For both personal use as well as at work, I was able to start with a standard installation of the Red Hat Linux distribution and provide services “out-of-the-box” with little or no changes to default configuration settings.
However, there were a number of small changes and extra services that were necessary to provide all the Internet, file & print services, and other services that are in use at my place of employment. The local administrator should be aware of the following:
The ``/etc/rc.d/rc.local'' file is executed upon system start-up and contains any extra services you have added to your server that should be executed upon bootup.
Look in /etc for any site-specific changes that may be required. These may include:
``/etc/inetd.conf'' (you should ensure unnecessary services were disabled such as finger, echo, chargen; as well as add or change any services you may need)
``/etc/exports'' (contains a list of hosts allowed to mount NFS volumes; see the section called Network File System (NFS) Services for details)
``/etc/organization'', ``/etc/nntpserver'', ``/etc/NNTP_INEWS_DOMAIN'' (set as appropriate)
``/etc/lilo.conf'' (contains information for the LILO boot loader -- the process which loads the Linux kernel upon bootup; see the section called Booting with LILO in Chapter 4 for details)
``/etc/sudoers'' (a list of users who should be given special privileges, along with the commands they are allowed to execute)
``/etc/named.boot'' (for DNS use; see the section called Domain Name Server (DNS) Configuration and Administration for details)
Anything in ``/usr/local/'' (and subdirectories) are extra packages or modifications to existing ones that you have installed here, if you have installed from things like tarballs instead of using RPM. (Or at least, you should have installed them here.) These files, particularly in /usr/local/src/, should be kept up-to-date. See Chapter 10 for details.
(WARNING: DISREGARD THIS SECTION!)
Create an Internet user as per normal. The “shell” account should be ``/bin/bash'' (as FTP requires a valid shell).
``cd /home ; chown root.root theuser'' This makes “theuser”'s directory belong to root, for security reasons.
``cd /home/theuser ; mkdir www ; chown theuser.theuser'' This creates their “www” directory, and sets ownership so they can read/write to it.
``echo "exit" > .profile'' This creates a ``.profile'' file with the single line ``exit'' in it. If the user tries to log in via telnet, they will get disconnected immediately.
Do an ``ls -l'' and make sure there are only 2 files in the directory (not including ``..'' and ``.''):
.profile (owned by root.root)
www (owned by theuser.theuser)
All other files can be deleted (eg. ``rm .less ; rm .lessrc'')
If the user needs to have e-mail forwarding enabled you could create a .forward file which simply has the proper e-mail as the first and only line in the file.
That's it. The user can use FTP to update the pages.