From 4524ec3bb1b7cb7d4bb883a4240e4ff02ea1faea Mon Sep 17 00:00:00 2001 From: ♪ I'm a bot, bot, bot ♪ <_update_docs_trans@sundries01.phx2.fedoraproject.org> Date: Apr 25 2024 22:37:17 +0000 Subject: [it]automatic update of translated content --- diff --git a/it/fedora-coreos/master/modules/ROOT/pages/sysconfig-enabling-wifi.adoc b/it/fedora-coreos/master/modules/ROOT/pages/sysconfig-enabling-wifi.adoc index 76463e1..3607d4c 100644 --- a/it/fedora-coreos/master/modules/ROOT/pages/sysconfig-enabling-wifi.adoc +++ b/it/fedora-coreos/master/modules/ROOT/pages/sysconfig-enabling-wifi.adoc @@ -37,7 +37,7 @@ For new systems the packages can be added using the xref:os-extensions.adoc[Addi An example Butane config that combines the extension and network configuration is shown below. .Butane config for Wi-Fi enablement -[source,yaml,subs="attributes"] +[source, yaml, subs="attributes"] ---- variant: fcos version: {butane-latest-stable-spec} diff --git a/it/fedora-magazine/master/modules/ROOT/pages/editorial-meetings.adoc b/it/fedora-magazine/master/modules/ROOT/pages/editorial-meetings.adoc index f435321..8dc26e9 100644 --- a/it/fedora-magazine/master/modules/ROOT/pages/editorial-meetings.adoc +++ b/it/fedora-magazine/master/modules/ROOT/pages/editorial-meetings.adoc @@ -6,7 +6,7 @@ L'obiettivo di questo incontro è quello di stabilire ed eseguire un programma d :hash: # -Meetings happen every week in the https://matrix.to/#/#magazine:fedoraproject.org?web-instance%5Belement.io%5D=chat.fedoraproject.org[{hash}magazine:fedoraproject.org] Matrix channel on chat.fedoraproject.org. See the https://apps.fedoraproject.org/calendar/meeting/9224/[Fedora Magazine Editorial board meeting] in the Fedora calendar. Meetings are chaired by that week's xref:editor-of-the-week.adoc[Editor of the Week]. If the meeting time changes, be sure to update the link in this paragraph. +Meetings happen every week in the https://matrix.to/#/#meeting-2:fedoraproject.org?web-instance%5Belement.io%5D=chat.fedoraproject.org[{hash}meeting-2:fedoraproject.org] Matrix channel on chat.fedoraproject.org. See the https://calendar.fedoraproject.org/meeting/10800/[Fedora Magazine Editorial board meeting] in the Fedora calendar. Meetings are chaired by that week's xref:editor-of-the-week.adoc[Editor of the Week]. If the meeting time changes, be sure to update the link in this paragraph. == Chairing the meeting diff --git a/it/fedora/f40/antora.yml b/it/fedora/f40/antora.yml index 549865f..5ae6597 100644 --- a/it/fedora/f40/antora.yml +++ b/it/fedora/f40/antora.yml @@ -1,10 +1,9 @@ +--- name: fedora -title: Fedora User Docs -version: f40 -# Remove or set the prerelease key to "False" when promoting this release to stable -prerelease: False nav: -- modules/ROOT/nav.adoc -- modules/release-notes/nav.adoc -#- modules/install-guide/nav.adoc -- modules/system-administrators-guide/nav.adoc + - modules/ROOT/nav.adoc + - modules/release-notes/nav.adoc + - modules/system-administrators-guide/nav.adoc +prerelease: False +title: 'Fedora User Docs' +version: f40 diff --git a/it/fedora/f40/modules/release-notes/pages/developers.adoc b/it/fedora/f40/modules/release-notes/pages/developers.adoc index 91f321b..0f7269b 100644 --- a/it/fedora/f40/modules/release-notes/pages/developers.adoc +++ b/it/fedora/f40/modules/release-notes/pages/developers.adoc @@ -16,4 +16,4 @@ The stack for the PHP programming language interpreter has been upgraded to vers * New `Randomizer::getBytesFromString()` method * Command line linter supports multiple files -For full extent of updates, see the link:https://www.php.net/releases/8.3/en.php[upstream release notes]. \ No newline at end of file +For full extent of updates, see the link:https://www.php.net/releases/8.3/en.php[upstream release notes]. diff --git a/it/fedora/f40/modules/release-notes/pages/index.adoc b/it/fedora/f40/modules/release-notes/pages/index.adoc index 37cf7ee..9476b4d 100644 --- a/it/fedora/f40/modules/release-notes/pages/index.adoc +++ b/it/fedora/f40/modules/release-notes/pages/index.adoc @@ -12,9 +12,7 @@ This document provides the release notes for Fedora Linux {PRODVER}. It describe [TIP] ==== -Have something that should be included in the release notes? -Notice something wrong? -File an issue in the https://gitlab.com/fedora/docs/fedora-linux-documentation/release-notes/-/issues[Release Notes repository]. +Have something that should be included in the release notes? Notice something wrong? File an issue in the https://gitlab.com/fedora/docs/fedora-linux-documentation/release-notes/-/issues[Release Notes repository]. ==== [NOTE] @@ -22,5 +20,5 @@ File an issue in the https://gitlab.com/fedora/docs/fedora-linux-documentation/r Use the sidebar on the left to navigate the Release Notes as well as other documentation for Fedora {PRODVER}. ==== -image:title_logo.svg[Fedora Logo] include::partial$Legal_Notice.adoc[] +image:title_logo.svg[Fedora Logo] diff --git a/it/fedora/f40/modules/release-notes/pages/sysadmin.adoc b/it/fedora/f40/modules/release-notes/pages/sysadmin.adoc index 897c075..be076e5 100644 --- a/it/fedora/f40/modules/release-notes/pages/sysadmin.adoc +++ b/it/fedora/f40/modules/release-notes/pages/sysadmin.adoc @@ -10,14 +10,10 @@ RPM packages use SPDX identifiers for licenses as a standard. 63 % of the packag [[SSSD]] == Support for the `enumeration` feature has been removed for AD and IPA backends -The `enumeration` feature provides the ability to list all users or groups using -`getent passwd` or `getent group' without arguments. Support for the `enumeration` -feature has been removed for AD and FreeIPA providers. +The `enumeration` feature provides the ability to list all users or groups using `getent passwd` or `getent group' without arguments. Support for the `enumeration` feature has been removed for AD and FreeIPA providers. == `sss_ssh_knownhostsproxy` tool will be replaced in future releases -`sss_ssh_knownhostsproxy` tool has been deprecated and will be replaced by a new, more -efficient tool. See link:++https://github.com/SSSD/sssd/issues/5518++[upstream ticket] -for details. +`sss_ssh_knownhostsproxy` tool has been deprecated and will be replaced by a new, more efficient tool. See link:++https://github.com/SSSD/sssd/issues/5518++[upstream ticket] for details. == Removing SSSD `files provider` Previously deprecated SSSD "files provider" feature that allows handling of local users has been removed in Fedora 40. This does not affect default configuration where local users are handled by glibc module (`libnss_files.so.2`), which is most cases. In case of specific configuration that requires SSSD to handle local users (smart card authentication or session recording of local users), switch to `proxy provider` instead. If you fall into one of these use cases, see the link:++https://sssd.io/docs/files-provider-deprecation.html++[upstream documentation] for more details. @@ -62,58 +58,29 @@ For full extent of updates, see the link:https://rocm.docs.amd.com/en/latest/abo == Stratis 3.6 This upgrade includes new releases of stratisd 3.6.7 and stratis-cli 3.6.0. -These releases include a number of improvements, bug fixes, and housekeeping -changes. The following is a brief summary of the changes. - -stratisd 3.6.7 includes a fix to a bug introduced in stratisd 3.6.6 which -caused the stratis-min pool start command to fail if the pool was encrypted -and the password to unlock the pool was specified on the command-line. It -also includes a fix to a bug introduced in stratisd 3.6.4 which prevented -automatically unlocking a pool when mounting a filesystem specified in -/etc/fstab. - -stratisd 3.6.6 fixes a bug where it would be possible to misreport the -PID of an already running instance of stratisd when attempting to start -another instance. It also includes restrictions on the size of the string -values in the Stratis pool-level metadata. - -stratisd 3.6.5 includes a modification to its internal locking mechanism -which allows a lock which does not conflict with a currently held lock to -precede a lock that does. This change relaxes a fairness restriction that -gave precedence to locks based solely on the order in which they had been -placed on a wait queue. - -stratisd 3.6.4 includes a fix for stratisd-min handling of the start command -sent by stratis-min to unencrypted pools. It also captures and logs errors -messages emitted by the thin_check or mkfs.xfs executables. - -stratisd 3.6.3 explicitly sets the nrext64 option to 0 when invoking -mkfs.xfs. A recent version of XFS changed the default for nrext64 to 1. -Explicitly setting the value to 0 prevents stratisd from creating XFS -filesystems that are unmountable on earlier kernels. - -stratisd 3.6.2 includes a fix in the way thin devices are allocated in order -to avoid misalignment of distinct sections of the thin data device. Such -misalignments may result in a performance degradation. - -stratisd 3.6.1 includes a fix to correct a problem where stratisd would fail -to unlock a pool if the pool was encrypted using both Clevis and the kernel -keyring methods but the key in the kernel keyring was unavailable. - -stratisd 3.6.0 extends its functionality to allow a user to set a limit on -the size of a filesystem and includes a number of additional enhancements. - -The stratis-cli 3.6.0 command-line interface has been extended with an -additional option to set the filesystem size limit on creation and two new -filesystem commands, set-size-limit and unset-size-limit, to set or unset the -filesystem size limit after a filesystem has been created. - -All releases include sundry internal improvements, conveniences, and minor -bug fixes. - -Please see -https://github.com/stratis-storage/stratisd/blob/patch-3.6.0/CHANGES.txt[the stratisd changelog] and -https://github.com/stratis-storage/stratis-cli/blob/master/CHANGES.txt[the stratis-cli changelog] for further details. +These releases include a number of improvements, bug fixes, and housekeeping changes. The following is a brief summary of the changes. + +stratisd 3.6.7 includes a fix to a bug introduced in stratisd 3.6.6 which caused the stratis-min pool start command to fail if the pool was encrypted and the password to unlock the pool was specified on the command-line. It also includes a fix to a bug introduced in stratisd 3.6.4 which prevented automatically unlocking a pool when mounting a filesystem specified in /etc/fstab. + +stratisd 3.6.6 fixes a bug where it would be possible to misreport the PID of an already running instance of stratisd when attempting to start another instance. It also includes restrictions on the size of the string values in the Stratis pool-level metadata. + +stratisd 3.6.5 includes a modification to its internal locking mechanism which allows a lock which does not conflict with a currently held lock to precede a lock that does. This change relaxes a fairness restriction that gave precedence to locks based solely on the order in which they had been placed on a wait queue. + +stratisd 3.6.4 includes a fix for stratisd-min handling of the start command sent by stratis-min to unencrypted pools. It also captures and logs errors messages emitted by the thin_check or mkfs.xfs executables. + +stratisd 3.6.3 explicitly sets the nrext64 option to 0 when invoking mkfs.xfs. A recent version of XFS changed the default for nrext64 to 1. Explicitly setting the value to 0 prevents stratisd from creating XFS filesystems that are unmountable on earlier kernels. + +stratisd 3.6.2 includes a fix in the way thin devices are allocated in order to avoid misalignment of distinct sections of the thin data device. Such misalignments may result in a performance degradation. + +stratisd 3.6.1 includes a fix to correct a problem where stratisd would fail to unlock a pool if the pool was encrypted using both Clevis and the kernel keyring methods but the key in the kernel keyring was unavailable. + +stratisd 3.6.0 extends its functionality to allow a user to set a limit on the size of a filesystem and includes a number of additional enhancements. + +The stratis-cli 3.6.0 command-line interface has been extended with an additional option to set the filesystem size limit on creation and two new filesystem commands, set-size-limit and unset-size-limit, to set or unset the filesystem size limit after a filesystem has been created. + +All releases include sundry internal improvements, conveniences, and minor bug fixes. + +Please see https://github.com/stratis-storage/stratisd/blob/patch-3.6.0/CHANGES.txt[the stratisd changelog] and https://github.com/stratis-storage/stratis-cli/blob/master/CHANGES.txt[the stratis-cli changelog] for further details. [[drop-delta-rpms]] diff --git a/it/fedora/f40/modules/release-notes/partials/Feedback.adoc b/it/fedora/f40/modules/release-notes/partials/Feedback.adoc index cb6dc2f..9d68cd1 100644 --- a/it/fedora/f40/modules/release-notes/partials/Feedback.adoc +++ b/it/fedora/f40/modules/release-notes/partials/Feedback.adoc @@ -3,8 +3,7 @@ include::partial$entities.adoc[] == We want feedback -indexterm:[feedback,contact information for this manual] -If you find errors or have suggestions for improvement, we want your advice. Open an issue at {BZURL}. +indexterm:[feedback,contact information for this manual] If you find errors or have suggestions for improvement, we want your advice. Open an issue at {BZURL}. In the issue: diff --git a/it/fedora/f40/modules/release-notes/partials/Legal_Notice.adoc b/it/fedora/f40/modules/release-notes/partials/Legal_Notice.adoc index 4d601d9..b5a89a3 100644 --- a/it/fedora/f40/modules/release-notes/partials/Legal_Notice.adoc +++ b/it/fedora/f40/modules/release-notes/partials/Legal_Notice.adoc @@ -1,7 +1,7 @@ :experimental: -Copyright {YEAR} {HOLDER}. +Copyright {YEAR} {HOLDER}. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution-ShareAlike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at link:++https://creativecommons.org/licenses/by-sa/3.0/++[]. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/RPM.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/RPM.adoc index 445c421..3210217 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/RPM.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/RPM.adoc @@ -3,8 +3,7 @@ include::{partialsdir}/entities.adoc[] [[ch-RPM]] = RPM -indexterm:[RPM Package Manager,RPM]indexterm:[RPM]indexterm:[packages,RPM] -The _RPM Package Manager_ ([application]*RPM*) is an open packaging system that runs on {MAJOROS} as well as other Linux and UNIX systems. Red{nbsp}Hat and the Fedora Project encourage other vendors to use [application]*RPM* for their own products. [application]*RPM* is distributed under the terms of the _GPL_ (_GNU General Public License_). +indexterm:[RPM Package Manager,RPM]indexterm:[RPM]indexterm:[packages,RPM] The _RPM Package Manager_ ([application]*RPM*) is an open packaging system that runs on {MAJOROS} as well as other Linux and UNIX systems. Red{nbsp}Hat and the Fedora Project encourage other vendors to use [application]*RPM* for their own products. [application]*RPM* is distributed under the terms of the _GPL_ (_GNU General Public License_). The [application]*RPM Package Manager* only works with packages built in the *RPM format*. [application]*RPM* itself is provided as the pre-installed [package]*rpm* package. For the end user, [application]*RPM* makes system updates easy. Installing, uninstalling, and upgrading [application]*RPM* packages can be accomplished with short commands. [application]*RPM* maintains a database of installed packages and their files, so you can make queries and verify installed files on your system. There are several applications, such as [application]*DNF* or [application]*PackageKit*, that can make working with packages in the [application]*RPM* format even easier. @@ -12,16 +11,13 @@ The [application]*RPM Package Manager* only works with packages built in the *RP .Use DNF Instead of RPM Whenever Possible [WARNING] ==== -indexterm:[packages,DNF instead of RPM] -For most package-management tasks, the [application]*DNF* package manager offers equal and often greater capabilities and utility than [application]*RPM*. [application]*DNF* also performs and tracks complicated system-dependency resolutions. [application]*DNF* maintains the system integrity and forces a system integrity check if packages are installed or removed using another application, such as [application]*RPM*, instead of [application]*DNF*. For these reasons, it is highly recommended that you use [application]*DNF* instead of [application]*RPM* whenever possible to perform package-management tasks. See xref:package-management/DNF.adoc#ch-DNF[DNF]. +indexterm:[packages,DNF instead of RPM] For most package-management tasks, the [application]*DNF* package manager offers equal and often greater capabilities and utility than [application]*RPM*. [application]*DNF* also performs and tracks complicated system-dependency resolutions. [application]*DNF* maintains the system integrity and forces a system integrity check if packages are installed or removed using another application, such as [application]*RPM*, instead of [application]*DNF*. For these reasons, it is highly recommended that you use [application]*DNF* instead of [application]*RPM* whenever possible to perform package-management tasks. See xref:package-management/DNF.adoc#ch-DNF[DNF]. If you prefer a graphical interface, you can use the [application]*PackageKit* GUI application, which uses [application]*DNF* as its back end, to manage your system's packages. ==== -During upgrades, [application]*RPM* handles configuration files carefully, so that you never lose your customizations — something that you cannot accomplish with regular `.tar.gz` files. -indexterm:[packages,RPM,source and binary packages] -For the developer, [application]*RPM* enables software source code to be packaged into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create. This clear delineation between pristine sources and your patches along with build instructions eases the maintenance of the package as new versions of the software are released. +During upgrades, [application]*RPM* handles configuration files carefully, so that you never lose your customizations — something that you cannot accomplish with regular `.tar.gz` files. indexterm:[packages,RPM,source and binary packages] For the developer, [application]*RPM* enables software source code to be packaged into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create. This clear delineation between pristine sources and your patches along with build instructions eases the maintenance of the package as new versions of the software are released. [[note-Root_Permissions]] .Note @@ -34,8 +30,7 @@ Because [application]*RPM* can make changes to the system itself, performing ope [[s1-rpm-design]] == RPM Design Goals -indexterm:[RPM,design goals] -To understand how to use [application]*RPM*, it is helpful to understand the design goals of [application]*RPM*: +indexterm:[RPM,design goals] To understand how to use [application]*RPM*, it is helpful to understand the design goals of [application]*RPM*: indexterm:[RPM,design goals,upgradability] Upgradability:: With [application]*RPM*, you can upgrade individual components of your system without a complete reinstallation. When you get a new release of an operating system based on [application]*RPM*, such as {MAJOROS}, you do not need to reinstall a fresh copy of the operating system on your machine (as you might need to with operating systems based on other packaging systems). [application]*RPM* allows for intelligent, fully-automated, in-place upgrades of your system. In addition, configuration files in packages are preserved across upgrades, so you do not lose your customizations. There are no special upgrade files needed to upgrade a package because the same [application]*RPM* file is used to both install and upgrade the package on the system. @@ -54,8 +49,7 @@ The goal of keeping sources pristine may seem important only for developers, but [[sec-Installing_and_Upgrading]] === Installing and Upgrading Packages -indexterm:[RPM,installing]indexterm:[RPM,upgrading]indexterm:[packages,installing RPM]indexterm:[packages,upgrading RPM]indexterm:[RPM,file name] -[application]*RPM* packages typically have file names in the following form: +indexterm:[RPM,installing]indexterm:[RPM,upgrading]indexterm:[packages,installing RPM]indexterm:[packages,upgrading RPM]indexterm:[RPM,file name] [application]*RPM* packages typically have file names in the following form: ---- package_name-version-release-operating_system-CPU_architecture.rpm @@ -109,7 +103,7 @@ Preparing... ########################################### [100%] [command]#rpm# provides two different options for installing packages: the aforementioned [option]`-U` option (which historically stands for *upgrade*), and the [option]`-i` option (which historically stands for *install*). Because the [option]`-U` option includes both install and upgrade functions, the use of [command]#rpm -Uvh# with all packages, *except kernel packages*, is recommended. -You should always use the [option]`-i` option to *install* a new kernel package instead of upgrading it. This is because using the [option]`-U` option to upgrade a kernel package removes the previous (older) kernel package, which could render the system unable to boot if there is a problem with the new kernel. Therefore, use the [command]#rpm -i _kernel_package_pass:attributes[{blank}]# command to install a new kernel *without replacing any older kernel packages*. For more information on installing [package]*kernel* packages, see xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc#ch-Manually_Upgrading_the_Kernel[Manually Upgrading the Kernel]. +You should always use the [option]`-i` option to *install* a new kernel package instead of upgrading it. This is because using the [option]`-U` option to upgrade a kernel package removes the previous (older) kernel package, which could render the system unable to boot if there is a problem with the new kernel. Therefore, use the [command]#rpm -i _kernel_package_pass:attributes[{blank}]# command to install a new kernel *without replacing any older kernel packages*. For more information on installing [package]*kernel* packages, see xref:kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc#ch-Manually_Upgrading_the_Kernel[Manually Upgrading the Kernel]. ==== @@ -126,8 +120,7 @@ See xref:RPM.adoc#s1-check-rpm-sig[Checking Package Signatures] for more informa [[s3-rpm-errors]] ==== Replacing Already-Installed Packages -indexterm:[RPM,already installed]indexterm:[packages,RPM,already installed] -If a package of the same name and version is already installed, the following output is displayed: +indexterm:[RPM,already installed]indexterm:[packages,RPM,already installed] If a package of the same name and version is already installed, the following output is displayed: [subs="attributes"] ---- @@ -152,8 +145,7 @@ rpm -Uvh --oldpackage older_package.rpm [[s3-rpm-conflicting-files]] ==== Resolving File Conflicts -indexterm:[RPM,file conflicts,resolving]indexterm:[RPM,conflicts]indexterm:[packages,RPM,conflict] -If you attempt to install a package that contains a file that has already been installed by another package, a conflict message is displayed. To make [application]*RPM* ignore this error, use the [command]#--replacefiles# option: +indexterm:[RPM,file conflicts,resolving]indexterm:[RPM,conflicts]indexterm:[packages,RPM,conflict] If you attempt to install a package that contains a file that has already been installed by another package, a conflict message is displayed. To make [application]*RPM* ignore this error, use the [command]#--replacefiles# option: [subs="quotes, macros"] ---- @@ -162,8 +154,7 @@ If you attempt to install a package that contains a file that has already been i [[s3-rpm-unresolved-dependency]] ==== Satisfying Unresolved Dependencies -indexterm:[RPM,dependencies]indexterm:[packages,dependencies]indexterm:[RPM,failed dependencies]indexterm:[packages,RPM,failed dependencies] -[application]*RPM* packages sometimes depend on other packages, which means that they require other packages to be installed to run properly. If you try to install a package that has an unresolved dependency, a message about a failed dependency is displayed. +indexterm:[RPM,dependencies]indexterm:[packages,dependencies]indexterm:[RPM,failed dependencies]indexterm:[packages,RPM,failed dependencies] [application]*RPM* packages sometimes depend on other packages, which means that they require other packages to be installed to run properly. If you try to install a package that has an unresolved dependency, a message about a failed dependency is displayed. Find the suggested package(s) on the {MAJOROS} installation media or on one of the active {MAJOROS} mirrors and add it to the installation command. To determine which package contains the required file, use the [option]`--whatprovides` option: @@ -184,8 +175,7 @@ Although you can *force* [command]#rpm# to install a package that has an unresol [[sec-Configuration_File_Changes]] ==== Preserving Changes in Configuration Files -indexterm:[RPM,configuration file changes]indexterm:[packages,RPM,configuration file changes]indexterm:[RPM,configuration file changes,conf.rpmsave] -Because [application]*RPM* performs intelligent upgrading of packages with configuration files, you may see the following message: +indexterm:[RPM,configuration file changes]indexterm:[packages,RPM,configuration file changes]indexterm:[RPM,configuration file changes,conf.rpmsave] Because [application]*RPM* performs intelligent upgrading of packages with configuration files, you may see the following message: [subs="macros"] ---- @@ -198,8 +188,7 @@ Alternatively, [application]*RPM* may save the package's *new* configuration fil [[s2-rpm-uninstalling]] === Uninstalling Packages -indexterm:[RPM,uninstalling]indexterm:[packages,removing]indexterm:[packages,RPM,uninstalling]indexterm:[packages,RPM,removing] -Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt as `root`: +indexterm:[RPM,uninstalling]indexterm:[packages,removing]indexterm:[packages,RPM,uninstalling]indexterm:[packages,RPM,removing] Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt as `root`: [subs="quotes, macros"] ---- @@ -238,8 +227,7 @@ Although you can *force* [command]#rpm# to uninstall a package that has unresolv [[s2-rpm-freshening]] === Freshening Packages -indexterm:[RPM,freshening]indexterm:[packages,RPM,freshening] -Freshening is similar to upgrading, except that only installed packages are upgraded. Type the following command at a shell prompt as `root`: +indexterm:[RPM,freshening]indexterm:[packages,RPM,freshening] Freshening is similar to upgrading, except that only installed packages are upgraded. Type the following command at a shell prompt as `root`: [subs="quotes, macros"] ---- @@ -259,8 +247,7 @@ Freshening works for single packages or package groups. For example, freshening [[s2-rpm-querying]] === Querying Packages -indexterm:[RPM,querying]indexterm:[packages,RPM,querying] -The [application]*RPM* database stores information about all [application]*RPM* packages installed on the system. It is stored in the `/var/lib/rpm/` directory and is used for many things, including querying what packages are installed, what version each package is, and for calculating changes to files in packages since their installation. To query this database, use the [command]#rpm# command with the [option]`-q` (or [option]`--query`) option: +indexterm:[RPM,querying]indexterm:[packages,RPM,querying] The [application]*RPM* database stores information about all [application]*RPM* packages installed on the system. It is stored in the `/var/lib/rpm/` directory and is used for many things, including querying what packages are installed, what version each package is, and for calculating changes to files in packages since their installation. To query this database, use the [command]#rpm# command with the [option]`-q` (or [option]`--query`) option: ---- rpm -q package_name @@ -278,8 +265,7 @@ See the `Package Selection Options` subheading in the *rpm*(8) manual page for a [[s2-rpm-verifying]] === Verifying Packages -indexterm:[RPM,verifying]indexterm:[packages,RPM,verifying] -Verifying a package is comparing information about files on the system installed from a package with the same information from the original package. Among other parameters, verifying compares the file size, MD5 sum, permissions, type, owner, and the group of each file. +indexterm:[RPM,verifying]indexterm:[packages,RPM,verifying] Verifying a package is comparing information about files on the system installed from a package with the same information from the original package. Among other parameters, verifying compares the file size, MD5 sum, permissions, type, owner, and the group of each file. Use the [command]#rpm# command with the [option]`-V` (or [option]`--verify`) option to verify packages. For example: @@ -338,21 +324,15 @@ If you see any output, use your best judgment to determine if you should remove [[s1-find-verify-rpm]] == Finding and Verifying RPM Packages -indexterm:[RPM,finding and verifying RPM packages] -Before using any [application]*RPM* packages, you must know where to find them and be able to verify if you can trust them. +indexterm:[RPM,finding and verifying RPM packages] Before using any [application]*RPM* packages, you must know where to find them and be able to verify if you can trust them. [[s2-rpm-finding]] === Finding RPM Packages -indexterm:[packages,finding Fedora RPM packages]indexterm:[RPM,finding Fedora RPM packages] -Although there are many [application]*RPM* repositories on the Internet, for security and compatibility reasons, you should consider installing only official Fedora-provided RPM packages. The following is a list of sources for [application]*RPM* packages: +indexterm:[packages,finding Fedora RPM packages]indexterm:[RPM,finding Fedora RPM packages] Although there are many [application]*RPM* repositories on the Internet, for security and compatibility reasons, you should consider installing only official Fedora-provided RPM packages. The following is a list of sources for [application]*RPM* packages: -* indexterm:[{MAJOROS} installation media,installable packages] - indexterm:[packages,{MAJOROS} installation media] - Official {MAJOROS} installation media. +* indexterm:[{MAJOROS} installation media,installable packages] indexterm:[packages,{MAJOROS} installation media] Official {MAJOROS} installation media. -* indexterm:[initial RPM repositories,installable packages] - indexterm:[packages,initial RPM repositories] - Official [application]*RPM* repositories provided with the [application]*DNF* package manager. See xref:package-management/DNF.adoc#ch-DNF[DNF] for details on how to use the official {MAJOROS} package repositories. +* indexterm:[initial RPM repositories,installable packages] indexterm:[packages,initial RPM repositories] Official [application]*RPM* repositories provided with the [application]*DNF* package manager. See xref:package-management/DNF.adoc#ch-DNF[DNF] for details on how to use the official {MAJOROS} package repositories. * Unofficial, third-party repositories not affiliated with {OSORG} also provide RPM packages. @@ -366,8 +346,7 @@ When considering third-party repositories for use with your {MAJOROS} system, pa [[s1-check-rpm-sig]] === Checking Package Signatures -indexterm:[RPM,GnuPG]indexterm:[RPM,checking package signatures]indexterm:[GnuPG,checking RPM package signatures] -[application]*RPM* packages can be signed using [application]*GNU Privacy Guard* (or [application]*GPG*), which helps you make certain that downloaded packages are trustworthy. [application]*GPG* is a tool for secure communication. With [application]*GPG*, you can authenticate the validity of documents and encrypt or decrypt data. +indexterm:[RPM,GnuPG]indexterm:[RPM,checking package signatures]indexterm:[GnuPG,checking RPM package signatures] [application]*RPM* packages can be signed using [application]*GNU Privacy Guard* (or [application]*GPG*), which helps you make certain that downloaded packages are trustworthy. [application]*GPG* is a tool for secure communication. With [application]*GPG*, you can authenticate the validity of documents and encrypt or decrypt data. To verify that a package has not been corrupted or tampered with, check its [application]*GPG* signature by using the [command]#rpmkeys# command with the [option]`-K` (or [option]`--checksig`) option: @@ -408,11 +387,9 @@ See the link:++https://access.redhat.com/security/team/key/++[Product Signing (G [[s1-rpm-usage-examples]] == Common Examples of RPM Usage -indexterm:[RPM,tips]indexterm:[packages,RPM,tips] -[application]*RPM* is a useful tool for both managing your system and diagnosing and fixing problems. See the following examples for an overview of some of the most-used options. +indexterm:[RPM,tips]indexterm:[packages,RPM,tips] [application]*RPM* is a useful tool for both managing your system and diagnosing and fixing problems. See the following examples for an overview of some of the most-used options. -* To verify your entire system and see what files are missing, issue the following command as `root`: - indexterm:[RPM,finding deleted files with]indexterm:[packages,finding deleted files from] +* To verify your entire system and see what files are missing, issue the following command as `root`: indexterm:[RPM,finding deleted files with]indexterm:[packages,finding deleted files from] + [subs="quotes, macros"] ---- @@ -421,8 +398,7 @@ indexterm:[RPM,tips]indexterm:[packages,RPM,tips] + If some files are missing or appear corrupted, consider reinstalling relevant packages. -* To determine which package owns a file, enter: - indexterm:[RPM,determining file ownership with]indexterm:[packages,determining file ownership with] +* To determine which package owns a file, enter: indexterm:[RPM,determining file ownership with]indexterm:[packages,determining file ownership with] + [subs="quotes, macros"] ---- @@ -436,24 +412,21 @@ If some files are missing or appear corrupted, consider reinstalling relevant pa [command]#rpm -Vf _file_pass:attributes[{blank}]# ---- -* To locate documentation files that are a part of a package to which a file belongs, enter: - indexterm:[RPM,documentation with]indexterm:[packages,locating documentation for]indexterm:[documentation,finding installed] +* To locate documentation files that are a part of a package to which a file belongs, enter: indexterm:[RPM,documentation with]indexterm:[packages,locating documentation for]indexterm:[documentation,finding installed] + [subs="quotes, macros"] ---- [command]#rpm -qdf _file_pass:attributes[{blank}]# ---- -* To find information about a (non-installed) package file, use the following command: - indexterm:[RPM,querying uninstalled packages]indexterm:[packages,querying uninstalled] +* To find information about a (non-installed) package file, use the following command: indexterm:[RPM,querying uninstalled packages]indexterm:[packages,querying uninstalled] + [subs="quotes, macros"] ---- [command]#rpm -qip _package.rpm_pass:attributes[{blank}]# ---- -* To list files contained in a package, use: - indexterm:[RPM,querying for file list]indexterm:[packages,obtaining list of files] +* To list files contained in a package, use: indexterm:[RPM,querying for file list]indexterm:[packages,obtaining list of files] + [subs="quotes, macros"] ---- @@ -464,8 +437,7 @@ See the *rpm*(8) manual page for more options. [[s1-rpm-additional-resources]] == Additional Resources -indexterm:[RPM,additional resources] -[application]*RPM* is a complex utility with many options and methods for querying, installing, upgrading, and removing packages. See the following resources to learn more about [application]*RPM*. +indexterm:[RPM,additional resources] [application]*RPM* is a complex utility with many options and methods for querying, installing, upgrading, and removing packages. See the following resources to learn more about [application]*RPM*. .Installed Documentation diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/Wayland.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/Wayland.adoc index 3ba89b9..a4fb3b3 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/Wayland.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/Wayland.adoc @@ -12,7 +12,7 @@ Wayland is enabled by default in the GNOME Desktop. You can choose to run GNOME == Determining whether you are using Wayland One way to determine if you're running in Wayland, is to check the value of the variable $WAYLAND_DISPLAY. To do this type: -[source,bash] +[source, bash] ---- $ echo $WAYLAND_DISPLAY wayland-0 @@ -20,7 +20,7 @@ wayland-0 If you are not running under Wayland the variable will not contain any values. You can also use loginctl to show you what type of session is running: -[source,bash] +[source, bash] ---- $ loginctl show-session -p Type ---- @@ -29,7 +29,7 @@ To determine your session number, simply typing `loginctl` should provide your s There is also a legacy X11 server provided with Wayland for compatibility purposes. To determine what applications are running in this mode, you can run the following command: -[source,bash] +[source, bash] ---- $ xlsclients ---- diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Feedback.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Feedback.adoc index c04e4d3..ffd8e31 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Feedback.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Feedback.adoc @@ -3,8 +3,7 @@ include::{partialsdir}/entities.adoc[] == We want feedback -indexterm:[feedback,contact information for this manual] -If you find errors or have suggestions for improvement, we want your advice. Open an issue at {BZURL}. +indexterm:[feedback,contact information for this manual] If you find errors or have suggestions for improvement, we want your advice. Open an issue at {BZURL}. In the issue: diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc index cd7b9ce..6cfdb06 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/Legal_Notice.adoc @@ -1,7 +1,7 @@ :experimental: -Copyright {YEAR} {HOLDER}. +Copyright {YEAR} {HOLDER}. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license (“CC-BY-SA”). An explanation of CC-BY-SA is available at link:++https://creativecommons.org/licenses/by-sa/3.0/++[]. The original authors of this document, and Red Hat, designate the Fedora Project as the “`Attribution Party`” for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc index eb107d5..d9a73a8 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/FTP.adoc @@ -1,20 +1,17 @@ [[s1-FTP]] == FTP -indexterm:[FTP,definition of]indexterm:[FTP,vsftpd] -_File Transfer Protocol_ (`FTP`) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands. +indexterm:[FTP,definition of]indexterm:[FTP,vsftpd] _File Transfer Protocol_ (`FTP`) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands. This section outlines the basics of the `FTP` protocol, as well as configuration options for the primary `FTP` server shipped with {MAJOROS}, [command]#vsftpd#. [[s2-ftp-protocol]] === The File Transfer Protocol -indexterm:[FTP,introducing] -However, because `FTP` is so prevalent on the Internet, it is often required to share files to the public. System administrators, therefore, should be aware of the `FTP` protocol's unique characteristics. +indexterm:[FTP,introducing] However, because `FTP` is so prevalent on the Internet, it is often required to share files to the public. System administrators, therefore, should be aware of the `FTP` protocol's unique characteristics. [[s3-ftp-protocol-multiport]] ==== Multiple Ports, Multiple Modes -indexterm:[FTP,command port]indexterm:[FTP,data port]indexterm:[FTP,active mode]indexterm:[FTP,passive mode] -Unlike most protocols used on the Internet, `FTP` requires multiple network ports to work properly. When an `FTP` client application initiates a connection to an `FTP` server, it opens port 21 on the server — known as the _command port_. This port is used to issue all commands to the server. Any data requested from the server is returned to the client via a _data port_. The port number for data connections, and the way in which data connections are initialized, vary depending upon whether the client requests the data in _active_ or _passive_ mode. +indexterm:[FTP,command port]indexterm:[FTP,data port]indexterm:[FTP,active mode]indexterm:[FTP,passive mode] Unlike most protocols used on the Internet, `FTP` requires multiple network ports to work properly. When an `FTP` client application initiates a connection to an `FTP` server, it opens port 21 on the server — known as the _command port_. This port is used to issue all commands to the server. Any data requested from the server is returned to the client via a _data port_. The port number for data connections, and the way in which data connections are initialized, vary depending upon whether the client requests the data in _active_ or _passive_ mode. The following defines these modes: @@ -26,8 +23,7 @@ While passive mode resolves issues for client-side firewall interference with da [[s2-ftp-servers]] === FTP Servers -indexterm:[FTP,server software,vsftpd]indexterm:[FTP,server software,Red Hat Content Accelerator]indexterm:[vsftpd,FTP]indexterm:[vsftpd,security features] -{MAJOROS} ships with two different `FTP` servers: +indexterm:[FTP,server software,vsftpd]indexterm:[FTP,server software,Red Hat Content Accelerator]indexterm:[vsftpd,FTP]indexterm:[vsftpd,security features] {MAJOROS} ships with two different `FTP` servers: * [command]#proftpd# - A fast, stable, and highly configurable FTP server. @@ -58,8 +54,7 @@ Use of these security practices has the following effect on how [command]#vsftpd [[s3-ftp-vsftpd-conf]] === Files Installed with [command]#vsftpd# -indexterm:[vsftpd,RPM,files installed by] -The `vsftpd` RPM installs the daemon (`/usr/sbin/vsftpd`), its configuration and related files, as well as `FTP` directories onto the system. The following lists the files and directories related to [command]#vsftpd# configuration: +indexterm:[vsftpd,RPM,files installed by] The `vsftpd` RPM installs the daemon (`/usr/sbin/vsftpd`), its configuration and related files, as well as `FTP` directories onto the system. The following lists the files and directories related to [command]#vsftpd# configuration: * `/etc/rc.d/init.d/vsftpd` — The *initialization script* (_initscript_) used by the [command]#systemctl# command to start, stop, or reload [command]#vsftpd#. See xref:File_and_Print_Servers.adoc#s2-ftp-vsftpd-start[Starting and Stopping [command]#vsftpd#] for more information about using this script. @@ -75,8 +70,7 @@ The `vsftpd` RPM installs the daemon (`/usr/sbin/vsftpd`), its configuration and [[s2-ftp-vsftpd-start]] === Starting and Stopping [command]#vsftpd# -indexterm:[vsftpd,starting]indexterm:[vsftpd,stopping]indexterm:[vsftpd,status]indexterm:[vsftpd,condrestart]indexterm:[vsftpd,restarting] -The `vsftpd` RPM installs the `/etc/rc.d/init.d/vsftpd` script, which can be accessed using the [command]#systemctl# command. +indexterm:[vsftpd,starting]indexterm:[vsftpd,stopping]indexterm:[vsftpd,status]indexterm:[vsftpd,condrestart]indexterm:[vsftpd,restarting] The `vsftpd` RPM installs the `/etc/rc.d/init.d/vsftpd` script, which can be accessed using the [command]#systemctl# command. To start the server, as `root` type: @@ -132,8 +126,7 @@ For more information on configuring `firewalld`, see the link:++https://access.r [[s3-ftp-vsftpd-start-multi]] ==== Starting Multiple Copies of [command]#vsftpd# -indexterm:[vsftpd,starting multiple copies of]indexterm:[vsftpd,multihome configuration] -Sometimes one computer is used to serve multiple `FTP` domains. This is a technique called _multihoming_. One way to multihome using [command]#vsftpd# is by running multiple copies of the daemon, each with its own configuration file. +indexterm:[vsftpd,starting multiple copies of]indexterm:[vsftpd,multihome configuration] Sometimes one computer is used to serve multiple `FTP` domains. This is a technique called _multihoming_. One way to multihome using [command]#vsftpd# is by running multiple copies of the daemon, each with its own configuration file. To do this, first assign all relevant `IP` addresses to network devices or alias network devices on the system. For more information about configuring network devices, device aliases, and additional information about network configuration scripts, refer to the [citetitle]_link:++https://docs.fedoraproject.org/en-US/Fedora/networking++[{MAJOROS} Networking Guide]_. @@ -143,8 +136,7 @@ If there is more configuration files present in the `/etc/vsftpd` directory, cal [[s2-ftp-vsftpd-conf]] ===== [command]#vsftpd# Configuration Options -indexterm:[vsftpd,configuration file,format of]indexterm:[vsftpd,configuration file,/etc/vsftpd/vsftpd.conf] -Although [command]#vsftpd# may not offer the level of customization other widely available `FTP` servers have, it offers enough options to fill most administrator's needs. The fact that it is not overly feature-laden limits configuration and programmatic errors. +indexterm:[vsftpd,configuration file,format of]indexterm:[vsftpd,configuration file,/etc/vsftpd/vsftpd.conf] Although [command]#vsftpd# may not offer the level of customization other widely available `FTP` servers have, it offers enough options to fill most administrator's needs. The fact that it is not overly feature-laden limits configuration and programmatic errors. All configuration of [command]#vsftpd# is handled by its configuration file, `/etc/vsftpd/vsftpd.conf`. Each directive is on its own line within the file and follows the following format: @@ -179,8 +171,7 @@ The following is a list of some of the more important directives within `/etc/vs [[s3-ftp-vsftpd-conf-opt-daemon]] ==== Daemon Options -indexterm:[vsftpd,configuration file,daemon options] -The following is a list of directives which control the overall behavior of the [command]#vsftpd# daemon. +indexterm:[vsftpd,configuration file,daemon options] The following is a list of directives which control the overall behavior of the [command]#vsftpd# daemon. * [command]#listen# — When enabled, [command]#vsftpd# runs in stand-alone mode. {MAJOROS} sets this value to [command]#YES#. This directive cannot be used in conjunction with the [command]#listen_ipv6# directive. + @@ -196,8 +187,7 @@ The default value is [command]#YES#. [[s3-ftp-vsftpd-conf-opt-login]] ==== Log In Options and Access Controls -indexterm:[vsftpd,configuration file,login options]indexterm:[vsftpd,configuration file,access controls] -The following is a list of directives which control the login behavior and access control mechanisms. +indexterm:[vsftpd,configuration file,login options]indexterm:[vsftpd,configuration file,access controls] The following is a list of directives which control the login behavior and access control mechanisms. * [command]#anonymous_enable# — When enabled, anonymous users are allowed to log in. The usernames `anonymous` and `ftp` are accepted. + @@ -251,8 +241,7 @@ The default value is [command]#/etc/vsftpd/user_list# and is created during inst [[s3-ftp-vsftpd-conf-opt-anon]] ==== Anonymous User Options -indexterm:[vsftpd,configuration file,anonymous user options] -The following lists directives which control anonymous user access to the server. To use these options, the [command]#anonymous_enable# directive must be set to [command]#YES#. +indexterm:[vsftpd,configuration file,anonymous user options] The following lists directives which control anonymous user access to the server. To use these options, the [command]#anonymous_enable# directive must be set to [command]#YES#. * [command]#anon_mkdir_write_enable# — When enabled in conjunction with the [command]#write_enable# directive, anonymous users are allowed to create new directories within a parent directory which has write permissions. + @@ -286,8 +275,7 @@ The default value is [command]#NO#. [[s3-ftp-vsftpd-conf-opt-usr]] ==== Local User Options -indexterm:[vsftpd,configuration file,local user options] -The following lists directives which characterize the way local users access the server. To use these options, the [command]#local_enable# directive must be set to [command]#YES#. +indexterm:[vsftpd,configuration file,local user options] The following lists directives which characterize the way local users access the server. To use these options, the [command]#local_enable# directive must be set to [command]#YES#. * [command]#chmod_enable# — When enabled, the `FTP` command [command]#SITE CHMOD# is allowed for local users. This command allows the users to change the permissions on files. + @@ -341,8 +329,7 @@ There is no default value for this directive. [[s3-ftp-vsftpd-conf-opt-dir]] ==== Directory Options -indexterm:[vsftpd,configuration file,directory options] -The following lists directives which affect directories. +indexterm:[vsftpd,configuration file,directory options] The following lists directives which affect directories. * [command]#dirlist_enable# — When enabled, users are allowed to view directory lists. + @@ -374,8 +361,7 @@ The default value is [command]#NO#. [[s3-ftp-vsftpd-conf-opt-file]] ==== File Transfer Options -indexterm:[vsftpd,configuration file,file transfer options] -The following lists directives which affect directories. +indexterm:[vsftpd,configuration file,file transfer options] The following lists directives which affect directories. * [command]#download_enable# — When enabled, file downloads are permitted. + @@ -395,8 +381,7 @@ The default value is [command]#YES#. [[s3-ftp-vsftpd-conf-opt-log]] ==== Logging Options -indexterm:[vsftpd,configuration file,logging options] -The following lists directives which affect [command]#vsftpd#pass:attributes[{blank}]'s logging behavior. +indexterm:[vsftpd,configuration file,logging options] The following lists directives which affect [command]#vsftpd#pass:attributes[{blank}]'s logging behavior. * [command]#dual_log_enable# — When enabled in conjunction with [command]#xferlog_enable#, [command]#vsftpd# writes two files simultaneously: a [command]#wu-ftpd#-compatible log to the file specified in the [command]#xferlog_file# directive (`/var/log/xferlog` by default) and a standard [command]#vsftpd# log file specified in the [command]#vsftpd_log_file# directive (`/var/log/vsftpd.log` by default). + @@ -440,8 +425,7 @@ If maintaining a [command]#wu-ftpd#-compatible file transfer log is not importan [[s3-ftp-vsftpd-conf-opt-net]] ==== Network Options -indexterm:[vsftpd,configuration file,network options] -The following lists directives which affect how [command]#vsftpd# interacts with the network. +indexterm:[vsftpd,configuration file,network options] The following lists directives which affect how [command]#vsftpd# interacts with the network. * [command]#accept_timeout# — Specifies the amount of time for a client using passive mode to establish a connection. + @@ -545,8 +529,7 @@ The default value is [command]#YES#. [[s2-ftp-resources]] === Additional Resources -indexterm:[vsftpd,additional resources] -For more information about [command]#vsftpd#, refer to the following resources. +indexterm:[vsftpd,additional resources] For more information about [command]#vsftpd#, refer to the following resources. [[s3-ftp-installed-documentation]] ==== Installed Documentation @@ -564,7 +547,7 @@ Configuration Files:: {blank} + *** [command]#man vsftpd.conf# — Contains a detailed list of options available within the configuration file for [command]#vsftpd#. + -*** [command]#man 5 hosts_access# — Describes the format and options available within the TCP wrappers configuration files: `hosts.allow` and `hosts.deny`. +*** [command]#man 5 hosts_access# — Describes the format and options available within the TCP wrappers configuration files: `hosts.allow` and `hosts.deny`. [[s3-ftp-useful-websites]] ==== Useful Websites diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc index 56981e2..6298432 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/OpenLDAP.adoc @@ -1,8 +1,7 @@ [[s1-OpenLDAP]] == OpenLDAP -indexterm:[directory server,OpenLDAP]indexterm:[LDAP,OpenLDAP]indexterm:[X.500,OpenLDAP]indexterm:[X.500 Lite,OpenLDAP] -`LDAP` (Lightweight Directory Access Protocol) is a set of open protocols used to access centrally stored information over a network. It is based on the `X.500` standard for directory sharing, but is less complex and resource-intensive. For this reason, LDAP is sometimes referred to as "`X.500 Lite`". +indexterm:[directory server,OpenLDAP]indexterm:[LDAP,OpenLDAP]indexterm:[X.500,OpenLDAP]indexterm:[X.500 Lite,OpenLDAP] `LDAP` (Lightweight Directory Access Protocol) is a set of open protocols used to access centrally stored information over a network. It is based on the `X.500` standard for directory sharing, but is less complex and resource-intensive. For this reason, LDAP is sometimes referred to as "`X.500 Lite`". Like X.500, LDAP organizes information in a hierarchical manner using directories. These directories can store a variety of information such as names, addresses, or phone numbers, and can even be used in a manner similar to the _Network Information Service_ (*NIS*), enabling anyone to access their account from any machine on the LDAP enabled network. @@ -33,13 +32,12 @@ The following is a list of LDAP-specific terms that are used within this chapter indexterm:[OpenLDAP,terminology,entry] entry:: A single unit within an LDAP directory. Each entry is identified by its unique _Distinguished Name_ (*DN*). indexterm:[OpenLDAP,terminology,attribute] attribute:: Information directly associated with an entry. For example, if an organization is represented as an LDAP entry, attributes associated with this organization might include an address, a fax number, etc. Similarly, people can be represented as entries with common attributes such as personal telephone number or email address. - + ++ An attribute can either have a single value, or an unordered space-separated list of values. While certain attributes are optional, others are required. Required attributes are specified using the [option]`objectClass` definition, and can be found in schema files located in the `/etc/openldap/slapd.d/cn=config/cn=schema/` directory. + The assertion of an attribute and its corresponding value is also referred to as a _Relative Distinguished Name_ (*RDN*). Unlike distinguished names that are unique globally, a relative distinguished name is only unique per entry. -indexterm:[OpenLDAP,terminology,LDIF] LDIF:: The _LDAP Data Interchange Format_ (*LDIF*) is a plain text representation of an LDAP entry. It takes the following form: - + +indexterm:[OpenLDAP,terminology,LDIF] LDIF:: The _LDAP Data Interchange Format_ (*LDIF*) is a plain text representation of an LDAP entry. It takes the following form: + [subs="macros"] ---- pass:quotes[_id_] dn: pass:quotes[_distinguished_name_] @@ -48,12 +46,14 @@ pass:quotes[_attribute_type_]: pass:quotes[_attribute_value_]… … ---- + -The optional _id_ is a number determined by the application that is used to edit the entry. Each entry can contain as many _attribute_type_ and _attribute_value_ pairs as needed, as long as they are all defined in a corresponding schema file. A blank line indicates the end of an entry. + The optional _id_ is a number determined by the application that is used + to edit the entry. Each entry can contain as many _attribute_type_ and + _attribute_value_ pairs as needed, as long as they are all defined in a + corresponding schema file. A blank line indicates the end of an entry. [[s3-ldap-features]] ==== OpenLDAP Features -indexterm:[OpenLDAP,features] -OpenLDAP suite provides a number of important features: +indexterm:[OpenLDAP,features] OpenLDAP suite provides a number of important features: * *LDAPv3 Support* — Many of the changes in the protocol since LDAP version 2 are designed to make LDAP more secure. Among other improvements, this includes the support for Simple Authentication and Security Layer (*SASL*), Transport Layer Security (*TLS*), and Secure Sockets Layer (*SSL*) protocols. @@ -69,8 +69,7 @@ OpenLDAP suite provides a number of important features: [[s3-ldap-setup]] ==== OpenLDAP Server Setup -indexterm:[OpenLDAP,configuration,overview] -The typical steps to set up an LDAP server on {MAJOROS} are as follows: +indexterm:[OpenLDAP,configuration,overview] The typical steps to set up an LDAP server on {MAJOROS} are as follows: . Install the OpenLDAP suite. See xref:Directory_Servers.adoc#s2-ldap-installation[Installing the OpenLDAP Suite] for more information on required packages. @@ -84,8 +83,7 @@ The typical steps to set up an LDAP server on {MAJOROS} are as follows: [[s2-ldap-installation]] === Installing the OpenLDAP Suite -indexterm:[OpenLDAP,installation]indexterm:[OpenLDAP,packages] -The suite of OpenLDAP libraries and tools is provided by the following packages: +indexterm:[OpenLDAP,installation]indexterm:[OpenLDAP,packages] The suite of OpenLDAP libraries and tools is provided by the following packages: [[table-ldap-packages-openldap]] .List of OpenLDAP packages @@ -129,8 +127,7 @@ Note that you must have superuser privileges (that is, you must be logged in as [[s3-ldap-packages-openldap-servers]] ==== Overview of OpenLDAP Server Utilities -indexterm:[OpenLDAP,utilities] -To perform administrative tasks, the [package]*openldap-servers* package installs the following utilities along with the `slapd` service: +indexterm:[OpenLDAP,utilities] To perform administrative tasks, the [package]*openldap-servers* package installs the following utilities along with the `slapd` service: [[table-ldap-packages-openldap-servers]] .List of OpenLDAP server utilities @@ -181,8 +178,7 @@ For more information on how to start, stop, restart, and check the current statu [[s3-ldap-packages-openldap-clients]] ==== Overview of OpenLDAP Client Utilities -indexterm:[OpenLDAP,utilities] -The [package]*openldap-clients* package installs the following utilities which can be used to add, modify, and delete entries in an LDAP directory: +indexterm:[OpenLDAP,utilities] The [package]*openldap-clients* package installs the following utilities which can be used to add, modify, and delete entries in an LDAP directory: [[table-ldap-packages-openldap-clients]] .List of OpenLDAP client utilities @@ -206,8 +202,7 @@ With the exception of [command]#ldapsearch#, each of these utilities is more eas [[s3-ldap-packages-applications]] ==== Overview of Common LDAP Client Applications -indexterm:[OpenLDAP,client applications] -Although there are various graphical LDAP clients capable of creating and modifying directories on the server, none of them is included in {MAJOROS}. Popular applications that can access directories in a read-only mode include [application]*Mozilla Thunderbird*, [application]*Evolution*, or [application]*Ekiga*. +indexterm:[OpenLDAP,client applications] Although there are various graphical LDAP clients capable of creating and modifying directories on the server, none of them is included in {MAJOROS}. Popular applications that can access directories in a read-only mode include [application]*Mozilla Thunderbird*, [application]*Evolution*, or [application]*Ekiga*. [[s2-ldap-configuration]] === Configuring an OpenLDAP Server @@ -245,8 +240,7 @@ An error in an LDIF file can render the `slapd` service unable to start. Because [[s3-ldap-configuration-global]] ==== Changing the Global Configuration -indexterm:[OpenLDAP,configuration,global]indexterm:[OpenLDAP,files,/etc/openldap/slapd.d/cn=config.ldif] -Global configuration options for the LDAP server are stored in the `/etc/openldap/slapd.d/cn=config.ldif` file. The following directives are commonly used: +indexterm:[OpenLDAP,configuration,global]indexterm:[OpenLDAP,files,/etc/openldap/slapd.d/cn=config.ldif] Global configuration options for the LDAP server are stored in the `/etc/openldap/slapd.d/cn=config.ldif` file. The following directives are commonly used: indexterm:[OpenLDAP,directives,olcAllows] [option]`olcAllows`:: The [option]`olcAllows` directive allows you to specify which features to enable. It takes the following form: @@ -300,8 +294,7 @@ olcConnMaxPending: 100 ==== -indexterm:[OpenLDAP,directives,olcConnMaxPendingAuth] [option]`olcConnMaxPendingAuth`:: The [option]`olcConnMaxPendingAuth` directive allows you to specify the maximum number of pending requests for an authenticated session. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcConnMaxPendingAuth] [option]`olcConnMaxPendingAuth`:: The [option]`olcConnMaxPendingAuth` directive allows you to specify the maximum number of pending requests for an authenticated session. It takes the following form: + [subs="quotes, macros"] ---- [option]`olcConnMaxPendingAuth`: _number_ @@ -320,8 +313,7 @@ olcConnMaxPendingAuth: 1000 ==== -indexterm:[OpenLDAP,directives,olcDisallows] [option]`olcDisallows`:: The [option]`olcDisallows` directive allows you to specify which features to disable. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcDisallows] [option]`olcDisallows`:: The [option]`olcDisallows` directive allows you to specify which features to disable. It takes the following form: + [subs="quotes, macros"] ---- [option]`olcDisallows`: _feature_pass:attributes[{blank}]… @@ -351,8 +343,7 @@ olcDisallows: bind_anon ==== -indexterm:[OpenLDAP,directives,olcIdleTimeout] [option]`olcIdleTimeout`:: The [option]`olcIdleTimeout` directive allows you to specify how many seconds to wait before closing an idle connection. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcIdleTimeout] [option]`olcIdleTimeout`:: The [option]`olcIdleTimeout` directive allows you to specify how many seconds to wait before closing an idle connection. It takes the following form: + [subs="quotes, macros"] ---- [option]`olcIdleTimeout`: _number_ @@ -371,8 +362,7 @@ olcIdleTimeout: 180 ==== -indexterm:[OpenLDAP,directives,olcLogFile] [option]`olcLogFile`:: The [option]`olcLogFile` directive allows you to specify a file in which to write log messages. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcLogFile] [option]`olcLogFile`:: The [option]`olcLogFile` directive allows you to specify a file in which to write log messages. It takes the following form: + [subs="macros"] ---- olcLogFile: pass:quotes[_file_name_] @@ -391,8 +381,7 @@ olcLogFile: /var/log/slapd.log ==== -indexterm:[OpenLDAP,directives,olcReferral] [option]`olcReferral`:: The [option]`olcReferral` option allows you to specify a URL of a server to process the request in case the server is not able to handle it. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcReferral] [option]`olcReferral`:: The [option]`olcReferral` option allows you to specify a URL of a server to process the request in case the server is not able to handle it. It takes the following form: + [subs="quotes, macros"] ---- [option]`olcReferral`: _URL_ @@ -411,8 +400,7 @@ olcReferral: ldap://root.openldap.org ==== -indexterm:[OpenLDAP,directives,olcWriteTimeout] [option]`olcWriteTimeout`:: The [option]`olcWriteTimeout` option allows you to specify how many seconds to wait before closing a connection with an outstanding write request. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcWriteTimeout] [option]`olcWriteTimeout`:: The [option]`olcWriteTimeout` option allows you to specify how many seconds to wait before closing a connection with an outstanding write request. It takes the following form: + [subs="quotes, macros"] ---- [option]`olcWriteTimeout` @@ -433,11 +421,9 @@ olcWriteTimeout: 180 [[s3-ldap-configuration-database]] ==== Changing the Database-Specific Configuration -indexterm:[OpenLDAP,configuration,database]indexterm:[OpenLDAP,files,/etc/openldap/slapd.d/cn=config/olcDatabase=\{1}bdb.ldif] -By default, the OpenLDAP server uses Berkeley DB (BDB) as a database back end. The configuration for this database is stored in the `/etc/openldap/slapd.d/cn=config/olcDatabase=\{1}bdb.ldif` file. The following directives are commonly used in a database-specific configuration: +indexterm:[OpenLDAP,configuration,database]indexterm:[OpenLDAP,files,/etc/openldap/slapd.d/cn=config/olcDatabase=\{1}bdb.ldif] By default, the OpenLDAP server uses Berkeley DB (BDB) as a database back end. The configuration for this database is stored in the `/etc/openldap/slapd.d/cn=config/olcDatabase=\{1}bdb.ldif` file. The following directives are commonly used in a database-specific configuration: -indexterm:[OpenLDAP,directives,olcReadOnly] [option]`olcReadOnly`:: The [option]`olcReadOnly` directive allows you to use the database in a read-only mode. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcReadOnly] [option]`olcReadOnly`:: The [option]`olcReadOnly` directive allows you to use the database in a read-only mode. It takes the following form: + [subs="quotes, macros"] ---- [option]`olcReadOnly`: _boolean_ @@ -456,8 +442,7 @@ olcReadOnly: TRUE ==== -indexterm:[OpenLDAP,directives,olcRootDN] [option]`olcRootDN`:: The [option]`olcRootDN` directive allows you to specify the user that is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcRootDN] [option]`olcRootDN`:: The [option]`olcRootDN` directive allows you to specify the user that is unrestricted by access controls or administrative limit parameters set for operations on the LDAP directory. It takes the following form: + [subs="macros"] ---- olcRootDN: pass:quotes[_distinguished_name_] @@ -476,8 +461,7 @@ olcRootDN: cn=root,dn=example,dn=com ==== -indexterm:[OpenLDAP,directives,olcRootPW] [option]`olcRootPW`:: The [option]`olcRootPW` directive allows you to set a password for the user that is specified using the [option]`olcRootDN` directive. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcRootPW] [option]`olcRootPW`:: The [option]`olcRootPW` directive allows you to set a password for the user that is specified using the [option]`olcRootDN` directive. It takes the following form: + [subs="quotes, macros"] ---- [option]`olcRootPW`: _password_ @@ -504,8 +488,7 @@ olcRootPW: {SSHA}WczWsyPEnMchFf1GRTweq2q7XJcvmSxD ==== -indexterm:[OpenLDAP,directives,olcSuffix] [option]`olcSuffix`:: The [option]`olcSuffix` directive allows you to specify the domain for which to provide information. It takes the following form: - + +indexterm:[OpenLDAP,directives,olcSuffix] [option]`olcSuffix`:: The [option]`olcSuffix` directive allows you to specify the domain for which to provide information. It takes the following form: + [subs="macros"] ---- olcSuffix: pass:quotes[_domain_name_] @@ -526,13 +509,11 @@ olcSuffix: dc=example,dc=com [[s3-ldap-configuration-schema]] ==== Extending Schema -indexterm:[OpenLDAP,schema]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/cn=config/cn=schema/] -Since OpenLDAP 2.3, the `/etc/openldap/slapd.d/` directory also contains LDAP definitions that were previously located in `/etc/openldap/schema/`. It is possible to extend the schema used by OpenLDAP to support additional attribute types and object classes using the default schema files as a guide. However, this task is beyond the scope of this chapter. For more information on this topic, see link:++https://www.openldap.org/doc/admin/schema.html++[]. +indexterm:[OpenLDAP,schema]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/cn=config/cn=schema/] Since OpenLDAP 2.3, the `/etc/openldap/slapd.d/` directory also contains LDAP definitions that were previously located in `/etc/openldap/schema/`. It is possible to extend the schema used by OpenLDAP to support additional attribute types and object classes using the default schema files as a guide. However, this task is beyond the scope of this chapter. For more information on this topic, see link:++https://www.openldap.org/doc/admin/schema.html++[]. [[s3-establishing_a_secure_connection]] ==== Establishing a Secure Connection -indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,files,/etc/openldap/ldap.conf]indexterm:[OpenLDAP,files,/etc/openldap/slapd.d/cn=config.ldif]indexterm:[OpenLDAP,security] -OpenLDAP clients and servers can be secured using the Transport Layer Security (TLS) framework. TLS is a cryptographic protocol designed to provide communication security over the network. As noted above, OpenLDAP suite in Fedora uses Mozilla NSS as the TLS implementation. +indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,files,/etc/openldap/ldap.conf]indexterm:[OpenLDAP,files,/etc/openldap/slapd.d/cn=config.ldif]indexterm:[OpenLDAP,security] OpenLDAP clients and servers can be secured using the Transport Layer Security (TLS) framework. TLS is a cryptographic protocol designed to provide communication security over the network. As noted above, OpenLDAP suite in Fedora uses Mozilla NSS as the TLS implementation. To establish a secure connection using TLS, obtain the required certificates as described in [citetitle]_link:++https://www.openldap.org/faq/index.cgi?file=1514++[How do I use TLS/SSL with Mozilla NSS]_. Then, a number of options must be configured on both the client and the server. At a minimum, a server must be configured with the Certificate Authority (CA) certificates and also its own server certificate and private key. The clients must be configured with the name of the file containing all the trusted CA certificates. @@ -545,8 +526,7 @@ While the old style configuration uses a single file, normally installed as `/us The following directives are also valid for establishing SSL. In addition to TLS directives, you need to enable a port dedicated to SSL on the server side – typically it is port 636. To do so, edit the `/etc/sysconfig/slapd` file and append the `ldaps:///` string to the list of URLs specified with the [option]`SLAPD_URLS` directive. -[option]`olcTLSCACertificateFile`:: The [option]`olcTLSCACertificateFile` directive specifies the file encoded with Privacy-Enhanced Mail (PEM) schema that contains trusted CA certificates. The directive takes the following form: - + +[option]`olcTLSCACertificateFile`:: The [option]`olcTLSCACertificateFile` directive specifies the file encoded with Privacy-Enhanced Mail (PEM) schema that contains trusted CA certificates. The directive takes the following form: + [subs="quotes, macros"] ---- [option]`olcTLSCACertificateFile`: _path_ @@ -555,7 +535,7 @@ The following directives are also valid for establishing SSL. In addition to TLS Replace _path_ either with a path to the CA certificate file, or, if you use Mozilla NSS, with a certificate name. [option]`olcTLSCACertificatePath`:: The [option]`olcTLSCACertificatePath` directive specifies the path to a directory containing individual CA certificates in separate files. This directory must be specially managed with the OpenSSL [application]*c_rehash* utility that generates symbolic links with the hashed names that point to the actual certificate files. In general, it is simpler to use the [option]`olcTLSCACertificateFile` directive instead. - + ++ If Mozilla NSS is used, [option]`olcTLSCACertificatePath` accepts a path to the Mozilla NSS database (as shown in xref:Directory_Servers.adoc#ex-using_olcTLSCACertificatePath_with_Mozilla_NSS[Using olcTLSCACertificatePath with Mozilla NSS]). In such a case, [application]*c_rehash* is not needed. + The directive takes the following form: @@ -589,8 +569,7 @@ The above command adds a CA certificate stored in a PEM-formatted file named _ce ==== -[option]`olcTLSCertificateFile`:: The [option]`olcTLSCertificateFile` directive specifies the file that contains the `slapd` server certificate. The directive takes the following form: - + +[option]`olcTLSCertificateFile`:: The [option]`olcTLSCertificateFile` directive specifies the file that contains the `slapd` server certificate. The directive takes the following form: + [subs="quotes, macros"] ---- [option]`olcTLSCertificateFile`: _path_ @@ -680,7 +659,7 @@ TLS_CERT pass:quotes[_path_] Replace _path_ with a path to the client certificate file, or with a name of a certificate from the NSS database. [option]`TLS_KEY`:: The [option]`TLS_KEY` specifies the file that contains the private key that matches the certificate stored in the file specified with the [option]`TLS_CERT` directive. As with [option]`olcTLSCertificateFile` on a server, encrypted key files are not supported, so the file itself must be carefully protected. This option is only configurable in a user's `~/.ldaprc` file. - + ++ When using Mozilla NSS, [option]`TLS_KEY` specifies the name of a file that contains the password for the private key that protects the certificate specified with the [option]`TLS_CERT` directive. Similarly to the [option]`olcTLSCertificateKeyFile` directive on a server (see xref:Directory_Servers.adoc#ex-using_olcTLSCertificateKeyFile_with_Mozilla_NSS[Using olcTLSCertificateKeyFile with Mozilla NSS]), you can use the [command]#modutil# command to manage this password. + The [option]`TLS_KEY` directive takes the following form: @@ -694,8 +673,7 @@ Replace _path_ with a path to the client certificate file or with a name of the [[s3-setting_up_replication]] ==== Setting Up Replication -indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/]indexterm:[OpenLDAP,replication] -Replication is the process of copying updates from one LDAP server (*provider*) to one or more other servers or clients (*consumers*). A provider replicates directory updates to consumers, the received updates can be further propagated by the consumer to other servers, so a consumer can also act simultaneously as a provider. Also, a consumer does not have to be an LDAP server, it may be just an LDAP client. In OpenLDAP, you can use several replication modes, most notable are *mirror* and *sync*. For more information on OpenLDAP replication modes, see the *OpenLDAP Software Administrator's Guide* installed with [package]*openldap-servers* package (see xref:Directory_Servers.adoc#bh-Installed_Documentation_OpenLDAP[Installed Documentation]). +indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/]indexterm:[OpenLDAP,replication] Replication is the process of copying updates from one LDAP server (*provider*) to one or more other servers or clients (*consumers*). A provider replicates directory updates to consumers, the received updates can be further propagated by the consumer to other servers, so a consumer can also act simultaneously as a provider. Also, a consumer does not have to be an LDAP server, it may be just an LDAP client. In OpenLDAP, you can use several replication modes, most notable are *mirror* and *sync*. For more information on OpenLDAP replication modes, see the *OpenLDAP Software Administrator's Guide* installed with [package]*openldap-servers* package (see xref:Directory_Servers.adoc#bh-Installed_Documentation_OpenLDAP[Installed Documentation]). To enable a chosen replication mode, use one of the following directives in `/etc/openldap/slapd.d/` on both provider and consumers. @@ -719,8 +697,7 @@ The sync replication mode requires a specific configuration on both the provider [[s3-loading_modules_or_backends]] ==== Loading Modules and Backends -indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/]indexterm:[OpenLDAP,modules]indexterm:[OpenLDAP,backends] -You can enhance the `slapd` service with dynamically loaded modules. Support for these modules must be enabled with the [option]`--enable-modules` option when configuring `slapd`. Modules are stored in files with the *.la* extension: +indexterm:[OpenLDAP,configuration,TLS]indexterm:[OpenLDAP,directories,/etc/openldap/slapd.d/]indexterm:[OpenLDAP,modules]indexterm:[OpenLDAP,backends] You can enhance the `slapd` service with dynamically loaded modules. Support for these modules must be enabled with the [option]`--enable-modules` option when configuring `slapd`. Modules are stored in files with the *.la* extension: [subs="macros"] ---- @@ -764,13 +741,11 @@ The [option]`-P` option makes this setting persistent across system reboots. See [[s2-ldap-running]] === Running an OpenLDAP Server -indexterm:[slapd,OpenLDAP] -This section describes how to start, stop, restart, and check the current status of the [application]*Standalone LDAP Daemon*. For more information on how to manage system services in general, see xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. +indexterm:[slapd,OpenLDAP] This section describes how to start, stop, restart, and check the current status of the [application]*Standalone LDAP Daemon*. For more information on how to manage system services in general, see xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemons[Services and Daemons]. [[s3-ldap-running-starting]] ==== Starting the Service -indexterm:[OpenLDAP,running] -To start the `slapd` service in the current session, type the following at a shell prompt as `root`: +indexterm:[OpenLDAP,running] To start the `slapd` service in the current session, type the following at a shell prompt as `root`: [subs="attributes"] ---- @@ -788,8 +763,7 @@ See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemo [[s3-ldap-running-stopping]] ==== Stopping the Service -indexterm:[OpenLDAP,stopping] -To stop the running `slapd` service in the current session, type the following at a shell prompt as `root`: +indexterm:[OpenLDAP,stopping] To stop the running `slapd` service in the current session, type the following at a shell prompt as `root`: [subs="attributes"] ---- @@ -808,8 +782,7 @@ See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemo [[s3-ldap-running-restarting]] ==== Restarting the Service -indexterm:[OpenLDAP,restarting] -To restart the running `slapd` service, type the following at a shell prompt as `root`: +indexterm:[OpenLDAP,restarting] To restart the running `slapd` service, type the following at a shell prompt as `root`: [subs="attributes"] ---- @@ -820,8 +793,7 @@ This stops the service and immediately starts it again. Use this command to relo [[s3-ldap-running-status]] ==== Verifying the Service Status -indexterm:[OpenLDAP,checking status] -To verify that the `slapd` service is running, type the following at a shell prompt: +indexterm:[OpenLDAP,checking status] To verify that the `slapd` service is running, type the following at a shell prompt: [subs="quotes, macros, attributes"] ---- @@ -841,8 +813,7 @@ In order to configure a system to authenticate using OpenLDAP, make sure that th [[s3-ldap-migrationtools]] ==== Migrating Old Authentication Information to LDAP Format -indexterm:[OpenLDAP,migrating authentication information] -The [package]*migrationtools* package provides a set of shell and Perl scripts to help you migrate authentication information into an LDAP format. To install this package, type the following at a shell prompt as `root`: +indexterm:[OpenLDAP,migrating authentication information] The [package]*migrationtools* package provides a set of shell and Perl scripts to help you migrate authentication information into an LDAP format. To install this package, type the following at a shell prompt as `root`: [subs="attributes"] ---- diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc index bfcf3b7..d9f0efa 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Printer_Configuration.adoc @@ -1,16 +1,14 @@ [[sec-Printer_Configuration]] == Printer Configuration -indexterm:[CUPS,Printer Configuration]indexterm:[printers,Printer Configuration] -The [application]*Printers* configuration tool serves for printer configuring, maintenance of printer configuration files, print spool directories and print filters, and printer classes management. +indexterm:[CUPS,Printer Configuration]indexterm:[printers,Printer Configuration] The [application]*Printers* configuration tool serves for printer configuring, maintenance of printer configuration files, print spool directories and print filters, and printer classes management. The tool is based on the Common Unix Printing System (*CUPS*). If you upgraded the system from a previous {MAJOROS} version that used CUPS, the upgrade process preserved the configured printers. .Using the CUPS web application or command-line tools [NOTE] ==== -indexterm:[Printer Configuration,CUPS] -You can perform the same and additional operations on printers directly from the CUPS web application or command line. To access the application, in a web browser, go to link:++http://localhost:631/++[http://localhost:631/]. For CUPS manuals refer to the links on the `Home` tab of the web site. +indexterm:[Printer Configuration,CUPS] You can perform the same and additional operations on printers directly from the CUPS web application or command line. To access the application, in a web browser, go to link:++http://localhost:631/++[http://localhost:631/]. For CUPS manuals refer to the links on the `Home` tab of the web site. ==== @@ -26,12 +24,11 @@ The `Printers` window depicted in xref:File_and_Print_Servers.adoc#fig-printconf [[fig-printconf-main]] .Printers Configuration window -image::printconf-main.png[Printers Configuration window] +image::printconf-main.png["Printers Configuration window"] [[sec-Setting_Printer]] === Starting Printer Setup -indexterm:[Printer Configuration,New Printer] -Printer setup process varies depending on the printer queue type. +indexterm:[Printer Configuration,New Printer] Printer setup process varies depending on the printer queue type. If you are setting up a local printer connected with USB, the printer is discovered and added automatically. You will be prompted to confirm the packages to be installed and provide an administrator or the `root` user password. Local printers connected with other port types and network printers need to be set up manually. @@ -47,8 +44,7 @@ Follow this procedure to start a manual printer setup: [[sec-Adding_Other_Printer]] === Adding a Local Printer -indexterm:[Printer Configuration,Local Printers] -Follow this procedure to add a local printer connected with other than a serial port: +indexterm:[Printer Configuration,Local Printers] Follow this procedure to add a local printer connected with other than a serial port: [[proc-Adding_Other_Printer]] @@ -70,7 +66,7 @@ Flow Control .Adding a local printer -image::print_conf_window.png[Adding a local printer] +image::print_conf_window.png["Adding a local printer"] . Click btn:[Forward]. @@ -96,7 +92,7 @@ Follow this procedure to add an AppSocket/HP JetDirect printer: [[fig-printconf-jetdirect]] .Adding a JetDirect printer -image::printconf-jetdirect.png[Adding a JetDirect Printer] +image::printconf-jetdirect.png["Adding a JetDirect Printer"] . Click btn:[Forward]. @@ -104,8 +100,7 @@ image::printconf-jetdirect.png[Adding a JetDirect Printer] [[s1-printing-ipp-printer]] === Adding an IPP Printer -indexterm:[Printer Configuration,IPP Printers] -An `IPP` printer is a printer attached to a different system on the same TCP/IP network. The system this printer is attached to may either be running CUPS or simply configured to use `IPP`. +indexterm:[Printer Configuration,IPP Printers] An `IPP` printer is a printer attached to a different system on the same TCP/IP network. The system this printer is attached to may either be running CUPS or simply configured to use `IPP`. If a firewall is enabled on the printer server, then the firewall must be configured to allow incoming `TCP` connections on port `631`. Note that the CUPS browsing protocol allows client machines to discover shared CUPS queues automatically. To enable this, the firewall on the client machine must be configured to allow incoming `UDP` packets on port `631`. @@ -126,7 +121,7 @@ Follow this procedure to add an `IPP` printer: [[fig-printconf-ipp]] .Adding an IPP printer -image::printconf-ipp.png[Networked IPP Printer] +image::printconf-ipp.png["Networked IPP Printer"] . Optionally, click btn:[Verify] to detect the printer. @@ -157,7 +152,7 @@ Optionally, click btn:[Probe] to find queues on the LPD host. [[fig-printconf-lpd]] .Adding an LPD/LPR printer -image::printconf-lpd.png[Adding an LPD/LPR Printer] +image::printconf-lpd.png["Adding an LPD/LPR Printer"] . Click btn:[Forward] to continue. @@ -195,7 +190,7 @@ For more information on installing packages with DNF, refer to xref:package-mana [[fig-printconf-smb]] .Adding a SMB printer -image::printconf-smb.png[SMB Printer] +image::printconf-smb.png["SMB Printer"] . Click btn:[Browse] to see the available workgroups/domains. To display only queues of a particular host, type in the host name (NetBios name) and click btn:[Browse]. @@ -245,7 +240,7 @@ Follow this procedure to provide the printer driver and finish the installation: [[fig-printconf-select-model]] .Selecting a printer brand -image::printconf-select-model.png[Selecting a printer brand from the printer database brands.] +image::printconf-select-model.png["Selecting a printer brand from the printer database brands."] . Depending on your previous choice provide details in the area displayed below: @@ -270,7 +265,7 @@ On the right, the recommended printer driver is automatically selected; however, [[fig-printconf-select-driver]] .Selecting a printer model -image::printconf-select-driver.png[Selecting a Printer Model with a Driver Menu] +image::printconf-select-driver.png["Selecting a Printer Model with a Driver Menu"] . Click btn:[Forward]. @@ -279,7 +274,7 @@ image::printconf-select-driver.png[Selecting a Printer Model with a Driver Menu] [[fig-printconf-add]] .Printer setup -image::printconf-add-printer.png[Printer Setup] +image::printconf-add-printer.png["Printer Setup"] . Click btn:[Apply] to confirm your printer configuration and add the print queue if the settings are correct. Click btn:[Back] to modify the printer configuration. @@ -306,15 +301,14 @@ To delete an existing printer, in the `Printer` configuration window, select the To set the default printer, right-click the printer in the printer list and click the `Set As Default` button in the context menu. ==== The Settings Page -indexterm:[Printer Configuration,Settings] -To change printer driver configuration, double-click the corresponding name in the `Printer` list and click the `Settings` label on the left to display the `Settings` page. +indexterm:[Printer Configuration,Settings] To change printer driver configuration, double-click the corresponding name in the `Printer` list and click the `Settings` label on the left to display the `Settings` page. You can modify printer settings such as make and model, print a test page, change the device location (URI), and more. [[fig-printconf-config1]] .Settings page -image::printconf-config1.png[Settings Page] +image::printconf-config1.png["Settings Page"] ==== The Policies Page @@ -326,13 +320,12 @@ You can also create a _banner page_ (a page that describes aspects of the print [[sec-Sharing_Printers]] .Sharing Printers -indexterm:[Printer Configuration,Sharing Printers] -On the `Policies` page, you can mark a printer as shared: if a printer is shared, users published on the network can use it. To allow the sharing function for printers, go to menu:Server[pass:attributes[{blank}]`Settings`pass:attributes[{blank}]] and select `Publish shared printers connected to this system`. +indexterm:[Printer Configuration,Sharing Printers] On the `Policies` page, you can mark a printer as shared: if a printer is shared, users published on the network can use it. To allow the sharing function for printers, go to menu:Server[pass:attributes[{blank}]`Settings`pass:attributes[{blank}]] and select `Publish shared printers connected to this system`. [[fig-printconf-config2]] .Policies page -image::printconf-config2.png[Policies Page] +image::printconf-config2.png["Policies Page"] Make sure that the firewall allows incoming `TCP` connections to port `631`, the port for the Network Printing Server (`IPP`) protocol. To allow `IPP` traffic through the firewall on {MAJOROSVER}, make use of `firewalld`pass:attributes[{blank}]'s `IPP` service. To do so, proceed as follows: @@ -367,7 +360,7 @@ You can change user-level access to the configured printer on the `Access Contro [[fig-printconf-config3]] .Access Control page -image::printconf-config3.png[Access Control Page] +image::printconf-config3.png["Access Control Page"] [[sec-The_Printer_Options_Page]] .The Printer Options Page @@ -377,7 +370,7 @@ The `Printer Options` page contains various configuration options for the printe [[fig-printconf-config4]] .Printer Options page -image::printconf-config4.png[Printer Options Page] +image::printconf-config4.png["Printer Options Page"] [[sec-Job_Options_Page]] .Job Options Page @@ -387,7 +380,7 @@ On the `Job Options` page, you can detail the printer job options. Click the `Jo [[fig-printconf-config5]] .Job Options page -image::printconf-config5.png[Job Options Page] +image::printconf-config5.png["Job Options Page"] [[sec-Ink_Toner_Levels_Page]] .Ink/Toner Levels Page @@ -397,19 +390,18 @@ The `Ink/Toner Levels` page contains details on toner status if available and pr [[mediaobj-printconf-config6]] .Ink/Toner Levels page -image::printconf-config6.png[Ink/Toner Levels Page] +image::printconf-config6.png["Ink/Toner Levels Page"] [[s1-printing-managing]] ==== Managing Print Jobs -indexterm:[Printer Configuration,Print Jobs] -When you send a print job to the printer daemon, such as printing a text file from [application]*Emacs* or printing an image from [application]*GIMP*, the print job is added to the print spool queue. The print spool queue is a list of print jobs that have been sent to the printer and information about each print request, such as the status of the request, the job number, and more. +indexterm:[Printer Configuration,Print Jobs] When you send a print job to the printer daemon, such as printing a text file from [application]*Emacs* or printing an image from [application]*GIMP*, the print job is added to the print spool queue. The print spool queue is a list of print jobs that have been sent to the printer and information about each print request, such as the status of the request, the job number, and more. During the printing process, messages informing about the process appear in the notification area. [[fig-gnome-print-manager-list]] .GNOME Print Status -image::gnome-print-queue.png[GNOME Print Status] +image::gnome-print-queue.png["GNOME Print Status"] To cancel, hold, release, reprint or authenticate a print job, select the job in the [application]*GNOME Print Status* and on the Job menu, click the respective command. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc index 8e0dbd2..d541c39 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/Samba.adoc @@ -1,8 +1,7 @@ [[sect-Samba]] == Samba -indexterm:[Samba,Reference]indexterm:[Samba,Samba] -[application]*Samba* is the standard open source Windows interoperability suite of programs for Linux. It implements the _server message block_ (`SMB`) protocol. Modern versions of this protocol are also known as the _common Internet file system_ (`CIFS`) protocol. It allows the networking of Microsoft *Windows*, Linux, UNIX, and other operating systems together, enabling access to Windows-based file and printer shares. Samba's use of `SMB` allows it to appear as a Windows server to Windows clients. +indexterm:[Samba,Reference]indexterm:[Samba,Samba] [application]*Samba* is the standard open source Windows interoperability suite of programs for Linux. It implements the _server message block_ (`SMB`) protocol. Modern versions of this protocol are also known as the _common Internet file system_ (`CIFS`) protocol. It allows the networking of Microsoft *Windows*, Linux, UNIX, and other operating systems together, enabling access to Windows-based file and printer shares. Samba's use of `SMB` allows it to appear as a Windows server to Windows clients. .Installing the samba package [NOTE] @@ -21,9 +20,7 @@ For more information on installing packages with DNF, see xref:package-managemen [[sect-Samba-Introduction_to_Samba]] === Introduction to Samba -indexterm:[Samba,Introduction] -Samba is an important component to seamlessly integrate Linux Servers and Desktops into Active Directory (AD) environments. It can function both as a domain controller (NT4-style) or as a regular domain member (AD or NT4-style). -indexterm:[Samba,Abilities] +indexterm:[Samba,Introduction] Samba is an important component to seamlessly integrate Linux Servers and Desktops into Active Directory (AD) environments. It can function both as a domain controller (NT4-style) or as a regular domain member (AD or NT4-style). indexterm:[Samba,Abilities] .What Samba can do: * Serve directory trees and printers to Linux, UNIX, and Windows clients @@ -50,8 +47,7 @@ indexterm:[Samba,Abilities] [[sect-Samba_Daemons_and_Related_Services]] === Samba Daemons and Related Services -indexterm:[Samba,daemon,overview] -Samba is comprised of three daemons (`smbd`, `nmbd`, and `winbindd`). Three services (`smb`, `nmb`, and `winbind`) control how the daemons are started, stopped, and other service-related features. These services act as different init scripts. Each daemon is listed in detail below, as well as which specific service has control over it. +indexterm:[Samba,daemon,overview] Samba is comprised of three daemons (`smbd`, `nmbd`, and `winbindd`). Three services (`smb`, `nmb`, and `winbind`) control how the daemons are started, stopped, and other service-related features. These services act as different init scripts. Each daemon is listed in detail below, as well as which specific service has control over it. .smbdindexterm:[Samba,daemon,smbd] The `smbd` server daemon provides file sharing and printing services to Windows clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the `SMB` protocol. The default ports on which the server listens for `SMB` traffic are `TCP` ports 139 and 445. @@ -78,8 +74,7 @@ See xref:File_and_Print_Servers.adoc#sect-Samba_Distribution_Programs[Samba Dist [[sect-Samba-Connecting_to_a_Samba_Share]] === Connecting to a Samba Share -indexterm:[Samba,share,connecting to with Nautilus] -You can use either [application]*Nautilus* or command line to connect to available Samba shares. +indexterm:[Samba,share,connecting to with Nautilus] You can use either [application]*Nautilus* or command line to connect to available Samba shares. [[proc-Samba-Connecting_to_a_Samba_Share_GUI]] .Connecting to a Samba Share Using Nautilus @@ -90,7 +85,7 @@ An icon appears for each available `SMB` workgroup or domain on the network. [[fig-samba-nautilus-workgroups]] .SMB Workgroups in Nautilus + -image::samba-nautilus-domain.png[SMB Workgroups in Nautilus] +image::samba-nautilus-domain.png["SMB Workgroups in Nautilus"] . Double-click one of the workgroup or domain icon to view a list of computers within the workgroup or domain. @@ -122,8 +117,7 @@ If you see the `smb:\>` prompt, you have successfully logged in. Once you are lo [[sect-Mounting_the_Samba_Share]] === Mounting the Share -indexterm:[Samba,share,mounting] -Sometimes it is useful to mount a Samba share to a directory so that the files in the directory can be treated as if they are part of the local file system. +indexterm:[Samba,share,mounting] Sometimes it is useful to mount a Samba share to a directory so that the files in the directory can be treated as if they are part of the local file system. To mount a Samba share to a directory, create a directory to mount it to (if it does not already exist), and execute the following command as `root`: @@ -170,18 +164,15 @@ WARNING: This operation can expose passwords by removing password encryption. [[sect-Samba-Configuring_a_Samba_Server]] === Configuring a Samba Server -indexterm:[Samba,configuration]indexterm:[Samba,configuration,default] -The default configuration file (`/etc/samba/smb.conf`) allows users to view their home directories as a Samba share. It also shares all printers configured for the system as Samba shared printers. You can attach a printer to the system and print to it from the Windows machines on your network. +indexterm:[Samba,configuration]indexterm:[Samba,configuration,default] The default configuration file (`/etc/samba/smb.conf`) allows users to view their home directories as a Samba share. It also shares all printers configured for the system as Samba shared printers. You can attach a printer to the system and print to it from the Windows machines on your network. [[sect-Samba-GUI_Configuration]] ==== Graphical Configuration -indexterm:[Samba,graphical configuration] -To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at link:++https://www.samba.org/samba/GUI/++[https://www.samba.org/samba/GUI/]. +indexterm:[Samba,graphical configuration] To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at link:++https://www.samba.org/samba/GUI/++[https://www.samba.org/samba/GUI/]. [[sect-Samba-Command-Line-Configuration]] ==== Command-Line Configuration -indexterm:[Samba,configuration] -Samba uses `/etc/samba/smb.conf` as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the following command, as `root`: +indexterm:[Samba,configuration] Samba uses `/etc/samba/smb.conf` as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the following command, as `root`: [subs="attributes"] ---- @@ -233,8 +224,7 @@ indexterm:[Samba,with Windows NT 4.0, 2000, ME, and XP]indexterm:[Windows NT 4.0 [[sect-Samba-Starting_and_Stopping]] === Starting and Stopping Samba -indexterm:[Samba,service,starting]indexterm:[Samba,service,stopping]indexterm:[Samba,service,restarting]indexterm:[Samba,service,conditional restarting]indexterm:[Samba,service,reloading] -To start a Samba server, type the following command in a shell prompt, as `root`: +indexterm:[Samba,service,starting]indexterm:[Samba,service,stopping]indexterm:[Samba,service,restarting]indexterm:[Samba,service,conditional restarting]indexterm:[Samba,service,reloading] To start a Samba server, type the following command in a shell prompt, as `root`: [subs="attributes"] ---- @@ -300,15 +290,13 @@ See xref:infrastructure-services/Services_and_Daemons.adoc#ch-Services_and_Daemo [[sect-Samba-Server_Types_and_the_smb.conf_File]] === Samba Server Types and the `smb.conf` File -indexterm:[Samba,smb.conf]indexterm:[Samba,Server Types] -Samba configuration is straightforward. All modifications to Samba are done in the `/etc/samba/smb.conf` configuration file. Although the default `smb.conf` file is well documented, it does not address complex topics such as LDAP, Active Directory, and the numerous domain controller implementations. +indexterm:[Samba,smb.conf]indexterm:[Samba,Server Types] Samba configuration is straightforward. All modifications to Samba are done in the `/etc/samba/smb.conf` configuration file. Although the default `smb.conf` file is well documented, it does not address complex topics such as LDAP, Active Directory, and the numerous domain controller implementations. The following sections describe the different ways a Samba server can be configured. Keep in mind your needs and the changes required to the `/etc/samba/smb.conf` file for a successful configuration. [[sect-Samba-Standalone_Server]] ==== Stand-alone Server -indexterm:[Samba,server types,Stand Alone] -A stand-alone server can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. The following examples include several user-level security configurations. For more information on security modes, see xref:File_and_Print_Servers.adoc#sect-Samba-Security_Modes[Samba Security Modes]. +indexterm:[Samba,server types,Stand Alone] A stand-alone server can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. The following examples include several user-level security configurations. For more information on security modes, see xref:File_and_Print_Servers.adoc#sect-Samba-Security_Modes[Samba Security Modes]. .Anonymous Read-Onlyindexterm:[Samba,smb.conf,Anonymous Read Only example] The following `/etc/samba/smb.conf` file shows a sample configuration needed to implement anonymous read-only file sharing. Two directives are used to configure anonymous access – `map to guest = Bad user` and `guest account = nobody`. @@ -441,8 +429,7 @@ browseable = yes [[sect-Samba-Domain_Member_Server]] ==== Domain Member Server -indexterm:[Samba,server types,Domain Member] -A domain member, while similar to a stand-alone server, is logged into a domain controller (either Windows or Samba) and is subject to the domain's security rules. An example of a domain member server would be a departmental server running Samba that has a machine account on the Primary Domain Controller (PDC). All of the department's clients still authenticate with the PDC, and desktop profiles and all network policy files are included. The difference is that the departmental server has the ability to control printer and network shares. +indexterm:[Samba,server types,Domain Member] A domain member, while similar to a stand-alone server, is logged into a domain controller (either Windows or Samba) and is subject to the domain's security rules. An example of a domain member server would be a departmental server running Samba that has a machine account on the Primary Domain Controller (PDC). All of the department's clients still authenticate with the PDC, and desktop profiles and all network policy files are included. The difference is that the departmental server has the ability to control printer and network shares. .Active Directory Domain Member Serverindexterm:[Samba,smb.conf,Active Directory Member Server example] To implement an Active Directory domain member server, follow procedure below: @@ -561,8 +548,7 @@ Note that the [option]`-S` option, which specifies the domain server host name, [[sect-Samba-Domain_Controller]] ==== Domain Controller -indexterm:[Samba,server types,Domain Controller] -A domain controller in Windows NT is functionally similar to a Network Information Service (NIS) server in a Linux environment. Domain controllers and NIS servers both host user and group information databases as well as related services. Domain controllers are mainly used for security, including the authentication of users accessing domain resources. The service that maintains the user and group database integrity is called the _Security Account Manager_ (SAM). The SAM database is stored differently between Windows and Linux Samba-based systems, therefore SAM replication cannot be achieved and platforms cannot be mixed in a PDC/BDC environment. +indexterm:[Samba,server types,Domain Controller] A domain controller in Windows NT is functionally similar to a Network Information Service (NIS) server in a Linux environment. Domain controllers and NIS servers both host user and group information databases as well as related services. Domain controllers are mainly used for security, including the authentication of users accessing domain resources. The service that maintains the user and group database integrity is called the _Security Account Manager_ (SAM). The SAM database is stored differently between Windows and Linux Samba-based systems, therefore SAM replication cannot be achieved and platforms cannot be mixed in a PDC/BDC environment. In a Samba environment, there can be only one PDC and zero or more BDCs. @@ -693,13 +679,11 @@ Although it is possible for Samba to be a member of an Active Directory, it is n [[sect-Samba-Security_Modes]] === Samba Security Modes -indexterm:[Samba,Security Modes] -There are only two types of security modes for Samba, _share-level_ and _user-level_, which are collectively known as *pass:attributes[{blank}]_security levels_pass:attributes[{blank}]*. Share-level security is deprecated and has been removed from Samba. Configurations containing this mode need to be migrated to use user-level security. User-level security can be implemented in one of three different ways. The different ways of implementing a security level are called _security modes_. +indexterm:[Samba,Security Modes] There are only two types of security modes for Samba, _share-level_ and _user-level_, which are collectively known as *pass:attributes[{blank}]_security levels_pass:attributes[{blank}]*. Share-level security is deprecated and has been removed from Samba. Configurations containing this mode need to be migrated to use user-level security. User-level security can be implemented in one of three different ways. The different ways of implementing a security level are called _security modes_. [[sect-Samba_Security_Modes-User_Level]] ==== User-Level Security -indexterm:[Samba,Security Modes,User Level Security] -User-level security is the default and recommended setting for Samba. Even if the `security = user` directive is not listed in the `/etc/samba/smb.conf` file, it is used by Samba. If the server accepts the client's user name and password, the client can then mount multiple shares without specifying a password for each instance. Samba can also accept session-based user name and password requests. The client maintains multiple authentication contexts by using a unique UID for each logon. +indexterm:[Samba,Security Modes,User Level Security] User-level security is the default and recommended setting for Samba. Even if the `security = user` directive is not listed in the `/etc/samba/smb.conf` file, it is used by Samba. If the server accepts the client's user name and password, the client can then mount multiple shares without specifying a password for each instance. Samba can also accept session-based user name and password requests. The client maintains multiple authentication contexts by using a unique UID for each logon. In the `/etc/samba/smb.conf` file, the `security = user` directive that sets user-level security is: @@ -782,14 +766,11 @@ password server = kerberos.example.com [[sect-Samba_Security_Modes-Share_Level]] ==== Share-Level Security -indexterm:[Samba,Security Modes,Share-Level Security] -With share-level security, the server accepts only a password without an explicit user name from the client. The server expects a password for each share, independent of the user name. There have been recent reports that Microsoft Windows clients have compatibility issues with share-level security servers. This mode is deprecated and has been removed from Samba. Configurations containing `security = share` should be updated to use user-level security. Follow the steps in xref:File_and_Print_Servers.adoc#proc-Samba_Security_Modes-Samba_Guest_Shares[Configuring Samba Guest Shares] to avoid using the `security = share` directive. +indexterm:[Samba,Security Modes,Share-Level Security] With share-level security, the server accepts only a password without an explicit user name from the client. The server expects a password for each share, independent of the user name. There have been recent reports that Microsoft Windows clients have compatibility issues with share-level security servers. This mode is deprecated and has been removed from Samba. Configurations containing `security = share` should be updated to use user-level security. Follow the steps in xref:File_and_Print_Servers.adoc#proc-Samba_Security_Modes-Samba_Guest_Shares[Configuring Samba Guest Shares] to avoid using the `security = share` directive. [[sect-Samba-Account_Information-Databases]] === Samba Account Information Databases -indexterm:[Samba,Account Information Databases] -The following is a list different back ends you can use with Samba. Other back ends not listed here may also be available. -indexterm:[Samba,Backward Compatible Database Back Ends]indexterm:[Samba,Account Information Databases,Plain Text]indexterm:[Samba,Account Information Databases,smbpasswd]indexterm:[Samba,Account Information Databases,ldapsam_compat]indexterm:[Samba,New Database Back Ends]indexterm:[Samba,Account Information Databases,tdbsam]indexterm:[Samba,Account Information Databases,ldapsam]indexterm:[Samba,Account Information Databases,mysqlsam]indexterm:[Samba,Account Information Databases,xmlsam] +indexterm:[Samba,Account Information Databases] The following is a list different back ends you can use with Samba. Other back ends not listed here may also be available. indexterm:[Samba,Backward Compatible Database Back Ends]indexterm:[Samba,Account Information Databases,Plain Text]indexterm:[Samba,Account Information Databases,smbpasswd]indexterm:[Samba,Account Information Databases,ldapsam_compat]indexterm:[Samba,New Database Back Ends]indexterm:[Samba,Account Information Databases,tdbsam]indexterm:[Samba,Account Information Databases,ldapsam]indexterm:[Samba,Account Information Databases,mysqlsam]indexterm:[Samba,Account Information Databases,xmlsam] Plain Text:: Plain text back ends are nothing more than the `/etc/passwd` type back ends. With a plain text back end, all user names and passwords are sent unencrypted between the client and the Samba server. This method is very insecure and is not recommended for use by any means. It is possible that different Windows clients connecting to the Samba server with plain text passwords cannot support such an authentication method. @@ -821,8 +802,7 @@ You need to have the [package]*openldap-servers* package installed if you want t [[sect-Samba-Network_Browsing]] === Samba Network Browsing -indexterm:[Samba,Network Browsing]indexterm:[Samba,Browsing] -_Network browsing_ enables Windows and Samba servers to appear in the Windows `Network Neighborhood`. Inside the `Network Neighborhood`, icons are represented as servers and if opened, the server's shares and printers that are available are displayed. +indexterm:[Samba,Network Browsing]indexterm:[Samba,Browsing] _Network browsing_ enables Windows and Samba servers to appear in the Windows `Network Neighborhood`. Inside the `Network Neighborhood`, icons are represented as servers and if opened, the server's shares and printers that are available are displayed. Network browsing capabilities require NetBIOS over `TCP`pass:attributes[{blank}]/pass:attributes[{blank}]`IP`. NetBIOS-based networking uses broadcast (`UDP`) messaging to accomplish browse list management. Without NetBIOS and WINS as the primary method for `TCP`pass:attributes[{blank}]/pass:attributes[{blank}]`IP` host name resolution, other methods such as static files (`/etc/hosts`) or `DNS`, must be used. @@ -830,15 +810,13 @@ A domain master browser collates the browse lists from local master browsers on [[sect-Samba-Domain-Browsing]] ==== Domain Browsing -indexterm:[Samba,Network Browsing,Domain Browsing] -By default, a Windows server PDC for a domain is also the domain master browser for that domain. A Samba server must *not* be set up as a domain master server in this type of situation. +indexterm:[Samba,Network Browsing,Domain Browsing] By default, a Windows server PDC for a domain is also the domain master browser for that domain. A Samba server must *not* be set up as a domain master server in this type of situation. For subnets that do not include the Windows server PDC, a Samba server can be implemented as a local master browser. Configuring the `/etc/samba/smb.conf` file for a local master browser (or no browsing at all) in a domain controller environment is the same as workgroup configuration (see xref:File_and_Print_Servers.adoc#sect-Samba-Configuring_a_Samba_Server[Configuring a Samba Server]). [[sect-Samba-WINS]] ==== WINS (Windows Internet Name Server) -indexterm:[Samba,WINS]indexterm:[Samba,Network Browsing,WINS] -Either a Samba server or a Windows NT server can function as a WINS server. When a WINS server is used with NetBIOS enabled, UDP unicasts can be routed which allows name resolution across networks. Without a WINS server, the UDP broadcast is limited to the local subnet and therefore cannot be routed to other subnets, workgroups, or domains. If WINS replication is necessary, do not use Samba as your primary WINS server, as Samba does not currently support WINS replication. +indexterm:[Samba,WINS]indexterm:[Samba,Network Browsing,WINS] Either a Samba server or a Windows NT server can function as a WINS server. When a WINS server is used with NetBIOS enabled, UDP unicasts can be routed which allows name resolution across networks. Without a WINS server, the UDP broadcast is limited to the local subnet and therefore cannot be routed to other subnets, workgroups, or domains. If WINS replication is necessary, do not use Samba as your primary WINS server, as Samba does not currently support WINS replication. In a mixed NT/2000/2003/2008 server and Samba environment, it is recommended that you use the Microsoft WINS capabilities. In a Samba-only environment, it is recommended that you use *only one* Samba server for WINS. @@ -867,13 +845,11 @@ All servers (including Samba) should connect to a WINS server to resolve NetBIOS [[sect-Samba_with_CUPS_Printing_Support]] === Samba with CUPS Printing Support -indexterm:[Samba,CUPS Printing Support] -Samba allows client machines to share printers connected to the Samba server. In addition, Samba also allows client machines to send documents built in Linux to Windows printer shares. Although there are other printing systems that function with {MAJOROS}, CUPS (Common UNIX Print System) is the recommended printing system due to its close integration with Samba. +indexterm:[Samba,CUPS Printing Support] Samba allows client machines to share printers connected to the Samba server. In addition, Samba also allows client machines to send documents built in Linux to Windows printer shares. Although there are other printing systems that function with {MAJOROS}, CUPS (Common UNIX Print System) is the recommended printing system due to its close integration with Samba. [[sect-Samba-CUPS-smb.conf]] ==== Simple `smb.conf` Settings -indexterm:[Samba,CUPS Printing Support,CUPS smb.conf] -The following example shows a very basic `/etc/samba/smb.conf` configuration for CUPS support: +indexterm:[Samba,CUPS Printing Support,CUPS smb.conf] The following example shows a very basic `/etc/samba/smb.conf` configuration for CUPS support: [[exam-Samba-CUPS-smb.conf]] .An Example Configuration of Samba with CUPS Support @@ -961,9 +937,7 @@ The following example displays the `IP` address of the NetBIOS name `trek`: [subs="quotes, macros"] ---- -~]$ pass:attributes[{blank}][command]#nmblookup trek# -querying trek on 10.1.59.255 -10.1.56.45 trek<00> +~]$ pass:attributes[{blank}][command]#nmblookup trek# querying trek on 10.1.59.255 10.1.56.45 trek<00> ---- .`pdbedit`pass:attributes[{blank}]indexterm:[Samba,Programs,pdbedit]indexterm:[pdbedit program] @@ -1111,17 +1085,7 @@ The `testparm` program checks the syntax of the `/etc/samba/smb.conf` file. If y [subs="macros"] ---- -~]$ testparm -Load smb config files from /etc/samba/smb.conf -Processing section "[homes]" -Processing section "[printers]" -Processing section "[tmp]" -Processing section "[html]" -Loaded services file OK. -Server role: ROLE_STANDALONE -Press enter to see a dump of your service definitions -pass:quotes[`<enter>`] -# Global parameters +~]$ testparm Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[tmp]" Processing section "[html]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions pass:quotes[`<enter>`] # Global parameters [global] workgroup = MYGROUP server string = Samba Server @@ -1162,8 +1126,7 @@ The `wbinfo` program displays information from the `winbindd` daemon. The `winbi [[sect-Samba-Resources]] === Additional Resources -indexterm:[Samba,Additional Resources] -The following sections give you the means to explore Samba in greater detail. +indexterm:[Samba,Additional Resources] The following sections give you the means to explore Samba in greater detail. .Installed Documentationindexterm:[Samba,Additional Resources,installed documentation] diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc index 5c3f07d..bbb9f19 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/_partials/servers/The_Apache_HTTP_Server.adoc @@ -1,8 +1,7 @@ [[s1-The_Apache_HTTP_Server]] == The Apache HTTP Server -indexterm:[httpd,Apache HTTP Server] -The web server available in {MAJOROS} is the Apache HTTP server daemon, `httpd`, an open source web server developed by the link:++https://www.apache.org/++[Apache Software Foundation]. This section describes the basic configuration of the `httpd` service, and covers some advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server. +indexterm:[httpd,Apache HTTP Server] The web server available in {MAJOROS} is the Apache HTTP server daemon, `httpd`, an open source web server developed by the link:++https://www.apache.org/++[Apache Software Foundation]. This section describes the basic configuration of the `httpd` service, and covers some advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server. [[s2-apache-running]] === Running the httpd Service @@ -20,8 +19,7 @@ For more information on the concept of targets and how to manage system services [[s3-apache-running-starting]] ==== Starting the Service -indexterm:[Apache HTTP Server,starting] -To run the `httpd` service, type the following at a shell prompt as `root`: +indexterm:[Apache HTTP Server,starting] To run the `httpd` service, type the following at a shell prompt as `root`: [subs="attributes"] ---- @@ -46,8 +44,7 @@ If running the Apache HTTP Server as a secure server, a password may be required [[s3-apache-running-stopping]] ==== Stopping the Service -indexterm:[Apache HTTP Server,stopping] -To stop the running `httpd` service, type the following at a shell prompt as `root`: +indexterm:[Apache HTTP Server,stopping] To stop the running `httpd` service, type the following at a shell prompt as `root`: [subs="attributes"] ---- @@ -64,8 +61,7 @@ rm '/etc/systemd/system/multi-user.target.wants/httpd.service' [[s3-apache-running-restarting]] ==== Restarting the Service -indexterm:[Apache HTTP Server,restarting] -There are three different ways to restart a running `httpd` service: +indexterm:[Apache HTTP Server,restarting] There are three different ways to restart a running `httpd` service: . To restart the service completely, enter the following command as `root`: @@ -95,8 +91,7 @@ This causes the running `httpd` service to reload its configuration file. Any re [[s3-apache-running-status]] ==== Verifying the Service Status -indexterm:[Apache HTTP Server,checking status] -To verify that the `httpd` service is running, type the following at a shell prompt: +indexterm:[Apache HTTP Server,checking status] To verify that the `httpd` service is running, type the following at a shell prompt: [subs="attributes"] ---- @@ -121,9 +116,7 @@ When the `httpd` service is started, by default, it reads the configuration from `/etc/httpd/conf.d/`|An auxiliary directory for configuration files that are included in the main configuration file. |=== -Although the default configuration should be suitable for most situations, it is a good idea to become at least familiar with some of the more important configuration options. Note that for any changes to take effect, the web server has to be restarted first. See xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service] for more information on how to restart the `httpd` service. -indexterm:[Apache HTTP Server,checking configuration] -To check the configuration for possible errors, type the following at a shell prompt: +Although the default configuration should be suitable for most situations, it is a good idea to become at least familiar with some of the more important configuration options. Note that for any changes to take effect, the web server has to be restarted first. See xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service] for more information on how to restart the `httpd` service. indexterm:[Apache HTTP Server,checking configuration] To check the configuration for possible errors, type the following at a shell prompt: [subs="attributes"] ---- @@ -135,8 +128,7 @@ To make the recovery from mistakes easier, it is recommended that you make a cop [[s3-apache-httpdconf-directives]] ==== Common httpd.conf Directives -indexterm:[Apache HTTP Server,files,/etc/httpd/conf/httpd.conf] -The following directives are commonly used in the `/etc/httpd/conf/httpd.conf` configuration file: +indexterm:[Apache HTTP Server,files,/etc/httpd/conf/httpd.conf] The following directives are commonly used in the `/etc/httpd/conf/httpd.conf` configuration file: indexterm:[Apache HTTP Server,directives,] [option]``:: The [option]`` directive allows you to apply certain directives to a particular directory only. It takes the following form: @@ -315,10 +307,7 @@ indexterm:[Apache HTTP Server,directives,AccessFileName] [option]`Acc ---- AccessFileName _filename_pass:attributes[{blank}]… ---- -indexterm:[Apache HTTP Server,files,.htaccess]indexterm:[.htaccess,Apache HTTP Server] -The _filename_ is a name of the file to look for in the requested directory. By default, the server looks for `.htaccess`. -indexterm:[Apache HTTP Server,files,.htpasswd]indexterm:[.htpasswd,Apache HTTP Server] -For security reasons, the directive is typically followed by the `Files` tag to prevent the files beginning with `.ht` from being accessed by web clients. This includes the `.htaccess` and `.htpasswd` files. +indexterm:[Apache HTTP Server,files,.htaccess]indexterm:[.htaccess,Apache HTTP Server] The _filename_ is a name of the file to look for in the requested directory. By default, the server looks for `.htaccess`. indexterm:[Apache HTTP Server,files,.htpasswd]indexterm:[.htpasswd,Apache HTTP Server] For security reasons, the directive is typically followed by the `Files` tag to prevent the files beginning with `.ht` from being accessed by web clients. This includes the `.htaccess` and `.htpasswd` files. [[example-apache-httpdconf-accessfilename]] .Using the AccessFileName directive @@ -538,9 +527,7 @@ indexterm:[Apache HTTP Server,directives,Alias] [option]`Alias`:: Th Alias _url-path_ _real-path_ ---- -The _url-path_ must be relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/images/`). The _real-path_ is a full path to a file or directory in the local file system. -indexterm:[Apache HTTP Server,directories,/var/www/icons/] -This directive is typically followed by the [option]`Directory` tag with additional permissions to access the target directory. By default, the `/icons/` alias is created so that the icons from `/var/www/icons/` are displayed in server-generated directory listings. +The _url-path_ must be relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/images/`). The _real-path_ is a full path to a file or directory in the local file system. indexterm:[Apache HTTP Server,directories,/var/www/icons/] This directive is typically followed by the [option]`Directory` tag with additional permissions to access the target directory. By default, the `/icons/` alias is created so that the icons from `/var/www/icons/` are displayed in server-generated directory listings. [[example-apache-httpdconf-alias]] .Using the Alias directive @@ -580,8 +567,7 @@ Allow from 192.168.1.0/255.255.255.0 ==== -indexterm:[Apache HTTP Server,directives,AllowOverride] [option]`AllowOverride`:: indexterm:[Apache HTTP Server,files,.htaccess]indexterm:[.htaccess] -The [option]`AllowOverride` directive allows you to specify which directives in a `.htaccess` file can override the default configuration. It takes the following form: +indexterm:[Apache HTTP Server,directives,AllowOverride] [option]`AllowOverride`:: indexterm:[Apache HTTP Server,files,.htaccess]indexterm:[.htaccess] The [option]`AllowOverride` directive allows you to specify which directives in a `.htaccess` file can override the default configuration. It takes the following form: [subs="quotes, macros"] ---- @@ -785,8 +771,7 @@ indexterm:[Apache HTTP Server,directives,CacheRoot] [option]`CacheRoo ---- CacheRoot _directory_ ---- -indexterm:[Apache HTTP Server,directories,/var/cache/mod_proxy/] -The _directory_ must be a full path to an existing directory in the local file system. The default option is `/var/cache/mod_proxy/`. +indexterm:[Apache HTTP Server,directories,/var/cache/mod_proxy/] The _directory_ must be a full path to an existing directory in the local file system. The default option is `/var/cache/mod_proxy/`. [[example-apache-httpdconf-cacheroot]] .Using the CacheRoot directive @@ -804,8 +789,7 @@ indexterm:[Apache HTTP Server,directives,CustomLog] [option]`CustomLo ---- CustomLog _path_ _format_ ---- -indexterm:[Apache HTTP Server,files,/etc/httpd/logs/access_log] -The _path_ refers to a log file, and must be relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The _format_ has to be either an explicit format string, or a format name that was previously defined using the [option]`LogFormat` directive. +indexterm:[Apache HTTP Server,files,/etc/httpd/logs/access_log] The _path_ refers to a log file, and must be relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The _format_ has to be either an explicit format string, or a format name that was previously defined using the [option]`LogFormat` directive. [[example-apache-httpdconf-customlog]] .Using the CustomLog directive @@ -903,8 +887,7 @@ indexterm:[Apache HTTP Server,directives,DocumentRoot] [option]`Docum ---- DocumentRoot _directory_ ---- -indexterm:[Apache HTTP Server,directories,/var/www/html/] -The _directory_ must be a full path to an existing directory in the local file system. The default option is `/var/www/html/`. +indexterm:[Apache HTTP Server,directories,/var/www/html/] The _directory_ must be a full path to an existing directory in the local file system. The default option is `/var/www/html/`. [[example-apache-httpdconf-documentroot]] .Using the DocumentRoot directive @@ -943,8 +926,7 @@ indexterm:[Apache HTTP Server,directives,ErrorLog] [option]`ErrorLog` ---- ErrorLog _path_ ---- -indexterm:[Apache HTTP Server,files,/etc/httpd/logs/error_log] -The _path_ refers to a log file, and can be either absolute, or relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The default option is `logs/error_log` +indexterm:[Apache HTTP Server,files,/etc/httpd/logs/error_log] The _path_ refers to a log file, and can be either absolute, or relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The default option is `logs/error_log` [[example-apache-httpdconf-errorlog]] .Using the ErrorLog directive @@ -1067,8 +1049,7 @@ indexterm:[Apache HTTP Server,directives,Include] [option]`Include`:: ---- Include _filename_ ---- -indexterm:[Apache HTTP Server,directories,/etc/httpd/conf.d/] -The [option]`filename` can be an absolute path, a path relative to the directory specified by the [option]`ServerRoot` directive, or a wildcard expression. All configuration files from the `/etc/httpd/conf.d/` directory are loaded by default. +indexterm:[Apache HTTP Server,directories,/etc/httpd/conf.d/] The [option]`filename` can be an absolute path, a path relative to the directory specified by the [option]`ServerRoot` directive, or a wildcard expression. All configuration files from the `/etc/httpd/conf.d/` directory are loaded by default. [[example-apache-httpdconf-include]] .Using the Include directive @@ -1252,8 +1233,7 @@ indexterm:[Apache HTTP Server,directives,LoadModule] [option]`LoadMod ---- LoadModule _name_ _path_ ---- -indexterm:[Apache HTTP Server,directories,/usr/lib/httpd/modules/]indexterm:[Apache HTTP Server,directories,/usr/lib64/httpd/modules/] -The _name_ has to be a valid identifier of the required module. The _path_ refers to an existing module file, and must be relative to the directory in which the libraries are placed (that is, `/usr/lib/httpd/` on 32-bit and `/usr/lib64/httpd/` on 64-bit systems by default). +indexterm:[Apache HTTP Server,directories,/usr/lib/httpd/modules/]indexterm:[Apache HTTP Server,directories,/usr/lib64/httpd/modules/] The _name_ has to be a valid identifier of the required module. The _path_ refers to an existing module file, and must be relative to the directory in which the libraries are placed (that is, `/usr/lib/httpd/` on 32-bit and `/usr/lib64/httpd/` on 64-bit systems by default). See xref:Web_Servers.adoc#s2-apache-dso[Working with Modules] for more information on the Apache HTTP Server's DSO support. @@ -1462,8 +1442,7 @@ indexterm:[Apache HTTP Server,directives,PidFile] [option]`PidFile`:: ---- PidFile _path_ ---- -indexterm:[Apache HTTP Server,files,/etc/httpd/run/httpd.pid] -The _path_ refers to a pid file, and can be either absolute, or relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The default option is `run/httpd.pid`. +indexterm:[Apache HTTP Server,files,/etc/httpd/run/httpd.pid] The _path_ refers to a pid file, and can be either absolute, or relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The default option is `run/httpd.pid`. [[example-apache-httpdconf-pidfile]] .Using the PidFile directive @@ -1567,9 +1546,7 @@ indexterm:[Apache HTTP Server,directives,ScriptAlias] [option]`Script ScriptAlias _url-path_ _real-path_ ---- -The _url-path_ must be relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/cgi-bin/`). The _real-path_ is a full path to a file or directory in the local file system. -indexterm:[Apache HTTP Server,directories,/var/www/cgi-bin/] -This directive is typically followed by the [option]`Directory` tag with additional permissions to access the target directory. By default, the `/cgi-bin/` alias is created so that the scripts located in the `/var/www/cgi-bin/` are accessible. +The _url-path_ must be relative to the directory specified by the [option]`DocumentRoot` directive (for example, `/cgi-bin/`). The _real-path_ is a full path to a file or directory in the local file system. indexterm:[Apache HTTP Server,directories,/var/www/cgi-bin/] This directive is typically followed by the [option]`Directory` tag with additional permissions to access the target directory. By default, the `/cgi-bin/` alias is created so that the scripts located in the `/var/www/cgi-bin/` are accessible. The [option]`ScriptAlias` directive is used for security reasons to prevent CGI scripts from being viewed as ordinary text documents. @@ -1641,8 +1618,7 @@ indexterm:[Apache HTTP Server,directives,ServerRoot] [option]`ServerR ---- ServerRoot _directory_ ---- -indexterm:[Apache HTTP Server,directories,/etc/httpd/] -The _directory_ must be a full path to an existing directory in the local file system. The default option is `/etc/httpd/`. +indexterm:[Apache HTTP Server,directories,/etc/httpd/] The _directory_ must be a full path to an existing directory in the local file system. The default option is `/etc/httpd/`. [[example-apache-httpd-serverroot]] .Using the ServerRoot directive @@ -1770,8 +1746,7 @@ indexterm:[Apache HTTP Server,directives,TypesConfig] [option]`TypesC ---- TypesConfig _path_ ---- -indexterm:[Apache HTTP Server,files,/etc/mime.types] -The _path_ refers to an existing MIME types configuration file, and can be either absolute, or relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The default option is [option]`/etc/mime.types`. +indexterm:[Apache HTTP Server,files,/etc/mime.types] The _path_ refers to an existing MIME types configuration file, and can be either absolute, or relative to the directory that is specified by the [option]`ServerRoot` directive (that is, `/etc/httpd/` by default). The default option is [option]`/etc/mime.types`. Note that instead of editing `/etc/mime.types`, the recommended way to add MIME type mapping to the Apache HTTP Server is to use the [option]`AddType` directive. @@ -1845,8 +1820,7 @@ indexterm:[Apache HTTP Server,directives,UserDir] [option]`UserDir`:: ---- UserDir _option_ ---- -indexterm:[Apache HTTP Server,directories,~/public_html/] -The _option_ can be either a name of the directory to look for in user's home directory (typically [option]`public_html`), or a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-userdir[Available UserDir options]. The default option is [option]`disabled`. +indexterm:[Apache HTTP Server,directories,~/public_html/] The _option_ can be either a name of the directory to look for in user's home directory (typically [option]`public_html`), or a valid keyword as described in xref:Web_Servers.adoc#table-apache-httpdconf-userdir[Available UserDir options]. The default option is [option]`disabled`. [[table-apache-httpdconf-userdir]] .Available UserDir options @@ -1886,9 +1860,7 @@ UserDir public_html [[s3-apache-sslconf-common]] ==== Common ssl.conf Directives -The _Secure Sockets Layer_ (*SSL*) directives allow you to customize the behavior of the Apache HTTP Secure Server, and in most cases, they are configured appropriately during the installation. Be careful when changing these settings, as incorrect configuration can lead to security vulnerabilities. -indexterm:[Apache HTTP Server,files,/etc/httpd/conf.d/ssl.conf] -The following directive is commonly used in `/etc/httpd/conf.d/ssl.conf`: +The _Secure Sockets Layer_ (*SSL*) directives allow you to customize the behavior of the Apache HTTP Secure Server, and in most cases, they are configured appropriately during the installation. Be careful when changing these settings, as incorrect configuration can lead to security vulnerabilities. indexterm:[Apache HTTP Server,files,/etc/httpd/conf.d/ssl.conf] The following directive is commonly used in `/etc/httpd/conf.d/ssl.conf`: indexterm:[Apache HTTP Server,directives,SetEnvIf] [option]`SetEnvIf`:: The [option]`SetEnvIf` directive allows you to set environment variables based on the headers of incoming connections. It takes the following form: @@ -1932,9 +1904,7 @@ Note that for the `/etc/httpd/conf.d/ssl.conf` file to be present, the [package] [[s3-apache-mpm-common]] ==== Common Multi-Processing Module Directives -The _Multi-Processing Module_ (*MPM*) directives allow you to customize the behavior of a particular MPM specific server-pool. Since its characteristics differ depending on which MPM is used, the directives are embedded in [option]`IfModule`. By default, the server-pool is defined for both the `prefork` and `worker` MPMs. -indexterm:[Apache HTTP Server,files,/etc/httpd/conf/httpd.conf] -The following MPM directives are commonly used in `/etc/httpd/conf/httpd.conf`: +The _Multi-Processing Module_ (*MPM*) directives allow you to customize the behavior of a particular MPM specific server-pool. Since its characteristics differ depending on which MPM is used, the directives are embedded in [option]`IfModule`. By default, the server-pool is defined for both the `prefork` and `worker` MPMs. indexterm:[Apache HTTP Server,files,/etc/httpd/conf/httpd.conf] The following MPM directives are commonly used in `/etc/httpd/conf/httpd.conf`: indexterm:[Apache HTTP Server,directives,MaxClients] [option]`MaxClients`:: The [option]`MaxClients` directive allows you to specify the maximum number of simultaneously connected clients to process at one time. It takes the following form: @@ -2100,13 +2070,11 @@ ThreadsPerChild 25 [[s2-apache-dso]] === Working with Modules -indexterm:[Apache HTTP Server,directories,/usr/lib/httpd/modules/]indexterm:[Apache HTTP Server,directories,/usr/lib64/httpd/modules/] -Being a modular application, the `httpd` service is distributed along with a number of _Dynamic Shared Objects_ (*DSO*pass:attributes[{blank}]s), which can be dynamically loaded or unloaded at runtime as necessary. By default, these modules are located in `/usr/lib/httpd/modules/` on 32-bit and in `/usr/lib64/httpd/modules/` on 64-bit systems. +indexterm:[Apache HTTP Server,directories,/usr/lib/httpd/modules/]indexterm:[Apache HTTP Server,directories,/usr/lib64/httpd/modules/] Being a modular application, the `httpd` service is distributed along with a number of _Dynamic Shared Objects_ (*DSO*pass:attributes[{blank}]s), which can be dynamically loaded or unloaded at runtime as necessary. By default, these modules are located in `/usr/lib/httpd/modules/` on 32-bit and in `/usr/lib64/httpd/modules/` on 64-bit systems. [[s3-apache-dso-loading]] ==== Loading a Module -indexterm:[Apache HTTP Server,modules,loading] -To load a particular DSO module, use the [option]`LoadModule` directive as described in xref:Web_Servers.adoc#s3-apache-httpdconf-directives[Common httpd.conf Directives]. Note that modules provided by a separate package often have their own configuration file in the `/etc/httpd/conf.d/` directory. +indexterm:[Apache HTTP Server,modules,loading] To load a particular DSO module, use the [option]`LoadModule` directive as described in xref:Web_Servers.adoc#s3-apache-httpdconf-directives[Common httpd.conf Directives]. Note that modules provided by a separate package often have their own configuration file in the `/etc/httpd/conf.d/` directory. [[example-apache-dso-loading]] .Loading the mod_ssl DSO @@ -2122,8 +2090,7 @@ Once you are finished, restart the web server to reload the configuration. See x [[s3-apache-dso-writing]] ==== Writing a Module -indexterm:[Apache HTTP Server,modules,developing] -If you intend to create a new DSO module, make sure you have the [package]*httpd-devel* package installed. To do so, enter the following command as `root`: +indexterm:[Apache HTTP Server,modules,developing] If you intend to create a new DSO module, make sure you have the [package]*httpd-devel* package installed. To do so, enter the following command as `root`: [subs="attributes"] ---- @@ -2143,8 +2110,7 @@ If the build was successful, you should be able to load the module the same way [[s2-apache-virtualhosts]] === Setting Up Virtual Hosts -indexterm:[Apache HTTP Server,virtual host]indexterm:[virtual host,Apache HTTP Server] -The Apache HTTP Server's built in virtual hosting allows the server to provide different information based on which IP address, host name, or port is being requested. +indexterm:[Apache HTTP Server,virtual host]indexterm:[virtual host,Apache HTTP Server] The Apache HTTP Server's built in virtual hosting allows the server to provide different information based on which IP address, host name, or port is being requested. To create a name-based virtual host, copy the example configuration file `/usr/share/doc/httpd-_VERSION_pass:attributes[{blank}]/httpd-vhosts.conf` into the `/etc/httpd/conf.d/` directory, and replace the `@@Port@@` and `@@ServerRoot@@` placeholder values. Customize the options according to your requirements as shown in xref:Web_Servers.adoc#example-apache-virtualhosts-config[Example virtual host configuration]. @@ -2180,17 +2146,13 @@ To activate a newly created virtual host, the web server has to be restarted fir [[s2-apache-mod_ssl]] === Setting Up an SSL Server -indexterm:[Apache HTTP Server,modules,mod_ssl]indexterm:[SSL server,Apache HTTP Server]indexterm:[SSL,Apache HTTP Server]indexterm:[TLS,Apache HTTP Server]indexterm:[OpenSSL,SSL,SSL]indexterm:[OpenSSL,TLS,TLS] -_Secure Sockets Layer_ (*SSL*) is a cryptographic protocol that allows a server and a client to communicate securely. Along with its extended and improved version called _Transport Layer Security_ (*TLS*), it ensures both privacy and data integrity. The Apache HTTP Server in combination with `mod_ssl`, a module that uses the OpenSSL toolkit to provide the SSL/TLS support, is commonly referred to as the _SSL server_. +indexterm:[Apache HTTP Server,modules,mod_ssl]indexterm:[SSL server,Apache HTTP Server]indexterm:[SSL,Apache HTTP Server]indexterm:[TLS,Apache HTTP Server]indexterm:[OpenSSL,SSL,SSL]indexterm:[OpenSSL,TLS,TLS] _Secure Sockets Layer_ (*SSL*) is a cryptographic protocol that allows a server and a client to communicate securely. Along with its extended and improved version called _Transport Layer Security_ (*TLS*), it ensures both privacy and data integrity. The Apache HTTP Server in combination with `mod_ssl`, a module that uses the OpenSSL toolkit to provide the SSL/TLS support, is commonly referred to as the _SSL server_. Unlike a regular HTTP connection that can be read and possibly modified by anybody who is able to intercept it, the use of `mod_ssl` prevents any inspection or modification of the transmitted content. This section provides basic information on how to enable this module in the Apache HTTP Server configuration, and guides you through the process of generating private keys and self-signed certificates. [[s3-apache-mod_ssl-certificates]] ==== An Overview of Certificates and Security -indexterm:[Apache HTTP Server,SSL server,private key]indexterm:[Apache HTTP Server,SSL server,public key] -Secure communication is based on the use of keys. In conventional or _symmetric cryptography_, both ends of the transaction have the same key they can use to decode each other's transmissions. On the other hand, in public or _asymmetric cryptography_, two keys co-exist: a _private key_ that is kept a secret, and a _public key_ that is usually shared with the public. While the data encoded with the public key can only be decoded with the private key, data encoded with the private key can in turn only be decoded with the public key. -indexterm:[Apache HTTP Server,SSL server,certificate]indexterm:[Apache HTTP Server,SSL server,certificate authority] -To provide secure communications using SSL, an SSL server must use a digital certificate signed by a _Certificate Authority_ (*CA*). The certificate lists various attributes of the server (that is, the server host name, the name of the company, its location, etc.), and the signature produced using the CA's private key. This signature ensures that a particular certificate authority has signed the certificate, and that the certificate has not been modified in any way. +indexterm:[Apache HTTP Server,SSL server,private key]indexterm:[Apache HTTP Server,SSL server,public key] Secure communication is based on the use of keys. In conventional or _symmetric cryptography_, both ends of the transaction have the same key they can use to decode each other's transmissions. On the other hand, in public or _asymmetric cryptography_, two keys co-exist: a _private key_ that is kept a secret, and a _public key_ that is usually shared with the public. While the data encoded with the public key can only be decoded with the private key, data encoded with the private key can in turn only be decoded with the public key. indexterm:[Apache HTTP Server,SSL server,certificate]indexterm:[Apache HTTP Server,SSL server,certificate authority] To provide secure communications using SSL, an SSL server must use a digital certificate signed by a _Certificate Authority_ (*CA*). The certificate lists various attributes of the server (that is, the server host name, the name of the company, its location, etc.), and the signature produced using the CA's private key. This signature ensures that a particular certificate authority has signed the certificate, and that the certificate has not been modified in any way. When a web browser establishes a new SSL connection, it checks the certificate provided by the web server. If the certificate does not have a signature from a trusted CA, or if the host name listed in the certificate does not match the host name used to establish the connection, it refuses to communicate with the server and usually presents a user with an appropriate error message. @@ -2219,8 +2181,7 @@ If you intend to set up an SSL server, make sure you have the [package]*mod_ssl* ---- #{nbsp}dnf install mod_ssl openssl ---- -indexterm:[Apache HTTP Server,files,/etc/httpd/conf.d/ssl.conf] -This will create the `mod_ssl` configuration file at `/etc/httpd/conf.d/ssl.conf`, which is included in the main Apache HTTP Server configuration file by default. For the module to be loaded, restart the `httpd` service as described in xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service]. +indexterm:[Apache HTTP Server,files,/etc/httpd/conf.d/ssl.conf] This will create the `mod_ssl` configuration file at `/etc/httpd/conf.d/ssl.conf`, which is included in the main Apache HTTP Server configuration file by default. For the module to be loaded, restart the `httpd` service as described in xref:Web_Servers.adoc#s3-apache-running-restarting[Restarting the Service]. [IMPORTANT] ==== @@ -2281,8 +2242,7 @@ Note that any sessions will be interrupted. [[s3-apache-mod_ssl-keypair]] ==== Using an Existing Key and Certificate -indexterm:[Apache HTTP Server,SSL server,private key]indexterm:[Apache HTTP Server,SSL server,certificate] -If you have a previously created key and certificate, you can configure the SSL server to use these files instead of generating new ones. There are only two situations where this is not possible: +indexterm:[Apache HTTP Server,SSL server,private key]indexterm:[Apache HTTP Server,SSL server,certificate] If you have a previously created key and certificate, you can configure the SSL server to use these files instead of generating new ones. There are only two situations where this is not possible: . *You are changing the IP address or domain name.* diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc index b63dc51..10b4ea0 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Configuring_the_Date_and_Time.adoc @@ -352,8 +352,7 @@ The `hwclock` utility saves its settings in the `/etc/adjtime` file, which is cr [NOTE] ==== -In {MAJOROS}{nbsp}6, the [command]#hwclock# command was run automatically on every system shutdown or reboot, but it is not in {MAJOROSVER}. When the system clock is synchronized by the Network Time Protocol (NTP) or -Precision Time Protocol (PTP), the kernel automatically synchronizes the hardware clock to the system clock every 11 minutes. +In {MAJOROS}{nbsp}6, the [command]#hwclock# command was run automatically on every system shutdown or reboot, but it is not in {MAJOROSVER}. When the system clock is synchronized by the Network Time Protocol (NTP) or Precision Time Protocol (PTP), the kernel automatically synchronizes the hardware clock to the system clock every 11 minutes. ==== diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc index d0d7039..0df6532 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Managing_Users_and_Groups.adoc @@ -17,8 +17,7 @@ Additionally, {MAJOROS} supports _access control lists_ (*ACLs*) for files and d [[s2-users-groups-private-groups]] === User Private Groups -indexterm:[groups,user private]indexterm:[user private groups,groups]indexterm:[groups,tools for management of,groupadd] -{MAJOROS} uses a _user private group_ (_UPG_) scheme, which makes UNIX groups easier to manage. A user private group is created whenever a new user is added to the system. It has the same name as the user for which it was created and that user is the only member of the user private group. +indexterm:[groups,user private]indexterm:[user private groups,groups]indexterm:[groups,tools for management of,groupadd] {MAJOROS} uses a _user private group_ (_UPG_) scheme, which makes UNIX groups easier to manage. A user private group is created whenever a new user is added to the system. It has the same name as the user for which it was created and that user is the only member of the user private group. User private groups make it safe to set default permissions for a newly created file or directory, allowing both the user and *the group of that user* to make modifications to the file or directory. @@ -28,8 +27,7 @@ A list of all groups is stored in the `/etc/group` configuration file. [[s2-users-groups-shadow-utilities]] === Shadow Passwords -indexterm:[passwords,shadow]indexterm:[shadow passwords,overview of] -In environments with multiple users, it is very important to use _shadow passwords_ provided by the [package]*shadow-utils* package to enhance the security of system authentication files. For this reason, the installation program enables shadow passwords by default. +indexterm:[passwords,shadow]indexterm:[shadow passwords,overview of] In environments with multiple users, it is very important to use _shadow passwords_ provided by the [package]*shadow-utils* package to enhance the security of system authentication files. For this reason, the installation program enables shadow passwords by default. The following is a list of the advantages shadow passwords have over the traditional way of storing passwords on UNIX-based systems: @@ -51,8 +49,7 @@ Most utilities provided by the [package]*shadow-utils* package work properly whe [[s1-users-configui]] == Managing Users in a Graphical Environment -indexterm:[users,user configuration]indexterm:[groups,group configuration]indexterm:[user configuration,viewing list of users]indexterm:[group configuration,viewing list of groups]indexterm:[the Users settings tool,user configuration] -The [application]*Users* utility allows you to view, modify, add, and delete local users in the graphical user interface. +indexterm:[users,user configuration]indexterm:[groups,group configuration]indexterm:[user configuration,viewing list of users]indexterm:[group configuration,viewing list of groups]indexterm:[the Users settings tool,user configuration] The [application]*Users* utility allows you to view, modify, add, and delete local users in the graphical user interface. [[s2-redhat-config-users-list]] === Using the Users Settings Tool @@ -64,16 +61,13 @@ To make changes to the user accounts, first select the btn:[Unlock] button and a [[fig-managing-users]] .The Users Settings Tool -image::managing_users.png[The Users settings tool] +image::managing_users.png["The Users settings tool"] -The commandline for call this Gui is : -[user@domain ~]$ kcmshell5 user_manager -When a new user is created, the account is disabled until a password is set. The Add User menu contains the options to set a password by the administrator immediately, or to allow the user to choose a password at the first login. +The commandline for call this Gui is : [user@domain ~]$ kcmshell5 user_manager When a new user is created, the account is disabled until a password is set. The Add User menu contains the options to set a password by the administrator immediately, or to allow the user to choose a password at the first login. [[s1-users-tools]] == Using Command Line Tools -indexterm:[users,tools for management of,useradd]indexterm:[users,tools for management of,the Users setting tool]indexterm:[groups,tools for management of,groupadd] -Apart from the [application]*Users* settings tool described in xref:basic-system-configuration/Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment], which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in xref:Managing_Users_and_Groups.adoc#table-users-tools[Command line utilities for managing users and groups]. +indexterm:[users,tools for management of,useradd]indexterm:[users,tools for management of,the Users setting tool]indexterm:[groups,tools for management of,groupadd] Apart from the [application]*Users* settings tool described in xref:basic-system-configuration/Managing_Users_and_Groups.adoc#s1-users-configui[Managing Users in a Graphical Environment], which is designed for basic managing of users, you can use command line tools for managing users and groups that are listed in xref:Managing_Users_and_Groups.adoc#table-users-tools[Command line utilities for managing users and groups]. [[table-users-tools]] .Command line utilities for managing users and groups @@ -92,17 +86,14 @@ Apart from the [application]*Users* settings tool described in xref:basic-system [[s2-users-tools-users-add]] === Adding a New User -indexterm:[useradd command,user account creation using]indexterm:[adding,user]indexterm:[user configuration,command line configuration,useradd] -To add a new user to the system, type the following at a shell prompt as `root`: +indexterm:[useradd command,user account creation using]indexterm:[adding,user]indexterm:[user configuration,command line configuration,useradd] To add a new user to the system, type the following at a shell prompt as `root`: [subs="quotes, macros"] ---- [command]#useradd# _options_ _username_ ---- -…where _options_ are command-line options as described in xref:Managing_Users_and_Groups.adoc#table-useradd-options[Common useradd command-line options]. -indexterm:[user configuration,command line configuration,passwd] -By default, the [command]#useradd# command creates a locked user account. To unlock the account, run the following command as `root` to assign a password: +…where _options_ are command-line options as described in xref:Managing_Users_and_Groups.adoc#table-useradd-options[Common useradd command-line options]. indexterm:[user configuration,command line configuration,passwd] By default, the [command]#useradd# command creates a locked user account. To unlock the account, run the following command as `root` to assign a password: [subs="quotes, macros"] ---- @@ -242,8 +233,7 @@ At this point, a locked account called `juan` exists on the system. To activate [[s2-users-tools-groups-add]] === Adding a New Group -indexterm:[group configuration,groupadd]indexterm:[adding,group] -To add a new group to the system, type the following at a shell prompt as `root`: +indexterm:[group configuration,groupadd]indexterm:[adding,group] To add a new group to the system, type the following at a shell prompt as `root`: [subs="macros"] ---- @@ -268,8 +258,7 @@ groupadd pass:quotes[_options_] pass:quotes[_group_name_] [[s2-users-tools-password-aging]] === Enabling Password Aging -indexterm:[password,expire]indexterm:[password,aging]indexterm:[expiration of password, forcing]indexterm:[chage command,forcing password expiration with]indexterm:[user configuration,password,forcing expiration of] -For security reasons, it is advisable to require users to change their passwords periodically. This can be done by using the [command]#chage# command. +indexterm:[password,expire]indexterm:[password,aging]indexterm:[expiration of password, forcing]indexterm:[chage command,forcing password expiration with]indexterm:[user configuration,password,forcing expiration of] For security reasons, it is advisable to require users to change their passwords periodically. This can be done by using the [command]#chage# command. .Shadow passwords must be enabled to use chage [IMPORTANT] @@ -278,8 +267,7 @@ For security reasons, it is advisable to require users to change their passwords Shadow passwords must be enabled to use the [command]#chage# command. For more information, see xref:Managing_Users_and_Groups.adoc#s2-users-groups-shadow-utilities[Shadow Passwords]. ==== -indexterm:[user configuration,command line configuration,chage] -To configure password expiration for a user from a shell prompt, run the following command as `root`: +indexterm:[user configuration,command line configuration,chage] To configure password expiration for a user from a shell prompt, run the following command as `root`: [subs="quotes, macros"] ---- @@ -400,8 +388,7 @@ The changes take effect the next time a user logs in to the system. [[s2-users-tools-groups-directories]] === Creating Group Directories -indexterm:[groups,shared directories]indexterm:[user private groups,and shared directories] -System administrators usually like to create a group for each major project and assign people to the group when they need to access that project's files. With this traditional scheme, file management is difficult; when someone creates a file, it is associated with the primary group to which they belong. When a single person works on multiple projects, it becomes difficult to associate the right files with the right group. However, with the UPG scheme, groups are automatically assigned to files created within a directory with the _setgid_ bit set. The setgid bit makes managing group projects that share a common directory very simple because any files a user creates within the directory are owned by the group that owns the directory. +indexterm:[groups,shared directories]indexterm:[user private groups,and shared directories] System administrators usually like to create a group for each major project and assign people to the group when they need to access that project's files. With this traditional scheme, file management is difficult; when someone creates a file, it is associated with the primary group to which they belong. When a single person works on multiple projects, it becomes difficult to associate the right files with the right group. However, with the UPG scheme, groups are automatically assigned to files created within a directory with the _setgid_ bit set. The setgid bit makes managing group projects that share a common directory very simple because any files a user creates within the directory are owned by the group that owns the directory. For example, a group of people need to work on files in the `/opt/myproject/` directory. Some people are trusted to modify the contents of this directory, but not everyone. @@ -451,8 +438,7 @@ drwxrwsr-x. 3 root myproject 4096 Mar 3 18:31 /opt/myproject [[sect-Users_and_Groups-Resources]] == Additional Resources -indexterm:[groups,additional resources]indexterm:[users,additional resources] -For more information on how to manage users and groups on Fedora, see the resources listed below. +indexterm:[groups,additional resources]indexterm:[users,additional resources] For more information on how to manage users and groups on Fedora, see the resources listed below. .Installed Documentationindexterm:[groups,additional resources,installed documentation]indexterm:[users,additional resources,installed documentation] For information about various utilities for managing users and groups, see the following manual pages: diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc index b7f3a96..5ec9667 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/Opening_GUI_Applications.adoc @@ -113,27 +113,27 @@ Commands entered into this dialog box function much as they would if entered in [[fig-alt_f2-gnome]] .Using kbd:[Alt + F2] with [application]*GNOME* -image::alt-f2_GNOME.png[GNOME command entry dialog box] +image::alt-f2_GNOME.png["GNOME command entry dialog box"] [[fig-alt-f2_kde]] .Using kbd:[Alt + F2] with [application]*KDE* -image::alt-f2_KDE.png[KDE command entry dialog box, which also searches menu items, command history, and open applications.] +image::alt-f2_KDE.png["KDE command entry dialog box", which also searches menu items, command history, and open applications.] [[fig-alt-f2_lxde]] .Using kbd:[Alt + F2] with [application]*LXDE* -image::alt-f2_LXDE.png[LXDE command entry dialog box.] +image::alt-f2_LXDE.png["LXDE command entry dialog box."] [[fig-alt-f2_mate]] .Using kbd:[Alt + F2] with [application]*MATE* -image::alt-f2_MATE.png[MATE command entry dialog box.] +image::alt-f2_MATE.png["MATE command entry dialog box."] [[fig-alt-f2_xfce]] .Using kbd:[Alt + F2] with [application]*XFCE* -image::alt-f2_XFCE.png[XFCE command entry dialog box.] +image::alt-f2_XFCE.png["XFCE command entry dialog box."] [[gui-from_menu]] == Launching applications from the Desktop Menu @@ -150,14 +150,14 @@ Selecting an item from the menu is best accomplished using the `search box`. Sim [[fig-searchmenu-gnome]] .Using the GNOME search box -image::searchmenu_GNOME.png[Typing the name of an application into the overview search box will display matching menu entries. The search also matches descriptions, so that typing browser will display installed browsers.] +image::searchmenu_GNOME.png["Typing the name of an application into the overview search box will display matching menu entries. The search also matches descriptions", so that typing browser will display installed browsers.] The `overview` can also be browsed. The bar on the left, called the `dash`, shows frequently used applications and a grid icon. Clicking on the grid icon brings up a grid in the center of the window that displays frequently used applications. The grid will display all available applications if selected using the `All` button at the bottom of the screen. [[fig-menu-gnome]] .Browsing GNOME menu entries -image::menu_GNOME.png[The GNOME menu has a bar on the left for frequently used applications, which includes a grid icon that brings up a grid in the center of the window. Users can then use the buttons at the bottom of the screen to display either a larger list of frequently used applications, or to view all available applications.] +image::menu_GNOME.png["The GNOME menu has a bar on the left for frequently used applications", which includes a grid icon that brings up a grid in the center of the window. Users can then use the buttons at the bottom of the screen to display either a larger list of frequently used applications, or to view all available applications.] To learn more about using [application]*GNOME shell*, visit link:++https://wiki.gnome.org/GnomeShell/CheatSheet++[] @@ -169,14 +169,14 @@ The KDE menu is opened by clicking the {MAJOROS} button at the bottom left corne [[fig-menu_kde]] .The KDE desktop menu. -image::menu_KDE.png[The KDE menu displays applications in categories. The contents of the categories are displayed when clicked.] +image::menu_KDE.png["The KDE menu displays applications in categories. The contents of the categories are displayed when clicked."] Search functionality is also available in the KDE menu system. To search for applications, open the menu and begin typing. The menu will display matching entries. [[fig-searchmenu_kde]] .Searching with the KDE menu. -image::searchmenu_KDE.png[The KDE menu will search for matching applications if you type into the search box. For example, typing browser will display installed browsers and other matching entries.] +image::searchmenu_KDE.png["The KDE menu will search for matching applications if you type into the search box. For example", typing browser will display installed browsers and other matching entries.] === Using menus in LXDE, MATE, and XFCE @@ -185,14 +185,14 @@ Menus in LXDE, MATE, and XFCE have a varied appearance but a very similar struct [[fig-menu_lxde]] .The LXDE menu -image::menu_LXDE.png[LXDE Menu] +image::menu_LXDE.png["LXDE Menu"] [[fig-menu_mate]] .MATE menu -image::menu_MATE.png[MATE menu] +image::menu_MATE.png["MATE menu"] [[fig-menu_xfce]] .XFCE Menu -image::menu_XFCE.png[XFCE Menu] +image::menu_XFCE.png["XFCE Menu"] diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc index 4bd4ccd..3f654ef 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/basic-system-configuration/System_Locale_and_Keyboard_Configuration.adoc @@ -125,8 +125,7 @@ For example, if you want to set British English as your default locale, first fi [[s1-Changing_the_Keyboard_Layout]] == Changing the Keyboard Layout -indexterm:[localectl,keyboard configuration]indexterm:[keyboard configuration,layout] -The keyboard layout settings enable the user to control the layout used on the text console and graphical user interfaces. +indexterm:[localectl,keyboard configuration]indexterm:[keyboard configuration,layout] The keyboard layout settings enable the user to control the layout used on the text console and graphical user interfaces. [[s2-Displaying_the_Current_Settings]] === Displaying the Current Settings @@ -245,8 +244,7 @@ Apart from keyboard layout (_map_), three other options can be specified: [command]#localectl# [option]`set-x11-keymap` _map_ _model_ _variant_ _options_ ---- -Replace _model_ with the keyboard model name, -_variant_ and _options_ with keyboard variant and option components, which can be used to enhance the keyboard behavior. These options are not set by default. For more information on X11 Model, X11 Variant, and X11 Options see the `kbd(4)` man page. +Replace _model_ with the keyboard model name, _variant_ and _options_ with keyboard variant and option components, which can be used to enhance the keyboard behavior. These options are not set by default. For more information on X11 Model, X11 Variant, and X11 Options see the `kbd(4)` man page. [[s2-If_Using_Gnome]] === Consider this option if using gnome @@ -255,14 +253,13 @@ This should work if the following conditions apply: * Using gnome as the desktop environment -* Your layout is not listed under Settings -> Keyboard -> Input Sources +* Your layout is not listed under Settings -> Keyboard -> Input Sources In your terminal type in: `gsettings set org.gnome.desktop.input-sources show-all-sources true` -after pressing return, try looking under your keyboard settings again as there should be a lot more options available. -As the proper source for help is gnome in this case, here is more information from gnome: +after pressing return, try looking under your keyboard settings again as there should be a lot more options available. As the proper source for help is gnome in this case, here is more information from gnome: https://help.gnome.org/users/gnome-help/stable/keyboard-layouts.html.en diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/index.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/index.adoc index 26fee82..005e2c9 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/index.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/index.adoc @@ -18,7 +18,7 @@ _This guide is deprecated!_ Large parts of it are no longer current and it will The [citetitle]_System Administrator's Guide_ documents relevant information regarding the deployment, configuration, and administration of {MAJOROSVER}. It is oriented towards system administrators with a basic understanding of the system. -- -image:title_logo.svg[Fedora Documentation Team] include::{partialsdir}/Legal_Notice.adoc[] +image:title_logo.svg[Fedora Documentation Team] include::{partialsdir}/Author_Group.adoc[] diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc index ba8b53f..28622de 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/infrastructure-services/TigerVNC.adoc @@ -5,30 +5,21 @@ include::{partialsdir}/entities.adoc[] [[ch-TigerVNC]] = TigerVNC -`TigerVNC` (Tiger Virtual Network Computing) is a system -for graphical desktop sharing which allows you to remotely control other computers. +`TigerVNC` (Tiger Virtual Network Computing) is a system for graphical desktop sharing which allows you to remotely control other computers. -`TigerVNC` works on the client-server network: a -*server* shares its output (`vncserver`) and a -*client* (`vncviewer`) connects to the server. +`TigerVNC` works on the client-server network: a *server* shares its output (`vncserver`) and a *client* (`vncviewer`) connects to the server. [NOTE] ==== -Unlike in Fedora 15 and Red{nbsp}Hat Enterprise{nbsp}Linux{nbsp}6, `TigerVNC` in {MAJOROS} uses the `systemd` system management daemon for its configuration. -The `/etc/sysconfig/vncserver` configuration file has been replaced -by `/etc/systemd/system/vncserver@.service`. +Unlike in Fedora 15 and Red{nbsp}Hat Enterprise{nbsp}Linux{nbsp}6, `TigerVNC` in {MAJOROS} uses the `systemd` system management daemon for its configuration. The `/etc/sysconfig/vncserver` configuration file has been replaced by `/etc/systemd/system/vncserver@.service`. ==== [[s1-vnc-server]] == VNC Server -`vncserver` is a utility which starts a VNC (Virtual -Network Computing) desktop. It runs [application]*Xvnc* with appropriate options and starts a window -manager on the VNC desktop. `vncserver` allows users to run -separate sessions in parallel on a machine which can then be accessed by any number of clients -from anywhere. +`vncserver` is a utility which starts a VNC (Virtual Network Computing) desktop. It runs [application]*Xvnc* with appropriate options and starts a window manager on the VNC desktop. `vncserver` allows users to run separate sessions in parallel on a machine which can then be accessed by any number of clients from anywhere. [[s2-vnc-installation]] === Installing VNC Server @@ -56,11 +47,7 @@ To install the [application]*TigerVNC* server, issue the following command as `r + There is no need to include the display number in the file name because `systemd` automatically creates the appropriately named instance in memory on demand, replacing `'%i'` in the service file by the display number. For a single user it is not necessary to rename the file. For multiple users, a uniquely named service file for each user is required, for example, by adding the user name to the file name in some way. See xref:TigerVNC.adoc#configuring-vncserver-2users[Configuring VNC Server for Two Users] for details. -. Edit `/etc/systemd/system/vncserver@.service`, - replacing _USER_ with the actual user name. - Leave the remaining lines of the file unmodified. - The [option]`-geometry` argument specifies the size of the VNC desktop to - be created; by default, it is set to `1024x768`. +. Edit `/etc/systemd/system/vncserver@.service`, replacing _USER_ with the actual user name. Leave the remaining lines of the file unmodified. The [option]`-geometry` argument specifies the size of the VNC desktop to be created; by default, it is set to `1024x768`. + [subs="quotes, macros"] ---- @@ -81,8 +68,7 @@ PIDFile=/home/pass:attributes[{blank}]_USER_pass:attributes[{blank}]/.vnc/%H%i.p ---- -. Set the password for the user or users defined in the configuration file. Note - that you need to switch from `root` to _USER_ first. +. Set the password for the user or users defined in the configuration file. Note that you need to switch from `root` to _USER_ first. + [subs="macros, attributes"] ---- @@ -97,8 +83,7 @@ Verify: [IMPORTANT] ==== -The stored password is not encrypted; anyone who has access to the password -file can find the plain-text password. +The stored password is not encrypted; anyone who has access to the password file can find the plain-text password. ==== @@ -107,12 +92,9 @@ Proceed to xref:TigerVNC.adoc#s4-starting-vncserver[Starting VNC Server]. [[configuring-vncserver-2users]] ==== Configuring VNC Server for Two Users -If you want to configure more than one user on the same machine, -create different template-type service files, one for each user. +If you want to configure more than one user on the same machine, create different template-type service files, one for each user. -. Create two service files, for example `vncserver-_USER_1_pass:attributes[{blank}]@.service` - and `vncserver-_USER_2_pass:attributes[{blank}]@.service`. - In both these files substitute _USER_ with the correct user name. +. Create two service files, for example `vncserver-_USER_1_pass:attributes[{blank}]@.service` and `vncserver-_USER_2_pass:attributes[{blank}]@.service`. In both these files substitute _USER_ with the correct user name. . Set passwords for both users: + @@ -133,10 +115,7 @@ Verify: [[s4-starting-vncserver]] === Starting VNC Server -To start or enable the service, specify the display number directly in the command. -The file configured above in xref:TigerVNC.adoc#configuring-vncserver[Configuring the first VNC connection] works as a template, in which `%i` is substituted with -the display number by `systemd`. -With a valid display number, execute the following command: +To start or enable the service, specify the display number directly in the command. The file configured above in xref:TigerVNC.adoc#configuring-vncserver[Configuring the first VNC connection] works as a template, in which `%i` is substituted with the display number by `systemd`. With a valid display number, execute the following command: [subs="attributes"] ---- @@ -159,9 +138,7 @@ At this point, other users are able to use a VNC viewer program to connect to th [[starting-vncserver-2displays]] ==== Configuring VNC Server for Two Users and Two Different Displays -For the two configured VNC servers, vncserver-USER_1@.service and vncserver-USER_2@.service, -you can enable different display numbers. For example, the following commands will cause a VNC server for USER_1 to -start on display 3, and a VNC server for USER_2 to start on display 5: +For the two configured VNC servers, vncserver-USER_1@.service and vncserver-USER_2@.service, you can enable different display numbers. For example, the following commands will cause a VNC server for USER_1 to start on display 3, and a VNC server for USER_2 to start on display 5: [subs="attributes"] ---- @@ -174,8 +151,7 @@ start on display 3, and a VNC server for USER_2 to start on display 5: [[terminating-vnc-session]] === Terminating a VNC Session -Similarly to enabling the `vncserver` service, you can disable -the automatic start of the service at system start: +Similarly to enabling the `vncserver` service, you can disable the automatic start of the service at system start: [subs="attributes"] ---- @@ -184,8 +160,7 @@ the automatic start of the service at system start: ---- -Or, when your system is running, you can stop the service by issuing the following -command as `root`: +Or, when your system is running, you can stop the service by issuing the following command as `root`: [subs="attributes"] ---- @@ -197,13 +172,9 @@ command as `root`: [[s5-vnc-viewer]] == VNC Viewer -`vncviewer` is the program which shows the shared graphical -user interfaces and controls the server. +`vncviewer` is the program which shows the shared graphical user interfaces and controls the server. -For operating the `vncviewer`, there is a pop-up menu -containing entries which perform various actions such as switching in and out of -full-screen mode or quitting the viewer. Alternatively, you can operate `vncviewer` -through the terminal. Enter [command]#vncviewer -h# on the command line to list `vncviewer`pass:attributes[{blank}]'s parameters. +For operating the `vncviewer`, there is a pop-up menu containing entries which perform various actions such as switching in and out of full-screen mode or quitting the viewer. Alternatively, you can operate `vncviewer` through the terminal. Enter [command]#vncviewer -h# on the command line to list `vncviewer`pass:attributes[{blank}]'s parameters. [[installing-vncviewer]] === Installing VNC Viewer @@ -218,8 +189,7 @@ To install the [application]*TigerVNC* client, [command]#vncviewer#pass:attribut [[s6-connecting-vnc-viewer]] === Connecting to VNC Server -Once the VNC server is configured, you can connect to it from any VNC viewer. -In order to do so, issue the [command]#vncviewer# command in the following format: +Once the VNC server is configured, you can connect to it from any VNC viewer. In order to do so, issue the [command]#vncviewer# command in the following format: [subs="macros"] ---- @@ -232,8 +202,7 @@ Where _address_ is an `IP` or host name. .One Client Connecting to VNC Server ==== -With the `IP` address `192.168.0.4` and display number *3* -the command looks as follows: +With the `IP` address `192.168.0.4` and display number *3* the command looks as follows: [subs="quotes, macros, attributes"] ---- @@ -247,15 +216,12 @@ the command looks as follows: [[sec-Configuring_the_Firewall_for_VNC]] ==== Configuring the Firewall for VNC -When using a non-encrypted connection, `firewalld` might -block the connection. To allow `firewalld` to pass the VNC packets, you can open specific ports to `TCP` traffic. When using the [option]`-via` option, traffic is redirected over `SSH` which is enabled by default in `firewalld`. +When using a non-encrypted connection, `firewalld` might block the connection. To allow `firewalld` to pass the VNC packets, you can open specific ports to `TCP` traffic. When using the [option]`-via` option, traffic is redirected over `SSH` which is enabled by default in `firewalld`. [NOTE] ==== -The default port of VNC server is 5900. To reach the port through which a remote -desktop will be accessible, sum the default port and the user's -assigned display number. For example, for the second port: 2 + 5900 = 5902. +The default port of VNC server is 5900. To reach the port through which a remote desktop will be accessible, sum the default port and the user's assigned display number. For example, for the second port: 2 + 5900 = 5902. ==== @@ -263,8 +229,7 @@ For displays `0` to `3`, make use of `firewalld`pass:attributes[{blank}]'s suppo [[proc-Enabling_VNC_Service_in_firewalld]] .Enabling VNC Service in firewalld -. Run the following command to see the information concerning `firewalld` - settings: +. Run the following command to see the information concerning `firewalld` settings: + [subs="quotes, macros, attributes"] ---- @@ -358,9 +323,7 @@ $ vncviewer -via USER_2@192.168.2.101:3 ==== .Restricting VNC Access -If you prefer only encrypted connections, you can prevent unencrypted connections -altogether by using the [option]`-localhost` option in the `systemd.service` -file, the ExecStart line: +If you prefer only encrypted connections, you can prevent unencrypted connections altogether by using the [option]`-localhost` option in the `systemd.service` file, the ExecStart line: [subs="quotes, macros"] ---- diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc index 400ac77..7cc3d8a 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Manually_Upgrading_the_Kernel.adoc @@ -4,13 +4,11 @@ include::{partialsdir}/entities.adoc[] [[ch-Manually_Upgrading_the_Kernel]] = Manually Upgrading the Kernel -indexterm:[kernel,upgrading the kernel]indexterm:[kernel,package]indexterm:[kernel,RPM package]indexterm:[package,kernel RPM] -The {MAJOROS} kernel is custom-built by the {MAJOROS} kernel team to ensure its integrity and compatibility with supported hardware. Before a kernel is released, it must first pass a rigorous set of quality assurance tests. +indexterm:[kernel,upgrading the kernel]indexterm:[kernel,package]indexterm:[kernel,RPM package]indexterm:[package,kernel RPM] The {MAJOROS} kernel is custom-built by the {MAJOROS} kernel team to ensure its integrity and compatibility with supported hardware. Before a kernel is released, it must first pass a rigorous set of quality assurance tests. {MAJOROS} kernels are packaged in the RPM format so that they are easy to upgrade and verify using the [application]*DNF* or [application]*PackageKit* package managers. [application]*PackageKit* automatically queries the DNF repositories and informs you of packages with available updates, including kernel packages. -This chapter is therefore *only* useful for users who need to manually update a kernel package using the [command]#rpm# command instead of [command]#dnf#. -indexterm:[kernel,installing kernel packages]indexterm:[installing the kernel] +This chapter is therefore *only* useful for users who need to manually update a kernel package using the [command]#rpm# command instead of [command]#dnf#. indexterm:[kernel,installing kernel packages]indexterm:[installing the kernel] .Use DNF to install kernels whenever possible [WARNING] @@ -19,13 +17,11 @@ indexterm:[kernel,installing kernel packages]indexterm:[installing the kernel] Whenever possible, use either the [application]*DNF* or [application]*PackageKit* package manager to install a new kernel because they always *install* a new kernel instead of replacing the current one, which could potentially leave your system unable to boot. ==== -indexterm:[kernel,installing kernel packages] -For more information on installing kernel packages with [application]*DNF*, see xref:package-management/DNF.adoc#sec-Updating_Packages[Updating Packages]. +indexterm:[kernel,installing kernel packages] For more information on installing kernel packages with [application]*DNF*, see xref:package-management/DNF.adoc#sec-Updating_Packages[Updating Packages]. [[s1-kernel-packages]] == Overview of Kernel Packages -indexterm:[kernel,kernel packages]indexterm:[kernel package,kernel,for single, multicore and multiprocessor systems]indexterm:[packages,kernel,for single, multicore and multiprocessor systems]indexterm:[kernel package,kernel-devel,kernel headers and makefiles]indexterm:[packages,kernel-devel,kernel headers and makefiles]indexterm:[kernel package,kernel-headers,C header files files]indexterm:[packages,kernel-headers,C header files files]indexterm:[kernel package,linux-firmware,firmware files]indexterm:[packages,linux-firmware,firmware files]indexterm:[kernel package,perf,firmware files]indexterm:[packages,perf,firmware files] -{MAJOROS} contains the following kernel packages: +indexterm:[kernel,kernel packages]indexterm:[kernel package,kernel,for single, multicore and multiprocessor systems]indexterm:[packages,kernel,for single, multicore and multiprocessor systems]indexterm:[kernel package,kernel-devel,kernel headers and makefiles]indexterm:[packages,kernel-devel,kernel headers and makefiles]indexterm:[kernel package,kernel-headers,C header files files]indexterm:[packages,kernel-headers,C header files files]indexterm:[kernel package,linux-firmware,firmware files]indexterm:[packages,linux-firmware,firmware files]indexterm:[kernel package,perf,firmware files]indexterm:[packages,perf,firmware files] {MAJOROS} contains the following kernel packages: * [package]*kernel* — Contains the kernel for single, multicore and multiprocessor systems. @@ -47,8 +43,7 @@ indexterm:[kernel,kernel packages]indexterm:[kernel package,kernel,for single, m [[s1-kernel-preparing]] == Preparing to Upgrade -indexterm:[boot media]indexterm:[kernel,upgrading,preparing]indexterm:[kernel upgrading,preparing]indexterm:[kernel,upgrading,working boot media] -Before upgrading the kernel, it is recommended that you take some precautionary steps. +indexterm:[boot media]indexterm:[kernel,upgrading,preparing]indexterm:[kernel upgrading,preparing]indexterm:[kernel,upgrading,working boot media] Before upgrading the kernel, it is recommended that you take some precautionary steps. First, ensure that working boot media exists for the system in case a problem occurs. If the boot loader is not configured properly to boot the new kernel, you can use this media to boot into {MAJOROS}. @@ -134,8 +129,7 @@ From the output, determine which packages need to be downloaded for the kernel u [[s1-kernel-download]] == Downloading the Upgraded Kernel -indexterm:[kernel,downloading]indexterm:[kernel,upgrade kernel available]indexterm:[kernel,upgrade kernel available,via Fedora Update System]indexterm:[kernel,upgrade kernel available,Security Advisories] -There are several ways to determine if an updated kernel is available for the system. +indexterm:[kernel,downloading]indexterm:[kernel,upgrade kernel available]indexterm:[kernel,upgrade kernel available,via Fedora Update System]indexterm:[kernel,upgrade kernel available,Security Advisories] There are several ways to determine if an updated kernel is available for the system. * Via Fedora Update System — Download and install the kernel RPM packages. For more information, refer to link:++https://bodhi.fedoraproject.org/++[]. @@ -148,8 +142,7 @@ To install the kernel manually, continue to xref:Manually_Upgrading_the_Kernel.a [[s1-kernel-perform-upgrade]] == Performing the Upgrade -indexterm:[kernel,performing kernel upgrade] -After retrieving all of the necessary packages, it is time to upgrade the existing kernel. +indexterm:[kernel,performing kernel upgrade] After retrieving all of the necessary packages, it is time to upgrade the existing kernel. .Keep the old kernel when performing the upgrade [IMPORTANT] @@ -170,8 +163,7 @@ The next step is to verify that the initial RAM disk image has been created. See [[sec-Verifying_the_Initial_RAM_Disk_Image]] == Verifying the Initial RAM Disk Image -indexterm:[initial RAM disk image,verifying] -The job of the initial RAM disk image is to preload the block device modules, such as for IDE, SCSI or RAID, so that the root file system, on which those modules normally reside, can then be accessed and mounted. On {MAJOROSVER} systems, whenever a new kernel is installed using either the [application]*DNF*, [application]*PackageKit*, or [application]*RPM* package manager, the [application]*Dracut* utility is always called by the installation scripts to create an _initramfs_ (initial RAM disk image). +indexterm:[initial RAM disk image,verifying] The job of the initial RAM disk image is to preload the block device modules, such as for IDE, SCSI or RAID, so that the root file system, on which those modules normally reside, can then be accessed and mounted. On {MAJOROSVER} systems, whenever a new kernel is installed using either the [application]*DNF*, [application]*PackageKit*, or [application]*RPM* package manager, the [application]*Dracut* utility is always called by the installation scripts to create an _initramfs_ (initial RAM disk image). On all architectures other than IBM eServer System i (see xref:Manually_Upgrading_the_Kernel.adoc#bh-Verifying_the_Initial_RAM_Disk_Image_and_Kernel_on_IBM_eServer_System_i[Verifying the Initial RAM Disk Image and Kernel on IBM eServer System i]), you can create an `initramfs` by running the [command]#dracut# command. However, you usually don't need to create an `initramfs` manually: this step is automatically performed if the kernel and its associated packages are installed or upgraded from RPM packages distributed by {OSORG}. @@ -286,8 +278,7 @@ The _kernel_version_ should match the version of the kernel just installed. [[s1-kernel-boot-loader]] == Verifying the Boot Loader -indexterm:[boot loader,verifying] -When you install a kernel using [command]#rpm#, the kernel package creates an entry in the boot loader configuration file for that new kernel. However, [command]#rpm# does *not* configure the new kernel to boot as the default kernel. You must do this manually when installing a new kernel with [command]#rpm#. +indexterm:[boot loader,verifying] When you install a kernel using [command]#rpm#, the kernel package creates an entry in the boot loader configuration file for that new kernel. However, [command]#rpm# does *not* configure the new kernel to boot as the default kernel. You must do this manually when installing a new kernel with [command]#rpm#. It is always recommended to double-check the boot loader configuration file after installing a new kernel with [command]#rpm# to ensure that the configuration is correct. Otherwise, the system might not be able to boot into {MAJOROS} properly. If this happens, boot the system with the boot media created earlier and re-configure the boot loader. @@ -308,8 +299,7 @@ In the following table, find your system's architecture to determine the boot lo [[s3-kernel-boot-loader-grub]] === Configuring the GRUB 2 Boot Loader -indexterm:[GRUB 2 boot loader,configuring]indexterm:[GRUB 2 boot loader,configuration file] -{MAJOROSVER} is distributed with GRUB 2, which reads its configuration from the `/boot/grub2/grub.cfg` file. This file is generated by the [application]*grub2-mkconfig* utility based on Linux kernels located in the `/boot` directory, template files located in `/etc/grub.d/`, and custom settings in the `/etc/default/grub` file and is automatically updated each time you install a new kernel from an RPM package. To update this configuration file manually, type the following at a shell prompt as `root`: +indexterm:[GRUB 2 boot loader,configuring]indexterm:[GRUB 2 boot loader,configuration file] {MAJOROSVER} is distributed with GRUB 2, which reads its configuration from the `/boot/grub2/grub.cfg` file. This file is generated by the [application]*grub2-mkconfig* utility based on Linux kernels located in the `/boot` directory, template files located in `/etc/grub.d/`, and custom settings in the `/etc/default/grub` file and is automatically updated each time you install a new kernel from an RPM package. To update this configuration file manually, type the following at a shell prompt as `root`: [subs="quotes, macros"] ---- @@ -363,8 +353,7 @@ If you set the [option]`GRUB_TIMEOUT` option in the `/etc/default/grub` file to [[s2-kernel-boot-loader-iseries]] === Configuring the OS/400 Boot Loader -indexterm:[OS/400 boot loader,configuring]indexterm:[OS/400 boot loader,configuration file] -The `/boot/vmlinitrd-_kernel-version_pass:attributes[{blank}]` file is installed when you upgrade the kernel. However, you must use the [command]#dd# command to configure the system to boot the new kernel. +indexterm:[OS/400 boot loader,configuring]indexterm:[OS/400 boot loader,configuration file] The `/boot/vmlinitrd-_kernel-version_pass:attributes[{blank}]` file is installed when you upgrade the kernel. However, you must use the [command]#dd# command to configure the system to boot the new kernel. . As `root`, issue the command [command]#cat /proc/iSeries/mf/side# to determine the default side (either A, B, or C). diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc index efb9c65..481975b 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_Kernel_Modules.adoc @@ -4,8 +4,7 @@ include::{partialsdir}/entities.adoc[] [[ch-Working_with_Kernel_Modules]] = Working with Kernel Modules -indexterm:[kernel module,definition]indexterm:[module,kernel module]indexterm:[drivers,kernel module] -The Linux kernel is modular, which means it can extend its capabilities through the use of dynamically-loaded _kernel modules_. A kernel module can provide: +indexterm:[kernel module,definition]indexterm:[module,kernel module]indexterm:[drivers,kernel module] The Linux kernel is modular, which means it can extend its capabilities through the use of dynamically-loaded _kernel modules_. A kernel module can provide: * a device driver which adds support for new hardware; or, @@ -41,8 +40,7 @@ For more information on installing packages with DNF, see xref:package-managemen [[sec-Listing_Currently-Loaded_Modules]] == Listing Currently-Loaded Modules -indexterm:[kernel module,listing,currently loaded modules]indexterm:[kernel module,utilities,lsmod]indexterm:[lsmod,kernel module] -You can list all kernel modules that are currently loaded into the kernel by running the [command]#lsmod# command, for example: +indexterm:[kernel module,listing,currently loaded modules]indexterm:[kernel module,utilities,lsmod]indexterm:[lsmod,kernel module] You can list all kernel modules that are currently loaded into the kernel by running the [command]#lsmod# command, for example: ---- @@ -89,13 +87,11 @@ Each row of [command]#lsmod# output specifies: * the sum total of processes that are using the module and other modules which depend on it, followed by a list of the names of those modules, if there are any. Using this list, you can first unload all the modules depending the module you want to unload. For more information, see xref:Working_with_Kernel_Modules.adoc#sec-Unloading_a_Module[Unloading a Module]. -indexterm:[kernel module,files,/proc/modules] -Finally, note that [command]#lsmod# output is less verbose and considerably easier to read than the content of the `/proc/modules` pseudo-file. +indexterm:[kernel module,files,/proc/modules] Finally, note that [command]#lsmod# output is less verbose and considerably easier to read than the content of the `/proc/modules` pseudo-file. [[sec-Displaying_Information_About_a_Module]] == Displaying Information About a Module -indexterm:[kernel module,listing,module information]indexterm:[kernel module,utilities,modinfo]indexterm:[modinfo,kernel module] -You can display detailed information about a kernel module by running the [command]#modinfo{nbsp}pass:attributes[{blank}]_module_name_pass:attributes[{blank}]# command. +indexterm:[kernel module,listing,module information]indexterm:[kernel module,utilities,modinfo]indexterm:[modinfo,kernel module] You can display detailed information about a kernel module by running the [command]#modinfo{nbsp}pass:attributes[{blank}]_module_name_pass:attributes[{blank}]# command. [[note-Module_names_do_not_end_in_.ko]] .Module names do not end in .ko @@ -197,15 +193,13 @@ parm: WriteProtectNVM:Write-protect NVM [WARNING: disabling this can l [[sec-Loading_a_Module]] == Loading a Module -indexterm:[kernel module,loading,for the current session]indexterm:[kernel module,utilities,modprobe]indexterm:[modprobe,kernel module] -To load a kernel module, run [command]#modprobe _module_name_pass:attributes[{blank}]# as `root`. For example, to load the `wacom` module, run: +indexterm:[kernel module,loading,for the current session]indexterm:[kernel module,utilities,modprobe]indexterm:[modprobe,kernel module] To load a kernel module, run [command]#modprobe _module_name_pass:attributes[{blank}]# as `root`. For example, to load the `wacom` module, run: ---- ~]# modprobe wacom ---- -indexterm:[kernel module,directories,/lib/modules/kernel_version/kernel/drivers/] -By default, [command]#modprobe# attempts to load the module from `/lib/modules/pass:attributes[{blank}]_kernel_version_pass:attributes[{blank}]/kernel/drivers/`. In this directory, each type of module has its own subdirectory, such as `net/` and `scsi/`, for network and SCSI interface drivers respectively. +indexterm:[kernel module,directories,/lib/modules/kernel_version/kernel/drivers/] By default, [command]#modprobe# attempts to load the module from `/lib/modules/pass:attributes[{blank}]_kernel_version_pass:attributes[{blank}]/kernel/drivers/`. In this directory, each type of module has its own subdirectory, such as `net/` and `scsi/`, for network and SCSI interface drivers respectively. Some modules have dependencies, which are other kernel modules that must be loaded before the module in question can be loaded. The [command]#modprobe# command always takes dependencies into account when performing operations. When you ask [command]#modprobe# to load a specific kernel module, it first examines the dependencies of that module, if there are any, and loads them if they are not already loaded into the kernel. [command]#modprobe# resolves dependencies recursively: it will load all dependencies of dependencies, and so on, if necessary, thus ensuring that all dependencies are always met. @@ -241,8 +235,7 @@ Although the [command]#insmod# command can also be used to load kernel modules, [[sec-Unloading_a_Module]] == Unloading a Module -indexterm:[kernel module,unloading]indexterm:[kernel module,utilities,modprobe]indexterm:[modprobe,kernel module] -You can unload a kernel module by running [command]#modprobe -r _module_name_pass:attributes[{blank}]# as `root`. For example, assuming that the `wacom` module is already loaded into the kernel, you can unload it by running: +indexterm:[kernel module,unloading]indexterm:[kernel module,utilities,modprobe]indexterm:[modprobe,kernel module] You can unload a kernel module by running [command]#modprobe -r _module_name_pass:attributes[{blank}]# as `root`. For example, assuming that the `wacom` module is already loaded into the kernel, you can unload it by running: ---- ~]# modprobe -r wacom @@ -301,8 +294,7 @@ Although the [command]#rmmod# command can be used to unload kernel modules, it i [[sec-Setting_Module_Parameters]] == Setting Module Parameters -indexterm:[module parameters,kernel module]indexterm:[kernel module,module parameters,supplying] -Like the kernel itself, modules can also take parameters that change their behavior. Most of the time, the default ones work well, but occasionally it is necessary or desirable to set custom parameters for a module. Because parameters cannot be dynamically set for a module that is already loaded into a running kernel, there are two different methods for setting them. +indexterm:[module parameters,kernel module]indexterm:[kernel module,module parameters,supplying] Like the kernel itself, modules can also take parameters that change their behavior. Most of the time, the default ones work well, but occasionally it is necessary or desirable to set custom parameters for a module. Because parameters cannot be dynamically set for a module that is already loaded into a running kernel, there are two different methods for setting them. . You can unload all dependencies of the module you want to set parameters for, unload the module using [command]#modprobe -r#, and then load it with [command]#modprobe# along with a list of customized parameters. This method is often used when the module does not have many dependencies, or to test different combinations of parameters without making them persistent, and is the method covered in this section. @@ -362,8 +354,7 @@ This example illustrates passing multiple values to a single parameter by separa [[sec-Persistent_Module_Loading]] == Persistent Module Loading -indexterm:[kernel module,loading,at the boot time]indexterm:[kernel module,directories,/etc/modules-load.d/] -As shown in xref:Working_with_Kernel_Modules.adoc#ex-Listing_information_about_a_kernel_module_with_lsmod[Listing information about a kernel module with lsmod], many kernel modules are loaded automatically at boot time. You can specify additional modules to be loaded by the `systemd-modules-load.service` daemon by creating a `pass:attributes[{blank}]_program_.conf` file in the `/etc/modules-load.d/` directory, where _program_ is any descriptive name of your choice. The files in `/etc/modules-load.d/` are text files that list the modules to be loaded, one per line. +indexterm:[kernel module,loading,at the boot time]indexterm:[kernel module,directories,/etc/modules-load.d/] As shown in xref:Working_with_Kernel_Modules.adoc#ex-Listing_information_about_a_kernel_module_with_lsmod[Listing information about a kernel module with lsmod], many kernel modules are loaded automatically at boot time. You can specify additional modules to be loaded by the `systemd-modules-load.service` daemon by creating a `pass:attributes[{blank}]_program_.conf` file in the `/etc/modules-load.d/` directory, where _program_ is any descriptive name of your choice. The files in `/etc/modules-load.d/` are text files that list the modules to be loaded, one per line. [[ex-A_Text_File_to_Load_a_Module]] .A Text File to Load a Module @@ -430,20 +421,16 @@ During boot, the kernel loads X.509 keys into the system key ring or the system |Embedded in kernel|No|-|`.system_keyring` .2+|UEFI Secure Boot "`db`" .2+|Limited -|Not enabled|No -|Enabled|`.system_keyring` +|Not enabled|No |Enabled|`.system_keyring` .2+|UEFI Secure Boot "`dbx`" .2+|Limited -|Not enabled|No -|Enabled|`.system_keyring` +|Not enabled|No |Enabled|`.system_keyring` .2+|Embedded in `shim.efi` boot loader .2+|No -|Not enabled|No -|Enabled|`.system_keyring` +|Not enabled|No |Enabled|`.system_keyring` .2+|Machine Owner Key (MOK) list .2+|Yes -|Not enabled|No -|Enabled|`.system_keyring` +|Not enabled|No |Enabled|`.system_keyring` |=== Note that if the system is not UEFI-based or if UEFI Secure Boot is not enabled, then only the keys that are embedded in the kernel are loaded onto the system key ring and you have no ability to augment that set of keys without rebuilding the kernel. The system black list key ring is a list of X.509 keys which have been revoked. If your module is signed by a key on the black list then it will fail authentication even if your public key is in the system key ring. @@ -495,19 +482,13 @@ If UEFI Secure Boot is enabled or if the [option]`module.sig_enforce` kernel par |Module Signed|Public Key Found and Signature Valid|UEFI Secure Boot State|module.sig_enforce|Module Load|Kernel Tainted .3+|Unsigned .3+|- -|Not enabled|Not enabled|Succeeds|Yes -|Not enabled|Enabled|Fails| -|Enabled|-|Fails|- +|Not enabled|Not enabled|Succeeds|Yes |Not enabled|Enabled|Fails| |Enabled|-|Fails|- .3+|Signed .3+|No -|Not enabled|Not enabled|Succeeds|Yes -|Not enabled|Enabled|Fails|- -|Enabled|-|Fails|- +|Not enabled|Not enabled|Succeeds|Yes |Not enabled|Enabled|Fails|- |Enabled|-|Fails|- .3+|Signed .3+|Yes -|Not enabled|Not enabled|Succeeds|No -|Not enabled|Enabled|Succeeds|No -|Enabled|-|Succeeds|No +|Not enabled|Not enabled|Succeeds|No |Not enabled|Enabled|Succeeds|No |Enabled|-|Succeeds|No |=== Subsequent sections will describe how to generate a public and private X.509 key pair, how to use the private key to sign a kernel module, and how to enroll the public key into a source for the system key ring. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc index 77e2760..e49aac6 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/kernel-module-driver-configuration/Working_with_the_GRUB_2_Boot_Loader.adoc @@ -8,8 +8,7 @@ include::{partialsdir}/entities.adoc[] ==== **Editor’s Note** -_This guide is deprecated!_ Large parts of it are no longer current and it will not receive any updates. A series of shorter, topic-specific documentation will gradually replace it. -For additional information about Grub version 2 on Fedora see https://docs.fedoraproject.org/en-US/quick-docs/installing-grub2/[Bootloading with GRUB2]. +_This guide is deprecated!_ Large parts of it are no longer current and it will not receive any updates. A series of shorter, topic-specific documentation will gradually replace it. For additional information about Grub version 2 on Fedora see https://docs.fedoraproject.org/en-US/quick-docs/installing-grub2/[Bootloading with GRUB2]. ==== {MAJOROSVER} is distributed with the GNU GRand Unified Boot loader (GRUB) version 2 boot loader, which allows the user to select an operating system or kernel to be loaded at system boot time. GRUB 2 also allows the user to pass arguments to the kernel. @@ -584,7 +583,7 @@ This method completely removes all GRUB 2 configuration files and system setting . Run the [command]#rm /etc/sysconfig/grub# command; -. For EFI systems *only*, run the following command: +. For EFI systems *only*, run the following command: [subs="attributes"] ---- diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc index a9b8f8d..78ad30d 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Automating_System_Tasks.adoc @@ -4,8 +4,7 @@ include::{partialsdir}/entities.adoc[] [[ch-Automating_System_Tasks]] = Automating System Tasks -indexterm:[Automated Tasks] -Tasks, also known as _jobs_, can be configured to run automatically within a specified period of time, on a specified date, or when the system load average decreases below 0.8. +indexterm:[Automated Tasks] Tasks, also known as _jobs_, can be configured to run automatically within a specified period of time, on a specified date, or when the system load average decreases below 0.8. {MAJOROS} is pre-configured to run important system tasks to keep the system updated. For example, the slocate database used by the [command]#locate# command is updated daily. A system administrator can use automated tasks to perform periodic backups, monitor the system, run custom scripts, and so on. @@ -17,8 +16,7 @@ Every utility is intended for scheduling a different job type: while Cron and An [[s1-autotasks-cron-anacron]] == Cron and Anacron -indexterm:[anacron]indexterm:[cron] -Both Cron and Anacron can schedule execution of recurring tasks to a certain point in time defined by the exact time, day of the month, month, day of the week, and week. +indexterm:[anacron]indexterm:[cron] Both Cron and Anacron can schedule execution of recurring tasks to a certain point in time defined by the exact time, day of the month, month, day of the week, and week. Cron jobs can run as often as every minute. However, the utility assumes that the system is running continuously and if the system is not on at the time when a job is scheduled, the job is not executed. @@ -114,8 +112,7 @@ This command stops the service and starts it again in quick succession. [[s2-configuring-anacron-jobs]] === Configuring Anacron Jobs -indexterm:[anacron,anacron configuration file]indexterm:[anacrontab]indexterm:[anacron,user-defined tasks]indexterm:[/var/spool/anacron] -The main configuration file to schedule jobs is the `/etc/anacrontab` file, which can be only accessed by the `root` user. The file contains the following: +indexterm:[anacron,anacron configuration file]indexterm:[anacrontab]indexterm:[anacron,user-defined tasks]indexterm:[/var/spool/anacron] The main configuration file to schedule jobs is the `/etc/anacrontab` file, which can be only accessed by the `root` user. The file contains the following: ---- SHELL=/bin/sh @@ -210,8 +207,7 @@ The third job runs a command, which writes the contents of `/proc` to the `/tmp/ [[s2-configuring-cron-jobs]] === Configuring Cron Jobs -indexterm:[cron,user-defined tasks]indexterm:[/var/spool/cron]indexterm:[cron,cron configuration file]indexterm:[crontab] -The configuration file for cron jobs is `/etc/crontab`, which can be only modified by the `root` user. The file contains the following: +indexterm:[cron,user-defined tasks]indexterm:[/var/spool/cron]indexterm:[cron,cron configuration file]indexterm:[crontab] The configuration file for cron jobs is `/etc/crontab`, which can be only modified by the `root` user. The file contains the following: ---- SHELL=/bin/bash @@ -319,8 +315,7 @@ The principles of `jobs.deny` and `jobs.allow` are the same as those of `cron.de [[s1-autotasks-at-batch]] == At and Batch -indexterm:[at]indexterm:[batch] -While Cron is used to schedule recurring tasks, the [application]*At* utility is used to schedule a one-time task at a specific time and the [application]*Batch* utility is used to schedule a one-time task to be executed when the system load average drops below 0.8. +indexterm:[at]indexterm:[batch] While Cron is used to schedule recurring tasks, the [application]*At* utility is used to schedule a one-time task at a specific time and the [application]*Batch* utility is used to schedule a one-time task to be executed when the system load average drops below 0.8. [[sect-At_and_Batch_Installation]] === Installing At and Batch @@ -519,8 +514,7 @@ The `root` user can always execute [command]#at# and [command]#batch# commands, [[s1-autotasks-additional-resources]] == Additional Resources -indexterm:[cron,additional resources]indexterm:[at,additional resources]indexterm:[batch,additional resources] -To learn more about configuring automated tasks, see the following installed documentation: +indexterm:[cron,additional resources]indexterm:[at,additional resources]indexterm:[batch,additional resources] To learn more about configuring automated tasks, see the following installed documentation: * `cron(8)` man page contains an overview of cron. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc index 3091b4f..65cb9e4 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/OProfile.adoc @@ -4,8 +4,7 @@ include::{partialsdir}/entities.adoc[] [[ch-OProfile]] = OProfile -indexterm:[system analysis,OProfile,OProfile]indexterm:[OProfile] -OProfile is a low overhead, system-wide performance monitoring tool. It uses the performance monitoring hardware on the processor to retrieve information about the kernel and executables on the system, such as when memory is referenced, the number of L2 cache requests, and the number of hardware interrupts received. On a {MAJOROS} system, the `oprofile` package must be installed to use this tool. +indexterm:[system analysis,OProfile,OProfile]indexterm:[OProfile] OProfile is a low overhead, system-wide performance monitoring tool. It uses the performance monitoring hardware on the processor to retrieve information about the kernel and executables on the system, such as when memory is referenced, the number of L2 cache requests, and the number of hardware interrupts received. On a {MAJOROS} system, the `oprofile` package must be installed to use this tool. Many processors include dedicated performance monitoring hardware. This hardware makes it possible to detect when certain events happen (such as the requested data not being in cache). The hardware normally takes the form of one or more _counters_ that are incremented each time an event takes place. When the counter value increments, an interrupt is generated, making it possible to control the amount of detail (and therefore, overhead) produced by performance monitoring. @@ -27,8 +26,7 @@ Be aware of the following limitations when using OProfile: [[s1-oprofile-overview-tools]] == Overview of Tools -indexterm:[OProfile,overview of tools] -xref:OProfile.adoc#tb-oprofile-tools[OProfile Commands] provides a brief overview of the most commonly used tools provided with the `oprofile` package. +indexterm:[OProfile,overview of tools] xref:OProfile.adoc#tb-oprofile-tools[OProfile Commands] provides a brief overview of the most commonly used tools provided with the `oprofile` package. [[tb-oprofile-tools]] .OProfile Commands @@ -199,16 +197,13 @@ The [option]`--separate-cpu` option categorizes samples by CPU. [[s1-oprofile-configuring]] == Configuring OProfile Using Legacy Mode -indexterm:[OProfile,configuring]indexterm:[OProfile,opcontrol]indexterm:[opcontrol,OProfile] -Before OProfile can be run in legacy mode, it must be configured. At a minimum, selecting to monitor the kernel (or selecting not to monitor the kernel) is required. The following sections describe how to use the [command]#opcontrol# utility to configure OProfile. As the [command]#opcontrol# commands are executed, the setup options are saved to the `/root/.oprofile/daemonrc` file. +indexterm:[OProfile,configuring]indexterm:[OProfile,opcontrol]indexterm:[opcontrol,OProfile] Before OProfile can be run in legacy mode, it must be configured. At a minimum, selecting to monitor the kernel (or selecting not to monitor the kernel) is required. The following sections describe how to use the [command]#opcontrol# utility to configure OProfile. As the [command]#opcontrol# commands are executed, the setup options are saved to the `/root/.oprofile/daemonrc` file. [[s2-oprofile-kernel]] === Specifying the Kernel -indexterm:[OProfile,monitoring the kernel] -First, configure whether OProfile should monitor the kernel. This is the only configuration option that is required before starting OProfile. All others are optional. +indexterm:[OProfile,monitoring the kernel] First, configure whether OProfile should monitor the kernel. This is the only configuration option that is required before starting OProfile. All others are optional. -To monitor the kernel, execute the following command as `root`: -indexterm:[OProfile,opcontrol,--vmlinux=] +To monitor the kernel, execute the following command as `root`: indexterm:[OProfile,opcontrol,--vmlinux=] ---- ~]# opcontrol --setup --vmlinux=/usr/lib/debug/lib/modules/`uname -r`/vmlinux ---- @@ -221,8 +216,7 @@ In order to monitor the kernel, the [package]*debuginfo* package which contains ==== -To configure OProfile not to monitor the kernel, execute the following command as `root`: -indexterm:[OProfile,opcontrol,--no-vmlinux] +To configure OProfile not to monitor the kernel, execute the following command as `root`: indexterm:[OProfile,opcontrol,--no-vmlinux] ---- ~]# opcontrol --setup --no-vmlinux ---- @@ -233,8 +227,7 @@ Setting whether samples should be collected within the kernel only changes what [[s2-oprofile-events]] === Setting Events to Monitor -indexterm:[OProfile,events,setting] -Most processors contain _counters_, which are used by OProfile to monitor specific events. As shown in xref:OProfile.adoc#tb-oprofile-processors[OProfile Processors and Counters], the number of counters available depends on the processor. +indexterm:[OProfile,events,setting] Most processors contain _counters_, which are used by OProfile to monitor specific events. As shown in xref:OProfile.adoc#tb-oprofile-processors[OProfile Processors and Counters], the number of counters available depends on the processor. [[tb-oprofile-processors]] .OProfile Processors and Counters @@ -314,8 +307,7 @@ The number of events that can be monitored at one time is determined by the numb ~]# ls -d /dev/oprofile/[0-9]* ---- -The events available vary depending on the processor type. To determine the events available for profiling, execute the following command as root (the list is specific to the system's processor type): -indexterm:[OProfile,ophelp]indexterm:[ophelp] +The events available vary depending on the processor type. To determine the events available for profiling, execute the following command as root (the list is specific to the system's processor type): indexterm:[OProfile,ophelp]indexterm:[ophelp] ---- ~]# ophelp ---- @@ -349,8 +341,7 @@ Replace _event-name_ with the exact name of the event from [command]#ophelp#, an [[s3-oprofile-events-sampling]] ==== Sampling Rate -indexterm:[OProfile,events,sampling rate] -By default, a time-based event set is selected. It creates a sample every 100,000 clock cycles per processor. If the timer interrupt is used, the timer is set to the respective rate and is not user-settable. If the `cpu_type` is not `timer`, each event can have a _sampling rate_ set for it. The sampling rate is the number of events between each sample snapshot. +indexterm:[OProfile,events,sampling rate] By default, a time-based event set is selected. It creates a sample every 100,000 clock cycles per processor. If the timer interrupt is used, the timer is set to the respective rate and is not user-settable. If the `cpu_type` is not `timer`, each event can have a _sampling rate_ set for it. The sampling rate is the number of events between each sample snapshot. When setting the event for the counter, a sample rate can also be specified: @@ -370,8 +361,7 @@ Be extremely careful when setting sampling rates. Sampling too frequently can ov [[s3-oprofile-events-unit-masks]] ==== Unit Masks -indexterm:[OProfile,unit mask] -Some user performance monitoring events may also require unit masks to further define the event. +indexterm:[OProfile,unit mask] Some user performance monitoring events may also require unit masks to further define the event. Unit masks for each event are listed with the [command]#ophelp# command. The values for each unit mask are listed in hexadecimal format. To specify more than one unit mask, the hexadecimal values must be combined using a bitwise _or_ operation. @@ -383,8 +373,7 @@ Note that on certain architectures, there can be multiple unit masks with the sa [[s2-oprofile-starting-separate]] === Separating Kernel and User-space Profiles -indexterm:[OProfile,configuring,separating profiles] -By default, kernel mode and user mode information is gathered for each event. To configure OProfile to ignore events in kernel mode for a specific counter, execute the following command: +indexterm:[OProfile,configuring,separating profiles] By default, kernel mode and user mode information is gathered for each event. To configure OProfile to ignore events in kernel mode for a specific counter, execute the following command: ---- ~]# opcontrol --event=event-name:sample-rate:unit-mask:0 @@ -436,9 +425,7 @@ These configuration changes will take effect when the OProfile profiler is resta [[s1-oprofile-starting]] == Starting and Stopping OProfile Using Legacy Mode -indexterm:[OProfile,starting] -To start monitoring the system with OProfile, execute the following command as root: -indexterm:[OProfile,opcontrol,--start] +indexterm:[OProfile,starting] To start monitoring the system with OProfile, execute the following command as root: indexterm:[OProfile,opcontrol,--start] ---- ~]# opcontrol --start ---- @@ -450,9 +437,7 @@ Output similar to the following is displayed: Using log file /var/lib/oprofile/oprofiled.log Daemon started. Profiler running. ---- -The settings in `/root/.oprofile/daemonrc` are used. -indexterm:[OProfile,oprofiled]indexterm:[oprofiled,OProfile]indexterm:[OProfile,oprofiled,log file] -The OProfile daemon, [command]#oprofiled#, is started; it periodically writes the sample data to the `/var/lib/oprofile/samples/` directory. The log file for the daemon is located at `/var/lib/oprofile/oprofiled.log`. +The settings in `/root/.oprofile/daemonrc` are used. indexterm:[OProfile,oprofiled]indexterm:[oprofiled,OProfile]indexterm:[OProfile,oprofiled,log file] The OProfile daemon, [command]#oprofiled#, is started; it periodically writes the sample data to the `/var/lib/oprofile/samples/` directory. The log file for the daemon is located at `/var/lib/oprofile/oprofiled.log`. .Disable the nmi_watchdog registers [IMPORTANT] @@ -482,8 +467,7 @@ To stop the profiler, execute the following command as root: [[s1-oprofile-saving-data]] == Saving Data in Legacy Mode -indexterm:[OProfile,saving data] -Sometimes it is useful to save samples at a specific time. For example, when profiling an executable, it may be useful to gather different samples based on different input data sets. If the number of events to be monitored exceeds the number of counters available for the processor, multiple runs of OProfile can be used to collect data, saving the sample data to different files each time. +indexterm:[OProfile,saving data] Sometimes it is useful to save samples at a specific time. For example, when profiling an executable, it may be useful to gather different samples based on different input data sets. If the number of events to be monitored exceeds the number of counters available for the processor, multiple runs of OProfile can be used to collect data, saving the sample data to different files each time. To save the current set of sample files, execute the following command, replacing _name_ with a unique descriptive name for the current session: @@ -497,8 +481,7 @@ To specify the session directory to hold the sample data, use the [option]`--ses [[s1-oprofile-analyzing-data]] == Analyzing the Data -indexterm:[OProfile,reading data] -The same OProfile post-processing tools are used whether you collect your profile with [command]#operf# or [command]#opcontrol# in legacy mode. +indexterm:[OProfile,reading data] The same OProfile post-processing tools are used whether you collect your profile with [command]#operf# or [command]#opcontrol# in legacy mode. By default, [command]#operf# stores the profiling data in the `pass:attributes[{blank}]_current_dir_pass:attributes[{blank}]/oprofile_data/` directory. You can change to a different location with the [option]`--session-dir` option. The usual post-profiling analysis tools such as [command]#opreport# and [command]#opannotate# can be used to generate profile reports. These tools search for samples in `pass:attributes[{blank}]_current_dir_pass:attributes[{blank}]/oprofile_data/` first. If this directory does not exist, the analysis tools use the standard session directory of `/var/lib/oprofile/`. Statistics, such as total samples received and lost samples, are written to the `pass:attributes[{blank}]_session_dir_pass:attributes[{blank}]/samples/operf.log` file. @@ -534,8 +517,7 @@ Samples for each executable are written to a single sample file. Samples from ea [[s2-oprofile-reading-opreport]] === Using [command]#opreport# -indexterm:[OProfile,opreport]indexterm:[opreport,OProfile] -The [command]#opreport# tool provides an overview of all the executables being profiled. The following is part of a sample output from the [command]#opreport# command: +indexterm:[OProfile,opreport]indexterm:[opreport,OProfile] The [command]#opreport# tool provides an overview of all the executables being profiled. The following is part of a sample output from the [command]#opreport# command: [subs="quotes, macros, attributes"] ---- @@ -544,28 +526,7 @@ Profiling through timer interrupt TIMER:0| samples| %| ------------------ -25926 97.5212 no-vmlinux -359 1.3504 pi -65 0.2445 Xorg -62 0.2332 libvte.so.4.4.0 -56 0.2106 libc-2.3.4.so -34 0.1279 libglib-2.0.so.0.400.7 -19 0.0715 libXft.so.2.1.2 -17 0.0639 bash -8 0.0301 ld-2.3.4.so -8 0.0301 libgdk-x11-2.0.so.0.400.13 -6 0.0226 libgobject-2.0.so.0.400.7 -5 0.0188 oprofiled -4 0.0150 libpthread-2.3.4.so -4 0.0150 libgtk-x11-2.0.so.0.400.13 -3 0.0113 libXrender.so.1.2.2 -3 0.0113 du -1 0.0038 libcrypto.so.0.9.7a -1 0.0038 libpam.so.0.77 -1 0.0038 libtermcap.so.2.0.8 -1 0.0038 libX11.so.6.2 -1 0.0038 libgthread-2.0.so.0.400.7 -1 0.0038 libwnck-1.so.4.9.0 +25926 97.5212 no-vmlinux 359 1.3504 pi 65 0.2445 Xorg 62 0.2332 libvte.so.4.4.0 56 0.2106 libc-2.3.4.so 34 0.1279 libglib-2.0.so.0.400.7 19 0.0715 libXft.so.2.1.2 17 0.0639 bash 8 0.0301 ld-2.3.4.so 8 0.0301 libgdk-x11-2.0.so.0.400.13 6 0.0226 libgobject-2.0.so.0.400.7 5 0.0188 oprofiled 4 0.0150 libpthread-2.3.4.so 4 0.0150 libgtk-x11-2.0.so.0.400.13 3 0.0113 libXrender.so.1.2.2 3 0.0113 du 1 0.0038 libcrypto.so.0.9.7a 1 0.0038 libpam.so.0.77 1 0.0038 libtermcap.so.2.0.8 1 0.0038 libX11.so.6.2 1 0.0038 libgthread-2.0.so.0.400.7 1 0.0038 libwnck-1.so.4.9.0 ---- Each executable is listed on its own line. The first column is the number of samples recorded for the executable. The second column is the percentage of samples relative to the total number of samples. The third column is the name of the executable. @@ -574,8 +535,7 @@ See the `opreport(1)` manual page for a list of available command-line options, [[s2-oprofile-reading-opreport-single]] === Using opreport on a Single Executable -indexterm:[OProfile,opreport,on a single executable]indexterm:[opreport,OProfile] -To retrieve more detailed profiled information about a specific executable, use the [command]#opreport# command: +indexterm:[OProfile,opreport,on a single executable]indexterm:[opreport,OProfile] To retrieve more detailed profiled information about a specific executable, use the [command]#opreport# command: ---- ~]# opreport mode @@ -594,32 +554,7 @@ Replace _executable_ with the full path to the executable to be analyzed. _mode_ produces the following output: + ---- -samples % symbol name -12 21.4286 __gconv_transform_utf8_internal -5 8.9286 _int_malloc 4 7.1429 malloc -3 5.3571 __i686.get_pc_thunk.bx -3 5.3571 _dl_mcount_wrapper_check -3 5.3571 mbrtowc -3 5.3571 memcpy -2 3.5714 _int_realloc -2 3.5714 _nl_intern_locale_data -2 3.5714 free -2 3.5714 strcmp -1 1.7857 __ctype_get_mb_cur_max -1 1.7857 __unregister_atfork -1 1.7857 __write_nocancel -1 1.7857 _dl_addr -1 1.7857 _int_free -1 1.7857 _itoa_word -1 1.7857 calc_eclosure_iter -1 1.7857 fopen@@GLIBC_2.1 -1 1.7857 getpid -1 1.7857 memmove -1 1.7857 msort_with_tmp -1 1.7857 strcpy -1 1.7857 strlen -1 1.7857 vfprintf -1 1.7857 write +samples % symbol name 12 21.4286 __gconv_transform_utf8_internal 5 8.9286 _int_malloc 4 7.1429 malloc 3 5.3571 __i686.get_pc_thunk.bx 3 5.3571 _dl_mcount_wrapper_check 3 5.3571 mbrtowc 3 5.3571 memcpy 2 3.5714 _int_realloc 2 3.5714 _nl_intern_locale_data 2 3.5714 free 2 3.5714 strcmp 1 1.7857 __ctype_get_mb_cur_max 1 1.7857 __unregister_atfork 1 1.7857 __write_nocancel 1 1.7857 _dl_addr 1 1.7857 _int_free 1 1.7857 _itoa_word 1 1.7857 calc_eclosure_iter 1 1.7857 fopen@@GLIBC_2.1 1 1.7857 getpid 1 1.7857 memmove 1 1.7857 msort_with_tmp 1 1.7857 strcpy 1 1.7857 strlen 1 1.7857 vfprintf 1 1.7857 write ---- + The first column is the number of samples for the symbol, the second column is the percentage of samples for this symbol relative to the overall samples for the executable, and the third column is the symbol name. @@ -636,8 +571,7 @@ To sort the output from the largest number of samples to the smallest (reverse o returns the following output: + ---- -samples % symbol name -12 100.000 __gconv_transform_utf8_internal +samples % symbol name 12 100.000 __gconv_transform_utf8_internal ---- + The first line is a summary for the symbol/executable combination. @@ -654,19 +588,7 @@ The first column is the number of samples for the memory symbol. The second colu this output is returned: + ---- -vma samples % symbol name -00a98640 12 100.000 __gconv_transform_utf8_internal -00a98640 1 8.3333 -00a9868c 2 16.6667 -00a9869a 1 8.3333 -00a986c1 1 8.3333 -00a98720 1 8.3333 -00a98749 1 8.3333 -00a98753 1 8.3333 -00a98789 1 8.3333 -00a98864 1 8.3333 -00a98869 1 8.3333 -00a98b08 1 8.3333 +vma samples % symbol name 00a98640 12 100.000 __gconv_transform_utf8_internal 00a98640 1 8.3333 00a9868c 2 16.6667 00a9869a 1 8.3333 00a986c1 1 8.3333 00a98720 1 8.3333 00a98749 1 8.3333 00a98753 1 8.3333 00a98789 1 8.3333 00a98864 1 8.3333 00a98869 1 8.3333 00a98b08 1 8.3333 ---- + The data is the same as the [option]`-l` option except that for each symbol, each virtual memory address used is shown. For each virtual memory address, the number of samples and percentage of samples relative to the number of samples for the symbol is displayed. @@ -677,8 +599,7 @@ The data is the same as the [option]`-l` option except that for each symbol, eac [[s2-oprofile-module-output]] === Getting More Detailed Output on the Modules -indexterm:[OProfile,opreport]indexterm:[OProfile] -OProfile collects data on a system-wide basis for kernel- and user-space code running on the machine. However, once a module is loaded into the kernel, the information about the origin of the kernel module is lost. The module could come from the `initrd` file on boot up, the directory with the various kernel modules, or a locally created kernel module. As a result, when OProfile records samples for a module, it just lists the samples for the modules for an executable in the root directory, but this is unlikely to be the place with the actual code for the module. You will need to take some steps to make sure that analysis tools get the proper executable. +indexterm:[OProfile,opreport]indexterm:[OProfile] OProfile collects data on a system-wide basis for kernel- and user-space code running on the machine. However, once a module is loaded into the kernel, the information about the origin of the kernel module is lost. The module could come from the `initrd` file on boot up, the directory with the various kernel modules, or a locally created kernel module. As a result, when OProfile records samples for a module, it just lists the samples for the modules for an executable in the root directory, but this is unlikely to be the place with the actual code for the module. You will need to take some steps to make sure that analysis tools get the proper executable. To get a more detailed view of the actions of the module, you will need to either have the module "`unstripped`" (that is installed from a custom build) or have the [package]*debuginfo* package installed for the kernel. @@ -693,8 +614,7 @@ Then proceed with clearing out the samples from previous runs with the following To start the monitoring process, for example, on a machine with Westmere processor, run the following command: ---- -~]# opcontrol --setup --vmlinux=/usr/lib/debug/lib/modules/`uname -r`/vmlinux \ ---event=CPU_CLK_UNHALTED:500000 +~]# opcontrol --setup --vmlinux=/usr/lib/debug/lib/modules/`uname -r`/vmlinux \ --event=CPU_CLK_UNHALTED:500000 ---- Then the detailed information, for instance, for the ext4 module can be obtained with: @@ -720,8 +640,7 @@ samples % symbol name [[s2-oprofile-reading-opannotate]] === Using [command]#opannotate# -indexterm:[OProfile,opannotate]indexterm:[opannotate,OProfile] -The [command]#opannotate# tool tries to match the samples for particular instructions to the corresponding lines in the source code. The resulting generated files should have the samples for the lines at the left. It also puts in a comment at the beginning of each function listing the total samples for the function. +indexterm:[OProfile,opannotate]indexterm:[opannotate,OProfile] The [command]#opannotate# tool tries to match the samples for particular instructions to the corresponding lines in the source code. The resulting generated files should have the samples for the lines at the left. It also puts in a comment at the beginning of each function listing the total samples for the function. For this utility to work, the appropriate [package]*debuginfo* package for the executable must be installed on the system. On {MAJOROS}, the [package]*debuginfo* packages are not automatically installed with the corresponding packages that contain the executable. You have to obtain and install them separately. @@ -735,8 +654,7 @@ These command-line options are mandatory. Replace _src-dir_ with a path to the d [[s1-oprofile-dev-oprofile]] == Understanding the /dev/oprofile/ directory -indexterm:[OProfile,/dev/oprofile/]indexterm:[/dev/oprofile/] -When using OProfile in legacy mode, the `/dev/oprofile/` directory is used to store the file system for OProfile. On the other hand, [command]#operf# does not require `/dev/oprofile/`. Use the [command]#cat# command to display the values of the virtual files in this file system. For example, the following command displays the type of processor OProfile detected: +indexterm:[OProfile,/dev/oprofile/]indexterm:[/dev/oprofile/] When using OProfile in legacy mode, the `/dev/oprofile/` directory is used to store the file system for OProfile. On the other hand, [command]#operf# does not require `/dev/oprofile/`. Use the [command]#cat# command to display the values of the virtual files in this file system. For example, the following command displays the type of processor OProfile detected: ---- ~]# cat /dev/oprofile/cpu_type @@ -777,8 +695,7 @@ While OProfile can be used by developers to analyze application performance, it [[s1-oprofile-java-support]] == OProfile Support for Java -indexterm:[OProfile,Java] -OProfile allows you to profile dynamically compiled code (also known as "`just-in-time`" or JIT code) of the Java Virtual Machine (JVM). OProfile in {MAJOROSVER} includes built-in support for the JVM Tools Interface (JVMTI) agent library, which supports Java 1.5 and higher. +indexterm:[OProfile,Java] OProfile allows you to profile dynamically compiled code (also known as "`just-in-time`" or JIT code) of the Java Virtual Machine (JVM). OProfile in {MAJOROSVER} includes built-in support for the JVM Tools Interface (JVMTI) agent library, which supports Java 1.5 and higher. [[s1-oprofile-java-profiling]] === Profiling Java Code @@ -814,15 +731,13 @@ To learn more about Java support in OProfile, see the OProfile Manual, which is [[s1-oprofile-gui]] == Graphical Interface -indexterm:[oprof_start] -Some OProfile preferences can be set with a graphical interface. Make sure you have the `oprofile-gui` package that provides the OProfile GUI installed on your system. To start the interface, execute the [command]#oprof_start# command as root at a shell prompt. +indexterm:[oprof_start] Some OProfile preferences can be set with a graphical interface. Make sure you have the `oprofile-gui` package that provides the OProfile GUI installed on your system. To start the interface, execute the [command]#oprof_start# command as root at a shell prompt. After changing any of the options, save them by clicking the btn:[Save and quit] button. The preferences are written to `/root/.oprofile/daemonrc`, and the application exits. Exiting the application does not stop OProfile from sampling. On the `Setup` tab, to set events for the processor counters as discussed in xref:OProfile.adoc#s2-oprofile-events[Setting Events to Monitor], select the counter from the pulldown menu and select the event from the list. A brief description of the event appears in the text box below the list. Only events available for the specific counter and the specific architecture are displayed. The interface also displays whether the profiler is running and some brief statistics about it. -[[fig-oprofile-setup]] -.OProfile Setup +[[fig-oprofile-setup]] .OProfile Setup image::oprof-start-setup.png[oprof_start interface] @@ -836,8 +751,7 @@ If any unit masks are available for the currently selected event, as discussed i On the `Configuration` tab, to profile the kernel, enter the name and location of the `vmlinux` file for the kernel to monitor in the `Kernel image file` text field. To configure OProfile not to monitor the kernel, select `No kernel image`. -[[fig-oprofile-configuration]] -.OProfile Configuration +[[fig-oprofile-configuration]] .OProfile Configuration image::oprof-start-config.png[OProfile Configuration] @@ -851,8 +765,7 @@ To start OProfile from the graphical interface, click btn:[Start]. To stop the p [[s1-oprofile-and-systemtap]] == OProfile and SystemTap -indexterm:[OProfile,SystemTap] -SystemTap is a tracing and probing tool that allows users to study and monitor the activities of the operating system in fine detail. It provides information similar to the output of tools like [command]#netstat#, [command]#ps#, [command]#top#, and [command]#iostat#pass:attributes[{blank}]; however, SystemTap is designed to provide more filtering and analysis options for the collected information. +indexterm:[OProfile,SystemTap] SystemTap is a tracing and probing tool that allows users to study and monitor the activities of the operating system in fine detail. It provides information similar to the output of tools like [command]#netstat#, [command]#ps#, [command]#top#, and [command]#iostat#pass:attributes[{blank}]; however, SystemTap is designed to provide more filtering and analysis options for the collected information. While using OProfile is suggested in cases of collecting data on where and why the processor spends time in a particular area of code, it is less usable when finding out why the processor stays idle. @@ -862,8 +775,7 @@ For more information on SystemTap, see xref:OProfile.adoc#br-oprofile_online_doc [[s1-oprofile_additional_resources]] == Additional Resources -indexterm:[OProfile,additional resources] -To learn more about OProfile and how to configure it, see the following resources. +indexterm:[OProfile,additional resources] To learn more about OProfile and how to configure it, see the following resources. .Installed Documentation diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc index ba64745..7462182 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/System_Monitoring_Tools.adoc @@ -3,8 +3,7 @@ include::{partialsdir}/entities.adoc[] [[ch-System_Monitoring_Tools]] = System Monitoring Tools -indexterm:[system information,gathering]indexterm:[information,about your system] -In order to configure the system, system administrators often need to determine the amount of free memory, how much free disk space is available, how the hard drive is partitioned, or what processes are running. +indexterm:[system information,gathering]indexterm:[information,about your system] In order to configure the system, system administrators often need to determine the amount of free memory, how much free disk space is available, how the hard drive is partitioned, or what processes are running. [[s1-sysinfo-system-processes]] == Viewing System Processes @@ -12,8 +11,7 @@ indexterm:[system information,processes]indexterm:[processes] [[s2-sysinfo-system-processes-ps]] === Using the ps Command -indexterm:[ps] -The [command]#ps# command allows you to display information about running processes. It produces a static list, that is, a snapshot of what is running when you execute the command. If you want a constantly updated list of running processes, use the [command]#top# command or the [application]*System Monitor* application instead. +indexterm:[ps] The [command]#ps# command allows you to display information about running processes. It produces a static list, that is, a snapshot of what is running when you execute the command. If you want a constantly updated list of running processes, use the [command]#top# command or the [application]*System Monitor* application instead. To list all processes that are currently running on the system including processes owned by other users, type the following at a shell prompt: @@ -69,8 +67,7 @@ For a complete list of available command line options, refer to the *ps*(1) manu [[s2-sysinfo-system-processes-top]] === Using the top Command -indexterm:[system information,processes,currently running]indexterm:[top] -The [command]#top# command displays a real-time list of processes that are running on the system. It also displays additional information about the system uptime, current CPU and memory usage, or total number of running processes, and allows you to perform actions such as sorting the list or killing a process. +indexterm:[system information,processes,currently running]indexterm:[top] The [command]#top# command displays a real-time list of processes that are running on the system. It also displays additional information about the system uptime, current CPU and memory usage, or total number of running processes, and allows you to perform actions such as sorting the list or killing a process. To run the [command]#top# command, type the following at a shell prompt: @@ -129,20 +126,11 @@ xref:System_Monitoring_Tools.adoc#interactive-top-command[Interactive top comman [[s2-sysinfo-system-processes-system_monitor]] === Using the System Monitor Tool -indexterm:[gnome-system-monitor]indexterm:[System Monitor] -The `Processes` tab of the [application]*System Monitor* tool allows you to view, search for, change the priority of, and kill processes from the graphical user interface. +indexterm:[gnome-system-monitor]indexterm:[System Monitor] The `Processes` tab of the [application]*System Monitor* tool allows you to view, search for, change the priority of, and kill processes from the graphical user interface. To start the [application]*System Monitor* tool, either select menu:Applications[System Tools > `System Monitor`pass:attributes[{blank}]] from the Activities menu, or type [command]#gnome-system-monitor# at a shell prompt. Then click the `Processes` tab to view the list of running processes. -For each listed process, the [application]*System Monitor* tool displays its name (`Process Name`), -user (`User`), -percentage of the CPU usage (`% CPU`), -process ID (`ID`), -memory usage (`Memory`), -total disk read and write (`Disk read total` and `Disk write total`), -current disk read and write (`Disk read` and `Disk write`), -and priority (`Priority`). -To sort the information by a specific column in ascending order, click the name of that column. Click the name of the column again to toggle the sort between ascending and descending order. +For each listed process, the [application]*System Monitor* tool displays its name (`Process Name`), user (`User`), percentage of the CPU usage (`% CPU`), process ID (`ID`), memory usage (`Memory`), total disk read and write (`Disk read total` and `Disk write total`), current disk read and write (`Disk read` and `Disk write`), and priority (`Priority`). To sort the information by a specific column in ascending order, click the name of that column. Click the name of the column again to toggle the sort between ascending and descending order. By default, the [application]*System Monitor* tool displays a list of processes that are owned by the current user. Selecting various options from the View menu allows you to: @@ -182,8 +170,7 @@ indexterm:[system information,memory usage]indexterm:[memory usage]indexterm:[RA [[s2-sysinfo-memory-usage-free]] === Using the free Command -indexterm:[free] -The [command]#free# command allows you to display the amount of free and used memory on the system. To do so, type the following at a shell prompt: +indexterm:[free] The [command]#free# command allows you to display the amount of free and used memory on the system. To do so, type the following at a shell prompt: [subs="quotes, macros"] ---- @@ -221,15 +208,14 @@ For a complete list of available command line options, refer to the *free*(1) ma [[s2-sysinfo-memory-usage-system_monitor]] === Using the System Monitor Tool -indexterm:[gnome-system-monitor]indexterm:[System Monitor] -The `Resources` tab of the [application]*System Monitor* tool allows you to view the amount of free and used memory on the system. +indexterm:[gnome-system-monitor]indexterm:[System Monitor] The `Resources` tab of the [application]*System Monitor* tool allows you to view the amount of free and used memory on the system. To start the [application]*System Monitor* tool, either select menu:Applications[System Tools > `System Monitor`pass:attributes[{blank}]] from the Activities menu, or type [command]#gnome-system-monitor# at a shell prompt. Then click the `Resources` tab to view the system's memory usage. [[fig-sysinfo-memory]] .System Monitor — Resources -image::system-monitor-resources.png[The Resources tab of the System Monitor application.] +image::system-monitor-resources.png["The Resources tab of the System Monitor application."] In the `Memory and Swap History` section, the [application]*System Monitor* tool displays a graphical representation of the memory and swap usage history, as well as the total amount of the physical memory (`Memory`) and swap space (`Swap`) and how much of it is in use. @@ -239,15 +225,14 @@ indexterm:[system information,cpu usage]indexterm:[CPU usage] [[s2-sysinfo-cpu-system_monitor]] === Using the System Monitor Tool -indexterm:[gnome-system-monitor]indexterm:[System Monitor] -The `Resources` tab of the [application]*System Monitor* tool allows you to view the current CPU usage on the system. +indexterm:[gnome-system-monitor]indexterm:[System Monitor] The `Resources` tab of the [application]*System Monitor* tool allows you to view the current CPU usage on the system. To start the [application]*System Monitor* tool, either select menu:Applications[System Tools > `System Monitor`pass:attributes[{blank}]] from the Activities menu, or type [command]#gnome-system-monitor# at a shell prompt. Then click the `Resources` tab to view the system's CPU usage. [[fig-sysinfo-cpu]] .System Monitor — Resources -image::system-monitor-resources.png[The Resources tab of the System Monitor application.] +image::system-monitor-resources.png["The Resources tab of the System Monitor application."] In the `CPU History` section, the [application]*System Monitor* tool displays a graphical representation of the CPU usage history and shows the percentage of how much CPU is currently in use. @@ -257,8 +242,7 @@ indexterm:[system information,file systems]indexterm:[file systems] [[s2-sysinfo-filesystems-lsblk]] === Using the lsblk Command -indexterm:[lsblk] -The [command]#lsblk# command allows you to display a list of available block devices. To do so, type the following at a shell prompt: +indexterm:[lsblk] The [command]#lsblk# command allows you to display a list of available block devices. To do so, type the following at a shell prompt: [subs="quotes, macros"] ---- @@ -302,8 +286,7 @@ For a complete list of available command line options, refer to the *lsblk*(8) m [[s2-sysinfo-filesystems-blkid]] === Using the blkid Command -indexterm:[blkid] -The [command]#blkid# command allows you to display information about available block devices. To do so, type the following at a shell prompt as `root`: +indexterm:[blkid] The [command]#blkid# command allows you to display information about available block devices. To do so, type the following at a shell prompt as `root`: [subs="quotes, macros"] ---- @@ -363,8 +346,7 @@ For a complete list of available command line options, refer to the *blkid*(8) m [[s2-sysinfo-filesystems-partx]] === Using the partx Command -indexterm:[partx] -The [command]#partx# command allows you to display a list of disk partitions. To list the partition table of a particular disk, as `root`, run this command with the [option]`-s` option followed by the device name: +indexterm:[partx] The [command]#partx# command allows you to display a list of disk partitions. To list the partition table of a particular disk, as `root`, run this command with the [option]`-s` option followed by the device name: [subs="macros"] ---- @@ -384,8 +366,7 @@ For a complete list of available command line options, refer to the *partx*(8) m [[s2-sysinfo-filesystems-findmnt]] === Using the findmnt Command -indexterm:[findmnt] -The [command]#findmnt# command allows you to display a list of currently mounted file systems. To do so, type the following at a shell prompt: +indexterm:[findmnt] The [command]#findmnt# command allows you to display a list of currently mounted file systems. To do so, type the following at a shell prompt: [subs="quotes, macros"] ---- @@ -466,8 +447,7 @@ For a complete list of available command line options, refer to the *findmnt*(8) [[s2-sysinfo-filesystems-df]] === Using the df Command -indexterm:[df] -The [command]#df# command allows you to display a detailed report on the system's disk space usage. To do so, type the following at a shell prompt: +indexterm:[df] The [command]#df# command allows you to display a detailed report on the system's disk space usage. To do so, type the following at a shell prompt: [subs="quotes, macros"] ---- @@ -510,15 +490,13 @@ tmpfs 373M 0 373M 0% /sys/fs/cgroup tmpfs 373M 0 373M 0% /media /dev/vda1 497M 84M 389M 18% /boot ---- -indexterm:[system information,file systems,/dev/shm]indexterm:[/dev/shm]indexterm:[system information,file systems,/sys/fs/cgroup]indexterm:[/sys/fs/cgroup]indexterm:[system information,file systems,/run]indexterm:[/run] -Note that the `/dev/shm` entry represents the system's virtual memory file system, `/sys/fs/cgroup` is a cgroup file system, and `/run` contains information about the running system. +indexterm:[system information,file systems,/dev/shm]indexterm:[/dev/shm]indexterm:[system information,file systems,/sys/fs/cgroup]indexterm:[/sys/fs/cgroup]indexterm:[system information,file systems,/run]indexterm:[/run] Note that the `/dev/shm` entry represents the system's virtual memory file system, `/sys/fs/cgroup` is a cgroup file system, and `/run` contains information about the running system. For a complete list of available command line options, refer to the *df*(1) manual page. [[s2-sysinfo-filesystems-du]] === Using the du Command -indexterm:[du] -The [command]#du# command allows you to displays the amount of space that is being used by files in a directory. To display the disk usage for each of the subdirectories in the current working directory, run the command with no additional command line options: +indexterm:[du] The [command]#du# command allows you to displays the amount of space that is being used by files in a directory. To display the disk usage for each of the subdirectories in the current working directory, run the command with no additional command line options: [subs="quotes, macros"] ---- @@ -577,15 +555,14 @@ For a complete list of available command line options, refer to the *du*(1) manu [[s2-sysinfo-filesystems-system_monitor]] === Using the System Monitor Tool -indexterm:[gnome-system-monitor]indexterm:[System Monitor] -The `File Systems` tab of the [application]*System Monitor* tool allows you to view file systems and disk space usage in the graphical user interface. +indexterm:[gnome-system-monitor]indexterm:[System Monitor] The `File Systems` tab of the [application]*System Monitor* tool allows you to view file systems and disk space usage in the graphical user interface. To start the [application]*System Monitor* tool, either select menu:Applications[System Tools > `System Monitor`pass:attributes[{blank}]] from the Activities menu, or type [command]#gnome-system-monitor# at a shell prompt. Then click the `File Systems` tab to view a list of file systems. [[fig-sysinfo-filesystems]] .System Monitor — File Systems -image::system-monitor-file-systems.png[The File Systems tab of the System Monitor application.] +image::system-monitor-file-systems.png["The File Systems tab of the System Monitor application."] For each listed file system, the [application]*System Monitor* tool displays the source device (`Device`), target mount point (`Directory`), and file system type (`Type`), as well as its size (`Total`) and how much space is free (`Free`), available (`Available`), and used (`Used`). @@ -595,8 +572,7 @@ indexterm:[system information,hardware]indexterm:[hardware,viewing] [[s2-sysinfo-hardware-lspci]] === Using the lspci Command -indexterm:[lspci] -The [command]#lspci# command lists all PCI devices that are present in the system: +indexterm:[lspci] The [command]#lspci# command lists all PCI devices that are present in the system: [subs="quotes, macros"] ---- @@ -649,8 +625,7 @@ For a complete list of available command line options, refer to the *lspci*(8) m [[s2-sysinfo-hardware-lsusb]] === Using the lsusb Command -indexterm:[lsusb] -The [command]#lsusb# command allows you to display information about USB buses and devices that are attached to them. To list all USB devices that are in the system, type the following at a shell prompt: +indexterm:[lsusb] The [command]#lsusb# command allows you to display information about USB buses and devices that are attached to them. To list all USB devices that are in the system, type the following at a shell prompt: [subs="quotes, macros"] ---- @@ -710,8 +685,7 @@ For a complete list of available command line options, refer to the *lsusb*(8) m [[s2-sysinfo-hardware-lspcmcia]] === Using the lspcmcia Command -indexterm:[lspcmcia] -The [command]#lspcmcia# command allows you to list all PCMCIA devices that are present in the system. To do so, type the following at a shell prompt: +indexterm:[lspcmcia] The [command]#lspcmcia# command allows you to list all PCMCIA devices that are present in the system. To do so, type the following at a shell prompt: [subs="quotes, macros"] ---- @@ -744,8 +718,7 @@ For a complete list of available command line options, refer to the *pccardctl*( [[s2-sysinfo-hardware-lscpu]] === Using the lscpu Command -indexterm:[lscpu] -The [command]#lscpu# command allows you to list information about CPUs that are present in the system, including the number of CPUs, their architecture, vendor, family, model, CPU caches, etc. To do so, type the following at a shell prompt: +indexterm:[lscpu] The [command]#lscpu# command allows you to list information about CPUs that are present in the system, including the number of CPUs, their architecture, vendor, family, model, CPU caches, etc. To do so, type the following at a shell prompt: [subs="quotes, macros"] ---- @@ -782,8 +755,7 @@ For a complete list of available command line options, refer to the *lscpu*(1) m [[s2-sysinfo-hardware-hw-probe]] === Using the Hardware probe -indexterm:[hw-probe] -The [command]#hw-probe# command allows you to list all hardware devices, perform sanity tests for some of them and submit result to the link:++https://github.com/linuxhw++[hardware database]. To do so, type the following at a shell prompt: +indexterm:[hw-probe] The [command]#hw-probe# command allows you to list all hardware devices, perform sanity tests for some of them and submit result to the link:++https://github.com/linuxhw++[hardware database]. To do so, type the following at a shell prompt: [subs="quotes, macros"] ---- diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc index f313198..52c80b4 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/monitoring-and-automation/Viewing_and_Managing_Log_Files.adoc @@ -3,33 +3,25 @@ include::{partialsdir}/entities.adoc[] [[ch-Viewing_and_Managing_Log_Files]] = Viewing and Managing Log Files -indexterm:[log files,System Log]indexterm:[log files,description] -_Log files_ are files that contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information. For example, there is a default system log file, a log file just for security messages, and a log file for cron tasks. +indexterm:[log files,System Log]indexterm:[log files,description] _Log files_ are files that contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information. For example, there is a default system log file, a log file just for security messages, and a log file for cron tasks. -Log files can be very useful when trying to troubleshoot a problem with the system such as trying to load a kernel driver or when looking for unauthorized login attempts to the system. This chapter discusses where to find log files, how to view log files, and what to look for in log files. -indexterm:[log files,rsyslogd daemon]indexterm:[rsyslog] -Some log files are controlled by a daemon called `rsyslogd`. The `rsyslogd` daemon is an enhanced replacement for [application]*sysklogd*, and provides extended filtering, encryption protected relaying of messages, various configuration options, input and output modules, support for transportation via the `TCP` or `UDP` protocols. Note that [application]*rsyslog* is compatible with [application]*sysklogd*. +Log files can be very useful when trying to troubleshoot a problem with the system such as trying to load a kernel driver or when looking for unauthorized login attempts to the system. This chapter discusses where to find log files, how to view log files, and what to look for in log files. indexterm:[log files,rsyslogd daemon]indexterm:[rsyslog] Some log files are controlled by a daemon called `rsyslogd`. The `rsyslogd` daemon is an enhanced replacement for [application]*sysklogd*, and provides extended filtering, encryption protected relaying of messages, various configuration options, input and output modules, support for transportation via the `TCP` or `UDP` protocols. Note that [application]*rsyslog* is compatible with [application]*sysklogd*. Log files can also be managed by the `journald` daemon – a component of `systemd`. The `journald` daemon captures Syslog messages, kernel log messages, initial RAM disk and early boot messages as well as messages written to standard output and standard error output of all services, indexes them and makes this available to the user. The native journal file format, which is a structured and indexed binary file, improves searching and provides faster operation, and it also stores meta data information like time stamps or user IDs. Log files produced by `journald` are by default not persistent, log files are stored only in memory or a small ring-buffer in the `/run/log/journal/` directory. The amount of logged data depends on free memory, when you reach the capacity limit, the oldest entries are deleted. However, this setting can be altered – see xref:Viewing_and_Managing_Log_Files.adoc#s2-Enabling_Persistent_Storage[Enabling Persistent Storage]. For more information on Journal see xref:Viewing_and_Managing_Log_Files.adoc#s1-Using_the_Journal[Using the Journal]. -By default, only `journald` is installed on your system. You have to install rsyslog youself. Also do not forget to enable and start it after install before continuing with rest of this guide. The `journald` daemon is the primary tool for troubleshooting. It also provides additional data necessary for creating structured log messages. Data acquired by `journald` is forwarded into the `/run/systemd/journal/syslog` socket that may be used by `rsyslogd` to process the data further. However, [application]*rsyslog* does the actual integration by default via the `imjournal` input module, thus avoiding the aforementioned socket. You can also transfer data in the opposite direction, from `rsyslogd` to `journald` with use of `omjournal` module. See xref:Viewing_and_Managing_Log_Files.adoc#s1-interaction_of_rsyslog_and_journal[Interaction of Rsyslog and Journal] for further information. The integration enables maintaining text-based logs in a consistent format to ensure compatibility with possible applications or configurations dependent on `rsyslogd`. Also, you can maintain rsyslog messages in a structured format (see xref:Viewing_and_Managing_Log_Files.adoc#s1-structured_logging_with_rsyslog[Structured Logging with Rsyslog]). +By default, only `journald` is installed on your system. You have to install rsyslog youself. Also do not forget to enable and start it after install before continuing with rest of this guide. The `journald` daemon is the primary tool for troubleshooting. It also provides additional data necessary for creating structured log messages. Data acquired by `journald` is forwarded into the `/run/systemd/journal/syslog` socket that may be used by `rsyslogd` to process the data further. However, [application]*rsyslog* does the actual integration by default via the `imjournal` input module, thus avoiding the aforementioned socket. You can also transfer data in the opposite direction, from `rsyslogd` to `journald` with use of `omjournal` module. See xref:Viewing_and_Managing_Log_Files.adoc#s1-interaction_of_rsyslog_and_journal[Interaction of Rsyslog and Journal] for further information. The integration enables maintaining text-based logs in a consistent format to ensure compatibility with possible applications or configurations dependent on `rsyslogd`. Also, you can maintain rsyslog messages in a structured format (see xref:Viewing_and_Managing_Log_Files.adoc#s1-structured_logging_with_rsyslog[Structured Logging with Rsyslog]). [[s1-logfiles-locating]] == Locating Log Files -indexterm:[log files,locating] -A list of log files maintained by `rsyslogd` can be found in the `/etc/rsyslog.conf` configuration file. Most log files are located in the `/var/log/` directory. Some applications such as [command]#httpd# and [command]#samba# have a directory within `/var/log/` for their log files. -indexterm:[log files,rotating]indexterm:[logrotate] -You may notice multiple files in the `/var/log/` directory with numbers after them (for example, `cron-20100906`). These numbers represent a time stamp that has been added to a rotated log file. Log files are rotated so their file sizes do not become too large. The `logrotate` package contains a cron task that automatically rotates log files according to the `/etc/logrotate.conf` configuration file and the configuration files in the `/etc/logrotate.d/` directory. +indexterm:[log files,locating] A list of log files maintained by `rsyslogd` can be found in the `/etc/rsyslog.conf` configuration file. Most log files are located in the `/var/log/` directory. Some applications such as [command]#httpd# and [command]#samba# have a directory within `/var/log/` for their log files. indexterm:[log files,rotating]indexterm:[logrotate] You may notice multiple files in the `/var/log/` directory with numbers after them (for example, `cron-20100906`). These numbers represent a time stamp that has been added to a rotated log file. Log files are rotated so their file sizes do not become too large. The `logrotate` package contains a cron task that automatically rotates log files according to the `/etc/logrotate.conf` configuration file and the configuration files in the `/etc/logrotate.d/` directory. [[s1-basic_configuration_of_rsyslog]] == Basic Configuration of Rsyslog -indexterm:[rsyslog,configuration] -The main configuration file for [application]*rsyslog* is `/etc/rsyslog.conf`. Here, you can specify _global directives_, _modules_, and _rules_ that consist of _filter_ and _action_ parts. Also, you can add comments in the form of text following a hash sign (`#`). +indexterm:[rsyslog,configuration] The main configuration file for [application]*rsyslog* is `/etc/rsyslog.conf`. Here, you can specify _global directives_, _modules_, and _rules_ that consist of _filter_ and _action_ parts. Also, you can add comments in the form of text following a hash sign (`#`). [[s2-Filters]] === Filters -indexterm:[rsyslog,filters] -A rule is specified by a *filter* part, which selects a subset of syslog messages, and an *action* part, which specifies what to do with the selected messages. To define a rule in your `/etc/rsyslog.conf` configuration file, define both, a filter and an action, on one line and separate them with one or more spaces or tabs. +indexterm:[rsyslog,filters] A rule is specified by a *filter* part, which selects a subset of syslog messages, and an *action* part, which specifies what to do with the selected messages. To define a rule in your `/etc/rsyslog.conf` configuration file, define both, a filter and an action, on one line and separate them with one or more spaces or tabs. [application]*rsyslog* offers various ways to filter syslog messages according to selected properties. The available filtering methods can be divided into *Facility/Priority-based*, *Property-based*, and *Expression-based* filters. @@ -191,8 +183,7 @@ See xref:Viewing_and_Managing_Log_Files.adoc#brid-Log_Files-Resources-Online[Onl [[s2-Actions]] === Actions -indexterm:[rsyslog,actions] -Actions specify what is to be done with the messages filtered out by an already-defined selector. The following are some of the actions you can define in your rule: +indexterm:[rsyslog,actions] Actions specify what is to be done with the messages filtered out by an already-defined selector. The following are some of the actions you can define in your rule: Saving syslog messages to log files:: The majority of actions specify to which log file a syslog message is saved. This is done by specifying a file path after your already-defined selector: @@ -383,8 +374,7 @@ where: [IMPORTANT] ==== -Currently, [application]*rsyslog* provides support for `MySQL` and `PostgreSQL` databases only. -In order to use the `MySQL` and `PostgreSQL` database writer functionality, install the [package]*rsyslog-mysql* and [package]*rsyslog-pgsql* packages, respectively. Also, make sure you load the appropriate modules in your `/etc/rsyslog.conf` configuration file: +Currently, [application]*rsyslog* provides support for `MySQL` and `PostgreSQL` databases only. In order to use the `MySQL` and `PostgreSQL` database writer functionality, install the [package]*rsyslog-mysql* and [package]*rsyslog-pgsql* packages, respectively. Also, make sure you load the appropriate modules in your `/etc/rsyslog.conf` configuration file: ---- @@ -456,8 +446,7 @@ A template must be defined before it is used in an action, otherwise it is ignor [[s2-Templates]] === Templates -indexterm:[rsyslog,templates] -Any output that is generated by [application]*rsyslog* can be modified and formatted according to your needs with the use of *templates*. To create a template use the following syntax in `/etc/rsyslog.conf`: +indexterm:[rsyslog,templates] Any output that is generated by [application]*rsyslog* can be modified and formatted according to your needs with the use of *templates*. To create a template use the following syntax in `/etc/rsyslog.conf`: [subs="macros"] ---- @@ -638,8 +627,7 @@ $template dbFormat,"insert into SystemEvents (Message, Facility, FromHost, Prior [[s2-global_directives]] === Global Directives -indexterm:[rsyslog,global directives] -Global directives are configuration options that apply to the `rsyslogd` daemon. They usually specify a value for a specific predefined variable that affects the behavior of the `rsyslogd` daemon or a rule that follows. All of the global directives must start with a dollar sign (`$`). Only one directive can be specified per line. The following is an example of a global directive that specifies the maximum size of the syslog message queue: +indexterm:[rsyslog,global directives] Global directives are configuration options that apply to the `rsyslogd` daemon. They usually specify a value for a specific predefined variable that affects the behavior of the `rsyslogd` daemon or a rule that follows. All of the global directives must start with a dollar sign (`$`). Only one directive can be specified per line. The following is an example of a global directive that specifies the maximum size of the syslog message queue: [subs="quotes"] ---- @@ -654,8 +642,7 @@ You can define multiple directives in your `/etc/rsyslog.conf` configuration fil [[s2-log_rotation]] === Log Rotation -indexterm:[rsyslog,log rotation] -The following is a sample `/etc/logrotate.conf` configuration file: +indexterm:[rsyslog,log rotation] The following is a sample `/etc/logrotate.conf` configuration file: ---- @@ -713,9 +700,9 @@ The following is a list of some of the directives you can specify in your [appli ** `delaycompress` — Postpones the compression of log files to the next rotation of log files. -* `rotate _INTEGER_pass:attributes[{blank}]` — Specifies the number of rotations a log file undergoes before it is removed or mailed to a specific address. If the value 0 is specified, old log files are removed instead of rotated. +* `rotate _INTEGER_pass:attributes[{blank}]` — Specifies the number of rotations a log file undergoes before it is removed or mailed to a specific address. If the value 0 is specified, old log files are removed instead of rotated. -* `mail _ADDRESS_pass:attributes[{blank}]` — This option enables mailing of log files that have been rotated as many times as is defined by the `rotate` directive to the specified address. Similar directives include: +* `mail _ADDRESS_pass:attributes[{blank}]` — This option enables mailing of log files that have been rotated as many times as is defined by the `rotate` directive to the specified address. Similar directives include: ** `nomail` @@ -727,8 +714,7 @@ For the full list of directives and various configuration options, see the `logr [[sec-using_the_new_configuration_format]] == Using the New Configuration Format -indexterm:[rsyslog,new configuration format] -In [application]*rsyslog* version 6, a new configuration syntax was introduced. This new configuration format aims to be more powerful, more intuitive, and to prevent common mistakes by not permitting certain invalid constructs. The syntax enhancement is enabled by the new configuration processor that relies on RainerScript. The legacy format is still fully supported and it is used by default in the `/etc/rsyslog.conf` configuration file. +indexterm:[rsyslog,new configuration format] In [application]*rsyslog* version 6, a new configuration syntax was introduced. This new configuration format aims to be more powerful, more intuitive, and to prevent common mistakes by not permitting certain invalid constructs. The syntax enhancement is enabled by the new configuration processor that relies on RainerScript. The legacy format is still fully supported and it is used by default in the `/etc/rsyslog.conf` configuration file. RainerScript is a scripting language designed for processing network events and configuring event processors such as [application]*rsyslog*. RainerScript was first used to define expression-based filters, see xref:Viewing_and_Managing_Log_Files.adoc#ex-expression-based_filters[Expression-based Filters]. The version of RainerScript in rsyslog version 7 implemented the `input()` and `ruleset()` statements, which permit the `/etc/rsyslog.conf` configuration file to be written in the new syntax. The new syntax differs mainly in that it is much more structured; parameters are passed as arguments to statements, such as input, action, template, and module load. The scope of options is limited by blocks. This enhances readability and reduces the number of bugs caused by misconfiguration. There is also a significant performance gain. Some functionality is exposed in both syntaxes, some only in the new one. @@ -757,8 +743,7 @@ This significantly reduces the number of parameters used in configuration, impro [[sec-Rulesets]] === Rulesets -indexterm:[rsyslog,rulesets] -Leaving special directives aside, [application]*rsyslog* handles messages as defined by *rules* that consist of a filter condition and an action to be performed if the condition is true. With a traditionally written `/etc/rsyslog.conf` file, all rules are evaluated in order of appearance for every input message. This process starts with the first rule and continues until all rules have been processed or until the message is discarded by one of the rules. +indexterm:[rsyslog,rulesets] Leaving special directives aside, [application]*rsyslog* handles messages as defined by *rules* that consist of a filter condition and an action to be performed if the condition is true. With a traditionally written `/etc/rsyslog.conf` file, all rules are evaluated in order of appearance for every input message. This process starts with the first rule and continues until all rules have been processed or until the message is discarded by one of the rules. However, rules can be grouped into sequences called _rulesets_. With rulesets, you can limit the effect of certain rules only to selected inputs or enhance the performance of [application]*rsyslog* by defining a distinct set of actions bound to a specific input. In other words, filter conditions that will be inevitably evaluated as false for certain types of messages can be skipped. The legacy ruleset definition in `/etc/rsyslog.conf` can look as follows: @@ -838,13 +823,12 @@ For more information on various `rsyslogd` options, see the `rsyslogd(8)`pass:at [[s1-working_with_queues_in_rsyslog]] == Working with Queues in Rsyslog -indexterm:[rsyslog,queues] -Queues are used to pass content, mostly syslog messages, between components of [application]*rsyslog*. With queues, rsyslog is capable of processing multiple messages simultaneously and to apply several actions to a single message at once. The data flow inside [application]*rsyslog* can be illustrated as follows: +indexterm:[rsyslog,queues] Queues are used to pass content, mostly syslog messages, between components of [application]*rsyslog*. With queues, rsyslog is capable of processing multiple messages simultaneously and to apply several actions to a single message at once. The data flow inside [application]*rsyslog* can be illustrated as follows: [[fig-message_flow_in_rsyslog]] .Message Flow in Rsyslog -image::rsyslog_message_flow.png[Message Flow in Rsyslog] +image::rsyslog_message_flow.png["Message Flow in Rsyslog"] Whenever [application]*rsyslog* receives a message, it passes this message to the preprocessor and then places it into the _main message queue_. Messages wait there to be dequeued and passed to the _rule processor_. @@ -1279,8 +1263,7 @@ input(type="imtcp" port="514" ruleset="remote1") [[s1-using_rsyslog_modules]] == Using Rsyslog Modules -indexterm:[rsyslog,modules] -Due to its modular design, [application]*rsyslog* offers a variety of _modules_ which provide additional functionality. Note that modules can be written by third parties. Most modules provide additional inputs (see *Input Modules* below) or outputs (see *Output Modules* below). Other modules provide special functionality specific to each module. The modules may provide additional configuration directives that become available after a module is loaded. To load a module, use the following syntax: +indexterm:[rsyslog,modules] Due to its modular design, [application]*rsyslog* offers a variety of _modules_ which provide additional functionality. Note that modules can be written by third parties. Most modules provide additional inputs (see *Input Modules* below) or outputs (see *Output Modules* below). Other modules provide special functionality specific to each module. The modules may provide additional configuration directives that become available after a module is loaded. To load a module, use the following syntax: [subs="quotes, macros"] ---- @@ -1625,8 +1608,7 @@ You can shape the form of the final database output with use of templates. By de [[s1-debugging_rsyslog]] == Debugging Rsyslog -indexterm:[rsyslog,debugging] -To run `rsyslogd` in debugging mode, use the following command: +indexterm:[rsyslog,debugging] To run `rsyslogd` in debugging mode, use the following command: [subs="quotes, macros"] ---- @@ -1998,10 +1980,7 @@ As an alternative to the aforementioned command-line utilities, Red{nbsp}Hat Ent [[s2-logfiles-viewing]] === Viewing Log Files -indexterm:[log files,viewing] -Most log files are stored in plain text format. You can view them with any text editor such as [command]#Vi# or [application]*Emacs*. Some log files are readable by all users on the system; however, root privileges are required to read most log files. -indexterm:[gnome-system-log,System Log] -To view system log files in an interactive, real-time application, use the [application]*System Log*. +indexterm:[log files,viewing] Most log files are stored in plain text format. You can view them with any text editor such as [command]#Vi# or [application]*Emacs*. Some log files are readable by all users on the system; however, root privileges are required to read most log files. indexterm:[gnome-system-log,System Log] To view system log files in an interactive, real-time application, use the [application]*System Log*. .Installing the gnome-system-log package [NOTE] @@ -2027,27 +2006,25 @@ After you have installed the [package]*gnome-system-log* package, open the [appl ---- -The application only displays log files that exist; thus, the list might differ from the one shown in xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer[System Log]. -indexterm:[System Log,searching]indexterm:[System Log,filtering] +The application only displays log files that exist; thus, the list might differ from the one shown in xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer[System Log]. indexterm:[System Log,searching]indexterm:[System Log,filtering] [[fig-redhat-logviewer]] .System Log -image::redhat-logviewer.png[System Log] -indexterm:[System Log,refresh rate] -The [application]*System Log* application lets you filter any existing log file. Click on the button marked with the gear symbol to view the menu, select menu:[pass:attributes[{blank}]`Filters` > > `Manage Filters`pass:attributes[{blank}]] to define or edit the desired filter. +image::redhat-logviewer.png["System Log"] +indexterm:[System Log,refresh rate] The [application]*System Log* application lets you filter any existing log file. Click on the button marked with the gear symbol to view the menu, select menu:[pass:attributes[{blank}]`Filters` > > `Manage Filters`pass:attributes[{blank}]] to define or edit the desired filter. [[fig-redhat-filters]] .System Log - Filters -image::redhat-filters.png[System Log - Filters] +image::redhat-filters.png["System Log - Filters"] Adding or editing a filter lets you define its parameters as is shown in xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-filter-sample[System Log - defining a filter]. [[fig-redhat-filter-sample]] .System Log - defining a filter -image::redhat-filter-sample.png[System Log - Defining a Filter] +image::redhat-filter-sample.png["System Log - Defining a Filter"] When defining a filter, the following parameters can be edited: @@ -2066,23 +2043,19 @@ When you have at least one filter defined, it can be selected from the `Filters` [[fig-redhat-filter-enable]] .System Log - enabling a filter -image::redhat-filter-enable.png[System Log - Enabling a Filter] +image::redhat-filter-enable.png["System Log - Enabling a Filter"] When you select the `Show matches only` option, only the matched strings will be shown in the log file you are currently viewing. [[s2-logfiles-adding]] === Adding a Log File -To add a log file you want to view in the list, select menu:File[> `Open` >]. -This will display the `Open Log` window where you can select the directory and -file name of the log file you want to view. -xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-add[System Log - adding a log file] -illustrates the Open Log window. +To add a log file you want to view in the list, select menu:File[> `Open` >]. This will display the `Open Log` window where you can select the directory and file name of the log file you want to view. xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-add[System Log - adding a log file] illustrates the Open Log window. [[fig-redhat-logviewer-add]] .System Log - adding a log file -image::redhat-logviewer-add.png[System Log - Adding a Log File] +image::redhat-logviewer-add.png["System Log - Adding a Log File"] Click on the btn:[Open] button to open the file. The file is immediately added to the viewing list where you can select it and view its contents. @@ -2096,13 +2069,12 @@ The [application]*System Log* also allows you to open log files zipped in the `. [[s2-logfiles-examining]] === Monitoring Log Files -indexterm:[log files,monitoring]indexterm:[System Log,monitoring] -[application]*System Log* monitors all opened logs by default. If a new line is added to a monitored log file, the log name appears in bold in the log list. If the log file is selected or displayed, the new lines appear in bold at the bottom of the log file. xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-monitoring[System Log - new log alert] illustrates a new alert in the `cron` log file and in the `messages` log file. Clicking on the `messages` log file displays the logs in the file with the new lines in bold. +indexterm:[log files,monitoring]indexterm:[System Log,monitoring] [application]*System Log* monitors all opened logs by default. If a new line is added to a monitored log file, the log name appears in bold in the log list. If the log file is selected or displayed, the new lines appear in bold at the bottom of the log file. xref:Viewing_and_Managing_Log_Files.adoc#fig-redhat-logviewer-monitoring[System Log - new log alert] illustrates a new alert in the `cron` log file and in the `messages` log file. Clicking on the `messages` log file displays the logs in the file with the new lines in bold. [[fig-redhat-logviewer-monitoring]] .System Log - new log alert -image::redhat-logviewer-monitoring.png[System Log - New Log Alert] +image::redhat-logviewer-monitoring.png["System Log - New Log Alert"] [[s1-log-files-additional-resources]] == Additional Resources diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/package-management/DNF.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/package-management/DNF.adoc index 5c09d3a..0420802 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/package-management/DNF.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/package-management/DNF.adoc @@ -33,8 +33,7 @@ You must have superuser privileges in order to use the [command]#dnf# command to [[sec-Checking_For_Updates]] === Checking For Updates -indexterm:[DNF Updates,checking for updates] -The quickest way to check for updates is to attempt to install any available updates by using the [command]#dnf upgrade# command as follows: +indexterm:[DNF Updates,checking for updates] The quickest way to check for updates is to attempt to install any available updates by using the [command]#dnf upgrade# command as follows: ---- ~]# dnf upgrade @@ -73,8 +72,7 @@ The packages in the above output are listed as having updated versions. The line [[sec-Updating_Packages]] === Updating Packages -indexterm:[DNF Updates,updating packages] -You can choose to update a single package, multiple packages, or all packages at once. If any dependencies of the package, or packages, you update have updates available themselves, then they are updated too. +indexterm:[DNF Updates,updating packages] You can choose to update a single package, multiple packages, or all packages at once. If any dependencies of the package, or packages, you update have updates available themselves, then they are updated too. .Updating a Single Packageindexterm:[DNF Updates,updating a single package] To update a single package, run the following command as `root`: @@ -136,8 +134,7 @@ To update all packages and their dependencies, enter [command]#dnf upgrade# with [[sec-Preserving_Configuration_File_Changes]] === Preserving Configuration File Changes -indexterm:[Configuration File Changes] -You will inevitably make changes to the configuration files installed by packages as you use your {MAJOROS} system. [application]*RPM*, which DNF uses to perform changes to the system, provides a mechanism for ensuring their integrity. See xref:RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for details on how to manage changes to configuration files across package upgrades. +indexterm:[Configuration File Changes] You will inevitably make changes to the configuration files installed by packages as you use your {MAJOROS} system. [application]*RPM*, which DNF uses to perform changes to the system, provides a mechanism for ensuring their integrity. See xref:RPM.adoc#sec-Installing_and_Upgrading[Installing and Upgrading Packages] for details on how to manage changes to configuration files across package upgrades. [[sec-Packages_and_Package_Groups]] == Packages and Package Groups @@ -145,8 +142,7 @@ indexterm:[packages,packages and package groups]indexterm:[DNF,packages and pack [[sec-Searching_Packages]] === Searching Packages -indexterm:[packages,searching packages with DNF,dnf search]indexterm:[DNF,searching packages with DNF,dnf search] -You can search all *RPM* package names and summaries by using the following command: +indexterm:[packages,searching packages with DNF,dnf search]indexterm:[DNF,searching packages with DNF,dnf search] You can search all *RPM* package names and summaries by using the following command: [subs="quotes, macros"] ---- @@ -178,8 +174,7 @@ indexterm:[packages,searching for packages with DNF,dnf search]indexterm:[DNF,se [[sec-Listing_Packages]] === Listing Packages -indexterm:[packages,listing packages with DNF,dnf search]indexterm:[DNF,listing packages with DNF,dnf list] -[command]#dnf list# and related commands provide information about packages, package groups, and repositories. +indexterm:[packages,listing packages with DNF,dnf search]indexterm:[DNF,listing packages with DNF,dnf list] [command]#dnf list# and related commands provide information about packages, package groups, and repositories. All of DNF's list commands allow you to filter the results by appending one or more _glob expressions_ as arguments. Glob expressions are normal strings of characters which contain one or more of the wildcard characters [command]#*# (which expands to match any character multiple times) and [command]#?# (which expands to match any one character). @@ -187,8 +182,7 @@ All of DNF's list commands allow you to filter the results by appending one or m .Filtering results with glob expressions [NOTE] ==== -indexterm:[packages,listing packages with DNF,Glob expressions]indexterm:[DNF,listing packages with DNF,Glob expressions] -Be careful to escape the glob expressions when passing them as arguments to a [command]#dnf# command, otherwise the Bash shell will interpret these expressions as _pathname expansions_, and potentially pass all files in the current directory that match the globs to DNF. To make sure the glob expressions are passed to DNF as intended, either: +indexterm:[packages,listing packages with DNF,Glob expressions]indexterm:[DNF,listing packages with DNF,Glob expressions] Be careful to escape the glob expressions when passing them as arguments to a [command]#dnf# command, otherwise the Bash shell will interpret these expressions as _pathname expansions_, and potentially pass all files in the current directory that match the globs to DNF. To make sure the glob expressions are passed to DNF as intended, either: * escape the wildcard characters by preceding them with a backslash character; or, @@ -359,8 +353,7 @@ The default action is to list all packages available and installed from the repo [[sec-Displaying_Package_Information]] === Displaying Package Information -indexterm:[packages,displaying packages with DNF,dnf info]indexterm:[DNF,displaying packages with DNF,dnf info] -To display information about one or more packages, use a command as follows: +indexterm:[packages,displaying packages with DNF,dnf info]indexterm:[DNF,displaying packages with DNF,dnf info] To display information about one or more packages, use a command as follows: [subs="macros"] ---- @@ -388,8 +381,7 @@ Description : abrt is a tool to help users to detect defects in applications and : to create a bug report with all information needed by maintainer to fix it. : It uses plugin system to extend its functionality. ---- -indexterm:[packages,displaying packages,dnf info]indexterm:[DNF,displaying packages,dnf info] -The [command]#dnf info _package_name_pass:attributes[{blank}]# command is similar to the [command]#rpm -q --info _package_name_pass:attributes[{blank}]# command, but provides as additional information the name of the DNF repository the RPM package was installed from (look for the `From repo:` line in the output). The [command]#dnf info# command shows only the newest available package if there is a newer version available than the one installed. The [command]#dnf repoquery# command can show *all* installed and available packages. +indexterm:[packages,displaying packages,dnf info]indexterm:[DNF,displaying packages,dnf info] The [command]#dnf info _package_name_pass:attributes[{blank}]# command is similar to the [command]#rpm -q --info _package_name_pass:attributes[{blank}]# command, but provides as additional information the name of the DNF repository the RPM package was installed from (look for the `From repo:` line in the output). The [command]#dnf info# command shows only the newest available package if there is a newer version available than the one installed. The [command]#dnf repoquery# command can show *all* installed and available packages. To display information about all available packages, both installed and available from a repository, use a command as follows: @@ -431,8 +423,7 @@ _output truncated_ [[sec-Installing]] === Installing Packages -indexterm:[packages,installing with DNF]indexterm:[DNF,installing with DNF] -DNF allows you to install both a single package and multiple packages, as well as a package group of your choice. +indexterm:[packages,installing with DNF]indexterm:[DNF,installing with DNF] DNF allows you to install both a single package and multiple packages, as well as a package group of your choice. .Installing Individual Packages To install a single package and all of its non-installed dependencies, enter a command in the following form: @@ -540,8 +531,7 @@ For example, the following are alternative but equivalent ways of installing the [[sec-Removing]] === Removing Packages -indexterm:[packages,uninstalling packages with DNF]indexterm:[DNF,uninstalling packages with DNF] -Similarly to package installation, DNF allows you to uninstall (remove in [application]*RPM* and DNF terminology) both individual packages and a package group. +indexterm:[packages,uninstalling packages with DNF]indexterm:[DNF,uninstalling packages with DNF] Similarly to package installation, DNF allows you to uninstall (remove in [application]*RPM* and DNF terminology) both individual packages and a package group. .Removing Individual Packagesindexterm:[packages,uninstalling packages with DNF,dnf remove package_name]indexterm:[DNF,uninstalling packages with DNF,dnf remove package_name] To uninstall a particular package, as well as any packages that depend on it, run the following command as `root`: @@ -652,8 +642,8 @@ The [command]#dnf history list# command produces tabular output with each row co [[tabl-DNF-Transaction_History-Actions]] .Possible values of the Action(s) field -[options="header"] |=== +[options="header"] |Action|Abbreviation|Description |`Downgrade`|`D`|At least one package has been downgraded to an older version. |`Erase`|`E`|At least one package has been removed. @@ -684,8 +674,7 @@ Note that both [command]#dnf history undo# and [command]#dnf history redo# comma [[sec-Configuring_DNF_and_DNF_Repositories]] == Configuring DNF and DNF Repositories -indexterm:[DNF,configuring DNF and DNF repositories]indexterm:[DNF,DNF repositories,configuring DNF and DNF repositories] -The configuration file for DNF and related utilities is located at `/etc/dnf/dnf.conf`. This file contains one mandatory `[main]` section, which allows you to set DNF options that have global effect, and may also contain one or more `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` sections, which allow you to set repository-specific options. However, it is recommended to define individual repositories in new or existing `.repo` files in the `/etc/yum.repos.d/` directory. The values you define in individual `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` sections of the `/etc/dnf/dnf.conf` file override values set in the `[main]` section. +indexterm:[DNF,configuring DNF and DNF repositories]indexterm:[DNF,DNF repositories,configuring DNF and DNF repositories] The configuration file for DNF and related utilities is located at `/etc/dnf/dnf.conf`. This file contains one mandatory `[main]` section, which allows you to set DNF options that have global effect, and may also contain one or more `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` sections, which allow you to set repository-specific options. However, it is recommended to define individual repositories in new or existing `.repo` files in the `/etc/yum.repos.d/` directory. The values you define in individual `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` sections of the `/etc/dnf/dnf.conf` file override values set in the `[main]` section. This section shows you how to: @@ -701,8 +690,7 @@ This section shows you how to: [[sec-Setting_main_Options]] === Setting [main] Options -indexterm:[DNF,setting [main] options] -The `/etc/dnf/dnf.conf` configuration file contains exactly one `[main]` section, and while some of the key-value pairs in this section affect how [command]#dnf# operates, others affect how DNF treats repositories. +indexterm:[DNF,setting [main] options] The `/etc/dnf/dnf.conf` configuration file contains exactly one `[main]` section, and while some of the key-value pairs in this section affect how [command]#dnf# operates, others affect how DNF treats repositories. You can add many additional options under the `[main]` section heading in `/etc/dnf/dnf.conf`. @@ -758,8 +746,7 @@ For a complete list of available `[main]` options, refer to the `[MAIN] OPTIONS` [[sec-Setting_repository_Options]] === Setting [repository] Options -indexterm:[DNF,setting [repository] options] -The `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` sections, where _repository_ is a unique repository ID such as `my_personal_repo` (spaces are not permitted), allow you to define individual DNF repositories. +indexterm:[DNF,setting [repository] options] The `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` sections, where _repository_ is a unique repository ID such as `my_personal_repo` (spaces are not permitted), allow you to define individual DNF repositories. The following is a bare-minimum example of the form a `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` section takes: @@ -815,8 +802,7 @@ Many more `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` optio [[sec-Using_DNF_Variables]] === Using DNF Variables -indexterm:[DNF,variables] -Variables can be used only in the appropriate sections of the DNF configuration files, namely the `/etc/dnf/dnf.conf` file and all `.repo` files in the `/etc/yum.repos.d/` directory. Repository variables include: +indexterm:[DNF,variables] Variables can be used only in the appropriate sections of the DNF configuration files, namely the `/etc/dnf/dnf.conf` file and all `.repo` files in the `/etc/yum.repos.d/` directory. Repository variables include: `$releasever`:: Refers to the release version of operating system which DNF derives from information available in RPMDB. @@ -846,8 +832,7 @@ cachedir = /var/cache/dnf/x86_64/22 [[sec-Managing_DNF_Repositories]] == Adding, Enabling, and Disabling a DNF Repository -indexterm:[DNF,repository] -xref:DNF.adoc#sec-Setting_repository_Options[Setting [repository] Options] describes various options you can use to define a DNF repository. This section explains how to add, enable, and disable a repository by using the [command]#dnf config-manager# command. +indexterm:[DNF,repository] xref:DNF.adoc#sec-Setting_repository_Options[Setting [repository] Options] describes various options you can use to define a DNF repository. This section explains how to add, enable, and disable a repository by using the [command]#dnf config-manager# command. .Adding a DNF Repository To define a new repository, you can either add a `[pass:attributes[{blank}]_repository_pass:attributes[{blank}]]` section to the `/etc/dnf/dnf.conf` file, or to a `.repo` file in the `/etc/yum.repos.d/` directory. All files with the `.repo` file extension in this directory are read by DNF, and it is recommended to define your repositories here instead of in `/etc/dnf/dnf.conf`. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc index 107a353..72dbd70 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/package-management/intro-package-management.adoc @@ -6,17 +6,10 @@ There are two types of {MAJOROS} system; "`traditional`", which use DNF, and "`i == Traditional package management -On a traditional {MAJOROS} system, software is divided into RPM packages, which -can be managed via [application]*DNF*. +On a traditional {MAJOROS} system, software is divided into RPM packages, which can be managed via [application]*DNF*. == Hybrid image/package management -The "`Atomic`" variant of {MAJOROS} uses [application]*rpm-ostree* to update the -host. `rpm-ostree` is a hybrid image/package system. By default, installations -are in "`image`" mode using OSTree, but additional packages can be installed. It -also supports overrides, rebases, and many other features. For more information, -see link:++https://www.projectatomic.io/docs/os-updates/++[its online documentation]. +The "`Atomic`" variant of {MAJOROS} uses [application]*rpm-ostree* to update the host. `rpm-ostree` is a hybrid image/package system. By default, installations are in "`image`" mode using OSTree, but additional packages can be installed. It also supports overrides, rebases, and many other features. For more information, see link:++https://www.projectatomic.io/docs/os-updates/++[its online documentation]. -Additionally, the `atomic` CLI supports installation of system containers, which -are Docker/OCI images distinct from the host user space. For more information, -see link:++https://www.projectatomic.io/docs/usr-bin-atomic/++[its online documentation]. +Additionally, the `atomic` CLI supports installation of system containers, which are Docker/OCI images distinct from the host user space. For more information, see link:++https://www.projectatomic.io/docs/usr-bin-atomic/++[its online documentation]. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc index c457da6..f8891e4 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/package-management/rpm-ostree.adoc @@ -4,8 +4,6 @@ include::{partialsdir}/entities.adoc[] [[ch-rpm-ostree]] = rpm-ostree -[application]*rpm-ostree* is a hybrid image/package system for {OSORG}. One of -the most important things to understand is that available RPMs come from the same -`/etc/yum.repos.d` sources. +[application]*rpm-ostree* is a hybrid image/package system for {OSORG}. One of the most important things to understand is that available RPMs come from the same `/etc/yum.repos.d` sources. For more information, see the link:https://coreos.github.io/rpm-ostree/[upstream documentation]. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/pam_userdb.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/pam_userdb.adoc index 3557313..698e98f 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/pam_userdb.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/pam_userdb.adoc @@ -11,7 +11,7 @@ Recently, pam_userdb switched its database provider from Berkeley DB to GDBM. If == Determining whether you are using pam_userdb The way to determine if you are using pam_userdb, is to check the PAM stack: -[source,bash] +[source, bash] ---- $ grep -r pam_userdb /etc/pam.d/ /etc/pam.d/vsftpd:auth sufficient pam_userdb.so db=/etc/vsftpd/login @@ -23,7 +23,7 @@ If you are not using pam_userdb, then the search will return no values and you d libdb package contains a binary that will handle the conversion for you. You only need to run it by providing the source and destination database files:. Example: -[source,bash] +[source, bash] ---- $ db_converter --src /etc/vsftpd/login.db --dest /etc/vsftpd/login.gdbm ---- diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc index fd1420e..f4743d3 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_ntpd.adoc @@ -29,8 +29,7 @@ Stratum 0::: Atomic Clocks and their signals broadcast over Radio and GPS ** Mobile Phone Systems -** Low Frequency Radio Broadcasts+ - WWVB (Colorado, USA.), JJY-40 and JJY-60 (Japan), DCF77 (Germany), and MSF (United Kingdom) +** Low Frequency Radio Broadcasts+ WWVB (Colorado, USA.), JJY-40 and JJY-60 (Japan), DCF77 (Germany), and MSF (United Kingdom) + These signals can be received by dedicated devices and are usually connected by RS-232 to a system used as an organizational or site-wide time server. @@ -49,8 +48,7 @@ This process continues down to Stratum 15 which is the lowest valid stratum. The [[s1-Understanding_NTP]] == Understanding NTP -The version of `NTP` used by {MAJOROS} is as described in [citetitle]_link:++https://www.rfc-editor.org/info/rfc1305++[RFC 1305 Network Time Protocol (Version 3) -Specification, Implementation and Analysis]_ and [citetitle]_link:++https://www.rfc-editor.org/info/rfc5905++[RFC 5905 Network Time Protocol Version 4: Protocol and Algorithms Specification]_ +The version of `NTP` used by {MAJOROS} is as described in [citetitle]_link:++https://www.rfc-editor.org/info/rfc1305++[RFC 1305 Network Time Protocol (Version 3) Specification, Implementation and Analysis]_ and [citetitle]_link:++https://www.rfc-editor.org/info/rfc5905++[RFC 5905 Network Time Protocol Version 4: Protocol and Algorithms Specification]_ This implementation of `NTP` enables sub-second accuracy to be achieved. Over the Internet, accuracy to 10s of milliseconds is normal. On a Local Area Network (LAN), 1 ms accuracy is possible under ideal conditions. This is because clock drift is now accounted and corrected for, which was not done in earlier, simpler, time protocol systems. A resolution of 233 picoseconds is provided by using 64-bit time stamps. The first 32-bits of the time stamp is used for seconds, the last 32-bits are used for fractions of seconds. @@ -114,9 +112,7 @@ The driftfile entry:: A path to the drift file is specified, the default entry o driftfile /var/lib/ntp/drift ---- -If you change this be certain that the directory is writable by `ntpd`. -The file contains one value used to adjust the system clock frequency after every system or service start. -See xref:Configuring_NTP_Using_ntpd.adoc#s1-Understanding_the_Drift_File[Understanding the Drift File] for more information. +If you change this be certain that the directory is writable by `ntpd`. The file contains one value used to adjust the system clock frequency after every system or service start. See xref:Configuring_NTP_Using_ntpd.adoc#s1-Understanding_the_Drift_File[Understanding the Drift File] for more information. The access control entries:: The following line sets the default access control restriction: @@ -456,8 +452,7 @@ The [command]#server# command takes the following form: [command]#server# _address_ ---- -where _address_ is an `IP` unicast address or a `DNS` resolvable name. -The address of a remote reference server or local reference clock from which packets are to be received. +where _address_ is an `IP` unicast address or a `DNS` resolvable name. The address of a remote reference server or local reference clock from which packets are to be received. [[s2_Adding_a_Broadcast_or_Mutlticast_Server_Address]] === Adding a Broadcast or Multicast Server Address @@ -489,8 +484,7 @@ The [command]#manycastclient# command takes the following form: [command]#manycastclient# _address_ ---- -where _address_ is an `IP` multicast address from which packets are to be received. -The client will send a request to the address and select the best servers from the responses and ignore other servers. `NTP` communication then uses unicast associations, as if the discovered `NTP` servers were listed in `ntp.conf`. +where _address_ is an `IP` multicast address from which packets are to be received. The client will send a request to the address and select the best servers from the responses and ignore other servers. `NTP` communication then uses unicast associations, as if the discovered `NTP` servers were listed in `ntp.conf`. This command configures a system to act as an `NTP` client. Systems can be both client and server at the same time. @@ -578,8 +572,7 @@ To configure symmetric authentication using a key, add the following option to t [command]#key# _number_ ---- -where _number_ is in the range `1` to `65534` inclusive. -This option enables the use of a _message authentication code_ (*MAC*) in packets. This option is for use with the [command]#peer#, [command]#server#, [command]#broadcast#, and [command]#manycastclient# commands. +where _number_ is in the range `1` to `65534` inclusive. This option enables the use of a _message authentication code_ (*MAC*) in packets. This option is for use with the [command]#peer#, [command]#server#, [command]#broadcast#, and [command]#manycastclient# commands. The option can be used in the `/etc/ntp.conf` file as follows: diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc index 93fd162..3447ac3 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_NTP_Using_the_chrony_Suite.adoc @@ -72,8 +72,7 @@ The default configuration file for `chronyd` is `/etc/chrony.conf`. The [option] Comments:: Comments should be preceded by #, %, ; or ! -allow:: Optionally specify a host, subnet, or network from which to allow `NTP` connections to a machine acting as `NTP` server. The default is not to allow connections. -Examples: +allow:: Optionally specify a host, subnet, or network from which to allow `NTP` connections to a machine acting as `NTP` server. The default is not to allow connections. Examples: .. [subs="quotes"] ---- allow server1.example.com @@ -448,8 +447,7 @@ The columns are as follows: M:: This indicates the mode of the source. `^` means a server, `=` means a peer and `#` indicates a locally connected reference clock. -S:: This column indicates the state of the sources. "`*`" indicates the source to which `chronyd` is currently synchronized. "`+`" indicates acceptable sources which are combined with the selected source. "`-`" indicates acceptable sources which are excluded by the combining algorithm. "`?`" indicates sources to which connectivity has been lost or whose packets do not pass all tests. "`x`" indicates a clock which `chronyd` thinks is a _falseticker_ (its time is inconsistent with a majority of other sources). "`~`" indicates a source whose time appears to have too much -variability. The "`?`" condition is also shown at start-up, until at least 3 samples have been gathered from it. +S:: This column indicates the state of the sources. "`*`" indicates the source to which `chronyd` is currently synchronized. "`+`" indicates acceptable sources which are combined with the selected source. "`-`" indicates acceptable sources which are excluded by the combining algorithm. "`?`" indicates sources to which connectivity has been lost or whose packets do not pass all tests. "`x`" indicates a clock which `chronyd` thinks is a _falseticker_ (its time is inconsistent with a majority of other sources). "`~`" indicates a source whose time appears to have too much variability. The "`?`" condition is also shown at start-up, until at least 3 samples have been gathered from it. Name/IP address:: This shows the name or the `IP` address of the source, or reference ID for reference clocks. diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc index 158325e..4caa2de 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Configuring_PTP_Using_ptp4l.adoc @@ -20,7 +20,7 @@ The clocks synchronized by `PTP` are organized in a master-slave hierarchy. The [[exam-Understanding_PTP]] .PTP grandmaster, boundary, and slave Clocks -image::ptp_grandmaster_boundary_and_slaves.png[An illustration showing PTP grandmaster, boundary, and slave clocks] +image::ptp_grandmaster_boundary_and_slaves.png["An illustration showing PTP grandmaster", boundary, and slave clocks] [[sec-Advantages_of_PTP]] === Advantages of PTP @@ -61,8 +61,7 @@ Hardware Receive Filter Modes: Where _em3_ is the interface you want to check. -For software time stamping support, the parameters list -should include: +For software time stamping support, the parameters list should include: * `SOF_TIMESTAMPING_SOFTWARE` @@ -70,8 +69,7 @@ should include: * `SOF_TIMESTAMPING_RX_SOFTWARE` -For hardware time stamping support, the parameters list -should include: +For hardware time stamping support, the parameters list should include: * `SOF_TIMESTAMPING_RAW_HARDWARE` @@ -460,8 +458,7 @@ priority1 127 # ptp4l -f /etc/ptp4l.conf ---- -With hardware time stamping, [application]*phc2sys* needs to be used to synchronize the `PTP` hardware clock to the system clock. -If running [application]*phc2sys* as a service, edit the `/etc/sysconfig/phc2sys` configuration file. The default setting in the `/etc/sysconfig/phc2sys` file is as follows: +With hardware time stamping, [application]*phc2sys* needs to be used to synchronize the `PTP` hardware clock to the system clock. If running [application]*phc2sys* as a service, edit the `/etc/sysconfig/phc2sys` configuration file. The default setting in the `/etc/sysconfig/phc2sys` file is as follows: [subs="quotes"] ---- @@ -475,8 +472,7 @@ As `root`, edit that line as follows: OPTIONS="-a -r -r" ---- -The [option]`-r` option is used twice here to allow synchronization of the `PTP` hardware clock on the NIC from the system clock. -Restart the [application]*phc2sys* service for the changes to take effect: +The [option]`-r` option is used twice here to allow synchronization of the `PTP` hardware clock on the NIC from the system clock. Restart the [application]*phc2sys* service for the changes to take effect: ---- ~]# systemctl restart phc2sys @@ -506,7 +502,7 @@ To start [application]*timemaster* as a service, issue the following command as ~]#{nbsp}systemctl start timemaster ---- -This will read the options in `/etc/timemaster.conf`. +This will read the options in `/etc/timemaster.conf`. [[sec-Understanding_the_timemaster_Configuration_File]] === Understanding the timemaster Configuration File diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc index 114f762..17e568e 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Mail_Servers.adoc @@ -9,8 +9,7 @@ include::{partialsdir}/entities.adoc[] [[s1-email-protocols]] == Email Protocols -indexterm:[email,protocols] -Today, email is delivered using a client/server architecture. An email message is created using a mail client program. This program then sends the message to a server. The server then forwards the message to the recipient's email server, where the message is then supplied to the recipient's email client. +indexterm:[email,protocols] Today, email is delivered using a client/server architecture. An email message is created using a mail client program. This program then sends the message to a server. The server then forwards the message to the recipient's email server, where the message is then supplied to the recipient's email client. To enable this process, a variety of standard network protocols allow different machines, often running different operating systems and using different email programs, to send and receive email. @@ -23,8 +22,7 @@ Mail delivery from a client application to the server, and from an originating s [[s3-email-protocols-smtp]] ==== SMTP -indexterm:[email,protocols,SMTP] -The primary purpose of SMTP is to transfer email between mail servers. However, it is critical for email clients as well. To send email, the client sends the message to an outgoing mail server, which in turn contacts the destination mail server for delivery. For this reason, it is necessary to specify an SMTP server when configuring an email client. +indexterm:[email,protocols,SMTP] The primary purpose of SMTP is to transfer email between mail servers. However, it is critical for email clients as well. To send email, the client sends the message to an outgoing mail server, which in turn contacts the destination mail server for delivery. For this reason, it is necessary to specify an SMTP server when configuring an email client. Under {MAJOROS}, a user can configure an SMTP server on the local machine to handle mail delivery. However, it is also possible to configure remote SMTP servers for outgoing mail. @@ -39,8 +37,7 @@ There are two primary protocols used by email client applications to retrieve em [[s3-email-protocols-pop]] ==== POP -indexterm:[email,protocols,POP] -The default POP server under {MAJOROS} is [application]*Dovecot* and is provided by the [package]*dovecot* package. +indexterm:[email,protocols,POP] The default POP server under {MAJOROS} is [application]*Dovecot* and is provided by the [package]*dovecot* package. .Installing the dovecot package [NOTE] @@ -77,8 +74,7 @@ For added security, it is possible to use _Secure Socket Layer_ (_SSL_) encrypti [[s3-email-protocols-imap]] ==== IMAP -indexterm:[email,protocols,IMAP] -The default `IMAP` server under {MAJOROS} is [application]*Dovecot* and is provided by the [package]*dovecot* package. See xref:Mail_Servers.adoc#s3-email-protocols-pop[POP] for information on how to install [application]*Dovecot*. +indexterm:[email,protocols,IMAP] The default `IMAP` server under {MAJOROS} is [application]*Dovecot* and is provided by the [package]*dovecot* package. See xref:Mail_Servers.adoc#s3-email-protocols-pop[POP] for information on how to install [application]*Dovecot*. When using an `IMAP` mail server, email messages remain on the server where users can read or delete them. `IMAP` also allows client applications to create, rename, or delete mail directories on the server to organize and store email. @@ -94,8 +90,7 @@ Other free, as well as commercial, IMAP clients and servers are available, many [[s3-mail-server-dovecot]] ==== Dovecot -indexterm:[email,mail server,Dovecot] -The [command]#imap-login# and [command]#pop3-login# processes which implement the `IMAP` and `POP3` protocols are spawned by the master `dovecot` daemon included in the [package]*dovecot* package. The use of `IMAP` and `POP` is configured through the `/etc/dovecot/dovecot.conf` configuration file; by default [command]#dovecot# runs `IMAP` and `POP3` together with their secure versions using `SSL`. To configure [command]#dovecot# to use `POP`, complete the following steps: +indexterm:[email,mail server,Dovecot] The [command]#imap-login# and [command]#pop3-login# processes which implement the `IMAP` and `POP3` protocols are spawned by the master `dovecot` daemon included in the [package]*dovecot* package. The use of `IMAP` and `POP` is configured through the `/etc/dovecot/dovecot.conf` configuration file; by default [command]#dovecot# runs `IMAP` and `POP3` together with their secure versions using `SSL`. To configure [command]#dovecot# to use `POP`, complete the following steps: . Edit the `/etc/dovecot/dovecot.conf` configuration file to make sure the `protocols` variable is uncommented (remove the hash sign (`#`) at the beginning of the line) and contains the `pop3` argument. For example: + @@ -148,13 +143,11 @@ More details on [command]#dovecot# can be found online at link:++https://www.dov [[s1-email-types]] == Email Program Classifications -indexterm:[email,program classifications] -In general, all email applications fall into at least one of three classifications. Each classification plays a specific role in the process of moving and managing email messages. While most users are only aware of the specific email program they use to receive and send messages, each one is important for ensuring that email arrives at the correct destination. +indexterm:[email,program classifications] In general, all email applications fall into at least one of three classifications. Each classification plays a specific role in the process of moving and managing email messages. While most users are only aware of the specific email program they use to receive and send messages, each one is important for ensuring that email arrives at the correct destination. [[s2-email-types-mta]] === Mail Transport Agent -indexterm:[email,types,Mail Transport Agent]indexterm:[Mail Transport Agent,email]indexterm:[MTA,Mail Transport Agent] -A _Mail Transport Agent_ (_MTA_) transports email messages between hosts using `SMTP`. A message may involve several MTAs as it moves to its intended destination. +indexterm:[email,types,Mail Transport Agent]indexterm:[Mail Transport Agent,email]indexterm:[MTA,Mail Transport Agent] A _Mail Transport Agent_ (_MTA_) transports email messages between hosts using `SMTP`. A message may involve several MTAs as it moves to its intended destination. While the delivery of messages between machines may seem rather straightforward, the entire process of deciding if a particular MTA can or should accept a message for delivery is quite complicated. In addition, due to problems from spam, use of a particular MTA is usually restricted by the MTA's configuration or the access configuration for the network on which the MTA resides. @@ -166,15 +159,13 @@ For more information on Postfix, Sendmail, and Fetchmail, see xref:Mail_Servers. [[s2-email-types-mda]] === Mail Delivery Agent -indexterm:[email,types,Mail Delivery Agent]indexterm:[Mail Delivery Agent,email]indexterm:[MDA,Mail Delivery Agent] -A _Mail Delivery Agent_ (_MDA_) is invoked by the MTA to file incoming email in the proper user's mailbox. In many cases, the MDA is actually a _Local Delivery Agent_ (_LDA_), such as [command]#mail# or Procmail. +indexterm:[email,types,Mail Delivery Agent]indexterm:[Mail Delivery Agent,email]indexterm:[MDA,Mail Delivery Agent] A _Mail Delivery Agent_ (_MDA_) is invoked by the MTA to file incoming email in the proper user's mailbox. In many cases, the MDA is actually a _Local Delivery Agent_ (_LDA_), such as [command]#mail# or Procmail. Any program that actually handles a message for delivery to the point where it can be read by an email client application can be considered an MDA. For this reason, some MTAs (such as Sendmail and Postfix) can fill the role of an MDA when they append new email messages to a local user's mail spool file. In general, MDAs do not transport messages between systems nor do they provide a user interface; MDAs distribute and sort messages on the local machine for an email client application to access. [[s2-email-types-mua]] === Mail User Agent -indexterm:[email,types,Mail User Agent]indexterm:[Mail User Agent,email]indexterm:[MUA,Mail User Agent] -A _Mail User Agent_ (_MUA_) is synonymous with an email client application. An MUA is a program that, at a minimum, allows a user to read and compose email messages. Many MUAs are capable of retrieving messages via the `POP` or `IMAP` protocols, setting up mailboxes to store messages, and sending outbound messages to an MTA. +indexterm:[email,types,Mail User Agent]indexterm:[Mail User Agent,email]indexterm:[MUA,Mail User Agent] A _Mail User Agent_ (_MUA_) is synonymous with an email client application. An MUA is a program that, at a minimum, allows a user to read and compose email messages. Many MUAs are capable of retrieving messages via the `POP` or `IMAP` protocols, setting up mailboxes to store messages, and sending outbound messages to an MTA. MUAs may be graphical, such as [application]*Evolution*, or have simple text-based interfaces, such as [application]*Mutt*. @@ -206,8 +197,7 @@ For more information on how to manage system services in {MAJOROSVER}, see xref: [[s2-email-mta-postfix]] === Postfix -indexterm:[email,Postfix]indexterm:[Postfix] -Originally developed at IBM by security expert and programmer Wietse Venema, Postfix is a Sendmail-compatible MTA that is designed to be secure, fast, and easy to configure. +indexterm:[email,Postfix]indexterm:[Postfix] Originally developed at IBM by security expert and programmer Wietse Venema, Postfix is a Sendmail-compatible MTA that is designed to be secure, fast, and easy to configure. To improve security, Postfix uses a modular design, where small processes with limited privileges are launched by a _master_ daemon. The smaller, less privileged processes perform very specific tasks related to the various stages of mail delivery and run in a changed root environment to limit the effects of attacks. @@ -217,8 +207,7 @@ The configuration files for Postfix are human readable and support upward of 250 [[s3-email-mta-postfix-default]] ==== The Default Postfix Installation -indexterm:[Postfix,default installation] -The Postfix executable is `postfix`. This daemon launches all related processes needed to handle mail delivery. +indexterm:[Postfix,default installation] The Postfix executable is `postfix`. This daemon launches all related processes needed to handle mail delivery. Postfix stores its configuration files in the `/etc/postfix/` directory. The following is a list of the more commonly used files: @@ -310,13 +299,11 @@ For more information on `LDAP`, see xref:servers/Directory_Servers.adoc#s1-OpenL [[s2-email-mta-sendmail]] === Sendmail -indexterm:[email,Sendmail]indexterm:[Sendmail] -Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the `SMTP` protocol. Note that Sendmail is considered deprecated and users are encouraged to use Postfix when possible. See xref:Mail_Servers.adoc#s2-email-mta-postfix[Postfix] for more information. +indexterm:[email,Sendmail]indexterm:[Sendmail] Sendmail's core purpose, like other MTAs, is to safely transfer email among hosts, usually using the `SMTP` protocol. Note that Sendmail is considered deprecated and users are encouraged to use Postfix when possible. See xref:Mail_Servers.adoc#s2-email-mta-postfix[Postfix] for more information. [[s3-email-mta-sendmail-purpose]] ==== Purpose and Limitations -indexterm:[Sendmail,purpose]indexterm:[Sendmail,limitations] -It is important to be aware of what Sendmail is and what it can do, as opposed to what it is not. In these days of monolithic applications that fulfill multiple roles, Sendmail may seem like the only application needed to run an email server within an organization. Technically, this is true, as Sendmail can spool mail to each users' directory and deliver outbound mail for users. However, most users actually require much more than simple email delivery. Users usually want to interact with their email using an MUA, that uses `POP` or `IMAP`, to download their messages to their local machine. Or, they may prefer a Web interface to gain access to their mailbox. These other applications can work in conjunction with Sendmail, but they actually exist for different reasons and can operate separately from one another. +indexterm:[Sendmail,purpose]indexterm:[Sendmail,limitations] It is important to be aware of what Sendmail is and what it can do, as opposed to what it is not. In these days of monolithic applications that fulfill multiple roles, Sendmail may seem like the only application needed to run an email server within an organization. Technically, this is true, as Sendmail can spool mail to each users' directory and deliver outbound mail for users. However, most users actually require much more than simple email delivery. Users usually want to interact with their email using an MUA, that uses `POP` or `IMAP`, to download their messages to their local machine. Or, they may prefer a Web interface to gain access to their mailbox. These other applications can work in conjunction with Sendmail, but they actually exist for different reasons and can operate separately from one another. It is beyond the scope of this section to go into all that Sendmail should or could be configured to do. With literally hundreds of different options and rule sets, entire volumes have been dedicated to helping explain everything that can be done and how to fix things that go wrong. See the xref:Mail_Servers.adoc#s1-email-additional-resources[Additional Resources] for a list of Sendmail resources. @@ -324,8 +311,7 @@ This section reviews the files installed with Sendmail by default and reviews ba [[s3-email-mta-sendmail-default]] ==== The Default Sendmail Installation -indexterm:[Sendmail,default installation] -In order to use Sendmail, first ensure the [package]*sendmail* package is installed on your system by running, as `root`: +indexterm:[Sendmail,default installation] In order to use Sendmail, first ensure the [package]*sendmail* package is installed on your system by running, as `root`: [subs="attributes"] ---- @@ -424,8 +410,7 @@ Using the [option]`all` option will result in the `virtusertable.db` and `access [[s3-email-mta-sendmail-changes]] ==== Common Sendmail Configuration Changes -indexterm:[Sendmail,common configuration changes]indexterm:[Sendmail,with UUCP] -When altering the Sendmail configuration file, it is best not to edit an existing file, but to generate an entirely new `/etc/mail/sendmail.cf` file. +indexterm:[Sendmail,common configuration changes]indexterm:[Sendmail,with UUCP] When altering the Sendmail configuration file, it is best not to edit an existing file, but to generate an entirely new `/etc/mail/sendmail.cf` file. .Backup the sendmail.cf file before changing its content [WARNING] @@ -461,8 +446,7 @@ Consult the `/usr/share/sendmail-cf/README` file before editing any files in the [[s3-email-sendmail-changes-masquerading]] ==== Masquerading -indexterm:[Sendmail,aliases]indexterm:[Sendmail,masquerading] -One common Sendmail configuration is to have a single machine act as a mail gateway for all machines on the network. For example, a company may want to have a machine called `mail.example.com` that handles all of their email and assigns a consistent return address to all outgoing mail. +indexterm:[Sendmail,aliases]indexterm:[Sendmail,masquerading] One common Sendmail configuration is to have a single machine act as a mail gateway for all machines on the network. For example, a company may want to have a machine called `mail.example.com` that handles all of their email and assigns a consistent return address to all outgoing mail. In this situation, the Sendmail server must masquerade the machine names on the company network so that their return address is `user@example.com` instead of `user@host.example.com`. @@ -482,8 +466,7 @@ After generating a new `sendmail.cf` file using the [command]#m4# macro processo [[s3-email-sendmail-stopping-spam]] ==== Stopping Spam -indexterm:[Sendmail,spam] -Email spam can be defined as unnecessary and unwanted email received by a user who never requested the communication. It is a disruptive, costly, and widespread abuse of Internet communication standards. +indexterm:[Sendmail,spam] Email spam can be defined as unnecessary and unwanted email received by a user who never requested the communication. It is a disruptive, costly, and widespread abuse of Internet communication standards. Sendmail makes it relatively easy to block new spamming techniques being employed to send junk email. It even blocks many of the more usual spamming methods by default. Main anti-spam features available in sendmail are _header checks_, _relaying denial_ (default from version 8.9), _access database and sender information checks_. @@ -518,8 +501,7 @@ Since Sendmail calls the Procmail MDA when delivering mail, it is also possible [[s3-email-mta-sendmail-ldap]] ==== Using Sendmail with LDAP -indexterm:[Sendmail,LDAP and] -Using `LDAP` is a very quick and powerful way to find specific information about a particular user from a much larger group. For example, an `LDAP` server can be used to look up a particular email address from a common corporate directory by the user's last name. In this kind of implementation, `LDAP` is largely separate from Sendmail, with `LDAP` storing the hierarchical user information and Sendmail only being given the result of `LDAP` queries in pre-addressed email messages. +indexterm:[Sendmail,LDAP and] Using `LDAP` is a very quick and powerful way to find specific information about a particular user from a much larger group. For example, an `LDAP` server can be used to look up a particular email address from a common corporate directory by the user's last name. In this kind of implementation, `LDAP` is largely separate from Sendmail, with `LDAP` storing the hierarchical user information and Sendmail only being given the result of `LDAP` queries in pre-addressed email messages. However, Sendmail supports a much greater integration with `LDAP`, where it uses `LDAP` to replace separately maintained files, such as `/etc/aliases` and `/etc/mail/virtusertables`, on different mail servers that work together to support a medium- to enterprise-level organization. In short, `LDAP` abstracts the mail routing level from Sendmail and its separate configuration files to a powerful `LDAP` cluster that can be leveraged by many different applications. @@ -547,8 +529,7 @@ For more information on `LDAP`, see xref:servers/Directory_Servers.adoc#s1-OpenL [[s2-email-mta-fetchmail]] === Fetchmail -indexterm:[email,Fetchmail]indexterm:[Fetchmail] -Fetchmail is an MTA which retrieves email from remote servers and delivers it to the local MTA. Many users appreciate the ability to separate the process of downloading their messages located on a remote server from the process of reading and organizing their email in an MUA. Designed with the needs of dial-up users in mind, Fetchmail connects and quickly downloads all of the email messages to the mail spool file using any number of protocols, including `POP3` and `IMAP`. It can even forward email messages to an `SMTP` server, if necessary. +indexterm:[email,Fetchmail]indexterm:[Fetchmail] Fetchmail is an MTA which retrieves email from remote servers and delivers it to the local MTA. Many users appreciate the ability to separate the process of downloading their messages located on a remote server from the process of reading and organizing their email in an MUA. Designed with the needs of dial-up users in mind, Fetchmail connects and quickly downloads all of the email messages to the mail spool file using any number of protocols, including `POP3` and `IMAP`. It can even forward email messages to an `SMTP` server, if necessary. .Installing the fetchmail package [NOTE] @@ -571,8 +552,7 @@ Using preferences in the `.fetchmailrc` file, Fetchmail checks for email on a re [[s3-email-mda-fetchmail-configuration]] ==== Fetchmail Configuration Options -indexterm:[Fetchmail,configuration options]indexterm:[.fetchmailrc] -Although it is possible to pass all necessary options on the command line to check for email on a remote server when executing Fetchmail, using a `.fetchmailrc` file is much easier. Place any desired configuration options in the `.fetchmailrc` file for those options to be used each time the [command]#fetchmail# command is issued. It is possible to override these at the time Fetchmail is run by specifying that option on the command line. +indexterm:[Fetchmail,configuration options]indexterm:[.fetchmailrc] Although it is possible to pass all necessary options on the command line to check for email on a remote server when executing Fetchmail, using a `.fetchmailrc` file is much easier. Place any desired configuration options in the `.fetchmailrc` file for those options to be used each time the [command]#fetchmail# command is issued. It is possible to override these at the time Fetchmail is run by specifying that option on the command line. A user's `.fetchmailrc` file contains three classes of configuration options: @@ -615,10 +595,9 @@ Fetchmail has numerous global, server, and local options. Many of these options [[s3-email-mda-fetchmail-configuration-global]] ==== Global Options -indexterm:[Fetchmail,configuration options,global options]indexterm:[ch-email .fetchmailrc,global options] -Each global option should be placed on a single line after a [command]#set# action. +indexterm:[Fetchmail,configuration options,global options]indexterm:[ch-email .fetchmailrc,global options] Each global option should be placed on a single line after a [command]#set# action. -* [command]#daemon _seconds_pass:attributes[{blank}]# — Specifies daemon-mode, where Fetchmail stays in the background. Replace _seconds_ with the number of seconds Fetchmail is to wait before polling the server. +* [command]#daemon _seconds_pass:attributes[{blank}]# — Specifies daemon-mode, where Fetchmail stays in the background. Replace _seconds_ with the number of seconds Fetchmail is to wait before polling the server. * [command]#postmaster# — Specifies a local user to send mail to in case of delivery problems. @@ -626,31 +605,29 @@ Each global option should be placed on a single line after a [command]#set# acti [[s3-email-mda-fetchmail-configuration-server]] ==== Server Options -indexterm:[Fetchmail,configuration options,server options]indexterm:[.fetchmailrc,server options] -Server options must be placed on their own line in `.fetchmailrc` after a [command]#poll# or [command]#skip# action. +indexterm:[Fetchmail,configuration options,server options]indexterm:[.fetchmailrc,server options] Server options must be placed on their own line in `.fetchmailrc` after a [command]#poll# or [command]#skip# action. -* [command]#auth _auth-type_pass:attributes[{blank}]# — Replace _auth-type_ with the type of authentication to be used. By default, [command]#password# authentication is used, but some protocols support other types of authentication, including [command]#kerberos_v5#, [command]#kerberos_v4#, and [command]#ssh#. If the [command]#any# authentication type is used, Fetchmail first tries methods that do not require a password, then methods that mask the password, and finally attempts to send the password unencrypted to authenticate to the server. +* [command]#auth _auth-type_pass:attributes[{blank}]# — Replace _auth-type_ with the type of authentication to be used. By default, [command]#password# authentication is used, but some protocols support other types of authentication, including [command]#kerberos_v5#, [command]#kerberos_v4#, and [command]#ssh#. If the [command]#any# authentication type is used, Fetchmail first tries methods that do not require a password, then methods that mask the password, and finally attempts to send the password unencrypted to authenticate to the server. -* [command]#interval _number_pass:attributes[{blank}]# — Polls the specified server every [command]#pass:attributes[{blank}]_number_pass:attributes[{blank}]# of times that it checks for email on all configured servers. This option is generally used for email servers where the user rarely receives messages. +* [command]#interval _number_pass:attributes[{blank}]# — Polls the specified server every [command]#pass:attributes[{blank}]_number_pass:attributes[{blank}]# of times that it checks for email on all configured servers. This option is generally used for email servers where the user rarely receives messages. -* [command]#port _port-number_pass:attributes[{blank}]# — Replace _port-number_ with the port number. This value overrides the default port number for the specified protocol. +* [command]#port _port-number_pass:attributes[{blank}]# — Replace _port-number_ with the port number. This value overrides the default port number for the specified protocol. -* [command]#proto _protocol_pass:attributes[{blank}]# — Replace _protocol_ with the protocol, such as [command]#pop3# or [command]#imap#, to use when checking for messages on the server. +* [command]#proto _protocol_pass:attributes[{blank}]# — Replace _protocol_ with the protocol, such as [command]#pop3# or [command]#imap#, to use when checking for messages on the server. -* [command]#timeout _seconds_pass:attributes[{blank}]# — Replace _seconds_ with the number of seconds of server inactivity after which Fetchmail gives up on a connection attempt. If this value is not set, a default of [command]#300# seconds is used. +* [command]#timeout _seconds_pass:attributes[{blank}]# — Replace _seconds_ with the number of seconds of server inactivity after which Fetchmail gives up on a connection attempt. If this value is not set, a default of [command]#300# seconds is used. [[s3-email-fetchmail-configuration-user]] ==== User Options -indexterm:[Fetchmail,configuration options,user options]indexterm:[.fetchmailrc,user options] -User options may be placed on their own lines beneath a server option or on the same line as the server option. In either case, the defined options must follow the [command]#user# option (defined below). +indexterm:[Fetchmail,configuration options,user options]indexterm:[.fetchmailrc,user options] User options may be placed on their own lines beneath a server option or on the same line as the server option. In either case, the defined options must follow the [command]#user# option (defined below). * [command]#fetchall# — Orders Fetchmail to download all messages in the queue, including messages that have already been viewed. By default, Fetchmail only pulls down new messages. -* [command]#fetchlimit _number_pass:attributes[{blank}]# — Replace _number_ with the number of messages to be retrieved before stopping. +* [command]#fetchlimit _number_pass:attributes[{blank}]# — Replace _number_ with the number of messages to be retrieved before stopping. * [command]#flush# — Deletes all previously viewed messages in the queue before retrieving new messages. -* [command]#limit _max-number-bytes_pass:attributes[{blank}]# — Replace _max-number-bytes_ with the maximum size in bytes that messages are allowed to be when retrieved by Fetchmail. This option is useful with slow network links, when a large message takes too long to download. +* [command]#limit _max-number-bytes_pass:attributes[{blank}]# — Replace _max-number-bytes_ with the maximum size in bytes that messages are allowed to be when retrieved by Fetchmail. This option is useful with slow network links, when a large message takes too long to download. * [command]#password 'pass:attributes[{blank}]_password_pass:attributes[{blank}]'# — Replace _password_ with the user's password. @@ -664,15 +641,13 @@ User options may be placed on their own lines beneath a server option or on the [[s3-email-mda-fetchmail-commands]] ==== Fetchmail Command Options -indexterm:[Fetchmail,command options] -Most Fetchmail options used on the command line when executing the [command]#fetchmail# command mirror the `.fetchmailrc` configuration options. In this way, Fetchmail may be used with or without a configuration file. These options are not used on the command line by most users because it is easier to leave them in the `.fetchmailrc` file. +indexterm:[Fetchmail,command options] Most Fetchmail options used on the command line when executing the [command]#fetchmail# command mirror the `.fetchmailrc` configuration options. In this way, Fetchmail may be used with or without a configuration file. These options are not used on the command line by most users because it is easier to leave them in the `.fetchmailrc` file. There may be times when it is desirable to run the [command]#fetchmail# command with other options for a particular purpose. It is possible to issue command options to temporarily override a `.fetchmailrc` setting that is causing an error, as any options specified at the command line override configuration file options. [[s3-email-mda-fetchmail-commands-info]] ==== Informational or Debugging Options -indexterm:[Fetchmail,command options,informational] -Certain options used after the [command]#fetchmail# command can supply important information. +indexterm:[Fetchmail,command options,informational] Certain options used after the [command]#fetchmail# command can supply important information. * [command]#--configdump# — Displays every possible option based on information from `.fetchmailrc` and Fetchmail defaults. No email is retrieved for any users when using this option. @@ -684,14 +659,13 @@ Certain options used after the [command]#fetchmail# command can supply important [[s3-email-mda-fetchmail-commands-special]] ==== Special Options -indexterm:[Fetchmail,command options,special] -These options are occasionally useful for overriding defaults often found in the `.fetchmailrc` file. +indexterm:[Fetchmail,command options,special] These options are occasionally useful for overriding defaults often found in the `.fetchmailrc` file. * [command]#-a# — Fetchmail downloads all messages from the remote email server, whether new or previously viewed. By default, Fetchmail only downloads new messages. * [command]#-k# — Fetchmail leaves the messages on the remote email server after downloading them. This option overrides the default behavior of deleting messages after downloading them. -* [command]#-l _max-number-bytes_pass:attributes[{blank}]# — Fetchmail does not download any messages over a particular size and leaves them on the remote email server. +* [command]#-l _max-number-bytes_pass:attributes[{blank}]# — Fetchmail does not download any messages over a particular size and leaves them on the remote email server. * [command]#--quit# — Quits the Fetchmail daemon process. @@ -699,21 +673,16 @@ More commands and `.fetchmailrc` options can be found in the [command]#fetchmail [[s2-email-switchmail]] === Mail Transport Agent (MTA) Configuration -indexterm:[Mail Transport Agent,MTA]indexterm:[MTA,setting default]indexterm:[MTA,switching with Mail Transport Agent Switcher]indexterm:[Mail Transport Agent Switcher]indexterm:[Mail User Agent]indexterm:[MUA] -A _Mail Transport Agent_ (MTA) is essential for sending email. A _Mail User Agent_ (MUA) such as [application]*Evolution*, [application]*Thunderbird*, and [application]*Mutt*, is used to read and compose email. When a user sends an email from an MUA, the message is handed off to the MTA, which sends the message through a series of MTAs until it reaches its destination. +indexterm:[Mail Transport Agent,MTA]indexterm:[MTA,setting default]indexterm:[MTA,switching with Mail Transport Agent Switcher]indexterm:[Mail Transport Agent Switcher]indexterm:[Mail User Agent]indexterm:[MUA] A _Mail Transport Agent_ (MTA) is essential for sending email. A _Mail User Agent_ (MUA) such as [application]*Evolution*, [application]*Thunderbird*, and [application]*Mutt*, is used to read and compose email. When a user sends an email from an MUA, the message is handed off to the MTA, which sends the message through a series of MTAs until it reaches its destination. -Even if a user does not plan to send email from the system, some automated tasks or system programs might use the [command]#mail# command to send email containing log messages to the `root` user of the local system. -indexterm:[sendmail]indexterm:[postfix] -{MAJOROSVER} provides two MTAs: Postfix and Sendmail. If both are installed, Postfix is the default MTA. Note that Sendmail is considered deprecated in MAJOROS;. +Even if a user does not plan to send email from the system, some automated tasks or system programs might use the [command]#mail# command to send email containing log messages to the `root` user of the local system. indexterm:[sendmail]indexterm:[postfix] {MAJOROSVER} provides two MTAs: Postfix and Sendmail. If both are installed, Postfix is the default MTA. Note that Sendmail is considered deprecated in MAJOROS;. [[s1-email-mda]] == Mail Delivery Agents {MAJOROS} includes two primary MDAs, Procmail and [command]#mail#. Both of the applications are considered LDAs and both move email from the MTA's spool file into the user's mailbox. However, Procmail provides a robust filtering system. -This section details only Procmail. For information on the [command]#mail# command, consult its man page ([command]#man mail#). -indexterm:[email,Procmail]indexterm:[Procmail] -Procmail delivers and filters email as it is placed in the mail spool file of the localhost. It is powerful, gentle on system resources, and widely used. Procmail can play a critical role in delivering email to be read by email client applications. +This section details only Procmail. For information on the [command]#mail# command, consult its man page ([command]#man mail#). indexterm:[email,Procmail]indexterm:[Procmail] Procmail delivers and filters email as it is placed in the mail spool file of the localhost. It is powerful, gentle on system resources, and widely used. Procmail can play a critical role in delivering email to be read by email client applications. Procmail can be invoked in several different ways. Whenever an MTA places an email into the mail spool file, Procmail is launched. Procmail then filters and files the email for the MUA and quits. Alternatively, the MUA can be configured to execute Procmail any time a message is received so that messages are moved into their correct mailboxes. By default, the presence of `/etc/procmailrc` or of a `~/.procmailrc` file (also called an _rc_ file) in the user's home directory invokes Procmail whenever an MTA receives a new message. @@ -725,8 +694,7 @@ When Procmail starts, it reads the email message and separates the body from the [[s2-email-procmail-configuration]] === Procmail Configuration -indexterm:[Procmail,configuration]indexterm:[.procmailrc] -The Procmail configuration file contains important environmental variables. These variables specify things such as which messages to sort and what to do with the messages that do not match any recipes. +indexterm:[Procmail,configuration]indexterm:[.procmailrc] The Procmail configuration file contains important environmental variables. These variables specify things such as which messages to sort and what to do with the messages that do not match any recipes. These environmental variables usually appear at the beginning of the `~/.procmailrc` file in the following format: @@ -735,7 +703,7 @@ These environmental variables usually appear at the beginning of the `~/.procmai _env-variable_pass:attributes[{blank}]="pass:attributes[{blank}]_value_pass:attributes[{blank}]" ---- -In this example, [command]#pass:attributes[{blank}]_env-variable_pass:attributes[{blank}]# is the name of the variable and [command]#pass:attributes[{blank}]_value_pass:attributes[{blank}]# defines the variable. +In this example, [command]#pass:attributes[{blank}]_env-variable_pass:attributes[{blank}]# is the name of the variable and [command]#pass:attributes[{blank}]_value_pass:attributes[{blank}]# defines the variable. There are many environment variables not used by most Procmail users and many of the more important environment variables are already defined by a default value. Most of the time, the following variables are used: @@ -780,8 +748,7 @@ A comprehensive explanation of all environments variables, and their default val [[s2-email-procmail-recipes]] === Procmail Recipes -indexterm:[Procmail,recipes] -New users often find the construction of recipes the most difficult part of learning to use Procmail. This difficulty is often attributed to recipes matching messages by using _regular expressions_ which are used to specify qualifications for string matching. However, regular expressions are not very difficult to construct and even less difficult to understand when read. Additionally, the consistency of the way Procmail recipes are written, regardless of regular expressions, makes it easy to learn by example. To see example Procmail recipes, see xref:Mail_Servers.adoc#s3-email-procmail-recipes-examples[Recipe Examples]. +indexterm:[Procmail,recipes] New users often find the construction of recipes the most difficult part of learning to use Procmail. This difficulty is often attributed to recipes matching messages by using _regular expressions_ which are used to specify qualifications for string matching. However, regular expressions are not very difficult to construct and even less difficult to understand when read. Additionally, the consistency of the way Procmail recipes are written, regardless of regular expressions, makes it easy to learn by example. To see example Procmail recipes, see xref:Mail_Servers.adoc#s3-email-procmail-recipes-examples[Recipe Examples]. Procmail recipes take the following form: @@ -803,16 +770,13 @@ The [command]#pass:attributes[{blank}]_action-to-perform_pass:attributes[{blank} [[s2-email-procmail-recipes-delivering]] ==== Delivering vs. Non-Delivering Recipes -indexterm:[Procmail,recipes,delivering]indexterm:[Procmail,recipes,non-delivering] -The action used if the recipe matches a particular message determines whether it is considered a _delivering_ or _non-delivering_ recipe. A delivering recipe contains an action that writes the message to a file, sends the message to another program, or forwards the message to another email address. A non-delivering recipe covers any other actions, such as a _nesting block_. A nesting block is a set of actions, contained in braces [command]#{# -[command]#}#, that are performed on messages which match the recipe's conditions. Nesting blocks can be nested inside one another, providing greater control for identifying and performing actions on messages. +indexterm:[Procmail,recipes,delivering]indexterm:[Procmail,recipes,non-delivering] The action used if the recipe matches a particular message determines whether it is considered a _delivering_ or _non-delivering_ recipe. A delivering recipe contains an action that writes the message to a file, sends the message to another program, or forwards the message to another email address. A non-delivering recipe covers any other actions, such as a _nesting block_. A nesting block is a set of actions, contained in braces [command]#{# [command]#}#, that are performed on messages which match the recipe's conditions. Nesting blocks can be nested inside one another, providing greater control for identifying and performing actions on messages. When messages match a delivering recipe, Procmail performs the specified action and stops comparing the message against any other recipes. Messages that match non-delivering recipes continue to be compared against other recipes. [[s3-email-procmail-recipes-flags]] ==== Flags -indexterm:[Procmail,recipes,flags] -Flags are essential to determine how or if a recipe's conditions are compared to a message. The [application]*egrep* utility is used internally for matching of the conditions. The following flags are commonly used: +indexterm:[Procmail,recipes,flags] Flags are essential to determine how or if a recipe's conditions are compared to a message. The [application]*egrep* utility is used internally for matching of the conditions. The following flags are commonly used: * [command]#A# — Specifies that this recipe is only used if the previous recipe without an [command]#A# or [command]#a# flag also matched this message. @@ -844,15 +808,13 @@ For a detailed list of additional flags, see the `procmailrc` man page. [[s3-email-procmail-recipes-lockfile]] ==== Specifying a Local Lockfile -indexterm:[Procmail,recipes,local lockfiles] -Lockfiles are very useful with Procmail to ensure that more than one process does not try to alter a message simultaneously. Specify a local lockfile by placing a colon ([command]#:#) after any flags on a recipe's first line. This creates a local lockfile based on the destination file name plus whatever has been set in the [command]#LOCKEXT# global environment variable. +indexterm:[Procmail,recipes,local lockfiles] Lockfiles are very useful with Procmail to ensure that more than one process does not try to alter a message simultaneously. Specify a local lockfile by placing a colon ([command]#:#) after any flags on a recipe's first line. This creates a local lockfile based on the destination file name plus whatever has been set in the [command]#LOCKEXT# global environment variable. Alternatively, specify the name of the local lockfile to be used with this recipe after the colon. [[s3-email-procmail-recipes-special]] ==== Special Conditions and Actions -indexterm:[Procmail,recipes,special conditions]indexterm:[Procmail,recipes,special actions] -Special characters used before Procmail recipe conditions and actions change the way they are interpreted. +indexterm:[Procmail,recipes,special conditions]indexterm:[Procmail,recipes,special actions] Special characters used before Procmail recipe conditions and actions change the way they are interpreted. The following characters may be used after the asterisk character ([command]#*#) at the beginning of a recipe's condition line: @@ -876,8 +838,7 @@ If no special character is used at the beginning of the action line, Procmail as [[s3-email-procmail-recipes-examples]] ==== Recipe Examples -indexterm:[Procmail,recipes,examples] -Procmail is an extremely flexible program, but as a result of this flexibility, composing Procmail recipes from scratch can be difficult for new users. +indexterm:[Procmail,recipes,examples] Procmail is an extremely flexible program, but as a result of this flexibility, composing Procmail recipes from scratch can be difficult for new users. The best way to develop the skills to build Procmail recipe conditions stems from a strong understanding of regular expressions combined with looking at many examples built by others. A thorough explanation of regular expressions is beyond the scope of this section. The structure of Procmail recipes and useful sample Procmail recipes can be found at various places on the Internet. The proper use and adaptation of regular expressions can be derived by viewing these recipe examples. In addition, introductory information about basic regular expression rules can be found in the `grep(1)` man page. @@ -929,8 +890,7 @@ Consult the many Procmail online resources available in xref:Mail_Servers.adoc#s [[s3-email-mda-spam]] ==== Spam Filters -indexterm:[Procmail,recipes,SpamAssassin]indexterm:[SpamAssassin,using with Procmail]indexterm:[email,spam,filtering out] -Because it is called by Sendmail, Postfix, and Fetchmail upon receiving new emails, Procmail can be used as a powerful tool for combating spam. +indexterm:[Procmail,recipes,SpamAssassin]indexterm:[SpamAssassin,using with Procmail]indexterm:[email,spam,filtering out] Because it is called by Sendmail, Postfix, and Fetchmail upon receiving new emails, Procmail can be used as a powerful tool for combating spam. This is particularly true when Procmail is used in conjunction with SpamAssassin. When used together, these two applications can quickly identify spam emails, and sort or destroy them. @@ -1009,21 +969,17 @@ The remainder of this section focuses on securing communication between a client [[s2-email-security]] === Securing Communication -Popular MUAs included with {MAJOROS}, such as [application]*Evolution* and [application]*Mutt* offer SSL-encrypted email sessions. -indexterm:[email,security] -Like any other service that flows over a network unencrypted, important email information, such as user names, passwords, and entire messages, may be intercepted and viewed by users on the network. Additionally, since the standard `POP` and `IMAP` protocols pass authentication information unencrypted, it is possible for an attacker to gain access to user accounts by collecting user names and passwords as they are passed over the network. +Popular MUAs included with {MAJOROS}, such as [application]*Evolution* and [application]*Mutt* offer SSL-encrypted email sessions. indexterm:[email,security] Like any other service that flows over a network unencrypted, important email information, such as user names, passwords, and entire messages, may be intercepted and viewed by users on the network. Additionally, since the standard `POP` and `IMAP` protocols pass authentication information unencrypted, it is possible for an attacker to gain access to user accounts by collecting user names and passwords as they are passed over the network. [[s3-email-security-clients]] ==== Secure Email Clients -indexterm:[email,security,clients] -Most Linux MUAs designed to check email on remote servers support SSL encryption. To use SSL when retrieving email, it must be enabled on both the email client and the server. +indexterm:[email,security,clients] Most Linux MUAs designed to check email on remote servers support SSL encryption. To use SSL when retrieving email, it must be enabled on both the email client and the server. SSL is easy to enable on the client-side, often done with the click of a button in the MUA's configuration window or via an option in the MUA's configuration file. Secure `IMAP` and `POP` have known port numbers (993 and 995, respectively) that the MUA uses to authenticate and download messages. [[s3-email-security-servers]] ==== Securing Email Client Communications -indexterm:[email,security,servers]indexterm:[stunnel] -Offering SSL encryption to `IMAP` and `POP` users on the email server is a simple matter. +indexterm:[email,security,servers]indexterm:[stunnel] Offering SSL encryption to `IMAP` and `POP` users on the email server is a simple matter. First, create an SSL certificate. This can be done in two ways: by applying to a _Certificate Authority_ (_CA_) for an SSL certificate or by creating a self-signed certificate. @@ -1105,8 +1061,7 @@ For more information on [command]#stunnel#, see the `stunnel(8)` man page or the [[s1-email-additional-resources]] == Additional Resources -indexterm:[email,additional resources]indexterm:[Sendmail,additional resources]indexterm:[Procmail,additional resources]indexterm:[Fetchmail,additional resources] -The following is a list of additional documentation about email applications. +indexterm:[email,additional resources]indexterm:[Sendmail,additional resources]indexterm:[Procmail,additional resources]indexterm:[Fetchmail,additional resources] The following is a list of additional documentation about email applications. [[s2-email-installed-docs]] === Installed Documentation diff --git a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Web_Servers.adoc b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Web_Servers.adoc index 069ae6b..059663b 100644 --- a/it/fedora/f40/modules/system-administrators-guide/pages/servers/Web_Servers.adoc +++ b/it/fedora/f40/modules/system-administrators-guide/pages/servers/Web_Servers.adoc @@ -10,7 +10,7 @@ include::{partialsdir}/entities.adoc[] ==== **Editor's Note** -_This guide is deprecated!_ Large parts of it are no longer current and it will not receive any updates. A series of shorter, topic-specific documentation will gradually replace it. +_This guide is deprecated!_ Large parts of it are no longer current and it will not receive any updates. A series of shorter, topic-specific documentation will gradually replace it. For additional information about Apache Webserver on Fedora see https://docs.fedoraproject.org/en-US/quick-docs/getting-started-with-apache-http-server/[Getting started with Apache HTTP Server] ==== diff --git a/it/fedora/rawhide/modules/release-notes/partials/Feedback.adoc b/it/fedora/rawhide/modules/release-notes/partials/Feedback.adoc index cb6dc2f..9d68cd1 100644 --- a/it/fedora/rawhide/modules/release-notes/partials/Feedback.adoc +++ b/it/fedora/rawhide/modules/release-notes/partials/Feedback.adoc @@ -3,8 +3,7 @@ include::partial$entities.adoc[] == We want feedback -indexterm:[feedback,contact information for this manual] -If you find errors or have suggestions for improvement, we want your advice. Open an issue at {BZURL}. +indexterm:[feedback,contact information for this manual] If you find errors or have suggestions for improvement, we want your advice. Open an issue at {BZURL}. In the issue: diff --git a/it/fedora/rawhide/modules/release-notes/partials/Legal_Notice.adoc b/it/fedora/rawhide/modules/release-notes/partials/Legal_Notice.adoc index 4d601d9..b5a89a3 100644 --- a/it/fedora/rawhide/modules/release-notes/partials/Legal_Notice.adoc +++ b/it/fedora/rawhide/modules/release-notes/partials/Legal_Notice.adoc @@ -1,7 +1,7 @@ :experimental: -Copyright {YEAR} {HOLDER}. +Copyright {YEAR} {HOLDER}. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution-ShareAlike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at link:++https://creativecommons.org/licenses/by-sa/3.0/++[]. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. diff --git a/it/quick-docs/master/modules/ROOT/pages/upgrading-fedora-offline.adoc b/it/quick-docs/master/modules/ROOT/pages/upgrading-fedora-offline.adoc index f44b50b..8348221 100644 --- a/it/quick-docs/master/modules/ROOT/pages/upgrading-fedora-offline.adoc +++ b/it/quick-docs/master/modules/ROOT/pages/upgrading-fedora-offline.adoc @@ -1,7 +1,7 @@ = Upgrading Fedora Linux Using DNF System Plugin Michael Wu; Anthony McGlone; The Fedora Docs team :revnumber: F38, F39, F40 -:revdate: 2023-11-07 +:revdate: 2024-04-25 :category: Administration :tags: How-to, Upgrade, Update :page-aliases: dnf-system-upgrade.adoc diff --git a/it/quick-docs/master/modules/ROOT/partials/attributes.adoc b/it/quick-docs/master/modules/ROOT/partials/attributes.adoc index 9b9f154..1ad95c7 100644 --- a/it/quick-docs/master/modules/ROOT/partials/attributes.adoc +++ b/it/quick-docs/master/modules/ROOT/partials/attributes.adoc @@ -1,5 +1,5 @@ -:PREVPREVVER: 37 -:PREVVER: 38 -:MAJOROSVER: 39 -:NEXTVER: 40 -:NEXTNEXTVER: 41 +:PREVPREVVER: 38 +:PREVVER: 39 +:MAJOROSVER: 40 +:NEXTVER: 41 +:NEXTNEXTVER: 42