UNIX System Administration Handbook, Third Edition by Evi Nemeth, Garth Snyder, Scott Seebass, and Trent R. Hein Upper Saddle River, NJ: Prentice Hall. 2001. ISBN 0-13-020601-6. TABLE OF CONTENTS Foreword xxvi Foreword to the Second Edition xxvii Foreword to the First Edition xxix Preface xxxi Acknowledgments xxxiv SECTION ONE: BASIC ADMINISTRATION Chapter 1: Where to Start 1 Suggested background 2 The sordid history of UNIX 2 Example UNIX systems 3 Notation and typographical conventions 4 System-specific information 5 How to use your manuals 5 Organization of the man pages 6 man : read manual pages 7 Essential tasks of the system administrator 8 Adding and removing users 8 Adding and removing hardware 8 Performing backups 8 Installing new software 8 Monitoring the system 9 Troubleshooting 9 Maintaining local documentation 9 Auditing security 9 Helping users 9 How to find files on the Internet 9 System administration under duress 10 System Administration Personality Syndrome 10 Recommended reading 11 Chapter 2: Booting and Shutting Down 12 Bootstrapping 12 Automatic and manual booting 13 Steps in the boot process 13 Kernel initialization 14 Hardware configuration 14 System processes 14 Operator intervention (manual boot only) 15 Execution of startup scripts 16 Multiuser operation 16 Booting PCs 16 How a PC is different from proprietary hardware 17 The PC boot process 17 LILO: the Linux boot loader 18 Configuring LILO 18 The FreeBSD boot loader 19 Multibooting on PCs 20 Multibooting gotchas 20 LILO multiboot configuration 21 FreeBSD multiboot configuration 22 Booting in single-user mode 22 Solaris single-user mode 22 HP-UX single-user mode 23 Linux single-user mode 23 FreeBSD single-user mode 24 Startup scripts 24 SystemV-style startup scripts 25 Solaris startup scripts 28 HP-UX startup scripts 28 Red Hat startup scripts 30 FreeBSD startup scripts 32 Rebooting and shutting down 33 Turning off the power 34 shutdown : the genteel way to halt the system 34 halt : a simpler way to shut down 35 reboot : quick and dirty restart 35 Sending init a TERM signal 36 telinit : change init 's run level 36 Killing init 36 Chapter 3: Rootly Powers 37 Ownership of files and processes 37 The superuser 39 Choosing a root password 39 Becoming root 40 su : substitute user identity 41 sudo : a limited su 41 Other pseudo-users 44 daemon: owner of unprivileged system software 44 bin: owner of system commands 44 sys: owner of the kernel and memory images 44 nobody: the generic NFS user 44 Chapter 4: Controlling Processes 45 Components of a process 45 PID: process ID number 46 PPID: parent PID 46 UID and EUID: real and effective user ID 46 GID and EGID: real and effective group ID 47 Niceness 47 Control terminal 47 The life cycle of a process 47 Signals 48 kill : send signals 51 Process states 51 nice and renice : influence scheduling priority 52 ps : monitor processes 53 top : monitor processes even better 57 Runaway processes 57 Chapter 5: The Filesystem 60 Pathnames 61 Mounting and unmounting filesystems 62 The organization of the file tree 64 File types 66 Regular files 66 Directories 66 Character and block device files 67 UNIX domain sockets 68 Named pipes 68 Symbolic links 68 File attributes 69 The setuid and setgid bits 69 The sticky bit 69 The permission bits 70 Viewing file attributes 71 FreeBSD bonus flags 73 chmod : change permissions 73 chown and chgrp : change ownerships 74 umask : assign default permissions 75 Chapter 6: Adding New Users 76 The /etc/passwd file 76 Login name 77 Encrypted password 78 UID number 79 Default GID number 79 GECOS field 80 Home directory 81 Login shell 81 The FreeBSD /etc/master.passwd file 81 The FreeBSD /etc/login.conf file 82 The Solaris and Red Hat /etc/shadow file 82 The /etc/group file 84 Adding users 85 Editing the passwd and shadow files 86 Setting an initial password 86 Creating the user's home directory 87 Copying in the default startup files 87 Setting the user's mail home 88 Editing the /etc/group file 88 Setting disk quotas 89 Verifying the new login 89 Removing users 90 Disabling logins 90 Vendor-supplied account management utilities 91 Chapter 7: Serial Devices 93 Serial standards 93 Alternative connectors 97 The mini DIN-8 variant 97 The DB-9 variant 98 The RJ-45 variant 99 The Yost standard for RJ-45 wiring 99 Hard and soft carrier 101 Hardware flow control 102 Cable length 102 Serial device files 103 Software configuration for serial devices 103 Configuration of hardwired terminals 104 The login process 105 The /etc/ttys and /etc/ttytab files 106 The /etc/ttytype file 106 The /etc/gettytab file 107 The /etc/inittab file 107 The /etc/gettydefs file 108 Solaris and sacadm 109 Terminal support: the termcap and terminfo databases 109 Special characters and the terminal driver 110 stty : set terminal options 111 tset : set options automatically 112 How to unwedge a terminal 112 Modems 113 Modulation, error correction, and data compression protocols 113 Dial-out configuration: /etc/phones and /etc/remote 114 Bidirectional modems 115 Debugging a serial line 115 Other common I/O ports 116 Parallel ports 116 USB: the Universal Serial Bus 117 Chapter 8: Adding a Disk 118 Disk interfaces 118 The SCSI interface 120 The IDE interface 124 Which is better, SCSI or IDE? 126 Disk geometry 126 An overview of the disk installation procedure 128 Connecting the disk 128 Creating device entries 129 Formatting the disk 129 Labeling and partitioning the disk 130 Establishing logical volumes 131 Creating UNIX filesystems 132 Setting up automatic mounting 133 Enabling swapping 136 fsck : check and repair filesystems 136 Vendor specifics 138 Adding a disk to Solaris 139 Adding a disk to HP-UX 143 Adding a disk to Red Hat Linux 148 Adding a disk to FreeBSD 153 Chapter 9: Periodic Processes 157 cron : schedule commands 157 The format of crontab files 158 Crontab management 160 Some common uses for cron 160 Cleaning the filesystem 161 Network distribution of configuration files 162 Rotating log files 162 Vendor specifics 162 Chapter 10: Backups 164 Motherhood and apple pie 165 Perform all dumps from one machine 165 Label your tapes 165 Pick a reasonable backup interval 166 Choose filesystems carefully 166 Make daily dumps fit on one tape 166 Make filesystems smaller than your dump device 167 Keep tapes off-site 167 Protect your backups 167 Limit activity during dumps 167 Check your tapes 168 Develop a tape life cycle 169 Design your data for backups 169 Prepare for the worst 169 Backup devices and media 169 Floppy disks 170 Super floppies 170 CD-R and CD-RW 171 Removable hard disks 171 8mm cartridge tapes 171 DAT (4mm) cartridge tapes 172 Travan tapes 172 OnStream ADR 172 DLT 172 AIT 173 Mammoth 173 Jukeboxes, stackers, and tape libraries 173 Hard disks 174 Summary of media types 174 What to buy 174 Setting up an incremental backup regime 175 Dumping filesystems 176 Dump sequences 179 Restoring from dumps 180 Restoring individual files 180 Restoring entire filesystems 182 Dumping and restoring for upgrades 184 Using other archiving programs 184 tar : package files 184 cpio : SysV-ish archiving 185 dd : twiddle bits 185 volcopy : duplicate filesystems 186 Using multiple files on a single tape 186 Amanda 187 The architecture of Amanda 188 Amanda setup 188 The amanda.conf file 190 The disklist file 195 Amanda log files 196 Amanda debugging 196 File restoration from an Amanda backup 200 Alternatives to Amanda: other open source backup packages 201 Commercial backup products 202 ADSM/TSM 202 Veritas 202 Legato 203 Other alternatives 203 Recommended reading 203 Chapter 11: Syslog and Log Files 204 Logging policies 204 Throwing away log files 204 Rotating log files 205 Archiving log files 206 Finding log files 207 Files NOT to manage 208 Vendor specifics 209 Syslog: the system event logger 210 Configuring syslogd 211 Red Hat enhancements to syslog 213 FreeBSD enhancements to syslog 214 Config file examples 215 Sample syslog output 217 Designing a logging scheme for your site 218 Software that uses syslog 218 Debugging syslog 219 Using syslog from programs 220 Condensing log files to useful information 222 Chapter 12: Drivers and the Kernel 224 Kernel types 225 Why configure the kernel? 226 Configuring a Solaris kernel 226 The Solaris kernel area 227 Configuring the kernel with /etc/system 228 An example /etc/system file 228 Debugging a Solaris configuration 229 Building an HP-UX kernel 229 Configuring a Linux kernel 231 Building the Linux kernel binary 232 Tuning your Linux configuration 233 Building a FreeBSD kernel 233 The master recipe for building a kernel 234 Audit the system's hardware 235 Create a configuration file in SYS/i386/conf 235 Run config 236 Run make depend 236 Build the kernel 236 Install the new kernel 237 Test the new kernel 237 Document the new kernel 237 Creating a BSD configuration file 237 The maxusers keyword 238 The options keyword 239 The config keyword 240 Hardware devices 240 The pseudo-device keyword 242 A sample FreeBSD configuration file 243 Tuning the FreeBSD kernel 244 Adding device drivers 246 Device numbers 247 Adding a Solaris device driver 248 Adding a Linux device driver 249 Adding a FreeBSD device driver 251 Device files 252 Naming conventions for devices 252 Loadable kernel modules 253 Loadable kernel modules in Solaris 253 Loadable kernel modules in Linux 254 Loadable kernel modules in FreeBSD 256 Recommended reading 257 SECTION TWO: NETWORKING Chapter 13: TCP/IP Networking 261 TCP/IP and the Internet 262 A brief history lesson 262 How the Internet is managed today 263 Network standards and documentation 263 Networking road map 265 Packets and encapsulation 266 The link layer 267 Packet addressing 269 Ports 270 Address types 271 IP addresses: the gory details 271 IP address classes 272 Subnetting and netmasks 272 The IP address crisis 275 CIDR: Classless Inter-Domain Routing 276 Address allocation 278 Private addresses and NAT 279 IPv6 addressing 281 Routing 283 Routing tables 283 ICMP redirects 285 ARP: The address resolution protocol 285 DHCP: the Dynamic Host Configuration Protocol 287 DHCP software 288 How DHCP works 288 ISC's DHCP server 289 PPP: the Point-to-Point Protocol 291 Addressing PPP performance issues 292 Connecting to a network with PPP 293 Making your host speak PPP 293 Controlling PPP links 293 Finding a host to talk to 294 Assigning an address 294 Routing 294 Ensuring security 294 Using terminal servers 295 Using chat scripts 295 Security issues 295 IP forwarding 295 ICMP redirects 295 Source routing 296 Broadcast pings and other forms of directed broadcast 296 UNIX-based firewalls 296 Virtual private networks 296 IPSEC: secure IP 297 Addition of machines to a network 298 Assigning hostnames and IP addresses 298 ifconfig : configure network interfaces 300 route : configure static routes 302 Default routes 304 Configuring DNS 304 Vendor-specific network configuration 306 Solaris network configuration 307 Basic network configuration for Solaris 307 Configuration examples for Solaris 309 DHCP configuration for Solaris 310 Dynamic reconfiguration and tuning for Solaris 311 Security, firewalls, filtering, and NAT for Solaris 313 PPP configuration for Solaris 314 Networking quirks for Solaris 315 HP-UX network configuration 315 Basic network configuration for HP-UX 315 Configuration examples for HP-UX 317 DHCP configuration for HP-UX 318 Dynamic reconfiguration and tuning for HP-UX 319 Security, firewalls, filtering, and NAT for HP-UX 320 PPP configuration for HP-UX 321 Networking quirks for HP-UX 322 Network configuration for Red Hat 322 Basic network configuration for Red Hat 322 Configuration examples for Red Hat 323 DHCP configuration for Red Hat 324 Dynamic reconfiguration and tuning for Red Hat 325 Security, firewalls, filters, and NAT for Red Hat 326 PPP configuration for Red Hat 329 Networking quirks for Red Hat 329 Network configuration for FreeBSD 330 Basic network configuration for FreeBSD 330 Configuration examples for FreeBSD 331 DHCP configuration for FreeBSD 332 Dynamic reconfiguration and tuning for FreeBSD 333 Security, firewalls, filters, and NAT for FreeBSD 333 PPP configuration for FreeBSD 337 Networking quirks for FreeBSD 340 Recommended reading 340 Chapter 14: Routing 342 Packet forwarding: a closer look 343 Routing daemons and routing protocols 345 Distance-vector protocols 346 Link-state protocols 347 Cost metrics 348 Interior and exterior protocols 348 Protocols on parade 349 RIP: Routing Information Protocol 349 RIP-2: Routing Information Protocol, version 2 349 OSPF: Open Shortest Path First 350 IGRP and EIGRP: Interior Gateway Routing Protocol 350 IS-IS: the ISO "standard" 351 MOSPF, DVMRP, and PIM: multicast routing protocols 351 Router Discovery Protocol 351 routed : RIP yourself a new hole 351 gated : a better routing daemon 352 gated startup and control 353 Tracing 353 The gated configuration file 354 Option configuration statements 355 Network interface definitions 356 Other miscellaneous definitions 357 Protocol configuration for RIP 358 Some preliminary background on OSPF 360 Protocol configuration for OSPF 361 Protocol configuration for ICMP redirects 363 Static routes 363 Exported routes 364 A complete gated configuration example 364 Vendor specifics 366 Routing strategy selection criteria 367 Cisco routers 368 Recommended reading 371 Chapter 15: Network Hardware 372 LAN, WAN, or MAN? 372 Ethernet: the common LAN 373 How Ethernet works 373 Ethernet topology 375 Unshielded twisted pair 375 Connecting and expanding Ethernets 377 FDDI: the disappointing and expensive LAN 380 ATM: the promised (but sorely defeated) LAN 381 Frame relay: the sacrificial WAN 382 ISDN: the indigenous WAN 383 DSL: the people's WAN 383 Where is the network going? 384 Network testing and debugging 385 Building wiring 386 UTP cabling options 386 Connections to offices 386 Wiring standards 386 Network design issues 387 Network architecture vs. building architecture 388 Existing networks 388 Expansion 388 Congestion 389 Maintenance and documentation 389 Management issues 389 Recommended vendors 390 Cables and connectors 390 Test equipment 391 Routers/switches 391 Recommended reading 391 Chapter 16: The Domain Name System 392 DNS for the impatient: adding a new machine 392 The history of DNS 394 Who needs DNS? 395 What's new in DNS 396 The DNS namespace 397 Masters of their domains 399 Selecting a domain name 400 Domain bloat 401 Registering a second-level domain name 401 Creating your own subdomains 401 The BIND software 402 Versions of BIND 402 Finding out what version you have 403 Components of BIND 404 named : the BIND name server 404 Authoritative and caching-only servers 404 Recursive and nonrecursive servers 406 The resolver library 407 Shell interfaces to DNS 407 How DNS works 407 Delegation 407 Caching and efficiency 409 The extended DNS protocol 410 BIND client issues 410 Resolver configuration 411 Resolver testing 413 Impact on the rest of the system 414 BIND server configuration 414 Hardware requirements 414 named startup 415 Configuration files 415 The include statement 417 The options statement 417 The acl statement 422 The server statement 422 The logging statement 423 The zone statement 424 The key statement 427 The trusted-keys statement 427 The controls statement 427 The view statement 428 BIND configuration examples 429 A home Linux box 429 A university department 431 A web hosting company 434 The DNS database 436 Resource records 436 The SOA record 438 NS records 440 A records 441 PTR records 442 MX records 443 CNAME records 445 The CNAME hack 445 LOC records 447 SRV records 448 TXT records 449 IPv6 resource records 450 A6 records 450 DNAME records 451 Commands in zone files 453 The localhost zone 455 Glue records: links between zones 455 Updating zone files 457 Zone transfers 458 Dynamic updates 459 Security issues 460 Access control lists revisited 460 Confining named 462 Secure server-to-server communication with TSIG and TKEY 462 DNSSEC 464 Microsoft bad, UNIX good 468 Testing and debugging 469 Logging 469 Debug levels 473 Debugging with ndc 473 Debugging with nslookup, dig, and host 475 Lame delegations 478 Loose ends 479 The hints file 479 Localhost configuration 480 Host management tools 481 DNS for systems not on the Internet 481 Vendor specifics 481 Specifics for Solaris 481 Specifics for HP-UX 482 Specifics for Red Hat Linux 484 Specifics for FreeBSD 484 Recommended reading 485 Mailing lists and newsgroups 486 Books and other documentation 486 On-line resources 486 The RFCs 486 Chapter 17: The Network File System 488 General information about NFS 488 NFS protocol versions 488 Choice of transport 489 WebNFS 489 File locking 490 Disk quotas 490 Global UIDs and GIDs 490 Root access and the nobody account 491 Cookies and stateless mounting 491 Naming conventions for shared filesystems 492 Security and NFS 492 Server-side NFS 493 The share command and dfstab file (Solaris) 494 The exportfs command and the exports file (HP-UX, Red Hat, FreeBSD) 495 nfsd : serve files 499 Client-side NFS 500 biod and nfsiod : provide client-side caching 501 Mounting remote filesystems 501 Secure port restrictions 502 nfsstat : dump NFS statistics 503 Dedicated NFS file servers 503 Automatic mounting 504 automount : the original automounter 505 Indirect maps 506 Direct maps 506 Master maps 507 Executable maps 507 Replicated filesystems using automount 508 Automatic automounts 508 Specifics for Red Hat Linux 509 amd : a more sophisticated automounter 509 amd maps 510 Starting amd 511 Stopping amd 512 Recommended reading 512 Chapter 18: Sharing System Files 513 What to share 514 Copying files around 515 rdist : push files 515 rsync : push files more securely 518 expect : pull files 519 NIS: the Network Information Service 521 Netgroups 522 Prioritizing sources of administrative information 523 Advantages and disadvantages of NIS 524 How NIS works 525 Setting up an NIS domain 527 Vendor specifics 529 NIS+: son of NIS 530 LDAP: the Lightweight Directory Access Protocol 532 LDAP documentation and specifications 533 Hands-on LDAP 534 Chapter 19: Electronic Mail 535 Mail systems 537 User agents 538 Transport agents 539 Delivery agents 540 Message stores 540 Access agents 540 Mail submission agents 540 The anatomy of a mail message 541 Mail addressing 542 Reading mail headers 543 Mail philosophy 546 Using mail servers 547 Using mail homes 549 Using IMAP or POP 549 Mail aliases 550 Getting mailing lists from files 552 Mailing to files 553 Mailing to programs 553 Examples of aliases 553 Mail forwarding 555 The hashed alias database 557 Mailing lists and list wrangling software 557 LDAP: the Lightweight Directory Access Protocol 560 sendmail : ringmaster of the electronic mail circus 562 The history of sendmail 563 Vendor-supplied versions of sendmail 564 sendmail installation 565 The switch file 566 Modes of operation 566 The mail queue 568 sendmail configuration 570 Using the m4 preprocessor 570 The sendmail configuration pieces 572 Building a configuration file from a sample .mc file 572 Basic sendmail configuration primitives 573 The VERSIONID macro 574 The OSTYPE macro 574 The DOMAIN macro 576 The MAILER macro 576 Fancier sendmail configuration primitives 577 The FEATURE macro 577 The use_cw_file feature 578 The redirect feature 578 The always_add_domain feature 578 The nocanonify feature 579 Tables and databases 579 The mailertable feature 580 The genericstable feature 581 The virtusertable feature 581 The ldap_routing feature 582 Masquerading and the MASQUERADE_AS macro 583 The MAIL_HUB and SMART_HOST macros 584 Masquerading and routing 585 The nullclient feature 585 The local_lmtp and smrsh features 586 The local_procmail feature 587 The LOCAL_* macros 587 Configuration options 587 Configuration file examples 588 A computer science student's home machine 590 A small but sendmail -clueful company 591 Another master/client example 594 Spam-related features in sendmail 595 Relaying 597 The access database 599 Blacklisting users or sites 601 Header checking 602 Handling spam 603 Spam examples 604 Security and sendmail 607 Ownerships 608 Permissions 609 Safe mail to files and programs 610 Privacy options 610 Running a chroot ed sendmail (for the truly paranoid) 611 Denial of service attacks 611 Forgeries 612 Message privacy 613 SASL: the Simple Authentication and Security Layer 614 sendmail statistics, testing, and debugging 614 Testing and debugging 615 Verbose delivery 615 Talking in SMTP 617 Logging 617 The Postfix mail system 618 Postfix architecture 618 Configuring Postfix 619 Spam control 621 Postfix examples 622 Recommended reading 623 Chapter 20: Network Management and Debugging 625 Troubleshooting a network 626 ping : check to see if a host is alive 627 traceroute : trace IP packets 629 netstat : get tons o' network statistics 631 Monitoring the status of network connections 632 Inspecting interface configuration information 633 Examining the routing table 634 Viewing operational statistics for various network protocols 635 Packet sniffers 636 snoop : Solaris's packet sniffer 637 nettl : HP-UX's packet sniffer 638 tcpdump : king of sniffers 638 Network management protocols 639 SNMP: the Simple Network Management Protocol 640 SNMP organization 640 SNMP protocol operations 641 RMON: remote monitoring MIB 642 SNMP agents 642 SNMP on Solaris 643 SNMP on HP-UX 643 The UCD SNMP agent 645 Network management applications 646 The UCD SNMP tools 646 MRTG: the Multi-Router Traffic Grapher 647 NOCOL: Network Operation Center On-Line 648 Commercial management platforms 648 Recommended reading 649 Chapter 21: Security 651 Seven common-sense rules of security 652 How security is compromised 653 Security problems in the /etc/passwd file 655 Password checking and selection 655 Shadow passwords 656 Group logins and shared logins 657 Password aging 657 User shells 657 Rootly entries 657 Setuid programs 658 Important file permissions 659 Miscellaneous security issues 660 Remote event logging 660 Secure terminals 660 /etc/hosts.equiv and ~/.rhosts 660 rexd , rexecd , and tftpd 661 fingerd 661 Security and NIS 661 Security and NFS 662 Security and sendmail 662 Security and backups 662 Trojan horses 662 Security power tools 663 nmap : scan network ports 663 SAINT: check networked systems for vulnerabilities 665 Nessus: next generation network scanner 665 crack : find insecure passwords 666 tcpd : protect Internet services 666 COPS: audit system security 667 tripwire : monitor changes to system files 668 Forensic tools 669 Cryptographic security tools 669 Kerberos: a unified approach to network security 670 PGP: Pretty Good Privacy 671 SSH: the secure shell 672 SRP: Secure Remote Password 674 OPIE: One-time Passwords in Everything 674 Firewalls 675 Packet-filtering firewalls 675 How services are filtered 675 Service proxy firewalls 676 Stateful inspection firewalls 677 Firewalls: how safe are they? 677 Sources of security information 678 CERT: a registered service mark of Carnegie Mellon University 678 SecurityFocus.com and the BugTraq mailing list 678 SANS: the System Administration, Networking, and Security Institute 679 Vendor-specific security resources 679 Other mailing lists and web sites 680 What to do when your site has been attacked 680 Recommended reading 682 Chapter 22: Web Hosting and Internet Servers 684 Web hosting 684 Web hosting basics 685 Uniform resource locators 686 How HTTP works 687 CGI scripting: generating content on the fly 687 Load balancing 688 HTTP server installation 688 Choosing a server 688 Compiling and installing Apache 689 Configuring Apache 690 Running Apache 690 Virtual interfaces 691 Configuring virtual interfaces 692 Telling Apache about a virtual interface 694 Caching and proxy servers 694 Setting up Squid 695 Anonymous FTP server setup 696 Usenet news 698 Usenet news feeds 698 Usenet software 699 Whither Usenet news? 700 SECTION THREE: BUNCH O' STUFF Chapter 23: Printing 703 Mini-glossary of printing terms 704 Types of printers 705 Serial and parallel printers 705 Network printers 706 Life without PostScript 706 BSD printing 707 An overview of the printing process 707 Controlling the printing environment 708 lpd : the BSD print spooler 709 lpr : submit print jobs 709 lpq : view the printing queue 709 lprm : remove print jobs 710 lpc : make administrative changes 710 The /etc/printcap file 712 printcap variables 713 printcap variables for serial devices 717 printcap extensions 718 Printing to something besides a printer 719 System V printing 719 Overview 719 Destinations and classes 719 A brief description of lp 720 lpsched and lpshut : start and stop printing 721 lpadmin : configure the printing environment 722 lpstat : get status information 724 cancel : remove print jobs 725 accept and reject : control spooling 725 enable and disable : control printing 726 lpmove : transfer jobs 726 Interface programs 726 What to do when the lp system is completely hosed 727 Adding a printer 728 Adding printers to Solaris 729 Adding printers to HP-UX 731 Adding printers to Red Hat Linux 732 Adding printers to FreeBSD 734 LPRng 735 The LPRng commands 735 Obtaining and installing LPRng 736 /etc/lpd.conf : configure lpd 737 /etc/lpd.perms : configure access control 737 Setting up the printcap file 738 Filters 738 Accounting 738 Debugging printing problems 739 Common printing software 740 rlpr 740 ghostscript 740 mpage 740 enscript 740 Printer philosophy 741 Use printer accounting 741 Use banner pages only when necessary 741 Provide recycling bins 741 Provide previewers 741 Buy cheap printers 742 Keep extra toner cartridges on hand 742 Secure your printer 742 Chapter 24: Maintenance and Environment 744 Maintenance basics 744 Maintenance contracts 745 On-site maintenance 745 Board swap maintenance 746 Warranties 746 Board-handling lore 746 Static electricity 746 Reseating boards 747 Monitors 747 Memory modules 747 Preventive maintenance 748 Environment 749 Temperature 749 Humidity 749 Office cooling 749 Machine room cooling 749 Temperature monitoring 751 Power 751 Remote power control 752 Racks 752 Tools 753 Chapter 25: Performance Analysis 754 What you can do to improve performance 755 Factors that affect performance 756 System performance checkup 757 Analyzing CPU usage 757 How UNIX manages memory 760 Analyzing memory usage 761 Analyzing disk I/O 763 Virtual Adrian 765 procinfo : display Red Hat performance data 765 pstat : print random FreeBSD statistics 766 Help! My system just got really slow! 766 Recommended reading 768 Chapter 26: Cooperating with Windows 769 File and print sharing 769 NFS: the Network File System 770 CIFS: the Common Internet File System 770 Samba: CIFS for UNIX 770 Installing and configuring Samba 771 Debugging Samba 773 Secure terminal emulation with SSH 773 X Windows emulators 774 PC mail clients 775 PC backups 775 Dual booting 776 Running Windows applications under UNIX 776 PC hardware tips 776 Chapter 27: Policy and Politics 778 Policy and procedure 779 Security policies 781 User policy agreements 782 Sysadmin policy agreements 784 Policy and procedures for emergency situations 784 Disaster planning 785 Miscellaneous tidbits 787 Legal issues 787 Liability 788 Encryption 788 Copyright 788 Privacy 789 Policy enforcement 790 Software licenses 792 Spam: unsolicited commercial email 792 Sysadmin surveys 793 SAGE salary survey 793 SANS salary survey 794 Scope of service 795 Trouble-reporting systems 796 Managing management 797 Hiring, firing, and training 797 Attitude adjustment 799 Operator wars 799 Iterative refinement 799 War stories and ethics 800 Boss's mistake #1 800 Boss's mistake #2 801 Dan, your new name is Lester 801 Which ones to fire 802 Horndog Joe 802 Wedding invitations 803 Pornographic GIF images 803 Migrating data 803 Bill must die! 804 Localization and upgrades 805 Managing software across systems 805 Upgrades 806 Useful third-party software 808 Local documentation 809 Procurement 811 Decommissioning hardware 812 Software patents 813 Organizations, conferences, and other resources 814 SAGE: the System Administrators' Guild 815 Mailing lists and web resources 816 Printed resources 817 Standards 817 Sample documents 819 Recommended reading 820 Chapter 28: Daemons 821 init : the primordial process 822 cron : schedule commands 823 inetd : manage daemons 823 Configuring inetd 824 The services file 825 Restarting inetd 826 Securing inetd 826 portmap/rpcbind : map RPC services to TCP and UDP ports 826 System daemons 827 The paging daemon 827 The swapping daemon 827 The filesystem synchronization daemon 828 Printing daemons 828 lpd : manage BSD-style printing 828 lpsched : manage ATT printing 828 rlpdaemon : print from BSD to HP-UX 828 NFS daemons 828 nfsd : serve files 828 mountd : respond to mount requests 829 amd and automount : mount filesystems on demand 829 lockd and statd : manage NFS locks 829 biod : cache NFS blocks 829 NIS daemons 829 ypbind : locate NIS servers 829 ypserv : NIS server 830 ypxfrd : transfer NIS databases 830 rpc.nisd : NIS+ server 830 Internet daemons 830 talkd : network chat service 830 comsat : notify users of new mail 830 sendmail : transport electronic mail 830 snmpd : provide remote network management service 831 rwhod : maintain remote user list 831 ftpd : file transfer server 831 popper : basic mailbox server 831 imapd : deluxe mailbox server 831 rlogind : remote login server 831 telnetd : yet another remote login server 832 sshd : secure remote login server 832 rshd : remote command execution server 832 rexecd : yet another command execution server 832 rpc.rexd : yet a third command execution server 832 routed : maintain routing tables 832 gated : maintain complicated routing tables 832 named : DNS server 833 syslogd : process log messages 833 fingerd : look up users 833 httpd : World Wide Web server 833 Time synchronization daemons 833 timed : synchronize clocks 834 xntpd : synchronize clocks even better 834 Booting and configuration daemons 834 bootpd : boot server 835 tftpd : trivial file transfer server 835 rarpd : map Ethernet addresses to IP addresses 835 bootparamd : advanced diskless life support 835 dhcpd : dynamic address assignment 835 Colophon 836 Index 837