying ACLs
20.9 About Disk Quotas
20.9.1 Enabling Disk Quotas on File Systems
20.9.2 Assigning Disk Quotas to Users and Groups
20.9.3 Setting the Grace Period
20.9.4 Displaying Disk Quotas
20.9.5 Enabling and Disabling Disk Quotas
20.9.6 Reporting on Disk Quota Usage
20.9.7 Maintaining the Accuracy of Disk Quota Reporting
21 Local File System Administration
21.1 About Local File Systems
21.2 About the Btrfs File System
21.3 Creating a Btrfs File System
21.4 Modifying a Btrfs File System
21.5 Compressing and Defragmenting a Btrfs File System
21.6 Resizing a Btrfs File System
21.7 Creating Subvolumes and Snapshots
21.7.1 Using snapper with Btrfs Subvolumes
21.7.2 Cloning Virtual Machine Images and Linux Containers
21.8 Using the Send/Receive Feature
21.8.1 Using Send/Receive to Implement Incremental Backups
21.9 Using Quota Groups
21.10 Replacing Devices on a Live File System
21.11 Creating Snapshots of Files
21.12 Converting an Ext2, Ext3, or Ext4 File System to a Btrfs File System
21.12.1 Converting a Non-root File System
21.13 About the Btrfs root File System
21.13.1 Creating Snapshots of the root File System
21.13.2 Mounting Alternate Snapshots as the root File System
21.13.3 Deleting Snapshots of the root File System
21.14 Converting a Non-root Ext2 File System to Ext3
21.15 Converting a root Ext2 File System to Ext3
21.16 Creating a Local OCFS2 File System
21.17 About the XFS File System
21.17.1 About External XFS Journals
21.17.2 About XFS Write Barriers
21.17.3 About Lazy Counters
21.18 Installing the XFS Packages
21.19 Creating an XFS File System
21.20 Modifying an XFS File System
21.21 Growing an XFS File System
21.22 Freezing and Unfreezing an XFS File System
21.23 Setting Quotas on an XFS File System
21.23.1 Setting Project Quotas
21.24 Backing up and Restoring XFS File Systems
21.25 Defragmenting an XFS File System
21.26 Checking and Repairing an XFS File System
22 Shared File System Administration
22.1 About Shared File Systems
22.2 About NFS
22.2.1 Configuring an NFS Server
22.2.2 Mounting an NFS File System
22.3 About Samba
22.3.1 Configuring a Samba Server
22.3.2 About Samba Configuration for Windows Workgroups and Domains
22.3.3 Accessing Samba Shares from a Windows Client
22.3.4 Accessing Samba Shares from an Oracle Linux Client
23 Oracle Cluster File System Version 2
23.1 About OCFS2
23.2 Installing and Configuring OCFS2
23.2.1 Preparing a Cluster for OCFS2
23.2.2 Configuring the Firewall
23.2.3 Configuring the Cluster Software
23.2.4 Creating the Configuration File for the Cluster Stack
23.2.5 Configuring the Cluster Stack
23.2.6 Configuring the Kernel for Cluster Operation
23.2.7 Starting and Stopping the Cluster Stack
23.2.8 Creating OCFS2 volumes
23.2.9 Mounting OCFS2 Volumes
23.2.10 Querying and Changing Volume Parameters
23.3 Troubleshooting OCFS2
23.3.1 Recommended Tools for Debugging
23.3.2 Mounting the debugfs File System
23.3.3 Configuring OCFS2 Tracing
23.3.4 Debugging File System Locks
23.3.5 Configuring the Behavior of Fenced Nodes
23.4 Use Cases for OCFS2
23.4.1 Load Balancing
23.4.2 Oracle Real Application Cluster (RAC)
23.4.3 Oracle Databases
23.5 For More Information About OCFS2
IV Authentication and Security
24 Authentication Configuration
24.1 About Authentication
24.2 About Local Oracle Linux Authentication
24.2.1 Configuring Local Access
24.2.2 Configuring Fingerprint Reader Authentication
24.2.3 Configuring Smart Card Authentication
24.3 About IPA Authentication
24.3.1 Configuring IPA Authentication
24.4 About LDAP Authentication
24.4.1 About LDAP Data Interchange Format
24.4.2 Configuring an LDAP Server
24.4.3 Replacing the Default Certificates
24.4.4 Creating and Distributing Self-signed CA Certificates
24.4.5 Initializing an Organization in LDAP
24.4.6 Adding an Automount Map to LDAP
24.4.7 Adding a Group to LDAP
24.4.8 Adding a User to LDAP
24.4.9 Adding Users to a Group in LDAP
24.4.10 Enabling LDAP Authentication
24.5 About NIS Authentication
24.5.1 About NIS Maps
24.5.2 Configuring an NIS Server
24.5.3 Adding User Accounts to NIS
24.5.4 Enabling NIS Authentication
24.6 About Kerberos Authentication
24.6.1 Configuring a Kerberos Server
24.6.2 Configuring a Kerberos Client
24.6.3 Enabling Kerberos Authentication
24.7 About Pluggable Authentication Modules
24.8 About the System Security Services Daemon
24.8.1 Configuring an SSSD Server
24.9 About Winbind Authentication
24.9.1 Enabling Winbind Authentication
25 Local Account Configuration
25.1 About User and Group Configuration
25.2 Changing Default Settings for User Accounts
25.3 Creating User Accounts
25.3.1 About umask and the setgid and Restricted Deletion Bits
25.4 Locking an Account
25.5 Modifying or Deleting User Accounts
25.6 Creating Groups
25.7 Modifying or Deleting Groups
25.8 Configuring Password Ageing
25.9 Granting sudo Access to Users
26 System Security Administration
26.1 About System Security
26.2 Configuring and Using SELinux
26.2.1 About SELinux Administration
26.2.2 About SELinux Modes
26.2.3 Setting SELinux Modes
26.2.4 About SELinux Policies
26.2.5 About SELinux Context
26.2.6 About SELinux Users
26.2.7 Troubleshooting Access-Denial Messages
26.3 About Packet-filtering Firewalls
26.3.1 Controlling the firewalld Firewall Service
26.3.2 Controlling the iptables Firewall Service
26.4 About TCP Wrappers
26.5 About chroot Jails
26.5.1 Running DNS and FTP Services in a Chroot Jail
26.5.2 Creating a Chroot Jail
26.5.3 Using a Chroot Jail
26.6 About Auditing
26.7 About System Logging
26.7.1 Configuring Logwatch
26.8 About Process Accounting
26.9 Security Guidelines
26.9.1 Minimizing the Software Footprint
26.9.2 Configuring System Logging
26.9.3 Disabling Core Dumps
26.9.4 Minimizing Active Services
26.9.5 Locking Down Network Services
26.9.6 Configuring a Packet-filtering Firewall
26.9.7 Configuring TCP Wrappers
26.9.8 Configuring Kernel Parameters
26.9.9 Restricting Access to SSH Connections
26.9.10 Configuring File System Mounts, File Permissions, and File Ownerships
26.9.11 Checking User Accounts and Privileges
27 OpenSSH Configuration
27.1 About OpenSSH
27.2 OpenSSH Configuration Files
27.2.1 OpenSSH User Configuration Files
27.3 Configuring an OpenSSH Server
27.4 Installing the OpenSSH Client Packages
27.5 Using the OpenSSH Utilities
27.5.1 Using ssh to Connect to Another System
27.5.2 Using scp and sftp to Copy Files Between Systems
27.5.3 Using ssh-keygen to Generate Pairs of Authentication Keys
27.5.4 Enabling Remote System Access Without Requiring a Password
V Virtualization
28 Linux Containers
28.1 About Linux Containers
28.1.1 Supported Oracle Linux Container Versions
28.2 Configuring Operating System Containers
28.2.1 Installing and Configuring the Software
28.2.2 Setting up the File System for the Containers
28.2.3 Creating and Starting a Container
28.2.4 About the lxc-oracle Template Script
28.2.5 About Veth and Macvlan
28.2.6 Modifying a Container to Use Macvlan
28.3 Logging in to Containers
28.4 Creating Additional Containers
28.5 Monitoring and Shutting Down Containers
28.6 Starting a Command Inside a Running Container
28.7 Controlling Container Resources
28.8 Configuring ulimit Settings for an Oracle Linux Container
28.9 Configuring Kernel Parameter Settings for Oracle Linux Containers
28.10 Deleting Containers
28.11 Running Application Containers
28.12 For More Information About Linux Containers
29 Using KVM with Oracle Linux
29.1 Installing Virtualization Packages
29.1.1 Virtualization Packages
29.1.2 Installing Virtualization Packages During System Installation
29.1.3 Installing Virtualization Packages on an Existing System
29.1.4 Checking the Libvirt Daemon Status