SUSE® LINUX® Administration® Novell Training Services www.novell.com COURSE 3037 AUTHORIZED COURSEWARE Volume 1 Part # 100-005040-001 Version 3 Proprietary Statement Trademarks Copyright © 2005 Novell, Inc. All rights reserved. Novell, Inc. has attempted to supply trademark information about No part of this publication may be reproduced, photocopied, stored company names, products, and services mentioned in this manual. on a retrieval system, or transmitted without the express prior The following list of trademarks was derived from various sources. consent of the publisher. This manual, and any portion thereof, may not be copied without the express written permission of Novell, Inc. Novell, Inc. Trademarks Novell, Inc. Novell, the Novell logo, NetWare, BorderManager, ConsoleOne, 1800 South Novell Place DirXML, GroupWise, iChain, ManageWise, NDPS, NDS, NetMail, Provo, UT 84606-2399 Novell Directory Services, Novell iFolder, Novell SecretStore, Ximian, Ximian Evolution and ZENworks are registered trademarks; CDE, Certified Directory Engineer and CNE are Disclaimer registered service marks; eDirectory, Evolution, exteNd, exteNd Novell, Inc. makes no representations or warranties with respect to Composer, exteNd Directory, exteNd Workbench, Mono, NIMS, the contents or use of this manual, and specifically disclaims any NLM, NMAS, Novell Certificate Server, Novell Client, Novell express or implied warranties of merchantability or fitness for any Cluster Services, Novell Distributed Print Services, Novell Internet particular purpose. Messaging System, Novell Storage Services, Nsure, Nsure Further, Novell, Inc. reserves the right to revise this publication and Resources, Nterprise, Nterprise Branch Office, Red Carpet and Red to make changes in its content at any time, without obligation to Carpet Enterprise are trademarks; and Certified Novell notify any person or entity of such revisions or changes. Administrator, CNA, Certified Novell Engineer, Certified Novell Further, Novell, Inc. makes no representations or warranties with Instructor, CNI, Master CNE, Master CNI, MCNE, MCNI, Novell respect to any NetWare software, and specifically disclaims any Education Academic Partner, NEAP, Ngage, Novell Online express or implied warranties of merchantability or fitness for any Training Provider, NOTP and Novell Technical Services are service particular purpose. marks of Novell, Inc. in the United States and other countries. SUSE Further, Novell, Inc. reserves the right to make changes to any and is a registered trademark of SUSE Linux AG, a Novell company. all parts of NetWare software at any time, without obligation to For more information on Novell trademarks, please visit notify any person or entity of such changes. http://www.novell.com/company/legal/trademarks/tmlist.html. This Novell Training Manual is published solely to instruct students Other Trademarks in the use of Novell networking software. Although third-party Adaptec is a registered trademark of Adaptec, Inc. AMD is a application software packages are used in Novell training courses, trademark of Advanced Micro Devices. AppleShare and AppleTalk this is for demonstration purposes only and shall not constitute an are registered trademarks of Apple Computer, Inc. ARCserv is a endorsement of any of these software applications. registered trademark of Cheyenne Software, Inc. Btrieve is a Further, Novell, Inc. does not represent itself as having any registered trademark of Pervasive Software, Inc. EtherTalk is a particular expertise in these application software packages and any registered trademark of Apple Computer, Inc. Java is a trademark or use by students of the same shall be done at the students’ own risk. registered trademark of Sun Microsystems, Inc. in the United States and other countries. Linux is a registered trademark of Linus Software Piracy Torvalds. LocalTalk is a registered trademark of Apple Computer, Throughout the world, unauthorized duplication of software is Inc. Lotus Notes is a registered trademark of Lotus Development subject to both criminal and civil penalties. Corporation. Macintosh is a registered trademark of Apple Computer, Inc. Netscape Communicator is a trademark of Netscape If you know of illegal copying of software, contact your local Communications Corporation. Netscape Navigator is a registered Software Antipiracy Hotline. trademark of Netscape Communications Corporation. Pentium is a For the Hotline number for your area, access Novell’s World Wide registered trademark of Intel Corporation. Solaris is a registered Web page at http://www.novell.com and look for the piracy page trademark of Sun Microsystems, Inc. The Norton AntiVirus is a under “Programs.” trademark of Symantec Corporation. TokenTalk is a registered Or, contact Novell’s anti-piracy headquarters in the U.S. at 800- trademark of Apple Computer, Inc. Tru64 is a trademark of Digital PIRATES (747-2837) or 801-861-7101. Equipment Corp. UnitedLinux is a registered trademark of UnitedLinux. UNIX is a registered trademark of the Open Group. WebSphere is a trademark of International Business Machines Corporation. Windows and Windows NT are registered trademarks of Microsoft Corporation. All other third-party trademarks are the property of their respective owners. Contents Contents Introduction Course Objectives . Intro-2 Audience . Intro-2 Certification and Prerequisites. Intro-3 SLES 9 Support and Maintenance . Intro-5 SLES 9 Online Resources . Intro-6 Agenda . Intro-6 Scenario . Intro-7 Exercise Conventions. Intro-8 SECTION 1 Introduction to Managing the SUSE Linux Enterprise Server Objectives . 1-1 Objective 1 Describe SLES 9 . 1-2 What’s New in SLES 9 . 1-3 Hardware Support and System Requirements . 1-11 Service and Support . 1-16 Linux Standards and SLES 9 . 1-19 Exercise 1-1 Explore Your KDE Desktop . 1-21 Objective 2 Access and Use YaST . 1-26 YaST Basics . 1-26 The Role of SuSEconfig . 1-29 Exercise 1-2 Customize Your SLES 9 Installation With YaST 1-31 Version 3 Copying all or part of this manual, or distributing such copies, is strictly prohibited. TOC-1 To report suspected copying, please call 1-800-PIRATES. SUSE Linux Administration Objective 3 Monitor Your SLES 9 System . 1-35 Boot Log Information (/var/log/boot.msg) . 1-35 Hardware Information (/proc/) . 1-39 Hardware Information (Command Line Utilities) . 1-40 System and Process Information (Command Line Utilities) . 1-41 GUI Desktop Utilities . 1-46 Exercise 1-3 Gather Information About Your SLES 9 Server . 1-51 Summary . 1-54 SECTION 2 Manage User Access and Security Objectives . 2-1 Objective 1 Describe Basic Linux User Security Features . 2-2 File System Security Components . 2-2 Users and Groups . 2-3 Exercise 2-1 Check User and Group Information on Your Server . 2-15 Ownership and Access Permissions . 2-16 Objective 2 Manage Linux Users and Groups . 2-17 Create and Edit User Accounts With YaST . 2-17 Create and Edit Groups With YaST . 2-20 Edit User Account Properties . 2-24 Configure Account Password Settings . 2-26 Manage User Accounts From the Command Line . 2-28 Manage Groups From the Command Line . 2-31 Create Text Login Messages . 2-32 Exercise 2-2 Create and Manage Users and Groups From the Command Line . 2-34 TOC-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 3 To report suspected copying, please call 1-800-PIRATES. Contents Objective 3 Manage and Secure the Linux User Environment . 2-46 Perform Administrative Tasks as root . 2-46 Delegate Administrative Tasks With sudo . 2-49 Set Defaults for New User Accounts . 2-52 Configure Security Settings . 2-54 Exercise 2-3 Configure the Password Security Settings . 2-66 Objective 4 Secure Files and Directories With Permissions . 2-68 Permissions and Permission Values . 2-68 How to Set Permissions From the Command Line . 2-69 How to Set Permissions From a GUI Interface . 2-74 How to Modify Default Access Permissions . 2-76 How to Configure Special File Permissions . 2-78 How to Configure Additional File Attributes for ext2 . 2-80 Exercise 2-4 Set Permissions for Files and Directories From the Command Line . 2-82 Objective 5 Configure User Authentication With PAM . 2-84 Location and Purpose of PAM Configuration Files . 2-84 PAM Configuration File Structure . 2-86 PAM Configuration File Examples . 2-88 PAM Documentation Resources . 2-90 Exercise 2-5 Configure PAM Authentication for Digital Airlines Employees. 2-91 Objective 6 Implement and Monitor Enterprise Security Policies . 2-94 Guidelines for Implementing Security Policies . 2-94 Security Rules and Tips . 2-98 SuSE Security Information Resources . 2-99 How to Monitor Login Activity . 2-100 Exercise 2-6 Change the Security Settings. 2-105 Summary . .2-108 Version 3 Copying all or part of this manual, or distributing such copies, is strictly prohibited. TOC-3 To report suspected copying, please call 1-800-PIRATES. SUSE Linux Administration SECTION 3 Manage the Linux File System Objectives . 3-1 Objective 1 Select a Linux File System . 3-2 Linux File Systems . 3-3 Linux File System Formats . 3-6 Linux File System Characteristics . 3-14 File System Journaling . 3-20 Additional File System Documentation . 3-22 Objective 2 Configure Linux File System Partitions . 3-23 Partition Types . 3-23 Linux Device and Partition Names . 3-24 Design Guidelines for Implementing Partitions . 3-26 Design Guidelines for Optimizing Partitions . 3-28 How to Manage Partitions With YaST . 3-31 Exercise 3-1 Configure Partitions on Your Hard Drive . 3-41 Objective 3 Configure a File System With Logical Volume Management (LVM) . 3-45 LVM Components . 3-46 LVM Features . 3-48 How to Configure Logical Volumes With YaST . 3-48 Exercise 3-2 Create Logical Volumes . 3-54 Objective 4 Configure and Manage a Linux File System . 3-58 Create a File System From YaST . 3-58 Create a File System From the Command Line . 3-61 Mount a File System . 3-64 Exercise 3-3 Manage File Systems From the Command Line . 3-72 Monitor and Check a File System . 3-77 Create a Boot, Rescue, or Module Disk . 3-82 TOC-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited.