Chapter 10 Linux Terminals and Shells 331

One of the major advantages that Linux offers is a true multi-user environment. This environment includes virtual terminals, multiple logins, and

remote logins — all on the same system at the same time. The remote access methods require the use of rlogin, telnet, or ssh to establish the connection. After the connection has been established, several common shell commands can help an administrator manage the Linux environment. These common shells can be used to create basic scripts to aid in the administration of a Linux system. Many of these administrative tasks are now included in the GUI interface tools that come with the most commonly used desktop environments, which are GNOME and KDE. To perform basic administration with these tools, you must have the ability to navigate the GUI environment. Also, you must have root access to perform many of the configurations on a Linux system. In fact, anyone administering a Linux system should be aware of the dangers of using root access, especially in a GUI environment.

Multi-User Environment

4.9 Describe and use the features of the multi-user environment (e.g., virtual terminals, multiple logins)

Linux is a true multi-user environment because it allows multiple users to simultaneously access a system locally or remotely. In fact, not only can several users access the system, they can also run several different applications on one computer at the same time. You can see this multitasking ability in action when using a console login, by pressing the key combination Alt+F2, which will switch to another login prompt terminal. This multiple console ability is enabled during the initialization of Linux, as several virtual consoles (or VCs) are created during startup. The number of consoles is controlled in the /etc/inittab file. You can switch back to the initial console by pressing Alt+F1. Most systems use four to six terminal sessions in order to provide local access to a system. Multiple virtual consoles can be used in environments where several users simultaneously access the same system, thus allowing each user to leave a session open while another user performs a task. Having several VCs is very useful, but VCs truly don’t provide access for multiple users. However, they do demonstrate the ability to provide multiple logins.

Locally attached serial terminals can also provide access to the system, as this is another way to establish virtual consoles. Often called “dumb terminals,” these serial devices are usually monochrome displays (color terminals do exist) and have a keyboard directly attached to provide input, and also a serial connection. A terminal server can host many serial connections — via serial hubs — that allow the daisy-chaining of clients. These clients log in to the server, which provides all the environmental and system resources, via terminals. The biggest advantage provided by a dumb terminal is the ability to provide clients with inexpensive devices that provide the computing power of a centrally located server. This central server can be easily upgraded to meet the future needs of the users.

332 Part IV Administration

The use of terminals has moved mostly to the Ethernet environment. All major vendors have some sort of terminal solution in place, which can be very useful and inexpensive.

The creation of Virtual Consoles

The administrator performs the creation of Virtual Consoles (VCs) for individual systems by using the /etc/inittab file. The following are the lines in the inittab file that control the virtual consoles:

# Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6

For older versions of Linux, the lines may also look like this:

#Run gettys in standard runlevels

#Level 3 also getty on modem port. 1:2345:respawn:/sbin/getty tty1 VC linux 2:2345:respawn:/sbin/getty tty2 VC linux 3:2345:respawn:/sbin/getty tty3 VC linux 4:2345:respawn:/sbin/getty tty4 VC linux S2:3:respawn:/sbin/uugetty ttyS2 M19200

Notice that the second configuration provides connection capabilities for modems to access the system. Because Linux supports the creation of up to 63 VCs on either local or remote connections, it can be used to create a small network using VCs.

The Linux Terminal Server Project

Linux uses the LTSP (Linux Terminal Server Project) to provide a simple way to utilize low cost workstations as either graphical or text-based terminals on a Linux server. A terminal is created from a diskless, or diskette-only system that boots from the network. To accomplish this, the terminal or workstation performs the following tasks:

Obtains an IP address from a bootp or DHCP server by using a bootable BIOS or NIC

Downloads the Linux kernel from a TFTP server

Mounts the file systems needed and assigned on an NFS server

Chapter 10 Linux Terminals and Shells 333

Loads all system software, including the X Server, into memory and begins operation

Contacts the XDM server and allows the user to log into the Linux system

These steps all require the use of a server to provide information for the terminals. The servers must be available to provide the following services:

DHCP or bootp

TFTP

X Server

NFS

These services allow the creation of graphical or text-based Linux terminals, which run over Ethernet. Graphical and text-based methods allow the creation of remote systems to augment the rlogin, TELNET, and ssh access methods.

See Chapter 7 for more information on rlogin, TELNET, and ssh.

These access methods require the basic user configuration on a Linux system and some additional configuration for the creation of terminal server clients.

Configurations for remote systems

4.9 Describe and use the features of the multi-user environment (e.g., virtual terminals, multiple logins)

4.11 Use network commands to connect to and manage remote systems (e.g., telnet, ftp, ssh, netstat, transfer files, redirect Xwindow)

The management of remote systems requires the creation of user accounts. After these user accounts have been created and the proper configurations have been made to the inittab file for virtual consoles, you need to configure additional services required by a terminal server.

To provide for the IP addressing of clients, you will need to enable the DHCP service or Bootp on your server.

After you have installed the automated method of assigning IP addresses, you need to install the lts_core package by using the command rpm -i lts_core- 2.XX-XX.i386.rpm, where XX-XX is the release version. The installation of the Linux Terminal Server creates the /tftpboot/lts directory and the basic root hierarchy that will be mounted as the root filesystem of the workstation. The ltsp_ initialize script is then run with the following commands:

334 Part IV Administration

cd /tftpboot/lts/templates

./ltsp_initialize

This installation script also modifies the following file:

/etc/exports

An entry is added in exports to allow machines in the 192.168.0.0 network to mount the /tftpboot/lts/ltsroot directory. Some other entries are created for other directories, but are commented out:

/etc/bootptab: A partial entry is called .ltsp. An additional entry is created for workstation ws001, but is left commented out.

/etc/X11/xdm/xdm-config: The “DisplayManager.requestPort” entry is commented out, thus allowing remote workstations to get an XDM Login screen.

/etc/X11/xdm/Xaccess: The wildcard entry that starts with an asterisk (*) is un-commented, thus allowing remote workstations to get an XDM Login screen.

/etc/hosts.allow: Entries are added by allowing bootpd to receive broadcast packets; in.tftpd and portmap are allowed to receive transfer requests from the 192.168.0.0 network.

/etc/rc.d/init.d/syslog: This script is modified to allow remote clients to send syslog messages to the server.

/etc/inetd.conf: This file is modified to turn on the tftp daemon.

/etc/inittab: This file is modified to start the xdm process and the default runlevel is set to 5.

/etc/rc.d/rc5.d/S11portmap: This symbolic link allows the portmapper to be started when the system enters runlevel 5.

/etc/rc.d/rc5.d/S60nfs: This symbolic link is created so that nfs will start when the system enters runlevel 5.

Because these file changes may introduce a security risk, you must restrict outside access by using a firewall. Then, install the kernels to be used for the remote stations by using some pre-configured kernels from the Linux Terminal Server Project or by creating a custom kernel. Either way, you must create the directory /tftpboot/lts that will contain the appropriate kernels. If you create a custom kernel, it must specify the following:

Support for your specific network card

RAM disk support

IP kernel level auto-configuration

BOOTP support

Chapter 10 Linux Terminals and Shells 335

/proc filesystem support

NFS filesystem support

Root filesystem on NFS

Support for Parallel and/or serial ports for printer

After you create the kernel it must be set as a tagged image format with the mknbilinux command. The mknbi-linux is included within the Etherboot package, which is available at http://etherboot.sourceforge.net, and uses the following command to convert the newly created kernel in the proper format:

/usr/src/linux/arch/i386/boot/bzImage

After you create the kernel, you need to configure the X Server. These files are also available from the Linux Terminal Server Project and should be placed in the /tftpboot/lts/ltsroot/ltsbin directory. You must also verify several configuration files. The tftpd service must be started by xinetd or inetd. Newer distributions use the more secure xinetd, with xinetd requiring the command xinetd. Enabling /etc/xinetd.d/tftp and inetd requires the editing of the inetd.conf file. Include a command similar to the following example in the inetd.conf file:

#

tftp dgram udp wait root /usr/sbin/tcpd in.tftpd #bootps dgram udp wait root /usr/sbin/tcpd bootpd

#

Notice here that tftp is active — because it is not uncommented from the file — so no action is required. If you need to use bootp, you should uncomment it as well. Verify the configuration in the inittab file in order to confirm that xdm is running with the line; id: 5:initdefault: indicates that the server will boot into runlevel 5. Also, verify the configuration file for either bootp or DHCP. You can use bootp by configuring the following entries to the /etc/bootptab file:

# LTS-begins

.ltsp:\

:ht=ethernet:\

:ds=192.168.0.254:\

:gw=192.168.0.254:\

:lg=192.168.0.254:\

:sm=255.255.255.0:\

:hn:\

:hd=/tftpboot/lts:\

:rp=/tftpboot/lts/ltsroot:

336 Part IV Administration

#

#The following is an example of a line needed for a

#workstation

#

ws01:tc=.ltsp:ha=AABBCCDDEEFF:bf=vmlinuz.ne2000:ip=192.168.0.1:

# LTS-end

This bootptab file will set up the network on the 192.168.0.0 network; others may be used where appropriate. The line section ha=AABBCCDDEEFF is the MAC address of the Ethernet card in the system. bootp requires quite a bit of configuration, which is why DHCP is preferred. DHCP requires the configuration of the /etc/dhcpd.conf file. DHCP installs this configuration file, /etc/dhcpd. conf.example, but it will need editing to configure the system properly for your setup. The following is the default file:

default-lease-time 21600; max-lease-time 21600;

shared-network WORKSTATIONS {

subnet 192.168.0.0 netmask 255.255.255.0 {

}

}

This configuration allows the use of bootp or DHCP. Further configuration is needed for the workstation name and the IP resolution. This information must be entered in the /etc/hosts file or on a DNS server, because NFS needs to perform name to IP address resolutions to work properly. Another file /etc/hosts.allow will be created automatically and may need configuration if the following default is not used.

Chapter 10 Linux Terminals and Shells 337

bootpd: 0.0.0.0 in.tftpd: 192.168.0. portmap: 192.168.0.

Adjust the network address for the network in use. The creation of the /etc/ export file provides file systems. By default, the file resembles the following:

## LTS-begin ##

#

#The lines between the ‘LTS-begin’ and the ‘LTS-end’ were added

#on: Sun Aug 6 23:30:29 EDT 2000 by the ltsp installation script.

#For more information, visit the ltsp homepage

#at http://www.ltsp.org

#

/tftpboot/lts/ltsroot 192.168.0.0/255.255.255.0(ro,no_root_squash)

#

#The following entries need to be uncommented if you want

#Local App support in ltsp

Notice that most of the file systems required to run local applications are remarked. They may need to be un-remarked if you plan to use local applications. The LTSP installation script modifies the /etc/rc.d/init.d/syslog startup script to enable remote workstations to send their syslog messages to the server, in order to verify that the line daemon syslogd -m 0 - is present. The configuration file for the workstations is the /tftpboot/lts/ltsroot/etc/lts.conf file, and it contains most of the configurable parameters for the workstations. Use the following example of a /tftpboot/lts/ltsroot/etc/lts.conf file if all workstations are the same: