USER PRRMISSIONS

Logging Options

The following lists directives which affect vsftpd's logging behavior.dual_log_enable — When enabled in conjunction with xferlog_enable, vsftpdwrites two files simultaneously: a wu-ftpd-compatible log to the file specified in the xferlog_file directive (/var/log/xferlog by default) and a standard vsftpd log file specified in the vsftpd_log_file directive (/var/log/vsftpd.log by default).The default value is NO.log_ftp_protocol — When enabled in conjunction with xferlog_enable and with xferlog_std_format set to NO, all FTP commands and responses are logged. This directive is useful for debugging.The default value is NO.syslog_enable — When enabled in conjunction with xferlog_enable, all logging normally written to the standard vsftpd log file specified in the vsftpd_log_filedirective (/var/log/vsftpd.log by default) is sent to the system logger instead under the FTPD facility.The default value is NO.vsftpd_log_file — Specifies the vsftpd log file. For this file to be used, xferlog_enable must be enabled and xferlog_std_format must either be set to NO or, if xferlog_std_format is set to YES, dual_log_enable must be enabled. It is important to note that if syslog_enable is set to YES, the system log is used instead of the file specified in this directive.The default value is /var/log/vsftpd.log.xferlog_enable — When enabled, vsftpd logs connections (vsftpd format only) and file transfer information to the log file specified in the vsftpd_log_file directive (/var/log/vsftpd.log by default). If xferlog_std_format is set to YES, file transfer information is logged but connections are not, and the log file specified in xferlog_file (/var/log/xferlog by default) is used instead. It is important to note that both log files and log formats are used if dual_log_enable is set to YES.The default value is NO. On Red Hat Enterprise Linux 5.9, this option is set to YES in the configuration file.xferlog_file — Specifies the wu-ftpd-compatible log file. For this file to be used, xferlog_enable must be enabled and xferlog_std_format must be set to YES. It is also used if dual_log_enable is set to YES.The default value is /var/log/xferlog.xferlog_std_format — When enabled in conjunction with xferlog_enable, only a wu-ftpd-compatible file transfer log is written to the file specified in the xferlog_file directive (/var/log/xferlog by default). It is important to note that this file only logs file transfers and does not log connections to the server.The default value is NO. On Red Hat Enterprise Linux 5.9, this option is set to YES in the configuration file.

Important

To maintain compatibility with log files written by the older wu-ftpd FTP server, the xferlog_std_format directive is set to YES under Red Hat Enterprise Linux. However, this setting means that connections to the server are not logged.To both log connections in vsftpd format and maintain a wu-ftpd-compatible file transfer log, set dual_log_enable to YES.If maintaining a wu-ftpd-compatible file transfer log is not important, either set xferlog_std_format to NO, comment the line with a hash mark (#), or delete the line entirely.

Transfer Options

The following lists directives which affect directories.download_enable — When enabled, file downloads are permitted.The default value is YES.chown_uploads — When enabled, all files uploaded by anonymous users are owned by the user specified in the chown_username directive.The default value is NO.chown_username — Specifies the ownership of anonymously uploaded files if the chown_uploads directive is enabled.The default value is root.write_enable — When enabled, FTP commands which can change the file system are allowed, such as DELE, RNFR, and STOR.The default value is YES.


. Directory Options

The following lists directives which affect directories.dirlist_enable — When enabled, users are allowed to view directory lists.The default value is YES.dirmessage_enable — When enabled, a message is displayed whenever a user enters a directory with a message file. This message resides within the current directory. The name of this file is specified in the message_file directive and is .message by default.The default value is NO. On Red Hat Enterprise Linux 5.9, this option is set to YES in the configuration file.force_dot_files — When enabled, files beginning with a dot (.) are listed in directory listings, with the exception of the . and .. files.The default value is NO.hide_ids — When enabled, all directory listings show ftp as the user and group for each file.The default value is NO.message_file — Specifies the name of the message file when using the dirmessage_enable directive.The default value is .message.text_userdb_names — When enabled, text usernames and group names are used in place of UID and GID entries. Enabling this option may slow performance of the server.The default value is NO.use_localtime — When enabled, directory listings reveal the local time for the computer instead of GMT.The default value is NO



Introduction1. Document Conventions2. Send in Your FeedbackI. File Systems1. File System Structure1.1. Why Share a Common Structure?1.2. Overview of File System Hierarchy Standard (FHS)1.2.1. FHS Organization1.3. Special File Locations Under Red Hat Enterprise Linux2. Using the mount Command2.1. Listing Currently Mounted File Systems2.2. Mounting a File System2.2.1. Specifying the File System Type2.2.2. Specifying the Mount Options2.2.3. Sharing Mounts2.2.4. Moving a Mount Point2.3. Unmounting a File System2.4. Additional Resources2.4.1. Installed Documentation2.4.2. Useful Websites3. The ext3 File System3.1. Features of ext33.2. Creating an ext3 File System3.3. Converting to an ext3 File System3.4. Reverting to an ext2 File System4. The ext4 File System4.1. Features of ext44.2. Managing an ext4 File System4.3. Creating an ext4 File System4.4. Mounting an ext4 File System4.5. Resizing an ext4 File System5. The proc File System5.1. A Virtual File System5.1.1. Viewing Virtual Files5.1.2. Changing Virtual Files5.2. Top-level Files within the proc File System5.2.1.  /proc/apm 5.2.2.  /proc/buddyinfo 5.2.3.  /proc/cmdline 5.2.4.  /proc/cpuinfo 5.2.5.  /proc/crypto 5.2.6.  /proc/devices 5.2.7.  /proc/dma 5.2.8.  /proc/execdomains 5.2.9.  /proc/fb 5.2.10.  /proc/filesystems 5.2.11.  /proc/interrupts 5.2.12.  /proc/iomem 5.2.13.  /proc/ioports 5.2.14.  /proc/kcore 5.2.15.  /proc/kmsg 5.2.16.  /proc/loadavg 5.2.17.  /proc/locks 5.2.18.  /proc/mdstat 5.2.19.  /proc/meminfo 5.2.20.  /proc/misc 5.2.21.  /proc/modules 5.2.22.  /proc/mounts 5.2.23.  /proc/mtrr 5.2.24.  /proc/partitions 5.2.25.  /proc/pci 5.2.26.  /proc/slabinfo 5.2.27.  /proc/stat 5.2.28.  /proc/swaps 5.2.29.  /proc/sysrq-trigger 5.2.30.  /proc/uptime 5.2.31.  /proc/version 5.3. Directories within /proc/ 5.3.1. Process Directories5.3.2.  /proc/bus/ 5.3.3.  /proc/driver/ 5.3.4.  /proc/fs 5.3.5.  /proc/ide/ 5.3.6.  /proc/irq/ 5.3.7.  /proc/net/ 5.3.8.  /proc/scsi/ 5.3.9.  /proc/sys/ 5.3.10.  /proc/sysvipc/ 5.3.11.  /proc/tty/ 5.3.12.  /proc/<PID>/ 5.4. Using the sysctl Command5.5. Additional Resources5.5.1. Installed Documentation5.5.2. Useful Websites6. Redundant Array of Independent Disks (RAID)6.1. What is RAID?6.1.1. Who Should Use RAID?6.1.2. Hardware RAID versus Software RAID6.1.3. RAID Levels and Linear Support6.2. Configuring Software RAID6.2.1. Creating the RAID Partitions6.2.2. Creating the RAID Devices and Mount Points6.3. Managing Software RAID6.3.1. Reviewing RAID Configuration6.3.2. Creating a New RAID Device6.3.3. Replacing a Faulty Device6.3.4. Extending a RAID Device6.3.5. Removing a RAID Device6.3.6. Preserving the Configuration6.4. Additional Resources6.4.1. Installed Documentation7. Swap Space7.1. What is Swap Space?7.2. Adding Swap Space7.2.1. Extending Swap on an LVM2 Logical Volume7.2.2. Creating an LVM2 Logical Volume for Swap7.2.3. Creating a Swap File7.3. Removing Swap Space7.3.1. Reducing Swap on an LVM2 Logical Volume7.3.2. Removing an LVM2 Logical Volume for Swap7.3.3. Removing a Swap File7.4. Moving Swap Space8. Managing Disk Storage8.1. Standard Partitions using parted8.1.1. Viewing the Partition Table8.1.2. Creating a Partition8.1.3. Removing a Partition8.1.4. Resizing a Partition8.2. LVM Partition Management9. Implementing Disk Quotas9.1. Configuring Disk Quotas9.1.1. Enabling Quotas9.1.2. Remounting the File Systems9.1.3. Creating the Quota Database Files9.1.4. Assigning Quotas per User9.1.5. Assigning Quotas per Group9.1.6. Setting the Grace Period for Soft Limits9.2. Managing Disk Quotas9.2.1. Enabling and Disabling9.2.2. Reporting on Disk Quotas9.2.3. Keeping Quotas Accurate9.3. Additional Resources9.3.1. Installed Documentation9.3.2. Related Books10. Access Control Lists10.1. Mounting File Systems10.1.1. NFS10.2. Setting Access ACLs10.3. Setting Default ACLs10.4. Retrieving ACLs10.5. Archiving File Systems With ACLs10.6. Compatibility with Older Systems10.7. Additional Resources10.7.1. Installed Documentation10.7.2. Useful Websites11. LVM (Logical Volume Manager)11.1. What is LVM?11.1.1. What is LVM2?11.2. LVM Configuration11.3. Automatic Partitioning11.4. Manual LVM Partitioning11.4.1. Creating the /boot Partition11.4.2. Creating the LVM Physical Volumes11.4.3. Creating the LVM Volume Groups11.4.4. Creating the LVM Logical Volumes11.5. Using the LVM utility system-config-lvm11.5.1. Utilizing uninitialized entities11.5.2. Adding Unallocated Volumes to a volume group11.5.3. Migrating extents11.5.4. Adding a new hard disk using LVM11.5.5. Adding a new volume group11.5.6. Extending a volume group11.5.7. Editing a Logical Volume11.6. Additional Resources11.6.1. Installed Documentation11.6.2. Useful WebsitesII. Package Management12. Package Management with RPM12.1. RPM Design Goals12.2. Using RPM12.2.1. Finding RPM Packages12.2.2. Installing12.2.3. Uninstalling12.2.4. Upgrading12.2.5. Freshening12.2.6. Querying12.2.7. Verifying12.3. Checking a Package's Signature12.3.1. Importing Keys12.3.2. Verifying Signature of Packages12.4. Practical and Common Examples of RPM Usage12.5. Additional Resources12.5.1. Installed Documentation12.5.2. Useful Websites12.5.3. Related Books13. Package Management Tool13.1. Listing and Analyzing Packages13.2. Installing and Removing Packages14. YUM (Yellowdog Updater Modified)14.1. Setting Up a Yum Repository14.2.  yum Commands14.3.  yum Options14.4. Configuring yum 14.4.1.  [main] Options14.4.2.  [repository] Options14.5. Useful yum Variables15. Registering a System and Managing Subscriptions15.1. Using Red Hat Subscription Manager Tools15.1.1. Launching the Red Hat Subscription Manager GUI15.1.2. Running the subscription-manager Command-Line Tool15.2. Registering and Unregistering a System15.2.1. Registering from the GUI15.2.2. Registering from the Command Line15.2.3. Unregistering15.3. Attaching and Removing Subscriptions15.3.1. Attaching and Removing Subscriptions through the GUI15.3.2. Attaching and Removing Subscriptions through the Command Line15.4. Redeeming Vendor Subscriptions15.4.1. Redeeming Subscriptions through the GUI15.4.2. Redeeming Subscriptions through the Command Line15.5. Attaching Subscriptions from a Subscription Asset Manager Activation Key15.6. Setting Preferences for Systems15.6.1. Setting Preferences in the UI15.6.2. Setting Service Levels Through the Command Line15.6.3. Setting a Preferred Operating System Release Version in the Command Line15.6.4. Removing a Preference15.7. Managing Subscription Expiration and NotificationsIII. Network-Related Configuration16. Network Interfaces16.1. Network Configuration Files16.2. Interface Configuration Files16.2.1. Ethernet Interfaces16.2.2. IPsec Interfaces16.2.3. Channel Bonding Interfaces16.2.4. Alias and Clone Files16.2.5. Dialup Interfaces16.2.6. Other Interfaces16.3. Interface Control Scripts16.4. Static Routes and the Default Gateway16.5. Network Function Files16.6. Additional Resources16.6.1. Installed Documentation17. Network Configuration17.1. Overview17.2. Establishing an Ethernet Connection17.3. Establishing an ISDN Connection17.4. Establishing a Modem Connection17.5. Establishing an xDSL Connection17.6. Establishing a Token Ring Connection17.7. Establishing a Wireless Connection17.8. Managing DNS Settings17.9. Managing Hosts17.10. Working with Profiles17.11. Device Aliases17.12. Saving and Restoring the Network Configuration18. Controlling Access to Services18.1. Runlevels18.2. TCP Wrappers18.2.1. xinetd18.3. Services Configuration Tool18.4. ntsysv18.5. chkconfig18.6. Additional Resources18.6.1. Installed Documentation18.6.2. Useful Websites19. Berkeley Internet Name Domain (BIND)19.1. Introduction to DNS19.1.1. Nameserver Zones19.1.2. Nameserver Types19.1.3. BIND as a Nameserver19.2.  /etc/named.conf 19.2.1. Common Statement Types19.2.2. Other Statement Types19.2.3. Comment Tags19.3. Zone Files19.3.1. Zone File Directives19.3.2. Zone File Resource Records19.3.3. Example Zone File19.3.4. Reverse Name Resolution Zone Files19.4. Using rndc 19.4.1. Configuring /etc/named.conf 19.4.2. Configuring /etc/rndc.conf 19.4.3. Command Line Options19.5. Advanced Features of BIND19.5.1. DNS Protocol Enhancements19.5.2. Multiple Views19.5.3. Security19.5.4. IP version 619.6. Common Mistakes to Avoid19.7. Additional Resources19.7.1. Installed Documentation19.7.2. Useful Websites19.7.3. Related Books20. OpenSSH20.1. Features of SSH20.1.1. Why Use SSH?20.2. SSH Protocol Versions20.3. Event Sequence of an SSH Connection20.3.1. Transport Layer20.3.2. Authentication20.3.3. Channels20.4. Configuring an OpenSSH Server20.4.1. Requiring SSH for Remote Connections20.5. OpenSSH Configuration Files20.6. Configuring an OpenSSH Client20.6.1. Using the ssh Command20.6.2. Using the scp Command20.6.3. Using the sftp Command20.7. More Than a Secure Shell20.7.1. X11 Forwarding20.7.2. Port Forwarding20.7.3. Generating Key Pairs20.8. Additional Resources20.8.1. Installed Documentation20.8.2. Useful Websites21. Network File System (NFS)21.1. How It Works21.1.1. Required Services21.2. NFS Client Configuration21.2.1. Mounting NFS File Systems using /etc/fstab21.3. autofs21.3.1. What's new in autofs version 5?21.3.2. autofs Configuration21.3.3. autofs Common Tasks21.4. Common NFS Mount Options21.5. Starting and Stopping NFS21.6. NFS Server Configuration21.6.1. Exporting or Sharing NFS File Systems21.6.2. Command Line Configuration21.6.3. Running NFS Behind a Firewall21.6.4. Hostname Formats21.7. The /etc/exports Configuration File21.7.1. The exportfs Command21.8. Securing NFS21.8.1. Host Access21.8.2. File Permissions21.9. NFS and portmap21.9.1. Troubleshooting NFS and portmap21.10. Using NFS over TCP21.11. Additional Resources21.11.1. Installed Documentation21.11.2. Useful Websites21.11.3. Related Books22. Samba22.1. Introduction to Samba22.1.1. Samba Features22.2. Samba Daemons and Related Services22.2.1. Samba Daemons22.3. Connecting to a Samba Share22.3.1. Command Line22.3.2. Mounting the Share22.4. Configuring a Samba Server22.4.1. Graphical Configuration22.4.2. Command Line Configuration22.4.3. Encrypted Passwords22.5. Starting and Stopping Samba22.6. Samba Server Types and the smb.conf File22.6.1. Stand-alone Server22.6.2. Domain Member Server22.6.3. Domain Controller22.7. Samba Security Modes22.7.1. User-Level Security22.7.2. Share-Level Security22.8. Samba Account Information Databases22.9. Samba Network Browsing22.9.1. Domain Browsing22.9.2. WINS (Windows Internetworking Name Server)22.10. Samba with CUPS Printing Support22.10.1. Simple smb.conf Settings22.11. Samba Distribution Programs22.12. Additional Resources22.12.1. Installed Documentation22.12.2. Related Books22.12.3. Useful Websites23. Dynamic Host Configuration Protocol (DHCP)23.1. Why Use DHCP?23.2. Configuring a DHCP Server23.2.1. Configuration File23.2.2. Lease Database23.2.3. Starting and Stopping the Server23.2.4. DHCP Relay Agent23.3. Configuring a DHCP Client23.4. Configuring a Multihomed DHCP Server23.4.1. Host Configuration23.5. Additional Resources23.5.1. Installed Documentation24. Apache HTTP Server24.1. Apache HTTP Server 2.224.1.1. Features of Apache HTTP Server 2.224.2. Migrating Apache HTTP Server Configuration Files24.2.1. Migrating Apache HTTP Server 2.0 Configuration Files24.2.2. Migrating Apache HTTP Server 1.3 Configuration Files to 2.024.3. Starting and Stopping httpd24.4. Apache HTTP Server Configuration24.4.1. Basic Settings24.4.2. Default Settings24.5. Configuration Directives in httpd.conf24.5.1. General Configuration Tips24.5.2. Configuration Directives for SSL24.5.3. MPM Specific Server-Pool Directives24.6. Adding Modules24.7. Virtual Hosts24.7.1. Setting Up Virtual Hosts24.8. Apache HTTP Secure Server Configuration24.8.1. An Overview of Security-Related Packages24.8.2. An Overview of Certificates and Security24.8.3. Using Pre-Existing Keys and Certificates24.8.4. Types of Certificates24.8.5. Generating a Key24.8.6. How to configure the server to use the new key24.9. Additional Resources24.9.1. Useful Websites25. FTP25.1. The File Transfer Protocol25.1.1. Multiple Ports, Multiple Modes25.2. FTP Servers25.2.1. vsftpd25.3. Files Installed with vsftpd25.4. Starting and Stopping vsftpd25.4.1. Starting Multiple Copies of vsftpd25.5. vsftpd Configuration Options25.5.1. Daemon Options25.5.2. Log In Options and Access Controls25.5.3. Anonymous User Options25.5.4. Local User Options25.5.4. Local User Options25.5.5. Directory Options25.5.6. File Transfer Options25.5.7. Logging Options25.5.8. Network Options25.6. Additional Resources25.6.1. Installed Documentation25.6.2. Useful Websites26. Email26.1. Email Protocols26.1.1. Mail Transport Protocols26.1.2. Mail Access Protocols26.2. Email Program Classifications26.2.1. Mail Transport Agent26.2.2. Mail Delivery Agent26.2.3. Mail User Agent26.3. Mail Transport Agents26.3.1. Sendmail26.3.2. Postfix26.3.3. Fetchmail26.4. Mail Transport Agent (MTA) Configuration26.5. Mail Delivery Agents26.5.1. Procmail Configuration26.5.2. Procmail Recipes26.6. Mail User Agents26.6.1. Securing Communication26.7. Additional Resources26.7.1. Installed Documentation26.7.2. Useful Websites26.7.3. Related Books27. Lightweight Directory Access Protocol (LDAP)27.1. Why Use LDAP?27.1.1. OpenLDAP Features27.2. LDAP Terminology27.3. OpenLDAP Daemons and Utilities27.3.1. NSS, PAM, and LDAP27.3.2. PHP4, LDAP, and the Apache HTTP Server27.3.3. LDAP Client Applications27.4. OpenLDAP Configuration Files27.5. The /etc/openldap/schema/ Directory27.6. OpenLDAP Setup Overview27.6.1. Editing /etc/openldap/slapd.conf27.7. Configuring a System to Authenticate Using OpenLDAP27.7.1. PAM and LDAP27.7.2. Migrating Old Authentication Information to LDAP Format27.8. Migrating Directories from Earlier Releases27.9. Additional Resources27.9.1. Installed Documentation27.9.2. Useful Websites27.9.3. Related Books28. Authentication Configuration28.1. User Information28.2. Authentication28.3. Options28.4. Command Line Version29. Using and Caching Credentials with SSSD29.1. About the sssd.conf File29.2. Starting and Stopping SSSD29.3. Configuring SSSD to Work with System Services29.3.1. Configuring NSS Services29.3.2. Configuring the PAM Service29.4. Creating Domains29.4.1. General Rules and Options for Configuring a Domain29.4.2. Configuring an LDAP Domain29.4.3. Configuring Kerberos Authentication with a Domain29.4.4. Configuring a Proxy Domain29.5. Configuring Access Control for SSSD Domains29.5.1. Using the Simple Access Provider29.5.2. Using the LDAP Access Filter29.6. Configuring Domain Failover29.6.1. Configuring Failover29.6.2. Using SRV Records with Failover29.7. Deleting Domain Cache Files29.8. Using NSCD with SSSD29.9. Troubleshooting SSSD29.9.1. Checking SSSD Log Files29.9.2. Problems with SSSD ConfigurationIV. System Configuration30. Console Access30.1. Disabling Shutdown Via Ctrl+Alt+Del30.2. Disabling Console Program Access30.3. Defining the Console30.4. Making Files Accessible From the Console30.5. Enabling Console Access for Other Applications30.6. The floppy Group31. The sysconfig Directory31.1. Files in the /etc/sysconfig/ Directory31.1.1. /etc/sysconfig/amd31.1.2. /etc/sysconfig/apmd31.1.3. /etc/sysconfig/arpwatch31.1.4. /etc/sysconfig/authconfig31.1.5. /etc/sysconfig/autofs31.1.6. /etc/sysconfig/clock31.1.7. /etc/sysconfig/desktop31.1.8. /etc/sysconfig/dhcpd31.1.9. /etc/sysconfig/exim31.1.10. /etc/sysconfig/firstboot31.1.11. /etc/sysconfig/gpm31.1.12. /etc/sysconfig/hwconf31.1.13. /etc/sysconfig/i18n31.1.14. /etc/sysconfig/init31.1.15. /etc/sysconfig/ip6tables-config31.1.16. /etc/sysconfig/iptables-config31.1.17. /etc/sysconfig/irda31.1.18. /etc/sysconfig/keyboard31.1.19. /etc/sysconfig/kudzu31.1.20. /etc/sysconfig/named31.1.21. /etc/sysconfig/network31.1.22. /etc/sysconfig/nfs31.1.23. /etc/sysconfig/ntpd31.1.24. /etc/sysconfig/radvd31.1.25. /etc/sysconfig/samba31.1.26. /etc/sysconfig/selinux31.1.27. /etc/sysconfig/sendmail31.1.28. /etc/sysconfig/spamassassin31.1.29. /etc/sysconfig/squid31.1.30. /etc/sysconfig/system-config-securitylevel31.1.31. /etc/sysconfig/system-config-selinux31.1.32. /etc/sysconfig/system-config-users31.1.33. /etc/sysconfig/system-logviewer31.1.34. /etc/sysconfig/tux31.1.35. /etc/sysconfig/vncservers31.1.36. /etc/sysconfig/xinetd31.2. Directories in the /etc/sysconfig/ Directory31.3. Additional Resources31.3.1. Installed Documentation32. Date and Time Configuration32.1. Time and Date Properties32.2. Network Time Protocol (NTP) Properties32.3. Time Zone Configuration33. Keyboard Configuration34. The X Window System34.1. The X11R7.1 Release34.2. Desktop Environments and Window Managers34.2.1. Desktop Environments34.2.2. Window Managers34.3. X Server Configuration Files34.3.1. xorg.conf34.4. Fonts34.4.1. Fontconfig34.4.2. Core X Font System34.5. Runlevels and X34.5.1. Runlevel 334.5.2. Runlevel 534.6. Additional Resources34.6.1. Installed Documentation34.6.2. Useful Websites35. X Window System Configuration35.1. Display Settings35.2. Display Hardware Settings35.3. Dual Head Display Settings36. Users and Groups36.1. User and Group Configuration36.1.1. Adding a New User36.1.2. Modifying User Properties36.1.3. Adding a New Group36.1.4. Modifying Group Properties36.2. User and Group Management Tools36.2.1. Command Line Configuration36.2.2. Adding a User36.2.3. Adding a Group36.2.4. Password Aging36.2.5. Explaining the Process36.3. Standard Users36.4. Standard Groups36.5. User Private Groups36.5.1. Group Directories36.6. Shadow Passwords36.7. Additional Resources36.7.1. Installed Documentation37. Printer Configuration37.1. Adding a Local Printer37.2. Adding an IPP Printer37.3. Adding a Samba (SMB) Printer37.4. Adding a JetDirect Printer37.5. Selecting the Printer Model and Finishing37.5.1. Confirming Printer Configuration37.6. Printing a Test Page37.7. Modifying Existing Printers37.7.1. The Settings Tab37.7.2. The Policies Tab37.7.3. The Access Control Tab37.7.4. The Printer and Job OptionsTab37.8. Managing Print Jobs37.9. Additional Resources37.9.1. Installed Documentation37.9.2. Useful Websites38. Automated Tasks38.1. Cron38.1.1. Configuring Cron Jobs38.1.2. Controlling Access to Cron38.1.3. Starting and Stopping the Service38.2. At and Batch38.2.1. Configuring At Jobs38.2.2. Configuring Batch Jobs38.2.3. Viewing Pending Jobs38.2.4. Additional Command Line Options38.2.5. Controlling Access to At and Batch38.2.6. Starting and Stopping the Service38.3. Additional Resources38.3.1. Installed Documentation39. Log Files39.1. Locating Log Files39.2. Viewing Log Files39.3. Adding a Log File39.4. Monitoring Log FilesV. System Monitoring40. SystemTap40.1. Introduction40.2. Implementation40.3. Using SystemTap40.3.1.  Tracing 41. Gathering System Information41.1. System Processes41.2. Memory Usage41.3. File Systems41.4. Hardware41.5. Additional Resources41.5.1. Installed Documentation42. OProfile42.1. Overview of Tools42.2. Configuring OProfile42.2.1. Specifying the Kernel42.2.2. Setting Events to Monitor42.2.3. Separating Kernel and User-space Profiles42.3. Starting and Stopping OProfile42.4. Saving Data42.5. Analyzing the Data42.5.1. Using opreport42.5.2. Using opreport on a Single Executable42.5.3. Getting more detailed output on the modules42.5.4. Using opannotate42.6. Understanding /dev/oprofile/42.7. Example Usage42.8. Graphical Interface42.9. Additional Resources42.9.1. Installed Docs42.9.2. Useful WebsitesVI. Kernel and Driver Configuration43. Manually Upgrading the Kernel43.1. Overview of Kernel Packages43.2. Preparing to Upgrade43.3. Downloading the Upgraded Kernel43.4. Performing the Upgrade43.5. Verifying the Initial RAM Disk Image43.6. Verifying the Boot Loader43.6.1. x86 Systems43.6.2. Itanium Systems43.6.3. IBM S/390 and IBM System z Systems43.6.4. IBM eServer iSeries Systems43.6.5. IBM eServer pSeries Systems44. General Parameters and Modules44.1. Kernel Module Utilities44.2. Persistent Module Loading44.3. Specifying Module Parameters44.4. Storage parameters44.5. Ethernet Parameters44.5.1. Using Multiple Ethernet Cards44.5.2. The Channel Bonding Module44.6. Additional Resources44.6.1. Installed Documentation44.6.2. Useful Websites45. The kdump Crash Recovery Service45.1. Installing the kdump Service45.2. Configuring the kdump Service45.2.1. Configuring kdump at First Boot45.2.2. Using the Kernel Dump Configuration Utility45.2.3. Configuring kdump on the Command Line45.2.4. Testing the Configuration45.3. Analyzing the Core Dump45.3.1. Displaying the Message Buffer45.3.2. Displaying a Backtrace45.3.3. Displaying a Process Status45.3.4. Displaying Virtual Memory Information45.3.5. Displaying Open Files45.4. Additional Resources45.4.1. Installed Documentation45.4.2. Useful WebsitesVII. Security And Authentication46. Security Overview46.1. Introduction to Security46.1.1. What is Computer Security?46.1.2. Security Controls46.1.3. Conclusion46.2. Vulnerability Assessment46.2.1. Thinking Like the Enemy46.2.2. Defining Assessment and Testing46.2.3. Evaluating the Tools46.3. Attackers and Vulnerabilities46.3.1. A Quick History of Hackers46.3.2. Threats to Network Security46.3.3. Threats to Server Security46.3.4. Threats to Workstation and Home PC Security46.4. Common Exploits and Attacks46.5. Security Updates46.5.1. Updating Packages47. Securing Your Network47.1. Workstation Security47.1.1. Evaluating Workstation Security47.1.2. BIOS and Boot Loader Security47.1.3. Password Security47.1.4. Administrative Controls47.1.5. Available Network Services47.1.6. Personal Firewalls47.1.7. Security Enhanced Communication Tools47.2. Server Security47.2.1. Securing Services With TCP Wrappers and xinetd47.2.2. Securing Portmap47.2.3. Securing NIS47.2.4. Securing NFS47.2.5. Securing the Apache HTTP Server47.2.6. Securing FTP47.2.7. Securing Sendmail47.2.8. Verifying Which Ports Are Listening47.3. Single Sign-on (SSO)47.3.1. Introduction47.3.2. Getting Started with your new Smart Card47.3.3. How Smart Card Enrollment Works47.3.4. How Smart Card Login Works47.3.5. Configuring Firefox to use Kerberos for SSO47.4. Pluggable Authentication Modules (PAM)47.4.1. Advantages of PAM47.4.2. PAM Configuration Files47.4.3. PAM Configuration File Format47.4.4. Sample PAM Configuration Files47.4.5. Creating PAM Modules47.4.6. PAM and Administrative Credential Caching47.4.7. PAM and Device Ownership47.4.8. Additional Resources47.5. TCP Wrappers and xinetd47.5.1. TCP Wrappers47.5.2. TCP Wrappers Configuration Files47.5.3. xinetd47.5.4. xinetd Configuration Files47.5.5. Additional Resources47.6. Kerberos47.6.1. What is Kerberos?47.6.2. Kerberos Terminology47.6.3. How Kerberos Works47.6.4. Kerberos and PAM47.6.5. Configuring a Kerberos 5 Server47.6.6. Configuring a Kerberos 5 Client47.6.7. Domain-to-Realm Mapping47.6.8. Setting Up Secondary KDCs47.6.9. Setting Up Cross Realm Authentication47.6.10. Additional Resources47.7. Virtual Private Networks (VPNs)47.7.1. How Does a VPN Work?47.7.2. VPNs and Red Hat Enterprise Linux47.7.3. IPsec47.7.4. Creating an IPsec Connection47.7.5. IPsec Installation47.7.6. IPsec Host-to-Host Configuration47.7.7. IPsec Network-to-Network Configuration47.7.8. Starting and Stopping an IPsec Connection47.8. Firewalls47.8.1. Netfilter and IPTables47.8.2. Basic Firewall Configuration47.8.3. Using IPTables47.8.4. Common IPTables Filtering47.8.5. FORWARD and NAT Rules47.8.6. Malicious Software and Spoofed IP Addresses47.8.7. IPTables and Connection Tracking47.8.8. IPv647.8.9. Additional Resources47.9. IPTables47.9.1. Packet Filtering47.9.2. Differences Between IPTables and IPChains47.9.3. Command Options for IPTables47.9.4. Saving IPTables Rules47.9.5. IPTables Control Scripts47.9.6. IPTables and IPv647.9.7. Additional Resources48. Security and SELinux48.1. Access Control Mechanisms (ACMs)48.1.1. Discretionary Access Control (DAC)48.1.2. Access Control Lists (ACLs)48.1.3. Mandatory Access Control (MAC)48.1.4. Role-based Access Control (RBAC)48.1.5. Multi-Level Security (MLS)48.1.6. Multi-Category Security (MCS)48.2. Introduction to SELinux48.2.1. SELinux Overview48.2.2. Files Related to SELinux48.2.3. Additional Resources48.3. Brief Background and History of SELinux48.4. Multi-Category Security (MCS)48.4.1. Introduction48.4.2. Applications for Multi-Category Security48.4.3. SELinux Security Contexts48.5. Getting Started with Multi-Category Security (MCS)48.5.1. Introduction48.5.2. Comparing SELinux and Standard Linux User Identities48.5.3. Configuring Categories48.5.4. Assigning Categories to Users48.5.5. Assigning Categories to Files48.6. Multi-Level Security (MLS)48.6.1. Why Multi-Level?48.6.2. Security Levels, Objects and Subjects48.6.3. MLS Policy48.6.4. Enabling MLS in SELinux48.6.5. LSPP Certification48.7. SELinux Policy Overview48.7.1. What is the SELinux Policy?48.7.2. Where is the Policy?48.7.3. The Role of Policy in the Boot Process48.7.4. Object Classes and Permissions48.8. Targeted Policy Overview48.8.1. What is the Targeted Policy?48.8.2. Files and Directories of the Targeted Policy48.8.3. Understanding the Users and Roles in the Targeted Policy49. Working With SELinux49.1. End User Control of SELinux49.1.1. Moving and Copying Files49.1.2. Checking the Security Context of a Process, User, or File Object49.1.3. Relabeling a File or Directory49.1.4. Creating Archives That Retain Security Contexts49.2. Administrator Control of SELinux49.2.1. Viewing the Status of SELinux49.2.2. Relabeling a File System49.2.3. Managing NFS Home Directories49.2.4. Granting Access to a Directory or a Tree49.2.5. Backing Up and Restoring the System49.2.6. Enabling or Disabling Enforcement49.2.7. Enable or Disable SELinux49.2.8. Changing the Policy49.2.9. Specifying the Security Context of Entire File Systems49.2.10. Changing the Security Category of a File or User49.2.11. Running a Command in a Specific Security Context49.2.12. Useful Commands for Scripts49.2.13. Changing to a Different Role49.2.14. When to Reboot49.3. Analyst Control of SELinux49.3.1. Enabling Kernel Auditing49.3.2. Dumping and Viewing Logs50. Customizing SELinux Policy50.1. Introduction50.1.1. Modular Policy50.2. Building a Local Policy Module50.2.1. Using audit2allow to Build a Local Policy Module50.2.2. Analyzing the Type Enforcement (TE) File50.2.3. Loading the Policy Package51. ReferencesVIII. Red Hat Training And Certification52. Red Hat Training and Certification 52.1. Three Ways to Train52.2. Microsoft Certified Professional Resource Center53. Certification Tracks53.1. Free Pre-assessment tests54. RH033: Red Hat Linux Essentials54.1. Course Description54.1.1. Prerequisites54.1.2. Goal54.1.3. Audience54.1.4. Course Objectives54.1.5. Follow-on Courses55. RH035: Red Hat Linux Essentials for Windows Professionals55.1. Course Description55.1.1. Prerequisites55.1.2. Goal55.1.3. Audience 55.1.4. Course Objectives55.1.5. Follow-on Courses56. RH133: Red Hat Linux System Administration and Red Hat Certified Technician (RHCT) Certification56.1. Course Description56.1.1. Prerequisites56.1.2. Goal56.1.3. Audience56.1.4. Course Objectives56.1.5. Follow-on Courses57. RH202 RHCT EXAM - The fastest growing credential in all of Linux.57.1. Course Description57.1.1. Prerequisites58. RH253 Red Hat Linux Networking and Security Administration58.1. Course Description58.1.1. Prerequisites58.1.2. Goal58.1.3. Audience 58.1.4. Course Objectives 58.1.5. Follow-on Courses59. RH300: RHCE Rapid track course (and RHCE exam)59.1. Course Description59.1.1. Prerequisites59.1.2. Goal59.1.3. Audience 59.1.4. Course Objectives 59.1.5. Follow-on Courses60. RH302 RHCE EXAM60.1. Course Description60.1.1. Prerequisites60.1.2. Content61. RHS333: RED HAT enterprise security: network services61.1. Course Description61.1.1. Prerequisites61.1.2. Goal61.1.3. Audience 61.1.4. Course Objectives61.1.5. Follow-on Courses62. RH401: Red Hat Enterprise Deployment and systems management62.1. Course Description62.1.1. Prerequisites62.1.2. Goal62.1.3. Audience 62.1.4. Course Objectives62.1.5. Follow-on Courses63. RH423: Red Hat Enterprise Directory services and authentication63.1. Course Description63.1.1. Prerequisites63.1.2. Goal63.1.3. Audience 63.1.4. Course Objectives63.1.5. Follow-on Courses64. SELinux Courses64.1. RHS427: Introduction to SELinux and Red Hat Targeted Policy64.1.1. Audience64.1.2. Course Summary64.2. RHS429: Red Hat Enterprise SELinux Policy Administration 65. RH436: Red Hat Enterprise storage management65.1. Course Description65.1.1. Prerequisites65.1.2. Goal65.1.3. Audience 65.1.4. Course Objectives65.1.5. Follow-on Courses66. RH442: Red Hat Enterprise system monitoring and performance tuning66.1. Course Description66.1.1. Prerequisites66.1.2. Goal66.1.3. Audience 66.1.4. Course Objectives66.1.5. Follow-on Courses67. Red Hat Enterprise Linux Developer Courses67.1. RHD143: Red Hat Linux Programming Essentials 67.2. RHD221 Red Hat Linux Device Drivers 67.3. RHD236 Red Hat Linux Kernel Internals 67.4. RHD256 Red Hat Linux Application Development and Porting68. JBoss Courses68.1. RHD161 JBoss and EJB3 for Java68.1.1. Prerequisites68.2. RHD163 JBoss for Web Developers 68.2.1. Prerequisites68.3. RHD167: JBOSS - HIBERNATE ESSENTIALS68.3.1. Prerequisites68.3.2. Course Summary68.4. RHD267: JBOSS - ADVANCED HIBERNATE68.4.1. Prerequisites68.5. RHD261:JBOSS for advanced J2EE developers68.5.1. Prerequisites68.6. RH336: JBOSS for Administrators68.6.1. Prerequisites68.6.2. Course Summary68.7. RHD439: JBoss Clustering68.7.1. Prerequisites 68.8. RHD449: JBoss jBPM 68.8.1. Description 68.8.2. Prerequisites68.9. RHD451 JBoss Rules68.9.1. PrerequisitesA. Revision HistoryB. ColophonNext

25.5.4. Local User Options

The following lists directives which characterize the way local users access the server. To use these options, the local_enable directive must be set to YES.chmod_enable — When enabled, the FTP command SITE CHMOD is allowed for local users. This command allows the users to change the permissions on files.The default value is YES.chroot_list_enable — When enabled, the local users listed in the file specified in thechroot_list_file directive are placed in a chroot jail upon log in.If enabled in conjunction with the chroot_local_user directive, the local users listed in the file specified in the chroot_list_file directive are not placed in a chroot jail upon log in.The default value is NO.chroot_list_file — Specifies the file containing a list of local users referenced when the chroot_list_enable directive is set to YES.The default value is /etc/vsftpd.chroot_list.chroot_local_user — When enabled, local users are change-rooted to their home directories after logging in.The default value is NO.

Warning

Enabling chroot_local_user opens up a number of security issues, especially for users with upload privileges. For this reason, it is not recommended.guest_enable — When enabled, all non-anonymous users are logged in as the user guest, which is the local user specified in the guest_username directive.The default value is NO.guest_username — Specifies the username the guest user is mapped to.The default value is ftp.local_root — Specifies the directory vsftpd changes to after a local user logs in.There is no default value for this directive.local_umask — Specifies the umask value for file creation. Note that the default value is in octal form (a numerical system with a base of eight), which includes a "0" prefix. Otherwise the value is treated as a base-10 integer.The default value is 022.passwd_chroot_enable — When enabled in conjunction with the chroot_local_user directive, vsftpd change-roots local users based on the occurrence of the /./ in the home directory field within /etc/passwd.The default value is NO.user_config_dir — Specifies the path to a directory containing configuration files bearing the name of local system users that contain specific setting for that user. Any directive in the user's configuration file overrides those found in /etc/vsftpd/vsftpd.conf.There is no default value for this directive


. Directory Options

The following lists directives which affect directories.dirlist_enable — When enabled, users are allowed to view directory lists.The default value is YES.dirmessage_enable — When enabled, a message is displayed whenever a user enters a directory with a message file. This message resides within the current directory. The name of this file is specified in the message_file directive and is .message by default.The default value is NO. On Red Hat Enterprise Linux 5.9, this option is set to YES in the configuration file.force_dot_files — When enabled, files beginning with a dot (.) are listed in directory listings, with the exception of the . and .. files.The default value is NO.hide_ids — When enabled, all directory listings show ftp as the user and group for each file.The default value is NO.message_file — Specifies the name of the message file when using the dirmessage_enable directive.The default value is .message.text_userdb_names — When enabled, text usernames and group names are used in place of UID and GID entries. Enabling this option may slow performance of the server.The default value is NO.use_localtime — When enabled, directory listings reveal the local time for the computer instead of GMT.The default value is NO