[deployment-guide: 34/185] Implemented the reviewed table of contents.

commit b082fb39c29c7717e1c29eaddb4eaf1f9b95ad23 Author: Jaromir Hradilek <jhradile(a)redhat.com&gt; Date: Mon Jan 24 19:07:39 2011 +0100 Implemented the reviewed table of contents. Dear translators, if you are reading this message, please, do not hate me for this change. Trust me, my intention was not to make your life any harder, but I am really convinced that this change is worth all the troubles. Nevertheless, accept my sincere apologies. Kind regards, Jaromir Hradilek ...T.xml => Automatic_Bug_Reporting_Tool_ABRT.xml} | 4 +- ...mated_Tasks.xml => Automating_System_Tasks.xml} | 8 +- en-US/{The_BIND_DNS_Server.xml => BIND.xml} | 276 ++++------------- ...guration.xml => Configuring_Authentication.xml} | 12 +- ...guration_Protocol_DHCP.xml => DHCP_Servers.xml} | 9 +- en-US/DNS_Servers.xml | 176 +++++++++++ en-US/Date_and_Time_Configuration.xml | 4 +- en-US/Deployment_Guide.xml | 223 +++++--------- en-US/Directory_Servers.xml | 8 + en-US/FTP.xml | 69 ++-- en-US/File_and_Print_Servers.xml | 8 + en-US/Introduction.xml | 73 +++-- en-US/{Email.xml => Mail_Servers.xml} | 11 +- ...nd_Groups.xml => Managing_Users_and_Groups.xml} | 4 +- ...etwork_Configuration.xml => NetworkManager.xml} | 7 +- en-US/Network_Interfaces.xml | 6 +- ...ctory_Access_Protocol_LDAP.xml => OpenLDAP.xml} | 74 +++--- en-US/OpenSSH.xml | 4 +- en-US/PackageKit.xml | 2 +- en-US/Printer_Configuration.xml | 41 ++-- en-US/RPM.xml | 6 +- en-US/Samba.xml | 165 +++++----- ...ss_to_Services.xml => Services_and_Daemons.xml} | 4 +- ...Information.xml => System_Monitoring_Tools.xml} | 5 +- en-US/The_Apache_HTTP_Server.xml | 330 ++++++++++---------- en-US/The_X_Window_System.xml | 8 +- en-US/The_kdump_Crash_Recovery_Service.xml | 4 +- en-US/The_proc_File_System.xml | 4 +- en-US/The_sysconfig_Directory.xml | 18 +- ...iles.xml => Viewing_and_Managing_Log_Files.xml} | 4 +- en-US/Web_Servers.xml | 18 + 31 files changed, 785 insertions(+), 800 deletions(-) --- diff --git a/en-US/ABRT.xml b/en-US/Automatic_Bug_Reporting_Tool_ABRT.xml similarity index 99% rename from en-US/ABRT.xml rename to en-US/Automatic_Bug_Reporting_Tool_ABRT.xml index fb2cc5d..e928396 100644 --- a/en-US/ABRT.xml +++ b/en-US/Automatic_Bug_Reporting_Tool_ABRT.xml @@ -2,7 +2,7 @@ <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> <chapter id="ch-abrt"> - <title>ABRT</title> + <title>Automatic Bug-Reporting Tool (ABRT)</title> <section> <title>Overview</title> <para> @@ -734,7 +734,7 @@ WatchCrashdumpArchiveDir = /var/spool/abrt-upload/ </listitem> <listitem> <para> - Determine your preferred upload mechanism; for example, <systemitem class="protocol">FTP</systemitem> or <systemitem class="protocol">SCP</systemitem>. For more information on how to configure <systemitem class="protocol">FTP</systemitem>, refer to <xref linkend="ch-FTP"/>. For more information on how to configure <systemitem class="protocol">SCP</systemitem>, refer to <xref linkend="s2-ssh-clients-scp"/>. + Determine your preferred upload mechanism; for example, <systemitem class="protocol">FTP</systemitem> or <systemitem class="protocol">SCP</systemitem>. For more information on how to configure <systemitem class="protocol">FTP</systemitem>, refer to <xref linkend="s1-FTP" />. For more information on how to configure <systemitem class="protocol">SCP</systemitem>, refer to <xref linkend="s2-ssh-clients-scp"/>. </para> <para> For security reasons, make sure that uploads can only be performed by a specific user and with a password. The rest of the document assumes that the username used for uploads is <systemitem class="username">USERNAME</systemitem> and the password is <literal>PASSWORD</literal>. If you do not already have a suitable username which can be used to perform uploads under, you may use the <systemitem class="username">abrt</systemitem> user which already exists on every system where <application>ABRT</application> is installed. diff --git a/en-US/Automated_Tasks.xml b/en-US/Automating_System_Tasks.xml similarity index 98% rename from en-US/Automated_Tasks.xml rename to en-US/Automating_System_Tasks.xml index 42dbb6f..6b366d6 100644 --- a/en-US/Automated_Tasks.xml +++ b/en-US/Automating_System_Tasks.xml @@ -1,8 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="ch-Automated_Tasks"> - <title>Automated Tasks</title> +<chapter id="ch-Automating_System_Tasks"> + <title>Automating System Tasks</title> <indexterm significance="normal"> <primary>Automated Tasks</primary> </indexterm> @@ -27,7 +27,7 @@ <para>To use the cron service, the <filename>cronie</filename> RPM package must be installed and the <command>crond</command> service must be running. <filename>anacron</filename> is a sub-package of <filename>cronie</filename>. To determine if these packages are installed, use the <command>rpm -q cronie cronie-anacron</command> command. </para> <section id="s2-autotasks-cron-service"> <title>Starting and Stopping the Service</title> - <para>To determine if the service is running, use the command <command>/sbin/service crond status</command>. To start the cron service, use the command <command>/sbin/service crond start</command>. To stop the service, use the command <command>/sbin/service crond stop</command>. It is recommended that you start the service at boot time. Refer to <xref linkend="ch-Controlling_Access_to_Services"/> for details on starting the cron service automatically at boot time.</para> + <para>To determine if the service is running, use the command <command>/sbin/service crond status</command>. To start the cron service, use the command <command>/sbin/service crond start</command>. To stop the service, use the command <command>/sbin/service crond stop</command>. It is recommended that you start the service at boot time. Refer to <xref linkend="ch-Services_and_Daemons" /> for details on starting the cron service automatically at boot time.</para> </section> <section id="s2-configuring-anacron-jobs"> <title>Configuring Anacron Jobs</title> @@ -385,7 +385,7 @@ minute hour day month day of week user command </section> <section id="s2-autotasks-at-batch-service"> <title>Starting and Stopping the Service</title> - <para>To start the <command>at</command> service, use the command <command>/sbin/service atd start</command>. To stop the service, use the command <command>/sbin/service atd stop</command>. It is recommended that you start the service at boot time. Refer to <xref linkend="ch-Controlling_Access_to_Services"/> for details on starting the cron service automatically at boot time.</para> + <para>To start the <command>at</command> service, use the command <command>/sbin/service atd start</command>. To stop the service, use the command <command>/sbin/service atd stop</command>. It is recommended that you start the service at boot time. Refer to <xref linkend="ch-Services_and_Daemons" /> for details on starting the cron service automatically at boot time.</para> </section> </section> <section id="s1-autotasks-additional-resources"> diff --git a/en-US/The_BIND_DNS_Server.xml b/en-US/BIND.xml similarity index 89% rename from en-US/The_BIND_DNS_Server.xml rename to en-US/BIND.xml index 67aaae8..dca773e 100644 --- a/en-US/The_BIND_DNS_Server.xml +++ b/en-US/BIND.xml @@ -1,20 +1,8 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="ch-The_BIND_DNS_Server"> - <title>The BIND DNS Server</title> - <indexterm> - <primary>DNS</primary> - <secondary>definition</secondary> - <seealso>BIND</seealso> - </indexterm> - <indexterm> - <primary>nameserver</primary> - <see>DNS</see> - </indexterm> - <para> - <systemitem class="protocol">DNS</systemitem> (Domain Name System), also known as a <firstterm>nameserver</firstterm>, is a network system that associates hostnames with their respective IP addresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses. For system administrators, using the nameserver allows them to change the IP address for a host without ever affecting the name-based queries, or to decide which machines handle these queries. - </para> +<section id="s1-BIND"> + <title>BIND</title> <indexterm> <primary>Berkeley Internet Name Domain</primary> <see>BIND</see> @@ -22,163 +10,7 @@ <para> This chapter covers <systemitem class="service">BIND</systemitem> (Berkeley Internet Name Domain), the DNS server included in &MAJOROS;. It focuses on the structure of its configuration files, and describes how to administer it both locally and remotely. </para> - <section id="s1-bind-introduction"> - <title>Introduction to DNS</title> - <indexterm> - <primary>root nameserver</primary> - <see>BIND</see> - </indexterm> - <para> - DNS is usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called <firstterm>root nameservers</firstterm>, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name. - </para> - <section id="s2-bind-introduction-zones"> - <title>Nameserver Zones</title> - <indexterm> - <primary>BIND</primary> - <secondary>resource record</secondary> - </indexterm> - <indexterm> - <primary>resource record</primary> - <see>BIND</see> - </indexterm> - <indexterm> - <primary>fully qualified domain name</primary> - </indexterm> - <indexterm> - <primary><acronym>FQDN</acronym></primary> - <see>fully qualified domain name</see> - </indexterm> - <para> - In a DNS server such as BIND, all information is stored in basic data elements called <firstterm>resource records</firstterm> (RR). The resource record is usually a <firstterm>fully qualified domain name</firstterm> (FQDN) of a host, and is broken down into multiple sections organized into a tree-like hierarchy. This hierarchy consists of a main trunk, primary branches, secondary branches, and so on. - </para> - <example id="example-bind-introduction-zones-rr"> - <title>A simple resource record</title> - <screen>bob.sales.example.com</screen> - </example> - <indexterm> - <primary>BIND</primary> - <secondary>zones</secondary> - <tertiary>description</tertiary> - </indexterm> - <para> - Each level of the hierarchy is divided by a period (that is, <literal>.</literal>). In <xref linkend="example-bind-introduction-zones-rr" />, <literal>com</literal> defines the <firstterm>top-level domain</firstterm>, <literal>example</literal> its subdomain, and <literal>sales</literal> the subdomain of <literal>example</literal>. In this case, <literal>bob</literal> identifies a resource record that is part of the <systemitem class="domainname">sales.example.com</systemitem> domain. With the exception of the part furthest to the left (that is, <literal>bob</literal>), each of these sections is called a <firstterm>zone</firstterm> and defines a specific <firstterm>namespace</firstterm>. - </para> - <indexterm> - <primary>BIND</primary> - <secondary>types</secondary> - <tertiary>primary (master) nameserver</tertiary> - </indexterm> - <indexterm> - <primary>BIND</primary> - <secondary>types</secondary> - <tertiary>secondary (slave) nameserver</tertiary> - </indexterm> - <para> - Zones are defined on authoritative nameservers through the use of <firstterm>zone files</firstterm>, which contain definitions of the resource records in each zone. Zone files are stored on <firstterm>primary nameservers</firstterm> (also called <firstterm>master nameservers</firstterm>), where changes are made to the files, and <firstterm>secondary nameservers</firstterm> (also called <firstterm>slave nameservers</firstterm>), which receive zone definitions from the primary nameservers. Both primary and secondary nameservers are authoritative for the zone and look the same to clients. Depending on the configuration, any nameserver can also serve as a primary or secondary server for multiple zones at the same time. - </para> - </section> - <section id="s2-bind-introduction-nameservers"> - <title>Nameserver Types</title> - <para> - There are two nameserver configuration types: - </para> - <variablelist> - <varlistentry> - <term> - <indexterm> - <primary>BIND</primary> - <secondary>types</secondary> - <tertiary>authoritative nameserver</tertiary> - </indexterm> - <indexterm> - <primary>authoritative nameserver</primary> - <see>BIND</see> - </indexterm> - <indexterm> - <primary>BIND</primary> - <secondary>types</secondary> - <tertiary>primary (master) nameserver</tertiary> - </indexterm> - <indexterm> - <primary>primary nameserver</primary> - <see>BIND</see> - </indexterm> - <indexterm> - <primary>BIND</primary> - <secondary>types</secondary> - <tertiary>secondary (slave) nameserver</tertiary> - </indexterm> - <indexterm> - <primary>secondary nameserver</primary> - <see>BIND</see> - </indexterm> - authoritative - </term> - <listitem> - <para> - Authoritative nameservers answer to resource records that are part of their zones only. This category includes both primary (master) and secondary (slave) nameservers. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <indexterm> - <primary>BIND</primary> - <secondary>types</secondary> - <tertiary>recursive nameserver</tertiary> - </indexterm> - <indexterm> - <primary>recursive nameserver</primary> - <see>BIND</see> - </indexterm> - recursive - </term> - <listitem> - <para> - Recursive nameservers offer resolution services, but they are not authoritative for any zone. Answers for all resolutions are cached in a memory for a fixed period of time, which is specified by the retrieved resource record. - </para> - </listitem> - </varlistentry> - </variablelist> - <para> - Although a nameserver can be both authoritative and recursive at the same time, it is recommended not to combine the configuration types. To be able to perform their work, authoritative servers should be available to all clients all the time. On the other hand, since the recursive lookup takes far more time than authoritative responses, recursive servers should be available to a restricted number of clients only, otherwise they are prone to distributed denial of service (DDoS) attacks. - </para> - </section> - <section id="s2-bind-introduction-bind"> - <title>BIND as a Nameserver</title> - <indexterm> - <primary>BIND</primary> - <secondary>utilities</secondary> - <tertiary><systemitem class="service">named</systemitem></tertiary> - </indexterm> - <indexterm> - <primary>BIND</primary> - <secondary>utilities</secondary> - <tertiary><command>rndc</command></tertiary> - </indexterm> - <indexterm> - <primary>BIND</primary> - <secondary>utilities</secondary> - <tertiary><command>dig</command></tertiary> - </indexterm> - <indexterm> - <primary><systemitem class="service">named</systemitem></primary> - <see>BIND</see> - </indexterm> - <indexterm> - <primary><command>rndc</command></primary> - <see>BIND</see> - </indexterm> - <indexterm> - <primary><command>dig</command></primary> - <see>BIND</see> - </indexterm> - <para> - BIND consists of a set of DNS-related programs. It contains a monolithic nameserver called <systemitem class="service">named</systemitem>, an administration utility called <command>rndc</command>, and a debugging tool called <command>dig</command>. Refer to <xref linkend="ch-Controlling_Access_to_Services" /> for more information on how to run a service in &MAJOROS;. - </para> - </section> - </section> - <section id="s1-bind-namedconf"> + <section id="s2-bind-namedconf"> <title>Configuring the <command>named</command> Service</title> <indexterm significance="preferred"> <primary>BIND</primary> @@ -261,7 +93,7 @@ If you have installed the <package>bind-chroot</package> package, the BIND service will run in the <filename class="directory">/var/named/chroot</filename> environment. In that case, the initialization script will mount the above configuration files using the <command>mount --bind</command> command, so that you can manage the configuration outside this environment. </para> </note> - <section id="s2-bind-namedconf-state"> + <section id="s3-bind-namedconf-state"> <title>Common Statement Types</title> <para> The following types of statements are commonly used in <filename>/etc/named.conf</filename>: @@ -586,7 +418,7 @@ options { </para> </important> <para> - Refer to the <citetitle>BIND 9 Administrator Reference Manual</citetitle> referenced in <xref linkend="s2-bind-installed-docs" />, and the <filename>named.conf</filename> manual page for a complete list of available options. + Refer to the <citetitle>BIND 9 Administrator Reference Manual</citetitle> referenced in <xref linkend="s3-bind-installed-docs" />, and the <filename>named.conf</filename> manual page for a complete list of available options. </para> <example id="example-bind-namedconf-common-options"> <title>Using the <option>options</option> statement</title> @@ -629,7 +461,7 @@ options { The <replaceable>zone-name</replaceable> attribute is particularly important, as it is the default value assigned for the <option>$ORIGIN</option> directive used within the corresponding zone file located in the <filename>/var/named/</filename> directory. The <systemitem class="service">named</systemitem> daemon appends the name of the zone to any non-fully qualified domain name listed in the zone file. For example, if a <option>zone</option> statement defines the namespace for <literal>example.com</literal>, use <literal>example.com</literal> as the <replaceable>zone-name</replaceable> so that it is placed at the end of hostnames within the <literal>example.com</literal> zone file. </para> <para> - For more information about zone files, refer to <xref linkend="s1-bind-zone" />. + For more information about zone files, refer to <xref linkend="s2-bind-zone" />. </para> <table id="table-bind-namedconf-common-zone"> <title>Commonly used options</title> @@ -672,7 +504,7 @@ options { Specifies which hosts are allowed to dynamically update information in their zone. The default option is to deny all dynamic update requests. </para> <para> - Note that you should be careful when allowing hosts to update information about their zone. Do not set IP addresses in this option unless the server is in the trusted network. Instead, use TSIG key as described in <xref linkend="s2-bind-features-tsig" />. + Note that you should be careful when allowing hosts to update information about their zone. Do not set IP addresses in this option unless the server is in the trusted network. Instead, use TSIG key as described in <xref linkend="s3-bind-features-tsig" />. </para> </entry> </row> @@ -796,7 +628,7 @@ options { </varlistentry> </variablelist> </section> - <section id="s2-bind-namedconf-state-other"> + <section id="s3-bind-namedconf-state-other"> <title>Other Statement Types</title> <para> The following types of statements are less commonly used in <filename>/etc/named.conf</filename>: @@ -816,7 +648,7 @@ options { The <option>controls</option> statement allows you to configure various security requirements necessary to use the <command>rndc</command> command to administer the <systemitem class="service">named</systemitem> service. </para> <para> - Refer to <xref linkend="s1-bind-rndc" /> for more information on the <command>rndc</command> utility and its usage. + Refer to <xref linkend="s2-bind-rndc" /> for more information on the <command>rndc</command> utility and its usage. </para> </listitem> </varlistentry> @@ -846,7 +678,7 @@ options { </listitem> </itemizedlist> <para> - Refer to <xref linkend="s1-bind-rndc" /> for more information on the <command>rndc</command> utility and its usage. + Refer to <xref linkend="s2-bind-rndc" /> for more information on the <command>rndc</command> utility and its usage. </para> </listitem> </varlistentry> @@ -867,7 +699,7 @@ options { By default, <systemitem class="service">named</systemitem> sends standard messages to the <systemitem class="service">rsyslog</systemitem> daemon, which places them in <filename>/var/log/messages</filename>. Several standard channels are built into BIND with various severity levels, such as <literal>default_syslog</literal> (which handles informational logging messages) and <literal>default_debug</literal> (which specifically handles debugging messages). A default category, called <literal>default</literal>, uses the built-in channels to do normal logging without any special configuration. </para> <para> - Customizing the logging process can be a very detailed process and is beyond the scope of this chapter. For information on creating custom BIND logs, refer to the <citetitle>BIND 9 Administrator Reference Manual</citetitle> referenced in <xref linkend="s2-bind-installed-docs"/>. + Customizing the logging process can be a very detailed process and is beyond the scope of this chapter. For information on creating custom BIND logs, refer to the <citetitle>BIND 9 Administrator Reference Manual</citetitle> referenced in <xref linkend="s3-bind-installed-docs"/>. </para> </listitem> </varlistentry> @@ -900,7 +732,7 @@ options { </term> <listitem> <para> - The <option>trusted-keys</option> statement allows you to specify assorted public keys used for secure DNS (DNSSEC). Refer to <xref linkend="s2-bind-features-dnssec" /> for more information on this topic. + The <option>trusted-keys</option> statement allows you to specify assorted public keys used for secure DNS (DNSSEC). Refer to <xref linkend="s3-bind-features-dnssec" /> for more information on this topic. </para> </listitem> </varlistentry> @@ -921,13 +753,13 @@ options { Multiple views can be used as long as their names are unique. The <option>match-clients</option> option allows you to specify the IP addresses that apply to a particular view. If the <option>options</option> statement is used within a view, it overrides the already configured global options. Finally, most <option>view</option> statements contain multiple <option>zone</option> statements that apply to the <option>match-clients</option> list. </para> <para> - Note that the order in which the <option>view</option> statements are listed is important, as the first statement that matches a particular client's IP address is used. For more information on this topic, refer to <xref linkend="s2-bind-features-views" />. + Note that the order in which the <option>view</option> statements are listed is important, as the first statement that matches a particular client's IP address is used. For more information on this topic, refer to <xref linkend="s3-bind-features-views" />. </para> </listitem> </varlistentry> </variablelist> </section> - <section id="s2-bind-namedconf-comm"> + <section id="s3-bind-namedconf-comm"> <title>Comment Tags</title> <indexterm> <primary>BIND</primary> @@ -968,7 +800,7 @@ options { </variablelist> </section> </section> - <section id="s1-bind-zone"> + <section id="s2-bind-zone"> <title>Editing Zone Files</title> <indexterm> <primary>BIND</primary> @@ -991,7 +823,7 @@ options { <tertiary><filename class="directory">/var/named/data/</filename></tertiary> </indexterm> <para> - As outlined in <xref linkend="s2-bind-introduction-zones" />, zone files contain information about a namespace. They are stored in the <systemitem class="service">named</systemitem> working directory located in <filename class="directory">/var/named/</filename> by default, and each zone file is named according to the <option>file</option> option in the <option>zone</option> statement, usually in a way that relates to the domain in question and identifies the file as containing zone data, such as <filename>example.com.zone</filename>. + As outlined in <xref linkend="s2-dns-introduction-zones" />, zone files contain information about a namespace. They are stored in the <systemitem class="service">named</systemitem> working directory located in <filename class="directory">/var/named/</filename> by default, and each zone file is named according to the <option>file</option> option in the <option>zone</option> statement, usually in a way that relates to the domain in question and identifies the file as containing zone data, such as <filename>example.com.zone</filename>. </para> <table id="table-bind-zone-files"> <title>The <systemitem class="service">named</systemitem> service zone files</title> @@ -1049,7 +881,7 @@ options { <para> All directives and resource records should be entered on individual lines. </para> - <section id="s2-bind-zone-directives"> + <section id="s3-bind-zone-directives"> <title>Common Directives</title> <para> Directives begin with the dollar sign character (that is, <literal>$</literal>) followed by the name of the directive, and usually appear at the top of the file. The following directives are commonly used in zone files: @@ -1120,7 +952,7 @@ options { </varlistentry> </variablelist> </section> - <section id="s3-bind-zone-rr"> + <section id="s4-bind-zone-rr"> <title>Common Resource Records</title> <para> The following resource records are commonly used in zone files: @@ -1267,7 +1099,7 @@ IN NS dns2.example.com.</screen> The <replaceable>last-IP-digit</replaceable> directive is the last number in an IP address, and the <replaceable>FQDN-of-system</replaceable> is a fully qualified domain name (FQDN). </para> <para> - <command>PTR</command> records are primarily used for reverse name resolution, as they point IP addresses back to a particular name. Refer to <xref linkend="s2-bind-configuration-zone-reverse" /> for more examples of <command>PTR</command> records in use. + <command>PTR</command> records are primarily used for reverse name resolution, as they point IP addresses back to a particular name. Refer to <xref linkend="s3-bind-configuration-zone-reverse" /> for more examples of <command>PTR</command> records in use. </para> </listitem> </varlistentry> @@ -1445,7 +1277,7 @@ IN NS dns2.example.com.</screen> </varlistentry> </variablelist> </section> - <section id="s2-bind-zone-comm"> + <section id="s3-bind-zone-comm"> <title>Comment Tags</title> <indexterm> <primary>BIND</primary> @@ -1457,12 +1289,12 @@ IN NS dns2.example.com.</screen> </para> <screen> 604800 ; expire after 1 week</screen> </section> - <section id="s2-bind-zone-examples"> + <section id="s3-bind-zone-examples"> <title>Example Usage</title> <para> The following examples show the basic usage of zone files. </para> - <section id="s3-bind-zone-examples-basic"> + <section id="s4-bind-zone-examples-basic"> <title>A Simple Zone File</title> <indexterm> <primary>BIND</primary> @@ -1531,7 +1363,7 @@ www IN CNAME services.example.com. allow-update { none; }; };</screen> </section> - <section id="s2-bind-configuration-zone-reverse"> + <section id="s3-bind-configuration-zone-reverse"> <title>A Reverse Name Resolution Zone File</title> <indexterm> <primary>BIND</primary> @@ -1580,7 +1412,7 @@ $TTL 86400 </section> </section> </section> - <section id="s1-bind-rndc"> + <section id="s2-bind-rndc"> <title>Using the <command>rndc</command> Utility</title> <indexterm significance="preferred"> <primary>BIND</primary> @@ -1591,7 +1423,7 @@ $TTL 86400 The <command>rndc</command> utility is a command line tool that allows you to administer the <systemitem class="service">named</systemitem> service, both locally and from a remote machine. Its usage is as follows: </para> <screen><command>rndc</command> [<replaceable>option</replaceable>...] <replaceable>command</replaceable> [<replaceable>command-option</replaceable>]</screen> - <section id="s2-bind-rndc-configuration"> + <section id="s3-bind-rndc-configuration"> <title>Configuring the Utility</title> <para> To prevent unauthorized access to the service, <systemitem class="service">named</systemitem> must be configured to listen on the selected port (that is, <literal>953</literal> by default), and an identical key must be used by both the service and the <command>rndc</command> utility. @@ -1658,10 +1490,10 @@ $TTL 86400 The <command>rndc</command> configuration is located in <filename>/etc/rndc.conf</filename>. If the file does not exist, the utility will use the key located in <filename>/etc/rndc.key</filename>, which was generated automatically during the installation process using the <command>rndc-confgen -a</command> command. </para> <para> - The <systemitem class="service">named</systemitem> service is configured using the <option>controls</option> statement in the <filename>/etc/named.conf</filename> configuration file as described in <xref linkend="s2-bind-namedconf-state-other" />. Unless this statement is present, only the connections from the loopback address (that is, <systemitem class="ipaddress">127.0.0.1</systemitem>) will be allowed, and the key located in <filename>/etc/rndc.key</filename> will be used. + The <systemitem class="service">named</systemitem> service is configured using the <option>controls</option> statement in the <filename>/etc/named.conf</filename> configuration file as described in <xref linkend="s3-bind-namedconf-state-other" />. Unless this statement is present, only the connections from the loopback address (that is, <systemitem class="ipaddress">127.0.0.1</systemitem>) will be allowed, and the key located in <filename>/etc/rndc.key</filename> will be used. </para> <para> - For more information on this topic, refer to manual pages and the <citetitle>BIND 9 Administrator Reference Manual</citetitle> listed in <xref linkend="s1-bind-additional-resources"/>. + For more information on this topic, refer to manual pages and the <citetitle>BIND 9 Administrator Reference Manual</citetitle> listed in <xref linkend="s2-bind-additional-resources"/>. </para> <important> <title>Important: Set the Correct Permissions</title> @@ -1671,7 +1503,7 @@ $TTL 86400 <screen>~]# <command>chmod o-rwx /etc/rndc.key</command></screen> </important> </section> - <section id="s2-bind-rndc-status"> + <section id="s3-bind-rndc-status"> <title>Checking the Service Status</title> <para> To check the current status of the <systemitem class="service">named</systemitem> service, use the following command: @@ -1690,7 +1522,7 @@ recursive clients: 0/0/1000 tcp clients: 0/100 server is up and running</screen> </section> - <section id="s2-bind-rndc-reload"> + <section id="s3-bind-rndc-reload"> <title>Reloading the Configuration and Zones</title> <para> To reload both the configuration file and zones, type the following at a shell prompt: @@ -1722,7 +1554,7 @@ zone reload up-to-date</screen> The zone reload and thaw was successful.</screen> </note> </section> - <section id="s2-bind-rndc-sign"> + <section id="s3-bind-rndc-sign"> <title>Updating Zone Keys</title> <para> To update the DNSSEC keys and sign the zone, use the <command>sign</command> command. For example: @@ -1738,7 +1570,7 @@ The zone reload and thaw was successful.</screen> auto-dnssec maintain; };</screen> </section> - <section id="s2-bind-rndc-validation"> + <section id="s3-bind-rndc-validation"> <title>Enabling the DNSSEC Validation</title> <para> To enable the DNSSEC validation, type the following at a shell prompt: @@ -1749,21 +1581,21 @@ The zone reload and thaw was successful.</screen> </para> <screen>~]# <command>rndc validation off</command></screen> <para> - Refer to the <option>options</option> statement described in <xref linkend="s2-bind-namedconf-state" /> for information on how configure this option in <filename>/etc/named.conf</filename>. + Refer to the <option>options</option> statement described in <xref linkend="s3-bind-namedconf-state" /> for information on how configure this option in <filename>/etc/named.conf</filename>. </para> </section> - <section id="s2-bind-rndc-querylog"> + <section id="s3-bind-rndc-querylog"> <title>Enabling the Query Logging</title> <para> To enable (or disable in case it is currently enabled) the query logging, run the following command: </para> <screen>~]# <command>rndc querylog</command></screen> <para> - To check the current setting, use the <command>status</command> command as described in <xref linkend="s2-bind-rndc-status" />. + To check the current setting, use the <command>status</command> command as described in <xref linkend="s3-bind-rndc-status" />. </para> </section> </section> - <section id="s1-bind-dig"> + <section id="s2-bind-dig"> <title>Using the <command>dig</command> Utility</title> <indexterm significance="preferred"> <primary>BIND</primary> @@ -1775,9 +1607,9 @@ The zone reload and thaw was successful.</screen> </para> <screen><command>dig</command> [@<replaceable>server</replaceable>] [<replaceable>option</replaceable>...] <replaceable>name</replaceable> <replaceable>type</replaceable></screen> <para> - Refer to <xref linkend="s3-bind-zone-rr" /> for a list of common <replaceable>type</replaceable>s. + Refer to <xref linkend="s4-bind-zone-rr" /> for a list of common <replaceable>type</replaceable>s. </para> - <section id="s2-bind-dig-ns"> + <section id="s3-bind-dig-ns"> <title>Looking Up a Nameserver</title> <para> To look up a nameserver for a particular domain, use the command in the following form: @@ -1809,7 +1641,7 @@ example.com. 99374 IN NS b.iana-servers.net. ;; MSG SIZE rcvd: 77</screen> </example> </section> - <section id="s2-bind-dig-a"> + <section id="s3-bind-dig-a"> <title>Looking Up an IP Address</title> <para> To look up an IP address assigned to a particular domain, use the command in the following form: @@ -1844,7 +1676,7 @@ example.com. 99175 IN NS b.iana-servers.net. ;; MSG SIZE rcvd: 93</screen> </example> </section> - <section id="s2-bind-dig-x"> + <section id="s3-bind-dig-x"> <title>Looking Up a Hostname</title> <para> To look up a hostname for a particular IP address, use the command in the following form: @@ -1891,7 +1723,7 @@ ns.icann.org. 12884 IN A 192.0.34.126 </example> </section> </section> - <section id="s1-bind-features"> + <section id="s2-bind-features"> <title>Advanced Features of BIND</title> <para> Most BIND implementations only use the <systemitem class="service">named</systemitem> service to provide name resolution services or to act as an authority for a particular domain. However, BIND version 9 has a number of advanced features that allow for a more secure and efficient DNS service. @@ -1903,9 +1735,9 @@ ns.icann.org. 12884 IN A 192.0.34.126 </para> </important> <para> - All of the features mentioned are discussed in greater detail in the <citetitle>BIND 9 Administrator Reference Manual</citetitle> referenced in <xref linkend="s2-bind-installed-docs" />. + All of the features mentioned are discussed in greater detail in the <citetitle>BIND 9 Administrator Reference Manual</citetitle> referenced in <xref linkend="s3-bind-installed-docs" />. </para> - <section id="s2-bind-features-views"> + <section id="s3-bind-features-views"> <title>Multiple Views</title> <indexterm> <primary>BIND</primary> @@ -1919,7 +1751,7 @@ ns.icann.org. 12884 IN A 192.0.34.126 To configure multiple views, add the <command>view</command> statement to the <filename>/etc/named.conf</filename> configuration file. Use the <option>match-clients</option> option to match IP addresses or entire networks and give them special options and zone data. </para> </section> - <section id="s2-bind-features-ixfr"> + <section id="s3-bind-features-ixfr"> <title>Incremental Zone Transfers (IXFR)</title> <indexterm> <primary>BIND</primary> @@ -1938,7 +1770,7 @@ ns.icann.org. 12884 IN A 192.0.34.126 Note that IXFR is only available when using dynamic updating to make changes to master zone records. If manually editing zone files to make changes, <firstterm>Automatic Zone Transfer</firstterm> (<firstterm>AXFR</firstterm>) is used. </para> </section> - <section id="s2-bind-features-tsig"> + <section id="s3-bind-features-tsig"> <title>Transaction SIGnatures (TSIG)</title> <indexterm> <primary>BIND</primary> @@ -1958,7 +1790,7 @@ ns.icann.org. 12884 IN A 192.0.34.126 </para> </important> </section> - <section id="s2-bind-features-dnssec"> + <section id="s3-bind-features-dnssec"> <title>DNS Security Extensions (DNSSEC)</title> <indexterm> <primary>BIND</primary> @@ -1974,10 +1806,10 @@ ns.icann.org. 12884 IN A 192.0.34.126 <tertiary><command>dig</command></tertiary> </indexterm> <para> - Note that to debug a DNSSEC-signed domain or a DNSSEC-aware resolver, you can use the <command>dig</command> utility as described in <xref linkend="s1-bind-dig" />. Useful options are <option>+dnssec</option> (requests DNSSEC-related resource records by setting the DNSSEC OK bit), <option>+cd</option> (tells recursive nameserver not to validate the response), and <option>+bufsize=512</option> (changes the packet size to 512B to get through some firewalls). + Note that to debug a DNSSEC-signed domain or a DNSSEC-aware resolver, you can use the <command>dig</command> utility as described in <xref linkend="s2-bind-dig" />. Useful options are <option>+dnssec</option> (requests DNSSEC-related resource records by setting the DNSSEC OK bit), <option>+cd</option> (tells recursive nameserver not to validate the response), and <option>+bufsize=512</option> (changes the packet size to 512B to get through some firewalls). </para> </section> - <section id="s2-bind-features-ipv6"> + <section id="s3-bind-features-ipv6"> <title>Internet Protocol version 6 (IPv6)</title> <indexterm> <primary>BIND</primary> @@ -1989,7 +1821,7 @@ ns.icann.org. 12884 IN A 192.0.34.126 </para> </section> </section> - <section id="s1-bind-mistakes"> + <section id="s2-bind-mistakes"> <title>Common Mistakes to Avoid</title> <indexterm> <primary>BIND</primary> @@ -2039,12 +1871,12 @@ ns.icann.org. 12884 IN A 192.0.34.126 </varlistentry> </variablelist> </section> - <section id="s1-bind-additional-resources"> + <section id="s2-bind-additional-resources"> <title>Additional Resources</title> <para> The following sources of information provide additional resources regarding BIND. </para> - <section id="s2-bind-installed-docs"> + <section id="s3-bind-installed-docs"> <title>Installed Documentation</title> <indexterm> <primary>BIND</primary> @@ -2142,7 +1974,7 @@ ns.icann.org. 12884 IN A 192.0.34.126 </varlistentry> </variablelist> </section> - <section id="s2-bind-useful-websites"> + <section id="s3-bind-useful-websites"> <title>Useful Websites</title> <indexterm> <primary>BIND</primary> @@ -2160,7 +1992,7 @@ ns.icann.org. 12884 IN A 192.0.34.126 </varlistentry> </variablelist> </section> - <section id="s2-bind-related-books"> + <section id="s3-bind-related-books"> <title>Related Books</title> <indexterm> <primary>BIND</primary> @@ -2187,4 +2019,4 @@ ns.icann.org. 12884 IN A 192.0.34.126 </variablelist> </section> </section> -</chapter> +</section> diff --git a/en-US/Authentication_Configuration.xml b/en-US/Configuring_Authentication.xml similarity index 99% rename from en-US/Authentication_Configuration.xml rename to en-US/Configuring_Authentication.xml index 53a0466..c4e2baa 100644 --- a/en-US/Authentication_Configuration.xml +++ b/en-US/Configuring_Authentication.xml @@ -1,8 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="ch-Authentication_Configuration"> - <title>Authentication Configuration</title> +<chapter id="ch-Configuring_Authentication"> + <title>Configuring Authentication</title> <section id="sect-The_Authentication_Configuration_Tool"> <title>The Authentication Configuration Tool</title> <indexterm significance="normal"> @@ -92,12 +92,12 @@ </para> </important> <para> - For more information about CA Certificates, refer to <xref linkend="s2-apache-mod_ssl-certificates" />. + For more information about CA Certificates, refer to <xref linkend="s3-apache-mod_ssl-certificates" />. </para> </listitem> </itemizedlist> <para>The <filename>openldap-clients</filename> package must be installed for this option to work.</para> - <para>For more information about LDAP, refer to <xref linkend="ch-Lightweight_Directory_Access_Protocol_LDAP"/> + <para>For more information about LDAP, refer to <xref linkend="s1-OpenLDAP" />. </para> <para> LDAP provides the following methods of authentication: @@ -233,7 +233,7 @@ </listitem> <listitem> <para> - <guilabel>Winbind Domain Controllers</guilabel> — Use this option to specify which domain controller <command>winbind</command> should use. For more information about domain controllers, please refer to <xref linkend="s2-samba-domain-controller"/>. + <guilabel>Winbind Domain Controllers</guilabel> — Use this option to specify which domain controller <command>winbind</command> should use. For more information about domain controllers, please refer to <xref linkend="s3-samba-domain-controller"/>. </para> </listitem> <listitem> @@ -248,7 +248,7 @@ </itemizedlist> - <para>For more information about the <command>winbindd</command> service, refer to <xref linkend="s1-samba-daemons"/>. + <para>For more information about the <command>winbindd</command> service, refer to <xref linkend="s2-samba-daemons"/>. </para> <indexterm significance="normal"> <primary> diff --git a/en-US/Dynamic_Host_Configuration_Protocol_DHCP.xml b/en-US/DHCP_Servers.xml similarity index 99% rename from en-US/Dynamic_Host_Configuration_Protocol_DHCP.xml rename to en-US/DHCP_Servers.xml index 0ebc2ca..87723dd 100644 --- a/en-US/Dynamic_Host_Configuration_Protocol_DHCP.xml +++ b/en-US/DHCP_Servers.xml @@ -1,9 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter - id="ch-Dynamic_Host_Configuration_Protocol_DHCP"> - <title>Dynamic Host Configuration Protocol (DHCP)</title> +<chapter id="ch-DHCP_Servers"> + <title>DHCP Servers</title> <indexterm significance="normal"> <primary>DHCP</primary> @@ -251,7 +250,7 @@ group { <para>To start the DHCP service, use the command <command>/sbin/service dhcpd start</command>. To stop the DHCP server, use the command <command>/sbin/service dhcpd stop</command>.</para> <para> By default, the DHCP service does not start at boot time. To configure the daemon to start automatically at boot time, refer to <xref - linkend="ch-Controlling_Access_to_Services"/>.</para> + linkend="ch-Services_and_Daemons" />.</para> <indexterm significance="normal"> <primary> @@ -374,7 +373,7 @@ ONBOOT=yes </listitem> </itemizedlist> <para>If you prefer using a graphical interface, refer to <xref - linkend="ch-Network_Configuration"/> for instructions on using the <application>Network Administration Tool</application> to configure a network interface to use DHCP.</para> + linkend="ch-NetworkManager" /> for instructions on using the <application>Network Administration Tool</application> to configure a network interface to use DHCP.</para> <note> <title>Tip</title> <para>For advanced configurations of client DHCP options such as protocol timing, lease requirements and requests, dynamic DNS support, aliases, as well as a wide variety of values to override, prepend, or append to client-side configurations, refer to the <command>dhclient</command> and <command>dhclient.conf</command> man pages.</para> diff --git a/en-US/DNS_Servers.xml b/en-US/DNS_Servers.xml new file mode 100644 index 0000000..82fc818 --- /dev/null +++ b/en-US/DNS_Servers.xml @@ -0,0 +1,176 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +%BOOK_ENTITIES; +]> +<chapter id="ch-DNS_Servers"> + <title>DNS Servers</title> + <indexterm> + <primary>DNS</primary> + <secondary>definition</secondary> + <seealso>BIND</seealso> + </indexterm> + <indexterm> + <primary>nameserver</primary> + <see>DNS</see> + </indexterm> + <para> + <systemitem class="protocol">DNS</systemitem> (Domain Name System), also known as a <firstterm>nameserver</firstterm>, is a network system that associates hostnames with their respective IP addresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses. For system administrators, using the nameserver allows them to change the IP address for a host without ever affecting the name-based queries, or to decide which machines handle these queries. + </para> + <section id="s1-Introduction_to_DNS"> + <title>Introduction to DNS</title> + <indexterm> + <primary>root nameserver</primary> + <see>BIND</see> + </indexterm> + <para> + DNS is usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called <firstterm>root nameservers</firstterm>, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name. + </para> + <section id="s2-dns-introduction-zones"> + <title>Nameserver Zones</title> + <indexterm> + <primary>BIND</primary> + <secondary>resource record</secondary> + </indexterm> + <indexterm> + <primary>resource record</primary> + <see>BIND</see> + </indexterm> + <indexterm> + <primary>fully qualified domain name</primary> + </indexterm> + <indexterm> + <primary><acronym>FQDN</acronym></primary> + <see>fully qualified domain name</see> + </indexterm> + <para> + In a DNS server such as BIND, all information is stored in basic data elements called <firstterm>resource records</firstterm> (RR). The resource record is usually a <firstterm>fully qualified domain name</firstterm> (FQDN) of a host, and is broken down into multiple sections organized into a tree-like hierarchy. This hierarchy consists of a main trunk, primary branches, secondary branches, and so on. + </para> + <example id="example-dns-introduction-zones-rr"> + <title>A simple resource record</title> + <screen>bob.sales.example.com</screen> + </example> + <indexterm> + <primary>BIND</primary> + <secondary>zones</secondary> + <tertiary>description</tertiary> + </indexterm> + <para> + Each level of the hierarchy is divided by a period (that is, <literal>.</literal>). In <xref linkend="example-dns-introduction-zones-rr" />, <literal>com</literal> defines the <firstterm>top-level domain</firstterm>, <literal>example</literal> its subdomain, and <literal>sales</literal> the subdomain of <literal>example</literal>. In this case, <literal>bob</literal> identifies a resource record that is part of the <systemitem class="domainname">sales.example.com</systemitem> domain. With the exception of the part furthest to the left (that is, <literal>bob</literal>), each of these sections is called a <firstterm>zone</firstterm> and defines a specific <firstterm>namespace</firstterm>. + </para> + <indexterm> + <primary>BIND</primary> + <secondary>types</secondary> + <tertiary>primary (master) nameserver</tertiary> + </indexterm> + <indexterm> + <primary>BIND</primary> + <secondary>types</secondary> + <tertiary>secondary (slave) nameserver</tertiary> + </indexterm> + <para> + Zones are defined on authoritative nameservers through the use of <firstterm>zone files</firstterm>, which contain definitions of the resource records in each zone. Zone files are stored on <firstterm>primary nameservers</firstterm> (also called <firstterm>master nameservers</firstterm>), where changes are made to the files, and <firstterm>secondary nameservers</firstterm> (also called <firstterm>slave nameservers</firstterm>), which receive zone definitions from the primary nameservers. Both primary and secondary nameservers are authoritative for the zone and look the same to clients. Depending on the configuration, any nameserver can also serve as a primary or secondary server for multiple zones at the same time. + </para> + </section> + <section id="s2-dns-introduction-nameservers"> + <title>Nameserver Types</title> + <para> + There are two nameserver configuration types: + </para> + <variablelist> + <varlistentry> + <term> + <indexterm> + <primary>BIND</primary> + <secondary>types</secondary> + <tertiary>authoritative nameserver</tertiary> + </indexterm> + <indexterm> + <primary>authoritative nameserver</primary> + <see>BIND</see> + </indexterm> + <indexterm> + <primary>BIND</primary> + <secondary>types</secondary> + <tertiary>primary (master) nameserver</tertiary> + </indexterm> + <indexterm> + <primary>primary nameserver</primary> + <see>BIND</see> + </indexterm> + <indexterm> + <primary>BIND</primary> + <secondary>types</secondary> + <tertiary>secondary (slave) nameserver</tertiary> + </indexterm> + <indexterm> + <primary>secondary nameserver</primary> + <see>BIND</see> + </indexterm> + authoritative + </term> + <listitem> + <para> + Authoritative nameservers answer to resource records that are part of their zones only. This category includes both primary (master) and secondary (slave) nameservers. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <indexterm> + <primary>BIND</primary> + <secondary>types</secondary> + <tertiary>recursive nameserver</tertiary> + </indexterm> + <indexterm> + <primary>recursive nameserver</primary> + <see>BIND</see> + </indexterm> + recursive + </term> + <listitem> + <para> + Recursive nameservers offer resolution services, but they are not authoritative for any zone. Answers for all resolutions are cached in a memory for a fixed period of time, which is specified by the retrieved resource record. + </para> + </listitem> + </varlistentry> + </variablelist> + <para> + Although a nameserver can be both authoritative and recursive at the same time, it is recommended not to combine the configuration types. To be able to perform their work, authoritative servers should be available to all clients all the time. On the other hand, since the recursive lookup takes far more time than authoritative responses, recursive servers should be available to a restricted number of clients only, otherwise they are prone to distributed denial of service (DDoS) attacks. + </para> + </section> + <section id="s2-dns-introduction-bind"> + <title>BIND as a Nameserver</title> + <indexterm> + <primary>BIND</primary> + <secondary>utilities</secondary> + <tertiary><systemitem class="service">named</systemitem></tertiary> + </indexterm> + <indexterm> + <primary>BIND</primary> + <secondary>utilities</secondary> + <tertiary><command>rndc</command></tertiary> + </indexterm> + <indexterm> + <primary>BIND</primary> + <secondary>utilities</secondary> + <tertiary><command>dig</command></tertiary> + </indexterm> + <indexterm> + <primary><systemitem class="service">named</systemitem></primary> + <see>BIND</see> + </indexterm> + <indexterm> + <primary><command>rndc</command></primary> + <see>BIND</see> + </indexterm> + <indexterm> + <primary><command>dig</command></primary> + <see>BIND</see> + </indexterm> + <para> + BIND consists of a set of DNS-related programs. It contains a monolithic nameserver called <systemitem class="service">named</systemitem>, an administration utility called <command>rndc</command>, and a debugging tool called <command>dig</command>. Refer to <xref linkend="ch-Services_and_Daemons" /> for more information on how to run a service in &MAJOROS;. + </para> + </section> + </section> + <xi:include href="BIND.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> +</chapter> diff --git a/en-US/Date_and_Time_Configuration.xml b/en-US/Date_and_Time_Configuration.xml index b9b55f7..f0ce8ec 100644 --- a/en-US/Date_and_Time_Configuration.xml +++ b/en-US/Date_and_Time_Configuration.xml @@ -1,7 +1,7 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="chap-Date_and_Time_Configuration"> +<chapter id="ch-Date_and_Time_Configuration"> <title>Date and Time Configuration</title> <para> This chapter covers setting the system date and time in &MAJOROS;, both manually and using the Network Time Protocol (<abbrev>NTP</abbrev>), as well as setting the adequate time zone. Two methods are covered: setting the date and time using the <application>Date/Time Properties</application> tool, and doing so on the command line. @@ -294,7 +294,7 @@ Wed Jun 2 11:58:48 CEST 2010</screen> </para> <screen>~]# <command>chkconfig ntpdate on</command></screen> <para> - For more information about system services and their setup, see <xref linkend="ch-Controlling_Access_to_Services" />. + For more information about system services and their setup, see <xref linkend="ch-Services_and_Daemons" />. </para> <note> <title>Note</title> diff --git a/en-US/Deployment_Guide.xml b/en-US/Deployment_Guide.xml index 64896c2..c0c3c2f 100644 --- a/en-US/Deployment_Guide.xml +++ b/en-US/Deployment_Guide.xml @@ -1,158 +1,101 @@ -<?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<book - status="draft"> - <xi:include - href="Book_Info.xml" - xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> - <xi:include - href="Preface.xml" - xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> - <!-- DEPLOYMENT GUIDE CONTENT --> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Introduction.xml"/> - <part - id="pt-pkg-management"> +<book status="draft"> + <!-- TITLE PAGE --> + <xi:include href="Book_Info.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <!-- FRONT MATTER --> + <xi:include href="Preface.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Introduction.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <!-- MAIN CONTENT --> + <part id="part-Basic_System_Configuration"> + <title>Basic System Configuration</title> + <partintro> + <para> + This part covers basic system administration tasks such as keyboard configuration, date and time configuration, and managing users and groups. + </para> + </partintro> + <xi:include href="Keyboard_Configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Date_and_Time_Configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Managing_Users_and_Groups.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <!-- Gaining Privileges --> + </part> + <part id="part-Package_Management"> <title>Package Management</title> <partintro> - <para>All software on a &MAJOROS; system is divided into RPM packages, which can be installed, upgraded, or removed. This part describes how to manage packages on &MAJOROS; using the <application>Yum</application> and <application>RPM</application> package managers and the <application>PackageKit</application> suite of graphical package management tools.</para> + <para> + All software on a &MAJOROS; system is divided into RPM packages, which can be installed, upgraded, or removed. This part describes how to manage packages on &MAJOROS; using the <application>Yum</application> and the <application>PackageKit</application> suite of graphical package management tools. + </para> + </partintro> + <!-- Product Subscriptions and Entitlements --> + <xi:include href="Yum.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="PackageKit.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + </part> + <part id="part-Networking"> + <title>Networking</title> + <partintro> + <para> + This part describes how to configure the network on &MAJOROS;. + </para> </partintro> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Yum.xml" /> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="PackageKit.xml" /> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="RPM.xml"/> - <!-- RHEL6: silas: removing outdated RHEL5 RHN chapter: see bug 618878 for replacement chapter progress - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Red_Hat_Network.xml"/>--> + <xi:include href="NetworkManager.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Network_Interfaces.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> </part> - <part - id="pt-network-related-config"> - <title>Network-Related Configuration</title> + <part id="part-Infrastructure_Services"> + <title>Infrastructure Services</title> <partintro> - <para>After explaining how to configure the network, this part discusses topics related to networking such as how to allow remote logins, share files and directories over the network, and set up a Web server.</para> + <para> + This part provides information how to configure services and daemons, configure authentication, and enable remote logins. + </para> </partintro> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Network_Interfaces.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Network_Configuration.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Controlling_Access_to_Services.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="The_BIND_DNS_Server.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="OpenSSH.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Samba.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Dynamic_Host_Configuration_Protocol_DHCP.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="The_Apache_HTTP_Server.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="FTP.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Email.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Lightweight_Directory_Access_Protocol_LDAP.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Authentication_Configuration.xml"/> + <xi:include href="Services_and_Daemons.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Configuring_Authentication.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="OpenSSH.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> </part> - <part - id="pt-sysconfig"> - <title>System Configuration</title> + <part id="part-Servers"> + <title>Servers</title> <partintro> - <para>Part of a system administrator's job is configuring the system for various tasks, types of users, and hardware configurations. This section explains how to configure a &MAJOROS; system.</para> + <para> + This part discusses various topics related to servers such as how to set up a Web server or share files and directories over the network. + </para> </partintro> - <!-- RHEL6: silas: removing the Console Access chapter as per BZ#561643 - This chapter will be replaced by one or more (of a combination of) ConsoleKit, PolicyKit and sudo chapters/sections (bugs 617222, 617221, 617224) - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Console_Access.xml"/>--> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="The_proc_File_System.xml" /> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="The_sysconfig_Directory.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Date_and_Time_Configuration.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Keyboard_Configuration.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="The_X_Window_System.xml"/> - <!--<xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Configuring_the_X_Window_System.xml"/>--> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Users_and_Groups.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Printer_Configuration.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Automated_Tasks.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Log_Files.xml"/> + <xi:include href="DHCP_Servers.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="DNS_Servers.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Web_Servers.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Mail_Servers.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Directory_Servers.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="File_and_Print_Servers.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> </part> - <part - id="pt-system-monitoring"> - <title>System Monitoring</title> + <part id="part-Monitoring_and_Automation"> + <title>Monitoring and Automation</title> <partintro> - <para>System administrators also monitor system performance. &MAJOROS; contains tools to assist administrators with these tasks.</para> + <para> + This part describes various tools that allow system administrators to monitor system performance, automate system tasks, and report bugs. + </para> </partintro> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Gathering_System_Information.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="OProfile.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="ABRT.xml" /> + <xi:include href="System_Monitoring_Tools.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Viewing_and_Managing_Log_Files.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Automating_System_Tasks.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Automatic_Bug_Reporting_Tool_ABRT.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="OProfile.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> </part> - <part - id="pt-kernel-configuration"> - <title>Kernel and Driver Configuration</title> + <part id="part-Kernel_Module_and_Driver_Configuration"> + <title>Kernel, Module and Driver Configuration</title> <partintro> - <para>System administrators can learn about and customize their kernels. &MAJOROS; contains kernel tools to assist administrators with their customizations.</para> + <para> + This part covers various tools that assist administrators with kernel customization. + </para> </partintro> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Manually_Upgrading_the_Kernel.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="Working_with_Kernel_Modules.xml"/> - <xi:include - xmlns:xi="http://www.w3.org/2001/XInclude" - href="The_kdump_Crash_Recovery_Service.xml"/> + <xi:include href="Manually_Upgrading_the_Kernel.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Working_with_Kernel_Modules.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="The_kdump_Crash_Recovery_Service.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> </part> - <!-- END OF DEPLOYMENT GUIDE CONTENT --> - <xi:include - href="Revision_History.xml" - xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> - <index></index> + <!-- APPENDIXES --> + <xi:include href="RPM.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="The_X_Window_System.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="The_sysconfig_Directory.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="The_proc_File_System.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Revision_History.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <!-- INDEX --> + <index /> </book> diff --git a/en-US/Directory_Servers.xml b/en-US/Directory_Servers.xml new file mode 100644 index 0000000..22a3095 --- /dev/null +++ b/en-US/Directory_Servers.xml @@ -0,0 +1,8 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +]> +<chapter id="ch-Directory-Servers"> + <title>Directory Servers</title> + <!-- TODO: Write an introduction. --> + <xi:include href="OpenLDAP.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> +</chapter> diff --git a/en-US/FTP.xml b/en-US/FTP.xml index a1e57f2..c056bf1 100644 --- a/en-US/FTP.xml +++ b/en-US/FTP.xml @@ -1,8 +1,7 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter - id="ch-FTP"> +<section id="s1-FTP"> <title>FTP</title> <indexterm significance="normal"> @@ -19,7 +18,7 @@ <para><firstterm>File Transfer Protocol</firstterm> (<systemitem class="protocol">FTP</systemitem>) is one of the oldest and most commonly used protocols found on the Internet today. Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands.</para> <para>This chapter outlines the basics of the <systemitem class="protocol">FTP</systemitem> protocol, as well as configuration options for the primary <systemitem class="protocol">FTP</systemitem> server shipped with &MAJOROS;, <firstterm><command>vsftpd</command></firstterm>.</para> <section - id="s1-ftp-protocol"> + id="s2-ftp-protocol"> <title>The File Transfer Protocol</title> <indexterm significance="normal"> @@ -39,7 +38,7 @@ --> <para>However, because <systemitem class="protocol">FTP</systemitem> is so prevalent on the Internet, it is often required to share files to the public. System administrators, therefore, should be aware of the <systemitem class="protocol">FTP</systemitem> protocol's unique characteristics.</para> <section - id="s2-ftp-protocol-multiport"> + id="s3-ftp-protocol-multiport"> <title>Multiple Ports, Multiple Modes</title> <indexterm significance="normal"> @@ -75,14 +74,14 @@ <listitem> <para>Passive mode, like active mode, is initiated by the <systemitem class="protocol">FTP</systemitem> client application. When requesting data from the server, the <systemitem class="protocol">FTP</systemitem> client indicates it wants to access the data in passive mode and the server provides the <systemitem class="protocol">IP</systemitem> address and a random, unprivileged port (greater than <constant>1024</constant>) on the server. The client then connects to that port on the server to download the requested information.</para> <para>While passive mode resolves issues for client-side firewall interference with data connections, it can complicate administration of the server-side firewall. You can reduce the number of open ports on a server by limiting the range of unprivileged ports on the <systemitem class="protocol">FTP</systemitem> server. This also simplifies the process of configuring firewall rules for the server. Refer to <xref - linkend="s2-ftp-vsftpd-conf-opt-net"/> for more information about limiting passive ports.</para> + linkend="s3-ftp-vsftpd-conf-opt-net"/> for more information about limiting passive ports.</para> </listitem> </varlistentry> </variablelist> </section> </section> <section - id="s1-ftp-servers"> + id="s2-ftp-servers"> <title>FTP Servers</title> <indexterm significance="normal"> @@ -127,7 +126,7 @@ </listitem> </itemizedlist> <section - id="s2-ftp-servers-vsftpd"> + id="s3-ftp-servers-vsftpd"> <title> <command>vsftpd</command> </title> @@ -169,7 +168,7 @@ </section> </section> <section - id="s2-ftp-vsftpd-conf"> + id="s3-ftp-vsftpd-conf"> <title>Files Installed with <command>vsftpd</command> </title> <indexterm @@ -185,7 +184,7 @@ <listitem> <para> <filename>/etc/rc.d/init.d/vsftpd</filename> — The <emphasis>initialization script</emphasis> (<firstterm>initscript</firstterm>) used by the <command>/sbin/service</command> command to start, stop, or reload <command>vsftpd</command>. Refer to <xref - linkend="s1-ftp-vsftpd-start"/> for more information about using this script.</para> + linkend="s2-ftp-vsftpd-start"/> for more information about using this script.</para> </listitem> <listitem> <para> @@ -194,7 +193,7 @@ <listitem> <para> <filename>/etc/vsftpd/vsftpd.conf</filename> — The configuration file for <command>vsftpd</command>. Refer to <xref - linkend="s1-ftp-vsftpd-conf"/> for a list of important options contained within this file.</para> + linkend="s2-ftp-vsftpd-conf"/> for a list of important options contained within this file.</para> </listitem> <listitem> <para> @@ -211,7 +210,7 @@ </itemizedlist> </section> <section - id="s1-ftp-vsftpd-start"> + id="s2-ftp-vsftpd-start"> <title>Starting and Stopping <command>vsftpd</command> </title> <indexterm @@ -270,9 +269,9 @@ </screen> <para> By default, the <command>vsftpd</command> service does <emphasis>not</emphasis> start automatically at boot time. To configure the <command>vsftpd</command> service to start at boot time, use an initscript utility, such as <command>/sbin/chkconfig</command>, <application>/usr/sbin/ntsysv</application>, or the <application>Services Configuration Tool</application> program. Refer to <xref - linkend="ch-Controlling_Access_to_Services"/> for more information regarding these tools.</para> + linkend="ch-Services_and_Daemons" /> for more information regarding these tools.</para> <section - id="s2-ftp-vsftpd-start-multi"> + id="s3-ftp-vsftpd-start-multi"> <title>Starting Multiple Copies of <command>vsftpd</command> </title> <indexterm @@ -290,13 +289,13 @@ <secondary>multihome configuration</secondary> </indexterm> <para>Sometimes one computer is used to serve multiple <systemitem class="protocol">FTP</systemitem> domains. This is a technique called <firstterm>multihoming</firstterm>. One way to multihome using <command>vsftpd</command> is by running multiple copies of the daemon, each with its own configuration file.</para> - <para>To do this, first assign all relevant <systemitem class="protocol">IP</systemitem> addresses to network devices or alias network devices on the system. Refer to <xref linkend="ch-Network_Configuration"/> for more information about configuring network devices and device aliases. Additional information about network configuration scripts can be found in <xref linkend="ch-Network_Interfaces"/>.</para> - <para>Next, the DNS server for the <systemitem class="protocol">FTP</systemitem> domains must be configured to reference the correct machine. For information about BIND and its configuration files, refer to <xref linkend="ch-The_BIND_DNS_Server"/>.</para> + <para>To do this, first assign all relevant <systemitem class="protocol">IP</systemitem> addresses to network devices or alias network devices on the system. Refer to <xref linkend="ch-NetworkManager" /> for more information about configuring network devices and device aliases. Additional information about network configuration scripts can be found in <xref linkend="ch-Network_Interfaces"/>.</para> + <para>Next, the DNS server for the <systemitem class="protocol">FTP</systemitem> domains must be configured to reference the correct machine. For information about BIND and its configuration files, refer to <xref linkend="s1-BIND" />.</para> <para> If there is more configuration files present in the <filename>/etc/vsftpd</filename> directory, calling <command>service&#160;vsftpd&#160;start</command> results in the <filename>/etc/rc.d/init.d/vsftpd</filename> initscript starting the same number of processes as the number of configuration files. Each configuration file must have a unique name in the <filename>/etc/vsftpd/</filename> directory and must be readable and writable only by root. </para> <!-- <para>For <command>vsftpd</command> to answer requests on different <systemitem class="protocol">IP</systemitem> addresses, multiple copies of the daemon must be running. The first copy must be run using the <command>vsftpd</command> initscripts, as outlined in <xref - linkend="s1-ftp-vsftpd-start"/>. This copy uses the standard configuration file, <filename>/etc/vsftpd/vsftpd.conf</filename>.</para> + linkend="s2-ftp-vsftpd-start"/>. This copy uses the standard configuration file, <filename>/etc/vsftpd/vsftpd.conf</filename>.</para> <para>Each additional <systemitem class="protocol">FTP</systemitem> site must have a configuration file with a unique name in the <filename>/etc/vsftpd/</filename> directory, such as <filename>/etc/vsftpd/vsftpd-site-2.conf</filename>. Each configuration file must be readable and writable only by root. Within each configuration file for each <systemitem class="protocol">FTP</systemitem> server listening on an <systemitem class="protocol">IPv4</systemitem> network, the following directive must be unique:</para> <screen> <command>listen_address=<replaceable>&lt;N.N.N.N&gt;</replaceable> @@ -333,12 +332,12 @@ </listitem> </itemizedlist> <para>For a detailed list of directives available within <command>vsftpd</command>'s configuration file, refer to <xref - linkend="s1-ftp-vsftpd-conf"/>.</para> + linkend="s2-ftp-vsftpd-conf"/>.</para> <para>To configure any additional servers to start automatically at boot time, add the above command to the end of the <filename>/etc/rc.local</filename> file.</para> --> </section> </section> <section - id="s1-ftp-vsftpd-conf"> + id="s2-ftp-vsftpd-conf"> <title> <command>vsftpd</command> Configuration Options</title> <indexterm @@ -377,7 +376,7 @@ </important> <para>The following is a list of some of the more important directives within <filename>/etc/vsftpd/vsftpd.conf</filename>. All directives not explicitly found or commented out within <command>vsftpd</command>'s configuration file are set to their default value.</para> <section - id="s2-ftp-vsftpd-conf-opt-daemon"> + id="s3-ftp-vsftpd-conf-opt-daemon"> <title>Daemon Options</title> <indexterm significance="normal"> @@ -407,7 +406,7 @@ </itemizedlist> </section> <section - id="s2-ftp-vsftpd-conf-opt-login"> + id="s3-ftp-vsftpd-conf-opt-login"> <title>Log In Options and Access Controls</title> <indexterm significance="normal"> @@ -432,7 +431,7 @@ <command>anonymous_enable</command> — When enabled, anonymous users are allowed to log in. The usernames <computeroutput>anonymous</computeroutput> and <computeroutput>ftp</computeroutput> are accepted.</para> <para>The default value is <command>YES</command>.</para> <para>Refer to <xref - linkend="s2-ftp-vsftpd-conf-opt-anon"/> for a list of directives affecting anonymous users.</para> + linkend="s3-ftp-vsftpd-conf-opt-anon"/> for a list of directives affecting anonymous users.</para> </listitem> <listitem> <para> @@ -464,7 +463,7 @@ <command>local_enable</command> — When enabled, local users are allowed to log into the system.</para> <para>The default value is <command>YES</command>.</para> <para>Refer to <xref - linkend="s2-ftp-vsftpd-conf-opt-usr"/> for a list of directives affecting local users.</para> + linkend="s3-ftp-vsftpd-conf-opt-usr"/> for a list of directives affecting local users.</para> </listitem> <listitem> <para> @@ -509,7 +508,7 @@ </itemizedlist> </section> <section - id="s2-ftp-vsftpd-conf-opt-anon"> + id="s3-ftp-vsftpd-conf-opt-anon"> <title>Anonymous User Options</title> <indexterm significance="normal"> @@ -560,7 +559,7 @@ </itemizedlist> </section> <section - id="s2-ftp-vsftpd-conf-opt-usr"> + id="s3-ftp-vsftpd-conf-opt-usr"> <title>Local User Options</title> <indexterm significance="normal"> @@ -630,7 +629,7 @@ </itemizedlist> </section> <section - id="s2-ftp-vsftpd-conf-opt-dir"> + id="s3-ftp-vsftpd-conf-opt-dir"> <title>Directory Options</title> <indexterm significance="normal"> @@ -680,7 +679,7 @@ </itemizedlist> </section> <section - id="s2-ftp-vsftpd-conf-opt-file"> + id="s3-ftp-vsftpd-conf-opt-file"> <title>File Transfer Options</title> <indexterm significance="normal"> @@ -715,7 +714,7 @@ </itemizedlist> </section> <section - id="s2-ftp-vsftpd-conf-opt-log"> + id="s3-ftp-vsftpd-conf-opt-log"> <title>Logging Options</title> <indexterm significance="normal"> @@ -771,7 +770,7 @@ </important> </section> <section - id="s2-ftp-vsftpd-conf-opt-net"> + id="s3-ftp-vsftpd-conf-opt-net"> <title>Network Options</title> <indexterm significance="normal"> @@ -825,7 +824,7 @@ <note> <title>Tip</title> <para>If running multiple copies of <command>vsftpd</command> serving different <systemitem class="protocol">IP</systemitem> addresses, the configuration file for each copy of the <command>vsftpd</command> daemon must have a different value for this directive. Refer to <xref - linkend="s2-ftp-vsftpd-start-multi"/> for more information about multihomed <systemitem class="protocol">FTP</systemitem> servers.</para> + linkend="s3-ftp-vsftpd-start-multi"/> for more information about multihomed <systemitem class="protocol">FTP</systemitem> servers.</para> </note> </listitem> <listitem> @@ -835,7 +834,7 @@ <note> <title>Tip</title> <para>If running multiple copies of <command>vsftpd</command> serving different <systemitem class="protocol">IP</systemitem> addresses, the configuration file for each copy of the <command>vsftpd</command> daemon must have a different value for this directive. Refer to <xref - linkend="s2-ftp-vsftpd-start-multi"/> for more information about multihomed <systemitem class="protocol">FTP</systemitem> servers.</para> + linkend="s3-ftp-vsftpd-start-multi"/> for more information about multihomed <systemitem class="protocol">FTP</systemitem> servers.</para> </note> </listitem> <listitem> @@ -896,7 +895,7 @@ </section> </section> <section - id="s1-ftp-resources"> + id="s2-ftp-resources"> <title>Additional Resources</title> <indexterm significance="normal"> @@ -907,7 +906,7 @@ </indexterm> <para>For more information about <command>vsftpd</command>, refer to the following resources.</para> <section - id="s2-ftp-installed-documentation"> + id="s3-ftp-installed-documentation"> <title>Installed Documentation</title> <indexterm significance="normal"> @@ -956,7 +955,7 @@ </itemizedlist> </section> <section - id="s2-ftp-useful-websites"> + id="s3-ftp-useful-websites"> <title>Useful Websites</title> <indexterm significance="normal"> @@ -985,4 +984,4 @@ </itemizedlist> </section> </section> -</chapter> +</section> diff --git a/en-US/File_and_Print_Servers.xml b/en-US/File_and_Print_Servers.xml new file mode 100644 index 0000000..7024c5a --- /dev/null +++ b/en-US/File_and_Print_Servers.xml @@ -0,0 +1,8 @@ +<?xml version='1.0' encoding='utf-8' ?> +<chapter id="ch-File_and_Print_Servers"> + <title>File and Print Servers</title> + <!-- TODO: Write a proper introduction. --> + <xi:include href="Samba.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="FTP.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> + <xi:include href="Printer_Configuration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> +</chapter> diff --git a/en-US/Introduction.xml b/en-US/Introduction.xml index e7270f7..f2aec5b 100644 --- a/en-US/Introduction.xml +++ b/en-US/Introduction.xml @@ -1,67 +1,88 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<preface - id="ch-intro"> +<preface id="ch-intro"> <title>Introduction</title> - <indexterm - significance="normal"> + <indexterm significance="normal"> <primary>introduction</primary> </indexterm> - <para>Welcome to the <citetitle>&MAJOROSVER; Deployment Guide</citetitle>.</para> - <para>The <citetitle>Deployment Guide</citetitle> contains information on how to customize your &MAJOROSVER; system to fit your needs. If you are looking for a comprehensive, task-oriented guide for configuring and customizing your system, this is the manual for you.</para> - <para>This manual discusses many intermediate topics such as the following:</para> + <para> + Welcome to the <citetitle>&MAJOROSVER; Deployment Guide</citetitle>. + </para> + <para> + The <citetitle>Deployment Guide</citetitle> contains information on how to customize your &MAJOROSVER; system to fit your needs. If you are looking for a comprehensive, task-oriented guide for configuring and customizing your system, this is the manual for you. + </para> + <para> + This manual discusses many intermediate topics such as the following: + </para> <itemizedlist> <listitem> - <para>Installing and managing packages using the graphical <application>PackageKit</application> and command line <application>Yum</application> package managers</para> + <para> + Installing and managing packages using the graphical <application>PackageKit</application> and command line <application>Yum</application> package managers + </para> </listitem> <listitem> - <para>Setting up a network—from establishing an Ethernet connection using <application>NetworkManager</application> to configuring channel bonding interfaces to increase server bandwidth</para> + <para> + Setting up a network—from establishing an Ethernet connection using <application>NetworkManager</application> to configuring channel bonding interfaces to increase server bandwidth + </para> </listitem> <listitem> - <para>Configuring <systemitem class="service">DHCP</systemitem>, <application>BIND</application>, <application>Apache</application>, <application>Postfix</application>, <application>Sendmail</application> and other enterprise-class servers and software</para> + <para> + Configuring <systemitem class="service">DHCP</systemitem>, <application>BIND</application>, <application>Apache</application>, <application>Postfix</application>, <application>Sendmail</application> and other enterprise-class servers and software + </para> </listitem> <listitem> - <para>Gathering information about your system, including obtaining user-space crash data with the <application>Automatic Bug Reporting Tool</application>, and kernel-space crash data with <systemitem - class="service">kdump</systemitem></para> + <para> + Gathering information about your system, including obtaining user-space crash data with the <application>Automatic Bug Reporting Tool</application>, and kernel-space crash data with <systemitem class="service">kdump</systemitem> + </para> </listitem> <listitem> - <para>Easily working with kernel modules and upgrading the kernel</para> + <para> + Easily working with kernel modules and upgrading the kernel + </para> </listitem> </itemizedlist> - <para>This manual is divided into the following main categories:</para> + <para> + This manual is divided into the following main categories: + </para> <itemizedlist> <listitem> <para> - <xref - linkend="pt-pkg-management"/> + <xref linkend="part-Basic_System_Configuration" /> + </para> + </listitem> + <listitem> + <para> + <xref linkend="part-Package_Management" /> + </para> + </listitem> + <listitem> + <para> + <xref linkend="part-Networking" /> </para> </listitem> <listitem> <para> - <xref - linkend="pt-network-related-config"/> + <xref linkend="part-Infrastructure_Services" /> </para> </listitem> <listitem> <para> - <xref - linkend="pt-sysconfig"/> + <xref linkend="part-Servers" /> </para> </listitem> <listitem> <para> - <xref - linkend="pt-system-monitoring"/> + <xref linkend="part-Monitoring_and_Automation" /> </para> </listitem> <listitem> <para> - <xref - linkend="pt-kernel-configuration"/> + <xref linkend="part-Kernel_Module_and_Driver_Configuration" /> </para> </listitem> </itemizedlist> - <para>This guide assumes you have a basic understanding of your &MAJOROS; system. If you need help installing &MAJOROS;, refer to the <citetitle>&MAJOROSVER; Installation Guide</citetitle>.</para> - + <para> + This guide assumes you have a basic understanding of your &MAJOROS; system. If you need help installing &MAJOROS;, refer to the <citetitle>&MAJOROSVER; Installation Guide</citetitle>. + </para> </preface> diff --git a/en-US/Email.xml b/en-US/Mail_Servers.xml similarity index 99% rename from en-US/Email.xml rename to en-US/Mail_Servers.xml index 1d9a9b8..2e7863c 100644 --- a/en-US/Email.xml +++ b/en-US/Mail_Servers.xml @@ -1,9 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter - id="ch-email"> - <title>Email</title> +<chapter id="ch-Mail_Servers"> + <title>Mail Servers</title> <indexterm significance="normal"> <primary>email</primary> @@ -386,7 +385,7 @@ search_base = dc=<replaceable>example</replaceable>, dc=<replaceable>com</replac The /<filename>etc/postfix/ldap-aliases.cf</filename> file can specify various parameters, including parameters that enable <systemitem class="protocol">LDAP</systemitem> <systemitem class="protocol">SSL</systemitem> and <systemitem class="protocol">STARTTLS</systemitem>. For more information, refer to the <command>ldap_table(5)</command> man page. </para> </note> - <para>For more information on <systemitem class="protocol">LDAP</systemitem>, refer to <xref linkend="ch-Lightweight_Directory_Access_Protocol_LDAP"/>. + <para>For more information on <systemitem class="protocol">LDAP</systemitem>, refer to <xref linkend="s1-OpenLDAP" />. </para> </section> </section> @@ -609,7 +608,7 @@ FEATURE('ldap_routing')dnl <para>Next, recreate the <filename>/etc/mail/sendmail.cf</filename> file by running the <command>m4</command> macro processor and again restarting Sendmail. Refer to <xref linkend="s3-email-mta-sendmail-changes"/> for instructions.</para> <para>For more information on <systemitem class="protocol">LDAP</systemitem>, refer to <xref - linkend="ch-Lightweight_Directory_Access_Protocol_LDAP"/>.</para> + linkend="s1-OpenLDAP" />.</para> </section> </section> <section @@ -1331,7 +1330,7 @@ poll mail.domain2.com <para>To start the <systemitem class="daemon">spamd</systemitem> daemon, type the following command:</para> <screen>~]#&#160;<command>service spamassassin start</command> </screen> - <para>To start the SpamAssassin daemon when the system is booted, use an initscript utility, such as the <application>Services Configuration Tool</application> (<command>system-config-services</command>), to turn on the <computeroutput>spamassassin</computeroutput> service. Refer to <xref linkend="ch-Controlling_Access_to_Services"/> for more information about starting and stopping services.</para> + <para>To start the SpamAssassin daemon when the system is booted, use an initscript utility, such as the <application>Services Configuration Tool</application> (<command>system-config-services</command>), to turn on the <computeroutput>spamassassin</computeroutput> service. Refer to <xref linkend="ch-Services_and_Daemons" /> for more information about starting and stopping services.</para> <para>To configure Procmail to use the SpamAssassin client application instead of the Perl script, place the following line near the top of the <filename>~/.procmailrc</filename> file. For a system-wide configuration, place it in <filename>/etc/procmailrc</filename>:</para> <screen> <command>INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc</command> diff --git a/en-US/Users_and_Groups.xml b/en-US/Managing_Users_and_Groups.xml similarity index 99% rename from en-US/Users_and_Groups.xml rename to en-US/Managing_Users_and_Groups.xml index e8a33de..7cfef83 100644 --- a/en-US/Users_and_Groups.xml +++ b/en-US/Managing_Users_and_Groups.xml @@ -1,8 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="Users_and_Groups"> - <title>Users and Groups</title> +<chapter id="ch-Managing_Users_and_Groups"> + <title> Managing Users and Groups</title> <indexterm significance="normal"> <primary>groups</primary> <secondary>introducing</secondary> diff --git a/en-US/Network_Configuration.xml b/en-US/NetworkManager.xml similarity index 99% rename from en-US/Network_Configuration.xml rename to en-US/NetworkManager.xml index 9b69636..e6c933c 100644 --- a/en-US/Network_Configuration.xml +++ b/en-US/NetworkManager.xml @@ -23,9 +23,8 @@ Wired PPP Settings IPv4 Settings --> -<chapter - id="ch-Network_Configuration"> - <title>Network Configuration</title> +<chapter id="ch-NetworkManager"> + <title>NetworkManager</title> <para> <application>NetworkManager</application> is a dynamic network control and configuration system that attempts to keep network devices and connections up and active when they are available. <application>NetworkManager</application> consists of a core daemon, a GNOME Notification Area applet that provides network status information, and graphical configuration tools that can create, edit and remove connections and interfaces. <application>NetworkManager</application> can be used to configure the following types of connections: Ethernet, wireless, mobile broadband (such as cellular 3G), and <systemitem class="protocol">DSL</systemitem> @@ -52,7 +51,7 @@ NetworkManager (pid 1527) is running... <screen>~]#&#160;<command>chkconfig NetworkManager on</command> </screen> <para>For more information on starting, stopping and managing services and runlevels, refer to <xref - linkend="ch-Controlling_Access_to_Services"/>.</para> + linkend="ch-Services_and_Daemons" />.</para> </section> <section id="sec-Interacting_with_NetworkManager"> diff --git a/en-US/Network_Interfaces.xml b/en-US/Network_Interfaces.xml index bf84af7..0eba286 100644 --- a/en-US/Network_Interfaces.xml +++ b/en-US/Network_Interfaces.xml @@ -114,7 +114,7 @@ role="bold">not</emphasis> be edited manually. <!-- RHEL5: ddomingo(a)redhat.com: string removed as per Harald Hoyer <string> In addition, any use of the <application>Network Administration Tool</application> (even launching the application) will override any directives previously set in <filename>/etc/sysconfig/network-scripts</filename>.</string> -->Using only one method for network configuration is strongly encouraged, due to the risk of configuration deletion.</para> <para> For more information about configuring network interfaces using the <application>Network Administration Tool</application>, refer to <xref - linkend="ch-Network_Configuration"/> + linkend="ch-NetworkManager" />. </para> </warning> </section> @@ -162,7 +162,7 @@ BOOTPROTO=dhcp ONBOOT=yes</screen> <para> The <application>Network Administration Tool</application> (<command>system-config-network</command>) is an easy way to make changes to the various network interface configuration files (refer to <xref - linkend="ch-Network_Configuration"/> for detailed instructions on using this tool).</para> + linkend="ch-NetworkManager" /> for detailed instructions on using this tool).</para> <para>However, it is also possible to manually edit the configuration files for a given network interface.</para> <para>Below is a listing of the configurable parameters in an Ethernet interface configuration file:</para> <!-- RHEL5: added BONDING_OPTS as per BZ#221423 --> @@ -525,7 +525,7 @@ BOOTPROTO=dhcp</screen> <para>This way a user can bring up the <filename>eth0</filename> interface using the <command>/sbin/ifup eth0-user</command> command because the configuration options from <filename>ifcfg-eth0</filename> and <filename>ifcfg-eth0-user</filename> are combined. While this is a very basic example, this method can be used with a variety of options and interfaces.</para> <para> The easiest way to create alias and clone interface configuration files is to use the graphical <application>Network Administration Tool</application>. For more information on using this tool, refer to <xref - linkend="ch-Network_Configuration"/>.</para> + linkend="ch-NetworkManager" />.</para> </section> <section id="s2-networkscripts-interfaces-ppp0"> diff --git a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml b/en-US/OpenLDAP.xml similarity index 96% rename from en-US/Lightweight_Directory_Access_Protocol_LDAP.xml rename to en-US/OpenLDAP.xml index d1dae92..6c628cf 100644 --- a/en-US/Lightweight_Directory_Access_Protocol_LDAP.xml +++ b/en-US/OpenLDAP.xml @@ -1,8 +1,8 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="ch-Lightweight_Directory_Access_Protocol_LDAP"> - <title>Lightweight Directory Access Protocol (LDAP)</title> +<section id="s1-OpenLDAP"> + <title>OpenLDAP</title> <para> <systemitem class="protocol">LDAP</systemitem> (Lightweight Directory Access Protocol) is a set of open protocols used to access centrally stored information over a network. It is based on the <systemitem class="protocol">X.500</systemitem> standard for directory sharing, but is less complex and resource-intensive. For this reason, LDAP is sometimes referred to as <quote>X.500 Lite</quote>. </para> @@ -13,9 +13,9 @@ LDAP is commonly used as a virtual phone directory, allowing users to easily access contact information for other users. Additionally, it can refer a user to another LDAP servers throughout the world, and thus provide an ad-hoc global repository of information. However, it is most frequently used within individual organizations such as universities, government departments, and private companies. </para> <para> - This chapter cover the installation and configuration of <application>OpenLDAP 2.4</application>, an open source implementation of the LDAPv2 and LDAPv3 protocols. + This section covers the installation and configuration of <application>OpenLDAP 2.4</application>, an open source implementation of the LDAPv2 and LDAPv3 protocols. </para> - <section id="s1-ldap-introduction"> + <section id="s2-ldap-introduction"> <title>Introduction to LDAP</title> <para> Using a client/server architecture, LDAP provides reliable means to create a central information directory accessible from the network. When a client attempts to modify information within this directory, the server verifies the user has permission to make the change, and then adds or updates the entry as requested. To ensure the communication is secure, the <firstterm>Secure Sockets Layer</firstterm> (<acronym>SSL</acronym>) or <firstterm>Transport Layer Security</firstterm> (<acronym>TLS</acronym>) cryptographic protocols can be used to prevent an attacker from intercepting the transmission. @@ -23,7 +23,7 @@ <para> The LDAP server supports several database systems, which gives administrators the flexibility to choose the best suited solution for the type of information they are planning to serve. Because of a well-defined client <firstterm>Application Programming Interface</firstterm> (<acronym>API</acronym>), the number of applications able to communicate with an LDAP server is numerous, and increasing in both quantity and quality. </para> - <section id="s2-ldap-terminology"> + <section id="s3-ldap-terminology"> <title>LDAP Terminology</title> <para> The following is a list of LDAP-specific terms that are used within this chapter: @@ -68,7 +68,7 @@ </varlistentry> </variablelist> </section> - <section id="s2-ldap-features"> + <section id="s3-ldap-features"> <title>OpenLDAP Features</title> <para> The OpenLDAP suite provides a number of important features: @@ -106,7 +106,7 @@ </listitem> </itemizedlist> </section> - <section id="s2-ldap-setup"> + <section id="s3-ldap-setup"> <title>OpenLDAP Server Setup</title> <para> The typical steps to set up an LDAP server on &MAJOROS; are as follows: @@ -114,17 +114,17 @@ <procedure> <step> <para> - Install the OpenLDAP suite. Refer to <xref linkend="s1-ldap-installation" /> for more information on required packages. + Install the OpenLDAP suite. Refer to <xref linkend="s2-ldap-installation" /> for more information on required packages. </para> </step> <step> <para> - Edit the LDIF files in the <filename class="directory">/etc/openldap/slapd.d/</filename> directory as described in <xref linkend="s1-ldap-configuration" />. + Edit the LDIF files in the <filename class="directory">/etc/openldap/slapd.d/</filename> directory as described in <xref linkend="s2-ldap-configuration" />. </para> </step> <step> <para> - Start the <systemitem class="service">slapd</systemitem> service as described in <xref linkend="s1-ldap-running" />. + Start the <systemitem class="service">slapd</systemitem> service as described in <xref linkend="s2-ldap-running" />. </para> </step> <step> @@ -140,7 +140,7 @@ </procedure> </section> </section> - <section id="s1-ldap-installation"> + <section id="s2-ldap-installation"> <title>Installing the OpenLDAP Suite</title> <para> The suite of OpenLDAP libraries and tools is provided by the following packages: @@ -263,7 +263,7 @@ <para> Note that you must have superuser privileges (that is, you must be logged in as <systemitem class="username">root</systemitem>) to run this command. For more information on how to install new packages in &MAJOROS;, refer to <xref linkend="sec-Installing" />. </para> - <section id="s2-ldap-packages-openldap-servers"> + <section id="s3-ldap-packages-openldap-servers"> <title>Overview of OpenLDAP Server Utilities</title> <para> To perform administrative tasks, the <package>openldap-servers</package> package installs the following utilities along with the <systemitem class="service">slapd</systemitem> service: @@ -385,11 +385,11 @@ <screen>~]# <command>service slapd stop</command> Stopping slapd: [ OK ]</screen> <para> - For more information on how to start, stop, restart, and check the current status of the <systemitem class="service">slapd</systemitem> service, refer to <xref linkend="s1-ldap-running" />. + For more information on how to start, stop, restart, and check the current status of the <systemitem class="service">slapd</systemitem> service, refer to <xref linkend="s2-ldap-running" />. </para> </warning> </section> - <section id="s2-ldap-packages-openldap-clients"> + <section id="s3-ldap-packages-openldap-clients"> <title>Overview of OpenLDAP Client Utilities</title> <para> The <package>openldap-clients</package> package installs the following utilities which can be used to add, modify, and delete entries in an LDAP directory: @@ -497,14 +497,14 @@ Stopping slapd: [ OK ]</screen> With the exception of <command>ldapsearch</command>, each of these utilities is more easily used by referencing a file containing the changes to be made rather than typing a command for each entry to be changed within an LDAP directory. The format of such a file is outlined in the man page for each utility. </para> </section> - <section id="s2-ldap-packages-applications"> + <section id="s3-ldap-packages-applications"> <title>Overview of Common LDAP Client Applications</title> <para> Although there are various graphical LDAP clients capable of creating and modifying directories on the server, none of them is included in &MAJOROS;. Popular applications that can access directories in a read-only mode include <application>Mozilla Thunderbird</application>, <application>Evolution</application>, or <application>Ekiga</application>. </para> </section> </section> - <section id="s1-ldap-configuration"> + <section id="s2-ldap-configuration"> <title>Configuring an OpenLDAP Server</title> <para> OpenLDAP configuration files are installed into the <filename>/etc/openldap/</filename> directory. The following is a brief list highlighting the most important directories and files: @@ -556,7 +556,7 @@ Stopping slapd: [ OK ]</screen> Note that OpenLDAP no longer reads its configuration from the <filename>/etc/openldap/slapd.conf</filename> file. Instead, it uses a configuration database located in the <filename class="directory">/etc/openldap/slapd.d/</filename> directory. If you have an existing <filename>slapd.conf</filename> file from a previous installation, you can convert it to the new format by running the following command: </para> <screen>~]# <command>slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d/</command></screen> - <section id="s2-ldap-configuration-global"> + <section id="s3-ldap-configuration-global"> <title>Changing the Global Configuration</title> <para> The <filename>/etc/openldap/slapd.d/cn=config.ldif</filename> file contains global configuration options for the LDAP server. The following directives are commonly used in this file: @@ -802,7 +802,7 @@ Stopping slapd: [ OK ]</screen> </varlistentry> </variablelist> </section> - <section id="s2-ldap-configuration-database"> + <section id="s3-ldap-configuration-database"> <title>Changing the Database-Specific Configuration</title> <para> By default, the OpenLDAP server uses Berkeley DB (BDB) as a database back end. The configuration for this database is stored in the <filename>/etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif</filename> file, and commonly contains the following directives: @@ -878,7 +878,7 @@ Re-enter new password: </varlistentry> </variablelist> </section> - <section id="s2-ldap-configuration-schema"> + <section id="s3-ldap-configuration-schema"> <title>Working with Schema Files</title> <para> The <filename>/etc/openldap/schema/</filename> directory contains LDAP definitions, previously located in the <filename>slapd.at.conf</filename> and <filename>slapd.oc.conf</filename> files, with the attribute syntax definitions and object class definitions located in the different schema files. The schema definitions that are hard-coded in <systemitem class="service">slapd</systemitem> are now covered by the <filename>cn=schema</filename> entry located in the <filename class="directory">/etc/openldap/slapd.d/cn=config/</filename> directory. @@ -894,12 +894,12 @@ Re-enter new password: </para> </section> </section> - <section id="s1-ldap-running"> + <section id="s2-ldap-running"> <title>Running an OpenLDAP Server</title> <para> - This section describes how to start, stop, restart, and check the current status of the <application>Standalone LDAP Daemon</application>. For more information on how to manage system services in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />. + This section describes how to start, stop, restart, and check the current status of the <application>Standalone LDAP Daemon</application>. For more information on how to manage system services in general, refer to <xref linkend="ch-Services_and_Daemons" />. </para> - <section id="s2-ldap-running-starting"> + <section id="s3-ldap-running-starting"> <title>Starting the Service</title> <para> To run the <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt: @@ -914,7 +914,7 @@ Starting slapd: [ OK ]</screen> Note that you can also use the <application>Service Configuration</application> utility as described in <xref linkend="s3-services-serviceconf-enabling" />. </para> </section> - <section id="s2-ldap-running-stopping"> + <section id="s3-ldap-running-stopping"> <title>Stopping the Service</title> <para> To stop the running <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt: @@ -929,7 +929,7 @@ Stopping slapd: [ OK ]</screen> Alternatively, you can use the <application>Service Configuration</application> utility as described in <xref linkend="s3-services-serviceconf-disabling" />. </para> </section> - <section id="s2-ldap-running-restarting"> + <section id="s3-ldap-running-restarting"> <title>Restarting the Service</title> <para> To restart the running <systemitem class="service">slapd</systemitem> service, type the following at a shell prompt: @@ -941,7 +941,7 @@ Starting slapd: [ OK ]</screen> This stops the service, and then starts it again. Use this command to reload the configuration. </para> </section> - <section id="s2-ldap-running-status"> + <section id="s3-ldap-running-status"> <title>Checking the Service Status</title> <para> To check whether the service is running, type the following at a shell prompt: @@ -950,21 +950,21 @@ Starting slapd: [ OK ]</screen> slapd (pid 3672) is running...</screen> </section> </section> - <section id="s1-ldap-pam"> + <section id="s2-ldap-pam"> <title>Configuring a System to Authenticate Using OpenLDAP</title> <para> - In order to configure a system to authenticate using OpenLDAP, make sure that the appropriate packages are installed on both LDAP server and client machines. For information on how to set up the server, follow the instructions in <xref linkend="s1-ldap-installation" /> and <xref linkend="s1-ldap-configuration" />. On a client, type the following at a shell prompt: + In order to configure a system to authenticate using OpenLDAP, make sure that the appropriate packages are installed on both LDAP server and client machines. For information on how to set up the server, follow the instructions in <xref linkend="s2-ldap-installation" /> and <xref linkend="s2-ldap-configuration" />. On a client, type the following at a shell prompt: </para> <screen>~]# <command>yum install openldap openldap-clients nss-pam-ldapd</command></screen> <para> - Note that this section provides a brief overview only. Unless you are an OpenLDAP expert, refer to <xref linkend="s1-ldap-resources" /> for more detailed information. + Note that this section provides a brief overview only. Unless you are an OpenLDAP expert, refer to <xref linkend="s2-ldap-resources" /> for more detailed information. </para> - <section id="s2-ldap-pam"> + <section id="s3-ldap-pam"> <title>Using LDAP with PAM</title> <para> &MAJOROS; allows you to configure standard PAM-enabled applications to use LDAP for authentication. To do so, select <menuchoice><guimenu>System</guimenu><guisubmenu>Administration</guisubmenu><guimenuitem>Authentication</guimenuitem></menuchoice> from the panel (or type <command>system-config-authentication</command> at a shell prompt) to start the <application>Authentication Configuration</application>, and enter the superuser password when prompted. Then select the <guimenuitem>LDAP</guimenuitem> option from the <guilabel>User Account Database</guilabel> pulldown list, adjust the additional options, and click <guibutton>Apply</guibutton> to confirm your changes. </para> - <figure id="s2-ldap-pam-authentication_configuration"> + <figure id="fig-ldap-pam-authentication_configuration"> <title>Using the <application>Authentication Configuration</application> utility</title> <mediaobject> <imageobject> @@ -981,7 +981,7 @@ slapd (pid 3672) is running...</screen> For more information about configuring PAM, refer to the <citetitle pubwork="chapter">Pluggable Authentication Modules (PAM)</citetitle> chapter of the &MAJOROSVER; <citetitle>Security Guide</citetitle> and the PAM man pages. </para> </section> - <section id="s2-ldap-migrationtools"> + <section id="s3-ldap-migrationtools"> <title>Migrating Old Authentication Information to LDAP Format</title> <para> The <package>migrationtools</package> package provides a set of shell and Perl scripts to help you migrate authentication information into an LDAP format. To install this package, type the following at a shell prompt: @@ -1092,12 +1092,12 @@ $DEFAULT_BASE = "dc=example,dc=com";</screen> </para> </section> </section> - <section id="s1-ldap-resources"> + <section id="s2-ldap-resources"> <title>Additional Resources</title> <para> The following resources offer additional information on the Lightweight Directory Access Protocol. Before configuring LDAP on your system, it is highly recommended that you review these resources, especially the <citetitle pubwork="book">OpenLDAP Software Administrator's Guide</citetitle>. </para> - <section id="s2-ldap-installed-docs"> + <section id="s3-ldap-installed-docs"> <title>Installed Documentation</title> <para> The following documentation is installed with the <package>openldap-servers</package> package: @@ -1229,7 +1229,7 @@ $DEFAULT_BASE = "dc=example,dc=com";</screen> </varlistentry> </variablelist> </section> - <section id="s2-ldap-additional-resources-web"> + <section id="s3-ldap-additional-resources-web"> <title>Useful Websites</title> <variablelist> <varlistentry> @@ -1266,7 +1266,7 @@ $DEFAULT_BASE = "dc=example,dc=com";</screen> </varlistentry> </variablelist> </section> - <section id="s2-ldap-related-books"> + <section id="s3-ldap-related-books"> <title>Related Books</title> <variablelist> <varlistentry> @@ -1296,4 +1296,4 @@ $DEFAULT_BASE = "dc=example,dc=com";</screen> </variablelist> </section> </section> -</chapter> +</section> diff --git a/en-US/OpenSSH.xml b/en-US/OpenSSH.xml index 8c6a262..17c4c2d 100644 --- a/en-US/OpenSSH.xml +++ b/en-US/OpenSSH.xml @@ -506,7 +506,7 @@ Password:</screen> </para> <screen>~]# <command>chkconfig sshd on</command></screen> <para> - This will enable the service for all runlevels. For more configuration options, refer to <xref linkend="ch-Controlling_Access_to_Services" /> for the detailed information on how to manage services. + This will enable the service for all runlevels. For more configuration options, refer to <xref linkend="ch-Services_and_Daemons" /> for the detailed information on how to manage services. </para> <para> Note that if you reinstall the system, a new set of identification keys will be created. As a result, clients who had connected to the system with any of the OpenSSH tools before the reinstall will see the following message: @@ -542,7 +542,7 @@ It is also possible that the RSA host key has just been changed.</screen> ~]# <command>chkconfig rlogin off</command> ~]# <command>chkconfig vsftpd off</command></screen> <para> - For more information on runlevels and configuring services in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />. + For more information on runlevels and configuring services in general, refer to <xref linkend="ch-Services_and_Daemons" />. </para> </section> <section id="s2-ssh-configuration-keypairs"> diff --git a/en-US/PackageKit.xml b/en-US/PackageKit.xml index 2bf9c5b..0968c51 100644 --- a/en-US/PackageKit.xml +++ b/en-US/PackageKit.xml @@ -661,7 +661,7 @@ <para>The <command>packagekitd</command> daemon runs outside the user session and communicates with the various graphical front ends. The <command>packagekitd</command> daemon<footnote id="footnote-Daemons"><para>System daemons are typically long-running processes that provide services to the user or to other programs, and which are started, often at boot time, by special initialization scripts (often shortened to <emphasis>init scripts</emphasis>). Daemons respond to the <command>service</command> command and can be turned on or off permanently by using the <command>chkconfig on</command> or <command>chkconfig off</command>commands. They can typically be recognized by a <quote><emphasis>d</emphasis> </quote> appended to their name, such as the <command>packagekitd</command> daemon. Refer to <xref - linkend="ch-Controlling_Access_to_Services"/> for information about system services.</para> + linkend="ch-Services_and_Daemons"/> for information about system services.</para> </footnote> communicates via the <application>DBus</application> system message bus with another back end, which utilizes <application>Yum</application>'s Python API to perform queries and make changes to the sytem. On Linux systems other than Red Hat and Fedora, <command>packagekitd</command> can communicate with other back ends that are able to utilize the native package manager for that system. This modular architecture provides the abstraction necessary for the graphical interfaces to work with many different package managers to perform essentially the same types of package management tasks. Learning how to use the <application>PackageKit</application> front ends means that you can use the same familiar graphical interface across many different Linux distributions, even when they utilize a native package manager other than <application>Yum</application>.</para> <para>In addition, <application>PackageKit</application>'s separation of concerns provides reliability in that a crash of one of the GUI windows—or even the user's X Window session—will not affect any package management tasks being supervised by the <command>packagekitd</command> daemon, which runs outside of the user session.</para> diff --git a/en-US/Printer_Configuration.xml b/en-US/Printer_Configuration.xml index f972a63..80a5421 100644 --- a/en-US/Printer_Configuration.xml +++ b/en-US/Printer_Configuration.xml @@ -1,8 +1,7 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter - id="ch-Printer_Configuration"> +<section id="s1-Printer_Configuration"> <title>Printer Configuration</title> <indexterm significance="normal"> @@ -104,7 +103,7 @@ <para>Clicking the <guibutton>Apply</guibutton> button prompts the printer daemon to restart with the changes you have configured.</para> <para>Clicking the <guibutton>Revert</guibutton> button discards unapplied changes.</para> <section - id="s1-printing-local-printer"> + id="s2-printing-local-printer"> <title>Adding a Local Printer</title> <indexterm significance="normal"> @@ -160,10 +159,10 @@ </mediaobject> </figure> <para>Next, select the printer type. Refer to <xref - linkend="s1-printing-select-model"/> for details.</para> + linkend="s2-printing-select-model"/> for details.</para> </section> <section - id="s1-printing-ipp-printer"> + id="s2-printing-ipp-printer"> <title>Adding an IPP Printer</title> <indexterm significance="normal"> @@ -211,10 +210,10 @@ </figure> <para>Click <guibutton>Forward</guibutton> to continue.</para> <para>Next, select the printer type. Refer to <xref - linkend="s1-printing-select-model"/> for details.</para> + linkend="s2-printing-select-model"/> for details.</para> </section> <section - id="s1-printing-smb-printer"> + id="s2-printing-smb-printer"> <title>Adding a Samba (SMB) Printer</title> <indexterm significance="normal"> @@ -262,7 +261,7 @@ <para>Enter the <guilabel>Password</guilabel> (if required) for the user specified in the <guilabel>Username</guilabel> field.</para> <para>You can then test the connection by clicking <guibutton>Verify</guibutton>. Upon successful verification, a dialog box appears confirming printer share accessibility.</para> <para>Next, select the printer type. Refer to <xref - linkend="s1-printing-select-model"/> for details.</para> + linkend="s2-printing-select-model"/> for details.</para> <warning> <title>Warning</title> <para>Samba printer usernames and passwords are stored in the printer server as unencrypted files readable by root and lpd. Thus, other users that have root access to the printer server can view the username and password you use to access the Samba printer.</para> @@ -271,7 +270,7 @@ </warning> </section> <section - id="s1-printing-jetdirect-printer"> + id="s2-printing-jetdirect-printer"> <title>Adding a JetDirect Printer</title> <indexterm significance="normal"> @@ -316,10 +315,10 @@ </listitem> </itemizedlist> <para>Next, select the printer type. Refer to <xref - linkend="s1-printing-select-model"/> for details.</para> + linkend="s2-printing-select-model"/> for details.</para> </section> <section - id="s1-printing-select-model"> + id="s2-printing-select-model"> <title>Selecting the Printer Model and Finishing</title> <para>Once you have properly selected a printer queue type, you can choose either option:</para> <itemizedlist> @@ -353,15 +352,15 @@ <para>The recommended printed driver is automatically selected based on the printer model you chose. The print driver processes the data that you want to print into a format the printer can understand. Since a local printer is attached directly to your computer, you need a printer driver to process the data that is sent to the printer.</para> <para>If you have a PPD file for the device (usually provided by the manufacturer), you can select it by choosing <guilabel>Provide PPD file</guilabel>. You can then browse the filesystem for the PPD file by clicking <guibutton>Browse</guibutton>.</para> <section - id="s2-printing-confirm"> + id="s3-printing-confirm"> <title>Confirming Printer Configuration</title> <para>The last step is to confirm your printer configuration. Click <guibutton>Apply</guibutton> to add the print queue if the settings are correct. Click <guibutton>Back</guibutton> to modify the printer configuration.</para> <para>After applying the changes, print a test page to ensure the configuration is correct. Refer to <xref - linkend="s1-printing-test-page"/> for details.</para> + linkend="s2-printing-test-page"/> for details.</para> </section> </section> <section - id="s1-printing-test-page"> + id="s2-printing-test-page"> <title>Printing a Test Page</title> <indexterm significance="normal"> @@ -372,7 +371,7 @@ <para>If you change the print driver or modify the driver options, you should print a test page to test the different configuration.</para> </section> <section - id="s1-printing-edit"> + id="s2-printing-edit"> <title>Modifying Existing Printers</title> <indexterm significance="normal"> @@ -495,7 +494,7 @@ </section> </section> <section - id="s1-printing-managing"> + id="s2-printing-managing"> <title>Managing Print Jobs</title> <indexterm significance="normal"> @@ -557,11 +556,11 @@ active user@localhost+902 A 902 sample.txt 2050 01:20:46 <para>You can also print a file directly from a shell prompt. For example, the command <command>lpr sample.txt</command> prints the text file <filename>sample.txt</filename>. The print filter determines what type of file it is and converts it into a format the printer can understand.</para> </section> <section - id="s1-printing-additional-resources"> + id="s2-printing-additional-resources"> <title>Additional Resources</title> <para>To learn more about printing on &MAJOROS;, refer to the following resources.</para> <section - id="s2-printing-installed-docs"> + id="s3-printing-installed-docs"> <title>Installed Documentation</title> <itemizedlist> <listitem> @@ -591,7 +590,7 @@ active user@localhost+902 A 902 sample.txt 2050 01:20:46 </itemizedlist> </section> <section - id="s2-printing-useful-websites"> + id="s3-printing-useful-websites"> <title>Useful Websites</title> <itemizedlist> <listitem> @@ -607,4 +606,4 @@ active user@localhost+902 A 902 sample.txt 2050 01:20:46 </itemizedlist> </section> </section> -</chapter> +</section> diff --git a/en-US/RPM.xml b/en-US/RPM.xml index 29e60b7..bbb34ce 100644 --- a/en-US/RPM.xml +++ b/en-US/RPM.xml @@ -1,7 +1,7 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter +<appendix id="ch-RPM"> <title>RPM</title> <indexterm> @@ -787,4 +787,4 @@ your system.</screen> </variablelist> </section> </section> -</chapter> +</appendix> diff --git a/en-US/Samba.xml b/en-US/Samba.xml index 82466b9..fd67630 100644 --- a/en-US/Samba.xml +++ b/en-US/Samba.xml @@ -1,8 +1,7 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter - id="ch-Samba"> +<section id="ch-Samba"> <title>Samba</title> <indexterm significance="normal"> @@ -45,11 +44,11 @@ </listitem> <listitem> <para>Two new documents developed by the Samba.org team, which include a 400+ page reference manual, and a 300+ page implementation and integration manual. For more information about these published titles, refer to <xref - linkend="s2-samba-resources-published"/>.</para> + linkend="s3-samba-resources-published"/>.</para> </listitem> </itemizedlist> <section - id="s2-samba-abilities"> + id="s3-samba-abilities"> <title>Samba Features</title> <indexterm significance="normal"> @@ -97,7 +96,7 @@ </section> </section> <section - id="s1-samba-daemons"> + id="s2-samba-daemons"> <title>Samba Daemons and Related Services</title> <indexterm significance="normal"> @@ -106,7 +105,7 @@ </indexterm> <para>The following is a brief introduction to the individual Samba daemons and services.</para> <section - id="s2-samba-services"> + id="s3-samba-services"> <title>Samba Daemons</title> <indexterm significance="normal"> @@ -116,7 +115,7 @@ </indexterm> <para>Samba is comprised of three daemons (<command>smbd</command>, <command>nmbd</command>, and <command>winbindd</command>). Three services (<command>smb</command>, <command>nmbd</command>, and <command>winbind</command>) control how the daemons are started, stopped, and other service-related features. These services act as different init scripts. Each daemon is listed in detail below, as well as which specific service has control over it.</para> <formalpara - id="s3-samba-daemon-smbd"> + id="s4-samba-daemon-smbd"> <title> <command>smbd</command> </title> @@ -130,7 +129,7 @@ </formalpara> <para>The <command>smbd</command> daemon is controlled by the <command>smb</command> service.</para> <formalpara - id="s3-samba-daemon-nmbd"> + id="s4-samba-daemon-nmbd"> <title> <command>nmbd</command> </title> @@ -144,7 +143,7 @@ </formalpara> <para>The <command>nmbd</command> daemon is controlled by the <command>nmb</command> service.</para> <formalpara - id="s3-samba-daemon-winbindd"> + id="s4-samba-daemon-winbindd"> <title> <command>winbindd</command> </title> @@ -160,14 +159,14 @@ <note> <title>Note</title> <para>You may refer to <xref - linkend="s1-samba-programs"/> for a list of utilities included in the Samba distribution.</para> + linkend="s2-samba-programs"/> for a list of utilities included in the Samba distribution.</para> </note> </section> <!-- RHEL5: ddomingo(a)redhat.com: why is this not allowing build? - <para>Please refer to <xref linkend="s1-samba-programs"/> for a list of utilities included in the Samba distribution.</para> --> + <para>Please refer to <xref linkend="s2-samba-programs"/> for a list of utilities included in the Samba distribution.</para> --> </section> <section - id="s1-samba-connect-share"> + id="s2-samba-connect-share"> <title>Connecting to a Samba Share</title> <indexterm significance="normal"> @@ -223,7 +222,7 @@ </command> </screen> <section - id="s2-samba-connect-share-cmdline"> + id="s3-samba-connect-share-cmdline"> <title>Command Line</title> <indexterm significance="normal"> @@ -268,7 +267,7 @@ <para>To exit <command>smbclient</command>, type <userinput>exit</userinput> at the <prompt>smb:\&gt;</prompt> prompt.</para> </section> <section - id="s1-samba-mounting"> + id="s2-samba-mounting"> <title>Mounting the Share</title> <indexterm significance="normal"> @@ -319,7 +318,7 @@ </section> <!-- RHEL5: ddomingo(a)redhat.com: moved SAMBA config guide to here --> <section - id="s1-samba-configuring"> + id="s2-samba-configuring"> <title>Configuring a Samba Server</title> <indexterm significance="normal"> @@ -334,7 +333,7 @@ </indexterm> <para>The default configuration file (<filename>/etc/samba/smb.conf</filename>) allows users to view their home directories as a Samba share. It also shares all printers configured for the system as Samba shared printers. In other words, you can attach a printer to the system and print to it from the Windows machines on your network.</para> <section - id="s2-samba-configuring-gui"> + id="s3-samba-configuring-gui"> <title>Graphical Configuration</title> <indexterm significance="normal"> @@ -344,7 +343,7 @@ <para> To configure Samba using a graphical interface, use one of the available Samba graphical user interfaces. A list of available GUIs can be found at <ulink url="http://www.samba.org/samba/GUI/">http://www.samba.org/s...;. </para> - <!-- RHEL6 mprpic: system-config-samba deprecated <para>To configure Samba using a graphical interface, use the <application>Samba Server Configuration Tool</application>. For command line configuration, skip to <xref linkend="s2-samba-configuring-cmdline"/>.</para> + <!-- RHEL6 mprpic: system-config-samba deprecated <para>To configure Samba using a graphical interface, use the <application>Samba Server Configuration Tool</application>. For command line configuration, skip to <xref linkend="s3-samba-configuring-cmdline"/>.</para> <para>The <application>Samba Server Configuration Tool</application> is a graphical interface for managing Samba shares, users, and basic server settings. It modifies the configuration files in the <filename>/etc/samba/</filename> directory. Any changes to these files not made using the application are preserved.</para> <para>To use this application, you must be running the X Window System, have root privileges, and have the <filename>system-config-samba</filename> RPM package installed. To start the <application>Samba Server Configuration Tool</application> from the desktop, go to the <menuchoice><guimenu>System</guimenu> <guimenuitem>Administration</guimenuitem> <guimenuitem>Server Settings</guimenuitem> <guimenuitem>Samba</guimenuitem></menuchoice> on the GNOME panel or type the <command>system-config-samba</command> command at a shell prompt (for example, in an XTerm or a GNOME terminal).</para> <figure @@ -372,7 +371,7 @@ <para>The <application>Samba Server Configuration Tool</application> does not display shared printers or the default stanza that allows users to view their own home directories on the Samba server.</para> </note> <section - id="s3-samba-gui-server-settings"> + id="s4-samba-gui-server-settings"> <title>Configuring Server Settings</title> <indexterm significance="normal"> @@ -444,14 +443,14 @@ <listitem> <para> <guilabel>User</guilabel> — (Default) Samba users must provide a valid username and password on a per Samba server basis. Select this option if you want the <guilabel>Windows Username</guilabel> option to work. Refer to <xref - linkend="s3-samba-gui-users"/> for details.</para> + linkend="s4-samba-gui-users"/> for details.</para> </listitem> </itemizedlist> </listitem> <listitem> <para> <guilabel>Encrypt Passwords</guilabel> — This option must be enabled if the clients are connecting from a system with Windows 98, Windows NT 4.0 with Service Pack 3, or other more recent versions of Microsoft Windows. The passwords are transfered between the server and the client in an encrypted format instead of as a plain-text word that can be intercepted. This corresponds to the <command>encrypted passwords</command> option. Refer to <xref - linkend="s2-samba-encrypted-passwords"/> for more information about encrypted Samba passwords.</para> + linkend="s3-samba-encrypted-passwords"/> for more information about encrypted Samba passwords.</para> </listitem> <listitem> <para> @@ -461,7 +460,7 @@ <para>After clicking <guibutton>OK</guibutton>, the changes are written to the configuration file and the daemon is restarted; thus, the changes take effect immediately.</para> </section> <section - id="s3-samba-gui-users"> + id="s4-samba-gui-users"> <title>Managing Samba Users</title> <indexterm significance="normal"> @@ -492,7 +491,7 @@ <para>The users are modified immediately after clicking the <guibutton>OK</guibutton> button.</para> </section> <section - id="s3-samba-gui-add-share"> + id="s4-samba-gui-add-share"> <title>Adding a Share</title> <indexterm significance="normal"> @@ -544,7 +543,7 @@ </section> --> </section> <section - id="s2-samba-configuring-cmdline"> + id="s3-samba-configuring-cmdline"> <title>Command Line Configuration</title> <indexterm significance="normal"> @@ -575,7 +574,7 @@ create mask = 0765 <para>The above example allows the users <command>tfox</command> and <command>carole</command> to read and write to the directory <filename>/home/share</filename>, on the Samba server, from a Samba client.</para> </section> <section - id="s2-samba-encrypted-passwords"> + id="s3-samba-encrypted-passwords"> <title>Encrypted Passwords</title> <para>Encrypted passwords are enabled by default because it is more secure to do so. To create a user with an encrypted password, use the command <command>smbpasswd -a <replaceable>&lt;username&gt;</replaceable> </command>.</para> @@ -623,7 +622,7 @@ create mask = 0765 </section> </section> <section - id="s1-samba-startstop"> + id="s2-samba-startstop"> <title>Starting and Stopping Samba</title> <indexterm significance="normal"> @@ -681,11 +680,11 @@ create mask = 0765 <screen>~]#&#160;<command>service smb reload</command> </screen> <para>By default, the <command>smb</command> service does <emphasis>not</emphasis> start automatically at boot time. To configure Samba to start at boot time, use an initscript utility, such as <command>/sbin/chkconfig</command>, <command>/usr/sbin/ntsysv</command>, or the <application>Services Configuration Tool</application> program. Refer to <xref - linkend="ch-Controlling_Access_to_Services"/> for more information regarding these tools.</para> + linkend="ch-Services_and_Daemons" /> for more information regarding these tools.</para> </section> <!-- RHEL5: ddomingo(a)redhat.com: config guide used to be here, moved to before "Starting & Stopping" --> <section - id="s1-samba-servers"> + id="s2-samba-servers"> <title>Samba Server Types and the <filename>smb.conf</filename> File</title> <indexterm significance="normal"> @@ -700,7 +699,7 @@ create mask = 0765 <para>Samba configuration is straightforward. All modifications to Samba are done in the <filename>/etc/samba/smb.conf</filename> configuration file. Although the default <filename>smb.conf</filename> file is well documented, it does not address complex topics such as LDAP, Active Directory, and the numerous domain controller implementations.</para> <para>The following sections describe the different ways a Samba server can be configured. Keep in mind your needs and the changes required to the <filename>/etc/samba/smb.conf</filename> file for a successful configuration.</para> <section - id="s2-samba-standalone"> + id="s3-samba-standalone"> <title>Stand-alone Server</title> <indexterm significance="normal"> @@ -709,9 +708,9 @@ create mask = 0765 <tertiary>Stand Alone</tertiary> </indexterm> <para>A stand-alone server can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. The following examples include several anonymous share-level security configurations and one user-level security configuration. For more information on share-level and user-level security modes, refer to <xref - linkend="s1-samba-security-modes"/>.</para> + linkend="s2-samba-security-modes"/>.</para> <section - id="s3-samba-standalone-anonreadonly"> + id="s4-samba-standalone-anonreadonly"> <title>Anonymous Read-Only</title> <indexterm significance="normal"> @@ -733,7 +732,7 @@ guest only = Yes </screen> </section> <section - id="s3-samba-standalone-anonreadwrite"> + id="s4-samba-standalone-anonreadwrite"> <title>Anonymous Read/Write</title> <indexterm significance="normal"> @@ -761,7 +760,7 @@ guest ok = Yes </screen> </section> <section - id="s3-samba-standalone-anonprint"> + id="s4-samba-standalone-anonprint"> <title>Anonymous Print Server</title> <indexterm significance="normal"> @@ -789,7 +788,7 @@ browseable = Yes </screen> </section> <section - id="s3-samba-standalone-readwriteall"> + id="s4-samba-standalone-readwriteall"> <title>Secure Read/Write File and Print Server</title> <indexterm significance="normal"> @@ -831,7 +830,7 @@ browseable = Yes </section> </section> <section - id="s2-samba-domain-member"> + id="s3-samba-domain-member"> <title>Domain Member Server</title> <indexterm significance="normal"> @@ -841,7 +840,7 @@ browseable = Yes </indexterm> <para>A domain member, while similar to a stand-alone server, is logged into a domain controller (either Windows or Samba) and is subject to the domain's security rules. An example of a domain member server would be a departmental server running Samba that has a machine account on the Primary Domain Controller (PDC). All of the department's clients still authenticate with the PDC, and desktop profiles and all network policy files are included. The difference is that the departmental server has the ability to control printer and network shares.</para> <section - id="s3-samba-domain-member-ads"> + id="s4-samba-domain-member-ads"> <title>Active Directory Domain Member Server</title> <indexterm significance="normal"> @@ -895,7 +894,7 @@ password server = kerberos.example.com </note> </section> <section - id="s3-samba-domain-member-nt4"> + id="s4-samba-domain-member-nt4"> <title>Windows NT4-based Domain Member Server</title> <indexterm significance="normal"> @@ -935,7 +934,7 @@ guest ok = Yes </section> </section> <section - id="s2-samba-domain-controller"> + id="s3-samba-domain-controller"> <title>Domain Controller</title> <indexterm significance="normal"> @@ -950,7 +949,7 @@ guest ok = Yes <para>Samba cannot exist in a mixed Samba/Windows domain controller environment (Samba cannot be a BDC of a Windows PDC or vice versa). Alternatively, Samba PDCs and BDCs <emphasis>can</emphasis> coexist.</para> </important> <section - id="s3-samba-pdc-tdbsam"> + id="s4-samba-pdc-tdbsam"> <title>Primary Domain Controller (PDC) using <command>tdbsam</command> </title> <indexterm @@ -961,7 +960,7 @@ guest ok = Yes </tertiary> </indexterm> <para>The simplest and most common implementation of a Samba PDC uses the new default <command>tdbsam</command> password database back end. Replacing the aging <command>smbpasswd</command> back end, <command>tdbsam</command> has numerous improvements that are explained in more detail in <xref - linkend="s1-samba-account-info-dbs"/>. The <command>passdb backend</command> directive controls which back end is to be used for the PDC.</para> + linkend="s2-samba-account-info-dbs"/>. The <command>passdb backend</command> directive controls which back end is to be used for the PDC.</para> <para>The following <filename>/etc/samba/smb.conf</filename> file shows a sample configuration needed to implement a <command>tdbsam</command> password database back end. </para> <screen> @@ -1189,7 +1188,7 @@ idmap gid = 15000-20000 ... </section> </section> <section - id="s1-samba-security-modes"> + id="s2-samba-security-modes"> <title>Samba Security Modes</title> <indexterm significance="normal"> @@ -1199,7 +1198,7 @@ idmap gid = 15000-20000 ... <para>There are only two types of security modes for Samba, <emphasis>share-level</emphasis> and <emphasis>user-level</emphasis>, which are collectively known as <emphasis><firstterm>security levels</firstterm> </emphasis>. Share-level security can only be implemented in one way, while user-level security can be implemented in one of four different ways. The different ways of implementing a security level are called <emphasis><firstterm>security modes</firstterm></emphasis>.</para> <section - id="s2-samba-user-level"> + id="s3-samba-user-level"> <title>User-Level Security</title> <indexterm significance="normal"> @@ -1217,9 +1216,9 @@ security = user </screen> <para>The following sections describe other implementations of user-level security.</para> <!-- RHEL5: ddomingo(a)redhat.com: moving this closing section tag down, to nest all other User-Level Security modes; also added above para for better transition - </section> --><!-- RHEL5: ddomingo(a)redhat.com: <section id="s2-samba-share-level"> used to be here --> + </section> --><!-- RHEL5: ddomingo(a)redhat.com: <section id="s3-samba-share-level"> used to be here --> <section - id="s2-samba-domain-security-mode"> + id="s3-samba-domain-security-mode"> <title>Domain Security Mode (User-Level Security)</title> <indexterm significance="normal"> @@ -1237,7 +1236,7 @@ workgroup = MARKETING </screen> </section> <section - id="s2-samba-ads-security-mode"> + id="s3-samba-ads-security-mode"> <title>Active Directory Security Mode (User-Level Security)</title> <indexterm significance="normal"> @@ -1257,7 +1256,7 @@ password server = kerberos.example.com </screen> </section> <section - id="s2-samba-server-security-mode"> + id="s3-samba-server-security-mode"> <title>Server Security Mode (User-Level Security)</title> <indexterm significance="normal"> @@ -1283,7 +1282,7 @@ password server = "NetBIOS_of_Domain_Controller" <!-- RHEL5: ddomingo(a)redhat.com: the following section tag nests all other User-Level Security modes --> </section> <section - id="s2-samba-share-level"> + id="s3-samba-share-level"> <title>Share-Level Security</title> <indexterm significance="normal"> @@ -1302,7 +1301,7 @@ security = share </section> </section> <section - id="s1-samba-account-info-dbs"> + id="s2-samba-account-info-dbs"> <title>Samba Account Information Databases</title> <indexterm significance="normal"> @@ -1312,7 +1311,7 @@ security = share <para>The latest release of Samba offers many new features including new password database back ends not previously available. Samba version 3.0.0 fully supports all databases used in previous versions of Samba. However, although supported, many back ends may not be suitable for production use.</para> <para>The following is a list different back ends you can use with Samba. Other back ends not listed here may also be available.</para> <!-- RHEL5: tech review: merge 2 sections! - <section id="s2-samba-backwardcompat-backends"> + <section id="s3-samba-backwardcompat-backends"> <title>Backward Compatible Backends</title> --> <indexterm significance="normal"> @@ -1409,7 +1408,7 @@ security = share <!-- RHEL5: tech review: merge! </variablelist> </section> - <section id="s2-samba-new-backends"> + <section id="s3-samba-new-backends"> <title>New Backends</title> <variablelist> --> <varlistentry> @@ -1426,10 +1425,10 @@ security = share <command>ldapsam</command> </term> <listitem> - <para>The <command>ldapsam</command> back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as the <application>Red Hat Directory Server</application> or an <application>OpenLDAP Server</application>. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. Installation and configuration of directory servers is beyond the scope of this chapter. For more information on the <application>Red Hat Directory Server</application>, refer to the <citetitle>Red Hat Directory Server 8.2 Deployment Guide</citetitle><!-- TBD6: link to the Red Hat Directory Server 8.2 DG -->. For more information on LDAP, refer to <xref linkend="ch-Lightweight_Directory_Access_Protocol_LDAP"/></para> + <para>The <command>ldapsam</command> back end provides an optimal distributed account installation method for Samba. LDAP is optimal because of its ability to replicate its database to any number of servers such as the <application>Red Hat Directory Server</application> or an <application>OpenLDAP Server</application>. LDAP databases are light-weight and scalable, and as such are preferred by large enterprises. Installation and configuration of directory servers is beyond the scope of this chapter. For more information on the <application>Red Hat Directory Server</application>, refer to the <citetitle>Red Hat Directory Server 8.2 Deployment Guide</citetitle><!-- TBD6: link to the Red Hat Directory Server 8.2 DG -->. For more information on LDAP, refer to <xref linkend="s1-OpenLDAP" />.</para> <para>If you are upgrading from a previous version of Samba to 3.0, note that the <filename>/usr/share/doc/samba-<replaceable>&lt;version&gt;</replaceable>/LDAP/samba.schema</filename> has changed. This file contains the <firstterm>attribute syntax definitions</firstterm> and <firstterm>objectclass definitions</firstterm> that the <command>ldapsam</command> back end will need in order to function properly.</para> <para>As such, if you are using the <command>ldapsam</command> back end for your Samba server, you will need to configure <command>slapd</command> to include this schema file. Refer to <xref - linkend="s2-ldap-configuration-schema"/> for directions on how to do this.</para> + linkend="s3-ldap-configuration-schema"/> for directions on how to do this.</para> <note> <title>Note</title> <para>You need to have the <filename>openldap-server</filename> package installed if you want to use the <command>ldapsam</command> back end.</para> @@ -1463,7 +1462,7 @@ security = share <!-- RHEL5: tech review: cut (closing tag) </section> --> </section> <section - id="s1-samba-network-browsing"> + id="s2-samba-network-browsing"> <title>Samba Network Browsing</title> <indexterm significance="normal"> @@ -1484,7 +1483,7 @@ security = share <para>Network browsing capabilities require NetBIOS over <systemitem class="protocol">TCP</systemitem>/<systemitem class="protocol">IP</systemitem>. NetBIOS-based networking uses broadcast (<systemitem class="protocol">UDP</systemitem>) messaging to accomplish browse list management. Without NetBIOS and WINS as the primary method for <systemitem class="protocol">TCP</systemitem>/<systemitem class="protocol">IP</systemitem> hostname resolution, other methods such as static files (<filename>/etc/hosts</filename>) or <systemitem class="protocol">DNS</systemitem>, must be used.</para> <para>A domain master browser collates the browse lists from local master browsers on all subnets so that browsing can occur between workgroups and subnets. Also, the domain master browser should preferably be the local master browser for its own subnet.</para> <!-- RHEL5: tech review: cut! less trouble! - <section id="s2-samba-workgroup-browsing"> + <section id="s3-samba-workgroup-browsing"> <title>Workgroup Browsing</title> <indexterm significance="normal"> <primary>Samba</primary> @@ -1527,7 +1526,7 @@ os level = 0</screen> </section> --> <section - id="s2-samba-domain-browsing"> + id="s3-samba-domain-browsing"> <title>Domain Browsing</title> <indexterm significance="normal"> @@ -1542,7 +1541,7 @@ os level = 0</screen> <para>For subnets that do not include the Windows server PDC, a Samba server can be implemented as a local master browser. Configuring the <filename>/etc/samba/smb.conf</filename> file for a local master browser (or no browsing at all) in a domain controller environment is the same as workgroup configuration.</para> </section> <section - id="s2-samba-wins"> + id="s3-samba-wins"> <title>WINS (Windows Internet Name Server)</title> <indexterm significance="normal"> @@ -1569,7 +1568,7 @@ wins support = Yes </section> </section> <section - id="s1-samba-cups"> + id="s2-samba-cups"> <title>Samba with CUPS Printing Support</title> <indexterm significance="normal"> @@ -1581,7 +1580,7 @@ wins support = Yes <para>Samba allows client machines to share printers connected to the Samba server, as well as send Linux documents to Windows printer shares. Although there are other printing systems that function with &MAJOROS;, CUPS (Common UNIX Print System) is the recommended printing system due to its close integration with Samba.</para> --> <section - id="s2-samba-cups-smb.conf"> + id="s3-samba-cups-smb.conf"> <title>Simple <filename>smb.conf</filename> Settings</title> <indexterm significance="normal"> @@ -1616,7 +1615,7 @@ printer admin = ed, john </section> </section> <section - id="s1-samba-programs"> + id="s2-samba-programs"> <title>Samba Distribution Programs</title> <indexterm significance="normal"> @@ -1624,7 +1623,7 @@ printer admin = ed, john <secondary>Programs</secondary> </indexterm> <formalpara - id="s2-samba-programs-findsmb"> + id="s3-samba-programs-findsmb"> <title> <filename>findsmb</filename> </title> @@ -1663,7 +1662,7 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION 10.1.56.205 NANCYN +[MYGROUP] [Unix] [Samba 2.2.7a-security-rollup-fix] </screen> <!-- RHEL5: </section> --><!-- RHEL5: peer review: cut! - <formalpara id="s2-samba-programs-make_smbcodepage"> + <formalpara id="s3-samba-programs-make_smbcodepage"> <title><filename>make_smbcodepage</filename></title> <indexterm significance="normal"> <primary>Samba</primary> @@ -1677,7 +1676,7 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION <para><command>make_smbcodepage <replaceable>&lt;c|d&gt; &lt;codepage_number&gt; &lt;inputfile&gt; &lt;outputfile&gt;</replaceable></command></para> </formalpara> <para>The <command>make_smbcodepage</command> program compiles a binary codepage file from a text-format definition. The reverse is also allowed by decompiling a binary codepage file to a text-format definition. This obsolete program is part of the internationalization features of previous versions of Samba which are included by default with the current version of Samba.</para> --><!-- RHEL5: </section> --><!-- RHEL5: tech review: cut! - <formalpara id="s2-samba-programs-make_unicodemap"> + <formalpara id="s3-samba-programs-make_unicodemap"> <title><filename>make_unicodemap</filename></title> <indexterm significance="normal"> <primary>Samba</primary> @@ -1692,7 +1691,7 @@ IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION </formalpara> <para>The <command>make_unicodemap</command> program compiles binary Unicode files from text files so Samba can display non-ASCII character sets. This obsolete program was part of the internationalization features of previous versions of Samba which are now included with the current release of Samba.</para> --><!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-net"> + id="s3-samba-programs-net"> <title> <filename>net</filename> </title> @@ -1740,7 +1739,7 @@ lisa Sales </screen> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-nmblookup"> + id="s3-samba-programs-nmblookup"> <title> <filename>nmblookup</filename> </title> @@ -1771,7 +1770,7 @@ querying trek on 10.1.59.255 </screen> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-pdbedit"> + id="s3-samba-programs-pdbedit"> <title> <filename>pdbedit</filename> </title> @@ -1850,7 +1849,7 @@ andriusb:505: lisa:504: kristin:506: </screen> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-rpcclient"> + id="s3-samba-programs-rpcclient"> <title> <filename>rpcclient</filename> </title> @@ -1875,7 +1874,7 @@ andriusb:505: lisa:504: kristin:506: <para>The <command>rpcclient</command> program issues administrative commands using Microsoft RPCs, which provide access to the Windows administration graphical user interfaces (GUIs) for systems management. This is most often used by advanced users that understand the full complexity of Microsoft RPCs.</para> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-smbcacls"> + id="s3-samba-programs-smbcacls"> <title> <filename>smbcacls</filename> </title> @@ -1900,7 +1899,7 @@ andriusb:505: lisa:504: kristin:506: <para>The <command>smbcacls</command> program modifies Windows ACLs on files and directories shared by a Samba server or a Windows server.</para> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-smbclient"> + id="s3-samba-programs-smbclient"> <title> <filename>smbclient</filename> </title> @@ -1925,7 +1924,7 @@ andriusb:505: lisa:504: kristin:506: <para>The <command>smbclient</command> program is a versatile UNIX client which provides functionality similar to <command>ftp</command>.</para> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-smbcontrol"> + id="s3-samba-programs-smbcontrol"> <title> <filename>smbcontrol</filename> </title> @@ -1953,7 +1952,7 @@ andriusb:505: lisa:504: kristin:506: </para> <para>The <command>smbcontrol</command> program sends control messages to running <command>smbd</command>, <command>nmbd</command>, or <command>winbindd</command> daemons. Executing <command>smbcontrol -i</command> runs commands interactively until a blank line or a <parameter>'q'</parameter> is entered.</para> <!-- RHEL5: </section> --><!-- RHEL5: tech review: remove! - <formalpara id="s2-samba-programs-smbgroupedit"> + <formalpara id="s3-samba-programs-smbgroupedit"> <title><filename>smbgroupedit</filename></title> <indexterm significance="normal"> <primary>Samba</primary> @@ -1967,7 +1966,7 @@ andriusb:505: lisa:504: kristin:506: <para><command>smbgroupedit <replaceable>&lt;options&gt;</replaceable></command></para> </formalpara> <para>The <command>smbgroupedit</command> program maps between Linux groups and Windows groups. It also allows a Linux group to be a domain group.</para> --><!-- RHEL5: </section> --><!-- RHEL5: ddomingo(a)redhat.com: smbmount is gone! as per fenlason(a)redhat.com - <section id="s2-samba-programs-smbmount"> + <section id="s3-samba-programs-smbmount"> <title><filename>smbmount</filename></title> <indexterm significance="normal"> <primary>Samba</primary> @@ -1985,7 +1984,7 @@ andriusb:505: lisa:504: kristin:506: <screen><userinput>smbmount //wakko/html /mnt/html -o username=kristin</userinput> Password: <userinput>&lt;password&gt;</userinput> [root@yakko /]# <userinput>ls -l /mnt/html</userinput> total 0 -rwxr-xr-x 1 root root 0 Jan 29 08:09 index.html</screen> </section> --> <formalpara - id="s2-samba-programs-smbpasswd"> + id="s3-samba-programs-smbpasswd"> <title> <filename>smbpasswd</filename> </title> @@ -2010,7 +2009,7 @@ andriusb:505: lisa:504: kristin:506: <para>The <command>smbpasswd</command> program manages encrypted passwords. This program can be run by a superuser to change any user's password as well as by an ordinary user to change their own Samba password.</para> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-smbspool"> + id="s3-samba-programs-smbspool"> <title> <filename>smbspool</filename> </title> @@ -2035,7 +2034,7 @@ andriusb:505: lisa:504: kristin:506: <para>The <command>smbspool</command> program is a CUPS-compatible printing interface to Samba. Although designed for use with CUPS printers, <command>smbspool</command> can work with non-CUPS printers as well.</para> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-smbstatus"> + id="s3-samba-programs-smbstatus"> <title> <filename>smbstatus</filename> </title> @@ -2060,7 +2059,7 @@ andriusb:505: lisa:504: kristin:506: <para>The <command>smbstatus</command> program displays the status of current connections to a Samba server.</para> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-smbtar"> + id="s3-samba-programs-smbtar"> <title> <filename>smbtar</filename> </title> @@ -2085,7 +2084,7 @@ andriusb:505: lisa:504: kristin:506: <para>The <command>smbtar</command> program performs backup and restores of Windows-based share files and directories to a local tape archive. Though similar to the <command>tar</command> command, the two are not compatible.</para> <!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-testparm"> + id="s3-samba-programs-testparm"> <title> <filename>testparm</filename> </title> @@ -2151,7 +2150,7 @@ Press enter to see a dump of your service definitions guest only = Yes </screen> <!-- RHEL5: </section> --><!-- RHEL5: tech review: cut! - <formalpara id="s2-samba-programs-testprns"> + <formalpara id="s3-samba-programs-testprns"> <title><filename>testprns</filename></title> <indexterm significance="normal"> <primary>Samba</primary> @@ -2167,7 +2166,7 @@ Press enter to see a dump of your service definitions <para>The <command>testprns</command> program checks if <option>printername</option> is valid and exists in the <filename>printcap</filename>. If the <option>printcapname</option> is not specified, the default specified in the Samba or <filename>printcap</filename> configuration files is used.</para> --><!-- RHEL5: </section> --> <formalpara - id="s2-samba-programs-wbinfo"> + id="s3-samba-programs-wbinfo"> <title> <filename>wbinfo</filename> </title> @@ -2193,7 +2192,7 @@ Press enter to see a dump of your service definitions <!-- RHEL5: </section> --> </section> <section - id="s1-samba-resources"> + id="s2-samba-resources"> <title>Additional Resources</title> <indexterm significance="normal"> @@ -2202,7 +2201,7 @@ Press enter to see a dump of your service definitions </indexterm> <para>The following sections give you the means to explore Samba in greater detail.</para> <section - id="s2-samba-resources-installed"> + id="s3-samba-resources-installed"> <title>Installed Documentation</title> <indexterm significance="normal"> @@ -2254,7 +2253,7 @@ Press enter to see a dump of your service definitions </itemizedlist> </section> <section - id="s2-samba-resources-published"> + id="s3-samba-resources-published"> <title>Related Books</title> <indexterm significance="normal"> @@ -2278,7 +2277,7 @@ Press enter to see a dump of your service definitions </itemizedlist> </section> <section - id="s2-samba-resources-community"> + id="s3-samba-resources-community"> <title>Useful Websites</title> <indexterm significance="normal"> @@ -2303,4 +2302,4 @@ Press enter to see a dump of your service definitions </itemizedlist> </section> </section> -</chapter> +</section> diff --git a/en-US/Controlling_Access_to_Services.xml b/en-US/Services_and_Daemons.xml similarity index 99% rename from en-US/Controlling_Access_to_Services.xml rename to en-US/Services_and_Daemons.xml index ca21a24..dd36719 100644 --- a/en-US/Controlling_Access_to_Services.xml +++ b/en-US/Services_and_Daemons.xml @@ -1,8 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="ch-Controlling_Access_to_Services"> - <title>Controlling Access to Services</title> +<chapter id="ch-Services_and_Daemons"> + <title>Services and Daemons</title> <indexterm> <primary>services configuration</primary> </indexterm> diff --git a/en-US/Gathering_System_Information.xml b/en-US/System_Monitoring_Tools.xml similarity index 99% rename from en-US/Gathering_System_Information.xml rename to en-US/System_Monitoring_Tools.xml index d7c98e5..d052e29 100644 --- a/en-US/Gathering_System_Information.xml +++ b/en-US/System_Monitoring_Tools.xml @@ -1,9 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter - id="ch-Gathering_System_Information"> - <title>Gathering System Information</title> +<chapter id="ch-System_Monitoring_Tools"> + <title>System Monitoring Tools</title> <indexterm significance="normal"> <primary>system information</primary> diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml index 6489e9f..4660247 100644 --- a/en-US/The_Apache_HTTP_Server.xml +++ b/en-US/The_Apache_HTTP_Server.xml @@ -1,174 +1,160 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE section PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="ch-The_Apache_HTTP_Server"> +<section id="s1-The_Apache_HTTP_Server"> <title>The Apache HTTP Server</title> <indexterm> - <primary>HTTP server</primary> - <see><application>Apache HTTP Server</application></see> - </indexterm> - <indexterm> - <primary>web server</primary> + <primary><systemitem class="service">httpd</systemitem></primary> <see><application>Apache HTTP Server</application></see> </indexterm> <para> - <systemitem class="protocol">HTTP</systemitem> (Hypertext Transfer Protocol) server, or a <firstterm>web server</firstterm>, is a network service that serves content to a client over the web. This typically means web pages, but any other documents can be served as well. + This section focuses on the <application>Apache HTTP Server 2.2</application>, a robust, full-featured open source web server developed by the <ulink url="http://www.apache.org/">Apache Software Foundation</ulink>, that is included in &MAJOROSVER;. It describes the basic configuration of the <systemitem class="service">httpd</systemitem> service, and covers advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server. </para> - <indexterm> - <primary><systemitem class="service">httpd</systemitem></primary> - <see><application>Apache HTTP Server</application></see> - </indexterm> <para> - This chapter focuses on the <application>Apache HTTP Server 2.2</application>, a robust, full-featured open source web server developed by the <ulink url="http://www.apache.org/">Apache Software Foundation</ulink>, that is included in &MAJOROSVER;. It describes the basic configuration of the <systemitem class="service">httpd</systemitem> service, and covers advanced topics such as adding server modules, setting up virtual hosts, or configuring the secure HTTP server. + There are important differences between the Apache HTTP Server 2.2 and version 2.0, and if you are upgrading from a previous release of &MAJOROS;, you will need to update the <systemitem class="service">httpd</systemitem> service configuration accordingly. This section reviews some of the newly added features, outlines important changes, and guides you through the update of older configuration files. </para> - <section id="s1-apache-version2"> - <title>The Apache HTTP Server 2.2</title> + <section id="s2-apache-version2-features"> + <title>New Features</title> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>version 2.2</secondary> + <tertiary>features</tertiary> + </indexterm> <para> - There are important differences between the Apache HTTP Server 2.2 and version 2.0, and if you are upgrading from a previous release of &MAJOROS;, you will need to update the <systemitem class="service">httpd</systemitem> service configuration accordingly. This section reviews some of the newly added features, outlines important changes, and guides you through the update of older configuration files. + The Apache HTTP Server version 2.2 introduces the following enhancements: </para> - <section id="s2-apache-version2-features"> - <title>New Features</title> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>version 2.2</secondary> - <tertiary>features</tertiary> - </indexterm> - <para> - The Apache HTTP Server version 2.2 introduces the following enhancements: - </para> - <itemizedlist> - <listitem> - <para> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>modules</secondary> - <tertiary><systemitem class="resource">mod_cache</systemitem></tertiary> - </indexterm> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>modules</secondary> - <tertiary><systemitem class="resource">mod_disk_cache</systemitem></tertiary> - </indexterm> - Improved caching modules, that is, <systemitem class="resource">mod_cache</systemitem> and <systemitem class="resource">mod_disk_cache</systemitem>. - </para> - </listitem> - <listitem> - <para> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>modules</secondary> - <tertiary><systemitem class="resource">mod_proxy_balancer</systemitem></tertiary> - </indexterm> - Support for proxy load balancing, that is, the <systemitem class="resource">mod_proxy_balancer</systemitem> module. - </para> - </listitem> - <listitem> - <para> - Support for large files on 32-bit architectures, allowing the web server to handle files greater than 2GB. - </para> - </listitem> - <listitem> - <para> - A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions. - </para> - </listitem> - </itemizedlist> - </section> - <section id="s2-apache-version2-changes"> - <title>Notable Changes</title> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>version 2.2</secondary> - <tertiary>changes</tertiary> - </indexterm> - <para> - Since version 2.0, few changes have been made to the default <systemitem class="service">httpd</systemitem> service configuration: - </para> - <itemizedlist> - <listitem> - <para> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>modules</secondary> - <tertiary><systemitem class="resource">mod_cern_meta</systemitem></tertiary> - </indexterm> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>modules</secondary> - <tertiary><systemitem class="resource">mod_asis</systemitem></tertiary> - </indexterm> - The following modules are no longer loaded by default: <systemitem class="resource">mod_cern_meta</systemitem> and <systemitem class="resource">mod_asis</systemitem>. - </para> - </listitem> - <listitem> - <para> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>modules</secondary> - <tertiary><systemitem class="resource">mod_ext_filter</systemitem></tertiary> - </indexterm> - The following module is newly loaded by default: <systemitem class="resource">mod_ext_filter</systemitem>. - </para> - </listitem> - </itemizedlist> - </section> - <section id="s1-apache-version2-migrating"> - <title>Updating the Configuration</title> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>version 2.2</secondary> - <tertiary>updating from version 2.0</tertiary> - </indexterm> - <para> - To update the configuration files from the Apache HTTP Server version 2.0, take the following steps: - </para> - <procedure> - <step> - <para> - Make sure all module names are correct, since they may have changed. Adjust the <option>LoadModule</option> directive for each module that has been renamed. - </para> - </step> - <step> - <para> - Recompile all third party modules before attempting to load them. This typically means authentication and authorization modules. - </para> - </step> - <step> - <para> - <indexterm> - <primary><application>Apache HTTP Server</application></primary> - <secondary>modules</secondary> - <tertiary><systemitem class="resource">mod_userdir</systemitem></tertiary> - </indexterm> - If you use the <systemitem class="resource">mod_userdir</systemitem> module, make sure the <option>UserDir</option> directive indicating a directory name (typically <literal>public_html</literal>) is provided. - </para> - </step> - <step> - <para> - If you use the Apache HTTP Secure Server, edit the <filename>/etc/httpd/conf.d/ssl.conf</filename> to enable the Secure Sockets Layer (SSL) protocol. - </para> - </step> - </procedure> - <para> - Note that you can check the configuration for possible errors by using the following command: - </para> - <screen>~]# <command>service httpd configtest</command> + <itemizedlist> + <listitem> + <para> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>modules</secondary> + <tertiary><systemitem class="resource">mod_cache</systemitem></tertiary> + </indexterm> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>modules</secondary> + <tertiary><systemitem class="resource">mod_disk_cache</systemitem></tertiary> + </indexterm> + Improved caching modules, that is, <systemitem class="resource">mod_cache</systemitem> and <systemitem class="resource">mod_disk_cache</systemitem>. + </para> + </listitem> + <listitem> + <para> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>modules</secondary> + <tertiary><systemitem class="resource">mod_proxy_balancer</systemitem></tertiary> + </indexterm> + Support for proxy load balancing, that is, the <systemitem class="resource">mod_proxy_balancer</systemitem> module. + </para> + </listitem> + <listitem> + <para> + Support for large files on 32-bit architectures, allowing the web server to handle files greater than 2GB. + </para> + </listitem> + <listitem> + <para> + A new structure for authentication and authorization support, replacing the authentication modules provided in previous versions. + </para> + </listitem> + </itemizedlist> + </section> + <section id="s2-apache-version2-changes"> + <title>Notable Changes</title> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>version 2.2</secondary> + <tertiary>changes</tertiary> + </indexterm> + <para> + Since version 2.0, few changes have been made to the default <systemitem class="service">httpd</systemitem> service configuration: + </para> + <itemizedlist> + <listitem> + <para> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>modules</secondary> + <tertiary><systemitem class="resource">mod_cern_meta</systemitem></tertiary> + </indexterm> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>modules</secondary> + <tertiary><systemitem class="resource">mod_asis</systemitem></tertiary> + </indexterm> + The following modules are no longer loaded by default: <systemitem class="resource">mod_cern_meta</systemitem> and <systemitem class="resource">mod_asis</systemitem>. + </para> + </listitem> + <listitem> + <para> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>modules</secondary> + <tertiary><systemitem class="resource">mod_ext_filter</systemitem></tertiary> + </indexterm> + The following module is newly loaded by default: <systemitem class="resource">mod_ext_filter</systemitem>. + </para> + </listitem> + </itemizedlist> + </section> + <section id="s2-apache-version2-migrating"> + <title>Updating the Configuration</title> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>version 2.2</secondary> + <tertiary>updating from version 2.0</tertiary> + </indexterm> + <para> + To update the configuration files from the Apache HTTP Server version 2.0, take the following steps: + </para> + <procedure> + <step> + <para> + Make sure all module names are correct, since they may have changed. Adjust the <option>LoadModule</option> directive for each module that has been renamed. + </para> + </step> + <step> + <para> + Recompile all third party modules before attempting to load them. This typically means authentication and authorization modules. + </para> + </step> + <step> + <para> + <indexterm> + <primary><application>Apache HTTP Server</application></primary> + <secondary>modules</secondary> + <tertiary><systemitem class="resource">mod_userdir</systemitem></tertiary> + </indexterm> + If you use the <systemitem class="resource">mod_userdir</systemitem> module, make sure the <option>UserDir</option> directive indicating a directory name (typically <literal>public_html</literal>) is provided. + </para> + </step> + <step> + <para> + If you use the Apache HTTP Secure Server, edit the <filename>/etc/httpd/conf.d/ssl.conf</filename> to enable the Secure Sockets Layer (SSL) protocol. + </para> + </step> + </procedure> + <para> + Note that you can check the configuration for possible errors by using the following command: + </para> + <screen>~]# <command>service httpd configtest</command> Syntax OK</screen> - <para> - For more information on upgrading the Apache HTTP Server configuration from version 2.0 to 2.2, refer to <ulink url="http://httpd.apache.org/docs/2.2/upgrading.html" />. - </para> - </section> + <para> + For more information on upgrading the Apache HTTP Server configuration from version 2.0 to 2.2, refer to <ulink url="http://httpd.apache.org/docs/2.2/upgrading.html" />. + </para> </section> - <section id="s1-apache-running"> + <section id="s2-apache-running"> <title>Running the <systemitem class="service">httpd</systemitem> Service</title> <para> This section describes how to start, stop, restart, and check the current status of the Apache HTTP Server. To be able to use the <systemitem class="service">httpd</systemitem> service, make sure you have the <package>httpd</package> installed. You can do so by using the following command: </para> <screen>~]# <command>yum install httpd</command></screen> <para> - For more information on the concept of runlevels and how to manage system services in &MAJOROS; in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />. + For more information on the concept of runlevels and how to manage system services in &MAJOROS; in general, refer to <xref linkend="ch-Services_and_Daemons" />. </para> - <section id="s2-apache-running-starting"> + <section id="s3-apache-running-starting"> <title>Starting the Service</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -193,7 +179,7 @@ Starting httpd: [ OK ]</screen> </para> </note> </section> - <section id="s2-apache-running-stopping"> + <section id="s3-apache-running-stopping"> <title>Stopping the Service</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -272,7 +258,7 @@ httpd (pid 19014) is running...</screen> </para> </section> </section> - <section id="s1-apache-editing"> + <section id="s2-apache-editing"> <title>Editing the Configuration Files</title> <para> When the <systemitem class="service">httpd</systemitem> service is started, by default, it reads the configuration from locations that are listed in <xref linkend="table-apache-editing-files" />. @@ -337,7 +323,7 @@ Syntax OK</screen> <para> To make the recovery from mistakes easier, it is recommended that you make a copy of the original file before editing it. </para> - <section id="s2-apache-httpdconf-directives"> + <section id="s3-apache-httpdconf-directives"> <title>Common <filename>httpd.conf</filename> Directives</title> <indexterm significance="preferred"> <primary><application>Apache HTTP Server</application></primary> @@ -2129,7 +2115,7 @@ ErrorDocument 404 /404-not_found.html</screen> The <replaceable>name</replaceable> has to be a valid identifier of the required module. The <replaceable>path</replaceable> refers to an existing module file, and must be relative to the directory in which the libraries are placed (that is, <filename class="directory">/usr/lib/httpd/</filename> on 32-bit and <filename class="directory">/usr/lib64/httpd/</filename> on 64-bit systems by default). </para> <para> - Refer to <xref linkend="s1-apache-dso" /> for more information on the Apache HTTP Server's DSO support. + Refer to <xref linkend="s2-apache-dso" /> for more information on the Apache HTTP Server's DSO support. </para> <example id="example-apache-httpdconf-loadmodule"> <title>Using the <option>LoadModule</option> directive</title> @@ -3295,7 +3281,7 @@ ErrorDocument 404 /404-not_found.html</screen> </varlistentry> </variablelist> </section> - <section id="s2-apache-sslconf-common"> + <section id="s3-apache-sslconf-common"> <title>Common <filename>ssl.conf</filename> Directives</title> <para> The <firstterm>Secure Sockets Layer</firstterm> (<acronym>SSL</acronym>) directives allow you to customize the behavior of the Apache HTTP Secure Server, and in most cases, they are configured appropriately during the installation. Be careful when changing these settings, as incorrect configuration can lead to security vulnerabilities. @@ -3406,10 +3392,10 @@ ErrorDocument 404 /404-not_found.html</screen> </varlistentry> </variablelist> <para> - Note that for the <filename>/etc/httpd/conf.d/ssl.conf</filename> file to be present, the <package>mod_ssl</package> needs to be installed. Refer to <xref linkend="s1-apache-mod_ssl" /> for more information on how to install and configure an SSL server. + Note that for the <filename>/etc/httpd/conf.d/ssl.conf</filename> file to be present, the <package>mod_ssl</package> needs to be installed. Refer to <xref linkend="s2-apache-mod_ssl" /> for more information on how to install and configure an SSL server. </para> </section> - <section id="s2-apache-mpm-common"> + <section id="s3-apache-mpm-common"> <title>Common Multi-Processing Module Directives</title> <para> The <firstterm>Multi-Processing Module</firstterm> (<acronym>MPM</acronym>) directives allow you to customize the behavior of a particular MPM specific server-pool. Since its characteristics differ depending on which MPM is used, the directives are embeded in <option>IfModule</option>. By default, the server-pool is defined for both the <systemitem class="resource">prefork</systemitem> and <systemitem class="resource">worker</systemitem> MPMs. @@ -3613,7 +3599,7 @@ ErrorDocument 404 /404-not_found.html</screen> </variablelist> </section> </section> - <section id="s1-apache-dso"> + <section id="s2-apache-dso"> <title>Working with Modules</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -3628,7 +3614,7 @@ ErrorDocument 404 /404-not_found.html</screen> <para> Being a modular application, the <systemitem class="service">httpd</systemitem> service is distributed along with a number of <firstterm>Dynamic Shared Objects</firstterm> (<acronym>DSO</acronym>s), which can be dynamically loaded or unloaded at runtime as necessary. By default, these modules are located in <filename class="directory">/usr/lib/httpd/modules/</filename> on 32-bit and in <filename class="directory">/usr/lib64/httpd/modules/</filename> on 64-bit systems. </para> - <section id="s2-apache-dso-loading"> + <section id="s3-apache-dso-loading"> <title>Loading a Module</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -3636,7 +3622,7 @@ ErrorDocument 404 /404-not_found.html</screen> <tertiary>loading</tertiary> </indexterm> <para> - To load a particular DSO module, use the <option>LoadModule</option> directive as described in <xref linkend="s2-apache-httpdconf-directives" />. Note that modules provided by a separate package often have their own configuration file in the <filename class="directory">/etc/httpd/conf.d/</filename> directory. + To load a particular DSO module, use the <option>LoadModule</option> directive as described in <xref linkend="s3-apache-httpdconf-directives" />. Note that modules provided by a separate package often have their own configuration file in the <filename class="directory">/etc/httpd/conf.d/</filename> directory. </para> <example id="example-apache-dso-loading"> <title>Loading the <systemitem class="resource">mod_ssl</systemitem> DSO</title> @@ -3646,7 +3632,7 @@ ErrorDocument 404 /404-not_found.html</screen> Once you are finished, restart the web server to reload the configuration. Refer to <xref linkend="s3-apache-running-restarting" /> for more information on how to restart the <systemitem class="service">httpd</systemitem> service. </para> </section> - <section id="s2-apache-dso-writing"> + <section id="s3-apache-dso-writing"> <title>Writing a Module</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -3669,7 +3655,7 @@ ErrorDocument 404 /404-not_found.html</screen> </para> </section> </section> - <section id="s1-apache-virtualhosts"> + <section id="s2-apache-virtualhosts"> <title>Setting Up Virtual Hosts</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -3710,7 +3696,7 @@ ErrorDocument 404 /404-not_found.html</screen> To activate a newly created virtual host, the web server has to be restarted first. Refer to <xref linkend="s3-apache-running-restarting" /> for more information on how to restart the <systemitem class="service">httpd</systemitem> service. </para> </section> - <section id="s1-apache-mod_ssl"> + <section id="s2-apache-mod_ssl"> <title>Setting Up an SSL Server</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -3745,7 +3731,7 @@ ErrorDocument 404 /404-not_found.html</screen> <para> Unlike a regular HTTP connection that can be read and possibly modified by anybody who is able to intercept it, the use of <systemitem class="resource">mod_ssl</systemitem> prevents any inspection or modification of the transmitted content. This section provides basic information on how to enable this module in the Apache HTTP Server configuration, and guides you through the process of generating private keys and self-signed certificates. </para> - <section id="s2-apache-mod_ssl-certificates"> + <section id="s3-apache-mod_ssl-certificates"> <title>An Overview of Certificates and Security</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -3826,7 +3812,7 @@ ErrorDocument 404 /404-not_found.html</screen> When setting up an SSL server, you need to generate a certificate request and a private key, and then send the certificate request, proof of the company's identity, and payment to a certificate authority. Once the CA verifies the certificate request and your identity, it will send you a signed certificate you can use with your server. Alternatively, you can create a self-signed certificate that does not contain a CA signature, and thus should be used for testing purposes only. </para> </section> - <section id="s2-apache-mod_ssl-enabling"> + <section id="s3-apache-mod_ssl-enabling"> <title>Enabling the <systemitem class="resource">mod_ssl</systemitem> Module</title> <para> If you intend to set up an SSL server, make sure you have the <package>mod_ssl</package> (the <systemitem class="resource">mod_ssl</systemitem> module) and <package>openssl</package> (the OpenSSL toolkit) packages installed. To do so, type the following at a shell prompt: @@ -3841,7 +3827,7 @@ ErrorDocument 404 /404-not_found.html</screen> This will create the <systemitem class="resource">mod_ssl</systemitem> configuration file at <filename>/etc/httpd/conf.d/ssl.conf</filename>, which is included in the main Apache HTTP Server configuration file by default. For the module to be loaded, restart the <systemitem class="service">httpd</systemitem> service as described in <xref linkend="s3-apache-running-restarting" />. </para> </section> - <section id="s2-apache-mod_ssl-keypair"> + <section id="s3-apache-mod_ssl-keypair"> <title>Using an Existing Key and Certificate</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -3875,7 +3861,7 @@ ErrorDocument 404 /404-not_found.html</screen> </listitem> </orderedlist> <para> - In either of the above cases, you will need to obtain a new certificate. For more information on this topic, refer to <xref linkend="s2-apache-mod_ssl-genkey" />. + In either of the above cases, you will need to obtain a new certificate. For more information on this topic, refer to <xref linkend="s3-apache-mod_ssl-genkey" />. </para> <para> If you wish to use an existing key and certificate, move the relevant files to the <filename class="directory">/etc/pki/tls/private/</filename> and <filename class="directory">/etc/pki/tls/certs/</filename> directories respectively. You can do so by typing the following commands: @@ -3896,7 +3882,7 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k ~]# <command>mv /etc/httpd/conf/httpsd.crt /etc/pki/tls/certs/penguin.example.com.crt</command></screen> </example> </section> - <section id="s2-apache-mod_ssl-genkey"> + <section id="s3-apache-mod_ssl-genkey"> <title>Generating a New Key and Certificate</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -4101,12 +4087,12 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k </para> </section> </section> - <section id="s1-apache-resources"> + <section id="s2-apache-resources"> <title>Additional Resources</title> <para> To learn more about the Apache HTTP Server, refer to the following resources. </para> - <section id="s2-apache-resources-installed"> + <section id="s3-apache-resources-installed"> <title>Installed Documentation</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -4140,7 +4126,7 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k </varlistentry> </variablelist> </section> - <section id="s2-apache-resources-web"> + <section id="s3-apache-resources-web"> <title>Useful Websites</title> <indexterm> <primary><application>Apache HTTP Server</application></primary> @@ -4175,4 +4161,4 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k </variablelist> </section> </section> -</chapter> +</section> diff --git a/en-US/The_X_Window_System.xml b/en-US/The_X_Window_System.xml index 6868a28..e4345b3 100644 --- a/en-US/The_X_Window_System.xml +++ b/en-US/The_X_Window_System.xml @@ -1,7 +1,7 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter +<appendix id="ch-The_X_Window_System"> <title>The X Window System</title> <indexterm @@ -932,7 +932,7 @@ widget_class "*" style "user-font"</screen> <para>The X server looks for a font server specified in the <command>FontPath</command> directive within the <command>Files</command> section of the <filename>/etc/X11/xorg.conf</filename> configuration file. Refer to <xref linkend="s3-x-server-config-xorg.conf-files"/> for more information about the <command>FontPath</command> entry.</para> <para>The X server connects to the <command>xfs</command> server on a specified port to acquire font information. For this reason, the <command>xfs</command> service must be running for X to start. For more about configuring services for a particular runlevel, refer to <xref - linkend="ch-Controlling_Access_to_Services"/>.</para> + linkend="ch-Services_and_Daemons" />.</para> <section id="s3-x-fonts-xfs-config"> <title> @@ -1255,4 +1255,4 @@ widget_class "*" style "user-font"</screen> </itemizedlist> </section> </section> -</chapter> +</appendix> diff --git a/en-US/The_kdump_Crash_Recovery_Service.xml b/en-US/The_kdump_Crash_Recovery_Service.xml index d8766c9..b8b3513 100644 --- a/en-US/The_kdump_Crash_Recovery_Service.xml +++ b/en-US/The_kdump_Crash_Recovery_Service.xml @@ -102,7 +102,7 @@ To start the <systemitem class="service">kdump</systemitem> daemon at boot time, click the <guibutton>Apply</guibutton> button on the toolbar. This will enable the service for runlevels <literal>2</literal>, <literal>3</literal>, <literal>4</literal>, and <literal>5</literal>, and start it for the current session. Similarly, clicking the <guibutton>Disable</guibutton> button will disable it for all runlevels and stop the service immediately. </para> <para> - For more information on runlevels and configuring services in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />. + For more information on runlevels and configuring services in general, refer to <xref linkend="ch-Services_and_Daemons" />. </para> </section> <section id="s3-kdump-configuration-gui-basic"> @@ -540,7 +540,7 @@ No kdump initial ramdisk found. [WARNING] Rebuilding /boot/initrd-2.6.32-54.el6.i686kdump.img Starting kdump: [ OK ]</screen> <para> - For more information on runlevels and configuring services in general, refer to <xref linkend="ch-Controlling_Access_to_Services" />. + For more information on runlevels and configuring services in general, refer to <xref linkend="ch-Services_and_Daemons" />. </para> </section> </section> diff --git a/en-US/The_proc_File_System.xml b/en-US/The_proc_File_System.xml index 558d30a..351662b 100644 --- a/en-US/The_proc_File_System.xml +++ b/en-US/The_proc_File_System.xml @@ -1,7 +1,7 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter +<appendix id="ch-proc"> <title>The <filename>proc</filename> File System</title> <indexterm @@ -5238,4 +5238,4 @@ kernel.sysrq = 1 </itemizedlist> </simplesect> </section> -</chapter> +</appendix> diff --git a/en-US/The_sysconfig_Directory.xml b/en-US/The_sysconfig_Directory.xml index bf07174..99116e0 100644 --- a/en-US/The_sysconfig_Directory.xml +++ b/en-US/The_sysconfig_Directory.xml @@ -1,7 +1,7 @@ <?xml version='1.0'?> -<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter +<appendix id="ch-The_sysconfig_Directory"> <title>The sysconfig Directory</title> <indexterm> @@ -351,7 +351,7 @@ </variablelist> <para> Refer to <xref - linkend="ch-Authentication_Configuration" /> for more information on this topic. + linkend="ch-Configuring_Authentication" /> for more information on this topic. </para> </section> <section @@ -648,7 +648,7 @@ </variablelist> <para> Refer to <xref - linkend="ch-Dynamic_Host_Configuration_Protocol_DHCP" /> for more information on DHCP and its usage. + linkend="ch-DHCP_Servers" /> for more information on DHCP and its usage. </para> </section> <section @@ -1301,7 +1301,7 @@ </variablelist> <para> Refer to <xref - linkend="ch-Lightweight_Directory_Access_Protocol_LDAP" /> for more information on LDAP and its configuration. + linkend="s1-OpenLDAP" /> for more information on LDAP and its configuration. </para> </section> <section @@ -1366,7 +1366,7 @@ </variablelist> <para> Refer to <xref - linkend="ch-The_BIND_DNS_Server" /> for more information on the BIND DNS server and its configuration. + linkend="s1-BIND" /> for more information on the BIND DNS server and its configuration. </para> </section> <section @@ -2034,7 +2034,7 @@ </variablelist> <para> Refer to <xref - linkend="ch-Controlling_Access_to_Services" /> for more information on how to configure the <command>xinetd</command> services. + linkend="ch-Services_and_Daemons" /> for more information on how to configure the <command>xinetd</command> services. </para> </section> </section> @@ -2091,7 +2091,7 @@ <filename>/etc/sysconfig/networking/</filename> directory</secondary> </indexterm> This directory is used by the <application>Network Administration Tool</application> (<command>system-config-network</command>), and its contents should not be edited manually. For more information about configuring network interfaces using the <application>Network Administration Tool</application>, refer to <xref - linkend="ch-Network_Configuration" />. + linkend="ch-NetworkManager" />. </para> </listitem> </varlistentry> @@ -2199,4 +2199,4 @@ </variablelist> </section> </section> -</chapter> +</appendix> diff --git a/en-US/Log_Files.xml b/en-US/Viewing_and_Managing_Log_Files.xml similarity index 99% rename from en-US/Log_Files.xml rename to en-US/Viewing_and_Managing_Log_Files.xml index f9c7c32..5abc0dc 100644 --- a/en-US/Log_Files.xml +++ b/en-US/Viewing_and_Managing_Log_Files.xml @@ -1,8 +1,8 @@ <?xml version='1.0'?> <!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ ]> -<chapter id="ch-Log_Files"> - <title>Log Files</title> +<chapter id="ch-Viewing_and_Managing_Log_Files"> + <title>Viewing and Managing Log Files</title> <indexterm significance="normal"> <primary>log files</primary> <seealso> diff --git a/en-US/Web_Servers.xml b/en-US/Web_Servers.xml new file mode 100644 index 0000000..e9c5c3e --- /dev/null +++ b/en-US/Web_Servers.xml @@ -0,0 +1,18 @@ +<?xml version='1.0' encoding='utf-8' ?> +<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +]> +<chapter id="ch-Web_Servers"> + <title>Web Servers</title> + <indexterm> + <primary>HTTP server</primary> + <see><application>Apache HTTP Server</application></see> + </indexterm> + <indexterm> + <primary>web server</primary> + <see><application>Apache HTTP Server</application></see> + </indexterm> + <para> + <systemitem class="protocol">HTTP</systemitem> (Hypertext Transfer Protocol) server, or a <firstterm>web server</firstterm>, is a network service that serves content to a client over the web. This typically means web pages, but any other documents can be served as well. + </para> + <xi:include href="The_Apache_HTTP_Server.xml" xmlns:xi="http://www.w3.org/2001/XInclude" /> +</chapter>