Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
4690 lines (4606 sloc) 227 KB
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="generator" content="Docutils 0.5: http://docutils.sourceforge.net/" />
<title>OpenRHCE</title>
<style type="text/css">
/*
:Author: David Goodger (goodger@python.org)
:Id: $Id: html4css1.css 5196 2007-06-03 20:25:28Z wiemann $
:Copyright: This stylesheet has been placed in the public domain.
Default cascading style sheet for the HTML output of Docutils.
See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
customize this style sheet.
*/
/* used to remove borders from tables and images */
.borderless, table.borderless td, table.borderless th {
border: 0 }
table.borderless td, table.borderless th {
/* Override padding for "table.docutils td" with "! important".
The right padding separates the table cells. */
padding: 0 0.5em 0 0 ! important }
.first {
/* Override more specific margin styles with "! important". */
margin-top: 0 ! important }
.last, .with-subtitle {
margin-bottom: 0 ! important }
.hidden {
display: none }
a.toc-backref {
text-decoration: none ;
color: black }
blockquote.epigraph {
margin: 2em 5em ; }
dl.docutils dd {
margin-bottom: 0.5em }
/* Uncomment (and remove this text!) to get bold-faced definition list terms
dl.docutils dt {
font-weight: bold }
*/
div.abstract {
margin: 2em 5em }
div.abstract p.topic-title {
font-weight: bold ;
text-align: center }
div.admonition, div.attention, div.caution, div.danger, div.error,
div.hint, div.important, div.note, div.tip, div.warning {
margin: 2em ;
border: medium outset ;
padding: 1em }
div.admonition p.admonition-title, div.hint p.admonition-title,
div.important p.admonition-title, div.note p.admonition-title,
div.tip p.admonition-title {
font-weight: bold ;
font-family: sans-serif }
div.attention p.admonition-title, div.caution p.admonition-title,
div.danger p.admonition-title, div.error p.admonition-title,
div.warning p.admonition-title {
color: red ;
font-weight: bold ;
font-family: sans-serif }
/* Uncomment (and remove this text!) to get reduced vertical space in
compound paragraphs.
div.compound .compound-first, div.compound .compound-middle {
margin-bottom: 0.5em }
div.compound .compound-last, div.compound .compound-middle {
margin-top: 0.5em }
*/
div.dedication {
margin: 2em 5em ;
text-align: center ;
font-style: italic }
div.dedication p.topic-title {
font-weight: bold ;
font-style: normal }
div.figure {
margin-left: 2em ;
margin-right: 2em }
div.footer, div.header {
clear: both;
font-size: smaller }
div.line-block {
display: block ;
margin-top: 1em ;
margin-bottom: 1em }
div.line-block div.line-block {
margin-top: 0 ;
margin-bottom: 0 ;
margin-left: 1.5em }
div.sidebar {
margin: 0 0 0.5em 1em ;
border: medium outset ;
padding: 1em ;
background-color: #ffffee ;
width: 40% ;
float: right ;
clear: right }
div.sidebar p.rubric {
font-family: sans-serif ;
font-size: medium }
div.system-messages {
margin: 5em }
div.system-messages h1 {
color: red }
div.system-message {
border: medium outset ;
padding: 1em }
div.system-message p.system-message-title {
color: red ;
font-weight: bold }
div.topic {
margin: 2em }
h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
margin-top: 0.4em }
h1.title {
text-align: center }
h2.subtitle {
text-align: center }
hr.docutils {
width: 75% }
img.align-left {
clear: left }
img.align-right {
clear: right }
ol.simple, ul.simple {
margin-bottom: 1em }
ol.arabic {
list-style: decimal }
ol.loweralpha {
list-style: lower-alpha }
ol.upperalpha {
list-style: upper-alpha }
ol.lowerroman {
list-style: lower-roman }
ol.upperroman {
list-style: upper-roman }
p.attribution {
text-align: right ;
margin-left: 50% }
p.caption {
font-style: italic }
p.credits {
font-style: italic ;
font-size: smaller }
p.label {
white-space: nowrap }
p.rubric {
font-weight: bold ;
font-size: larger ;
color: maroon ;
text-align: center }
p.sidebar-title {
font-family: sans-serif ;
font-weight: bold ;
font-size: larger }
p.sidebar-subtitle {
font-family: sans-serif ;
font-weight: bold }
p.topic-title {
font-weight: bold }
pre.address {
margin-bottom: 0 ;
margin-top: 0 ;
font-family: serif ;
font-size: 100% }
pre.literal-block, pre.doctest-block {
margin-left: 2em ;
margin-right: 2em }
span.classifier {
font-family: sans-serif ;
font-style: oblique }
span.classifier-delimiter {
font-family: sans-serif ;
font-weight: bold }
span.interpreted {
font-family: sans-serif }
span.option {
white-space: nowrap }
span.pre {
white-space: pre }
span.problematic {
color: red }
span.section-subtitle {
/* font-size relative to parent (h1..h6 element) */
font-size: 80% }
table.citation {
border-left: solid 1px gray;
margin-left: 1px }
table.docinfo {
margin: 2em 4em }
table.docutils {
margin-top: 0.5em ;
margin-bottom: 0.5em }
table.footnote {
border-left: solid 1px black;
margin-left: 1px }
table.docutils td, table.docutils th,
table.docinfo td, table.docinfo th {
padding-left: 0.5em ;
padding-right: 0.5em ;
vertical-align: top }
table.docutils th.field-name, table.docinfo th.docinfo-name {
font-weight: bold ;
text-align: left ;
white-space: nowrap ;
padding-left: 0 }
h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
font-size: 100% }
ul.auto-toc {
list-style-type: none }
</style>
</head>
<body>
<div class="header">
RHCE Preparation (RHEL6)
<hr class="header"/>
</div>
<div class="document" id="openrhce">
<h1 class="title">OpenRHCE</h1>
<h2 class="subtitle" id="a-creative-commons-courseware-for-rhce-preparation">A Creative Commons Courseware for RHCE Preparation</h2>
<!-- Sequence of section adornments: -->
<!-- ==- - -->
<!-- ==- -==- -__++~~^^ -->
<div class="section" id="course-outline">
<h1><a class="toc-backref" href="#id7">Course Outline</a></h1>
<div class="contents topic" id="contents">
<p class="topic-title first">Contents</p>
<ul class="simple">
<li><a class="reference internal" href="#course-outline" id="id7">Course Outline</a></li>
<li><a class="reference internal" href="#session-one-introduction" id="id8">Session One: Introduction</a><ul>
<li><a class="reference internal" href="#introductions-your-instructor" id="id9">Introductions: Your Instructor</a></li>
<li><a class="reference internal" href="#id1" id="id10">Introductions: Your Instructor</a><ul>
<li><a class="reference internal" href="#qualifications" id="id11">Qualifications:</a></li>
<li><a class="reference internal" href="#personal" id="id12">Personal:</a></li>
</ul>
</li>
<li><a class="reference internal" href="#introductions-fellow-students" id="id13">Introductions: Fellow Students</a><ul>
<li><a class="reference internal" href="#please-introduce-yourselves" id="id14">Please Introduce Yourselves</a></li>
</ul>
</li>
<li><a class="reference internal" href="#introductions-the-course" id="id15">Introductions: The Course</a><ul>
<li><a class="reference internal" href="#expectations" id="id16">Expectations</a></li>
<li><a class="reference internal" href="#preparation-recommendations" id="id17">Preparation Recommendations</a></li>
</ul>
</li>
<li><a class="reference internal" href="#red-hat-enterprise-linux" id="id18">Red Hat Enterprise Linux</a></li>
<li><a class="reference internal" href="#the-red-hat-certification-landscape" id="id19">The Red Hat Certification Landscape</a></li>
<li><a class="reference internal" href="#rhcsa-objectives" id="id20">RHCSA Objectives</a><ul>
<li><a class="reference internal" href="#rhcsa-objectives-understand-use-essential-tools" id="id21">RHCSA Objectives: Understand &amp; Use Essential Tools</a></li>
<li><a class="reference internal" href="#rhcsa-essential-tools-cont" id="id22">RHCSA: ...Essential Tools... (cont)</a></li>
<li><a class="reference internal" href="#rhcsa-operate-running-systems" id="id23">RHCSA: Operate Running Systems</a></li>
<li><a class="reference internal" href="#rhcsa-configure-local-storage" id="id24">RHCSA: Configure Local Storage</a></li>
<li><a class="reference internal" href="#rhcsa-create-and-configure-file-systems" id="id25">RHCSA: Create and Configure File Systems</a></li>
<li><a class="reference internal" href="#rhcsa-deploy-configure-maintain" id="id26">RHCSA: Deploy, Configure &amp; Maintain</a></li>
<li><a class="reference internal" href="#rhcsa-manage-users-and-groups" id="id27">RHCSA: Manage Users and Groups</a></li>
<li><a class="reference internal" href="#rhcsa-manage-security" id="id28">RHCSA: Manage Security</a></li>
</ul>
</li>
<li><a class="reference internal" href="#rhce-objectives" id="id29">RHCE Objectives</a><ul>
<li><a class="reference internal" href="#rhce-system-configuration-and-management" id="id30">RHCE: System Configuration and Management</a></li>
<li><a class="reference internal" href="#rhce-network-services" id="id31">RHCE: Network Services</a></li>
<li><a class="reference internal" href="#rhce-http-https" id="id32">RHCE: HTTP/HTTPS</a></li>
<li><a class="reference internal" href="#rhce-dns" id="id33">RHCE: DNS</a></li>
<li><a class="reference internal" href="#rhce-ftp" id="id34">RHCE: FTP</a></li>
<li><a class="reference internal" href="#rhce-nfs" id="id35">RHCE: NFS</a></li>
<li><a class="reference internal" href="#rhce-smb" id="id36">RHCE: SMB</a></li>
<li><a class="reference internal" href="#rhce-smtp" id="id37">RHCE: SMTP</a></li>
<li><a class="reference internal" href="#rhce-ssh" id="id38">RHCE: SSH</a></li>
<li><a class="reference internal" href="#rhce-ntp" id="id39">RHCE: NTP</a></li>
</ul>
</li>
<li><a class="reference internal" href="#boot-reboot-shutdown" id="id40">Boot, Reboot, Shutdown</a></li>
<li><a class="reference internal" href="#runlevels" id="id41">Runlevels</a></li>
<li><a class="reference internal" href="#single-user-mode" id="id42">Single User Mode</a></li>
<li><a class="reference internal" href="#log-files" id="id43">Log Files</a></li>
<li><a class="reference internal" href="#start-stop-virtual-machines" id="id44">Start/Stop Virtual Machines</a></li>
<li><a class="reference internal" href="#virtual-machine-consoles" id="id45">Virtual Machine Consoles</a></li>
<li><a class="reference internal" href="#virtual-machine-text-console" id="id46">Virtual Machine Text Console</a></li>
<li><a class="reference internal" href="#virtual-machine-text-console-caveat" id="id47">Virtual Machine Text Console Caveat</a></li>
<li><a class="reference internal" href="#start-stop-and-check-the-status-of-network-services" id="id48">Start, stop, and check the status of network services</a></li>
<li><a class="reference internal" href="#modify-the-system-bootloader" id="id49">Modify the system bootloader</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-2-storage-and-filesystems" id="id50">Session 2 Storage and filesystems</a><ul>
<li><a class="reference internal" href="#filesystem-disambiguation" id="id51">&quot;Filesystem&quot; - Disambiguation</a></li>
<li><a class="reference internal" href="#linux-filesystem-hierarchy" id="id52">Linux Filesystem Hierarchy</a></li>
<li><a class="reference internal" href="#disk-and-filesystem-tools" id="id53">Disk and Filesystem tools</a></li>
<li><a class="reference internal" href="#working-with-partitions" id="id54">Working with Partitions</a></li>
<li><a class="reference internal" href="#working-with-logical-volume-management" id="id55">Working with Logical Volume Management</a></li>
<li><a class="reference internal" href="#removing-logical-volume-structures" id="id56">Removing Logical Volume structures</a></li>
<li><a class="reference internal" href="#commands-to-know" id="id57">Commands to Know</a></li>
<li><a class="reference internal" href="#working-with-luks-encrypted-storage" id="id58">Working with LUKS encrypted storage</a></li>
<li><a class="reference internal" href="#persistent-mounting-of-luks-devices" id="id59">Persistent mounting of LUKS devices</a></li>
<li><a class="reference internal" href="#working-with-swap" id="id60">Working with SWAP</a></li>
<li><a class="reference internal" href="#using-a-file-for-swap" id="id61">Using a file for SWAP</a></li>
<li><a class="reference internal" href="#mounting-using-uuids-and-filesystem-labels" id="id62">Mounting Using UUIDs and Filesystem Labels</a></li>
<li><a class="reference internal" href="#local-storage-adding-new-storage" id="id63">Local Storage: Adding New Storage</a></li>
<li><a class="reference internal" href="#file-systems-working-with-common-linux-filesystems" id="id64">File systems: Working with Common Linux Filesystems</a></li>
<li><a class="reference internal" href="#filesystem-permissions-basic-permissions" id="id65">Filesystem Permissions: Basic Permissions</a></li>
<li><a class="reference internal" href="#three-sets-of-permissions" id="id66">Three Sets of Permissions:</a></li>
<li><a class="reference internal" href="#three-types-of-permissions" id="id67">Three Types of Permissions:</a></li>
<li><a class="reference internal" href="#three-extended-attributes" id="id68">Three Extended Attributes:</a></li>
<li><a class="reference internal" href="#viewing-permissions" id="id69">Viewing Permissions</a></li>
<li><a class="reference internal" href="#setting-permissions" id="id70">Setting Permissions</a></li>
<li><a class="reference internal" href="#setting-permissions-with-numeric-options" id="id71">Setting Permissions with Numeric Options</a></li>
<li><a class="reference internal" href="#setting-extended-attributes-with-numeric-options" id="id72">Setting Extended Attributes with Numeric Options</a></li>
<li><a class="reference internal" href="#setting-extended-attributes-with-symbolic-values" id="id73">Setting Extended Attributes with Symbolic Values:</a></li>
<li><a class="reference internal" href="#extended-attributes-in-directory-listings" id="id74">Extended Attributes in Directory Listings</a></li>
<li><a class="reference internal" href="#umask" id="id75">Umask</a></li>
<li><a class="reference internal" href="#umask-examples" id="id76">Umask Examples</a></li>
<li><a class="reference internal" href="#sgid-and-stickybit-use-case-collaborative-directories" id="id77">SGID and Stickybit Use Case -- Collaborative Directories</a></li>
<li><a class="reference internal" href="#file-access-control-lists" id="id78">File Access Control Lists</a></li>
<li><a class="reference internal" href="#getfacl" id="id79">getfacl</a></li>
<li><a class="reference internal" href="#working-with-cifs-network-file-systems" id="id80">Working with CIFS network file systems</a></li>
<li><a class="reference internal" href="#working-with-nfs-file-systems" id="id81">Working with NFS file systems</a></li>
<li><a class="reference internal" href="#iscsi-devices" id="id82">iSCSI Devices</a></li>
<li><a class="reference internal" href="#accessing-iscsi-devices" id="id83">Accessing iSCSI Devices</a></li>
<li><a class="reference internal" href="#disconnecting-from-iscsi-devices" id="id84">Disconnecting from iSCSI Devices</a></li>
<li><a class="reference internal" href="#additional-references" id="id85">Additional References</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-3-managing-software-processes-kernel-attributes-and-users-and-groups" id="id86">Session 3 Managing software, processes, kernel attributes, and users and groups</a><ul>
<li><a class="reference internal" href="#the-red-hat-network-rhn" id="id87">The Red Hat Network (RHN)</a></li>
<li><a class="reference internal" href="#rhn-subscription-activation" id="id88">RHN Subscription Activation</a></li>
<li><a class="reference internal" href="#rd-party-yum-repositories" id="id89">3rd Party Yum Repositories</a></li>
<li><a class="reference internal" href="#yum-repository-mandatory-configuration-items" id="id90">Yum Repository Mandatory Configuration Items</a></li>
<li><a class="reference internal" href="#yum-repository-common-optional-configuration-items" id="id91">Yum Repository Common Optional Configuration Items</a></li>
<li><a class="reference internal" href="#managing-software-using-yum" id="id92">Managing Software: Using yum</a></li>
<li><a class="reference internal" href="#yum-related-man-pages" id="id93">Yum-related man pages</a></li>
<li><a class="reference internal" href="#rpm-architecture" id="id94">RPM Architecture</a></li>
<li><a class="reference internal" href="#rpm-package-naming" id="id95">RPM Package Naming</a></li>
<li><a class="reference internal" href="#package-naming-example" id="id96">Package Naming Example</a></li>
<li><a class="reference internal" href="#installing-and-upgrading-packages" id="id97">Installing and Upgrading Packages</a></li>
<li><a class="reference internal" href="#upgrading-a-kernel" id="id98">Upgrading a Kernel</a></li>
<li><a class="reference internal" href="#rpm-and-modified-config-files" id="id99">RPM and Modified Config Files</a></li>
<li><a class="reference internal" href="#uninstalling" id="id100">Uninstalling</a></li>
<li><a class="reference internal" href="#rpm-over-a-network" id="id101">RPM over a Network</a></li>
<li><a class="reference internal" href="#common-rpm-queries" id="id102">Common RPM Queries</a></li>
<li><a class="reference internal" href="#rpm-verification" id="id103">RPM Verification</a></li>
<li><a class="reference internal" href="#validate-package-signatures" id="id104">Validate Package Signatures</a></li>
<li><a class="reference internal" href="#rpm-checksig-sample-output" id="id105">RPM Checksig Sample Output</a></li>
<li><a class="reference internal" href="#verify-installed-files" id="id106">Verify Installed Files</a></li>
<li><a class="reference internal" href="#change-codes-from-rpm-verify" id="id107">Change Codes from rpm --verify</a></li>
<li><a class="reference internal" href="#rpm-verify-sample-output" id="id108">RPM Verify Sample Output</a></li>
<li><a class="reference internal" href="#identifying-installed-packages" id="id109">Identifying Installed Packages</a></li>
<li><a class="reference internal" href="#managing-software-building-rpms" id="id110">Managing Software: Building RPMs</a></li>
<li><a class="reference internal" href="#inside-an-rpm-package" id="id111">Inside an RPM package</a></li>
<li><a class="reference internal" href="#main-contents-of-a-spec-file" id="id112">Main contents of a .spec file</a></li>
<li><a class="reference internal" href="#preamble-directives" id="id113">Preamble directives</a></li>
<li><a class="reference internal" href="#required-spec-file-sections" id="id114">Required Spec file sections</a></li>
<li><a class="reference internal" href="#package-building-tools" id="id115">Package Building Tools</a></li>
<li><a class="reference internal" href="#setting-up-a-build-environment" id="id116">Setting up a Build Environment</a></li>
<li><a class="reference internal" href="#viewing-the-build-environment" id="id117">Viewing the Build Environment</a></li>
<li><a class="reference internal" href="#building-the-rpm" id="id118">Building the RPM</a></li>
<li><a class="reference internal" href="#rpm-building-exercise" id="id119">RPM Building Exercise</a></li>
<li><a class="reference internal" href="#signing-your-rpms" id="id120">Signing Your RPMs</a></li>
<li><a class="reference internal" href="#create-a-repo-with-your-files" id="id121">Create a Repo with your files</a></li>
<li><a class="reference internal" href="#rpm-packaging-other-documentation" id="id122">RPM Packaging, Other Documentation:</a></li>
<li><a class="reference internal" href="#manage-processes-and-services" id="id123">Manage Processes and Services</a></li>
<li><a class="reference internal" href="#persistent-configuration-of-services" id="id124">Persistent Configuration of Services</a></li>
<li><a class="reference internal" href="#manage-processes-and-services-configure-systems-to-boot-into-a-specific-runlevel-automatically" id="id125">Manage Processes and Services: Configure systems to boot into a specific runlevel automatically</a></li>
<li><a class="reference internal" href="#monitoring-processes" id="id126">Monitoring Processes</a></li>
<li><a class="reference internal" href="#killing-processes" id="id127">Killing Processes</a></li>
<li><a class="reference internal" href="#prioritizing-processes" id="id128">Prioritizing Processes</a></li>
<li><a class="reference internal" href="#nice-and-renice-commands" id="id129"><tt class="docutils literal"><span class="pre">nice</span></tt> and <tt class="docutils literal"><span class="pre">renice</span></tt> commands</a></li>
<li><a class="reference internal" href="#manage-system-performance" id="id130">Manage system performance</a></li>
<li><a class="reference internal" href="#manage-users-and-groups" id="id131">Manage Users and Groups</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-4-networking-and-routing" id="id132">Session 4 Networking and Routing</a><ul>
<li><a class="reference internal" href="#network-configuration-and-troubleshooting" id="id133">Network Configuration and Troubleshooting</a></li>
<li><a class="reference internal" href="#ip-address-and-subnet-mask" id="id134">IP Address and Subnet Mask</a></li>
<li><a class="reference internal" href="#routing-and-default-gateway" id="id135">Routing and Default Gateway</a></li>
<li><a class="reference internal" href="#hostname" id="id136">Hostname</a></li>
<li><a class="reference internal" href="#name-resolution" id="id137">Name Resolution</a></li>
<li><a class="reference internal" href="#two-controlling-services" id="id138">Two Controlling Services</a></li>
<li><a class="reference internal" href="#switching-between-controlling-services" id="id139">Switching between Controlling Services</a></li>
<li><a class="reference internal" href="#network-configuration-files" id="id140">Network Configuration Files</a></li>
<li><a class="reference internal" href="#reference" id="id141">Reference</a></li>
<li><a class="reference internal" href="#future-near-network-device-naming-scheme" id="id142">Future (Near!) Network Device Naming Scheme</a></li>
<li><a class="reference internal" href="#troubleshooting-toolkit" id="id143">Troubleshooting Toolkit</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-5-firewalls-and-selinux" id="id144">Session 5 Firewalls and SELinux</a><ul>
<li><a class="reference internal" href="#firewalling-in-rhel6" id="id145">Firewalling in RHEL6</a></li>
<li><a class="reference internal" href="#iptables-built-in-chains" id="id146">iptables Built-in Chains</a></li>
<li><a class="reference internal" href="#iptables-targets" id="id147">iptables Targets</a></li>
<li><a class="reference internal" href="#connection-tracking-states" id="id148">Connection Tracking States</a></li>
<li><a class="reference internal" href="#iptables-command-options" id="id149">Iptables Command Options</a></li>
<li><a class="reference internal" href="#matching-packets" id="id150">Matching packets</a></li>
<li><a class="reference internal" href="#iptables-tips" id="id151">Iptables Tips</a></li>
<li><a class="reference internal" href="#selinux" id="id152">SELinux</a></li>
<li><a class="reference internal" href="#selinux-in-action" id="id153">SELinux in Action</a></li>
<li><a class="reference internal" href="#selinux-enforcement-modes" id="id154">SELinux Enforcement Modes</a></li>
<li><a class="reference internal" href="#important-selinux-filesystem-locations" id="id155">Important SELinux Filesystem locations</a></li>
<li><a class="reference internal" href="#related-packages" id="id156">Related Packages</a></li>
<li><a class="reference internal" href="#useful-commands" id="id157">Useful Commands</a></li>
<li><a class="reference internal" href="#additional-documentation" id="id158">Additional Documentation</a></li>
<li><a class="reference internal" href="#setting-the-selinux-enforcement-mode" id="id159">Setting the SELinux Enforcement Mode</a></li>
<li><a class="reference internal" href="#selinux-policy-types" id="id160">SELinux Policy Types</a></li>
<li><a class="reference internal" href="#selinux-contexts" id="id161">SELinux Contexts</a></li>
<li><a class="reference internal" href="#setting-selinux-file-contexts" id="id162">Setting SELinux file contexts</a></li>
<li><a class="reference internal" href="#selinux-booleans" id="id163">SELinux Booleans</a></li>
<li><a class="reference internal" href="#modifying-selinux-booleans" id="id164">Modifying SELinux Booleans</a></li>
<li><a class="reference internal" href="#help-for-selinux-with-regard-to-specific-services" id="id165">Help for SELinux with regard to specific services</a></li>
<li><a class="reference internal" href="#monitor-selinux-violations" id="id166">Monitor SELinux Violations</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-6-virtualization" id="id167">Session 6 Virtualization</a><ul>
<li><a class="reference internal" href="#virtualization-terms" id="id168">Virtualization Terms</a></li>
<li><a class="reference internal" href="#rhel6-kvm-requirements" id="id169">RHEL6 KVM requirements</a></li>
<li><a class="reference internal" href="#kvm-virtualization-components" id="id170">KVM Virtualization Components</a></li>
<li><a class="reference internal" href="#installing-virtualization-capabilities" id="id171">Installing Virtualization Capabilities</a></li>
<li><a class="reference internal" href="#virsh-commands" id="id172">Virsh Commands</a></li>
<li><a class="reference internal" href="#creating-virtual-machines-with-virt-manager" id="id173">Creating Virtual Machines with Virt-Manager</a></li>
<li><a class="reference internal" href="#creating-virtual-machines-with-virt-install" id="id174">Creating Virtual Machines with virt-install</a></li>
<li><a class="reference internal" href="#selinux-considerations" id="id175">SELinux considerations</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-7-logging-and-remote-access" id="id176">Session 7 Logging and remote access</a><ul>
<li><a class="reference internal" href="#rhel-6-logging-with-rsyslog" id="id177">RHEL 6 Logging with Rsyslog</a></li>
<li><a class="reference internal" href="#accepting-remote-logs" id="id178">Accepting Remote Logs</a></li>
<li><a class="reference internal" href="#rsyslog-configuration-message-selection" id="id179">Rsyslog Configuration: Message Selection</a></li>
<li><a class="reference internal" href="#rsyslog-configuration-actions" id="id180">Rsyslog Configuration: Actions</a></li>
<li><a class="reference internal" href="#practice" id="id181">Practice</a></li>
<li><a class="reference internal" href="#remote-access-via-ssh" id="id182">Remote Access via SSH</a></li>
<li><a class="reference internal" href="#investigate-selinux-implications-for-ssh" id="id183">Investigate SELinux implications for SSH</a></li>
<li><a class="reference internal" href="#ssh-key-based-authentication" id="id184">SSH key-based authentication</a></li>
<li><a class="reference internal" href="#ssh-security-considerations" id="id185">SSH Security Considerations</a></li>
<li><a class="reference internal" href="#remote-access-via-vnc" id="id186">Remote Access via VNC</a></li>
<li><a class="reference internal" href="#configuring-a-vnc-remote-display" id="id187">Configuring a VNC remote display</a></li>
<li><a class="reference internal" href="#investigate-selinux-implications-for-vnc" id="id188">Investigate SELinux implications for VNC</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-8-network-time-protocol-and-system-performance-reports" id="id189">Session 8 Network Time Protocol and System Performance Reports</a><ul>
<li><a class="reference internal" href="#ntp-overview" id="id190">NTP Overview</a></li>
<li><a class="reference internal" href="#ntp-packages" id="id191">NTP Packages</a></li>
<li><a class="reference internal" href="#ntp-documentation" id="id192">NTP Documentation</a></li>
<li><a class="reference internal" href="#installing-starting-and-configuring-persistence" id="id193">Installing, Starting, and Configuring Persistence</a></li>
<li><a class="reference internal" href="#defining-ntp-terms" id="id194">Defining NTP Terms</a></li>
<li><a class="reference internal" href="#configuration-of-ntp" id="id195">Configuration of NTP</a></li>
<li><a class="reference internal" href="#ntp-restrict-options" id="id196">NTP &quot;restrict&quot; options</a></li>
<li><a class="reference internal" href="#configure-as-a-client" id="id197">Configure as a Client</a></li>
<li><a class="reference internal" href="#configure-as-a-server" id="id198">Configure as a Server</a></li>
<li><a class="reference internal" href="#configure-as-a-peer" id="id199">Configure as a Peer</a></li>
<li><a class="reference internal" href="#investigate-selinux-implications-for-ntp" id="id200">Investigate SELinux implications for NTP</a></li>
<li><a class="reference internal" href="#investigate-firewall-implications-for-ntp" id="id201">Investigate Firewall Implications for NTP</a></li>
<li><a class="reference internal" href="#reporting-on-system-performance" id="id202">Reporting on System Performance</a></li>
<li><a class="reference internal" href="#tools-for-system-utilization-reporting" id="id203">Tools for System Utilization Reporting</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-9-http-and-ftp" id="id204">Session 9 HTTP and FTP</a><ul>
<li><a class="reference internal" href="#apache-web-server" id="id205">Apache Web Server</a></li>
<li><a class="reference internal" href="#installation-and-basic-configuration" id="id206">Installation and Basic Configuration</a></li>
<li><a class="reference internal" href="#installing-a-signed-ssl-certificate" id="id207">Installing a Signed SSL Certificate</a></li>
<li><a class="reference internal" href="#virtual-host-configuration" id="id208">Virtual Host Configuration</a></li>
<li><a class="reference internal" href="#name-virtual-host-configuration" id="id209">Name Virtual Host Configuration</a></li>
<li><a class="reference internal" href="#example-virtual-host-configuration" id="id210">Example Virtual Host Configuration</a></li>
<li><a class="reference internal" href="#configuring-for-cgi-bin-scripts" id="id211">Configuring for CGI-BIN scripts</a></li>
<li><a class="reference internal" href="#apache-access-control" id="id212">Apache Access Control</a></li>
<li><a class="reference internal" href="#host-based-security-directive-formats" id="id213">Host Based Security directive formats</a></li>
<li><a class="reference internal" href="#access-control-with-htaccess-files" id="id214">Access Control with .htaccess files</a></li>
<li><a class="reference internal" href="#user-based-security-with-htpasswd-flat-file" id="id215">User Based Security with htpasswd flat file</a></li>
<li><a class="reference internal" href="#configuring-passwords" id="id216">Configuring Passwords</a></li>
<li><a class="reference internal" href="#user-based-security-with-ldap-authentication" id="id217">User Based Security with LDAP authentication</a></li>
<li><a class="reference internal" href="#selinux-implications-for-http" id="id218">SELinux Implications for HTTP</a></li>
<li><a class="reference internal" href="#important-selinux-contexts" id="id219">Important SELinux Contexts</a></li>
<li><a class="reference internal" href="#firewall-and-selinux-for-httpd" id="id220">Firewall and SELinux for httpd</a></li>
<li><a class="reference internal" href="#very-secure-file-transfer-protocol-daemon" id="id221">Very Secure File Transfer Protocol Daemon</a></li>
<li><a class="reference internal" href="#id2" id="id222">Installation and Basic Configuration</a></li>
<li><a class="reference internal" href="#ftp-documentation" id="id223">FTP Documentation</a></li>
<li><a class="reference internal" href="#investigate-selinux-implications-for-ftp" id="id224">Investigate SELinux implications for FTP</a></li>
<li><a class="reference internal" href="#investigate-firewall-implications-for-ftp" id="id225">Investigate Firewall Implications for FTP</a></li>
<li><a class="reference internal" href="#configuring-a-secure-drop-box-for-anon-upload" id="id226">Configuring a Secure &quot;Drop-box&quot; for Anon Upload</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-10-nfs-and-samba" id="id227">Session 10 NFS and Samba</a><ul>
<li><a class="reference internal" href="#network-file-system-nfs" id="id228">Network File System (NFS)</a></li>
<li><a class="reference internal" href="#packages" id="id229">Packages</a></li>
<li><a class="reference internal" href="#configuration" id="id230">Configuration</a></li>
<li><a class="reference internal" href="#configuring-an-nfs-server-network-file-system" id="id231">Configuring an NFS server (Network File System)</a></li>
<li><a class="reference internal" href="#etc-exports" id="id232">/etc/exports</a></li>
<li><a class="reference internal" href="#commands" id="id233">Commands</a></li>
<li><a class="reference internal" href="#id3" id="id234">SELinux</a></li>
<li><a class="reference internal" href="#mounting" id="id235">Mounting</a></li>
<li><a class="reference internal" href="#automounter" id="id236">Automounter</a></li>
<li><a class="reference internal" href="#auto-master" id="id237">Auto.master</a></li>
<li><a class="reference internal" href="#auto" id="id238">Auto.*</a></li>
<li><a class="reference internal" href="#understanding-automount" id="id239">Understanding Automount</a></li>
<li><a class="reference internal" href="#samba" id="id240">Samba</a></li>
<li><a class="reference internal" href="#accessing-smb-cifs-shares" id="id241">Accessing SMB/CIFS Shares</a></li>
<li><a class="reference internal" href="#samba-packages" id="id242">Samba Packages:</a></li>
<li><a class="reference internal" href="#id4" id="id243">SELinux</a></li>
<li><a class="reference internal" href="#services" id="id244">Services</a></li>
<li><a class="reference internal" href="#etc-samba-smb-conf-global" id="id245">/etc/samba/smb.conf (Global)</a></li>
<li><a class="reference internal" href="#etc-samba-smb-conf-security-types" id="id246">/etc/samba/smb.conf Security Types</a></li>
<li><a class="reference internal" href="#samba-users-and-passwords" id="id247">Samba Users and Passwords</a></li>
<li><a class="reference internal" href="#etc-samba-smb-conf-shares" id="id248">/etc/samba/smb.conf (Shares)</a></li>
<li><a class="reference internal" href="#testing-configuration" id="id249">Testing Configuration</a></li>
<li><a class="reference internal" href="#samba-firewalling-considerations" id="id250">Samba Firewalling Considerations</a></li>
<li><a class="reference internal" href="#howto-enable-home-directory-sharing-via-samba" id="id251">HowTo: Enable Home Directory sharing via Samba</a></li>
<li><a class="reference internal" href="#howto-configure-a-group-share" id="id252">HowTo: Configure a Group Share</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-11-dns-and-smtp" id="id253">Session 11 DNS and SMTP</a><ul>
<li><a class="reference internal" href="#types-of-dns-servers" id="id254">Types of DNS servers</a></li>
<li><a class="reference internal" href="#installing-and-enabling-bind" id="id255">Installing and enabling Bind</a></li>
</ul>
</li>
<li><a class="reference internal" href="#session-12-finish-uncompleted-topics-review-or-practice-exam" id="id256">Session 12 Finish uncompleted topics, Review, or Practice Exam</a></li>
<li><a class="reference internal" href="#supplemental-topics" id="id257">Supplemental Topics</a><ul>
<li><a class="reference internal" href="#manage-processes-and-services-schedule-tasks-using-cron" id="id258">Manage Processes and Services: Schedule tasks using cron</a></li>
<li><a class="reference internal" href="#cron" id="id259">Cron</a></li>
<li><a class="reference internal" href="#format-of-a-crontab-file" id="id260">Format of a crontab file</a></li>
<li><a class="reference internal" href="#controlling-cron" id="id261">Controlling Cron</a></li>
<li><a class="reference internal" href="#at-jobs" id="id262">at Jobs</a></li>
<li><a class="reference internal" href="#securing-cron-and-at" id="id263">Securing cron and at</a></li>
<li><a class="reference internal" href="#user-admin-with-config-files" id="id264">User Admin with Config Files</a></li>
<li><a class="reference internal" href="#structure-of-etc-passwd" id="id265">Structure of /etc/passwd</a></li>
<li><a class="reference internal" href="#structure-of-etc-shadow" id="id266">Structure of /etc/shadow</a><ul>
<li><a class="reference internal" href="#sample-contents" id="id267">Sample Contents</a></li>
</ul>
</li>
<li><a class="reference internal" href="#structure-of-etc-group" id="id268">Structure of /etc/group</a><ul>
<li><a class="reference internal" href="#id5" id="id269">Sample Contents</a></li>
</ul>
</li>
<li><a class="reference internal" href="#structure-of-etc-gshadow" id="id270">Structure of /etc/gshadow</a><ul>
<li><a class="reference internal" href="#id6" id="id271">Sample Contents</a></li>
</ul>
</li>
<li><a class="reference internal" href="#user-admin-with-cli-tools" id="id272">User Admin with CLI tools</a></li>
<li><a class="reference internal" href="#user-admin-with-gui-tools" id="id273">User Admin with GUI tools</a></li>
<li><a class="reference internal" href="#user-environment" id="id274">User environment</a><ul>
<li><a class="reference internal" href="#common-contents" id="id275">Common Contents:</a></li>
</ul>
</li>
<li><a class="reference internal" href="#system-wide-shell-config-files" id="id276">System-wide Shell Config Files</a></li>
<li><a class="reference internal" href="#user-configurable-environment-files" id="id277">User-configurable Environment Files</a></li>
<li><a class="reference internal" href="#cups-printing-system" id="id278">CUPS Printing System</a></li>
<li><a class="reference internal" href="#controlling-jobs-from-the-command-line" id="id279">Controlling Jobs from the Command Line</a></li>
<li><a class="reference internal" href="#cups-web-based-interface" id="id280">CUPS Web-Based Interface</a></li>
</ul>
</li>
<li><a class="reference internal" href="#troubleshooting" id="id281">Troubleshooting</a><ul>
<li><a class="reference internal" href="#booting" id="id282">Booting</a></li>
<li><a class="reference internal" href="#booting-mbr" id="id283">Booting - (MBR)</a></li>
<li><a class="reference internal" href="#booting-grub-stage-1-5-driver-to-read-filesystem" id="id284">Booting - GRUB Stage 1.5 (Driver to read filesystem)</a></li>
<li><a class="reference internal" href="#booting-grub-stage-2-menu" id="id285">Booting - GRUB Stage 2 (Menu)</a></li>
<li><a class="reference internal" href="#booting-kernel" id="id286">Booting - Kernel</a></li>
<li><a class="reference internal" href="#booting-initrd-initial-ramdisk" id="id287">Booting - initrd (initial ramdisk)</a></li>
<li><a class="reference internal" href="#booting-init-process" id="id288">Booting - init process</a></li>
<li><a class="reference internal" href="#booting-inittab" id="id289">Booting - inittab</a></li>
<li><a class="reference internal" href="#booting-rc-sysinit" id="id290">Booting - rc.sysinit</a></li>
<li><a class="reference internal" href="#booting-services" id="id291">Booting - services</a></li>
<li><a class="reference internal" href="#networking" id="id292">Networking</a></li>
<li><a class="reference internal" href="#x" id="id293">X</a></li>
<li><a class="reference internal" href="#tcp-wrappers" id="id294">TCP_Wrappers</a></li>
<li><a class="reference internal" href="#which-services-are-protected" id="id295">Which Services are Protected?</a></li>
<li><a class="reference internal" href="#indentifying-protected-services" id="id296">Indentifying Protected Services</a></li>
<li><a class="reference internal" href="#hosts-access-files-syntax" id="id297">Hosts Access Files Syntax</a></li>
</ul>
</li>
</ul>
</div>
</div>
<div class="section" id="session-one-introduction">
<h1><a class="toc-backref" href="#id8">Session One: Introduction</a></h1>
<div class="section" id="introductions-your-instructor">
<h2><a class="toc-backref" href="#id9">Introductions: Your Instructor</a></h2>
<p>Scott Purcell</p>
<p><a class="reference external" href="mailto:scott&#64;texastwister.info">scott&#64;texastwister.info</a></p>
<p><a class="reference external" href="http://www.linkedin.com/in/scottpurcell">http://www.linkedin.com/in/scottpurcell</a></p>
<p><a class="reference external" href="http://twitter.com/texastwister">http://twitter.com/texastwister</a></p>
<p><a class="reference external" href="http://www.facebook.com/Scott.L.Purcell">http://www.facebook.com/Scott.L.Purcell</a></p>
</div>
<div class="section" id="id1">
<h2><a class="toc-backref" href="#id10">Introductions: Your Instructor</a></h2>
<div class="section" id="qualifications">
<h3><a class="toc-backref" href="#id11">Qualifications:</a></h3>
<ul class="simple">
<li>RHCSA, RHCE #110-008-877 (RHEL6)</li>
<li>Also: CTT+, CLA, CLP, CNI, LPIC1, Linux+</li>
<li>Curriculum Developer and Trainer for a major computer manufacturer for going on 11 years</li>
<li>Linux Enthusiast since 2000</li>
</ul>
</div>
<div class="section" id="personal">
<h3><a class="toc-backref" href="#id12">Personal:</a></h3>
<ul class="simple">
<li>Husband, father, disciple and</li>
<li>Fun: Part-time Balloon Entertainer</li>
</ul>
</div>
</div>
<div class="section" id="introductions-fellow-students">
<h2><a class="toc-backref" href="#id13">Introductions: Fellow Students</a></h2>
<div class="section" id="please-introduce-yourselves">
<h3><a class="toc-backref" href="#id14">Please Introduce Yourselves</a></h3>
<ul class="simple">
<li>Name</li>
<li>Where you work or what you do.</li>
<li>What Linux experience do you already have?</li>
<li>What goals do you have for this class?</li>
<li>Something fun about yourself.</li>
</ul>
</div>
</div>
<div class="section" id="introductions-the-course">
<h2><a class="toc-backref" href="#id15">Introductions: The Course</a></h2>
<div class="section" id="expectations">
<h3><a class="toc-backref" href="#id16">Expectations</a></h3>
<ul>
<li><p class="first">Should I be able to pass the RHCE on this class alone?</p>
<blockquote>
<p>A stunning number of seasoned professionals taking Red Hat's own prep courses fail to pass on first attempt.</p>
</blockquote>
</li>
<li><p class="first">Planning for more than one attempt is prudent.</p>
</li>
<li><p class="first">Maximizing your out-of-class preparation time is prudent.</p>
</li>
</ul>
</div>
<div class="section" id="preparation-recommendations">
<h3><a class="toc-backref" href="#id17">Preparation Recommendations</a></h3>
<ul>
<li><p class="first">Practice/Study Environment</p>
<blockquote>
<ul>
<li><p class="first">2 or 3 systems or VMs, networked together. Virtualized hosting providers may be an alternative.</p>
</li>
<li><p class="first">RHEL 6 (eval), CENTOS 6 (when available), or Fedora (Fedora 13 will be closest to RHEL 6)</p>
</li>
<li><p class="first">Red Hat docs at:</p>
<blockquote>
<p><a class="reference external" href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/index.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/index.html</a></p>
</blockquote>
</li>
<li><p class="first">RHCE Objectives and other information at:</p>
<blockquote>
<p><a class="reference external" href="http://www.redhat.com/certification/">http://www.redhat.com/certification/</a></p>
</blockquote>
</li>
<li><p class="first">Take initiative -- form a study group.</p>
</li>
<li><p class="first">Practice, practice, practice!</p>
</li>
</ul>
</blockquote>
</li>
</ul>
</div>
</div>
<div class="section" id="red-hat-enterprise-linux">
<h2><a class="toc-backref" href="#id18">Red Hat Enterprise Linux</a></h2>
<ul class="simple">
<li>Overview</li>
<li>Server and Desktop variants</li>
<li>Add-on Functionality</li>
<li>LifeCycle</li>
</ul>
</div>
<div class="section" id="the-red-hat-certification-landscape">
<h2><a class="toc-backref" href="#id19">The Red Hat Certification Landscape</a></h2>
<ul>
<li><p class="first">RHCSA</p>
<blockquote>
<p>RHCSA is new, replacing the RHCT. It is the &quot;core&quot; sysadmin certification from Red Hat. To earn RHCE and other system administration certs will require first earning the RHCSA.</p>
</blockquote>
</li>
<li><p class="first">RHCE</p>
<blockquote>
<p>RHCE is a senior system administration certification. It is an eligibility requirement for taking any COE exams and is thus a requirement for the upper-level credentials as well.</p>
</blockquote>
</li>
<li><p class="first">Certificates of Expertise</p>
<blockquote>
<p>COEs are incremental credentials demonstrating skills and knowledge in specialized areas. They are worthy credentials in their own right, but also the building blocks of the upper level credentials.</p>
</blockquote>
</li>
<li><p class="first">RHCSS, RHCDS, RHCA</p>
<blockquote>
<p>These upper level credentials recognize those who have achieved expertise in several related specialized areas. Each one requires multiple COEs.</p>
</blockquote>
</li>
</ul>
</div>
<div class="section" id="rhcsa-objectives">
<h2><a class="toc-backref" href="#id20">RHCSA Objectives</a></h2>
<div class="section" id="rhcsa-objectives-understand-use-essential-tools">
<h3><a class="toc-backref" href="#id21">RHCSA Objectives: Understand &amp; Use Essential Tools</a></h3>
<blockquote>
<ul class="simple">
<li>Access a shell prompt and issue commands with correct syntax</li>
<li>Use input-output redirection (&gt;, &gt;&gt;, <tt class="docutils literal"><span class="pre">|</span></tt>, 2&gt;, etc.)</li>
<li>Use grep and regular expressions to analyze text</li>
<li>Access remote systems using ssh and VNC</li>
<li>Log in and switch users in multi-user runlevels</li>
<li>Archive, compress, unpack and uncompress files using tar, star, gzip, and bzip2</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhcsa-essential-tools-cont">
<h3><a class="toc-backref" href="#id22">RHCSA: ...Essential Tools... (cont)</a></h3>
<blockquote>
<ul>
<li><p class="first">Create and edit text files</p>
</li>
<li><p class="first">Create, delete, copy and move files and directories</p>
</li>
<li><p class="first">Create hard and soft links</p>
</li>
<li><p class="first">List, set and change standard ugo/rwx permissions</p>
</li>
<li><p class="first">Locate, read and use system documentation including man, info, and files in /usr/share/doc .</p>
<blockquote>
<p>[Note: Red Hat may use applications during the exam that are not included in Red Hat Enterprise Linux for the purpose of evaluating candidate's abilities to meet this objective.]</p>
</blockquote>
</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhcsa-operate-running-systems">
<h3><a class="toc-backref" href="#id23">RHCSA: Operate Running Systems</a></h3>
<blockquote>
<ul class="simple">
<li>Boot, reboot, and shut down a system normally</li>
<li>Boot systems into different runlevels manually</li>
<li>Use single-user mode to gain access to a system</li>
<li>Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes</li>
<li>Locate and interpret system log files</li>
<li>Access a virtual machine's console</li>
<li>Start and stop virtual machines</li>
<li>Start, stop and check the status of network services</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhcsa-configure-local-storage">
<h3><a class="toc-backref" href="#id24">RHCSA: Configure Local Storage</a></h3>
<blockquote>
<ul class="simple">
<li>List, create, delete and set partition type for primary, extended, and logical partitions</li>
<li>Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes</li>
<li>Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot</li>
<li>Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label</li>
<li>Add new partitions, logical volumes and swap to a system non-destructively</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhcsa-create-and-configure-file-systems">
<h3><a class="toc-backref" href="#id25">RHCSA: Create and Configure File Systems</a></h3>
<blockquote>
<ul class="simple">
<li>Create, mount, unmount and use ext2, ext3 and ext4 file systems</li>
<li>Mount, unmount and use LUKS-encrypted file systems</li>
<li>Mount and unmount CIFS and NFS network file systems</li>
<li>Configure systems to mount ext4, LUKS-encrypted and network file systems automatically</li>
<li>Extend existing unencrypted ext4-formatted logical volumes</li>
<li>Create and configure set-GID directories for collaboration</li>
<li>Create and manage Access Control Lists (ACLs)</li>
<li>Diagnose and correct file permission problems</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhcsa-deploy-configure-maintain">
<h3><a class="toc-backref" href="#id26">RHCSA: Deploy, Configure &amp; Maintain</a></h3>
<blockquote>
<ul class="simple">
<li>Configure networking and hostname resolution statically or dynamically</li>
<li>Schedule tasks using cron</li>
<li>Configure systems to boot into a specific runlevel automatically</li>
<li>Install Red Hat Enterprise Linux automatically using Kickstart</li>
<li>Configure a physical machine to host virtual guests</li>
<li>Install Red Hat Enterprise Linux systems as virtual guests</li>
<li>Configure systems to launch virtual machines at boot</li>
<li>Configure network services to start automatically at boot</li>
<li>Configure a system to run a default configuration HTTP server</li>
<li>Configure a system to run a default configuration FTP server</li>
<li>Install and update software packages from Red Hat Network, a remote repository, or from the local filesystem</li>
<li>Update the kernel package appropriately to ensure a bootable system</li>
<li>Modify the system bootloader</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhcsa-manage-users-and-groups">
<h3><a class="toc-backref" href="#id27">RHCSA: Manage Users and Groups</a></h3>
<blockquote>
<ul class="simple">
<li>Create, delete, and modify local user accounts</li>
<li>Change passwords and adjust password aging for local user accounts</li>
<li>Create, delete and modify local groups and group memberships</li>
<li>Configure a system to use an existing LDAP directory service for user and group information</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhcsa-manage-security">
<h3><a class="toc-backref" href="#id28">RHCSA: Manage Security</a></h3>
<blockquote>
<ul class="simple">
<li>Configure firewall settings using system-config-firewall or iptables</li>
<li>Set enforcing and permissive modes for SELinux</li>
<li>List and identify SELinux file and process context</li>
<li>Restore default file contexts</li>
<li>Use boolean settings to modify system SELinux settings</li>
<li>Diagnose and address routine SELinux policy violations</li>
</ul>
</blockquote>
</div>
</div>
<div class="section" id="rhce-objectives">
<h2><a class="toc-backref" href="#id29">RHCE Objectives</a></h2>
<div class="section" id="rhce-system-configuration-and-management">
<h3><a class="toc-backref" href="#id30">RHCE: System Configuration and Management</a></h3>
<blockquote>
<ul class="simple">
<li>Route IP traffic and create static routes</li>
<li>Use iptables to implement packet filtering and configure network address translation (NAT)</li>
<li>Use /proc/sys and sysctl to modify and set kernel run-time parameters</li>
<li>Configure system to authenticate using Kerberos</li>
<li>Build a simple RPM that packages a single file</li>
<li>Configure a system as an iSCSI initiator that persistently mounts an iSCSI target</li>
<li>Produce and deliver reports on system utilization (processor, memory, disk, and network)</li>
<li>Use shell scripting to automate system maintenance tasks</li>
<li>Configure a system to log to a remote system</li>
<li>Configure a system to accept logging from a remote system</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-network-services">
<h3><a class="toc-backref" href="#id31">RHCE: Network Services</a></h3>
<p>Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:</p>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
</ul>
</blockquote>
<p>RHCE candidates should also be capable of meeting the following objectives associated with specific services:</p>
</div>
<div class="section" id="rhce-http-https">
<h3><a class="toc-backref" href="#id32">RHCE: HTTP/HTTPS</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Configure a virtual host</li>
<li>Configure private directories</li>
<li>Deploy a basic CGI application</li>
<li>Configure group-managed content</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-dns">
<h3><a class="toc-backref" href="#id33">RHCE: DNS</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Configure a caching-only name server</li>
<li>Configure a caching-only name server to forward DNS queries</li>
<li>Note: Candidates are not expected to configure master or slave name servers</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-ftp">
<h3><a class="toc-backref" href="#id34">RHCE: FTP</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Configure anonymous-only download</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-nfs">
<h3><a class="toc-backref" href="#id35">RHCE: NFS</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Provide network shares to specific clients</li>
<li>Provide network shares suitable for group collaboration</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-smb">
<h3><a class="toc-backref" href="#id36">RHCE: SMB</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Provide network shares to specific clients</li>
<li>Provide network shares suitable for group collaboration</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-smtp">
<h3><a class="toc-backref" href="#id37">RHCE: SMTP</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Configure a mail transfer agent (MTA) to accept inbound email from other systems</li>
<li>Configure an MTA to forward (relay) email through a smart host</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-ssh">
<h3><a class="toc-backref" href="#id38">RHCE: SSH</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Configure key-based authentication</li>
<li>Configure additional options described in documentation</li>
</ul>
</blockquote>
</div>
<div class="section" id="rhce-ntp">
<h3><a class="toc-backref" href="#id39">RHCE: NTP</a></h3>
<blockquote>
<ul class="simple">
<li>Install the packages needed to provide the service</li>
<li>Configure SELinux to support the service</li>
<li>Configure the service to start when the system is booted</li>
<li>Configure the service for basic operation</li>
<li>Configure host-based and user-based security for the service</li>
<li>Synchronize time using other NTP peers</li>
</ul>
</blockquote>
</div>
</div>
<div class="section" id="boot-reboot-shutdown">
<h2><a class="toc-backref" href="#id40">Boot, Reboot, Shutdown</a></h2>
<ul class="simple">
<li>GRUB Menu</li>
<li>Display Manager Screen</li>
<li>Gnome or KDE</li>
<li>Terminal commands: shutdown, halt, poweroff, reboot, init</li>
</ul>
</div>
<div class="section" id="runlevels">
<h2><a class="toc-backref" href="#id41">Runlevels</a></h2>
<ul class="simple">
<li>Default</li>
<li>From GRUB Menu</li>
</ul>
</div>
<div class="section" id="single-user-mode">
<h2><a class="toc-backref" href="#id42">Single User Mode</a></h2>
<ul class="simple">
<li>Password Recovery</li>
</ul>
<p>Note: SELinux bug prevents password changes while set to &quot;Enforcing&quot;.</p>
</div>
<div class="section" id="log-files">
<h2><a class="toc-backref" href="#id43">Log Files</a></h2>
<p><tt class="docutils literal"><span class="pre">/var/log/*</span></tt></p>
<p>View with <tt class="docutils literal"><span class="pre">cat</span></tt>, <tt class="docutils literal"><span class="pre">less</span></tt> or other tools</p>
<p>Search with <tt class="docutils literal"><span class="pre">grep</span></tt></p>
</div>
<div class="section" id="start-stop-virtual-machines">
<h2><a class="toc-backref" href="#id44">Start/Stop Virtual Machines</a></h2>
<ul class="simple">
<li>Using virt-manager</li>
<li>Using virsh commands</li>
</ul>
</div>
<div class="section" id="virtual-machine-consoles">
<h2><a class="toc-backref" href="#id45">Virtual Machine Consoles</a></h2>
<ul class="simple">
<li>virt-manager</li>
<li>virt-viewer</li>
</ul>
</div>
<div class="section" id="virtual-machine-text-console">
<h2><a class="toc-backref" href="#id46">Virtual Machine Text Console</a></h2>
<p>With libguestfs-tools installed and the VM in question shut-down, from the host:</p>
<pre class="literal-block">
# virt-edit {VMname} /boot/grub/menu.lst
</pre>
<p>There, append to the kernel line:</p>
<pre class="literal-block">
console=tty0 console=ttyS0.
</pre>
<p>After saving, the following commands should allow a console based view of the boot process and a console login:</p>
<pre class="literal-block">
# virsh start {VMname} ; virsh console {VMname}
</pre>
</div>
<div class="section" id="virtual-machine-text-console-caveat">
<h2><a class="toc-backref" href="#id47">Virtual Machine Text Console Caveat</a></h2>
<blockquote>
After this change, some messages that appear only on the default console will be visible only here. For example, the passphrase prompt to decrypt LUKS-encrypted partitions mounted in /etc/fstab will not be visible when using virt-viewer and the vm will appear to be hung. Only by using virsh console can the passphrase be entered to allow the boot process to continue.</blockquote>
</div>
<div class="section" id="start-stop-and-check-the-status-of-network-services">
<h2><a class="toc-backref" href="#id48">Start, stop, and check the status of network services</a></h2>
</div>
<div class="section" id="modify-the-system-bootloader">
<h2><a class="toc-backref" href="#id49">Modify the system bootloader</a></h2>
</div>
</div>
<div class="section" id="session-2-storage-and-filesystems">
<h1><a class="toc-backref" href="#id50">Session 2 Storage and filesystems</a></h1>
<div class="section" id="filesystem-disambiguation">
<h2><a class="toc-backref" href="#id51">&quot;Filesystem&quot; - Disambiguation</a></h2>
<p>Several meanings for the term:</p>
<ul class="simple">
<li>The way files are physically written to storage devices, as in the ext3, Fat-32, NTFS filesystems, or etc.</li>
<li>The unified directory structure which logically organizes files</li>
<li>The standard which defines how directories should be structured and utilized in Linux</li>
</ul>
</div>
<div class="section" id="linux-filesystem-hierarchy">
<h2><a class="toc-backref" href="#id52">Linux Filesystem Hierarchy</a></h2>
<p>The directory structure of a Linux system is standardized through the Filesystem Hierarchy Standard (explained at <a class="reference external" href="http://www.pathname.com/fhs">http://www.pathname.com/fhs</a>)</p>
<p>The Linux Manual system has an abbreviated reference:</p>
<p><tt class="docutils literal"><span class="pre">$</span> <span class="pre">man</span> <span class="pre">7</span> <span class="pre">hier</span></tt></p>
<p>Red Hat has a more complete description, along with RedHat-specific implementation decisions in their <strong>Deployment Guide</strong> at <a class="reference external" href="http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-filesystem.html">http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-filesystem.html</a></p>
<!-- for future development, consider expanding this... -->
</div>
<div class="section" id="disk-and-filesystem-tools">
<h2><a class="toc-backref" href="#id53">Disk and Filesystem tools</a></h2>
<ul class="simple">
<li><tt class="docutils literal"><span class="pre">fdisk</span></tt> or <tt class="docutils literal"><span class="pre">parted</span></tt> -- Used to partition hard disks or other block devices</li>
<li><tt class="docutils literal"><span class="pre">mkfs</span></tt> and variants -- Used to create filesystems on block devices (actually a front-end for a variety of FS-specific tools)</li>
<li><tt class="docutils literal"><span class="pre">fsck</span></tt> and variants -- Used to run filesystem checks (a front-end to FS specific tools)</li>
<li><tt class="docutils literal"><span class="pre">mount</span></tt> -- Used to mount a filesystem to a specific location in the directory structure</li>
<li><tt class="docutils literal"><span class="pre">/etc/fstab</span></tt> -- Configuration file used to describe the filesystems that should be persistently mounted</li>
<li><tt class="docutils literal"><span class="pre">blkid</span></tt> -- used to identify filesystems or other in-use devices by UUID or filesystem labels.</li>
<li><tt class="docutils literal"><span class="pre">df</span></tt> -- used to display the capacity and utilization % of mounted filesystems.</li>
<li><tt class="docutils literal"><span class="pre">partx</span></tt> -- used to force implementation of a new partition table on an in-use device w/o the need to reboot.</li>
</ul>
</div>
<div class="section" id="working-with-partitions">
<h2><a class="toc-backref" href="#id54">Working with Partitions</a></h2>
<p>Overview of process for using Basic Storage Devices:</p>
<ul class="simple">
<li>Install the device or otherwise make it available to the system.</li>
<li>Partition it with <tt class="docutils literal"><span class="pre">fdisk</span></tt> or <tt class="docutils literal"><span class="pre">parted</span></tt>.</li>
<li>Create a filesystem on the partition with mkfs or other tools.</li>
<li>Choose or create a directory to serve as a mount point.</li>
<li>Mount the partition.</li>
<li>Add an entry to <tt class="docutils literal"><span class="pre">/etc/fstab</span></tt> to make it persistent.</li>
</ul>
<!-- List, create, delete and set partition type for primary, extended, and logical partitions -->
</div>
<div class="section" id="working-with-logical-volume-management">
<h2><a class="toc-backref" href="#id55">Working with Logical Volume Management</a></h2>
<p>Overview of process for using Logical Volume Management:</p>
<ul class="simple">
<li>Install the device or otherwise make it available to the system.</li>
<li>Create a type <tt class="docutils literal"><span class="pre">8e</span></tt> partition with <tt class="docutils literal"><span class="pre">fdisk</span></tt> or <tt class="docutils literal"><span class="pre">parted</span></tt>.</li>
<li>Initialize the partition as a physical volume with <tt class="docutils literal"><span class="pre">pvcreate</span></tt>.</li>
<li>Add the storage of the PV to a volume group with <tt class="docutils literal"><span class="pre">vgcreate</span></tt>.</li>
<li>Allocate storage from the volume group to a logical volume with <tt class="docutils literal"><span class="pre">lvcreate</span></tt>.</li>
<li>Create a filesystem on the logical volume with mkfs or other tools.</li>
<li>Choose or create a directory to serve as a mount point.</li>
<li>Mount the partition.</li>
<li>Add an entry to <tt class="docutils literal"><span class="pre">/etc/fstab</span></tt> to make it persistent.</li>
</ul>
<!-- Create and remove physical volumes, assign physical volumes to volume groups, create and delete logical volumes -->
</div>
<div class="section" id="removing-logical-volume-structures">
<h2><a class="toc-backref" href="#id56">Removing Logical Volume structures</a></h2>
<ul class="simple">
<li>Unmount the lv you want to remove</li>
<li>Edit /etc/fstab to remove its entry</li>
<li>Remove the logical volume: <tt class="docutils literal"><span class="pre">lvremove</span> <span class="pre">/dev/&lt;vg&gt;/&lt;lv&gt;</span></tt></li>
<li>Before removing a VG, ensure there are no more LVs within it.</li>
<li>Remove the volume group: <tt class="docutils literal"><span class="pre">vgremove</span> <span class="pre">/dev/&lt;vg&gt;</span></tt></li>
<li>Remove the LVM signature from the partitions: <tt class="docutils literal"><span class="pre">pvremove</span> <span class="pre">/dev/&lt;part&gt;</span></tt></li>
</ul>
</div>
<div class="section" id="commands-to-know">
<h2><a class="toc-backref" href="#id57">Commands to Know</a></h2>
<p>fdisk</p>
<ul class="simple">
<li>Always use -u and -c for best compatibility with newer storage devices</li>
<li>Can't create partitions &gt;= 2TB, use parted with GPT instead</li>
</ul>
<p>mkfs</p>
<ul class="simple">
<li>Used to create filesystems on devices</li>
<li>Front-end for other filesystem-specific tools (usually named mkfs.&lt;fstype&gt;)</li>
</ul>
<p>blkid</p>
<ul class="simple">
<li>Shows device name, Fileystem Labels, and UUID of detected block devices.</li>
<li>May not show block devices until a filesystem is created on them.</li>
<li>May not show block devices used in non-standard ways (for example, a filesystem on a whole disk instead of on a partition)</li>
</ul>
<p>mount</p>
<ul class="simple">
<li>used to make a new filesystem available</li>
</ul>
</div>
<div class="section" id="working-with-luks-encrypted-storage">
<h2><a class="toc-backref" href="#id58">Working with LUKS encrypted storage</a></h2>
<p>cryptsetup-luks-1.1.2-2.el6.x86_64</p>
<p>Overview of process for using LUKS encryption:</p>
<ul class="simple">
<li>Create a new partition</li>
<li>Encrypt it with <tt class="docutils literal"><span class="pre">cryptsetup</span> <span class="pre">luksFormat</span> <span class="pre">/dev/&lt;partition&gt;</span></tt></li>
<li>Open the encrypted device and assign it a name with <tt class="docutils literal"><span class="pre">cryptsetup</span> <span class="pre">luksOpen</span> <span class="pre">/dev/&lt;partition&gt;</span> <span class="pre">&lt;name&gt;</span></tt></li>
<li>Create a filesystem on the named device (/dev/mapper/&lt;name&gt;)</li>
<li>Create a mountpoint for the device</li>
<li>Mount the device</li>
</ul>
<p>To lock the volume:</p>
<ul class="simple">
<li>unmount it</li>
<li>Use <tt class="docutils literal"><span class="pre">cryptsetup</span> <span class="pre">luksClose</span> <span class="pre">&lt;name&gt;</span></tt> to remove the decryption mapping</li>
</ul>
</div>
<div class="section" id="persistent-mounting-of-luks-devices">
<h2><a class="toc-backref" href="#id59">Persistent mounting of LUKS devices</a></h2>
<p>To persistently mount it</p>
<blockquote>
<ul>
<li><p class="first">Create an entry in /etc/crypttab:</p>
<pre class="literal-block">
&lt;name&gt; /dev/&lt;partition&gt; &lt;password (none|&lt;blank&gt;|&lt;path/to/file/with/password&gt;)&gt;
</pre>
</li>
<li><p class="first">If the password field is &quot;none&quot; or left blank, the system will prompt for a password.</p>
</li>
<li><p class="first">Create an entry in /etc/fstab</p>
</li>
</ul>
<div class="note">
<p class="first admonition-title">Note</p>
<p class="last">At reboot, the password prompt goes only to the default console. If console redirection is enabled, as it might be in the case of enabling a virtual machine to accessible through <tt class="docutils literal"><span class="pre">virsh</span> <span class="pre">console</span> <span class="pre">&lt;name&gt;</span></tt>, then the only place where the prompt is seen and the passphrase can be entered is at that redirected console.</p>
</div>
</blockquote>
<!-- Create and configure LUKS-encrypted partitions and logical volumes to prompt for password and mount a decrypted file system at boot -->
</div>
<div class="section" id="working-with-swap">
<h2><a class="toc-backref" href="#id60">Working with SWAP</a></h2>
<p>Overview of process for adding SWAP space using a partition:</p>
<ul>
<li><p class="first">Create a type 82 partition</p>
</li>
<li><p class="first">Initialize as swap with <tt class="docutils literal"><span class="pre">mkswap</span> <span class="pre">/dev/&lt;partition&gt;</span></tt></p>
</li>
<li><p class="first">Identify the UUID with <tt class="docutils literal"><span class="pre">blkid</span></tt></p>
</li>
<li><p class="first">Add an <tt class="docutils literal"><span class="pre">/etc/fstab</span></tt> line:</p>
<pre class="literal-block">
UUID=&lt;UUID&gt; swap swap defaults 0 0
</pre>
</li>
<li><p class="first">Activate the new swap space with: <tt class="docutils literal"><span class="pre">swapon</span> <span class="pre">-a</span></tt></p>
</li>
</ul>
</div>
<div class="section" id="using-a-file-for-swap">
<h2><a class="toc-backref" href="#id61">Using a file for SWAP</a></h2>
<p>Overview of process for adding SWAP space using a file:</p>
<ul>
<li><p class="first">create a pre-allocated file of the desired size:</p>
<pre class="literal-block">
dd if=/dev/zero of=/path/to/&lt;swapfile&gt; bs=1M count=&lt;size in MB&gt;
</pre>
</li>
<li><p class="first">Initialize as swap with <tt class="docutils literal"><span class="pre">mkswap</span> <span class="pre">/path/to/&lt;swapfile&gt;</span></tt></p>
</li>
<li><p class="first">Add an <tt class="docutils literal"><span class="pre">/etc/fstab</span></tt> line:</p>
<pre class="literal-block">
/path/to/&lt;swapfile&gt; swap swap defaults 0 0
</pre>
</li>
<li><p class="first">Activate the new swap space with: <tt class="docutils literal"><span class="pre">swapon</span> <span class="pre">-a</span></tt></p>
</li>
</ul>
</div>
<div class="section" id="mounting-using-uuids-and-filesystem-labels">
<h2><a class="toc-backref" href="#id62">Mounting Using UUIDs and Filesystem Labels</a></h2>
<p>Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label</p>
</div>
<div class="section" id="local-storage-adding-new-storage">
<h2><a class="toc-backref" href="#id63">Local Storage: Adding New Storage</a></h2>
<p>Add new partitions, logical volumes, and swap to a system non-destructively</p>
</div>
<div class="section" id="file-systems-working-with-common-linux-filesystems">
<h2><a class="toc-backref" href="#id64">File systems: Working with Common Linux Filesystems</a></h2>
<p>Create, mount, unmount and use ext2, ext3 and ext4 file systems</p>
<p>Extend existing unencrypted ext4-formatted logical volumes</p>
</div>
<div class="section" id="filesystem-permissions-basic-permissions">
<h2><a class="toc-backref" href="#id65">Filesystem Permissions: Basic Permissions</a></h2>
<p>Linux permissions are organized around:</p>
<ul class="simple">
<li>Three sets of permissions -- User, Group, and Other</li>
<li>Three types of permissions -- Read, Write, and Execute</li>
<li>Three extended attributes -- SUID, SGID, and Stickybit</li>
</ul>
</div>
<div class="section" id="three-sets-of-permissions">
<h2><a class="toc-backref" href="#id66">Three Sets of Permissions:</a></h2>
<p>Any given file or directory can be owned by one (and only one) user and one (and only one) group. Three different sets of permissions can be assigned.</p>
<ul class="simple">
<li>User -- User permissions apply to the individual user who owns the file or directory.</li>
<li>Group -- Group permissions apply to any user who is a member of the group that owns the file or directory.</li>
<li>Other -- Other permissions apply to any user account with access to the system that does not fall into the previous categories.</li>
</ul>
</div>
<div class="section" id="three-types-of-permissions">
<h2><a class="toc-backref" href="#id67">Three Types of Permissions:</a></h2>
<ul>
<li><p class="first">Read (&quot;r&quot;)</p>
<blockquote>
<ul class="simple">
<li>On a file, allows reading</li>
<li>On a directory, allows listing</li>
</ul>
</blockquote>
</li>
<li><p class="first">Write (&quot;w&quot;)</p>
<blockquote>
<ul class="simple">
<li>On a file, allows editing</li>
<li>On a directory, allows creation and deletion of files</li>
</ul>
</blockquote>
</li>
<li><p class="first">Execute (&quot;x&quot;)</p>
<blockquote>
<ul class="simple">
<li>On a file, allows execution if the file is otherwise executable (script or binary)</li>
<li>On a directory, allows entry or traversal (<tt class="docutils literal"><span class="pre">#</span> <span class="pre">cd</span> <span class="pre">{dirname}</span></tt>)</li>
</ul>
</blockquote>
</li>
</ul>
</div>
<div class="section" id="three-extended-attributes">
<h2><a class="toc-backref" href="#id68">Three Extended Attributes:</a></h2>
<ul>
<li><dl class="first docutils">
<dt>SUID (Set User ID)</dt>
<dd><p class="first last">On an executable, runs a process under the UID of the file owner rather than that of the user executing it.</p>
</dd>
</dl>
</li>
<li><dl class="first docutils">
<dt>SGID (Set Group ID)</dt>
<dd><p class="first last">On a directory, causes any files created in the directory to belong to the group owning the directory.</p>
</dd>
</dl>
</li>
<li><dl class="first docutils">
<dt>&quot;Stickybit&quot;</dt>
<dd><p class="first last">On a directory, ensures that only the owner of a file or the owner of the directory can delete it, even if all users or other members of a group have write access to the directory.</p>
</dd>
</dl>
</li>
</ul>
</div>
<div class="section" id="viewing-permissions">
<h2><a class="toc-backref" href="#id69">Viewing Permissions</a></h2>
<p>Permissions are displayed with positions 2-10 of a &quot;long&quot; filelisting:</p>
<blockquote>
<img alt="images/permblock.gif" src="images/permblock.gif" style="width: 40%;" />
</blockquote>
</div>
<div class="section" id="setting-permissions">
<h2><a class="toc-backref" href="#id70">Setting Permissions</a></h2>
<p>The <tt class="docutils literal"><span class="pre">chmod</span></tt> command is used to set permissions on both files and directories. It has two modes -- one using symbolic options and one using octal numbers.</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">chmod</span> <span class="pre">[option]</span> <span class="pre">[ugoa...][+-=][rwxst]</span> <span class="pre">filename</span></tt></dt>
<dd>where ugo are user, group, other, or all and rwxst are read, write, execute, s{u/g}id, stickybit.</dd>
<dt><tt class="docutils literal"><span class="pre">chmod</span> <span class="pre">[option]</span> <span class="pre">XXXX</span> <span class="pre">filename</span></tt></dt>
<dd>where XXXX is a number representing the complete permissions on the file.</dd>
</dl>
</div>
<div class="section" id="setting-permissions-with-numeric-options">
<h2><a class="toc-backref" href="#id71">Setting Permissions with Numeric Options</a></h2>
<table border="1" class="docutils">
<colgroup>
<col width="34%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">&nbsp;</th>
<th class="head" colspan="3">User</th>
<th class="head" colspan="3">Group</th>
<th class="head" colspan="3">Other</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>Permissions</td>
<td>r</td>
<td>w</td>
<td>x</td>
<td>r</td>
<td>w</td>
<td>x</td>
<td>r</td>
<td>w</td>
<td>x</td>
</tr>
<tr><td>Numeric Value</td>
<td>4</td>
<td>2</td>
<td>1</td>
<td>4</td>
<td>2</td>
<td>1</td>
<td>4</td>
<td>2</td>
<td>1</td>
</tr>
<tr><td>Sum</td>
<td colspan="3">0-7</td>
<td colspan="3">0-7</td>
<td colspan="3">0-7</td>
</tr>
</tbody>
</table>
<table border="1" class="docutils">
<colgroup>
<col width="34%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
<col width="7%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">example.txt</th>
<th class="head" colspan="3">User</th>
<th class="head" colspan="3">Group</th>
<th class="head" colspan="3">Other</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>Permissions</td>
<td>r</td>
<td>w</td>
<td>x</td>
<td>r</td>
<td>-</td>
<td>x</td>
<td>-</td>
<td>-</td>
<td>x</td>
</tr>
<tr><td>Numeric Value</td>
<td>4</td>
<td>2</td>
<td>1</td>
<td>4</td>
<td>0</td>
<td>1</td>
<td>0</td>
<td>0</td>
<td>1</td>
</tr>
<tr><td>Sum</td>
<td colspan="3">7</td>
<td colspan="3">5</td>
<td colspan="3">1</td>
</tr>
</tbody>
</table>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">chmod</span> <span class="pre">751</span> <span class="pre">myfile.txt</span></tt></p>
</div>
<div class="section" id="setting-extended-attributes-with-numeric-options">
<h2><a class="toc-backref" href="#id72">Setting Extended Attributes with Numeric Options</a></h2>
<p>chmod numeric options are actually 4 digits (not three). Missing digits are assumed to be leading zeroes.</p>
<p>The leftmost place is for extended attributes:</p>
<table border="1" class="docutils">
<colgroup>
<col width="31%" />
<col width="19%" />
<col width="19%" />
<col width="31%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">Attribute</th>
<th class="head">SUID</th>
<th class="head">SGID</th>
<th class="head">Stickybit</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>Value</td>
<td>4</td>
<td>2</td>
<td>1</td>
</tr>
</tbody>
</table>
<p><strong>Example:</strong> <tt class="docutils literal"><span class="pre">$</span> <span class="pre">chmod</span> <span class="pre">3775</span> <span class="pre">MySharedDir</span></tt></p>
</div>
<div class="section" id="setting-extended-attributes-with-symbolic-values">
<h2><a class="toc-backref" href="#id73">Setting Extended Attributes with Symbolic Values:</a></h2>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">chmod</span> <span class="pre">+t</span> <span class="pre">{filename}</span></tt></dt>
<dd>Sets the sticky bit</dd>
<dt><tt class="docutils literal"><span class="pre">chmod</span> <span class="pre">u+s</span> <span class="pre">{filename}</span></tt></dt>
<dd>Sets suid</dd>
<dt><tt class="docutils literal"><span class="pre">chmod</span> <span class="pre">g+s</span> <span class="pre">{filename}</span></tt></dt>
<dd>Sets sgid</dd>
</dl>
</div>
<div class="section" id="extended-attributes-in-directory-listings">
<h2><a class="toc-backref" href="#id74">Extended Attributes in Directory Listings</a></h2>
<table border="1" class="docutils">
<colgroup>
<col width="18%" />
<col width="82%" />
</colgroup>
<tbody valign="top">
<tr><td>-rwxrwxrwx</td>
<td>Normal Permissions, All permissions granted</td>
</tr>
<tr><td>-rwSrwxrwx</td>
<td>Indicates SUID set</td>
</tr>
<tr><td>-rwsrwxrwx</td>
<td>Indicates SUID and execute permission set</td>
</tr>
<tr><td>-rwxrwSrwx</td>
<td>Indicates SGID set</td>
</tr>
<tr><td>-rwxrwsrwx</td>
<td>Indicates SGID and execute permission set</td>
</tr>
<tr><td>-rwxrwxrwT</td>
<td>Indicates Stickybit set</td>
</tr>
<tr><td>-rwxrwxrwt</td>
<td>Indicates Stickybit and execute permission set</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="umask">
<h2><a class="toc-backref" href="#id75">Umask</a></h2>
<ul class="simple">
<li>The umask value determines the permissions that will be applied to newly created files and directories.</li>
<li>As a &quot;mask&quot; it is subtractive -- representing the value of the permissions you DO NOT want to grant.</li>
<li>Execute rights are automatically withheld (w/o regard for the umask) for <em>files</em> but not for <em>directories</em>.</li>
<li>Extended attributes are not addressed -- even though a umask is four characters.</li>
<li>The default umask value is set in /etc/bashrc and can be modified (non-persistently!) with the bash built-in command <tt class="docutils literal"><span class="pre">umask</span></tt>.</li>
</ul>
</div>
<div class="section" id="umask-examples">
<h2><a class="toc-backref" href="#id76">Umask Examples</a></h2>
<ul class="simple">
<li>Umask of 0002 yields permissions of 0775 on new directories and 0664 on new files</li>
<li>Umask of 0022 yields permissions of 0755 on new directories and 0644 on new files</li>
</ul>
</div>
<div class="section" id="sgid-and-stickybit-use-case-collaborative-directories">
<h2><a class="toc-backref" href="#id77">SGID and Stickybit Use Case -- Collaborative Directories</a></h2>
<ul class="simple">
<li>Create a Group for Collaboration</li>
<li>Add users to the group</li>
<li>Create a directory for collaboration</li>
<li>Set its group ownership to the intended group</li>
<li>Set its group permissions appropriately</li>
<li>Recursively set the SGID and sticky bits on the directory</li>
</ul>
<p>This ensures that:</p>
<blockquote>
<ol class="arabic simple">
<li>All files created in this directory will be owned by the intended group (SGID effect)</li>
<li>All files created in this directory can only be deleted by the user who owns the file or the user who owns the directory (stickybit effect)</li>
</ol>
</blockquote>
</div>
<div class="section" id="file-access-control-lists">
<h2><a class="toc-backref" href="#id78">File Access Control Lists</a></h2>
<ul class="simple">
<li>Provide more granular control of permissions.</li>
<li>Filesystem must be mounted with the 'acl' option or be compiled with that option by default</li>
</ul>
<p>getfacl</p>
<p>setfacl</p>
</div>
<div class="section" id="getfacl">
<h2><a class="toc-backref" href="#id79">getfacl</a></h2>
<p>Example of &quot;getfacl acldir&quot;</p>
<pre class="literal-block">
# file: acldir
# owner: frank
# group: frank
user::rwx
user:bob:-wx
user:mary:rw-
group::rwx
mask::rwx
other::r-x
</pre>
<p>Example of <tt class="docutils literal"><span class="pre">ls</span> <span class="pre">-l</span> <span class="pre">acldir</span></tt>:</p>
<pre class="literal-block">
drwxrwxr-x+ 2 frank frank 4096 2009-05-27 14:15 acldir
</pre>
<!-- Create and manage File Access Control Lists -->
</div>
<div class="section" id="working-with-cifs-network-file-systems">
<h2><a class="toc-backref" href="#id80">Working with CIFS network file systems</a></h2>
<p>Will be covered in more detail later.</p>
<p>Mount and unmount CIFS network file systems</p>
</div>
<div class="section" id="working-with-nfs-file-systems">
<h2><a class="toc-backref" href="#id81">Working with NFS file systems</a></h2>
<p>Mount and unmount NFS file systems</p>
</div>
<div class="section" id="iscsi-devices">
<h2><a class="toc-backref" href="#id82">iSCSI Devices</a></h2>
<p>Package: iscsi-initiator-utils</p>
<p>Allows a system to access remote storage devices with SCSI commands as though it were a local hard disk.</p>
<p>Terms:</p>
<ul class="simple">
<li>iSCSI initiator: A client requesting access to storage</li>
<li>iSCSI target: Remote storage device presented from an iSCSI server or &quot;target portal&quot;</li>
<li>iSCSI target portal: A server providing targets to the initiator</li>
<li>IQN: &quot;iSCSI Qualified Name&quot; -- a unique name. Both the initiator and target need such a name to be assigned</li>
</ul>
</div>
<div class="section" id="accessing-iscsi-devices">
<h2><a class="toc-backref" href="#id83">Accessing iSCSI Devices</a></h2>
<ul>
<li><p class="first">Install the iscsi-initiator-utils package</p>
</li>
<li><p class="first">Start the <tt class="docutils literal"><span class="pre">iscsi</span></tt> and <tt class="docutils literal"><span class="pre">iscsid</span></tt> services (and configure them persistently on)</p>
</li>
<li><p class="first">Set the initiator IQN in /etc/iscsi/initiatorname.iscsi</p>
</li>
<li><p class="first">Discover targets with:</p>
<pre class="literal-block">
iscsiadm -m discovery -t st -p &lt;portal IP address&gt;
</pre>
</li>
<li><p class="first">Log in to the target using the name displayed in discovery:</p>
<pre class="literal-block">
iscsiadm -m node -T &lt;IQN&gt; -p &lt;portal IP address&gt; -l
</pre>
</li>
<li><p class="first">Identify the SCSI device name with <tt class="docutils literal"><span class="pre">dmesg</span></tt>, <tt class="docutils literal"><span class="pre">tail</span> <span class="pre">/var/log/messages</span></tt> or <tt class="docutils literal"><span class="pre">ls</span> <span class="pre">-l</span> <span class="pre">/dev/disk/by-path/*iscsi*</span></tt></p>
</li>
<li><p class="first">Use the disk as though it were a local hard disk</p>
</li>
</ul>
<div class="important">
<p class="first admonition-title">Important</p>
<p class="last">Be certain to use UUIDs or labels for persistent mounts in <tt class="docutils literal"><span class="pre">/etc/fstab</span></tt>. Also, provide <tt class="docutils literal"><span class="pre">_netdev</span></tt> as a mount option so that this device will not be mounted until the network is already up.</p>
</div>
<!-- Configure a system as an iSCSI initiator that persistently mounts an iSCSI target -->
</div>
<div class="section" id="disconnecting-from-iscsi-devices">
<h2><a class="toc-backref" href="#id84">Disconnecting from iSCSI Devices</a></h2>
<ul>
<li><p class="first">Ensure the device is not in use</p>
</li>
<li><p class="first">Unmount the device</p>
</li>
<li><p class="first">Remove its <tt class="docutils literal"><span class="pre">/etc/fstab</span></tt> entry</p>
</li>
<li><p class="first">Logout from the target:</p>
<pre class="literal-block">
iscsiadm -m node -T &lt;IQN&gt; -p &lt;portal IP&gt; -u
</pre>
</li>
<li><p class="first">Delete the local record:</p>
<pre class="literal-block">
iscsiadm -m node -T &lt;IQN&gt; -p &lt;portal IP&gt; -o delete
</pre>
</li>
</ul>
</div>
<div class="section" id="additional-references">
<h2><a class="toc-backref" href="#id85">Additional References</a></h2>
<ul class="simple">
<li>Chapter 4 of the Storage Administration Guide for RHEL6 (<a class="reference external" href="http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/index.html">http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/index.html</a>) covers the usage of parted.</li>
<li>Man pages for fdisk(8), fstab(5), mkfs(8), blkid(8), partprobe(8), mount(8), parted(8), cryptsetup(8), and crypttab(5)</li>
</ul>
</div>
</div>
<div class="section" id="session-3-managing-software-processes-kernel-attributes-and-users-and-groups">
<h1><a class="toc-backref" href="#id86">Session 3 Managing software, processes, kernel attributes, and users and groups</a></h1>
<div class="section" id="the-red-hat-network-rhn">
<h2><a class="toc-backref" href="#id87">The Red Hat Network (RHN)</a></h2>
<p>The primary delivery mechanism for installable software, updates, errata and bug fixes and systems management functions for an installation of RHEL 6 is the Red Hat Network or RHN.</p>
<p>The &quot;cost&quot; of RHEL 6 is really a subscription to this support network.</p>
<p>These commands are using in managing an RHN subscription:</p>
<pre class="literal-block">
# man -k rhn
rhn-profile-sync (8) - Update system information on Red Hat Network
rhn_check (8) - Check for and execute queued actions on RHN
rhn_register (8) - Connect to Red Hat Network
rhnplugin (8) - Red Hat Network support for yum(8)
rhnplugin.conf [rhnplugin] (5) - Configuration file for the rhnplugin(8) yum(8) plugin
rhnreg_ks (8) - A program for non interactively registering systems to Red Hat Network
rhnsd (8) - A program for querying the Red Hat Network for updates and information
</pre>
</div>
<div class="section" id="rhn-subscription-activation">
<h2><a class="toc-backref" href="#id88">RHN Subscription Activation</a></h2>
<p>A new user of RHEL6 should receive information similar to this:</p>
<pre class="literal-block">
Red Hat subscription login:
Account Number : *******
Contract Number : *******
Item Description : Red Hat Enterprise Linux &lt;Edition&gt;
RHEL Subscription Number : *******************
Quantity : #
Service Dates : 12-JUN-10 through 11-JUN-11
Customer Name : *********************************
Account Number: ************
Log into the new portal here: access.redhat.com
Login: *************
Password: **************
Email address: ****************************
</pre>
<p>That information can then be used with <tt class="docutils literal"><span class="pre">rhn_register</span></tt> to activate a new subscription</p>
</div>
<div class="section" id="rd-party-yum-repositories">
<h2><a class="toc-backref" href="#id89">3rd Party Yum Repositories</a></h2>
<p>These are other repositories of installable software, updates, or bugfixes. The <tt class="docutils literal"><span class="pre">yum</span></tt> command can be configured to use them in addition to or instead of the RHN.</p>
<ul class="simple">
<li>Configuration of repositories other than the RHN is accomplished through text configuration files located in the directory: <tt class="docutils literal"><span class="pre">/etc/yum.repos.d/</span></tt></li>
<li>A configuration file for each repository (or group of related repos) should be created in <tt class="docutils literal"><span class="pre">/etc/yum.repos.d/</span></tt></li>
<li>The name of each repo config file should end in &quot;.repo&quot;.</li>
<li>This allows repos to be easily temporarily disabled simply by renaming the file to something like: <tt class="docutils literal"><span class="pre">myrepo.repo.disabled</span></tt></li>
</ul>
</div>
<div class="section" id="yum-repository-mandatory-configuration-items">
<h2><a class="toc-backref" href="#id90">Yum Repository Mandatory Configuration Items</a></h2>
<dl class="docutils">
<dt>Repository ID</dt>
<dd><p class="first">Short name for identifying this repository in reports</p>
<pre class="last literal-block">
[MyRepo]
</pre>
</dd>
<dt>Name</dt>
<dd><p class="first">Longer description of this repository</p>
<pre class="last literal-block">
name=My Custom Repository
</pre>
</dd>
<dt>Baseurl</dt>
<dd><p class="first">Description of protocol and location needed to locate the repo files.</p>
<pre class="last literal-block">
baseurl=ftp://192.168.5.200/pub/rhel6
</pre>
</dd>
</dl>
</div>
<div class="section" id="yum-repository-common-optional-configuration-items">
<h2><a class="toc-backref" href="#id91">Yum Repository Common Optional Configuration Items</a></h2>
<dl class="docutils">
<dt>gpgcheck</dt>
<dd><p class="first">Defines whether yum should attempt to validate package signatures. &quot;0&quot; = &quot;off&quot;, &quot;1&quot; = &quot;on&quot;.</p>
<pre class="last literal-block">
gpgcheck=1
</pre>
</dd>
<dt>gpgkey</dt>
<dd><p class="first">Defines (via URL) where the keys for signature validation are located (typically <tt class="docutils literal"><span class="pre">file:///etc/pki/rpm-gpg/&lt;key</span> <span class="pre">name&gt;</span></tt>)</p>
<pre class="last literal-block">
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
</pre>
</dd>
<dt>enabled</dt>
<dd><p class="first">(Optional) Defines whether this repository should be currently active. &quot;0&quot; = &quot;off&quot;, &quot;1&quot; = &quot;on&quot;.</p>
<pre class="last literal-block">
enabled=1
</pre>
</dd>
</dl>
</div>
<div class="section" id="managing-software-using-yum">
<h2><a class="toc-backref" href="#id92">Managing Software: Using yum</a></h2>
<p>Common commands:</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">help</span></tt></dt>
<dd>Displays usage information.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">list</span></tt></dt>
<dd>Lists all available packages and indicates which are installed.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">search</span> <span class="pre">KEYWORD</span></tt></dt>
<dd>Searches for packages with a keyword in the package metadata.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">info</span> <span class="pre">PACKAGENAME</span></tt></dt>
<dd>Displays information about a package taken from the package metadata.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">install</span> <span class="pre">PACKAGENAME</span></tt></dt>
<dd>Installs a package (obtained from the repository) and any required dependencies.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">localinstall</span> <span class="pre">RPMFILENAME</span></tt></dt>
<dd>Installs a local .rpm file, but uses the repository to satisfy dependencies.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">remove</span> <span class="pre">PACKAGENAME</span></tt></dt>
<dd>Uninstalls a package and any other packages dependent upon it.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">update</span> <span class="pre">PACKAGENAME</span></tt></dt>
<dd>Installs a newer version of the package, if available.</dd>
<dt><tt class="docutils literal"><span class="pre">yum</span> <span class="pre">update</span></tt></dt>
<dd>Updates an installed package for which a newer version is available.</dd>
</dl>
</div>
<div class="section" id="yum-related-man-pages">
<h2><a class="toc-backref" href="#id93">Yum-related man pages</a></h2>
<pre class="literal-block">
# man -k yum
qreposync (1) - synchronize yum repositories to a local directory
rhnplugin (8) - Red Hat Network support for yum(8)
rhnplugin.conf [rhnplugin] (5) - Configuration file for the rhnplugin(8) yum(8) plugin
yum (8) - Yellowdog Updater Modified
yum [yum-shell] (8) - Yellowdog Updater Modified shell
yum-groups-manager (1) - create and edit yum's group metadata
yum-utils (1) - tools for manipulating repositories and extended package management
yum.conf [yum] (5) - Configuration file for yum(8)
</pre>
</div>
<div class="section" id="rpm-architecture">
<h2><a class="toc-backref" href="#id94">RPM Architecture</a></h2>
<p><tt class="docutils literal"><span class="pre">rpm</span></tt> executable</p>
<p>RPM packages -- Files to install + SPEC file (metadata)</p>
<p>Local RPM database -- retains metadata from all installed packages</p>
<blockquote>
Database is kept in /var/lib/rpm</blockquote>
</div>
<div class="section" id="rpm-package-naming">
<h2><a class="toc-backref" href="#id95">RPM Package Naming</a></h2>
<ul>
<li><p class="first">name-version-release.architecture*.rpm</p>
</li>
<li><p class="first">Version is the version of the &quot;upstream&quot; open source code</p>
</li>
<li><p class="first">Release refers to Red Hat internal patches to the source code</p>
</li>
<li><p class="first">Architecture is one of:</p>
<blockquote>
<ul class="simple">
<li>i386,i686 -- 32 bit x86 compatible</li>
<li>x86_64 -- Intel/AMD 64 bit</li>
<li>ppc64 -- Power PC 64 bit</li>
<li>ia64 -- Intel Itanium 64 bit</li>
<li>noarch -- Arch-independent code (scripts, docs, images, etc)</li>
<li>src -- Source code</li>
</ul>
</blockquote>
</li>
</ul>
</div>
<div class="section" id="package-naming-example">
<h2><a class="toc-backref" href="#id96">Package Naming Example</a></h2>
<p>bash-3.2-24.el5.x86_64.rpm</p>
<table border="1" class="docutils">
<colgroup>
<col width="14%" />
<col width="40%" />
<col width="28%" />
<col width="19%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">Name</th>
<th class="head">Project Version</th>
<th class="head">RH Release</th>
<th class="head">Arch</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>bash</td>
<td>3.2</td>
<td>24.el5</td>
<td>x86_64</td>
</tr>
</tbody>
</table>
<p>This package starts with version 3.2 of bash (from ftp.gnu.org/gnu/bash), applies a RH patch identified as 24.el5 to it, and is then built to run on an Intel/AMD 64 bit processor.</p>
</div>
<div class="section" id="installing-and-upgrading-packages">
<h2><a class="toc-backref" href="#id97">Installing and Upgrading Packages</a></h2>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">#</span> <span class="pre">rpm</span> <span class="pre">-i[v,h]</span> <span class="pre">name-ver-rel.arch.rpm</span></tt></dt>
<dd>Installs a package</dd>
<dt><tt class="docutils literal"><span class="pre">#</span> <span class="pre">rpm</span> <span class="pre">-U[v,h]</span> <span class="pre">name-ver-rel.arch.rpm</span></tt></dt>
<dd>Upgrades a package if an older version was previously installed. Otherwise, simply installs the new version.</dd>
<dt><tt class="docutils literal"><span class="pre">#</span> <span class="pre">rpm</span> <span class="pre">-F[v,h]</span> <span class="pre">name-ver-rel.arch.rpm</span></tt></dt>
<dd>Upgrades a package if an older version is installed. Otherwise, does nothing -- <strong>does not install new packages if no older version was installed.</strong></dd>
</dl>
</div>
<div class="section" id="upgrading-a-kernel">
<h2><a class="toc-backref" href="#id98">Upgrading a Kernel</a></h2>
<ul class="simple">
<li>Always use <tt class="docutils literal"><span class="pre">#rpm</span> <span class="pre">-i</span> <span class="pre">...</span></tt></li>
<li>This leaves the previously installed kernel on the system and in the GRUB menu as a fall-back in case the new version has problems.</li>
</ul>
</div>
<div class="section" id="rpm-and-modified-config-files">
<h2><a class="toc-backref" href="#id99">RPM and Modified Config Files</a></h2>
<p>Scenario: niftyapp-1.0-1.el5.rpm uses a config file, <tt class="docutils literal"><span class="pre">/etc/nifty.conf</span></tt>. You tweaked <tt class="docutils literal"><span class="pre">/etc/nifty.conf</span></tt> to fit your system. Now niftyapp-2.0-1.el5.rpm is available with new features that require changes in the .conf file and provides a new default config file. What to do?</p>
<ul class="simple">
<li>If the previous version provided a default config file, the changes are detected. Your modified version of the .conf file is saved as <tt class="docutils literal"><span class="pre">/etc/nifty.conf.rpmsave</span></tt> and the new default config is installed. You can compare the files and modify as needed.</li>
<li>If the previous version did NOT provide a default config file, your version of the .conf file is saved as <tt class="docutils literal"><span class="pre">/etc/nifty.conf.rpmorig</span></tt> and the new default config is installed. You can compare the files and modify as needed.</li>
</ul>
</div>
<div class="section" id="uninstalling">
<h2><a class="toc-backref" href="#id100">Uninstalling</a></h2>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">rpm</span> <span class="pre">-e</span> <span class="pre">name[-ver][-rel]</span></tt></p>
<ul class="simple">
<li>Package removal is never verbose, never shows progress ( -v, -h have not effect)</li>
<li>Package removal only needs the name (or when multiple versions of the same package are installed, sometimes the version or release) but not the architecture or the .rpm extension.</li>
</ul>
</div>
<div class="section" id="rpm-over-a-network">
<h2><a class="toc-backref" href="#id101">RPM over a Network</a></h2>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">rpm</span> <span class="pre">-ivh</span> <span class="pre">ftp://{Host}/path/to/packagename-ver-rel.arch.rpm</span></tt></p>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">rpm</span> <span class="pre">-ivh</span> <span class="pre">http://{Host}/path/to/packagename-ver-rel.arch.rpm</span></tt></p>
<p>And wildcard &quot;globbing&quot; is allowed:</p>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">rpm</span> <span class="pre">-ivh</span> <span class="pre">http://{Host}/path/to/packagename*</span></tt></p>
</div>
<div class="section" id="common-rpm-queries">
<h2><a class="toc-backref" href="#id102">Common RPM Queries</a></h2>
<table border="1" class="docutils">
<colgroup>
<col width="29%" />
<col width="71%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">Query</th>
<th class="head">Result</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>rpm -qa</td>
<td>lists all installed packages.</td>
</tr>
<tr><td>rpm -q pkg</td>
<td>Reports the version of the package.</td>
</tr>
<tr><td>rpm -qf /path/file</td>
<td>Reports which package provided the file.</td>
</tr>
<tr><td>rpm -qc pkg</td>
<td>Lists all configuration files of the package.</td>
</tr>
<tr><td>rpm -qd pkg</td>
<td>Lists all documentation of the package.</td>
</tr>
<tr><td>rpm -qi pkg</td>
<td>Reports a description of the package.</td>
</tr>
<tr><td>rpm -ql pkg</td>
<td>Lists all files contained in the package.</td>
</tr>
<tr><td>rpm -qR pkg</td>
<td>Lists all dependencies.</td>
</tr>
<tr><td>rpm -q --scripts</td>
<td>Lists the scripts that run when installing/removing.</td>
</tr>
</tbody>
</table>
<dl class="docutils">
<dt>rpm -q{c|d|i|l|R}p /path/to/packagename-ver-rel-arch.rpm</dt>
<dd>Reports the same info as above, but pulls info from the .rpm file instead of the rpm database.</dd>
</dl>
</div>
<div class="section" id="rpm-verification">
<h2><a class="toc-backref" href="#id103">RPM Verification</a></h2>
<p>The RPM system satisfies two types of security concerns:</p>
<ol class="arabic simple">
<li>Is this package <em>authentic</em>? How do I know it came from Red Hat?</li>
<li>Has this package retained <em>integrity</em>? How do I know they haven't been modified?</li>
</ol>
<p>Authenticity and integrity of packages can be confirmed prior to installation with GPG signing and MD5 checksums of the RPM packages.</p>
<p>Integrity of files can be confirmed after installation with verification of installed files against the recorded metadata in the package.</p>
</div>
<div class="section" id="validate-package-signatures">
<h2><a class="toc-backref" href="#id104">Validate Package Signatures</a></h2>
<ol class="arabic">
<li><p class="first">Import the Red Hat GPG public key (It can be found on the installation CD or in the /etc/pki/rpm-gpg/ directory):</p>
<pre class="literal-block">
# rpm --import /media/disk/RPM-GPG-KEY-redhat-release
</pre>
</li>
</ol>
<p>or:</p>
<pre class="literal-block">
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
</pre>
<ol class="arabic" start="2">
<li><p class="first">Check the signature of the package in question:</p>
<pre class="literal-block">
# rpm --checksig /path/to/package-ver-rel.arch.rpm
</pre>
</li>
</ol>
</div>
<div class="section" id="rpm-checksig-sample-output">
<h2><a class="toc-backref" href="#id105">RPM Checksig Sample Output</a></h2>
<p><tt class="docutils literal"><span class="pre">$</span> <span class="pre">rpm</span> <span class="pre">--checksig</span> <span class="pre">ftp://linuxlib.us.dell.com/</span></tt>
<tt class="docutils literal"><span class="pre">pub/Distros/RedHat/RHEL5/5.3/Server/x86_64/</span></tt>
<tt class="docutils literal"><span class="pre">install-x86_64/Server/ImageMagick-6.2.8.0-4</span></tt>
<tt class="docutils literal"><span class="pre">.el5_1.1.i386.rpm</span></tt></p>
<p><tt class="docutils literal"><span class="pre">ftp://linuxlib.us.dell.com/pub/Distros/RedHat</span></tt>
<tt class="docutils literal"><span class="pre">/RHEL5/5.3/Server/x86_64/install-x86_64/Server</span></tt>
<tt class="docutils literal"><span class="pre">/ImageMagick-6.2.8.0-4.el5_1.1.i386.rpm:</span> <span class="pre">(sha1)</span></tt>
<tt class="docutils literal"><span class="pre">dsa</span> <span class="pre">sha1</span> <span class="pre">md5</span> <span class="pre">gpg</span> <span class="pre">OK</span></tt></p>
</div>
<div class="section" id="verify-installed-files">
<h2><a class="toc-backref" href="#id106">Verify Installed Files</a></h2>
<p><tt class="docutils literal"><span class="pre">rpm</span> <span class="pre">-V</span></tt> (or <tt class="docutils literal"><span class="pre">--verify</span></tt>) will compare existing files on the system to their pristine state in the packages they came from.</p>
<p>There are 8 points of comparison as shown in the following table, in the Michael Jang book and in the rpm man page:</p>
</div>
<div class="section" id="change-codes-from-rpm-verify">
<h2><a class="toc-backref" href="#id107">Change Codes from rpm --verify</a></h2>
<table border="1" class="docutils">
<colgroup>
<col width="36%" />
<col width="64%" />
</colgroup>
<thead valign="bottom">
<tr><th class="head">Change Code</th>
<th class="head">Meaning</th>
</tr>
</thead>
<tbody valign="top">
<tr><td>5</td>
<td>MD5 checksum</td>
</tr>
<tr><td>S</td>
<td>File size</td>
</tr>
<tr><td>L</td>
<td>Symbolic Link</td>
</tr>
<tr><td>T</td>
<td>Modification time</td>
</tr>
<tr><td>D</td>
<td>Device</td>
</tr>
<tr><td>U</td>
<td>User</td>
</tr>
<tr><td>G</td>
<td>Group</td>
</tr>
<tr><td>M</td>
<td>Mode</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="rpm-verify-sample-output">
<h2><a class="toc-backref" href="#id108">RPM Verify Sample Output</a></h2>
<pre class="literal-block">
#rpm -Va
...
S.5....T c /etc/ntp.conf
..?..... c /etc/ntp/keys
S.5....T /usr/bin/aspell
.......T /usr/share/ImageMagick-6.2.8/config/magic.xml
.......T d /usr/share/doc/ImageMagick-6.2.8/images/arc.png
.......T d /usr/share/doc/ImageMagick-6.2.8/images/background.jpg
...
</pre>
</div>
<div class="section" id="identifying-installed-packages">
<h2><a class="toc-backref" href="#id109">Identifying Installed Packages</a></h2>
<p>View a list of the packages originally installed on the system:</p>
<pre class="literal-block">
# less /root/install.log
</pre>
<p>View a list of the packages installed through yum:</p>
<pre class="literal-block">
# less /var/log/yum.log
</pre>
<p>Query the RPM database for the packages installed right now:</p>
<pre class="literal-block">
# rpm -qa
</pre>
</div>
<div class="section" id="managing-software-building-rpms">
<h2><a class="toc-backref" href="#id110">Managing Software: Building RPMs</a></h2>
<p>As of this writing, Red Hat is pointing users to the following RPM Guide from the Fedora project for more information on RPM creation:</p>
<p><a class="reference external" href="http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/">http://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/</a></p>
</div>
<div class="section" id="inside-an-rpm-package">
<h2><a class="toc-backref" href="#id111">Inside an RPM package</a></h2>
<ul class="simple">
<li>files</li>
<li>scripts</li>
<li>metadata</li>
</ul>
<p>The package is defined by a &quot;build specification file&quot; or <em>spec file</em>.</p>
<p>A good example of a spec file can be obtained from the source rpm for redhat-release.</p>
<p><a class="reference external" href="ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/redhat-release-server-6Server-6.0.0.37.el6.src.rpm">ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/redhat-release-server-6Server-6.0.0.37.el6.src.rpm</a></p>
<div class="tip">
<p class="first admonition-title">Tip</p>
<p class="last">Open .spec files in vim for color highlighting</p>
</div>
</div>
<div class="section" id="main-contents-of-a-spec-file">
<h2><a class="toc-backref" href="#id112">Main contents of a .spec file</a></h2>
<ul class="simple">
<li>Introduction or preamble: Contains metadata about the package</li>
<li>Build instructions on how to compile the source code or otherwise prepare the package payload.</li>
<li>Scriptlets that perform the installation, uninstallation, or upgrade.</li>
<li>Manifest of files to be installed, along with their permissions.</li>
<li>Changelog recording the changes made to the package with each revision.</li>
</ul>
</div>
<div class="section" id="preamble-directives">
<h2><a class="toc-backref" href="#id113">Preamble directives</a></h2>
<dl class="docutils">
<dt>Name</dt>
<dd>Name of the package</dd>
<dt>Version</dt>
<dd>Version identifier</dd>
<dt>Release</dt>
<dd>Indicates incremental changes within a version.</dd>
<dt>Group</dt>
<dd>The package group that should include this package. This can come from the list at <tt class="docutils literal"><span class="pre">/usr/share/doc/rpm-*/GROUPS</span></tt> or can be unique to you. Not related to yum package groups.</dd>
<dt>License</dt>
<dd>Short License Identifier as described at <a class="reference external" href="http://fedoraproject.org/wiki/Packaging/LicensingGuidelines">http://fedoraproject.org/wiki/Packaging/LicensingGuidelines</a></dd>
<dt>Summary</dt>
<dd>Short (&lt;=50 chars) one-line description.</dd>
<dt>Source</dt>
<dd>The file to be used as the source code. Add'l sources can be specified as Source0, Source1, etc.</dd>
<dt>BuildArch</dt>
<dd>Arch to use when building. Defaults to the existing system arch. May also be &quot;noarch&quot; for arch-independent packages.</dd>
<dt>Requires</dt>
<dd>Requirements that this package needs to run. Can be in the form of files or other packages</dd>
<dt>BuildRequires</dt>
<dd>Requirements needed to build this package.</dd>
</dl>
</div>
<div class="section" id="required-spec-file-sections">
<h2><a class="toc-backref" href="#id114">Required Spec file sections</a></h2>
<p>%description</p>
<p>%prep</p>
<p>%build</p>
<p>%install</p>
<p>%clean</p>
<p>%files</p>
<p>%changelog</p>
</div>
<div class="section" id="package-building-tools">
<h2><a class="toc-backref" href="#id115">Package Building Tools</a></h2>
<p>These packages will provide tools for setting up a build environment and the ability to create your own packages.</p>
<ul class="simple">
<li>rpm-build</li>
<li>rpmdevtools</li>
<li>rpmlint</li>
</ul>
</div>
<div class="section" id="setting-up-a-build-environment">
<h2><a class="toc-backref" href="#id116">Setting up a Build Environment</a></h2>
<p>As a non-privileged user, run:</p>
<pre class="literal-block">
$ rpmdev-setuptree
</pre>
<p>This should create the following directory structure in your home directory:</p>
<pre class="literal-block">
~/rpmbuild
|-- BUILD
|-- RPMS
|-- SOURCES
|-- SPECS
\-- SRPMS
</pre>
<p>In that structure, your source files (in a tarball) should be placed ~/rpmbuild/SOURCES/ and your .spec file in ~/rpmbuild/SPECS/. The ~/rpmbuild/BUILD/ directory will be a temporary working directory for the build process. And, after the rpmbuild process is complete, the finished binary and source RPMs will be placed in ~/rpmbuild/RPMS/ and ~/rpmbuild/SRPMS/, respectively.</p>
</div>
<div class="section" id="viewing-the-build-environment">
<h2><a class="toc-backref" href="#id117">Viewing the Build Environment</a></h2>
<p>When diagnosing build problems, it is sometimes useful to see what files are actually being created in the build environment in order to identify deviations of actual behavior from expected behavior. The tree utility is useful for that.</p>
<p>Install tree with <tt class="docutils literal"><span class="pre">#</span> <span class="pre">yum</span> <span class="pre">install</span> <span class="pre">tree</span></tt>.</p>
<p>Invoke tree with <tt class="docutils literal"><span class="pre">$</span> <span class="pre">tree</span> <span class="pre">~/rpmbuild</span></tt> to show the contents of the build environment.</p>
</div>
<div class="section" id="building-the-rpm">
<h2><a class="toc-backref" href="#id118">Building the RPM</a></h2>
<p>With the source files in place and a properly configured <tt class="docutils literal"><span class="pre">.spec</span></tt> file written, the <tt class="docutils literal"><span class="pre">rpmbuild</span></tt> command can be used to build the rpm either at once, or (for troubleshooting) in stages</p>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">$</span> <span class="pre">rpmbuild</span> <span class="pre">-bp</span> <span class="pre">&lt;spec</span> <span class="pre">file&gt;</span></tt></dt>
<dd>Builds through the <tt class="docutils literal"><span class="pre">%prep</span></tt> section -- unpacks sources and applies patches.</dd>
<dt><tt class="docutils literal"><span class="pre">$</span> <span class="pre">rpmbuild</span> <span class="pre">-bc</span> <span class="pre">&lt;spec</span> <span class="pre">file&gt;</span></tt></dt>
<dd>Builds through compile -- processes the <tt class="docutils literal"><span class="pre">%prep</span></tt> and <tt class="docutils literal"><span class="pre">%build</span></tt> sections.</dd>
<dt><tt class="docutils literal"><span class="pre">$</span> <span class="pre">rpmbuild</span> <span class="pre">-bi</span> <span class="pre">&lt;spec</span> <span class="pre">file&gt;</span></tt></dt>
<dd>Builds through <tt class="docutils literal"><span class="pre">%install</span></tt> -- processes <tt class="docutils literal"><span class="pre">%prep</span></tt>, <tt class="docutils literal"><span class="pre">%build</span></tt>, and <tt class="docutils literal"><span class="pre">%install</span></tt>.</dd>
<dt><tt class="docutils literal"><span class="pre">$</span> <span class="pre">rpmbuild</span> <span class="pre">-bb</span> <span class="pre">&lt;spec</span> <span class="pre">file&gt;</span></tt></dt>
<dd>Builds only the binary rpm file.</dd>
<dt><tt class="docutils literal"><span class="pre">$</span> <span class="pre">rpmbuild</span> <span class="pre">-bs</span> <span class="pre">&lt;spec</span> <span class="pre">file&gt;</span></tt></dt>
<dd>Builds only the source rpm file.</dd>
<dt><tt class="docutils literal"><span class="pre">$</span> <span class="pre">rpmbuild</span> <span class="pre">-ba</span> <span class="pre">&lt;spec</span> <span class="pre">file&gt;</span></tt></dt>
<dd>Builds both the binary and source rpm files.</dd>
</dl>
<p>Use <tt class="docutils literal"><span class="pre">rpmbuild</span> <span class="pre">--help</span></tt> or <tt class="docutils literal"><span class="pre">man</span> <span class="pre">rpmbuild</span></tt> for other options.</p>
</div>
<div class="section" id="rpm-building-exercise">
<h2><a class="toc-backref" href="#id119">RPM Building Exercise</a></h2>
<p>As root, install rpm-build, rpmlint, rpmdevtools:</p>
<pre class="literal-block">
# yum -y install rpmbuild rpmdevtools rpmlint
</pre>
<p>As a non-privileged user, create a project directory:</p>
<pre class="literal-block">
$ mkdir ~/hello-1.0
</pre>
<!-- -->
<blockquote>
Name this according to the convention: &lt;projname&gt;-&lt;majorver&gt;.&lt;minorver&gt;</blockquote>
<p>Create bash script: ~/hello-1.0/hello.sh</p>
<pre class="literal-block">
#!/bin/bash
# hello.sh
echo 'hello'
exit 0
</pre>
<p>Create a tarball of the project directory:</p>
<pre class="literal-block">
$ tar cvzf hello-1.0.tar.gz ~/hello-1.0/
</pre>
<p>Create an rpm development environment:</p>
<pre class="literal-block">
$ rpmdev-setuptree
</pre>
<p>Move the tarball to the SOURCES directory</p>
<p>Create a .spec file in the SPECS directory:</p>
<pre class="literal-block">
$ vim pkgname.spec
</pre>
<p>or:</p>
<pre class="literal-block">
$ rpmdev-newspec -o pkgname.spec
</pre>
<p>Insert a name (Match the pkgname on the tarball and direcotory)</p>
<p>Insert a version (Match the version)</p>
<p>Leave the release alone</p>
<p>Insert a summary (one line)</p>
<p>Insert a group (package group)</p>
<p>Insert a license</p>
<p>Insert a URL or delete the line</p>
<p>Insert on the Source0 line, the name of your tarball</p>
<p>Leave the BuildRoot line alone</p>
<p>Unless your package has prerequisites needed before it can be compiled, delete the BuildRequires line</p>
<p>Unless your package has prerequisites needed before it can work, delete the Requires line</p>
<p>On a blank line below %description, insert a brief description of your package</p>
<p>Leave the %prep and %setup lines alone</p>
<p>If your package does not need to be &quot;built&quot; (compiled), delete the %build, %configure, and make lines.</p>
<p>Leave the %install section header alone.</p>
<p>Under the %install section, leave the rm line alone.</p>
<p>If your package does not need to be built, modify the make install line to something like this:</p>
<pre class="literal-block">
install -D myfile $RPM_BUILD_ROOT/path/to/install/dest/myfile
</pre>
<p>Leave the %clean and the rm -rf lines alone.</p>
<p>Under %files, use the following syntax to list each of the files your package will place on the target system:</p>
<pre class="literal-block">
%attr(770,owner,group)/path/to/file
</pre>
<p>Use the following syntax to list each of the directories you package will place on the target system:</p>
<pre class="literal-block">
%dir /root/bin
</pre>
<p>The changelog section can be deleted or left alone.</p>
<!-- + Build a simple RPM that packages a single file -->
</div>
<div class="section" id="signing-your-rpms">
<h2><a class="toc-backref" href="#id120">Signing Your RPMs</a></h2>
<p>Your RPMs can be digitally signed to protect users from the possibility of forged packages (any RPM package can execute scripts w/ root privileges when installed!). To implement this, first generate and identify a gpg key:</p>
<pre class="literal-block">
$ gpg --gen-key
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
&lt;n&gt; = key expires in n days
&lt;n&gt;w = key expires in n weeks
&lt;n&gt;m = key expires in n months
&lt;n&gt;y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
GnuPG needs to construct a user ID to identify your key.
Real name: Scott Purcell
Email address: scott&#64;texastwister.info
Comment:
You selected this USER-ID:
&quot;Scott Purcell &lt;scott&#64;texastwister.info&gt;&quot;
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key B9AED1DE marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/B9AED1DE 2011-02-22
Key fingerprint = 9987 B276 A24A 1210 13A7 4D05 9F3F 8934 B9AE D1DE
uid Scott Purcell &lt;scott&#64;texastwister.info&gt;
sub 2048R/0DA4CCE9 2011-02-22
[scott&#64;Client1 rhel6]$
</pre>
<p>The key ID can be seen in the output above, or can be found with gpg --fingerprint</p>
<p>Export the key to a file:</p>
<pre class="literal-block">
$ gpg --armor --output ~/RPM-GPG-KEY-ScottPurcell --export B9AED1DE
</pre>
<!-- -->
<blockquote>
<p>[<a class="reference external" href="mailto:scott&#64;Client1">scott&#64;Client1</a> ~]$ cat RPM-GPG-KEY-ScottPurcell
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.14 (GNU/Linux)</p>
<p>mQENBE1jVagBCADVDTOvRl3Z5xPZb6AAl2D3bM/H4kEhyJ+yk1pbVPmu8yu0Cbsl
. . .
R+J9rjvN8rNpQwm40Gx6RpM7qtP/LodzD46dNfbr87lJ4F+4A3U=
=f4Gq
-----END PGP PUBLIC KEY BLOCK-----</p>
</blockquote>
<p>Configure rpm-related tools to use your signature:</p>
<pre class="literal-block">
$ echo '%_gpg_name Scott Purcell'&gt;&gt; ~/.rpmmacros
</pre>
<p>or:</p>
<pre class="literal-block">
$ echo '%_gpg_name B9AED1DE'&gt;&gt; ~/.rpmmacros
</pre>
<p>Now packages can be created and signed at the same time with rpmbuild using the --sign option. Or existing packages can be retroactively signed with rpm using the --addsign or --resign options.</p>
<p>With a signed package in place, the user intending to install it now needs to import the key:</p>
<pre class="literal-block">
# rpm --import /home/scott/RPM-GPG-KEY-ScottPurcell
</pre>
<p>And with the key imported, the package can be verified:</p>
<pre class="literal-block">
$ rpm -K rpmbuild/RPMS/x86_64/rhel6rhce-0.5-1.el6.x86_64.rpm
rpmbuild/RPMS/x86_64/rhel6rhce-0.5-1.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
</pre>
</div>
<div class="section" id="create-a-repo-with-your-files">
<h2><a class="toc-backref" href="#id121">Create a Repo with your files</a></h2>
<p>(Assumes httpd already installed)</p>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">yum</span> <span class="pre">-y</span> <span class="pre">install</span> <span class="pre">createrepo</span></tt></p>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">mkdir</span> <span class="pre">-p</span> <span class="pre">/var/www/html/repo/Packages</span></tt></p>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">cp</span> <span class="pre">MyPackage.rpm</span> <span class="pre">/var/www/html/repo/Packages</span></tt></p>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">createrepo</span> <span class="pre">-v</span> <span class="pre">/var/www/html/repo</span></tt></p>
<p><tt class="docutils literal"><span class="pre">#</span> <span class="pre">cp</span> <span class="pre">/home/me/RPM-GPG-KEY-me</span> <span class="pre">/var/www/html/repo</span></tt></p>
</div>
<div class="section" id="rpm-packaging-other-documentation">
<h2><a class="toc-backref" href="#id122">RPM Packaging, Other Documentation:</a></h2>
<p>Red Hat Enterprise Linux Deployment Guide, section on &quot;Querying RPM&quot;</p>
<p>Man Pages:</p>
<blockquote>
<ul class="simple">
<li>rpm (8)</li>
<li>rpm2cpio (8)</li>
<li>cpio (1)</li>
</ul>
</blockquote>
</div>
<div class="section" id="manage-processes-and-services">
<h2><a class="toc-backref" href="#id123">Manage Processes and Services</a></h2>
<dl class="docutils">
<dt>Start a service:</dt>
<dd><ul class="first last simple">
<li><tt class="docutils literal"><span class="pre">service</span> <span class="pre">&lt;servicename&gt;</span> <span class="pre">start</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/etc/init.d/&lt;servicescript&gt;</span> <span class="pre">start</span></tt></li>
</ul>
</dd>
<dt>Stop a service:</dt>
<dd><ul class="first last simple">
<li><tt class="docutils literal"><span class="pre">service</span> <span class="pre">&lt;servicename&gt;</span> <span class="pre">stop</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/etc/init.d/&lt;servicescript&gt;</span> <span class="pre">stop</span></tt></li>
</ul>
</dd>
<dt>Check status of a service:</dt>
<dd><ul class="first last simple">
<li><tt class="docutils literal"><span class="pre">service</span> <span class="pre">&lt;servicename&gt;</span> <span class="pre">status</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/etc/init.d/&lt;servicescript&gt;</span> <span class="pre">status</span></tt></li>
</ul>
</dd>
<dt>Reload a service's config:</dt>
<dd><ul class="first last simple">
<li><tt class="docutils literal"><span class="pre">service</span> <span class="pre">&lt;servicename&gt;</span> <span class="pre">reload</span></tt></li>
<li><tt class="docutils literal"><span class="pre">/etc/init.d/&lt;servicescript&gt;</span> <span class="pre">reload</span></tt></li>
</ul>
</dd>
</dl>
</div>
<div class="section" id="persistent-configuration-of-services">
<h2><a class="toc-backref" href="#id124">Persistent Configuration of Services</a></h2>
<dl class="docutils">
<dt>Configure a service to start at boot:</dt>
<dd><ul class="first last simple">
<li><tt class="docutils literal"><span class="pre">chkconfig</span> <span class="pre">&lt;servicename&gt;</span> <span class="pre">on</span></tt></li>
<li><tt class="docutils literal"><span class="pre">system-config-services</span></tt></li>
<li><tt class="docutils literal"><span class="pre">ntsysv</span></tt></li>
</ul>
</dd>
</dl>
</div>
<div class="section" id="manage-processes-and-services-configure-systems-to-boot-into-a-specific-runlevel-automatically">
<h2><a class="toc-backref" href="#id125">Manage Processes and Services: Configure systems to boot into a specific runlevel automatically</a></h2>
<p><tt class="docutils literal"><span class="pre">/etc/inittab</span></tt></p>
</div>
<div class="section" id="monitoring-processes">
<h2><a class="toc-backref" href="#id126">Monitoring Processes</a></h2>
<dl class="docutils">
<dt><tt class="docutils literal"><span class="pre">ps</