Linux FAQ

From MicroFocusInternationalWiki
Jump to: navigation, search

Contents

About this FAQ

Who makes this document?

This FAQ is made mostly by Novell employees but everyone is allowed to participate on its construction.

A Novell account is required by anyone wishing to modify articles in Novell's Cool Solutions Wiki. However, anyone can instantly and freely create one such account.

What does this document cover?

This document includes questions related with Novell products that are frequently asked by Linux users or persons considering using it.

Why is this document so incomplete?

This document is very incomplete because we just started working on it. We plan to add a lot of more information soon.

Can I add new questions to this FAQ?

Yes. Everyone is encouraged to add new questions in this FAQ as long as they are relevant.

Please note that this is not a forum to get support and help solving specific uncommon problems. Specific questions which aren't frequently asked by Linux users or persons considering moving to Linux will be removed.

To ask a new question please pick the right category and add it there, next to other questions that could be related.

If you know the answer to the question, please add it to. Or, to put it another way, you should also add questions even if you know the answers, as long as they are relevant.

How can I know if the information in this FAQ is correct?

You can't.

Although we make our best to review the information here to make sure it is factual, there is absolutely no warranty that the information in this document is correct.

This is partially because anyone, not only Novell employees, can contribute to this document. However, it also follows from the general spirit of this document: in order to warranty its correction, we would probably have to follow a slower process where everything gets reviewed by many before being published. We decided we would rather have an open document that everyone can contribute to, even if it isn't 100% correct, than a small closed document that would probably be much shorter.

Where else can I get information about Novell's Linux products?

You can go to the SUSE Support Knowledge base for information specific to SUSE products.

Open Source

Basic GNU/Linux questions

Standards and Certifications

What is LSB?

The LSB is the Linux Standard Base, a project with the goal of developing and promoting a set of standards that will increase compatibility among Linux distributions and enable software applications to run on any compliant system.

The LSB specification is actually a a set of specifications: a single common specification, and architecture specific specifications. The complete specification for a platform consists of the common specification plus one of the architecture specifications.

You can find more about LSB at [web site]. They also maintain [FAQ document].

General SuSE questions

What distributions is SuSE based on?

The first versions of SuSE were very closely based on Slackware (they were pretty much copies of Slackware with installer scripts translated to german). The first «real version»? was based on Jurix (by Florian LaRoche).

When was the first real version of SuSE released?

The first «real version»? of SuSE was 4.2, released in 1996. The «4.2» (instead of labeling it «1.0») was a reference to the answer of the [Question of Life, the Universe, and Everything].

What's the correct way to pronounce SuSE?

What does SuSE stand for?

SuSE used to be an acronym for «Software und System Entwicklung» («Software and System Development»).

SuSE Linux Enterprise Server

This section includes questions specific to SuSE Linux Enterprise Server.

What's the current version of SLES?

The current version is SLES 10, released on 2006.

For SLES 9, the latest service pack is 3 (SP3), released on 2005-12-23.

Licensing

Am I allowed to make and distribute copies of SLES?

TODO: This answer stills needs to be reviewed by our legal department. It might not be accurate.

No.

While Novell does not prevent anyone from making copies of SLES, we believe some of the included components might not allow their redistribution.

SLES is a modular operating system. Most of the components are open source packages, developed independently, and their license terms allow you to redistribute them. However, there are some that are not open source and their licenses might not allow you to distribute them.

Note that there is nothing in the SLES License Agreement that restricts, limits, or otherwise affect any rights or obligations users may have, or conditions to which they may be subject, under the license terms of the specific components.

The following is a list of some packages included in SLES that you might not be allowed to distribute:

TODO: Include a list of all packages with proprietary licenses, gradually confirm whether or not they allow redistribution.

May I use SLES in machines not registered under the Maintenance Program?

TODO: This answer still needs a revision by our legal department, it may be inaccurate.

Yes.

You may run SLES in as many machines as you want, regardless of whether or not they are registered under your Maintenance Program contracts. If your Maintenance program expires, you can continue to run SLES. You can run SLES even if you have no Maintenance Program contract and have not compensated Novell in any form.

However, you are only allowed to install updates you obtain through the Maintenance Program in machines registered under it and Novell will only offer support for these machines.

Maintenance Program

What's the scope of the support included in the Maintenance program?

See http://support.novell.com/linux/support_policy.html for detailed information about the support included in the Maintenance program.

What's the policy for the Maintenance Program for virtualized instances of SLES?

For the support and upgrade contracts you pay for each specific socket for a CPU. That means hyperthreading and dual-cores do not impact pricing.

Using virtual images on a physical server or processor does not alter the general licensing policy. Therefore there is no additional charge when using virtual images.

You can find more information about this at:

How can I set up a firewall using iptables instead of SuSEFirewall?

SLES includes the SuSE Firewall, which you can use to easily setup a firewall. If for some reason you'd rather specify your rules directly (as a script that calls iptables), you'll need to disable it and create the script with your rules.

To disable SuSEFirewall, look for files *susefirewall* in your /etc/init.d/rc?.d directories and use insserv -r to remove them. Another alternative would be to erase the configuration entirely (/etc/sysconfig/SuSEfirewall2).

Create your script with calls to iptables that leaves all the chains with the appropriate rules.

You can place this script in /etc/sysconfig/network/if-up.d/ and SLES will execute it right after an interface is brought up. This solution has two potential problems: one is that the interface is brought up before the script is executed (so it might take a few seconds before your firewall kicks in) and the other is that the script will be executed once whenever any interface is brought up (which, depending on the way you make your script, could temporarilly flush all rules).

TODO: What's the ideal location to do this? Perhaps one should really create an init.d script, in which case we should provide a template here.

What are the services in /etc/init.d/?

The following is a list of the services provided by official SLES packages which have scripts in /etc/init.d. Our goal with this list is to help you figure which services are safe to disable on a server.

hotplug 
isdn 
random 
coldplug 
pcmcia 
network 
Bring up/down the network interfaces. The information about the interfaces is stored in /etc/sysconfig/network/.
syslog 
The syslogd system, a dæmon that registers events (usually in the files in /var/log; see /etc/sysconfing/syslog and /etc/syslog.conf for details). You should not disable this service unless you have specific reasons to do so.
smbfs 
Samba, a windows share connectivity protocol and utilities. This service is normally configured in /etc/samba/smb.conf. There is more information about it in [[1]].
portmap 
resmgr 
slpd 
splash_early 
nfs 
nfsboot 
alsasound 
cups 
fbset 
powersaved 
sshd 
Start the Secure Shell dæmon, part of the OpenSSH package. You could disable this service and the only consequence would be that you would no longer be able to connect to the server through SSH and SSH-based services (such as SFTP, SCP, sometimes rsync, etc.). However, allowing SSH access to the servers can be of great convenience to administer remotelly. Since special care has been taken in making OpenSSH secure, we advise you to leave this service enabled (and make sure all your users have good passwords).
kbd 
postfix 
Start Postfix, the Mail Transport Dæmon. You shouldn't disable this, even if your machine won't be handling external mail.
splash 
cron 
Start the crond, the Cron dæmon. Cron allows users to schedule tasks for execution at certain times and also executes some relatively important commands for system maintenance. You should not disable this service unless you have specific reasons to do so.
hwscan 
nscd 
Start the Name Service Switch cache dæmon. NSCd will cache lookups performed by many applications to certain databases (such as the list of users, groups, passwords, hosts, etc.). See /etc/nscd.conf for more information.
splash_late 
xdm 
The X display manager, which brings up the X Window System. You shouldn't disable this service: if you plan to run your server without an X server, set its default runlevel to 3 (in /etc/inittab).

How can I set per-process resource limits?

You can set specific limits to the amount of resources that each process can use. The most common reason people usually need to do this is to increase certain limits that are affecting their processes (usually the maximum number of file descriptors).

Linux allows you to set limits for the following resources, among others:

  • The maximum size of the process’s virtual memory (address space) in bytes.
  • Maximum size of core file. When 0 no core dump files are created. When nonzero, larger dumps are truncated to this size.
  • CPU time limit in seconds.
  • The maximum size of the process’s data segment (initialized data, uninitialized data, and heap).
  • The maximum size of files that the process may create.
  • The maximum file descriptor number that can be opened by this process.
  • The maximum stack size

To set these limits use the ulimit Bash command. You can read more about it using help ulimit.

Note that there are hard and soft limits: the exact semantics of each depend on the type of limit. In general, processes get warnings when they exceed their soft limits and are killed when they reach their hard limits. Also note that only root can raise the limits of his processes above their current hard limits.

You can also set the default limits for each user/group in /etc/security/limits.conf. The information there is read by PAM's pam_limits.so module, which your specific services should load.

How can I list the current IP connections to my server?

You can use the netstat command to list the current IP (TCP/UDP) connections to your server. You might use a combination of the following options:

--inet 
Only show internet (TCP/UDP) connections. By default netstat will also show local Unix connections.
-p 
Display the process IDs of the local process managing the connection.
-n 
Don't do lookups of numbers to IP addresses.

You can use -h or man netstat to find more options.

xinetd

What is xinetd?

xinetd is the server in SLES responsible of starting many different dæmons when a connection request is received. The xinetd dæmon binds itself to the TCP/UDP ports for the individual servers; whenever a connection to those ports is established, it forks a process and executes the specific dæmon that will attend the connection.

What dæmons are started by xinetd?

The following is an incomplete list of dæmons that can be started from xinetd:

  • University of Washington's IMAP and POP3 dæmon

Can I limit the number of concurrent processes started by xinetd?

There is a limit to the number of concurrent processes that can be forked by the xinetd process. This limit has been set in place because otherwise it would be trivial to perform Denial of Service attacks on the servers (one would simply need to initiate a large number of connections to the server).

In SLES9 the default limit is 30. You could increase (or even, if you really know what you're doing, remove) the limit editing the file /etc/xinetd.conf: look for the instances directive and increase it to the desired value. Don't forget to restart xinetd for the changes to take effect (rcxinetd restart).

Packages

Where can I get a list of the packages included in SLES?

A list of all the packages included in SLES, sorted by different criteria, is available in:

What kernel version is included in SLES?

SLES9 is based in kernel 2.6.5.

What webmail packages are provided as part of SLES?

No webmail package is provided as part of SLES. You can, however, download and use any of the following programs in SLES:

Does SLES include an antivirus package?

Yes, SLES includes Clam Antivirus as part of its distribution. You can easily use it to detect infected files in an email or files server, for example.

What runlevel should I run my servers on?

This depends. If you intend to use your server also as a client/desktop, you should probably run them in runlevel 5 (multiuser with network and display manager), to run all the services, including the X Window System (the graphical interface) server.

If, on the other hand, you don't intend to use your servers as desktops, you should probably run them in runlevel 3 (multiuser with network). In this case the X Window System server won't be started. This, however, doesn't mean you won't be able to run YaST or other X clients in your server: you can run them remotelly over the network, having them display their windows in your desktop.

You can specify the default runlevel in /etc/inittab.

Does SLES support load balancing clusters?

Certainly.

For basic stateless services (such as HTTP serving static files, read-only file servers, HTTP proxies, spam checking with SpamAssassin, virus detection with ClamAV, etc.) you can easily setup a cluster using a combination of Linux Virtual Server and Keepalived.

TODO: Add more details on this.

AutoYast

How can I allow remote administration (VNC)?

Use the following XML:

   <security>
       <displaymanager_remote_access>yes</displaymanager_remote_access>
   </security>
   <sysconfig config:type="list" >
       <sysconfig_entry>
           <sysconfig_key>DISPLAYMANAGER_ROOT_LOGIN_REMOTE</sysconfig_key>
           <sysconfig_path>/etc/sysconfig/displaymanager</sysconfig_path>
           <sysconfig_value>yes</sysconfig_value>
       </sysconfig_entry>
   </sysconfig>
   <inetd>
       <netd_service config:type="symbol">xinetd</netd_service>
       <netd_status config:type="integer">0</netd_status>
       <netd_conf config:type="list">
           <conf>
               <script>vnc</script>
               <service>vnc1</service>
               <enabled config:type="boolean">true</enabled>
           </conf>
           <conf>
               <script>vnc</script>
               <service>vnchttpd1</service>
               <enabled config:type="boolean">true</enabled>
           </conf>
       </netd_conf>
   </inetd>

There is no easier way to do this (that is, it is impossible to specify some tag with the semantics of "allow network administration", as opposed to actually applying all the changes above), not in SLES 9, in SLES 10 nor SLED 10.

How can I customize my source install directories adding updated packages?

If you made a package repository that you use to make AutoYast installations, you'll eventually want to update the packages on it with those packages released after the media you used to make the repository was released.

In order to do this, use the Template:Create update source.sh script in:

Follow the instructions there.

Novell SuSE Professional

What's the difference between SUSE Linux and other Novell distributions?

SUSE Linux (formerly known as SuSE Linux Professional) is a frequently released distribution which isn't formally supported by Novell and is not recommended for organizations. It tends to include "bleeding edge" versions of the software and, as such, is not as stable as the other distributions.

If you are a Unix expert and stablity is not one of your primary concerns, this may be the right choice for you.

Licensing

Am I allowed to make and distribute copies of SuSE Professional?

TODO: This answer stills needs to be reviewed by our legal department. It might not be accurate.

No.

While Novell does not prevent anyone from making copies of SuSE Professional, we believe some of the included components might not allow their redistribution.

SuSE Professional is a modular operating system. Most of the components are open source packages, developed independently, and their license terms allow you to redistribute them. However, there are some that are not open source and their licenses might not allow you to distribute them.

Note that there is nothing in the SuSE Professional License Agreement that restricts, limits, or otherwise affect any rights or obligations users may have, or conditions to which they may be subject, under the license terms of the specific components.

The following is a list of some packages included in SuSE Professional that you might not be allowed to distribute:

TODO: Include a list of all packages with proprietary licenses, gradually confirm whether or not they allow redistribution.

Is it legal to download SuSE Professional and use it without paying Novell?

TODO: This answer still needs a revision by our legal department, it may be inaccurate.

Yes.

Note, though, that Novell recommends using NLD and SLES over SuSE Professional in a corporate environment; we do not offer support for SuSE Professional. You can also download SLES/NLD and use them free of charge, btw (see here and here for more information).

Novell Linux Desktop

Licensing

Am I allowed to make and distribute copies of NLD?

TODO: This answer stills needs to be reviewed by our legal department. It might not be accurate.

No.

While Novell does not prevent anyone from making copies of NLD, we believe some of the included components might not allow their redistribution.

NLD is a modular operating system. Most of the components are open source packages, developed independently, and their license terms allow you to redistribute them. However, there are some that are not open source and their licenses might not allow you to distribute them.

Note that there is nothing in the NLD License Agreement that restricts, limits, or otherwise affect any rights or obligations users may have, or conditions to which they may be subject, under the license terms of the specific components.

The following is a list of some packages included in NLD that you might not be allowed to distribute:

TODO: Include a list of all packages with proprietary licenses, gradually confirm whether or not they allow redistribution.

For how long am I allowed to use the downloadable evaluation version of NLD?

...

How many machines am I allowed to use the downloadable evaluation version of NLD on?

...

If I buy the NLD Media Kit, how many machines am I allowed to run it on?

...

Are there language-specific forums for NLD?

No. The language specific forums have been shut down.

What packages are available as part of NLD?

See the complete list of software packages distributed as part of NLD at:

Where can I report problems with NLD?

Head to http://bugzilla.novell.com/ to report bugs or ideas for improving NLD. Before sending your report, please search existing reports to see if someone has already reported the problem you're experiencing. In your report, try to describe the problem you're experiencing as well as you can, including the following information, when applicable:

  • Instructions to reproduce the problem
  • Possible workarounds
  • A patch that solves the problem, if you can make one.

Common Tasks

How can I download a file?

There are many ways to download a file given its URL in NLD.

If you prefer to use a graphical program there are many to pick from. The two most popular are probably the web browsers Mozilla Firefox and Konqueror. You'll enter the URL for your file on their address fields.

If you prefer to use a console (text-based terminal), you can use the command wget followed by the URL of the file you want to download. For example, to download this file you would use wget http://wiki.novell.com/index.php?title=Linux_FAQ. You could also use the curl program, which has a very similar interface. Both programs will download the file to the current directory of the shell in your terminal.

How can I initialize/shutdown a network interface?

If you need or want to shutdown a specific network interface use the command ifdown interface, where interface is the name of the interface (such as eth0).

To initialize a network interface with the default configuration, use ifup interface.

Alternatively, you can initialize/shutdown all the interfaces with the network service: use rcnetwork stop to shut them down or rcnetwork start to initialize them.

How can I find a file of a certain name?

If you want to find a file with a certain name from the command line interface you can use the locate or the find commands.

locate NAME will look for files including NAME somewhere on their path. This lookup is performed against a pre-built database of all the files on disk (which is updated periodically; you can force an update running updatedb as root). Note, however, that you'll need to have the package binutils-slocate installed.

find / -name \*NAME\* will traverse the entire disk looking for files having name *NAME*. This is slower than using locate but has the advantage of seeing files created after locate's database was built. You can make your search case insensitive by specifing -iname instead of -name.

Both locate and find default to printing the names of the files matching the search criteria to their standard output.

find supports many other parameters for specifing additional criteria (such as requesting only files that have been modified after a certain day, belong to a certain user and are larger than a certain size). See its manual page for more info.

How can I mount an ISO image I downloaded?

Sometimes you will need to look for some information inside of an ISO CD image that you have somewhere in your disk. You can mount such image in a location in your Linux system with the following mount command:

mount FILE DIR -t iso9660 -o loop,ro

Here you'll need to replace FILE with the path to the ISO file and DIR with the directory where you want to mount it. For example, mount /home/jgrazi/nw65.iso /mnt -t iso9660 -o loop,ro.

Behind the scenes, this will use one of the /dev/loopn devices, like /dev/loop2.

Development