Product SiteDocumentation Site

Fedora 24

System Administrator's Guide

Deployment, Configuration, and Administration of Fedora 24

Edition 1.0

Stephen Wadeley

Red Hat Customer Content Services

Jaromír Hradílek

Red Hat Customer Content Services

Petr Bokoč

Red Hat Customer Content Services

Petr Kovář

Red Hat Customer Content Services

Tomáš Čapek

Red Hat Customer Content Services

Douglas Silas

Red Hat Customer Content Services

Martin Prpič

Red Hat Customer Content Services

Eliška Slobodová

Red Hat Customer Content Services

Miroslav Svoboda

Red Hat Customer Content Services

John Ha

Red Hat Customer Content Services

David O'Brien

Red Hat Customer Content Services

Michael Hideo

Red Hat Customer Content Services

Don Domingo

Red Hat Customer Content Services

Legal Notice

Copyright © 2016 Red Hat, Inc. and others.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
For guidelines on the permitted uses of the Fedora trademarks, refer to https://fedoraproject.org/wiki/Legal:Trademark_guidelines.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
All other trademarks are the property of their respective owners.
Abstract
The System Administrator's Guide documents relevant information regarding the deployment, configuration, and administration of Fedora 24. It is oriented towards system administrators with a basic understanding of the system.

Preface
1. Target Audience
2. How to Read this Book
3. Document Conventions
3.1. Typographic Conventions
3.2. Pull-quote Conventions
3.3. Notes and Warnings
4. We Need Feedback!
5. Acknowledgments
I. Basic System Configuration
1. Opening Graphical Applications
1.1. Opening graphical applications from the command line
1.2. Launching Applications with Alt+F2
1.3. Launching applications from the Desktop Menu
1.3.1. Using GNOME menus
1.3.2. Using KDE menus
1.3.3. Using menus in LXDE, MATE, and XFCE
2. System Locale and Keyboard Configuration
2.1. Setting the System Locale
2.1.1. Displaying the Current Status
2.1.2. Listing Available Locales
2.1.3. Setting the Locale
2.2. Changing the Keyboard Layout
2.2.1. Displaying the Current Settings
2.2.2. Listing Available Keymaps
2.2.3. Setting the Keymap
2.3. Additional Resources
3. Configuring the Date and Time
3.1. Using the timedatectl Command
3.1.1. Displaying the Current Date and Time
3.1.2. Changing the Current Time
3.1.3. Changing the Current Date
3.1.4. Changing the Time Zone
3.1.5. Synchronizing the System Clock with a Remote Server
3.2. Using the date Command
3.2.1. Displaying the Current Date and Time
3.2.2. Changing the Current Time
3.2.3. Changing the Current Date
3.3. Using the hwclock Command
3.3.1. Displaying the Current Date and Time
3.3.2. Setting the Date and Time
3.3.3. Synchronizing the Date and Time
3.4. Additional Resources
4. Managing Users and Groups
4.1. Introduction to Users and Groups
4.1.1. User Private Groups
4.1.2. Shadow Passwords
4.2. Managing Users in a Graphical Environment
4.2.1. Using the Users Settings Tool
4.3. Using Command Line Tools
4.3.1. Adding a New User
4.3.2. Adding a New Group
4.3.3. Enabling Password Aging
4.3.4. Enabling Automatic Logouts
4.3.5. Creating Group Directories
4.4. Additional Resources
5. Gaining Privileges
5.1. The su Command
5.2. The sudo Command
5.3. Additional Resources
II. Package Management
6. DNF
6.1. Checking For and Updating Packages
6.1.1. Checking For Updates
6.1.2. Updating Packages
6.1.3. Preserving Configuration File Changes
6.2. Packages and Package Groups
6.2.1. Searching Packages
6.2.2. Listing Packages
6.2.3. Displaying Package Information
6.2.4. Installing Packages
6.2.5. Removing Packages
6.2.6. Working with Transaction History
6.3. Configuring DNF and DNF Repositories
6.3.1. Setting [main] Options
6.3.2. Setting [repository] Options
6.3.3. Using DNF Variables
6.4. Viewing the Current Configuration
6.5. Adding, Enabling, and Disabling a DNF Repository
6.6. Additional Resources
III. Infrastructure Services
7. Services and Daemons
7.1. Configuring Services
7.1.1. Enabling the Service
7.1.2. Disabling the Service
7.2. Running Services
7.2.1. Checking the Service Status
7.2.2. Running the Service
7.2.3. Stopping the Service
7.2.4. Restarting the Service
7.3. Additional Resources
7.3.1. Installed Documentation
7.3.2. Related Books
8. OpenSSH
8.1. The SSH Protocol
8.1.1. Why Use SSH?
8.1.2. Main Features
8.1.3. Protocol Versions
8.1.4. Event Sequence of an SSH Connection
8.2. Configuring OpenSSH
8.2.1. Configuration Files
8.2.2. Starting an OpenSSH Server
8.2.3. Requiring SSH for Remote Connections
8.2.4. Using Key-based Authentication
8.3. Using OpenSSH Certificate Authentication
8.3.1. Introduction to SSH Certificates
8.3.2. Support for SSH Certificates
8.3.3. Creating SSH CA Certificate Signing Keys
8.3.4. Distributing and Trusting SSH CA Public Keys
8.3.5. Creating SSH Certificates
8.3.6. Signing an SSH Certificate Using a PKCS#11 Token
8.3.7. Viewing an SSH CA Certificate
8.3.8. Revoking an SSH CA Certificate
8.4. OpenSSH Clients
8.4.1. Using the ssh Utility
8.4.2. Using the scp Utility
8.4.3. Using the sftp Utility
8.5. More Than a Secure Shell
8.5.1. X11 Forwarding
8.5.2. Port Forwarding
8.6. Additional Resources
9. TigerVNC
9.1. VNC Server
9.1.1. Installing VNC Server
9.1.2. Configuring VNC Server
9.1.3. Starting VNC Server
9.1.4. Terminating a VNC Session
9.2. VNC Viewer
9.2.1. Installing VNC Viewer
9.2.2. Connecting to VNC Server
9.2.3. Connecting to VNC Server Using SSH
9.3. Additional Resources
IV. Servers
10. Web Servers
10.1. The Apache HTTP Server
10.1.1. Notable Changes
10.1.2. Updating the Configuration
10.1.3. Running the httpd Service
10.1.4. Editing the Configuration Files
10.1.5. Working with Modules
10.1.6. Setting Up Virtual Hosts
10.1.7. Setting Up an SSL Server
10.1.8. Additional Resources
11. Mail Servers
11.1. Email Protocols
11.1.1. Mail Transport Protocols
11.1.2. Mail Access Protocols
11.2. Email Program Classifications
11.2.1. Mail Transport Agent
11.2.2. Mail Delivery Agent
11.2.3. Mail User Agent
11.3. Mail Transport Agents
11.3.1. Postfix
11.3.2. Sendmail
11.3.3. Fetchmail
11.3.4. Mail Transport Agent (MTA) Configuration
11.4. Mail Delivery Agents
11.4.1. Procmail Configuration
11.4.2. Procmail Recipes
11.5. Mail User Agents
11.5.1. Securing Communication
11.6. Additional Resources
11.6.1. Installed Documentation
11.6.2. Useful Websites
11.6.3. Related Books
12. Directory Servers
12.1. OpenLDAP
12.1.1. Introduction to LDAP
12.1.2. Installing the OpenLDAP Suite
12.1.3. Configuring an OpenLDAP Server
12.1.4. SELinux Policy for Applications Using LDAP
12.1.5. Running an OpenLDAP Server
12.1.6. Configuring a System to Authenticate Using OpenLDAP
12.1.7. Additional Resources
12.1.8. Related Books
13. File and Print Servers
13.1. Samba
13.1.1. Introduction to Samba
13.1.2. Samba Daemons and Related Services
13.1.3. Connecting to a Samba Share
13.1.4. Mounting the Share
13.1.5. Configuring a Samba Server
13.1.6. Starting and Stopping Samba
13.1.7. Samba Server Types and the smb.conf File
13.1.8. Samba Security Modes
13.1.9. Samba Account Information Databases
13.1.10. Samba Network Browsing
13.1.11. Samba with CUPS Printing Support
13.1.12. Samba Distribution Programs
13.1.13. Additional Resources
13.2. FTP
13.2.1. The File Transfer Protocol
13.2.2. FTP Servers
13.2.3. Files Installed with vsftpd
13.2.4. Starting and Stopping vsftpd
13.2.5. vsftpd Configuration Options
13.2.6. Additional Resources
13.3. Printer Configuration
13.3.1. Starting the Printers Configuration Tool
13.3.2. Starting Printer Setup
13.3.3. Adding a Local Printer
13.3.4. Adding an AppSocket/HP JetDirect printer
13.3.5. Adding an IPP Printer
13.3.6. Adding an LPD/LPR Host or Printer
13.3.7. Adding a Samba (SMB) printer
13.3.8. Selecting the Printer Model and Finishing
13.3.9. Printing a Test Page
13.3.10. Modifying Existing Printers
13.3.11. Additional Resources
14. Configuring NTP Using the chrony Suite
14.1. Introduction to the chrony Suite
14.1.1. Differences Between ntpd and chronyd
14.1.2. Choosing Between NTP Daemons
14.2. Understanding chrony and Its Configuration
14.2.1. Understanding chronyd
14.2.2. Understanding chronyc
14.2.3. Understanding the chrony Configuration Commands
14.2.4. Security with chronyc
14.3. Using chrony
14.3.1. Installing chrony
14.3.2. Checking the Status of chronyd
14.3.3. Starting chronyd
14.3.4. Stopping chronyd
14.3.5. Checking if chrony is Synchronized
14.3.6. Manually Adjusting the System Clock
14.4. Setting Up chrony for Different Environments
14.4.1. Setting Up chrony for a System Which is Infrequently Connected
14.4.2. Setting Up chrony for a System in an Isolated Network
14.5. Using chronyc
14.5.1. Using chronyc to Control chronyd
14.5.2. Using chronyc for Remote Administration
14.6. Additional Resources
14.6.1. Installed Documentation
14.6.2. Online Documentation
15. Configuring NTP Using ntpd
15.1. Introduction to NTP
15.2. NTP Strata
15.3. Understanding NTP
15.4. Understanding the Drift File
15.5. UTC, Timezones, and DST
15.6. Authentication Options for NTP
15.7. Managing the Time on Virtual Machines
15.8. Understanding Leap Seconds
15.9. Understanding the ntpd Configuration File
15.10. Understanding the ntpd Sysconfig File
15.11. Disabling chrony
15.12. Checking if the NTP Daemon is Installed
15.13. Installing the NTP Daemon (ntpd)
15.14. Checking the Status of NTP
15.15. Configure the Firewall to Allow Incoming NTP Packets
15.15.1. Change the Firewall Settings
15.15.2. Open Ports in the Firewall for NTP Packets
15.16. Configure ntpdate Servers
15.17. Configure NTP
15.17.1. Configure Access Control to an NTP Service
15.17.2. Configure Rate Limiting Access to an NTP Service
15.17.3. Adding a Peer Address
15.17.4. Adding a Server Address
15.17.5. Adding a Broadcast or Multicast Server Address
15.17.6. Adding a Manycast Client Address
15.17.7. Adding a Broadcast Client Address
15.17.8. Adding a Manycast Server Address
15.17.9. Adding a Multicast Client Address
15.17.10. Configuring the Burst Option
15.17.11. Configuring the iburst Option
15.17.12. Configuring Symmetric Authentication Using a Key
15.17.13. Configuring the Poll Interval
15.17.14. Configuring Server Preference
15.17.15. Configuring the Time-to-Live for NTP Packets
15.17.16. Configuring the NTP Version to Use
15.18. Configuring the Hardware Clock Update
15.19. Configuring Clock Sources
15.20. Additional Resources
15.20.1. Installed Documentation
15.20.2. Useful Websites
16. Configuring PTP Using ptp4l
16.1. Introduction to PTP
16.1.1. Understanding PTP
16.1.2. Advantages of PTP
16.2. Using PTP
16.2.1. Checking for Driver and Hardware Support
16.2.2. Installing PTP
16.2.3. Starting ptp4l
16.3. Specifying a Configuration File
16.4. Using the PTP Management Client
16.5. Synchronizing the Clocks
16.6. Verifying Time Synchronization
16.7. Serving PTP Time with NTP
16.8. Serving NTP Time with PTP
16.9. Synchronize to PTP or NTP Time Using timemaster
16.9.1. Starting timemaster as a Service
16.9.2. Understanding the timemaster Configuration File
16.9.3. Configuring timemaster Options
16.10. Improving Accuracy
16.11. Additional Resources
16.11.1. Installed Documentation
16.11.2. Useful Websites
V. Monitoring and Automation
17. System Monitoring Tools
17.1. Viewing System Processes
17.1.1. Using the ps Command
17.1.2. Using the top Command
17.1.3. Using the System Monitor Tool
17.2. Viewing Memory Usage
17.2.1. Using the free Command
17.2.2. Using the System Monitor Tool
17.3. Viewing CPU Usage
17.3.1. Using the System Monitor Tool
17.4. Viewing Block Devices and File Systems
17.4.1. Using the lsblk Command
17.4.2. Using the blkid Command
17.4.3. Using the partx Command
17.4.4. Using the findmnt Command
17.4.5. Using the df Command
17.4.6. Using the du Command
17.4.7. Using the System Monitor Tool
17.5. Viewing Hardware Information
17.5.1. Using the lspci Command
17.5.2. Using the lsusb Command
17.5.3. Using the lspcmcia Command
17.5.4. Using the lscpu Command
17.6. Monitoring Performance with Net-SNMP
17.6.1. Installing Net-SNMP
17.6.2. Running the Net-SNMP Daemon
17.6.3. Configuring Net-SNMP
17.6.4. Retrieving Performance Data over SNMP
17.6.5. Extending Net-SNMP
17.7. Additional Resources
17.7.1. Installed Documentation
18. Viewing and Managing Log Files
18.1. Locating Log Files
18.2. Basic Configuration of Rsyslog
18.2.1. Filters
18.2.2. Actions
18.2.3. Templates
18.2.4. Global Directives
18.2.5. Log Rotation
18.3. Using the New Configuration Format
18.3.1. Rulesets
18.3.2. Compatibility with syslogd
18.4. Working with Queues in Rsyslog
18.4.1. Defining Queues
18.4.2. Managing Queues
18.5. Configuring rsyslog on a Logging Server
18.5.1. Using The New Template Syntax on a Logging Server
18.6. Using Rsyslog Modules
18.6.1. Importing Text Files
18.6.2. Exporting Messages to a Database
18.6.3. Enabling Encrypted Transport
18.6.4. Using RELP
18.7. Interaction of Rsyslog and Journal
18.8. Structured Logging with Rsyslog
18.8.1. Importing Data from Journal
18.8.2. Filtering Structured Messages
18.8.3. Parsing JSON
18.8.4. Storing Messages in the MongoDB
18.9. Debugging Rsyslog
18.10. Troubleshooting Logging to a Server
18.11. Using the Journal
18.11.1. Viewing Log Files
18.11.2. Access Control
18.11.3. Using The Live View
18.11.4. Filtering Messages
18.11.5. Enabling Persistent Storage
18.12. Managing Log Files in a Graphical Environment
18.12.1. Viewing Log Files
18.12.2. Adding a Log File
18.12.3. Monitoring Log Files
18.13. Additional Resources
19. Automating System Tasks
19.1. Cron and Anacron
19.1.1. Installing Cron and Anacron
19.1.2. Running the Crond Service
19.1.3. Configuring Anacron Jobs
19.1.4. Configuring Cron Jobs
19.1.5. Controlling Access to Cron
19.1.6. Black and White Listing of Cron Jobs
19.2. At and Batch
19.2.1. Installing At and Batch
19.2.2. Running the At Service
19.2.3. Configuring an At Job
19.2.4. Configuring a Batch Job
19.2.5. Viewing Pending Jobs
19.2.6. Additional Command Line Options
19.2.7. Controlling Access to At and Batch
19.3. Additional Resources
20. OProfile
20.1. Overview of Tools
20.1.1. operf vs. opcontrol
20.2. Using operf
20.2.1. Specifying the Kernel
20.2.2. Setting Events to Monitor
20.2.3. Categorization of Samples
20.3. Configuring OProfile Using Legacy Mode
20.3.1. Specifying the Kernel
20.3.2. Setting Events to Monitor
20.3.3. Separating Kernel and User-space Profiles
20.4. Starting and Stopping OProfile Using Legacy Mode
20.5. Saving Data in Legacy Mode
20.6. Analyzing the Data
20.6.1. Using opreport
20.6.2. Using opreport on a Single Executable
20.6.3. Getting More Detailed Output on the Modules
20.6.4. Using opannotate
20.7. Understanding the /dev/oprofile/ directory
20.8. Example Usage
20.9. OProfile Support for Java
20.9.1. Profiling Java Code
20.10. Graphical Interface
20.11. OProfile and SystemTap
20.12. Additional Resources
VI. Kernel, Module and Driver Configuration
21. Working with the GRUB 2 Boot Loader
21.1. Introduction to GRUB 2
21.2. Configuring the GRUB 2 Boot Loader
21.3. Making Temporary Changes to a GRUB 2 Menu
21.4. Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool
21.5. Customizing the GRUB 2 Configuration File
21.5.1. Changing the Default Boot Entry
21.5.2. Editing a Menu Entry
21.5.3. Adding a new Entry
21.5.4. Creating a Custom Menu
21.6. GRUB 2 Password Protection
21.6.1. Setting Up Users and Password Protection, Specifying Menu Entries
21.6.2. Password Encryption
21.7. Reinstalling GRUB 2
21.7.1. Reinstalling GRUB 2 on BIOS-Based Machines
21.7.2. Reinstalling GRUB 2 on UEFI-Based Machines
21.7.3. Resetting and Reinstalling GRUB 2
21.8. GRUB 2 over a Serial Console
21.8.1. Configuring the GRUB 2 Menu
21.8.2. Using screen to Connect to the Serial Console
21.9. Terminal Menu Editing During Boot
21.9.1. Booting to Rescue Mode
21.9.2. Booting to Emergency Mode
21.9.3. Changing and Resetting the Root Password
21.10. UEFI Secure Boot
21.10.1. UEFI Secure Boot Support in Fedora
21.11. Additional Resources
22. Manually Upgrading the Kernel
22.1. Overview of Kernel Packages
22.2. Preparing to Upgrade
22.3. Downloading the Upgraded Kernel
22.4. Performing the Upgrade
22.5. Verifying the Initial RAM Disk Image
22.6. Verifying the Boot Loader
22.6.1. Configuring the GRUB 2 Boot Loader
22.6.2. Configuring the OS/400 Boot Loader
22.6.3. Configuring the YABOOT Boot Loader
23. Working with Kernel Modules
23.1. Listing Currently-Loaded Modules
23.2. Displaying Information About a Module
23.3. Loading a Module
23.4. Unloading a Module
23.5. Setting Module Parameters
23.6. Persistent Module Loading
23.7. Signing Kernel Modules for Secure Boot
23.7.1. Prerequisites
23.7.2. Kernel Module Authentication
23.7.3. Generating a Public and Private X.509 Key Pair
23.7.4. Enrolling Public Key on Target System
23.7.5. Signing Kernel Module with the Private Key
23.7.6. Loading Signed Kernel Module
23.8. Additional Resources
A. RPM
A.1. RPM Design Goals
A.2. Using RPM
A.2.1. Installing and Upgrading Packages
A.2.2. Uninstalling Packages
A.2.3. Freshening Packages
A.2.4. Querying Packages
A.2.5. Verifying Packages
A.3. Finding and Verifying RPM Packages
A.3.1. Finding RPM Packages
A.3.2. Checking Package Signatures
A.4. Common Examples of RPM Usage
A.5. Additional Resources
B. Revision History
Index