Beruflich Dokumente
Kultur Dokumente
SECTION 3
Understand SuSEconfig
In this section you learn about the SuSEconfig tool and how to use it for system administration and management.
Objectives
1. 2. 3.
Describe the Files in /etc/sysconfig/ Understand SuSEconfig Check File Permissions with SuSEconfig
Introduction
A large part of the configuration of SLES 9 is based on the files in the directory /etc/sysconfig/. The configuration tool SuSEconfig maintains configuration setups that depend on several packages. Whenever one or more of these packages are changed, SuSEconfig needs to be run. You can also use the SuSEconfig script to check for specific settings such as file permissions.
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-1
Objective 1
Variables for the mail configuration are defined in /etc/sysconfig/mail and /etc/sysconfig/postfix
Variables for Apache are set in /etc/sysconfig/apache (Apache 1.x) and /etc/sysconfig/apache2 (Apache 2.x)
The files contain parameters in the format VARIABLE=value Hash marks (##) are used for comments above each variable. YaST takes these comments to describe the variables in their configuration module. The comments also contain metadata. YaST uses them to display information about the variables in the YaST /etc/sysconfig Editor module.
3-2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Is part of the variable description. Its lines begin with 2 hash characters (##). It contains pairs: keyword:value
Path. Defines where the variable will be located in the tree widget, valid for all following variables in the file. There are predefined paths into which all sysconfig variables are divided:
Hardware. Hardware-related settings. System. Basic system configuration. Desktop. Desktop settings. Applications. Application settings. Network. Network services.
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-3
Description. Describes the path that is displayed when the user selects Path in the tree instead of variables. Type. Specifies the data type of value. It is used for checking the value entered. The following table lists supported types and values:
Table 3-1
Valid Values Any value Value from list or any value Only value from list Integer Integer in specified range (one limit can be missing, use e.g. integer(0:) for values >= 0) Only True or False Only Yes or No IPv4 or IPv6 address (such as 10.20.0.1) IPv4 address IPv6 address Only strings that match regular expression re (POSIX Extended Regular Expression), e.g. use regexp(^0[0-7]*$) for octal values
boolean yesno ip
x
3-4
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Default. The default value, represented by a valid value, which will be set if the user selects Set Default in YaST. ServiceReload/ServiceRestart/Command/Config. Describes what to do when items in this file have been changed in the YaST /etc/sysconfig Editor module:
ServiceReload. Reloads services if they are running. This is equivalent to the command /etc/init.d/service reload
ServiceRestart. Restarts services if they are running. This is equivalent to the command /etc/init.d/service restart
Command. Starts a command in the bash shell. Config. Starts selected SuSEconfig modules.
All keywords are optional. For more information about metadata, see /usr/share/doc/packages/yast2-config/metadata.txt.
The files in /etc/sysconfig/ can be edited: Manually with any text editor. With the special YaST editor for /etc/sysconfig/ in the YaST /etc/sysconfig Editor module.
Start the YaST /etc/sysconfig Editor module by selecting yast2 > System > /etc/sysconfig Editor or directly by entering yast2 sysconfig
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-5
After performing changes with YaST, the script /sbin/SuSEconfig runs. This script updates the system configuration where necessary. If you modify any of the configuration files with an editor, you have to run /sbin/SuSEconfig manually to update your system configuration.
3-6
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Objective 2
Understand SuSEconfig
This objective contains the following:
Describe SuSEconfig Describe SuSEconfig Functions Understand When to Start SuSEconfig Describe the Structure of SuSEconfig Modules in /sbin/conf.d/ Understand the Function check_md5_and_move Used by SuSEconfig Modules Restart Services
Describe SuSEconfig
SuSEconfig is a tool for updating the system configuration.
Additionally, there is a file /lib/YaST/SuSEconfig.functions that provides functions used by several modules.
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-7
Parts of the configuration depend on several packages. Whenever one of these packages is changed (installed, updated, or removed), SuSEconfig updates the configuration. For example, the configuration of the X11 fonts must be updated after any package providing fonts is changed.
2.
In earlier releases of SUSE LINUX, SuSEconfig was used to update configuration files for services depending on settings in files located in /etc/sysconfig/. For example, most of the commonly used configuration options for the Apache web server could be set in /etc/sysconfig/apache. SuSEconfig would then modify the corresponding options in /etc/httpd/httpd.conf.
This feature will not be included in future releases of SuSEconfig because very few services use it (for example, Postfix).
If the changes affect only one service, you can start the needed modules with the option --module. For example:
DA3:~ # SuSEconfig --module postfix
3-8
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
It is usually difficult to decide which module should be processed, so it is easier to run all SuSEconfig modules after any change in /etc/sysconfig/ or after any package is changed. YaST starts SuSEconfig automatically after performing changes with YaST.
... test -s $r/etc/sysconfig/postfix || { echo "No $r/etc/sysconfig/postfix found." exit 1 } . $r/etc/sysconfig/postfix ...
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-9
Load predefined functions, if needed. These are defined in the file /lib/YaST/SuSEconfig.functions. Loading is done like this:
... test -f $r/lib/YaST/SuSEconfig.functions || { echo "ERROR - can not find $r/lib/YaST/SuSEconfig.functions!!" echo "This should not happen. Exit..." exit 1 } . $r/lib/YaST/SuSEconfig.functions ...
... if test -z "$r" && test "$POSTFIX_UPDATE_MAPS" == yes ; then test -e /etc/aliases && \ if test /etc/aliases -nt /etc/aliases.db \ -o ! -e /etc/aliases.db ; then echo "Rebuilding /etc/aliases.db." /usr/bin/newaliases fi update_db virtual transport access canonical sender_canonical \ relocated sasl_passwd relay_ccerts chmod 600 /etc/postfix/sasl_passwd.db for i in $(get_alias_maps); do if test $i -nt $i.db -o ! -e $i.db; then echo "Rebuilding $i.db" /usr/sbin/postalias $i fi done /usr/sbin/postfix reload > /dev/null 2>&1 fi ...
3-10
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
It checks for config_file.SuSEconfig. This file includes the changes suggested by SuSEconfig. It checks MD5 sum of the config_file. This checksums are stored in subdirectories in the directory /var/adm/SuSEconfig/md5/etc/.
2.
3.
It moves the suggested config_file.SuSEconfig to config_file, if the MD5 checksum is the same or is missing. It updates the MD5 checksum. If the checksum of config_file and config_file.SuSEconfig are different, it keeps config_file untouched and prints the message to inform the administrator. The created config_file.SuSEconfig file can be compared with the manually changed configuration file to check which changes SuSEconfig would have made.
4. 5.
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-11
For example, after a manual change to /etc/postfix/main.cf, the following happens, when SuSEconfig is launched:
DA3:~ # SuSEconfig --module postfix Starting SuSEconfig, the SuSE Configuration Tool... Running module postfix only Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.postfix... Setting up postfix local as MDA... Setting SPAM protection to "off"... ATTENTION: You have modified /etc/postfix/main.cf. Leaving it untouched... You can find my version in /etc/postfix/main.cf.SuSEconfig... Finished.
Restart Services
After a file in /etc/sysconfig/ has been edited and all affected files have been updated by running SuSEconfig, the involved services must be restarted. For example, for the network configuration, this can be done with the following command:
DA3:~ # /etc/init.d/network restart
x
3-12
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Objective 3
The files listed in the file /etc/permissions The files listed in one or more of the following files:
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-13
If the variable contains easy local, the following files are checked:
/etc/permissions.easy /etc/permissions.local
/etc/permissions.secure
/etc/permissions.paranoid
3-14
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Additionally, the directory /etc/permissions.d/ can contain permission files for specific packages. The Postfix package is an example. A short description of the general permission files is given below:
/etc/permissions. Used by SuSEconfig to check or set the modes and ownerships of files and directories common for all installations. /etc/permissions.local. Holds local additions made by the system administrator to reflect file permissions and ownerships of locally installed packages (usually in /opt/local/ or /usr/local/). This file will not be changed during an upgrade of the SLES 9 installation.
/etc/permissions.easy. Used in a standalone and single-user installation to make things work out-of-the box. Some of the settings might be somewhat relaxed from the security standpoint. These settings are handled differently in the file /etc/permissions.secure.
/etc/permissions.secure. Used in a multiuser and networked installation. Most privileged file modes are disabled here. Programs that still have their SUID or SGID modes are always a security risk. Those that remain SUID or SGID with /etc/permission.secure are considered necessary for normal system operation.
/etc/permissions.paranoid. This should not be used on a system where normal users are expected to work on. Derived from /etc/permissions.secure, it has all SGID and SUID bits cleared; therefore, the system might be unusable for non-privileged users except for simple tasks. In addition, many configuration files are not readable for other users than root.
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-15
SuSEconfig uses the program /usr/bin/chkstat to check the access mode and the user and group memberships. For example, the command chkstat -set /etc/permissions will parse the file /etc/permissions and set the access mode and the user and group memberships for each file listed. The format for the input file is filename owner:group mode For example: /etc/passwd root:root 644
3-16
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
The YaST Security module can be used to configure which /etc/permissions.* file is used by SuSEconfig; as shown in the following: Figure 3-2
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-17
Exercise 3-1
Use the YaST /etc/sysconfig Editor Module To use the YaST /etc/sysconfig Editor module, complete the following:
1.
Ensure that you are logged into the servers GUI as geeko with a password of Nov3ll. Launch a terminal window by selecting the respective icon. In the terminal window, enter less /etc/sysconfig/cron
2. 3.
4.
5. 6.
Quit less by pressing q. Launch YaST from the main menu by selecting System > Configuration > YaST Control Center. Enter the root password novell in the authentication window. On the left, select System. On the right, select /etc/sysconfig Editor. options.
7. 8. 9.
10. Browse through the tree on the left side to view the available 11. On the left, open the System entry. 12. Within System, open the Cron entry. 13. Within Cron, select MAX_DAYS_IN_TMP. 14. Change the value to 180. 15. Select Finish. 16. Accept the modified variables by selecting OK. 17. In the terminal window, repeat the command
3-18
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
less /etc/sysconfig/cron by pressing Up-Arrow and Enter. Notice the change to the MAX_DAYS_IN_TMP variable.
The advantage of the YaST module is the tree structure. The tree lets you find the variables easily without having to bother with the filename and see where these variables are defined. Apart from that, changing the values within the files using an editor has the same effect.
18. Close YaST and your terminal session.
(End of Exercise)
Exercise 3-2
Use SuSEconfig to Check and Set File Permissions To use SuSEconfig to check and set file permissions, complete the following:
1.
Ensure you are logged in to your servers GUI as geeko with a password of N0v3ll. Launch a terminal window: a. b. c. Press Alt + F2. Enter konsole. Select Run.
2.
3. 4. 5.
In the terminal, get root privileges by entering sux -. Enter the root password novell at the prompt. To edit the file /etc/permissions.local, enter vi /etc/permissions.local
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-19
6.
Add the following line to the end of the file: /etc/hosts root:root 0644
7. 8.
Save the file and exit vi by entering :wq. Run SuSEconfig to check file permissions by entering SuSEconfig --module permissions You will see a result similar to this:
Starting SuSEconfig, the SuSE Configuration Tool... Running module permissions only Reading /etc/sysconfig and updating the system... Executing /sbin/conf.d/SuSEconfig.permissions... Checking permissions and ownerships - using the permissions files /etc/permissions.d/apache2 /etc/permissions.d/cups-client /etc/permissions.d/kdebase3 /etc/permissions.d/kdelibs3 /etc/permissions.d/mailman .... Finished.
9.
Change the file permissions on /etc/hosts to simulate a misconfiguration by entering chmod g+w /etc/hosts
3-20
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
ls -l /etc/hosts
12. Simulate a misconfiguration to the hosts file permissions by
14. Check that the permissions have been reset again to the
configured value by entering ls -l /etc/hosts The result will look like the following:
-rw-r--r-- 1 root root 687 Jun 18 08:42 /etc/hosts
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-21
15. Leave the session with root privileges by entering exit. 16. Close your terminal window.
(End of Exercise)
3-22
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Summary
Objective
1. Describe the Files in
/etc/sysconfig/
Summary /etc/sysconfig/ is the central place for configuration files. The configuration files contain general system configuration variables in the format VARIABLE=value The comments above each variable contain metadata in the format: ## keyword:value YaST takes the metadata to display information on the variables in the YaST /etc/sysconfig Editor module.
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-23
Objective
1. Describe the Files in
/etc/sysconfig/ (continued)
Start this YaST module by selecting yast2 > System > /etc/sysconfig Editor or by entering yast2 sysconfig After performing changes with YaST, the script /sbin/SuSEconfig runs automatically. After performing changes with an editor, you have to run /sbin/SuSEconfig manually.
3-24
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Objective
2. Understand SuSEconfig
Summary SuSEconfig
Is a tool for updating the system configuration. Is based on shell scripts. Consists of
Maintaining the system configuration depending on changes in different packages Generating configuration files from settings in files located in /etc/sysconfig/ (only used by a few services).
SuSEconfig has to be started manually, when files in /etc/sysconfig/ have been modified using an editor. Start SuSEconfig by entering SuSEconfig Start a selected SuSEconfig module by entering SuSEconfig --module module
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-25
Objective
2. Understand SuSEconfig
(continued)
Summary The files in /sbin/conf.d/ are shell scripts. Their name begins with SuSEconfig. The files
Contain required configuration files, usually sourced from /etc/sysconfig/. Load predefined functions, defined in /lib/YaST/SuSEconfig.functions. Contain code that updates the system configuration.
check_md5_and_move checks a configuration file and replaces it with a new version. If the user has changed a file manually, SuSEconfig leaves the file untouched and creates a file, that can be compared with the manually changed file. After editing a file in /etc/sysconfig/ and updating all affected files by running SuSEconfig, the involved services must be restarted by entering /etc/init.d/service restart or rcservice restart
3-26
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2
Understand SuSEconfig
Objective
3. Check File Permissions with
SuSEconfig
Files listed in /etc/permissions One or more of the following files (depending on the variable PERMISSION_SECURITY in /etc/sysconfig/security):
SuSEconfig uses /usr/bin/chkstat to check the access mode and user and group membership. YaST Security module can be used to configure which /etc/permissions.* file is used by SuSEconfig.
Version 2
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
3-27
3-28
Copyright 2007 Novell, Inc. Copying or distributing all or part of this manual is protected by a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
Version 2