Red Hat Enterprise Linux 7 System Administrator’s Guide - Free Download PDF

27d ago
3 Views
0 Downloads
5.94 MB
602 Pages
Transcription

Red Hat Enterprise Linux 7System Administrator’s GuideDeployment, configuration, and administration of RHEL 7Last Updated: 2021-01-28

Red Hat Enterprise Linux 7 System Administrator’s GuideDeployment, configuration, and administration of RHEL 7

Legal NoticeCopyright 2021 Red Hat, Inc.The text of and illustrations in this document are licensed by Red Hat under a Creative CommonsAttribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA isavailable athttp://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you mustprovide the URL for the original version.Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift,Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United Statesand other countries.Linux is the registered trademark of Linus Torvalds in the United States and other countries.Java is a registered trademark of Oracle and/or its affiliates.XFS is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United Statesand/or other countries.MySQL is a registered trademark of MySQL AB in the United States, the European Union andother countries.Node.js is an official trademark of Joyent. Red Hat is not formally related to or endorsed by theofficial Joyent Node.js open source or commercial project.The OpenStack Word Mark and OpenStack logo are either registered trademarks/service marksor trademarks/service marks of the OpenStack Foundation, in the United States and othercountries and are used with the OpenStack Foundation's permission. We are not affiliated with,endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.All other trademarks are the property of their respective owners.AbstractThe System Administrator's Guide documents relevant information regarding the deployment,configuration, and administration of Red Hat Enterprise Linux 7. It is oriented towards systemadministrators with a basic understanding of the system. To expand your expertise, you might alsobe interested in the Red Hat System Administration I (RH124), Red Hat System Administration II(RH134), Red Hat System Administration III (RH254), or RHCSA Rapid Track (RH199) trainingcourses. If you want to use Red Hat Enterprise Linux 7 with the Linux Containers functionality, seeProduct Documentation for Red Hat Enterprise Linux Atomic Host. For an overview of general LinuxContainers concept and their current capabilities implemented in Red Hat Enterprise Linux 7, see

Overview of Containers in Red Hat Systems. The topics related to containers management andadministration are described in the Red Hat Enterprise Linux Atomic Host 7 Managing Containersguide.

Table of ContentsTable of Contents. . . . . . .I. BASICPART. . . . . . . SYSTEM. . . . . . . . . .CONFIGURATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.CHAPTER. . . . . . . . . . 1. .GETTING. . . . . . . . . . STARTED. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22.What Cockpit Is and Which Tasks It Can Be Used For221.1. BASIC CONFIGURATION OF THE ENVIRONMENT231.1.1. Introduction to Configuring the Date and Time23Displaying the Current Date and Time231.1.2. Introduction to Configuring the System Locale1.1.3. Introduction to Configuring the Keyboard Layout1.2. CONFIGURING AND INSPECTING NETWORK ACCESS1.2.1. Configuring Network Access During the Installation Process1.2.2. Managing Network Connections After the Installation Process Using nmcli1.2.3. Managing Network Connections After the Installation Process Using nmtui2424242525261.2.4. Managing Networking in Cockpit1.3. THE BASICS OF REGISTERING THE SYSTEM AND MANAGING SUBSCRIPTIONS1.3.1. What Red Hat Subscriptions Are and Which Tasks They Can Be Used For2626261.3.2. Registering the System During the Installation1.3.3. Registering the System after the Installation27271.3.4. Registering a System to EUS Content1.3.5. Registering a System to E4S Content28291.4. INSTALLING SOFTWARE1.4.1. Prerequisites for Software Installation30301.4.2. Introduction to the System of Software Packaging and Software Repositories1.4.3. Managing Basic Software Installation Tasks with Subscription Manager and Yum1.5. MAKING SYSTEMD SERVICES START AT BOOT TIME3131321.5.1. Enabling or Disabling the Services1.5.2. Managing Services in Cockpit1.5.3. Additional Resources on systemd Services1.6. ENHANCING SYSTEM SECURITY WITH A FIREWALL, SELINUX AND SSH LOGINGS323333331.6.1. Ensuring the Firewall Is Enabled and Running1.6.1.1. What a Firewall Is and How It Enhances System Security1.6.1.2. Re-enabling the firewalld Service1.6.2. Ensuring the Appropriate State of SELinux1.6.2.1. What SELinux Is and How It Enhances System SecuritySELinux States333434343434SELinux Modes1.6.2.2. Ensuring the Required State of SELinux1.6.2.3. Managing SELinux in Cockpit1.6.3. Using SSH-based Authentication343536361.6.3.1. What SSH-based Authentication Is and How It Enhances System Security1.6.3.2. Establishing an SSH Connection1.6.3.3. Disabling SSH Root Login1.7. THE BASICS OF MANAGING USER ACCOUNTSNormal and System Accounts3636373737What Groups Are and Which Purposes They Can Be Used For1.7.1. The Most Basic Command-Line Tools to Manage User Accounts and Groups1.7.2. Managing User Accounts in Cockpit1.8. DUMPING THE CRASHED KERNEL USING THE KDUMP MECHANISM383839391.8.1. What kdump Is and Which Tasks It Can Be Used For1.8.2. Enabling and Activating kdump During the Installation Process1.8.3. Ensuring That kdump Is Installed and Enabled after the Installation Process3940401

Red Hat Enterprise Linux 7 System Administrator’s Guide1.8.4. Configuring kdump in Cockpit1.8.5. Additional Resources on kdump1.9. PERFORMING SYSTEM RESCUE AND CREATING SYSTEM BACKUP WITH REAR1.9.1. What ReaR Is and Which Tasks It Can Be Used For404141411.9.2. Quickstart to Installation and Configuration of ReaR1.9.3. Quickstart to Creation of the Rescue System with ReaR1.9.4. Quickstart to Configuration of ReaR with the Backup Software1.10. USING THE LOG FILES TO TROUBLESHOOT PROBLEMS414242421.10.1. Services Handling the syslog Messages1.10.2. Subdirectories Storing the syslog Messages1.11. ACCESSING RED HAT SUPPORT1.11.1. Obtaining Red Hat Support Through Red Hat Customer Portal1.11.1.1. What the Red Hat Support Tool Is and Which Tasks It Can Be Used For42434343431.11.2. Using the SOS Report to Troubleshoot Problems44.CHAPTER. . . . . . . . . . 2. . SYSTEM. . . . . . . . . .LOCALE. . . . . . . . .AND. . . . . KEYBOARD. . . . . . . . . . . . .CONFIGURATION. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45.2.1. SETTING THE SYSTEM LOCALE452.1.1. Displaying the Current Status452.1.2. Listing Available Locales2.1.3. Setting the Locale46462.1.4. Making System Locale Settings Permanent when Installing with Kickstart472.2. CHANGING THE KEYBOARD LAYOUT2.2.1. Displaying the Current Settings2.2.2. Listing Available Keymaps2.2.3. Setting the Keymap2.3. ADDITIONAL RESOURCESInstalled DocumentationSee Also47484848494949. . . . . . . . . . . 3.CHAPTER. . CONFIGURING. . . . . . . . . . . . . . . . THE. . . . . DATE. . . . . . AND. . . . . .TIME. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51.3.1. USING THE TIMEDATECTL COMMAND3.1.1. Displaying the Current Date and Time51513.1.2. Changing the Current Time523.1.3. Changing the Current Date3.1.4. Changing the Time Zone52533.1.5. Synchronizing the System Clock with a Remote Server3.2. USING THE DATE COMMAND53543.2.1. Displaying the Current Date and Time543.2.2. Changing the Current Time3.2.3. Changing the Current Date55563.3. USING THE HWCLOCK COMMAND3.3.1. Displaying the Current Date and Time3.3.2. Setting the Date and Time3.3.3. Synchronizing the Date and Time3.4. ADDITIONAL RESOURCES5657575858Installed Documentation59See Also59.CHAPTER. . . . . . . . . . 4. . .MANAGING. . . . . . . . . . . . USERS. . . . . . . .AND. . . . .GROUPS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60.4.1. INTRODUCTION TO USERS AND GROUPS60Reserved User and Group IDs4.1.1. User Private Groups4.1.2. Shadow Passwords4.2. MANAGING USERS IN A GRAPHICAL ENVIRONMENT260606161

Table of Contents4.2.1. Using the Users Settings Tool614.3. USING COMMAND-LINE TOOLS634.3.1. Adding a New User4.3.2. Adding a New Group64674.3.3. Adding an Existing User to an Existing Group684.3.4. Creating Group Directories4.3.5. Setting Default Permissions for New Files Using umask6869What umask consists ofHow umask works69694.3.5.1. Managing umask in Shells70Displaying the current maskSetting mask in shell using umask7071Working with the default shell umaskWorking with the default shell umask of a specific user7172Setting default permissions for newly created home directories724.4. ADDITIONAL RESOURCESInstalled DocumentationOnline DocumentationSee Also72727373.CHAPTER. . . . . . . . . . 5. . ACCESS. . . . . . . . . .CONTROL. . . . . . . . . . .LISTS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74.5.1. MOUNTING FILE SYSTEMS745.1.1. NFS5.2. SETTING ACCESS ACLS74745.3. SETTING DEFAULT ACLS765.4. RETRIEVING ACLS5.5. ARCHIVING FILE SYSTEMS WITH ACLS76765.6. COMPATIBILITY WITH OLDER SYSTEMS5.7. ACL REFERENCES7778. . . . . . . . . . . 6.CHAPTER. . .GAINING. . . . . . . . . PRIVILEGES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79.6.1. CONFIGURING ADMINISTRATIVE ACCESS USING THE SU UTILITY796.2. CONFIGURING ADMINISTRATIVE ACCESS USING THE SUDO UTILITY6.3. ADDITIONAL RESOURCES8082Installed DocumentationOnline Documentation8282See Also82. . . . . . .II. .SUBSCRIPTIONPART. . . . . . . . . . . . . . . . AND. . . . . .SUPPORT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83.CHAPTER. . . . . . . . . . 7. . REGISTERING. . . . . . . . . . . . . . . THE. . . . . SYSTEM. . . . . . . . . .AND. . . . .MANAGING. . . . . . . . . . . . SUBSCRIPTIONS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84.7.1. REGISTERING THE SYSTEM AND ATTACHING SUBSCRIPTIONS847.2. MANAGING SOFTWARE REPOSITORIES847.3. REMOVING SUBSCRIPTIONS857.4. ADDITIONAL RESOURCES86Installed DocumentationRelated Books8686See Also86. . . . . . . . . . . 8.CHAPTER. . .ACCESSING. . . . . . . . . . . . .SUPPORT. . . . . . . . . . USING. . . . . . . .THE. . . . .RED. . . . HAT. . . . . SUPPORT. . . . . . . . . . . TOOL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87.8.1. INSTALLING THE RED HAT SUPPORT TOOL878.2. REGISTERING THE RED HAT SUPPORT TOOL USING THE COMMAND LINE878.3. USING THE RED HAT SUPPORT TOOL IN INTERACTIVE SHELL MODE8.4. CONFIGURING THE RED HAT SUPPORT TOOL87873

Red Hat Enterprise Linux 7 System Administrator’s Guide8.4.1. Saving Settings to the Configuration Files8.5. OPENING AND UPDATING SUPPORT CASES USING INTERACTIVE MODE88898.6. VIEWING SUPPORT CASES ON THE COMMAND LINE918.7. ADDITIONAL RESOURCES91. . . . . . .III.PART. . INSTALLING. . . . . . . . . . . . . .AND. . . . . MANAGING. . . . . . . . . . . . .SOFTWARE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92. . . . . . . . . . . 9.CHAPTER. . .YUM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93.9.1. CHECKING FOR AND UPDATING PACKAGES9.1.1. Checking For Updates9.1.2. Updating PackagesUpdating a Single Package9.1.3. Upgrading the System Off-line with ISO and Yum9.2. WORKING WITH PACKAGES93949496989.2.1. Searching Packages9.2.2. Listing Packages98999.2.3. Displaying Package Information1019.2.4. Installing Packages1029.2.5. Downloading Packages1059.2.6. Removing Packages9.3. WORKING WITH PACKAGE GROUPS1061069.3.1. Listing Package Groups1079.3.2. Installing a Package Group1089.3.3. Removing a Package Group1099.4. WORKING WITH TRANSACTION HISTORY9.4.1. Listing Transactions1101109.4.2. Examining Transactions1149.4.3. Reverting and Repeating Transactions1159.4.4. Starting New Transaction History1169.5. CONFIGURING YUM AND YUM REPOSITORIES1169.5.1. Setting [main] Options9.5.2. Setting [repository] Options1171209.5.3. Using Yum Variables1229.5.4. Viewing the Current Configuration1239.5.5. Adding, Enabling, and Disabling a Yum Repository1249.5.6. Creating a Yum Repository9.5.6.1. Adding packages to an already created yum repository1261279.5.7. Adding the Optional and Supplementary Repositories1279.6. YUM PLUG-INS1279.6.1. Enabling, Configuring, and Disabling Yum Plug-ins1289.6.2. Installing Additional Yum Plug-ins9.6.3. Working with Yum Plug-ins1281299.7. AUTOMATICALLY REFRESHING PACKAGE DATABASE AND DOWNLOADING UPDATES WITH YUMCRON1319.7.1. Enabling Automatic Installation of Updates1319.7.2. Setting up Optional Email Notifications1319.7.3. Enabling or Disabling Specific Repositories9.7.4. Testing Yum-cron Settings1321329.7.5. Disabling Yum-cron messages1329.7.6. Automatically Cleaning Packages1339.8. ADDITIONAL RESOURCESInstalled DocumentationOnline Resources493133133133

Table of ContentsSee Also133. . . . . . .IV.PART. . .INFRASTRUCTURE. . . . . . . . . . . . . . . . . . . .SERVICES. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134. . . . . . . . . . . 10.CHAPTER. . . MANAGING. . . . . . . . . . . . .SERVICES. . . . . . . . . . .WITH. . . . . .SYSTEMD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.10.1. INTRODUCTION TO SYSTEMD135Overriding the Default systemd Configuration Using system.conf13610.1.1. Main Features13610.1.2. Compatibility Changes10.2. MANAGING SYSTEM SERVICES137138Specifying Service Units139Behavior of systemctl in a chroot Environment14010.2.1. Listing Services14010.2.2. Displaying Service Status10.2.3. Starting a Service14114310.2.4. Stopping a Service14310.2.5. Restarting a Service14410.2.6. Enabling a Service14410.2.7. Disabling a Service10.2.8. Starting a Conflicting Service14514610.3. WORKING WITH SYSTEMD TARGETS14610.3.1. Viewing the Default Target14710.3.2. Viewing the Current Target14710.3.3. Changing the Default Target10.3.4. Changing the Current Target14814910.3.5. Changing to Rescue Mode14910.3.6. Changing to Emergency Mode15010.4. SHUTTING DOWN, SUSPENDING, AND HIBERNATING THE SYSTEM15010.4.1. Shutting Down the System151Using systemctl CommandsUsing the shutdown Command15115110.4.2. Restarting the System15210.4.3. Suspending the System15210.4.4. Hibernating the System15210.5. CONTROLLING SYSTEMD ON A REMOTE MACHINE10.6. CREATING AND MODIFYING SYSTEMD UNIT FILES15315310.6.1. Understanding the Unit File Structure15410.6.2. Creating Custom Unit Files15810.6.3. Converting SysV Init Scripts to Unit Files162Finding the Service DescriptionFinding Service Dependencies162162Finding Default Targets of the Service163Finding Files Used by the Service16310.6.4. Modifying Existing Unit Files165Extending the Default Unit ConfigurationOverriding the Default Unit Configuration165167Monitoring Overriden Units16810.6.5. Working with Instantiated Units16910.7. ADDITIONAL CONSIDERATIONS WHILE MANAGING SERVICES17010.8. ADDITIONAL RESOURCESInstalled Documentation172173Online Documentation173See Also1745

Red Hat Enterprise Linux 7 System Administrator’s Guide. . . . . . . . . . . 11.CHAPTER. . .CONFIGURING. . . . . . . . . . . . . . . .A. .SYSTEM. . . . . . . . .FOR. . . . .ACCESSIBILITY. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175.11.1. CONFIGURING THE BRLTTY SERVICE175Enable the brltty Service175Authorize Users to Use the Braille DisplaySet the Braille Driver175176Set the Braille Device177Set Specific Parameters for Particular Braille Displays177Set the Text Table178Set the Contraction Table11.2. SWITCH ON ALWAYS SHOW UNIVERSAL ACCESS MENU17817811.3. ENABLING THE FESTIVAL SPEECH SYNTHESIS SYSTEM179Choose a Voice for Festival180. . . . . . . . . . . 12.CHAPTER. . . OPENSSH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182.12.1. THE SSH PROTOCOL18212.1.1. Why Use SSH?12.1.2. Main Features18218212.1.3. Protocol Versions18312.1.4. Event Sequence of an SSH Connection18312.1.4.1. Transport Layer18312.1.4.2. Authentication12.1.4.3. Channels18418512.2. CONFIGURING OPENSSH12.2.1. Configuration Files12.2.2. Starting an OpenSSH Server12.2.3. Requiring SSH for Remote Connections12.2.4. Using Key-based Authentication12.2.4.1. Generating Key Pairs12.2.4.2. Configuring ssh-agent12.3. OPENSSH CLIENTS12.3.1. Using the ssh Utility12.3.2. Using the scp Utility18518518718818818919119319419512.3.3. Using the sftp Utility12.4. MORE THAN A SECURE SHELL12.4.1. X11 Forwarding19619719712.4.2. Port Forwarding12.5. ADDITIONAL RESOURCES197198Installed DocumentationOnline DocumentationSee Also199199199.CHAPTER. . . . . . . . . . 13. . . TIGERVNC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200.13.1. VNC SERVER20013.1.1. Installing VNC Server200613.1.2. Configuring VNC Server13.1.2.1. Configuring VNC Server for Two Users20020113.1.3. Starting VNC Server13.1.3.1. Configuring VNC Server for Two Users and Two Different Displays13.1.4. VNC setup based on xinetd with XDMCP for GDM20120220213.1.5. Terminating a VNC Session13.2. SHARING AN EXISTING DESKTOP20420413.3. VNC VIEWER13.3.1. Installing VNC Viewer204204

Table of Contents13.3.2. Connecting to VNC Server13.3.2.1. Configuring the Firewall for VNC20520513.3.3. Connecting to VNC Server Using SSHRestricting VNC Access20720713.4. ADDITIONAL RESOURCESInstalled Documentation207207. . . . . . .V.PART. . SERVERS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209.CHAPTER. . . . . . . . . . 14. . . WEB. . . . . .SERVERS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .210.14.1. THE APACHE HTTP SERVER21014.1.1. Notable Changes14.1.2. Updating the Configuration21021314.1.3. Running the httpd Service14.1.3.1. Starting the Service14.1.3.2. Stopping the Service21321321414.1.3.3. Restarting the Service14.1.3.4. Verifying the Service Status21421414.1.4. Editing the Configuration Files14.1.5. Working with Modules14.1.5.1. Loading a Module21521521514.1

be interested in the Red Hat System Administration I (RH124), Red Hat System Administration II (RH134), Red Hat System Administration III (RH254), or RHCSA Rapid Track (RH199) training courses. If you want to use Red Hat Enterprise Linux 7 with the Linux Containers functionality, see Product Documentation for Red Hat Enterprise Linux Atomic Host.