Essential System Administration, 3rd Edition
Content Introduction to System Administration
This chapter claims to make you think like a system administrator, I didn't feel any different after reading it, maybe I already think like one ;-). Most of it is about use of superuser privileges (su, sudo). Other parts are communicating with users (talk, wall, motd - but no mention of e-mail or phone) and GUI-based vs. command-line administration.
The Unix WayHere starts the real stuff: files, processes and devices. A very gentle but thorough introduction to all possibilities of file and directory ownership (chmod, chown, mode strings, numeric modes), next is a description of how files map to disks. The processes are covered on a fairly abstract level, only something about various types (interactive, batch, daemon) and attributes (but no way to show them, not even an example usage of ps or top - that's left for chapter 15). The part on devices is basic, but shows the some commands to list information about devices. Last part in this chapter is about the generic UNIX filesystem layout.
Essential Administrative Tools and TechniquesHere are some of the most important commands and techniques for everyday use: man, grep, awk, find (including how to pipe). Some of the examples are fairly complicated for a novice, a basic knowledge of piping and shell usage is assumed. Next are some methods of handling files and directories (cp, mkdir, diff, rm), periodic execution (cron), logging (syslog, managing log files) and software package management (the most important commands to Linux rpm, Solaris pkg*, etc.) and manual software installation (.configure, make, make install).
Startup and ShutdownContains a fairly detailed description of what happens when a system boots up or shuts down. This includes all the gooey stuff about initialization files, runlevels and how to customize those. Last but not least is a short troubleshooting guide, "When the System won't boot."
TCP/IP NetworkingThe chapter starts with a gentle introduction to TCP/IP and related hardware and explains step-by-step a starting TCP/IP session with dumps and comments. Going on it digs deeper and explains IP addressing, subnets and even a little bit IPv6. The first hands-on part deals with network configuration (ifconfig, configuration files, DHCP, name resolution). A short troubleshooting guide (ping, arp) rounds off the chapter.
Managing Users and GroupsThis part starts with a description of the essential files (/etc/passwd, /etc/shadow, /etc/groups) and how to add/remove users and other aspects of user and group management. The default tools for each distribution are also mentioned. Then a whole slew of pages are dedicated to password selection, cracking and enforcing password policies (though I prefer stronger passwords than those given on page 301). The last pages give an introduction to PAM (mostly Linux) and LDAP (mostly OpenLDAP).
SecurityThis is indeed a very good introduction to UNIX security and its lines of defense (though I did miss "disable remote root login" and "give users no shell when they don't need it"), next are common mistakes, setuid/setgid access modes and ACLs. A short introduction to PGP/GPG and role-based access control is given. The next big part is about network security: OpenSSH, TCP Wrappers and nmap are introduced; the ubiquitous advice "disable what you don't need" is also given. Firewalls are briefly mentioned, some links to actual products e.g. ipfilter or Netfilter would have been nice. A nice checklist-style guide to hardening an UNIX system is given and the chapter concludes with managing problems and monitoring. I did miss some links to resources on the Internet and a reminder on the importance of frequent patching (Sun recently published a nice whitepaper on this topic).
Managing Network ServicesThis chapter builds on the foundation built in the chapter on TCP/IP, as such it covers various basic networking services and starts with name resolution via DNS, mentioning configuration and usage of the common tools (BIND, nslookup, host, dig). This is followed by a part on getting out of the local network (routed, gated), getting others on your network (DHCP) and managing (netstat, ping, traceroute, SNMP) and monitoring (tcpdump, snoop). The chapter ends with short introductions to dedicated packages (e.g. NetSaint, MRTG/RRDTool).
Electronic MailNext is a chapter on that other big network nuisance^W service: mail. It starts with a gentle introduction to the basics (SMTP, MX records, POP/IMAP). The part on MTAs starts with everybody's darling *cough* sendmail which is covered exhaustively. The other MTA covered is Postfix, which also receives fairly extensive coverage. The rest of the chapter covers mail processing (fetchmail, procmail), there is no mention of other MTA, MUAs, or other modern mail processing tools (e.g. against spam). Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).
Filesystems and DisksA very long chapter on filesystems and disks with tons of information on how to create, mount/unmount, repair and monitor filesystems, including some stuff about logical volume managers and RAID. Nicely indexed, it makes a good reference but is boring to read it all (I didn't :-). The last pages are a short introduction to NFS and Samba, but do not cover all the advanced aspects.
Backup and RestoreCovers the tedious taks of backup with all the different aspects: planning backup, strategies to manage the workload, what media to use, what tools are available in a standard setup (tar, cpio, dump, dd, mt, restore). Next is a coverage of the package Amanda and what to look for in commercial packages. Last but not least "restoring from scratch" is covered.
Serial Lines and DevicesHerein is all the stuff about serial devices (tty, termcap, terminfo, stty), usage of USB is covered for FreeBSD, Linux and Solaris.
Printers and the Spooling SubsystemContains lots on "old school" printing (BSD spooling facility: LPD, System V printing, AIX spooling facility), a short note "Print Services for UNIX" on Windows NT/2000 (works pretty well for basic usage) and on providing print services for Windows by Samba. LPRng and CUPS also get a few pages. Closeout for this chapter is font management under X, which contains a rant on how cumbersome font management is ;-).
Automating Administrative TasksThis chapter appeals to a healthy laziness which might save some manual work. It contains some samples and introductions, the best it can do is make appetite for more. Included are: shell script (C-shell), tips for testing and debugging, Perl (including there is more than one way to do it-proof), Expect, C and the lesser known tools Cfengine, Stem. It closes with some short notes on how to create a man page for your own software.
Managing System ResourcesThis chapter wants to make you think a about system performance before you try to manage it. General steps are given: define, determine, formulate, design, implement, monitor and return to start ...
After the general introduction the chapter gets hands-on with monitoring - ps (it is in there after all ...) with all System V and BSD options, pstree and top are covered. The /proc filesystem is mentioned with some samples of how information can be gathered. Process limits are discussed, including how to disallow the creation of core dumps. Signaling and killing processes with kill and killall is covered next. The next chunks in this big chapter are managing CPU (nice, AIX and Solaris scheduler, cron), memory (paging, recognize memory problems), I/O (performance, disk quotas), network (netstat, some notes on DNS and NFS)
Configuring and Building KernelsThis chapter is essentially a bunch of short guides on what to look for when configuring and building a kernel, for Linux lilo is also explained.
AccountingThis is an introduction to what components are relevant for accounting, and how to enable/disable it. As such it shows what can be done with the standard tools on BSD-style accounting (sa, ac) and System V-style accounting. A few pages are dedicated to printing accounting.
Appendix: Administrative Shell ProgrammingThis is a more thorough introduction to shell programming that could have been integrated in the chapter Automating Administrative Task. Other than that it is a solid, short reference to shell programming.
IndexLast but not least is a very concise index (50+ pages), which makes it easy to find anything that's in the book.
What's badThere's not much I really disliked in the book, I can recommend to anyone who needs an introduction to UNIX system administration or a general reference text. Some points are: it's not on UNIX CD Bookshelf v3.0, which is a pity for reference usage, there are almost no links to WWW sites of interest, almost all links to further information are to other O'Reilly books (granted, most of them are quite good) and sometimes I found the order in which themes are discussed slightly less than optimal for "junior administrators".
What's goodAlmost everything (writing style, coverage), except those few issues mentioned in "What's bad". The very good index makes it easy to find the information that is applicable in your special situation, even with all those different UNIXes. If you are looking for a general UNIX reference and/or introduction, look no further (you might want to compare it with "The UNIX Systems Administration Handbook", and decide for yourself, note that the USAH does not cover AIX).
You can purchase Essential System Administration, 3rd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Does that make me cool? Please oh please oh please?
Although President George W. Bush and administration spokesmen have carefully skirted any explicit threat of military action against Syria, DEBKAfile's military sources report that Sunday night, April 12, small teams of American undercover troops were already inside Syria marking out the hideouts of Saddam's close family, his top lieutenants, military leaders and the directors of his banned weapons programs. US special forces troops were additionally directed to locate the men who drive the operational arms of the Hizballah, Jihad Islami and Hamas terror groups.
Twenty-four hours later, Monday night, three events brought Syria even closer to becoming the object of direct American action, additionally placing France in Washington's sights - albeit for a different kind of punishment. Syria faces imminent economic sanctions at best - although, since experience shows they never work, military action is very much on the cards. France stands to pay a diplomatic and financial price for certain actions that have come to light.
DEBKAfile's Washington sources describe the White House as particularly incensed over the following pieces of intelligence:
A. Documents coming to light in Baghdad directly incriminate Syria as a full partner in the financing, development and concealment of Iraq's weapons of mass destruction programs. A source familiar with the new data reveals that Syria was not only a full partner but active in every stage of these programs to the point that they deserve to be called Iraqi-Syrian, not just Iraqi, undertakings.
Well before the UN weapons inspectors came on the scene last year, the Syrian president Bashar Assad took it upon himself to conceal the banned weapons, one by one, as they came off the production line. Syria's support for Iraq in the UN Security Council and the attacks leveled by foreign minister Farouk a-Sharah against Washington, for venturing to accuse Iraq of concealing weapons of mass destruction, were staged to misdirect attention from the biggest political, intelligence and military fraud perpetrated since the Cold War ended.
Washington's indignation over these discoveries has been manifested in a torrent of warnings to, and charges against Damascus in the last three days. Defense secretary Donald Rumsfeld took the opportunity of the warm welcome he gave the visiting Kuwait ruler on Monday, April 14, to produce intelligence that Syria had conducted chemical weapons tests in the last year.
He could have said more. According to DEBKAfile's Washington sources, the defense secretary was also informed that in the same period Syria test-fired missiles fitted with chemical warheads from Aleppo in the north to Djebel Druze in the south near the Syrian-Iraqi-Jordan border junction. Damascus carried out the test on behalf of the Iraqi-Syrian partnership for developing unconventional weapons.
B. The details of the comprehensive military collaboration treaty Assad secretly concluded with the now deposed Iraqi ruler Saddam Hussein that were first exposed in DEBKAfile in September 2000 are only now emerging in full. Under its terms, Syria was bound to furnish an escape hatch for fleeing Iraqi military, political, scientific and intelligence top echelons working on the banned weapons programs, as well as providing concealed locations for production to continue. Damascus was therefore committed to taking over the shared WMD projects from the point they were interrupted by a war emergency in Baghdad.
C. This discovery relates to the aid rendered Syria by France. DEBKAfile's exclusive intelligence and military sources reveal that, from Monday night, April 14, groups of Iraqi military and scientific leaders have been transferred from Syria to France. This came about as a result of President Chirac consenting to help Assad live up to his commitments to Saddam Hussein and keep their forbidden weapons out of sight and their existence denied.
These discoveries led the Bush administration to slap down before Damascus a three-part ultimatum
Your mom ain't UNIX either.
[ed. note: in the following text, former FreeBSD developer Mike Smith gives his reasons for abandoning FreeBSD]
When I stood for election to the FreeBSD core team nearly two years ago, many of you will recall that it was after a long series of debates during which I maintained that too much organisation, too many rules and too much formality would be a bad thing for the project.
Today, as I read the latest discussions on the future of the FreeBSD project, I see the same problem; a few new faces and many of the old going over the same tired arguments and suggesting variations on the same worthless schemes. Frankly I'm sick of it.
FreeBSD used to be fun. It used to be about doing things the right way. It used to be something that you could sink your teeth into when the mundane chores of programming for a living got you down. It was something cool and exciting; a way to spend your spare time on an endeavour you loved that was at the same time wholesome and worthwhile.
It's not anymore. It's about bylaws and committees and reports and milestones, telling others what to do and doing what you're told. It's about who can rant the longest or shout the loudest or mislead the most people into a bloc in order to legitimise doing what they think is best. Individuals notwithstanding, the project as a whole has lost track of where it's going, and has instead become obsessed with process and mechanics.
So I'm leaving core. I don't want to feel like I should be "doing something" about a project that has lost interest in having something done for it. I don't have the energy to fight what has clearly become a losing battle; I have a life to live and a job to keep, and I won't achieve any of the goals I personally consider worthwhile if I remain obligated to care for the project.
Discussion
I'm sure that I've offended some people already; I'm sure that by the time I'm done here, I'll have offended more. If you feel a need to play to the crowd in your replies rather than make a sincere effort to address the problems I'm discussing here, please do us the courtesy of playing your politics openly.
From a technical perspective, the project faces a set of challenges that significantly outstrips our ability to deliver. Some of the resources that we need to address these challenges are tied up in the fruitless metadiscussions that have raged since we made the mistake of electing officers. Others have left in disgust, or been driven out by the culture of abuse and distraction that has grown up since then. More may well remain available to recruitment, but while the project is busy infighting our chances for successful outreach are sorely diminished.
There's no simple solution to this. For the project to move forward, one or the other of the warring philosophies must win out; either the project returns to its laid-back roots and gets on with the work, or it transforms into a super-organised engineering project and executes a brilliant plan to deliver what, ultimately, we all know we want.
Whatever path is chosen, whatever balance is struck, the choosing and the striking are the important parts. The current indecision and endless conflict are incompatible with any sort of progress.
Trying to dissect the above is far beyond the scope of any parting shot, no matter how distended. All I can really ask of you all is to let go of the minutiae for a moment and take a look at the big picture. What is the ultimate goal here? How can we get there with as little overhead as possible? How would you like to be treated by your fellow travellers?
Shouts
To the Slashdot "BSD is dying" crowd - big deal. Death is part of the cycle; take a look at your soft, pallid bodies and consider that right this very moment, parts of you are dying. See? It's not so bad.
To the bulk of the FreeBSD committerbase and the developer community at large - keep your eyes on the real goals. It'
UNIX ADMINISTRATE YOU!!!
I understand how an experienced system administrator feels about a how-to book such as this, but as a college professor I have a hard time convincing students to follow their dreams due to mean-spirited teasing such as this. Please cease this in order to create a better environment for readers.
If he's a resident MCSE, he's likely dumb. Smart MCSE's advertise their relevant certifications not their 'Minesweeper Consultant & Solitaire Engineer' badge.
"You've got an invalid haircut" -Warren Zevon - Life'll Kill Ya
I don't like his sig but the correction translation is "I think I think therefore I think I am." If he had wanted to say "I think of thinking" he would have to have said Cogito Cogitabam.
Who let this troll out of the cellar? Back Troll. Back to posting in -1 land.
you dumb shit it was from his fall not heart disease...although it would have been very amusing if it was from that or clogged arties
HAR DEE HAR J00 ARE SO 1337 CUZ YOU RUN L33NUX and BSD!!! 11!!1!! ROFLMAO WTF LOL YOU ARE S0 C00L!!! WIND0WS 15 FOR L00Z3R5!!!! WTF LOL
Fix your sig, it should be
Klaatu, Verata, Ni*smughfahem!*