8.11 Keeping Your Fedora Core System Up to Date


8.11 Keeping Your Fedora Core System Up to Date

Since Fedora Core isn't officially supported by Red Hat, Fedora Core users don't have access to Red Hat Network. However, Fedora Core includes the Alert Notification and up2date tools, which can automatically install software updates.

You don't need to activate a software license in order to update your Fedora Core system, but you do need to configure your system. The procedure used to configure and update your system closely resembles that appropriate for updating Red Hat Enterprise Linux. Here are the steps you should follow:

  1. Launch the Alert Notification Tool configuration sequence by right-clicking the Alert Notification Tool icon. The series of dialog boxes that appears closely resembles that related to Red Hat Enterprise Linux, described in the preceding section.

  2. Launch the up2date tool by clicking the Alert Notification Tool icon. Complete the series of dialog boxes, beginning with the Welcome to Red Hat Update Agent dialog box. The series closely resembles that of Red Hat Enterprise Linux, described in the preceding section. However, it omits several dialog boxes that relate to Red Hat Network.

If you're prompted to install the Red Hat, Inc. public GPG key, be sure to click Yes. Otherwise, system updates will fail.


Once you've configured the Alert Notification tool, its color indicates whether updates are available. If the tool is red, click the tool icon, review the available updates, and install those you consider appropriate. In general, you should install all available updates as soon as they become available. However, you may prefer to postpone installing available updates—especially large updates that entail time-consuming downloads—to a convenient time.


Chapter 9. Configuring and Administering Linux

GNOME and KDE include two menus that provide access to utilities for configuring and administering your system: System Settings and System Tools. Most of these utilities are also available via the Start Here folder. This chapter explains the utilities, equipping you to perform common system administration tasks. In particular, the chapter explains how to manage user accounts, how to configure a printer, how to configure your system's sound adapter, how to view system log files, and how to administer services. Many of these operations require root access. If you launch one of the tools when not logged in as root, the tool will conveniently ask you for the root password. Once you've logged in as the root user, the desktop will display an icon resembling a set of keys. So long as this icon appears, the system will automatically extend you root privileges when necessary. You can cancel this authorization by clicking on the icon and then clicking Forget Authorization.


9.1 Configuring Your System by Using the System Settings Menu

The GNOME and KDE System Settings menu provides access to 15 utilities that help you configure your system. Chapter 8 explained one of these, the package management tool. The tools available are:


Add/Remove Applications

Provides access to the Package Management tool, which lets you install and remove RPM packages


Authentication

Provides access to the Authentication Configuration tool, which lets you configure password settings


Date & Time

Provides access to the Date/Time Properties tool, which lets you configure the time zone, date, and time


Display

Provides access to the Display Settings tool, which lets you configure monitor resolution, color depth, and other display characteristics


Keyboard

Provides access to the Keyboard tool, which lets you choose the keyboard appropriate to your system


Language

Provides access to the Language Selection tool, which lets you choose the current language from among those for which you've installed support


Login Screen

Provides access to the GDM (GNOME Display Manager) Setup tool, which lets you configure how people log in under X


Mouse

Provides access to the Mouse Configuration tool, which lets you choose the mouse appropriate to your system and enable or disable 3-button emulation


Network

Provides access to the Network Configuration tool, which lets you configure network, modem, virtual private network (VPN), and wireless connections and related settings


Printing

Provides access to the Red Hat Printer Configuration tool, which lets you configure printers and control print queues


Root Password

Provides access to a tool that enables you to change the root password


Security Level

Provides access to the Security Level Configuration tool, which lets you configure a firewall to protect your system from network attacks


Soundcard Detection

Provides access to the Sound Card Detection tool, which configures, and enables you to verify the operation of, your sound card


Users and Groups

Provides access to the Red Hat User Manager, which lets you configure user accounts and groups Depending on the packages installed on your system, you may see fewer or more items on the System Settings menu.

In addition, the System Setings menu contains a More System Settings submenu, on which you can find one more tool: the Desktop Switching Tool, which lets you choose between the GNOME and KDE desktop if you've installed both desktops. You may also find a Server Settings submenu, which you can use to configure servers you've installed. This chapter explains how to control services. Chapter 12 explains how to install and configure commonly used servers.

Most of the System Settings tools function much like the Red Hat Linux installation procedure. This section focuses on tools that do not resemble installation procedure steps, namely:

  • GDM Setup tool, accessed via the Login Screen menu item

  • Red Hat Printer Configuration tool

  • Sound Card Configuration tool

  • Red Hat User Manager

  • Desktop Switching Tool

The Network Configuration tool provides many settings and functions. Explanation of the Network Configuration tool is deferred to Chapter 10 and Chapter 11.

9.1.1 Setting Up X Logins

The GDM Setup tool, accessible via System Settings images/ent/U2192.GIF border=0> Login Screen from the main menu, lets you specify options related to X logins. Figure 9-1 shows the tool. Most of the options are cosmetic. For example, you can choose whether times are displayed in 12- or 24-hour format. However, the Security and XDMCP tabs provide options that you should consider changing.

Figure 9-1. The GDM Setup tool
figs/rh4_0901.gif

By default, the XDMCP tab disables XDMCP, the facility that provides remote X terminals and sessions the ability to login to your system. If you have X terminals or additional Linux or Unix hosts, you may find it convenient to be able to remotely log in to your system. To provide this capability, enable the Enable XDMCP checkbox. The change takes effect when you close the GDM Setup tool. Thereafter, X terminals and X sessions on your local network should be able to remotely log in to your system.

If you've enabled XDMCP but are unable to obtain an X login screen, check your firewall settings by using the Security Level Configuration tool. It's likely that your firewall is configured to block remote X access.


If you enable XDMCP, you should generally make a second configuration change. By default, the Security tab enables the setting Allow root to login remotely with GDM. Most users do not need to remotely login as root and therefore don't require this setting to be enabled. By disabling the setting, you can prevent unauthorized persons from successfully logging in as root from remote X terminals or sessions. Therefore, you should generally disable this setting.

9.1.2 Configuring a Printer

Before you can print, you must configure a printer. Red Hat Enterprise Linux and Fedora Core support local printers attached to your system's parallel port and remote printers that your system accesses via the network. Before you can configure a remote printer, you must first configure networking, as explained in Chapter 11.

If your local printer attaches via the USB port, you can configure it using the same procedure used for a printer attached via the parallel port. However, please bear in mind that neither Red Hat Enterprise Linux nor Fedora Core flawlessly supports USB devices.


To configure a local printer, launch the printer configuration tool by selecting System Settings images/ent/U2192.GIF border=0> Printing from the main menu. The Red Hat printer configuration tool (Figure 9-2) appears.

Figure 9-2. The printer configuration tool
figs/rh4_0902.gif

First, create a new printer by clicking the New icon. The Add a New Print Queue wizard appears. Click Forward to proceed. The "Queue name" dialog box (Figure 9-3) appears.

Figure 9-3. The Queue name dialog box
figs/rh4_0903.gif

Every print queue has a name. The most commonly used name for the default print queue is lp. Type lp or another print queue name of your choice in the text box labeled Name and click Forward.

The "Queue type" dialog box (Figure 9-4) appears.

Figure 9-4. The Queue type dialog box
figs/rh4_0904.gif

This dialog box shows the parallel ports associated with your system. Linux numbers parallel ports starting with zero, so the port designated /dev/lp0 corresponds to the device known by Microsoft Windows as LPT1.

Select the default queue type, Locally-connected. Then, select the device to which the locally connected printer is attached and click Forward. If the appropriate device does not initially appear, you may be able to use the Rescan Devices button to cause it to appear. Alternatively, you can use the Custom device button to launch a dialog box that enables you to manually specify the device. Click Forward.

The "Printer model" dialog box (Figure 9-5) appears. Select the make of your printer by clicking the caret that appears at the right of the listbox labeled Select the printer manufacturer and model. From the sublist that appears, select the model of your printer. Then click Forward.

Figure 9-5. The Printer model dialog box
figs/rh4_0905.gif

The "Finish, and create the new print queue" dialog box (Figure 9-6) appears. Check the information and use the Back button to correct any errors. When you're satisfied with your specifications, click Apply.

Figure 9-6. The Finish, and create the new print queue dialog box
figs/rh4_0906.gif

A message box appears, asking if you'd like to print a test page. In order to verify that your printer is operational, you should generally click Yes. Doing so sends a sample page to the printer. After a few seconds, another message box should inform you that the test page has been printed. When you dismiss the message box, the printer configuration tool (Figure 9-7) appears.

Figure 9-7. The printer configuration tool
figs/rh4_0907.gif

If the test page was actually printed, you know that the printing facility is operational. Otherwise, you should check the printer status and cables. If the sample page still doesn't appear or appears incorrectly, select the printer and click Edit. Use the "Edit a print queue" dialog box that appears (Figure 9-8) to select a different print driver or revise options associated with the current driver.

Figure 9-8. The Edit a print queue dialog box
figs/rh4_0908.gif

When you exit the printer configuration tool, you're prompted to save your configuration changes. If you choose not to do so, recent changes are discarded.

9.1.3 Changing the root User Password

You can change the password associated with the root user account by using the Root Password tool. To do so, select System Settings Root images/ent/U2192.GIF border=0> Password from the main menu. A dialog box (Figure 9-9) appears. Type the desired password twice and click OK. If the two passwords match, the password is immediately changed. Otherwise, the tool gives you another opportunity to change the password.

Figure 9-9. The Root Password tool
figs/rh4_0909.gif

The system evaluates passwords and can determine that a password you specify is insecure. In such a case, it may prevent you from using the insecure password or, if you are the root user, it may merely inform you that the password is insecure. Unless your PC is physically secure and never connected to a network, you should choose only secure passwords.


9.1.4 Configuring Sound

If your system includes a compatible sound adapter, you can use the Soundcard Detection tool to automatically configure your adapter. If you're unsure whether your system's sound adapter is supported, check the Red Hat Enterprise Linux hardware compatibility database at http://hardware.redhat.com. Several popular cards are not fully compatible with Red Hat Enterprise Linux, so it's best to check the database before wasting time trying to configure incompatible hardware.

Unfortuntely, the Fedora Project does not yet provide a hardware compatibility database. However, you can use the Red Hat Enterprise Linux compatibility database as a general guide to devices compatible with Fedora Core.


To configure your system's sound adapter, choose System Settings Soundcard Detection from the main menu. The Audio Devices dialog box (Figure 9-10) appears.

Figure 9-10. The Audio Devices dialog box
figs/rh4_0910.gif

The soundcard detection tool probes your system, seeking supported sound adapters. After a sound adapter has been identified, the tool displays the vendor and model of your sound card and the associated Linux kernel module name. If the tool was unable to find a sound adapter, it displays the text "No soundcards were detected."

If your system's sound adapter was successfully probed, you can click the Play test sound button to test the adapter. If you don't hear the sound, check that your speakers are plugged in and, if necessary, powered on. Otherwise, you may spend time trying to reconfigure a sound adapter that's actually working fine.

If the test sound works, but you don't hear sound at other times, check the mixer levels by choosing Sound & Video images/ent/U2192.GIF border=0> Volume Control from the main menu. If you're using KDE, you should also check Control Center images/ent/U2192.GIF border=0> Sound & Video images/ent/U2192.GIF border=0> Sound System images/ent/U2192.GIF border=0> Mixer. You may find that a volume control is set too low or a mixer setting is preventing you from hearing sounds. Be careful when adjusting volume and mixer settings. Loud noises can damage equipment, your hearing, and relationships with neighbors.

If you're using GNOME, you can enable desktop sounds by choosing Preferences images/ent/U2192.GIF border=0> Sound to configure a sound server to start when the desktop is launched. If you're using KDE, choose Control Center images/ent/U2192.GIF border=0> Sound & Multimedia Sound System.


9.1.5 User and Group Administration

The Red Hat User Manager tool lets you administer users and groups. To launch the tool, select System Settings images/ent/U2192.GIF border=0> Users and Groups from the main menu. The Red Hat User Manager tool (Figure 9-11)appears.

Figure 9-11. The Red Hat User Manager
figs/rh4_0911.gif

The tool presents a scrollable list of user accounts (users) and displays the following information about each user account:


User Name

The login name associated with the user account.


User ID

The numeric ID associated with the user account. This ID is automatically assigned when the user account is created and is unique to each user account.


Primary Group

The name of the primary user group associated with the user account. Accounts used by people rather than by system processes generally have an associated primary group having the same name as the user account.


Full Name

The name of the person or process that owns the user account.


Login Shell

The login shell assigned to the user account. Assigning /bin/false or /sbin/nologin prevents the user account from logging in.


Home Directory

The home directory associated with the user account. When the user logs in, this directory is set as the current working directory.

When many user accounts are configured, it may be inconvenient to scroll through the list. You can use the text box labeled Search filter to display only user accounts having names matching a specified pattern. Type the pattern in the text box and click Apply filter.

9.1.5.1 Modifying a user account

To modify a user account, click the desired account and click Properties. The User Properties dialog box (Figure 9-12) appears.

Figure 9-12. The User Properties dialog box
figs/rh4_0912.gif

The User Data pane of the User Properties dialog box lets you view and change a variety of properties:


User Name

The login name associated with the user account.


Full Name

The name of the person or process that owns the user account.


Password

The password to be associated with the user account.


Confirm Password

The password to be associated with the user account. The password is specified twice in order to reduce the risk of assigning an incorrect password due to a typing error.


Home Directory

The home directory associated with the user account. When the user logs in, this directory is set as the current working directory.


Login Shell

The login shell assigned to the user account. Assigning /bin/false or /sbin/nologin prevents the user account from logging in.

The Account Info pane (Figure 9-13) lets you specify a date on which a user account becomes unusable. Alternatively, you can use the text box labeled "Local password is locked" to immediately disable an account.

Figure 9-13. The Account Info pane of the User Properties dialog box
figs/rh4_0913.gif

The Password Info pane (Figure 9-14) lets you set password expiration options for the account. To do so, enable the checkbox labeled Enable password expiration.

Figure 9-14. The Password Info pane of the User Properties dialog box
figs/rh4_0914.gif

Choosing a Secure Password

A cracker who manages to obtain a copy of your system's /etc/shadow file may be able to discover your password by using a utility that tries to determine your password by decrypting the encrypted password stored in the file. You can make the cracker's job more difficult by using one or more of the following techniques:

  • Choose a password that is at least six characters long.

  • Choose a password that is not a dictionary word. Use a made-up word or a phrase.

  • Choose a password that includes uppercase and lowercase letters.

  • Choose a password that includes digits as well as letters. However, don't merely follow a dictionary word by the digit 1 or use a similarly guessable scheme.

  • Choose a password that includes one or more special characters, such as a dollar sign, pound sign, or underscore.

Other things being equal, the longer a password is used, the greater the likelihood that it has been compromised. One way to protect users from password crackers is to require users to change their passwords regularly.

Some overly zealous system administrators require users to change their passwords every 30 days. Unless a system contains top secret data, such a short interval is unnecessary, amounting to what's called password fascism. You may find that requiring users to change their passwords every six months or every year is sufficient to avoid hacker invasion of user accounts.


Then you can specify any of the following values:


Days before change allowed

The number of days that must elapse before the user can change the password associated with the user account.


Days before change required

After the specified number of days, the user must change the password associated with the user account.


Days warning before change

This value is used in combination with the Days Before Change Required value. The user will be given advance notice of the need to change the password associated with the user account. The notification begins the specified number of days before the change must be made.


Days before account inactive

After the specified number of days, the user account is disabled.

The Groups pane displays a series of checkboxes corresponding to existing user groups. To associate the user account with a group, check the box corresponding to the desired group.

9.1.5.2 Adding a new user

To create a new user account, click Add User in the Red Hat User Manager dialog box. This will launch the Create New User dialog box (Figure 9-15).

Figure 9-15. The Create New User dialog box
figs/rh4_0915.gif

When you create a new user account, you can specify the following values:


User Name

The name of the user account to be created.


Full Name

The name of the user who will use the account.


Password

The password to be associated with the user account.


Confirm Password

Again, the password to be associated with the user account.


Login Shell

The login shell associated with the account. You should generally select /bin/ bash.


Create home directory

You should generally check this box, so that a home directory is created.


Home Directory

This value is used only when Create Home Directory is enabled. The default value, which creates a home directory named after the user, is generally acceptable.


Create a private group for this user

You should generally enable this checkbox, which causes automatic creation of a primary user group having the same name as the user account.


Specify user ID manually

Leave this box unchecked unless you want to manually specify the numeric ID associated with the user account. You won't generally need to enable this option.

When you've specified the desired values, click OK to create the user account.

9.1.5.3 Deleting a user account

To delete a user account, click on the desired account and click Delete. A message box asks you to confirm your decision to delete the account. The message box also enables you to specify whether the home directory associated with the user account should be deleted.

9.1.5.4 Configuring groups

You may recall from Chapter 4 that Linux uses groups to define a set of related user accounts that can share access to a file or directory. You probably won't find it necessary to configure group definitions very often, particularly if you use your system as a desktop system rather than a server.

To view the configured groups, launch the User Manager tool and click the Groups tab. The Groups pane (Figure 9-16) appears. Groups are shown in a scrollable list, similar to the way user accounts are displayed.

Figure 9-16. The Groups pane of the User Manager
figs/rh4_0916.gif

To create a new group, click the Add Group icon. The Create New Group dialog box (Figure 9-17) appears. The dialog box lets you specify the name of the new group. It also lets you manually specify the numeric ID of the group; however you should rarely need to do so. When you've specified the name of the new group, click OK to create the group.

Figure 9-17. The Create New Group dialog box
figs/rh4_0917.gif

To modify a group, click on the name of the group. The Group Properties dialog box (Figure 9-18) appears. The Group Data pane of the dialog box lets you revise the name of the group. The Group Users pane contains a scrollable list of users; you can associate a user account with a group by enabling the checkbox adjacent to the username, or dissociate a user account from a group by disabling the checkbox adjacent to the username. When you've completed your changes, click OK to make them effective.

Figure 9-18. The Group Properties dialog box
figs/rh4_0918.gif

To delete a group, select the group in the Groups pane and click the Delete icon. A message box asks you to confirm your decision to delete the group.

9.1.6 Switching Desktops

During the installation procedure, GNOME is automatically configured as the default desktop. If you installed KDE, you can choose KDE as the default by using the desktop switcher. To do so, select System Settings images/ent/U2192.GIF border=0> More System Settings Desktop images/ent/U2192.GIF border=0> Switching Tool from the main menu. The Desktop Switcher tool (Figure 9-19) appears.

Figure 9-19. The Desktop Switcher dialog box
figs/rh4_0919.gif

In addition to GNOME and KDE, the Desktop Switcher lets you specify TWM (tiny window manager), a sparsely functional but highly efficient desktop. The checkbox labeled "Change only applies to current display" lets you restrict your choice of desktop to the current display (generally localhost.localdomain:0.0), as indicated in the top line of the dialog box. This facility is useful if your system has been configured to allow remote users to log in via X.

To specify a desktop, click the desired radio button and click OK. A dialog box appears, informing you that you must restart X for the selected desktop to appear. To restart X, simply log out and then log in.