Whole document tree 3. Common Administration TasksHere is where the fun begins. This section is rather network-centric, though many other tasks await you. Networking is a vast subject which cannot be fully covered here. The reference is the NET-3 HOWTO, and most distributions provide documentation on setting up network services. Only a few points will be recalled here. A quick to-do list for the services you may want to install: cron and timed tasks like calendar or reminder, Http, Samba, telnet/ssh access, anonymous ftp, POP/IMAP server, NFS... 3.1. Network ConfigurationIf your network card wasn't recognised at install time, don't worry: in most cases it's either NE2000 or 3c59x compatible. Issue the command modprobe ne or modprobe 3c59x and see if the relevant module is loaded, then add this line in /etc/conf.modules:
Now you're ready to use netcfg or similar tool to set up the network configuration. The relevant files are /etc/HOSTNAME, etc/hosts, /etc/resolv.conf, /etc/sysconfig/network, and /etc/sysconfig/network-scripts/ifcfg-eth0; services should be started with scripts in /etc/rc.d/init.d. This is a sample etc/hosts:
This is /etc/resolv.conf:
This is /etc/sysconfig/network (Red Hat-dependent):
And finally, /etc/sysconfig/network-scripts/ifcfg-eth0. This one, too, is Red Hat-dependent; it must be executable.
Although the actual method of starting network services of your distribution may be much more complex, the following script should be enough to get you started:
This script is handy for enabling network access when you use a rescue disk. Obviously, this lets you only ping, ftp and telnet to the outside; it won't start any daemon. 3.2. Network for NotebooksWhen you plug the network PC card in, the script /etc/pcmcia/network will be run. All it needs is a properly set up /etc/sysconfig/network-scripts/ifcfg-eth0. Setting up the network can become a bit trickier, though. In fact, you must provide the right settings for each network you connect to, as well as settings for the notebook when it's not connected. I rolled up a rough but functional solution. I use my notebook as a stand-alone machine, connecting to the net via PPP; at home, IP address 192.168.1.2; and at university, IP 137.204.x.y. So, I created a set of configuration files for each network; all these are kept in /etc/mobnet. A script is then used to select the working environment. For instance, this is /etc/mobnet/home.cfg:
This is mnet, the script I use to choose the network profile:
As I said, it is rough and even not complete: other files may depend on the network, like /etc/fstab, /etc/exports, and /etc/printcap. Think about network printers and NFS shares. Feel free to adapt this bare-bone solution to your needs. 3.3. Sharing the InternetOne of the most useful tasks for a Linux server. Currently, most stock kernels come with IP firewalling, masquerading and forwarding enabled by default; if in doubt, consult the IP-Masquerade mini-HOWTO to learn how to enable them. Then install ipfwadm (kernels 2.0.x; http://www.xos.nl/linux/ipfwadm/) or ipchains (kernels 2.2.x; http://www.adelaide.net.au/~rustcorp/ipfwchains/ipfwchains.html ). Remember to enable kernel modules for the services you need, e.g. for ftp you'll add this line to /etc/rc.d/rc.sysconfig:
Other modules are usually found in /lib/modules/KERNEL-VERSION/ipv4. Enabling IP masquerading for other machines in your local network is very simple. First, check the network initialisation scripts (/etc/sysconfig/network should be the right place) to see if they contain a line that reads FORWARD_IPV4=true. It's used to set /proc/sys/net/ipv4/ip_forward to 1 when the network subsystem comes up. Add these lines to /etc/rc.d/rc.sysinit:
If you use a kernel of the 2.2.x series, use ipfwadm-wrapper instead of ipfwadm to get started quickly. More information at http://ipmasq.cjb.net. Now you'll want something to let client machines dial the ISP; I use Mserver ( http://cpwright.villagenet.com/mserver/). Edit etc/mserver.conf; the only entries that you should modify are ``checkhost'', ``shadow'', and ``cname''. Then define your connection(s). Obviously, install a suitable client on the client machines. 3.4. Restricting Network AccessLet's suppose you connect to the Internet via PPP. Once you're connected, your machine may become vulnerable to attacks. Insert this in /etc/hosts.allow:
and this in /etc/hosts.deny:
If you belong to a network with direct Internet access, you had better disable finger, telnet, and possibly other services for security reasons; use ssh instead of telnet. The file to edit is /etc/inet.conf. Alternatively, you can restrict network access putting this in /etc/hosts.allow:
and this in /etc/hosts.deny:
3.5. NFS Exports
It is common to export home directories on the server; a problem arises if a user's UID and GID are not consistent across different machines. If user `guido' has UID/GID = 500 on server and UID/GID = 512 on client, a convenient configuration is this:
3.6. SambaAlmost trivial, but there's always a little bit to do. If you want to connect Windows 98/NT clients, did you remember to read the docs and, in case, enable clear text passwords? The distribution includes .reg files for Win9x/NT/2000; if your clients can't connect to the Linux server, load them on every client. Samba comes with a fairly complete sample /etc/smb.conf, but strangely it lacks a section showing how to (un)mount removable media. The clauses preexec and postexec do the trick:
Also: you know what Swat is, don't you? Enable it adding this line in your /etc/inetd.conf:
and this in /etc/services:
Restart inetd with SIGHUP, and point your browser to http://localhost:901. |