This article originally appeared in the January 2003 issue of the Dæmon News Online Magazine. This is a cleaned-up version of the article with minor style edits and made it HTML5 compliant; else, the content has not been changed.
Author: Æleen Frisch
Publisher: O'Reilly & Associates, Inc.
Pages: 1176
ISBN: 0-596-00343-9
Web Page: http://www.oreilly.com/catalog/esa3/
To many systems administrators, UNIX System Administration Handbook, and Essential System Administration are considered the two must-have books for anyone working with UNIX and UNIX-like operating systems. Recently, O'Reilly published the third edition of Essential System Administration, which updates a lot of the topics to include changes made by the latest versions (as of the time the book was written) of most commercial UNIX operating systems along with Linux. Notably, FreeBSD 4.6 has been added to the list of operating systems covered; though with this addition, the author dropped SCO UNIX and IRIX from the list. The operating systems that are covered in the book are:
Below is the book's table of contents that you can reference while reading through this article.
|
|
The first chapter introduces the reader to the world of system administration (which I will refer as a
sysadmin hereafter) by going over common tasks of sysadmins and how they have or haven't
changed over the years, tips on how to cover one's rear, and the importance and dangers of the root user.
The chapter rounds out with an overview of the different graphical or menu-based system configuration
tools (including AIX's SMIT and
WSM, HP-UX's
SAM, and good ol' sysinstall) as well as a
brief look at VNC and a journal-like tool called
plod, which isn't in the FreeBSD ports collection but can be found at
http://bullwinkle.deer-run.com/~hal/plod/.
Chapter two goes over how things are done in UNIX, be it with file ownership and permissions, working
with links (hard or symbolic), managing processes, devices, and the file system layout (covering both
the BSD-style and the System V-style layout, and thankfully not advocating putting the Apache document
root under /var). The chapter covers very common commands such as: ls, chmod
and chown, pwd, ps and the different commands used for controlling processes,
like fg, bg and jobs. The author has released an
errata for page 66
in which the commands to display devices has been updated for almost all of the operating systems
covered. Unfortunately, the author replaced dmesg with pciconf -l -v and
camcontrol devlist for FreeBSD which both commands may not display all of the devices listed in
dmesg.
Chapter three continues on, providing an overview of programs and techniques that would be used
frequently by sysadmins. The first half of the chapter shows the reader how to use the man
command (though the author missed the apropos command when discussing the -k
man flag) as well as working with pipes, grep and awk, an overview of the
many find options, more on working with files and directories, a very brief look at using
chroot to lock a command into a cage, and rounds up with the tail command. Scheduling
jobs using cron and FreeBSD's periodic facilities, configuring the syslog dæmon,
viewing system error messages and installing software via packages and source are covered in the second
half of the chapter. The author does do a nice job with covering periodic but only briefly
looks at how to use the Ports collection (only installing ports are covered but not re-installing or
un-installing a port).
The fourth chapter covers the entire startup process of both System V and BSD types of UNIX, how to boot into single-user mode, the basics of what happens after the kernel is loaded and executed, and how the two different initialization (a.k.a. init) file and boot script schemes (BSD and System V) work. After the boot and init scripts are covered, the author moves to how one would shutdown or halt a system, how to abort a pending shutdown, and how to troubleshoot boot issues and other hardware and/or software problems that crop up during a system startup or shutdown.
Networking, or more specifically TCP/IP
networking, is the main topic of chapter five which starts off with a general overview of the different
networking terminologies like nodes, client and server, along with the different network topologies and
media types (sorry, no cool pictures of multi-strand fiber-optic cables), and of course, the seven layers
of the OSI model. The remainder of the chapter
covers how to configure a system with an IP address, work with ifconfig and
DHCP (both client and dæmon), using
the route command to setup a route table and the system's hostname, and basic network
troubleshooting tips. One thing that I found to be quite useful was that the author touched on subnets
and supernets along with how to use
CIDR addressing and read slash notation.
Chapter six, which is one of the longer chapters in the book, covers managing users and groups, along
with using LDAP as an authentication mechanism. In the first part of the chapter, the author writes about
the contents of the password file, its shadow password file (if applicable) counterpart, the group file,
and adding/removing accounts either by editing the password file, using a shell utility, or a graphical
interface. In the section, the author also touches on account login controls (such as who can login when
and where), assigning shells and setting up login initialization files using files under a template or
skeleton directory. Although the author does mention FreeBSD's /usr/share/skel directory, she
doesn't tell the reader that the files are named in the format of dot.initfile and
need to be copied and renamed to drop the dot from the filename.
In the latter half of the chapter, the author covers password policies and recommendations on how to create stronger passwords and tips on how to create your own password schemes, using PAM modules (the author focuses primarily on Linux PAM modules though PAM modules included in FreeBSD and other UNIX system are covered), and using LDAP as the authentication backend, primarily focusing on setting up OpenLDAP. The author also covers two password testing tools, John and Crack, as ways to find out the strength of passwords on a system.
Security is one of the hottest topics for sysadmins over the past several years and is something that shouldn't be taken lightly; it is also the sole topic of chapter seven. The chapter starts out with a couple of examples (including Sendmail) on the design of UNIX tools, some of the key security issues that the tools are famous for, and how it ties into the mentality that those systems would be used in a trusted environment... which is unfortunately not the case today. Much of the chapter consists of how system security should be looked at and handled, different ways that one can secure a system (both physically and through hardware and/or software), how human mistakes and social engineering can compromise security, and facilities to help harden the system's weak spots. The facilities covered include using smart cards and one-time passwords, Kerberos authentication, access control lists, using encryption, and using Solaris' role based access facility.
The second half of the chapter focuses primarily on network security, additional ways to harden a UNIX system, and things that a sysadmin can do to reduce the risk of other forms of security leaks and intrusions. Utilities like Tripwire, SAINT, and Nessus are also mentioned as additional ways to find out where security issues are. In addition to securing built-in utilities, the author covers some possible replacements or wrappers that can provide additional ways to restrict access to specified services. Although there is a mention of firewalls and packet filters in the chapter, the author doesn't mention the ones included (but not enabled by default), in FreeBSD (ipfw or ipfilter) or in Linux (ipchains). The author does a good job covering where security problems could occur and how to work out and implement a security plan.
DNS, DHCP, NTP,
SNMP, and network monitoring utilities
are very common network services that are used on a daily basis and are the topics for chapter eight.
Consisting of almost half of the chapter is an overview of how domain names are handled, how DNS
functions, and how to troubleshoot DNS issues using utilities like nslookup and dig
(though the host utility is not mentioned). The author focuses on
BIND 8 and 9 within the chapter and does a
pretty good job at explaining the configuration files and terminologies associated to BIND and DNS in
general; for more detailed explanations and configurations, she refers the reader to
DNS and BIND. After the DNS section, routing
(protocols and configuration), setting up a DHCP server using the operating system's bundled DHCP
server, using NTP to synchronize system clocks, and using basic network tools like netstat,
ping and packet sniffers. The remainder of the chapter covers network monitoring tools
including SNMP, NetSAINT (now called Nagios), Angel Network Monitor, and using
MRTG and Cricket/RRDtool to collect network usage.
I also found a couple of minor errors in the chapter worth noting. In Table 8-9 on page 459, under
"Boot script that starts the DHCP server", the author notes that both the DHCP server and
the relay component startup scripts should be under /etc/init.d and that it needs to be added
manually for FreeBSD. In FreeBSD, one should actually put startup scripts under /usr/local/etc/rc.d
(or, using the old-fashion method, add the startup commands in /etc/rc.local). The other bit is
that the author states that the ISC-DHCP lease
data file is /var/lib/dhcpd.leases; in FreeBSD, the file is actually /var/db/dhcpd.leases
as stated in the dhcpd.leases(5) man page. The other thing that I should note is that the URL listed on
page 470 for the list of publically available NTP servers is missing an "l" at the end of the
URL. The correct URL should be
http://www.eecis.udel.edu/~mills/ntp/servers.html.
E-mail is the topic for chapter nine, which provides an overview of
how e-mail works, the different components used to send, receive and read messages, and a section on how
to write your own Procmail scripts to help filter out unwanted messages. The author briefly covers Mutt
and PINE as well as how to setup both clients to use PGP.
For the server side of e-mail, the author covers how to configure Sendmail and Postfix, both of which
are considered mail transfer agents (or MTA), along with POP
and IMAP dæmons and using Fetchmail to
retrieve messages from remote servers. qmail users will have to look elsewhere, such as Dave Sill's
"Life with qmail" or
"The qmail Handbook". The author does a good job
at explaining the configuration options and setup of Sendmail, Postfix and Procmail without going too
deep into cryptic rules and recipes. I did notice two minor errors/typos in the chapter: the first one
is on page 523 in Figure 9-1 where the author wrote "incomming" which should be
"incoming". The second mistake is in the Sendmail section of the chapter on page 546 in Table
9-3 where the author stated that FreeBSD's syslog mail facility messages go to
/var/adm/messages; the messages actually go into the /var/log/maillog file.
Almost everything the reader ever wants to know about the different filesystems used by the different operating systems, disks and data backup except for the neat trick of backing everything up to /dev/null to speed up data backup jobs (okay, that last part is a joke, don't ever do that for a real data backup job!) is covered in chapters ten and eleven. Chapter ten starts off with a look at the history of the UNIX filesystems and an overview of the different filesystems (and their respective monikers) along with supported features used by the different operating systems. Filesystem management, checking, basic repairing steps, mounting and unmounting filesystems, and working with disks and partitions span the second section of the chapter. The bulk of the chapter is dedicated to volume management (including setting up RAID arrays) tools provided by each of the covered operating systems, including: Tru64's Logical Storage Manager, Solaris' Volume Manager, and FreeBSD's Vinum Volume Manager. The chapter wraps up with a look at removable media, exporting and importing shares via NFS, using Samba to share out files to Windows servers, and connecting to either Samba or Windows file shares in Linux and FreeBSD.
After reading about filesystems and working with data, it is logical to follow up the discussion with a
look at backing up and restoring data in case of accidentally deleted files or worse, a corrupt filesystem
or after rebuilding a system from a major crash. Chapter eleven starts off with a list of answers to
common questions regarding backing up and restoring data, insights on planning data backup jobs and
considerations that one should make when choosing how to backup data and what to do with the archived and
backed up data. The author also compares different backup media, examining physical characteristics, storage
capacity and the lifetime of media including tape cartridges, optical media (such as CD-R and DVD
Recordables), hard drives, and other media or media sets. The remainder of the chapter covers the different
tape device nodes used by the different operating systems, using common backup and restore utilities
(tar, dump, restore, cpio, pax, dd, and operating
system specific tools), a good overview of the
Amanda backup solution,
and how to backup and restore system files including a brief look at how to create a Fixit floppy.
Consoles, terminals and serial devices under UNIX are things that many people don't think about very often
but understanding them can be a life saver in some cases. Chapter twelve covers those three topics as well
as setting up HylaFAX for faxing and touches upon USB support. The first portion of the chapter goes into
the different device nodes and files used to reference both physical and virtual, or pseudo,
terminals, how to configure all or specific terminals through either the BSD-style /etc/termcap
and /etc/ttys, or System V's terminfo and /etc/gettytab configuration files, and
changing terminal properties once logged in using tset and stty. The author also discusses
the different kinds of serial connectors, the wiring of straight-through and null modem cables, and Solaris'
way of managing terminals by way of the Service Access Facility. Rounding out the chapter is a look at
setting up HylaFAX to send/receive faxes, what USB is, and how to enable support for USB under FreeBSD,
Linux and Solaris. The one thing that some will find missing from the chapter is the discussion on
connecting to devices through serial ports, plus setting up and using
PPP for dial-up services. Neither of those topics are
discussed in any detail (with the exception of a couple of references to dial-up networking and PPP
passwords supported by a couple of operating systems), which leaves me a little empty after reading the
chapter.
Chapter thirteen takes a look at printing and spooling under UNIX, mostly covering the standard BSD, System V and AIX spooling systems as well as the more recent ones: CUPS and LPRng. The author covers the basics steps of setting up printers and filters (be it local or remote), printing, managing print queues and spool dæmon, and working with user commands for five different systems. In addition, the author also slightly touches on using LPD printing under Windows, sharing printers out using Samba, and managing fonts under X Windows. The last bit may seem out of place at first, but getting certain font types to print (TrueType fonts in particular) isn't exactly the easiest thing to get working on one's first try. Ghostscript is only mentioned a couple of times in the chapter but its setup and configuration is not discussed in the chapter.
Automation is one aspect of system administration that will not only save you from repeating many mundane
tasks day after day but can also reduce the chance of human error (that is, once you work the bugs out).
Chapter fourteen introduces the aspect of shell scripts and toolkits that can be used to help automate
some to many of the tasks a sysadmin has to do on a system. In the shell script section of the chapter,
the author provides a couple of basic yet potentially useful Bourne and C shell scripts to do tasks like
checking differences between the current and a previous copy of /etc/passwd (which is done as
part of one of the FreeBSD periodic scripts) and making a backup key portions of a system. The
author also gives tips on how to help test and debug scripts. After covering Bourne and C shell scripts,
the author covers the basics of writing Perl script including how to create GUI interfaces for Perl
using Tk and using Expect to automate tasks that require use of an interactive program. The chapter
rounds out with a look at using Cfengine to programmatically configure and maintain a system's
configuration, using Stem to create basic client/server programs, and a brief look at C programming and
writing a man page. Like the other topics in the book, this chapter only provides a very basic overview
of programming (either with shell scripts or creating simple graphical tools) and should not be viewed as
a complete beginner's guide to the respective languages. If you want to really get into shell or Perl
programming, I'd recommend on checking out other books available such as
Learning Perl (also known as the "Camel"
book). Although not mentioned in the book, there are many other programming languages that would work
quite well for sysadmin tasks like Python,
Ruby, and the standalone version of PHP.
Once a system is up and running in a production environment with users and applications, making sure
that the system doesn't run out of resources like memory and disk space is very important. In chapter
fifteen, the author takes a look at utilities to monitor and manage different aspects of system usage,
and some ways to make more efficient use of system resources. The system resources covered in the chapter
are: overall system performance, processor, memory and virtual memory, disk space and I/O, and network.
Throughout the chapter, the author provides steps and insights into finding out how much of a system
resource is being used, how to find out when a resource is beginning to run out, and some ways to
remedy the situation. Also covered in the chapter are ways to limit usage of specific system resources
by using built-in facilities like disk quotas, limit options in shells, using nice set the
CPU priority for a process, and the schedulers included in AIX and Solaris.
Chapter sixteen is something that many FreeBSD users are fairly accustomed to—building a custom kernel. The chapter covers the steps for configuring, tuning and building a custom kernel for FreeBSD, Tru64 UNIX, HP-UX and Linux, as well as loadable kernel modules used in the different systems. Also covered is how to set system parameters in AIX and working with FreeBSD and Linux boot loaders. Unlike other documentation, Complete FreeBSD and The FreeBSD Handbook in particular, the coverage on building a custom kernel under FreeBSD is limited to installing the kernel source, how to make a new kernel configuration file, a brief look at the file syntax and a handful of options, and compiling a new kernel. Although it's barely enough to introduce the reader to the steps in building a kernel, it definitely lacks in giving any handholding or explanation of the different parts of a kernel configuration file. The same also goes with building a custom Linux kernel.
Accounting is probably one of the last things anyone wants to hear after the accounting problems in 2002, but under UNIX it is quite useful in trying to figure out how much of the server's resources are being used by whom. Both the BSD-style and System V-style account systems are covered in chapter seventeen, including their tools and facilities, along with setting up LPRng and BSD-style printing system accounting.
The book's Afterword, or chapter eighteen according to the footer on page 1070, talks about The System Administrators Guild, SAGE, USENIX and a humorous look at the virtues of sysadmins. The two virtues that got me laughing out loud are:
- Patience
- Remaining capable of waiting until the final sendmail configuration bug is fixed.
- Laziness
- Writing a 250-line Perl script to avoid typing 15 characters.
The book's appendix takes an additional look at creating shell scripts for the Bourne shell
(sh). The author explains the basic concepts and abilities of a Bourne shell script, such as:
using pipes and redirects, exit codes, capturing command output with "`",
variables, substitutions, using control blocks (if, while, case and for), and other useful built-in
commands. The appendix provides a nice start into shell script programming for the reader and doesn't
go into any additional extensions to the basic Bourne shell or combines other Bourne-like shells
(Bourne-again and Korn) to confuse the reader.
In summary, I think that the author did a good job with covering a large number of topics and components of UNIX and the covered operating systems. It is very nice to see that FreeBSD finally made the list of operating systems and was given about the same amount of coverage as most of the other systems. There were some errors and typos in the book, some regarding to FreeBSD, as well as some topics that were absent or barely covered.
For someone who has some experience with FreeBSD, Linux and/or another UNIX operating system and wants to get into the world of system administration, I would recommend this book not only for the coverage of multiple operating systems but also for the insight provided on security and overall system management. It would also be a good read for those who want or need to work in an environment that has several varieties of UNIX. For those already experienced in system administration, I would still recommend on taking a look through the book. It's probably a book that I wouldn't recommend stuffing into your day bag or backpack on a daily basis since it isn't exactly the thinnest book out there. If you are looking for a book that you could reference while on the go, I would recommend on taking a look at the mini-review for Essential System Administration Pocket Reference.
Article copyright © 2003–2010 Linh Pham. All rights reserved. Re-production of portions of this work, or its entirety, requires permission of the copyright holder.