Here are some general administration tasks that I find useful to remember.
First see the section on RPM to learn how to install and update software. .
See more sections on Gnu/Linux .
Most of the books you want are free from http://www.linuxdoc.org/ as HOWTO's. Don't assume that you can get something better in the bookstore. Many Linux books in the bookstore are simply bound copies of the publicly available documents.
"Running Linux" from O'Reilly press is the best overall book for anyone getting ready to install Linux for the first time and start playing with it.
As a quick reference, you may prefer a copy of O'Reilly's "Linux in a Nutshell", with concise summaries of all administrative commands. Read it through because many standard Unix commands have great new options. Many new commands become essential.
To understand your Unix system better, get the new edition of "Unix System Administration Handbook," by Nemeth, Snyder, Seebass, and Hein, from Prentice Hall. The new edition covers Linux, and explains where other systems differ. This book is superior to any book specifically for Linux.
For help, I prefer IRC (Internet Relay Chat) on a freenode.net server. See http://www.freenode.net/
aproposto find programs and manuals. Use
fileto identify the type of a file.
sudoto run individual commands as root instead of
su root. Add your username to
lsb_release -a cat /etc/*release cat /etc/issue cat /proc/version uname -a
$ cat /proc/cpuinfo /proc/meminfo /proc/pci /proc/mounts
As root you can see most devices with
List PCI buses and what is attached to them
These virtual files are updated dynamically.
procinfo -a will format some
of the information for you.
$HOME/.i18nand modifying it. Look at this file if your application is complaining about missing characters. I add
zh_CN.UTF-8to the SUPPORTED entry. You can also change the system file for all users.
zh_CN.UTF-8to the SUPPORTED entry in
Next create the following file in your home directory.
$ mkdir ~/.xinput.d $ ln -s /etc/X11/xinit/xinput.d/iiimf ~/.xinput.d/default
Restart X, right click on the tool bar, press "add to panel", select "InputMethod Switcher", and press add. Click once to "Add or Remove" languages from your choices.
See http://fedora.redhat.com/projects/i18n/iiimf-faq.html for more help.
Here is how I started applications
with Chinese input on Fedora Core 1. This
should be unnecessary with later.
$ export LC_ALL=zh_CN ; export LANG=zh_CN.UTF-8 ; XMODIFIERS=@im=chinput
$ locale | grep LANG
Chinput Version 3.0.2 -- XIM Server
control-space to switch to pinyin
mode. Turn off pinyin before exiting;
otherwise, your next application will fail to
/etc/inittabto set your default runlevel to
id:3:initdefault:to boot to a console and
startxto start X11.
shutdown -r nowand shutdown for good with
shutdown -h now. If you are rebooting remotely, you can avoid a possible hang during shutdown by running
syncto flush file buffers, then
reboot -f -nfor an abrupt termination of services, and a reboot.
quotalists your disk quota.
/etc/ld.so.confinstead of to your
ldconfigto update your cache.
/etc/rc.d/rc.local. This is much easier than adding Start and Kill scripts at the appropriate runlevel
echo "/data *(rw,sync)" >> /etc/exports exportfs -a
Redhat configures their network services
during boot with the script
/etc/rc.d/init.d/network, which gets
network parameters from
/etc/sysconfig/network and calls scripts
routes can be specified in
Check the active ip address of eth0 with
ifconfig. After changing the address,
/sbin/ifup eth0 or more drastically
/sbin/service network restart.
Identify cluster hostnames most simply by
specifying IP addresses in
Use the same file for all nodes, including
Make sure you do not have a protocol mismatch
mii-tool -v eth0. Duplex mode
mismatches will hurt performance.
Here are examples of my network files on various types of systems.
NETWORKING=yes HOSTNAME=hong DHCP_HOSTNAME=hong NISDOMAIN=denver.foo.com
DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes TYPE=Ethernet USERCTL=no PEERDNS=yes
| stand-alone |
(static behind NAT)
DEVICE=eth0 BOOTPROTO=none BROADCAST=184.108.40.206 HWADDR=00:00:00:00:00:00 IPADDR=220.127.116.11 NETMASK=255.255.255.248 NETWORK=18.104.22.168 ONBOOT=yes TYPE=Ethernet GATEWAY=22.214.171.124
| cluster #1 node |
NETWORKING=yes FORWARD_IPV4=false NISDOMAIN=denver.foo.com
DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp
|cluster #2 node||
NETWORKING=yes HOSTNAME=supcl1 NISDOMAIN=denver.foo.com DHCP_HOSTNAME=supcl1
DEVICE=eth0 ONBOOT=yes BOOTPROTO=dhcp
All use the same
DEVICE=lo IPADDR=127.0.0.1 NETMASK=255.0.0.0 NETWORK=127.0.0.0 BROADCAST=127.255.255.255 ONBOOT=yes NAME=loopback
If you use DNS, then specify your domain,
preferred nameserver lookup order, and
default domain completions in
nameserver 126.96.36.199 nameserver 188.8.131.52 nameserver 184.108.40.206 search foo.com denver.foo.com etc.foo.com
If you are using NIS, then specify the NIS
server for each domain in
a line like
domain denver.foo.com server denadmin01 domain denver.foo.com server denadmin02
To export a local disk, add a line to
$ sudo service nfs restart
Exceptionally slow network performance may be due to using half rather than full duplex. Check
$ sudo ethtool eth0
Try to get the most recent possible release of any particular distribution. The improvements you see with a new release will be much greater than any differences you find between distributions. Desktops continue to improve greatly.
Once I find the iso's on a mirror, I download with a script like
S="ftp://distro.someplace.org/pub/linux/distributions/fedora/linux/core/2/i386/iso/" P="email@example.com" for f in \ MD5SUM \ FC2-i386-disc1.iso \ FC2-i386-disc2.iso \ FC2-i386-disc3.iso \ FC2-i386-disc4.iso \ ; do wget $S$f done
curl is an advanced alternative to
Performing a clean install has gotten so easy
that it doesn't seems worth documenting. Use
a default workstation install, then use
rpm to add additional features from your
disks or iso images. See the section on RPM
elsewhere on this page.
On RedHat and Fedora, both
up2date are great ways to upgrade your
system quickly. Locate on the web a
/etc/yum.conf that points to Fedora
mirrors. You can upgrade all installed
Fedora packages with
yum update -y. (I
sudo to avoid logging in as
root.) If you have registered with the
RedHat network, then you can upgrade
up2date --nox -u. These
commands also install new packages if you
know the name of the new package.
Most yum-based systems come preconfigured to
check a few reliable repositories. Check
/etc/yum.repos.d/ to see which are
checked by your system.
For CentOS, I add access to RPMForge, following these directions: https://rpmrepo.org/RPMforge/Using
More repos are tracked here: http://wiki.centos.org/Repositories
Many good rpm's are here: http://dag.wieers.com/rpm/ but they are also available through RPMForge.
Create a list of available packages with
yum list all | tee yum.txt
Some collections can be installed as a group:
sudo yum -y groupinstall "X Software Development"
If you are reinstalling or upgrading, then keep a backup copy of the entire /etc directory on another machine. You may want to compare configuration files later, particularly for the network connection.
You are asked a small number of questions
during installation. If you forget your
answers, you can find most of them again in
On redhat systems, there are tools in
/usr/bin/system-config-* for configuring
See what pci devices were detected with
Check the X configuration with
or look in
your specified video card driver in
Change your mouse after installation by
/usr/sbin/mouseconfig. Check the
/dev/mouse points to the device file for
You can change your default desktop easily
switchdesk. This only adds a
.Xclients-default to your home directory,
to be used by
.Xclients. Look in
/etc/X11/xinit to see the system
Your sound may default to a low level. Try
aumix. Your menu should
also contain volume controls.
Dual boots are really not worth the trouble, unless you are stuck with a laptop. I prefer to run one OS per machine and connect them with a hub.
I prefer three partitions: one big partition
/, one smaller partition for
/home, and a swap partition that is about
2.5 times the size of the resident memory. A
separate partition for
/home will allow a
fresh installation without reconstructing the
home directory. Installs do a good job of
defaulting these partitions.
If you need to make a boot floppy for a really old Microsoft box, put in the first CD, and try
C:\> d: D:\> cd \dosutils D:\dosutils> rawrite Enter disk image source file name: ..\images\bootdisk.img Enter target diskette drive: a: Please insert a formatted diskette into drive A: and press -ENTER- :
Recent kernels are too large to fit on a boot
floppy. If you have an older machine that
will not boot from CD, then first install an
older minimal linux so that you have a boot
loader. Then copy the kernel
initrd.img onto your
from your newer install CD. Modify
/etc/grub.conf or the equivalent lilo
file to boot from it.
Most distributions allow you to specify the name of a time server and be done with it.
Here are nitty gritty details if you must customize that behavior.
If you are on a network with time servers,
add their hostnames, on one line separated by
foohost barhost bazhost. Or modify the
fudge lines in
/etc/ntp.conf with a specific server name
fudge foohost stratum 10
Start the service with
chkconfig ntpd on.
See that it is running with
On redhat, the
/etc/ntp.conf file may
direct you to use the gui application
dateconfig, or your changes will be lost.
Restart the time server with
/etc/rc.d/rc3.d/S26ntpd restart or
whatever path is appropriate on your machine.
Synchronize once with another host by typing
$ ntpdate ntp.nasa.gov or $ ntpdate time.nist.gov
If you don't use time servers, you can reset your hardware clock with
$ hwclock --set --date="5/15/02 19:00:00"
Use the two digit year, even though we've already passed into the next millenium. (A four digit year will put you in a strange century.) To avoid upsetting running processes, your clock does not reset until the next reboot. Always use local time.
First of all, to eject your CDROM, type
eject. If your CDROM is not visible, try
mounting it with
Make a CDROM image (ISO9660) from a file system with
mkisofs -r -J /my/dir/ > image.iso
(This is faster than specifying the file with -o).
With Gnome, I can right click on the iso and specify "Write to CD".
With a recent kernel, you can easily record from the command line with.
cdrecord -v speed=2 dev=/dev/cdwriter -data image.iso
You'll need to use
sudo or run as
If this doesn't work, you can identify your CD-R device, and burn the iso with
$ cdrecord -scanbus 1,0,0 100) 'HITACHI ' 'DVD-ROM GD-5000 ' '0212' Removable CD-ROM 1,1,0 101) 'SONY ' 'CD-RW CRX220E1 ' '6YS1' Removable CD-ROM ... $ cdrecord -v speed=2 dev=1,1,0 -data image.iso
Tools for reading music cd's include
-unique -device /dev/cdrom -play. Play a
mplayer. Write or
copy a music CD with
xcdroast which is a
GUI wrapper for
cdrecord and other
Most of these will play an audio CD
digitally, without an audio cable connected
to your CDROM. For example, right click on
xmms menu for "Options" and
"Preferences." Select the "Audio I/O
Plugins" tab. Highlight "CD Audio Player" in
the panel of "Input plugins" then hit the
"Configure" button. Switch the radio button
for "Play Mode" from "Analog" to "Digital
audio extraction." Hit all the Ok buttons on
your way out. Right click again on the
xmms panel, select "Play File", point at
/mnt/cdrom, and hit the forward play
Most systems now will automatically recognize and mount USB
memory sticks automatically. If yours is not mounted, then look at
/var/log/messages to see if the device was seen at all.
If so, then you just need to solve the problem of mounting.
Look at the rules in
/etc/udev/rules.d and see if any apply
to your USB stick. Rules usually key off a product name and
vendor string. You can see what your stick reports by running
lsusb -v. From there, find the rule that udev should use
to mount it. You may have a heretofore unrecognized stick.
If automounting will not work, then you can still mount by hand.
Plug it in to a USB port. Install
sg3_utils. Scan raw SCSI devices and
determine the real SCSI device.
root$ sg_scan -i /dev/sg0: scsi0 channel=0 id=0 lun=0 IBM-ESXS ST318305LW !# B244 [rmb=0 cmdq=1 pqual=0 pdev=0x0] /dev/sg1: scsi0 channel=0 id=1 lun=0 IBM-ESXS ST318305LW !# B244 [rmb=0 cmdq=1 pqual=0 pdev=0x0] /dev/sg2: scsi2 channel=0 id=0 lun=0 [em] M-Sys Dell Memory Key 4.50 [rmb=1 cmdq=0 pqual=0 pdev=0x0] root$ sg_map /dev/sg0 /dev/sda /dev/sg1 /dev/sdb /dev/sg2 /dev/sdc
From this, I see that the memory key is on
/dev/sdc1 specifies the
first, and usually only, partition.
To mount this, first create a mount point, then mount
sudo mkdir /mnt/flash sudo mount -o defaults /dev/sdc1 /mnt/flash
Or you can add a line to
/etc/fstab, so you can mount and
write as any user. You'll need to see what options are supported,
as these change over time.
To examine, change, and format partitions.
root$ fdisk /dev/sdc root$ mkfs -t vfat /dev/sdc1
See more at http://vic.gedris.org/linux-UsbMassStorage/ , http://www.linux-usb.org/ , and http://www.cs.sfu.ca/~ggbaker/personal/cf-linux
A device that refuses to mount might be using a faster USB 2
protocol than supported by the device. The log message should
new high speed USB device using ehci_hcd and
There still seem to be intermittent problems mounting these, even when the device supports USB2. Try reloading the appropriate kernel module:
sync sudo modprobe ehci_hcd
For some reason, this often triggers the correct remounting of all USB2 devices.
For extra emphasis, you can first remove the module:
rmmod ehci_hcd, which first causes all USB devices to be
mounted at the lower speed. Then add the module back.
For NTFS, install the following packages: fuse, dkms, dkms-fuse, fuse-ntfs-3g Mount and unmount with the following.
mkdir /mnt/ntfs ntfs-3g /dev/sdc1 /mnt/ntfs # read-write ntfs-3g /dev/sdc1 /mnt/ntfs -o ro # read only umount /mnt/ntfs
You should get around 1Mb/sec transfer rate
with flash memory. First find out what
device your flash is attached to with
/media/usbdisk. Then check the raw device
transfer rate with
sudo hdparm -t
/dev/sda1. If the hardware is fast, and
your file copies are much slower, then your
problem is software. Look at
the flash is attached, and be sure you are
usb_storage instead of the slower
ub. See that the proper module is loaded
lsmod | egrep ehci_hcd. Look at
sudo lsusb -v | less to see that you are
using USB 2 instead of 1. You should also
ehci_hcd listed after the kernel. If
these are all right, then you may be better
off disabling syncing during writes. See if
the usb drive shows up with
mount | grep
sync. See if
sync is specified in
/etc/fstab for the usb drive. If so,
disable it in
/etc/fstab or by examining
man fstab-sync. A copy may appear to
occur instantaneously, but much of the file
may be cached in memory. You still need to
sync from the command line to finish the
write, but this should occur at near the
maximum rate for a single write. Finally, as
umount /media/usbdisk before
An external hard drive is much easier to handle. Mine came as nfts. I formatted to a Linux filesystem like this.
root$ mkfs -t ext4 /dev/sdc1
If you want to delete or add partitions, you can use
root$ fdisk /dev/sdc1
EncFS is an excellent way to encrypt files that you may carry around with you on a portable USB drive.
Most of what you need to know can be found at http://www.arg0.net/encfs
If you have permission problems, add yourself to the fuse
sudo chgrp fuse /usr/bin/fusermount sudo chmod 4755 /usr/bin/fusermount
Make sure the
fuse modele is loaded with
lsmod | grep fuse modprobe fuse
For digital cameras, try http://www.gphoto.org/ .
Set up a cups printer by modifying the
See which printers are available with
lpstat -t and print with
Set default printer options like this:
lpoptions -o sides=two-sided-long-edge
See more on cups at http://localhost:631/ .
Check your system for rootkit vulnerabilities
For firewalls, the best single reference is the book "Linux Firewalls" by Robert L. Ziegler, from New Riders press.
I now use a hardware firewall, and don't rely
on the built-in packet filtering of
iptables. Do not connect to the internet
until you have some firewall in place.
Distributions should all now have a simple
interface that let you manipulate the rules
of the underlying
iptables. Look for it
on your menu bar. In the past, I exported
ssh and let
iptables to block
all other connections on all other ports.
scp instead of
ftp for your own use.
See what packet filtering you have turned on
iptables --list either with
or as root.
See what services are running (at various
chkconfig --list or more
/sbin/service --status-all | grep running
Disable services you don't need. Anyone able to connect to these ports can for weaknesses like buffer overflows in these services. Useless daemons also waste resources.
Stop services with
/sbin/service sendmail stop
And prevent a service from being started at your runlevel by removing the startup script, such as
You can manipulate the symbolic links in the
runlevel directory by using
See what services are running (at various
chkconfig sendmail off.
See what ports you have open for TCP services with
netstat -pta | grep LISTEN
Match ports to services by looking at
Check your machine for vulnerabilities at
sites that will scan your ports, like
http://grc.com/ . Then look
at your log files in /var/log/messages* to
see the ignored packets. Use
tracepath IP_ADDRESS to
see where the packets came from.
Scan your own ports with
nmap, which you
can get from http://www.insecure.org/nmap/
This will label the available ports for you.
Use the flags
nmap -sT -P0 (IP_ADDRESS)
if you are able to scan your machine from an
SSH is usually installed and functional with a default install.
Provide automatic access for one machine at a
time. Set up a custom configuration by
$HOME/.ssh/config and editing. My defaults
use dsa, so I run
ssh-keygen -t dsa and
provide a passphrase. This creates a
$HOME/.ssh. Copy the public key in
/$HOME/.ssh/authorized_keys on a remote
machine. You can do this with
ssh-copy-id -i $HOME/.ssh/id_dsa.pub remote_host
Now go to that remote machine and
ssh back. It should ask for your passphrase
instead of your password. If not, your
configuration files are not compatible with
your choice of keys and protocol. Try
creating keys for rsa and rsa1 too. Add them
When it works, then you can now start a user agent to manage your login. Try this
$ ssh-agent | grep -v echo | tee ~/.myssh $ ssh-add Enter passphrase for /home/me/.ssh/id_dsa: Identity added: /home/me/.ssh/id_dsa (/home/me/.ssh/id_dsa) $ ssh-add -l
The first command starts an agent and saves two environment
Now any shell can source this file and ssh to authorized hosts without typing a password.
Naturally I put the above commands in a script. I run it once after rebooting a machine.
.bashrc file, I source this file
if [ -f "$HOME/.myssh" ] ; then . $HOME/.myssh fi
Bill Harlan, 2002-2007
Return to parent directory.