From 2c08768a963fea84834b4376bb8c6d59b5ede08d Mon Sep 17 00:00:00 2001 From: Petr Bokoc Date: Nov 15 2018 22:10:28 +0000 Subject: Fix a whole bunch of xrefs --- diff --git a/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc b/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc index 4b52e23..522c8c5 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc @@ -110,7 +110,7 @@ To conditionally restart the server, as `root` type: [command]#systemctl condrestart vsftpd.service# ---- -By default, the [command]#vsftpd# service does *not* start automatically at boot time. To configure the [command]#vsftpd# service to start at boot time, use a service manager such as [command]#systemctl#. See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. +By default, the [command]#vsftpd# service does *not* start automatically at boot time. To configure the [command]#vsftpd# service to start at boot time, use a service manager such as [command]#systemctl#. See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s3-ftp-firewalld]] ==== Configuring the Firewall for FTP diff --git a/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc b/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc index aaa5d8f..ae994ba 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc @@ -125,7 +125,7 @@ For example, to perform the basic LDAP server installation, type the following a ~]#{nbsp}dnf install openldap openldap-clients openldap-servers ---- -Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. [[s3-ldap-packages-openldap-servers]] ==== Overview of OpenLDAP Server Utilities @@ -765,7 +765,7 @@ The [option]`-P` option makes this setting persistent across system reboots. See [[s2-ldap-running]] === Running an OpenLDAP Server indexterm:[slapd,OpenLDAP] -This section describes how to start, stop, restart, and check the current status of the [application]*Standalone LDAP Daemon*. For more information on how to manage system services in general, see xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. +This section describes how to start, stop, restart, and check the current status of the [application]*Standalone LDAP Daemon*. For more information on how to manage system services in general, see xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[s3-ldap-running-starting]] ==== Starting the Service @@ -784,7 +784,7 @@ To configure the service to start automatically at the boot time, use the follow ~]#{nbsp}systemctl enable slapd.service ---- -See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. +See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s3-ldap-running-stopping]] ==== Stopping the Service @@ -804,7 +804,7 @@ To prevent the service from starting automatically at the boot time, type as `ro rm '/etc/systemd/system/multi-user.target.wants/slapd.service' ---- -See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. +See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s3-ldap-running-restarting]] ==== Restarting the Service diff --git a/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc b/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc index 2509c64..86d806d 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc @@ -182,7 +182,7 @@ Note that in order to add a Samba printer, you need to have the [package]*samba- [command]#dnf install samba-client# ---- -For more information on installing packages with DNF, refer to xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, refer to xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== diff --git a/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc b/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc index 1f46555..8e0dbd2 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc @@ -15,7 +15,7 @@ In order to use [application]*Samba*, first ensure the [package]*samba* package ~]#{nbsp}dnf install samba ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -147,7 +147,7 @@ The [application]*mount.cifs* utility is a separate RPM (independent from Samba) ~]#{nbsp}dnf install cifs-utils ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. Note that the [package]*cifs-utils* package also contains the [application]*cifs.upcall* binary called by the kernel in order to perform kerberized CIFS mounts. For more information on [application]*cifs.upcall*, see the *cifs.upcall*(8) manual page. @@ -296,7 +296,7 @@ By default, the `smb` service does *not* start automatically at boot time. To co ~]#{nbsp}systemctl enable smb.service ---- -See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information regarding this tool. +See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information regarding this tool. [[sect-Samba-Server_Types_and_the_smb.conf_File]] === Samba Server Types and the `smb.conf` File @@ -801,11 +801,11 @@ Plain Text:: Plain text back ends are nothing more than the `/etc/passwd` type + The `tdbsam` back end is recommended for 250 users at most. Larger organizations should require Active Directory or LDAP integration due to scalability and possible network infrastructure concerns. -`ldapsam`:: The `ldapsam` back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as the [application]*Red{nbsp}Hat Directory Server* or an [application]*OpenLDAP Server*. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. Installation and configuration of directory servers is beyond the scope of this chapter. For more information on the [application]*Red{nbsp}Hat Directory Server*, see the [citetitle]_link:++https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/deployment_guide/index++[Red Hat Directory Server 10 Deployment Guide]_. For more information on LDAP, see xref:Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. +`ldapsam`:: The `ldapsam` back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as the [application]*Red{nbsp}Hat Directory Server* or an [application]*OpenLDAP Server*. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. Installation and configuration of directory servers is beyond the scope of this chapter. For more information on the [application]*Red{nbsp}Hat Directory Server*, see the [citetitle]_link:++https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/deployment_guide/index++[Red Hat Directory Server 10 Deployment Guide]_. For more information on LDAP, see xref:servers/Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. + If you are upgrading from a previous version of Samba to 3.0, note that the OpenLDAP schema file (`/usr/share/doc/samba-_version_pass:attributes[{blank}]/LDAP/samba.schema`) and the Red{nbsp}Hat Directory Server schema file (`/usr/share/doc/samba-_version_pass:attributes[{blank}]/LDAP/samba-schema-FDS.ldif`) have changed. These files contain the _attribute syntax definitions_ and _objectclass definitions_ that the `ldapsam` back end needs in order to function properly. + -As such, if you are using the `ldapsam` back end for your Samba server, you will need to configure `slapd` to include one of these schema file. See xref:Directory_Servers.adoc#s3-ldap-configuration-schema[Extending Schema] for directions on how to do this. +As such, if you are using the `ldapsam` back end for your Samba server, you will need to configure `slapd` to include one of these schema file. See xref:servers/Directory_Servers.adoc#s3-ldap-configuration-schema [Extending Schema] for directions on how to do this. + .Make sure the openldap-servers package is installed [NOTE] diff --git a/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc b/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc index 72ab9e5..2fc2b07 100644 --- a/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc +++ b/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc @@ -131,7 +131,7 @@ This section describes how to start, stop, restart, and check the current status For more information on the concept of targets and how to manage system services in {MAJOROS} in general, see //link to systemd section when ready - xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. + xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[s3-apache-running-starting]] ==== Starting the Service @@ -2348,7 +2348,7 @@ Due to the SSL3.0 protocol vulnerability CVE-2014-3566, described in link:++http [[s3-apache-Enabling_and_Disabling_SSL_and_TLS_in_mod_ssl]] ==== Enabling and Disabling SSL and TLS in mod_ssl -To disable and enable specific versions of the SSL and TLS protocol, either do it globally by adding the [command]#SSLProtocol# directive in the "## SSL Global Context" section of the configuration file and removing it everywhere else, or edit the default entry under "# SSL Protocol support" in all "VirtualHost" sections. If you do not specify it in the per-domain VirtualHost section then it will inherit the settings from the global section. To make sure that a protocol version is being disabled the administrator should either *only* specify [command]#SSLProtocol# in the "SSL Global Context" section, or specify it in *all* per-domain VirtualHost sections. +To disable and enable specific versions of the SSL and TLS protocol, either do it globally by adding the [command]#SSLProtocol# directive in the "\#\# SSL Global Context" section of the configuration file and removing it everywhere else, or edit the default entry under "\# SSL Protocol support" in all "VirtualHost" sections. If you do not specify it in the per-domain VirtualHost section then it will inherit the settings from the global section. To make sure that a protocol version is being disabled the administrator should either *only* specify [command]#SSLProtocol# in the "SSL Global Context" section, or specify it in *all* per-domain VirtualHost sections. [[proc-Disable_SSLv2_and_SSLv3]] .Disable SSLv2 and SSLv3 diff --git a/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc b/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc index 56aee45..7fc7bdc 100644 --- a/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc +++ b/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc @@ -196,7 +196,7 @@ To enable automatic synchronization of the system clock with a remote server, ty ~]#{nbsp}timedatectl set-ntp yes ---- -The command will fail if an `NTP` service is not installed. See xref:../servers/Configuring_NTP_Using_the_chrony_Suite.adoc#sect-Installing_chrony[Installing chrony] for more information. +The command will fail if an `NTP` service is not installed. See xref:servers/Configuring_NTP_Using_the_chrony_Suite.adoc#sect-Installing_chrony[Installing chrony] for more information. ==== @@ -357,7 +357,7 @@ Precision Time Protocol (PTP), the kernel automatically synchronizes the hardwar ==== -For details about NTP, see xref:../servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] and xref:../servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd]. For information about PTP, see xref:../servers/Configuring_PTP_Using_ptp4l.adoc#ch-Configuring_PTP_Using_ptp4l[Configuring PTP Using ptp4l]. For information about setting the hardware clock after executing [application]*ntpdate*, see xref:../servers/Configuring_NTP_Using_ntpd.adoc#s1-Configuring_the_Hardware_Clock_update[Configuring the Hardware Clock Update]. +For details about NTP, see xref:servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] and xref:servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd]. For information about PTP, see xref:servers/Configuring_PTP_Using_ptp4l.adoc#ch-Configuring_PTP_Using_ptp4l[Configuring PTP Using ptp4l]. For information about setting the hardware clock after executing [application]*ntpdate*, see xref:servers/Configuring_NTP_Using_ntpd.adoc#s1-Configuring_the_Hardware_Clock_update[Configuring the Hardware Clock Update]. [[sect2-displaying-time-hwclock]] === Displaying the Current Date and Time @@ -473,4 +473,4 @@ For more information on how to configure the date and time in {MAJOROSVER}, see .See Also -* xref:System_Locale_and_Keyboard_Configuration.adoc#ch-System_Locale_and_Keyboard_Configuration[System Locale and Keyboard Configuration] documents how to configure the keyboard layout. +* xref:basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc#ch-System_Locale_and_Keyboard_Configuration[System Locale and Keyboard Configuration] documents how to configure the keyboard layout. diff --git a/modules/system-administrators-guide/pages/basic-system-configuration/Gaining_Privileges.adoc b/modules/system-administrators-guide/pages/basic-system-configuration/Gaining_Privileges.adoc index daa2db6..dd8c709 100644 --- a/modules/system-administrators-guide/pages/basic-system-configuration/Gaining_Privileges.adoc +++ b/modules/system-administrators-guide/pages/basic-system-configuration/Gaining_Privileges.adoc @@ -37,7 +37,7 @@ You can also use the [application]*Users* settings tool to modify group membersh . Change the Account Type from `Standard` to `Administrator`. This will add the user to the `wheel` group. -See xref:Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment] for more information about the [application]*Users* tool. +See xref:basic-system-configuration/Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment] for more information about the [application]*Users* tool. After you add the desired users to the `wheel` group, it is advisable to only allow these specific users to use the [command]#su# command. To do this, edit the PAM configuration file for [command]#su#, `/etc/pam.d/su`. Open this file in a text editor and uncomment the following line by removing the `#` character: @@ -76,7 +76,7 @@ Each successful authentication using the [command]#sudo# command is logged to th [subs="macros"] ---- session required pam_tty_audit.so disable=pass:quotes[_pattern_] enable=pass:quotes[_pattern_] - + ---- where _pattern_ represents a comma-separated listing of users with an optional use of globs. For example, the following configuration will enable TTY auditing for the `root` user and disable it for all other users: @@ -154,4 +154,4 @@ While programs allowing users to gain administrative privileges are a potential .See Also -* xref:Managing_Users_and_Groups.adoc#ch-Managing_Users_and_Groups[Managing Users and Groups] documents how to manage system users and groups in the graphical user interface and on the command line. +* xref:basic-system-configuration/Managing_Users_and_Groups.adoc#ch-Managing_Users_and_Groups[Managing Users and Groups] documents how to manage system users and groups in the graphical user interface and on the command line. diff --git a/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc b/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc index 0e3b750..cab4d70 100644 --- a/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc +++ b/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc @@ -72,7 +72,7 @@ When a new user is created, the account is disabled until a password is set. The [[s1-users-tools]] == Using Command Line Tools indexterm:[users,tools for management of,useradd]indexterm:[users,tools for management of,the Users setting tool]indexterm:[groups,tools for management of,groupadd] -Apart from the [application]*Users* settings tool described in xref:Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment], which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in xref:Managing_Users_and_Groups.adoc#table-users-tools[Command line utilities for managing users and groups]. +Apart from the [application]*Users* settings tool described in xref:basic-system-configuration/Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment], which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in xref:Managing_Users_and_Groups.adoc#table-users-tools[Command line utilities for managing users and groups]. [[table-users-tools]] .Command line utilities for managing users and groups @@ -351,7 +351,7 @@ Especially when the user is logged in as `root`, an unattended login session may [command]#dnf# [option]`install` [option]`screen` ---- + -For more information on how to install packages in {MAJOROS}, refer to xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on how to install packages in {MAJOROS}, refer to xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. . As `root`, add the following line at the beginning of the `/etc/profile` file to make sure the processing of this file cannot be interrupted: + diff --git a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc index 0d62bc4..c3821c3 100644 --- a/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc +++ b/modules/system-administrators-guide/pages/infrastructure-services/OpenSSH.adoc @@ -187,7 +187,7 @@ indexterm:[OpenSSH,server] [NOTE] ==== -To run an OpenSSH server, you must have the [package]*openssh-server* package installed. See xref:../package-management/DNF.adoc#sec-Installing[Installing Packages] for more information on how to install new packages in {MAJOROSVER}. +To run an OpenSSH server, you must have the [package]*openssh-server* package installed. See xref:package-management/DNF.adoc#sec-Installing[Installing Packages] for more information on how to install new packages in {MAJOROSVER}. ==== indexterm:[OpenSSH,server,starting] @@ -213,7 +213,7 @@ If you want the daemon to start automatically at the boot time, type as `root`: ln -s '/usr/lib/systemd/system/sshd.service' '/etc/systemd/system/multi-user.target.wants/sshd.service' ---- -See xref:Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. +See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. Note that if you reinstall the system, a new set of identification keys will be created. As a result, clients who had connected to the system with any of the OpenSSH tools before the reinstall will see the following message: @@ -254,7 +254,7 @@ To disable running these services at startup, type: [command]#systemctl disable vsftpd.service# ---- -See xref:Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. +See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. [[s2-ssh-configuration-keypairs]] === Using Key-based Authentication @@ -1031,7 +1031,7 @@ indexterm:[OpenSSH,client] [NOTE] ==== -To connect to an OpenSSH server from a client machine, you must have the [package]*openssh-clients* package installed. See xref:../package-management/DNF.adoc#sec-Installing[Installing Packages] for more information on how to install new packages in {MAJOROSVER}. +To connect to an OpenSSH server from a client machine, you must have the [package]*openssh-clients* package installed. See xref:package-management/DNF.adoc#sec-Installing[Installing Packages] for more information on how to install new packages in {MAJOROSVER}. ==== diff --git a/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc b/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc index 998d5d9..a5b1534 100644 --- a/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc +++ b/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc @@ -51,7 +51,7 @@ To install the [application]*TigerVNC* server, issue the following command as `r ---- ~]#{nbsp}pass:quotes[`cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@.service`] - + ---- + There is no need to include the display number in the file name because `systemd` automatically creates the appropriately named instance in memory on demand, replacing `'%i'` in the service file by the display number. For a single user it is not necessary to rename the file. For multiple users, a uniquely named service file for each user is required, for example, by adding the user name to the file name in some way. See xref:TigerVNC.adoc#configuring-vncserver-2users[Configuring VNC Server for Two Users] for details. @@ -67,7 +67,7 @@ be created; by default, it is set to `1024x768`. ExecStart=/sbin/runuser -l _USER_ -c "/usr/bin/vncserver %i -geometry 1280x1024" PIDFile=/home/pass:attributes[{blank}]_USER_pass:attributes[{blank}]/.vnc/%H%i.pid - + ---- . Save the changes. @@ -81,7 +81,7 @@ PIDFile=/home/pass:attributes[{blank}]_USER_pass:attributes[{blank}]/.vnc/%H%i.p ---- -. Set the password for the user or users defined in the configuration file. Note +. Set the password for the user or users defined in the configuration file. Note that you need to switch from `root` to _USER_ first. + [subs="macros, attributes"] @@ -369,7 +369,7 @@ ExecStart=/sbin/runuser -l _user_ -c "/usr/bin/vncserver -localhost %i" This will stop `vncserver` from accepting connections from anything but the local host and port-forwarded connections sent using `SSH` as a result of the [option]`-via` option. -For more information on using `SSH`, see xref:OpenSSH.adoc#ch-OpenSSH[OpenSSH]. +For more information on using `SSH`, see xref:infrastructure-services/OpenSSH.adoc#ch-OpenSSH[OpenSSH]. [[s9-additional-sources]] == Additional Resources diff --git a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc index db7708d..8b1a354 100644 --- a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc +++ b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc @@ -20,7 +20,7 @@ Whenever possible, use either the [application]*DNF* or [application]*PackageKit ==== indexterm:[kernel,installing kernel packages] -For more information on installing kernel packages with [application]*DNF*, see xref:../package-management/DNF.adoc#sec-Updating_Packages[Updating Packages]. +For more information on installing kernel packages with [application]*DNF*, see xref:package-management/DNF.adoc#sec-Updating_Packages[Updating Packages]. [[s1-kernel-packages]] == Overview of Kernel Packages @@ -166,7 +166,7 @@ At a shell prompt, change to the directory that contains the kernel RPM packages ~]#{nbsp}rpm -ivh kernel-kernel_version.arch.rpm ---- -The next step is to verify that the initial RAM disk image has been created. See xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image] for details. +The next step is to verify that the initial RAM disk image has been created. See xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image] for details. [[sec-Verifying_the_Initial_RAM_Disk_Image]] == Verifying the Initial RAM Disk Image @@ -347,7 +347,7 @@ The kernel version number as given on the `linux /vmlinuz-_kernel_version_pass:a In `menuentry` blocks, the `initrd` directive must point to the location (relative to the `/boot` directory if it is on a separate partition) of the `initramfs` file corresponding to the same kernel version. This directive is called `initrd` because the previous tool which created initial RAM disk images, [command]#mkinitrd#, created what were known as `initrd` files. The `grub.cfg` directive remains `initrd` to maintain compatibility with other tools. The file-naming convention of systems using the [command]#dracut# utility to create the initial RAM disk image is `initramfs-_kernel_version_.img`. -For information on using [application]*Dracut*, refer to xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. +For information on using [application]*Dracut*, refer to xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. ==== diff --git a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc index 694cc61..970ad91 100644 --- a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc +++ b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc @@ -35,7 +35,7 @@ In order to use the kernel module utilities described in this chapter, first ens ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== diff --git a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc index e5eebce..ce0ac3c 100644 --- a/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc +++ b/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc @@ -43,14 +43,14 @@ menuentry 'Fedora, with Linux 3.17.4-301.fc21.x86_64' --class fedora --class gnu Each `menuentry` block that represents an installed Linux kernel contains `linux` on 64-bit IBM POWER Series, `linux16` on x86_64 BIOS-based systems, and `linuxefi` on UEFI-based systems. Then the `initrd` directives followed by the path to the kernel and the `initramfs` image respectively. If a separate `/boot` partition was created, the paths to the kernel and the `initramfs` image are relative to `/boot`. In the example above, the `initrd /initramfs-3.17.4-301.fc21.x86_64.img` line means that the `initramfs` image is actually located at `/boot/initramfs-3.17.4-301.fc21.x86_64.img` when the `root` file system is mounted, and likewise for the kernel path. -The kernel version number as given on the `linux16 /vmlinuz-kernel_version` line must match the version number of the `initramfs` image given on the `initrd /initramfs-kernel_version.img` line of each `menuentry` block. For more information on how to verify the initial RAM disk image, see xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. +The kernel version number as given on the `linux16 /vmlinuz-kernel_version` line must match the version number of the `initramfs` image given on the `initrd /initramfs-kernel_version.img` line of each `menuentry` block. For more information on how to verify the initial RAM disk image, see xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. [NOTE] ==== In `menuentry` blocks, the `initrd` directive must point to the location (relative to the `/boot/` directory if it is on a separate partition) of the `initramfs` file corresponding to the same kernel version. This directive is called `initrd` because the previous tool which created initial RAM disk images, [command]#mkinitrd#, created what were known as `initrd` files. The `grub.cfg` directive remains `initrd` to maintain compatibility with other tools. The file-naming convention of systems using the [command]#dracut# utility to create the initial RAM disk image is `initramfs-_kernel_version_.img`. -For information on using [application]*Dracut*, see xref:Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. +For information on using [application]*Dracut*, see xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc#sec-Verifying_the_Initial_RAM_Disk_Image[Verifying the Initial RAM Disk Image]. ==== diff --git a/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc b/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc index 775f74b..a9b8f8d 100644 --- a/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc +++ b/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc @@ -52,7 +52,7 @@ For example, to install both Cron and Anacron, type the following at a shell pro ~]#{nbsp}dnf install cronie cronie-anacron ---- -For more information on how to install new packages in {MAJOROS}, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on how to install new packages in {MAJOROS}, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. [[sect-Cron-Running]] === Running the Crond Service @@ -348,7 +348,7 @@ For example, to install both At and Batch, type the following at a shell prompt: ~]#{nbsp}dnf install at ---- -For more information on how to install new packages in {MAJOROS}, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on how to install new packages in {MAJOROS}, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. [[sect-Atd-Running]] === Running the At Service diff --git a/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc b/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc index 418c209..8bbe467 100644 --- a/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc +++ b/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc @@ -816,12 +816,12 @@ For example, to install the SNMP Agent Daemon and SNMP clients used in the rest ~]# dnf install net-snmp net-snmp-libs net-snmp-utils ---- -Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, refer to xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +Note that you must have superuser privileges (that is, you must be logged in as `root`) to run this command. For more information on how to install new packages in {MAJOROS}, refer to xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. [[sect-System_Monitoring_Tools-Net-SNMP-Running]] === Running the Net-SNMP Daemon -The [package]*net-snmp* package contains `snmpd`, the SNMP Agent Daemon. This section provides information on how to start, stop, and restart the `snmpd` service, and shows how to enable or disable it in the `multi-user` target unit. For more information on the concept of target units and how to manage system services in {MAJOROS} in general, refer to xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. +The [package]*net-snmp* package contains `snmpd`, the SNMP Agent Daemon. This section provides information on how to start, stop, and restart the `snmpd` service, and shows how to enable or disable it in the `multi-user` target unit. For more information on the concept of target units and how to manage system services in {MAJOROS} in general, refer to xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[sect-System_Monitoring_Tools-Net-SNMP-Running-Starting]] ==== Starting the Service diff --git a/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc b/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc index c3ef57a..2b25ada 100644 --- a/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc +++ b/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc @@ -1657,7 +1657,7 @@ Where `1` represents level of verbosity of the output message. This is a forward [[sec-Troubleshooting_Logging_to_a_Server]] == Troubleshooting Logging to a Server -* Ensure the time is correctly set on the systems generating the log messages as well as on any logging servers. See xref:../basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time] for information on checking and setting the time. See xref:../servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] and xref:../servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on using `NTP` to keep the system clock accurately set. +* Ensure the time is correctly set on the systems generating the log messages as well as on any logging servers. See xref:basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time] for information on checking and setting the time. See xref:servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] and xref:servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on using `NTP` to keep the system clock accurately set. * On a logging server, check that the firewall has the appropriate ports open to allow ingress of either `UDP` or `TCP`, depending on what traffic and port the sending systems are configured to use. For example: @@ -2015,7 +2015,7 @@ In order to use the [application]*System Log*, first ensure the [package]*gnome- ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== diff --git a/modules/system-administrators-guide/pages/package-management/DNF.adoc b/modules/system-administrators-guide/pages/package-management/DNF.adoc index 7c7b8cd..7ac95cc 100644 --- a/modules/system-administrators-guide/pages/package-management/DNF.adoc +++ b/modules/system-administrators-guide/pages/package-management/DNF.adoc @@ -12,7 +12,7 @@ include::{partialsdir}/entities.adoc[] [IMPORTANT] ==== -DNF provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (package sources), or for individual repositories. When signature verification is enabled, DNF will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the [application]*RPM* packages you download and install on your system are from a trusted source, such as {OSORG}, and were not modified during transfer. See xref:DNF.adoc#sec-Configuring_DNF_and_DNF_Repositories[Configuring DNF and DNF Repositories] for details on enabling signature-checking with DNF, or xref:../RPM.adoc#s1-check-rpm-sig[Checking Package Signatures] for information on working with and verifying GPG-signed [application]*RPM* packages in general. +DNF provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (package sources), or for individual repositories. When signature verification is enabled, DNF will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the [application]*RPM* packages you download and install on your system are from a trusted source, such as {OSORG}, and were not modified during transfer. See xref:DNF.adoc#sec-Configuring_DNF_and_DNF_Repositories[Configuring DNF and DNF Repositories] for details on enabling signature-checking with DNF, or xref:RPM.adoc#s1-check-rpm-sig[Checking Package Signatures] for information on working with and verifying GPG-signed [application]*RPM* packages in general. ==== @@ -123,7 +123,7 @@ If a transaction does go awry, you can view DNF's transaction history by using t DNF always *installs* a new kernel in the same sense that [application]*RPM* installs a new kernel when you use the command [command]#rpm -i kernel#. Therefore, you do not need to worry about the distinction between *installing* and *upgrading* a kernel package when you use the [command]#dnf# command: it will do the right thing, regardless of whether you are using the [command]#dnf upgrade# or [command]#dnf install# command. -When using [application]*RPM*, on the other hand, it is important to use the [command]#rpm -i kernel# command (which installs a new kernel) instead of [command]#rpm -u kernel# (which *replaces* the current kernel). See xref:../RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for more information on installing and updating kernels with [application]*RPM*. +When using [application]*RPM*, on the other hand, it is important to use the [command]#rpm -i kernel# command (which installs a new kernel) instead of [command]#rpm -u kernel# (which *replaces* the current kernel). See xref:RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for more information on installing and updating kernels with [application]*RPM*. ==== @@ -138,7 +138,7 @@ To update all packages and their dependencies, enter [command]#dnf upgrade# with [[sec-Preserving_Configuration_File_Changes]] === Preserving Configuration File Changes indexterm:[Configuration File Changes] -You will inevitably make changes to the configuration files installed by packages as you use your {MAJOROS} system. [application]*RPM*, which DNF uses to perform changes to the system, provides a mechanism for ensuring their integrity. See xref:../RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for details on how to manage changes to configuration files across package upgrades. +You will inevitably make changes to the configuration files installed by packages as you use your {MAJOROS} system. [application]*RPM*, which DNF uses to perform changes to the system, provides a mechanism for ensuring their integrity. See xref:RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for details on how to manage changes to configuration files across package upgrades. [[sec-Packages_and_Package_Groups]] == Packages and Package Groups @@ -573,7 +573,7 @@ Similar to [command]#install#, [command]#remove# can take these arguments: [WARNING] ==== -DNF is not able to remove a package without also removing packages which depend on it. This type of operation can only be performed by [application]*RPM*, is not advised, and can potentially leave your system in a non-functioning state or cause applications to misbehave and terminate unexpectedly. For further information, refer to xref:../RPM.adoc#s2-rpm-uninstalling[Uninstalling Packages] in the [application]*RPM* chapter. +DNF is not able to remove a package without also removing packages which depend on it. This type of operation can only be performed by [application]*RPM*, is not advised, and can potentially leave your system in a non-functioning state or cause applications to misbehave and terminate unexpectedly. For further information, refer to xref:RPM.adoc#s2-rpm-uninstalling[Uninstalling Packages] in the [application]*RPM* chapter. ==== @@ -734,7 +734,7 @@ The following are the most commonly-used options in the `[main]` section: + If this option is set in the `[main]` section of the `/etc/dnf/dnf.conf` file, it sets the GPG-checking rule for all repositories. However, you can also set [option]`gpgcheck=pass:attributes[{blank}]_value_pass:attributes[{blank}]` for individual repositories instead; you can enable GPG-checking on one repository while disabling it on another. Setting [option]`gpgcheck=pass:attributes[{blank}]_value_pass:attributes[{blank}]` for an individual repository in its corresponding `.repo` file overrides the default if it is present in `/etc/dnf/dnf.conf`. + -For more information on GPG signature-checking, refer to xref:../RPM.adoc#s1-check-rpm-sig[Checking Package Signatures]. +For more information on GPG signature-checking, refer to xref:RPM.adoc#s1-check-rpm-sig[Checking Package Signatures]. [option]`installonlypkgs`pass:attributes[{blank}]=pass:attributes[{blank}]_space_pass:attributes[{blank}] pass:attributes[{blank}]_separated_pass:attributes[{blank}] pass:attributes[{blank}]_list_pass:attributes[{blank}] pass:attributes[{blank}]_of_pass:attributes[{blank}] pass:attributes[{blank}]_packages_:: Here you can provide a space-separated list of packages which [command]#dnf# can *install*, but will never *update*. See the *dnf.conf*(5) manual page for the list of packages which are install-only by default. + diff --git a/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc b/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc index 6b1bb4b..6596eca 100644 --- a/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc +++ b/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc @@ -9,4 +9,4 @@ include::{partialsdir}/entities.adoc[] the most important things to understand is that available RPMs come from the same `/etc/yum.repos.d` sources. -For more information, see the [upstream documentation](https://rpm-ostree.readthedocs.io/en/latest/). +For more information, see the link:https://rpm-ostree.readthedocs.io/en/latest/[upstream documentation]. diff --git a/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc b/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc index 86838fb..e3e3274 100644 --- a/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc +++ b/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc @@ -10,7 +10,7 @@ include::{partialsdir}/entities.adoc[] The _Network Time Protocol_ (*NTP*) enables the accurate dissemination of time and date information in order to keep the time clocks on networked computer systems synchronized to a common reference over the network or the Internet. Many standards bodies around the world have atomic clocks which may be made available as a reference. The satellites that make up the Global Position System contain more than one atomic clock, making their time signals potentially very accurate. Their signals can be deliberately degraded for military reasons. An ideal situation would be where each site has a server, with its own reference clock attached, to act as a site-wide time server. Many devices which obtain the time and date via low frequency radio transmissions or the Global Position System (GPS) exist. However for most situations, a range of publicly accessible time servers connected to the Internet at geographically dispersed locations can be used. These `NTP` servers provide "pass:attributes[{blank}]_Coordinated Universal Time_pass:attributes[{blank}]" (*UTC*). Information about these time servers can found at [citetitle]_www.pool.ntp.org_. -Accurate time keeping is important for a number of reasons in IT. In networking for example, accurate time stamps in packets and logs are required. Logs are used to investigate service and security issues and so time stamps made on different systems must be made by synchronized clocks to be of real value. As systems and networks become increasingly faster, there is a corresponding need for clocks with greater accuracy and resolution. In some countries there are legal obligations to keep accurately synchronized clocks. Please see [citetitle]_www.ntp.org_ for more information. In Linux systems, `NTP` is implemented by a daemon running in user space. The default `NTP` user space daemon in {MAJOROSVER} is `chronyd`. It must be disabled if you want to use the `ntpd` daemon. See xref:Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on [application]*chrony*. +Accurate time keeping is important for a number of reasons in IT. In networking for example, accurate time stamps in packets and logs are required. Logs are used to investigate service and security issues and so time stamps made on different systems must be made by synchronized clocks to be of real value. As systems and networks become increasingly faster, there is a corresponding need for clocks with greater accuracy and resolution. In some countries there are legal obligations to keep accurately synchronized clocks. Please see [citetitle]_www.ntp.org_ for more information. In Linux systems, `NTP` is implemented by a daemon running in user space. The default `NTP` user space daemon in {MAJOROSVER} is `chronyd`. It must be disabled if you want to use the `ntpd` daemon. See xref:servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on [application]*chrony*. The user space daemon updates the system clock, which is a software clock running in the kernel. Linux uses a software clock as its system clock for better resolution than the typical embedded hardware clock referred to as the "pass:attributes[{blank}]_Real Time Clock_pass:attributes[{blank}]" *(RTC)*. See the `rtc(4)` and `hwclock(8)` man pages for information on hardware clocks. The system clock can keep time by using various clock sources. Usually, the _Time Stamp Counter_ (*TSC*) is used. The TSC is a CPU register which counts the number of cycles since it was last reset. It is very fast, has a high resolution, and there are no interrupts. On system start, the system clock reads the time and date from the RTC. The time kept by the RTC will drift away from actual time by up to 5 minutes per month due to temperature variations. Hence the need for the system clock to be constantly synchronized with external time references. When the system clock is being synchronized by `ntpd`, the kernel will in turn update the RTC every 11 minutes automatically. @@ -58,7 +58,7 @@ This implementation of `NTP` enables sub-second accuracy to be achieved. Over th The `NTP` protocol provides additional information to improve accuracy. Four time stamps are used to allow the calculation of round-trip time and server response time. In order for a system in its role as `NTP` client to synchronize with a reference time server, a packet is sent with an "originate time stamp". When the packet arrives, the time server adds a "receive time stamp". After processing the request for time and date information and just before returning the packet, it adds a "transmit time stamp". When the returning packet arrives at the `NTP` client, a "receive time stamp" is generated. The client can now calculate the total round trip time and by subtracting the processing time derive the actual traveling time. By assuming the outgoing and return trips take equal time, the single-trip delay in receiving the `NTP` data is calculated. The full `NTP` algorithm is much more complex than presented here. -When a packet containing time information is received it is not immediately responded to, but is first subject to validation checks and then processed together with several other time samples to arrive at an estimate of the time. This is then compared to the system clock to determine the time offset, the difference between the system clock's time and what `ntpd` has determined the time should be. The system clock is adjusted slowly, at most at a rate of 0.5ms per second, to reduce this offset by changing the frequency of the counter being used. It will take at least 2000 seconds to adjust the clock by 1 second using this method. This slow change is referred to as slewing and cannot go backwards. If the time offset of the clock is more than 128ms (the default setting), `ntpd` can "step" the clock forwards or backwards. If the time offset at system start is greater than 1000 seconds then the user, or an installation script, should make a manual adjustment. See xref:../basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time]. With the [option]`-g` option to the [command]#ntpd# command (used by default), any offset at system start will be corrected, but during normal operation only offsets of up to 1000 seconds will be corrected. +When a packet containing time information is received it is not immediately responded to, but is first subject to validation checks and then processed together with several other time samples to arrive at an estimate of the time. This is then compared to the system clock to determine the time offset, the difference between the system clock's time and what `ntpd` has determined the time should be. The system clock is adjusted slowly, at most at a rate of 0.5ms per second, to reduce this offset by changing the frequency of the counter being used. It will take at least 2000 seconds to adjust the clock by 1 second using this method. This slow change is referred to as slewing and cannot go backwards. If the time offset of the clock is more than 128ms (the default setting), `ntpd` can "step" the clock forwards or backwards. If the time offset at system start is greater than 1000 seconds then the user, or an installation script, should make a manual adjustment. See xref:basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time]. With the [option]`-g` option to the [command]#ntpd# command (used by default), any offset at system start will be corrected, but during normal operation only offsets of up to 1000 seconds will be corrected. Some software may fail or produce an error if the time is changed backwards. For systems that are sensitive to step changes in the time, the threshold can be changed to 600s instead of 128ms using the [option]`-x` option (unrelated to the [option]`-g` option). Using the [option]`-x` option to increase the stepping limit from 0.128s to 600s has a drawback because a different method of controlling the clock has to be used. It disables the kernel clock discipline and may have a negative impact on the clock accuracy. The [option]`-x` option can be added to the `/etc/sysconfig/ntpd` configuration file. @@ -70,7 +70,7 @@ The drift file is used to store the frequency offset between the system clock ru [[s1-UTC_timezones_and_DST]] == UTC, Timezones, and DST -As `NTP` is entirely in UTC (Universal Time, Coordinated), Timezones and DST (Daylight Saving Time) are applied locally by the system. The file `/etc/localtime` is a copy of, or symlink to, a zone information file from `/usr/share/zoneinfo`. The RTC may be in localtime or in UTC, as specified by the 3rd line of `/etc/adjtime`, which will be one of LOCAL or UTC to indicate how the RTC clock has been set. Users can easily change this setting using the checkbox `System Clock Uses UTC` in the [application]*Date and Time* graphical configuration tool. See xref:../basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time] for information on how to use that tool. Running the RTC in UTC is recommended to avoid various problems when daylight saving time is changed. +As `NTP` is entirely in UTC (Universal Time, Coordinated), Timezones and DST (Daylight Saving Time) are applied locally by the system. The file `/etc/localtime` is a copy of, or symlink to, a zone information file from `/usr/share/zoneinfo`. The RTC may be in localtime or in UTC, as specified by the 3rd line of `/etc/adjtime`, which will be one of LOCAL or UTC to indicate how the RTC clock has been set. Users can easily change this setting using the checkbox `System Clock Uses UTC` in the [application]*Date and Time* graphical configuration tool. See xref:basic-system-configuration/Configuring_the_Date_and_Time.adoc#ch-Configuring_the_Date_and_Time[Configuring the Date and Time] for information on how to use that tool. Running the RTC in UTC is recommended to avoid various problems when daylight saving time is changed. The operation of `ntpd` is explained in more detail in the man page `ntpd(8)`. The resources section lists useful sources of information. See xref:Configuring_NTP_Using_ntpd.adoc#s1-ntpd_additional-resources[Additional Resources]. diff --git a/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc b/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc index 9ac3f8a..76168b1 100644 --- a/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc +++ b/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc @@ -559,7 +559,7 @@ Notice the section named as follows: [ntp_server pass:quotes[_address_]] ---- -This is an example of an `NTP` server section, "ntp-server.local" is an example of a host name for an `NTP` server on the local LAN. Add more sections as required using a host name or `IP` address as part of the section name. Note that the short polling values in that example section are not suitable for a public server, see xref:Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. +This is an example of an `NTP` server section, "ntp-server.local" is an example of a host name for an `NTP` server on the local LAN. Add more sections as required using a host name or `IP` address as part of the section name. Note that the short polling values in that example section are not suitable for a public server, see xref:servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. Notice the section named as follows: @@ -616,7 +616,7 @@ The section headings and there contents are explained in detail in the `timemast ~]# vi /etc/timemaster.conf ---- -. For each `NTP` server you want to control using [application]*timemaster*, create `[ntp_server _address_pass:attributes[{blank}]]` sections . Note that the short polling values in the example section are not suitable for a public server, see xref:Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. +. For each `NTP` server you want to control using [application]*timemaster*, create `[ntp_server _address_pass:attributes[{blank}]]` sections . Note that the short polling values in the example section are not suitable for a public server, see xref:servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for an explanation of suitable [option]`minpoll` and [option]`maxpoll` values. . To add interfaces that should be used in a domain, edit the `#[ptp_domain 0]` section and add the interfaces. Create additional domains as required. For example: @@ -628,7 +628,7 @@ The section headings and there contents are explained in detail in the `timemast interfaces eth1 ---- -. If required to use `ntpd` as the `NTP` daemon on this system, change the default entry in the `[timemaster]` section from `chronyd` to `ntpd`. See xref:Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on the differences between ntpd and chronyd. +. If required to use `ntpd` as the `NTP` daemon on this system, change the default entry in the `[timemaster]` section from `chronyd` to `ntpd`. See xref:servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on the differences between ntpd and chronyd. . If using `chronyd` as the `NTP` server on this system, add any additional options below the default [option]`include /etc/chrony.conf` entry in the `[chrony.conf]` section. Edit the default [option]`include` entry if the path to `/etc/chrony.conf` is known to have changed. @@ -636,9 +636,9 @@ The section headings and there contents are explained in detail in the `timemast . In the `[ptp4l.conf]` section, add any options to be copied to the configuration file generated for [application]*ptp4l*. This chapter documents common options and more information is available in the `ptp4l(8)` manual page. -. In the `[chronyd]` section, add any command line options to be passed to `chronyd` when called by [application]*timemaster*. See xref:Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on using `chronyd`. +. In the `[chronyd]` section, add any command line options to be passed to `chronyd` when called by [application]*timemaster*. See xref:servers/Configuring_NTP_Using_the_chrony_Suite.adoc#ch-Configuring_NTP_Using_the_chrony_Suite[Configuring NTP Using the chrony Suite] for information on using `chronyd`. -. In the `[ntpd]` section, add any command line options to be passed to `ntpd` when called by [application]*timemaster*. See xref:Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for information on using `ntpd`. +. In the `[ntpd]` section, add any command line options to be passed to `ntpd` when called by [application]*timemaster*. See xref:servers/Configuring_NTP_Using_ntpd.adoc#ch-Configuring_NTP_Using_ntpd[Configuring NTP Using ntpd] for information on using `ntpd`. . In the `[phc2sys]` section, add any command line options to be passed to [application]*phc2sys* when called by [application]*timemaster*. This chapter documents common options and more information is available in the `phy2sys(8)` manual page. diff --git a/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc b/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc index a3778b8..fe29838 100644 --- a/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc +++ b/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc @@ -53,7 +53,7 @@ In order to use [application]*Dovecot*, first ensure the [package]*dovecot* pack ~]#{nbsp}dnf install dovecot ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -202,7 +202,7 @@ Similarly, to disable the service, type the following at a shell prompt: ~]#{nbsp}systemctl disable service ---- -For more information on how to manage system services in {MAJOROSVER}, see xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. +For more information on how to manage system services in {MAJOROSVER}, see xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[s2-email-mta-postfix]] === Postfix @@ -254,21 +254,21 @@ By default, Postfix does not accept network connections from any host other than * Edit the `/etc/postfix/main.cf` file with a text editor, such as [command]#vi#. -* Uncomment the [command]#mydomain# line by removing the hash sign (`#`), and replace _domain.tld_ with the domain the mail server is servicing, such as [command]#example.com#. +* Uncomment the `mydomain` line by removing the hash sign (`#`), and replace _domain.tld_ with the domain the mail server is servicing, such as `example.com`. -* Uncomment the [command]#myorigin = $mydomain# line. +* Uncomment the `myorigin = $mydomain` line. -* Uncomment the [command]#myhostname# line, and replace _host.domain.tld_ with the host name for the machine. +* Uncomment the `myhostname` line, and replace _host.domain.tld_ with the host name for the machine. -* Uncomment the [command]#mydestination = $myhostname, localhost.$mydomain# line. +* Uncomment the `mydestination = $myhostname, localhost.$mydomain` line. -* Uncomment the [command]#mynetworks# line, and replace _168.100.189.0/28_ with a valid network setting for hosts that can connect to the server. +* Uncomment the `mynetworks` line, and replace _168.100.189.0/28_ with a valid network setting for hosts that can connect to the server. -* Uncomment the [command]#inet_interfaces = all# line. +* Uncomment the `inet_interfaces = all` line. -* Comment the [command]#inet_interfaces = localhost# line. +* Comment the `inet_interfaces = localhost` line. -* Restart the [command]#postfix# service. +* Restart the `postfix` service. Once these steps are complete, the host accepts outside emails for delivery. @@ -306,7 +306,7 @@ The `/etc/postfix/ldap-aliases.cf` file can specify various parameters, includin ==== -For more information on `LDAP`, see xref:Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. +For more information on `LDAP`, see xref:servers/Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. [[s2-email-mta-sendmail]] === Sendmail @@ -339,7 +339,7 @@ In order to configure Sendmail, ensure the [package]*sendmail-cf* package is ins ~]#{nbsp}dnf install sendmail-cf ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. Before using Sendmail, the default MTA has to be switched from Postfix. For more information how to switch the default MTA refer to xref:Mail_Servers.adoc#s1-email-mta[Mail Transport Agents]. @@ -543,7 +543,7 @@ Consult `/usr/share/sendmail-cf/README` for detailed `LDAP` routing configuratio Next, recreate the `/etc/mail/sendmail.cf` file by running the [command]#m4# macro processor and again restarting Sendmail. See xref:Mail_Servers.adoc#s3-email-mta-sendmail-changes[Common Sendmail Configuration Changes] for instructions. -For more information on `LDAP`, see xref:Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. +For more information on `LDAP`, see xref:servers/Directory_Servers.adoc#s1-OpenLDAP[OpenLDAP]. [[s2-email-mta-fetchmail]] === Fetchmail @@ -561,7 +561,7 @@ In order to use [application]*Fetchmail*, first ensure the [package]*fetchmail* ~]#{nbsp}dnf install fetchmail ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -947,7 +947,7 @@ In order to use [application]*SpamAssassin*, first ensure the [package]*spamassa ~]#{nbsp}dnf install spamassassin ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ==== @@ -990,7 +990,7 @@ To start the SpamAssassin daemon when the system is booted, run: [command]#systemctl enable spamassassin.service# ---- -See xref:../infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. +See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons] for more information on how to configure services in {MAJOROS}. To configure Procmail to use the SpamAssassin client application instead of the Perl script, place the following line near the top of the `~/.procmailrc` file. For a system-wide configuration, place it in `/etc/procmailrc`: @@ -1072,7 +1072,7 @@ In order to use [command]#stunnel#, first ensure the [package]*stunnel* package ~]#{nbsp}dnf install stunnel ---- -For more information on installing packages with DNF, see xref:../package-management/DNF.adoc#sec-Installing[Installing Packages]. +For more information on installing packages with DNF, see xref:package-management/DNF.adoc#sec-Installing[Installing Packages]. ====