Slashdot Mirror
Essential System Administration, 3rd Edition
Content Introduction to System Administration
This chapter claims to make you think like a system administrator, I didn't feel any different after reading it, maybe I already think like one ;-). Most of it is about use of superuser privileges (su, sudo). Other parts are communicating with users (talk, wall, motd - but no mention of e-mail or phone) and GUI-based vs. command-line administration.
The Unix WayHere starts the real stuff: files, processes and devices. A very gentle but thorough introduction to all possibilities of file and directory ownership (chmod, chown, mode strings, numeric modes), next is a description of how files map to disks. The processes are covered on a fairly abstract level, only something about various types (interactive, batch, daemon) and attributes (but no way to show them, not even an example usage of ps or top - that's left for chapter 15). The part on devices is basic, but shows the some commands to list information about devices. Last part in this chapter is about the generic UNIX filesystem layout.
Essential Administrative Tools and TechniquesHere are some of the most important commands and techniques for everyday use: man, grep, awk, find (including how to pipe). Some of the examples are fairly complicated for a novice, a basic knowledge of piping and shell usage is assumed. Next are some methods of handling files and directories (cp, mkdir, diff, rm), periodic execution (cron), logging (syslog, managing log files) and software package management (the most important commands to Linux rpm, Solaris pkg*, etc.) and manual software installation (.configure, make, make install).
Startup and ShutdownContains a fairly detailed description of what happens when a system boots up or shuts down. This includes all the gooey stuff about initialization files, runlevels and how to customize those. Last but not least is a short troubleshooting guide, "When the System won't boot."
TCP/IP NetworkingThe chapter starts with a gentle introduction to TCP/IP and related hardware and explains step-by-step a starting TCP/IP session with dumps and comments. Going on it digs deeper and explains IP addressing, subnets and even a little bit IPv6. The first hands-on part deals with network configuration (ifconfig, configuration files, DHCP, name resolution). A short troubleshooting guide (ping, arp) rounds off the chapter.
Managing Users and GroupsThis part starts with a description of the essential files (/etc/passwd, /etc/shadow, /etc/groups) and how to add/remove users and other aspects of user and group management. The default tools for each distribution are also mentioned. Then a whole slew of pages are dedicated to password selection, cracking and enforcing password policies (though I prefer stronger passwords than those given on page 301). The last pages give an introduction to PAM (mostly Linux) and LDAP (mostly OpenLDAP).
SecurityThis is indeed a very good introduction to UNIX security and its lines of defense (though I did miss "disable remote root login" and "give users no shell when they don't need it"), next are common mistakes, setuid/setgid access modes and ACLs. A short introduction to PGP/GPG and role-based access control is given. The next big part is about network security: OpenSSH, TCP Wrappers and nmap are introduced; the ubiquitous advice "disable what you don't need" is also given. Firewalls are briefly mentioned, some links to actual products e.g. ipfilter or Netfilter would have been nice. A nice checklist-style guide to hardening an UNIX system is given and the chapter concludes with managing problems and monitoring. I did miss some links to resources on the Internet and a reminder on the importance of frequent patching (Sun recently published a nice whitepaper on this topic).
Managing Network ServicesThis chapter builds on the foundation built in the chapter on TCP/IP, as such it covers various basic networking services and starts with name resolution via DNS, mentioning configuration and usage of the common tools (BIND, nslookup, host, dig). This is followed by a part on getting out of the local network (routed, gated), getting others on your network (DHCP) and managing (netstat, ping, traceroute, SNMP) and monitoring (tcpdump, snoop). The chapter ends with short introductions to dedicated packages (e.g. NetSaint, MRTG/RRDTool).
Electronic MailNext is a chapter on that other big network nuisance^W service: mail. It starts with a gentle introduction to the basics (SMTP, MX records, POP/IMAP). The part on MTAs starts with everybody's darling *cough* sendmail which is covered exhaustively. The other MTA covered is Postfix, which also receives fairly extensive coverage. The rest of the chapter covers mail processing (fetchmail, procmail), there is no mention of other MTA, MUAs, or other modern mail processing tools (e.g. against spam). Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).
Filesystems and DisksA very long chapter on filesystems and disks with tons of information on how to create, mount/unmount, repair and monitor filesystems, including some stuff about logical volume managers and RAID. Nicely indexed, it makes a good reference but is boring to read it all (I didn't :-). The last pages are a short introduction to NFS and Samba, but do not cover all the advanced aspects.
Backup and RestoreCovers the tedious taks of backup with all the different aspects: planning backup, strategies to manage the workload, what media to use, what tools are available in a standard setup (tar, cpio, dump, dd, mt, restore). Next is a coverage of the package Amanda and what to look for in commercial packages. Last but not least "restoring from scratch" is covered.
Serial Lines and DevicesHerein is all the stuff about serial devices (tty, termcap, terminfo, stty), usage of USB is covered for FreeBSD, Linux and Solaris.
Printers and the Spooling SubsystemContains lots on "old school" printing (BSD spooling facility: LPD, System V printing, AIX spooling facility), a short note "Print Services for UNIX" on Windows NT/2000 (works pretty well for basic usage) and on providing print services for Windows by Samba. LPRng and CUPS also get a few pages. Closeout for this chapter is font management under X, which contains a rant on how cumbersome font management is ;-).
Automating Administrative TasksThis chapter appeals to a healthy laziness which might save some manual work. It contains some samples and introductions, the best it can do is make appetite for more. Included are: shell script (C-shell), tips for testing and debugging, Perl (including there is more than one way to do it-proof), Expect, C and the lesser known tools Cfengine, Stem. It closes with some short notes on how to create a man page for your own software.
Managing System ResourcesThis chapter wants to make you think a about system performance before you try to manage it. General steps are given: define, determine, formulate, design, implement, monitor and return to start ...
After the general introduction the chapter gets hands-on with monitoring - ps (it is in there after all ...) with all System V and BSD options, pstree and top are covered. The /proc filesystem is mentioned with some samples of how information can be gathered. Process limits are discussed, including how to disallow the creation of core dumps. Signaling and killing processes with kill and killall is covered next. The next chunks in this big chapter are managing CPU (nice, AIX and Solaris scheduler, cron), memory (paging, recognize memory problems), I/O (performance, disk quotas), network (netstat, some notes on DNS and NFS)
Configuring and Building KernelsThis chapter is essentially a bunch of short guides on what to look for when configuring and building a kernel, for Linux lilo is also explained.
AccountingThis is an introduction to what components are relevant for accounting, and how to enable/disable it. As such it shows what can be done with the standard tools on BSD-style accounting (sa, ac) and System V-style accounting. A few pages are dedicated to printing accounting.
Appendix: Administrative Shell ProgrammingThis is a more thorough introduction to shell programming that could have been integrated in the chapter Automating Administrative Task. Other than that it is a solid, short reference to shell programming.
IndexLast but not least is a very concise index (50+ pages), which makes it easy to find anything that's in the book.
What's badThere's not much I really disliked in the book, I can recommend to anyone who needs an introduction to UNIX system administration or a general reference text. Some points are: it's not on UNIX CD Bookshelf v3.0, which is a pity for reference usage, there are almost no links to WWW sites of interest, almost all links to further information are to other O'Reilly books (granted, most of them are quite good) and sometimes I found the order in which themes are discussed slightly less than optimal for "junior administrators".
What's goodAlmost everything (writing style, coverage), except those few issues mentioned in "What's bad". The very good index makes it easy to find the information that is applicable in your special situation, even with all those different UNIXes. If you are looking for a general UNIX reference and/or introduction, look no further (you might want to compare it with "The UNIX Systems Administration Handbook", and decide for yourself, note that the USAH does not cover AIX).
You can purchase Essential System Administration, 3rd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
> one wonders why the book doesn't bear the title "Essential UNIX Administration"
Because you don't administer Windows systems, you drive them.
Sheesh, evil *and* a jerk. -- Jade
Sure, the review sounds great, but the Third Edition Unix System Administration Handbook by Nemeth, Snyder, Seebass and Hein is the book to get.
Ok, I don't have the third edition, I have the second. It was the first Unix book I got after "Running Linux", and I would give it an 11/10. For me, it filled in all the questions that Running Linux had given me, and gave me a very solid grounding in Unix. I cannot reccomend this book enough - it is one that epitomizes what O'Reilly is good at.
So, granted I have not read the most recent version, but I cannot see how it only scored 9/10 and not 10/10.
Try to hack my 31337 firewall!
Show this book to your resident MCSE[0] and watch the deer-in-the-headlights.
[0]- Must Consult Someone Else
Trolling is a art,
Also, most of these versions of UNIX found in this book (Red Hat 7.3, SuSE 8.0) are certainly ones you would find in production as well. I am not seeing much Red Hat 8 or 9 on production servers, at least not in my market (Midwest).
-- 4 8 15 16 23 42
.... is the time factor. RH 7.3 was the latest version when the book went to press, yet RH 9.0 just recently came out.
I see the same problem in my hobby, marine aquaria. By the time an article or book gets published in the print media, it is oftentimes out of date. Couple this with the human want for immediate gratification and interaction, and it is easy to see why net bulletin boards generate so much traffic.
No one's ever written a System Administration guide that you should pay for! Now we can stop blowing our money on books with new information in them and buy ones like this!
Mod me down and I will become more powerful than you can possibly imagine!
However both do a very cursory overview of security measures, if you ask me. While both are great for an administration standpont (and that's their goal, of course) much more is needed on the security front.
I'd suggest getting a copy of Hacking Linux Exposed (good for all Unix operating systems) and Building Secure Servers with Linux (more Linux specific, but still has some good any-unix tips and tricks.) These will help round out your administration bookshelf.
No SCO:
all major UNIX platforms are covered...SCO and IRIX were dropped for this edition,
Hehe
SCO to Hell
http://ezine.daemonnews.org/200301/esa3.html
But a question to all unix system administrators out there
Do you see the need of GUI based admin tools as available in windows for unix boxes ? When i say unix boxes i mean servers not desktops.
because even if i am a linux desktop user, i hardly feel the need for a GUI admin tool for configuring my system
I can easily do most of the config using a xterm + bash + vi.
So how many of you find it easy to configure a system using GUI than CLI ?
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
all major UNIX platforms are covered
Except for the most widely distributed UNIX platform.
Because there already is a Windows Admin book targetted to that audience.
0. Replace legacy UNIX systems with Linux.
1. ???
2. Profit!!!1
Karma: The shiznight, mostly because I am the Drizzle.
I was just packing up to move my office, and looking at all the mostly-redundant Unix and Linux administration books, and realizing that although I have more than two dozen on different aspects, I open maybe one or two of them once or twice a year. Everything else it's just easier to pursue online. I'm a believer that the book format has real advantages, particularly when fresh to a subject area. When I take up some totally new technology again, I'll buy a half-dozen books on it again. Maybe. If the online resources aren't there yet.
... and any place I have the choice these days I prefer Gentoo. It's better laid out. It's more current. It better optimizes for the hardware. Or if I just want to give someone a slick workstation in a hurry, Knoppix (yeah, it's Debian-based, but it's way ahead of it too).
As for what flavor of Linux to cover, I've run Slackware, Red Hat, Mandrake and Debian in production environments
"with their freedom lost all virtue lose" - Milton
-n
http://www.remix.net/
In the category of "essential" books for whatever we are calling sysadmins these days, we must includeThe Practice of System and Network Administration. 'Nuff said.
Comment removed based on user account deletion
Is that they ignore a large part and parcel of being a administrator. The Ethics and Legal portion of being a admin is oft ignored, and no book outside of USAH focuses almost at all on this issue.
Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).
This made me jump on my chair ! How are you suppose to read alert sent by email, backup report, cron errors, etc ? You login to each and every one of your Unix server every morning to check root's mailbox ?
As far as I am concerned, a working MTA is an essential part of any self-respecting Unix system. At the very least, a good sysadmining book should tell you how to configure a smarthost and make sure your MTA is not an open relay.
:wq
I have the previous edition, and it's IMO one of the classics of UNIX use, up there with UNIX Power Tools. In fact, it's the perfect SysAdmin complement to the more user-oriented Power Tools. It's readable, professional, and it manages to be detailed enough to be used as a reference while still accessible enough to introduce a relative UNIX newbie to the underlying concepts of UNIX. Highly recommended.
--
CPAN rules. - Guido van Rossum
...unfortunately, they don't exist for Windows. In my experience, what really separates Linux/Unix from Windows is that the latter is so well documented at the deeper, more advanced levels. Windows documentation is limited to which buttons to push to do simple stuff, things which are self-explanitory anyway. There is plenty of advanced knowledge to be had, but it isn't published. It comes only from years of experience with Windows systems, plus having rubbed elbows with developers who have access to Windows' underpinnings. The worst thing with Windows documentation is that there is nothing on best practices, no "cookbook" type books, etc. Windows administrators and MCSEs would often love to be better, but there's no way to get there. Linux/Unix people, OTOH, have a huge amount and variety of information at their disposal, and can teach themselves to fairly high levels of competence. And what the books don't teach, the community is willing to offer.
Unalias? To unalias something, you have to alias it first. I've never seen a Unix with rm, cp, or mv aliased out of the box.
If you need to alias these commands, you're probably typing too fast and thinking too little.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
If you turn on the BSD files, OSX is nearly identical to FreeBSD. If you don't, it's closest to NeXTSTEP/OPENSTEP, and really would require it's own book. NetInfo is a whole other world.
"You've got an invalid haircut" -Warren Zevon - Life'll Kill Ya
depends heavily on the complexity of the program--ever seen the FW1 GUI?
Yes, I do Firewall 1 quite often and it is more fuel for the fire. As someone who is very familiar with firewalls and works with many of them a CLI only firewall is an annoyance, to be sure.
Have you used Netscreen, SonicWall, Pix, Raptor, Guardian, IPTables etc? Working with Firewal 1 and a few other big names makes me rather well informed on firewalls and how they should be configured, IMHO. But, with the plethora of firewalls on the market it is likely that I/You will encounter a firewall that you have never touched before, possibly never heard of. Are you going to be a total loser, like the post above and tell them how their firewall sucks and that they should replace it with a $50,000US firewall of your choosing, when all they asked you to do was forward a port to a new server, or are you going to forward the port?
Chances are you are going to forward the port. Further chances are that since you haven't even heard of this brand of firewall before you will not know how to make that happen without a lot of effort researching and reading. Where as if it has a GUI interface you can quickly and easily forward the necessary port and verify the integrity of the configuration. That's because with the CLI the commands will be different.
eg.
nat add eth2:8888 192.168.1.15:80
or something completely different, it all depends on the firewall. You could waste time figuring out what command and syntax to use for that particular instance or, with a GUI tool, you could quickly forward the port because you already know what you need to do. Finding the different vocabulary that a particular vendor has chosen is infinitely easier with the GUI.
Now granted, if you were to be managing that particular box for any length of time, it would behoove you to learn the commands specific to that box. This would probably make managing it in the future quicker by use of the command line and there are probably scripts that you could write to automate common tasks. But, the GUI is still an important tool for management.
We use this book for a UNIX class I'm taking right now at my university. It's great. I've learned so much from it. I think the nicest thing about it is that it shows you how to do things in 5 different flavors of unix. My class focuses on Solaris, but as I'm going along I read the Linux and FreeBSD sections too, I've learned so much from this book. It's a great reference to have. I've pretty much read the entire book and I advice anyone who doensen't own this book and is interested in any form of *nix to go out and buy it NOW. You will learn a lot. And if you're already expereienced with *nix, then it would be be great to have as a reference. Sorry for sounding like an advertisement, but this truly is a great book.
Perhaps it's not called Essential UNIX Administration because UNIX is a trademark? And this book is about a generic class of operating systems, not one specifically?
News flash. FreeBSD has been covered in this book
since the beginning if my memory serves me right,
and the author is a pretty big fan.
For every annoying gentoo user, are three even more annoying anti-gentoo crybabies. Take Yosh from #Gimp for example.