Essential System Administration, 3rd Edition 179
| Essential System Administration, 3rd Edition | |
| author | AEleen Frisch |
| pages | 1176 |
| publisher | O'Reilly |
| rating | 9/10 |
| reviewer | dvdweyer |
| ISBN | 0596003439 |
| summary | a well-done standard for all who need a thorough introduction as well as a work of reference in UNIX system administration. |
Content
Introduction to System AdministrationThis chapter claims to make you think like a system administrator, I didn't feel any different after reading it, maybe I already think like one ;-). Most of it is about use of superuser privileges (su, sudo). Other parts are communicating with users (talk, wall, motd - but no mention of e-mail or phone) and GUI-based vs. command-line administration.
The Unix WayHere starts the real stuff: files, processes and devices. A very gentle but thorough introduction to all possibilities of file and directory ownership (chmod, chown, mode strings, numeric modes), next is a description of how files map to disks. The processes are covered on a fairly abstract level, only something about various types (interactive, batch, daemon) and attributes (but no way to show them, not even an example usage of ps or top - that's left for chapter 15). The part on devices is basic, but shows the some commands to list information about devices. Last part in this chapter is about the generic UNIX filesystem layout.
Essential Administrative Tools and TechniquesHere are some of the most important commands and techniques for everyday use: man, grep, awk, find (including how to pipe). Some of the examples are fairly complicated for a novice, a basic knowledge of piping and shell usage is assumed. Next are some methods of handling files and directories (cp, mkdir, diff, rm), periodic execution (cron), logging (syslog, managing log files) and software package management (the most important commands to Linux rpm, Solaris pkg*, etc.) and manual software installation (.configure, make, make install).
Startup and ShutdownContains a fairly detailed description of what happens when a system boots up or shuts down. This includes all the gooey stuff about initialization files, runlevels and how to customize those. Last but not least is a short troubleshooting guide, "When the System won't boot."
TCP/IP NetworkingThe chapter starts with a gentle introduction to TCP/IP and related hardware and explains step-by-step a starting TCP/IP session with dumps and comments. Going on it digs deeper and explains IP addressing, subnets and even a little bit IPv6. The first hands-on part deals with network configuration (ifconfig, configuration files, DHCP, name resolution). A short troubleshooting guide (ping, arp) rounds off the chapter.
Managing Users and GroupsThis part starts with a description of the essential files (/etc/passwd, /etc/shadow, /etc/groups) and how to add/remove users and other aspects of user and group management. The default tools for each distribution are also mentioned. Then a whole slew of pages are dedicated to password selection, cracking and enforcing password policies (though I prefer stronger passwords than those given on page 301). The last pages give an introduction to PAM (mostly Linux) and LDAP (mostly OpenLDAP).
SecurityThis is indeed a very good introduction to UNIX security and its lines of defense (though I did miss "disable remote root login" and "give users no shell when they don't need it"), next are common mistakes, setuid/setgid access modes and ACLs. A short introduction to PGP/GPG and role-based access control is given. The next big part is about network security: OpenSSH, TCP Wrappers and nmap are introduced; the ubiquitous advice "disable what you don't need" is also given. Firewalls are briefly mentioned, some links to actual products e.g. ipfilter or Netfilter would have been nice. A nice checklist-style guide to hardening an UNIX system is given and the chapter concludes with managing problems and monitoring. I did miss some links to resources on the Internet and a reminder on the importance of frequent patching (Sun recently published a nice whitepaper on this topic).
Managing Network ServicesThis chapter builds on the foundation built in the chapter on TCP/IP, as such it covers various basic networking services and starts with name resolution via DNS, mentioning configuration and usage of the common tools (BIND, nslookup, host, dig). This is followed by a part on getting out of the local network (routed, gated), getting others on your network (DHCP) and managing (netstat, ping, traceroute, SNMP) and monitoring (tcpdump, snoop). The chapter ends with short introductions to dedicated packages (e.g. NetSaint, MRTG/RRDTool).
Electronic MailNext is a chapter on that other big network nuisance^W service: mail. It starts with a gentle introduction to the basics (SMTP, MX records, POP/IMAP). The part on MTAs starts with everybody's darling *cough* sendmail which is covered exhaustively. The other MTA covered is Postfix, which also receives fairly extensive coverage. The rest of the chapter covers mail processing (fetchmail, procmail), there is no mention of other MTA, MUAs, or other modern mail processing tools (e.g. against spam). Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).
Filesystems and DisksA very long chapter on filesystems and disks with tons of information on how to create, mount/unmount, repair and monitor filesystems, including some stuff about logical volume managers and RAID. Nicely indexed, it makes a good reference but is boring to read it all (I didn't :-). The last pages are a short introduction to NFS and Samba, but do not cover all the advanced aspects.
Backup and RestoreCovers the tedious taks of backup with all the different aspects: planning backup, strategies to manage the workload, what media to use, what tools are available in a standard setup (tar, cpio, dump, dd, mt, restore). Next is a coverage of the package Amanda and what to look for in commercial packages. Last but not least "restoring from scratch" is covered.
Serial Lines and DevicesHerein is all the stuff about serial devices (tty, termcap, terminfo, stty), usage of USB is covered for FreeBSD, Linux and Solaris.
Printers and the Spooling SubsystemContains lots on "old school" printing (BSD spooling facility: LPD, System V printing, AIX spooling facility), a short note "Print Services for UNIX" on Windows NT/2000 (works pretty well for basic usage) and on providing print services for Windows by Samba. LPRng and CUPS also get a few pages. Closeout for this chapter is font management under X, which contains a rant on how cumbersome font management is ;-).
Automating Administrative TasksThis chapter appeals to a healthy laziness which might save some manual work. It contains some samples and introductions, the best it can do is make appetite for more. Included are: shell script (C-shell), tips for testing and debugging, Perl (including there is more than one way to do it-proof), Expect, C and the lesser known tools Cfengine, Stem. It closes with some short notes on how to create a man page for your own software.
Managing System ResourcesThis chapter wants to make you think a about system performance before you try to manage it. General steps are given: define, determine, formulate, design, implement, monitor and return to start ...
After the general introduction the chapter gets hands-on with monitoring - ps (it is in there after all ...) with all System V and BSD options, pstree and top are covered. The /proc filesystem is mentioned with some samples of how information can be gathered. Process limits are discussed, including how to disallow the creation of core dumps. Signaling and killing processes with kill and killall is covered next. The next chunks in this big chapter are managing CPU (nice, AIX and Solaris scheduler, cron), memory (paging, recognize memory problems), I/O (performance, disk quotas), network (netstat, some notes on DNS and NFS)
Configuring and Building KernelsThis chapter is essentially a bunch of short guides on what to look for when configuring and building a kernel, for Linux lilo is also explained.
AccountingThis is an introduction to what components are relevant for accounting, and how to enable/disable it. As such it shows what can be done with the standard tools on BSD-style accounting (sa, ac) and System V-style accounting. A few pages are dedicated to printing accounting.
Appendix: Administrative Shell ProgrammingThis is a more thorough introduction to shell programming that could have been integrated in the chapter Automating Administrative Task. Other than that it is a solid, short reference to shell programming.
IndexLast but not least is a very concise index (50+ pages), which makes it easy to find anything that's in the book.
What's bad
There's not much I really disliked in the book, I can recommend to anyone who needs an introduction to UNIX system administration or a general reference text. Some points are: it's not on UNIX CD Bookshelf v3.0, which is a pity for reference usage, there are almost no links to WWW sites of interest, almost all links to further information are to other O'Reilly books (granted, most of them are quite good) and sometimes I found the order in which themes are discussed slightly less than optimal for "junior administrators".
What's good
Almost everything (writing style, coverage), except those few issues mentioned in "What's bad". The very good index makes it easy to find the information that is applicable in your special situation, even with all those different UNIXes. If you are looking for a general UNIX reference and/or introduction, look no further (you might want to compare it with "The UNIX Systems Administration Handbook", and decide for yourself, note that the USAH does not cover AIX).
You can purchase Essential System Administration, 3rd Edition from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Because... (Score:5, Funny)
> one wonders why the book doesn't bear the title "Essential UNIX Administration"
Because you don't administer Windows systems, you drive them.
Re:Because... (Score:3, Funny)
Re:Because... (Score:3, Funny)
Re:Because... (Score:5, Funny)
Re:Because... (Score:1)
Because every good NT|foo Administrator is invariably always also a good Unix guru.
Re:Because... (Score:2)
I think "every good NT|foo Administrator is invariably always also a good Unix guru" makes sense to me, since the good NT admins I've known, I would place in the top 2% of NT admins. Meaning the average is very poor and good admins (NT or Unix, they're usually the same person) are VERY hard to find.
Put the average MSCE in front of a terminal window and he'll break the F1 key.
For sure. He won't be able to get past the whole back/forward slash thing.
Re:Because... (Score:1, Troll)
Unix System Administration Handbook is the one (Score:5, Informative)
Dissagree (Score:5, Informative)
However both do a very cursory overview of security measures, if you ask me. While both are great for an administration standpont (and that's their goal, of course) much more is needed on the security front.
I'd suggest getting a copy of Hacking Linux Exposed (good for all Unix operating systems) and Building Secure Servers with Linux (more Linux specific, but still has some good any-unix tips and tricks.) These will help round out your administration bookshelf.
Re:Dissagree (Score:1, Funny)
If a single point takes seven days, I would consider that a weak point.
Re:Dissagree (Score:1)
Re:Dissagree (Score:2)
Re:Unix System Administration Handbook is the one (Score:1)
Re:Unix System Administration Handbook is the one (Score:2)
I have that book and quite frankly I was very disappointed with it. It might be the better book for people just starting out, but as a reference I have never gotten much use out of it. I was always able to find out more elsewhere, including Essential System Administration. Not to mention that the handbook only covers Solaris, Red Hat, HP-UX, and FreeBSD. Essential
9/10 ?? (Score:5, Informative)
So, granted I have not read the most recent version, but I cannot see how it only scored 9/10 and not 10/10.
Re:9/10 ?? (Score:2, Funny)
You are all diseased!
Test (Score:4, Funny)
Show this book to your resident MCSE[0] and watch the deer-in-the-headlights.
[0]- Must Consult Someone Else
Re:Test (Score:3, Insightful)
-Lucas
Re:Test (Score:3, Offtopic)
MSCEs would love books like this... (Score:5, Insightful)
Updated Classic and Production UNIX (Score:5, Interesting)
Also, most of these versions of UNIX found in this book (Red Hat 7.3, SuSE 8.0) are certainly ones you would find in production as well. I am not seeing much Red Hat 8 or 9 on production servers, at least not in my market (Midwest).
Re:Updated Classic and Production UNIX (Score:1)
The problem with books.... (Score:5, Insightful)
I see the same problem in my hobby, marine aquaria. By the time an article or book gets published in the print media, it is oftentimes out of date. Couple this with the human want for immediate gratification and interaction, and it is easy to see why net bulletin boards generate so much traffic.
Re:The problem with books.... (Score:5, Funny)
I can see how computer literature can get out of date rather quickly, but if your publisher is missing evolutionary stages of fish, they're just slow!
Re:The problem with books.... (Score:3, Insightful)
YMMV, but I have never encountered a RedHat > 7.3 in production. Most server I support are 7.3 and I still see quite a few 6.2 (this may change with EOLing). Lot of people are averse of using .0 release. (although one could argue that RH 9.0 is really 8.1 ...)
Re:The problem with books.... (Score:2)
--
Re:The problem with books.... (Score:2, Informative)
Alright! (Score:5, Informative)
Re:Alright! (Score:1)
plus it gave me added edge even when working on HP/UX and Solaris boxes at work
Name goof... (Score:1)
Someone may beat me to it, but (Score:4, Funny)
all major UNIX platforms are covered...SCO and IRIX were dropped for this edition,
Hehe
Re:Someone may beat me to it, but (Score:2, Funny)
I wonder why BSD unix was covered? Anyone that runs *BSD knows all anyways. You don't believe me, just ask one.
Re:Someone may beat me to it, but (Score:2)
Plenty of folks who could use this book rather badly.
Re:Someone may beat me to it, but (Score:2)
Hey, sonny! I admin a few IRIX boxes and I'm only a few hundred million years old! Young whippersnappers!
Re: (Score:3, Funny)
Here's another review of the book (Score:3, Informative)
http://ezine.daemonnews.org/200301/esa3.html [daemonnews.org]
questions (Score:2, Insightful)
But a question to all unix system administrators out there
Do you see the need of GUI based admin tools as available in windows for unix boxes ? When i say unix boxes i mean servers not desktops.
because even if i am a linux desktop user, i hardly feel the need for a GUI admin tool for configuring my system
I can easily do most of the config using a xterm + bash + vi.
So how many of you find it easy to configure a system using GUI than CLI ?
I admin both Unix and Windows systems. (Score:2)
Granted I only admin Linux and Solaris so I cannot speak to AIX/HPUX/IRIX/*BSD/... I'm sure they are quite similar. If you want to see good Unix GUI tools go look at the OS X Server Tools [apple.com]. Very cool.
Re:questions (Score:5, Interesting)
In my spare time, I admin a small network of machines for the my university's computer society. Sometimes, I tweak things when I'm in the room, but most of the time things need changing when I'm at home, so remote access to admin tools is important to me.
I have a 1Mbit Internet connection, so in theory I should have no problems with remote X sessions for graphical configuration. In practice this is only true of apps that use motif or similar, anything that uses gtk or qt is a pain to use over anything < 10Mbit. My first comment about graphical admin tools under Linux then is that they should be graphically simple.
Another thing I find with Linux graphical config tools is that they rarely give you the power of editing the config file. The only graphical tool I think I've ever actually used (as opposed to firing up, saying yuck and going back to the terminal) is the printconf-gui tool, since it was a quick and simple way of setting up the room's printer. Beyond that it's bash and vim all the way (from whatever terminal I happen to have, and no I'm not hard-core enough to use vi if I have the option of vim).
On my windows box, the situation is completely the reverse. All my configuration is done from MMC (Microsoft managment console), and on a single machine I prefer this. The options are layed out in a logical structure (which is not to say that they aren't under Linux, where tab completion and guesswork from /etc/ can find the config file I'm looking for 80% of the time). It requires almost no effort to use, which is what I want on my home PC.
I think my point is that I don't really care whether the config is graphical or textual, as long as it's logical, and can be accessed remotely. If there were a powerful remote admin tool for Linux that I could use over a 1Mbit (shared) connection, I might use it. On the other hand firing up an X server is more effort than ssh, so I might not.
I certainly wouldn't trust a sysadmin who could only use such tools. If they speed up the way you work, then great, but a sysadmin has to know how to fix things when it all goes wrong (and X fails to start, for example).
Re:questions (Score:2)
Of course, I admin via SSH when possible, as it is usable at 2400bps and above.
Re:questions (Score:2)
Sounds good to me!
Absolutely!!! (Score:2)
It has been proven repeatedly that a graphical interface is a very important, no essential, part of ease of use. Graphical administration tools make it easier to administer, whatever.
This does not mean that CLI based administration and conf files should be eliminated. To the contrary. For administrators who are familiar with a particular operation the CLI will always be faster but, what about the st
Re:Absolutely!!! (Score:2)
"Having a separate crappy interface for every app or service, while better than none at all, is not a lot better."
NOOOOOOOOO!!!
Regardless of your opinion of good GUIs vs. CLI, a bad GUI is MUCH worse than a CLI. Command Line is likely a more obtuse but more direct path into the bit you want to administer. If you put a bad GUI on it, then you're just BEGGING to mess things up.
This brings up a second point: "if you aren't intimately familiar with every aspect of a syste
Re:Absolutely!!! (Score:3, Insightful)
Yes, I do Firewall 1 quite often and it is more fuel for the fire. As someone who is very familiar with firewalls and works with many of them a CLI only firewall is an annoyance, to be sure.
Have you used Netscreen, SonicWall, Pix, Raptor, Guardian, IPTables etc? Working with Firewal 1 and a few other big names makes me rather well informed on firewalls and how they should be configured, IMHO. But, with the plethora of firewalls on th
Re:Absolutely!!! (Score:2)
Regardless, what you say makes sense--but I still have to ask why you're you are getting asked (and presumably paid) to do network administration on a product you don't know
Re:questions (GUI tools in Unix for admin?) (Score:2)
For one example, setting the date/time on a box that's not connected to the Internet. (If it is, then obviously, the best bet is to have it synch with an Internet time server.) In Unix, I don't find it very intuitive or enjoyable trying to get the proper time and date entered from a command line tool.
More often, I find I really like the full-screen tools developed to run from a command lin
Re:questions (Score:2)
Now with VxVM 3.x.... the gui BLOWS. It's awful.
Terribly awful.
Hell, on some of my servers, I *CAN'T* run it
Yuck. VxVM + Perl really work well together
vxassist is your friend
--DM
CLI for Win2k (Score:2)
OSX (Score:5, Insightful)
Except for the most widely distributed [apple.com] UNIX platform.
Re:OSX (Score:3, Informative)
OSX is quite different from the way it does things and the way other unix's does things. For example Unix does not come with netinfo and administrators are required to know which files to edit in
Re:OSX (Score:3, Informative)
Not only can your BSD flat files be used in OS X, but you can shell-script the system to hell and back all you like.
Want to use the BSD configuration files (e.g.,
Want to script xyz task to run once a week at midnight?
$ sudo vi
And go for it.
Mac OS X is as much of a hardcore Unix as you want it to be, even though there's a pretty UI on the surface.
For clarificatin, netinfo DOES come with Unix
Re:OSX (Score:2)
Mac OS X Server [apple.com] is a server OS, not a desktop OS. Of course, you can run it on your desktop, and the regular client/workstation version of Mac OS X comes with Apache and Sendmail and Samba pre-installed.
However, I agree that not very many people use Mac OS X Server yet, compared to other UNIX flavors, and the point of OSX Server is really the proprietary GUI stuff on top, whic
Re:OSX (Score:2)
Re:OSX (Score:2)
It's not an issue of knowing "how to use MacOS" in this case... It's an issue of knowing all the inner workings well enough to feel comfortable being a sysadmin of a box running it.
Most OS X users probably have no idea how printing actually takes place, for example. People who dug into the OS deeply enough put together the (extremely nice and
Re:OSX (Score:2)
Re:OSX (Score:2)
I think after such answers I barely can consider MacOSx as Unix. No need to mention that all Unix books are useless for MacOSx users.
P.S. My friends are porting source code between Linux, Unix and MacOSx. They told me that from the source code compatibility prospective Linux is Unix, however
Re:OSX (Score:2)
Anyways, Linux has a lot of its own isms. A whole slew of programs rely on headers located in
Why was SCO dropped (Score:2)
Because (Score:5, Funny)
Because there already is a Windows Admin book targetted to that audience. [amazon.com]
Re:Because (Score:2)
For real dummies a 100 page book is required just to figure out how to dial into their isp and log onto the net.
Re:Because (Score:2)
Does it cover ... (Score:2)
Never unalias rm
Learned that one the hard way ...
Re:Does it cover ... (Score:2)
Linux is dead.
Re:Does it cover ... (Score:3, Interesting)
If you need to alias these commands, you're probably typing too fast and thinking too little.
Re:Does it cover ... (Score:2)
RedHat 7 & 8 aliases 'rm' to 'rm -i'.
Most places I've worked alias rm to something else. My favorite is the 'move things to the
Re:Does it cover ... (Score:2)
I don't know of any admins I respect who allow root to have rm, cp, or mv aliased. None.
But that's just my curmudgeonly old-fashioned opinion.
Re:Does it cover ... (Score:2)
So I was having a similar discussion the other night. Why is RedHat, or Linux, any less Unixy then Solaris or HP-UX?
Unix was an OS written years ago by AT&T. The copyright is now owned by SCO. So doesn't that mean that Linux, Solaris and HP-UX are all equally NOT Unix?
Re:Does it cover ... (Score:2)
Maybe it's just me, but although RedHat looks like a pretty nice desktop OS for newbies, I wouldn't put it on a server.
Essential UNIX System Administration, 4rd Edition (Score:3, Funny)
1. ???
2. Profit!!!1
Re:Essential UNIX System Administration, 4rd Editi (Score:2)
- Replace legacy UNIX systems with Linux.
- Profit!!!
If we are talking about "legacy" systems, anyway.Re:i wish (Score:2)
Our company (a _large_ plastics company) has been able to convince our software vendors to port their applications to Linux or "pay the price".
Good luck.
Re:i wish (Score:2)
Oh, and I do realize that no sane person would through out a working system and replace it with something else just because it's linux/os/free/cool/whatever, just you know, spreading the w
where to buy (Score:2)
It's cheaper, though, from amazon.com [amazon.com] ($38.47 v. bn.com's $43.96).
If you're in Canada, chapters.indigo.ca has it for $54.56 Canadian (CAD) [indigo.ca] -- under $38 US.
Re:where to buy (Score:1)
http://www.bookpool.com/.x/3r6edajq4n/sm/059600343 9 [bookpool.com]
Of course, you have to pay shipping (or add something else to make the total >= $40 and get free shipping from them).
Re:where to buy (Score:1)
Packing my bookshelf (Score:4, Interesting)
As for what flavor of Linux to cover, I've run Slackware, Red Hat, Mandrake and Debian in production environments
The reason KDE and Gnome et all aren't included.. (Score:3, Insightful)
-n
The Practice of System and Network Administration (Score:5, Informative)
Linux isnt UNIX (Score:1)
My big problems with most Systems Admin books... (Score:3, Insightful)
Re:My big problems with most Systems Admin books.. (Score:2)
The "ethics" of system administration doesn't seem to be very clear-cut anyway. Much is a matter of opinion, as I quickly saw when I worked in corporate systems administration.
Take something as seemingly simple as to whether some of our engineering staff should be allowed/able to install game software on their laptops and play it during their lunch hour. A couple of admins said "Sure! We won't supp
OS X (Score:2)
Re:OS X (Score:2)
What do you think it reveals? Could it be that the authors didn't see as much a market for the book in OS X admin circles, either because not enough folks are using X Server or because there's already enough books on the subject. Or something else?
is so different from other Unixes
I'm not expert enough to speak with final authority on it, perhaps, but it sure seems like the difference between RedHat Linux and FreeBSD is greater than that b
Re:OS X (Score:2)
What's different between FreeBSD and RedHat, that you think might be the same between FreeBSD and Mac OS X Server?
Re:OS X (Score:2)
Well, I would have thought that there was plenty in common between OS X and FreeBSD, seeing as OS X actually incorporates an entire BSD Unix under the hood. Plenty more in common that between either of them and any Linux distro. I mean nobody would say that RedHat was more like FreeBSD than Mac OS X was. Or, as I asked before, am I missing something?
Re:OS X (Score:4, Informative)
Pffff ... (Score:3, Insightful)
Though this chapter is well done, and a nice introduction to mail in general, I would prefer to get rid of it in favor of a "mail-is-only-for-dedicated-servers" policy. A short note on how to deactivate or remove the default MTA should be included in the previous chapter (yes, I know that not everyone shares this point of view).
This made me jump on my chair ! How are you suppose to read alert sent by email, backup report, cron errors, etc ? You login to each and every one of your Unix server every morning to check root's mailbox ?
As far as I am concerned, a working MTA is an essential part of any self-respecting Unix system. At the very least, a good sysadmining book should tell you how to configure a smarthost and make sure your MTA is not an open relay.
Re:Pffff ... (Score:2)
Re:Pffff ... (Score:2)
Previous Edition Kicks Ass (Score:3, Informative)
about time! (Score:2)
GREAT BOOK!!! (Score:2, Interesting)
Because it's a trademark? (Score:2, Informative)
FreeBSD was added? (Score:2, Informative)
since the beginning if my memory serves me right,
and the author is a pretty big fan.
Re:FreeBSD was added? (Score:2)
It amazes me that I can quote chapter and verse
from the book, but my mind did a mental
s/BSD/FREEBSD/g. Probably because it's one of
the best books to read to learn the "UNIX Way"
of doing things, and FreeBSD is the "UNIX Way"
to do things. Damn you forcing me to actually
dig the book out and face the shame of my
mistake.
I didn't insult you. Suggesting you read the
book was not insulting. Had I used profanity,
or said something negative about your lineage,
that would have been insulting. Read
Re:Uh (Score:1)
Re:Uh (Score:1)
Re:uhhh (Score:2)
Get a grip (Score:1)
Re:Insider info (Score:2)
(Guess what I do for a living!)