- 1 About this FAQ
- 2 Open Source
- 3 Basic GNU/Linux questions
- 4 Standards and Certifications
- 5 General SuSE questions
- 6 SuSE Linux Enterprise Server
- 6.1 Licensing
- 6.2 How can I set up a firewall using iptables instead of SuSEFirewall?
- 6.3 What are the services in /etc/init.d/?
- 6.4 How can I set per-process resource limits?
- 6.5 How can I list the current IP connections to my server?
- 6.6 xinetd
- 6.7 Packages
- 6.8 What runlevel should I run my servers on?
- 6.9 Does SLES support load balancing clusters?
- 7 Novell SuSE Professional
- 8 Novell Linux Desktop
- 9 Development
About this FAQ
Who makes this document?
This FAQ is made mostly by Novell employees but everyone is allowed to participate on its construction.
A Novell account is required by anyone wishing to modify articles in Novell's Cool Solutions Wiki. However, anyone can instantly and freely create one such account.
What does this document cover?
This document includes questions related with Novell products that are frequently asked by Linux users or persons considering using it.
Why is this document so incomplete?
This document is very incomplete because we just started working on it. We plan to add a lot of more information soon.
Can I add new questions to this FAQ?
Yes. Everyone is encouraged to add new questions in this FAQ as long as they are relevant.
Please note that this is not a forum to get support and help solving specific uncommon problems. Specific questions which aren't frequently asked by Linux users or persons considering moving to Linux will be removed.
To ask a new question please pick the right category and add it there, next to other questions that could be related.
If you know the answer to the question, please add it to. Or, to put it another way, you should also add questions even if you know the answers, as long as they are relevant.
How can I know if the information in this FAQ is correct?
Although we make our best to review the information here to make sure it is factual, there is absolutely no warranty that the information in this document is correct.
This is partially because anyone, not only Novell employees, can contribute to this document. However, it also follows from the general spirit of this document: in order to warranty its correction, we would probably have to follow a slower process where everything gets reviewed by many before being published. We decided we would rather have an open document that everyone can contribute to, even if it isn't 100% correct, than a small closed document that would probably be much shorter.
Where else can I get information about Novell's Linux products?
You can go to the SUSE Support Knowledge base for information specific to SUSE products.
Basic GNU/Linux questions
Standards and Certifications
What is LSB?
The LSB is the Linux Standard Base, a project with the goal of developing and promoting a set of standards that will increase compatibility among Linux distributions and enable software applications to run on any compliant system.
The LSB specification is actually a a set of specifications: a single common specification, and architecture specific specifications. The complete specification for a platform consists of the common specification plus one of the architecture specifications.
General SuSE questions
What distributions is SuSE based on?
The first versions of SuSE were very closely based on Slackware (they were pretty much copies of Slackware with installer scripts translated to german). The first ÃƒÂ¢Ã‚â‚¬Ã‚Å“real versionÃƒÂ¢Ã‚â‚¬Ã‚? was based on Jurix (by Florian LaRoche).
When was the first real version of SuSE released?
The first ÃƒÂ¢Ã‚â‚¬Ã‚Å“real versionÃƒÂ¢Ã‚â‚¬Ã‚? of SuSE was 4.2, released in 1996. The ÃƒÂ¢Ã‚â‚¬Ã‚Å“4.2ÃƒÂ¢Ã‚â‚¬Ã‚? (instead of labeling it ÃƒÂ¢Ã‚â‚¬Ã‚Å“1.0ÃƒÂ¢Ã‚â‚¬Ã‚?) was a reference to the answer of the [Question of Life, the Universe, and Everything].
What's the correct way to pronounce SuSE?
What does SuSE stand for?
SuSE used to be an acronym for ÃƒÂ¢Ã‚â‚¬Ã‚Å“Software und System EntwicklungÃƒÂ¢Ã‚â‚¬Ã‚? (ÃƒÂ¢Ã‚â‚¬Ã‚Å“Software and System DevelopmentÃƒÂ¢Ã‚â‚¬Ã‚?).
SuSE Linux Enterprise Server
This section includes questions specific to SuSE Linux Enterprise Server.
What's the policy regarding support and upgrades for running virtualized instances of SLES?
For the support and upgrade contracts you pay for each specific socket for a CPU. That means hyperthreading and dual-cores do not impact pricing.
Using virtual images on a physical server or processor does not alter the general licensing policy. Therefore there is no additional charge when using virtual images.
You can find more information about this at:
How can I set up a firewall using iptables instead of SuSEFirewall?
SLES includes the SuSE Firewall, which you can use to easily setup a firewall. If for some reason you'd rather specify your rules directly (as a script that calls iptables), you'll need to disable it and create the script with your rules.
To disable SuSEFirewall, look for files *susefirewall* in your /etc/init.d/rc?.d directories and use insserv -r to remove them. Another alternative would be to erase the configuration entirely (/etc/sysconfig/SuSEfirewall2).
Create your script with calls to iptables that leaves all the chains with the appropriate rules.
You can place this script in /etc/sysconfig/network/if-up.d/ and SLES will execute it right after an interface is brought up. This solution has two potential problems: one is that the interface is brought up before the script is executed (so it might take a few seconds before your firewall kicks in) and the other is that the script will be executed once whenever any interface is brought up (which, depending on the way you make your script, could temporarilly flush all rules).
TODO: What's the ideal location to do this? Perhaps one should really create an init.d script, in which case we should provide a template here.
What are the services in /etc/init.d/?
The following is a list of the services provided by official SLES packages which have scripts in /etc/init.d. Our goal with this list is to help you figure which services are safe to disable on a server.
- Bring up/down the network interfaces. The information about the interfaces is stored in /etc/sysconfig/network/.
- Start the syslogd system, a dÃƒÆ’Ã‚Â¦mon that registers events (usually in the files in /var/log; see /etc/sysconfing/syslog and /etc/syslog.conf for details). You should not disable this service unless you have specific reasons to do so.
- SaMaBa, a windows share connectivity protocol and utititlies. Look for /etc/samaba/smb.conf and /etc/smb start|store|restart
- Start the Secure Shell dÃƒÆ’Ã‚Â¦mon, part of the OpenSSH package. You could disable this service and the only consequence would be that you would no longer be able to connect to the server through SSH and SSH-based services (such as SFTP, SCP, sometimes rsync, etc.). However, allowing SSH access to the servers can be of great convenience to administer remotelly. Since special care has been taken in making OpenSSH secure, we advise you to always leave this service enabled (and make sure all your users have good passwords).
- Start Postfix, the Mail Transport DÃƒÆ’Ã‚Â¦mon. You shouldn't disable this, even if your machine won't be handling external mail.
- Start the crond, the Cron dÃƒÆ’Ã‚Â¦mon. Cron allows users to schedule tasks for execution at certain times and also executes some relatively important commands for system maintenance. You should not disable this service unless you have specific reasons to do so.
- Start the Name Service Switch cache dÃƒÆ’Ã‚Â¦mon. NSCd will cache lookups performed by many applications to certain databases (such as the list of users, groups, passwords, hosts, etc.). See /etc/nscd.conf for more information.
- The X display manager, which brings up the X Window System. You shouldn't disable this service: if you plan to run your server without an X server, set its default runlevel to 3 (in /etc/inittab).
How can I set per-process resource limits?
You can set specific limits to the amount of resources that each process can use. The most common reason people usually need to do this is to increase certain limits that are affecting their processes (usually the maximum number of file descriptors).
Linux allows you to set limits for the following resources, among others:
- The maximum size of the processÃƒÂ¢Ã‚â‚¬Ã‚â„¢s virtual memory (address space) in bytes.
- Maximum size of core file. When 0 no core dump files are created. When nonzero, larger dumps are truncated to this size.
- CPU time limit in seconds.
- The maximum size of the processÃƒÂ¢Ã‚â‚¬Ã‚â„¢s data segment (initialized data, uninitialized data, and heap).
- The maximum size of files that the process may create.
- The maximum file descriptor number that can be opened by this process.
- The maximum stack size
To set these limits use the ulimit Bash command. You can read more about it using help ulimit.
Note that there are hard and soft limits: the exact semantics of each depend on the type of limit. In general, processes get warnings when they exceed their soft limits and are killed when they reach their hard limits. Also note that only root can raise the limits of his processes above their current hard limits.
You can also set the default limits for each user/group in /etc/security/limits.conf. The information there is read by PAM's pam_limits.so module, which your specific services should load.
How can I list the current IP connections to my server?
You can use the netstat command to list the current IP (TCP/UDP) connections to your server. You might use a combination of the following options:
- Only show internet (TCP/UDP) connections. By default netstat will also show local Unix connections.
- Display the process IDs of the local process managing the connection.
- Don't do lookups of numbers to IP addresses.
You can use -h or man netstat to find more options.
What is xinetd?
xinetd is the server in SLES responsible of starting many different dÃƒÆ’Ã‚Â¦mons when a connection request is received. The xinetd dÃƒÆ’Ã‚Â¦mon binds itself to the TCP/UDP ports for the individual servers; whenever a connection to those ports is established, it forks a process and executes the specific dÃƒÆ’Ã‚Â¦mon that will attend the connection.
What dÃƒÆ’Ã‚Â¦mons are started by xinetd?
The following is an incomplete list of dÃƒÆ’Ã‚Â¦mons that can be started from xinetd:
- University of Washington's IMAP and POP3 dÃƒÆ’Ã‚Â¦mon
Can I limit the number of concurrent processes started by xinetd?
There is a limit to the number of concurrent processes that can be forked by the xinetd process. This limit has been set in place because otherwise it would be trivial to perform Denial of Service attacks on the servers (one would simply need to initiate a large number of connections to the server).
In SLES9 the default limit is 30. You could increase (or even, if you really know what you're doing, remove) the limit editing the file /etc/xinetd.conf: look for the instances directive and increase it to the desired value. Don't forget to restart xinetd for the changes to take effect (rcxinetd restart).
What webmail packages are provided as part of SLES?
No webmail package is provided as part of SLES. You can, however, download and use any of the following programs in SLES:
Does SLES include an antivirus package?
Yes, SLES includes Clam Antivirus as part of its distribution. You can easily use it to detect infected files in an email or files server, for example.
What runlevel should I run my servers on?
This depends. If you intend to use your server also as a client/desktop, you should probably run them in runlevel 5 (multiuser with network and display manager), to run all the services, including the X Window System (the graphical interface) server.
If, on the other hand, you don't intend to use your servers as desktops, you should probably run them in runlevel 3 (multiuser with network). In this case the X Window System server won't be started. This, however, doesn't mean you won't be able to run YaST or other X clients in your server: you can run them remotelly over the network, having them display their windows in your desktop.
You can specify the default runlevel in /etc/inittab.
Does SLES support load balancing clusters?
For basic stateless services (such as HTTP serving static files, read-only file servers, HTTP proxies, spam checking with SpamAssassin, virus detection with ClamAV, etc.) you can easily setup a cluster using a combination of Linux Virtual Server and Keepalived.
TODO: Add more details on this.
Novell SuSE Professional
What's the difference between ES and Pro ?
Novell SuSE Linux Professional (currently version 9.3, release March'2005) is the 'bleedy' edge of software, without the stablity of the time tested and well supported package of 'Enterprise Linux' version.
If you are a Unix expert and stablity is not a concern, or if desired customization and self-supporting environment, this is the choice for you.
Novell Linux Desktop
Are there language-specific forums for NLD?
Yes. Check out http://support.novell.com/forums/2language.html. As of this writing, there are forums for NLD in spanish and portuguese.
What packages are available as part of NLD?
See the complete list of software packages distributed as part of NLD at:
Where can I report problems with NLD?
Head to http://bugzilla.novell.com/ to report bugs or ideas for improving NLD. Before sending your report, please search existing reports to see if someone has already reported the problem you're experiencing. In your report, try to describe the problem you're experiencing as well as you can, including the following information, when applicable:
- Instructions to reproduce the problem
- Possible workarounds
- A patch that solves the problem, if you can make one.
How can I download a file?
There are many ways to download a file given its URL in NLD.
If you prefer to use a graphical program there are many to pick from. The two most popular are probably the web browsers Mozilla Firefox and Konqueror. You'll enter the URL for your file on their address fields.
If you prefer to use a console (text-based terminal), you can use the command wget followed by the URL of the file you want to download. For example, to download this file you would use wget http://wiki.novell.com/index.php?title=Linux_FAQ. You could also use the curl program, which has a very similar interface. Both programs will download the file to the current directory of the shell in your terminal.