Inserisci Infobox

OS Guide: Suse 9

The OpenSkills guide to (experienced) Linux system administrators: Suse 9 Professional

Suse 9.x: The Boot process
Autore: al - Ultimo Aggiornamento: 2005-02-11 23:42:24 - Data di creazione: 2004-09-16 16:02:38
Tipo Infobox: DISTRO - Skill: 3- INTERMEDIATE

The boot process of Suse 9 on the ia32 architecture follows the phases typical of every Linux:
- Bios POST a boot device selection (hard disk, in a normal installation). Depends on the hardware.
- Execution of the Linux loader on the Master Boot Record (grub or lilo, usually)
- Kernel loading
- Execution of init and startup of the various services.

Linux loader
SuSE 9 is based on grub as default Linux loader. It uses YaST2 to manage it [System - BootLoader Configuration], storing general configuration data in /etc/grub.conf and information about the booting options in /boot/grub/menu.lst.
The directory /boot/grub/ contains all the configuration files and the binaries.
It's possible to find a copy of the MBR present on the system before the SuSE installation in the file /boot/backup_mbr.
The always useful Memtest tool, which can be chosen as boot option, is placed in /boot/memtest.bin
The mapping of devices and their names is in /boot/grub/device.map.

Kernel
The defaut kernel is /boot/vmlinuz which actually is a link to a file named boot/vmlinuz-kernelversion. Similar symlinking is done for the /boot/initrd.
Kernel modules are placed in /lib/modules/kernelversion

Init
SuSe 9 conforms to the Linux Standard Base (LSB) for the whole initialization phase: the usual /etc/inittab defines what to execute at the different run-levels of the system, in /etc/init.d are stored all the startup and shutdown scripts for the various services, which are managed by the symlinks in the /etc/rc.d/rc.runlevel directories.
An useful sample file for building own startup scripts is /etc/init.d/skeleton which provides all the references and a base structure for a fully integrated script.
Once created a script you can generate all the rc symlinks structure with the command insserv or using YaST2's runlevel editor [System - Runlevel Editor].
The runlevels have common meanings: 0- halt, 1- single user mode, 3- multiuser with network, 5- multiuser with network and xdm graphical login, 6-reboot.
Most of the startup options can be set editing the files in /etc/sysconfig which can be also modified with YaST2 [System - /etc/sysconfig Editor]. Note that many important settings of the system (the typical ones you never know how are managed) can be easily be defined with this graphic interface or editing directly the files in /etc/sysconf.
When you manually edit them, sunce they can influence the creation of other system's configuration files, you should run SuSEconfig to validate and apply the new configurations (this is done automatically whenever you exit from YaST2).
Some scripts are always executed at the startup (except when operating in emergency mode), before entering any runlevel:
/etc/init.d/boot
- Exports the environment variables LINES COLUMNS CONSOLE;
- Sources the script /etc/rc.status which contains all the functions used in the boot script messages;
- Loads the (useful) boot configuration file /etc/sysconfig/boot where are defined variables that affect the boot sequence (prompt for user confirmation, pallalelizing of services statup, possibility to stop the boot process...)
- Mounts the /proc and /dev/pty file systems;
- Asks for interactive boot mode (if $PROMPT_FOR_CONFIRM=yes);
- Starts blogd wich logs the boot messages in /var/log/boot.msg;
- Checks the symlinks in the /etc/init.d/boot.d/ directory which point, with an elegant logic similar to the rc one (S for starting scripts, K for killing scripts), to various scripts which are executed in the following order (they are all started, by default):
/etc/init.d/boot.proc sets some /proc parameters as Magic SysRq Key according to what is configured in /etc/sysconfig/sysctl;
/etc/init.d/setserial provides serial ports configuration and has pre-set (commented) entries for various multiport boards;
/etc/init.d/boot.md handles the multiple devices (used for software Raid);
/etc/init.d/boot.lvm manages Logical Volumes (checking /etc/sysconfig/lvm for additional configuration);
/etc/init.d/boot.localfs checks and mounts the local file systems (here the boot can be interrupted if there's a file system check failure);
/etc/init.d/boot.crypto enables and mounts crypto file systems;
/etc/init.d/boot.loadmodules load modules required to be loaded in specific order;
/etc/init.d/boot.restore_permissions restores devices permissions after a crash;
/etc/init.d/boot.scpm manages System's Profiles with scpm, a nice SuSE GPL  utility that manages different profiles to be chosen at boot (typically network settings, but not only, since the user can decide what scripts have to be executed for each profile). It can be configured with YaST;
/etc/init.d/boot.swap enables swap partitions and the Shared Memory File System (SHM);
/etc/init.d/boot.clock sets CMOS clock;
/etc/init.d/boot.idedma activates DMA mode on IDE devices according to what is configured in /etc/sysconfig/hadware;
/etc/init.d/boot.ldconfig runs, if needed, ldconfig to rebuild links and caches of shared libraries;
/etc/init.d/boot.isapnp initializes Isa Plug and Play devices;
/etc/init.d/boot.localnet sets up hostname, loopback interface and YP bindings;
/etc/init.d/boot.sched sets kernel's scheduling timeslices according to what is configured in /etc/sysconfig/kernel
/etc/init.d/boot.ipconfig sets typical network settings as IP forwarding, TCP syncookies for syn-flood protection according to what is configured in /etc/sysconfig/sysctl (network IP settings are later defined when starting the /etc/init.d/network script, according to the selected runlevel) ;
/etc/init.d/boot.klog writes kernel boot messages to /var/log/boo.msg.
At its end, the /etc/init.d/boot script runs /etc/init.d/boot.local where the administrator can place custom scripts to run before entering into any runlevel.
What follows depend on the services installed and the decision to run them at the boot runlevel according to the rc directories in /etc/init.d. Note that there still exist a /etc/rc.d directory, but it's a simple symlink to /etc/init.d.

Services
To manage services it's possibile to invoke directly the relative script or use the rcservice commands. For example:
[root@vagante al]# rcsnmpd start
does the same (starting the SNMP daemon) of:
[root@vagante al]# /etc/init.d/snmpd start
since /usr/sbin/rcsnmpd is actually a symlink to /etc/init.d/snmpd.

Suse 9: Firewalling
Autore: al - Ultimo Aggiornamento: 2004-01-14 23:17:08 - Data di creazione: 2004-01-14 23:17:08
Tipo Infobox: DISTRO - Skill: 3- INTERMEDIATE

Suse 9's firewall management is in the hands of the SuSEfirewall2 package and (obviously) based on iptables. The package provides a main script /sbin/SuSEfirewall2 and various initialization and configuration scripts that  present a user friendly logic that hides the raw syntax of the iptables command.
The configuration can be done with YaST2 graphical interface or editing directly the main configuration file /etc/sysconfig/SuSEfirewall2.

The questions asked in YaST2 have their equivalent in the variables configured in this file, which define various (well commented) parameters function-oriented such as:
FW_QUICKMODE="no"
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_DEV_DMZ=""
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="no"
# FW_SERVICES_EXT_TCP="www"
# FW_SERVICES_DMZ_UDP="syslog"
FW_SERVICES_EXT_TCP="http ssh telnet"
FW_SERVICES_EXT_UDP=""
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP=""
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP=""
FW_SERVICES_INT_UDP=""
FW_SERVICES_INT_IP=""
# FW_SERVICES_QUICK_TCP="ssh"
# FW_SERVICES_QUICK_UDP="isakmp"
# FW_SERVICES_QUICK_IP="50"
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="no"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="no"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="yes"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
#FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
FW_CUSTOMRULES=""
FW_REJECT="no"
# FW_HTB_TUNE_DEV="ppp0,125"
#   FW_HTB_TUNE_DEV="ppp0,250"
FW_HTB_TUNE_DEV=""


The init scripts are divided in three stages: /etc/init.d/SuSEfirewall2_init, /etc/init.d/SuSEfirewall2_setup and /etc/init.d/SuSEfirewall2_final  which are easily managed by the rcSuSEfirewall2 script.
Sample configurations and some docs can be found in /usr/share/doc/packages/ and, while it's still possible to use the iptables command in the interactive shell or in custom scripts, the easy and fast choice is surely to comform to the SuSEfirewall2 logic.
The SuSEfirewall2 command provides some nice options:
SuSEfirewall2 start|stop Applies or removes the iptables.
SuSEfirewall2 status Show the status of the iptables (provides the output of iptables -L -nv).
SuSEfirewall2 test Simulates the rules, logging all the packets that would be dropped.
SuSEfirewall2 debug Prints to stdout the iptables commands that could be applied, without actually executing them.

Suse - Installation
Autore: al - Ultimo Aggiornamento: 2005-02-11 23:38:49 - Data di creazione: 2004-09-14 21:16:46
Tipo Infobox: DISTRO - Skill: 2- JUNIOR

SuSE's installation procedure has always been quite user friendly leaving, at the same time, the option for advanced customization for experienced users.
YaST obviously makes the difference and gives the opportunity to choose a graphical or a text based front end.

Before launching YaST it is possible to load additional kernel drivers, set various basic parameters (keyboard, language, monitor), obtain basic information about the local hardware and decide the installation medium (CDROM, NFS, FTP, hard disk) with linuxrc.
The installation procedure is similar to the one of other modern Linux distribution with support for software RAID, LVM, crypted file systems and, very useful when you haven't already free partitions, the possibility of changing the size of the current partitions (it tries to do it also on NTFS partitions).
If you find problems, at boot time you can select a memory test, disable functions that might give problems with your hardware (ACPI support, for example) or try to boot with the second CDROM with a different booting ISO.
Since YaST is used both for installation and configuration of the system, it is possible to decide a remarkable amount of settings during installation, from the network device on your system (NIC, modem, ISDN card, ADSL) to the authentication method (NIS, NIS+, LDAP), from the recognition of audio, video and tv cards to the configuration of printers. At the end it's possible to launch immediately a network update of the installed software, decide the updates policies and, remarkably, choose to download external software (MS core fonts or NVIDIA 3d drivers) that can't be included in the package.

Suse 9: Logs management
Autore: al - Ultimo Aggiornamento: 2004-01-11 20:58:58 - Data di creazione: 2004-01-11 20:58:58
Tipo Infobox: DISTRO - Skill: 3- INTERMEDIATE

SuSE's log management is similar to the one used on every Unix.

The Syslog service, configured via the usual /etc/syslog.conf file manages the system's logs.
Its default configurations are quite common in some parts:
/var/log/messages receives every log except mail and news;
/var/log/mail has all the logs about the mail system, who are also divided in further files according to the debug level: mail.info mail.warn mail.err;
/var/log/news/ directory contains all the logs about the news service;
Other useful settings are:
/var/log/localmessages receives all the messages from the local facilities (from local0 to local 7);
/dev/tty10 displays kernel warnings and all the errors (Alt+F10 to see them).
/var/log/warn collects all the system warnings, errors and critical messages.
The syslogd used is the typical Linux variant of the BSD syslogd with support for a separated kernel logging daemon (klogd).

Log rotation facilities are, by deafult, left in the flexible hands of logrotate whose main configuration file /etc/logrotate.conf is configured to add all the configuration includes in the /etc/logrotate.d/ directory.
The default settings provide a weekly rotation with a total retention of 4 weeks, but the configuration includes for single services (apache, samba, squid, fetchmail etc) tend to rotate logs when they reach a fixed size and keep a retention of 99 archived log files.

Other interesting logs are:
/var/log/update-messages displays verbose messages and readmes about some updated packages;
/var/log/SaX.log /var/log/XFree86.0.log /var/log/kdm.log all provide (similar) logs about the X Window system;
/var/log/boot.msg sums up both the kernel and the system's services log related to the last boot;
/var/log/YaST2/ directory contains all the logs about YaST, amonth these you find y2logRPM (the list of the installed RPMs).

If you install the sysreport package you can find the sar logs in the /var/log/sa/ directory.  

Suse 9: Network configuration
Autore: al - Ultimo Aggiornamento: 2004-01-14 19:59:31 - Data di creazione: 2004-01-14 19:59:31
Tipo Infobox: DISTRO - Skill: 3- INTERMEDIATE

Network configuration on Suse has substantially evolved since version 8.0 and resembles the one found in various other Linux distributions.
As usual Yast2 can be used to fully configure network devices nad TCP/IP settings and since we presume you already know how to do it with a graphical interface, let's see, more deeply the involved files.

Configuration files
/etc/sysconfig/network/ifcfg-*
These are the systems's configuration files for every network interface where "*" can be the name of the inteface (eth0, eth1, lo, ppp0...), its MAC address (ex: 00c09f2dc8a4) or indicate what hardware is used (usb, pcmcia).
The main parameters used in these files are:
BOOTPROTO - Can be static (IP configured manually), dhcp (IP oubtained through DHCP)
IPADDR BROADCAST NETMASK NETWORK - Define typical IP parameters: IP address, broadcast, netmask and network address
MTU - Defines the Maximum Transfer Unit (the size of every IP packet). Default on ethernet devices is 1500.
STARTMODE - Indicates the to activate the interface: onboot (at system's boot), hotplug (when a pluggable network device is inserted), manual (manually).
Other parameters can be used and can vary according to the interface type.

/etc/sysconfig/network/config
Contains various, well commented, variables that are applied to every interface, they include also what actions can be done when the interface status is changed. The same values can be specified in the single /etc/sysconfig/network/ifcfg-* files, for a more granular control on the single interfaces.
/etc/sysconfig/network/dhcp, similarly, sets parameters related to dhcp use (logging, lease time, timouts, modification of system's settings, wait time at boot and so on).
/etc/sysconfig/network/wireless sets and describes the various parameters that can be applied to wireless devices (wieless mode, essid, frequency, sensibility, encryption key...). As usual they can be used in the ifcfg files of the single wireless devices, but it's useful to know the options than can be used.

/etc/sysconfig/network/routes
Defines all the (general) static routes. It's possible to specify routes exclusively related to the activation of single interfaces with the files /etc/sysconfig/network/ifroute-interface.
The format of this file is:
DESTINATION  GATEWAY  NETMASK|PREFIX INTERFACE [TYPE] [OPTIONS]


/etc/resolv.conf
Defines, as in most Unixes, the address of the DNS server to be used by the system.
Some services (pppd, ipppd, dhcpclient, hotplug, pcmcia, pptpclient) can temporarily modify this file in order to use, according to the new connection established, the appropriate DNS server. This is done by Suse's nice shell script /sbin/modify_resolvconf which has various options to handle and manage different dynamic entries in /etc/resolv.conf and /etc/named.conf.

/etc/hosts
As in most Unixes, in this file you can statically assign IP addresses to host names. You can also use /etc/networks for IP networks. The resolver by default first checks this file, before querying the DNS servers in /etc/resolv.conf. This order and other settings about how the system assigns names to resources can be changed (as in every Linux) in /etc/host.conf (old configuration file used by libc4 and libc5 linked programs) or /etc/nsswitch.conf (used by every recent program linked with glibc libraries).

/etc/HOSTNAME
Contains the hostname of the system, used by various startup scripts.

Commands
SuSE features typical Linux network related commands as ifconfig route netstat ip and other commands which can be found in various distros such as ifup (can be invoked also by the symlinks ifstatus or ifdown giving status info on the specified interface or shutting it down) .
Similarly to RedHat's service command, SuSE provides a set of scripts, or better symlinks, to manage to init scripts for the various services:
/sbin/rcnetwork restart restarts the network services as would do the command /etc/init.d/network restart.

Suse 9: Shell initialization
Autore: al - Ultimo Aggiornamento: 2005-02-11 23:43:10 - Data di creazione: 2004-01-06 16:45:42
Tipo Infobox: DISTRO - Skill: 4- ADVANCED

The initialization scripts of the shells in SuSE Professional 9have functions and login similar to the ones of other Linux distros and Unix flavours.
Let's analyze them.

/etc/profile (every shell)
Is the common init script for every shell. It sets a number of environment variables system settings. It's generally not a good idea to modify it, since there are various other dedicated files for custom settings. It:
- Checks the shell by which is invoked (this file is common to every shell) and assigns the shell's name to the is variable.
- Sets $TERM=linux and other terminal parameters with stty and tset
- Sets umask = 022
- Sets and exports the environment variables: HOST CPU HOSTNAME HOSTTYPE OSTYEP MACHTYPE
- Sets some ulimits: disactivates core file dumps and provides (commented) some default settings for maximum data, stack and RSS sizes of processes.
- Sets and exports the default PATH (PATH=/usr/local/bin:/usr/bin:/usr/X11R6/bin:/bin, to which are added sbin directories only for UID 0 (root). It also checks the existence of various directories and adds them to the PATH f they exist: $HOME/bin $HOME/bin/$CPU /var/lib/dosemu /usr/games /opt/bin /opt/gnome/bin /opt/kde3/bin /opt/kde2/bin /opt/kde/bin /usr/openwin/bin /opt/cross/bin
- Sets and exports INPUTRC=$HOME/.inputrc OR, if doesn't exist a .inputrc file in the user's home, INPUTRC=/etc/inputrc.
- Sets and exports HISTSIZE=1000
- Sets and exports TEXINPUTS for Tex/Latex
- Sets and exports variables for the default pages (less): LESSOPEN LESSCLOSE LESS LESSKEY PAGER LESS_ADVANCED_PREPROCESSOR
- Sets and exports MINICOM="-c on"
- Sets and exports MANPATH
- Sets and exports INFOPATH INFODIR (they are equal: /usr/local/info:/usr/share/info:/usr/info
- Sets and exports XKEYSYMDB XNLSPATH (for old motif applications)
- If /etc/nntpserver exists sets and exports NNTPSERVER
- If /etc/organization exists sets and exports ORGANIZATION
- Sets and exports COLORTERM=1 (used by mc)
- Checks if there exist scripts in the /etc/profile.d directory and executes them if they end with .sh.
- Checks if /etc/SuSEconfig/profile exists and executes it (this script is generated by Yast and shouldn't be edited directly)
- (This option is commented by default) Checks if /etc/profile.dos exists and executes it (this script adds  an alias for various typical DOS commands giving an explanation of their alternatives in the Unix world). For Windows users it can be useful to uncomment this.
- Checks if /etc/profile.local exists and executes it (this file doesn't exist by default and can be used for customization)
- Checks if /etc/bash.bashrc and $HOME/.bashrc exist and executes them (only if the shell is bash).
- Checks if /etc/ksh.kshrc and $HOME/.kshrc exist and executes them (only if the shell is ksh).

/etc/inputrc (And $HOME/.inputrc for custom codes)
Sets the key bindings for various terminals (linux, xterm, gnome, kvt) for the readline library that handles user's inputs in an interactive shell.

/etc/profile.d/ (every shell)
In this directory SuSE places various scripts for different programs and adds different suffixes for different shells. Here you find scripts like alias.ash (simulates the alias function under ash), mc.csh mc.sh (used by mc under sh and csh), cvs.sh (sets up environment variables for cvs).
In this way every single package can easily install its own init scripts adapted to different shells (the ones with suffix .sh are always run, the others run only with the relevant shell).

/etc/SuSEconfig/profile
This file sets some important environment variables according to what is configured under /etc/sysconfig and should not be edited manually:
- Sets and exports LANG QTDIR WINDOWMANAGER

/etc/bash.bashrc (every shell)
Despite its name, this script is sourced by every shell in SuSE 9 and does various things:
- Sets the dircolors according to the master configuration file /etc/DIR_COLORS and exports LS_COLORS LS_OPTIONS. If you want to customize your listing colors you can override its settings with the file $HOME/.dir_colors
- Sets the prompt format (PS1) for various shells and some aliases.
- If it exists, executes /etc/bash.bashrc.local (by default is null and can be used by custom general settings)

$HOME/.bashrc (bash only)
This can be changed by every user and, in SuSE9, is always executed with the bash shell (other Unixes use this only in interactive shels). By default it:
- esecutes /etc/profile.dos with some aliases useful for DOS users;
- executes $HOME/.alias if it exists, for custom alias definitions.
It has also various (commented) settings, for exporting PILOTRATE PILOTPORT EDITOR

$HOME/.profile (every shell)
This is custom for every user and is executed in every login shell. The default file (stored in /etc/skel for replication in the home of every new user) is entirely commented and has already set few fuctions to uncomment: exporting for a custom, local LANG and activation of fortune at the login (by default is disabled).

Suse 9: Users management
Autore: al - Ultimo Aggiornamento: 2004-02-03 22:03:09 - Data di creazione: 2004-02-03 22:03:09
Tipo Infobox: DISTRO - Skill: 2- JUNIOR

Suse's handling of users and groups is similar to the one of most Linuxes:
/etc/passwd contains the list of the systems' users, with the usual logic;
/etc/shadow stores the crypted passwords and additional data about account expiration, notification times and the additional data provided by the shadows utilities.
/etc/group lists the system's groups with a logic similar to the one of many Unixes (but not the private group scheme where each user has his own group used in distros like RedHat).
The file /etc/login.defs contains various parameters of the default settings related to the users such as login retries and timeouts, default password expiration, maximum and minimum days for password changing, default UID and GID ranges (normal users start from UID 500 and GID 1000), default umask (022).

The management utilities are the usual ones:
useradd userdel usermod Add, remove and modify the system users
groupadd groupdel groupmod Add, remove and modify the system's groups.
Yast obvious gives the opportunity to configure easily all the parameters related to users management and permits the authentication to a remote server via various protocols: NIS, NIS+, Kerberos, LDAP, SMB.