3101 Student Guide Printable PDF

Novell Training Services (en) 15 April 2009
SUSE Linux Enterprise 11

Fundamentals
Manual
Novell Training Services
)
www.novell.com
13
3101
AU THO RIZED CO UR SEWARE
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Part # 100-005234-001-REV A
Version 2
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents
or use of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
Novell, Inc., reserves the right to revise this publication and to make changes to
its content, at any time, without obligation to notify any person or entity of such
revisions or changes.
)
13
Further, Novell, Inc., makes no representations or warranties with respect to any
software, and specifically disclaims any express or implied warranties of
8/
merchantability or fitness for any particular purpose. Further, Novell, Inc.,
/2
reserves the right to make changes to any and all parts of Novell software, at any
-2
time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You agree to
2
/1
comply with all export control regulations and to obtain any required licenses or
classification to export, re-export or import deliverables. You agree not to export
01
or re-export to entities on the current U.S. export exclusion lists or to any
om e
embargoed or terrorist countries as specified in the U.S. export laws. You agree
9/
fr t b
to not use deliverables for prohibited nuclear, missile, or chemical biological
weaponry end uses. See the Novell International Trade Services Web page (http:/
id o
/www.novell.com/info/exports/) for more information on exporting Novell
al n
software. Novell assumes no responsibility for your failure to obtain any
necessary export approvals.
(v an
Copyright 2010 Novell, Inc. All rights reserved. No part of this publication
y -C
may be reproduced, photocopied, stored on a retrieval system, or transmitted
without the express written consent of the publisher.
m ED
Novell, Inc., has intellectual property rights relating to technology embodied in
the product that is described in this document. In particular, and without
de TT
limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/
ca MI
company/legal/patents/) and one or more additional patents or pending patent

applications in the U.S. and in other countries.
r A ER
Novell, Inc.
404 Wyman Street, Suite 500
ne P
Waltham, MA 02451
rt Y
U.S.A.
Pa P
www.novell.com
e CO
Online Documentation: To access the latest online documentation for

this and other Novell products, see the Novell Documentation Web
id D
page (http://www.novell.com/documentation).
ts R
ou HA
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://
1
www.novell.com/company/legal/trademarks/tmlist.html).
Third-Party Materials
ed
All third-party trademarks are the property of their respective owners.

us
or
ed
pi
co
Contents
Introduction 9
SECTION 1 Getting to Know SUSE Linux Enterprise 11 17
)
13
Objective 1 Performing Basic Tasks in SUSE Linux Enterprise 11 18
Exercise 1-1 Perform Five Basic Tasks in Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
8/
/2
Objective 2 Overview of SUSE Linux Enterprise 11 20
-2
Differences Between the Server and Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Advantages and Disadvantages of Installing the GUI . . . . . . . . . . . . . . . . . . . . . . 21
2
Overview of X Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
/1
Window Managers - GNOME and KDE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
01
om e
SLED 11 Applications - Office and Productivity . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9/
fr t b
SLED 11 Applications - Web Communication . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
SLED 11 Applications - Multimedia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
id o
al n
Objective 3 Use the GNOME Desktop Environment 25
(v an
Log In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
y -C
Understand Login Screen Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Log Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
26
27
m ED
Shut Down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Identify GNOME Desktop Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
de TT
Manage Icons in GNOME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

ca MI
Use the GNOME File Manager (Nautilus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Exercise 1-2 Work with Icons in GNOME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
r A ER
................................................................ 40
ne P
Exercise 1-3 Use the GNOME File Manager (Nautilus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

rt Y
Objective 4 Access the Command Line Interface from the Desktop 42

Pa P
Exercise 1-4 Access the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

e CO
Summary 45
id D
ts R
SECTION 2 Locate and Use Help Resources 47

ou HA
Objective 1 Access and Use man Pages 48

1
Exercise 2-1 Access and Use man Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Objective 2 Use info Pages 53
ed
Exercise 2-2 Access and Use info Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

us
Objective 3 Access Release Notes and White Papers 56

Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
or
Manuals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Help for Installed Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ed
Howtos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
pi
Exercise 2-3 Access Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

co
Version 2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3
To report suspected copying, please call 1-800-PIRATES.
SUSE Linux Enterprise 11 Fundamentals / Manual
Objective 4 Use GUI-Based Help 59

Objective 5 Find Help on the Web 60
Exercise 2-4 Find Help on the Web . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Summary 62
SECTION 3 Manage the Linux File System 65
)
13
Objective 1 Understand the File System Hierarchy Standard (FHS) 66
8/
The Hierarchical Structure of the File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
/2
FHS (File System Hierarchy Standard). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
-2
Exercise 3-1 Explore the SUSE Linux File System Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Objective 2 Identify File Types in the Linux System 82
2
/1
Normal Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
01
Two Special Directories (.) and (..). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
om e
Device Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
9/
fr t b
Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
id o
Sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
al n
First In, First Out (FIFO). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
(v an
Objective 3 Manage Directories with CLI and Nautilus 84
y -C
cd command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
ls command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
m ED
pwd command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
de TT
Exercise 3-2 Change Directories and List Directory Contents Using the CLI . . . . . . . . . . . . . . 88
ca MI
Objective 4 Create and View Files 89

Create a New File with touch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
r A ER
View a File with cat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

ne P
View a File with less . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

View a File with head and tail. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
rt Y
Exercise 3-3 Create and View Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Pa P
e CO
Objective 5 Work with Files and Directories 93

Copy and Move Files and Directories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
id D
Create Directories Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

ts R
Create Folders Using Nautilus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

ou HA
Delete Files and Directories Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Link Files Using the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
1
Link Files Using Nautilus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Exercise 3-4 Perform Multiple File Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
ed
Objective 6 Find Files on Linux 102

Use Graphical Search Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
us
Use the find Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

or
Use the locate Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Use the whereis Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
ed
Use the which Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Use the type Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
pi
Exercise 3-5 Find Files on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

co
4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 2
Objective 7 Search File Content 111
Use the grep Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Use Regular Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Exercise 3-6 Search File Content. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Objective 8 Perform Other File Operations with Nautilus 116
Set File Manager Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Create CDs of Your Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
)
13
Use Bookmarks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Share Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
8/
Archive Folders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
/2
Exercise 3-7 Manage Folders with Nautilus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
-2
Summary 121
2
/1
SECTION 4 Work with the Linux Shell and Command Line Interface (CLI) 125
01
om e
9/
Objective 1 Get to Know the Command Shells 126
fr t b
Types of Shells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
id o
bash Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
al n
Completion of Commands and Filenames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
(v an
Objective 2 Execute Commands at the Command Line 129
y -C
History Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
m ED
Switch to User root . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Exercise 4-1 Execute Commands at the Command Line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
de TT
Objective 3 Work with Variables and Aliases 131

ca MI
Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
r A ER
Aliases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Exercise 4-2 Perform Common Command Line Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
ne P
Objective 4 Understand Command Syntax and Special Characters 135

rt Y
Pa P
Select Your Character Encoding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

e CO
Use Search Patterns for Name Expansion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Prevent the Shell from Interpreting Special Characters . . . . . . . . . . . . . . . . . . . . 138
id D
Exercise 4-3 Work with Command Syntax and Special Characters . . . . . . . . . . . . . . . . . . . . . 139
ts R
ou HA
Objective 5 Use Piping and Redirection 140

Exercise 4-4 Use Piping and Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
1
Summary 145
SECTION 5 Administer Linux with YaST 149

ed
Objective 1 Get to Know YaST better 150

us
User Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

or
YaST Applets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Understand the Role of SuSEConfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
ed
Exercise 5-1 Get to Know YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

pi
co
Objective 2 Manage the Network Configuration Information from YaST 164

Network Configuration in SLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Network Configuration in SLED . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Exercise 5-2 Manage the Network Configuration Information from YaST . . . . . . . . . . . . . . . 175
Summary 176
SECTION 6 Manage Users, Groups, and Permissions 177
)
13
Objective 1 Manage User and Group Accounts with YaST 178
8/
Basics About Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
/2
User and Group Administration with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
-2
Exercise 6-1 Manage User Accounts with YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
2
Objective 2 Describe Basic Linux User Security Features 187
/1
Users and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
01
Exercise 6-2 Check User and Group Information on Your Server . . . . . . . . . . . . . . . . . . . . . . 193
om e
9/
fr t b
Objective 3 Manage User and Group Accounts from the Command Line 194
id o
Manage User Accounts from the Command Line. . . . . . . . . . . . . . . . . . . . . . . . . 194
al n
Manage Groups from the Command Line. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
(v an
Create Text Login Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Exercise 6-3 Create and Manage Users and Groups from the Command Line . . . . . . . . . . . . .
y -C 201
m ED
Objective 4 Manage File Permissions and Ownership 202
Understand File Permissions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
de TT
Change File Permissions with chmod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Change File Ownership with chown and chgrp . . . . . . . . . . . . . . . . . . . . . . . . . . 205
ca MI
Exercise 6-4 Manage File Permissions and Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

r A ER
Modify Default Access Permissions with umask . . . . . . . . . . . . . . . . . . . . . . . . . 207

Configure Special File Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207
ne P
Objective 5 Ensure File System Security 210

rt Y
Pa P
The Basic Rules for User Write Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

e CO
The Basic Rules for User Read Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

How Special File Permissions Affect the Security of the System . . . . . . . . . . . . 211
id D
Summary 213
ts R
ou HA
SECTION 7 Use the vi Linux Text Editor 217

1
Objective 1 Use the Editor vi to Edit Files 218

Start vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Use the Editor vi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
ed
Learn the Working Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

us
Exercise 7-1 Use vi to Edit Files in the Linux System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

or
ed
pi
co
Summary 222
SECTION 8 Manage Software for SUSE Linux Enterprise 11 223
Objective 1 Overview of Software Management in SUSE Linux Enterprise 11 224

Objective 2 Manage Software with YaST on SLES 11 227
Access YaST Software Manager on the Server . . . . . . . . . . . . . . . . . . . . . . . . . . 227
)
13
Search for Packages Using Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Show Installation Summaries on the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
8/
View Information About a Package on the Server . . . . . . . . . . . . . . . . . . . . . . . . 232
/2
Install Software on the Server with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
-2
View and Resolve Package Dependencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
2
Objective 3 Manage Software with YaST on SLED 11 234
/1
Use YaST Software Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
01
Install Software with YaST Software Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 235
om e
Use PackageKit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
9/
fr t b
Install Software with PackageKit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
id o
Exercise 8-1 Manage Software with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
al n
Exercise 8-2 Install Software with PackageKit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
(v an
Objective 4 Manage RPM Software Packages 240
y -C
RPM Components and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
m ED
RPM Basics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
Manage Software Packages with RPM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
de TT
Exercise 8-3 Manage Software with RPM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

ca MI
Objective 5 Manage Software with zypper 249

r A ER
Repository Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Package Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
ne P
Exercise 8-4 Manage Software with zypper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 6 Update and Patch SLE 254

Installing Service Packs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Patching and Updating Packages with zypper . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Installing Patched Packages with rpm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Installing Service Packs Using YaST Online Update (YOU). . . . . . . . . . . . . . . . 257
Managing Updates with Novell Subscription Management Tool (SMT) . . . . . . . 260
Summary 262
)
13
SECTION 9 Course 3101 and 3102 LPIC-1 Addendum 263
8/
/2
Objective 1 Use Debian Package Management 269
-2
Debian Linux basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Manage Software Packages Using apt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
2
/1
Managing Software Packages Using dpkg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272
01
Objective 2 yum Package Management 274
om e
9/
fr t b
YUM Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
YUM: /etc/yum.conf and /etc/yum.repos.d/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
id o
Using yumdownloader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
al n
(v an
Objective 3 SQL Data Management 280
Manipulate data in an SQL database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
y -C
Query an SQL database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
m ED
Objective 4 Install and Configure X11 287
de TT
X11 Installation, Video Card and Monitor Requirements . . . . . . . . . . . . . . . . . . 287

Understanding the X Font Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
ca MI
Understanding the X Window Configuration File . . . . . . . . . . . . . . . . . . . . . . . . 293

r A ER
Objective 5 Message Transfer Agent (MTA) Basics 295

ne P
Understanding Linux MTA programs: sendmail . . . . . . . . . . . . . . . . . . . . . . . . . 295

rt Y
Understanding Linux MTA programs: postfix . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Pa P
Understanding newaliases, qmail, and exim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

e CO
Using mail, mailq, ~/.forward, and aliases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

sendmail emulation layer commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
id D
Objective 6 Fundamentals of TCP-IP (dig) 309

ts R
ou HA
Use dig to Perform a DNS Lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309

List of Syntax and Query Options for dig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
1
Using dig Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313

Summary 322
ed
us
or
ed
pi
co
Introduction
Introduction
In the SUSE Linux Enterprise 11 Fundamentals (3101) course, you learn the basic
Linux skills necessary to prepare you for performing administrative tasks on SUSE
)
13
Linux Enterprise 11 platforms.
8/
These skills, along with those taught in the SUSE Linux Enterprise 11 Administration
/2
Course (3102), prepare you to take the Novell Certified Linux Administrator 11
-2
(Novell CLA 11) certification test.
2
Your kit for Course 3101 contains the following media:
/1
01
SUSE Linux Enterprise 11 Fundamentals Manual
om e
9/
fr t b
SUSE Linux Enterprise 11 Fundamentals Workbook
id o
SUSE Linux Enterprise 11 Fundamentals Course DVD. This DVD contains the
al n
course manual in PDF format, this workbook in PDF format, and a readme file.
(v an
In addition, there are several folders with the following content:

y -C
Exercises. This folder contains files used for the course exercises.
m ED
Documents. This folder contains all the documentation guides referenced in
de TT
the course manual.

ca MI
Setup. This folder contains all the files you need to set up your practice
environment.
r A ER
VMs. This folder contains the Virtual Machines used in the course.
ne P
SUSE Linux Enterprise Server 11 Product DVD

rt Y
Pa P
SUSE Linux Enterprise Desktop 11 Product DVD

e CO
The SUSE Linux Enterprise 11 Fundamentals Course DVD contains two VMware
id D
virtual machines (DA1SUSE Linux Enterprise 11 Server; and DA-SLEDSUSE

ts R
Linux Enterprise 11 Desktop) that you can use with the SUSE Linux Enterprise 11
ou HA
Fundamentals Workbook outside the classroom to practice the skills in this course.
1
NOTE: Instructions for setting up a self-study environment are in the setup directory on the Course
DVD.
ed
us
Course Objectives
In this course, you will do the following:

or
Become familiar with the Linux Desktop and confident in your ability to perform
ed

basic tasks in Linux.
pi
Learn how to get help for all problems you might have.
co
Understand the structure of the Linux file system and how to work in the file
system (e.g. copying, moving).
Learn how to work with the Linux Shell and Command Line Interface.
Learn how to manage software packages with the configuration tool YaST2.
Learn how to manage users, groups and file permissions to ensure a basic file
system security.
)
13
Learn how to edit configuration files with an graphical editor or the command
8/
line editor vi.
/2
Learn how to manage software with RPM.
-2
These are fundamental and prerequisite to learning the skills of an entry-level SUSE
2
Linux administrator or help desk technician in an enterprise environment.
/1
01
om e
Audience
9/
fr t b
id o
While the primary audience for this course is administrators who are interested in
al n
SUSE Linux Enterprise 11, certification candidates with experience in other
(v an
operating systems can also use this course to begin preparing for the Novell CLA 11
exam.
y -C
m ED
Certification and Prerequisites
de TT
This course helps you prepare for the Novell Certified Linux Administrator 11
ca MI
(Novell CLA 11) Test. The Novell CLA 11 is the entry-level certification for SUSE
r A ER
Linux Enterprise 11.

ne P
As with all Novell certifications, course work is recommended. To achieve the

certification, you are required to pass the Novell CLA 11 (050-720).
rt Y
Pa P
The exam tests you on objectives in this course (SUSE Linux Enterprise
e CO
Fundamentals - Course 3101) and in course 3102, SUSE Linux Enterprise 11

Administration.
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Introduction
The following illustrates the training/testing path for Novell CLA 11:
Figure Intro-1
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
NOTE: For more information about Novell certification programs and taking the Novell CLA 11
exam, see the Novell Certifications Web site (http://www.novell.com/training/certinfo) and the
CLA 11 site (http://www.novell.com/training/certinfo/cla11).
SUSE Linux Enterprise Server 11 Support and Maintenance
The copy of SUSE Linux Enterprise Server 11 you receive in your student kit is a
)
13
fully functioning copy of the SUSE Linux Enterprise Server 11 product.
8/
However, to receive official support and maintenance updates, you need to do one of
/2
the following:
-2
Register for a free registration/serial code that provides you with 60 days of
2
support and maintenance.
/1
01
Purchase a copy of SUSE Linux Enterprise Server 11 from Novell (or an
om e
authorized dealer).
9/
fr t b
You can obtain your free 60-day support and maintenance code at the SUSE Linux
id o
Enterprise Server 11 Evaluation Download Site (http://www.novell.com/products/
al n
server/eval.html).
(v an
y -C
NOTE: You will need to have or create a Novell login account to access the 60-day evaluation.
m ED
de TT
SUSE Linux Enterprise Desktop 11 Support and Maintenance

ca MI
The copy of SUSE Linux Enterprise Desktop 11 you receive in your student kit is a
r A ER
fully functioning copy of the SUSE Linux Enterprise Desktop 11 product.

ne P
However, to receive official support and maintenance updates, you need to do one of
rt Y
the following:
Pa P
e CO
Register for a free registration/serial code that provides you with 60 days of
support and maintenance.
id D
Purchase a copy of SUSE Linux Enterprise Desktop 11 from Novell (or an

ts R

authorized dealer).
ou HA
You can obtain your free 60-day support and maintenance code at the SUSE Linux
1
Enterprise Desktop 11 Evaluation Download Site (http://www.novell.com/products/

desktop/eval.html).
ed
NOTE: You will need to have or create a Novell login account to access the 60-day evaluation.
us
or
ed
pi
co
Introduction
Novell Customer Center
Novell Customer Center is an intuitive, web-based interface that helps you to manage
your business and technical interactions with Novell. Novell Customer Center
consolidates access to information, tools, and services such as
Automated registration for new SUSE Linux Enterprise products
Patches and updates for all shipping Linux products from Novell
)
13
Order history for all Novell products, subscriptions, and services
8/
Entitlement visibility for new SUSE Linux Enterprise products
/2
-2
Linux subscription-renewal status
Subscription renewals Novell or its partners
/1
For example, a company might have an administrator who needs to download SUSE
01
om e
Linux Enterprise software updates, a purchaser who wants to review the order
9/
fr t b
history, and an IT manager who has to reconcile licensing. With Novell Customer
Center, the company can meet all these needs in one location and can give each user
id o
al n
access rights appropriate to their roles.
(v an
You can access the Novell Customer Center at (http://www.novell.com/center).
y -C
m ED
SUSE Linux Enterprise Server 11 Online Resources
de TT
Novell provides a variety of online resources to help you configure and implement
SUSE Linux Enterprise Server 11.
ca MI
r A ER
These include the following:

The Novell home page for SUSE Linux Enterprise Server 11 (http://
ne P

www.novell.com/products/server/)
rt Y
Pa P
The Novell Documentation web site for SUSE Linux Enterprise Server 11 (http:/
e CO
/www.novell.com/documentation/sles11/index.html)
id D
The home page for all Novell Linux support, which includes links to support
ts R
options such as the Knowledge base, downloads, and FAQs (http://

ou HA
support.novell.com/linux/)
The Novell Cool Solutions web site, which provides the latest implementation
1
guidelines and suggestions from Novell on a variety of products, including SUSE

Linux (http://www.novell.com/coolsolutions)
ed
us
or
ed
pi
co
Agenda
The following is the agenda for this 3-day course:
Table Intro-1
Section Duration
)
13
Day 1 Introduction 40 minutes
8/
Section 1:Getting to Know SUSE Linux Enterprise 11 2 Hours
/2
Section 2: Locate and Use Help Resources 1 Hour
-2
Section 3: Manage the Linux File System 3 Hours
2
Day 2 Section 4: Work with the Linux Shell and Command Line Interface 2 Hours
/1
(CLI)
01
om e
Section 5: Administer Linux with YaST 2 Hours
9/
fr t b
Section 6: Manage Users, Groups, and Permissions 2 Hours
id o
al n
Day 3 Section 6: Manage Users, Groups, and Permissions 2.5 Hours
(v an
(continued)
y -C
Section 7: Use the vi Linux Text Editor 30 Minutes
m ED
Section 8: Manage Software for SUSE Linux Enterprise 11 1 Hour
de TT
ca MI
Exercise Conventions
r A ER
When working through an exercise, you will see conventions that indicate
information you need to enter that is specific to your server.
ne P
rt Y
The following describes the most common conventions:

Pa P
italicized/bolded text. This is a reference to your unique situation, such as the

e CO

host name of your server.
id D
For example, if the host name of your server is DA1, and you see the following:
ts R
ou HA
hostname.digitalairlines.com
you would enter:
1
DA1.digitalairlines.com
10.0.0.xx. This is the IP address that is assigned to your SUSE Linux Enterprise
ed
Server 10 server.
us
For example, if your IP address is 10.0.0.50, and you see the following:
or
10.0.0.xx
ed
you would enter:

pi
10.0.0.50
co
Introduction
Select. The word select is used in exercise steps to indicate a variety of actions
including clicking a button on the interface and selecting a menu item.
Enter and Type. The words enter and type have distinct meanings.
The word enter means to type text in a field or at a command line and press the
Enter key when necessary. The word type means to type text without pressing the
Enter key.
)
13
If you are directed to type a value, make sure you do not press the Enter key or
you might activate a process that you are not ready to start.
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Getting to Know SUSE Linux Enterprise 11
SECTION 1 Getting to Know SUSE Linux Enterprise 11
Introduction
)
13
This course provides an introduction to the core concepts of Novell SUSE Linux
Enterprise 11 (SLE 11). Many of the skills, applications, and commands used in
8/
SUSE Linux Enterprise 11 are common across both the Desktop and Server
/2
platforms.
-2
Throughout this course the terms SUSE Linux Enterprise Desktop 11 (SLED 11) and
2
SUSE Linux Enterprise Server 11 (SLES 11) may be used interchangeably. In
/1
addition, while the exercises may be performed on only one platform, unless
01
om e
otherwise noted, they could be done on either platform.
9/
fr t b
id o
Section Overview
al n
(v an
This section helps you get to know some of the basic features of SUSE Linux
Enterprise 11. You are introduced to the Graphical User Interface (GUI) and the
y -C
Command Line Interface (CLI).
m ED
de TT
Objectives
ca MI
1. Performing Basic Tasks in SUSE Linux Enterprise 11 on page 18

r A ER
2. Overview of SUSE Linux Enterprise 11 on page 20

ne P
3. Use the GNOME Desktop Environment on page 25

rt Y
Access the Command Line Interface from the Desktop on page 42

Pa P
4.
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Performing Basic Tasks in SUSE Linux Enterprise 11

Many of the tasks that you might be familiar with in the administration of a Microsoft
Windows machine, can be done in a similar fashion in SUSE Linux Enterprise 11.
To help ease the transition from Windows to SUSE Linux Enterprise 11, you will start
with an exercise in which you perform several tasks in Linux that are similar to
common Windows administration tasks.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 1-1 Perform Five Basic Tasks in Linux

In this exercise, you perform five basic tasks on the SUSE Linux Enterprise Desktop
11 machine to help you become familiar with and confident in working with the
Linux environment.
This exercise can be found in the Workbook.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 Overview of SUSE Linux Enterprise 11

In this section, you will learn the basics of both SUSE Linux Enterprise Desktop
(SLED) and SUSE Linux Enterprise Server (SLES).
The following will be discussed:
Differences Between the Server and Desktop on page 20
)
13
Advantages and Disadvantages of Installing the GUI on page 21
8/
Overview of X Windows on page 21
/2
Window Managers - GNOME and KDE on page 22
-2
SLED 11 Applications - Office and Productivity on page 23
2
/1
SLED 11 Applications - Web Communication on page 24
01
SLED 11 Applications - Multimedia on page 24
om e

9/
fr t b
Differences Between the Server and Desktop
id o
al n
SLED and SLES are Linux distributions that are both based on the same code base
(v an
from SUSE. However, the SLED distribution has been optimized to function as an
end-user workstation. It includes services and applications that would typically
y -C
required in the workstation role, such as OpenOffice.org.
m ED
SLES, on the other hand, has been optimized to function as a server. It includes
de TT
services and applications typically used in the server role, such as DNS, DHCP,
Apache Web Server, and so on. (See Table 1-1)
ca MI
r A ER
One thing that distinguishes both SLES and SLED from other operating systems is
their ability to be run with or without a graphical user interface (GUI). You cannot
ne P
install Windows without its GUI.

rt Y
Pa P
The Linux GUI is an application. You can choose whether or not to install it. In other
e CO
words, you can skip the GUI installation and run Linux solely from the terminal
windows command line interface (CLI). Most Linux servers run without the GUI,
id D
whereas Linux desktops will likely have the GUI installed.

ts R
ou HA
Most services in Linux can be configured by editing an ASCII text file, so you do not
need a GUI if you want your computer to act only as a server.
1
Table 1-1
ed
SLED SLES
us
Runs as a workstation with monitor and GUI. Often runs headless (without a monitor) and
does not require a GUI.
or
Runs end-user programs such as Runs server applications such as DNS,

ed
OpenOffice.org, banshee (music player) F- DHCP, Apache Web Server and so on.
spot (photo manager) and games.
pi
Meant to be run on a single machine, though it Meant to accommodate many users and
co
can accommodate many users. machines.
SLED SLES
Tight security, although not as strict as the Uses stricter security features, such as more
server. frequent authentication to perform
administrator tasks.
Advantages and Disadvantages of Installing the GUI
)
Installing a graphical user interface has the following advantages:
13
8/
Ease of use. Like any GUI, the Linux Desktop makes it easier to find and access
/2
functionality, especially for beginning users and for those who would prefer not
-2
to use the CLI. Other users may find it easier to use the command line after they
have learned to navigate it.
2
/1
Functionality. The functionality of programs like the YaST system tool
01
sometimes exceeds that of the command line, especially for Open Enterprise
om e
Server (OES) Services.
9/
fr t b
Familiarity. The SUSE Linux desktop is full-featured and similar to other
id o
desktop environments such as Microsoft Windows or Mac OS.
al n
(v an
Not installing a graphical user interface has the following advantages:
y -C
Stability. Every program contains errors that can make your system unstable.
m ED
The fewer programs are installed, the more stable your system will be. A
graphical user front end is a large program that might contain a large number of
de TT
undiscovered programming errors, even if the error ratio is low.

ca MI
Performance. Every running program needs system resources. Fewer programs

running on your computer means increased performance.
r A ER
You need to distinguish between graphical applications, which run in their own
ne P
windows, and text-based applications, which are carried out in a terminal window.
rt Y
Pa P
Overview of X Windows
e CO
The X Window System was created in 1984 at Massachusetts Institute of Technology

id D
(MIT). The goal was to be able to use graphical applications across a network,
ts R
independent of hardware.
ou HA
The X Window System allows graphical applications to be displayed and operated on

1
any monitor, without running the applications on the machines to which these
monitors are connected.
The basis for this is the separation into a server component (X server) and the
ed
application itself (client application). The X server and client application

us
communicate with each other by way of various communication channels.

or
X server. The X server controls the graphical screen. This corresponds roughly
to a graphics driver on other systems. In addition, it manages the input devices,
ed
such as keyboard and mouse, and transmits their actions to the X client.
pi
The X server, however, has nothing to do with the appearance of the window and
co
the desktop; this is the task of the window manager. XFree86 and XOrg are free
implementations of the X server. SUSE Linux Enterprise Server 11 defaults to

using XOrg.
Client application. The client application is a graphical application that uses the
services of the X server to receive keyboard and mouse actions and to have its
own output displayed on the screen.
NOTE: The communication between X server and X client uses the network protocol TCP/
)
13
IPeven if the server and client run on the same computer.
8/
/2
Window Managers - GNOME and KDE
-2
Window managers are specialized client applications. A window manager works
2
together with the X server and provides additional functionality. The window
/1
manager
01
om e
Provides control elements
9/
fr t b
Manages virtual desktops
id o
al n
Provides functionality of window frames (for example, changing their size)
(v an
The X Window System is not linked to any specific window manager and thus it is
y -C
not linked to any particular look and feel.
m ED
SUSE Linux Enterprise Server 11 is currently released with several window
managers, including Metacity (the GNOME window manager) and Tab Window
de TT
Manager (twm).
ca MI
Desktop environments go far beyond the look and feel window managers provide for
r A ER
desktops and manipulating windows. The aim is to provide clients with a unified look
and feel:
ne P
rt Y
GNOME (GNU Network Object Model Environment) is the standard graphical

Pa P
desktop for SUSE Linux Enterprise Server 11.

e CO
You can install another open-source desktop, the KDE (Kool Desktop
Environment) desktop, instead.
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
As can be seen in the following figure, the X server is running on computer da5,
while the X applications are running on computers da1 and da2:
Figure 1-1
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
The applications are displayed, however, on the monitor attached to DA5. All of
rt Y
these computers can be running different operating systems.

Pa P
e CO
SLED 11 Applications - Office and Productivity

id D
SLED 11 offers a full set of applications comparable to those available on Windows

ts R
or MacOS. Some of the office and productivity applications are:

ou HA
OpenOffice.org 3.x Novell Edition

1
OpenOffice Writer (Text Documents)

OpenOffice Impress (Presentations)
ed
OpenOffice Calc (Spreadsheets)

us
OpenOffice Draw (Drawings)

OpenOffice Math (Formulas)
or
OpenOffice Database Wizard

ed
Photo editing
pi
GIMP 2.6
co
F-Spot 0.5
Vector Graphics: Inkspace 0.4

PDFs: Adobe Reader 8
Note taking: Tomboy Notes
SLED 11 Applications - Web Communication

Web browser: Firefox 3.x
)
13
E-mail
8/
Evolution 2.24
/2
Groupwise Client 7
-2

Instant Messaging: Pidgin 2.5
2
/1
SLED 11 Applications - Multimedia
01
om e
Audio/Video
9/
fr t b

Banshee 1.4
id o

al n
Adobe Flash Player 10
(v an
Moonlight Media Player

y -C
PulseAudio
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 3 Use the GNOME Desktop Environment

GNOME is an intuitive desktop environment that supports drag and drop. Numerous
programs are specifically designed for GNOME. Using these programs requires an
understanding of how to navigate in GNOME.
To use the GNOME desktop environment, you need to know how to do the
following:
)
13
Log In on page 25
8/
Understand Login Screen Options on page 26
/2
-2
Log Out on page 27
Shut Down on page 28
/1
Identify GNOME Desktop Components on page 29
01
om e
Manage Icons in GNOME on page 34
9/
fr t b
Use the GNOME File Manager (Nautilus) on page 38
id o
al n
Work with Icons in GNOME on page 40
(v an
on page 40

y -C
Use the GNOME File Manager (Nautilus) on page 41
m ED
Log In
de TT
If computer users want to work with a multiuser-capable operating system, they must
ca MI
first identify themselves to the operating system. For this purpose, they need
r A ER
A login string or user name

ne P
A password (usually assigned by the system administrator when a new user is

rt Y
added)
Pa P
e CO
When the computer is booted and ready for work, the following login dialog appears:
id D
Figure 1-2
ts R
ou HA
ed 1
us
or
ed
pi
co
Understand Login Screen Options

In the lower left corner of the login screen, you will notice four options:
Restart. Restarts the system.
NOTE: Only root is allowed to reboot the system. Enter the root password.
)
13
Shut Down. Shuts down your computer.
8/
Cancel. Cancels the login.
/2
Log In. Select this after entering the password.
-2

1. Type a surname and press Enter.
2
/1
2. Then type your password and press Enter again. If the login is successful,
01
the following GNOME desktop environment appears:
om e
9/
fr t b
Figure 1-3
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Log Out
When you are ready to log out of the system, do the following:
1. Open the Computer menu (also called main menu) in the bottom panel.
Figure 1-4
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
2. From the System panel on the right side, select Logout.

r A ER
A confirmation dialog appears.

ne P
Figure 1-5
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
3. Select Log Out to end the session or Switch User to suspend the session and to
co
allow another user to log in.
NOTE: If you select Switch User and do not have a regular user account created, you will return as
root user.
Shut Down
Older computers that do not have power management and cannot switch themselves
off can be switched off when the following message appears:
)
13
Master Resource Control: runlevel 0 has been reached
8/
/2
If you switch the machine off too soon, this could lead to loss of data.
-2
2
NOTE: You should always shut down your computer before you turn it off.
/1
01
om e
1. Go to the Computer (main) menu at the bottom of the screen.
9/
fr t b
2. Select Shutdown from the System panel on the right side.
id o
al n
The following dialog is displayed:
(v an
Figure 1-6
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
3. Click Shut Down.

or
You will be asked to authenticate as root, since only root has the permission to
shut down the system.
ed
pi
NOTE: On SUSE Linux Enterprise Server 11 machines, only root is allowed to shut down the
co
system. When prompted, enter the root password. On SUSE Linux Enterprise Desktop 11
machines, any user can shut down the computer.
Figure 1-7
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
Enter the root password and click Authenticate.
al n
4.
(v an
Identify GNOME Desktop Components
y -C
This section explains the components on the
m ED
Bottom Panel on page 29
de TT
Main Menu on page 30

ca MI
Application Browser on page 31

r A ER
System Menu on page 31

ne P
Status Menu on page 32

rt Y
Pa P
Network Settings on page 33

e CO
id D
Bottom Panel
ts R
ou HA
The GNOME desktop includes one panel at the bottom of the screen.
Figure 1-8
ed 1
The menu at the left side of the panel is labeled Computer. It is called the main
us
menu.
or
The empty space in the middle of the panel includes the task manager. All opened
windows and applications on the screen will be listed here.
ed
At the right of the panel you will see more icons. Which icons are present depends on
pi
your hardware and other factors. Here are some possible icons:
co
Monitor. Lets you configure display settings.
Battery. Power management for laptops.

Speaker. Volume control.
Clock. Shows date and time.
Board. Minimizes all open windows or shows them again on the desktop.
Workspaces. Links to workspaces are discreet areas in the GNOME Desktop in
which you can work.
)
13
8/
Main Menu
/2
-2
You can start a program with an icon on the desktop by double-clicking the icon, but
normally, programs are started from the main menu.
2
/1
Figure 1-9
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
At the top of the left frame you see three menu buttons, representing three different
1
filters:
Applications
ed
This is the default view, showing favorite and recent applications.

us
Documents
or
Shows documents you have been working on recently.

ed
Places
pi
Shows favorite places like servers, file system, and desktop.

co
In the left frame, is a button labeled More Applications. When you select this button,
the application browser appears.
Figure 1-10
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
Application Browser
e CO
The right frame of the application browser shows a list of the most important installed
applications. The applications are grouped and you can see a list of the groups in the
id D
ts R
left frame. Select a group to see only the applications that belong to this group.
ou HA
The filter option adds even more flexibility. Enter a part of the name of the
application you want to start in the Filter text box in the left frame. The filtered
1
applications are shown immediately in the right frame.

ed
System Menu
us
In the right frame of the main menu, there are five system options:
or
Help. Starts the online help.

ed
Control Center. Starts the GNOME Control Center where you can configure
your desktop.
pi
co
YaST. (SUSE Linux Enterprise Server) The YaST Control Center is a collection
of graphical system configuration tools unique to SUSE Linux Enterprise. For
more information, see Section 5.
Install Software. Shows a list of the available software on your registered
installation media.
Lock Screen. (SUSE Linux Enterprise Desktop) Locks the screen. To unlock,
you have to enter your password.
)
13
Log Out. Allows you to log out of the system or to switch the user.
8/
/2
Shutdown. Allows you to shut down, restart, or hibernate the system.
-2
2
Status Menu
/1
At the bottom of the right frame you can see the System Monitor and the Network
01
om e
Monitor:
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
The System Monitor displays the following tabs:

ca MI
System: Basic system information such as hardware used, BIOS information,

r A ER

disk space
ne P
Processes: A list of processes and their status, CPU usage, ID, and waiting
rt Y
channel
Pa P
e CO
Resources: CPU usage, memory and swap usage

File Systems: File systems used, their devices, type, and used/available disk
id D

space
ts R
ou HA
Hardware: Hardware installed

1
The following graphic shows the Resources tab:

ed
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
Network Settings
ne P
The Network option under the Status menu is a shortcut to the YaST module Network
rt Y
Settings found in YaST > Network Devices > Network Settings. It allows you to
Pa P
configure the network, IPv6 settings, DHCP settings, Hostname/DNS settings, and
e CO
routing.
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Manage Icons in GNOME

You can manage icons on your desktop in different ways. For simplicity, we will
describe only the most important methods.
You can find icons in the following three areas on your desktop:
Desktop Icons
)
Panel Icons
13

Main Menu Icons
8/

/2
-2
Desktop Icons
2
To create an icon for an application on your desktop, do the following:
/1
01
1. Select the item in your application menu.
om e
9/
fr t b
2. Drag it to a free space on your desktop and release the mouse button.
id o
Notice there is a small plus icon at the mouse pointer when moving the icon. This
al n
indicates that a copy of the icon will be created.
(v an
y -C
To Create a New Folder
m ED
1. Right-click a free space on your desktop. A menu appears:
de TT
Figure 1-11
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
At the top of the pop-up menu there are three menu options to create a new icon:
Create Folder. This creates a new and empty folder icon.
or
Create Launcher. Creates a new application launcher.

ed
Create Document. Creates an empty document.

pi
co
2. Click Create Folder.

3. When the icon appears, enter the folders name.
Figure 1-12
)
13
8/
/2
-2
2
To create a new Launcher
/1
01
1. Right-click on the desktop.
om e
9/
fr t b
2. Click Create Launcher. A dialog appears:
id o
Figure 1-13
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
3. Enter the following information:

id D
ts R
Type. Type of file to be launched.

ou HA
Name. Name and label of the launcher.

Command. Command that should be executed when double-clicking the
1

launcher icon.
Comment. (Optional) Tool tip that appears when you hover the mouse
ed
pointer over the icon.

us
Icon. (Optional) Icon representing the launcher you are creating.

or
4. Click OK.
ed
pi
co
Create a new Document
Depending on your installed software, various document types are available in this
menu. Immediately after a default installation, however, you can create only an
empty text file.
2. Select New Document.
)
13
3. When the icon appears, enter the text files name.
8/
/2
-2
Figure 1-14
2
/1
01
om e
9/
fr t b
id o
al n
(v an
Panel Icons
y -C
To add new programs to the bottom panel, do the following:
m ED
1. Right-click a free area of the panel.
de TT
2. Select Add to Panel.

ca MI
3. From the dialog that appears, select the application you want to add.
r A ER
4. Right-click its icon to add the program to the panel.

ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Figure 1-15
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
To remove a program from the control panel, do the following:

rt Y
Pa P
1. Right-click its icon in the bottom panel.

e CO
2. Select Remove From Panel.

id D
To move icons in the panel, do the following:

ts R
ou HA
1. Hold down the right mouse button.

2. Select Move from the Context menu.
1
Main Menu Icons

ed
Only the user root is allowed to add a new entry to a menu. Normal users are only
us
allowed to declare favorite applications. To add icons to your favorites, do the

or
following:
Open the main menu in the panel.
ed
1.
The menu appears.

pi
co
2. Select More Applications.
3. Select an application item in the right frame with the right mouse button.
4. Select Add to Favorites from the pop-up menu.
Use the GNOME File Manager (Nautilus)

GNOME provides its own file manager, called Nautilus.
Figure 1-16
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
To start Nautilus, do one of the following:

de TT
Select the usernames Home icon on the desktop.

ca MI
or
r A ER
Select Nautilus from the main menu.

ne P
rt Y
By default, Nautilus is marked as a favorite application. Normally, Nautilus shows

Pa P
the content of the users home directory after starting. The right frame of the Nautilus
e CO
window shows the content of the current directory.

id D
You can see your current position in the location bar below the tool bar. All higher
ts R
directories are shown as buttons. Select one of these buttons to switch into the higher
ou HA
directory.
ed 1
us
or
ed
pi
co
The Nautilus Side Panel
The left frame is called Side Panel.

Figure 1-17
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
At the top of the side panel there is a menu where you can select the content of the
id o
al n
side panel:
(v an
Places. Shows the most important directories and devices to store files.

y -C
Desktop. Lists the contents of the desktop.
m ED
File System. Shows the file system folders.
de TT
Network. Shows any network locations.

ca MI
CD-ROM Drive. Shows the contents of any media in any CD-ROM drives
r A ER
present.
Floppy Drive. Shows the contents of any media in any floppy drives present.
ne P

rt Y
For more information on the Nautilus File Browser, see Section 3: Manage the
Pa P
Linux File System.

e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 1-2 Work with Icons in GNOME

In the first exercise, you added a new launcher icon to your desktop. In this exercise,
you add a panel icon to and remove a panel icon from the bottom panel.
You will find this exercise in the workbook.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 1-3 Use the GNOME File Manager (Nautilus)

In this exercise, you explore your GNOME desktop and learn how to use the
GNOME File Manager Nautilus.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 4 Access the Command Line Interface from the Desktop

A classic multi-user environment can be implemented by connecting several
terminals (dialog stations) monitor and keyboard units to the serial interface of a
single computer.
You can also connect several terminals to the serial interface in a Linux system.
However, because more than one person often uses the same PC, virtual terminals
)
13
were created in Linux.
8/
With virtual terminals, you can work in Linux as if you had several classic terminals
/2
available at the same time.
-2
You can have up to six virtual terminals (F1-F6) running on your computer. F7
2
represents the Graphical User Interface (GUI).
/1
To switch between individual terminals, do the following:
01
om e
9/
fr t b
1. Press Ctrl+Alt+Fx.
id o
For example, to switch to terminal 3, press Ctrl+Alt+F3.
al n
You can determine the terminal currently being used from the ttyx number (tty1
(v an
tty6) (tty is an abbreviation for teletype, which is another word for terminal).
y -C
When you switch to a virtual terminal, a login prompt appears:
m ED
Welcome to SUSE Linux Enterprise Server 11 (i586) - Kernel
de TT
2.6.16.14-6-default (tty1).
ca MI
r A ER
ne P
rt Y
da51 login:
Pa P
e CO
2. Enter your login name and password.

id D
To log out, enter exit.

ts R
3.
ou HA
To switch back to your graphical user interface,

Press Ctrl+Alt+F7.
1
1.
To access a terminal window directly from the desktop,

ed

us
2. Select Open in Terminal.

You can also start a terminal emulation from the main menu:
or
From the main menu, select Gnome Terminal (shown in the following picture)
ed
1.
or
pi
co
2. From the System application group, select X Term.
Figure 1-18
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
The terminal appears inside a window with options you can select to modify the
display of the terminal (such as font and background color).
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 1-4 Access the Command Line Interface

In this exercise, you practice switching to a virtual terminal and then switching back
to the graphical user interface. You also log in to and log out of a virtual terminal.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Overview of SUSE Linux You cannot install Windows without its graphical user
Enterprise 11 interface (GUI). In contrast, the Linux GUI is an
application. You can choose whether or not to install it.
)
13
In other words, you can skip the GUI installation and
run Linux solely from the terminal windows command
8/
line interface (CLI). Most Linux servers run without the
/2
GUI, whereas Linux desktops will likely have the GUI
installed.
-2
Most services in Linux can be configured by editing an
2
ASCII text file, so you do not need a GUI if you want
/1
your computer to act only as a server.
01
om e
Know the following:
9/
fr t b
Advantages and Disadvantages of Installing the GUI
id o
Window Managers - GNOME and KDE
al n

(v an
2. Use the GNOME Desktop You learned how to log in and log out of the GNOME
Environment system and how to navigate in the GNOME desktop
y -C environment.
m ED
You learned how to manage icons at
de TT
The GNOME desktop

The bottom panel
ca MI
The Applications menu

r A ER
GNOMEs file manager is called Nautilus.

ne P
3. Access the Command Line SUSE Linux Enterprise Server provides the user with
rt Y
Interface from the Desktop six virtual terminals.

Pa P
e CO
You can use the key combinations Ctrl+Alt+F1 to

Ctrl+Alt+F6 to switch between the individual terminals.
id D
You can switch back to your graphical user interface by

ts R
pressing Ctrl+Alt+F7.
ou HA
With Gnome Terminal you can access the command

line interface within a window.
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Locate and Use Help Resources
SECTION 2 Locate and Use Help Resources
The Linux operating system, in general, is very well documented with many
resources for help information. This section shows you how to find and use several
)
13
sources of help information.
8/
/2
Objectives
-2
1. Access and Use man Pages on page 48
2
/1
2. Use info Pages on page 53
01
om e
3. Access Release Notes and White Papers on page 56
9/
fr t b
4. Use GUI-Based Help on page 59
id o
al n
5. Find Help on the Web on page 60
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Access and Use man Pages

The most important command for help is man (an abbreviation of manual or man
page). To display the man page of the man command, open a command prompt and
enter: man man.
If the English man pages are not shown automatically with the man command, you
can display the English version of the man page by using the option LANG=en_EN.
)
13
For example, to display the English version of the man page for the man command,
8/
enter the following: LANG=en_EN man man.
/2
Using the parameter LANG=en_EN switches to the English language for the
-2
requested man pages only.
2
/1
NOTE: All manual pages are available in English and many have been translated into other
01
languages. Because these translations are often incomplete or not maintained, we recommend using
om e
9/
fr t b
the English versions.
id o
al n
The following is the first page of the manual pages for the man command:
(v an
Figure 2-1
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
The header of each manual page contains the command name at the left and right
ed
sides and the section number to which the manual page belongs. In the center of the
pi
header is the name of the section. The last line usually contains the date of the last
changes.
co
A manual page is usually divided into the following parts:
Table 2-1
Part Contents
NAME Name and short description of the command
)
13
SYNOPSIS Description of the syntax
8/
DESCRIPTION Detailed description of the command
/2
OPTIONS Description of all available options
-2
COMMANDS Instruction that can be given to the program while it is running
2
FILES Files connected in some way to the command
/1
01
SEE ALSO Hints on related commands
om e
9/
fr t b
DIAGNOSTICS Possible error messages of the program
EXAMPLES Examples of calling up a command
id o
al n
BUGS Known errors and problems with the command
(v an
y -C
The less command is used automatically to view one screen of information at a time
while viewing man pages. The following keys can be used with the less command:
m ED
de TT
Table 2-2
ca MI
Key Command Description

r A ER
Space Page one screen forward.

ne P
b Page one screen backward.

rt Y
Pa P
PageDown Page half a screen forward.

e CO
PageUp Page half a screen backward.

id D
Down-arrow, Enter Jump one line forward.

ts R
Up-arrow Jump one line backward.

ou HA
End Go to end of the manual page.

1
Home Go to beginning of manual page.
/expression Search forward from the current cursor position for expression;
matching line is displayed as first line on the screen.
ed
?expression Search backwards from current cursor position for expression;

us
matching line is displayed as first line on the screen.

or
n Move to next instance of expression in the search.

ed
N Move to previous instance of expression in the search.

pi
q End display of the manual page.

co
The manual pages are organized in the following sections:
Table 2-3
Section Contents
1 Executable programs and shell commands (user commands)
2 System calls
3 Functions and library routines
)
13
4 Device files
8/
5 Configuration files and file formats
/2
6 Games
-2
7 Macro packages and file formats
2
/1
8 System administration commands
01
p Programmers manual
om e
9/
fr t b
For example, entering the following displays general information about the crontab
id o
command:
al n
(v an
man 1 crontab
y -C
Entering the following displays information about the configuration file for the
m ED
crontab command (the configuration file is also named crontab):
man 5 crontab
de TT
ca MI
It is especially important to know to which section a command belongs when there is

more than one manual for a command.
r A ER
For example, the uname command is both a user command and a system call.
ne P
Entering the following displays information about the user command:

rt Y
Pa P
man 1 uname
e CO
Entering the following displays information about the system call (such as name and
id D
information about the current kernel):

ts R
man 2 uname
ou HA
You can display a brief description of all the available manual pages for a command
1
or utility by using the whatis command (as in the following):

Figure 2-2
ed
us
or
ed
pi
co
NOTE: In SUSE Linux Enterprise, the manual pages are located in the /usr/share/man/ directory.
If you enter man -k keyword or apropos keyword, a list of manual pages in which
the keyword appears in the NAME section is displayed. For example:
Figure 2-3
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 2-1 Access and Use man Pages

In this exercise, you learn how to use the whatis and man command and how to
navigate in the help text.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 Use info Pages

Many programs no longer use the man pages. Instead, the help information can be
found in information files which can be accessed with the info command.
In SUSE Linux Enterprise Server, the info files are located in the /usr/share/info/
directory.
)
The following is the beginning of the info file for the info command:
13
8/
Figure 2-4
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
The following are advantages of the info file format:

1
It uses a structured document setup.

ed
Specific sections can be reached directly from the table of contents.

us
Specific sections can be linked.

The following are the most commonly used key commands for the info command:
or
ed
pi
co
Table 2-4
Key Command Description
Space, PageDown Page down one screen.
Backspace, PageUp Page up one screen.
b Move cursor to the beginning of current info page.
)
13
e Move cursor to the end of current info page.
8/
Tab Move cursor to the next reference (*).
/2
Enter Follow the reference.
-2
n Move to the next info page of the same level (Next:).
2
/1
p Move to the previous info page of the same level.
01
u Move one level higher.
om e
9/
fr t b
l Move back to the last text displayed; end help.
id o
s Search in the info page.
al n
h Display help.
(v an
? List a summary of commands.
q
y -C End display of info document.
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 2-2 Access and Use info Pages

In this exercise, you learn how to use the info command and how to navigate in the
info text.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 3 Access Release Notes and White Papers

Release notes, white papers, and other helpful sources of information are stored in the
/usr/share/doc/ directory. This directory contains the following:
Release Notes on page 56
Manuals on page 57
)
13
Help for Installed Packages on page 57
8/
Howtos on page 57
/2
Access Release Notes on page 58
-2
Release Notes
2
/1
When you complete the installation of SUSE Linux Enterprise Server, the release
01
notes appear in a window.
om e
9/
fr t b
id o
al n
Figure 2-5
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
If you want to access these release notes later, you can find them in the directory:
or
/usr/share/doc/release-notes/SUSE_Linux_Enterprise_Server_11/ or /usr/share/
ed
doc/release-notes/SUSE_Linux_Enterprise_Desktop_11/.
pi
co
Two release note files are available:

RELEASE-NOTES.en.html
RELEASE-NOTES.en.rtf
The content of these files is identical. Only the file format is different.
Manuals
)
13
The administration manual is also installed during the installation of SUSE Linux
8/
Enterprise Server 11. It is contained in the directory /usr/share/doc/manual/, along
/2
with the other available manuals:
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
NOTE: This applies only to the server. The administration manual is not installed on the desktop.
de TT
ca MI
Help for Installed Packages

r A ER
Help files are available in the following directory for most installed packages:
ne P
/usr/share/doc/packages/package-name
rt Y
Pa P
These help files are written by the programmers of the package. Therefore, the format
e CO
of these files is not standardized. Some packages provide help files in HTML, while
others are in regular ASCII.
id D
ts R
Howtos
ou HA
You can find additional information (including background material) in the howtos.
1
There is a howto for almost every imaginable topic in Linux. On SLED 11 and SLES
11 the howtos are not installed by default, but you can install them manually from
The Linux Documentation Project web site:
ed
http://tldp.org/docs.html
us
This site has a list of all current howtos (together with available translations). The
or
howtos are also available in ASCII, PostScript, and HTML.

ed
SUSE Linux Enterprise Server installation media contain a large number of howtos.
The howtos of the Linux Documentation Project (TLDP) in HTML format are
pi
installed in the /usr/share/doc/howto/en/html/ directory.

co
Exercise 2-3 Access Release Notes

In this exercise, you access release notes.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 4 Use GUI-Based Help

An online help tool is also available for graphical applications of SUSE Linux
Enterprise Server 11.
To start the online help, select Help in the System area of the main menu. Use the
links to navigate through the content.
)
Figure 2-6
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
You also can use the search function to quicken your search for help. Enter a topic in
Pa P
e CO
the Search text box in the tool bar and press Enter.
The online help is available in most GNOME applications and can be started by
id D
pressing F1.
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 5 Find Help on the Web

You can find an extensive collection of information about Linux on the Internet for
both for general issues and special issues. The following are some of the more
frequently used Linux sites:
Novell/Linux (http://www.novell.com/linux/)
TLDP web site (http://www.tldp.org)
13
Kernel.org (http://www.kernel.org) (especially for issues in connection with the
8/
Linux kernel)
/2
-2
To find other sources of information, you can use a search web site such as Google.
Google offers a special search web site for questions about Linux at Google/Linux
2
(http://www.google.com/linux).
/1
01
om e
NOTE: Be careful with information you find on personal home pages. This information can be old
9/
fr t b
or wrong.
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 2-4 Find Help on the Web

In this exercise, you learn how to find help on the web. You look for updates for
SUSE Linux Enterprise Server 11 on the Novell support web site. You also use the
Google Linux search engine to find information on GNOME and SLES11 on the
internet.
)
13
(End of Exercise)
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1 Access and Use man Pages The most important command for online help is man.
The manual pages are always divided into parts and
)
arranged according to various sections.
13
Use the less command to view the manual pages.
8/
/2
2. Use info Pages Many programs are no longer provided with manual
pages. Instead, info files are used, which can be read
-2
with the info command.
2
The following are advantages of the info format:
/1
01
Structured document setup is available.
om e
Specific sections can be reached directly from the
9/
fr t b

table of contents.
id o
Links between specific sections are possible.
al n
(v an
3. Access Release Notes and White The release notes can be found in the following
Papers directory:
y -C /usr/share/doc/release-notes/
m ED
In /usr/share/doc/manual/
de TT
sles-admin_en/ both a PDF and an HTML version of

the administrator manual are available.
ca MI
Howtos are not available after the installation of the

r A ER
SUSE Linux Enterprise Server 11. If you install them

manually, you can find them in the following directory:
ne P
/usr/share/doc/howto/en/
rt Y
Pa P
For most installed packages, help files are available in

e CO
the following directory:
/usr/share/doc/packages/
id D
package-name
ts R
ou HA
4. Use GUI-Based Help SUSE Linux Enterprise Server 11 provides a help

system for graphical applications.
1
To start the online help, select Help from the main

menu.
Help programs are available in most GNOME

ed
applications and can be started by pressing F1.

us
or
ed
pi
co
Objective Summary
5. Find Help on the Web The Internet is a very extensive source of expert
knowledge for general issues and special issues with
Linux.
The following are a few of the more commonly used

web sites:
)
13
Novell/linux (http://www.novell.com/linux/)
TLDP web site (http://www.tldp.org)
8/

/2
Cert.org (http://www.cert.org)
-2
Security Focus (http://www.securityfocus.com)
2
Kernel.org (http://www.kernel.org)
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Manage the Linux File System
SECTION 3 Manage the Linux File System
In this section, you learn about the structure of the Linux file system and the most
important file operation commands for working at the command line.
)
13
8/
Objectives
/2
-2
1. Understand the File System Hierarchy Standard (FHS) on page 66
2
2. Identify File Types in the Linux System on page 82
/1
3. Manage Directories with CLI and Nautilus on page 84
01
om e
Create and View Files on page 89
9/
fr t b
4.
5. Work with Files and Directories on page 93
id o
al n
6. Find Files on Linux on page 102
(v an
7. Search File Content on page 111
8.
y -C
Perform Other File Operations with Nautilus on page 116
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Understand the File System Hierarchy Standard (FHS)

The file system concept of Linux (and, in general, of all UNIX systems) is
considerably different than that of other operating systems:
Files in the file systems can be spread out over several devices. Each file system
can be mounted any place in the directory hierarchy. With other file systems,
each file system is placed on the same level, at the top. With Linux, the file
)
13
systems can be placed at lower levels of the directory structure.
8/
A filename in Linux can be up to 255 characters long. It can contain any number
/2
of special characters (_ or %, for example).
-2
Certain characters (the dollar sign $, the semicolon ;, or the space, for
example) have a special meaning. If you want to use one of these characters
2
/1
without the associated special meaning, the character must be preceded by a \
01
(backslash) to mask (switch off) its special meaning.
om e
9/
fr t b
You can use umlauts, letters with diacritical marks, or other language-specific
characters.
id o
al n
(v an
NOTE: Using language-specific characters can lead to problems if you exchange data with
people in other countries using other settings, because these characters are not present on their
y -C
keyboards.
m ED
Linux differentiates between upper-case and lower-case letters. For example, the
de TT
file names Invoice, invoice, and INVOICE refer to three different files.
ca MI
To understand the concept of the Linux file system, you need to understand the
r A ER
following:
ne P
The Hierarchical Structure of the File System on page 66

rt Y
FHS (File System Hierarchy Standard) on page 69

Pa P
e CO
Explore the SUSE Linux File System Hierarchy on page 81

id D
The Hierarchical Structure of the File System

ts R
ou HA
The file system concept of Linux involves a hierarchical file system that can be
shown in the form of a tree.
1
This tree is not limited to a local partition. It can stretch over several partitions, which
can be located on different computers in a network. It begins at the root directory (/),
from which the name for the system administrator comes, and branches out like the
ed
branches of a tree.
us
The following shows part of a typical file system tree:

or
ed
pi
co
Figure 3-1
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
A file in this directory tree is uniquely defined by its path. A path refers to the
e CO
directory names which lead to this file.

id D
The separation character between individual directory names is the slash (/). The
ts R
path can be specified in two ways:

ou HA
As an absolute path starting from the root of the entire file system tree.
1
The absolute path always begins with a slash (/), the symbol for the root
directory.
ed
As a relative path starting from the current directory.

us
or
ed
pi
co
Figure 3-2
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
In this example, the current position in the file system is geekos home directory. To
de TT
change to the /etc directory, you can use either one of the following commands:
ca MI
absolute path: cd /etc

r A ER
relative path: cd ../../etc

ne P
Sometimes it is necessary to specify the absolute path, because certain files can only
rt Y
be uniquely addressed in this way. The length of the path cannot exceed 4096
Pa P
characters, including the slashes.

e CO
Each directory contains two directories that allow relative path specifications.
id D
ts R
One of these entries (.) points to the directory itself. The other entry (..) points to
ou HA
the entry one level higher in the hierarchy.

1
NOTE: As in the Windows command prompt (cmd), cd is the command used to change the current
working directory. It will be explained later in detail.
ed
us
or
ed
pi
co
FHS (File System Hierarchy Standard)

The structure of the file system is described in the File System Hierarchy Standard
(FHS). The FHS specifies which directories must be located on the first level after the
root directory and what they contain. The current version of FHS is 2.3 (January
2004), and a description is available at http://www.pathname.com/fhs/pub/fhs-
2.3.html.
)
The FHS does not dictate all details. In some areas it allows for your own definitions.
13
The FHS defines a two-layered hierarchy:
8/
The directories in the top layer (immediately below the root directory /).
/2

-2
As a second layer, the directories under /usr and /var.
2
Figure 3-3
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
Root Directory (/)
Similar to the root of the C: drive (C:\) in Windows, the root directory refers to the
ed
highest layer of the file system tree. Normally only directories (not files) are located
us
here. When the system is booted, the partition on which this directory is located is the
first one mounted.
or
As the kernel cannot fulfill all the tasks of the operating system, all programs that are
ed
run at system start must be available on this partition (they cannot be located on
pi
another partition).
co
The following directories always have to be on the same partition as the root
directory: /bin, /dev, /etc, /lib, and /sbin.
Essential Binaries for Use by All Users (/bin)
Similar to the C:\Program Files directory in Windows, the /bin directory contains
important binaries (executable programs) that are required when no other file systems
)
are mounted, such as all programs necessary for the system start.
13
8/
These include the various shells, the most important commands for working with
/2
files, and several commands for system analysis and configuration.
-2
The following table provides an overview of the contents of the /bin directory:
2
/1
Table 3-1
01
om e
9/
fr t b
File Description
id o
/bin/bash The bash shell
al n
/bin/cat Displaying files
(v an
/bin/cp Copying files
/bin/dd
y -C Copying files byte-wise
m ED
/bin/gzip Compressing files
de TT
/bin/mount Mounting file systems

ca MI
/bin/rm Deleting files

r A ER
/bin/vi vi editor
ne P
rt Y
Boot Directory (/boot)

Pa P
e CO
Similar to the C:\Windows\System directory in Windows, the /boot directory contains

system files. Specifically, it contains
id D
ts R
Static files related to the boot loader GRUB (Grand Unified Bootloader). These
ou HA
files (with the exception of configuration files) are required for the boot process.
The backed-up information for the Master Boot Record (MBR) and the system
1

map files. They contain information about where exactly the kernel is located on
the partition. The MBR backup file is called backup_mbr.
ed
The kernel, which has the file name vmlinuz. vmlinuz is actually a symbolic link
to the actual kernel file. According to the FHS, however, the kernel can also be
us
located directly in the root directory.

or
ed
Other Partitions (/data)

pi
If YaST, the graphical administration tool, finds other (non-Windows) partitions or

co
another hard disk during the installation, it creates mount points for each partition
labeled datax (/data1, /data2,and so on).
Device Files (/dev)
Each hardware component in the system (such as hard drive partitions, CD drives,
printer, and mouse) is represented as a file in the /dev directory.
The hardware components are addressed via these files by writing to or reading from
one of these files. Two kinds of device files are included:
Character-oriented device files (for devices working sequentially, such as printer,
)
13
mouse, or tape drive)
8/
Block-oriented device files (such as floppy disks and hard drives).
/2
The connection to device drivers in the kernel is implemented via numbered
-2
channels, which correspond to the number of the device driver in question. These are
2
referred to as major device numbers.
/1
01
A driver might be responsible for several devices of the same type. To distinguish
om e
between these devices, the minor device number is used.
9/
fr t b
Instead of the size of the files, these two numbers are displayed (the files do not
id o
occupy any space on the hard drive anyway):
al n
(v an
y -C
m ED
de TT
In this example, you want a long list of all SCSI and SATA hard drives in the /dev
ca MI
directory. You enter

r A ER
ls -l /dev/sda*
ne P
The major device number 8 is listed for all files. This refers to the driver for SCSI
rt Y
hard drives.
Pa P
e CO
The minor device numbers are 0, 1, and 2 (they run from 1 to 15 for SCSI hard
drives).
id D
ts R
Many device files are already available by default. Some of these, however, are never
ou HA
needed. If special device files are required for specific devices, you can generate
these with the mknod command. The necessary parameters must be provided by the
1
hardware manufacturer.
The null device /dev/null is also located in this directory. The null device is a special
file that discards all data written to it (but reports that the write operation succeeded),
ed
and provides no data to any process that reads from it. Program output that would
us
normally be sent to the screen can be redirected to this device (for example, using
redirects). The redirected data will be deleted.
or
ed
pi
co
The following are some important device files:
Table 3-2
Device Device File Description
Terminals /dev/console The system console
)
13
/dev/tty1 The first virtual console, reachable with Ctrl+Alt+F1.
8/
Serial ports /dev/ttyS0 The first serial port.
/dev/ttyS*
/2
-2
Parallel ports /dev/lp0 The first parallel port.
/dev/lp*
2
Floppy disk drives /dev/fd0 The first floppy disk drive. If the drives are addressed
/1
/dev/fd* via the device files fd0 and fd1, the kernel tries to
01
recognize the floppy disk format itself.
om e
9/
fr t b
IDE hard drives /dev/hda The first IDE hard drive on the first IDE controller.
id o
/dev/hdc The first IDE hard drive on the second IDE controller.
al n
/dev/hd* To label the partitions, the device names are given
(v an
numbers. Numbers 1 to 4 refer to the primary
y -C partitions, higher numbers to logical partitions.
Example: /dev/hda1 is the first primary partition (1) on
m ED
the first IDE hard drive (a).
de TT
The limit of the number of partitions for IDE drives is

63.
ca MI
IDE CD-ROM drives /dev/hd* The drives are named in the same way as the IDE
r A ER
hard drives. This means that the CD-ROM drive /dev/

hdd is the second drive on the second IDE controller.
ne P
SCSI hard drives /dev/sda The first SCSI hard drive

rt Y
Pa P
/dev/sda* With SCSI hard drives, the device names are given
e CO
numbers to label the various partitions. For example, /

dev/sda1 is the first primary partition on the first SCSI
id D
hard drive.
ts R
The limit of the number of partitions for SCSI/SATA

ou HA
drives is 15.
SATA hard drives /dev/sda The first SATA hard drive

1
/dev/sda* With SATA hard drives, the device names are given
numbers to label the various partitions. For example, /
dev/sda1 is the first primary partition on the first SATA
ed
hard drive.
us
SCSI CD-ROM drives /dev/scd0 The first SCSI CD-ROM drive.

or
/dev/scd*
ed
pi
co
Configuration Files (/etc)
Similar to C:\WINDOWS, this directory and its subdirectories contain system

configuration files. Almost all these files are ASCII files, which can be processed
with any editor.
Normal users can read nearly all of these files, but only root can edit them. According
to the FHS, no executable programs can be located here.
)
13
However, the subdirectories contain many shell scripts. Some important
8/
configuration files are listed in the following table:
/2
-2
Table 3-3
2
File Description
/1
01
/etc/SuSE-release Version number of the installed SUSE Linux Enterprise Server
om e
9/
fr t b
/etc/inittab Configuration file for the init process
id o
/etc/init.d/* Scripts for starting services
al n
/etc/modprobe.conf Configuration file of the kernel modules
(v an
/etc/DIR_COLORS Specifies the colors for directory listings (ls)
y -C
/etc/X11/xorg.conf Configuration file of the X Window System
m ED
/etc/fstab Table of the file systems automatically mounted at the system start
de TT
/etc/profile Login script of the shell

ca MI
/etc/passwd User database; all information except passwords

r A ER
/etc/shadow Encrypted passwords of users

ne P
/etc/group Database of user groups

rt Y
/etc/cups/* Files for the CUPS printing system

Pa P
e CO
/etc/hosts Allocation of computer names to IP addresses

id D
/etc/motd Welcome message after a user logs in (message of the day)

ts R
/etc/issue Linux welcome message before the login prompt

ou HA
/etc/sysconfig/* Central configuration files of the system

1
Nearly every installed service has at least one configuration file in the /etc directory
or a subdirectory.
ed
us
User Directories (/home)

or
Every user on a Linux system has his own area in which to work with files (this is
similar to the C:\Documents and Settings\<username> directory in Microsoft
ed
Windows). This area is called the home directory of the user. When a user logs in, he
pi
is in his own home directory.

co
Individual configuration files can be found in the user's home directory. These
configuration files are hidden files, because they are normally not displayed by the ls
command. All of these files have names that begin with a dot.
The following are the most important files in a user's home directory:
Table 3-4
)
13
File Description
8/
.profile Private login script of the user
/2
-2
.bashrc Configuration file for bash
.bash_history List of commands previously run in bash
2
/1
01
If there are no special settings, the home directories of all users are located beneath
om e
the /home directory. The home directory of a user can also be addressed via the
9/
fr t b
shortcut ~, so ~/.bashrc refers to the .bashrc file in the user's home directory.
id o
al n
In many cases, the /home directory is located on a different partition or can even be
located on a different computer (with central administration of home directories).
(v an
y -C
Libraries (/lib)
m ED
Many programs use specific functions that are also used by other programs. Such
de TT
standard functions are removed from the actual program, stored in the system, and
ca MI
only called up when the program runs. They are called shared libraries.
r A ER
The /lib directory contains the libraries that are used by programs in the /bin and /sbin
directories. The kernel modules (hardware drivers not compiled into the kernel) are
ne P
located in the /lib/modules/ directory.

rt Y
Pa P
You can find additional libraries below the /usr directory.

e CO
id D
Mount Point for Removable Media (/media/*)

ts R
ou HA
All files accessible in a Linux system are arranged in one big tree, the file hierarchy,
rooted at /. These files can be spread out over several devices. The mount command
1
attaches a devices file system to the big file tree.

SUSE Linux creates directories in the /media/ directory for mounting removable
media when detecting media:
ed
/media/floppy/ Created for a floppy disk drive.

us
/media/cdrom/ Created for a CD-Rom drive.

or
/media/cdrecorder/ Created for a CD burner.

ed
/media/dvd/ Created for a DVD drive.

pi
co
/media/usbdisk/ Created for a USB stick. The mount point for USB sticks can be
different. Examples: /media/usbdisk/, /media/disk/, /media/disk-1. If the USB
stick has a label, that label will be used.
/media/media_name Created after inserting a labeled removable media.
Application Directory (/opt)
)
13
Installed programs can store their static files in the /opt directory. First, a directory
8/
with the name of the application is created. The files are then stored in that directory.
/2
Examples include GNOME (/etc/gconf/*) and KDE (/opt/kde3).
-2
2
Administrators Home Directory (/root)
/1
01
The home directory of the system administrator is not located beneath /home as are
om e
9/
the home directories of normal users. Preferably, it should be on the same partition as
fr t b
the root directory (/) so that it is protected from other users, whose home directories
id o
should be on a different partition. Only then is it guaranteed that the user named root
al n
can always log in without a problem and have his or her own configured environment
(v an
available.
y -C
m ED
System Binaries (/sbin)
de TT
The /sbin directory contains important programs for system administration. By

contrast, programs that are run by normal users are located in /bin.
ca MI
r A ER
Programs in the /sbin directory can also, as a rule, be run by normal users but only to
display the configured values. Changes to the configuration can only be made by the
ne P
user root.
rt Y
Pa P
The following is an overview of important files in the /sbin directory:

e CO
Table 3-5
id D
ts R
ou HA
File Description
/sbin/SuSEconfig Starts the SuSEconfig modules in the /sbin/conf.d/ directory.

1
/sbin/conf.d/* Contains the scripts from the SuSEconfig family that are called up by
/sbin/SuSEconfig.
ed
They are used to configure the overall system, evaluate entries in the
us
configuration files in the /etc/sysconfig/ directory, and write further

configuration files.
or
/sbin/yast Administration tool for SUSE Linux Enterprise Server.

ed
/sbin/fdisk Modifies partitions.

pi
/sbin/fsck* Checks file systems (file system check).

co
/sbin/init Initializes the system.
File Description
/sbin/mkfs* Creates a file system (formatting).
/sbin/shutdown Shuts down the system.
Data Directories for Services (/srv)
)
13
The /srv directory contains subdirectories designed for containing data of various
8/
services. For example, the files of the Apache web server are located in the /srv/
/2
www/ directory and the FTP server files are located in the /srv/ftp/ directory.
-2
Temporary Area (/tmp)
2
/1
Various programs create temporary files that are stored in the /tmp directory until
01
om e
they are deleted.
9/
fr t b
id o
The Hierarchy Below /usr
al n
(v an
The /usr directory, in accordance with the FHS, represents a second hierarchical layer
(/usr stands for Unix Specific Resources or Unix System Resources).
y -C
m ED
This is the location for all application programs, graphical interface files, additional
libraries, locally installed programs, and commonly shared directories containing
de TT
documentation.
ca MI
These include the following:

r A ER
ne P
Table 3-6
rt Y
Directory Description
Pa P
e CO
/usr/X11R6/ Files of the X Window System

id D
/usr/bin/ Almost all executable programs

ts R
/usr/lib/ Libraries
ou HA
/usr/local/ Locally installed programs, now frequently found in the /opt/ directory
1
/usr/sbin/ Programs for system administration
/usr/share/doc/ Documentation
ed
/usr/share/man/ The manual pages (command descriptions)

us
/usr/src/ Source files of all programs and the kernel (if installed)
or
Variable Files (/var)

ed
This directory and its subdirectories contain files that will be modified while the
pi
system is running.
co
The following table provides an overview of the most important directories beneath
/var:
Table 3-7
)
/var/lib/ Variable libraries (such as databases for the locate and rpm
13
commands)
8/
/var/log/ Log files for most services
/2
/var/run/ Files with information on running processes
-2
/var/spool/ Directory for queues (printers, e-mail)
2
/1
/var/lock/ Lock files that are used to protect devices from multiple use
01
om e
9/
fr t b
Windows Partitions (/windows)
id o
If YaST finds any partitions with a Microsoft file system, it creates a /windows
al n
directory automatically. Inside this directory are subdirectories labeled with Windows
(v an
drive characters (e.g., C, D).
y -C
m ED
Process Files (/proc)
de TT
Linux handles process information that is made available to users via the /proc
ca MI
directory. This directory does not contain any real files and, therefore, does not
occupy any space on the hard disk.
r A ER
/proc is generated dynamically when it is accessed (for example, with

ne P
ls /proc). Each process has its own directory. The values in these directories can be
rt Y
read as if they were in a file, like a virtual file. Some values can also be set by
Pa P
writing to the corresponding files. Changes to this virtual file system only have an
e CO
effect as long as the system is running.

id D
For example, the init process always has the process number 1. Information about
ts R
it is, therefore, found in the /proc/1/ directory. Each numbered directory corresponds
ou HA
to a running process.
1
You can view the contents of the files with the cat command, which shows the status
of the process, as in the following example:
ed
us
or
ed
pi
co
In this example, a list is displayed of what the process is called (init), what state it is
in (sleeping), and to which user it belongs (Uid: 0 for root).
In addition to directories for each individual process, /proc also includes directories
and files containing information about the state of the system.
The following are the most important of these:
)
13
Table 3-8
8/
File Description
/2
-2
/proc/cpuinfo Information about the processor
/proc/dma Use of the Direct Memory Access (DMA) ports
2
/1
/proc/interrupts Use of the interrupt
01
om e
/proc/ioports Use of the intrasystem I/O ports
9/
fr t b
/proc/filesystems File system formats that the kernel understands
id o
al n
/proc/modules Active modules
(v an
/proc/mounts Mounted file systems
/proc/net/* y -C Network-specific information and statistics in human-readable form

m ED
/proc/partitions Existing partitions
de TT
/proc/bus/pci Existing PCI devices

ca MI
/proc/bus/scsi/ Connected SCSI devices

r A ER
/proc/sys/* System and kernel information
/proc/version Kernel version

ne P
rt Y
Pa P
System Information Directory (/sys)

e CO
The /sys directory provides information in the form of a tree structure on various
id D
hardware buses, hardware devices, active devices, and their drivers. Similar to the /
ts R
proc directory, /sys is a virtual directory.

ou HA
1
Mount Point for Temporarily Mounted File Systems (/mnt)
Unlike in Windows, where you can access file systems (partitions and devices) by
simply going to My Computer, in the Linux world, you have to integrate or mount
ed
them before you can access them. You can mount files system anywhere, but the
us
standard directory for mounting is /mnt. It should only be used for temporary
purposes. For permanent mounts, you should create an appropriately named
or
directory.
ed
In the following example, the hard drive partition /dev/hda7 is mounted at the
pi
position /mnt in the directory tree using the mount command:

co
da2:~# mount /dev/hda7/mnt
All files on this partition can now be reached via the /mnt directory. To remove this
partition again, you use the umount command:
da2:~# umount /mnt
If you do not include any options with the mount command, the program tries out
several file system formats. If you want to specify a specific file system, use the
option -t.
)
13
If the file system format is not supported by the kernel, the command is aborted and
8/
you receive an error message. In this case, you either load the appropriate module
manually or you create a new initrd containing the module. Using an updated initrd is
/2
the preferred way.
-2
2
/1
Directories for Mounting Other File Systems
01
om e
Other file systems such as other hard drive partitions, directories from other
9/
fr t b
computers via the network, or removable media (floppy disk, CD-ROM, removable
hard drive) can be mounted to the file system at any point.
id o
al n
A directory must exist at the point where you intend to mount the file system. This
(v an
directory is referred to as the mount point. The complete directory structure of the
y -C
mounted file system can be found beneath this directory.
m ED
In most cases, only the user root can mount and unmount directories. Removable
media, such as floppy disks and CDs, can be mounted by a normal user.
de TT
To mount a file system, enter the mount command, specifying the device file and the
ca MI
directory to which the file system should be mounted.

r A ER
A file system can be removed again with the umount command. (Note that the
ne P
command is NOT called unmount, but umount.) The /etc/mtab file, which is updated
rt Y
by the command mount, shows which file systems are currently mounted. It is
Pa P
possible to mount one file system at different positions.

e CO
You can mount file systems in directories that are occupied. The existing contents of
id D
these directories, however, will no longer be accessible. After the file system is
ts R
removed, the data becomes available again.

ou HA
You can also share certain directories with many computers. This approach is often
used for the home directories of users, which are then located centrally on one
1
machine and exported to other computers in the network.

The following directories can be shared:
ed
us
Table 3-9
or
ed
/home Home directories

pi
/opt Applications
co
/usr The hierarchy below /usr
The following directories cannot be imported from other computers. They must
always be present locally on each computer:
Table 3-10
)
/bin Important programs
13
/boot Kernel and boot files
8/
/dev Device files
/2
-2
/etc Configuration files
/lib Libraries
2
/1
/sbin Important programs for system administration
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 3-1 Explore the SUSE Linux File System Hierarchy

In this exercise, you explore the SUSE file system hierarchy. You find out the mount
point of the DVD and mount the DVD manually at another position (/mnt) in the file
system.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 Identify File Types in the Linux System

The Linux file system is distinct from the file systems of other operating systems
because of the various file types.
In addition to using standard files (called normal files) and directories, Linux also
uses other types of files that are UNIX-specific.
)
This objective discusses the file types and directories used in Linux:
13
Normal Files on page 82
8/

/2
Two Special Directories (.) and (..) on page 82
-2
Device Files on page 82
2
Links on page 82
/1

01
Sockets on page 83
om e
9/
fr t b
First In, First Out (FIFO) on page 83
id o
Normal Files
al n
(v an
Normal files refer to files as they are also known in other operating systems: a set of
y -C
contiguous data addressed with one name. This includes files such as ASCII text
files, executable programs, and graphics files.
m ED
The names for such files can be freely chosen and there is no division into file name
de TT
and file type (such as report.txt). A number of file names still retain this structure, but
ca MI
these are requirements of the corresponding applications, such as word processing

programs or compilers.
r A ER
Two Special Directories (.) and (..)

ne P
rt Y
Each directory contains two directories that allow relative path specifications.
Pa P
e CO
One of these entries (.) points to the directory itself. The other entry (..) points to
the entry one level higher in the hierarchy.
id D
ts R
Device Files
ou HA
Each piece of hardware in a Linux system is represented by a device file. These files
1
represent links between the hardware components or the device drivers in the kernel
and the applications.
Every program that wants to access hardware must access it through the
ed
corresponding device file. The programs write to or read from a device file. The
us
kernel then ensures that the data finds its way to the hardware or can be read from the
file.
or
Links
ed
pi
Links are references to files located at other points in the file system. Data
maintenance is simplified through the use of such links. Changes only need to be
co
made to the original file. The changes are then automatically valid for all links. There
are two types of links: symbolic links and hard links. For more information, see Link
Files Using the CLI on page 97 or Link Files Using Nautilus on page 100.
Sockets
A socket refers to a special file with which data exchange can be implemented
through the file system between two locally running processes.
)
13
First In, First Out (FIFO)
8/
FIFO (first in, first out) or named pipe is a term used for files used to exchange data
/2
between processes. However, the file can only exchange data in one direction.
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 3 Manage Directories with CLI and Nautilus

This objective shows how to use and manage directories with the GNOME tools
(Nautilus file browser and Nautilus search tool) as well as the Command Line
Interface (CLI.)
Change Directories and List Directory Contents Using the CLI
)
13
The prompt of a shell terminal contains the current directory (such as geeko@da2:~).
8/
The tilde ~ indicates that you are in the user's home directory.
/2
-2
You can use the following commands to change the active directory and list the
contents of a directory:
2
/1
cd
01
ls
om e

9/
fr t b
pwd
id o
al n
cd command
(v an
You can use the cd (change directory) command to change between directories. Some
y -C
examples include the following:
m ED
Table 3-11
de TT
ca MI
Command Meaning
r A ER
cd plan Change to the subdirectory plan

ne P
cd /etc Change directly to the /etc directory (absolute path)

rt Y
cd Change from any directory to the home directory

Pa P
e CO
cd .. Move one directory level higher
cd ../.. Move two directory levels higher

id D
ts R
cd - Move to the last valid directory

ou HA
ls command
1
The ls (list short) command lists specified files. If a directory is included with ls, the
directory's contents are displayed. Without an option, the contents of the current
directory are listed.
ed
The following are the most important options you can use with ls:
us
or
Table 3-12
ed
Option Meaning
pi
co
None Displays the contents of the current directory in several columns (file and
directory names only).
Option Meaning
-a Also displays hidden files (such as .bashrc).
-F After each name, a character indicates the file type (/ for directories, *
for executable files, | for FIFO files, @ symbolic link).
-l (long list) Gives a detailed list of all files. For each file name, information
about permissions, modification time, and size is included.
)
13
-t Files are sorted by date of alteration. Combined with the -r option, the
8/
output takes place in reverse order (the newest file is displayed last).
/2
-R Output is recursive, including all subdirectories.
-2
-u Sorted by date of last access.
2
/1
Figure 3-4
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
pwd command
us
You can use the pwd (print working directory) command to display the path of the
current directory. If you enter pwd with the -P option, pwd prints the physical
or
directory without any symbolic links:

ed
pi
co
Table 3-13
geeko@da2:~ > ls -l doc/
lrwxrwxrwx 1 geeko users 15 2004-02-12 08:43 doc -> /usr/share/doc/
geeko@da2:~ > cd doc/
geeko@da2:~ > pwd
)
13
/home/geeko/doc
8/
geeko@da2:~ > pwd -P
/2
-2
/usr/share/doc
2
geeko@da2:~ >
/1
01
om e
Change Folders and List Folder Contents Using the Nautilus File Browser
9/
fr t b
GNOMEs Nautilus File Browser works much like Windows Explorer. To access the
id o
al n
browser, go to Computer > More Applications > Browse > Nautilus.
(v an
To view the file system in the browser, simply click File System in the left panel
y -C
under Places. You will see a listing of the folders (directories) at the root level,
including root itself:
m ED
de TT
Figure 3-5
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
To change folders, simply navigate the file system. You can also search the file
system by file type or by location using the Nautilus Search Tool. Access it under
Computer > Applications > More Applications > Browse.
To open a folder, double-click it.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 3-2 Change Directories and List Directory Contents Using the CLI
In this exercise, you learn how to use the cd, pwd, and ls commands.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 4 Create and View Files

To create and view files, you need to understand how to do the following:
Create a New File with touch on page 89
View a File with cat on page 90
View a File with less on page 90
)
13
View a File with head and tail on page 91
8/
Create and View Files on page 92
/2
-2
Create a New File with touch
2
You can use the touch command to change the time stamp of a file or to create a new
/1
file with a size of 0 bytes. The following are the most important options:
01
om e
9/
fr t b
Table 3-14
id o
al n
Command Description
(v an
-a Changes only the time of the last read access (access time).
-m
y -C Changes only the time of the last modification (modification time).
m ED
-r file Sets the time stamp of file instead of the current time.
de TT
-t time Instead of the current time, sets

ca MI
time (structure: [[CC]YY]MMDDhhmm.[ss] ([Century]Year] Month Day

Hour Minute [Seconds], two digits in each case)).
r A ER
ne P
This is an example of how you use the touch command:

rt Y
1. To list a directorys contents, enter

Pa P
e CO
ls
id D
The directory contains the following subdirectories and files: bin, Desktop,
ts R
Documents, public_html
ou HA
2. To create a file called example, enter

1
touch example
3. Then list the directory contents again by entering
ed
ls
us
The directory contents should now display as follows: bin, Desktop, Documents,
example, public_html. The example file has been added.
or
ed
pi
co
View a File with cat

You can use the cat command (concatenate) to view the contents of a file. The
command must include the filename of the file you want to see, as in the following
example:
1. If you wanted to view the contents of the permissions.local file in the root
directory /etc, you would enter
)
13
cat /etc/permissions.local
8/
2. This is what the output would look like:
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
View a File with less

r A ER
You can use the less command to display the contents of a file page by page. Even
ne P
compressed files (such as .gz and .bz2) can be displayed. You can use the following
keystrokes with less:
rt Y
Pa P
e CO
Table 3-15
id D
ts R
Keystroke Description
ou HA
Spacebar Move one screen down.
b Move one screen up.

1
Down arrow Move one line down.
Up arrow Move one line up.

ed
/pattern Search for pattern forward from current cursor position.

us
?pattern Search for pattern backwards from current cursor position.

or
n Move to the next instance in the search for pattern.

ed
N Move to the previous instance in the search for pattern.

pi
q Quit.
co
View a File with head and tail

With the head command, you can view only the first few lines of a file. The tail
command shows you only the last few lines of a file.
By default, these commands only show ten lines. To change this number, append with
the -number or -n option. For example, to change the number of lines to 17, enter
head -n 17 or head -17
)
13
To change the number of lines shown at the end of the file to 17, enter
8/
/2
tail -n 17 or tail -17
-2
When used with the tail command, the -f option displays a continuously updated view
of the last lines of a file. If a line is added at the end of the file while tail -f is running,
2
/1
the line is displayed. This is a very useful feature for observing log files.
01
om e
To exit tail -f, press Ctrl+c.
9/
fr t b
For example, if you wanted to view the first few lines of the SUSE Linux Enterprise
id o
Server 11 Release Notes in the /usr/share/doc directory, you would enter
al n
(v an
head /usr/share/doc/release notes/
SUSE_Linux_Enterprise_Server_11/RELEASE-NOTES.en.rtf
y -C
m ED
This is what the output would look like:
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 3-3 Create and View Files

In this exercise, you create an empty file and view the content of a file. You use the
touch, cat, less, head, and tail commands.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 5 Work with Files and Directories

In this objective, you learn how to do the following to work with files:
Copy and Move Files and Directories on page 93
Create Directories Using the CLI on page 95
Create Folders Using Nautilus on page 96
)
13
Delete Files and Directories Using the CLI on page 97
8/
Link Files Using the CLI on page 97
/2
-2
Link Files Using Nautilus on page 100
Perform Multiple File Operations on page 101
2
/1
Copy and Move Files and Directories
01
om e
9/
fr t b
To copy and move files and directories, you need to know how to do the following:
id o
Move Files with mv on page 93
al n
Copy Files with cp on page 93
(v an

y -C
Move Files with mv
m ED
You can use the mv command (move) to move one or more files to another directory,
de TT
as in the following:
ca MI
mv *.txt /tmp
r A ER
You can also use the mv command to rename a file, as in the following:
ne P
mv recipe new_recipe
rt Y
Pa P
e CO
mv Options
id D
The following are some important options you can use with mv:
ts R
ou HA
Table 3-16
1
Option Description
-i Asks for confirmation before moving or renaming a file. This prevents

ed
existing files with the same name from being overwritten.

us
-u Only moves files that are newer than the target files of the same name.
or
Copy Files with cp

ed
pi
You can copy files and directories (using the -r option) with the cp (copy) command.
The syntax for using cp is
co
cp source destination
When using the cp command, you need to remember the following:
The cp command overwrites existing files without confirmation.
You can avoid automatic overwriting by using the -i option. This option requires
confirmation before overwriting occurs.
)
If you want to copy just the contents of a directory (without the directory itself),
13
the target directory must already exist. An example is making a backup copy of a
8/
directory using a different name.
/2
-2
Examples
2
/1
For example, to copy the /tmp/quarterly-1/ directory (with all its subdirectories) to
01
the /tmp/expenses/ directory (which already exists), you would enter the following:
om e
9/
fr t b
cp -r /tmp/quarterly-1 /tmp/expenses
id o
The result is a /tmp/expenses/quarterly-1/ directory.
al n
(v an
To copy the contents of a directory called proposals/ (all the files contained in it,
including hidden files and subdirectories) to the directory proposals_old/ (this must
y -C
already exist), do the following:
m ED
1. First, list the contents of the /proposals directory, including the hidden files (-a
de TT
switch). Enter
ca MI
ls -a proposals
r A ER
You might see output similar to this:

. .. .hidden quarterly-1 quarterly-2 quarterly-3 quarterly-4
ne P
rt Y
2. Next, copy the contents of /proposals recursively (-r, meaning including all
Pa P
subdirectories) to the /proposals_old directory. Enter

e CO
cp -r proposals/ proposals_old
id D
3. Then, list the contents (including hidden files) of the proposals_old directory.
ts R
Enter
ou HA
ls -a proposals_old
1
. .. .hidden quarterly-1 quarterly-2 quarterly-3 quarterly-4

ed
us
or
ed
pi
co
cp Options
You can use the following options with cp:
Table 3-17
Option Description
)
13
-a, --archive Copies a directory and subdirectories (compare -R); symbolic links, file
permissions, owners, and time stamps are not changed.
8/
/2
--help Displays the options of cp.
-2
-i, --interactive Asks before overwriting.
2
-R, -r, --recursive Copies directories recursively (the directory and any subdirectories).
/1
-s, --symbolic-link Makes symbolic links instead of copying
01
om e
-l, --link Links files instead of copying them.
9/
fr t b
-u, --update Copies a file only when the source file is newer than the destination file
id o
or when the destination file is missing.
al n
(v an
Create Directories Using the CLI
y -C
You can use the mkdir command (make directory) to create new directories (such as
m ED
mkdir proposal). The option -p lets you create a complete path, as in the following:
de TT
mkdir -p proposal/january
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Create Folders Using Nautilus

1. Right-click on the desktop or in any folder in Nautilus.
The following dialog appears:
Figure 3-6
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
2. Select Create Folder.

rt Y
Pa P
3. Name the folder.

e CO
4. Click OK.
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Delete Files and Directories Using the CLI

In this section, you learn how to do the following:
Delete Empty Directories with rmdir on page 97
Delete Files and Directories with rm on page 97
)
Delete Empty Directories with rmdir
13
8/
You can use the rmdir (remove directory) command to remove the indicated
/2
directory or directories (for example, rmdir proposal). The directory or directories
-2
must be empty before you can delete them.
2
/1
Delete Files and Directories with rm
01
om e
You can use the rm command (remove) to delete files, as in the following:
9/
fr t b
rm part*
id o
al n
This example deletes all files in the current directory that begin with part without
(v an
asking for confirmation. If the user does not have sufficient permissions to delete a
file, that file is ignored and an error message is printed.
y -C
m ED
NOTE: Files deleted with the rm command cannot be restored.
de TT
ca MI
The following are some important options you can use with rm:
r A ER
Table 3-18
ne P
rt Y
Option Description
Pa P
e CO
-i Asks for confirmation before deleting.
-r (recursively) Allows full directories to be deleted.

id D
ts R
-f (force) By default, rm asks for confirmation if the file that should be

ou HA
deleted is read-only. Using this option, the files are deleted without
asking for confirmation.
1
Link Files Using the CLI

File system formats in Linux keep data and administration information separate. How
ed
data is organized differs from one file system format to another.

us
Each file is described by an inode (index node or information node). To see the inode
number, you can enter ls -i.
or
Each of these inodes has a size of 128 bytes and contains all the information about
ed
this file apart from the filename. This includes information such as details of the
pi
owner, access permissions, the size, various time details (time of modification, time
co
of access, time of modification of the inode), and the links to the data blocks of this
file.
The ln command creates a link. A link is a reference to a file. Through a link, you can
access a file from anywhere in the file system using different names for it. This means
that the file itself exists only once on the system, but it can be found under different
names.
Linux recognizes two kinds of links:
Hard links
)
13
A hard link is a directory reference, or pointer, to a file on a storage volume. The
name associated with the file is a label stored in a directory structure that refers
8/
the operating system to the file data. As such, more than one name can be
/2
associated with the same file. When accessed through different names, any
-2
changes made will affect the same file data.
2
Symbolic links
/1

01
A symbolic link contains a text string that is interpreted and followed by the
om e
operating system as a path to another file or directory. It is a file on its own and
9/
fr t b
can exist independently of its target. If a symbolic link is deleted, its target
id o
remains unaffected. If the target is moved, renamed or deleted, any symbolic link
al n
that used to point to it continues to exist but now points to a non-existing file.
(v an
You create a hard link by using the ln command, which points to the inode of an
y -C
already existing file. Thereafter, the file can be accessed under both namesthat of the
m ED
file and that of the link, and you can no longer discern which name existed first or
how the original file and the link differ.
de TT
The following is an example of using the ln command:

ca MI
r A ER
Table 3-19
ne P
geeko@da2:~/sell > ls -li

rt Y
Pa P
total 4
e CO
88658 -rw-r--r-- 1 geeko users 82 2004-04-06 14:21 old

id D
geeko@da2:~/sell > ln old new

ts R
ou HA
total 8
1

ed
88658 -rw-r--r-- 2 geeko users 82 2004-04-06 14:21 new

us
geeko@da2:~/sell >
or
Hard links can only be used when both the file and the link are in the same file system
(on the same partition), because inode numbers are only unique within the same file
ed
system.
pi
co
You can create a symbolic link with the ln command and the -s option. A symbolic
link is assigned its own inodethe link refers to a file, so a distinction can always be
made between the link and the actual file.
The following is an example of creating a symbolic link:
Table 3-20
)
13
8/
total 4
/2
-2
geeko@da2:~/sell > ln -s old new
2
/1
01
om e
total 4
9/
fr t b
id o
al n
88657 lrwxrwxrwx 1 geeko users 3 2004-04-06 14:27 new -> old
(v an
geeko@da2:~/sell >
y -C
m ED
With symbolic links, the limits of the file system can be overcome, because the name
of the object is shown, not the object itself. The disadvantage is that a symbolic link
de TT
can point to a non-existing object if the object and its corresponding name no longer
ca MI
exist. Another advantage of symbolic links is that you can create links to directories.
r A ER
If you erase the old file in the above example, new will point to a non-existing file.
You cannot see in the ls output that the link is broken:
ne P
rt Y
Pa P
Table 3-21
e CO
geeko@da2:~/sell > rm old

id D
ts R

ou HA
total 0
1
88657 lrwxrwxrwx 1 geeko users 3 2004-04-06 14:27 new -> old
geeko@da2:~/sell >
ed
us
Finding Links Using the find Command

or
For example, to find all files that have a link count of 3, enter
ed
find / -links 3 -type f

pi
To find all files which are hard links to the /etc/localtime file, enter
co
find / -samefile /etc/localtime
Link Files Using Nautilus

You can also create links using the GUI. These are symbolic links and compare to
shortcuts in a Windows environment.
To create a link, do the following:
1. In the Nautilus file browser, right-click a folder.
)
2. Select Make Link in the following dialog:
13
8/
Figure 3-7
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
This action will create a symbolic link for the selected item.
3. Copy the link to the desktop or to another folder.
ed 1
us
or
ed
pi
co
Exercise 3-4 Perform Multiple File Operations

In this exercise, you
Copy and move files with the cp and mv commands.
Create directories with the mkdir command.
Delete files and directories with the rmdir and rm commands.
)
13
Create a symbolic link and a hard link with the ln command.
8/
/2
-2
(End of Exercise)
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 6 Find Files on Linux

In this section you learn how to find files and programs.
If the name of the file is not completely known, you can use the two wildcards ?
(for any character) and * (for none, one, or several characters).
File names are case sensitive in Linux. As a result, the file names file1, File1, and
)
FILE1 refer to 3 different files. Suppose the following files exist:
13
File
8/

/2
file
-2
File1
2
File1a
/1

01
File1b
om e
9/
fr t b
File2
id o
File2a
al n
MyFile
(v an

The following table shows the results of three different search strings:
y -C
m ED
Table 3-22
de TT
Search String Files Found

ca MI
r A ER
File? File1
File2
ne P
File* File
rt Y
Pa P
File1
e CO
File1a
id D
File1b
ts R
ou HA
File2
File2a
1
?ile* File
file
ed
File1
us
File1a
or
File1b
ed
File2
pi
File2a
co
The following tools and commands are introduced:

Use Graphical Search Tools on page 103
Use the find Command on page 104
Use the locate Command on page 106
Use the whereis Command on page 107
)
13
Use the which Command on page 108
8/
Use the type Command on page 109
/2
Find Files on Linux on page 110
-2
Use Graphical Search Tools
2
/1
Sometimes you need to find a file so you can edit it, but you do not know exactly
01
where it is located in the file system. You might know the name of this file or only a
om e
9/
fr t b
part of the name.
id o
At another time, you might need a list of all files that have been modified in the last
al n
two days or that exceed a certain size.
(v an
If you enter search in the application browser, two applications are found:
y -C
Nautilus Search Tool (Browse application group). The Nautilus file manager is
m ED

used for searching files. This tool allows you to search for file names only.
de TT
GNOME Search Tool (System application group). This tool allows you to
search for information such as file size, date, or file owner.
ca MI
r A ER
After selecting the GNOME Search tool from the application browser, the following
dialog appears:
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
1. In the Name contains field, enter a part of the filename you want to find.
2. In the Look in Folder field, enter the directory you want to search.
3. Select Find to start the search process.
All matching files and directories are shown in the lower window with details
regarding their locations.
You can configure other settings by opening the menu under Select More Options.
Select a search rule from the Available Options pull-down menu.
)
13
After selecting Add, a new text field is added, allowing you to enter the information
8/
the option needs. To remove a search rule, select Remove next to the rule.
/2
-2
Figure 3-8
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
Use the find Command

ts R
ou HA
To search for files on the command line, you can use the find command. The
following is the syntax for the find command:
1
find path criterion action

The find command has a multitude of options, a few of which are explained here.
ed
You can use the following arguments with the command:

us
path. The section of the file system to search (the specified directory and all its
subdirectories). If nothing is specified, the file system below the current directory
or
is used.
ed
criterion. The properties the file should have (refer to the following):
pi
co
Table 3-23
Option Description
-ctime [+/-]days Searches for files whose last change took place no later than (no
earlier than) a specified number of days ago.
-gid number Searches for files with the numeric GID (Group ID) number.
)
-group name Searches for files that are owned by the group name. Instead of a
13
name, the numeric GID is allowed.
8/
-name pattern Searches for files whose names contain the given pattern. If the
/2
pattern contains meta characters or wild cards, the name must be
-2
enclosed by quotation marks. Otherwise the name will be
interpreted by the shell and not by find.
2
/1
-newer file Searches for files that were modified more recently than file.
01
-size [+/-]size Matches files that are above or below a certain size. The size (in
om e
blocks of 512 bytes) is given as an argument. The suffix
9/
fr t b
cswitches to byte and k to blocks of 1024 bytes. A preceding
+ stands for all larger files and a - for all smaller files.
id o
al n
-type file_type Searches for a file type. A file type can be one of the following: d
(v an
for a directory, f for a file, or l for a symbolic link.
y -C
-uid number Searches for files with the numeric UID (User ID) number.
m ED
-user name Searches for files, which are owned by user name. Instead of a
name, the numeric UID is allowed.
de TT
ca MI
action: Options that influence the following conditions or control the search as a
whole, such as the following:
r A ER
-print (default)
ne P
-exec command
rt Y
Pa P
With the -exec option, you can call up another command. This option is frequently
e CO
used to link find and grep, as in the following:

id D
ts R
Table 3-24
ou HA
geeko@da2:~ > find ~ -name letter* -type f -exec grep appointment

{} \;
1
appointment for next meeting: 23.08.

ed
/home/geeko/letters/letter_Smith
us
geeko@da2:~ >
or
In this example, the find command searches for files whose names begin with the
word letter, and then passes the names of the files found with -exec to the following
ed
command (in this case, grep appointment {}).

pi
co
The two brackets {} stand as placeholders for the filenames which are found and
passed to the grep command. The semicolon closes the -exec instruction. Because
this is a special character, it is masked by placing a backslash in front of it.
When grep is used alone, it searches for a specific expression in a file whose exact
position in the file system is known. If you dont know the exact file name, you can
use grep -n to get just the name of a file in a subdirectory. When used in combination
with find, the search is for a file that contains a certain expression, but whose location
)
13
is unknown.
8/
Use the locate Command
/2
-2
The locate command is an alternative to find -name (the package findutils-locate
must be installed). The find command must search through the selected part of the
2
file system, a process that can be quite slow.
/1
01
On the other hand, locate searches through a database previously created for this
om e
9/
purpose (/var/lib/locatedb), making it much faster.
fr t b
id o
The database is automatically created and updated daily by SUSE Linux Enterprise.
al n
But changes made after the update has been performed are not taken into account by
(v an
locate, unless the database is updated manually using the updatedb command.
y -C
The following example shows the output of locate:
m ED
Table 3-25
de TT
ca MI
geeko@da2:~ > locate letter_Miller

r A ER
/home/geeko/letters/letter_Miller
ne P
The following example shows that a search with locate returns all files whose names
rt Y
contain the search string:

Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Table 3-26
geeko@da2:~ > locate umount
/bin/umount
/lib/klibc/bin/umount
/opt/kde3/share/icons/crystalsvg/scalable/devices/
)
13
3floppy_umount.svgz
8/
/2
5floppy_umount.svgz
-2
/opt/kde3/share/icons/crystalsvg/scalable/devices/camera_umount.svgz
2
/1
cdaudio_umount.svgz
01
om e
/opt/kde3/share/icons/crystalsvg/scalable/devices/cdrom_umount.svgz
9/
fr t b
geeko@da2:~ >
id o
al n
(v an
NOTE: To learn more about locate, enter man locate.
y -C
Use the whereis Command
m ED
The whereis command returns the binaries (option -b), manual pages (option -m),
de TT
and the source code (option -s) of the specified command.

ca MI
If no option is used, all this information is returned, provided the information is

r A ER
available. This command is faster than find, but it is less thorough.

ne P
The following is an example of using whereis:

rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Table 3-27
geeko@da2:~ > whereis grep
grep: /bin/grep /usr/bin/grep
/usr/share/man/man1/grep.1.gz
/usr/share/man/man1p/grep.1p.gz
)
13
geeko@da2:~ > whereis -b grep
8/
grep: /bin/grep /usr/bin/grep
/2
-2
geeko@da2:~ > whereis -m grep
2
grep: /usr/share/man/man1/grep.1.gz
/1
/usr/share/man/man1p/grep.1p.gz
01
om e
9/
fr t b
geeko@da2:~ > whereis -s grep
id o
grep:
al n
geeko@da2:~ >
(v an
y -C
NOTE: For more information about whereis, enter man whereis.
m ED
de TT
Use the which Command

ca MI
The which command searches all paths listed in the variable PATH for the specified
command and returns the full path of the command. In the variable PATH, the most
r A ER
important directories are listed where the shell looks for executable files.
ne P
rt Y
NOTE: To see the content of a variable, use the echo command and add a $ in front of the
Pa P
variables name. To see the content of the variable PATH, enter echo $PATH.
e CO
id D
The which command is especially useful if several versions of a command exist in

ts R
different directories and you want to know which version is executed when entered
ou HA
without specifying a path.

The following is an example of using the which command:
ed 1
us
or
ed
pi
co
Table 3-28
geeko@da2:~ > which find
/usr/bin/find
geeko@da2:~ > which cp
/bin/cp
)
13
geeko@da2:~ > which grep
8/
/usr/bin/grep
/2
-2
geeko@da2:~ >
2
/1
NOTE: For more information on which, enter man which.
01
om e
9/
fr t b
Use the type Command
id o
The type command shows what kind of command is executed when you enter it:
al n
(v an
a shell built-in command (an essential command that is hardcoded in the shell),
for example type or cd
y -C
an external command (called by the shell)
m ED

an alias, for example ls

de TT
An alias defines shortcuts and synonyms for commonly used shell commands.
ca MI
a function
r A ER
The -a option delivers all instances of a command bearing this name in the file
ne P
system.
rt Y
Pa P
The following is an example of using the type command:

e CO
Table 3-29
id D
ts R
geeko@da2:~ > type type

ou HA
type is a shell built in

1
geeko@da2:~ > type grep
grep is /usr/bin/grep
ed
geeko@da2:~ > type -a grep

us
grep is /usr/bin/grep
or
grep is /bin/grep
ed
geeko@da2:~ >
pi
co
Exercise 3-5 Find Files on Linux

In this exercise, you learn how to find files with the whereis, which, and find
commands, and the GNOME search tool.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 7 Search File Content

Suppose you have dozens of text files and you need to find all files that include a
particular word, phrase, or item. To scan these files without opening them in an
editor, you need to know how to do the following:
Use the grep Command on page 111
Use Regular Expressions on page 112
13
Search File Content on page 115
8/
/2
Use the grep Command
-2
The grep command and its variant egrep are used to search files for certain patterns
2
using the syntax grep search_pattern filename. The command searches filename for
/1
all text that matches search_pattern, and prints the lines that contains the pattern.
01
om e
You can also specify several files, in which case the output will not only print the
9/
fr t b
matching line, but also the corresponding file names.
id o
al n
Several options are available to specify that only the line number should be printed,
(v an
for instance, or that the matching line should be printed together with leading and
trailing context lines.
y -C
You can specify search patterns in the form of regular expressions, although the basic
m ED
grep command is limited in this regard. To search for more complex patterns, use the
de TT
egrep command (or grep -E) instead, which accepts extended regular expressions.
ca MI
As a simple way to deal with the difference between the two commands, make sure
you use egrep in all of your shell scripts.
r A ER
The regular expressions used with egrep need to comply with the standard syntax of
ne P
regular expressions. You can read details about this topic in the manual page of grep.
rt Y
Pa P
To avoid having special characters in search patterns interpreted by the shell, enclose
e CO
the pattern in quotation marks.

id D
The following is an example of using egrep and grep:

ts R
ou HA
Table 3-30
1
geeko@da2:~> egrep (b|B)lurb file*
bash: syntax error near unexpected token `|'

ed
geeko@da2:~> grep "(b|B)lurb" file*

us
geeko@da2:~> egrep "(b|B)lurb" file*

or
file1:blurb
ed
filei2:Blurb
pi
co
The following are options you can use with the grep command:
Table 3-31
Option Description
-i Ignores case.
)
13
-l Shows only the names of files that contain the search string.
8/
-r Searches entire directory trees recursively.
/2
-v Gives all lines that do not contain the search string.
-2
-n Shows the line numbers.
2
-h Shows no file names.
/1
01
Use Regular Expressions
om e
9/
fr t b
Regular expressions are strings consisting of meta characters and regular characters
id o
and numerals (also known as literals). In the context of regular expressions,
al n
metacharacters are those characters that do not represent themselves but have special
(v an
meanings. They can act as placeholders for other characters or can be used to indicate
y -C
a position in a string.
m ED
Many commands (such as egrep) rely on regular expressions for pattern matching. It
is important to remember, however, that some meta characters used by the shell for
de TT
filename expansion have a meaning different from the one discussed here.
ca MI
To learn more about the structure of regular expressions, read the corresponding
r A ER
manual page with man 7 regex.

ne P
The following table presents the most important metacharacters and their meanings:
rt Y
Pa P
Table 3-32
e CO
id D
Character Meaning Example

ts R
^ Beginning of the line ^The: The is matched if at the beginning of the line
ou HA
$ End of the line eighty$: eighty is matched if at the end of line

1
\< Beginning of the word \<thing\>:matches the whole word thing
\> End of the word \<thing\>:matches the whole word thing

ed
[abc] One character from [abc]: matches any one of a, b, or c

the set
us
[0-9] Any one from the [0-9]: matches any one number from 0 to 9
or
specified range
[-:+]: any one of -, : and +
ed
[^xyz] None of the [^xyz]: x, y, and z are not matched

characters
pi
co
. Any single character file.: matches file1 and file2, but not file10
Character Meaning Example
+ One or more of the [0-9]+: matches any number

preceding expression
* Any number file.*: matches file, file2, and file10

(including none) of
preceding single
character
)
13
{min,max} The preceding [0-9]{1,5}: matches any one-digit to five-digit number
8/
expression min times
/2
at minimum and max
times at maximum
-2
| The expression file|File: matches file and File
2
before or after
/1
01
(...) Enclose alternatives (f|F)ile: matches file and File
om e
for grouping with
9/
fr t b
others
id o
\? Zero or one of the file1\?2: matches both file2 and file12
al n
preceding
(v an
\ Escape the following www\.novell\.com: matches www.novell.com, literally
character to remove
y -C (with the dot not being treated as a metacharacter); this
its special meaning is also necessary for parentheses, e.g., matching a
m ED
parenthetical pattern would require the expression $[a-
zA-Z]+$
de TT
ca MI
Search for File Content Using the GNOME File Search

r A ER
You can search for file content using the Select more options dialog of the GNOME
ne P
Search Tool:
rt Y
1. Click Computer > Applications > More Applications > System.

Pa P
e CO
2. Select the GNOME Search Tool.

id D
ts R
ou HA
ed 1
us
or
ed
pi
co
3. Click Select more options. The following dialog appears:

Figure 3-9
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
4. In the Contains the text box, type the text you want to search for.
de TT
5. Click Find.
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 3-6 Search File Content

In this exercise, you learn how to find a special character combination in a file with
the grep and egrep command.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 8 Perform Other File Operations with Nautilus

In addition to manipulating files and folders, the Nautilus File Browser allows you to
perform other operations, such as
Set File Manager Preferences on page 116
Create CDs of Your Data on page 117
)
13
Use Bookmarks on page 118
8/
Share Folders on page 118
/2
Archive Folders on page 119
-2
Manage Folders with Nautilus on page 120
2
/1
Set File Manager Preferences
01
om e
You can access the file preferences dialog from within Nautilus by clicking Edit >
9/
fr t b
Preferences. The following dialog appears:
id o
al n
Figure 3-10
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
From here, you can specify a number of settings: whether you want files as icons or
ed
lists, whether or not to ask before running executable text files, how to display icons,
pi
how to configure list columns, how to configure previews, how to handle media and
co
connected devices, and more.
Create CDs of Your Data

Nautilus makes it easy to burn CDs and DVDs on your CD or DVD read/write drive:
1. Click Computer > More Applications > Audio & Video.
2. Click Gnome CD/DVD Creator.
3. Drag and drop the files you want to put on the CD or DVD into the Nautilus CD/
)
DVD Creator window.
13
8/
Figure 3-11
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
4. Click Write to Disk.

r A ER
The files are now written to the CD or DVD.

ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Use Bookmarks
Bookmarks, similar to those used in a browser, can be used to mark your favorite
folders.
1. Select the folder or item you want to create a bookmark for.
2. Click Bookmarks > Add Bookmark.
)
The bookmark is added to the Bookmarks menu as well as the Places menu on
13
the left side of the file browser, with the folder name as the bookmark name.
8/
/2
NOTE: When you bookmark a file, it is the folder that contains the file that is actually bookmarked.
-2
2
Figure 3-12
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
Share Folders
You can share folders with other users and groups, provided those users and groups
ed
have the appropriate permissions to that folder.

us
NOTE: By default, sharing options in the Nautilus file browser are disabled. To enable sharing, you
or
need an Active Directory Domain to connect to or you need to configure a Samba server.
ed
pi
co
To share a folder, do the following:

1. Right-click the folder you want to share and select Sharing Options.
Figure 3-13
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
2. Click Create Share.
(v an
y -C
Archive Folders
m ED
You can compress files you want to archive into a tape archive (TAR) format. To
archive a folder:
de TT
1. Right-click the folder you want to archive and select Create Archive.
ca MI
r A ER
Figure 3-14
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
2. If necessary, rename the archive file.

ed
3. Specify the location of the archive file.

us
4. Click Create.
or
ed
pi
co
Exercise 3-7 Manage Folders with Nautilus

In this exercise, you learn how to edit folder preferences, create a bookmark, and
archive a folder.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Understand the File System The Linux file system is hierarchical and can be shown
Hierarchy Standard (FHS) in the form of a tree. This tree is not limited to a local
partition, but can stretch over several partitions, which
)
13
can be located on different computers in a network.
8/
The separation character between individual directory
names is the slash (/). The path can be specified
/2
-2
As a relative path
As an absolute path
2
/1
The structure of the file system is described in the File
01
system Hierarchy Standard (FHS).
om e
9/
fr t b
2. Identify File Types in the Linux The six file types in Linux include the following:
System
id o
Normal files
al n
Directories
(v an
Links
y -C Device files
m ED
Sockets
de TT
FIFOs
ca MI
3. Manage Directories with CLI and The current directory is shown in the prompt of a shell
Nautilus terminal: geeko@da2:~.
r A ER
The tilde ~ shows that you are in the user's home

ne P
directory.
rt Y
With cd (change directory), change between

Pa P
directories.
e CO
The pwd command (print working directory) shows the

path of the current directory. The pwd command,
id D
combined with the -P option, prints the physical

ts R
directory without any symbolic links.

ou HA
The ls command (list) lists the specified files. If a

directory is specified, its contents are displayed.
1
Without an option, the contents of the current directory

are shown.
ed
4. Create and View Files With touch, change the time stamp of a file or create a
new file with a size of 0 bytes.
us
With the cat command, the contents of the file can be

displayed. The command needs the filename of the file
or
you want to see.

ed
The less command displays the contents of a file page

by page. Even compressed files (.gz, .bz2 ...) can be
pi
displayed.
co
Objective Summary
4. Create and View Files (continued) With head you can view only the first few lines. The
opposite is the tail command, which shows you only the
last few lines of a file.
By default ten lines are shown by the two commands.

To change this number, just append the option -
number. With the -f option, tail appends data to the
)
13
output as the file grows.
8/
5. Work with Files and Directories mv (move) moves one or more files to another directory
/2
or renames a file.
-2
Copying files and directories (with the option -r) is done
with the cp command (copy): cp source destination.
2
Existing files are overwritten without confirmation.
/1
01
With mkdir (make directory), create new directories.
om e
The -p option allows you to create a complete path.
9/
fr t b
With rmdir (remove directory), the directory or
id o
directories given are deleted.
al n
The directory or directories must be empty.
(v an
The rm command (remove) is used to delete files.
y -C With the -i option, you are asked for confirmation before
m ED
deleting.
de TT
5. Work with Files and Directories The -r option allows non-empty directories to be
(continued) deleted.
ca MI
Files that are deleted with this command cannot be

r A ER
restored.
ne P
A link is a reference to a file.

rt Y
Hard links can only be used when both the file and the
Pa P
link are in the same file system, because the inode

e CO
numbers of link and target are identical.
A symbolic link is assigned its own inodethe link

id D
refers to a file, so a distinction can always be made

ts R
between the link and the actual file.

ou HA
A symbolic link can be made with the -s option.

1
6. Find Files on Linux The Nautilus program can be used to find files with
specific features.
To search for files at the command line, use the

ed
following commands:
us
find
or
locate
updatedb
ed
whereis
pi
which
co
type
Objective Summary
7. Search File Content The grep command and its variant egrep are used to
search files for certain patterns.
The command prints lines that contain the given search

pattern. It is also possible to specify several files, in
which case the output will not only print the matching
line, but also the corresponding filenames.
)
13
Search patterns can be supplied in the form of regular
8/
expressions. Regular expressions are strings consisting
/2
of meta characters and literals. Meta characters do not
represent themselves but have special meanings
-2
8. Perform Other File Operations The Nautilus file browser allows you to manage files
2
with Nautilus and folders in a graphical user interface. You can
/1
perform most operations you would at the command
01
line, such as
om e
9/
fr t b
Set file manager preferences
id o
Create CDs and DVDs
al n
Use Bookmarks
(v an
Share folders
y -C Archive folders
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Work with the Linux Shell and Command Line Interface (CLI)
SECTION 4 Work with the Linux Shell and Command

Line Interface (CLI)
)
13
In this section, you learn about the basic features of the bash shell. In addition, you
are introduced to some important administration commands.
8/
/2
-2
Objectives
2
1. Get to Know the Command Shells on page 126
/1
Execute Commands at the Command Line on page 129
01
2.
om e
9/
fr t b
3. Work with Variables and Aliases on page 131
Understand Command Syntax and Special Characters on page 135
id o
4.
al n
5. Use Piping and Redirection on page 140
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Get to Know the Command Shells

Since you cannot communicate directly with the Linux operating system kernel, you
need to use a program that serves as an interface between the user and operating
system. In the operating systems of the UNIX family, this program is called the shell.
The shell accepts a user's entries, interprets them, converts them to system calls, and
delivers system messages back to the user, making it a command interpreter.
)
13
To understand command shells, you need to know the following:
8/
Types of Shells on page 126
/2

-2
bash Configuration Files on page 126
Completion of Commands and Filenames on page 128
/1
01
Types of Shells
om e
9/
fr t b
UNIX has a whole series of shells, most of which are provided by Linux in freely
usable versions. The following are examples of some popular shells:
id o
al n
The Bourne shell (/bin/sh; symbolic link to /bin/bash) - An early and important
(v an
Unix shell.

y -C
The Bourne Again shell or bash (/bin/bash) - The standard Linux shell with
m ED
many advanced features - a superset of the Bourne shell.
de TT
The Korn shell (/bin/ksh) - Offers rich scripting capabilities.

The C shell (/bin/csh; symbolic link to /bin/tcsh) - Its syntax is modeled after the
ca MI

C programming language.
r A ER
The TC shell (/bin/tcsh) - Enhanced C shell with file name completion and
ne P
command line editing

rt Y
The various shells differ in the functionality they provide.

Pa P
e CO
Every shell can be started like a program and you can switch at any time to a different
shell. For example, you can switch to the TC shell by entering tcsh; you can switch to
id D
the Korn shell by entering ksh.

ts R
ou HA
Unlike most other programs, the shell does not terminate on its own. You need to
enter the exit command to return to the previous shell.
1
A shell is started at a text console right after a user logs in. This is called the login
shell. Which shell is started for which user is determined in the user database.
ed
The standard Linux shell is bash, so we will only cover the bash shell in this
us
objective.
or
bash Configuration Files

ed
To customize bash for an interactive session, you need to know about the
pi
configuration files and about the order in which they are processed.
co
To understand how shells work, you need to know the difference between the
following:
Login Shells on page 127
Non-Login Shells on page 127
Like most other Linux distributions, SUSE Linux Enterprise 11 has a default setup
that ensures users do not see any difference between a login shell and a non-login
)
13
shell. In most cases, this is achieved by also reading the ~/.bashrc file when a login
shell is started.
8/
/2
-2
Login Shells
2
A login shell is started whenever a user logs in to the system. In contrast, any shell
/1
started from within a running shell is a non-login shell. The only differences between
01
these two are the configuration files read when starting the shell.
om e
9/
fr t b
A login shell is also started whenever a user logs in through an X display manager.
id o
Therefore, all subsequent terminal emulation programs run non-login shells.
al n
The following files are read when starting a login shell:
(v an
1. y -C
/etc/profile is a system-wide configuration file read by all shells. It sets global
configuration options.This configuration file will be read not only by the bash,
m ED
but also by other shells.
de TT
~/.profile is a file created for each new user by default on the SUSE Linux
Enterprise. Any user-specific customizations can be stored in it.
ca MI
r A ER
/etc/profile.local is the file with your own global settings.

2. /etc/bash.bashrc makes some useful configurations for the bash shell. For
ne P
example:
rt Y
Pa P
Appearance of the prompt

e CO
Colors for the ls command

id D
Aliases
ts R
ou HA
For your own system-wide bash configurations, use the /etc/bash.bashrc.local file
that is imported from /etc/bash.bashrc.
1
~/.bashrc is a configuration file in which users store their customizations.

ed
Non-Login Shells
us
When you use the su command to switch to user root, you will receive that roots
default shell, but it will be as a non-login shell.
or
The only way to exit a non-login shell is with the exit command.
ed
The following files are read when a non-login shell is started:

pi
co
/etc/bash.bashrc
/etc/bash.bashrc.local and
~/.bashrc
If you change any settings and want them to be applied during the same shell session,
the changed configuration file needs to be read in again.
The proper way to read in a changed configuration file and to apply the changes to the
current session is by using the internal shell source command, as in the following
)
13
example:
8/
source ~/.bashrc
/2
-2
You can also use the short form of this command, which happens to be included in
many configuration files, where it is used to read in other configuration files, as in the
2
following (with a space between the period and the tilde):
/1
01
. ~/.bashrc
om e
9/
fr t b
Completion of Commands and Filenames
id o
al n
The bash shell supports a function of completing commands and filenames. Just enter
the first characters of a command (or a filename) and press Tab. The bash shell
(v an
completes the name of the command.
y -C
If there is more than one possibility, the bash shell shows all possibilities when you
m ED
press the Tab key a second time. This feature makes entering long filenames very
de TT
easy.
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 Execute Commands at the Command Line

If you do not have a graphical user interface, you can use the following to help make
entering shell commands and administering SUSE Linux Enterprise 11 much easier:
History Function on page 129
Switch to User root on page 129
)
13
Execute Commands at the Command Line on page 130
8/
History Function
/2
-2
bash stores the commands you enter so you have easy access to them. By default, the
commands are written in the .bash_history file in the user's home directory. In SUSE
2
Linux Enterprise 11, the size of this file is set to a maximum of 1,000 entries.
/1
01
You can display the content of the file by using the history command.
om e
9/
fr t b
You can display the commands stored in the history cache (one at a time) by using the
arrow keys. Up-arrow shows the previous command; the Down-arrow shows the
id o
al n
next command. After finding the desired command, edit it as needed, then execute it
(v an
by pressing Enter.
y -C
When browsing the entries of the history, you can also select specific commands.
Type one or more letters, and press PageUp or PageDown to display the preceding or
m ED
next command in the history cache beginning with this letter.
de TT
If you enter part of the command (not necessarily the beginning of the command),
ca MI
pressing Ctrl+r searches the history list for matching commands and displays them.
Searching starts with the last command executed.
r A ER
ne P
Switch to User root

rt Y
If you are working with a shell, you can become root user by entering the su -
Pa P
command and the root password. The root user is comparable to the Administrator
e CO
user in Windows. You have to log in as root to perform system administration tasks.
id D
The root user is the superuser and the only account with all the privileges needed to
ts R
do anything in the system.

ou HA
When you enter su, you switch to root at the same level as before.
1
When you enter su -, you switch to roots home directory and you set up the
environment as if the root user logged directly into the computer.
You can check to make sure you are root by entering id or whoami. To quit the root
ed
administrator shell, enter the exit command.

us
or
ed
pi
co
Exercise 4-1 Execute Commands at the Command Line

In this exercise, you use the history feature of the shell and get root permissions at the
command line. You use the history and su command.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 3 Work with Variables and Aliases

Two features make working with the bash shell more powerful:
Variables on page 131
Aliases on page 132
Perform Common Command Line Tasks on page 134
)
13
Variables
8/
/2
With shell and environment variables, you are able to configure the behavior of the
-2
shell and adjust its environment to your own requirements.
The convention is to write variables such as PATH in uppercase letters. If you set
2
/1
your own variables, they should also be written in capitals for the sake of clarity.
01
om e
Environment variables are used to control the behavior of a program that is started
9/
fr t b
from a shell. Shell variables, on the other hand, are used to control the behavior of
shell itself.
id o
al n
Some important environment variables include the following:
(v an
PATH. When a program is called up, the program is searched for in the
y -C
directories specified here (each separated by :). The order in which directories
m ED
are listed is important, since they are searched in turn.
de TT
HOME. The user's home directory.

ca MI
USER. The login name of the actual user.

r A ER
To display the value of a shell or environment variable, enter

echo $variable, as in the following:
ne P
rt Y
geeko@da2:~ > echo $HOME

Pa P
e CO
/home/geeko
id D
To set the value of a variable or to create a new variable, use the syntax
ts R
ou HA
variable=value, as in the following:

1
da2:~ # MYVAR=myvalue
da2:~ # echo $MYVAR

ed
myvalue
us
da2:~ #
or
ed
pi
co
The value can be a number, a character, or a string. If the string includes a space, you
have to write the value in full quotes, as in the following:
da2:~ # MYVAR=my value
da2:~ # echo $MYVAR
my value
)
13
da2:~ #
8/
/2
To show all variables currently set, use the set or printenv commands.
-2
Aliases
2
/1
Defining aliases allows you to create shortcuts for commands and their options or to
01
create commands with entirely different names. Aliases can save you a lot of typing
om e
by assigning short names to long commands.
9/
fr t b
In SUSE Linux Enterprise 11, whenever you enter the dir, md, or ls command, for
id o
al n
instance, you will be using aliases.
(v an
You can find out about the aliases defined on your system with the alias command.
y -C
This will show you that
m ED
dir is an alias for ls -l
de TT
md is an alias for mkdir -p

ca MI
The following are examples of aliases through which new commands are defined:
r A ER
geeko@da2:~> alias md
ne P
alias md='mkdir -p'

rt Y
Pa P
geeko@da2:~> alias dir

e CO
alias dir='ls -l'

id D
ts R
To see whether a given command is an alias for something else, use the type
ou HA
command. For each command specified, type will tell you whether it is a built-in
shell command, a regular command, a function, or an alias.
1
For regular commands, the output of type lists the path to the corresponding
executable. For aliases, it lists the elements aliased:
ed
us
geeko@da2:~> type -a ls
ls is aliased to `/bin/ls $LS_OPTIONS'

or
ls is /bin/ls
ed
pi
The above example shows that ls is an alias although, in this case, it is only used to
co
add some options to the command.
The -a option was used with type to show both the contents of the alias and the path
to the original ls command. The output shows that ls is always run with the options
stored in the LS_OPTIONS variable.
These options cause ls to list different file types in different colors (among other
things).
Most of the aliases used on a system-wide basis are defined in the /etc/bash.bashrc
)
file. Aliases are defined with the alias command and can be removed with the
13
unalias command.
8/
For example, entering unalias ls removes the alias for ls, causing ls to stop coloring
/2
its output.
-2
The following is the syntax for defining aliases:
2
/1
alias aliasname="command options
01
om e
An alias defined in this way is only valid for the current shell and will not be inherited
9/
fr t b
by subshells, as in the following:
id o
al n
geeko@da2:~> alias ps="echo Hello"
(v an
geeko@da2:~> ps
y -C
m ED
Hello
geeko@da2:~> bash
de TT
geeko@da2:~> ps
ca MI
r A ER
PID TTY TIME CMD
858 pts/0 00:00:00 bash

ne P
rt Y
895 pts/1 00:00:00 bash

Pa P
e CO
...
id D
To make an alias persistent, you need to store the definition in one of the shell's
ts R
configuration files. In SUSE Linux Enterprise 11, the ~/.alias file is created for
ou HA
personal aliases defined by each user. Aliases are not inherited by subshells, therefore
~/.alias is not read by a script. Setting aliases has to be done using source ~/.alias in
1
the script.
This file is read in by ~/.bashrc, where a command is included to that effect. Aliases
ed
are not relevant to shell scripts, but they can be a real time saver when using the shell
interactively.
us
or
ed
pi
co
Exercise 4-2 Perform Common Command Line Tasks

In this exercise, you create an alias labeled hello that prints a personal Hello
username welcome message on the screen.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 4 Understand Command Syntax and Special Characters

You can use specific characters to provide special functionality. Using them can save
you a lot of time and effort. In this objective, you will learn about the following:
Select Your Character Encoding on page 135
Use Search Patterns for Name Expansion on page 137
)
13
Prevent the Shell from Interpreting Special Characters on page 138
8/
Work with Command Syntax and Special Characters on page 139
/2
Select Your Character Encoding
-2
SUSE Linux Enterprise 11 is internationalized and can easily be adapted to local
2
/1
standards.
01
om e
There are some variables that determine the localization. Use the locale command to
9/
fr t b
get a list of the localization variables.
id o
Figure 4-1
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
The LANG variable specifies the language. In this example the language is set to US
ed
English.
us
The characters are encoded in UTF-8 (UCS Transformation Format), which means
Unicode (Universal Character Set). Unicode lets you use all kinds of character sets,
or
not just the Latin one.

ed
SUSE Linux Enterprise 11 uses UTF-8 encoding for all users except user root.
pi
For user root, the LANG variable is set to POSIX, which means the characters are
co
ASCII encoded.
The state of the LANG variable is important for this section, because the results
depend on the type of encoding. The order of the characters is different in POSIX and
in UTF-8.
You can see the differences between UTF-8 and POSIX encoding when you use the ls
command. For user Geeko, the content of the /usr/share/doc/packages/yast2-users/
directory looks like this:
)
13
geeko@da2:~> ls -l /usr/share/doc/packages/yast2-users/
8/
total 65
/2
-2
drwxr-xr-x 2 root root 1352 2006-02-02 15:42 autodocs
-rw-r--r-- 1 root root 17992 2006-01-27 00:34 COPYING
2
/1
-rw-r--r-- 1 root root 17992 2006-01-27 00:34 COPYRIGHT.english
01
om e
-rw-r--r-- 1 root root 2013 2005-09-08 02:36 crack.html
9/
fr t b
-rw-r--r-- 1 root root 75 2006-01-27 00:34 README
id o
al n
-rw-r--r-- 1 root root 193 2005-09-08 02:36 TODO.txt
(v an
-rw-r--r-- 1 root root 9583 2005-09-08 02:36 users.html
y -C
geeko@da2:~>
m ED
de TT
Notice that the first file in the list is autodocs. For user root the output is different:
ca MI
da2:~ # ls -l /usr/share/doc/packages/yast2-users/
r A ER
total 79
ne P
drwxr-xr-x 3 root root 248 Feb 2 15:42 .

rt Y
Pa P
drwxr-xr-x 492 root root 13976 Feb 2 16:02 ..

e CO
-rw-r--r-- 1 root root 17992 Jan 27 00:34 COPYING

id D
ts R
-rw-r--r-- 1 root root 17992 Jan 27 00:34 COPYRIGHT.english

ou HA
-rw-r--r-- 1 root root 75 Jan 27 00:34 README

1
-rw-r--r-- 1 root root 193 Sep 8 02:36 TODO.txt
drwxr-xr-x 2 root root 1352 Feb 2 15:42 autodocs

ed
-rw-r--r-- 1 root root 2013 Sep 8 02:36 crack.html

us
-rw-r--r-- 1 root root 9583 Sep 8 02:36 users.html

or
da2:~ #
ed
The first file in the list of user root is COPYING.

pi
In the POSIX encoding table, the lowercase characters follow the uppercase
co
characters. In UTF-8, lowercase a follows uppercase A immediately.
As a result, in POSIX, the only character between A and C is B. But in UTF-8,

the characters a, B, and b would appear between A and C.
NOTE: The behavior of POSIX encoding is much more intuitive here and we recommend setting
the LANG variable to POSIX for this section.
)
NOTE: To change the locale variables permanently, you have to edit the /etc/sysconfig/language
13
file. The functionality of the other variables is described in that file. For further information, see the
8/
man page of locale (man locale).
/2
-2
Use Search Patterns for Name Expansion
2
Occasionally, you might want to perform operations on a series of files without
/1
having to name all the files. In this case, you could make use of the following search
01
patterns:
om e
9/
fr t b
Table 4-1
id o
al n
(v an
Search Pattern Description
? y -C Any single character (except /).

m ED
* Any string length, including zero characters (except . at the beginning of a
file name and /).
de TT
[0-9] Any of the characters enclosed (here: numbers from 0 to 9).

ca MI
[a-ek-s] Any character from the ranges a-e or k-s.

r A ER
[abcdefg] Any of these characters.

ne P
[!abc] None of these characters.

rt Y
Pa P
e CO
NOTE: Some of the search patterns have a different meaning than they have as regular expressions.
id D
The following examples show the use of some search patterns:

ts R
ou HA
geeko@da2:/usr/X11/bin > ls xc*

1
xcalc xclipboard xclock xcmsdb xconsole xcursorgen xcutsel
geeko@da2:/usr/X11/bin > ls xc[alo]*

ed
xcalc xclipboard xclock xconsole

us
geeko@da2:/usr/X11/bin > ls xc[!o]*

or
xcalc xclipboard xclock xcmsdb xcursorgen xcutsel

ed
geeko@da2:/usr/X11/bin > ls xc*l*

pi
xcalc xclipboard xclock xconsole xcutsel

co
If search patterns (wild cards) are given on the command line, the shell tries to
compare these with the filenames in the file system and, if they match, the expression
is replaced with all the filenames found.
Prevent the Shell from Interpreting Special Characters

To prevent the shell from interpreting special characters in the command line, these
characters must be masked by using the following:
)
13
\: The backslash protects one character from being interpreted by the shell, as in
8/
the following:
/2
-2
geeko@da2:~ > mkdir new\ directory
2
geeko@da2:~ >
/1
01
"...": Double quotes protect all special characters except $, \, and ` (back tick)
om e

9/
fr t b
from being interpreted by the shell, as in the following:
id o
al n
geeko@da2:~ > echo Home = $HOME
(v an
Home = /home/geeko
y -C
geeko@da2:~ > echo Home = $HOME
m ED
Home = /home/geeko
de TT
geeko@da2:~ >
ca MI
r A ER
'...' Apart from regular expressions, variables are also protected with single
quotes, as in the following:
ne P
rt Y
geeko@da2:~ > echo 'Home = $HOME'

Pa P
e CO
Home = $HOME
id D
geeko@da2:~ >
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 4-3 Work with Command Syntax and Special Characters

In this exercise, you learn how to use wildcards and other special characters.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 5 Use Piping and Redirection

Linux has three standard data channels:
Figure 4-2
Standard Standard >_

command
input 0 output 1
)
13
Standard
8/
error 2
/2
output
-2
>_
2
/1
01
om e
Standard input (stdin). The currently running program reads the input from this
9/
fr t b
channel (usually the keyboard).
id o
Standard output (stdout). The program sends its output to this channel (usually
al n

the monitor).
(v an
Standard error (stderr). Errors are issued through this channel (usually the
y -C
monitor).
m ED
These input and output channels are assigned the following numbers:
de TT
ca MI
Table 4-2
r A ER
Channel Number Assigned

ne P
Standard input (stdin) 0

rt Y
Pa P
Standard output (stdout) 1

e CO
Standard error output (stderr) 2

id D
Each channel can be redirected by the shell. For example, stdin can come from a file
ts R
ou HA
or stdout and stderr can be directed to a file. The following are the redirection
characters:
1
Table 4-3
ed
Redirection Character Description

us
< Redirects standard input.

or
> Redirects standard output (> without a preceding

number is just an abbreviation for 1>), overwrites file.
ed
>> Redirects standard output, appends to file.

pi
2> Redirects standard error output.

co
2>> Appends error output to a file
The following is an example of a standard input, standard output, and standard error
output:
geeko@da2:~ > ls /opt /recipe
/bin/ls: /recipe: No such file or directory
/opt:
)
13
gnome kde3
8/
/2
If the standard error output is redirected to /dev/null, only the standard output is
-2
displayed on the screen:
2
/1
geeko@da2:~ > ls /opt /recipe 2> /dev/null
01
/opt:
om e
9/
fr t b
gnome kde3
id o
al n
To redirect standard output and standard error output to a file (such as list), enter the
(v an
following:
y -C
ls /opt /recipe > list 2>&1
m ED
First, the standard output is redirected to the list file (> list); then the standard error
de TT
output is directed to the standard output (2>&1). The & refers to the file descriptor
that follows (1 for the standard output).
ca MI
You can display the contents of the list file by using the cat command, as in the
r A ER
following:
ne P
rt Y
geeko@da2:~> cat list

Pa P
e CO
/bin/ls: /recipe: No such file or directory
/opt:
id D
ts R
kde3
ou HA
This option of process communication is available not only in the shell, but can also
1
be used in programs directly. All files in the system can be used as input or output.
Occasionally, you might want to use a file as input for a program that expects input
ed
from the keyboard. To do this, the standard input is redirected, as in the following:
us
geeko@da2:~ # echo "Hello Tux,

or
>
ed
> how are you?

pi
> Is everything okay?" > greetings

co
geeko@da2:~ # mail tux < greetings
First, the text is redirected to the greetings file through the > command. The mail
program, mail, receives its input from the greetings file (not the keyboard), and then
the e-mail program sends the e-mail to the user tux.
One commands output can be used as input for another command by using the pipe
( | ):
command1 | command2
)
13
In a pipe, a maximum of 4 KB of not yet processed data can exist. If the process
8/
creating the output tries to write to a full pipe, it is stopped and only allowed to
continue if the writing process can be completed. On the other side, the reading
/2
process is stopped if it tries to read an empty pipe.
-2
2
geeko@da2:~ > ls -l /etc | less
/1
01
om e
Occasionally the user might want output from a command displayed on the screen
9/
fr t b
and written to a file. This can be done using the tee command:
id o
ls -l | tee output
al n
(v an
In this example, the output of the command is displayed on the screen as well as
written to the output file. To redirect the output of several consecutive commands on
y -C
the command line, the commands must be separated with semi-colons and enclosed
m ED
in parentheses (command1; command2; ...):
de TT
geeko@da2:~> (id ; ls ~) > output

ca MI
geeko@da2:~> cat output

r A ER
uid=1000(geeko) gid=100(users)
ne P
groups=14(uucp),16(dialout),33(video),100(users)
rt Y
bin
Pa P
e CO
Desktop
id D
Documents
ts R
ou HA
output
public_html
1
geeko@da2:~>
ed
The shell starts a separate subshell for processing the individual commands. To
redirect the linked commands, the shell must be forced to execute the command chain
us
in the same subshell by enclosing the expression in parentheses.

or
Upon completion, every program returns a value that states the success of the
ed
execution. If this return value is 0, the command completed successfully. If an error

occurred, the return value is greater than 0. (Depending on the program, different
pi
return values indicate different errors.)

co
You can use the echo $? command to display a return value.
The return value can be used to trigger the execution of another command:
Table 4-4
Link Result
command1 && command2 command2 is only executed if command1 is completed

without any errors.
)
13
command1 || command2 command2 is only executed if command1 is completed
8/
with an error.
/2
-2
The following illustrates using both || and &&:
2
/1
geeko@da2:~> ls recipe || ls ~
01
/bin/ls: recipe: No such file or directory
om e
9/
fr t b
bin Desktop Documents output public_html test
id o
al n
geeko@da2:~> ls recipe && ls ~
(v an
/bin/ls: recipe: No such file or directory
y -C
geeko@da2:~>
m ED
The recipe file does not exist and the ls recipe command leads to an error. Because of
de TT
this, the ls ~ command is executed in the first line, but not in the fourth line.
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 4-4 Use Piping and Redirection

In this exercise, you practice piping the output of standard commands into files and
other commands.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Get to Know the Command Shells The shell serves as an interface between a user and an
operating system.
)
Linux uses the Bourne Again shell (/bin/bash) as the
13
default shell.
8/
You can select two types of shells:
/2
Login Shells
-2

Non-login Shells
2
/1
The following files are read when starting a login shell:
01
/etc/profile
om e
9/
fr t b
~/.profile
id o
/etc/bash.bashrc
al n
/etc/bash.bashrc.local
(v an
~/.bashrc
y -C The following files are read when starting a non-login
m ED
shell:
de TT
/etc/bash.bashrc
/etc/bash.bashrc.local
ca MI
~/.bashrc
r A ER
To read a changed configuration file and to apply the

ne P
changes to the current session use the internal shell

command source or its short form ..
rt Y
Pa P
2. Execute Commands at the The bash shell stores commands that have been
e CO
Command Line entered so the user has easy access to them. By

default, the commands are written in the .bash_history
id D
file in the user's home directory.

ts R
The content of the file can be displayed with the

ou HA
command history.
1
Commands stored in the history cache can be flipped

through with the arrow keys.
One or several letters and Page Up or Page Down goes

ed
to the preceding or next command in the history,

beginning with the specified letter.
us
If you enter part of the command, Ctrl+r will

or
retroactively search the history for matching

commands.
ed
To become root, you can enter

pi
su command
co
Objective Summary
3. Work with Variables and Aliases Two types of variables are used with commands:
Environment variables influence the behavior of a

program which is started from a shell.
Shell variables control the behavior of the shell itself.
)
The value of a variable can be seen with the echo
13
command.
8/
Defining aliases lets you create shortcuts for commands
/2
and their options or create commands with entirely
-2
different names.
For each command specified, type will tell you whether
2
it is a built-in shell command, a regular command, a
/1
function, or an alias.
01
om e
Most of the aliases used on a system-wide basis are
9/
fr t b
defined in the /etc/bash.bashrc file.
id o
Aliases are defined with the alias command and can be
al n
removed with the unalias command.
(v an
To make an alias persistent, you need to store the
y -C definition in one of the shell's configuration files. On the
SUSE Linux Enterprise Server, the ~/.alias file is
m ED
created for personal aliases defined by each user.
de TT
4. Understand Command Syntax Use the locale command to get a list of the localization
and Special Characters variables.
ca MI
To perform operations on a series of files without having

r A ER
to name all the files, you can use various search

patterns:
ne P
?: stands for any character (except /).

rt Y
Pa P
*: stands for 0 or more characters (except . at the

e CO
beginning of a file name and /).

[a-z]: a character from the range a-z.
id D
ts R
[a-ek-s]: a character from the ranges a-e and k-s.

ou HA
[abcdefg]: any of these characters.

[!abc]: none of these characters.
1
To prevent the shell from interpreting special characters

in the command line, these characters must be
masked:
ed
\: The backslash protects exactly one character.

us
"...": Double quotation marks protect all special

or
characters except $, \, and ` (back tick).

'...': Apart from regular expressions, variables are
ed
also protected by single quotation marks.

pi
co
Objective Summary
5. Use Piping and Redirection Linux has three standard data channels:
0: Standard input (stdin)

1: Standard output (stdout)
2: Standard error (stderr)
)
13
Each channel can be redirected:
8/
<: Redirects standard input.
/2
>, 1> or >>: Redirects standard output.
-2
2>: Redirects standard error output.
2
The contents of a file can be displayed by entering the
/1
following command:
01
om e
cat filename
9/
fr t b
Using the pipe (|), the output from one command can
id o
be used as the input for another command.
al n
The tee command can be used to split the standard
(v an
output.
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Administer Linux with YaST
SECTION 5 Administer Linux with YaST
YaST is a powerful tool for configuring your SUSE Linux Enterprise 11. Many
modules are available for important configuration tasks. In this section you will get
)
13
an overview of YaSTs capabilities on the server and on the desktop, and learn more
8/
about the network configuration module.
/2
-2
Objectives
2
Get to Know YaST better on page 150
/1
1.
01
2. Manage the Network Configuration Information from YaST on page 164
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Get to Know YaST better

YaST stands for Yet another Setup Tool. You can use YaST to complete many
configuration tasks as a SUSE Linux Enterprise Server administrator.
User Interfaces
The YaST user interface can appear in two modes:
)
13
ncurses (Text mode)
8/
Qt (Fully graphical mode)
/2
-2
Table 5-1
2
/1
Command Terminal in X Window Command Line
01
om e
yast2 Qt ncurses
9/
fr t b
yast ncurses ncurses
id o
al n
The appearance of the user interface depends on which command you use to start
(v an
YaST and on whether you use the graphical system or the command line.
y -C
m ED
Navigating the Text Interface (ncurses)
de TT
You control the ncurses interface with the keyboard. To start the ncurses interface of
ca MI
YaST, you can start a terminal emulation from your GNOME desktop by selecting
Gnome Terminal from the main menu (application group: System).
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Enter su - to get root permissions. After entering the root password, start YaST by
entering yast.
Figure 5-1
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
Press Tab to move from one box to another or to the text buttons. To go back to the
previous box, press Shift+Tab. Use the arrow keys to navigate within the box. Select
ne P
highlighted menu items by pressing the Spacebar.

rt Y
Pa P
To select a menu item, press Enter. You can often press Alt and the highlighted letter
e CO
to access an item directly.

id D
Except for the controls and the appearance, the graphical mode and the text mode of
ts R
YaST are identical.

ou HA
You can list the available YaST modules with the yast -l or yast --list command. To
start an individual module, specify its name. For example, you can enter the
1
following to start the software installation module:

yast sw_single
ed
You can enter the software module name with the yast or yast2 command, as in the
us
following:
or
yast sw_single (text mode)

ed
yast2 sw_single (graphical mode)

pi
co
To display a list of YaST options, enter one of the following:

yast --help
yast -h
The main dialog of YaST is called the YaST Control Center.
From the YaST Control Center you can select a category on the left (such as Software
)
or System) and a module on the right (such as Online Update) to configure and
13
manage your system.
8/
When you finish making changes with a YaST module, YaST uses backend services
/2
such as SuSEconfig (see Objective 2 Understand the Role of SuSEconfig on
-2
page 158) to implement the changes in the system.
2
/1
01
Navigating the Graphical Interface (Qt)
om e
9/
fr t b
In the graphical interface, you can control YaST with the mouse. To start it, select
YaST from the main menu (application group: System). You are asked to enter the
id o
al n
root password.
(v an
Figure 5-2
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
The YaST Control Center dialog appears.
)
13
Figure 5-3
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
YaST Applets
From Yast, you can perform tasks in the following categories:
1
Hardware on page 154

Miscellaneous on page 155
ed
Network Devices on page 155

us
Network Services on page 156

or
Novell AppArmor on page 157

ed
Security and Users on page 158

pi
Software on page 159

co
System on page 159
Virtualization on page 160

Other on page 160
Hardware
On SUSE Linux Enterprise Server, clicking the Hardware tab displays the following:
)
13
8/
Figure 5-4
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
The Hardware tab on the SUSE Linux Enterprise Desktop gives you several more
options:
de TT
Figure 5-5
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
Some tasks you can perform in the Hardware category are:

us
Add, configure, and remove printers.

Configure keyboard settings.
or
Manage external devices such as web cams, joysticks, mice and so on.
ed
Manage additional devices such as TV card, scanners and so on (desktop only).

pi

co
Miscellaneous
)
13
When you click on the Miscellaneous tab, the following displays:
8/
Figure 5-6
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
Some tasks you can perform in the Miscellaneous category are:

ca MI
View start-up and system logs.

r A ER
Connect with Novell Support Center.

ne P
Configure Autoinstallation settings.

rt Y
Pa P
e CO
Network Devices
When you click on the Network Devices tab, the following displays:
id D
ts R
Figure 5-7
ou HA
ed 1
us
or
ed
pi
co
Some tasks you can perform in the Network Devices category are:
Configure network settings.
Assign IP addresses and domain names.
Manage network cards, modems, fax machines and so on.
Configure remote administration with Virtual Network Computing (VNC).
)
13
Network Services
8/
/2
From the server, when you click on the Network Services tab, the following displays:
-2
Figure 5-8
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
Notice your options are limited in the desktop version:
8/
Figure 5-9
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
Some tasks you can perform in the Network Services category are:
ne P
Configure hostnames.
rt Y
Manage various network clients.

Pa P
e CO
Create Windows domains and workgroups.

Configure additional server settings (server only).
id D

ts R
ou HA
Novell AppArmor
1
Novell AppArmor is a security framework that comes installed with SLE 11. It gives
you network application security via mandatory access control for programs,
protecting against the exploitation of software flaws and compromised systems.
ed
AppArmor offers an advanced toolset that largely automates the development of per-
program application security so that no new expertise is required.
us
When you click on the Novell AppArmor tab, the following displays:
or
ed
pi
co
Figure 5-10
)
13
8/
/2
-2
2
Some tasks you can perform in the Novell AppArmor category are:
/1
01
Enable or disable AppArmor.
om e
9/
fr t b
Run security reports and event notification warnings.
id o
Create and modify AppArmor profiles.
al n
(v an
NOTE: More information on this topic can be found in Course 3102 SUSE Linux Enterprise 11
y -C
Administration.
m ED
de TT
Security and Users

ca MI
When you click on Security and Users tab, the following displays:
r A ER
Figure 5-11
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
Some tasks you can perform in the Security and Users category are:
us
Add/delete users.
or
Change password settings.

Manage firewall settings.
ed

pi
co
Software
When you click on the Software tab, the following displays:

Figure 5-12
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
Some tasks you can perform in the Software category are:
id o
Install and manage software.
al n
Check for online updates.
(v an

Check the integrity of installation media.

y -C
m ED
System
de TT
When you click on the System tab, the following displays:

ca MI
r A ER
Figure 5-13
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
Some tasks you can perform in the System category are:

or
Adjust date and time settings.

ed
Back up, archive, and restore the system.

pi
Change language settings.

co
Manage disk partitions.
NOTE: More information on this topic can be found in Course 3102 SUSE Linux Enterprise 11
Administration.
Virtualization
When you click on the Virtualization tab, the following displays:
)
13
Figure 5-14
8/
/2
-2
2
/1
01
Some tasks you can perform in the Virtualization category are:
om e
9/
fr t b
Install and manage Xen Hypervisor
id o
Access libvert and other utilities
al n
(v an
Other
y -C
When you click on the Other tab, the following displays:
m ED
Figure 5-15
de TT
ca MI
r A ER
ne P
rt Y
Pa P
Some tasks you can perform in the Other category are:

e CO
Review release note with updates to the latest version of SLE.

id D
Manage Novell Customer Center settings.

ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
Understand the Role of SuSEConfig
/1
01
SuSEconfig acts as a backend for YaST2 and activates the configuration changes
om e
9/
made by YaST2. SuSEconfig is automatically executed by Yast whenever you install,
fr t b
update or remove any package from the system.
id o
al n
Next time you install a package with YAST, notice that it runs SuSEconfig after
(v an
completing the installation of the packages. This is because newly installed packages
may have included changes to the configuration options in /etc/sysconfig/.
y -C
m ED
SUSE Linux stores much of its configuration information in the files and folders
under /etc/sysconfig/. SuSEconfig configures the system according to the variables
de TT
that are set in the various "/etc/sysconfig/" files.

ca MI
These configuration options can be used in two ways:

r A ER
1. They can be read directly

ne P
2. They can be migrated to other configuration files in /etc/ with the /sbin/
rt Y
SuSEconfig command.
Pa P
e CO
The configuration migration method is most often the case when an option in /etc/
sysconfig/ leads to several changes in other configuration files.
id D
ts R
ou HA
SuSEconfig after Command-Line Installations
If you install any package via command line, for example by running a simple rpm
1
command, it is essential to run SuSEconfig manually. It is important for these

changes to be migrated to the proper configuration files. Thus, it is important to run
SuSEconfig manually after installing packages manually.
ed
For example, execute the following command:

us
rpm -i package.rpm
or
Then enter
ed
pi
SuSEConfig
co
A message similar to the following will follow:
Starting SuSEconfig, the SuSE Configuration Tool...

Running in full featured mode.
Reading /etc/sysconfig and updating the system... See Exercise 5-1 Manage User
Accounts with YaST on page 186...
SuSEConfig Options
)
13
- verbose ---- Shows what is happening.
8/

/2
- quick ---- Does not rebuild kernel module dependencies.
-2
-nonewpackage ---- Skips configuration modules that have to be run only when
a package is newly installed.
2
/1
-module ---- Runs SuSEConfig with the configuration module for the specific
01
subsystem instead of running all modules.
om e
9/
fr t b
-nomodule ---- Does not execute the subsystem-specific modules.
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 5-1 Get to Know YaST

In this exercise, you learn how to use the different user interfaces of YaST and how to
start some YaST modules.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 Manage the Network Configuration Information from YaST

The YaST module for configuring network cards and the network connection can be
accessed from the YaST Control Center.
To access the network configuration module, select
Computer > YaST > Network Devices > Network Settings.
)
13
Network Configuration in SLES
8/
On the server, the Network Settings module opens with the overview page selected,
/2
displaying the installed network cards. A desktop machine will typically show only
-2
the network card, whereas a laptop will also show the wireless card.
2
Figure 5-16
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
Notice that the following tabs are available in this module:

Global Options
ed
Overview
us
Hostname/DNS
or
Routing
ed
pi
co
This is what the Global Options tab looks like on the Server:
Figure 5-17
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
These options are available in the Global Options tab:

ne P
Network Setup Method

rt Y
User Controlled with NetworkManager

Pa P
e CO
Use a desktop applet that manages the connections for all network interfaces.
This is recommended for SLED
id D
Traditional Method with ifup

ts R

ou HA
The traditional method uses the ifup command. This is the default setup
method and is recommended for servers because they are configured
1
manually.
IPv6 Protocol Settings
ed
DHCP Client Options

us
or
ed
pi
co
Using the traditional method, the overview tab shows the detected network cards:
Figure 5-18
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Figure 5-19
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
Usually the cards are auto detected by YaST, and the correct kernel module is used.
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
If the card is not recognized by YaST, the required module must be entered manually
in YaST. Select Add. A Hardware dialog appears.
Figure 5-20
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
From this dialog, you enter details of the interface to configure such as Network
ne P
Device Type (Ethernet) and Configuration Name (0). Under Kernel Module, enter
rt Y
the name of the module to load. You can select the card model from a list of network
Pa P
cards.
e CO
Some kernel modules can be configured more precisely by adding options or

id D
parameters for the kernel. Details about parameters for specific modules can be found
ts R
in the kernel documentation.

ou HA
ed 1
us
or
ed
pi
co
After selecting Next, the following dialog appears:

Figure 5-21
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
From this dialog you enter the following information to integrate the network device
into an existing network:
ne P
rt Y
Automatic Address Setup (via DHCP). Select this option if the network card
Pa P
should receive an IP address from a DHCP server.

e CO
Statically Assigned Address Setup. If you choose this option, you need to enter
id D
the static IP address for your computer under IP Address.

ts R
Each computer in the network has at least one address for each network interface,
ou HA
which must be unique in the entire network. According to the currently valid
standard (IPv4), this address consists of a sequence of four bytes, separated by
1
dots (such as 172.17.0.1).

When choosing the IP address, you need to know if the computer will be directly
ed
connected to the Internet. In this case, use an assigned official IP address.

Otherwise, use an address from a private address space.
us
Subnet Mask. The network mask (referred to as subnet mask in YaST),

or
determines in which network an IP address is located.

ed
pi
co
The mask divides the IP address into a network section and a host section, thus
defining the size of a network. All computers within the network can reach each
other directly without a router in between.
Hostname. Computers in the network can be addressed directly using their IP
addresses or with a unique name. A name server (DNS) must exist for the
resolution of names into IP addresses and vice versa.
)
When you select Next, the settings are saved and you are returned to the overview
13
tab. The Hostname/DNS tab gives you further options:
8/
/2
Figure 5-22
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
This dialog lets you enter the following:

Hostname. Enter a name by which the computer can be addressed. This name
1
should be unique within the network.

Domain Name. This is the name of the DNS domain to which the computer
belongs. Domains help to divide networks. All computers in a defined
ed
organizational area normally belong to the same domain.

us
or
ed
pi
co
A computer can be addressed uniquely by giving its FQDN (Fully Qualified Domain
Name). This consists of the host name and the name of the domain, such as
da51.digitalairlines.com. In this case, the domain would be digitalairlines.com.
List of name servers. To address other computers in the network with their host
names, identify the name server, which guarantees the conversion of computer
names to IP addresses and vice versa.
)
You can specify a maximum of three name servers.
13
Domain search list. In the local network, it is more appropriate to address other
8/

hosts not with their FQDN, but with their host names. The domain search list
/2
specifies the domains with which the system can expand the host name to the
-2
FQDN.
2
This complete name is then passed to the name server to be resolved. For example,
/1
da51 is expanded with the search list digitalairlines.com to the FQDN
01
om e
da51.digitalairlines.com. This name is then passed to the name server to be
9/
fr t b
resolved.
id o
If the search list contains several domains, the completion takes place one after the
al n
other, and the resulting FQDN is passed to the name server until an entry returns an
(v an
associated IP address.
y -C
Separate the domains with commas or white space.
m ED
Routing. If the computer is intended only to reach other computers in the same
de TT
subnet, then it is not necessary to enter any routes.

ca MI
However, if you need to enter a default gateway or create a routing table, select
Routing from the Network address setup dialog. The following appears:
r A ER
Figure 5-23
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
You can define the following:

Default Gateway. If the network has a gateway (a computer that forwards
information from a network to other networks), its address can be specified in the
network configuration.
All data not addressed to the local network is then forwarded directly to the
gateway.
)
13
Routing Table. You can create entries in the routing table of the system after
selecting Expert Configuration.
8/
/2
Enable IP Forwarding. If you select this option, IP packages that are not
-2
dedicated for your computer are routed.
All the necessary information is now available to activate the network card.
2
/1
In the General tab of the Network Address Setup dialog, you can set up a few more
01
om e
options.
9/
fr t b
Figure 5-24
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
Firewall Zone. (De-)activate the firewall for the interface. If activated, you can
specify the zone to put the interface in. Three zones are possible:
ed
Internal Zone
pi

co
Demilitarized Zone
External Zone
Device Activation. Choose when the interface should be set up. Possible values
are
At Boot Time. During system start.
On Cable Connection. If there is a physical network connection.
13
On Hotplug. When the hardware is plugged in.
8/
Manually.
/2

-2
Never.
Normally only root is allowed to activate and deactivate a network interface. To
2
/1
allow this for normal users, activate the option User Controlled.
01
MTU. (Maximum Transfer Unit) Maximum size of an IP package. The size
om e

9/
fr t b
depends on the hardware (Ethernet: max. 1,500 bytes).
id o
After you save the configuration with YaST, the ethernet card should be available in
al n
the computer. You can verify this with the ip command, as shown in the following:
(v an
Figure 5-25
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
In this example, the interface eth0 was configured.

or
One network devices is always set up by defaultthe loopback device (lo).

ed
If you run this command as a user other than root, you must enter the absolute path to
pi
the command (/sbin/ip).

co
Network Configuration in SLED

The above information also applies to SuSE Linux Enterprise Desktop. The four tabs
have a slightly different look but contain the same settings. The only difference is that
the SLED dialog has some context-sensitive help information for each tab below the
Network Settings heading.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 5-2 Manage the Network Configuration Information from YaST

Until now, your system got all network configuration information via DHCP. In this
exercise, you change all the network configuration information to static values.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Get to Know YaST The appearance of the user interface of YaST depends on the
better command used for starting:
)
In the graphical interface, YaST can be controlled intuitively
13
with the mouse.
8/
The ncurses interface is controlled exclusively with the
/2
keyboard.
-2
Individual modules can also be started directly. Available
modules can be listed with the yast -l or yast --list command.
2
/1
2. Understand the Role of Sometimes YaST writes the configuration changes you make
01
SuSEconfig directly into the final configuration file.
om e
9/
fr t b
In other cases the information you enter is first written to a file in
the /etc/sysconfig/ directory and then written to its final
id o
destination.
al n
SuSEconfig is a tool used in SUSE Linux Enterprise Server to
(v an
configure the system according to the variables that are set in the
y -C various files in /etc/sysconfig/ and its subdirectories.
m ED
SuSEconfig acts as a back end for YaST and activates the
configuration changes you make when using a YaST module.
de TT
3. Manage the Network The YaST module for configuring the network card and the
ca MI
Configuration Information network connection can be found at Network Devices >

from YaST Network Card.
r A ER
The following details are then needed to integrate the network

ne P
device into an existing network:

rt Y
Method of network setup

Pa P
Static IP address
e CO
Network mask
id D
Host name
ts R
ou HA
Name server
Routing (gateway)
1
After you save the configuration with YaST, the ethernet card
should be available in the computer. You can verify this with the
ip address show command.
ed
us
or
ed
pi
co
Manage Users, Groups, and Permissions
SECTION 6 Manage Users, Groups, and Permissions
Linux is a multiuser system. In other words, several users can work on the system at
the same time. For this reason the system must be able to uniquely identify all users.
)
13
In this section, you learn how to manage your user accounts and their permissions.
8/
/2
Objectives
-2
1. Manage User and Group Accounts with YaST on page 178
2
/1
2. Describe Basic Linux User Security Features on page 187
01
om e
3. Manage User and Group Accounts from the Command Line on page 194
9/
fr t b
4. Manage File Permissions and Ownership on page 202
id o
al n
5. Ensure File System Security on page 210
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Manage User and Group Accounts with YaST

With YaST, you can manage users and groups. To do this, you need to understand the
following:
Basics About Users and Groups on page 178
User and Group Administration with YaST on page 178
)
13
Manage User Accounts with YaST on page 186
8/
Basics About Users and Groups
/2
-2
One of the main characteristics of a Linux operating system is its ability to handle
several users at the same time (multiuser) and to allow these users to perform several
2
tasks on the same computer simultaneously (multitasking).
/1
01
For this reason the system must be able to uniquely identify all users. To achieve this,
om e
every user must log in with the following:
9/
fr t b
A user name
id o

al n
A password
(v an
As the operating system can handle numbers much better than strings, users are
y -C
handled internally as numbers. The number which a user receives is a UID (User ID).
m ED
Every Linux system has a privileged user, the user root. This user always has the UID
de TT
0. This is the administrator of the system.

ca MI
Users can be grouped together based on shared characteristics or activities. For

example:
r A ER
Normal users are usually in the group users.

ne P
All users who intend to create web pages can be placed in the group webedit.
rt Y

Pa P
Of course, file permissions for the directory in which the web pages are located must
e CO
be set so that the group webedit is able to write (save files).

id D
As with users, each group is also allocated a number internally called the GID (Group
ts R
ID), and can be one of the following types:

ou HA
Normal groups
1
Groups used by the system

The root group (GID = 0)
ed
User and Group Administration with YaST

us
You can access YaST user and group account administration in the two ways:
or
From the YaST Control Center, select Security and Users > User and Group
ed
Management.
pi
or
co
From a terminal window, enter yast2 users or yast2 groups.
If you have selected LDAP for authentication during the installation of the SUSE
Linux Enterprise 11, you are prompted for the LDAP server administrator password.
You can switch back and forth between administering users and administering groups
by selecting the Users and Groups radio buttons at the top of the module window.
User Administration
)
13
The user account management window lists the existing user accounts (as in the
8/
following):
/2
Figure 6-1
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
A list of users (accounts on your server) appears with information such as login
name, full name, UID, and associated groups included for each user.
1
Select Set Filter; then select one of the following to change the users listed:
ed
Local Users. User accounts you have created on your local server for logging
into the server.
us
System Users. User accounts created by the system for use with services and
or
applications.
ed
pi
co
Custom. A customized view of users based on the settings configured with

Customize Filter.
Customize Filter. This option lets you combine listed user sets (such as Local
Users and System Users) to display a customized view (with Custom) of the
users list.
Additional sets of users (such as LDAP users) are added to the Set Filter drop-down
)
list as you configure and start services on your server.
13
To create a new user account (or edit an existing account), do the following:
8/
/2
1. Click Add or Edit.
-2
The following appears:
2
/1
Figure 6-2
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
2. Enter or edit information in the following fields:

Users Full Name. Enter a real user name (such as Geeko Chameleon).
ed
Username. Enter a user name that is used to log in to the system (such as
geeko).
us
Password and Confirm Password. Enter and re-enter a password for the
or
user account.
ed
When entering a password, distinguish between uppercase and lowercase

letters.
pi
co
Valid password characters include letters, digits, blanks, and #*,.;:._-+!$%&/

|?{[()]}=.
The password should not contain any special characters (such as accented
characters), because you might find it difficult to type these characters on a
different keyboard layout when logging in from another country.
With the current password encryption (Blowfish), the password length
should be between 5 and 72 characters.
To set the properties of the user (such as the UID, the home directory, the login shell,
)
group affiliation, and additional user account comments), do the following:
13
1. Select the Details tab. The following dialog appears:
8/
/2
Figure 6-3
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R

ou HA
1
User ID (uid). For normal users, this defaults to a UID greater than 999
because the lower UIDs are used by the system for special purposes and
pseudo logins.
ed
If you change the UID of an existing user, the permissions of the files this
us
user owns must be changed. This is done automatically for the files in the
user's home directory, but not for files located elsewhere.
or
ed
NOTE: If this does not happen automatically, you (as root) can change the permissions of
the user files in the home directory by entering
pi
chown -R username /home/username.

co
Home Directory. The home directory of the user. On a default installation of

SLE 11, this is /home/username.
You can select an existing directory by selecting Browse.
Additional User Information. This field can contain up to three parts
separated by commas. It is often used to enter office,work phone,home
phone.
)
This information is displayed when you use the finger command on this
13
user.
8/
Login Shell. From the drop-down list select the default login shell for this
/2

user from the shells installed on your system.
-2
Default Group. This is the primary group to which the user belongs. Select
2
a group from the list of all groups configured on your system.
/1
01
Groups. From the list, select all additional memberships you want to assign
om e
to the user. These are the secondary groups to which the user belongs.
9/
fr t b
To set various password parameters (such as duration of a password), do the
id o
following:
al n
(v an
1. Select the Password Settings tab. The following appears:
Figure 6-4 y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed

pi
Days before Password Expiration to Issue Warning. Enter the number of

co
days before password expiration that a warning is issued to users.
Enter -1 to disable the warning.

Days after Password Expires with Usable Login. Enter the number of days
after the password expires that users can continue to log in.
Enter -1 for unlimited access.
Maximum Number of Days for the Same Password. Enter the number of
days a user can use the same password before it expires.
)
13
Minimum Number of days for the Same Password. Enter the minimum
age of a password before a user can change it.
8/
/2
Expiration Date. Enter the date when the account expires. The date must be
-2
in the format YYYY-MM-DD.
Leave the field empty if the account never expires.
2
/1
01
om e
9/
fr t b
Group Administration
id o
al n
To administer groups, do the following:
(v an
1. Select the Groups tab.
Figure 6-5
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
A list of groups appears with information such as group name, Group ID (GID), and
co
group members.
Select Set Filter; then select one of the following to change the groups listed:
Local Groups. Groups created on your local server to provide permissions for
members assigned to the group.
System Groups. Groups created by the system for use with services and
applications.
Custom. A customized view of groups based on the settings configured with
)
13
Customize Filter.
8/
Customize Filter. This option lets you combine listed group sets (such as Local
/2
Groups and System Groups) to display a customized view (with Custom) of the
-2
groups list
Additional sets of groups (such as LDAP) are added to the Set Filter drop-down list
2
/1
as you configure and start services on your server.
01
om e
To create a new group or edit an existing group, do the following:
9/
fr t b
1. Click Add or Edit.
id o
al n
The following appears when you select Edit:
(v an
Figure 6-6
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or

ed
Group Name. The name of the group. Avoid long names. Normal name
pi
lengths are between two and eight characters.

co
Group ID (gid). The GID number assigned to the group. The number must
be a value between 0 and 60000. GIDs to 99 represent system groups. GIDs
beyond 99 can be used for normal users. YaST warns you if you try to use a
GID that is already in use.
Password (optional). Require the members of the group to identify
themselves while switching to this group (see man newgrp). To do this,
assign a password.
)
13
For security reasons, the password is represented by asterisks (*).
8/
Confirm Password. Enter the password a second time to avoid typing
/2
errors.
-2
Group Members. Select which users should be members of this group.
2
A second list appears (when you select Edit) that shows users for which this
/1
group is the default group. This list cannot be edited from YaST.
01
om e
3. When you finish entering or editing the group information, click OK. You are
9/
fr t b
returned to the Group Administration dialog.
id o
4. Save the configuration settings by selecting OK.
al n
(v an
The information you enter when creating or editing users and groups with YaST is
saved to the following user administration files:
y -C
m ED
/etc/passwd
/etc/shadow
de TT
/etc/group
ca MI

r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 6-1 Manage User Accounts with YaST

In this exercise, you create and remove a user account with the YaST User
Management module.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 Describe Basic Linux User Security Features

To maintain an environment where data and applications are secure, you need to
understand the following:
Users and Groups on page 187
Check User and Group Information on Your Server on page 193
)
13
Users and Groups
8/
Because Linux is a multiuser system, several users can work on the system at the
/2
same time. For this reason, the system uniquely identifies all users through user
-2
accounts that require a user name and password to log in to the system.
2
In addition, Linux lets you place users who require the same type of access privileges
/1
to data and applications, into a group.
01
om e
To manage users and groups, you need to know the following:
9/
fr t b
User and Group ID Numbers on page 187
id o

al n
Regular vs. System Users on page 189
(v an
User Accounts and Home Directories on page 189
y -C
User and Group Configuration Files on page 189
m ED

de TT
User and Group ID Numbers

ca MI
Because an operating system can handle numbers much better than strings, users and
r A ER
groups are administered as numbers on a Linux system.

ne P
The number which a user receives is called a User ID (UID). Every Linux system has
rt Y
a privileged user, the user root. root is the administrator of the system. This user
Pa P
always has a UID of 0. UID numbering for normal users starts (by default) at 1000
e CO
for SUSE Linux.

id D
As with users, each group is also allocated a number called the Group ID (GID).
ts R
Normal users are usually included in the group users. Other groups also exist (and
ou HA
can be created) for special roles or tasks.

For example, all users who intend to create web pages can be placed in the group
1
webedit. Of course, file permissions for the directory in which the web pages are
located must be set so that members of the group webedit are able to write and read
files.
ed
us
Using the id Command

or
You can use the id command to display information about a users UID and which
ed
groups she is assigned to. For example, to obtain information about user geeko, enter
pi
id geeko
co
The command output includes the following:

User ID: uid=1000(geeko)
Current default (effective) group: gid=100(users)
All groups of which geeko is a member: groups=16(dialout), 33(video),
100(users).
)
13
Using the groups Command
8/
/2
If you want information on the groups in which you are a member, enter
-2
groups
2
You can specify a particular user by entering
/1
01
groups user
om e
9/
fr t b
For example, if you entered groups geeko, you would receive this output:
id o
geeko : users dialout video
al n
(v an
This means user geeko is part of the groups users, dialout, and video.
y -C
m ED
Using the finger Command
de TT
To display additional information about local users, such as login ID, full name,
home directory path, shell used, and last login, enter finger user. As an example,
ca MI
enter
r A ER
finger geeko
ne P
Your output would look similar to this:

rt Y
Pa P
Figure 6-7
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Regular vs. System Users
In a Linux operating system, there are two basic kinds of user accounts:
Regular (normal) users. These are user accounts you create that allow users to
log in to the Linux environment. This type of login gives users a secure
environment for accessing data and applications.
These user accounts are managed by the system administrator.
)
13
System users. These are user accounts created during installation that are used
8/
by services, utilities, and other applications to run effectively on the server.
/2
These users do not need any maintenance.
-2
All users are stored in the /etc/passwd and /etc/shadow files.
2
/1
01
User Accounts and Home Directories
om e
9/
fr t b
Each user has a user account identified by a login name and a personal password for
id o
logging in to the system.
al n
By having user accounts, you are able to protect a users personal data from being
(v an
modified, viewed, or tampered with by other users. Each user can set up his or her
y -C
own working environment and always find it unchanged when the user logs back in.
m ED
As part of these security measures, each user in the system has a separate directory in
de TT
the /home directory.

ca MI
The exception to this rule is the account root. It has its own home directory in /root.
r A ER
Home directories allow personal data and desktop settings to be secured for user
access only.
ne P
rt Y
Pa P
NOTE: You should avoid using the root account when performing day-to-day tasks that do not
e CO
involve system management.

id D
ts R
User and Group Configuration Files

ou HA
The Linux system stores all user and group configuration data in the following files:
1
/etc/passwd
/etc/shadow
ed
/etc/group
us
NOTE: Whenever possible, you should not modify these files with an editor. Instead use the
or
Security and Users modules provided in YaST or the command line tools described in Manage
User and Group Accounts from the Command Line on page 194.
ed
pi
Modifying these files with an editor can lead to errors (especially in /etc/shadow), such as a user
including the user rootno longer being able to log in.
co
/etc/passwd File
The /etc/passwd file stores user information such as the user name, the UID, the home
directory, and the login shell.
In the past, /etc/passwd also contained the encrypted password. However, because the
file needs to be readable by all (e.g., to show user and group names when using ls -l),
the encrypted password is now stored in /etc/shadow, which is only readable by root
)
and members of the shadow group.
13
8/
The following is an example of an /etc/password file.
/2
Figure 6-8
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
/etc/shadow File
ou HA
The /etc/shadow file stores encrypted user passwords and password expiration
information. Most Linux systems use shadow passwords. The file can only be
1
changed and read by the user root and members of the shadow group. The following
is an excerpt from a sample /etc/shadow file:
ed
us
or
ed
pi
co
Figure 6-9
)
13
8/
/2
-2
Each line in the /etc/shadow file belongs to one user and contains the following
fields:
2
/1
Figure 6-10
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
The above illustration shows the entry for the user geeko with an encrypted
password. The plain text password is novell.
rt Y
Pa P
The encrypted password is coded with the Blowfish function. The encrypted word
e CO
consists of letters, digits, and some special characters. If an invalid character occurs
in the password field (such as * or !), that user has an invalid password.
id D
ts R
Many users, such as wwwrun (Apache Web server) or bin, have an asterisk (*) in
ou HA
the password field. This means that these users cannot log in to the system but are
needed for special applications.
1
If the password field is empty, then the user can log in to the system without entering
a password. A password should always be set in a Linux system.
ed
The information at the end of each line determines some limits:

us
Last Change. Date of last password change. The number represents the number
or
of days since January 1, 1970.

ed
Next Possible Change. Minimum age of a password before a user can change it.
pi
Next Obligatory Change. Number of days a user can use the same password
before it expires.
co
Warning. Number of days before password expiration that a warning is issued to

users.
Enter -1 to disable the warning.
Limit. Number of days after the password expires that the user can continue to
log in.
Enter -1 for unlimited access. (This does not make sense, of course.)
)
13
Lock. Date when the account expires. The date must be in the format YYYY-
8/
MM-DD. Leave the field empty if the account never expires.
/2
The last field in /etc/shadow is reserved and currently not in use.
-2
2
/etc/group File
/1
01
The /etc/group file stores group information. The following is an excerpt from the
om e
file:
9/
fr t b
id o
Figure 6-11
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
Each line in the file represents a single group record, and contains the group name,
ne P
the GID (group ID), and the members of the group. For example
rt Y
Pa P
dialout:x:15:bob,geeko,tux
e CO
dialout - Group name

id D
x - represents the password

ts R
15 - Group ID
ou HA
bob,geeko,tux - Group members

1
The /etc/groups file shows secondary group memberships but does not identify the
primary group for a user.
ed
us
or
ed
pi
co
Exercise 6-2 Check User and Group Information on Your Server

In this exercise, you write down the GIDs of some groups and the UIDs of some
users. You also switch to user root with the su command.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 3 Manage User and Group Accounts from the Command Line
You can use commands to perform the same user and group management tasks
available with YaST. In this objective you will learn how to:
Manage User Accounts from the Command Line on page 194
Manage Groups from the Command Line on page 198
)
13
Create Text Login Messages on page 199
8/
Create and Manage Users and Groups from the Command Line on page 201
/2
Manage User Accounts from the Command Line
-2
The user root can use the following commands to perform the same user management
2
/1
tasks available with YaST (and some tasks not available with YaST):
01
useradd
om e

9/
fr t b
userdel
id o
usermod
al n

(v an
y -C
useradd Command
m ED
You can create a new user account with the useradd command. If no option is
specified, the useradd command creates a user without a home directory and without
de TT
a valid password.
ca MI
The following are the most important options of the useradd command:
r A ER
-m. This option automatically generates the home directory for the user. Without
ne P
further arguments, the directory is created under /home/.

rt Y
In addition, several files and directories are copied to this directory. The /etc/skel/
Pa P
directory (from skeleton) is used as a template for the user home directory.
e CO
-c. When creating a new user, you can enter text for the comment field by using
id D
the -c (comment) option.

ts R
ou HA
-u. This option specifies the UID of the new account. If this option is not given,
the next free UID is used (at maximum 60000).
1
-g. This option defines the primary group of the user. You can specify either the
GID or the name of the group.
ed
-e. The option -e (expire date) lets you set an expiration date for the user account,
in the form of YYYY-MM-DD, as in the following:
us
useradd -m -e 2009-09-15 geeko

or
-p. Use this option to specify an encrypted password.

ed
You can display a description of additional options by entering man 8 useradd.

pi
After adding a new user, you need to assign a password. To do so, you use the
co
passwd command. Enter the following:
passwd geeko
You will be prompted for a new password and will be asked to confirm it.
When creating a user account, the necessary standard configuration information
(effective group, location of the home directory, default shell, etc.) is derived from
the /etc/default/useradd and /etc/login.defs files.
The following is an example of the /etc/default/useradd file:
)
13
Figure 6-12
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
The variables mean
m ED
GROUP. The primary group the user belongs to.
de TT
HOME. Path where the home directories are stored.

ca MI
INACTIVE. Number of days of inactivity after a password has expired before

the account is locked (-1 disables this feature).
r A ER
EXPIRE. Date (days since January 1, 1970) when an account will expire.
ne P
SHELL. Path of the login shell.

rt Y
Pa P
SKEL. Path of the home directory skeleton. The /etc/skel directory contains files
e CO
and directories that are automatically copied over to a new user's home directory
when the user is created by the useradd program.
id D
ts R
GROUPS. Other groups the user belongs to.

ou HA
CREATE_MAIL_SPOOL. Specifies whether a mail spool directory is created

automatically.
1
userdel Command
ed
This command lets you delete an existing user account. It provides a single option -r,
us
which deletes the users home directory and the users account.
or
Before using userdel -r, it is important that you determine the users UID (id user).
The UID enables you to locate files outside the users home directory that are
ed
assigned to the user (such as /var/mail/$USER).

pi
co
To delete these files, enter

find / -uid user_ID -exec rm {} \;
usermod Command
This command lets you modify settings (such as UID, standard shell, home directory,
and primary group) for an existing user account.
)
13
The usermod options are basically the same as those for the useradd command.
8/
/2
The following are examples:
-2
Change the home directory:
2
usermod -d /data/geeko -m geeko
/1
01
Change the UID:
om e
9/
fr t b
usermod -u 1001 geeko
id o
al n
passwd Command
(v an
You can change a user's password with the passwd command. If users enter passwd
y -C
without a username as an argument, they can change their own password.
m ED
Besides allowing for password changes, the passwd command provides the following
de TT
features:
ca MI
Locking a user account: With the -l (lock) option, a user can be locked out.
r A ER
Notice that after the account is locked, the password begins with an exclamation
mark !. With the -u (unlock) option, the users account can be reactivated:
ne P
Figure 6-13
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
Listing the status of a user account: The -S option lists the status of a user
account:
or
ed
pi
co
Figure 6-14
The status follows directly after the username. In the above example,
PS means that this is a valid password
)
13
02/06/2009 is the date of the last password change
8/
0 is the minimum length of validity
/2
99999 is the maximum length of validity
-2

7 signifies the warning periods
2
/1
-1 signifies the inactivity periods when a password expires
01
om e
Other options: LK (locked) means that the user is unable to log in and NP means
9/
fr t b
there is no password.
id o
Changing password times: You can change password times by using the
al n
following options:
(v an
Table 6-1 y -C
Options for Changing Password Times
m ED
Option Description
de TT
-i number Disable an account after the password has been expired for
ca MI
number of days.
r A ER
-n number Sets the minimum number of days before a password can be

changed.
ne P
-w number Warns the user that in number of days his password will expire.
rt Y
Pa P
-x number Sets the maximum number of days a password remains valid.

e CO
After number of days, the password must be changed.

id D
The following is an example:

ts R
ou HA
passwd -x 30 -w 5 geeko
In this example, the password of the user geeko remains valid for 30 days. After this
1
time, user geeko needs to change his password. Geeko receives a warning 5 days
before password expiration.
ed
us
or
ed
pi
co
/etc/default/passwd File
When you use the passwd command to establish or change the password of a user
account, the /etc/default/passwd file is checked for the encryption method to be used:
Figure 6-15
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
The password encryption method is set in the CRYPT variable. By default, it is set to
des. Other possible encryption methods are md5 and blowfish. The advantage of des
ne P
is its compatibility, but blowfish has more options and is the only algorithm that
rt Y
allows you to use passwords longer than eight characters. md5 should be avoided,
Pa P
because it lacks security.

e CO
id D
Manage Groups from the Command Line

ts R
You can use the following commands to perform the same group management tasks
ou HA
available with YaST (and some tasks not available with YaST):
1
NOTE: You need to be logged in as root (or switch to root by entering su -) to use these commands.
ed
groupadd. You can create a new group by entering groupadd group_name. In

us
this case, the next free GID is used.

Use the -g option (such as groupadd -g 200 sports) to specify a GID.
or
Use the -p option to specify an encrypted password. You can use the mkpasswd
ed
command to create the encrypted password.

pi
groupdel. You can delete a group by entering groupdel group_name. There are
co
no options for this command.
You can only delete a group if no user has this group assigned as a primary
group.
groupmod. You can modify the settings (such as GID, group name, and users)
for an existing group.
The following are examples:
Change the GID:
)
13
groupmod -g 201 sports
8/
Change the group name from sports to water:
/2
groupmod -n water sports
-2
Add the user geeko to the group:
2
/1
groupmod -A geeko water
01
gpasswd. Change passwords for group accounts. Only the administrator may
om e

9/
fr t b
change the password for any group. The group password can be removed with
the -r option.
id o
al n
(v an
NOTE: You can learn more about these commands by referring to the online manual pages
(such as man groupadd) or online help page (such as groupadd --help).
y -C
m ED
newgrp. Change the effective group of the executing user. Changing the
effective group is only required if you want to create files and directories with
de TT
this group membership.Note that sg is a symbolic link to newgrp.

ca MI
Figure 6-16
r A ER
ne P
rt Y
Pa P
e CO
id D
In this example you can see that the current group (users) is replaced with a new
ts R
group (video).
ou HA
A password is requested if the group has a password and the user is not listed in the
1
group file as being a member of that group.
Create Text Login Messages

ed
You can create text login messages that are useful for displaying information when a
us
user logs in from a terminal window or a virtual terminal, or logs in remotely (using
as an ssh login, for example).
or
You can modify the following files to provide these messages:

ed
/etc/issue. You can edit this file to configure an initial message for users logging
pi
in to the system.
co
The following is an example of a default /etc/issue file:
Figure 6-17
)
13
/etc/issue.net. Edit this file to configure an initial message for users logging in to
the network from their workstations.
8/
/2
/etc/motd. Edit this file to configure an initial message of the day.
-2
Make sure you add one or two empty lines at the end of the messages, or it will run
into the command line prompt.
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 6-3 Create and Manage Users and Groups from the Command Line
In this exercise, you add and remove a user from the command line.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 4 Manage File Permissions and Ownership

You can change the current values associated with ownership and permissions by
knowing how to do the following:
Understand File Permissions on page 202
Change File Permissions with chmod on page 204
)
13
Change File Ownership with chown and chgrp on page 205
8/
Manage File Permissions and Ownership on page 207
/2
Modify Default Access Permissions with umask on page 207
-2
Configure Special File Permissions on page 207
2
/1
Understand File Permissions
01
om e
You can use the ls -l command to display the contents of the current directory with
9/
fr t b
the assigned permissions for each file or subdirectory.
id o
For example, to display the permissions for the quarterly-1 file, you would enter
al n
(v an
ls -l quarterly-1
y -C
The output might look like this:
m ED
Figure 6-18
de TT
ca MI
r A ER
Look at the first ten characters of the output (-rw-r--r--). The first character (-) is
ne P
not of interest here, because it indicates the type of the file:

rt Y
Pa P
-. Normal file
e CO
d. Directory
id D
l. Link
ts R
ou HA
The remaining nine characters show the file permissions.

You can assign the following permissions to a file or directory:
1
Read (r). This permission allows the file to be read or the contents of a directory
to be listed.
ed
Write (w). This permission allows a file to be modified. It allows files to be

us
created or deleted within a directory.

or
Execute (x). This permission allows a file to be executed.

ed
If a permission is set, the character is shown. Otherwise a - appears.

pi
co
The permission characters are grouped (rwx rwx rwx):

Characters 1 to 3. These represent the permissions of the file owner. The x
permission on a directory is required to be able to change into that directory.
Characters 4 to 6. These represent the permissions of the owning group.
Characters 7 to 9. These represent the permissions of all other users.
)
Each file (and directory) can belong to only one user and one group. The name of the
13
file owner (geeko) is shown in the ls output next to the file permissions. The name of
8/
the owning group (users) is shown next to the file owner.
/2
-2
View Permissions with Nautilus
2
/1
You can also view permissions, owner, and group from the Nautilus file manager.
01
1. Right-click the icon of the file you want to look at.
om e
9/
fr t b
2. Select Properties from the pop-up menu.
id o
3. Select the Permissions tab.
al n
(v an
Figure 6-19
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
From this dialog, you can change the Read and Write permissions for Owner, Group,
pi
and Others by selecting the appropriate option.

co
If you have the appropriate permissions, you can also modify the user and group
ownership of the file or directory by entering a user or group in the appropriate field.
Change File Permissions with chmod

You can use the chmod command to add (+) or remove (-) permissions. Both the
owner of a file and root can use this command.
)
There are options to change the permissions for the owner (u), group (g), other
13
(o), or all (a).
8/
The following table lists chmod command options:
/2
-2
Table 6-2
2
/1
Example Result
01
om e
9/
fr t b
chmod u+x The owner is given permission to execute the file.
chmod g=rw All group members can read and write.
id o
al n
chmod u=rwx The owner receives all permissions.
(v an
chmod u=rwx,g=rw,o=r All permissions for the owner, read and write for the group, read
y -C for all other users.
m ED
chmod +x All users (owner, group, others) receive executable permission
(depending on umask).
de TT
chmod a+x All users (owner, group, others) receive executable permission (a
ca MI
for all).
r A ER
In the following example, the user geeko allows the other members of the group users
ne P
(g) to write (w) to the hello.txt file by entering the following command:
rt Y
chmod g+w hello.txt

Pa P
e CO
The output might look something like the following:

id D
Figure 6-20
ts R
ou HA
ed 1
With the option -R (recursive) and a specified directory, you can change the access
us
permissions of all files and subdirectories under the specified directory.

or
Besides using letters (rwx), you can also use the octal way of representing the
permission letters with groups of numbers.
ed
Every file and directory in a Linux system has a numerical permission value assigned
pi
to it. This value has three digits.

co
The first digit represents the permissions assigned to the file or directory owner. The
second digit represents the permissions assigned to the group associated with the file
or directory. The third digit represents the permissions assigned to others.
Each digit is the sum of the following three values assigned to it:
Read: 4
Write: 2
)
13
Execute: 1
8/
For example, suppose a file named myfile.txt has 754 permissions assigned to it.
/2
-2
This means the owner of the file has read, write, and execute permissions (4+2+1),
the group associated with the file has read and execute permissions (4+1), and others
2
have read permissions (4).
/1
01
By using number equivalents, you can add the numbers together, as in the following:
om e
9/
fr t b
id o
Table 6-3
al n
(v an
Owner Group Others
rwx y -C r-x r--

m ED
421 (4+2+1=7) 4-1 (4+1=5) 4-- (4)
de TT
The following are examples of using numbers instead of letters:

ca MI
r A ER
Table 6-4
ne P
Example Result
rt Y
Pa P
chmod 754 hello.txt All permissions for the owner, read and execute for the group,
e CO
read for all other users (rwx r-x r--).
chmod 777 hello.txt All users (user, group, others) receive all permissions (rwx rwx
id D
rwx).
ts R
ou HA
Change File Ownership with chown and chgrp

1
The user root can use the chown command to change the user and group affiliation of
a file by using the following syntax:
chown new_user.new_group file
ed
us
To change only the owner, not the group, you can use the following command syntax:
chown new_user file
or
To change only the group, not the user, you can use the following command syntax:
ed
pi
chown .new_group file

co
As root, you can also change the group affiliation of a file with the chgrp command
using the following syntax:
chgrp new_group file
A normal user can use the chown command to allocate a file that he owns to a new
group by using the following syntax:
chown .new_group file
)
13
The user can also do the same with chgrp using the following syntax:
8/
/2
chgrp new_group file
-2
The user can only change the group affiliation of the file that he owns if he is a
member of the new group.
2
/1
In the following example, root changes the ownership of the hello.txt file from geeko
01
om e
to the user tux by entering chown tux.users hello.txt
9/
fr t b
Figure 6-21
id o
al n
(v an
y -C
m ED
de TT
In the following example, chown is used to change access to the list.txt file from
ca MI
members of the advanced group to members of the users group:

r A ER
Figure 6-22
ne P
rt Y
Pa P
e CO
id D
ts R
Of course, root and the file owner continue to have rights to access the file.
ou HA
Although the group has changed, the owner permissions remain the same.
ed 1
us
or
ed
pi
co
Exercise 6-4 Manage File Permissions and Ownership

In this exercise, you create directories with different permissions.
(End of Exercise)
Modify Default Access Permissions with umask
)
13
If the default settings are not changed, files are created with the access mode 666 and
8/
directories with 777.
/2
-2
The permissions set in the umask are subtracted from the default permissions.
For example, entering umask 022 has the following result:
2
/1
01
om e
Table 6-5
9/
fr t b
Directories Files
id o
al n
Default Permissions rwx rwx rwx rw- rw- rw-
(v an
7 7 7 6 6 6
umask
y -C --- -w- -w- --- -w- -w-
m ED
0 2 2 0 2 2
de TT
Result rwx r-x r-x rw- r-- r--

ca MI
7 5 5 6 4 4
r A ER
By entering umask 077 you restrict access to the owner and root only; the group and
ne P
others do not have any access permissions.

rt Y
Pa P
Enter umask without any parameter to show the current value of the umask. For
e CO
example:
id D
ts R
ou HA
1
A leading zero can be used to set special file permissions. But for security reasons we
strongly recommend against this practice.
The default settings for umask are read from the /etc/login.defs file and are applied by
ed
pam_umask. If you want the setting to be user-specific, enter the value of umask in
us
the .bashrc file in the home directory of the respective user.

or
Configure Special File Permissions

ed
The following attributes are used for special circumstances:

pi
co
Table 6-6
Letter Number Name Files Directories
t 1 Sticky bit Not applicable. A user can only delete files when the
user is the owner, or when the user is
root or owner of the directory.
This is usually applied to the /tmp/
)
13
directory.
8/
s 2 SGID (set When a program is Files created in this directory belong to
/2
GroupID) run, this sets the the group to which the directory
-2
group ID of the belongs and not to the primary group
process to that of of the user.
the group of the
2
New directories created in this
/1
file.
directory inherit the SGID bit.
01
om e
s 4 SUID (set Sets the user ID of Not applicable.
9/
fr t b
UserID) the process to that
of the owner of the
id o
file when the
al n
program is run.
(v an
y -C
You set the sticky bit with chmod, using one of the following:
m ED
Permissions of others (such as chmod o+t /tmp)
de TT
Numerically (such as chmod 1777 /tmp)

ca MI
The sticky bit is listed in the permissions for Others (t), as in the following:
r A ER
ne P
rt Y
Pa P
The following is an example for SUID:

e CO
id D
ts R
ou HA
Each user is allowed to change his password, but root permissions are needed to write
it into the /etc/shadow file.
ed 1
The following is an example for SGID:

us
or
ed
pi
With wall, you can send messages to all virtual terminals. If you use wall, this
co
command is executed with the permissions of the group tty.
If the SUID or SGID attributes are set, the programs are carried out with the
privileges of the owner (in the example for SUID above: root) or of the group (in the
example for SGID above: tty).
Administrators should be careful when setting special permissions manually, so as
not to compromise security. See How Special File Permissions Affect the Security
of the System on page 211.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 5 Ensure File System Security

After users have logged in to the system, what they are allowed to do is mainly
determined by the security settings of the file system.
In Linux, file system security is especially important, because every resource
available on the system is represented as a file.
)
For example, when a user tries to access the sound card to play back audio data, the
13
access rights of the sound card are determined by the permission settings of the
8/
corresponding device file in the /dev directory.
/2
To ensure basic file system security, you need to understand the following:
-2
The Basic Rules for User Write Access on page 210
2
/1
The Basic Rules for User Read Access on page 210
01
om e
How Special File Permissions Affect the Security of the System on page 211
9/
fr t b
The Basic Rules for User Write Access
id o
al n
The file systems used in Linux are structurally UNIX file systems. They support the
(v an
typical file access permissions (read, write, execute, sticky bit, SUID, SGID, etc.).
y -C
Apart from additional standard functionality, such as various time stamps, the access
m ED
permissions can be administered separately for file owners, user groups, and the rest
of the world (user, group, others).
de TT
As a general rule, a normal user should only have write access in the following
ca MI
directories:
r A ER
The home directory of the user

ne P
The /tmp directory to store temporary files

rt Y
Pa P
Depending on the purpose of a computer, other directories can be writable by users.

e CO
For example, if you install a Samba file server, a writable share needs a directory that
is also writable for the Linux user the connection is mapped to.
id D
ts R
Some device files (such as those for sound cards) might also be writable for users
ou HA
since applications need to send data to the corresponding devices.

1
The Basic Rules for User Read Access

Some files in the system should be protected from user read access. This is important
for files that store passwords.
ed
us
No normal user account should be able to read the content of such files. Even when
the passwords in a file are encrypted, the files must be protected from any
or
unauthorized access.
ed
The following lists some files containing passwords on a Linux system:

pi
/etc/shadow. This file contains user passwords in an encrypted form. Even when
co
LDAP is used for user authentication, this file contains at least the root password.
/etc/samba/smbpasswd. This file contains the passwords for Samba users. By

default, the file permissions are set to 600.
Files with Apache passwords. The location of these files depends on your
configuration. They contain passwords for authorized access to the web server.
/etc/openldap/slapd.conf. This file contains the root password for the
openLDAP server.
)
13
NOTE: After installing the openldap2 package, the permissions for this file are set to 644.
8/
/2
/boot/grub/menu.lst. This file can contain the password for the GRUB boot
-2

loader. By default, the file permissions are set to 600.
2
/1
NOTE: This list is not complete. Your system could have more password files, depending on your
01
system configuration and your software selection.
om e
9/
fr t b
Some password files can be readable for a nonroot account. This is normally the
id o
al n
account under which user ID a service daemon is running.
(v an
For example, the Apache web server runs under the user id of the user wwwrun. For
y -C
this reason, the password files must be readable for the user wwwrun.
m ED
In this case you have to make sure that only this daemon account is allowed to read
the file and no other user.
de TT
ca MI
How Special File Permissions Affect the Security of the System

r A ER
Three file system permissions influence the security in a special way:

ne P
The SUID bit. If the SUID bit is set for an executable, the program is started
rt Y
under the user ID of the owner of the file. In most cases, this is used to allow
Pa P
normal users to run applications with the rights of the root users.
e CO
This bit should only be set for applications that are well tested and in cases where
id D
no other way can be used to grant access to a specific task.

ts R
An attacker could get access to the root account by exploiting an application that
ou HA
runs under the UID of root.

1
The SGID bit. If this bit is set, it lets a program run under the GID of the group
the executable file belongs to. It should be used as carefully as the SUID bit.
The sticky bit. The sticky bit can influence the security of a system in a positive
ed
way. In a globally writable directory, it prevents users from deleting each others
us
files that are stored in these directories.

Typical application areas for the sticky bit include directories for temporary
or
storage (such as /tmp and /var/tmp). Such a directory must be writable by all
ed
users of a system.
pi
However, the write permissions for a directory not only include the permission to
co
create files and subdirectories, but also the permission to delete them, regardless
of whether the user has access to the files and subdirectories.
If the sticky bit is set for such a writable directory, deleting or renaming files in
this directory is only possible if one of the following conditions is fulfilled:
The effective UID of the deleting or renaming process is that of the file
owner.
The effective UID of the deleting or renaming process is that of the owner of
the writable directory marked with the sticky bit.
)
The superuser root is allowed to do anything.
13

8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Manage User and Group Linux is a multiuser system. For this reason, the system
Accounts with YaST must be able to uniquely identify all users. This is done
by assigning each user account a unique internal
)
13
number: the UID (UserID).
8/
Every Linux system has a privileged user, the user root.
This user always has the UID 0.
/2
-2
As with users, the groups are also allocated a number
internally: the GID (GroupID).
2
You can administer user accounts from the YaST
/1
Control Center by selecting Security and Users > User
01
Management.
om e
9/
fr t b
You can administer groups from the YaST Control
Center by selecting Security and Users > Group
id o
al n
Management.
(v an
The entered information is saved by YaST to the
following configuration files:
y -C /etc/passwd
m ED
/etc/shadow
de TT
/etc/group
ca MI
2. Describe Basic Linux User One of the main characteristics of a Linux operating
Security Features system is its ability to handle several users at the same
r A ER
time (multiuser) and to allow these users to perform

several tasks on the same computer simultaneously
ne P
(multitasking).
rt Y
Pa P
To maintain an environment where data and

e CO
applications are secure, you learned about the

following:
id D
File System Security Components

ts R
ou HA
Users and Groups

ed 1
us
or
ed
pi
co
Objective Summary
3. Manage User and Group To manage Linux user accounts and groups from your
Accounts from the Command Line SUSE Linux Enterprise Server, you learned how to do
the following:
Manage User Accounts from the Command Line

Manage Groups from the Command Line
)
13
Create Text Login Messages
8/
The most important commands to manage user and
/2
groups are:
-2
useradd
2
userdel
/1
usermod
01
om e
passwd
9/
fr t b
groupadd
id o
groupdel
al n

(v an
groupmod
y -C newgrp
m ED
4. Manage File Permissions and To manage file permissions and file ownership on your
Ownership SUSE Linux Enterprise Server, you learned how to do
de TT
the following:
Understand File Permissions

ca MI
Change File Permissions with chmod

r A ER
Change File Ownership with chown and chgrp

ne P
Modify Default Access Permissions

rt Y
Pa P
Configure Special File Permissions

e CO
The most important commands to do this are:

id D
chmod
ts R
chown
ou HA
chgrp
1
umask
ed
us
or
ed
pi
co
Objective Summary
5. Ensure File System Security The permission settings in the file system have an
important meaning to the overall system security.
You should always follow some basic rules about file

system security.
A user should only have write access in the home
)
13
directory and the /tmp directory.
Users should never have read access to
8/

configuration files that contain passwords.
/2
-2
The following special file permissions affect the
security of a system:
2
The SUID bit
/1
The SGID bit
01

om e
The sticky bit
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Use the vi Linux Text Editor
SECTION 7 Use the vi Linux Text Editor
A text editor is one of the most important tools a Linux system administrator uses.
The purpose of this section is to introduce students to the vi editor, as this is the only
)
13
editor available at all stages of the system (i.e., including the rescue system). You
8/
may use other editors as well, but this section focuses on vi.
/2
-2
Objectives
2
Use the Editor vi to Edit Files on page 218
/1
1.
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Use the Editor vi to Edit Files

The advantage of command line editors is that you can use them without having a
graphical desktop environment installed. A large number of command line editors are
available for Linux. The most frequently used editor is vi
Although many factors can be involved when selecting an editor for everyday use,
the reason vi is used by most administrators is that it is available on every Linux and
)
13
UNIX system. Because of this, you should be able to use vi.
8/
In SUSE Linux Enterprise Server and Desktop, vim (vi improved) by Bram
/2
Moolenaar is the standard vi editor. When you enter vi, vim is started via a link to it.
-2
In this objective, you learn how to do the following:
2
Start vi on page 218
/1

01
Use the Editor vi on page 219
om e
9/
fr t b
Learn the Working Modes on page 219
id o
Use vi to Edit Files in the Linux System on page 221
al n
(v an
Start vi
y -C
You can start vi by entering vi or vim, followed by various options, and the name of a
m ED
file to edit, as in the following example:
de TT
vi exercise
ca MI
If a file does not yet exist, it is created. The text of the file appears in an editor at the
command line. This example shows the /etc/host.conf file.
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
The ~ sign indicates lines that do not exist yet. The cursor is on the first line.
Use the Editor vi

You can move the cursor with the k, j, h, and l keys (k - one line up, j - one line down,
h - to the left, l - to the right) or by using the arrow keys (Up, Down, Left, and
Right).
)
13
Learn the Working Modes
8/
In contrast to many other editors, vi is mode-oriented. When vi is first started, it is in
/2
command mode. Anything you enter in this mode is considered a command. You
-2
must switch to input mode before you can type any text. This can be frustrating to
users who are unfamiliar with vi.
2
/1
In addition to switching modes, you must learn which keys perform which actions
01
because you cannot use the mouse. However, the number of commands needed for
om e
9/
everyday work is fairly small, and you can get used to them quickly.
fr t b
id o
To enter text, you must first switch the editor to input mode by typing i (insert) or
al n
pressing the Insert key. At the bottom of the screen, you will see the message
(v an
--INSERT--.
y -C
Press Esc once to take you back to the command mode. From command mode you
m ED
can switch to command-line mode by entering :. The cursor jumps to the last line
after : and waits for a command entry.
de TT
A command will only be carried out in command-line mode after you press Enter.
ca MI
Then you are automatically back in command mode.

r A ER
The following is a summary of the available modes:

ne P
Command mode: When vi starts, it is automatically in this mode. In command

rt Y
mode, vi can be given commands. The i command puts it into insert mode and
Pa P
the : command switches it to command-line mode.

e CO
Insert mode: In this mode, vi accepts all input as text. Return to command mode
id D
with Esc.
ts R
Command-line mode: In this mode, vi accepts commands from the command

ou HA

line. Pressing Enter causes the command to be executed and automatically
returns to the command mode.
1
You can use the following commands in command mode:

ed
Table 7-1
us
Command Result
or
i or Insert Switches vi to insert mode.

ed
x or Delete Deletes the character where the cursor is.

pi
dd Deletes the line in which the cursor is located and copies it to the buffer.
co
D Deletes the rest of the current line from the cursor position.
Command Result
yy Copies the line in which the cursor is located to the buffer.
p, P Inserts the contents of the buffer after/before current cursor position.
ZZ Saves the current file and ends vi.
u Undoes the last operation.
)
13
/pattern Searches forward from the cursor position for pattern.
8/
?pattern Searches backward from the cursor position for pattern.
/2
n Repeats the search in the same direction.
-2
N Repeats the search in the opposite direction.
2
/1
If you want to use a command for several units, place the corresponding number in
01
front of the command. For example, 3x deletes three characters, 5dd deletes five
om e
9/
fr t b
lines, and 7yy copies seven lines to the buffer.
id o
You can use the following commands in command-line mode:
al n
(v an
Table 7-2
y -C
Command Result
m ED
:q Ends vi (if no changes were made).

de TT
:q! Ends vi without saving changes in the file.

ca MI
:wq or :x Saves the current file and ends vi.

r A ER
:w Saves the current file.

ne P
:w file Saves the current file under the name file. (Note: You continue editing the
rt Y
original file, not the new file.)

Pa P
e CO
NOTE: If you want to configure vi, you have to edit the ~/.vimrc file. By default, this file does not
id D
exist.
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 7-1 Use vi to Edit Files in the Linux System

In this exercise, you create and edit a file with the text editor vi.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Use the Editor vi to Edit Files The vi command line editor is available on every Linux
and UNIX system.
)
vi has the following modes:
13
Command mode: vi can be given commands. The i
8/
command puts vi into insert mode and the :
/2
command puts vi into command-line mode.
-2
Insert mode: vi accepts all input as text. Return to
command mode with Esc.
2
/1
Command-line mode: vi accepts commands from
01
the command line. Enter causes the command to be
om e
executed and automatically switches back to the
9/
fr t b
command mode.
id o
:q! ends vi without saving changes in the file.
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Manage Software for SUSE Linux Enterprise 11
SECTION 8 Manage Software for SUSE Linux Enterprise

11
)
13
In this section, you learn how to manage software packages on SUSE Linux
Enterprise Server with YaST Software Manager and with the rpm and zypper
8/
commands. You are also introduced to YaST and PackageKit on SLED and their
/2
capabilities, and to patching software with zypper, rpm, the YaST Update Manager,
-2
and Novell Subscription Management Tool (SMT).
2
/1
Objectives
01
om e
9/
fr t b
1. Overview of Software Management in SUSE Linux Enterprise 11 on page 224
id o
2. Manage Software with YaST on SLES 11 on page 227
al n
3. Manage Software with YaST on SLED 11 on page 234
(v an
4. Manage RPM Software Packages on page 240
y -C
5. Manage Software with zypper on page 249
m ED
6. Update and Patch SLE on page 254

de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Overview of Software Management in SUSE Linux

Enterprise 11
To understand how packages are managed in SUSE Linux Enterprise 11, you need to
learn about the following components of the overall architecture:
libzypp - software management engine
Satsolver - libzypps package dependency resolver (solver)
13
RPM - package management format/system
8/
/2
YaST, Local RPM, YUM (Yellowdog Updater, Modified), ZLM (ZENworks
-2
Linux Manager) - repository formats
rpm, yast, zypper - command-line software management tools for system
2
/1
administrators
01
YaST, PackageKit - graphical software management tools
om e

9/
fr t b
Here is an illustration of how they fit together:
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
libzypp
libzypp is the software management engine for SUSE Linux. It is a library that
ed
manages dependencies for

us
Products: Represent a whole product, such as SUSE Linux.

or
Patterns: Predefined groupings of RPMs, such as all GNOME programs, all

ed
fonts, or all Novell applications. A pattern is an installable list of packages

needed for a special purpose.
pi
co
Packages: Compressed files in rpm format that contain the file for a particular
program. Some packages are already installed on your system, while others are
made available for installation through repositories.
Patches: Updates to the system or to applications. Patches contain one or more
packages (either full packages or patchrpm or deltarpm packages). They may
also introduce dependencies on packages that are not installed yet.
)
Figure 8-1
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
SatSolver
ts R
libzypps package dependency solver is called SatSolver. SatSolver also includes

ou HA
logic that allows for architecture-related package dependency resolution.

1
RPM
ed
Several software package formats are available for Linux; the most commonly used
format in SUSE Linux installations is the RPM Package Manager (RPM) format.
us
RPM Package Manager is a popular package management system used by many

or
Linux distributions. RPM installs, updates, uninstalls, and verifies software, and
allows various queries about the installed software.
ed
pi
co
Installing software in the RPM format can be done with

The CLI commands rpm, zypper, and yast
The GUI-based front ends YaST and PackageKit
The main difference is that YaST and Zypper ensure the automatic resolution of
dependencies, while rpm only controls them (resolution must be performed
manually).
)
13
For more information on the package management tools, see the following
8/
objectives.
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 Manage Software with YaST on SLES 11

YaST Software Management is a GUI front end for managing RPM packages.
As a root-level administrative tool, the YaST software management module serves as
the default software management interface for SUSE Linux Enterprise Server. YaST
Software Management supports the GNOME, KDE, and Ncurses interfaces - this
course focuses on GNOME.
)
13
YaST Software Manager allows administrators to
8/
Access YaST Software Manager on the Server on page 227
/2

-2
Search for Packages Using Filters on page 228
Show Installation Summaries on the Server on page 230
/1
View Information About a Package on the Server on page 232
01
om e
Install Software on the Server with YaST on page 232
9/
fr t b

View and Resolve Package Dependencies on page 233
id o
al n
Access YaST Software Manager on the Server
(v an
1. Go the main menu (Computer).
y -C
m ED
2. From the System panel on the right, select YaST.
3. Go to Software > Software Management.
de TT
The search dialog is displayed.

ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Search for Packages Using Filters

You can view and search for packages using different filters. Just select the filter from
the Filter drop-down list.
By Pattern
A pattern is an installable list of packages, e.g., the SUSE Linux Base System.
Here is a list of patterns as shown in the YaST interface. The patterns with a
)
13
check mark next to them are installed packages.
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
By Package Group
Package groups show packages by functional category; for example, all security-
related packages will be grouped together. Here is an excerpt from the list as it
ed
appears in YaST:
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
By Language
Pa P
By Repository
e CO
A repository is a local or remote directory containing packages, plus additional

id D
information (metadata) about these packages.

ts R
ou HA
By Search criteria
The search dialog that first appears when you open the Software Manager
1
contains a search box. It lets you search for packages that meet various criteria,
such as name, summary, description, etc. If you know the name of the package,
this is usually the easiest way to find it.
ed
By Installation summary (see below).

us
or
ed
pi
co
Show Installation Summaries on the Server

You can show an installation summary of packages with a certain status:
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
For example, to show all packages that have the Install status (i.e., that are to be
installed), do the following:
1. Check the box next to Install.
Notice that the installation state is shown by a small symbol in front of the
package name. The most commonly displayed symbols include the following:
Figure 8-2
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
1
2. Click Refresh List.
NOTE: It is good general practice to check dependencies and perform an installation summary
ed
before clicking Accept. This way you can see all the changes that will be made to your system.
us
3. Click Accept.
or
ed
pi
co
View Information About a Package on the Server

YaST allows the system administrator to view a lot of information about a package,
including
A summary and description
Technical data such as version, size, build, and architecture
)
Dependencies on other packages
13
File list (only for installed packages)
8/

/2
Change log (when and what changes were made)
-2
To view information about a package, do the following:
2
1. Filter on a pattern or a package group. For example, filter on the Print Server
/1
pattern:
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
2. Click the pattern.

id D
3. Select a file to display its information.

ts R
4. Move from tab to tab to display description, technical data, dependencies,

ou HA
versions, file list, and change log.

1
Install Software on the Server with YaST

1. Go to the main menu (Computer) and open YaST from the System panel on the
ed
right side.
us
2. Click the Software group in the left panel.

or
3. Double-click Software Management.

4. In the search box, type gvim and click Search.
ed
Look at some of the detailed descriptions and dependencies for this package.
pi
5.
co
6. Double-click the gvim package until a green check mark appears to the left of it.
7. Click Accept.
YaST now automatically resolves dependencies and realizes that another
packages needs to be changed/installed as a result of installing gvim:
)
13
8/
/2
-2
2
/1
8. Click Continue.
01
om e
9. Once the package has been installed, click OK.
9/
fr t b
id o
View and Resolve Package Dependencies
al n
(v an
You have just seen how YaST Software Manager resolves dependencies
automatically. You can manage package dependencies in different ways:
y -C
View a packages dependencies. To do so, select a package and select the
m ED

Dependencies tab below the list of packages.
de TT
Resolve package dependencies automatically (Dependencies > Autocheck).

ca MI
This is the default setting in the Dependencies menu:

r A ER
ne P
rt Y
Pa P
e CO
Perform an ad hoc check anytime (Dependencies > Check Now). You should
id D
always check dependencies before performing an installation to be aware of the

ts R
consequences of the installation for your system.

ou HA
Reset ignored dependency conflicts (Extras > Reset Ignored Dependency

Conflicts).
1
Generate a dependency resolver test case (Extras > Generate Dependency

Resolver Test Case).
ed
us
or
ed
pi
co
Objective 3 Manage Software with YaST on SLED 11

In this objective you will learn the following:
Use YaST Software Manager on page 234
Install Software with YaST Software Manager on page 235
Use PackageKit on page 237
)
13
Install Software with PackageKit on page 237
8/
Manage Software with YaST on page 238
/2
-2
Install Software with PackageKit on page 239
2
Use YaST Software Manager
/1
01
YaST Software Manager on the SUSE Linux Enterprise Desktop (SLED) displays a
om e
different interface than on the SUSE Linux Enterprise Server (SLES). The
9/
fr t b
functionality is similar, but users cannot resolve package dependencies on the
id o
desktop. A user needs root privileges to run YaST.
al n
To access the Software Manager,
(v an
1. Select Computer> System > YaST.
y -C
m ED
2. Enter the root password (novell) when prompted and click Continue.
3. In the Groups panel on the left, click Software.
de TT
4. Click Software Management.

ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
From here, you can

rt Y
Pa P
Filter your view of packages according to groups, patterns, languages, and

e CO
repositories
View and install available software packages (Available button)
id D

ts R
View and install upgrades (Upgrades button)

ou HA
View, remove, and re-install already installed software packages (Installed

button)
1
Install Software with YaST Software Manager

ed
To install a package called gvim (a GUI interface for the VI text editor), do the
following:
us
1. In the Software Manager, click the Available button.

or
2. In the search box towards the top right, type

ed
gvim
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
3. Click Install.
ne P
The Changes panel on the right shows the changes that will be made to your
rt Y
system when you click Apply:

Pa P
e CO
id D
ts R
ou HA
1
4. Click Apply.
5. Insert SUSE-Linux-Enterprise-Desktop-11 11-0 (Disc 1).
ed
6. Click OK.
us
The package will install now.

or
ed
pi
co
Use PackageKit
PackageKit (Add/Remove Software) is an end user tool that runs only on the SUSE
Linux Enterprise Desktop. PackageKit
Is used mostly as a software update manager
Can run only on the local machine - not remotely
)
Allows only for simple, automatic dependency resolution, not for manual
13
dependency overrides
8/
Requires privilege elevation to complete an installation
/2

-2
NOTE: System administrators should use zypper or YaST for package management.
2
/1
PackageKit allows end users to
01
om e
9/
fr t b
Search the software repository
Browse through groups like Office or Multimedia to install or remove software
id o

al n
packages
(v an
Find out more about packages like descriptions, dependencies, versions, and
y -C
source information
m ED
Install Software with PackageKit
de TT
1. Go to Computer > More Applications > System.

ca MI
2. Double-click Add/Remove Software.

r A ER
3. In the Search box, enter

ne P
gnome-media
rt Y
Place a check mark in the box next to the top GNOME Multimedia package.
Pa P
4.
e CO
Notice how the package icon changes to an open box with a plus sign:
id D
ts R
ou HA
1
5. Click Apply.
6. Enter the root password:
ed
novell
us
7. Click Authenticate.
or
The package should now install.

ed
8. From the System menu, select Quit to exit.

pi
co
Exercise 8-1 Manage Software with YaST

In this exercise, you practice installing and uninstalling software packages with the
YaST Software Management module.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 8-2 Install Software with PackageKit

In this exercise, you practice installing software packages using PackageKit (Add/
Remove Software) on the SUSE Linux Enterprise Desktop.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 4 Manage RPM Software Packages

To manage installation of RPM software packages, you need to know the following:
RPM Components and Features on page 240
RPM Basics on page 241
Manage Software Packages with RPM on page 242
)
13
Manage Software with RPM on page 248
8/
/2
RPM Components and Features
-2
The basic components of RPM are listed below:
2
RPM Package Manager. This utility handles installing and uninstalling RPM
/1
packages.
01
om e
RPM database. The RPM database works in the background of the Package
9/
fr t b
Manager and contains a list of all information on all installed RPM packages.
id o
al n
The database keeps track of all files that are changed and created when a user installs
a program. This helps the Package Manager to easily remove the same files that were
(v an
originally installed.

y -C
RPM package. RPM lets you take software source code and package it into
m ED
source and binary packages for users. These are called RPM packages or RPM
archives.
de TT
Package label. Every RPM package includes a package label that contains
ca MI

information such as the software name, version, and package release number.
r A ER
This information helps the Package Manager track the installed versions of software
ne P
to make it easier to manage software installations on a Linux computer.

rt Y
Some of the advantages of using RPM Package Manager and RPM packages include
Pa P
e CO
the following:
Root has a consistent method for installing programs in Linux.
id D

ts R
Programs are easily uninstalled (because of the RPM database).

ou HA
Original source archives (such as tar.gz or .tar.bz2) are included as needed and
easy to verify.
1
RPM tools can be used to enable software installations using non-interactive

scripts.
ed
RPM tools can be used to verify that software was installed correctly.
us
RPM tracks dependent software, preventing deinstallation of packages needed by

or
other packages. It also informs the administrator if required software is missing

when he or she tries to install a software package.
ed
Digital signatures are supported to verify integrity of RPM archives.

pi
co
RPM Basics
To manage software packages with RPM, you need to understand the following:
RPM Package File-Naming Convention on page 241
RPM Configuration File on page 241
RPM Database on page 242
)
13
8/
RPM Package File-Naming Convention
/2
RPM package files use the following naming format:
-2
software_name-software_version-release_number.architecture.rpm
2
/1
Example: apache2-2.2.0-21.i586.rpm
01
om e
The following describes each component of the naming format:
9/
fr t b
software_name. This is the name of the software being installed.
id o
al n
software_version. This is the version number of the software in the RPM
(v an
package.
y -C
release_number. This is the number of times the package has been rebuilt using
the same version of the software.
m ED
architecture. This indicates the architecture the package was built under (such as
de TT
i586, i686, or ppc) or the type of package content.

ca MI
For example, if the package has an i586 architecture, you can install it on 32-bit
r A ER
Intel-compatible machines that are Pentium class or higher.

If the package has a .noarch extension, it does not include any binary code.
ne P
rt Y
rpm. RPM archives normally have the extension .rpm. The distribution also
Pa P
includes source packages, called source RPMs, which have the filename
e CO
extension .src.rpm (.spm or .srpm are also possible).

id D
ts R
NOTE: Source packages are not included in the RPM database and thus are not recorded.
ou HA
1
RPM Configuration File
The global RPM configuration file of the rpm command is /usr/lib/rpm/rpmrc.

However, when the rpm command is updated, all changes to this file are lost.
ed
To prevent this from happening, write the changes to the /etc/rpmrc file (for the
us
system configuration) or to the ~/.rpmrc file (for the user configuration).

or
ed
pi
co
RPM Database
The RPM database files are stored in /var/lib/rpm/. If the /usr/ partition is 1 GB in
size, this database can occupy nearly 30 MB, especially after a complete update.
If the database is much larger than expected, it is useful to rebuild the database by
entering rpm --rebuilddb. Before doing this, make a backup of the old database.
The cron script suse.de-backup-rpmdb, which is stored in /etc/cron.daily/, checks
)
13
daily to see if there are any changes. If so, a copy of the database is made
8/
(compressed with gzip) and stored in /var/adm/backup/rpmdb/.
/2
The number of copies is controlled by the variable MAX_RPMDB_BACKUPS
-2
(default is 5) in /etc/sysconfig/backup.
2
The size of a single backup is approximately 5 MB for 1 GB in /usr.
/1
01
Manage Software Packages with RPM
om e
9/
fr t b
You can use the rpm command to manage software packages. This includes querying
id o
the RPM database for detailed information about the installed software.
al n
(v an
The command provides the following modes for managing software packages:
y -C
Installing, uninstalling, or updating software packages
m ED
Querying the RPM database or individual RPM archives
Checking the integrity of packages
de TT
Rebuilding the RPM database

ca MI

r A ER
You can use the rpmbuild command to build installable RPM packages from pristine
sources (rpmbuild is not covered in this course).
ne P
RPM packages contain program, configuration, and documentation files to install,

rt Y
Pa P
and certain meta information used during installation by RPM to configure the
e CO
software package. This same information is stored in the RPM database after
installation for documentation purposes.
id D
ts R
To manage software packages with RPM, you need to know how to do the following:
ou HA
Verify Package Authenticity on page 243

Install, Update, and Uninstall Packages on page 243
1
Query the RPM Database and RPM Archives on page 245

ed
Use the Yast CLI Command as a Front End to RPM on page 247
us
or
ed
pi
co
Verify Package Authenticity
All SUSE Linux RPM packages are signed with the following GnuPG key:
Figure 8-3
)
13
8/
/2
-2
2
/1
01
om e
Verifying the signature of an RPM package lets you determine whether the package
9/
fr t b
originated from SUSE or from another trustworthy facility. To verify the signature of
an RPM package, enter the following command:
id o
al n
rpm --checksig package name
(v an
Example:
y -C
rpm --checksig apache2-2.2.0-10.i586.rpm
m ED
Verifying the package signature is especially recommended for update packages from
de TT
the Internet.
ca MI
The SUSE public package signature key is stored in the /root/.gnupg/ and /usr/lib/
r A ER
rpm/gnupg/ directories. Storing the key in /usr/lib/rpm/gnupg/ lets normal users

verify the signature of RPM packages.
ne P
rt Y
Pa P
Install, Update, and Uninstall Packages

e CO
To manage RPM software packages, you need to know how to do the following:
id D
ts R
Install an RPM Package on page 243

ou HA
Update an RPM Package on page 244

1
Uninstall an RPM Package on page 245
Install an RPM Package

ed
For most RPM packages, you use the following command to install the software:
us
rpm -i package_name.rpm
or
When you install an RPM package, the executable programs, documentation files,
configuration files, and start scripts are copied to the appropriate directories in the file
ed
system.
pi
co
During installation, the RPM database ensures that no conflicts arise (such as a file
belonging to more than one package). The package is installed only if its
dependencies are fulfilled and there are no conflicts with other packages.
If dependencies are not fulfilled, RPM lists those packages that need to be installed to
meet dependency requirements. Packages that conflict with the packages to be
installed are also listed.
)
You could use other options to ignore these errors (such as --nodeps to ignore
13
dependencies or --force to overwrite existing files), but this is only for experts. If you
8/
force the installation despite dependency requirements not being met, the installed
/2
software most likely will not work properly.
-2
With the -v option (verbose) more information is displayed; the -h option (hash)
2
produces a progress bar consisting of # signs during package installation.
/1
01
om e
NOTE: For a number of packages, the components needed for software development (libraries,
9/
fr t b
headers, include files, etc.) have been put into separate packages. These development packages are
only needed if you want to compile software yourself (such as the most recent GNOME packages).
id o
al n
Such packages can be identified by the name extension -devel, such as the packages alsa-devel or
(v an
gimp-devel.
y -C
Update an RPM Package
m ED
You can use the -U (or --upgrade) and -F (or --freshen) options to update a package
de TT
by using the following syntax:

ca MI
rpm -F package_name.rpm
r A ER
This command removes the files of the old version and immediately installs the new
ne P
files. If no previous version is installed, the package is not installed.

rt Y
If an old version is installed, the -U option does the same as -F. However, if no
Pa P
e CO
previous version is installed, -U installs the new version.

id D
NOTE: The -U option is not equivalent to uninstalling with the -e option and installing with the -i
ts R
option. Use -U whenever possible for updating packages.

ou HA
RPM updates configuration files carefully using the following guidelines:

1
If a configuration file was not changed by the system administrator, RPM installs
the new version of the appropriate file. No action by the system administrator is
ed
required.
us
If a configuration file was changed by the system administrator before the

update, RPM saves the changed file with the extension .rpmorig or .rpmsave
or
(backup file). It then installs the version from the new package but only if the
ed
originally installed file and the newer version are different.

pi
If this is the case, compare the backup file (.rpmorig or .rpmsave) with the newly
co
installed file and make your changes again in the new file. Be sure to delete all
.rpmorig and .rpmsave files afterwards to avoid problems with future updates.
The .rpmorig extension is assigned if the file has not previously been recognized
by the RPM database; otherwise, .rpmsave is used.
In other words, .rpmorig results from updating from a foreign format to RPM;
.rpmsave results from updating from an older RPM to a newer RPM.
A set of .rpmnew files is created if the configuration file already exists and if the
noreplace label was specified in the file controlling the package creation (the so-
called .spec-file).
)
13
This is used to not overwrite certain configuration files (such as /etc/httpd/
8/
httpd.conf) and to ensure continued operation.
/2
-2
.rpmnew does not disclose any information as to whether the system
administrator has made any changes to the configuration file.
2
/1
The /etc/init.d/rpmconfigcheck script searches for such files and writes a list of
01
these files to /var/adm/rpmconfigcheck.
om e
9/
fr t b
Uninstall an RPM Package
id o
To uninstall (remove) an RPM package, enter the following:
al n
(v an
rpm -e package_name
y -C
When you uninstall a package, all files except modified configuration files are
removed from the system with the help of the RPM database. This ensures a clean
m ED
uninstall.
de TT
RPM will delete the package only if this does not break dependencies. If other
ca MI
packages depend on the package you want to delete, these are listed in the error
message.
r A ER
You could force deletion of the package with the --nodeps parameter. However, this
ne P
is not advisable because the dependent software will most likely not work anymore.
rt Y
Pa P
e CO
Query the RPM Database and RPM Archives

id D
With the -q option, you can query the RPM database of installed packages and, by
ts R
adding the -p option, inspect RPM archives that are not yet installed.
ou HA
The following are the most commonly used RPM query options:
1
Table 8-1
ed
Option Results
us
-a List all installed packages.

or
-i List package information.

ed
-l Display a file list.

pi
-f file Find out to which package file belongs (the full path must be specified
with file).
co
-d List only documentation files (implies -l).
Option Results
-c List only configuration files (implies -l).
--dump Display a file list with complete details (to be used with -l, -c, or -d).
--provides List features of the package that another package can request with --
requires.
)
--requires, -R List the capabilities the package requires.
13
--scripts List installation scripts (preinstall, postinstall, uninstall).
8/
/2
--changelog Displays a detailed list of information (updates, configuration,
modifications, etc.) about a specific package.
-2
2
For example, entering the rpm -qi wget command displays the following information
/1
about the wget package:
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
The -f option works only if you specify the complete filename with a full path. You
ts R
can enter several filenames, as in the following:

ou HA
ed 1
This returns information for both /bin/rpm and /usr/bin/wget.

us
With the help of the RPM database, you can perform verification checks with the -V
option or --verify. If any files in a package have been changed since installation, they
or
will be displayed.
ed
pi
co
RPM uses the following character symbols to provide hints about the changes:
Table 8-2
Character Description
5 MD5 check sum
)
13
S File size
8/
L Symbolic link
/2
T Modification time
-2
D Major and minor device numbers
2
U Owner
/1
01
G Group
om e
9/
fr t b
M Mode (permissions and file type)
id o
al n
Use the Yast CLI Command as a Front End to RPM
(v an
One of the major functions of YaST is software installation. If you know the name of
y -C
a software package, the -i option (install) is very useful. Example:
m ED
yast -i wireshark
de TT
This example installs the wireshark package plus any software package that is needed
ca MI
by wireshark from the installation media. The advantage of using yast -i is that any
dependencies are automatically resolved.
r A ER
You can also install any RPM package with the -i option, specifying the RPM
ne P
package file name, not just the name of the software package. Example:
rt Y
Pa P
yast -i apache2-2.2.10-2.18.i586.rpm
e CO
However, dependencies are not resolved in this case.

id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Exercise 8-3 Manage Software with RPM

In this exercise, you practice gathering information on installed software and
installing software packages.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 5 Manage Software with zypper

zypper is a command-line interface to the ZYpp system management library. It can
be used to
Install, update, and remove software
Manage repositories
)
13
Perform various queries.
8/
This objective will discuss the most important examples for these actions.
/2
The general command syntax for the zypper command is
-2
zypper [--global-options] <command> [--command-options]
2
[arguments]
/1
01
More information on how to use the command is displayed by entering
om e
9/
fr t b
zypper help [command]
id o
In most cases, the command can be used in a long and a short format, e.g.
al n
(v an
zypper info apache2
or y -C
m ED
zypper if apache2
de TT
Repository Management Commands

ca MI
zypper relies on a list of repositories for its installation and update commands. To
r A ER
list all repositories known to the system, enter

ne P
zypper repos
rt Y
Pa P
e CO
DA1:~ # zypper repos

# | Alias | Name | Enabled | Refresh
id D
--+-----------------+--------------+---------+--------
ts R
1 | SLES-11 11-0 | SLES-11 11-0 | Yes | Yes

ou HA
The most important options for this command are -p (show the priority for each
1
repository) and -d (show more details for each repository).
DA1:~ # zypper repos -d

ed
# | Alias | Name | Enabled | Refresh | Priority | Type

| URI | Service
us
--+-------------+--------------+---------+---------+---------+------
+---------------------------------------+--------
or
1 | SLES-11 11-0 | SLES-11 11-0 | Yes | Yes | 99 | yast2

| http://172.17.8.100/install/SLES11GM/CD1/ |
ed
pi
To add a new repository, use the command

co
zypper addrepo [options] <URI> <alias>
The URI identifies the location of the repository and the alias sets a name which can
be used to access the repository. An example could look like this:
DA1:~ # zypper addrepo http://172.17.8.100/sles11/CD1 sles11
Important options for this command are:

-d: Add the repository as disabled. Repositories are added as enabled by default.
13
-k: Enable RPM files caching for the repository (i.e., RPM packages are kept in
8/
a local directory after being installed).
/2
-2
-K: Disable RPM files caching.
2
NOTE: When a repository is added, the existence and accessibility of the repository is not checked.
/1
If there are any errors in the URI these will show up when trying to access the repository later.
01
om e
9/
fr t b
In order to remove a repository from the list, use the command
id o
al n
zypper removerepo <alias|#|URI>
(v an
To specify the repository, you can use the alias, the sequence number or the whole
y -C
URI of the repository.
m ED
Existing repositories can be modified by using
de TT
zypper modifyrepo <options> <alias|#|URI>

ca MI
The following are the most important options for this command:
r A ER
-e: Enable the repository.

ne P
-d: Disable the repository.

rt Y
-p: Set priority of the repository. A priority of 1 is the highest prioritythe

Pa P
higher the number the lower the priority. The default priority is 99. Packages
e CO
from repositories with higher priority will be preferred even in case there is an
installable higher version available in the repository with a lower priority.
id D
ts R
ou HA
Package Management Commands

To find a package in a repository, the search command with a query string is used:
1
zypper search [option] querystring

The result lists all packages containing the querystring and returns information on the
ed
package:
us
or
ed
pi
co
DA1:~ # zypper search apache2

Loading repository data...
Reading installed packages...
S | Name | Summary | Type

--+-------------+------------------------------------+-----------
i | apache2 | The Apache Web Server Version 2.0 | package
)
13
| apache2 | The Apache Web Server Version 2.0 | srcpackage
| apache2-doc | Additional Package Documentation. | package
8/
...
/2
-2
To see more details on the packages, the -s option can be used:
2
/1
DA1:~ # zypper search -s apache2
01
om e
9/
fr t b
S | Name | Type | Version | Arch | Repository
id o
--+-------------+------------+-------------+--------+-------------
al n
i | apache2 | package | 2.2.10-2.18 | i586 | SLES-11 11-0
(v an
| apache2 | srcpackage | 2.2.10-2.18 | noarch | SLES-11 11-0
...
y -C
| apache2-doc | package | 2.2.10-2.18 | i586 | SLES-11 11-0
m ED
To see more information about a package, use the command

de TT
ca MI
zypper info <package>

r A ER
This command displays detailed information about a package, including the version,
the vendor, a brief description, and whether the package is installed. For an already
ne P
installed package it will also display the status of the package, such as whether the
rt Y
package is up-to-date or needs to be updated.

Pa P
e CO
DA1:~ # zypper info apache2

id D

ts R
ou HA
Information for package apache2:

1
Repository: @System
Name: apache2
Version: 2.2.10-2.18
ed
Arch: i586
Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
us
Installed: No
Status: not installed
or
Installed Size: 2.1 M

Summary: The Apache Web Server Version 2.0
ed
Description:
pi
Apache 2, the successor to Apache 1.

...
co
If the package is not installed and you want to install it, use the command
zypper install <package>
If additional packages need to be installed, zypper will do so.
DA1:~ # zypper install apache2

)
13
Resolving package dependencies...
8/
The following NEW packages are going to be installed:
/2
apache2 apache2-prefork
-2
Overall download size: 1007.0 K. After the operation, additional 2.7
M will be used.
2
/1
Continue? [YES/no]:
Retrieving package apache2-2.2.10-2.18.i586 (1/2), 745.0 K (2.1 M
01
om e
unpacked)
9/
fr t b
Retrieving: apache2-2.2.10-2.18.i586.rpm [done]
Installing: apache2-2.2.10-2.18 [done]
id o
...
al n
(v an
To remove an installed package, the command
y -C
zypper remove <package>
m ED
is used. If other packages depend on this package, these will be removed as well. In
de TT
any case the user is informed of what will be done and can decide not to run the
command.
ca MI
r A ER
DA1:~ # zypper remove apache2

Building repository 'sles11' cache [done]
ne P

rt Y

Pa P
Resolving package dependencies...

e CO
The following packages are going to be REMOVED:

id D
apache2 apache2-prefork
ts R
ou HA
After the operation, 8.8 M will be freed.

Continue? [YES/no]:
1
Removing apache2-prefork-2.2.10-2.18 [done]

Removing apache2-2.2.10-2.18 [done]
ed
us
or
ed
pi
co
Exercise 8-4 Manage Software with zypper

In this exercise, you will add and remove a repository, and uninstall a package.
(End of Exercise)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 6 Update and Patch SLE

In this section you will learn the following:
Installing Service Packs on page 254
Patching and Updating Packages with zypper on page 254
Installing Patched Packages with rpm on page 255
)
13
Installing Service Packs Using YaST Online Update (YOU) on page 257
8/
Managing Updates with Novell Subscription Management Tool (SMT) on
/2
page 260
-2
Installing Service Packs
2
/1
There are several ways to update the system to a Service Pack (SP):
01
om e
Boot from the Service Pack medium.
9/
fr t b
Execute zypper commands manually. See Patching and Updating Packages with
id o
zypper on page 254.
al n
(v an
Run the YaST Online Update Configuration and Online Update.
y -C
By updating to the new feature level, additional features like new drivers or
software enhancements are available to your system. For more information, see
m ED
Make use of a Subscription Management Tool (SMT) system at your site. See
de TT
Managing Updates with Novell Subscription Management Tool (SMT) on

ca MI
page 260.
r A ER
Patching and Updating Packages with zypper

ne P
To guarantee the operational security of a system, you should update packages

rt Y
frequently by installing patched packages.

Pa P
e CO
There are two different ways to update software using zypper:

id D
Integrating all officially released patches into your system

ts R
Updating all installed packages with newer available versions

ou HA
To integrate all officially released patches into your system, just run:
1
zypper patch
In this case, all patches available in your repositories are checked for relevance and
ed
installed if necessary. After registering your SUSE Linux Enterprise installation, an

us
official update repository containing such patches will be added to your system. The
above command is all you need to enter in order to apply them when needed.
or
To update installed packages with their newer available versions, where possible,
ed
enter:
pi
zypper update
co
)
13
8/
/2
-2
This command does not update packages which would require a change of package
vendor or which would require manual dependency resolution.
2
/1
To list all needed patches, type
01
om e
zypper list-patches
9/
fr t b
You can get a list of available updates with:
id o
al n
zypper list-updates
(v an
y -C
NOTE: This command lists only installable updates, i.e., updates which have no dependency
problems or which do not change package vendor. This list is what the update command will
m ED
propose to install. You can use the --all option if you want to list all packages for which newer
versions are available.
de TT
ca MI
Installing Patched Packages with rpm

r A ER
You could update the complete package, or you could use a patch RPM suitable to the
ne P
installed RPM package. The patch RPM has the advantage of being smaller, reducing
rt Y
the download time.

Pa P
e CO
When planning an update, you need to consider the following (using the package
procmail as an example):
id D
Is the patch RPM suitable for my system?

ts R

ou HA
To check this, first query the installed version of the package by entering
rpm -q procmail
1
The output will indicate the currently installed version of procmail:

ed
procmail-3.22-240.3
Now check if the patch RPM is suitable for this version of procmail, by entering
us
rpm -qp --basedon <patchname>

or
--basedon shows what packages a patch rpm is based on. A patch rpm can only
ed
be installed if one of the packages it is based on is installed. The output indicates

pi
whether the patch is suitable for different versions of procmail. The installed
co
version in the example is also listed, so the patch can be installed.
Which files are replaced by the patch?

The files affected by a patch can easily be seen in the patch RPM. The -P option
lets you select special patch features.
You can display the list of files by entering the following:
rpm -qPpl patchname
You will see the following:
)
13
da10:~ # rpm -qPpl procmail-3.22-42.4.i586.patch.rpm
8/
/usr/bin/formail
/2
/usr/bin/lockfile
-2
/usr/bin/procmail
If the patch is already installed, use the following command:
2
/1
rpm -qPl procmail
01
om e
The output will look similar to this:
9/
fr t b
/usr/bin/formail
id o
al n
/usr/bin/lockfile
/usr/bin/procmail
(v an
How can a patch RPM be installed in the system?
y -C
Patch RPMs are used just like normal RPMs. The only difference is that a
m ED
suitable RPM must already be installed.
de TT
Which patches are already installed in the system and for which package
ca MI
versions?
r A ER
You can display a list of all patches installed in the system by entering
rpm -qPa
ne P
rt Y
If only the patch for procmail is installed in a new system, the following item
Pa P
appears:
e CO
procmail-3.22-42.4
id D
If, at a later date, you want to know which package version was originally
ts R
installed, you can query the RPM database.

ou HA
For procmail, this information can be displayed by entering

1
rpm -q --basedon procmail

The output would appear as follows:
ed
procmail = 3.22-42
us
or
NOTE: For additional details about the patch feature of RPM, enter man rpm or
man rpmbuild.
ed
pi
co
Installing Service Packs Using YaST Online Update (YOU)

Before initiating the YaST Online Update to update to the Support Pack feature level,
make sure that the following requirements are met:
The system must be online throughout the entire update process, because this
process requires access to the Novell Customer Center.
If your setup involves third-party software or add-on software, test this procedure
)
13
on another machine to make sure that the dependencies are not broken by the
update
8/
/2
To configure online updates, do the following:
-2
1. On the SUSE Linux Server, go to Computer > YaST > Software > Online
2
Update Configuration.
/1
2. Configure the Update Repository by clicking Advanced and selecting Register
01
om e
for support and get update repository.
9/
fr t b
3. On the Novell Customer Center Configuration page, select Configure Now
id o
and leave the defaults checked.
al n
(v an
Figure 8-4
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
4. Click Next.
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
A dialog appears, warning that Manual Interaction is required.
m ED
Figure 8-5
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
5. Click Continue.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
A Mozilla Browser window opens with a Novell Customer Center Registration
page displayed.
y -C
m ED
Figure 8-6
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
6. Fill in the required information; then click Submit.

pi
co
7. Continue with the registration process until you are returned to the Online
Update Configuration dialog.
8. Click Finish.
The machine is now set up to receive updates automatically.
Managing Updates with Novell Subscription Management Tool (SMT)
)
13
The Subscription Management Tool for SUSE Linux Enterprise establishes a proxy
system with repository and registration targets. This helps you centrally manage
8/
software updates within the firewall on a per-system basis, while maintaining your
/2
corporate security policies and regulatory compliance.
-2
The downloadable Subscription Management Tool is integrated with Novell
2
Customer Center and provides a repository and registration target that is
/1
synchronized with it. This is very helpful in tracking entitlements in large
01
om e
deployments. The Subscription Management Tool maintains all the capabilities of
9/
fr t b
Novell Customer Center, while allowing a more secure centralized deployment. It is
included with every SUSE Linux Enterprise subscription and is therefore fully
id o
al n
supported.
(v an
y -C
New in SUSE Linux Enterprise Server 11
m ED
Capability to stage patches to internal managed area under full control of the site
administrator. This gives the administrator the option to carry out integration
de TT
testing before they fully enable the new patches on site.

ca MI
Ability to centrally push packages to managed devices.

r A ER
Improved set-up and facilitated operation for fully disconnected (sneakernet)

ne P
configurations.
rt Y
Full integration with the new supportability infrastructure delivered with SUSE
Pa P
Linux Enterprise (Novell Support Link integrated in SUSE Linux Enterprise 11

e CO
and Novell Support Advisor from Novell Technical Services). This helps easily
id D
facilitate problem reporting and troubleshooting.

ts R
ou HA
Registering a Client with SMT

1
To register a client against an SMT server, you need to

Equip the client with the servers URL
ed
Make sure the client trusts the server's certificate.

us
Be aware of the three ways to configure the client to use SMT:

or
Using Kernel parameters during installation

regurl - specifies the URL of the SMT server
ed
regcert - (optional) specifies the location of the SMT servers ACA

pi
certificate
co
Via an AutoYaST profile
As root, go to YaST > Miscellaneous >Autoinstallation > Support >Novell

Customer Center Configuration, select Run Product Registration and edit
the SMT Server Settings.
Via the clientSetup4SMT.sh script
The /usr/share/doc/packages/smt/clientSetup4SMT.sh script is provided with
SMT. This script allows you to configure a client machine to use a specific
SMT server or to reconfigure it to use a different SMT server.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Overview of Software Provides an overview of the concepts and terminology

Management in SUSE Linux involved in managing software with SUSE Linux
Enterprise 11 Enterprise, such as libzypp, SatSolver, and RPM.
)
13
2. Manage Software with YaST on To install new software packages use the YaST module
8/
SLES 11 Software > Software Management.
/2
The installation status of a package is indicated by a
-2
symbol. An overview about all possible symbols can be
reached via the Help > Symbols menu.
2
There are dependencies between the packages. In
/1
most cases these dependencies can be resolved
01
automatically. Otherwise they must be resolved
om e
9/
fr t b
manually.
3. Manage Software with YaST on YaST and PackageKit run on the desktop to allow users
id o
al n
SLED 11 to install and manage software.
(v an
4. Manage RPM Software Packages RPM packages are packaged in a special binary
format. Apart from the executable programs, they also
y -C contain information about the configuration of the
m ED
software package, as well as information about
dependencies on other packages (including shared
de TT
libraries).
You can use the rpm command to

ca MI
Install software packages (rpm -i, or rpm -U, or rpm

r A ER
-F)
ne P
Uninstall software packages (rpm -e).

rt Y
Query information from the RPM database (rpm -q)

Pa P
e CO
5. Manage Software with zypper Zypper allows you to list known repositories, remove,
add, and manage repositories, and install a package
id D
from a repository.
ts R
6. Update and Patch SLE You can update packages with zypper, install patched
ou HA
packages with rpm, and install Service Packs using

YaST Online Update. You also learn how to manage
updates with the Novell Subscription Management Tool
1
(SMT).
ed
us
or
ed
pi
co
Course 3101 and 3102 LPIC-1 Addendum
SECTION 9 Course 3101 and 3102 LPIC-1 Addendum
CLA 11 and LPIC-1 Certification
)
13
The Linux Professional Institute Level 1 certification is the first of the three levels of
certification in the LPI Certification program. LPIC Level 1 is considered the Junior
8/
Level certification, while Levels 2 and 3 are considered to be the Advanced and
/2
Senior Levels respectfully.
-2
Just as the Novell Certified Linux Administrator 11 Certification is designed to
2
certify the competencies that you have developed using SUSE Linux Enterprise 11,
/1
the LPIC program has been designed to certify your competencies using the Linux
01
om e
Standard Base and is designed to be distribution neutral.
9/
fr t b
LPIC-1 was first released in January 2000 and has been revised as of April 2009
id o
using a JTA or Job Task Analysis survey within the industry. Passing the two exams
al n
(101 and 102), and thus obtaining your LPIC-1 certification is a mandatory
(v an
requirement for taking the LPIC-2 exams, 201 and 202. Passing the LPIC-1 101
y -C
exam is the pre-requisite for taking the LPIC-1 102 exam.
m ED
The two CLA courses and their exams are designed to help you learn the basics of
Linux and the commands needed to administrate a Linux distribution, primarily
de TT
SUSE Linux Enterprise 11. However, the tasks and skills learned in course 3101 and
ca MI
3102 along with those taught in this addendum also align with the tasks needed to
pass both LPIC-1 exams, 101 and 102.
r A ER
For example, in preparation for the two LPIC-1 exams, you should be able to
ne P
Use and work with the Linux command line

rt Y
1.
Pa P
2. Perform a shutdown and reboot of the system

e CO
3. Have a strategy to backup and restore system and user data

id D
Perform the maintenance tasks needed to assist users, and add a user to a larger
ts R
4.
ou HA
system
5. Perform an installation and configure a workstation
1
6. Connect a workstation to a LAN, or connect a PC to the Internet

ed
NOTE: For more information about Novell certification programs and taking the Novell CLA 11
exam, see the Novell Certifications Web site (http://www.novell.com/training/certinfo) and the
us
CLA 11 site (http://www.novell.com/training/certinfo/cla11).

or
ed
NOTE: For more information about Linux Professional Institute certification programs and taking
the LPIC-1 exam, see the LPI web site (http://www.lpi.org/certification).
pi
co
Table 9-1
CLA 11 Objectives for Courses 3101 & 3102 LPIC-1 Objectives for Exams 101 & 102
Course 3101 Objectives Exam 101 Objectives
Section 1: Getting to know SUSE Linux Topic 101: System Architecture
Enterprise 11
Determine and Configure Hardware
Performing Basic Tasks in SLE 11 Settings. Boot the System
)
Overview of SUSE Linux Enterprise 11 Change Runlevels and Shutdown or
13

Reboot the System
Use the Gnome Desktop Environment
8/
Topic 102: Linux Installation and Package
/2
Access the Command Line Interface (CLI)
Management
from the Desktop
-2
Design Hard Disk Layout
Section 2: Locate and Use Help Resources
2
Install a Moot Manager
/1
Access and Use man Pages
01
Manage Shared Libraries
Use Info Pages
om e
Use Debian Package Management
9/
fr t b

Access Release Notes and White Papers
Use RPM and YUM Package Management
id o
Use GUI-Based Help
al n
Topic 103: GNU and Linux Commands
Find Help on the Web
(v an
Work on the Command Line
Section 3: Manage the Linux File System

y -C
Understand the File System Hierarchy
Process Text Streams Using Filters
m ED
Standard (FHS) Perform Basic File Management
de TT
Identify File Types in the Linux System Use Streams, Pipes and Redirects
Manage Directories with CLI and Nautilus Create, Monitor and Kill Processes
ca MI
Create and View Files Monitor Process Execution Priorities

r A ER
Work with Files and Directories Search Text Files Using Regular
ne P
Expressions
Find Files on Linux
rt Y
Perform Basic File Editing Operations

Pa P
Search File Content

Using vi
e CO
Perform Other File Operations with

Topic 104: Devices, Linux Filesystems,
Nautilus
Filesystem Hierarchy Standard
id D
ts R
Section 4: Work with the Linux Shell and

Create Partitions and Filesystems
Command Line Interface (CLI)
ou HA
Maintain the Integrity of Filesystems

Get to Know the Command Shells
Control Mounting and Unmounting of
1

Execute Commands at the Command Line
Filesystems
Work with Variables and Aliases
Manage Disk Quotas
ed
Understand Command Syntax and Special

Manage File Permissions and Ownership
Characters
us
Create and Change Hard and Symbolic

Use Piping and Redirection
Links
or
Find System Files and Place Files in the

ed
Correct Location
pi
co
CLA 11 Objectives for Courses 3101 & 3102 LPIC-1 Objectives for Exams 101 & 102
Section 5: Administer Linux with YaST
Get to Know YaST

Manage the Network Configuration
Information from YaST
Section 6: Manage Users, Groups, and
)
Permissions
13
Manage User and Group Accounts with
8/
YaST
/2
Describe Basic Linux User Security
-2
Features
2
Manage User and Group Accounts from
/1
the Command Line
01
Manage File Permissions and Ownership
om e
9/
fr t b
Ensure File System Security
id o
Section 7: Use the vi Linux Text Editor
al n
Use the Editor vi to Edit Files
(v an
Section 8: Manage Software for SUSE
y -C
Linux Enterprise 11
m ED
Overview of Software Management in
SUSE Linux Enterprise 11
de TT
Manage Software with YaST on SLES 11

ca MI
Manage Software with YaST on SLED 11

r A ER
Manage RPM Software Packages

ne P
Manage Software with zipper

rt Y
Update and Patch SLE

Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Table 9-2

Section 1: Install SUSE Linux Enterprise 11 Topic 105: Shells, Scripting, and Data
Management
Perform a SLES 11 Installation
Customize and Use the Shell Environment
Perform a SLED 11 Installation
Customize or Write Simple Scripts
Troubleshoot the Installation Process
)
13
SQL Data Management
Section 2: Manage System Initialization
8/
Topic 106: User Interfaces and Desktops
Describe the Linux Load Procedure
/2
Install and Configure X11
-2
Manage GRUB (Grand Unified Bootloader)
Setup a Display Manager
Manage Runlevels
2
Accessibility
/1
Section 3: Administer Linux Processes
01
and Services Topic 107: Administrative Tasks
om e
9/
Describe How Linux Processes Work Manage User and Group Accounts and
fr t b

Related System Files
Manage Linux Processes
id o
Automate System Administration Tasks by
al n
Section 4: Administer the Linux File Scheduling Jobs
(v an
System
Localization and Internationalization
y -C
Select a Linux File System
Topic 108: Essential System Services
m ED
Configure Linux File System Partition
Maintain System Time
Manage Linux File System
de TT
System Logging
Configure Logical Volume Manager (LVM)
ca MI
and Software RAID Mail Transfer Agent (MTA) Basics

r A ER
Set Up and Configure Disk Quotas Manage Printers and Printing
Section 5: Configure the Network Topic 109: Networking Fundamentals

ne P
rt Y
Understand Linux Network Terms Fundamentals of Internet Protocols

Pa P
Manage the Network Configuration Basic Network Configuration

e CO
Information from YaST

Basic Networking Troubleshooting
id D
Set Up Network Interfaces with the ip Tool

Configure Client Side DNS
ts R
Set Up Routing with the ip Tool

ou HA
Topic 110: Security

Test the Network Connection with
Command Line Tools Perform Security Administration Tasks
1
Configure the Hostname and Name Setup Host Security

Resolution Securing Data with Encryption
ed
us
or
ed
pi
co

Section 6: Manage Hardware
Describe How Device Drivers Work in

Linux
Manage Kernel Modules Manually
Describe the sysfs File System
)
13
Describe How udev Works
8/
Section 7: Configure Remote Access
/2
Provide Secure Remote Access with
-2
OpenSSH
Enable Remote Administration with YaST
2
/1
Access Remote Desktops Using Nomad
01
om e
Section 8: Monitor SUSE Linux Enterprise
9/
fr t b
11
id o
Monitor a SUSE Linux Enterprise 11
al n
System
(v an
Use System Logging Services
y -C
Monitor Login Activity
m ED
Section 9: Automate Tasks
Schedule Jobs with cron

de TT
Schedule Jobs with at

ca MI
Section 10: Manage Backup and Recovery

r A ER
Develop a Backup Strategy

ne P
Back Up Files with YaST

rt Y
Create Backups with tar

Pa P

e CO
Create Backups on Magnetic Tape

Copy Data with dd
id D

ts R
Mirror Directories with rsync

ou HA
Automate Data Backups with cron

1
Section 11: Administer User Access and

System Security
Configure User Authentication with PAM

ed
Manage and Secure the Linux User

Environment
us
Use Access Control Lists (ACLs) for

or
Advanced Access Control

ed
Implement a Packet-Filtering Firewall with

SuSEfirewall2
pi
co
CLA 11 + LPIC-1 focuses on the objectives that are beyond the scope of the main
3101 and 3102 course material.
This addendum covers the tasks and knowledge of Linux that are unique to the Linux
Professional Institute Certification Level 1 (LPIC-1) certification objectives. Our
purpose in creating this addendum is to assist those who are preparing for the LPIC-1
certification exams. You will find within the following pages objectives that are not
covered in the main body of this course manual and that are specific to the LPIC-1
exams.
When preparing for the LPIC-1 exams, you will need to know both the main
)
13
objectives covered in the two CLA 11 course manuals and the objectives found
within this addendum.
8/
/2
The skills taught in the two course manuals, for Novell Courses 3101 and 3102, help
-2
to prepare you for taking the Novell Certified Linux Administrator 11 (Novell CLA
11) certification test.
2
/1
This addendum provides an auxiliary means to prepare for the LPIC-1 exams. The
01
topics and skills discussed herein are designed to give you specific information
om e
9/
related to and covering the objectives found below.
fr t b
id o
The objectives discussed within this addendum along with those taught in the two
al n
CLA 11 courses will help you prepare for the LPIC-1 exams.
(v an
The following topics are addressed here:
1.
y -C
Use Debian Package Management on page 269
m ED
2. yum Package Management on page 274
de TT
3. SQL Data Management on page 280

ca MI
4. Install and Configure X11 on page 287

r A ER
5. Message Transfer Agent (MTA) Basics on page 295

ne P
6. Fundamentals of TCP-IP (dig) on page 309

rt Y
Pa P
e CO
NOTE: As of April 2009, the objectives for LPIC-1 and LPIC-2 exams have changed. The
objectives presented here are the most up-to-date as of this writing. For information, visit the Linux
id D
Professional Institute web site ( http://www.lpi.org or http://www.lpi.org/certification).

ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 1 Use Debian Package Management

This section presents the basic features of using the Debian package management
tools. Tasks discussed focus on installing, upgrading, and removing the Debian .deb
packages. Using the apt tool apt-get and the dpkg tool will assist you in finding file
or package information such as content, installation status, version of package,
dependencies, and package integrity.
)
13
This section is based on the information found in
8/
LPIC-1 102.4: (http://lpi.org/)
/2
Candidates should be able to perform package management using the Debian
-2
package tools.
2
/1
01
Key Knowledge Areas
om e
9/
fr t b
Install, upgrade, and uninstall Debian binary packages
id o
Find packages containing specific files or libraries which may or may not be
al n
installed
(v an
Obtain package information like version, content, dependencies, package
y -C
integrity, and installation status (whether or not the package is installed)
m ED
de TT
Debian Linux basics on page 269

ca MI
Manage Software Packages Using apt on page 270

r A ER
Managing Software Packages Using dpkg on page 272

ne P
Debian Linux basics

rt Y
Pa P
e CO
What is Debian GNU/Linux?

id D
Debian is an operating system that uses for its core the Linux kernel. Yet most of the
ts R
tools used come from the GNU project thus calling it Debian GNU/Linux. Debian
ou HA
states that it comes with over 25000 packages. As of this writing, the latest stable
release is Debian 5.0 with its last update being on September 5, 2009. See http://
1
www.debian.org for more information.

ed
.deb Basics
us
To manage .deb software packages, you need to understand the following:

or
Package Naming Syntax

ed
Debian Software on the Internet

pi
Debian packages use the following naming syntax:

co
<packagename>_<versionnumber>_<architecture>.deb
Example: apache_2.2.17-5_i386.deb
The following describes each component of the naming format:
package_name. This is the name of the software being installed.
versionnumber. This is the version number of the software.
architecture. This indicates the architecture the package was built under, such as
)
i386,i586, i686, or ppc.
13
For example, if it is a i386 architecture, you can install it on 32-bit.
8/
/2
Debian can be installed on different architecture; hence there is a need to make
-2
sure that the package you wish to install is supported on the architecture you
have.
2
/1
Packages normally have the extension .deb.
01
om e
Finding Debian Software Packages on the Internet can be accomplished by searching
9/
fr t b
for Debian packages using the url syntax of
id o
http://packages.debian.org/name where name is a package name
al n
(v an
http://package.debian.org/src:name where name is a source package name
y -C
Manage Software Packages Using apt
m ED
Performing package management tasks in Linux can be accomplished using a variety
de TT
of different tools. Debian package management also has tools that can be used at the
command line or with a gui.
ca MI
When installing .deb packages, remember to always backup your existing data,
r A ER
documents, or even the whole system, just in case an issue arises.

ne P
Always make sure you verify any package you wish to install on your Debian system.
rt Y
.deb files come from a variety of sources; those coming directly from Debian are
Pa P
considered trustworthy; however, a good habit to have is to verify before you install.
e CO
You can use the apt tool which is apt-get to find, download, and install .deb packages
id D
over the internet using either ftp or http. APT is an acronym that stands for Advanced
ts R
Package Tool. With apt-get you can also perform upgrades.

ou HA
Here are some common apt tool commands:

1
apt-get
ed
To install a new package use the syntax apt-get install packagename

us
Example: apt-get install ldap_2..5.3_i686.deb

or
To upgrade a package use the syntax apt-get upgrade packagename

ed
Example: apt-get upgrade nfs_3.1.5-3_i586.deb

pi
To remove a package from the system, use apt-get remove packagename

co
Example: apt-get remove samba_2.1.7-2_i383.deb
To upgrade all packages on your system, use apt-get dist-upgrade.

Using dist-upgrade also will install extra packages such as dependencies.
Using upgrade alone as shown above will keep an installed package at its older
version, even if the upgrade requires extra packages or the removal of packages.
apt-cache
)
13
The apt suite of tools also includes apt-cache which queries packages. Using apt-
8/
cache you can find packages, get dependencies listed, and receive detailed
/2
information about package versions available.
-2
The apt-cache syntax is as follow:
2
/1
To get information about a package, use apt-cache show packagename.
01
om e
Example: apt-cache show ldap_3.1.5-3_i586.deb
9/
fr t b
For package versions available, use apt-cache showpkg packagename.
id o
al n
Example: apt-cache showpkg samba_2.5.1-2.deb
(v an
List dependencies for a package, use apt-cache depends packagename.
y -C
Example: apt-cache depends nfs_2.4-2-i383.deb
m ED
To search for packages with a specific word in its description, use apt-cache
de TT
search searchword.
ca MI
Example: apt-cache search language

r A ER
ne P
aptitude
rt Y
The apt suite of tools includes an Ncurses based frontend for the apt utility. Aptitude
Pa P
e CO
is text based and runs from a CLI (command line interface) or a terminal. It has a
number of features including the ability to mark packages as manually installed or
id D
automatically installed. This feature allows packages to be auto-removed when they

ts R
are not required any longer. It also has the ability to retrieve and display Debian
ou HA
change logs for many packages.

Also, among its features are a dependency resolver, a color preview of actions to be
1
taken, and a command line mode (CLI).

Command Line Interface (CLI) syntax (may require full package name)
ed
us
Table 9-3
or
Command Description
aptitude Enter at terminal to run aptitude
ed
aptitude upgrade Upgrade packages

pi
aptitude update Update packages list

co
aptitude install samba Install samba package

aptitude remove samba Remove samba package
Command Description
aptitude purge samba Purge samba package
aptitude dist-upgrade Use to upgrade current distribution use with
cat /etc/debian_version
aptitude ~D samba List samba dependencies in reverse
aptitude search samba Search samba
Text User Interface (TUI) syntax:
)
13
8/
Table 9-4
/2
-2
u Update list of available packages.
U Mark packages which are upgradable.
2
g View pending actions (modify pending actions). Press g a second time to start the
/1
download.
01
Actions (menu) > Cancel pending action
om e
9/
fr t b
There are also other package management tools such as synaptic, tasksel, and dselect.
id o
These other tools are outside the scope for this addendum.
al n
(v an
Managing Software Packages Using dpkg
y -C
You can use dpkg to find, download, and install .deb package. Using dpkg, you can
m ED
retrieve package information and description as well as the version of the package.
de TT
Here are some common dpkg commands:

ca MI
To list information and verify (installed or not) a single package, use dpkg l
packagename or dpkg s packagename | grep Status.
r A ER
Example: dpkg l samba_3.2.2-1_i686.deb

ne P
Example: dpkg s ldap | grep Status

rt Y

Pa P
To list information on all installed packages, type dpkg -l.

e CO
For package description, version, etc., type dpkg info packagename.

id D
ts R
Example: dpkg info apache_2.4.5-1_i386.deb

ou HA
To list files provided by an installed package, use dpkg L packagename.

1
Example: dpkg L ldap_2.2.5-7_i383.deb

To list files provided by a package, use dpkg contents packagename.
ed
Example: dpkg contents samba_1.2.3-2_i386.deb

us
To find out which package owns a file, type dpkg S path to filename.
or
Example: dpkg S /etc/exports

ed
Other options that can be used include

pi
-L or list
co
-s or -status
-split or also use -join

--control (file control information)
--help (options list)
--install (installs packages)
--extract (packages unpacked using this will be incorrectly installed)
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 2 yum Package Management
Section Overview
This section helps you to understand yum package management. For a Linux
administrator, package management is critical to know and understand. Using the
yum tools, you can perform an installation, upgrade, re-install, or removal of a
)
package.
13
8/
yum will automatically calculate the dependencies that are needed for package
/2
installation. Instead of manually updating each machine using rpm, yum maintains
-2
groups of machines making the task and your time more efficient.
2
/1
01
om e
Candidates should be able to perform package management using YUM tools.
9/
fr t b
id o
al n
Key Knowledge Areas
(v an
Install, re-install, upgrade, and remove packages using ... YUM.

y -C
Obtain information on RPM packages such as version, status, dependencies,
m ED
integrity, and signatures.
de TT
Determine what files a package provides as well as find which package a specific
file comes from.
ca MI
r A ER

YUM Tools on page 274
ne P

rt Y
YUM: /etc/yum.conf and /etc/yum.repos.d/ on page 275

Pa P
Using yumdownloader on page 278

e CO
Performing package management tasks in Linux can be accomplished by the use of a

id D
variety of different tools. yum package manager, and the tools it provides, is one
ts R
such tool.
ou HA
YUM Tools
1
yum or the Yellowdog Updater Modified is used for Linux systems that are rpm
compatible. yum evolved (from YUP) in order to update and manage RHL systems.
ed
Since that time, it has been used in other Linux distributions, such as, Fedora, RHEL,
and CentOS.
us
yum has a command line interface and it has a plugin interface for the addition of
or
other features. yum-utils extends and acts as a supplement to yum. It is a collection

ed
of different utilities and plugins which can perform queries, manage package cleanup,
and perform repository synchronization.
pi
co
Common yum commands include
Table 9-5
Command Description
yum list or yum list all List all packages in a repository and packages
installed on your system
)
yum list installed List all packages installed on your system.
13
yum list installed packagename Displays if named package is installed
8/
yum list installed samba_1.2.3-2_i386.rpm
/2
yum install packagename Install the named package, for example
-2
yum install samba_1.2.3-2_i386.rpm
2
yum list updates List of updates for all installed packages
/1
yum list update packagename Check for and update named package
01
om e
yum list update samba_1.2.3-2_i386.rpm
9/
fr t b
yum list available List of packages available to be installed
yum info packagename Displays detailed package information, such as
id o
al n
version, status, dependencies, signatures
(v an
yum info samba_1.2.3-2_i386.rpm
yum whatprovides path_to_file Display which package provides a file
y -C yum whatprovides /etc/motd
m ED
yum list packagename Search repository for the named package
de TT
yum list samba_1.2.3-2_i386.rpm

yum remove packagename Removes the specific named package
ca MI
yum remove samba_1.2.3-2_i386.rpm

r A ER
createrepo /pathtorepodirectory Used to create a repository (see Obj.2)

ne P
YUM: /etc/yum.conf and /etc/yum.repos.d/

rt Y
Pa P
e CO
yum.conf
id D
yum.conf is the configuration file for the yum package. In the yum.conf file there are
ts R
software sites listed with one or more URLs and their names. For example, the
ou HA
following uses the fictitious site SUSE Linux rpms and its URL:
1
[SUSE Linux rpms]

name=SUSE Linux $releasever - $basearch suserpms
baseurl=http://suselinux.novell.com/suse/linux/$releasever/$basearch/
suserpms
ed
yum.conf can be populated by editing the file and/or by uncommenting a line in the
us
file. Best practices when editing yum.conf is to add your entries to the end of the file.
or
If you find that any are marked as unstable or as a test, it is better to avoid those.
ed
pi
co
Example #1 of entries for a yum.conf configuration file

# This is the suselinuxrpms yum.conf file for my repository.
# You can also add, delete or edit the settings, URLs, sections, or
sites as needed.
#
[main]
cachedir=/var/cache/yum
)
keepcache=0
13
debuglevel=2
logfile=/var/log/yum.log
8/
pkgpolicy=newest
/2
distroverpkg=suselinux-release
-2
tolerant=1
exactarch=1
2
# Don't check keys for localinstall
/1
gpgcheck=0
01
plugins=1
om e
9/
fr t b
metadata_expire=1500
# Change timeout depending on stability of mirrors contacted.
id o
timeout=7
al n
(v an
# PUT YOUR REPOS INFO HERE OR IN separate files named file.repo
y -C
m ED
Example #2 of a yum.conf configuration file
de TT
#Main settings for my yum.conf file

#Last edited on January 21, 2010 5:18:29pm
ca MI
[main]
r A ER
cachedir=/var/cache/yum
debuglevel=3
ne P
logfile=/var/log/yum.log
rt Y
pkgpolicy=newest
Pa P
distroverpkg=suselinux-release
e CO
gpgcheck=1
tolerant=1
id D
retries=1
ts R
exactarch=1
ou HA
[base]
name=SUSE Linux Base $releasever - $basearch - Base
1
baseurl=http://suserpm.novell.com/linux/suse/core/$releasever/
$basearch/os
http://mirrors.backupstore.org/pub/linux/suse/sle11/base/$releasever/
ed
$basearch/yum/os
http://suse.novell.com/releases/suse-linux-core-$releasever
us
[released-updates]
or
name=SUSE Linux Core $releasever - $basearch - Released Updates

baseurl=http://suserpm.novell.com/linux/suse/core/updates/
ed
$releasever/$basearch/updates
pi
http://mirrors.backupstore.org/pub/linux/suse/sle11/base/$releasever/
$basearch/yum/updates
co
http://suse.novell.com/releases/suse-linux-core -$releasever
[suselinux-extras]
name=SUSE Linux Extras $releasever - $basearch - Extra Packages
baseurl=http://mirrors.backupstore.org/pub/linux/suse/sle11/base/
$releasever/$basearch/os
failovermethod=priority
[core]
name=SUSE Linux Core $releasever - $basearch - core
)
baseurl=http://suserpm.novell.com/linux/suse/core/$releasever/
13
$basearch/core
8/
[SUSE Linux Enterprise 11 stable]
/2
name=SUSE Linux Core $releasever Stable
-2
baseurl=suselinux.novell.com/suse/linux/$releasever/$basearch/yum/
stable
2
http://suselinuxde.linux.de/suse/linux/$releasever/$basearch/yum/
/1
stable
01
http://mirrors.backupstore.org/pub/suse/linux/enterprise11/
om e
9/
fr t b
$releasever/$basearch/yum/stable
id o
[updates]
al n
name=SUSE Linux Updates $releasever - $basearch - updates
(v an
baseurl=http://suserpm.novell.com/suse/linux/$releasever/$basearch/
updates
y -C
Notice in the previous example for the sites and their URLs; each section is named
m ED
according to its reason or purpose for contacting it and downloading its software.
de TT
Add sections according to your need, such as development, updates, or kernel.

ca MI
NOTE: Additional information for yum.conf and its options may be found at (http://linux.die.net/
r A ER
man/5/yum.conf) and (http://www.linuxquestions.org).

ne P
rt Y
yum.repos.d
Pa P
e CO
yum.repos.d is the directory you use to hold the .repo files you create when
specifying a repository location. This may be used in place of entering the locations
id D
in the yum.conf file. Remember to run the createrepo command after adding new
ts R
packages; current versions of yum require its usage. Using the createrepo command
ou HA
generates the XML metadata necessary for your repository.

1
Using a local repository for your network installations and updates can save time for
you and also save demand on your internet bandwidth, because all of the packages
you need are now local to you. You may also setup a yum repository to install or
ed
update a package using an ISO CDROM image that you create.

us
Remember you may need to modify the yum.conf file to reflect the location of the
local yum repository. Recall that the last lines of Example #1 mentioned either
or
placing the repository URLs there or in separate files which you should name
ed
filename.repo in the /etc/yum.repos.d directory.

pi
co
An example, the entries contained in a .repo file might look like this:
# filename /etc/yum.repos.d/install.repo
#
# Specify the path to the directory following baseurl= as shown here
#
[MyInstallRepository]
name=Install
)
baseurl=file:///myrepos/myinstallrepo
13
enabled=1
8/
The above is an example of a .repo file located in the /etc/yum.repos.d directory. It
/2
contains the path to the repository directory; for example, you created a root directory
-2
named /myrepos, with repository sub-directories below it holding your files for each
repository you want, such as a /myinstallrepo directory for installations. Enter any
2
comments you wish to make about the file, and enter the baseurl= location path.
/1
Enable it using the enabled=1 entry.
01
om e
9/
fr t b
For ease of viewing and recognizing your .repo files, it is often best to have a .repo
file for each repository you create.
id o
al n
You may need to import all the gpg keys for the packages if you did not sign the rpm
(v an
packages, or you can use gpgcheck=0 in the .repo file.
y -C
Using yumdownloader
m ED
yumdownloader, simply put, is a tool or program to download RPMs from yum
de TT
repositories. Repositories can exist in numerous locations, and having to manually

search and download packages would be time consuming. Using yumdownloader
ca MI
along with its many options can prove to be beneficial to you. For example, instead
r A ER
of downloading RPMs, you can use a list of URLs to get package downloads.
ne P
Using the --resolve option allows downloading of an RPM package to resolve any
rt Y
dependencies and also downloading of the packages that are required to fulfill that
Pa P
dependency.
e CO
yumdownloader needs and uses the yum libraries for retrieving all information. For
id D
yumdownloader to know which repositories to use for downloads, it must rely on the
ts R
yum configuration. That configuration information is then passed to yumdownloader

ou HA
to use for its default values.

The installation of the yum-utils package will download its tools which include the
1
yumdownloader tool. You must be root or have root privileges to install yum-utils
and yumdownloader.
ed
The command to install yum-utils as root user is as follows:

us
Table 9-6
or
Command Purpose
ed
yum install yum-utils yumdownloader is in the package.

pi
yumdownloader source RPMsourcepackage Installs the named RPM source

co
package.
Command Purpose
yumdownloader --source kernel Installs the latest kernel source
package.
If you are not root, you may be able to use the sudo command if you have been
granted the permissions.
)
The default configuration for yumdownloader is to put the downloaded package
13
under the current working directory. You can, however, use the --destdir option to
8/
use another destination directory of your choice. For example, type yumdownloader
/2
--source --destdir /tmp/directory.
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 3 SQL Data Management
Overview
Working with an SQL database has become necessary in many of todays Linux
systems. The task and steps to manipulate, query, or use other basic SQL commands
must be understood by administrators. This section will discuss the basic SQL
)
commands and the manipulation of data.
13
8/
SQL or Structured Query Language (pronounced es-cue-el, not sequel), despite the
/2
opinion of some, was not, is not, and never has been a Microsoft invention. SQL is a
-2
computer database language used for the management of relational database
management systems (RDBMS). It is used for data storage, data query, data updates,
2
data retrieval, and data manipulation, as well as for schema creation, schema
/1
modification, and access control of data. Originally, it was based on Relational
01
Algebra, Edgar F. Codd in his 1970 writing, A Relational Model of Data for Large
om e
9/
fr t b
Shared Data Banks. Data manipulation commands are usually standard compliant as
long as you use the base form of the command.
id o
al n
(v an
y -C
Candidates should be able to query databases and manipulate data using basic SQL
m ED
commands. This objective includes performing queries involving joining of 2 tables
de TT
and/or their subselects.

ca MI
Key Knowledge Areas

r A ER
Use of basic SQL commands.

ne P

rt Y
Perform basic data manipulation.

Pa P
e CO

Manipulate data in an SQL database on page 280
id D
ts R
Query an SQL database on page 282

ou HA
Manipulate data in an SQL database

1
Basic SQL database commands allow the database administrator much flexibility in
updating and performing the general tasks for the organizations database. The
following commands are some of the most common ones that you will use when
ed
interacting with nearly every SQL DBMS.

us
If a company, for example, Novell Inc., used a table called BrainShare2010 to assign
or
people a date and location to be at during BrainShare 2010, with columns that
included Firstname, Lastname, Email, Phone, Assignment, Date, and Time, it could
ed
look similar to this:

pi
co
First Last Email Phone Assignment Date Time

Name Name a.m./p.m.
David Manager
DManager@ 801-111-1111 DevTable 3/22-25 8-5
Novell.com
Adam Teamlead ATeamlead@ 801-111-2222 DevTable 3/22-25 8-5
Novell.com
Shirley Certdata SCertdata@ 801-111-3333 CertTable 3/22-25 9-6
)
Novell.com
13
8/
Data manipulation will depend on the commands and values we wish to insert into
/2
the table columns. Using the following command syntax, we could make entries into
-2
this table.
2
INSERT Create new row(s) in a table with new data. Use either syntax:
/1
Syntax: INSERT INTO table_name VALUES (value1, value2, value3, )
01
om e
Syntax: INSERT INTO table_name (column1, column2, column3, )
9/
fr t b
VALUES (value1, value2,value3, )
id o
al n
NOTE: number of columns and values must match to prevent error.
Usage: INSERT INTO BrainShare2010 (Firstname, Lastname, Email, Phone,
(v an
Assignment, Date, Time)
y -C
Values (Randy, Testdev, RTestdev@Novell.com, 801-111-4444,
m ED
TestTable,3/22-24,9am-6pm)
de TT
ca MI
Results:
r A ER

Name Name
ne P
David Manager DManager@ 801-111-1111 DevTable 3/22-25 8am-5pm

Novell.com
rt Y
Pa P
Adam Teamlead ATeamlead@ 801-111-2222 DevTable 3/22-25 8am-5pm

e CO
Novell.com
Shirley Certdata SCertdata@ 801-111-3333 CertTable 3/22-25 9am-6pm
id D
Novell.com
ts R
Randy Testdev RTestdev@ 801-111-4444 TestTable 3/22-24 9am-6pm

ou HA
Novell.com
1
UPDATE Change data in existing database. Use WHERE to specify row(s)

Syntax: UPDATE table_name
ed
SET Column1 = value1, Column2 = value2, Column3 = value3

us
WHERE column = value

Usage: UPDATE BrainShare2010
or
SET Date = 3/22-25

ed
WHERE Lastname = Testdev AND Firstname = Randy

pi
Results: Date entry for Randy Testdev is changed from 3/22-24 to 3/22-25. No other
co
change is made to data. Not specifying WHERE will change all date entries.
SELECT Used to select some or all data from an SQL database table.
Syntax: SELECT Column1, Column2, Column3,
FROM table_name
Usage: SELECT Firstname, Lastname, Phone
FROM BrainShare2010
Results All Firstname, Lastname, and Phone entries for all employees will be selected
)
13
8/
DELETE Removes data from an SQL database table. Use with WHERE
/2
Syntax: DELETE FROM table_name
-2
WHERE Column = Value
2
Usage: DELETE FROM BrainShare2010
/1
01
WHERE Phone = 801-111-1111
om e
Results: Data entries specified with WHERE are deleted. If WHERE is not used, ALL
9/
fr t b
entries from all rows and columns in the table are removed.
id o
al n
(v an
WHERE Selects data based on column name specified, as with SELECT above. An
example is selecting all users (4) with a Lastname of Ecord, using a table called
y -C
ClientList as in the following:
m ED
Usage: SELECT Lastname
FROM ClientList
de TT
WHERE Lastname = Ecord

ca MI
Results: All four users with Lastname of Ecord are selected from the table ClientList.
r A ER
Query an SQL database

ne P
An SQL database can be queried using statements, functions, and keywords. Using
rt Y
Pa P
these, you can group information from tables, sort the data from tables, and even join
e CO
information from two tables.

id D
ts R
GROUP BY
ou HA
When the Novell employees work their assigned hours during BrainShare 2010 and
the actual hours worked are entered into a database, the sum total of the hours worked
1
by all can be extracted from the database entries, as well as the total for each
individual employee.
ed
Using the SQL GROUP BY statement along with functions such as SUM will
us
provide a way to group the resulting dataset by database table columns. For
example, consider that Dave Manager created along with the BrainShare2010 table,
or
another table called BrainShareHours through which means the actual hours worked
by employees at the event are tracked and calculated.
ed
Using the example database table below, we can use this to extract the SUM total and
pi
then GROUP BY each employees total hours spent working.

co
Table 9-7
Employee Date Hours Assignment

Dave Manager 3/22/09 8 Developers Table
Shirley Certdata 3/22/09 8 Certification Table
Randy Testdev 3/22/09 8 Test Development
Adam Teamlead 3/23/09 9 Developers Table
)
13
Adam Teamlead 3/24/09 8 Developers Table
8/
/2
-2
2
/1
01
om e
9/
fr t b
SUM total of all hours worked by employees during BrainShare
id o
Syntax: SELECT SUM (Column)
al n
FROM table_name
(v an
Usage: SELECT SUM (Hours)
FROM BrainShareHours
y -C
m ED
SUM total of all hours worked by employees individually at BrainShare
de TT
Syntax: SELECT Column, SUM (Column)

FROM table_name
ca MI
GROUP BY Column
r A ER
Usage: SELECT Employee, SUM (Hours)

FROM BrainShareHours
ne P
GROUP BY Employee
rt Y
Results: By the use of the statement GROUP BY, the number of hours worked by each
Pa P
employee can be gathered by extracting all hours worked for each individual
e CO
employee.
id D
ts R
ORDER BY This will sort the SQL data results by the use of its columns. Looking at our first
ou HA
table, BrainShare2010, Dave Manager has now decided to SELECT all

employees working at BrainShare 2010 and sort them by Lastname. Notice
use of the wildcard *.
1
Syntax: SELECT * FROM table_name

ORDER BY Column
Usage: SELECT * FROM BrainShare2010
ed
ORDER BY Lastname
us
or

Name Name
ed

Novell.com
pi
David Manager DManager@ 801-111-1111 DevTable 3/22-25 8am-5pm

co
Novell.com

Name Name
Novell.com
Randy Testdev RTestdve@ 801-111-4444 TestTable 3/22-24 9am-6pm
Novell.com
To reverse the order displayed, you must use the SQL Keyword DESC for descending
)
13
order. Add DESC after the ORDER BY clause, such as in the following:
8/
Syntax: SELECT * FROM table_name
/2
ORDER BY Column DESC
-2
Usage SELECT * FROM BrainShare2010
ORDER BY Lastname DESC
2
/1
01
om e
9/
fr t b
Name Name
Randy TestdevRTestdve@ 801-111-4444 TestTable 3/22-24 9am-6pm
id o
Novell.com
al n
(v an
Novell.com
y -C
David Manager DManager@
Novell.com
801-111-1111 DevTable 3/22-25 8am-5pm
m ED
Novell.com
de TT
ca MI
If nothing is specified as to how to order a data set, a data set is alphabetically ordered
by default (default assumes ASC not DESC).
r A ER
To sort by more than one column, you must specify the columns in the ORDER BY
ne P
listing such as in ORDER BY Lastname, Phone.

rt Y
Pa P
JOIN Use this whenever extracting data results from two or more tables, where a
e CO
relationship exists between the specified columns in the tables.

Consider the following two tables, BrainShare2010 (modified) and the
id D
BrainShareTravel table which Dave set up to record employee travel expenses for
ts R
the event.
ou HA
Adding the common column fields of EID (EmployeeID) to both tables, Dave can
now extract the information he requires from them.
1
Column headings were adjusted due to width requirements for this document;
however, we will use the Firstname, Lastname columns in our SQL command.
ed
BrainShare 2010
us
EID First Last Email Phone Assignme Date Time

Name Name nt
or
7000 David Manager DManager@ 801-111-1111 DevTable 3/22-25 8am-5pm

ed
Novell.com
7001 Adam Teamlead ATeamlead@ 801-111-2222 DevTable 3/22-25 8am-5pm
pi
Novell.com
co
7002 Shirley Certdata SCertdata@ 801-111-3333 CertTable 3/23-24 9am-6pm

Novell.com
BrainShare 2010
EID First Last Email Phone Assignme Date Time
Name Name nt
7003 Randy Testdev RTestdve@ 801-111-4444 TestTable 3/22-24 9am-6pm
Novell.com
7004 James Instruct JInstruct@ 801-111-5555 CNITable 3/21-25 8am-7pm
Novell.com
)
13
BrainShare Travel
8/
EID Employee Name Dates Travel Milage
/2
7000 David Manager 3/22-25 420
-2
7001 Adam Teamland 3/22-25 410
7002 Shirley Certdata 3/23-25 317
2
/1
7003 Randy Testdev 3/22-24 309
01
7004 James Instruct 3/21-25
om e
9/
fr t b
As shown, both tables have the common column field called EID. We will use that
id o
field to extract the information from both tables by matching each of their EID
al n
columns.
(v an
We will extract the Firstname, Lastname, and the TravelMileage each employee has
y -C
accumulated during their travel to and from the BrainShare 2010 Conference held in
m ED
Salt Lake City, Utah.
de TT
Syntax: SELECT 1st_table_name.Column, 1st_table_name.Column,

SUM(2nd_table_name.Column,) AS new_name
ca MI
FROM 1st_table_name JOIN 2nd_table_name

ON 1st_table_name.Column, = 2nd_table_name.Column
r A ER
GROUP BY 1st_table_name.Column, 1st_table_name.Column

ne P
Syntax SELECT BrainShare2010.Firstname, BrainShare2010.Lastname,

SUM(BrainShareTravel.TravelMileage) AS MilesPerEmployee
rt Y
FROM BrainShare2010 JOIN BrainShareTravel

Pa P
ON BrainShare2010.EID = BrainShareTravel.EID
e CO
GROUP BY BrainShare2010.Firstname, BrainShare2010.Lastname

id D
ts R
Firstname Lastname MilesPerEmployee

ou HA
David Manager 420

Adam Teamlead 410
1
Shirley Certdata 317

Randy Testdev 309
ed
Two types of SQL JOIN can be used, INNER JOIN and OUTER JOIN. Without
us
either keyword (INNER or OUTER) being used, the default used is INNER JOIN
which would be JOIN.
or
If a match exists between columns in both tables, INNER JOIN will select the data
ed
from all rows matching. If an employee did not record any mileage as shown above
pi
with the employee James Instruct, this employee will not be listed in the resulting
SQL query table.
co
Using OUTER JOIN, you can extract and list all employees whether or not they have
entered mileage. Depending on which table you wish to select rows from, you can
use the sub-types LEFT JOIN or RIGHT JOIN (OUTER does not need to be used
with either of these in most databases).
If selecting all the rows from the first table listed after the FROM clause, whether
there are matches or not, you would use LEFT JOIN. If selecting all rows, even those
that have no matches, from the second table after the FROM clause, you would use
)
13
RIGHT JOIN.
8/
The syntax after the FROM clause to select all rows from the BrainShare2010 table
/2
would be
-2
FROM BrainShare2010 LEFT JOIN BrainShareTravel
2
/1
Any Employee not having entries matching the BrainShareTravel TravelMileage
01
column would have an entry of NULL in place of an empty cell.
om e
9/
fr t b
Firstname Lastname MilesPerEmployee
id o
David Manager 420
al n
Adam Teamlead 410
(v an
Shirley Certdata 317
Randy Testdev 309
James
y -C Instruct NULL
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 4 Install and Configure X11
Overview
This section will help you to understand how to install and then also configure X11.
Administrators find it helpful to verify that a video card, and also their monitors are
supported by an X server. Other tasks include understanding the X font server and
)
the X Window configuration file
13
8/
/2
-2
Candidates should be able to install and configure X11.
2
/1
01
Key Knowledge Areas
om e
9/
fr t b
Verify that the video card and monitor are supported by an X server
id o
Awareness of the X font server
al n

(v an
Basic understanding and knowledge of the X Window configuration file
y -C
m ED
X11 Installation, Video Card and Monitor Requirements on page 287
de TT
Understanding the X Font Configuration File on page 291

ca MI
Understanding the X Window Configuration File on page 293

r A ER
X11 Installation, Video Card and Monitor Requirements

ne P
The Graphical User Interface that we use today for many of our environments was
rt Y
developed by the Massachusetts Institute of Technology (MIT). X Window is a

Pa P
e CO
system that runs on UNIX and Linux operating systems. X Window is also called X
or X11 and is the system and protocol that provides a GUI for computer networks for
id D
both client and server machines.

ts R
Installation Requirements vs. Hardware Used on page 287

ou HA
X11 Video Requirements on page 289

1
X11 Monitor Requirements on page 290

ed
Installation Requirements vs. Hardware Used

us
Always make sure that the machine hardware is supported by the X system. The X
server program that comes with most Linux distributions is XFree86. XFree86 is a
or
free open-source distribution of the X Window System. The Xfree86 version of

ed
XFree86 4.8.0 binary distribution should only be used if you are sure you know what
you are doing; hence those unsure should avoid the binary distribution. It is possible
pi
to download and install XFree86 in the common .rpm or .deb package format but they
co
should not be used by administrators with little knowledge of installing binaries.
Another open-source implementation of X window is the X.Org project release of

X11R7.5, with X11R7.6 to be released soon.
Remember that hardware requirements differ among hardward platforms. However,
when using Intel based systems, most distributions of X Window suggest a minimum
of a 486 processor, with a minimum of 16 MB RAM with more RAM, making it all
the easier for the system to function smoothly without utilitzing swapping which will
slow down a hard disk. XFree86 says that a minimum of 60-80 MB of disk space is
)
13
required.
8/
When calculating space remember to include not only the X server but also libraries,
/2
fonts, and other utilities so the requirement may rise to 200+ MB very swiftly.
-2
Remember also to refer to the documentation for X Window before trying to install it.
There are numerous files that you must download and install in the proper order to
2
ensure a successful installation.
/1
01
If you have determined you will install over an existing installation, it has always
om e
9/
been good practice to perform a backup as well as making sure that any pre-existing
fr t b
configuration files are backed up, before beginning of course. Likewise when
id o
installing over existing X11 directories, all those under /usr/X11Rx (where x is the
al n
version number) have been backed up, making a whole directory back up including
(v an
its parent structure (/usr), just in case there is reason to restore the tar file you created
y -C
as the backup.
m ED
When installing over an existing installation, the install process should prompt for
input before each new set of configuration files is installed into your system. If you
de TT
have modified and customized configuration files, you may want to answer no to
ca MI
prompts, instead of yes to overwriting the files.

r A ER
Being sure of the installation requirements will also help you verify that the video
card and monitor requirements are met.
ne P
rt Y
If your decision is to install the binaries, you will find using the XFree86 Xinstall.sh
Pa P
script to be beneficial. There are numerous steps to manual installations, and

e CO
depending on the hardware and platform being used, the steps may differ for each.
Also you should carefully follow the guidelines which you can review at the XFree86
id D
website.
ts R
ou HA
Your running the installer from within an X session is really never a good idea, and
the installation process will warn you about continuing. Exit the X session, stop X
1
from running, and then continue. If you ignore the warning, well remember, you
were warned.
During installation the setup should automatically configure the use of your mouse,
ed
keyboard, video card, and monitor. With XFree86 you should be able to interact with
us
the configuration options at the top of the screen..

or
If runlevel 5 is not used (inittab), then start X Window with the startx terminal session
command. You may need to specify any environment variables or options such as in
ed
startx -- -display or startx -- -dpi 100.

pi
The startx syntax is:

co
startx [[client] options] [-- [server] options]
The -- will signify the end of the client options used and the start of the server options
to be used.
When determining the client that it is to run, the startx command looks for the file
.xinitrc, a hidden file in the users home directory; this specifies any customizations
for that user. If not found, it then finds the xinitrc file in the xinit library directory,
usually found in a path similar to /usr/X11Rx/lib/X11/xinit (where x is the version).
)
When determining the server that it is to run, the startx command looks for the file
13
named .xserverrc, a hidden file in the users home directory; this also contains any
8/
customizations unique to the user. If not found, then it will use the system xserverrc
/2
file in the xinit library directory structure.
-2
If any command line options are specified for either the client or server options, they
2
will override any other behavior and revert to the xinit(1) behavior, where xinit(1)
/1
refers to the man pages for more detail.
01
om e
Because using .xinitrc is normally a shell script, it can start multiple clients,
9/
fr t b
depending on configuration. When the script exits, startx will kill the server session
id o
and then complete other session shutdown activities as is needed. For this reason
al n
users usually prefer to use a session manager, window manager, or an xterm
(v an
application or program.
y -C
m ED
X11 Video Requirements
de TT
The video drivers supported by X11 are numerous, as a look at the XFree86 website
will support. Whether you have a need for ATI, Ark Logic, Cirrus Logic, NeoMagic,
ca MI
VESA, or a VMware guest OS driver, you will most likely find the driver you need.
r A ER
Take care, however, that you watch the drivers you download, you may find them to
be a preliminary release and not yet stable enough for use in a production
ne P
environment.
rt Y
Pa P
If the video card you plan to use is not supported, it wouild be best to wait; etiher
e CO
continue running the previous version of X window or change the video card to meet
requirements.
id D
ts R
Check with the video card manufacture or their documentation for information
ou HA
concerning the chipset and the necessary amount of RAM needed. It is best to make
sure of the requirements before purchasing a video card. It is better to ask yourself
1
Will the hardware I want to purchase meet X Window requirements, instead of

asking, Will X Window meet the requirements of the hardware I already purchased.
Another way of determining the chipset support is by the use of a utility called
ed
SuperProbe. Its usage is as follows:

us
SuperProbe [-verbose] [-no16] [-excl list] [-mask10] [-order list] [-noprobe list] [-
bios base] [-no_bios] [-no_dac] [-no_mem] [-info]
or
ed
pi
co
Table 9-8
-verbose Verbose output of information.

-no16 No port requiring 16 bit I/O address decoding will be used.
-excl list Any port on the specified exclusion list will not be accessed.
-mask10 Compared I/O port tested against exclusion list masked to 10 bits.
-order list Comma-separated list of chipsets to test and what order. Overrides default
test order.
)
13
-noprobe list List of chipsets not to test and what order, comma-separated. To find list of
acceptable names use -info option below.
8/
-bios base Specifies base address for graphics-hardware BIOS. If failure to locate BIOS
/2
then use this opton.
-2
-no_bios Assume that EGA or later board is primary video hardware. Does not allow
reading of the video BIOS.
2
-no_dac Skip probing for RAMDAC type when SVGA or VGA is determined.
/1
-no_mem Do not probe for the amount of installed video memory.
01
-info Print out listing of all known video hardware able to identify.
om e
9/
fr t b
id o
X11 Monitor Requirements
al n
(v an
As with the video driver, make sure of the requirements for your monitor ahead of
installation time. Also as a general rule of thumb, monitors use the compatibility
y -C
given to it by the video card. In other words, if the video card can drive the monitor it
m ED
should work well, including the flat panel type of monitors.
de TT
As with the video card, always check the manufacturers website for its hardware
compatibility guidelines and follow it. When having X11 monitor issues, use the
ca MI
xvidtune application to try and fine tune and adjust X servers video modes and its
r A ER
monitor related settings. If xvidtune is not able to be used it will display a message in
the terminal window.
ne P
rt Y
A simple adjustment may be made using the sax2 terminal command to let it slef-
Pa P
adjust the monitor resolution for you; alternately it may run your video configuration
e CO
utility for you to adjust and test the settings. As with any utility always read ahead to
find out the options, settings, configurations, etc. that best will fit your needs.
id D
ts R
Some administrators feel it is highly improbable to damage a monitor by their

ou HA
experimenting with it. Many others feel it is better to opt-in for cautiousness and be
prepared by reading documentation on the monitor, or reading the man or info pages
1
that cover the commands to be used. When X is not configured for its optimal prime
settings, try running the vendors configuration utilities once again and see if the
resulting display is better. While most monitors now have built-in saftey settings and
ed
precautions, remember, it is yours or your companys money that purchased the

monitor.
us
If you over-do it though X may not be able to start. For this reason, some prefer to use
or
the "startx" way of starting X (see below) while "experimenting." This way, if X
crashes, the display manager (GUI login) will not loop and cause you severe
ed
headaches,. startx just gracefully returns to a text console screen, where an error
pi
message may be visible.

co
X11 uses the monitors configuration specifications to determine what will be the
resolution and refresh rate to run at. Specifications such as these can usually be
ascertained from the documentation that was included with the monitor at purchase or
usually directly from the manufacturer's website. The numbers that are needed
indicate a range and refer to the horizontal scan rate and the vertical synchronization
rate.
When testing your monitors display, some tests can produce a black screen which
)
13
often make diagnoses of the monitor difficult to determine whether X11 is working
properly or not. To setup the settings, initially Xorg uses a configuration file called
8/
xorg.conf. The xorg.conf file is normally found at /etc/X11/xorg.conf and can be
/2
generated by the root user or edited by the root user if it already exists.
-2
The xorg.conf file is discussed in the X Window configuration file section in more
2
detail.
/1
01
om e
Understanding the X Font Configuration File
9/
fr t b
The X Window system display requires that it be supplied with fonts; xfs is one of the
id o
X Window system font servers. Under normal conditions the X font server is started
al n
by means of boot files such as the /etc/rc.local file.
(v an
The process of using fonts with X can sometimes be daunting to understand for new
y -C
Linux administrators. Usually the installed fonts are sufficient for every day tasks
m ED
that you may perform.
de TT
Configuration of XFree86 will support TrueType fonts, PostScript fonts, and bitmap
fonts. XFree86 can support one or multiple X font servers.
ca MI
r A ER
A font server is a background process that makes your installed set of fonts available
to XFree86 and other machines running X.
ne P
The X Window system display requires that it be supplied with fonts; xfs and xfstt are
rt Y
the most widely used X Window system font servers.

Pa P
e CO
XFS as the X Window X Font server has the purpose of supplying fonts to the X
Window server display.
id D
ts R
As previously mentioned under normal conditions the X font server is started by

ou HA
means of boot files such as the /etc/rc.local file. Your end users, however, may also
start private font servers for a specific set of fonts they wish to use at their client.
1
The main configuration file that the font server will use is the default file of /etc/X11/
fs/config.
ed
You may use a number of options with xfs.

us
-config configuration_file Specifies the file the font server will be using. The
default file /etc/X11/fs/config will be used.
or
-ls listen_socket This is intended to be used by the font server itself, only when
ed

auto spawning a copy to care for any additional connections.
pi
-port tcp_port Defines the TCP port number on which the server will listen for
co

connections. Default port number is 7100.
-daemon Directs xfs to fork and then go into the background at startup. If the
option is not specified, xfs will run as a regular process (the exception is if xfs
was built to daemonize as the default).
-nodaemon If xfs runs as a daemon by default, this option prevents that and
starts xfs up as a regular process.
-droppriv xfs will try to run as user and group xfs; that is unless the -user
option is used. If you use this option, you may also want to use the "no-listen =
)
13
tcp" in the config file; this ensures that xfs will not use a TCP port.
8/
-user username This is similar to droppriv, except that xfs will run as the
/2
username that is specified.
-2
2
X Font Server Setup
/1
01
Steps to setup an X font server while looking easy require careful planning and prior
om e
9/
knowledge. The following gives a high-level overview of those steps.
fr t b
id o
Steps to set up an X font server are the following:
al n
1. Install the font server if necessary.
(v an
2. Edit the xfs.conf file that comes with it.
y -C
Set up a font directory such as /home/fonts/lib/ttfonts
m ED
3.
4. Have X use the font server after all other fonts by specifying
de TT
xset fp+ tcp/localhost:7100.

ca MI
5. Test the font server.

r A ER
To use outline fonts on X, you need a version of X that will support their use. This
ne P
will include all versions of OpenWindows, X11R5 and newer, some newer versions
of XFree86, as well as others.
rt Y
Pa P
Three ways exist that support the use of outline fonts.

e CO
Use of the X server itself

id D
ts R
Use of an external font server

ou HA
Use X modules that can be loaded, such as those with OpenWindows.

1
The following is a sample of a configuration file:

#This is a sample X Font server configuration file
#Only a maximum of 10 clients may connect to this server
ed
client-limit = 10
us
#X font server will reach its limit, then start up a new one
clone-self = on
or
# an alternate font server that clients may use

alternate-servers = cannon:7101,cannon:7102
ed
#look for fonts in this path

#catalogue = /usr/X11R7/lib/X11/fonts/fonttype
pi
/usr/X11R7/lib/X11/fonts/100dpi/
co
#use 12 points, decimal points

default-point-size = 120
#Resolutions to use,100 x 100 and 75 x 75
default-resolutions = 100,100,75,75
use-syslog = off
Understanding the X Window Configuration File
)
Configuration of xorg.conf may not be necessary. With the release of version 7.3,
13
Xorg may be able to work without a configuration file.
8/
The command to enter, that will start the X server is startx.
/2
-2
The program xinit allows users to manually start an X server. startx is the script that is
used as a front-end for xinit.
2
/1
The default display used is :0, xinit and startx start an X server and an xterm on it.
01
When xterm terminates, xinit and startx kill the X server.
om e
9/
fr t b
Version 7.4 Xorg may be able to use HAL and autodetect keyboards and mice.
id o
sysutils/hal and devel/dbus ports are installed as dependencies of x11/xorg;
al n
however, they must be enabled by you, by making the following entries in the /etc/
(v an
rc.conf file:
y -C
hald_enable="YES"
m ED
dbus_enable="YES"
de TT
Start these services either manually or by a reboot before any further configuration of
ca MI
Xorg is carried out.

r A ER
The automatic configuration can fail to work with your hardware as it may with some
ne P
hardware, or it may not be possible to set things up quite as they should be.
rt Y
If this happens, then in these cases manual configuration will be required.

Pa P
e CO
If a desktop environment, one such as GNOME, KDE, or perhaps another is going to

be installed, it will often contain tools which allow the user to set screen parameters
id D
such as the resolution.

ts R
ou HA
If the default configuration will not work and you have already planned to install a
desktop environment, just continuing with the installation of the desktop and the use
1
of the appropriate screen settings tool may configure it correctly for you.
Configuration of X11 is a multiple process setup. The first step you need to perform
is to build an initial configuration file. As the super user root, simply run
ed
us
Xorg -configure
Generated is a skeleton or template file for X11 configuration in the /root directory
or
named xorg.conf.new. Whether you su to root or by a direct login will affect the
ed
inherited supervisor $HOME directory variable.

pi
X11 will attempt to probe the machines graphics hardware on the system and then
co
create a configuration file to load the proper drivers for the hardware detected on the
target system.
Testing is the next step for the configuration. This is to verify that Xorg will work
with the installed graphics hardware on the target system.
In Xorg versions up to 7.3, type Xorg -config xorg.conf.new
As of Xorg 7.4 and later, the test produces a black screen which makes it somewhat
difficult to diagnose whether X11 is working properly as it should.
Older behavior is still available by using a retro option:
)
13
Xorg -config xorg.conf.new -retro
8/
/2
The configuration file consists of numerous sections such as the following section
-2
names:
2
Files File pathnames
/1
FlagServer Flags
01
ModuleDynamic Module Loading
om e
Modes Description of the Video Modes
9/
fr t b
Screen Screen Configuration
id o
InputDevice Description of the Input Device
al n
Device Description of the Graphics Device
(v an
VideoAdapter Description of the Xv Video Adaptor
Monitor Description of the Monitor
ServerLayouty -C The Overall Layout
DRI Configuration specific to DRI
m ED
Vendor Vendor specific Configuration
de TT
In the configuration file, arguments may follow keywords; the arguments are
ca MI
r A ER
Integer A number that is in hex, octal, or decimal format

Real A floating point number is used
ne P
String A string that is enclosed in double quote marks

rt Y
Remember that depending on the flavor of Linux you are running or wish to run, the
Pa P
e CO
setup utilities may vary.

As an example, in Fedora Linux a utility named system-config-display will create a
id D
configuration file for you by running the command (its name):

ts R
ou HA
system-config-display
1
If it is not installed, you will need to download the package and install it. You will
need to run it as root, the super user.
ed
It runs interactively; however, it may run non-interactively by using the command

us
with the option --noui.

or
system-config-display --noui
ed
You may need to run it if you cannot run X at all.

pi
co
Objective 5 Message Transfer Agent (MTA) Basics
Overview
This section discusses some of the common Linux MTA programs. Understanding of
tasks such as performing basic email forwarding and the creation of an email alias
will be covered. Also MTA programs such as qmail and exim are discussed.
)
13
8/
/2
-2
Candidates should be aware of the commonly available MTA programs and be able to
perform basic forward and alias configuration on a client host.
2
/1
01
Key Knowledge Areas
om e
9/
fr t b
Create e-mail aliases.
id o
Configure e-mail forwarding.
al n

(v an
Knowledge of commonly available MTA programs (postfix, sendmail, qmail,
exim) (no configuration)
y -C
m ED
The following are discussed:
Understanding Linux MTA programs: sendmail on page 295
de TT
Understanding Linux MTA programs: postfix on page 296

ca MI
Understanding newaliases, qmail, and exim on page 297

r A ER
Using mail, mailq, ~/.forward, and aliases on page 300

ne P
rt Y
sendmail emulation layer commands on page 305

Pa P
e CO
Understanding Linux MTA programs: sendmail

id D
The Linux MTA or mail transfer agent is the software that sets up the Linux machine
ts R
to be an email server. Using different email clients, you can send, receive, and
ou HA
forward email among other features.

Sendmail has been one of the most popular mail transfer agents ever used on the
1
Internet. Sendmail is a descendant of the ARPANET delivermail which appeared

with BSD 4.0/4.1 in 1979. Sendmail coming in BSD 4.1c in 1983 was the first
version of BSD to include the TCP/IP protocol. Hence sendmail is one of the oldest
ed
and one of the most widely used Internet MTAs.

us
Sendmail was designed with the flexibility to transfer mail between any two
or
dissimilar mail systems. Sendmail has support for many of the protocols used to
transfer mail such as UUCP, SMTP, DECnet mail11 and ESMTP, among others.
ed
Sendmail evolved into Sendmail X (the MTA known previously as Sendmail 9).
pi
Sendmail X is a modular message transferring system, which has five and sometimes
co
more processes. It was developed to use a centralized queue manager which controls
SMTP servers and clients to receive and send email. It also has an address resolver
that provides mail routing capabilities using lookups, including DNS lookups. Its
development also allows configuring it as a secure, efficient mail gateway; however,
address masquerading is not part of its program.
Sendmails development was stopped in favor of a new development project known
as MeTA1, which offered new features not available in other open source MTA
programs.
)
13
For new administrators, sendmail can be very complex to setup and use. Sendmail
8/
options should be read before embarking on its configuration.
/2
-2
Understanding Linux MTA programs: postfix
2
Today many administrators prefer to use postfix over sendmail, for reasons that
/1
include ease of administration, security, and speed. Using postfix will remind the
01
user of sendmail; however, the inner workings of postfix are very different from
om e
9/
sendmail.
fr t b
id o
Postfix will run with AIX, HP-UX, Linux, MacOS X, Solaris, Tru64 Unix, BSD, as
al n
well as IRIX, and many other Unix systems.
(v an
Main features of postfix include various protocol support, junk mail controls,
y -C
mailbox support, database support, address manipulation, and DSN or delivery status
m ED
notifications which is configurable. A detailed list of individual features is as
follows:
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Protocol Support Junk Mail Control
SMTP connection cache Access control per client, sender, or recipient

SenderID+SPF - plug-in Content filter built-in, external before queue, and
external after queue
DKIM or DomainKeys
Sendmail Milter (mail filter) protocol
Identified Mail
)
Greylisting plug-in
13
DomainKeys
SPF plug-in
8/
DSN status notifications
Address probing callout
/2

Enhanced status codes
-2
SMTP server per-client rate and concurrency
ETRN on-demand relay
limits
2
IPv6, LMTP clients
Stress-dependant configuration
/1

MIME conversion
01
Address Manipulation
om e
SMTP C/S Pipelining
9/
fr t b
Selective address rewriting
SASL support
id o
Masquerading addresses in outbound
al n
SASL Authentication
SMTP mail VERP envelope return addresses
(v an
TLS encryption and authentication
Database Support
QMQP server y -C Berkeley DB database
m ED
Mailbox Support
LDAP database
Virtual Domains
de TT

MySQL database
Maildir format
ca MI
CDB database
mailbox format
r A ER
DBM database
PostgreSQL database
ne P
rt Y
Understanding newaliases, qmail, and exim

Pa P
e CO
In Linux there is a newaliases command, which is used to build a new copy of the
alias database from and for the mail aliases file. The mail aliases file is located in the
id D
/etc/mail/ directory and is named aliases. As with many configuration files, changes
ts R
to the aliases file does not take affect until you run the newaliases command which
ou HA
initializes the database. Allow a minute or more for the update to become visible.
1
Running the newaliases command causes the sendmail command to re-read the local
systems /etc/aliases file and create two additional files which contain the database
information for alias. The two files are /etc/aliases.dir and /etc/aliases.pag.
ed
The syntax for running the command in a terminal window is newaliases. It returns
us
an exit status code, which status code depends on whether it is successful or if it has
encountered an error. The codes are as follows:
or
0 = exits successful
ed
>0 = error occurred

pi
co
The files and directory used for the newaliases command are found at
Table 9-9
/usr/sbin/newaliases Contains the newaliases command

/etc/aliases Contains source for the mail aliases file
command
/etc/mail/aliases Contains source for the aliases for the
sendmail command
/etc/aliases.db directory Contains the binary files created by the
)
newaliases command
13
8/
/2
postalias
-2
The postfix equivalent to sendmails newaliases command is the postalias command.
The postalias configuration file is /etc/postfix/aliases; when done editing this file,
2
/1
run the postalias command by typing in a terminal window, postalias /etc/postfix/
01
aliases. A discussion of postalias is outside the scope of the LPIC-1 108.3 MTA
om e
basics Key Knowledge Areas.
9/
fr t b
More postalias information is found at http://wiki.archlinux.org
id o
al n
(v an
qmail
y -C
qmail has been defined as being the modern replacement for sendmail, the SMTP
m ED
server that makes sendmail obsolete, ancient. It has also been described as an email
server that is a more secure replacement for sendmail. qmail was released to the
de TT
public domain in 2007, but due to an unusual license agreement, it is considered non-
ca MI
free depending on which guideline is used. This has caused controversy.

r A ER
For Linux administrators security is vital and qmail was the first security-aware mail
transport agent at its time. sendmail has been a target for attacks since it was not
ne P
designed with security as one of its goals. qmail on the other hand is a modular
rt Y
architecture which is comprised of mutually untrusting components. As an example,

Pa P
the SMTP queue manager uses credentials that are different from the SMTP listener
e CO
component, as are other components of qmail are different from one another .
id D
Upon release, qmail ran much quicker than sendmail especially for tasks such as bulk
ts R
mail used by mailing list servers for which it was designed to manage. qmail is also
ou HA
easier to configure than sendmail and easier to deploy in the mail environment.
Contributing to its ease of use is the ability to have user controlled wildcards. When
1
addressing mail to user-wildcard, for a qmail server, the message will be delivered
to separate mailboxes. Using this with mailing lists and spam management allows
users to publish multiple email addresses to them.
ed
Two protocols introduced by qmail are QMQP or Quick Mail Queuing Protocol and
us
the QMTP or Quick Mail Transport Protocol. QMQP allows the sharing of email
or
queues among different email hosts. QMTP is a transmission protocol whose

performance is better than SMTP, accomplished by using fewer transmissions when
ed
compared to the SMTP protocol.

pi
qmail uses the maildir format which allows it to deliver mail to Mbox mailboxes.
co
Maildir takes individual email messages and splits it into separate files; mbox does
not. By doing this, maildir thus avoids problems with concurrency and locking.
Another benefit is its ability to be used safely with NFS.
exim
Another MTA (message transfer agent) is Exim. Exim is an SMTP mail server
without features like address books, iMAP4, POP3, shared calendars, group
)
scheduling which we find in other mail systems. To have the collaboration type of
13
groupware features, you will need additional programs. Exim has been referred to as
8/
a sendmail alternative, but it, of course, is very different in its configuration and
/2
setup.
-2
However many advanced configuration features of Exim has made it attractive to
2
large Unix/Linux installations, such as those found with different ISPs. While it can
/1
deal with millions of messages per day, it is found to be useful to single workstations
01
and small to medium sized systems. If the more advanced features found in other
om e
9/
fr t b
systems such as Novells GroupWise or Lotus Notes are needed, then Exim would
most likely not suit your requirements or needs.
id o
al n
It does have the capability to store lists of domains, hosts, and users, as needed, in
(v an
text files, databases, and even LDAP directories. Exims current version is 4.71 and
is available from numerous websites. If you will be using the documentation for
y -C
setup and configuration, use the proper versions of documentation. Errors,
m ED
frustration and inability to use have happened to some because of using an older
version of the documentation. User guides and administration guides are available to
de TT
you either to purchase or from a number of the Exim sites that supply free guides.
ca MI
When checking for documentation, you will find the master documentation which
r A ER
contains everything you need to know about installing, configuring, and using Exim.
Also refer to the exim filter specification documents that are available.
ne P
rt Y
Exim gives support for two kinds of filter files. The Exim filter has information for
Pa P
instructions in a formunique to Exim. Whereas the Sieve filter contains information

e CO
in the Sieve format which is referenced to by RFC 3028. The Sieve filter files are
meant to be portable between various types of environments. On the other hand, the
id D
Exim facility for filters contains features many administrators like, making it feature
ts R
rich, and since it is in a form unique to Exim, you will find better integration with the
ou HA
host system environment.

1
In order for a client to use either of the filtering choices, the administrator needs to
configure Exim for both types of filter. If your concern is to make the most of
interoperability, then Sieve filtering is the only choice for you.
ed
Some end-users find difficulty when trying to configure filtering locally. For this
us
issue to be addressed before it becomes an issue, make sure that either forwarding or
filtering is enabled on your system, remembering that individual facilities may be
or
enabled or disabled separately from the others. If not prepared for in advance, you
ed
may be getting support calls.

pi
Once filtering is completed, always remember to test a new filter file once created.
co
Some files may be quite extensive making them all the more complicated. Do not
rely on the Exim preliminary testing facilities to provide you with complete test
results; they only check syntax and basic filter operation and only for the traditional
.forward files. As with many types of filters, send a test message to discover what
will happen to the message during transport. Additionally, be aware of the default
path for the Exim installation. Some systems use the path /usr/sbin/sendmail while
others use a path of /usr/lib/sendmail.
Two directories and the files they contaain, must be understood for messages. The
first is, /var/spool/exim/msglog. This is the directory holding the logging
)
13
information for your messages. Each message has a file corresponding to it and is
named the same as the message-id. The second directory is /var/spool/exim/input.
8/
Files in this structure are also named using the message-id; however these messages
/2
contain an additional suffix which will designate it as either the envelope header -H
-2
or the message data -D. Both of these directory structures may contain other sub-
directories for large email queues. Check them if the files you need are not directly
2
/1
under the input or msglog directory.
01
om e
When working with Exim messages, keep in mind that the message-id is built along
9/
fr t b
the lines of the following, xxxxxx-xxxxxx-xx. The message-id is made up of alpha-
numeric characters and may utilize upper and lower-case. Further, when using
id o
al n
commands that manage message logging or the message queue, you will see that
(v an
most of the commands use the message-id. For every message in the spool directory,
there are three files. so when working with the queue, it is best to use Exim
y -C
commands that will not leave remnants of message files that may cause you any grief.
m ED
If your decision is to use Exim, then run a search on the Internet to find out more
de TT
about its installation, configuration, commands, and files. You will find numerous
cheat sheets for commands you want to run, as well as detailed information on
ca MI
running each command. You will find a number of forums and wikis as well as the
r A ER
guides we previously mentioned. As with any new software, read, read, and read
before you have to read how to get out of an issue that may arise.
ne P
rt Y
Using mail, mailq, ~/.forward, and aliases

Pa P
e CO
The mail and mailq commands you will find are helpful in sending, composing,
reading mail and in viewing mail in the mail queue. .forward and aliases are useful in
id D
the forwarding of your mail to another account.

ts R
ou HA
mail
1
The mail command in Linux is a very powerful command and newbies can at times
find themselves lost in which command option should be used. The purpose of this
objective is to help you understand and work with the mail command.
ed
Whether you need to read and reply, compose and send, forward or delete mail, the
us
Linux mail command may be very useful to you. Many new Linux users find the
or
command line to be daunting and terrifying to use, at first that is. Whether you are
researching the use of the mail command for yourself or for your end-users, you will
ed
find a large number of command line options, configuration options, compose-mode

pi
options, and command-mode options. We will cover those that will help you to
co
prepare for the LPIC-1 exams.
To start with, we always recommend that you log in with your regular user account
and not the root account; security issues can be a concern. If root privileges are
required, try using the sudo command or the su - command.
Sending and receiving mail using the command line interface can be very helpful to
you and your end-users. Help your users by setting the default configuration options
such as the following:
)
13
Table 9-10
8/
Option Description
/2
record filename Sets the path to record outgoing mail. If not set, then the outgoing
-2
mail is not saved
nosave Does not save any aborted messages to dead.letter
2
/1
metoo Will not remove the sender from a group when mailing to it
01
hold Keeps messages in the system mailbox when quitting
om e
autoprint Prints the next message after a deletion
9/
fr t b
ask or asksub Prompts user for a message subject
id o
append Appends messages to mbox instead of having a message prefixed to
al n
a previous one
(v an
These options are set in the /etc/mail.rc file or to the users ~/.mailrc file.
y -C
Command line options may be used to send mail or enable/disable features on the fly.
m ED
For example, using the following syntax,
de TT
mail james s New meeting time and outline </home/dave/meeting

ca MI
You will send a message to the user James, and it will have a subject line of New
r A ER
meeting time and outline, with the body of the message being read from the file
/home/dave/meeting.
ne P
rt Y
Pa P
Table 9-11
e CO
Command Description
id D
-N Tells mail to not display message headers when either entering a mail folder
ts R
or printing an email
ou HA
-p Lower-case p, this option reads your mail in POP3 mode

-P Upper-case P, this option disables POP3 mode
-s subjectline Sets the subject line to the text following -s
ed 1
us
Compose-mode options will help you to interact with your messages for example:
or
Table 9-12
ed
Option Description
pi
~b names Add names to the bcc: header information

co
~c names Add names to the cc: header information
Option Description
~t names Add names to the To: header information
~e Starts the text editor
~f Inserts messages into the message body being composed
~F Similar to ~f above but will include the message header
~p Print the message header and the message being sent
~q Aborts your composition of the message
)
13
Command-mode options can interact with the shell, mailbox, and messages. For
8/
example, using the following options you can,
/2
-2
Table 9-13
2
Option Description
/1
? (help) List the commands available, help print out
01
! Execute a shell command
om e
9/
fr t b
alias (a) Create an alias list or print the alias list
unalias Delete or discard the previously defined aliases
id o
alternatives (alt) Instruct mail to not reply to your own remote accounts or remote
al n
machines
(v an
chdir (c) Change (cd) to your home directory or another directory you
delete (d)
y -C specify
Delete a message
m ED
dp (dt) Display next message after deleting the current one
de TT
edit (e) Edit a message

exit (ex) or xit (x) Exit mail and do not update the user?s system. mailbox or folder
ca MI
folders Show list of folders

r A ER
from (f) Print the headers for messages

mail username Start composing message to the named user
ne P
next (n) Print (type) next message

rt Y
quit (q) Exit mail and update folder on exit

Pa P
reply (r) Send mail to all names on distribution list

e CO
Reply (R) Send mail to the author only

respond Same as reply (r)
id D
save (s) Save the message to folder

ts R
set (se) Set or print the mail options

ou HA
unset Unset the mail options

source Read the commands from file specified
1
top Print the first few lines of every message specified

type or Type (t or T) Same output as next (n)
undelete (u) Restore deleted messages
ed
us
mailq
or
The mailq command is used to print a summary of the mail messages that are queued
ed
for delivery. The mailq utility will exit with 0 upon success completion and will exit
with >0 if an error has occurred.
pi
co
When the summary is printed, every line displays information pertinent to the
message, error messages are included.
Table 9-14
1st line Displays the internal identifier used on the host system for
the specific message with a possibility of a status
character, also the message size in bytes, time/date
message entered the queue, and the envelope sender of
the message
Status characters: * Indicates the job is now being processed.
)
13
X Indicates the load is too high for the job to be processed.
8/
- Indicates the job age is too young to process.
/2
2nd line Show any error message that caused the message to be
retained in the queue. If the message is being processed
-2
for the first time, no error message will be seen
2
3rd and subsequent lines Shows a recipient of the message, one recipient per line.
/1
01
The following options may also be used with the mailq command:
om e
9/
fr t b
-Ac Show submission queue designated in the file /etc/mail/submit.cf, not the
id o
MTA queue specified in the file /etc/mail/sendmail.cf.
al n
(v an
In the following substring options, invert the match when the [!] is specified.
y -C
Table 9-15
m ED
Option Description
de TT
-q[!]I substring Display items in queue with queue ids containing the substring
ca MI
-q[!]R substring Display items in queue with recipients containing the substring
-q[!]S substring Display items in queue with senders containing the substring
r A ER
-q[!]Q substring Display any quarantined messages with quarantined reasons containing
the substring
ne P
-qQ Display any quarantined items in the mail queue

rt Y
-qL Show any lost items in the mail queue

Pa P
e CO
-v Print out information in verbose mode

id D
ts R
~/.forward
ou HA
End-users often find they have a need to forward their messages to another account,
either that of another user in their system or another mail account owned by them,
1
perhaps on another server or even another type of email system.

To accomplish the forwarding of email, they will need instructions about how to do
ed
so. Linux has a way, a means that will forward their messages for them. That utility
is .forward. Using this Linux feature, they can forward their mail without asking for
us
assistance from the help desk or email administrator.

or
Like sendmail, many MTAs today will look for a .forward file in the home directory
ed
of the forwarding user. Email users most often use this file to forward messages to a
messaging account on another machine or email system, hence a redirection of mail.
pi
co
The contents of the .forward file, is simply the address that you wish to have your
mail forwarded to. For example, to forward email to another account, the user geeko
would create a file called .forward in his home directory, assuming one does not
already exist that could be edited.
Create the file .forward, then enter the username or email address with the syntax of
username If user is a local user

emailuser@domain.com If it is going to an Internet address
)
As user geeko forwarding his mail to a local user named tux, in geekos home
13
directory follow these steps:
8/
/2
To create the file, type vi .forward
-2
To forward email to tux, type tux
To save and exit vi, type :wq
2
To verify file creation, type ls -a .forward
/1
To view the file text, type cat .forward
01
om e
9/
fr t b
As the user geeko when forwarding email to your own Internet address
geeko@digitalairlines.com, in the geeko home directory, follow these steps:
id o
al n
To create the file, type vi .forward
(v an
To forward email to geeko type geeko@digitalairlines.com
y -C
To save and exit vi, type
To verify file creation, type
:wq
ls -a .forward
m ED
To view the file text, type cat .forward
de TT
To send to both an internal username and an Internet address, use the following
ca MI
syntax: user, emailuser@domain.com.

r A ER
If in a directory other than the home directory, make sure you use the complete path
to the home directory, for example, /home/geeko.
ne P
rt Y
When the file contents are read, the system treats the entry as an alias for that users
Pa P
email. This means that all email will be forwarded to the alias email address and not
e CO
delivered to the normal mailbox for the user.

id D
Make sure that you specify and enter correctly the address you want your mail to go
ts R
to; otherwise, it could end up in someone elses mailbox for them to read.
ou HA
1
aliases
An alias is a common term today meaning another name that a person can be known
by. It is a way to sometimes hide who you are or to take on a different identity,
ed
perhaps due to a position in your company, such as being the webmaster or being a
us
librarian.
or
An alias in Linux can be a way to setup a pseudo-name or more precisely a pseudo-

email address. It simply redirects your mail to another email address that you specify.
ed
Two types of aliases that we will discuss here are MUA aliases (mail user agent) and
pi
MTA aliases (mail transfer agent). An MUA alias is one that you setup in your MUA
co
as an alias only you see; other users will not be able to use it nor will they be able to
see it.
Using an MUA alias, you would use the syntax
alias nc Nikki Chavez <nikkic@domain.org>
Using a mail client configuration file, perhaps like a mutt configuration file, using
nc in an address field (To:, cc:, or bc:), the client would see this as if you had typed
)
13
nikkic@domain.org in the field.
8/
The system aliases file needs to be modified to contain the alias or aliases you wish
/2
to define. The system aliases file is normally /etc/aliases; however, there may be
-2
another one at a different location, depending on your MTA.
2
Review the standard aliases already contained in the file, perhaps the alias such as
/1
postmaster or the one for mailman or faxmaster may give guidance on the
01
syntax to use.
om e
9/
fr t b
Depending on the MTA you use, it may treat the alias as a mailbox and append the
id o
mail to it, excellent for archiving mail, or perhaps the MTA will determine the alias
al n
target to be a program, which then passes the mail to the programs standard input.
(v an
sendmail emulation layer commands
y -C
m ED
sendmail is a program that has been in use within the UNIX/Linux community for
many years now, and in order for many of the newer (and some older) messaging
de TT
systems to communicate with sendmail and allow mail delievery, there is a need for
an emulation utility or program to be implemented.
ca MI
r A ER
Third-party sendmail emulators

ne P
rt Y
Compatibility is always a concern for programers and rightly so sendmail is the most
Pa P
widely used MTA on the Internet and will remain so in the forseeable future.
e CO
Some messaging systems maintain compatibility with sendmail by implementing

id D
their own sendmail emulation layer programs. This allows them to maintain that
ts R
connection with different Linux and UNIX processes and applications that utilize
ou HA
sendmail. These often replace the /usr/lib/sendmail software with one of their own.
These replacements emulate the Linux sendmail program. sendmail emulators are
1
used to ensure the compatibility with those messaging programs that use sendmail
and not other protocols such as SMTP for mail delivery. These need to have a way
of communicating with the mail queue and delivering mail to it.
ed
us
ssmtp
or
While it is slightly more complex and heavier than say the Mutt nbsmtp No-Brainer
ed
SMTP, it is more efficient, it can write to the /var/log/maillog file, and it has a few
nice features. SSMTP, however, will not be a full feaatured and complete substitute.
pi
co
Other programs, such as fetchmail, do not use the MTA like sendmail, postfix, and
exim do. They use the MDA, Message Delivery Agent, which does not use port 25.
Fecthmail forces the mail to the MDA, by-passing the MTA for simple outgoing mail
delivery, which eliminates any complex detailed configuration steps.
Unlike sendmails configuration which can be complex, ssmtp just requires that it
have the configuration file /etc/ssmtp/ssmtp.conf and a few settings.
The ssmtp.conf file will contain pairs of keyword-argument, there will be one pair per
line. Just as with other configuration files, any line beginning with the # character
)
and white lines (empty lines) will be interpreted as a comment line, no commands are
13
processed.
8/
The following are the possible keywords with their meanings; these are case-
/2
insensitive:
-2
2
Table 9-16
/1
01
Root This is the user that will receive all mail for any uid less than 1000.
om e
If this keyword is left blank, then address rewriting will be disabled.
9/
fr t b
Mailhub This is the host to send mail to. It should be in the form of host
id o
IP_addr :portnumber. The default port used is port 25.
al n
RewriteDomain This is the domain where mail comes from, for user authentication.
(v an
Hostname This is the fully qualified name of the host. If a host name is not
entered, the host is queried for its hostname.
y -C
FromLineOverride This option specifies if the From header of an email (if any is
m ED
specified) may override the default domain. Default setting is ''no.''
UseTLS This specifies if ssmtp will use TLS to communicate with the SMTP
de TT
server. Default setting is ''no.''

UseSTARTTLS This specifies if ssmtp proceeds with a EHLO/STARTTLS before
ca MI
starting SSL negotiation. This is specific to RFC 2487.

r A ER
TLSCert This is the file name of the RSA certificate to use for TLS, if it is
required.
ne P
AuthUser This is the user name to use for SMTP AUTH, if left blank SMTP
rt Y
AUTH is not used.

Pa P
AuthPass The specific password to use for SMTP AUTH.

e CO
AuthMethod This is the authorization method to use. If left unset, then plain text
is used. This can also be set to cram-md5.
id D
ts R
ssmtp is truly a send-only sendmail emulator which is used for those machines that
ou HA
normally pick-up their mail from a centralized mailhub, which may be via pop, imap,
nfs mounts, or another means. It provides the functionality required for humans and
1
applications/programs to send mail by means of the standard (/usr/bin/mail) user

agents.
ed
ssmtp will not do aliasing; that must be done either within the MUA, mail user agent,
or on the mailhub. It does not process .forward files; that must be accomplished on
us
the receiving host, and it definitely will not deliver to pipelines.

or
Reverse aliases have the From: address placed on the user's outgoing mail messages,
and as an option on the mailhub these messages will be allowed through.
ed
To allow reverse aliases, it employees the use of the /etc/ssmtp/revaliases file, which
pi
is the reverse aliases file.

co
When configuring ssmtp, a good guide to look up with your browser search program
is The Quick-N-Dirty Guide to ssmtp. It will assist you in installing and also in
configuring ssmtp.
sendmail emulator options
The following are a few options that may be used with the sendmail emulator
)
program.
13
8/
/2
Table 9-17
-2
Name Description
newaliases Prints an error message because the aliases file is not used
2
/1
mailq Reports the contents of the mail queue
01
sendmail Sends a single mail message.
om e
9/
fr t b
sendmail emulator program command-line options
id o
al n
(v an
Table 9-18
y -C
Command Description
m ED
-e This will set the error-reporting mode.
-F This option sets the full name of the sender. If the sending user is not root, not a
de TT
daemon, not UUCP, not SMTP, not mail, or not even sendmail, a header will be
added to the message which will indicate the actual sender.
ca MI
-f The email address of the sender uses the same steps as in the -F option.
r A ER
-h None. The message hop count is determined by counting the number of received
headers in a message.
ne P
-I Same as if invoked as the newaliases command, which will just print an error
rt Y
message.
Pa P
-M The complete queue is processed regardless of the specified Message ID.

e CO
-m As the default behavior, the sender is never removed from the list of recipients, if
she or he is listed as a recipient.
id D
Deferred message queue will be processed. If a time interval is specified, this

ts R
-q
option will be ignored.
ou HA
-R An attempt to process the queue for any hosts matching the pattern provided will
be made.
1
-r Same as the -f option above.

-S Complete queue is processed regardless of the specified sender.
Output will be more verbose when sending mail.
ed
-v
us
Milter
or
Due to the high increase in the amount of email volume, along with threats like spam,
ed
being targeted by viruses and being targeted with attacks such as a denial of service,
pi
there grew the need to quickly expand the abilities of sendmail to include a means of
co
threat protection and to optimize message delivery.
The resulting actions enabled the creation of sendmail milters, or mail filters. This
enabled third-party applications to access a mail message as it is being processed by
the MTA; this allows them to examine and modify message content as well as the
meta content or information during the SMTP transaction.
Filters (milters) may be added or modified without affecting other existing milters. A
milter will address system-wide mail filtering issues in an easy and scalable manner.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective 6 Fundamentals of TCP-IP (dig)
Overview
This section helps you to understand the DNS lookup utility dig. dig or the domain
information groper performs a DNS lookup and will display for you the data that it
receives from the name servers it queried. The dig tool is commonly used by many
)
administrators when troubleshooting their network IP problems. It can be used either
13
at the command line (most common usage) or by having it read lookup requests from
8/
a file; this is known as batch mode. Use the -h option with dig to view its command-
/2
line arguments and options.
-2
2
/1
01
om e
Candidates should be able to troubleshoot networking issues on client hosts.
9/
fr t b
id o
Key Knowledge Areas (related to dig command)
al n
(v an
Debug problems associated with the network configuration.
y -C
The following will be discussed
m ED
Use dig to Perform a DNS Lookup on page 309
de TT
List of Syntax and Query Options for dig on page 311

ca MI
Using dig Options on page 313

r A ER
Use dig to Perform a DNS Lookup

ne P
Performing DNS lookups is a routine task for network administrators today. Using
rt Y
different tools will gather you different types and amounts of data, depending on your
Pa P
e CO
goals. The Domain Information Groper commonly referred to as dig, is a tool that
performs a DNS lookup and finds information about the queried nameservers. dig is
id D
very flexible in its use and provides a detailed and plentiful amount of information.
ts R
When troubleshooting DNS issues, dig can be the tool of choice for many network
ou HA
administrators. Using dig can be done manually, as in specifying a certain domain

nameserver or automatically such as when no nameserver is specified, if none is used
1
dig will query nameservers that are listed in the resolv.conf file.
ed
us
or
ed
pi
co
Shown below is the dig output when querying novell.com
da1:/ # dig novell.com

; <<>> DiG 9.5.0-P2 <<>> novell.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59927
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
)
13
;; QUESTION SECTION:
8/
;novell.com. IN A
/2
-2
;; ANSWER SECTION:
novell.com. 86400 IN A 130.57.5.70
2
/1
;; AUTHORITY SECTION:
01
novell.com. 86400 IN NS ns.novell.com.
om e
novell.com. 86400 IN NS ns.wal.novell.com.
9/
fr t b
novell.com. 86400 IN NS ns2.novell.com.
id o
al n
;; ADDITIONAL SECTION:
ns.wal.novell.com 86400 IN A 130.57.22.5
(v an
ns2.novell.com. 86400 IN A 137.65.1.2
y -C
;; Query time: 439 msec
m ED
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 21:38:17 2010
de TT
;; MSG SIZE rcvd: 132

ca MI
da1:/ #
r A ER
ne P
rt Y
Following is the dig output when no name server or domain is queried.

Pa P
e CO
da1:/ # dig
id D
; <<>> DiG 9.5.0-P2 <<>>

ts R

ou HA
;; Got answer:
1
ed
;. IN NS
us
;; ANSWER SECTION:
. 518322 IN NS F.ROOT-SERVERS.NET.
or
. 518322 IN NS A.ROOT-SERVERS.NET.
. 518322 IN NS J.ROOT-SERVERS.NET.
ed
. 518322 IN NS D.ROOT-SERVERS.NET.
pi
. 518322 IN NS I.ROOT-SERVERS.NET.
co
. 518322 IN NS E.ROOT-SERVERS.NET.
. 518322 IN NS M.ROOT-SERVERS.NET.
. 518322 IN NS B.ROOT-SERVERS.NET.
. 518322 IN NS C.ROOT-SERVERS.NET.
. 518322 IN NS H.ROOT-SERVERS.NET.
. 518322 IN NS L.ROOT-SERVERS.NET.
. 518322 IN NS G.ROOT-SERVERS.NET.
. 518322 IN NS K.ROOT-SERVERS.NET.
)
13
A.ROOT-SERVERS.NET. 604722 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 604722 IN AAAA 2001:503:ba3e::2:30
8/
B.ROOT-SERVERS.NET. 604722 IN A 192.228.79.201
/2
C.ROOT-SERVERS.NET. 604722 IN A 192.33.4.12
-2
D.ROOT-SERVERS.NET. 604722 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 604722 IN A 192.203.230.10
2
F.ROOT-SERVERS.NET. 604722 IN A 192.5.5.241
/1
F.ROOT-SERVERS.NET. 604722 IN AAAA 2001:500:2f::f
01
G.ROOT-SERVERS.NET. 604722 IN A 192.112.36.4
om e
9/
fr t b
H.ROOT-SERVERS.NET. 604722 IN A 128.63.2.53
H.ROOT-SERVERS.NET. 604722 IN AAAA 2001:500:1::803f:235
id o
I.ROOT-SERVERS.NET. 604722 IN A 192.36.148.17
al n
J.ROOT-SERVERS.NET. 604722 IN A 192.58.128.30
(v an
J.ROOT-SERVERS.NET. 604722 IN AAAA 2001:503:c27::2:30
y -C
m ED
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 21:36:58 2010
de TT

ca MI
da1:/ #
r A ER
ne P
List of Syntax and Query Options for dig

rt Y
Performing a DNS lookup with dig will extract for you as little or conversely as much
Pa P
e CO
information as you want to know because the options that are available to use with
dig are numerous.
id D
The following are the options that you may use with dig; use dig -h to display all
ts R
options available.
ou HA
dig -h
1
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}

{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
ed
Where: domain is in the Domain Name System

q-class is one of (in,hs,ch,...) [default: in]
us
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]

(Use ixfr=version for type ixfr)
or
q-opt is one of:

ed
-x dot-notation (shortcut for reverse lookups)

-i (use IP6.INT for IPv6 reverse lookups)
pi
-f filename (batch mode)

co
-b address[#port] (bind to source address/port)

-p port (specify port number)
-q name (specify query name)

-t type (specify query type)
-c class (specify query class)
-k keyfile (specify tsig key file)
-y [hmac:]name:key (specify named base64 tsig key)
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
d-opt is of the form +keyword[=value], where keyword is:
)
13
+[no]vc (TCP mode)
+[no]tcp (TCP mode, alternate syntax)
8/
+time=### (Set query timeout) [5]
/2
+tries=### (Set number of UDP attempts) [3]
-2
+retry=### (Set number of UDP retries) [2]
+domain=### (Set default domainname)
2
+bufsize=### (Set EDNS0 Max UDP packet size)
/1
+ndots=### (Set NDOTS value)
01
+edns=### (Set EDNS version)
om e
9/
fr t b
+[no]search (Set whether to use searchlist)
+[no]showsearch (Search with intermediate results)
id o
+[no]defname (Ditto)
al n
+[no]recurse (Recursive mode)
(v an
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]fail (Don't try next server on SERVFAIL)
y -C +[no]besteffort (Try to parse even illegal messages)
m ED
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]adflag (Set AD flag in query)
de TT
+[no]cdflag (Set CD flag in query)

+[no]cl (Control display of class in records)
ca MI
+[no]cmd (Control display of command line)

r A ER
+[no]comments (Control display of comment lines)

+[no]question (Control display of question)
ne P
+[no]answer (Control display of answer)

rt Y
+[no]authority (Control display of authority)

Pa P
+[no]additional (Control display of additional)

e CO
+[no]stats (Control display of statistics)

+[no]short (Disable everything except short form of
id D
answer)
ts R
+[no]ttlid (Control display of ttls in records)

ou HA
+[no]all (Set or clear all display flags)

+[no]qr (Print question before sending)
+[no]nssearch (Search all authoritative nameservers)
1
+[no]identify (ID responders in short answers)

+[no]trace (Trace delegation down from root)
+[no]dnssec (Request DNSSEC records)
ed
+[no]nsid (Request Name Server ID)

us
+[no]multiline (Print records in an expanded format)

global d-opts and servers (before host name) affect all queries.
or
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
ed
-v (print version and exit)

pi
co
Using dig Options

dig will interrogate a DNS server and can be used either at the command line or in a
batch mode operation, reading from a file you create. dig can issue multiple lookups
to gather information from sites queried. Shown are results for 11 different queries.
1. The following is a query for ptr record information.
)
da1:~/Desktop # dig novell.com ptr
13
8/
; <<>> DiG 9.5.0-P2 <<>> novell.com ptr
/2
-2
;; Got answer:
2
/1
01
om e
;novell.com. IN PTR
9/
fr t b
id o
al n
novell.com. 10800 IN SOA ns.novell.com. bwayne.novell.com.
(v an
2010012202 7200 900 604800 21600
y -C
m ED
;; SERVER: 127.0.0.1#53(127.0.0.1)
de TT
;; WHEN: Sun Jan 31 23:50:18 2010

ca MI
r A ER
2. The following is a query for IPv6 information.

ne P
rt Y
da1:~/Desktop # dig lpi.org -6

Pa P
e CO
; <<>> DiG 9.5.0-P2 <<>> lpi.org -6

id D
;; Got answer:
ts R

ou HA

1
;lpi.org. IN A
ed
;; ANSWER SECTION:
lpi.org. 3600 IN A 24.215.7.162
us
or
lpi.org. 3600 IN NS server1.moongroup.com.

ed
lpi.org. 3600 IN NS ns.starnix.com.

pi
co
ns.starnix.com. 172800 IN A 24.215.7.99

server1.moongroup.com. 172800 IN A 204.157.7.157

;; SERVER: ::ffff:127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:52:20 2010
3. The following is a query for IPv4 information.
)
13
da1:~/Desktop # dig lpi.org -4
8/
/2
; <<>> DiG 9.5.0-P2 <<>> lpi.org -4
-2
;; Got answer:
2
/1
01
om e
9/
fr t b
;lpi.org. IN A
id o
al n
;; ANSWER SECTION:
(v an
lpi.org. 3578 IN A 24.215.7.162
y -C
m ED
de TT

ca MI
r A ER

ne P
rt Y

Pa P
;; SERVER: 127.0.0.1#53(127.0.0.1)
e CO
;; WHEN: Sun Jan 31 23:52:42 2010

id D
ts R
ou HA
4. The following is a query for port 8443 information.

1
da1:~/Desktop # dig lpi.org q-p 8443
; <<>> DiG 9.5.0-P2 <<>> lpi.org q-p 8443

ed

;; Got answer:
us

or
ed
;lpi.org. IN A
pi
co
;; ANSWER SECTION:
lpi.org. 3488 IN A 24.215.7.162
8
)
13
8
8/
/2
-2
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:52:42 2010
2
/1
01
om e
;; Got answer:
9/
fr t b
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20324
id o
al n
(v an
;q-p. IN A
y -C
m ED
10800 IN SOA a.root-servers.net.
de TT
nstld.verisign-grs.com.
2010013101 1800 900 604800
ca MI
86400
r A ER

ne P
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:54:12 2010
rt Y

Pa P
e CO
;; Got answer:
id D

ts R

ou HA
;8443. IN A
1
10800 IN SOA A.ROOT-SERVERS.NET.
ed
NSTLD.VERISIGN-GRS.COM.
us
2010013101 1800 900 604800

86400
or

ed
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:54:12 2010
pi

co
5. The following is a query for port 25 information.
da1:~/Desktop # dig lpi.org q-p 25
; <<>> DiG 9.5.0-P2 <<>> lpi.org q-p 25

;; Got answer:
)
13
8/
;; QUESTION SECTION
/2
;lpi.org. IN A
-2
;; ANSWER SECTION:
2
/1
lpi.org. 3436 IN A 24.215.7.162
01
om e
9/
fr t b
lpi.org. 3436 IN A server1.moongroup.com.
lpi.org. 3436 IN A ns.starnix.com.
id o
al n
(v an
y -C
server1.moongroup.com 172636 IN A 204.157.7.157
m ED
de TT
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:55:04 2010
ca MI

r A ER
;; Got answer:
ne P

rt Y

Pa P
e CO
;q-p. IN A
id D
ts R
ou HA
10748 IN SOA a.root-servers.net.

nstld.verisign-grs.com.
1
2010013101 1800 900 604800

86400

ed
;; SERVER: 127.0.0.1#53(127.0.0.1)
us
;; WHEN: Sun Jan 31 23:55:04 2010

or
;; Got answer:
ed

pi

co
;25. IN A
2010013101 1800 900 604800
86400
)
13
;; SERVER: 127.0.0.1#53(127.0.0.1)
8/
;; WHEN: Sun Jan 31 23:55:04 2010
/2
-2
2
6. The following is a query for IPv6 reverse lookup information.
/1
01
om e
da1:~/Desktop # dig lpi.org q-i
9/
fr t b
; <<>> DiG 9.5.0-P2 <<>> lpi.org q-i
id o
al n
;; Got answer:
(v an
y -C
m ED
de TT
;lpi.org. IN A
ca MI
;; ANSWER SECTION:
lpi.org. 3387 IN A 24.215.7.162
r A ER
ne P
rt Y
Pa P

e CO
id D

ts R

ou HA

1
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:55:53 2010
ed
;; Got answer:
us

or
ed
;q-i. IN A
pi
co

2010013101 1800 900
604800 86400

;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:55:54 2010
)
13
8/
/2
7. The following is a query for Internet record information (used as IN NS will
-2
change the information returned).
2
da1:~/Desktop # dig lpi.org in
/1
01
om e
; <<>> DiG 9.5.0-P2 <<>> lpi.org in
9/
fr t b
;; Got answer:
id o
al n
(v an
y -C
;; QUESTION SECTION
;lpi.org. IN A
m ED
de TT
;; ANSWER SECTION:
lpi.org. 3271 IN A 24.215.7.162
ca MI
r A ER
lpi.org. 3271 IN A server1.moongroup.com.

ne P
lpi.org. 3271 IN A ns.starnix.com.

rt Y
Pa P
e CO

id D
ts R

ou HA
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:57:49 2010
1
8. The following is a query for mx record information.

ed
us
da1:~/Desktop # dig lpi.org mx

or
; <<>> DiG 9.5.0-P2 <<>> lpi.org mx

ed
;; Got answer:
pi

co
;; QUESTION SECTION
;lpi.org. IN MX
;; ANSWER SECTION:
lpi.org. 3600 IN MX mail.lpi.org.
)
13
8/
/2
mail.lpi.org. 3600 IN A 24.215.7.168
-2
2
/1
01
om e
;; SERVER: 127.0.0.1#53(127.0.0.1)
9/
fr t b
;; WHEN: Sun Jan 31 23:58:04 2010
id o
al n
(v an
9. The following is a query for A record information.
y -C
m ED
da1:~/Desktop # dig lpi.org a
de TT
; <<>> DiG 9.5.0-P2 <<>> lpi.org a

ca MI
;; Got answer:
r A ER

ne P
rt Y
;; QUESTION SECTION
Pa P
;lpi.org. IN A
e CO
;; ANSWER SECTION:
id D
lpi.org. 3229 IN A 24.215.7.162

ts R
ou HA
1
ed

us

or
;; SERVER: 127.0.0.1#53(127.0.0.1)
ed
;; WHEN: Sun Jan 31 23:58:31 2010

pi
co
10. The following is a query for cname information.
da1:~/Desktop # dig lpi.org cname
; <<>> DiG 9.5.0-P2 <<>> lpi.org a

;; Got answer:
)
13
8/
;; QUESTION SECTION
/2
;lpi.org. IN CNAME
-2
2
/1
lpi.org. 600 IN SOA ns.starnix.com.
dns.starnix.com. 2009122101
01
om e
3600 1800 3600000 600
9/
fr t b
id o
;; SERVER: 127.0.0.1#53(127.0.0.1)
al n
;; WHEN: Sun Jan 31 23:59:27 2010
(v an
y -C
m ED
11. The following is a query for soa information.
de TT
da1:~/Desktop # dig lpi.org soa

ca MI
r A ER
; <<>> DiG 9.5.0-P2 <<>> lpi.org soa

ne P
;; Got answer:
rt Y

Pa P

e CO
;; QUESTION SECTION
id D
;lpi.org. IN SOA
ts R
ou HA
;; ANSWER SECTION:
lpi.org. 3600 IN SOA ns.starnix.com.
1
dns.starnix.com. 2009122101
3600 1800 3600000 600
ed

us

or
ed

pi
co

;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Jan 31 23:59:40 2010

da1:~/Desktop #
As seen, the returned information resultng from a query can produce a great amount
of information for you. Depending on your requirements dig may be a very useful
utility when troubleshooting networking configuration issues for your end-users.
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Summary
Objective Summary
1. Use Debian Package Debian Linux basics on page 269
Management on page 269
Debian is an OS using the Linux kernel as its core. Debian
packages normally end with a .deb extension. Most of Debian
)
tools used come from the GNU project, thus calling it Debian
13
GNU/Linux. www.debian.org
8/
Manage Software Packages Using apt on page 270
/2
-2
Using apt tool commands, you can install, upgrade, and remove
Debian packages, as well as verify and use queries. Two apt
tools are apt-get and apt-cache.
2
/1
Managing Software Packages Using dpkg on page 272
01
om e
Managing Software Packages with dpkg, you find file
9/
fr t b
information, verify packages, and install .deb files. Find which
package a file belongs to or list the files in a certain package.
id o
2. yum Package YUM Tools on page 274
al n
(v an
Yellowdog Updater, Modified is an rpm compatible package
manager. yum evolved to update and manager RHL systems,
y -C can also be used in other Linux distros, such as Fedora, RHEL
m ED
and CentOS.
yum tools can use a command line interface and may use
de TT
plugins for the additional use of other features. yum-tools

extends and also acts as a supplement to yum. It is a collection
ca MI
of different utilities which may perform queries, package cleanup,

r A ER
or perform repository synchronization.
YUM: /etc/yum.conf and /etc/yum.repos.d/ on page 275

ne P
rt Y
/etc/yum.conf is the main configuration file for the yum package

Pa P
manager. It lists sites and their URLs where packages may be

e CO
downloaded from. It also contains the yum settings, which also

supplies settings for yum-utils tools.
id D
yum.conf can be edited by the admin to include new sites and

ts R
URLs for new repositories, whether remote to you or created as

ou HA
local by you. The file may also have lines that may be
uncommented to allow those sites to be contacted. It is best to
avoid sites that are marked as unstable or test sites.
1
/etc/yum.repos.d is the directory holding the .repo files which

are created to list repository locations. It may be used in place of
editing the yum.conf file. createrepo is used to generate the
ed
XML metadata necessary for the repository. You may need to

us
import all gpg keys for the packages or use gpgcheck=0 in the
.repo file.
or
ed
pi
co
Objective Summary
2. yum Package Using yumdownloader on page 278
(continued) This may be used to download RPMs from yum repositories. It
replaces the need to manually search and perform downloads.
Use yumdownloader and a list of URLs to get downloads from;
use the --resolve option to resolve any dependencies and then
download the packages required to fulfill those dependencies.
)
13
A requirement is the use of the yum libraries for retrieving
package information. yum relies on its configuration settings to
8/
use as its default values. When installing yum-utils, it will include
/2
yumdownloader. To use yum-utils or yumdownloader you must
-2
have root privileges.
3. SQL Data Manipulate data in an SQL database on page 280
2
Basic SQL database commands will allow you, the database
/1
administrator, flexibility in caring for, updating, or performing
01
general tasks with your organizations database.
om e
9/
fr t b
Using commands such as INSERT, UPDATE, SELECT, and
DELETE allows manipulation of the data within the database.
id o
al n
Keywords such as FROM and WHERE tell the SQL interpreter
(v an
where data is to be retrieved or extracted from, whether it is
FROM a table or data in the columns and rows WHERE data
y -C selection is to be made.
m ED
Query an SQL database on page 282
Querying an SQL database can be accomplished with a number

de TT
of different commands depending on the data needing to be

extracted.
ca MI
r A ER
Using SQL statements and functions, you can group datasets by

columns. For example, when creating a table, data such as
HoursWorked record the hours employees have worked. You
ne P
can extract either the SUM total of all hours worked or GROUP
rt Y
BY total hours worked by the individual employee.

Pa P
e CO
Using the keyword ORDER BY, you can sort the SQL data
extracted FROM the tables you are working with. Reversing the
id D
sort order with DESC (descending order) can further vary the
way the extracted information is displayed.
ts R
ou HA
Administrators can JOIN the information in two different tables

by having common fields specifying matching data. Adding the
common column fields will allow the extraction of data.
1
INNER JOIN and OUTER JOIN will select data from rows
matching (INNER JOIN) or even from columns that have cells
ed
not matching between tables. A NULL entry is shown where no

matching data existed.
us
After specifying the FROM table name and JOIN table name, you
can change the JOIN statement to read LEFT JOIN or RIGHT
or
JOIN to select all rows, matching or not, from either the left table
ed
(FROM) listed or from the right table (JOIN) specified.

pi
co
Objective Summary
4. Install and Configure X11 Installation, Video Card and Monitor Requirements on
X11 on page 287 page 287
Always make sure that the machine hardware is supported by

the X system. The X server program that comes with most Linux
distributions is XFree86.
Another open-source implementation of X window is the X.Org
)
13
project release of X11R7.5 with X11R7.6 to be released soon.
8/
Remember that hardware requirements differ between hardward
platforms.
/2
-2
During installation, the setup will configure use of your mouse,
keyboard, video card, and monitor.
2
/1
The startx syntax is
01
startx [[client] options] [-- [server] options]
om e
9/
fr t b
Startx command looks for the file .xinitrc, a hidden file, in the
users home directory. This specifies any customizations for that
id o
user. If not found, it then finds the xinitrc file in the xinit library
al n
directory. Startx command looks for the file named .xserverrc, a
(v an
hidden file, in the users home directory. This also contains any
customizations unique to the user.
y -C Check with the video card manufacture or their documentation
m ED
for information concerning the chipset and the necessary amount
of RAM needed.
de TT
Be sure of the requirements before purchasing a video card.

ca MI
X Window is a system that runs on UNIX and Linux operating

r A ER
systems. X Window is also called X or x11 and is the system

and protocol that provides a GUI for computer networks both
ne P
client and server machines.

rt Y
Another way of determining if the chipset is supported, is by the

Pa P
use of a utility called SuperProbe. Its syntax is as follows:

e CO
SuperProbe [-verbose] [-no16] [-excl list] [-mask10] [-order list] [-

id D
noprobe list] [-bios base] [-no_bios] [-no_dac] [-no_mem] [-info]

ts R
When having X11 monitor issues, it can be helpful to use the

ou HA
xvidtune application to try and fine tune and adjust X servers

video modes and its monitor related settings.
1
If X is not able to start, use startx if you are experimenting with

settings. If X crashes, the display manager (GUI login) will not
loop
ed
startx just gracefully goes back to a text console screen, where

us
an error message may be visible.
X11 uses the monitors configuration specifications to determine

or
what will be the resolution and refresh rate. The correct

ed
numbers that are needed, indicate a range and refer to the

horizontal scan rate and the vertical synchronization rate.
pi
co
Objective Summary
4. Install and Configure X11 Installation, Video Card and Monitor Requirements on
X11 on page 287 page 287 (continued)
(continued)
X11 uses the monitors configuration specifications to determine
what will be the resolution and refresh rate. The correct
numbers that are needed, indicate a range and refer to the
horizontal scan rate and the vertical synchronization rate.
)
Understanding the X Font Configuration File on page 291
13
The X Window system display requires that it be supplied with
8/
fonts; xfs and xfstt are the most widely used X Window system
/2
font servers.
-2
There are dependencies between the packages. In most cases
these dependencies can be resolved automatically. Otherwise,
2
they must be resolved manually.
/1
01
A font server is a background process that makes your installed
om e
set of fonts available to XFree86 and other machines running X.
9/
fr t b
Under normal conditions the x font server is started by means of
id o
boot files such as the /etc/rc.local file.
al n
Users may also start private font servers for a specific sets of
(v an
fonts they wish to use at their client.
y -C The main configuration file the font server will use is the default
m ED
file of /etc/X11/fs/config.
Steps to set up an X font server are the following:

de TT
1. Install the font server if necessary.

ca MI
2. Edit the xfs.conf file that comes with it.

r A ER
3. Set up a font directory such as, /home/fonts/lib/ttfonts.

ne P
4. Have X use the font server after all other fonts by specifying
rt Y
Pa P
xset fp+ tcp/localhost:7100

e CO
5. Test the font server.

id D
To use outline fonts on X, you need a version of X that will

ts R
support their use. This will include all versions of OpenWindows,

ou HA
X11R5, some newer versions of XFree86, as well as others.
There are three ways to support the use of outline fonts.

1
1. Use of the X server itself

2. Use of an external font server
ed
3. Use X modules that can be loaded, such as those with

OpenWindows
us
In order that fonts will be available, you need to set a path to use
or
as a font path; add a directory to the font path with the following
command
ed
xset fp+ (directory)

pi
co
Objective Summary
4. Install and Configure Understanding the X Font Configuration File on page 291
X11 on page 287 (continued)
(continued)
Once specified, you need to have the X server re-scan for any
available fonts.xset fp rehash
You will want the two commands to run automatically. To do this,

put them in the servers .xinitrc file or another file depending on
)
13
how you start X window. It may be either a Xclients file or
.xsession file.
8/
You will find it to your advantage to make two of the files
/2
symlinks to the other, just to help avoid confusion.
-2
Type 1 fonts may be added to your font server using the
2
type1inst utility.
/1
The type1inst utility makes it easy for you to use Type 1 fonts
01
that are not part of your fonts in X. type1inst will scan Type 1
om e
9/
fr t b
PostScript font files; then it will generate the file fonts.scale
automatically.
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective Summary
4. Install and Configure Understanding the X Window Configuration File on page 293
X11 on page 287
(continued) The command to start the X server is startx
The program xinit allows users to manually start an X server.

startx is the script that is used as a front-end for xinit
The default display used is display :0, xinit and startx start an X
)
server and an xterm on it. When xterm terminates, xinit and
13
startx kill the X server.
8/
sysutils/hal and devel/dbus ports are installed as
/2
dependencies of x11/xorg; however, they must be enabled by
-2
making the following entries in the /etc/rc.conf file:
hald_enable="YES"
2
/1
dbus_enable="YES"
01
om e
Start these services either manually or by a reboot before any
9/
fr t b
further configuration of Xorg is carried out.
id o
Desktop environment, such as GNOME, KDE or another will be
al n
installed. They often contain tools which allow the user to set
(v an
screen parameters such as the resolution.
y -C The first step you need to perform is to build an initial

configuration file. As the super user root, simply run
m ED
Xorg -configure
de TT
Generated is a skeleton file for X11 configuration, in a /root

directory named xorg.conf.new. Whether you su to root or by a
ca MI
direct login, this affects the inherited supervisor $HOME directory

r A ER
variable.
X11 will attempt to probe the machines graphics hardware on the

ne P
system and then create a configuration file to load the proper

rt Y
drivers for the hardware detected on the target system.

Pa P
e CO
As of Xorg 7.4 and later, the test produces a black screen which
makes it somewhat difficult to diagnose whether X11 is working
properly.
id D
ts R
Older behavior is still available by using a retro option

ou HA
Xorg -config xorg.conf.new -retro

1
The configuration file consists of numerous sections:
Files File pathnames

ServerFlags Server Flags
ed
Modes Description of the Video Modes

us
Screen Screen Configuration

or
ed
pi
co
Objective Summary
5. Message Transfer Understanding Linux MTA programs: sendmail on page 295
Agent (MTA) Basics on
page 295 Using sendmail you can receive, and forward email, among
other features. sendmail released to the public in 1983 with BSD
4.1c which was the first version of BSD to include the TCP/IP
protocol.
One of the oldest and most widely used Internet MTAs, sendmail
)
13
was designed with flexibility to transfer mail between two
dissimilar mail systems. It has support for protocols such as
8/
UUCP, SMTP, DECnet, mail11, and ESMTP, and more.
/2
sendmail evolved into Sendmail X which brought with it a
-2
modular transferring system running 5 and sometimes more
processes. It used a centralized queue manager controlling
2
SMTP servers and clients to receive and send email. sendmail X
/1
also has an address resolver providing mail routing using
01
lookups, including DNS lookups.
om e
9/
fr t b
Development was ceased in favor of a new project called
MeTA1.
id o
al n
Understanding Linux MTA programs: postfix on page 296
(v an
postfix MTA has now become one of the most preferred MTAs of
y -C many administrators today. postfix has listed among it benefits,
ease of administration, security, and speed.
m ED
Use of postfix will remind users of sendmail, yet the inner
de TT
workings are very different from sendmail.
postfix will run with many systems, such as AIX, HP-UX, Linux,
ca MI
IRIX, MacOS X, BSD, Solaris, as well as Tru64 Unix, and many

r A ER
other Unix systems. Its main features include various protocol

support, junk mail controls, mailbox support, database support,
ne P
address manipulation, and configurable DSN, delivery status

notifications. (see main text for detailed list of features)
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
Objective Summary
5. Message Transfer Understanding newaliases, qmail, and exim on page 297
page 295 (continued) newaliases command builds a new copy of the alias database
from and for the mail aliases file. The alias file /etc/aliases or /
etc/mail/aliases, after editing, must be followed by your running
of the newaliases command for the changes to take effect. By
running newaliases it will initialize the database.
)
13
When newaliases runs, it causes the sendmail command to re-
read the local systems /etc/aliases or the /etc/mail/aliases file
8/
and then create two additional files which will contain the
/2
database information for alias. The two new files are /etc/
-2
aliases.dir and /etc/aliases.pag.
newaliases uses exit codes. Exit code 0 indicates successful,
2
however, an exit code of >0 indicates an error has occurred.
/1
01
The files and directory used by the newaliases command are
om e
found at
9/
fr t b
/usr/sbin/newaliases-Contains the command.
id o
al n
/etc/aliases-Contains source for the mail aliases file
command.
(v an
/etc/mail/aliases- Contains source for aliases for the sendmail
y -C command.
m ED
/etc/aliases.db directory-Contains binary files created by the
newaliases command.
de TT
postalias is the postfix equivalent to sendmails newaliases

ca MI
command. The configuration file for postalias is the /etc/postfix/

aliases file. After editing the file, run the following syntax
r A ER
postalias/etc/postfix/aliases.
ne P
qmail is a replacement for sendmail and has been described as

rt Y
being the modern replacement for it. It was designed to be

Pa P
more secure and was the first security-aware MTA of its time.
e CO
qmail was released to the public domain in 2007; however, it is

considered non-free, depending on which license guideline is
used.
id D
ts R
Its modular architecture, comprised of mutually untrusting

ou HA
components such as the SMTP queue, manages its

credentials different from the SMTP listener. This holds true for
many of its other components as well. It is considered to be
1
quicker, easier to configure, easier to deploy, and also easier for

end-users to use by the use of employing wildcards. By design, it
was meant to be used for large bulk mail servers such as those
ed
used for mailing list servers.

us
or
ed
pi
co
Objective Summary
5. Message Transfer Understanding newaliases, qmail, and exim on page 297
Agent (MTA) Basics on (continued)
page 295 (continued)
exim is an SMTP mail server without features such as address
books, iMAP, POP3, shared calendars, or group scheduling.
Though referred to as a sendmail alternative, it is very different in
configuration and setup. Its feature list makes it an attractive
alternative for large Unix/Linux installations such as ISPs which
)
13
handle millions of messages per day, it is found to be useful to
single workstationsand small to medium systems as well. It is
8/
capable of storing lists for domains, hosts, and end-users in text
/2
files, databases, and in an LDAP directory.
-2
Errors occur when using the wrong documentation for setup. It
supplies support for two types of filters, the Exim filter and the
2
/1
Sieve filter, both of different formats.
01
Preference is given to the Exim filter due to its being feature rich,
om e
and its native format is unique to Exim and allows better
9/
fr t b
integration with your host environment. Sieve filters are
designed with its portability in mind.
id o
al n
Administrators must configure the system for both types of filters.
(v an
Sieve filters offer the most for interoperability. Test all of your
implementations of filtering systems.
y -C /var/spool/exim/msglog contains the log files for messages
m ED
with each message having its own file and named the same as
the message-id.
de TT
Exim message-id has the syntax xxxxxx-xxxxxx-xx. Alpha-

ca MI
numeric and mixed-case are its format.

r A ER
Most commands managing message logging or the message

queue use the messageid. Every message in the spool directory
ne P
has three files; when removing them, do not leave remnants of

rt Y
files in the queue.

Pa P
Using mail, mailq, ~/.forward, and aliases on page 300

e CO
mail command is very powerful, new administrators and new

users do well to learn its usage first.
id D
ts R
Using the mail command, you can read, reply, compose, send,
ou HA
forward, and delete mail. There are a large number of command

line options, configuration options, compose-mode options, and
command-mode options. Research each using the main text
1
material in this section and search the Internet for more

information.
mailq is used to print a summary of the messages queued for

ed
delivery. The exit codes indicate sucess or failure, an exit code

us
of 0 indicates success, while an exit of >0 indicates an error has

occurred. The summarys first line displays the internal identifier
or
for that host and for that specific message, with a possibility of a
status character. Status characters can be one of the following;
ed
pi
co
Objective Summary
5. Message Transfer Using mail, mailq, ~/.forward, and aliases on page 300
Agent (MTA) Basics on (continued)
page 295 (continued)
* = Job being processed.
X = Load too high to process job.
- = Job too young to process.
)
13
The second line shows any error that caused the message to be
retained in the queue. No error message seen if the message is
8/
being processed for the first time.
/2
-2
Third line shows recipient of the message, one recipient per line.
A number of options exist for mailq and are covered in the main
text of this Addendum.
2
/1
~/.forward will allow end-users to forward their messages to
01
perhaps another account on another system or another machine.
om e
The forwarding of messages is configured by users creating a
9/
fr t b
.forward file in their home directory, as signified by the ~/, the .
indicates it is a hidden file.
id o
al n
The content of the .forward file is the address you wish to have
(v an
your mail forwarded to. Use the syntax of either username (local
machine user) or emailuser@domain.com Internet address, for
y -C example, geeko or geeko@digitalairlines.com.
m ED
Creating a .forward file means that all email will be forwarded to
that entry, and no email will be delivered to the normal mailbox
de TT
for that user.

ca MI
aliases, is a pseudo-name, a pseudo-email address which

redirects mail to another specified email address.
r A ER
Two types of aliases are used, either the MUA alias or the MTA
ne P
alias. MUA aliases are seen and used by only the user creating
rt Y
it.
Pa P
The syntax used is (all on one line) alias jc James Christopher

e CO
<jamesc@domain.org>.
id D
An MTA alias will allow the alias to be used by your local

ts R
machine, as well as remotely. The system aliases file needs to

ou HA
be modified. The system aliases file is normally /etc/aliases;

however, there may be a different location, depending on your
MTA.
1
Review standard aliases contained in the file, such as those for

postmaster or mailman or faxmaster these may provide you
guidance on the syntax to use.
ed
Depending on the MTA you use, it may treat the alias as a

us
mailbox and append the mail to it, which is excellent for archiving
mail. Or perhaps the MTA will determine the alias target to be a
or
program, which then passes the mail to the programs standard

input.
ed
pi
co
Objective Summary
5. Message Transfer sendmail emulation layer commands on page 305
page 295 (continued) Sendmail emulation allows the ability to have mail delivery of
outging mail without going through the MTA. It uses the MDA or
Message Delivery Agent, thus, not using port 25.
smtp.conf file will contain pairs of keyword-argument. There will

be one pair per line. For example
)
13
Mailhub This is the host to send mail to; it should be in the form
8/
of host IP_addr :portnumber. The default port used is port 25.
/2
Root This is the user that will receive all mail for any uid less
-2
than 1000. If this keyword is left blank, then address rewriting will
be disabled.
2
/1
ssmtp is truly a send-only sendmail emulator which is used for
those machines that normally pick-up their mail from a
01
centralized mailhub, which may be via pop, imap, nfs mounts or
om e
9/
fr t b
another means.
Reverse aliases have the From: address placed on the user's
id o
al n
outgoing mail messages and as an option the mailhub. These
messages will be allowed through.
(v an
To allow reverse aliases, it employs the use of /etc/ssmtp/
y -C revaliases which is the reverse aliases file.
m ED
sendmail emulator program command line options may change
the default behavior or output of sendmail.
de TT
Milters enable third-party applications to access a mail message

ca MI
as it is being processed by the MTA. Allowing them to examine

and modify message content as well as the meta content or
r A ER
information during the SMTP transaction.

ne P
Milters were created due to the increase in email volume along

rt Y
with threats like spam, being targeted by viruses and being

Pa P
targeted with attacks such as a denial of service (DOS). There

e CO
grew the need quickly to expand the abilities of sendmail to

include a means of threat protection and to optimize message
delivery.
id D
ts R
Filters may be added or modified without affecting other existing

ou HA
milters. A milter will address system-wide mail filtering issues in

an easy and scalable manner.
1
6. Fundamentals of TCP- Use dig to Perform a DNS Lookup on page 309

IP (dig) on page 309
Using the dig utility will allow you flexibility in the type of data you
wish to gather from nameservers. dig stands for Domain
ed
Information Groper. It is a tool that will query a nameserver by

doing DNS lookups. The amount of data gathered is plentiful and
us
is determined by the options you choose to use.

or
Used without a nameserver to query dig will use the /etc/

resolv.conf file and check the nameservers listed therein. dig
ed
lpi.org
pi
co
Objective Summary
6. Fundamentals of TCP- List of Syntax and Query Options for dig on page 311
IP (dig) on page 309
(continued) Usage:
dig Will use the resolv.conf file
dig <nameserver> Queries a specified nameserver, like, dig

lpi.org
)
13
dig -h Displays all options.
8/
Using dig Options on page 313
/2
Options dig interrogates DNS servers and can be used either at
-2
the command line or in batch mode reading entries from a file
you create. dig can also issue multiple lookups to gather the
2
information from sites queried.
/1
dig lpi.org q-p 8443 Queries port 8443 for information
01
om e
dig lpi.org mx Queries for mx record information.
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co
)
13
8/
/2
-2
2
/1
01
om e
9/
fr t b
id o
al n
(v an
y -C
m ED
de TT
ca MI
r A ER
ne P
rt Y
Pa P
e CO
id D
ts R
ou HA
ed 1
us
or
ed
pi
co

3101 Student Guide Printable PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3101 Student Guide Printable PDF

Uploaded by

Copyright:

Available Formats

Novell Training Services (en) 15 April 2009

SUSE Linux Enterprise 11

Novell Training Services

company/legal/patents/) and one or more additional patents or pending patent

Online Documentation: To access the latest online documentation for

All third-party trademarks are the property of their respective owners.

SECTION 1 Getting to Know SUSE Linux Enterprise 11 17

Manage Icons in GNOME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Use the GNOME File Manager (Nautilus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

Exercise 1-3 Use the GNOME File Manager (Nautilus) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Objective 4 Access the Command Line Interface from the Desktop 42

Exercise 1-4 Access the Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

SECTION 2 Locate and Use Help Resources 47

Objective 1 Access and Use man Pages 48

Exercise 2-1 Access and Use man Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Exercise 2-2 Access and Use info Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Objective 3 Access Release Notes and White Papers 56

Exercise 2-3 Access Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

SUSE Linux Enterprise 11 Fundamentals / Manual

Objective 4 Use GUI-Based Help 59

SECTION 3 Manage the Linux File System 65

Objective 4 Create and View Files 89

View a File with cat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

View a File with less . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

Exercise 3-3 Create and View Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Objective 5 Work with Files and Directories 93

Create Directories Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Create Folders Using Nautilus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

Delete Files and Directories Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Link Files Using Nautilus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Objective 6 Find Files on Linux 102

Use the find Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

Use the locate Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Use the which Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108

Exercise 3-5 Find Files on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Objective 3 Work with Variables and Aliases 131

Objective 4 Understand Command Syntax and Special Characters 135

Select Your Character Encoding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

Use Search Patterns for Name Expansion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

Objective 5 Use Piping and Redirection 140

SECTION 5 Administer Linux with YaST 149

Objective 1 Get to Know YaST better 150

User Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

YaST Applets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

Exercise 5-1 Get to Know YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

SUSE Linux Enterprise 11 Fundamentals / Manual

Objective 2 Manage the Network Configuration Information from YaST 164

SECTION 6 Manage Users, Groups, and Permissions 177

Change File Permissions with chmod . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

Exercise 6-4 Manage File Permissions and Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Modify Default Access Permissions with umask . . . . . . . . . . . . . . . . . . . . . . . . . 207

Objective 5 Ensure File System Security 210

The Basic Rules for User Write Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

The Basic Rules for User Read Access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

SECTION 7 Use the vi Linux Text Editor 217

Objective 1 Use the Editor vi to Edit Files 218

Learn the Working Modes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

Exercise 7-1 Use vi to Edit Files in the Linux System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

SECTION 8 Manage Software for SUSE Linux Enterprise 11 223

Objective 1 Overview of Software Management in SUSE Linux Enterprise 11 224

Exercise 8-3 Manage Software with RPM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Objective 5 Manage Software with zypper 249

Repository Management Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249