Slashdot Mirror
Essential System Administration, 3rd Edition
Content Introduction to System Administration
This chapter claims to make you think like a system administrator, I didn't feel any different after reading it, maybe I already think like one ;-). Most of it is about use of superuser privileges (su, sudo). Other parts are communicating with users (talk, wall, motd - but no mention of e-mail or phone) and GUI-based vs. command-line administration.
The Unix WayHere starts the real stuff: files, processes and devices. A very gentle but thorough introduction to all possibilities of file and directory ownership (chmod, chown, mode strings, numeric modes), next is a description of how files map to disks. The processes are covered on a fairly abstract level, only something about various types (interactive, batch, daemon) and attributes (but no way to show them, not even an example usage of ps or top - that's left for chapter 15). The part on devices is basic, but shows the some commands to list information about devices. Last part in this chapter is about the generic UNIX filesystem layout.
Essential Administrative Tools and TechniquesHere are some of the most important commands and techniques for everyday use: man, grep, awk, find (including how to pipe). Some of the examples are fairly complicated for a novice, a basic knowledge of piping and shell usage is assumed. Next are some methods of handling files and directories (cp, mkdir, diff, rm), periodic execution (cron), logging (syslog, managing log files) and software package management (the most important commands to Linux rpm, Solaris pkg*, etc.) and manual software installation (.configure, make, make install).
Startup and ShutdownContains a fairly detailed description of what happens when a system boots up or shuts down. This includes all the gooey stuff about initialization files, runlevels and how to customize those. Last but not least is a short troubleshooting guide, "When the System won't boot."
TCP/IP NetworkingThe chapter starts with a gentle introduction to TCP/IP and related hardware and explains step-by-step a starting TCP/IP session with dumps and comments. Going on it digs deeper and explains IP addressing, subnets and even a little bit IPv6. The first hands-on part deals with network configuration (ifconfig, configuration files, DHCP, name resolution). A short troubleshooting guide (ping, arp) rounds off the chapter.
Managing Users and GroupsThis part starts with a description of the essential files (/etc/passwd, /etc/shadow, /etc/groups) and how to add/remove users and other aspects of user and group management. The default tools for each distribution are also mentioned. Then a whole slew of pages are dedicated to password selection, cracking and enforcing password policies (though I prefer stronger passwords than those given on page 301). The last pages give an introduction to PAM (mostly Linux) and LDAP (mostly OpenLDAP).
SecurityThis is indeed a very good introduction to UNIX security and its lines of defense (though I did miss "disable remote root login" and "give users no shell when they don't need it"), next are common mistakes, setuid/setgid access modes and ACLs. A short introduction to PGP/GPG and role-based access control is given. The next big part is about network security: OpenSSH, TCP Wrappers and nmap are introduced; the ubiquitous advice "disable what you don't need" is also given. Firewalls are briefly mentioned, some links to actual products e.g. ipfilter or Netfilter would have been nice. A nice checklist-style guide to hardening an UNIX system is given and the chapter concludes with managing problems and monitoring. I did miss some links to resources on the Internet and a reminder on the importance of frequent patching (Sun recently published a nice whitepaper on this topic).
Managing Network ServicesThis chapter builds on the foundation built in the chapter on TCP/IP, as such it covers various basic networking services and starts with name resolution via DNS, mentioning configuration and usage of the common tools (BIND, nslookup, host, dig). This is followed by a part on getting out of the local network (routed, gated), getting others on your network (DHCP) and managing (netstat, ping, traceroute, SNMP) and monitoring (tcpdump, snoop). The chapter ends with short introductions to dedicated packages (e.g. NetSaint, MRTG/RRDTool).
Electronic MailNext is a chapter on that other big network nuisance^W service: mail. It starts with a gentle introduction to the basics (SMTP, MX records, POP/IMAP). The part on MTAs starts with everybody's darling *cough* sendmail which is covered exhaustively. The other MTA covered is Postfix, which also receives fairly extensive coverage. The rest of the chapter covers mail processing (fetchmail, procmail), there is no mention of other MTA, MUAs, or other modern mail processing tools (e.g. against spam). Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).
Filesystems and DisksA very long chapter on filesystems and disks with tons of information on how to create, mount/unmount, repair and monitor filesystems, including some stuff about logical volume managers and RAID. Nicely indexed, it makes a good reference but is boring to read it all (I didn't :-). The last pages are a short introduction to NFS and Samba, but do not cover all the advanced aspects.
Backup and RestoreCovers the tedious taks of backup with all the different aspects: planning backup, strategies to manage the workload, what media to use, what tools are available in a standard setup (tar, cpio, dump, dd, mt, restore). Next is a coverage of the package Amanda and what to look for in commercial packages. Last but not least "restoring from scratch" is covered.
Serial Lines and DevicesHerein is all the stuff about serial devices (tty, termcap, terminfo, stty), usage of USB is covered for FreeBSD, Linux and Solaris.
Printers and the Spooling SubsystemContains lots on "old school" printing (BSD spooling facility: LPD, System V printing, AIX spooling facility), a short note "Print Services for UNIX" on Windows NT/2000 (works pretty well for basic usage) and on providing print services for Windows by Samba. LPRng and CUPS also get a few pages. Closeout for this chapter is font management under X, which contains a rant on how cumbersome font management is ;-).
Automating Administrative TasksThis chapter appeals to a healthy laziness which might save some manual work. It contains some samples and introductions, the best it can do is make appetite for more. Included are: shell script (C-shell), tips for testing and debugging, Perl (including there is more than one way to do it-proof), Expect, C and the lesser known tools Cfengine, Stem. It closes with some short notes on how to create a man page for your own software.
Managing System ResourcesThis chapter wants to make you think a about system performance before you try to manage it. General steps are given: define, determine, formulate, design, implement, monitor and return to start ...
After the general introduction the chapter gets hands-on with monitoring - ps (it is in there after all ...) with all System V and BSD options, pstree and top are covered. The /proc filesystem is mentioned with some samples of how information can be gathered. Process limits are discussed, including how to disallow the creation of core dumps. Signaling and killing processes with kill and killall is covered next. The next chunks in this big chapter are managing CPU (nice, AIX and Solaris scheduler, cron), memory (paging, recognize memory problems), I/O (performance, disk quotas), network (netstat, some notes on DNS and NFS)
Configuring and Building KernelsThis chapter is essentially a bunch of short guides on what to look for when configuring and building a kernel, for Linux lilo is also explained.
AccountingThis is an introduction to what components are relevant for accounting, and how to enable/disable it. As such it shows what can be done with the standard tools on BSD-style accounting (sa, ac) and System V-style accounting. A few pages are dedicated to printing accounting.
Appendix: Administrative Shell ProgrammingThis is a more thorough introduction to shell programming that could have been integrated in the chapter Automating Administrative Task. Other than that it is a solid, short reference to shell programming.
IndexLast but not least is a very concise index (50+ pages), which makes it easy to find anything that's in the book.
What's badThere's not much I really disliked in the book, I can recommend to anyone who needs an introduction to UNIX system administration or a general reference text. Some points are: it's not on UNIX CD Bookshelf v3.0, which is a pity for reference usage, there are almost no links to WWW sites of interest, almost all links to further information are to other O'Reilly books (granted, most of them are quite good) and sometimes I found the order in which themes are discussed slightly less than optimal for "junior administrators".
What's goodAlmost everything (writing style, coverage), except those few issues mentioned in "What's bad". The very good index makes it easy to find the information that is applicable in your special situation, even with all those different UNIXes. If you are looking for a general UNIX reference and/or introduction, look no further (you might want to compare it with "The UNIX Systems Administration Handbook", and decide for yourself, note that the USAH does not cover AIX).
You can purchase Essential System Administration, 3rd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
.... is the time factor. RH 7.3 was the latest version when the book went to press, yet RH 9.0 just recently came out.
I see the same problem in my hobby, marine aquaria. By the time an article or book gets published in the print media, it is oftentimes out of date. Couple this with the human want for immediate gratification and interaction, and it is easy to see why net bulletin boards generate so much traffic.
But a question to all unix system administrators out there
Do you see the need of GUI based admin tools as available in windows for unix boxes ? When i say unix boxes i mean servers not desktops.
because even if i am a linux desktop user, i hardly feel the need for a GUI admin tool for configuring my system
I can easily do most of the config using a xterm + bash + vi.
So how many of you find it easy to configure a system using GUI than CLI ?
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
all major UNIX platforms are covered
Except for the most widely distributed UNIX platform.
-Lucas
-n
http://www.remix.net/
Is that they ignore a large part and parcel of being a administrator. The Ethics and Legal portion of being a admin is oft ignored, and no book outside of USAH focuses almost at all on this issue.
Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).
This made me jump on my chair ! How are you suppose to read alert sent by email, backup report, cron errors, etc ? You login to each and every one of your Unix server every morning to check root's mailbox ?
As far as I am concerned, a working MTA is an essential part of any self-respecting Unix system. At the very least, a good sysadmining book should tell you how to configure a smarthost and make sure your MTA is not an open relay.
:wq
...unfortunately, they don't exist for Windows. In my experience, what really separates Linux/Unix from Windows is that the latter is so well documented at the deeper, more advanced levels. Windows documentation is limited to which buttons to push to do simple stuff, things which are self-explanitory anyway. There is plenty of advanced knowledge to be had, but it isn't published. It comes only from years of experience with Windows systems, plus having rubbed elbows with developers who have access to Windows' underpinnings. The worst thing with Windows documentation is that there is nothing on best practices, no "cookbook" type books, etc. Windows administrators and MCSEs would often love to be better, but there's no way to get there. Linux/Unix people, OTOH, have a huge amount and variety of information at their disposal, and can teach themselves to fairly high levels of competence. And what the books don't teach, the community is willing to offer.
depends heavily on the complexity of the program--ever seen the FW1 GUI?
Yes, I do Firewall 1 quite often and it is more fuel for the fire. As someone who is very familiar with firewalls and works with many of them a CLI only firewall is an annoyance, to be sure.
Have you used Netscreen, SonicWall, Pix, Raptor, Guardian, IPTables etc? Working with Firewal 1 and a few other big names makes me rather well informed on firewalls and how they should be configured, IMHO. But, with the plethora of firewalls on the market it is likely that I/You will encounter a firewall that you have never touched before, possibly never heard of. Are you going to be a total loser, like the post above and tell them how their firewall sucks and that they should replace it with a $50,000US firewall of your choosing, when all they asked you to do was forward a port to a new server, or are you going to forward the port?
Chances are you are going to forward the port. Further chances are that since you haven't even heard of this brand of firewall before you will not know how to make that happen without a lot of effort researching and reading. Where as if it has a GUI interface you can quickly and easily forward the necessary port and verify the integrity of the configuration. That's because with the CLI the commands will be different.
eg.
nat add eth2:8888 192.168.1.15:80
or something completely different, it all depends on the firewall. You could waste time figuring out what command and syntax to use for that particular instance or, with a GUI tool, you could quickly forward the port because you already know what you need to do. Finding the different vocabulary that a particular vendor has chosen is infinitely easier with the GUI.
Now granted, if you were to be managing that particular box for any length of time, it would behoove you to learn the commands specific to that box. This would probably make managing it in the future quicker by use of the command line and there are probably scripts that you could write to automate common tasks. But, the GUI is still an important tool for management.