Red Hat Enterprise Linux 7

System Administrator's Guide

Deployment, Configuration, and Administration of Red Hat Enterprise Linux 7

Maxim Svistunov

Red Hat Customer Content Services

Marie Doleželová

Red Hat Customer Content Services

Stephen Wadeley

Red Hat Customer Content Services

Tomáš Čapek

Red Hat Customer Content Services

Jaromír Hradílek

Red Hat Customer Content Services

Douglas Silas

Red Hat Customer Content Services

Jana Heves

Red Hat Customer Content Services

Petr Kovář

Red Hat Customer Content Services

Peter Ondrejka

Red Hat Customer Content Services

Petr Bokoč

Red Hat Customer Content Services

Martin Prpič

Red Hat Product Security

Eliška Slobodová

Red Hat Customer Content Services

Eva Kopalová

Red Hat Customer Content Services

Miroslav Svoboda

Red Hat Customer Content Services

David O'Brien

Red Hat Customer Content Services

Michael Hideo

Red Hat Customer Content Services

Don Domingo

Red Hat Customer Content Services

John Ha

Red Hat Customer Content Services

Abstract

The System Administrator's Guide documents relevant information regarding the deployment, configuration, and administration of Red Hat Enterprise Linux 7. It is oriented towards system administrators with a basic understanding of the system.
I. Basic System Configuration
1. System Locale and Keyboard Configuration
1.1. Setting the System Locale
1.1.1. Displaying the Current Status
1.1.2. Listing Available Locales
1.1.3. Setting the Locale
1.2. Changing the Keyboard Layout
1.2.1. Displaying the Current Settings
1.2.2. Listing Available Keymaps
1.2.3. Setting the Keymap
1.3. Additional Resources
2. Configuring the Date and Time
2.1. Using the timedatectl Command
2.1.1. Displaying the Current Date and Time
2.1.2. Changing the Current Time
2.1.3. Changing the Current Date
2.1.4. Changing the Time Zone
2.1.5. Synchronizing the System Clock with a Remote Server
2.2. Using the date Command
2.2.1. Displaying the Current Date and Time
2.2.2. Changing the Current Time
2.2.3. Changing the Current Date
2.3. Using the hwclock Command
2.3.1. Displaying the Current Date and Time
2.3.2. Setting the Date and Time
2.3.3. Synchronizing the Date and Time
2.4. Additional Resources
3. Managing Users and Groups
3.1. Introduction to Users and Groups
3.1.1. User Private Groups
3.1.2. Shadow Passwords
3.2. Managing Users in a Graphical Environment
3.2.1. Using the Users Settings Tool
3.3. Using Command-Line Tools
3.3.1. Adding a New User
3.3.2. Adding a New Group
3.3.3. Creating Group Directories
3.3.4. Setting Default Permissions for New Files Using umask
3.4. Additional Resources
4. Access Control Lists
4.1. Mounting File Systems
4.1.1. NFS
4.2. Setting Access ACLs
4.3. Setting Default ACLs
4.4. Retrieving ACLs
4.5. Archiving File Systems With ACLs
4.6. Compatibility with Older Systems
4.7. ACL References
5. Gaining Privileges
5.1. The su Command
5.2. The sudo Command
5.3. Additional Resources
II. Subscription and Support
6. Registering the System and Managing Subscriptions
6.1. Registering the System and Attaching Subscriptions
6.2. Managing Software Repositories
6.3. Removing Subscriptions
6.4. Additional Resources
7. Accessing Support Using the Red Hat Support Tool
7.1. Installing the Red Hat Support Tool
7.2. Registering the Red Hat Support Tool Using the Command Line
7.3. Using the Red Hat Support Tool in Interactive Shell Mode
7.4. Configuring the Red Hat Support Tool
7.4.1. Saving Settings to the Configuration Files
7.5. Opening and Updating Support Cases Using Interactive Mode
7.6. Viewing Support Cases on the Command Line
7.7. Additional Resources
III. Installing and Managing Software
8. Yum
8.1. Checking For and Updating Packages
8.1.1. Checking For Updates
8.1.2. Updating Packages
8.1.3. Preserving Configuration File Changes
8.1.4. Upgrading the System Off-line with ISO and Yum
8.2. Working with Packages
8.2.1. Searching Packages
8.2.2. Listing Packages
8.2.3. Displaying Package Information
8.2.4. Installing Packages
8.2.5. Downloading Packages
8.2.6. Removing Packages
8.3. Working with Package Groups
8.3.1. Listing Package Groups
8.3.2. Installing a Package Group
8.3.3. Removing a Package Group
8.4. Working with Transaction History
8.4.1. Listing Transactions
8.4.2. Examining Transactions
8.4.3. Reverting and Repeating Transactions
8.4.4. Starting New Transaction History
8.5. Configuring Yum and Yum Repositories
8.5.1. Setting [main] Options
8.5.2. Setting [repository] Options
8.5.3. Using Yum Variables
8.5.4. Viewing the Current Configuration
8.5.5. Adding, Enabling, and Disabling a Yum Repository
8.5.6. Creating a Yum Repository
8.5.7. Adding the Optional and Supplementary Repositories
8.6. Yum Plug-ins
8.6.1. Enabling, Configuring, and Disabling Yum Plug-ins
8.6.2. Installing Additional Yum Plug-ins
8.6.3. Working with Yum Plug-ins
8.7. Additional Resources
IV. Infrastructure Services
9. Managing Services with systemd
9.1. Introduction to systemd
9.1.1. Main Features
9.1.2. Compatibility Changes
9.2. Managing System Services
9.2.1. Listing Services
9.2.2. Displaying Service Status
9.2.3. Starting a Service
9.2.4. Stopping a Service
9.2.5. Restarting a Service
9.2.6. Enabling a Service
9.2.7. Disabling a Service
9.3. Working with systemd Targets
9.3.1. Viewing the Default Target
9.3.2. Viewing the Current Target
9.3.3. Changing the Default Target
9.3.4. Changing the Current Target
9.3.5. Changing to Rescue Mode
9.3.6. Changing to Emergency Mode
9.4. Shutting Down, Suspending, and Hibernating the System
9.4.1. Shutting Down the System
9.4.2. Restarting the System
9.4.3. Suspending the System
9.4.4. Hibernating the System
9.5. Controlling systemd on a Remote Machine
9.6. Creating and Modifying systemd Unit Files
9.6.1. Understanding the Unit File Structure
9.6.2. Creating Custom Unit Files
9.6.3. Converting SysV Init Scripts to Unit Files
9.6.4. Modifying Existing Unit Files
9.6.5. Working with Instantiated Units
9.7. Additional Resources
10. OpenSSH
10.1. The SSH Protocol
10.1.1. Why Use SSH?
10.1.2. Main Features
10.1.3. Protocol Versions
10.1.4. Event Sequence of an SSH Connection
10.2. Configuring OpenSSH
10.2.1. Configuration Files
10.2.2. Starting an OpenSSH Server
10.2.3. Requiring SSH for Remote Connections
10.2.4. Using Key-based Authentication
10.3. OpenSSH Clients
10.3.1. Using the ssh Utility
10.3.2. Using the scp Utility
10.3.3. Using the sftp Utility
10.4. More Than a Secure Shell
10.4.1. X11 Forwarding
10.4.2. Port Forwarding
10.5. Additional Resources
11. TigerVNC
11.1. VNC Server
11.1.1. Installing VNC Server
11.1.2. Configuring VNC Server
11.1.3. Starting VNC Server
11.1.4. VNC setup based on xinetd with XDMCP for GDM
11.1.5. Terminating a VNC Session
11.2. Sharing an Existing Desktop
11.3. VNC Viewer
11.3.1. Installing VNC Viewer
11.3.2. Connecting to VNC Server
11.3.3. Connecting to VNC Server Using SSH
11.4. Additional Resources
V. Servers
12. Web Servers
12.1. The Apache HTTP Server
12.1.1. Notable Changes
12.1.2. Updating the Configuration
12.1.3. Running the httpd Service
12.1.4. Editing the Configuration Files
12.1.5. Working with Modules
12.1.6. Setting Up Virtual Hosts
12.1.7. Setting Up an SSL Server
12.1.8. Enabling the mod_ssl Module
12.1.9. Enabling the mod_nss Module
12.1.10. Using an Existing Key and Certificate
12.1.11. Generating a New Key and Certificate
12.1.12. Configure the Firewall for HTTP and HTTPS Using the Command Line
12.1.13. Additional Resources
13. Mail Servers
13.1. Email Protocols
13.1.1. Mail Transport Protocols
13.1.2. Mail Access Protocols
13.2. Email Program Classifications
13.2.1. Mail Transport Agent
13.2.2. Mail Delivery Agent
13.2.3. Mail User Agent
13.3. Mail Transport Agents
13.3.1. Postfix
13.3.2. Sendmail
13.3.3. Fetchmail
13.3.4. Mail Transport Agent (MTA) Configuration
13.4. Mail Delivery Agents
13.4.1. Procmail Configuration
13.4.2. Procmail Recipes
13.5. Mail User Agents
13.5.1. Securing Communication
13.6. Additional Resources
13.6.1. Installed Documentation
13.6.2. Online Documentation
13.6.3. Related Books
14. File and Print Servers
14.1. Samba
14.1.1. Introduction to Samba
14.1.2. Samba Daemons and Related Services
14.1.3. Connecting to a Samba Share
14.1.4. Mounting the Share
14.1.5. Configuring a Samba Server
14.1.6. Starting and Stopping Samba
14.1.7. Samba Security Modes
14.1.8. Samba Network Browsing
14.1.9. Samba Distribution Programs
14.1.10. Additional Resources
14.2. FTP
14.2.1. The File Transfer Protocol
14.2.2. The vsftpd Server
14.2.3. Additional Resources
14.3. Print Settings
14.3.1. Starting the Print Settings Configuration Tool
14.3.2. Starting Printer Setup
14.3.3. Adding a Local Printer
14.3.4. Adding an AppSocket/HP JetDirect printer
14.3.5. Adding an IPP Printer
14.3.6. Adding an LPD/LPR Host or Printer
14.3.7. Adding a Samba (SMB) printer
14.3.8. Selecting the Printer Model and Finishing
14.3.9. Printing a Test Page
14.3.10. Modifying Existing Printers
14.3.11. Additional Resources
15. Configuring NTP Using the chrony Suite
15.1. Introduction to the chrony Suite
15.1.1. Differences Between ntpd and chronyd
15.1.2. Choosing Between NTP Daemons
15.2. Understanding chrony and Its Configuration
15.2.1. Understanding chronyd
15.2.2. Understanding chronyc
15.2.3. Understanding the chrony Configuration Commands
15.2.4. Security with chronyc
15.3. Using chrony
15.3.1. Installing chrony
15.3.2. Checking the Status of chronyd
15.3.3. Starting chronyd
15.3.4. Stopping chronyd
15.3.5. Checking if chrony is Synchronized
15.3.6. Manually Adjusting the System Clock
15.4. Setting Up chrony for Different Environments
15.4.1. Setting Up chrony for a System Which is Infrequently Connected
15.4.2. Setting Up chrony for a System in an Isolated Network
15.5. Using chronyc
15.5.1. Using chronyc to Control chronyd
15.5.2. Using chronyc for Remote Administration
15.6. Additional Resources
15.6.1. Installed Documentation
15.6.2. Online Documentation
16. Configuring NTP Using ntpd
16.1. Introduction to NTP
16.2. NTP Strata
16.3. Understanding NTP
16.4. Understanding the Drift File
16.5. UTC, Timezones, and DST
16.6. Authentication Options for NTP
16.7. Managing the Time on Virtual Machines
16.8. Understanding Leap Seconds
16.9. Understanding the ntpd Configuration File
16.10. Understanding the ntpd Sysconfig File
16.11. Disabling chrony
16.12. Checking if the NTP Daemon is Installed
16.13. Installing the NTP Daemon (ntpd)
16.14. Checking the Status of NTP
16.15. Configure the Firewall to Allow Incoming NTP Packets
16.15.1. Change the Firewall Settings
16.15.2. Open Ports in the Firewall for NTP Packets
16.16. Configure ntpdate Servers
16.17. Configure NTP
16.17.1. Configure Access Control to an NTP Service
16.17.2. Configure Rate Limiting Access to an NTP Service
16.17.3. Adding a Peer Address
16.17.4. Adding a Server Address
16.17.5. Adding a Broadcast or Multicast Server Address
16.17.6. Adding a Manycast Client Address
16.17.7. Adding a Broadcast Client Address
16.17.8. Adding a Manycast Server Address
16.17.9. Adding a Multicast Client Address
16.17.10. Configuring the Burst Option
16.17.11. Configuring the iburst Option
16.17.12. Configuring Symmetric Authentication Using a Key
16.17.13. Configuring the Poll Interval
16.17.14. Configuring Server Preference
16.17.15. Configuring the Time-to-Live for NTP Packets
16.17.16. Configuring the NTP Version to Use
16.18. Configuring the Hardware Clock Update
16.19. Configuring Clock Sources
16.20. Additional Resources
16.20.1. Installed Documentation
16.20.2. Useful Websites
17. Configuring PTP Using ptp4l
17.1. Introduction to PTP
17.1.1. Understanding PTP
17.1.2. Advantages of PTP
17.2. Using PTP
17.2.1. Checking for Driver and Hardware Support
17.2.2. Installing PTP
17.2.3. Starting ptp4l
17.3. Using PTP with Multiple Interfaces
17.4. Specifying a Configuration File
17.5. Using the PTP Management Client
17.6. Synchronizing the Clocks
17.7. Verifying Time Synchronization
17.8. Serving PTP Time with NTP
17.9. Serving NTP Time with PTP
17.10. Synchronize to PTP or NTP Time Using timemaster
17.10.1. Starting timemaster as a Service
17.10.2. Understanding the timemaster Configuration File
17.10.3. Configuring timemaster Options
17.11. Improving Accuracy
17.12. Additional Resources
17.12.1. Installed Documentation
17.12.2. Useful Websites
VI. Monitoring and Automation
18. System Monitoring Tools
18.1. Viewing System Processes
18.1.1. Using the ps Command
18.1.2. Using the top Command
18.1.3. Using the System Monitor Tool
18.2. Viewing Memory Usage
18.2.1. Using the free Command
18.2.2. Using the System Monitor Tool
18.3. Viewing CPU Usage
18.3.1. Using the System Monitor Tool
18.4. Viewing Block Devices and File Systems
18.4.1. Using the lsblk Command
18.4.2. Using the blkid Command
18.4.3. Using the findmnt Command
18.4.4. Using the df Command
18.4.5. Using the du Command
18.4.6. Using the System Monitor Tool
18.5. Viewing Hardware Information
18.5.1. Using the lspci Command
18.5.2. Using the lsusb Command
18.5.3. Using the lscpu Command
18.6. Checking for Hardware Errors
18.7. Monitoring Performance with Net-SNMP
18.7.1. Installing Net-SNMP
18.7.2. Running the Net-SNMP Daemon
18.7.3. Configuring Net-SNMP
18.7.4. Retrieving Performance Data over SNMP
18.7.5. Extending Net-SNMP
18.8. Additional Resources
18.8.1. Installed Documentation
19. OpenLMI
19.1. About OpenLMI
19.1.1. Main Features
19.1.2. Management Capabilities
19.2. Installing OpenLMI
19.2.1. Installing OpenLMI on a Managed System
19.2.2. Installing OpenLMI on a Client System
19.3. Configuring SSL Certificates for OpenPegasus
19.3.1. Managing Self-signed Certificates
19.3.2. Managing Authority-signed Certificates with Identity Management (Recommended)
19.3.3. Managing Authority-signed Certificates Manually
19.4. Using LMIShell
19.4.1. Starting, Using, and Exiting LMIShell
19.4.2. Connecting to a CIMOM
19.4.3. Working with Namespaces
19.4.4. Working with Classes
19.4.5. Working with Instances
19.4.6. Working with Instance Names
19.4.7. Working with Associated Objects
19.4.8. Working with Association Objects
19.4.9. Working with Indications
19.4.10. Example Usage
19.5. Using OpenLMI Scripts
19.6. Additional Resources
20. Viewing and Managing Log Files
20.1. Locating Log Files
20.2. Basic Configuration of Rsyslog
20.2.1. Filters
20.2.2. Actions
20.2.3. Templates
20.2.4. Global Directives
20.2.5. Log Rotation
20.3. Using the New Configuration Format
20.3.1. Rulesets
20.3.2. Compatibility with sysklogd
20.4. Working with Queues in Rsyslog
20.4.1. Defining Queues
20.4.2. Creating a New Directory for rsyslog Log Files
20.4.3. Managing Queues
20.4.4. Using the New Syntax for rsyslog queues
20.5. Configuring rsyslog on a Logging Server
20.5.1. Using The New Template Syntax on a Logging Server
20.6. Using Rsyslog Modules
20.6.1. Importing Text Files
20.6.2. Exporting Messages to a Database
20.6.3. Enabling Encrypted Transport
20.6.4. Using RELP
20.7. Interaction of Rsyslog and Journal
20.8. Structured Logging with Rsyslog
20.8.1. Importing Data from Journal
20.8.2. Filtering Structured Messages
20.8.3. Parsing JSON
20.8.4. Storing Messages in the MongoDB
20.9. Debugging Rsyslog
20.10. Using the Journal
20.10.1. Viewing Log Files
20.10.2. Access Control
20.10.3. Using The Live View
20.10.4. Filtering Messages
20.10.5. Enabling Persistent Storage
20.11. Managing Log Files in a Graphical Environment
20.11.1. Viewing Log Files
20.11.2. Adding a Log File
20.11.3. Monitoring Log Files
20.12. Additional Resources
21. Automating System Tasks
21.1. Cron and Anacron
21.1.1. Installing Cron and Anacron
21.1.2. Running the Crond Service
21.1.3. Configuring Anacron Jobs
21.1.4. Configuring Cron Jobs
21.1.5. Controlling Access to Cron
21.1.6. Black and White Listing of Cron Jobs
21.2. At and Batch
21.2.1. Installing At and Batch
21.2.2. Running the At Service
21.2.3. Configuring an At Job
21.2.4. Configuring a Batch Job
21.2.5. Viewing Pending Jobs
21.2.6. Additional Command Line Options
21.2.7. Controlling Access to At and Batch
21.3. Scheduling a Job to Run on Next Boot Using a systemd Unit File
21.4. Additional Resources
22. Automatic Bug Reporting Tool (ABRT)
22.1. Introduction to ABRT
22.2. Installing ABRT and Starting its Services
22.2.1. Installing the ABRT GUI
22.2.2. Installing ABRT for the Command Line
22.2.3. Installing Supplementary ABRT Tools
22.2.4. Starting the ABRT Services
22.2.5. Testing ABRT Crash Detection
22.3. Configuring ABRT
22.3.1. Configuring Events
22.3.2. Creating Custom Events
22.3.3. Setting Up Automatic Reporting
22.4. Detecting Software Problems
22.4.1. Detecting C and C++ Crashes
22.4.2. Detecting Python Exceptions
22.4.3. Detecting Ruby Exceptions
22.4.4. Detecting Java Exceptions
22.4.5. Detecting X.Org Crashes
22.4.6. Detecting Kernel Oopses and Panics
22.5. Handling Detected Problems
22.5.1. Using the Command Line Tool
22.5.2. Using the GUI
22.6. Additional Resources
23. OProfile
23.1. Overview of Tools
23.1.1. operf vs. opcontrol
23.2. Using operf
23.2.1. Specifying the Kernel
23.2.2. Setting Events to Monitor
23.2.3. Categorization of Samples
23.3. Configuring OProfile Using Legacy Mode
23.3.1. Specifying the Kernel
23.3.2. Setting Events to Monitor
23.3.3. Separating Kernel and User-space Profiles
23.4. Starting and Stopping OProfile Using Legacy Mode
23.5. Saving Data in Legacy Mode
23.6. Analyzing the Data
23.6.1. Using opreport
23.6.2. Using opreport on a Single Executable
23.6.3. Getting More Detailed Output on the Modules
23.6.4. Using opannotate
23.7. Understanding the /dev/oprofile/ directory
23.8. Example Usage
23.9. OProfile Support for Java
23.9.1. Profiling Java Code
23.10. Graphical Interface
23.11. OProfile and SystemTap
23.12. Additional Resources
VII. Kernel, Module and Driver Configuration
24. Working with the GRUB 2 Boot Loader
24.1. Introduction to GRUB 2
24.2. Configuring the GRUB 2 Boot Loader
24.3. Making Temporary Changes to a GRUB 2 Menu
24.4. Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool
24.5. Customizing the GRUB 2 Configuration File
24.5.1. Changing the Default Boot Entry
24.5.2. Editing a Menu Entry
24.5.3. Adding a new Entry
24.5.4. Creating a Custom Menu
24.6. Protecting GRUB 2 with a Password
24.7. Reinstalling GRUB 2
24.7.1. Reinstalling GRUB 2 on BIOS-Based Machines
24.7.2. Reinstalling GRUB 2 on UEFI-Based Machines
24.7.3. Resetting and Reinstalling GRUB 2
24.8. GRUB 2 over a Serial Console
24.8.1. Configuring the GRUB 2 Menu
24.8.2. Using screen to Connect to the Serial Console
24.9. Terminal Menu Editing During Boot
24.9.1. Booting to Rescue Mode
24.9.2. Booting to Emergency Mode
24.9.3. Booting to the Debug Shell
24.9.4. Changing and Resetting the Root Password
24.10. Unified Extensible Firmware Interface (UEFI) Secure Boot
24.10.1. UEFI Secure Boot Support in Red Hat Enterprise Linux 7
24.11. Additional Resources
25. Manually Upgrading the Kernel
25.1. Overview of Kernel Packages
25.2. Preparing to Upgrade
25.3. Downloading the Upgraded Kernel
25.4. Performing the Upgrade
25.5. Verifying the Initial RAM Disk Image
25.6. Verifying the Boot Loader
26. Working with Kernel Modules
26.1. Listing Currently-Loaded Modules
26.2. Displaying Information About a Module
26.3. Loading a Module
26.4. Unloading a Module
26.5. Setting Module Parameters
26.6. Persistent Module Loading
26.7. Installing Modules from a Driver Update Disk
26.8. Signing Kernel Modules for Secure Boot
26.8.1. Prerequisites
26.8.2. Kernel Module Authentication
26.8.3. Generating a Public and Private X.509 Key Pair
26.8.4. Enrolling Public Key on Target System
26.8.5. Signing Kernel Module with the Private Key
26.8.6. Loading Signed Kernel Module
26.9. Additional Resources
VIII. System Backup and Recovery
27. Relax-and-Recover (ReaR)
27.1. Basic ReaR Usage
27.1.1. Installing ReaR
27.1.2. Configuring ReaR
27.1.3. Creating a Rescue System
27.1.4. Scheduling ReaR
27.1.5. Performing a System Rescue
27.2. Integrating ReaR with Backup Software
27.2.1. The Built-in Backup Method
27.2.2. Supported Backup Methods
27.2.3. Unsupported Backup Methods
A. RPM
A.1. RPM Design Goals
A.2. Using RPM
A.2.1. Installing and Upgrading Packages
A.2.2. Uninstalling Packages
A.2.3. Freshening Packages
A.2.4. Querying Packages
A.2.5. Verifying Packages
A.3. Finding and Verifying RPM Packages
A.3.1. Finding RPM Packages
A.3.2. Checking Package Signatures
A.4. Common Examples of RPM Usage
A.5. Additional Resources
B. Revision History
B.1. Acknowledgments
Index