3116 Workbook PDF

SUSE Linux Enterprise Server 11 SP2
Administration
Workbook
3116
Novell Training Services
www.novell.com
A U T H O R I Z E D C O U R S E WA R E
Part # 100-005293-001-REV A
Version 1
Novell, Inc. Copyright 2012-1-HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents
or use of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
Novell, Inc., reserves the right to revise this publication and to make changes to
its content, at any time, without obligation to notify any person or entity of such
revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any
time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You agree to
comply with all export control regulations and to obtain any required licenses or
classification to export, re-export or import deliverables. You agree not to export
or re-export to entities on the current U.S. export exclusion lists or to any
embargoed or terrorist countries as specified in the U.S. export laws. You agree
to not use deliverables for prohibited nuclear, missile, or chemical biological
weaponry end uses. See the Novell International Trade Services Web page (http:/
/www.novell.com/info/exports/) for more information on exporting Novell
software. Novell assumes no responsibility for your failure to obtain any
necessary export approvals.
Copyright 2008 Novell, Inc. All rights reserved. No part of this publication
may be reproduced, photocopied, stored on a retrieval system, or transmitted
without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in

the product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/
company/legal/patents/) and one or more additional patents or pending patent
applications in the U.S. and in other countries.
Novell, Inc.
1800 South Novell Place
Provo, UT 84606
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for this and
other Novell products, see the Novell Documentation Web page (http://
www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://
www.novell.com/company/legal/trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
Contents
SUSELni uxEnterpsi eServer1 SP2Adminstratoi n/Workbo k1
SECTION 1
Exercise 1-1
SECTION 2
Exercise 2-1
Exercise 2-2
SECTION 3
Exercise 3-1
SECTION 4
Exercise 4-1
Exercise 4-2
Exercise 4-3
Exercise 4-4
Version 1
Introduction
Check the Media in Your Student Kit
Check Hardware and Software Requirements
Course Scenario
Set Up Your Practice Environment
Set Up da-host
10
Set Up da1
15
Set Up da2
15
Review the Exercise Conventions
16
Install SUSE Linux Enterprise Server 11 SP2
17
Install SUSE Linux Enterprise Server 11 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Manage System Initialization

Manage the Boot Loader. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Manage Runlevels. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: View and Change the Current Runlevel . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II: Activate the atd Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part III: Set a Runlevel at Boot Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part IV: Enable rsyncd with YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Administer Linux Processes and Services
23
24
27
27
28
29
30
31
Manage Linux Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Part I: Move Processes to the Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Part II: Modify Process Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Administer the Linux File System

Configure Partitions on your Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: Create Partitions and File Systems with YaST . . . . . . . . . . . . . . . . . . . . . .
Part II: Partition Manually with fdisk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part III: Manage File Systems from the Command Line . . . . . . . . . . . . . . . . . . . .
Manage File Systems from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: Run e2fsck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II: Customize the File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: Create LVM Physical Volumes, a Volume Group, and Logical
Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II: Resize an LVM Volume . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Set Up and Configure Disk Quotas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Copying all or part of this manual, or distributing such copies, is strictly prohibited.
To report suspected copying, please call 1-800-PIRATES.
37
38
38
40
42
44
44
44
48
48
50
51
SUSE Linux Enterprise Server 11 SP2 Administration / Workbook
SECTION 5
Exercise 5-1
SECTION 6
Exercise 6-1
Exercise 6-2
Exercise 6-3
SECTION 7
Exercise 7-1
Exercise 7-2
Exercise 7-3
Exercise 7-4
SECTION 8
Exercise 8-1
Exercise 8-2
SECTION 9
Exercise 9-1
SECTION 10
Exercise 10-1
Exercise 10-2
Exercise 10-3
Exercise 10-4
Exercise 10-5
Exercise 10-6
Configure the Network Manually
53
Configure the Network Connection Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Part I: Note the Current Network Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II: Delete the Current Network Setup with YaST . . . . . . . . . . . . . . . . . . . . . .
Part III: Configure the Network Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part IV: Save the Network Connection to an Interface Configuration File . . . . . .
Manage Hardware
54
54
54
55
55
57
Manage Linux Kernel Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Obtain Hardware Configuration Information in YaST . . . . . . . . . . . . . . . . . . . . . . 59
Modify udev Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configure Remote Access
63
Practice Using OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Perform Public Key Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Remote Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: Remotely Access a Text-Based Version of YaST . . . . . . . . . . . . . . . . . . . .
Part II: Remotely Access the GUI Version of YaST . . . . . . . . . . . . . . . . . . . . . . .
Part III: Configure Remote Administration with YaST . . . . . . . . . . . . . . . . . . . . .
Part IV: Access Your da1 Server Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Use Nomad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Monitor SUSE Linux Enterprise Server 11
64
66
68
68
68
69
69
71
73
Gather Information on your SLES 11 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Manage System Logging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: Modify the syslog-ng Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II: Configure logrotate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
74
76
76
78
81
Schedule Jobs with cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Part I: Schedule Jobs with at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Part II: Schedule Jobs with cron . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Manage Backup and Recovery
85
Back Up System Files with YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Create Backup Files with tar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: Create a Full Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II: Create an Incremental Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Work with Snapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Create Drive Images with dd (Optional) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Back Up a Home Directory with rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part I: Perform a Local Backup with rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Part II: Perform a Remote Backup with rsync . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure a cron Job for Data Backups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
86
87
87
87
89
91
93
93
93
95
Version 1
SECTION 11
Exercise 11-1
Exercise 11-2
Exercise 11-3
Exercise 11-4
Exercise 11-5
Version 1
Administer User Access and Security
97
Configure PAM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Configure sudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Configure the Password Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Use ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Part I: Configure the ACL of a Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Part II: Configure a Default ACL for a Directory . . . . . . . . . . . . . . . . . . . . . . . . 105
Part III: Delete an ACL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Configure SuSEfirewall2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Version 1
Introduction
Introduction
This workbook is designed to help you practice the skills associated with SUSE Linux
Enterprise Server 11 Administration (Course 3116) objectives.
These skills, along with those taught in SUSE Linux Enterprise Server 11
Fundamentals (Course 3115), prepare you to take the Novell Certified Linux
Administrator 11 (Novell CLA 11) certification test.
Before starting the exercises in this workbook, you need do the following:
Check the Media in Your Student Kit on page 7
Check Hardware and Software Requirements on page 8
Course Scenario on page 8
Set Up Your Practice Environment on page 9
Review the Exercise Conventions on page 16
Check the Media in Your Student Kit

Your kit for Course 3116 contains the following media:
3116 Course Manual. Printed course manual that contains instructional and
reference content.
3116 Workbook. Printed workbook that contains step-by-step instructions for

setting up and completing the 3116 course exercises.
Course 3116 SUSE Linux Enterprise Server 11 SP2 Administration Course

DVD. This DVD contains the course manual in PDF format, this workbook in
PDF format, and a readme file.
In addition, there are several directories with the following content:
Version 1
exercises. This directory contains files used for course exercises.

setup. This directory contains files you need to set up your practice
environment.
VMs. This directory contains Virtual Machines used in the course.
SUSE Linux Enterprise Server 11 SP2 Product DVD
SUSE Linux Enterprise Desktop 11 SP2 Product DVD
Check Hardware and Software Requirements

The following table lists the minimum hardware and software requirements for this
course:
Table Intro-1
Course 3116 Hardware and Software Requirements

Setup
Minimum Requirements
Hardware
You need a host computer that meets the

following requirements:
Pentium
4 - 2.8Ghz CPU (or faster; use

of x86_64 hardware is recommended)
Monitor
and Graphics Card capable of

displaying 1280x1024 (or higher)
resolution
GB (or more) RAM
60
GB (or more) hard disk drive
DVD
drive
Make sure that the host computer is actually

utilizing the full 4 GB of RAM. If not, exercises
can run extremely slow or even stall a
process.
Software
To complete the setup of the host computer,

you need the following software, software
installation files, and DVD:
SUSE
Linux Enterprise Server 11 SP2
You use this software to install da-host.

VMware
Adobe
Player 4.x.x or 5.x.x
Reader 9.x
SUSE
Linux Enterprise Server 11 SP2

Administration Course DVD
The Course DVD contains software and
files needed for setup and exercises.
Course Scenario
The exercises in this course center around the fictional Digital Airlines Company that
has offices at various airports around the globe.
The Digital Airlines management has made the decision to migrate several back-end
services to Linux servers running SUSE Linux Enterprise Server 11 SP2.
Your task is to set up a lab environment with SUSE Linux Enterprise Server 11 SP2
and to familiarize yourself with it.
Version 1
Introduction
You need to learn how to do the following to be able to adminster SLES 11 SP2 in
Digital Airlines IT environment:
Manage system initialization
Administer Linux processes and services
Administer storage
Configure the network
Manage hardware
Configure remote access
Monitor a SUSE Linux Enterprise Server 11 SP2 system
Automate tasks
Manage backup and recovery
Administer user access and security
Set Up Your Practice Environment

To perform the exercises in this workbook, you need a physical machine (da-host,
172.17.8.1/16) that has SUSE Linux Enterprise Server 11 SP2 installed.
You also need a VMware virtual machine (da1, 172.17.8.101/16) which will be
installed with SUSE Linux Enterprise Server 11 SP2 in Exercise 1 of Section 1. An
empty (uninstalled) VMware virtual machine is provided on the DVD for this
purpose, but you can as well just use VMware player to create the needed disk files.
The Course 3116 DVD contains an additional SLES 11 SP2 VMware virtual machine
(da2, 172.17.8.102/16) that uses BtrFS for the / file system for use in the snapper
exercise in Section 10.
The following explains how to set up your computer to do the exercises. You have to
do the following:
Version 1
Set Up da-host on page 10
Set Up da1 on page 15
Set Up da2 on page 15
Set Up da-host
da-host is the machine where you work most of the time during the exercises. This
machine will host the da1 VMware virtual machine that you install in Section 1 of the
course.
To install da-host, you can use one of the following methods:
Install da-host Using AutoYaST on page 10
Install da-host Manually on page 11
After that, you have to do the following task:
Install VMware Player on page 14
Install da-host Using AutoYaST
On the course CD in the setup directory, you can find an AutoYaST XML file for
the installation of da-host, called 3116-da-host.xml. Depending on your hosts
hardware, copy the file to another storage device:
Table Intro-2
Copies of da-host.xml
Available Hardware
Storage Location for da-host.xml
2 CD/DVD drives
No copy needed
Floppy disk drive
Copy to floppy disk
USB port
Copy to USB stick or USB hard drive
NFS and DHCP server in your network
Copy into the exported directory on your NFS

server
To install da-host using AutoYaST, do the following:

1.
Be sure there are no data on the server that you still need, because all existing
data on the hard disk will be erased.
2.
Boot the server from the SUSE Linux Enterprise Server 11 SP2 Product DVD. If
your hardware supports it, use the x86_64 DVD, otherwise the DVD for the i586
architecture.
3.
When the installation screen appears, highlight the Installation option by using
the arrow keys.
You have 20 seconds to highlight the option before GRUB boots from the hard
drive.
10
4.
Set the display resolution by pressing F2; then select the display resolution
matching your monitor; it should not be less than 1024x768.
5.
Insert the media containing the file 3116-da-host.xml.
Version 1
Introduction
6.
In the Boot Options field, type the following (depending on the media containing
the 3116-da-host.xml file):
3116-da-host.xml on the course DVD:

autoyast=dvd:///setup/3116-da-host.xml
3116-da-host.xml on a floppy disk:

autoyast=floppy:///3116-da-host.xml
instmode=cd
3116-da-host.xml on a USB device:

autoyast=usb:///3116-da-host.xml
instmode=cd
instmode=cd
3116-da-host.xml on an NFS server:

autoyast=nfs://IP-address/path_to_file/3116-dahost.xml netsetup=dhcp
Then press Enter.

The kernel loads and the SUSE Linux Enterprise Server 11 SP2 installation
begins.
YaST accesses the file 3116-da-host.xml and installs SLES 11 SP2
according to the configuration contained in that file.
7.
(Conditional) If the installation stops at some early point, reset the computer,
restart the installation and try one of the other installation options, like
InstallationACPI Disabled.
Install da-host Manually
To install da-host manually, do the following:

1.
Boot your Workstation with the SUSE Linux Enterprise Server 11 SP2 DVD.
Wait while the machine boots.
2.
When the GRUB installation screen appears, highlight the Installation option by
using the arrow keys.
You have 20 seconds to highlight the option before GRUB boots from the hard
drive.
Version 1
3.
Set the display resolution by pressing F2, then select the display resolution that
matches your monitor. It should not be less than 1024x768.
4.
In the Welcome dialog, do the following:

a.
Make sure that the correct keyboard layout is selected in the Keyboard
Layout menu. If not, select Keyboard Layout and choose your layout.
b.
Select I Agree to the License Terms, then click Next.
5.
In the Media Check, click Next.
6.
From the Installation Mode dialog, make sure that New Installation is selected,
then click Next.
11
7.
Configure your time zone information by doing the following:

a.
From the Clock and Time Zone dialog, select your time zone, then click
Change.
b.
Set the Current Time and Current Date to match your current time and date;
then select Accept.
Time is set according to the 24-hour clock format. The date format is dd/
mm/yyyy.
c.
Click Next.
8.
In the Server Base Scenario dialog, ensure that Physical Machine is selected,
then click Next.
9.
From the Installation Settings dialog, do the following:

a.
Check the suggested partitioning under the Partitioning heading. If it does

not list partition 1 (/dev/sda1) for swap and partition 2 (/dev/sda2) for /
(root), do the following:
i.
Select Partitioning.
The Preparing Hard Disk dialog appears.
ii.
Select your hard disk (the first hard disk entry), then click Next.
iii.
Click Use entire hard disk.
iv.
Make sure none of the Proposal setup settings are selected, then select
Next.
You are returned to the Installation Settings overview dialog.
b.
To install software that is not included in the default selection, do the

following:
i.
Select Software from the Installation Settings dialog.
ii.
Select the following Patterns:

File Server
Mail and News Server
Web and LAMP Server
DHCP and DNS Server
Directory Server (LDAP)
C/C++ Compiler and Tools
Select Accept.
iii.
When prompted to accept software licenses, click Accept.
iv.
When prompted to review the automatic changes, click Continue.

You are returned to the Installation Settings overview dialog.
c.
Click Install.
d.
When prompted to confirm the installation, click Install.

Wait while the initial installation is performed. After the initial installation is
complete, SLES 11 SP2 restarts.
12
Version 1
Introduction
10.
In the Password for the System Administrator root dialog, as password type
novell, then click Next. Confirm the warning by clicking Yes.
11.
In the Hostname and Domain Name dialog type the following information:
Hostname: da-host
Domain Name: digitalairlines.com
Change Hostname via DHCP: Deselect
Assign Hostname to Loopback IP: Deselect
Click Next to continue.

12.
In the Network Configuration dialog, configure your network settings by doing

the following:
a.
From the Network Configuration dialog, beneath the Firewall entry, click on
disable next to Firewall is enabled.
The line will change to Firewall is disabled.
b.
From the Network Configuration dialog, select Network Interfaces >

Hostname/DNS tab.
In the Name Server 1 field, enter 172.17.8.1 and make sure that
digitalairlines.com appears in the Domain Search field, then click OK.
13.
From the Test Internet Connection dialog, select No, Skip This Test, then click
Next.
14.
In the Installation Overview dialog, make sure that Use Following Configuration
is selected.
Under CA Management, make sure that the Server Name is dahost.digitalairlines.com and the E-Mail is postmaster@digitalairlines.com. If
not, select CA Management > Edit Default Settings and correct the Server Name
to da-host.digitalairlines.com and E-Mail to postmaster@digitalairlines.com.
Click Next to return to the Installation Overview dialog.
15.
In the User Authentication dialog, make sure Local (/etc/passwd) is selected,

then click Next.
16.
In the New Local User dialog, enter the following, then click Next
Users Full Name: Geeko Novell
Username: geeko
Password: novell
Confirm Password: novell
Confirm the warning by clicking Yes.

17.
Version 1
In the Release Notes dialog, click Next.
13
18.
In the Hardware Configuration dialog, make sure that the values for Resolution
and Monitor are correct for your hardware, then click Next.
19.
In the Installation Completed dialog, click Finish.

The installation is completed and the SLES 11 login screen appears.
20.
Remove the SUSE Linux Enterprise Server 11 SP2 DVD from your DVD drive.
Install VMware Player
To install VMware Player on da-host, do the following:

1.
Download the VMware Player for Linux software (for i386 or x86_64,
depending on the architecture of SLES 11 SP2 installed on da-host) from
www.vmware.com (http://www.vmware.com/go/downloadplayer/) and copy it to
the /tmp/ directory.
2.
Log in to the graphical desktop as root (password: novell).
3.
Open a terminal and install VMware Player by entering

bash /path/to/VMware-Player-4.x.x-x.arch.bundle
Follow the prompts to install VMware Player.
4.
Create a /vmware directory and make it writable for regular users:

mkdir -m 1777 /vmware
5.
Unpack the da1-3116.zip and da2-3116.zip archives from the setup directory
on the Student DVD:
cd /vmware
unzip /path/to/da1-3116.zip
chown -R geeko: /vmware/3116-da1
unzip /path/to/da1-3117.zip
chown -R geeko: /vmware/3117-da1
6.
On da-host, create the /etc/sysconfig/network/ifcfg-vmnet1 file

with the following content:
BOOTPROTO='static'
STARTMODE='auto'
USERCONTROL='no'
IPADDR='172.17.8.1/16'
7.
To make sure the settings in the file take effect, reboot your computer.
8.
After the reboot, log in as geeko and open a terminal window.
9.
In the terminal window, enter ip a s dev vmnet1.

You should see an output similar to the following:
14
Version 1
Introduction
da-host:~ # ip a s dev vmnet1

6: vmnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast state UNKNOWN qlen 1000
link/ether 00:50:56:c0:00:01 brd ff:ff:ff:ff:ff:ff
inet 192.168.172.1/24 brd 192.168.172.255 scope global
vmnet1
inet 172.17.8.1/16 brd 172.17.255.255 scope global vmnet1
inet6 fe80::250:56ff:fec0:1/64 scope link
valid_lft forever preferred_lft forever
The other address you see in the output above (192.168.172.1/24) is the address
VMware Player assigns to the interface. It is not relevant, as da1 uses a fixed IP
address (172.17.8.101/16) and does not rely on IP addresses being distributed by
VMware Player via DHCP.
Set Up da1
da1 is a SUSE Linux Enterprise Server 11 SP2. This virtual machine is installed in
Exercise 1 of Section 1 and then used in some of the subsequent exercises.
As the machine will be installed as par of an exercise, there is no setup required at
this point beyond the copying of the files described under Install VMware Player
on page 14.
Set Up da2
da2 is a SUSE Linux Enterprise Server 11 SP2 with BtrFS used as the / (root) file
system. This virtual machine is used in Section 10 (but you could also use it as a
replacement for da1 in other Sections if you, for some reason, did not install da1 in
Section 1).
To set up the machine, do the following:
1.
As user Geeko, open the main menu, click More Applications and select System
> VMware Player.
2.
In the End User License Agreement dialog, click Accept.
3.
(Optional) If you are prompted to download available updates, click Cancel.
4.
Click Open an existing Virtual Machine.
5.
Navigate to the /vmware/3116-da2 directory and select 3116-da2.vmx,

then click Open.
6.
Select da2 in the left pane and click Play virtual machine.
When prompted whether you moved or copied the VM, click I copied it.
The virtual machine starts.
7.
Version 1
To change the keyboard layout within the virtual machine from US English to
another one, do the following:
a.
Log in as user geeko (password novell).
b.
Start YaST (root password: novell) and select System > Language.
15
8.
c.
Set Primary Language to your language and select Adapt Keyboard Layout
to your language and click OK.
d.
Close the YaST Control Center
Open a terminal window and ping da-host with the following command:
ping da-host.digitalairlines.com
You should see echo replies.
9.
Shut down da2 until you need it.
Review the Exercise Conventions

When working through an exercise, you will see conventions that indicate
information you need to supply that is specific to your server.
The following describes the most common conventions:
italicized/bolded text: This is a reference to a variable that is unique to your

situation, such as the hostname of your server.
For example, if the hostname of your server is da1, and you see the following,
hostname.digitalairlines.com
then you would enter
da1.digitalairlines.com
172.17.8.xx: This is the IP address that is assigned to your SUSE Linux

Enterprise system.
For example, if your IP address is 172.17.8.101, and you see the following:
172.17.8.xx
then you would enter
172.17.8.101
Select: The word select is used in exercise steps to indicate a variety of actions
including clicking a button on the interface and selecting a menu item.
Enter and Type: The words enter and type have distinct meanings.
The word enter means to type text in a field or at a command line and press the
Enter key when necessary. The word type means to type text without pressing the
Enter key.
If you are directed to type a value, make sure you do not also press the Enter key
or you might activate a process that you are not ready to start.
16
Version 1
SECTION 1
In this section of the workbook, you learn how to do the following:
Install SUSE Linux Enterprise Server 11 SP2 on page 18

In this exercise, you install SUSE Linux Enterprise Server 11 SP2.
Version 1
17
Exercise 1-1

In this exercise, you install a SUSE Linux Enterprise Server 11 SP2 system. Use the
following specifications as a guideline for the installation:
Create the following partitions:
1 GB swap partition.
6 GB for / (You should leave unpartitioned space on the hard disk to add
partitions in later exercises).
Use default software patterns, but add the C/C++ Compiler and Tools pattern.
root password: novell

NOTE: This password is not appropriate for a production environment.
Use a static IP address:
IP address: 172.17.8.101
Network mask: 255.255.0.0
Hostname: da1
Domain name: digitalairlines.com
Name server: 172.17.8.1
Default gateway: none
Use local authentication. Create a geeko user account with a password of novell.
Skip the online update.
To install SLES 11 SP2, do the following:

1.
Insert your SLES 11 SP2 installation DVD into your host workstations DVD
drive.
2.
As user Geeko, open the main menu, click More Applications and select System
> VMware Player.
3.
In the End User License Agreement dialog, click Accept.
4.
(Optional) If you are prompted to download available updates, click Cancel.
5.
Click Open a Virtual Machine.
6.
Navigate to the /vmware/3116-da1 directory and select 3116-da1.vmx,

then click Open.
7.
Select da1 in the left pane and click Play virtual machine.
The virtual machine starts.
8.
When the GRUB installation screen appears, select Installation with the arrow
keys and then press Enter.
Wait while Linux is loaded and the YaST Installation module starts.
18
Version 1
9.
In the Welcome dialog, select your language and your keyboard layout from the
Language and Keyboard Layour drop-down menus
NOTE: Although you can select any available language, the exercises in this manual are
written for English US.
10.
In the same dialog, select I Agree to the License Terms, then click Next.
11.
In the Media Check screen, click Next.

Wait while the system hardware is probed.
12.
In the Installation Mode dialog, select New Installation, then click Next.
13.
In the Clock and Time Zone dialog, select your time zone and deselect Hardware
Clock Set To UTC.
14.
In the Server Base Scenario screen, select Physical Machine, then click Next.
The Installation Settings proposal dialog appears.
15.
Change the partitioning settings by selecting Partitioning.
16.
In the Prepare Hard Disk dialog, select Custom Partitioning (for experts), then
click Next.
17.
Create a swap partition by doing the following:
18.
a.
Under System View, select Hard Disks > sda.
b.
Select Add.
c.
Select Primary Partition, then click Next.
d.
Select Custom Size, then enter a size of 1 GB.
e.
Click Next.
f.
From the File System drop-down list, select Swap.
g.
Add the swap partition by clicking Finish.
Create the root partition by doing the following:

a.
Select Add.
b.
Select Primary Partition, then click Next.
c.
Select Custom Size; then enter a size of 6 GB.
d.
Click Next.
e.
Configure the following options:
f.
Select Ext3 from the File System drop-down list.
Select / from the Mount Point drop-down list.
Add the root partition by clicking Finish.

In the Expert Partitioner, you should now see two partitions, one for swap
with 1 GB and one for / with 6 GB.
Version 1
19
19.
Confirm the partitioning setup and return to the Installation Settings by clicking
Accept.
20.
In the Installation Settings Overview, select Software.
21.
Under Patterns, scroll down as needed and select C/C++ Compiler and Tools.
Click OK to return to the Installation Settings dialog.
If prompted to accept license agreements for packages to be installed, select
Accept.
22.
In the Installation Settings dialog, click Install.
23.
In the confirmation dialog, click Install.

Wait while the disk is partitioned and the packages are installed. This may take
up to 30 minutes to complete, depending on the hardware.
The system will reboot after the software installation.
24.
In the Password for the System Administrator root screen, enter novell in the
password fields.
Confirm the password warning by clicking Yes.
25.
In the Hostname and Domain Name dialog, enter da1 in the Hostname field and
digitalairlines.com in the Domain Name field.
Deselect Change Hostname via DHCP.
Deselect Assign Hostname to Loopback IP.
26.
In the Network Configuration screen under Firewall, click disable next to

Firewall is enabled.
The entry will change to Firewall is disabled.
27.
Select Network Interfaces.
28.
In the Network Settings dialog, select the first detected network card, then click
Edit.
29.
In the Network Card Setup dialog, do the following:
Select Statically Assigned IP Address.
In the IP Address field, enter 172.17.8.101.
In the Subnet Mask field, enter 255.255.0.0.
In the Hostname field, enter da1.digitalairlines.com.
Click Next to return to the Network Settings dialog.

30.
Select the Hostname/DNS tab.

Your hostname and domain name should already be filled. If not, enter a
Hostname of da1 and the Domain Name digitalairlines.com.
20
Version 1
As Name Server 1, enter 172.17.8.1

NOTE: Because this virtual machine runs in host-only mode, it is isolated from the rest of your
network. In a production environment, you would configure a gateway router address.
31.
Return to the Network Configuration dialog by selecting OK.
32.
Continue with the installation by clicking Next.
33.
In the Test Internet Connection dialog, select No, Skip This Test, then click Next.
34.
In the Network Services Configuration, make sure that the values under CA
Management are correct.
If there are incorrect values, correct them by clicking on CA Management > Edit
Default Settings. Correct entries as needed and return to the Network Services
Configuration dialog by clicking Next twice.
35.
In the User Authentication Method screen, select Local (/etc/passwd), then click
Next.
36.
In the New Local User screen, add a user named geeko by entering the following:
Users Full Name: Geeko
User Login: geeko
Password: novell
37.
Create the user by clicking Next.
38.
Confirm the password warning by clicking Yes.
39.
In the Release Notes screen, review the release notes, then click Next.
40.
In the Hardware Configuration dialog, review the settings suggested under

Graphics Cards and correct them as needed, then click Next.
41.
Complete the installation process by clicking Finish.

Wait while an AutoYaST profile is created and the graphical login is loaded.
Log in as geeko (password novell).
42.
(Conditional) If your da-host machine has an Internet connection, you can install
VMware Tools in your SLES 11 virtual machine by doing the following:
a.
In your VMware window, select Virtural Machine > Removable Devices >
CD/DVD > Disconnect.
b.
In your VMware window, select Virtual Machine > Install VMware Tools >
Download and Install > Install.
c.
When prompted for the root users password, enter novell.

A File Browser window opens displaying the files on the VMware Tools
.tgz file.
d.
Version 1
Double-click the .tgz file.
21
In the File Roller window that opens up, select Extract and then select a
directory for the vmware-tools-distrib directory, such as geekos
home directory.
The files will be extracted to the location you specify.
e.
Open a terminal window by right-clicking on the desktop and selecting Open

in Terminal.
In that terminal, change to the root account by entering su - and the
password novell when prompted.
f.
Change into the vmware-tools-contrib directory by entering

cd /home/geeko/vmware-tools-distrib
g.
At the shell prompt, enter ./vmware-install.pl.
h.
Accept the suggested default values by pressing Enter.

Several modules will be compiled.
i.
When prompted to configure your screen resolution, enter the appropriate

menu option for 1024x768.
j.
In your VMware window, select Virtual Machine > Removable Devices >
CD/DVD > Connect to /dev/sr0.
k.
When prompted for the root users password, enter novell and click
Authenticate.
l.
Close the File Browser window.
m.
Reboot the system by entering init 6 at the shell prompt.
(End of Exercise)
22
Version 1
SECTION 2
Manage the Boot Loader on page 24

In this exercise, you practice booting into a shell and modifying /boot/grub/
menu.lst.
Manage Runlevels on page 27

In this exercise, you practice configuring runlevels.
Version 1
23
Exercise 2-1
Manage the Boot Loader

In this exercise, you practice booting into a shell and modifying /boot/grub/
menu.lst.
You enter init=/bin/bash at the boot prompt and modify /boot/grub/menu.lst
to require a password before kernel parameters can be modified. You then test the
new GRUB configuration.
NOTE: This exercise will not work with SUSE Linux Enterprise Server 11 SP2 running on physical
hardware with a USB keyboard. USB drivers are usually loaded late in the init process. If your
machine is equipped with a USB keyboard, you have to add the modules to the initial RAM disk for
this exercise to work.
To do this with a USB keyboard, complete the following steps first:
Find out which USB modules are loaded by entering lsmod in a terminal window. Then start the
YaST Control Center, and select System > /etc/sysconfig Editor. Expand System > Kernel. In
INITRD_MODULES, add the appropriate modules (such as usbhid, uhdi_hcd, and/or ehci_hcd).
Close the dialogs. In a terminal window (as root), enter mkinitrd.
Complete the following:

1.
If your da1 virtual server is suspended, resume it. If it is turned off, turn it on and
continue with Step 6.
2.
If necessary, log in to da1 as geeko (password of novell).
3.
Right-click on the desktop, then select Open in Terminal.
4.
In the terminal window, enter su - followed by a password of novell.
5.
Reboot the system by entering init 6 at the shell prompt.
6.
When the GRUB boot menu is displayed, press Space to stop the timer.
7.
In the Boot Options field, replace the vga=0xxxx option with init=/bin/bash
amd press Enter.
After a few moments, the bash prompt is displayed:
8.
Enter mount to find out if the root (/) partition is mounted writable. If not,
remount the root partition read-writable by entering
mount -o remount,rw,sync /
9.
24
At the shell prompt, enter vi /boot/grub/menu.lst.
10.
Press Ins.
11.
Position the cursor at the beginning of the line starting with gfxmenu.
12.
Comment out the line by inserting a pound sign (#) in front of the line starting
with gfxmenu.
Version 1
13.
To avoid having the password displayed in clear-text in the configuration file,

create an MD5-Hash encrypted password by doing the following within vi:
a.
Add a new, blank line after the gfxmenu line you just commented out.
b.
Press Esc.
c.
Enter :r!
crypt.
echo
-e
secret\nsecret
grub-md5-
This runs an external command from within the vi editor. The echo
command sends the secret and secret text strings to the standard input
of the grub-md5-crypt command.
The grub-md5-crypt command uses these strings as input for its
Password: and Retype Password: prompts. It then encrypts the password.
The output from grub-md5-crypt command is inserted into the file,
including the encrypted password:
# Modified by YaST2. Last modification on Wed Sep 26
10:10:28 CEST 2012
default 0
timeout 8
##YaST - generic_mbr
#gfxmenu (hd0,1)/boot/message
stty: standard input: Invalid argument
Password:
Retype password:
$1$Ihe5r0$4H7xQDaVkzAmL93O7145w0
##YaST - activate
###Don't change this comment - YaST2 identifier: Original
name: linux###
title SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27
root (hd0,1)
kernel /boot/vmlinuz-3.0.13-0.27-pae root=/dev/sda2
resume=/dev/sda1 splash=silent showopts vga=0x317
initrd /boot/initrd-3.0.13-0.27-pae
...
d.
Arrow up to the first line that reads

stty: standard input: Invalid argument.
e.
Type dd to delete the line.
f.
Repeat this process to delete the following lines:

Password:
Retype Password:
g.
Press Ins.
h.
At the beginning of the line with the encrypted password, enter

password --md5.
An example is shown below:
Version 1
25
# Modified by YaST2. Last modification on Wed Sep 26

10:10:28 CEST 2012
default 0
timeout 8
##YaST - generic_mbr
#gfxmenu (hd0,1)/boot/message
password --md5 $1$Ihe5r0$4H7xQDaVkzAmL93O7145w0
##YaST - activate
###Don't change this comment - YaST2 identifier: Original
name: linux###
title SUSE Linux Enterprise Server 11 SP2 - 3.0.13-0.27
...
Your hash value will be different than that shown above.

i.
14.
Save the file by pressing Esc and then entering :wq.
Reset the computer by entering reboot at the shell prompt.

You will notice that the start screen looks different now, because you turned off
the graphical menu.
15.
If you want to edit the kernel command line, press p and then enter a password of
secret.
16.
Select the SUSE Linux Enterprise Server 11 SP2 menu option and press Enter.
Wait while the system boots.
17.
Undo the changes in /boot/grub/menu.lst:

a.
Log in as geeko with a password of novell.
b.
Open a terminal window and su - to root using a password of novell.
c.
At the shell prompt, enter vi /boot/grub/menu.lst.
d.
Press Ins.
e.
Put a comment sign (#) at the beginning of the line beginning with
password.
f.
Remove the comment sign in front of the line starting with gfxmenu.
g.
Save the file and close vi by pressing Esc and entering :wq.
h.
At the shell prompt, enter exit twice.
(End of Exercise)
26
Version 1
Exercise 2-2
Manage Runlevels
In this exercise, you practice configuring runlevels.
This exercise has four parts.
In the first part, you use the runlevel command to determine the current runlevel.
You also use the init command to change to runlevel 3 and then back to 5.
In the second part, you activate the at service atd.
In the third part, you reboot your computer and boot into runlevel 3 instead of the
default runlevel 5. You then log in and switch to back to runlevel 5.
In the fourth part, you activate the rsyncd daemon using the YaST runlevel editor.
Part I: View and Change the Current Runlevel on page 27
Part II: Activate the atd Service on page 28
Part III: Set a Runlevel at Boot Time on page 29
Part IV: Enable rsyncd with YaST on page 30
Part I: View and Change the Current Runlevel

To view and change the current runlevel, do the following:
1.
If necessary, log in to your da1 server as geeko with a password of novell.
2.
3.
Check the previous and current runlevels by entering runlevel at the shell
prompt.
List the runlevels in the table below:
Table 2-1
Runlevels
Previous
Current
Notice that the previous runlevel is listed as N, which means that there was no
previous runlevel set.
4.
Change to runlevel 3 by entering init 3 in the terminal window.

The graphical environment is terminated and you are left at a terminal login
prompt.
5.
Log in as root with a password of novell.
6.
Check the previous and current runlevel by entering runlevel.

List the runlevels in the table below:
Version 1
27
Table 2-2
Runlevels
Previous
7.
Current
Switch to runlevel 5 by entering init 5.

The GUI login screen appears.
8.
Part II: Activate the atd Service

To activate the atd service, do the following:
1.
Open a terminal window.
2.
At the shell prompt, su - to root with a password of novell.
3.
View the current runlevel configuration for atd by entering

chkconfig atd -l
at the shell prompt.
Notice that configuration is off for all runlevels.
4.
Install the service to its predefined runlevels by entering

insserv -d atd
5.
Check the modified runlevel configuration for atd by entering chkconfig

atd -l again.
Notice that the default configuration for atd sets runlevels 2, 3, and 5 to on.
6.
Change to the /etc/rc.d/rc3.d directory by entering

cd /etc/rc.d/rc3.d
7.
List the atd files in the directory by entering ls -l *atd at the shell prompt.
Notice that there are two atd linksone is used to start the atd service and one
is used to kill it:
8.
Start the at service by entering rcatd start at the shell prompt.
9.
Verify that the service is running by entering rcatd status at the shell
prompt.
10.
Switch to virtual terminal 1 by pressing Ctrl+Alt+F1 or by entering chvt 1.

NOTE: If pressing Ctrl+Alt+F1 changes da-host to the first virtual terminal, change back to the
graphical interface by pressing Ctrl+Alt+F7. Then activate the VMware window, press
Ctrl+Alt+Space and, while keeping Ctrl+Alt pressed, release Space and press F1.
11.
28
Press Ctrl+c or Enter to bring up the shell prompt.
Version 1
12.
You should be still be logged in as root. Verify this by entering whoami at the
shell prompt.
13.
Switch to runlevel 1 by entering init 1 at the shell prompt.
14.
When prompted, enter a root password of novell.
15.
Determine if the atd service is running by entering rcatd status at the

shell prompt.
The service is listed as unused because it is not configured to start at runlevel 1.
16.
Switch back to your previous runlevel (5) by entering init 5 at the shell
prompt.
The GUI login screen appears.
17.
18.
Open a terminal session and enter su - to switch to root using a password of

novell.
19.

shell prompt.
The service is listed as running because it is configured to start at runlevel 5.
20.
From the command line, remove the atd service from system startup runlevels
by entering chkconfig atd off.
21.
View the current runlevel configuration for at by entering chkconfig atd l at the shell prompt.
Notice that the service is off for all runlevels.
22.

shell prompt.
The service is listed as running because changing the runlevel configuration with
chkconfig does not affect the status of the respective service. You would need
to stop it manually or reboot the system to stop the atd service.
23.
Re-enable the service to start at the default runlevels by entering chkconfig

atd on at the shell prompt.
Part III: Set a Runlevel at Boot Time

To set a runlevel at boot time, do the following:
Version 1
1.
Reboot by entering init 6 at the shell prompt.
2.
When the GRUB boot menu is displayed, press Space to stop the timer.
3.
In the Boot Options field, add the number 3 at the end of the line.
4.
Press Enter to boot the Linux system to runlevel 3.
5.
When the login prompt appears, log in as root with a password of novell.
6.
Display the current runlevel by entering runlevel at the shell prompt.
7.
Switch to runlevel 5 by entering init 5 at the shell prompt.
29
8.
9.
Switch back to the virtual terminal by pressing Ctrl+Alt+F1.

NOTE: If pressing Ctrl+Alt+F1 changes da-host to the first virtual terminal, change back to the
graphical interface by pressing Ctrl+Alt+F7. Then activate the VMware window, press
Ctrl+Alt+Space and, while keeping Ctrl+Alt pressed, release Space and press F1.
10.
Press Ctrl+c.
11.
Log out as root by entering exit or by pressing Ctrl+d.
12.
Switch back to the graphical user interface by pressing Ctrl+Alt+F7.
Part IV: Enable rsyncd with YaST

To enable rsyncd with YaST, do the following:
1.
In the graphical desktop, select Computer > YaST.
2.
Enter a password of novell.

The YaST Control Center appears.
3.
Select System > System Services (Runlevel).

The System Services (Runlevel): Services dialog appears.
4.
Switch to a more detailed view (with additional options) by selecting Expert

Mode.
5.
Scroll to and select rsyncd.
6.
Below the list, configure this service to start at runlevels 3 and 5 by selecting 3
and 5.
7.
From the Set/Reset drop-down list, select Enable the Service.
8.
Start the rsyncd service by selecting Start Now from the Start/Stop/Refresh
drop-down list.
A status message appears indicating that the service started successfully.
9.
10.
Close the status message by selecting OK.

Stop the rsyncd service by selecting Stop Now from the Start/Stop/Refresh
drop-down list.
A status message appears indicating that the service stopped successfully.
11.
Close the status message by selecting OK.
12.
Save the changes by selecting OK > Yes.
13.
Close the YaST Control Center.
(End of Exercise)
30
Version 1
SECTION 3
Manage Linux Processes on page 32

In this exercise, you start and stop processes and change their priorities.
Version 1
31
Exercise 3-1
Manage Linux Processes

In this exercise, you start and stop processes and change their priorities.
In the first part of the exercise, you start and suspend gcalctool, move it to the
background and foreground, and then stop it.
In the second part, you start gcalctool and set the priority of the running program
to a nice value of -5. Then you start xeyes with a nice value of 10.
Part I: Move Processes to the Background on page 32
Part II: Modify Process Priorities on page 34
Part I: Move Processes to the Background

To move processes to the background, do the following:
1.
If necessary, log in to your da1 virtual workstation as geeko with a password of

novell.
2.
3.
At the command line, display the processes that are currently owned by geeko by
entering
ps -lU geeko (with a lowercase L)
4.
Display the processes that are currently owned by root by entering

ps -lU root (with a lowercase L)
5.
Start the GNOME Calculator program by entering gcalctool at the shell

prompt.
Notice that the terminal is not available to receive new commands because no
command line is displayed. This is because the calculator program is running in
the foreground.
6.
Arrange the calculator window and the terminal window so that you can see them
both; then select the terminal window to activate it.
7.
Suspend the calculator program by pressing Ctrl+z.
8.
Try using the calculator tool to calculate several numbers.

Because its process was suspended, the calculator does not respond.
9.
View the job in the background by entering

jobs
You should see that the gcalctool job is stopped.
10.
View the gcalctool process running from the current terminal by entering
ps -l (with a lower case L)
The process shows a status of T, which indicates that it is being traced or
stopped.
32
Version 1
11.
Resume the calculator program running in the background by entering

bg 1
Notice that the calculator program is running again. Because its running in the
background, you can now use the terminal window to enter other commands.
12.
Verify that the job status is running by entering

jobs
You should see that the gcalctool job is now running.
13.
View the gcalctool branch in the process tree by entering

pstree -p | grep gcalctool
Notice that the gcalctool process is listed at the end of the tree.
14.
Close the calculator program.
15.
Start the calculator in the background by entering

nohup gcalctool &
NOTE: The nohup command runs a command such that it ignores any hangup kill signals
sent to it.
16.
Close the terminal window.

The calculator program remains running.
17.
Open a new terminal window.
18.
Start the top program by entering

top
19.
View only the processes started by root by typing u, then entering root.
20.
Check for the calculator program (gcalctool) listed in top.
21.
(Conditional) If you cannot find the gcalctool program, try maximizing the
terminal window. You can also activate the Calculator window and use it to
calculate several numbers. This should cause the gcalctool process to be
moved near the top of the output in top.
You can also enter F in top and select PID as the sort column. If needed, you can
also reverse the sort order by pressing R.
22.
Record the PID of the gcalctool process:
23.
Exit top by typing q.
24.
View information about the gcalctool process by entering

ps PID_of_gcalctool_process
Version 1
33
25.
Switch to your root user account using the su - command and a password of
novell.
26.
Stop the calculator program and check the status by entering the following
commands:
kill PID_of_gcalctool_process
ps aux | grep gcalctool
27.
Start the xeyes program in the background by entering

xeyes&
28.
Kill the xeyes program by entering

killall xeyes
Part II: Modify Process Priorities

To modify process priorities, do the following:
1.
Switch back to your geeko user by entering exit at the shell prompt.
2.
Start the gcalctool program in the background by entering

gcalctool &
3.
Record the PID for gcalctool (displayed in the terminal window):
4.
View the running process by entering

ps lf
Notice that the nice value (NI) is currently at 0.
5.
Increase the priority of the process to a nice value of -5 by entering

renice -5 -p PID_of_gcalctool_process
Notice that a regular user cannot change the nice value to a value below 0, only
0-20.
6.
Switch to root (su -) with a password of novell.
7.
Try setting the nice value to -5 again by entering

renice -5 -p PID_of_gcalctool_process
8.
Check that the setting is effective by entering

ps lf (lower case L)
Notice that the process is not displayed, because ps lf only displays processes
started by the current user. The calculator program was started by geeko (not
root).
9.
View all processes by entering

ps alf
34
Version 1
The gcalctool process is now displayed.

10.
Change the nice value for the gcalctools process to a higher priority by entering
renice -10 -p PID_of_gcalctools_process
11.
Verify that the gcalctools process nice value is set to -10 by entering
ps alf (with a lower case L)
12.
Exit the shell running as root by entering

exit
You should now be user geeko again.
13.
Start the xeyes program in the background with the nice value of +10 by entering
nice xeyes&
14.
Verify that the xeyes process nice value is set to +10 by entering
ps lf (with a lower case L)
15.
Kill the gcalctools and xeyes processes by entering the following

commands:
kill PID_of_gcalctools_process
killall xeyes
16.
Close your terminal window.
(End of Exercise)
Version 1
35
36
Version 1
SECTION 4
Configure Partitions on your Hard Drive on page 38

In this exercise, you practice creating partitions and file systems with YaST and
fdisk. You also use command line tools to create file systems.
Manage File Systems from the Command Line on page 44

In this exercise, you practice managing file systems from the command line.
Create Logical Volumes on page 48

In this exercise, you learn how to administer LVM with YaST.
Set Up and Configure Disk Quotas on page 51

In this exercise, you learn how to administer quotas.
Version 1
37
Exercise 4-1
Configure Partitions on your Hard Drive

In this exercise, you practice creating partitions and file systems using YaST and
fdisk. You also use command line tools to create file systems.
In the first part of this exercise, you use YaST to create the following partitions and
file systems:
An extended partition using the remaining disk space.
One logical partition with a size of 500 MB, an ext3 file system, and a mount
point of /apps.
One logical partition with a size of 1 GB, a BtrFS file system, and a mount point
of /srv.
In the second part of this exercise, you use fdisk to create the following partitions:
One logical partition of the partition type Win95/FAT32 with a size of 500 MB.
One logical partition of the partition type Linux with a size of 500 MB.
In the third part of this exercise, you create file systems on the partitions you created
in the second part using the applicable options for mkfs:
Create a FAT32 file system on /dev/sda7.
Create an ext2 file system on /dev/sda8.
To do this, you need to complete the following tasks:
Part I: Create Partitions and File Systems with YaST on page 38
Part II: Partition Manually with fdisk on page 40
Part III: Manage File Systems from the Command Line on page 42
Part I: Create Partitions and File Systems with YaST

To create partitions and file systems with YaST, do the following:
1.
If your da1 virtual machine is not running, start or resume it.
2.
If necessary, log into da1 as geeko with a password of novell.
3.
Open a terminal window and use the su - command to switch to your root
account using a password of novell.
4.
At the shell prompt, enter yast2 disk.

A warning message appears.
5.
Continue by clicking Yes.

After a few moments, the Expert Partitioner dialog appears.
6.
38
Create an extended partition with YaST by doing the following:

a.
From the System View, expand Hard Disks.
b.
Highlight sda, then click Add.
c.
For the New Partition Type, select Extended Partition; then click Next.
Version 1
d.
Make sure Maximum Size is selected; then click Finish.

You are returned to the Expert Partitioner dialog, with the extended partition
listed as a new entry for your hard disk.
7.
Create a new ext3 partition with YaST:

a.
Click Add.
The Add Partition on /dev/sda dialog is displayed.
b.
Verify that Custom Size under New Partition Size isselected.
c.
In the Size field, enter 500 MB, then click Next.

The Add Partition on /dev/sda dialog now offers Formatting Options and
Moutning Options.
d.
Set the File system type to Ext3.
e.
Under Mounting Options, select Mount Partition.
f.
For the Mount Point, enter /apps.
g.
Create the partition definition by clicking Finish.

You are returned to the Expert Partitioner dialog where the new partition is
added to the list.
The asterisk (*) after the mount point indicates the file system is not
currently mounted.
8.
Create a partition for the /srv directory:

a.
With the sda disk selected, click Add.
b.
With Custom Size selected, enter 1 GB in the Size field, then click Next.
c.
In the File System drop-down list, select BtrFS.
d.
(Conditional) If a dialog informs you that the btrfsprogs package needs to

be installed, make sure the SLES 11 SP2 installation media is available and
click Install.
e.
Under Mounting Options, select Mount partition.
f.
For the Mount Point, enter /srv.
g.
Click the Subvolume Handling button.

The Subvolume Handling dialog appears.
h.
i.
In the New Subvolume field enter @/www and click Add new.
In the New Subvolume field enter @/ftp and click Add new.
Click OK to close the Subvolume Handling dialog.
j.
Add the /srv partition by clicking Finish.

You are returned to the Expert Partitioner dialog where the new partition is
added to the list.
9.
Add the new partitions to the hard drive by clicking Next.

A Summary dialog shows a summary of the changes.
Version 1
39
10.
Select Finish.
This commits the changes to disk and closes the Expert Partitioner dialog.
11.
In the terminal window where you are logged in as root, verify that the new
partitions have been mounted by entering mount.
You should see the following lines:
/dev/sda5 on /apps type ext3 (rw,acl,user_xattr)
/dev/sda6 on /srv type btrfs (rw)
12.
The previous contents of the /srv directory are no longer visible as it is

currently used as the mount point for the /dev/sda6 partition.
To copy the existing contents of the directory to the new partition, do the
following:
a.
Unmount /dev/sda6 by entering

umount /srv
b.
Mount the partition /dev/sda6 under /mnt by entering

mount /dev/sda6 /mnt
c.
Move the content of /srv/www to /mnt/www by entering:

mv /srv/www/* /mnt/www
(The www and ftp directories you see under /mnt are the subvolumes you
created with YaST in Step 8 on page 39)
d.
Remove the /srv/www and /srv/ftp directories by entering

rmdir /srv/www /srv/ftp
e.
Umount /mnt and mount /dev/sda6 again, using the entries in /etc/
fstab
umount /mnt
mount -a
f.
Verify that the files you moved are available again under /srv/www by
entering
ls
13.
/srv/www
Verify that the appropriate entry was added to the /etc/fstab for the new
partitions by entering:
cat /etc/fstab
Part II: Partition Manually with fdisk

To partition manually from the command line with fdisk, do the following:
1.
In the terminal window where you are logged in as root, start the utility fdisk
to modify the first hard disk on your server by entering
fdisk /dev/sda
2.
40
View the current partition table in fdisk by entering p.
Version 1
Notice that there are five partitions defined on sda:

Command (m for help): p
Disk /dev/sda: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders, total 20971520
sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c59c0
Device Boot
/dev/sda1
/dev/sda2
*
/dev/sda3
/dev/sda5
/dev/sda6
Start
2048
2105344
14684160
14686208
15730688
End
2105343
14684159
20971519
15728639
17831935
Blocks
1051648
6289408
3143680
521216
1050624
Id
82
83
f
83
83
System
Linux s
Linux
W95 Ex
Linux
Linux
Command (m for help):

3.
Create a new 500MB Win95 FAT32 logical partition in the extended partition
you created earlier by doing the following:
a.
Create a new partition by entering n.
b.
Enter l (lower case L) for logical.
c.
Accept the default first cylinder by pressing Enter.
d.
Indicate the partition size by entering +500M.
e.
Change the partition type to Win95 FAT32 by entering t (for type).
f.
Enter 7 to select the partition you just created.
g.
When prompted for a Hex code, enter b for W95/FAT32.
h.
Verify the new partition configuration by entering p.

Notice that the /dev/sda7 partition has been added to the partition table.
4.
Create another logical partitions with a partition type of Linux (the default) by
doing the following:
a.
Create a new partition by entering n.
b.
Enter l (lower case L) to create a logical partition.
c.
Accept the default first cylinder by pressing Enter.
d.
Specify a partition size of 1 GB by entering +500M.
e.
Verify the new partition configuration by entering p.

Notice that the /dev/sda8 partition has been added to the partition table.
5.
Write the new partition table to your hard drive and exit fdisk by entering w.
6.
View the current partition table used by the kernel by entering

cat /proc/partitions
Notice that the 2 new partitions you just created arent listed.
Version 1
41
7.
8.
To access the new partitions, you must update the kernels partition table stored
in memory. Do one of the following:
Have the kernel update its partition table by entering partprobe.
Reboot the system by entering reboot.
View the partition table again by entering

cat /proc/partitions
Part III: Manage File Systems from the Command Line

To manage file systems from the command line, do the following:
1.
In the terminal window where you are logged in as root, create the following file
systems:
a.
Create a new FAT32 file system on /dev/sda7 and give it the label data1
by entering the following:
mkfs.msdos
-n
data1
/dev/sda7
The following message should be displayed:

mkfs.msdos 2.11 (12 Mar 2005)
This confirms the file system was created.

NOTE: Make sure you specify the correct device in the above command! If you specify
the wrong device, no warning message will be displayed and the file system on the device
will be overwritten.
b.
Create a new ext2 file system on /dev/sda8 with verbose output by

entering the following:
mkfs -t ext2 -v /dev/sda8
Notice that by adding the option -v, extensive information about the new
file system is displayed.
2.
Create the directories named data1 and data2 under /export/ by entering
mkdir -p /export/data{1,2}
3.
Verify that the directories were created by entering

ls -l /export
4.
As root, add entries to the /etc/fstab file for the new file systems:
a.
Open the file /etc/fstab in the vi editor by entering vi /etc/fstab

b.
Press Ins.
c.
At the end of the file fstab, add the following new lines:
/dev/sda7
/dev/sda8
42
/export/data1
/export/data2
vfat
ext2
defaults
defaults
1 2
1 2
Version 1
These new entries ensure the sda7 and sda8 partitions are mounted when
starting or rebooting the system.
d.
5.
Save the changes to /etc/fstab by pressing Esc and then entering :wq.
In the terminal window, reread the /etc/fstab file and mount all of the new
file systems by entering
mount -a
6.
View the information on the mounted file systems by entering the following two
commands:
mount
cat /proc/mounts
You should see entries for the two new partitions you just created.
(End of Exercise)
Version 1
43
Exercise 4-2
Manage File Systems from the Command Line

In this exercise, you practice managing file systems from the command line.
In the first part of this exercise, you run e2fsck on the ext3 file system you created on
/dev/sda5 in the previous exercise, which is mounted under /apps.
In the second part of the exercise, you convert the /dev/sda8 partition to an ext3
file system by adding a journal. You also add a label to it.
Part I: Run e2fsck on page 44
Part II: Customize the File Systems on page 44
Part I: Run e2fsck

To run e2fsck, do the following:
1.
If if your da1 virtual machine is stoped or suspended, start it.
2.
3.
Open a terminal session and switch to your root user account by entering su followed by a password of novell at the shell prompt.
4.
Unmount the file system on /dev/sda5 by entering

umount /apps
5.
Verify that the file system is no longer mounted by entering

mount
The /dev/sda5 partition should not be listed in the output of the mount
command.
6.
Start a file system check on /dev/sda5 running in verbose mode with an

automatic response of yes to all prompts by entering
e2fsck -f -y -v /dev/sda5
7.
Mount the /apps file system again by entering

mount /apps
8.
Verify that the file system on /dev/sda5 is mounted by entering

mount
Part II: Customize the File Systems

In this part of the exercise, you add a journal to an ext2 file system, effectively
making it an ext3 file system. Complete the following:
1.
Modify the /dev/sda8 partition:

a.
In the terminal window, umount the /dev/sda8 partition and view details
about the ext2 file system on it by entering
umount /dev/sda8
44
Version 1
dumpe2fs /dev/sda8 | more

Notice the Filesystem features and the Filesystem state.
b.
While the file system is unmounted, give the ext2 file system a volume name
of /export/data2 by entering
tune2fs -L /export/data2 /dev/sda8
NOTE: It is common practice to use this naming convention. Naming a file system after
its mount point can be useful in system rescue situations when the /etc/fstab file is
not available.
c.
Verify that the file system now has a volume name by entering
dumpe2fs /dev/sda8 | less
You should see that the Filesystem volume name has been set to the
partitions mount point, /export/data2.
d.
Add a journal to the file system (making it an ext3 file system) by entering
tune2fs -j /dev/sda8
e.
Verify that the file system now contains a journal by entering

The Filesystem features line should now contain an entry has_journal.
f.
Mount /dev/sda8 again by entering

mount /dev/sda8
g.
View information on the mounted file systems by entering

mount
Notice that the file system is still mounted as an ext2 file system.
h.
Unmount the partition /dev/sda8 again by entering

umount /dev/sda8
i.
Verify that the file system state is clean by entering

j.
Edit the /etc/fstab file to change the file system type from ext2 to ext3
by entering vi /etc/fstab at the shell prompt.
k.
Press Ins.
l.
Locate the entry for /dev/sda8 and change the file system type from ext2
to ext3, as in the following:
/dev/sda8
Version 1
/export/data2
ext3
defaults
1 2
m.
Press Esc, then enter :exit to save the changes to the file and exit the vi
editor.
n.
At the command line, reread /etc/fstab and mount the partition as an

ext3 file system by entering
45
mount -a
o.
Verify the change by entering

mount
You should see that /dev/sda8 has been mounted as an ext3 file system.
p.
Unmount the partition /dev/sda8 again by entering

umount /export/data2
q.
Mount the partition as an ext2 file system manually by entering

mount -t ext2 /dev/sda8 /export/data2
r.
Verify that the file system is mounted without a journal (as an ext2 file
system) by entering
mount
As you can see, ext3 is backward compatible with ext2.
s.
Remount /dev/sda8 as an ext3 file system and verify the change by

entering the following commands:
umount /export/data2
mount -a
mount
2.
Create a snapshot for the /srv/www/ subvolume by doing the following:

a.
Create a before_snapshot.html file in /srv/www/htdocs by

entering
touch /srv/www/htdocs/before_snapshot.html
b.
Create a read-only snapshot for the /srv/www subvolume by entering

cd /srv
btrfs subvolume snapshot -r www www-snapshot
c.
List the existing snapshots by entering

btrfs subvolume list
d.
Try to create a file in the /srv/www-snapshot/htdocs/ directory by

entering
touch /srv/www-snapshot/htdocs/file
You should see a message that touch cannot create the file on a read-only
file system.
e.
Create a after_snapshot.html file in /srv/www/htdocs by

entering
touch /srv/www/htdocs/after_snapshot.html
f.
View the content of the /srv/www-snapshot/htdocs directory by entering

ls /srv/www-snapshot/htdocs
46
Version 1
You should see the before_snapshot.html file, but not the

after_snapshot.html file.
You could back up the snapshot htdocs directory now without changes to the
original htdocs directory interfering with the backup.
g.
Delete the snapshot by entering

btrfs subvolume delete www-snapshot
Snapshots are actually specialized subvolumes and can be deleted like any
subvolume with with the btrfs subvolume delete command.
(End of Exercise)
Version 1
47
Exercise 4-3
Create Logical Volumes

In this exercise, you learn how to administer LVM with YaST.
In the first part of this exercise, you use YaST to create two physical volumes (PVs)
with a size of 1 GB each. You then add them to a volume group (VG) named projects.
Within the volume group, you next add two logical volumes named pilot (750 MB)
and production (300 MB) which will be mounted under /projects/pilot and /
projects/production, respectively.
In the second part of the exercise, you increase the size of the logical volume
production to the maximum space available within the volume group.
Part I: Create LVM Physical Volumes, a Volume Group, and Logical Volumes
on page 48
Part II: Resize an LVM Volume on page 50
Part I: Create LVM Physical Volumes, a Volume Group, and Logical

Volumes
To create LVM Physical Volumes, a Volume Group, and Logical Volumes, do the
following:
1.
If your DA1 virtual machine is suspended or stoped, start it.
2.
3.
Start YaST by selecting Computer > YaST and entering a password of novell,
when prompted.
4.
Select System > Partitioner and acknowledge the warning message by selecting
Yes.
The Expert Partitioner dialog appears.
5.
6.
Create a new LVM partition by doing the following:

a.
From the System View, expand Hard Disks.
b.
Highlight sda; then click Add.
c.
Verify Custom Size is selected; then enter 1 GB in the Size field.
d.
Click Next.
e.
Under Formatting Options, select Do not format partition.
f.
Under File System ID, select 0x8E Linux LVM.
g.
Save the partition definition by selecting Finish.
Create another 1 GB LVM partition by repeating the preceding step.

You should now have two 1 GB LVM partitions.
7.
48
From the System View, select Volume Management; then click Add > Volume
Group.
Version 1
8.
9.
10.
Specify the following:
Volume Group Name: projects
Physical Extent Size: 4 MB
Add each Linux LVM physical volume to the volume group projects by Ctrlclicking /dev/sda9 and /dev/sda10 and then clicking Add.
Click Finish.
The Volume Management dialog appears displaying the newly added volume
group.
11.
Add a logical volume named pilot to the projects volume group by doing the
following:
a.
With Volume Management selected in the System View, select Add >
LogicalVolume.
The Add Logical Volume dialog appears.
12.
b.
Enter a Logical Volume name of pilot, then click Next.
c.
Select Custom Size and enter 750 MB in the Size field, then click Next.
d.
In the File System drop-down list, select Ext3.
e.
Select Mount Partition, then enter a mount point of /projects/pilot.
f.
Select Finish.
Add a logical volume named production to the projects volume group by doing
the following:
a.
With Volume Management selected in the System View, select Add >
LogicalVolume.
The Add Logical Volume dialog appears.
b.
Enter a Logical Volume name of production, then click Next.
c.
Select Custom Size and enter 750 MB in the Size field, then click Next.
d.
In the File System drop-down list, select Ext3.
e.
Select Mount Partition, then enter a mount point of /projects/production.
f.
Select Finish.
You are returned to the Expert Partitioner.
13.
In the Expert Partitioner, click Next.

A Summary appears; accept the changes by clicking Finish.
14.
Open a terminal window and use the su - command and a password of novell
to switch to root.
15.
View the new LVM file systems by entering

df -h
You should see /dev/mapper/projects-pilot and /dev/mapper/projects-production
entries in the output.
Version 1
49
16.
View the device names and mount locations by entering

cat /etc/fstab
Part II: Resize an LVM Volume

To resize a LVM Volume, do the following:
1.
In the terminal window where you are logged in as root, enter

umount /projects/production.
2.
From the YaST Control Center, select System > Partitioner and acknowledge the
warning message by selecting Yes.
The Expert Partitioner dialog appears.
3.
From the System View, expand Volume Management.
4.
Expand projects and select production, then click Resize.

The Resize Logical Volume dialog appears.
The current size of the volume is listed under Size.
5.
Select Maximum Size.
6.
Continue by clicking OK.
7.
Save the changes by clicking Next, then apply the changes by clicking Finish.
8.
From the terminal window, view the new size of production by entering
df -h
(End of Exercise)
50
Version 1
Exercise 4-4
Set Up and Configure Disk Quotas

In this exercise, you learn how to administer quotas.
You install the quota package and then configure quotas for /dev/sda8, which is
mounted at /export/data2.
1.
If your da1 virtual machine is suspended or stopped, start it.
2.
3.
Open a terminal window; then switch to root using the su - command and a
password of novell.
4.
Install the quota package by entering yast -i quota.
5.
(Conditional) Insert the SLES 11 SP2 installation DVD, if prompted.
6.
View the disk quota configuration for user geeko by entering

quota -vu geeko
The lack of any output indicates there are no quotas currently configured for
geeko.
7.
Add quota mount options to the /dev/sda8 partition by doing the following:
a.
Open the /etc/fstab file in the vi editor by entering

vi /etc/fstab
b.
Press Ins and arrow down to the /dev/sda8 entry.
c.
Edit the /dev/sda8 entry to the following:

/dev/sda8
/export/data2
defaults,usrquota,grpquota
d.
8.
ext3
1 2
When you finish, press Esc, then save the file and exit by entering :wq.
Remount the file system so it that the changes in the /etc/fstab file are read
by the system by entering
mount -o remount /dev/sda8
NOTE: If you receive the error message /export/data2 mounted already, or bad option, check
the contents of the /etc/fstab file. You might have misspelled the usrquota or
grpquota option.
9.
Run quotacheck to initialize the quota database by entering

quotacheck -mavug
NOTE: You will receive several status messages about old quota files. These indicate that this
is a new quota database with no previous quota database files on the system.
Version 1
51
10.
Verify that the aquota.user and aquota.groups files exist in the /

export/data2 directory by entering
ls -l /export/data2
11.
Turn quotas on for all file systems that are mounted with these options by
entering
quotaon -av
12.
Make the quota system persistent after reboot by entering

insserv boot.quota
13.
Set a quota for geeko with a soft block limit of about 20 MB and a hard block
limit of about 30 MB on /dev/sda8 by entering
edquota -u geeko
The quota editor appears in the vi editor.
14.
Press Ins.
15.
Under soft, remove the 0 and enter 20000.
16.
Under hard, remove the 0 and enter 30000.
17.
When youre finished, press Esc, then enter :wq.
18.
View the quota information about all configured users by entering

repquota -av
You should see the following the values for geeko that you just entered.
19.
(Optional) If you finish early, set a quota for the users group of 100 MB for the
soft limit and 150 MB for the hard limit.
20.
Test if the quotas by doing the following:

a.
As root, create a directory named /export/data2/geeko and change

the owner to geeko by doing the following:
mkdir /export/data2/geeko
chown geeko.users /export/data2/geeko
b.
Change to the user account geeko and create a file by entering

su - geeko
dd if=/dev/zero of=/export/data2/geeko/bigfile
After a short time, you should see a message indicating the quota was
exceeded.
21.
Close all open windows.
(End of Exercise)
52
Version 1
SECTION 5
Configure the Network Connection Manually on page 54

In this exercise, you learn how to configure the network manually.
Version 1
53
Exercise 5-1
Configure the Network Connection Manually

In this exercise, you learn how to configure the network manually.
In the first part, you use the ip command to find out the current settings for IP
address, routes, and mac address.
In the second part, you use YaST to delete the current network configuration.
In the third part, you use the ip command to set up the network manually.
In the fourth part, you recreate the file noted in Part I using an editor.
Part I: Note the Current Network Configuration on page 54
Part II: Delete the Current Network Setup with YaST on page 54
Part III: Configure the Network Manually on page 55
Part IV: Save the Network Connection to an Interface Configuration File on

page 55
Part I: Note the Current Network Configuration

To note the current network configuration, do the following:
1.
If necessary, power on your da1 virtual server and log in as geeko with a
password of novell.
2.
3.
Enter ip address show eth0.
4.
Under eth0, find the line starting with inet and record the IP address with the
subnet mask displayed in that line:
5.
IP address:
Subnet mask:
Enter ip route show.

Notice that a default gateway has not been assigned.
6.
Enter ip link show eth0.
7.
Find the line starting with link/ether and record the MAC address of the
network card:
MAC address:
Part II: Delete the Current Network Setup with YaST

To delete the current network setup with YaST, do the following:
54
1.
Start YaST; then select Network Devices > Network Settings.
2.
Select your network card, then click Delete.
3.
Click OK.
Version 1
4.
Close YaST.
5.
Verify that the network connection is not working any more by pinging your host
systems vmnet1 virtual network interface. Enter the following at the shell
prompt:
ping 172.17.8.1
You should see a message indicating that the network is unreachable.
6.
Enter ip address show at the shell prompt.

Note that the state of your eth0 device is DOWN.
Part III: Configure the Network Manually

To configure the network manually, do the following:
1.
Enter the following command at the shell prompt:

ip address add IP_address/Netmask_from_PartI brd + dev
eth0
2.
To activate the network device, enter

ip link set eth0 up
3.
To set the default route, enter

ip route add default via 172.17.8.1
4.
Verify that the network connection is working again by entering

ping 172.17.8.1
You should see your host system respond to the ping.
Part IV: Save the Network Connection to an Interface Configuration

File
To save the network connection to an interface configuration file, do the following:
1.
In the terminal window, enter

cd /etc/sysconfig/network
2.
Make a copy of the network configuration template by entering

cp ifcfg.template ifcfg-eth0
Version 1
3.
Open the copied file in a text editor by entering vi ifcfg-eth0 at the shell
prompt.
4.
Press Ins.
5.
Find the following options and enter the indicated values:
STARTMODE='auto'
BOOTPROTO='static'
IPADDR='172.17.8.101/16'
55
NETMASK=255.255.0.0
BROADCAST=172.17.255.255
Change BRIDGE=yes to BRIDGE=no
6.
Press Esc, then save the file and exit vi by entering :wq.
7.
Create a new file with vi called routes by entering vi routes at the shell
prompt.
8.
Press Ins, then add the following line to the file:

default
9.
10.
172.17.8.1
Press Esc; then save the file and exit vi by entering :wq.
Reboot your system by entering init 6 at the shell prompt.
Wait while the system reboots.
11.
After rebooting, log in as geeko with a password of novell.
12.
13.
Change to root using the su - command and a password of novell.
14.
Verify that the network configuration loaded correctly by entering the following
commands:
ip address show eth0
ip route show
15.
Verify that the network connection is working properly by entering

ping 172.17.8.1
16.
NOTE: If the network configuration doesnt work properly, use the YaST Network Settings module
to reconfigure the network card with the proper settings.
(End of Exercise)
56
Version 1
Manage Hardware
SECTION 6
Manage Hardware
In this section of the workbook, you can find the following exercises:
Manage Linux Kernel Modules on page 58

In this exercise, you load and unload kernel modules.
Obtain Hardware Configuration Information in YaST on page 59

In this exercise, you learn how to obtain hardware configuration information on
your computer.
Modify udev Rules on page 60

In this exercise, you will modify a udev rule to rename your Ethernet interface.
Version 1
57
Exercise 6-1
Manage Linux Kernel Modules

In this exercise, you load and unload kernel modules.
Unload the joydev kernel module, then load it again.
1.
password of novell.
2.
Open a terminal window, then switch to the root user by entering su - followed
by a password of novell.
3.
View the currently loaded kernel modules by entering lsmod at the prompt.
4.
Scroll through the modules to see if the joystick module (joydev) is loaded. If its
difficult to locate in the output, you can enter lsmod | grep joydev at the
shell prompt.
The 0 in the Used column indicates that the module is not in use.
NOTE: If the joydev module is not listed, skip to step Step 7 on page 58.
5.
Remove the joystick module from the kernel memory by entering

rmmod joydev
6.
Verify that the joydev kernel module was removed from memory by entering
lsmod | grep joydev at the shell prompt.
Notice that the module joydev is no longer listed.
7.
Load the joystick kernel module by entering

modprobe joydev
8.
Verify that the joydev kernel module is loaded in memory by entering lsmod |
grep joydev at the shell prompt.
9.
View the kernel modules configuration by entering modprobe -c | less at

the shell prompt.
10.
Scroll through the module configuration information by pressing Space.
11.
When you have finished, return to the command line by typing q.
12.
Create a list of kernel modules dependencies by entering

depmod -v | less
Wait a few moments for the information to be generated.
13.
Scroll through the dependency information by pressing Space.
14.
When you have finished, return to the command line by typing q.
15.
Close the terminal window by entering exit twice.
(End of Exercise)
58
Version 1
Manage Hardware
Exercise 6-2
Obtain Hardware Configuration Information in YaST

In this exercise, you obtain hardware configuration information about your computer.
1.
password of novell.
2.
Select Computer > YaST.
3.
4.
Select Hardware > Hardware Information.

Wait while the YaST module scans your hardware. This may take several
minutes. When complete, the Hardware Information dialog appears.
5.
Review the results of the hardware detection.
6.
Save the results to a file by doing the following:

a.
Click Save to File.
b.
Browse to the root users home directory (/root).
c.
In the File Name field, enter hardware.txt.
d.
Click Save.
e.
Wait while the file is saved. This make take several minutes to complete.
7.
Close the Hardware Information window by clicking Close.
8.
9.
View the information saved in the hardware.txt file by doing the following:
10.
a.
b.
Switch to your root user account by entering su - at the shell prompt,

followed by a password of novell.
c.
At the shell prompt, enter less hardware.txt.
d.
Use the Spacebar to browse through the results.
e.
When finished, press q to exit.
(End of Exercise)
Version 1
59
Exercise 6-3
Modify udev Rules

In this exercise, you modify a udev rule to rename your Ethernet interface.
Modify the udev rule in /etc/udev/rules.d/70-persistentnet.rules to rename your eth0 interface to eth1.
1.
password of novell.
2.
Open a terminal window and switch to the root user account by entering su followed by a password of novell.
3.
At the shell prompt, enter cd /etc/udev/rules.d.
4.
Open the 70-persistent-net.rules file in the vi editor by entering

vi 70-persistent-net.rules
5.
Press Ins.
6.
Locate and scroll down to the line that sets the name of your network interface to
eth0.
7.
Change the NAME= eth0 parameter to NAME=eth1.
8.
Press Esc.
9.
Save your changes and exit the editor by entering :exit at the shell prompt.
10.
Reboot your da1 virtual server by entering init 6 at the shell prompt.
11.
Wait for your default GRUB menu item to be selected to start the boot process.
12.
When the system starts to boot, press Esc so you can view your systems boot
messages.
You should see a message indicating eth0 is being renamed to eth1 by udev.
You should also see a message indicating the eth1 interface has not been
configured. This happens because there is no configuration for eth1 in /etc/
sysconfig/network/.
13.
As these messages may scroll by too fast to see them easily, you can find the
udev message by doing the following:
a.
When the system has rebooted, log in as geeko with a password of novell.
b.
Open a terminal window and su - to root (password novell).
c.
In the terminal window, enter less /var/log/boot.msg and enter /

udev. Press n to get to the next instance of the search string. Quit less by
pressing q.
14.
At the shell prompt, enter cd /etc/udev/rules.d.
15.
Open the 70-persistent-net.rules file in the vi editor by entering

vi 70-persistent-net.rules
60
Version 1
Manage Hardware

16.
Press Ins.
17.
Change the NAME= eth1 parameter back to NAME=eth0.
18.
Press Esc.
19.
Save your changes and exit the editor by entering :exit at the shell prompt.
20.
Reboot your da1 virtual server by entering init 6 at the shell prompt.
21.
Wait for your default GRUB menu item to be selected to start the boot process.
22.
When the system starts to boot, press Esc so you can view your systems boot
messages.
23.
Verify that your network interface is now named eth0 and that the appropriate
network configuration parameters are applied.
(End of Exercise)
Version 1
61
62
Version 1
SECTION 7
Practice Using OpenSSH on page 64

In this exercise, you learn how to establish SSH connections between computers.
Perform Public Key Authentication on page 66

In this exercise, you practice using SSH with public key authentication.
Use Remote Administration on page 68

In this exercise, you configure remote administration.
Use Nomad on page 71

In this exercise, you configure remote desktop sharing using Nomad.
Version 1
63
Exercise 7-1
Practice Using OpenSSH

In this exercise, you learn how to establish SSH connections between computers.
You will run the SSH client on your da-host workstation and the SSH server on your
da1 virtual machine.
Perform the following tasks:
Log in remotely to your da1 server as root.
Remotely execute the ps aux command on da1 without logging in to the server.
Copy the /etc/hosts file from da1 to your /tmp directory.
Copy the /etc/hosts file from your da-host workstation to the home
directory of geeko on da1.
Using sftp, copy the /bin/date file from da1 to /home/geeko on your
workstation.
Do the following:
1.
If necessary, power on both your da1 virtual machines.
2.
Log in to da1 from da-host by doing the following:

a.
Right-click the da-host desktop and select Open in Terminal.
b.
At the command line, enter

ssh -l geeko da1.digitalairlines.com
c.
When prompted to continue, enter yes.
d.
When prompted, enter a password of novell.

You are now logged in to the da1 server as geeko.
e.
3.
Log out by entering exit.
Check the processes running on the da1 server by entering the following at the
shell prompt of your da-host workstation:
ssh -l geeko da1.digitalairlines.com ps aux
4.

A list of all processes currently running on da1 is displayed.
5.
Copy the /etc/hosts file on your da1 server to the /tmp directory on your
workstation by entering the following at the workstation shell prompt:
scp geeko@da1.digitalairlines.com:/etc/hosts /tmp/
6.
7.
At the shell prompt, enter ls /tmp.

You should see the hosts file from the da1 server in your /tmp directory.
8.
64
Copy the /etc/hosts file on your workstation to geekos home directory on

your da1 server by entering the following:
Version 1
scp /etc/hosts geeko@da1.digitalairlines.com:

9.
10.

Verify that the file was copied by doing the following:
a.
Switch to your da1 server.
b.
If necessary, log in as geeko with a password of novell.
c.
Double-click the geekos Home icon on the desktop.

You should see the hosts file from the workstation in the geeko users home
directory.
d.
11.
Switch back to your workstation.
Use sftp to connect to your da1 server as geeko by entering:

sftp geeko@da1.digitalairlines.com
12.
13.
Copy the /bin/date program file from the da1 server to geekos home
directory on your workstation by entering:
get /bin/date /home/geeko/
14.
Quit sftp by entering exit.
15.
At the shell prompt, enter ls /home/geeko.

Verify that the date program has been copied to the geeko users home
directory.
16.
Close all open windows on your da-host workstation and your da1 virtual
machine.
(End of Exercise)
Version 1
65
Exercise 7-2
Perform Public Key Authentication

In this exercise, you practice using SSH with public key authentication.
You use your da-host and da1 systems to complete this exercise.
First, you create an ssh-key pair on da-host. Then you add the public key to the
~geeko/.ssh/authorized_keys file on your da1 server and note the
difference between logging in with and without a public key.
You then use ssh-agent to cache the private key and log in again to your da1
server as geeko. Finally, you change the server configuration to allow only public key
authentication.
1.
If necessary, power on your da1 virtual machine.
2.
On your da-host workstation, open a terminal window.
3.
Generate an RSA key pair by doing the following:

a.
At the terminal window, enter ssh-keygen -t rsa.
b.
Accept the default location for the key (/home/geeko/.ssh/id_rsa)

by pressing Enter.
c.
When prompted, enter a passphrase of secret.

Information about your key pair, such as the location of your identification
and the public key, is displayed.
4.
Add the RSA public key to the geeko users ~/.ssh/authorized_keys file
on da1 by doing the following:
a.
Copy the file to the home directory of geeko on the da1 server by entering
the following:
scp ~/.ssh/id_rsa.pub
geeko@da1.digitalairlines.com:
b.
c.
Using ssh, log in as geeko to your da1 server by entering

d.
e.
Enter ls -al.
f.
If an .ssh directory does not exist, then create it by entering

mkdir .ssh
g.
Append the public key to the ~/.ssh/authorized_keys file by

entering (the file will be created if it does not exist yet):
cat id_rsa.pub >> .ssh/authorized_keys
66
5.
Log out from the da1 server by entering exit.
6.
Using ssh, log in to your da1 server as geeko by entering
Version 1

You are prompted for a password to unlock the private key.
7.
Log in by entering secret; then log out by entering exit.
8.
To track authentication, start the ssh-agent by entering ssh-agent

bash.
9.
Add your private key to the agent for authentication by entering

ssh-add ~/.ssh/id_rsa
10.
When prompted, enter a passphrase of secret.
11.
Using ssh, log in as geeko to your da1 server by entering

This time you are not prompted for a password or passphrase.
12.
Switch to user root on da1 by entering su - followed by a password of novell.
13.
At the shell prompt, enter vi /etc/ssh/sshd_config.
14.
Do the following:
a.
Enter /PasswordAuthentication to locate the

PasswordAuthentication line.
b.
Make sure it is set to no.
c.
Enter /UsePAM to locate the UsePAM line.
d.
Press Ins.
e.
Change the value of UsePam from yes to no.
f.
Press Esc.
g.
Enter :exit to save the file and close the editor.
15.
Restart sshd by entering rcsshd restart.
16.
Enter ssh geeko@localhost.
17.
When prompted to continue connecting, enter yes.

You should see an error message and no prompt for a password.
18.
Using the vi editor, undo the changes made in Step 14 on page 67; then restart
sshd.
19.
Log out as root by entering exit.
20.
Log out from da1 by entering exit.
21.
(End of Exercise)
Version 1
67
Exercise 7-3
Use Remote Administration

In this exercise, you configure remote administration.
You establish a VNC connection to the da1 server from the da-host workstation.
This exercise has four parts. In the first part, you remotely access the text-based
version of YaST on da1 from your workstation.
Then in the second part, you remotely access the graphical version of YaST on da1
from your workstation.
In the third part, you configure remote access to your da1 server with the YaST
Remote Administration module.
In the fourth part, you access your server via VNC.
You need to complete the following tasks:
Part I: Remotely Access a Text-Based Version of YaST on page 68
Part II: Remotely Access the GUI Version of YaST on page 68
Part III: Configure Remote Administration with YaST on page 69
Part IV: Access Your da1 Server Remotely on page 69
Part I: Remotely Access a Text-Based Version of YaST

Do the following:
1.
If necessary, power on your da1 virtual machine.
2.
Open a terminal window on da-host and enter:

ssh root@da1.digitalairlines.com
3.
When prompted for the password, enter novell.
4.
Launch the ncurses-based version of YaST by entering yast2.

Despite the fact that you entered yast2, the text-based version of the YaST
Control Center appears.
This is because X11 forwarding is not active in the default configuration of ssh.
5.
Exit the YaST Control Center by pressing Alt+q.
6.
Close the SSH session by entering exit.
Part II: Remotely Access the GUI Version of YaST

Do the following:
1.
From the terminal window on your workstation, enter

ssh -X root@da1.digitalairlines.com
2.
68
When prompted for the password, enter novell.
Version 1
3.
Launch the GUI-based version of YaST by entering yast2.

Because the -X option activated X11 forwarding, the GUI-based version of the
YaST Control Center appears:
Part III: Configure Remote Administration with YaST

Do the following, using the YaST Control Center you started in Part II:
1.
In the main window of YaST, select Network Services > Remote Administration
(VNC).
The Remote Administration dialog appears.
2.
Select Allow Remote Administration and select Open Port in Firewall if the
firewall is enabled.
3.
Click Finish.
4.
Close YaST.
5.
Restart the display manager by entering rcxdm restart at the shell prompt.
where you are logged in to da1 via ssh.
You should see the graphical interface of your da1 virtual machine restart.
6.
At the shell prompt, enter exit.

Your da1 SUSE Linux Enterprise Server 11 SP2 system is ready to be accessed
remotely.
Part IV: Access Your da1 Server Remotely

To access the da1 server from a web browser, do the following:
1.
Install a Java browser plug-in on your da-host workstation:

a.
On da-host, start the YaST Software Management by selecting elect

Computer > YaST > Software > Software Management.
b.
In the search field, type java-1, then click Search.
c.
From the search results, select java-1_6_0-ibm-plugin.
d.
Click Accept.
e.
Accept the automatic changes by clicking Continue.

Wait while the packages are installed.
f.
Close YaST.
2.
On your da-host workstation desktop, open the Firefox web browser by selecting
Computer > Firefox.
3.
In the Location field, enter

http://da1.digitalairlines.com:5801
The SLES 11 SP2 login dialog appears within the browser window.
4.
Version 1
Log in to the remote servers desktop as geeko with a password of novell.
69
The desktop for your geeko user on da1 appears.

5.
If time permits, try completing various administrative tasks and running

commonly-used applications on da1 through the VNC session.
6.
When youre finish testing the desktop, close the VNC session by clicking
Disconnect (at the top of the screen).
7.
(End of Exercise)
70
Version 1
Exercise 7-4
Use Nomad
In this exercise, you configure remote desktop sharing using Nomad. You establish an
RDP connection between da-host and da1.
As the necessary client packages are part of the SLED 11 SP2 installation media, you
have to add the DVD as a repository to da-host before installation.
You establish an RDP connection between your da-host workstation and the da1
virtual workstation.
1.
Verify that your da1 workstation is running.
2.
Log in to your da1 virtual machine as geeko, open a terminal window and su to the root account (password novell).
3.
Install the yast2-rdp package on da1 by entering

yast -i yast2-rdp
4.
Configure the RDP access by doing the following:

a.
Start YaST and select Network Services > Remote Administration (RDP).
b.
When prompted that the xrdp package needs to be installed, click Install.
c.
(Conditional) If prompted, insert your SLES 11 installation DVD.
d.
Wait while the RDP packages are installed.

A Remote Administration dialog appears.
e.
Mark Allow Remote Administration and Open Port in Firewall if the firewall
is activated
f.
Click Finish.
g.
Close YaST.
5.
Reboot da1 by entering init 6 at the shell prompt.
6.
After the system as rebooted, log in as geeko with a password of novell.
7.
Open a terminal session and switch to root using the su- command followed by
a password of novell.
8.
Verify that xrdp is running by entering rcxrdp status at the shell prompt.
The command should return a status of running.
9.
Version 1
Install the rdesktop and tsclient packages on your host workstation by doing the
following:
a.
Start YaST by selecting Computer > YaST.
b.
When prompted, enter a root user password of novell.
c.
Insert the SLED 11 SP2 installation DVD (i586 or x86_64, depending on

your installed architecture) in the DVD drive.
d.
Select Software > Software repositories.
71
10.
e.
Select Add > DVD > Next; when prompted to insert the Add-on Products
DVD select Continue.
f.
Accept the License Agreement and click Next.
g.
Click OK to close the Software Repositories module
h.
In YaST, select Software > Software Management.
i.
In the search field, enter rdesktop and click Search.
j.
Within the search results, select the rdesktop and tsclient packages and click
Accept. In the Automatic Changes dialog, select Continue.
k.
Configure a remote desktop connection on your host workstation by doing the

following:
a.
At the shell prompt on your host workstation da-host, enter tsclient.
b.
In the Termina Server Client window, dlick New Connection > Windows
Terminal Service.
An Windows Terminal Service connection dialog appears.
c.
In the Host field, type da1.digitalairlines.com.
d.
In the Username field, type geeko.
e.
In the Password field, type novell.
f.
Expand Advanced Options.
g.
In the Connection Type drop-down list, select LAN.
h.
Select (check) the Save this connection entry.
i.
In the Name field, enter da1 Desktop.
j.
Click Save.
The da1 Desktop remote desktop connection is added to the Terminal Server
Client window.
11.
Open the remote connection by double-clicking da1 Desktop.

The da1 desktop is displayed in an rdesktop /TightVNC window.
12.
(Conditional) If time permits, experiment with the remote desktop. Try opening
and using the various applications remotely.
13.
When complete, click Computer > Logout > Log Out within the remote desktop
session.
14.
In the Terminal Server Client window, click the Exit icon.
15.
At the shell prompt, enter exit.
(End of Exercise)
72
Version 1
SECTION 8
Gather Information on your SLES 11 Server on page 74

In this exercise, you learn how to get information on the computer you are using.
Manage System Logging on page 76

In this exercise, you practice configuring syslog-ng and logrotate.
Version 1
73
Exercise 8-1
Gather Information on your SLES 11 Server

In this exercise, you learn how to get information on the computer you are using.
You use the administration tools covered in this section to gather information on your
server.
As you work through this exercise, write down the appropriate value in the right-hand
column of the following table:
Table 8-1
Hardware Values
System Parameter
Value
OS
Hardware Architecture
Processor Type
Hostname
Kernel Release
Kernel Version (include date and time)
System Up Time
Load Averages
SLES 11 Version
System Date and Time
Model Name of Processor
Free Memory
Patch Level

1.
If necessary, power on your da1 server and log in as geeko with a password of
novell.
2.
Open a terminal window and switch to root using the su - command and a
password of novell.
3.
View the kernel release of the Linux distribution you are running by entering
uname -r
4.
View the computers hardware architecture by entering

uname -m
5.
View the processor type for this Linux build by entering

uname -p
6.
74
View all information, including hostname, kernel release, and kernel version, by
entering
Version 1
uname -a
7.
View the system uptime and the load averages by entering

uptime
8.
View the version of the SUSE Linux Enterprise Server distribution by entering
cat /etc/SuSE-release
9.
View the system date and time by entering

date
10.
View information on the processor by entering

cat /proc/cpuinfo
11.
View the current memory statistics by entering

cat /proc/meminfo
(End of Exercise)
Version 1
75
Exercise 8-2
Manage System Logging

In this exercise, you practice configuring syslog-ng and logrotate.
First, you configure syslog-ng to log messages of the local4 facility. The /var/
log/local4 file is used for messages of the local4 facility no matter the priority.
The /var/log/local4.debug file logs only messages with the debug priority.
A third file, /var/log/local4.info, logs only messages with the info priority.
Then you configure logrotate to manage these log files. You create a /etc/
logrotate.d/local4 file that does the following with these three files:
Compresses the old logs
Saves the old logs with a date extension
Limits the oldest log to one day
Limits the rotated logs saved to five
Limits the maximum size of the file to 20 bytes
Proceeds without error if a log file is missing
Logs the date in the local4.info file each time a new log file is generated
NOTE: The above values (one day, five logs, 20 bytes) are used for demonstration purposes only. In
a production environment, these values should be much higher.
Complete the following tasks to do this:
Part I: Modify the syslog-ng Configuration on page 76
Part II: Configure logrotate on page 78
Part I: Modify the syslog-ng Configuration

To modify the syslog-ng configuration, do the following:
1.
novell.
2.
password of novell.
3.
At the shell prompt, enter vi /etc/syslog-ng/syslog-ng.conf.
4.
Press Ins.
5.
Add the following lines at the bottom of the file to create filters for the messages
you want to log:
6.
76
filter f_local4debug
};
{ level(debug)
and facility(local4);
filter f_local4info
{ level(info)
filter f_local4
{ facility(local4); };
and facility(local4); };
Specify the destinations and log paths by adding the following lines:
Version 1
destination local4debug { file("/var/log/local4.debug"); };

log { source(src); filter(f_local4debug);
destination(local4debug); };
destination local4info { file("/var/log/local4.info"); };
log { source(src); filter(f_local4info);
destination(local4info); };
destination local4 { file("/var/log/local4"); };
log { source(src); filter(f_local4); destination(local4); };
NOTE: Check your syntax carefully. If you make a mistake in this file, syslog wont start.
7.
Save the changes and close the editor by pressing Esc and then entering :exit.
8.
Restart the syslog daemon by entering rcsyslog restart at the shell

prompt.
9.
Open a new terminal window and enter su - followed by a password of novell.
10.
Check the configuration by logging an entry to the info level in the local4 facility
by doing the following:
a.
Enter the following in one of your terminal sessions to monitor the activity
of the log file:
tail -F /var/log/local4.info
NOTE: The -F option keeps trying to open a file even if it is inaccessible when tail
starts.
You will see warnings regarding the fact that the file does not yet exist. You can disregard
this error as the file will be created when you complete the next step.
b.
In the other terminal window, log an entry to the info level in the local4
facility by entering
logger -p local4.info "Info message 1"
c.
Check the results in the second terminal window. The message should be
logged in the /var/log/local4.info file.
The message should also be logged in the /var/log/local4 file and,
because of other entries in /etc/syslog-ng/syslog-ng.conf, in /
var/log/localmessages.
NOTE: If no messages appear, there might be something wrong with your syslog
configuration, for instance a typo or a missing ;. To diagnose what is wrong, enter
rcsyslog restart at the shell prompt and see if syslog starts properly. If there is an
issue with the configuration, an error message will say so. Look for the line number
shown in the output for the error, correct it, and restart syslog.
d.
Version 1
In the terminal window where the log activity is being monitored with
tail, stop the monitoring by pressing Ctrl+c.
77
11.
Repeat this process for the debug log level. Use the following command in the
first terminal window:
tail -F /var/log/local4.debug
Use the following command in the second terminal window:
logger -p local4.debug Info message 2
NOTE: Only those level4 log files with entries will be compressed during log rotation in Part
II of this exercise.
12.
In the terminal window where the log activity is being monitored with tail,
stop the monitoring by pressing Ctrl+c.
Part II: Configure logrotate

To configure logrotate, do the following:
1.
At the shell prompt, enter vi /etc/logrotate.d/local4.
2.
Press Ins.
3.
Add the following content to the file:

/var/log/local4.debug /var/log/local4.info /var/log/local4
{
compress
dateext
maxage 1
rotate 5
size 20
postrotate
date >> /var/log/local4.info
endscript
}
NOTE: Make sure the directories in the first line are separated with spaces.
4.
Press Esc, then save the changes and close the editor by entering :exit.
5.
Switch to virtual terminal 1 by pressing Ctrl+Alt+F1.
6.
7.
Rotate the logs manually by entering

logrotate /etc/logrotate.conf
8.
Check the directory /var/log/ for the zipped local4 log files by entering
ls -l /var/log | less
You see the following files:
78
local4.debug-current_date.bz2
local4.info-current_date.bz2
Version 1
For example, if the current date is July 15, 2012, then the zipped file for
local4.info will be local4.info-20120715.bz2.
The .bz2 extension is used because the command to compress files is set to
bzip2 in /etc/logrotate.conf.
NOTE: Only those log files with entries are zipped.
9.
10.
Exit the list by entering q.

Check the contents of the local4.info zipped archive by entering
less /var/log/local4.info-current_date.bz2
You should see the entries you added to the log file.
11.
Press q to exit.
12.
Log out as root by entering

exit
13.
Return to the GNOME desktop by pressing Ctrl+Alt+F7.
14.
(End of Exercise)
Version 1
79
80
Version 1
SECTION 9
In this section of the workbook, you learn how to do the following
Schedule Jobs with cron and at on page 82

In this exercise, you practice scheduling jobs with at and cron.
Version 1
81
Exercise 9-1
Schedule Jobs with cron and at

In this exercise, you practice scheduling jobs with at and cron.
In the first part of the exercise, you redirect the output of the finger command to /
var/log/messages three minutes from the current time. Then you schedule the
same job for tomorrow at noon. Finally, you schedule a program to run tomorrow at 2
p.m. and afterwards remove the job.
In the second part of the exercise, you create a cron job as a normal user that logs the
output of finger to ~/users.log every minute and another cron job as root that
backs up /etc/ to /export/data2/etc.tgz using tar and the options czvf
every Tuesday at 2 a.m.
Part I: Schedule Jobs with at on page 82
Part II: Schedule Jobs with cron on page 83
Part I: Schedule Jobs with at

To schedule jobs with at, do the following:
1.
novell.
2.
password of novell.
3.
Check to see if the at service is running by entering rcatd

shell prompt.
4.
If the command returns a status of unused, start the at service by entering

rcatd start at the shell prompt.
5.
Display the current date and time by entering date at the shell prompt.
6.
Three minutes from now, log who is currently logged in to the /var/log/
messages file by entering the following commands:
status at the
at hh:mm
finger >> /var/log/messages
NOTE: Make sure you enter two > characters in the above command. If you have only one >
character, all existing entries in /var/log/messages will be overwritten.
7.
Exit the at editor by pressing Ctrl+d.
8.
View the scheduled at jobs by entering atq (or at -l).

Note the job number listed.
9.
Enter tail -f /var/log/messages at the shell prompt.

Login information for geeko will appear at the end of the file after the three
minutes have passed.
82
Version 1
Stop tail by entering Ctrl+c.

10.
Schedule the same job to run tomorrow at noon by entering the following
commands:
at noon tomorrow
finger >> /var/log/messages
11.
12.
Schedule the date to be logged tomorrow at 2:00 p.m. to the /var/log/

messages file by entering the following:
at 14:00 tomorrow
date >> /var/log/messages
13.
14.

Notice that the two jobs are listed, each with an individual job number.
15.
Remove the job scheduled for tomorrow at 2:00 p.m. by entering

atrm job_number
16.

Only the job scheduled for 12:00 p.m. should still be listed.
Part II: Schedule Jobs with cron

To schedule jobs with cron, do the following:
1.
At the shell prompt, return to the geeko user account by entering exit.
2.
Schedule a cron job as geeko by doing the following:

a.
Enter crontab -e at the shell prompt.

The vi editor is displayed with geekos crontab file loaded.
b.
Press Ins to enter insert mode.
c.
Schedule finger to run every minute and write the output to the ~/
users.log file by entering the following:
*
finger
>>
~/users.log
d.
Press Esc.
e.
Save the file and exit the vi editor by entering :wq.
f.
Watch the users.log file for a few minutes and validate that it is being
updated by entering tail -F ~/users.log at the shell prompt.
NOTE: The -F option keeps trying to open a file even if it is inaccessible when tail
starts.
g.
Version 1
When finished, press Ctrl+c to break out of tail.
83
3.
Remove geekos crontab file by entering crontab -r at the shell prompt.
4.
Verify that the crontab file no longer exists by entering crontab -l at the
shell prompt.
5.
Verify that the cron job you defined in Step 2 is no longer active by entering
tail -f ~/users.log at the shell prompt.
Notice that entries to users.log are no longer being added.
6.
Press Ctrl+c to stop tail.
7.
Schedule a cron job as root:

a.
At the shell prompt, enter su - followed by a password of novell.
b.
Enter crontab -e.
c.
Press Ins.
d.
Add a job that runs at 2:00 a.m. every Tuesday and creates a tarball of /etc
that is saved in /tmp by entering the following:
0
tar czvf /tmp/etc.tgz /etc
e.
Press Esc.
f.
Save the file and exit the vi editor by entering :wq.
g.
Verify that the job is in the crontab file for root by entering crontab -l
The entry you made in Step d should be listed.
8.
Remove roots crontab file by entering crontab -r at the shell prompt.
9.
Verify that the crontab file no longer exists by entering crontab

shell prompt.
10.
-l at the
(End of Exercise)
84
Version 1
SECTION 10
Back Up System Files with YaST on page 86

In this exercise, you learn how to perform a system backup with YaST.
Create Backup Files with tar on page 87

In this exercise, you learn how to use tar to create backups.
Work with Snapper on page 89

In this exercise, you learn how to use the YaST Snapper module and the
snapper command line tool.
Create Drive Images with dd (Optional) on page 91

In this exercise, you use dd to create a drive image.
Back Up a Home Directory with rsync on page 93

In this exercise, you use rsync to back up a users home directory.
Configure a cron Job for Data Backups on page 95

In this exercise, you use cron to automate the backup process.
Version 1
85
Exercise 10-1
Back Up System Files with YaST

In this exercise, you learn how to perform a system backup with YaST.
You perform the system backup with the YaST System Backup module.
1.
If necessary, power on you da1 server and log in as geeko with a password of
novell.
2.
3.
4.
In YaST, select System > System Backup.
5.
Select Profile Management > Add.
6.
Enter Course3116; then click OK.
7.
In the Filename field, enter /tmp/course3116.tar.
8.
Click Next.
9.
In the Backup Options screen, use the default selections by clicking Next.
A list of directories and file systems which are not going to be included in the
backup is displayed.
10.
Under Items Excluded from Search, select Add > Directory.
11.
Enter /home; then click OK.

We will assume that the home directories are backed up using a different utility.
12.
Click OK.
13.
In the profile overview, make sure the profile Course3116 is highlighted; then
click Create Backup.
Wait until the backup has been completed. (This will take some time to
complete.)
14.
In the Backup Summary, click OK; then click OK in the System Backup screen.
15.
Review the structure of the tar archive in /tmp/course3116.tar by doing

the following:
a.
Open a terminal window and switch to your root user account by entering su
- at the shell prompt followed by a password of novell.
b.
At the shell prompt, enter tar -tf /tmp/course3116.tar.

The list of files should match what you intended to back up.
(End of Exercise)
86
Version 1
Exercise 10-2
Create Backup Files with tar

In this exercise, you learn how to use tar to create backups.
You use tar to create a full backup and an incremental backup.
Part I: Create a Full Backup on page 87
Part II: Create an Incremental Backup on page 87
NOTE: In this exercise, you copy backup files to the directory /tmp. This is done for
demonstration purposes only. You should not store an actual backup in the /tmp directory.
Part I: Create a Full Backup

To create a full backup, do the following:
1.
novell.
2.
3.
Change to the /srv/www directory by entering

cd /srv/www/
4.
Create a tar archive of the htdocs directory by entering

tar czf /tmp/htdocs.tar.gz htdocs
5.
Delete the htdocs directory by entering

rm -r htdocs
6.
Restore the htdocs directory by entering

tar xzf /tmp/htdocs.tar.gz
7.
View the content of the restored directory by entering

ls htdocs
Part II: Create an Incremental Backup

To create an incremental backup, do the following:
1.
Create a full backup of the htdocs directory by entering

tar czv -g /tmp/snapshot_file -f /tmp/
htdocs_full.tar.gz htdocs
2.
Create a new file in the htdocs directory by entering

touch htdocs/incremental.html
3.
Perform an incremental backup by entering

tar czv -g /tmp/snapshot_file -f /tmp/
htdocs_incremental.tar.gz htdocs
Version 1
87
Note that tar backs up the content of the directory incrementally.

4.
View the content of the incremental backup file by entering

tar -tzf /tmp/htdocs_incremental.tar.gz
The output of the above command should indicate that only the new file got
backed up.
5.
Remove the htdocs directory by entering

rm -r htdocs
6.
Unpack the full backup by entering

tar xzf /tmp/htdocs_full.tar.gz
7.
Unpack the incremental backup by entering

tar xzf /tmp/htdocs_incremental.tar.gz
8.
(End of Exercise)
88
Version 1
Exercise 10-3
Work with Snapper

In this exercise, you learn how to use the YaST Snapper module and the snapper
command line tool.
You create a user with the YaST Users and Group Management module, then view
the changes in the YaST Snapper module and undo the changes with YaST and
snapper.
This exercise is done on the da2 virtual machine. The da2 VMware disk image files
are available on the 3116 course DVD and should already have been copied to the /
vmware directory of da-host during the setup of your exercise environment.
Do the following.
1.
From your da-host desktop, launch VMware Player.
2.
Select Open a Virtual Machine and browse to /vmware/3116-da2/, select

3116-da2.vmx and click Open.
3.
In the VMware Player window, select 3116-da2 and click Play virtual machine.
4.
(Conditional) If a Question dialog appears, select I copied it. If there is a Hint

regarding VMware Tools, click OK.
5.
Log in to the da2 workstation as geeko (password novell).
6.
Start YaST and create a tux user account using the Users and Groups
Management module.
7.
In YaST, select Miscellaneous > Snapper.
8.
In the Snapshots dialog, select the entry that matches the creation of the tux user
from Step 6 and click Show Changes.
9.
Expand the etc entry on the left and select passwd.
10.
Click the three Show the difference ... radio buttons to see their effect.
11.
Click Restore From First and then OK.
12.
Click the three Show the difference ... radio buttons again and notice the
difference to what they showed in Step 10.
13.
With the passwd entry still selected, click Restore From Second and then OK.
14.
Select all entries (put a check mark in the square) and click Restore Selected.
15.
Click Yes in the Restoring Files dialog, and then OK.
16.
Close YaST.
17.
In a terminal window as root, enter cat /etc/passwd.

The user tux should not be listed.
18.
In the terminal window, enter snapper list. There should be a yast snapper
entry; this is the entry where you undid the yast users entry.
Note the Pre and Post numbers:
Version 1
89
19.
Display the difference for the two snapshots for the /etc/passwd entry with the
following command:
snapper diff prenr..postnr /etc/passwd
There should be a line that starts with -tux ...
20.
Check if there is a /home/tux directory by entering ls /home.
21.
Check the status of the snapshots by entering

snapper status prenr..postnr
22.
Roll back the change made by the YaST Snapper module by entering
snapper -v undochange prenr..postnr
As no file name is specified, all files are restored.
This is not always advisable, as other files might have been changed by other
processes while the snapper module was running that you dont want to change
back to their previous state. Therefore always check the status as in Step 21 to
avoid any inadvertant effects from the restore.
23.
Check if the /home/tux directory was restored and the /etc/passwd file
has again an entry for tux.
(End of Exercise)
90
Version 1
Exercise 10-4
Create Drive Images with dd (Optional)

In this exercise, you use dd to create a drive image from an optical disc.
1.
Connect your da1 virtual machine to the 3116_CD.iso file located in the
Exercises/10-3 directory on your course DVD by doing the following:
a.
If an optical disc icon is displayed on your da1 desktop, right-click it and

select Unmount Volume.
b.
In your da1 VMware window, select Virtual Machine > Removable Devices
> CD/DVD > Disconnect.
c.
If necessary, insert your 3116 course DVD in your host workstations optical
drive.
d.
> CD/DVD > Connect to Disk Image File (iso).
e.
Browse to and select the 3116_CD.iso file located in the Exercises/103 directory on your course DVD.
f.
Select Open.
g.
When prompted for roots password, enter novell.

You should see the GNOME File Browser window open, displaying the
contents of the disc.
2.
Close the File Browser window.
3.
4.
At the shell prompt, enter mount.
5.
In the output, look for an entry

/dev/sr0 on /media/...
6.
Note the corresponding device name (listed in the first column of the output):
7.
Copy an image of the CD to the hard disk by entering the following at the shell
prompt:
dd if=/dev/device_name of=/tmp/course_cd.iso
When done, you should see a ... records in ... records out message.
8.
When the copy process is complete, mount the image file by entering
mount -o loop /tmp/course_cd.iso /mnt/
9.
10.
Change to the /mnt/ directory by entering cd /mnt at the shell prompt.

Display the content of the image file by entering ls at the shell prompt.
You should see the files from the CD.
Version 1
91
11.
Enter cd /media/3116_CD; then enter ls.

Note that the content of the image file is identical to the original CD.
12.
Change to your home directory and unmount the image file by entering the
following commands:
cd
umount /mnt
13.
Delete the image file by entering

rm /tmp/course_cd.iso
14.
Connect your da1 virtual machine back to your host workstations optical drive
by doing the following:
a.
Right-click the 3116_CD volume on your desktop and select Unmount.
b.
> CD/DVD > Disconnect.
c.
If necessary, insert your SLES 11 installation DVD in your host

workstations optical drive.
d.
> CD/DVD > Connect to /dev/sr0.
e.
When prompted for roots password, enter novell.
f.
(End of Exercise)
92
Version 1
Exercise 10-5
Back Up a Home Directory with rsync

In this exercise, you use rsync to backup a users home directory.
Part I: Perform a Local Backup with rsync on page 93
Part II: Perform a Remote Backup with rsync on page 93
Part I: Perform a Local Backup with rsync

To perform a local backup with rsync, do the following:
1.
On your da1 virtual server, log in as geeko with a password of novell (if
necessary) and open a terminal window.
2.
Switch to root using the su - command along with a password of novell.
3.
Create a backup directory by entering mkdir /tmp/rsync_test at the shell

prompt.
4.
Copy geeko's home directory to the backup directory by entering the following
command at the shell prompt:
rsync -av /home/geeko/ /tmp/rsync_test
5.
At the shell prompt, enter cd /tmp/rsync_test.
6.
Enter ls to view the files copied by rsync.

You should see all the files that are in geekos home directory.
7.
At the shell prompt, enter cd ~.
8.
Open a second terminal window.
9.
As the geeko user, create a new file by entering touch new_file at the shell
prompt.
10.
Switch to the root terminal window and enter the same rsync command again:
rsync -av /home/geeko/ /tmp/rsync_test
Notice that rsync transfers only the new file and the corresponding directory.
Part II: Perform a Remote Backup with rsync

In this part of the exercise, you preform a a remote backup to your da-host
workstation from da1. Do the following:
1.
Open the ssh port in the firewall on da-host (if it is enabled) by doing the
following:
a.
On da-host, select Computer > YaST.
b.
Select Security and Users > Firewall.

(If the firewall is not running you can just close the Firewall Configuration
window and YaST and go to Step 2 on page 94.)
c.
Version 1
On the left, select Allowed Services.
93
d.
In the Service to Allow drop-down list, select Secure Shell Server.
e.
Click Add.
f.
Click Next > Finish.
g.
Close YaST.
2.
Switch back to your da1 server.
3.
From the root terminal window on da1, create a /tmp/rsycnc_remote_test

directory by entering
mkdir /tmp/rsync_remote_test
4.
From the root terminal window on da1, perform a remote backup of the geeko
users home directory on da-host by entering the following at the shell prompt
(all on one line):
rsync -av root@da-host.digitalairlines.com:/home/geeko
/tmp/rsync_test
5.
When prompted to accept the security certificate, enter yes.
6.

You should see the geeko users files on da-host being synchronized to your da1
server.
7.
Switch to your da-host workstation and do the following:

a.
Open a terminal session on da-host.
b.
As geeko, create a new file in the geeko home directory by entering

touch ~/new_file2
8.
Switch back to your da1 server.
9.
Enter the rsync command again at the shell prompt:

rsync -av root@da-sled.digitalairlines.com:/home/geeko
/tmp/rsync_test
10.

Notice that only new files created since the last time rsync was run are copied.
11.
Clean up the backup directories by entering

rm -r /tmp/rsync_*
12.
Close all terminal windows on both virtual machines.
(End of Exercise)
94
Version 1
Exercise 10-6
Configure a cron Job for Data Backups

In this exercise, you use cron to automate the backup process.
1.
On your da1 virtual server, log in as geeko with a password of novell (if
necessary) and open a terminal window.
2.
Switch to root using the su - command and a password of novell.
3.
Change to the /usr/local/bin/ directory by entering

cd /usr/local/bin
4.
Create the home_backup.sh file in the current directory by entering vi

home_backup.sh at the shell prompt.
5.
Press Ins, then add the following lines to the file:

#!/bin/bash
rsync -a /home/geeko
/tmp/rsync_test
6.
Press Esc, then enter :exit to save the file and close the editor.
7.
Make the file executable by entering chmod 744 home_backup.sh at the

shell prompt.
8.
To edit roots crontab, start the crontab editor by entering crontab

shell prompt.
9.
Press Ins, then enter the following:

5_minutes_in_the_future current_hour *
home_backup.sh
-e at the
/usr/local/bin/
For example, to have the backup script run at 3:30 pm, you would enter the
following:
30 15 *
/usr/local/bin/home_backup.sh
10.
Press Esc, then enter :exit to save the file and close the editor.
11.
Wait five minutes, then verify that the backup ran by entering the following at the
shell prompt:
ls /tmp/rsync_test
12.
Close all open windows on da1.
(End of Exercise)
Version 1
95
96
Version 1
SECTION 11
Configure PAM Authentication on page 98

In this exercise, you practice configuring PAM authentication.
Configure sudo on page 100

In this exercise, you practice configuring sudo.
Configure the Password Security Settings on page 102

In this exercise, you practice changing different security settings.
Use ACLs on page 104

In this exercise, you practice using ACLs.
Configure SuSEfirewall2 on page 107

In this exercise, you practice configuring the firewall on SUSE Linux Enterprise
Server 11 SP2.
Version 1
97
Exercise 11-1
Configure PAM Authentication

In this exercise, you practice configuring PAM authentication.
You will create a file on da1 that prevents all normal users (such as geeko) from
logging in and you then test the system.
1.
novell.
2.
From the graphical desktop, switch to virtual console 3 by pressing Ctrl+Alt+F3.
3.
4.
Create the /etc/nologin file by entering the following command at the shell
prompt:
echo No login possible > /etc/nologin
5.
Switch to virtual console 4 by pressing Alt+F4.
6.
Attempt to log in as geeko.

A No login possible and a Login incorrect message are displayed, indicating
that you cannot log in to the system.
7.
Switch back to virtual console 3 by pressing Alt+F3.
8.
View the last lines of the file /var/log/messages by entering the following
at the shell prompt:
tail /var/log/messages
Look for the FAILED LOGIN message for geeko that indicates the failed login
attempt.
9.
Edit the file /etc/pam.d/login configuration file by doing the following:

a.
At the shell prompt, enter vi /etc/pam.d/login.
b.
Switch to insert mode by pressing Ins.
c.
Add a # sign to the beginning of the following line:

auth
requisite
pam_nologin.so
This PAM module checks to see if a /etc/nologin file exists. If it does,

it does not allow regular users to log in by returning a failed status.
Now that this line is commented out, PAM will not check for the file. This
means that all users can log in, even if the file exists.
d.
10.
98
Press Esc, then save the file by entering :w.
Test the modified PAM configuration file:

a.
b.
Attempt to log in as geeko with a password of novell.
Version 1
You are able to log in because PAM no longer checks for the /etc/
nologin file.
c.
11.
Log out as geeko by entering exit.
Edit the file /etc/pam.d/login to uncomment the pam_nologin.so line:

a.
b.
In the vi editor, press Ins.
c.
Uncomment the pam_nologin.so line (by removing the # sign you

entered before) so it looks like the following:
auth
d.
12.
requisite
pam_nologin.so
Press Esc, then save the file and exit vi by entering :wq.
On virtual console 4, try logging in again as geeko.

Again, you receive a Login incorrect message.
13.
Press Alt+F3.
14.
Delete the file /etc/nologin by entering rm

prompt.
15.
Press Alt+F4.
16.
Try again to log in as geeko with a password of novell.
/etc/nologin at the shell
Because the /etc/nologin file no longer exists, user login is enabled again.
17.
Log out as geeko by entering exit.
18.
Press Alt+F3.
19.
Log out as root by entering exit.
20.
Return to the server desktop by pressing Alt+F7.
(End of Exercise)
Version 1
99
Exercise 11-2
Configure sudo
In this exercise, you practice configuring sudo.
You allow the geeko user to kill processes on da1 as root.
1.
2.
3.
Switch to root using the su - command and password of novell.
4.
At the shell prompt, enter visudo.
5.
Press Ins.
6.
Scroll down to the Defaults targetpw... line.
7.
Comment out the following lines by placing a # at the beginning of each of the
following lines:
Defaults targetpw
ALL
8.
ALL=(ALL) ALL
KPROCS = /bin/kill, /usr/bin/killall
Define a Host_Alias named HOSTS that contains the da1 host by adding the
following line to the end of the file:
Host_Alias
11.
POWERUSERS = geeko
Define a Cmnd_Alias named KPROCS that contains the kill and killall
commands by adding the following line to the end of the file:
Cmnd_Alias
10.
# WARNING! Only use this together ...
Define a User_Alias named POWERUSERS that contains the geeko user

account by adding the following line to the end of the file:
User_Alias
9.
# ask for the password of ...
HOSTS = da1
Using the aliases defined above, allow the geeko user to run the specified
commands on da1 as root by adding the following line to the end of the file:
POWERUSERS HOSTS = (root) KPROCS
12.
Press Esc, then save your changes and exit the editor by entering :exit.
13.
Test your configuration by doing the following:

a.
At the shell prompt (as root), enter top to start the top process running.
b.
Open a new terminal window.
c.
At the shell prompt in the new terminal window (as geeko), enter sudo
killall top.
d.
When prompted, enter geekos password of novell.

You should see that top is unloaded in the first terminal window.
e.
100
Close all open windows on the desktop.
Version 1
(End of Exercise)
Version 1
101
Exercise 11-3
Configure the Password Security Settings

In this exercise, you practice changing different security settings.
You will change the default behavior when Ctrl+Alt+Del is pressed. You will also
change the encryption method from blowfish to MD5.
1.
password of novell.
2.
Open a terminal window on da1.
3.
Check the setting for the Ctrl+Alt+Del keystroke in the file /etc/inittab by
entering
grep ctrlaltdel /etc/inittab
Note the current setting:
4.
Start YaST by selecting Computer > YaST and entering a password of novell.
5.
Select Security and Users > Security Center and Hardening.

The Security Overview dialog appears.
6.
On the left, select Predefined Security Configurations.
7.
Make sure Custom Settings is selected.
8.
On the left, select Password Settings.
9.
From the Password Encryption Method drop-down list, select MD5.
10.
On the left, select Boot Settings.
11.
From the Interpretation of Ctrl + Alt + Del drop-down list, select Halt.
12.
Apply the new security settings by clicking OK.
13.
Close YaST.
14.
To test the change, you must first activate the new configuration.
This can be done either by rebooting the system or by entering (as root) init q,
which reloads the /etc/inittab file. You will do the latter:
15.
a.
In the terminal window, su - to root using a password of novell.
b.
Reload the /etc/inittab file by entering init q.
Verify that the Ctrl+Alt+Del setting has changed by entering

grep ctrlaltdel /etc/inittab
Notice that the setting is now shutdown -h instead of what you noted in Step
3 on page 102.
102
Version 1
16.
Test this setting by pressing Ctrl+Alt+F1 to switch to a virtual terminal. Then

select from the VMware Menu Virtual Machine > Send Ctrl+Alt+Del.
The system shuts down instead of restarting.
17.
Power the da1 virtual machine back on and log in as geeko with a password of
novell.
18.
(Optional) Use the YaST Security Settings module to change the default for
Ctrl+Alt+Del back to Restart.
(End of Exercise)
Version 1
103
Exercise 11-4
Use ACLs
In this exercise, you practice using ACLs.
In the first part, you create the acl_test directory in /tmp and set rwx rights for
the owner only. You then set ACLs to allow the geeko user to change into that
directory.
In the second part, you create a file in the /tmp/acl_test directory as root using
touch. Then you change the default ACLs for the /tmp/acl_test directory to
give geeko read and write access to files and directories.
In the third part of this exercise, you practice removing the ACLs that you have set.
Part I: Configure the ACL of a Directory on page 104
Part II: Configure a Default ACL for a Directory on page 105
Part III: Delete an ACL on page 105
Part I: Configure the ACL of a Directory

To configure the ACL of a directory, do the following:
1.
If necessary, log in to your da1 server as geeko with a password of novell.
2.
3.
Change to the directory /tmp by entering

cd /tmp
4.
Create a test directory by entering

mkdir acl_test
5.
Limit the file system permissions for the directory by entering

chmod 700 acl_test
6.
Open a second terminal window as the geeko user.
7.
Try changing to the test directory by entering

cd /tmp/acl_test/
The command fails, because geeko (who is not the owner of the directory) has no
permission to read and change into the directory.
8.
Switch to the root terminal session.
9.
Display the minimum ACL of the directory by entering

getfacl acl_test
It should should show the rwx permissions for the owning user and no
permission for anyone else.
10.
104
Add an extended ACL by entering
Version 1
setfacl -m u:geeko:rwx acl_test/

11.
Switch to the geeko terminal and try to access the directory again by entering
cd /tmp/acl_test
Because of the extended ACL, you can now change into the directory.
12.
Switch to the root terminal and display the extended ACL of the directory by
entering
getfacl /tmp/acl_test/
It should show the additional permissions for the named user geeko.
Part II: Configure a Default ACL for a Directory

To configure a default ACL for a directory, do the following:
1.
In the root terminal window, change to the directory acl_test by entering

cd /tmp/acl_test
2.
Create a file by entering

touch without_default_acl
3.
Display the ACL of the new file by entering

getfacl without_default_acl
Because there is no default ACL for the parent directory, the new file does not
have an extended ACL either.
4.
Set a default ACL for the acl_test directory by entering

setfacl -d -m u:geeko:rw /tmp/acl_test/
5.
Create another test file by entering

touch with_default_acl
6.
Display the ACL of the new file by entering

getfacl with_default_acl
Because this file was created after the default ACL of the parent directory was
set, the new file inherited the ACL. It has an entry for the named user geeko.
Part III: Delete an ACL

To delete ACL, do the following:
1.
In the root terminal window, remove the ACL by entering

setfacl -x u:geeko with_default_acl
2.
Display the ACL again by entering

As you can see, the ACL for the user geeko has been removed. If there were
ACLs for other users, they would remain unaffected.
Version 1
105
3.
View the file attributes of with_default_acl by entering

ls -l with_default_acl
The + sign signifies that there are still extended attributes (such as the mask) set
for the file.
4.
Remove all ACLs by entering

setfacl -b with_default_acl
5.
Display the ACL again by entering the following commands:

ls -l with_default_acl
Notice that the ACL has been removed.
6.
Close all terminal windows.
(End of Exercise)
106
Version 1
Exercise 11-5
Configure SuSEfirewall2
In this exercise, you practice configuring the firewall on SUSE Linux Enterprise
Server 11 SP2.
In this exercise, you practice configuring SuSEfirewall2 on your da1 server. You
install and configure the Apache Web Server on da1. Then you enable the firewall on
da1 and configure it to allow Web server traffic.
1.
If necessary, log in to da1 as geeko with a password of novell.
2.
Install the Apache Web Server on da1 by doing the following:

a.
b.
c.
Select Software > Software Management.
d.
From the View drop-down list, select Patterns.
e.
Select the Web and LAMP Server pattern.
f.
Click Accept.
g.
In the Automatic Changes screen, click Continue.
h.
If prompted, insert your SLES 11 SP2 installation DVD and click Retry.
Wait while the packages are installed.
3.
i.
When done, close YaST.
j.
Open a terminal session.
k.
Switch to root by entering su - at the shell prompt followed by a password

of novell.
l.
Start Apache on da1 by entering rcapache2 start at the shell prompt.
Test the Apache Web Server on da1 by doing the following:

a.
Select Computer > Firefox.
b.
In the Address field, enter http://da1.digitalairlines.com.

You should see a page saying It works!.
c.
4.
Close Firefox.
Enable SuSEfirewall2 on da1 by doing the following:

a.
Start YaST again on da1.
b.
Select Security and Users > Firewall.
c.
In the Start-Up screen, verify that mark Enable Firewall Automatic Starting
is marked.
d.
(Conditional) if your firewall isnt currently running, select Start Firewall

Now.
You should see the firewall status change to running.
Version 1
107
5.
e.
Click Next.
f.
Review the settings on the Summary screen, then click Finish.
g.
Close YaST.
Test the firewall configuration from your da-host workstation by doing the
following:
a.
Start Firefox on da-host.
b.
In the Address field, enter http://da1.digitalairlines.com.

The server should fail to respond because the firewall on da1 is blocking all
network traffic.
6.
7.
Configure the firewall on DA1 to allow Web server traffic by doing the
following:
a.
Switch to your DA1 virtual server.
b.
Start YaST and select Security and Users > Firewall.
c.
Select Allowed Services.
d.
From the Service to Allow drop-down list, select HTTP Server; then click
Add.
e.
From the Service to Allow drop-down list, select HTTPS Server; then click
Add.
f.
Click Next.
g.
Click Finish.
h.
Close YaST.
Test the new firewall configuration by doing the following:

a.
Switch to your da-host workstation.
b.
In the Firefox window, click the Reload icon.

The server should now respond because the firewall on da1 is configured to
allow HTTP and HTTPS traffic.
8.
Close all open windows on both systems.
(End of Exercise)
108
Version 1

3116 Workbook PDF

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

3116 Workbook PDF

Caricato da

Copyright:

Formati disponibili

SUSE Linux Enterprise Server 11 SP2

Novell Training Services

Novell, Inc., has intellectual property rights relating to technology embodied in

Check the Media in Your Student Kit

Check Hardware and Software Requirements

Set Up Your Practice Environment

Review the Exercise Conventions

Install SUSE Linux Enterprise Server 11 SP2

Install SUSE Linux Enterprise Server 11 SP2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Manage System Initialization

Administer Linux Processes and Services

Manage Linux Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

Administer the Linux File System

SUSE Linux Enterprise Server 11 SP2 Administration / Workbook

Configure the Network Manually

Configure the Network Connection Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Manage Linux Kernel Modules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

Configure Remote Access

Practice Using OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Monitor SUSE Linux Enterprise Server 11

Gather Information on your SLES 11 Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administer Linux Processes and Services

Schedule Jobs with cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

Manage Backup and Recovery

Back Up System Files with YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Administer User Access and Security

Configure PAM Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

SUSE Linux Enterprise Server 11 SP2 Administration / Workbook

Check the Media in Your Student Kit on page 7

Check Hardware and Software Requirements on page 8

Course Scenario on page 8

Set Up Your Practice Environment on page 9

Review the Exercise Conventions on page 16

Check the Media in Your Student Kit

3116 Workbook. Printed workbook that contains step-by-step instructions for

Course 3116 SUSE Linux Enterprise Server 11 SP2 Administration Course

exercises. This directory contains files used for course exercises.

SUSE Linux Enterprise Server 11 SP2 Product DVD

SUSE Linux Enterprise Desktop 11 SP2 Product DVD

SUSE Linux Enterprise Server 11 SP2 Administration / Workbook

Check Hardware and Software Requirements

Course 3116 Hardware and Software Requirements

You need a host computer that meets the

4 - 2.8Ghz CPU (or faster; use

and Graphics Card capable of

GB (or more) RAM

GB (or more) hard disk drive

Make sure that the host computer is actually

To complete the setup of the host computer,

Linux Enterprise Server 11 SP2

You use this software to install da-host.

Player 4.x.x or 5.x.x

Linux Enterprise Server 11 SP2

Install SUSE Linux Enterprise Server 11 SP2

Manage system initialization

Administer Linux processes and services

Configure the network

Configure remote access

Monitor a SUSE Linux Enterprise Server 11 SP2 system

Manage backup and recovery

Administer user access and security

Set Up Your Practice Environment