Product SiteDocumentation Site

Fedora 22

System Administrator's Guide

Deployment, Configuration, and Administration of Fedora 22

Edition 1

Jaromír Hradílek

Red Hat Engineering Content Services

Douglas Silas

Red Hat Engineering Content Services

Martin Prpič

Red Hat Engineering Content Services

Stephen Wadeley

Red Hat Engineering Content Services

Eliška Slobodová

Red Hat Engineering Content Services

Tomáš Čapek

Red Hat Engineering Content Services

Petr Kovář

Red Hat Engineering Content Services

Miroslav Svoboda

Red Hat Engineering Content Services

John Ha

Red Hat Engineering Content Services

David O'Brien

Red Hat Engineering Content Services

Michael Hideo

Red Hat Engineering Content Services

Don Domingo

Red Hat Engineering Content Services

Legal Notice

Copyright © 2015 Red Hat, Inc. and others.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
For guidelines on the permitted uses of the Fedora trademarks, refer to https://fedoraproject.org/wiki/Legal:Trademark_guidelines.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.
Abstract
The System Administrator's Guide documents relevant information regarding the deployment, configuration, and administration of Fedora 22. It is oriented towards system administrators with a basic understanding of the system.

Preface
1. Target Audience
2. How to Read this Book
3. Document Conventions
3.1. Typographic Conventions
3.2. Pull-quote Conventions
3.3. Notes and Warnings
4. We Need Feedback!
5. Acknowledgments
I. Basic System Configuration
1. Opening Graphical Applications
1.1. Opening graphical applications from the command line
1.2. Launching Applications with Alt+F2
1.3. Launching applications from the Desktop Menu
1.3.1. Using GNOME menus
1.3.2. Using KDE menus
1.3.3. Using menus in LXDE, MATE, and XFCE
2. System Locale and Keyboard Configuration
2.1. Setting the System Locale
2.1.1. Displaying the Current Status
2.1.2. Listing Available Locales
2.1.3. Setting the Locale
2.2. Changing the Keyboard Layout
2.2.1. Displaying the Current Settings
2.2.2. Listing Available Keymaps
2.2.3. Setting the Keymap
2.3. Additional Resources
3. Configuring the Date and Time
3.1. Using the timedatectl Command
3.1.1. Displaying the Current Date and Time
3.1.2. Changing the Current Time
3.1.3. Changing the Current Date
3.1.4. Changing the Time Zone
3.1.5. Synchronizing the System Clock with a Remote Server
3.2. Using the date Command
3.2.1. Displaying the Current Date and Time
3.2.2. Changing the Current Time
3.2.3. Changing the Current Date
3.3. Using the hwclock Command
3.3.1. Displaying the Current Date and Time
3.3.2. Setting the Date and Time
3.3.3. Synchronizing the Date and Time
3.4. Additional Resources
4. Managing Users and Groups
4.1. Introduction to Users and Groups
4.1.1. User Private Groups
4.1.2. Shadow Passwords
4.2. Managing Users in a Graphical Environment
4.2.1. Using the Users Settings Tool
4.3. Using Command Line Tools
4.3.1. Adding a New User
4.3.2. Adding a New Group
4.3.3. Enabling Password Aging
4.3.4. Enabling Automatic Logouts
4.3.5. Creating Group Directories
4.4. Additional Resources
II. Package Management
5. DNF
5.1. Checking For and Updating Packages
5.1.1. Checking For Updates
5.1.2. Updating Packages
5.1.3. Preserving Configuration File Changes
5.2. Packages and Package Groups
5.2.1. Searching Packages
5.2.2. Listing Packages
5.2.3. Displaying Package Information
5.2.4. Installing Packages
5.2.5. Removing Packages
5.2.6. Working with Transaction History
5.3. Configuring DNF and DNF Repositories
5.3.1. Setting [main] Options
5.3.2. Setting [repository] Options
5.3.3. Using DNF Variables
5.4. Viewing the Current Configuration
5.5. Adding, Enabling, and Disabling a DNF Repository
5.6. Additional Resources
III. Infrastructure Services
6. Services and Daemons
6.1. Configuring Services
6.1.1. Enabling the Service
6.1.2. Disabling the Service
6.2. Running Services
6.2.1. Checking the Service Status
6.2.2. Running the Service
6.2.3. Stopping the Service
6.2.4. Restarting the Service
6.3. Additional Resources
6.3.1. Installed Documentation
6.3.2. Related Books
7. OpenSSH
7.1. The SSH Protocol
7.1.1. Why Use SSH?
7.1.2. Main Features
7.1.3. Protocol Versions
7.1.4. Event Sequence of an SSH Connection
7.2. An OpenSSH Configuration
7.2.1. Configuration Files
7.2.2. Starting an OpenSSH Server
7.2.3. Requiring SSH for Remote Connections
7.2.4. Using Key-based Authentication
7.3. OpenSSH Clients
7.3.1. Using the ssh Utility
7.3.2. Using the scp Utility
7.3.3. Using the sftp Utility
7.4. More Than a Secure Shell
7.4.1. X11 Forwarding
7.4.2. Port Forwarding
7.5. Additional Resources
8. TigerVNC
8.1. VNC Server
8.1.1. Installing VNC Server
8.1.2. Configuring VNC Server
8.1.3. Starting VNC Server
8.1.4. Terminating a VNC Session
8.2. VNC Viewer
8.2.1. Installing VNC Viewer
8.2.2. Connecting to VNC Server
8.2.3. Connecting to VNC Server Using SSH
8.3. Additional Resources
IV. Servers
9. Web Servers
9.1. The Apache HTTP Server
9.1.1. Notable Changes
9.1.2. Updating the Configuration
9.1.3. Running the httpd Service
9.1.4. Editing the Configuration Files
9.1.5. Working with Modules
9.1.6. Setting Up Virtual Hosts
9.1.7. Setting Up an SSL Server
9.1.8. Additional Resources
10. Mail Servers
10.1. Email Protocols
10.1.1. Mail Transport Protocols
10.1.2. Mail Access Protocols
10.2. Email Program Classifications
10.2.1. Mail Transport Agent
10.2.2. Mail Delivery Agent
10.2.3. Mail User Agent
10.3. Mail Transport Agents
10.3.1. Postfix
10.3.2. Sendmail
10.3.3. Fetchmail
10.3.4. Mail Transport Agent (MTA) Configuration
10.4. Mail Delivery Agents
10.4.1. Procmail Configuration
10.4.2. Procmail Recipes
10.5. Mail User Agents
10.5.1. Securing Communication
10.6. Additional Resources
10.6.1. Installed Documentation
10.6.2. Useful Websites
10.6.3. Related Books
11. Directory Servers
11.1. OpenLDAP
11.1.1. Introduction to LDAP
11.1.2. Installing the OpenLDAP Suite
11.1.3. Configuring an OpenLDAP Server
11.1.4. SELinux Policy for Applications Using LDAP
11.1.5. Running an OpenLDAP Server
11.1.6. Configuring a System to Authenticate Using OpenLDAP
11.1.7. Additional Resources
11.1.8. Related Books
12. File and Print Servers
12.1. Samba
12.1.1. Introduction to Samba
12.1.2. Samba Daemons and Related Services
12.1.3. Connecting to a Samba Share
12.1.4. Configuring a Samba Server
12.1.5. Starting and Stopping Samba
12.1.6. Samba Server Types and the smb.conf File
12.1.7. Samba Security Modes
12.1.8. Samba Account Information Databases
12.1.9. Samba Network Browsing
12.1.10. Samba with CUPS Printing Support
12.1.11. Samba Distribution Programs
12.1.12. Additional Resources
12.2. FTP
12.2.1. The File Transfer Protocol
12.2.2. FTP Servers
12.2.3. Files Installed with vsftpd
12.2.4. Starting and Stopping vsftpd
12.2.5. vsftpd Configuration Options
12.2.6. Additional Resources
12.3. Printer Configuration
12.3.1. Starting the Printers Configuration Tool
12.3.2. Starting Printer Setup
12.3.3. Adding a Local Printer
12.3.4. Adding an AppSocket/HP JetDirect printer
12.3.5. Adding an IPP Printer
12.3.6. Adding an LPD/LPR Host or Printer
12.3.7. Adding a Samba (SMB) printer
12.3.8. Selecting the Printer Model and Finishing
12.3.9. Printing a Test Page
12.3.10. Modifying Existing Printers
12.3.11. Additional Resources
13. Configuring NTP Using the chrony Suite
13.1. Introduction to the chrony Suite
13.1.1. Differences Between ntpd and chronyd
13.1.2. Choosing Between NTP Daemons
13.2. Understanding chrony and Its Configuration
13.2.1. Understanding chronyd
13.2.2. Understanding chronyc
13.2.3. Understanding the chrony Configuration Commands
13.2.4. Security with chronyc
13.3. Using chrony
13.3.1. Installing chrony
13.3.2. Checking the Status of chronyd
13.3.3. Starting chronyd
13.3.4. Stopping chronyd
13.3.5. Checking if chrony is Synchronized
13.3.6. Manually Adjusting the System Clock
13.4. Setting Up chrony for Different Environments
13.4.1. Setting Up chrony for a System Which is Infrequently Connected
13.4.2. Setting Up chrony for a System in an Isolated Network
13.5. Using chronyc
13.5.1. Using chronyc to Control chronyd
13.5.2. Using chronyc for Remote Administration
13.6. Additional Resources
13.6.1. Installed Documentation
13.6.2. Online Documentation
14. Configuring NTP Using ntpd
14.1. Introduction to NTP
14.2. NTP Strata
14.3. Understanding NTP
14.4. Understanding the Drift File
14.5. UTC, Timezones, and DST
14.6. Authentication Options for NTP
14.7. Managing the Time on Virtual Machines
14.8. Understanding Leap Seconds
14.9. Understanding the ntpd Configuration File
14.10. Understanding the ntpd Sysconfig File
14.11. Disabling chrony
14.12. Checking if the NTP Daemon is Installed
14.13. Installing the NTP Daemon (ntpd)
14.14. Checking the Status of NTP
14.15. Configure the Firewall to Allow Incoming NTP Packets
14.15.1. Change the Firewall Settings
14.15.2. Open Ports in the Firewall for NTP Packets
14.16. Configure ntpdate Servers
14.17. Configure NTP
14.17.1. Configure Access Control to an NTP Service
14.17.2. Configure Rate Limiting Access to an NTP Service
14.17.3. Adding a Peer Address
14.17.4. Adding a Server Address
14.17.5. Adding a Broadcast or Multicast Server Address
14.17.6. Adding a Manycast Client Address
14.17.7. Adding a Broadcast Client Address
14.17.8. Adding a Manycast Server Address
14.17.9. Adding a Multicast Client Address
14.17.10. Configuring the Burst Option
14.17.11. Configuring the iburst Option
14.17.12. Configuring Symmetric Authentication Using a Key
14.17.13. Configuring the Poll Interval
14.17.14. Configuring Server Preference
14.17.15. Configuring the Time-to-Live for NTP Packets
14.17.16. Configuring the NTP Version to Use
14.18. Configuring the Hardware Clock Update
14.19. Configuring Clock Sources
14.20. Additional Resources
14.20.1. Installed Documentation
14.20.2. Useful Websites
15. Configuring PTP Using ptp4l
15.1. Introduction to PTP
15.1.1. Understanding PTP
15.1.2. Advantages of PTP
15.2. Using PTP
15.2.1. Checking for Driver and Hardware Support
15.2.2. Installing PTP
15.2.3. Starting ptp4l
15.3. Specifying a Configuration File
15.4. Using the PTP Management Client
15.5. Synchronizing the Clocks
15.6. Verifying Time Synchronization
15.7. Serving PTP Time with NTP
15.8. Serving NTP Time with PTP
15.9. Synchronize to PTP or NTP Time Using timemaster
15.9.1. Starting timemaster as a Service
15.9.2. Understanding the timemaster Configuration File
15.9.3. Configuring timemaster Options
15.10. Improving Accuracy
15.11. Additional Resources
15.11.1. Installed Documentation
15.11.2. Useful Websites
V. Monitoring and Automation
16. System Monitoring Tools
16.1. Viewing System Processes
16.1.1. Using the ps Command
16.1.2. Using the top Command
16.1.3. Using the System Monitor Tool
16.2. Viewing Memory Usage
16.2.1. Using the free Command
16.2.2. Using the System Monitor Tool
16.3. Viewing CPU Usage
16.3.1. Using the System Monitor Tool
16.4. Viewing Block Devices and File Systems
16.4.1. Using the lsblk Command
16.4.2. Using the blkid Command
16.4.3. Using the partx Command
16.4.4. Using the findmnt Command
16.4.5. Using the df Command
16.4.6. Using the du Command
16.4.7. Using the System Monitor Tool
16.5. Viewing Hardware Information
16.5.1. Using the lspci Command
16.5.2. Using the lsusb Command
16.5.3. Using the lspcmcia Command
16.5.4. Using the lscpu Command
16.6. Monitoring Performance with Net-SNMP
16.6.1. Installing Net-SNMP
16.6.2. Running the Net-SNMP Daemon
16.6.3. Configuring Net-SNMP
16.6.4. Retrieving Performance Data over SNMP
16.6.5. Extending Net-SNMP
16.7. Additional Resources
16.7.1. Installed Documentation
17. Viewing and Managing Log Files
17.1. Locating Log Files
17.2. Basic Configuration of Rsyslog
17.2.1. Filters
17.2.2. Actions
17.2.3. Templates
17.2.4. Global Directives
17.2.5. Log Rotation
17.2.6. Using the New Configuration Format
17.2.7. Rulesets
17.2.8. Compatibility with syslogd
17.3. Working with Queues in Rsyslog
17.3.1. Defining Queues
17.3.2. Managing Queues
17.4. Using Rsyslog Modules
17.4.1. Importing Text Files
17.4.2. Exporting Messages to a Database
17.4.3. Enabling Encrypted Transport
17.4.4. Using RELP
17.5. Interaction of Rsyslog and Journal
17.6. Structured Logging with Rsyslog
17.6.1. Importing Data from Journal
17.6.2. Filtering Structured Messages
17.6.3. Parsing JSON
17.6.4. Storing Messages in the MongoDB
17.7. Debugging Rsyslog
17.8. Using the Journal
17.8.1. Viewing Log Files
17.8.2. Access Control
17.8.3. Using The Live View
17.8.4. Filtering Messages
17.8.5. Enabling Persistent Storage
17.9. Managing Log Files in a Graphical Environment
17.9.1. Viewing Log Files
17.9.2. Adding a Log File
17.9.3. Monitoring Log Files
17.10. Additional Resources
18. Automating System Tasks
18.1. Cron and Anacron
18.1.1. Installing Cron and Anacron
18.1.2. Running the Crond Service
18.1.3. Configuring Anacron Jobs
18.1.4. Configuring Cron Jobs
18.1.5. Controlling Access to Cron
18.1.6. Black and White Listing of Cron Jobs
18.2. At and Batch
18.2.1. Installing At and Batch
18.2.2. Running the At Service
18.2.3. Configuring an At Job
18.2.4. Configuring a Batch Job
18.2.5. Viewing Pending Jobs
18.2.6. Additional Command Line Options
18.2.7. Controlling Access to At and Batch
18.3. Additional Resources
19. OProfile
19.1. Overview of Tools
19.1.1. operf vs. opcontrol
19.2. Using operf
19.2.1. Specifying the Kernel
19.2.2. Setting Events to Monitor
19.2.3. Categorization of Samples
19.3. Configuring OProfile Using Legacy Mode
19.3.1. Specifying the Kernel
19.3.2. Setting Events to Monitor
19.3.3. Separating Kernel and User-space Profiles
19.4. Starting and Stopping OProfile Using Legacy Mode
19.5. Saving Data in Legacy Mode
19.6. Analyzing the Data
19.6.1. Using opreport
19.6.2. Using opreport on a Single Executable
19.6.3. Getting More Detailed Output on the Modules
19.6.4. Using opannotate
19.7. Understanding the /dev/oprofile/ directory
19.8. Example Usage
19.9. OProfile Support for Java
19.9.1. Profiling Java Code
19.10. Graphical Interface
19.11. OProfile and SystemTap
19.12. Additional Resources
VI. Kernel, Module and Driver Configuration
20. Working with the GRUB 2 Boot Loader
20.1. Configuring the GRUB 2 Boot Loader
20.2. Customizing GRUB 2 Menu
20.2.1. Changing the Default Boot Entry
20.2.2. Editing an Entry
20.2.3. Adding a new Entry
20.2.4. Creating a Custom Menu
20.3. GRUB 2 Password Protection
20.3.1. Setting Up Users and Password Protection, Specifying Menu Entries
20.3.2. Password Encryption
20.4. Reinstalling GRUB 2
20.4.1. Reinstalling GRUB 2 on BIOS-Based Machines
20.4.2. Reinstalling GRUB 2 on UEFI-Based Machines
20.4.3. Resetting and Reinstalling GRUB 2
20.5. GRUB 2 over Serial Console
20.5.1. Configuring GRUB 2
20.5.2. Using screen to Connect to the Serial Console
20.6. Terminal Menu Editing During Boot
20.6.1. Booting to Rescue Mode
20.6.2. Booting to Emergency Mode
20.6.3. Changing and Resetting the Root Password
20.7. UEFI Secure Boot
20.7.1. UEFI Secure Boot Support in Fedora
20.8. Additional Resources
21. Manually Upgrading the Kernel
21.1. Overview of Kernel Packages
21.2. Preparing to Upgrade
21.3. Downloading the Upgraded Kernel
21.4. Performing the Upgrade
21.5. Verifying the Initial RAM Disk Image
21.6. Verifying the Boot Loader
21.6.1. Configuring the GRUB 2 Boot Loader
21.6.2. Configuring the OS/400 Boot Loader
21.6.3. Configuring the YABOOT Boot Loader
22. Working with Kernel Modules
22.1. Listing Currently-Loaded Modules
22.2. Displaying Information About a Module
22.3. Loading a Module
22.4. Unloading a Module
22.5. Setting Module Parameters
22.6. Persistent Module Loading
22.7. Signing Kernel Modules for Secure Boot
22.7.1. Prerequisites
22.7.2. Kernel Module Authentication
22.7.3. Generating a Public and Private X.509 Key Pair
22.7.4. Enrolling Public Key on Target System
22.7.5. Signing Kernel Module with the Private Key
22.7.6. Loading Signed Kernel Module
22.8. Additional Resources
A. RPM
A.1. RPM Design Goals
A.2. Using RPM
A.2.1. Installing and Upgrading Packages
A.2.2. Uninstalling Packages
A.2.3. Freshening Packages
A.2.4. Querying Packages
A.2.5. Verifying Packages
A.3. Finding and Verifying RPM Packages
A.3.1. Finding RPM Packages
A.3.2. Checking Package Signatures
A.4. Common Examples of RPM Usage
A.5. Additional Resources
B. Revision History
Index