By Jeffrey Carl
Boardwatch Magazine was the place to go for Internet Service Provider industry news, opinions and gossip for much of the 1990s. It was founded by the iconoclastic and opinionated Jack Rickard in the commercial Internet’s early days, and by the time I joined it had a niche following but an influential among ISPs, particularly for its annual ranking of Tier 1 ISPs and through the ISPcon tradeshow. Writing and speaking for Boardwatch was one of my fondest memories of the first dot-com age.
Hi there, and welcome back to the only column in Boardwatch read even less frequently than the lame Lucent ads. This month, we’ll be taking a look at common tasks for many system administrators, and whether doing them with a Free Unix (Linux or any of the various free BSDs) will make you pull out your hair and insert your foot in the disk drive instead of a system disk.
Freenixes and Ease of Use
Recently, we’ve looked at why you might want to switch to a Freenix instead of a commercial OS like Solaris (“We’re the dot in $6,000.00”) or Windows NT Server (“The best Solitaire $2500 can buy!”). But the fact remains that an operating system isn’t really “free” if you need to include the costs of divorce and therapy in it. So, can a non-Unix-guru easily accomplish the tasks with a Freenix that he or she is accustomed to doing on a commercial OS?
There are two main ease-of-use problems you’ll face with a Freenix. First is that there’s no such thing as a Unix Server for Dummies. All Unixes are – by design – operating systems by people who know what they’re doing, for people who know what they’re doing. (By way of comparison, Windows 98 and MacOS are operating systems by people who usually know what they’re doing, for people who don’t even want to know what they’re doing. Windows NT is an operating system by people who like stock options, for people who like certification classes.) You’re probably never going to be in full command of a Freenix system until you’ve taken the time to read through a stack of “O’Reilly” books and really learn your OS. This is true of any server OS; it’s just a lot harder to “fake it” with Unix.
Second is an element that sounds obvious but shouldn’t be discounted: there’s no tech support number to call. Unless you’re willing to pay LinuxCare or one of the other Linux or OpenBSD commercial support companies, you’re stuck with books, online manual pages and documentation, and the support of your fellow Freenix users. Books and documentation cover a lot of your questions, but you’ll still run into plenty of problems where the only real solution is to ask someone who has had the same problem before. Ninety-nine percent of the problems new users will encounter can be handled by the tried-and-true RTFM (“Read The F***ing Manual”) method; but you will inevitably encounter a technical dead end where your best bet is to pray that someone responds to your newsgroup or mailing list post quickly.
A few caveats need to be given for these ratings. I’m assuming that you’re using the most common free tools here (Apache, Sendmail, etc.); using third-party applications may be significantly different (and probably easier). Also, I’m assuming that you’re willing to get your hands dirty a little with command-line administration and aren’t relying entirely on point-and-click options. So, with that being said, let’s take a look at a few common administrative tasks, the flexibility of configuration options that Freenixes provide, and their ease of use:
Ease for Enough-To-Get-By Administration: Very easy.
Ease for Advanced Administration: Ranges from breezy to baffling.
The greatest virtue of all Freenixes is that, for everything that you want to do, somebody else has already wanted to do that same thing. And, usually, they’ve been a Computer Science student or professor, a communist, or someone else dumb enough to write a program to do it and give it away for free. Therefore, the vast majority of common sysadmin tasks on a Freenix already have a tool to set things up and save you work.
Most Freenixes provide a networking setup tool during their installer process that allows you to set up basic (Ethernet or PPP) network connectivity with only a few pieces of information. Even for some more advanced tasks, Linux tools (like linuxconf in its command-line or GUI versions) or FreeBSD’s /stand/sysinstall program give you simple options for configuring normally arcane tasks. You can generally turn your machine into an ersatz router by running RouteD or GateD, share NFS drives or enable ISDN, ATM or other interfaces with a couple of minutes’ work. These easy-admin programs are (as all Freenix GUI/semi-GUI tools are) just tools for modifying the text configuration files hidden somewhere else on the server (e.g., /etc/rc.network, etc.) that do the actual work. If you’re willing to take a shot at editing the actual text configuration files, your options increase.
However, be warned that certain advanced or uncommon tasks are going to require not only hunting down the requisite files but also knowing about how networking actually works on an interface and packet level. Nonetheless, the majority of us who don’t have a “seven-layer OSI model” tattoo can still get the job done using the available tools.
Ease for Enough-To-Get-By Administration: Very easy.
Ease for Advanced Administration: Nothing you can’t handle.
It should be noted that the Unix system security model defines the amount of user account configuration you can do. Unlike Windows NT, you aren’t able to specify “semi-privileged” accounts; practically speaking, you’re root or you’re nobody. (A little joke there. Very little.) However, if you’re willing to get wise in the ways of the Unix permission structure (each file or directory has settings for the permissions allowed to the owner/creator of the file, other users in the owner’s group, and all other users on the system), you can replicate much of this functionality through selectively adding users to specific groups.
For ease-of-administration, Linux leads the way here, providing GUI tools for nearly all window managers that allow you to create and delete users, set disk space quotas, define user meta information and shell info. (These tools are also available for the *BSDs, but they are native to Linux.) Overall, you’ll find simple user administration tasks (as mentioned above) to be quite simple and easily done through either a GUI tool or the command line. Advanced tasks (like putting the user in a chroot-ed environment, or limiting their access to certain methods) are less simple, but still pretty easily accomplished.
Flexibility: How flexible were you expecting FTP to be?
Ease for Enough-To-Get-By Administration: Super easy.
Ease for Advanced Administration: Nothing a few Unix man pages can’t fix.
If what you’re looking for is to allow users to FTP their files to and from their accounts, this is a no-brainer: it’s already set up by default in the *BSDs and most Linux distributions. Likewise, allowing anonymous FTP (even for specific users or directories) is a very simple task – albeit one handled through a command-line interface with a text editor.
Even better, there are plenty of free FTP Daemons (servers) which give even more advanced features than the default FTPD provided with most Freenixes. FTP isn’t exactly a terribly option-heavy service, and nearly all of your needs can be easily dealt with. Note, however, that advanced issues (like denying FTP to specific users or hosts) aren’t immediately obvious, and may take a bit more work with your /etc/hosts.allow or ftpd config file.
Flexibility: Like a gymnastics instructor.
Ease for Enough-To-Get-By Administration: Easy.
Ease for Advanced Administration: No worse than doing your taxes.
Apache (so named because it was “a patchy” upgrade to the original free NCSA webserver) is by far the most popular webserver for Freenixes, and with good reason. It’s stable, it’s almost ridiculously extensible, and it has excellent performance.
While fairly rudimentary GUI tools exist (again, native to Linux) for Apache configuration, the command line is the way to go. The good news is that the Apache team has gone to great lengths to make this as painless as possible. There are plenty of great books out there on not only configuring Apache, but also on tweaking it for performance as well. With the newest versions of Apache (1.3.4 and greater), all configuration options have by default moved to a single file, the httpd.conf file, located in /etc/httpd/, /usr/local/apache/etc/, or some other directory depending on your OS, your version of Apache, the phase of the moon and a random 32-bit number).
The default httpd.conf file is extremely well documented, and includes either explanations or examples (or both) for every configuration directive in the file. The great part is that most options are relatively self-explanatory, and by editing this one file you can easily set up everything from CGI execution and file icons to virtual hosts.
Performance tuning is where things can sometimes get tricky. Most of the GUI/semi-GUI tools (as mentioned above) available will carry the heavy lifting for you – including kernel modifications and other items. However, getting the most out of your webserver may require you to recompile Apache with or without some of its default modules. Nonetheless, Apache is nothing if not exhaustively documented in books and at its website (www.apache.org), and things are at worst frustrating rather than impossible.
Flexibility: Ridiculously flexible.
Ease for Enough-To-Get-By Administration: Fairly easy.
Ease for Advanced Administration: You’d better have some “Advil” handy.
Sendmail is the most powerful and configurable mail server out there (especially for free). The default configuration installed with nearly all Freenixes is all that 99 percent of Sendmail users (like you and me) will ever need. Thank God, because we’d be shooting ourselves left and right if we ever needed to seriously configure the damn thing.
Simple mailserver elements like POP3 accounts are built in by default. E-mail aliases and redirection are easily accomplished with an absolute minimum of configuration (through the /etc/aliases and /etc/mail/virtusertable.db files). In recent versions of Sendmail, anti-spam relaying measures are included by default, and these can easily be circumvented if needed by adding mail-sending domains to the /etc/mail/relay-domains file.
With that being said, God help you if you ever need to do some serious digging in the Sendmail configuration (/etc/sendmail.cf) file. Sendmail’s primary configuration file is written in something that looks like a cross between C code and Swedish, or maybe both. I was looking through that file and somewhere around line 4000 I actually found a bunch of John Dvorak’s delicious recipes. Sendmail is probably the archetypal example of Unix’s configurability and inscrutability at its best and worst.
For other common mail tasks, there are plenty of common free tools out there. The free pine 4.10 package offers not only the easiest Unix mail reader out there, but an excellent IMAP server (and text editor, with pico) as well. The free majordomo 1.94.4 package provides excellent mailing list options – although at a performance price, since it’s written in Perl and tends to eat up a lot of RAM when it’s running.
The Moral of the Story
Freenixes can save you thousands of dollars if you’re willing to pay a few hundred dollars for technical books and learn how to use them (the Freenixes, not the books). For common ISP sysadmin tasks, 90 to 95 percent of your work can be easily done on an OS with friendly tools and frequent updates. If you’re brave enough to handle any Unix, you’re brave enough to handle a Freenix. However, if you’re a point-and-click addict, or need something with an unhelpful tech support phone line, a Freenix won’t be for you.