Centos 6 Deployment Guide
Red Hat Enterprise Linux reserves user and group IDs below 500 for system users and groups. By default, the User Manager does not display the system users. Reserved user and group IDs are documented in the setup package. To view the documentation, use this command: cat /usr/share/doc/setup-2.8.14/uidgid The recommended practice is to assign non-reserved IDs starting at 5,000, as the reserved range can increase in the future. To make the IDs assigned to new users by default start at 5,000, change the UIDMIN and GIDMIN directives in the /etc/login.defs file: file contents truncated UIDMIN 5000 file contents truncated GIDMIN 5000 file contents truncated. You can also set the number of days after a password expires with the useradd command, which disables the account permanently.
A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature, that is, the user will have to change his password when the password expires. The -f option is used to specify the number of days after a password expires until the account is disabled (but may be unblocked by system administrator): useradd -f number-of-days username. # lslogins jdoe Username: jdoe UID: 501 Gecos field: John Doe Home directory: /home/jdoe Shell: /bin/bash No login: no Password is locked: no Password no required: no Login by password disabled: no Primary group: jdoe GID: 501 Supplementary groups: users Supplementary group IDs: 100 Last login: 12:13:53 Last terminal: pts/3 Last hostname: 192.168.100.1 Hushed: no Password expiration warn interval: 7 Password changed: Aug01/02:00 Maximal change time: 99999 Password expiration: Sep01/02:00 Selinux context: unconfinedu:unconfinedr:unconfinedt:s0-s0:c0.c1023. Additionally, several programs in /etc/security/console.apps/ partially derive their PAM configuration from the /etc/pam.d/config-util configuration file.
This allows to change configuration for all these programs at once by editing /etc/pam.d/config-util. To find all these programs, search for PAM configuration files that refer to the config-util file: # grep -l 'config-util' /etc/pam.d/. /etc/pam.d/abrt-cli-root /etc/pam.d/rhnregister /etc/pam.d/subscription-manager /etc/pam.d/subscription-manager-gui /etc/pam.d/system-config-network /etc/pam.d/system-config-network-cmd. When in interactive mode, the configuration options can be listed by entering the command config -help: # redhat-support-tool Welcome to the Red Hat Support Tool. For help): config -help Usage: config options config.option Use the 'config' command to set or get configuration file values. Options: -h, -help show this help message and exit -g, -global Save configuration option in /etc/redhat-support-tool.conf.u, -unset Unset configuration option. The configuration file options which can be set are: user: The Red Hat Customer Portal user.
Password: The Red Hat Customer Portal password. Debug: CRITICAL, ERROR, WARNING, INFO, or DEBUG url: The support services URL. Default=proxyurl: A proxy server URL. Proxyuser: A proxy server user. Proxypassword: A password for the proxy server user.
Sslca: Path to certificate authorities to trust during communication. Kerndebugdir: Path to the directory where kernel debug symbols should be downloaded and cached. Default=/var/lib/redhat-support-tool/debugkernels Examples: - config user - config user my-rhn-username - config -unset user. The Red Hat Support Tool, unless otherwise directed, stores values and options locally in the home directory of the current user, using the /.redhat-support-tool/redhat-support-tool.conf configuration file. If required, it is recommended to save passwords to this file because it is only readable by that particular user.
Centos 6 Installation Guide Step By Step
When the tool starts, it will read values from the global configuration file /etc/redhat-support-tool.conf and from the local configuration file. Locally stored values and options take precedence over globally stored settings. Yum provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (i.e. Package sources), or for individual repositories. When signature verification is enabled, Yum will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the RPM packages you download and install on your system are from a trusted source, such as Red Hat, and were not modified during transfer. See for details on enabling signature-checking with Yum, or for information on working with and verifying GPG-signed RPM packages in general.
For example: # yum check-update Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. INFO:rhsm-app.repolib:repos updated: 0 PackageKit.x8664 0.5.8-2.el6 rhel PackageKit-glib.x8664 0.5.8-2.el6 rhel PackageKit-yum.x8664 0.5.8-2.el6 rhel PackageKit-yum-plugin.x8664 0.5.8-2.el6 rhel glibc.x8664 2.11.90-20.el6 rhel glibc-common.x8664 2.10.90-22 rhel kernel.x8664 2.6.31-14.el6 rhel kernel-firmware.noarch 2.6.31-14.el6 rhel rpm.x8664 4.7.1-5.el6 rhel rpm-libs.x8664 4.7.1-5.el6 rhel rpm-python.x8664 4.7.1-5.el6 rhel udev.x8664 147-2.15.el6 rhel yum.noarch 3.2.24-4.el6 rhel.
For example, to update the udev package, type: # yum update udev Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. Packages with various ABRT add-ons and plug-ins either begin with “ abrt-addon-”, or “ abrt-plugin-”. To list these packages, type the following at a shell prompt: # yum list abrt-addon.
abrt-plugin. Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. INFO:rhsm-app.repolib:repos updated: 0 Installed Packages abrt-addon-ccpp.x8664 1.0.7-5.el6 @rhel abrt-addon-kerneloops.x8664 1.0.7-5.el6 @rhel abrt-addon-python.x8664 1.0.7-5.el6 @rhel abrt-plugin-bugzilla.x8664 1.0.7-5.el6 @rhel abrt-plugin-logger.x8664 1.0.7-5.el6 @rhel abrt-plugin-sosreport.x8664 1.0.7-5.el6 @rhel abrt-plugin-ticketuploader.x8664 1.0.7-5.el6 @rhel yum list all. To list all available packages with names that contain “ gstreamer” and then “ plugin”, run the following command: # yum list available gstreamer.plugin.
Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. INFO:rhsm-app.repolib:repos updated: 0 Available Packages gstreamer-plugins-bad-free.i686 0.10.17-4.el6 rhel gstreamer-plugins-base.i686 0.10.26-1.el6 rhel gstreamer-plugins-base-devel.i686 0.10.26-1.el6 rhel gstreamer-plugins-base-devel.x8664 0.10.26-1.el6 rhel gstreamer-plugins-good.i686 0.10.18-1.el6 rhel yum grouplist. For example, to display information about the abrt package, type: # yum info abrt Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. INFO:rhsm-app.repolib:repos updated: 0 Installed Packages Name: abrt Arch: x8664 Version: 1.0.7 Release: 5.el6 Size: 578 k Repo: installed From repo: rhel Summary: Automatic bug detection and reporting tool URL: License: GPLv2+ Description: abrt is a tool to help users to detect defects in applications: and to create a bug report with all informations needed by: maintainer to fix it. It uses plugin system to extend its: functionality. This command provides additional information about a package, including the check sum of the package (and algorithm used to produce it, such as SHA-256), the command given on the command line that was invoked to install the package (if any), and the reason that the package is installed on the system (where user indicates it was installed by the user, and dep means it was brought in as a dependency).
For example, to display additional information about the yum package, type: # yumdb info yum Loaded plugins: product-id, refresh-packagekit, subscription-manager yum-3.2.27-4.el6.noarch checksumdata = 23d337ed51a9757bbfbdceb82c4eaca9808ff10d540f44fe95f771 checksumtype = sha256 fromrepo = rhel fromreporevision = fromrepotimestamp = installedby = reason = user releasever = 6.1. If you know you want to install the package that contains the named binary, but you do not know in which bin or sbin directory is the file installed, use the yum provides command with a glob expression: # yum provides '.bin/named' Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories.
INFO:rhsm-app.repolib:repos updated: 0 32:bind-9.7.0-4.P1.el6.x8664: The Berkeley Internet Name Domain (BIND): DNS (Domain Name System) server Repo: rhel Matched from: Filename: /usr/sbin/named. A package group is similar to a package: it is not useful by itself, but installing one pulls a group of dependent packages that serve a common purpose. A package group has a name and a groupid.
The yum grouplist -v command lists the names of all package groups, and, next to each of them, their groupid in parentheses. The groupid is always the term in the last pair of parentheses, such as kde-desktop in the following example: # yum -v grouplist kde. Loading 'product-id' plugin Loading 'refresh-packagekit' plugin Loading 'subscription-manager' plugin Updating Red Hat repositories. INFO:rhsm-app.repolib:repos updated: 0 Config time: 0.123 Yum Version: 3.2.29 Setting up Group Process Looking for repo options for rhel rpmdb time: 0.001 group time: 1.291 Available Groups: KDE Desktop (kde-desktop) Done. For example, the list of the first five transactions looks as follows: # yum history list 1.5 Loaded plugins: product-id, refresh-packagekit, subscription-manager ID Login user Date and time Action(s) Altered - 5 Jaromir. 2011-07-29 15:33 Install 1 4 Jaromir. 2011-07-21 15:10 Install 1 3 Jaromir.
2011-07-16 15:27 I, U 73 2 System 2011-07-16 15:19 Update 1 1 System 2011-07-16 14:38 Install 1106 history list. Symbol Description After the transaction finished, the rpmdb database was changed outside Yum. The transaction failed to finish. # The transaction finished successfully, but yum returned a non-zero exit code.
E The transaction finished successfully, but an error or a warning was displayed. P The transaction finished successfully, but problems already existed in the rpmdb database. S The transaction finished successfully, but the -skip-broken command-line option was used and certain packages were skipped. For instance, a summary of the transaction history displayed above would look like the following: # yum history summary 1.5 Loaded plugins: product-id, refresh-packagekit, subscription-manager Login user Time Action(s) Altered - Jaromir. Last day Install 1 Jaromir.
Last week Install 1 Jaromir. Last 2 weeks I, U 73 System Last 2 weeks I, U 1107 history summary. The configuration file for yum and related utilities is located at /etc/yum.conf. This file contains one mandatory main section, which allows you to set Yum options that have global effect, and can also contain one or more repository sections, which allow you to set repository-specific options.
However, it is recommended to define individual repositories in new or existing.repo files in the /etc/yum.repos.d/ directory. The values you define in individual repository sections of the /etc/yum.conf file override values set in the main section. You can use this variable to reference the release version of Red Hat Enterprise Linux. Yum obtains the value of $releasever from the distroverpkg= value line in the /etc/yum.conf configuration file. If there is no such line in /etc/yum.conf, then yum infers the correct value by deriving the version number from the redhat-release-server package. The value of $releasever typically consists of the major release number and the variant of Red Hat Enterprise Linux, for example 6Client, or 6Server. Where repositoryurl is a link to the.repo file.
For example, to add a repository located at type the following at a shell prompt: # yum-config-manager -add-repo Loaded plugins: product-id, refresh-packagekit, subscription-manager adding repo from: grabbing file to /etc/yum.repos.d/example.repo example.repo 413 B 00:00 repo saved to /etc/yum.repos.d/example.repo Enabling a Yum Repository. For example, to enable repositories defined in the example, example-debuginfo, and example-sourcesections, type: # yum-config-manager -enable example. Loaded plugins: product-id, refresh-packagekit, subscription-manager repo: example example bandwidth = 0 basepersistdir = /var/lib/yum/repos/x8664/6Server baseurl = cache = 0 cachedir = /var/cache/yum/x8664/6Server/example output truncated. Yum stores temporary files in the /var/cache/yum/$basearch/$releasever/ directory, where $basearch and $releasever are Yum variables referring to base architecture of the system and the release version of Red Hat Enterprise Linux. Each configured repository has one subdirectory. For example, the directory /var/cache/yum/$basearch/$releasever/development/packages/ holds packages downloaded from the development repository. You can find the values for the $basearch and $releasever variables in the output of the yum version command.
Option Description expire-cache eliminates time records of the metadata and mirrorlists download for each repository. This forces yum to revalidate the cache for each repository the next time it is used. Packages eliminates any cached packages from the system headers eliminates all header files that previous versions of yum used for dependency resolution metadata eliminates all files that yum uses to determine the remote availability of packages. These metadata are downloaded again the next time yum is run. Dbcache eliminates the sqlite cache used for faster access to metadata. Using this option will force yum to download the sqlite metadata the next time it is run.
This does not apply for repositories that contain only.xml data, in that case, sqlite data are deleted but without subsequent download rpmdb eliminates any cached data from the local rpmdb plugins enabled plugins are forced to eliminate their cached data all removes all of the above. The search-disabled-repos plug-in allows you to temporarily or permanently enable disabled repositories to help resolve dependencies. With this plug-in enabled, when Yum fails to install a package due to failed dependency resolution, it offers to temporarily enable disabled repositories and try again. If the installation succeeds, Yum also offers to enable the used repositories permanently. Note that the plug-in works only with the repositories that are managed by subscription-manager and not with custom repositories.
Directive Description enabled= value Allows you to enable or disable the plug-in. The value must be either 1 (enabled), or 0 (disabled). The plug-in is enabled by default. Notifyonly= value Allows you to restrict the behavior of the plug-in to notifications only. The value must be either 1 (notify only without modifying the behavior of Yum), or 0 (modify the behavior of Yum). By default the plug-in only notifies the user. Ignoredrepos= repositories Allows you to specify the repositories that will not be enabled by the plug-in.
Kabi ( kabi-yum-plugins). Directive Description enabled= value Allows you to enable or disable the plug-in. The value must be either 1 (enabled), or 0 (disabled). When installed, the plug-in is enabled by default. Whitelists= directory Allows you to specify the directory in which the files with supported kernel symbols are located. By default, the kabi plug-in uses files provided by the kernel-abi-whitelists package (that is, the /lib/modules/kabi/ directory). Enforce= value Allows you to enable or disable enforcing mode.
The value must be either 1 (enabled), or 0 (disabled). By default, this option is commented out and the kabi plug-in only displays a warning message. Presto ( yum-presto). Downloading a delta RPM is much quicker than downloading the entire updated package, and can speed up updates considerably. Once the delta RPMs are downloaded, they must be rebuilt to apply the difference to the currently-installed package and thus create the full, updated package.
This process takes CPU time on the installing machine. Using delta RPMs is therefore a compromise between time-to-download, which depends on the network connection, and time-to-rebuild, which is CPU-bound. Using the presto plug-in is recommended for fast machines and systems with slower network connections, while slower machines on very fast connections benefit more from downloading normal RPM packages, that is, by disabling presto. Product-id ( subscription-manager). You can then use either yum update -security or yum update-minimal -security to update those packages which are affected by security advisories. Both of these commands update all packages on the system for which a security advisory has been issued.
Yum update-minimal -security updates them to the latest packages which were released as part of a security advisory, while yum update -security will update all packages affected by a security advisory to the latest version of that package available. In the following example, the yum install -downloadonly command is run to download the latest version of the httpd package, without installing it: # yum install httpd -downloadonly Loaded plugins: downloadonly, product-id, refresh-packagekit, rhnplugin,: subscription-manager Updating Red Hat repositories. Clicking on the notification icon opens the Software Update window. Alternatively, you can open Software Updates by clicking System → Administration → Software Update from the GNOME panel, or running the gpk-update-viewer command at the shell prompt. In the Software Updates window, all available updates are listed along with the names of the packages being updated (minus the.rpm suffix, but including the CPU architecture), a short summary of the package, and, usually, short descriptions of the changes the update provides. Any updates you do not want to install can be de-selected here by unchecking the check box corresponding to the update. Right-clicking on PackageKit's Notification Area icon and clicking Preferences opens the Software Update Preferences window, where you can define the interval at which PackageKit checks for package updates, as well as whether or not to automatically install all updates or only security updates.
Leaving the Check for updates when using mobile broadband box unchecked is handy for avoiding extraneous bandwidth usage when using a wireless connection on which you are charged for the amount of data you download. PackageKit refers to Yum repositories as software sources. It obtains all packages from enabled software sources. You can view the list of all configured and unfiltered (see below) Yum repositories by opening Add/Remove Software and clicking System → Software sources.
The Software Sources dialog shows the repository name, as written on the name= field of all repository sections in the /etc/yum.conf configuration file, and in all repository.repo files in the /etc/yum.repos.d/ directory. Once the software sources have been updated, it is often beneficial to apply some filters so that PackageKit retrieves the results of our Find queries faster. This is especially helpful when performing many package searches. Four of the filters in the Filters drop-down menu are used to split results by matching or not matching a single criterion. By default when PackageKit starts, these filters are all unapplied ( No filter), but once you do filter by one of them, that filter remains set until you either change it or close PackageKit. Checking the Only native packages box on a multilib system causes PackageKit to omit listing results for packages compiled for the architecture that runs in compatibility mode.
For example, enabling this filter on a 64-bit system with an AMD64 CPU would cause all packages built for the 32-bit x86 CPU architecture not to be shown in the list of results, even though those packages are able to run on an AMD64 machine. Packages which are architecture-agnostic (i.e.
Noarch packages such as crontabs-1.10-32.1.el6.noarch.rpm) are never filtered out by checking Only native packages. This filter has no affect on non-multilib systems, such as x86 machines. With the two filters selected, Only available and Only end user files, search for the screen window manager for the command line and highlight the package. You now have access to some very useful information about it, including: a clickable link to the project homepage; the Yum package group it is found in, if any; the license of the package; a pointer to the GNOME menu location from where the application can be opened, if applicable; and the size of the package, which is relevant when we download and install it.
When the check box next to a package or group is checked, then that item is already installed on the system. Checking an unchecked box causes it to be marked for installation, which only occurs when the Apply button is clicked. In this way, you can search for and select multiple packages or package groups before performing the actual installation transactions. Additionally, you can remove installed packages by unchecking the checked box, and the removal will occur along with any pending installations when Apply is pressed. Dependency resolution, which may add additional packages to be installed or removed, is performed after pressing Apply.
PackageKit will then display a window listing those additional packages to install or remove, and ask for confirmation to proceed. Select screen and click the Apply button. You will then be prompted for the superuser password; enter it, and PackageKit will install screen. After finishing the installation, PackageKit sometimes presents you with a list of your newly-installed applications and offers you the choice of running them immediately.
Alternatively, you will remember that finding a package and selecting it in the Add/Remove Software window shows you the Location of where in the GNOME menus its application shortcut is located, which is helpful when you want to run it. PackageKit also has the ability to install Yum package groups, which it calls Package collections. Clicking on Package collections in the top-left list of categories in the Software Updates window allows us to scroll through and find the package group we want to install. In this case, we want to install Czech language support (the Czech Support group). Checking the box and clicking apply informs us how many additional packages must be installed in order to fulfill the dependencies of the package group.
The packagekitd daemon runs outside the user session and communicates with the various graphical front ends. The packagekitd daemon communicates via the DBus system message bus with another back end, which utilizes Yum's Python API to perform queries and make changes to the system. On Linux systems other than Red Hat Enterprise Linux and Fedora, packagekitd can communicate with other back ends that are able to utilize the native package manager for that system. This modular architecture provides the abstraction necessary for the graphical interfaces to work with many different package managers to perform essentially the same types of package management tasks. Learning how to use the PackageKit front ends means that you can use the same familiar graphical interface across many different Linux distributions, even when they utilize a native package manager other than Yum.
NetworkManager is a dynamic network control and configuration system that attempts to keep network devices and connections up and active when they are available. NetworkManager consists of a core daemon, a GNOME Notification Area applet that provides network status information, and graphical configuration tools that can create, edit and remove connections and interfaces. NetworkManager can be used to configure the following types of connections: Ethernet, wireless, mobile broadband (such as cellular 3G), and DSL and PPPoE (Point-to-Point over Ethernet). In addition, NetworkManager allows for the configuration of network aliases, static routes, DNS information and VPN connections, as well as many connection-specific parameters.
Finally, NetworkManager provides a rich API via D-Bus which allows applications to query and control network configuration and state. Previous versions of Red Hat Enterprise Linux included the Network Administration Tool, which was commonly known as system-config-network after its command-line invocation. In Red Hat Enterprise Linux 6, NetworkManager replaces the former Network Administration Tool while providing enhanced functionality, such as user-specific and mobile broadband configuration. It is also possible to configure the network in Red Hat Enterprise Linux 6 by editing interface configuration files; see for more information.
User connections are so-called because they are specific to the user who creates them. In contrast to system connections, whose configurations are stored under the /etc/sysconfig/network-scripts/ directory (mainly in ifcfg- interface configuration files), user connection settings are stored in the GConf configuration database and the GNOME keyring, and are only available during login sessions for the user who created them. Thus, logging out of the desktop session causes user-specific connections to become unavailable. NetworkManager can quickly and conveniently convert user to system connections and vice versa.
Converting a user connection to a system connection causes NetworkManager to create the relevant interface configuration files under the /etc/sysconfig/network-scripts/ directory, and to delete the GConf settings from the user's session. Conversely, converting a system to a user-specific connection causes NetworkManager to remove the system-wide configuration files and create the corresponding GConf/GNOME keyring settings.
When you add a new connection by clicking the Add button, a list of connection types appears. Once you have made a selection and clicked on the Create button, NetworkManager creates a new configuration file for that connection and then opens the same dialog that is used for editing an existing connection. There is no difference between these dialogs. In effect, you are always editing a connection; the difference only lies in whether that connection previously existed or was just created by NetworkManager when you clicked Create. The final three configurable settings are located within the Wired tab itself: the first is a text-entry field where you can specify a MAC (Media Access Control) address, and the second allows you to specify a cloned MAC address, and third allows you to specify the MTU (Maximum Transmission Unit) value. Normally, you can leave the MAC address field blank and the MTU set to automatic.
These defaults will suffice unless you are associating a wired connection with a second or specific NIC, or performing advanced networking. In such cases, see the following descriptions. Network hardware such as a Network Interface Card (NIC) has a unique MAC address (Media Access Control; also known as a hardware address) that identifies it to the system. Running the ip addr command will show the MAC address associated with each interface. NetworkManager tries to auto-detect the type of security used by the access point. If there are multiple possibilities, NetworkManager guesses the security type and presents it in the Wireless security dropdown menu. To see if there are multiple choices, click the Wireless security dropdown menu and select the type of security the access point is using.
If you are unsure, try connecting to each type in turn. Finally, enter the key or passphrase in the Password field. Certain password types, such as a 40-bit WEP or 128-bit WPA key, are invalid unless they are of a requisite length. The Connect button will remain inactive until you enter a key of the length required for the selected security type. To learn more about wireless security, see.
Like an Ethernet Network Interface Card (NIC), a wireless adapter has a unique MAC address (Media Access Control; also known as a hardware address) that identifies it to the system. Running the ip addr command will show the MAC address associated with each interface.