Being a Red Hat Enterprise Linux administrator is a lot more fun than being in charge of Microsoft Windows, according to Mark Sobell, author of the new Prentice Hall PTR book, A Practical Guide to Red Hat Linux (Second Edition): Fedora Core and Red Hat Enterprise Linux. On the eve of LinuxWorld and the release of this book, Sobell answered our questions about some of the trickiest issues that Red Hat Linux administrators face. In the first part of the interview, he explained why it's easier to work with RHEL than Windows and offered tips on user administration and under-used tools. Look for the second tip -- on beating Trojan horses and doing great backups -- in this series next week, while LinuxWorld is in full swing. The third and final episode -- on avoiding common admin mistakes -- will appear the week after LinuxWorld.
What makes being an administrator for RHEL easier or more fun than working with Windows?
Sobell:There are under half a dozen known viruses for Linux, and none in the wild. There are several new ones per week for Windows. Working in a safer environment means you can dedicate more time to taking care of your user's needs and less time to protecting them from viruses and cleaning up the messes that come with an attack.
Most Windows configuration is done via a GUI, which can be painful on low-bandwidth links. It is possible to administer a Linux system remotely via ssh, which can comfortably be done in the park with a GPRS phone and PDA.
How can a Red Hat Linux admin reduce the chances that a user will use administrator/Superuser commands by mistake?
Sobell:The easiest way to prevent users from running Superuser commands is by not telling users the root password. It is that simple. You can use sudo selectively to give users Superuser privileges for a li
To continue reading for free, register below or login
To read more you must become a member of SearchEnterpriseLinux.com
mited amount of time on a per-user and per-command basis.
In addition, because a root-owned setuid program allows someone who does not know the root password to have the powers of Superuser, you should limit the number of root-owned setuid programs on the system. Your site should have as few of these programs as necessary. You can disable setuid programs at the filesystem level by mounting a filesystem with the nosuid option.
Why should admins perform tasks using the least privilege possible?
Sobell: You should always run with the least privilege possible because you are human and humans make mistakes. Because you are more likely to make a mistake when you are rushing, this concept becomes more impor¬tant when you have less time to apply it. Performing a task with excess privilege will frequently cause more damage than running it with minimal privilege if…
When you are working on the computer, especially when you are working as the system adminis¬trator, perform any task by using the least privilege possible. When you can perform a task logged in as an ordinary user, do so. When you must be logged in as Superuser, do as much as you can as an ordinary user, use su so that you have root privileges, do as much of the task that has to be done as Superuser, and revert to being an ordinary user as soon as you can.
What handy user administration tools/utilities available in Red Hat Linux are underused, and why should admins use them more often?
Sobell: Here's a short list:
In my new book, A Practical Guide to Red Hat Linux, Second Edition, I discuss many tools you can use, including the Red Hat-specific system-config-* (Fedora Core 2) and redhat-config-* (Red Hat Enterprise Linux) graphical system admin tools.
