This page has information about admin tasks which can be performed by nominated users of "light touch" (as opposed to systems up to Fedora Core 3) managed distributions based on RedHat (such as CentOS, a free Enterprise Linux distribution, and Fedora Core, bleeding edge) and ubuntu. They are being used for dom0 xen servers, and user WSs.

There is a separate page for users which covers commands available to all users, Linux Lite which covers the Lab "light touch" management of Linux systems, and Redhat Admin which covers the admin of RedHat: installation, integration, and admin tasks which can be done by root.

Please feel free to add or correct anything, having read the WiKiHints

See Software installation under Unix for general info on installing RPMs.

Non obvious package names

Many RPMs are named after the commands they provide. Unfortunately, some are less obvious, such as:

Indirect installs (e.g. mplayer, vlc)

In some cases it is necessary to install a "release" RPM in order to add a new repository, before the RPM itself can be installed. In the case of groups, this may require an explicit subsequent "groupinstall" to pick up the extra available RPMs.

64b flash

Some features need "magic" additions of RPMs. One of these was to get round the lack of 64b Flash, although an alpha version was released 2008/11/17 and appears to work, so install the RPM CL-flash-plugin.

To install flash 11 on Ubuntu 11.04

sudo add-apt-repository ppa:sevenmachines/flash
cl-asuser apt-get update
cl-asuser apt-get install flashplugin64-installer

HACKs to use JAVA on 64b machines

The 64b Sun JAVA RPM does not come with a plugin for browsers - only the 32b one does. However, it possible to load the 32b java and firefox or opera (which is 32b only). With 32b firefox, the problem is invoking it -- the std wrapper uses the 64b version if available. As such, one option is to remove the 64b version.

An alternative is to use the 64b blackdown JAVA. This has been tried 6 times, worked 5, but failed once, so was abandoned. If anyone is interested in trying it, email unix-admin to have it installed, as it doesn't come as an RPM. If it is sufficiently reliable, an RPM will be generated.

Another alternative is to use opera, which is 32b.

acroread on 64b: install 32b nss_ldap and openldap-devel

If the 32b acroread RPM (called AdobeReader_enu) is loaded on a 64b system without a 32b nss_ldap RPM, it will first complain

 GLib-WARNING **: getpwuid_r(): failed due to unknown user id (104)

and then SEGFAULT.

If openldap-devel.i386 is not loaded, the dynamically loaded PPKLite.api will fail and generate a warning.

Adding East Asian fonts

Machine should support UTF-8, but some characters may not be present by default. WiKiPedia suggests loading fonts-{japanese,chine,korean}, e.g.

cl-asuser yum install fonts-japanese fonts-chinese fonts-korean

Configuring - system-config-{display,keyboard,language,soundcard,lvm}

Some parts of the system can be configured. Commands can be run under cl-asuser include

Configuring X

With recent systems, the X server may read a directory for parts of the configuration, e.g. /usr/share/X11/xorg.conf.d/50-monitor-CL-1600x1200.conf may explicitly set a 1600x1200@60 (74.5 kHz) mode

Section "Monitor"
        Identifier   "<default monitor>"
        Modeline     "1600x1200" 160.96 1600 1704 1880 2160 1200 1201 1204 1242

(or 75 kHz: "162.00 1600 1664 1856 2160 1200 1201 1204 1250 +hsync +vsync").

Configuring Dual headed X

From xrandr 1.2 onwards generic Dual head X can be used. Older systems may need driver specific configuration.

On Redhat systems, if a special driver is needed (e.g. kmod-nvidia, xorg-x11-drv-nvidia, ati-x11-drv, xorg-x11-drv-fglrx or xorg-x11-drv-catalyst), these can often be found at rpmfusion, by adding rpmfusion-free-release. It seems that they are not available for CentOS, and ATrpms version fails, but a raw install from the nVidia shar file site worked, but requires a rebuild on each kernel change.

Ubuntu should use nvidia-glx* or such like.

A user reports that gnome has a problem under Ubuntu 9.10 which is fixed by setting "System > Preferences > Appearance > Visual Effects > none".


If "xrandr" displays a number of monitors, it should be possible to use generic Dual head X. e.g.

% xrandr -q
Screen 0: minimum 320 x 200, current 3000 x 1200, maximum 3000 x 1200
VGA-0 connected 1600x1200+0+0 (normal left inverted right x axis y axis) 432mm x 324mm
   1600x1200      60.0*+   59.9  
   720x400        70.1  
DVI-0 disconnected (normal left inverted right x axis y axis)
LVDS connected 1400x1050+0+0 (normal left inverted right x axis y axis) 0mm x 0mm
   1400x1050      50.0*+
   640x480        59.9  
S-video disconnected (normal left inverted right x axis y axis)
% xrandr --output VGA-0 --right-of LVDS

As above, the maximum needs to be set to allow the combined screens, by including the line "virtual 3000 1200" in the Display subsection of the Screen section of /etc/X11/xorg.conf. Note that some older hardware may have limits, e.g. There is a known issue that DRI doesn't work on pre-965 if maximum is larger than 2048x2048. It also appears that whereas "3200 1200" works fine under Fedora 9 and 11Alpha, under Fedora 10, anything above 2048 causes the X server to go into a loop.

It's not always obvious how to get to a particular setup on one step (suggestions welcome! e.g. "xrandr --output VGA --right-of TMDS-1 --auto"?)- it may help to use several calls, e.g.

xrandr --output VGA --off
xrandr -s 1600x1200
xrandr --output VGA --auto
xrandr --output VGA --right-of TMDS-1

If the monitor configuration is liable to change (e.g. a laptop) it may be best to set the maximum size which may be wanted, and run xrandr at the start of each session, depending on the currently attached monitors. However, for a fixed configuration, consider the "static" method described by intel, e.g. Add monitor-<type> to ID the monitors
Section "Device"
        Identifier  "Videocard0"
        Driver      "intel"
        Option      "monitor-VGA" "vga"
        Option      "monitor-TMDS-1" "dvi"
EndSection Add monitor-<type> to ID the monitor
Section "Monitor"
        Identifier      "vga"
        # Option          "Rotate" "left"
EndSection Add monitor-<type> to ID the monitor, and set its resolution and position
Section "Monitor"
        Identifier      "dvi"
        Option          "LeftOf" "vga"
        Option          "PreferredMode"  "1600x1200"

Note that Fedora systems 10 and later do not have a /etc/X11/xorg.conf, but defaults everything. As such, if tweaks are needed, install system-config-display and run "system-config-display --reconfig", or for more specific settings (probably not wanted), use "sudo Xorg -configure :1".

nVidia GeForce 6200 TurboCache / 7600 GT (not xen)

Install nvidia-x11-drv from rpmfusion-nonfree and run 'cl-asuser nvidia-xconfig --twinview'. Note that multiple connectors often have different capabilities, so try both if resolutions are different. See "-A" for additions flags such as "--xinerama" and "--no-xinerama". The kernel panics under xen (at least 7600).

ATI Radeon X1300 / X1650 PRO

Install ati-x11-drv (AKA xorg-x11-drv-fglrx) from rpmfusion-nonfree and run "cl-asuser aticonfig --initial=dual-head". Note that multiple connectors often have different capabilities, so try both if resolutions are different. Not yet found a way to set xinerama using aticonfig so "cl-asuser chown $USER /etc/X11/xorg.conf" then edit it to include

        Option "xinerama" "on"

in the ServerLayout Section. (xen OK)

The driver may choose an inappropriate mode for a display, e.g. 1920x1080 when 1600x1200 is wanted. It should be possible to fix this using the aticonfig command line options (run it with --help for a list), or by editing /etc/X11/xorg.conf to force the mode, e.g.

--- xorg.conf-backup    2007-02-06 11:25:46.000000000 +0000
+++ xorg.conf   2007-02-06 11:40:19.000000000 +0000
@@ -74,6 +74,7 @@
        SubSection "Display"
                Viewport   0 0
                Depth     24
+               Modes "1600x1200"
@@ -85,6 +86,7 @@
        SubSection "Display"
                Viewport   0 0
                Depth     24
+               Modes "1600x1200"

This failed on invader running Fedora 9, as Xorg crashed. It worked with teh std radeon driver using

Section "ServerLayout"
        Identifier     "single head configuration"
        Screen      0  "Screen0" 0 0
        Screen         "Screen1" RightOf "Screen0"
        Option      "xinerama" "on"

Section "Device"
        Identifier  "Videocard0"
        Driver      "radeon"

Section "Device"
        Identifier  "Videocard1"
        Driver      "radeon"
        Screen      1

Section "Screen"
        Identifier "Screen0"
        Device     "Videocard0"

Section "Screen"
        Identifier "Screen1"
        Device     "Videocard1"

Mixed landscape and portrait ( nVidia GeForce 8600 GT)

ramus has the left screen landscape and the right screen portrait. The basic requirements appear to be

 Section "ServerLayout"
+       Screen      1  "Screen0 (2nd)" RightOf "Screen0"

 Section "Device"
+       BusID       "PCI:1:0:0"
+       Screen      1

+Section "Screen"
+       Option      "Rotate" "CCW"

Daemon control - chkconfig, service

At boot time various daemons are automatically started. The command chkconfig can be used to set and inspect what the system will do at the next reboot. The command service can be used to set and inspect the current state of the daemons. Both commands can be invoked under cl-asuser.

File system changes (e.g. scratch) - mknod, mdadm, lvm, ext2online, resize2fs, system-config-lvm, mkswap

The cl-admin command can be used to do some of the boring behind-the-scenes steps, which are described further down.

Note that a machine may have a number of

Partitions can be recursive if things like RAID or LVM are used, e.g. two partitions can be mirrored to make a new, slightly smaller RAID1 partition.

Filesystems often use nearly all of the partition in which they have been made, but there may be unused space at the end. "df" and commands such as "cl-asuser tune2fs" show the size of the filesystem. /proc/partitions shows the size of the partitions. Command such as cl-asuser fdisk, cl-asuser cfdisk, cl-asuser sfdisk and cl-asuser gdisk can be used to show the partitions on a disc (we aim to mark unused ones as type ff). /proc/mdstat shows partitions generated using RAID. cl-asuser lvm can be used to show partitions generated by LVM, along with free space. cl-asuser blkid tries to identift partitions which are "in use".

Creating /local/scratch using cl-admin

A good starting point is the creation and mounting of a 32GB scratch space. This needs the three commands

cl-admin mkfs /dev/vg01/scratch '' 32G
cl-asuser mkdir -p /local/scratch
cl-asuser mount -a

(NB: first one is cl-admin, but last two are cl-asuser). The first command generates a number of suggestions as to commands to run and arguments to use. If you know what you are doing, or if something fails, consider tweaking the defaults, but otherwise try just pressing Return, and thinking what it's doing and why.

If you are creating something other than /local/scratch there will not be en entry in /etc/fstab so one needs to be created. In general use "LABEL=$name" rather than raw devices such as /dev/md14, as they may change.

A full sessions might be something like:

% cl-admin mkfs /dev/vg01/scratch '' 32G /dev/md7
cl-admin: device to pvcreate [/dev/md7]:
cl-admin: run: cl-asuser mknod /dev/md7 b 9 7
cl-admin: First  device for /dev/md7 [/dev/sda7]: /dev/hda7
cl-admin: Second device for /dev/md7 [/dev/sdb7]: /dev/hdc7
cl-admin: run: cl-asuser sfdisk --change-id /dev/hda 7 fd [y]?
cl-admin: run: cl-asuser sfdisk --change-id /dev/hdc 7 fd [y]?
cl-admin: run: cl-asuser mdadm -C -n2 -l1 /dev/md7 /dev/hda7 /dev/hdc7 [y]?
mdadm: array /dev/md7 started.
cl-admin: run: cl-asuser lvm pvcreate /dev/md7 [y]?
  Physical volume "/dev/md7" successfully created
cl-admin: run: cl-asuser lvm vgcreate vg01 /dev/md7 [y]?
  Volume group "vg01" successfully created
cl-admin: run: cl-asuser lvm lvcreate -L 32G -n scratch vg01 [y]?
  Logical volume "scratch" created
cl-admin: label [-L 'scratch']: 
cl-admin: type [-text3]: 
cl-admin: journal [-j]: 
cl-admin: bytes per block [-b4096]: 
cl-admin: bytes per inode [-i16000]: 
cl-admin: spares superblocks [-s 1]: 
cl-admin: extra args []: 
cl-admin: mkfs opts [-text3 -s 1 -i16000 -b4096 -j -L 'scratch' ]: 
cl-admin: run: cl-asuser mkfs -text3 -s 1 -i16000 -b4096 -j -L 'scratch'  /dev/vg01/scratch [y]? 
mke2fs 1.40.2 (12-Jul-2007)
Filesystem label=scratch
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
2154688 inodes, 8389632 blocks
419481 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
257 block groups
32768 blocks per group, 32768 fragments per group
8384 inodes per group
Superblock backups stored on blocks: 
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
        4096000, 7962624

Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 37 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
% cl-asuser mkdir -p /local/scratch
% cl-asuser mount -a

That was an easy, pre-packaged, common example. Below are alternatives which can be tried, and other ways of doing things.

The FC6 GUI to setup a new LVM partition is system-config-lvm which will guide you through allocating the space, formatting the partition, creating the mount point, and putting it into /etc/fstab. See /proc/partitions for the partitions. Use cfdisk (or fdisk or sfdisk) to see the current usage of partitions. 0xFF is used locally to mark an "unused" partition. The main "in use" partition types are 0xFD (RAID), 0x07 (NTFS), 0x82(swap), 0x83 (ext2) and 0x8E (LVM).

To manually create new RAID1 partitions, use mdadm under cl-asuser. It may fail when creating a new partition as there won't be a /dev/md $n entry. This can be created using "cl-asuser mknod /dev/md $n b 9 $n". The partitions should be marked as "Linux raid autodetect" (0xFD) using a *fdisk command. The wrapper command cl-admin can be used to help with such sub commands. If there is only one disc, for the "Second device" type "missing".

If lvm is to be used, new PVs can be created using "cl-asuser lvm pvcreate /dev/md $n", VGs created using "cl-asuser lvm vgcreate vg $v /dev/md $n", and LVs using "cl-asuser lvm lvcreate -n $lvname -L $size G vg $v".

Simple enlargement of the root FS

Machines are setup with a "smallish" root filesystem by default, as making it larger slows down booting (resyncing the RAID array and fscking the FS) and increases the chance that a disc fault will be in an active area and thus cause a problem. The initial size was enlarged to 8GB as of 2012/10, so if root FS is smaller than that, COs should "just do it" and enlarge it to 8GiB using

cl-admin resize2fs / 2000000

Otherwise, before enlarging it, have a quick look and think about why there is a problem. If new packages have recently been added, that is likely to be the reason. Otherwise, the most common cause is some runaway process filling the logs (in /var), some over zealous caching (in /var/cache) or /tmp. It might be worth looking in /var, /tmp or / using a command such as

sudo du /var -x | sort -n | tail -30

and look for any obvious anomalies (e.g. /var/cache/apt/archives/).

Enlarging a filesystem is very simple, but shrinking it is hard, especially the root FS. As such, enlarge a FS by small increments (a GB or so), rather that maxing it out the first time a FS fills up. e.g. to enlarge root by 1GB use

cl-admin resize2fs / +1G

If an enlarge (on an md with PSB 1.x?) fails as the device is too small, check in /proc/partitions to see whether it is confused. If the partition is large enough, it seems that removing both discs (in turn!) from the array allows it to forget the cached miss-information and get it right. What has been seen to work (on a sync'ed array!) is

cl-asuser mdadm -f /dev/md2 /dev/sda2
cl-asuser mdadm -r /dev/md2 /dev/sda2
cl-asuser mdadm -a /dev/md2 /dev/sda2
# wait til in sync
cl-asuser mdadm -f /dev/md2 /dev/sdb2
cl-asuser mdadm -r /dev/md2 /dev/sdb2
cl-admin  resize2fs / 8G
cl-asuser mdadm -a /dev/md2 /dev/sdb2

Complex enlargement of the root FS

If the underlying partitions are full, the array cannot be enlarged, so the partitions need to be enlarged. The basic steps are

foreach partition in the array
   remove the partition (using mdadm -f then -r)
   enlarge the partition, normally by sacrificing another partition (using *fdisk or gparted)
   update the kernel partition table (using partprobe)
   add the new larger partition to the array (using mdadm -a)

The problem normally arises with md1 or md2, and the solution is the sacrifice the other. With md2, for "sanity", use sd[ab]2 rather than sd[ab]1. If things are desperate, any available space can be used for the new partitions.

Full details for enlarging scratch

If a filesystem resides on an LVM partition with free space (run "cl-asuser lvm vgs" to see free space), the partition can be extended using "cl-asuser lvm lvextend -L +$sizedeltaG /dev/vg$v/$lvname", e.g.

cl-asuser lvm lvextend -L +16G /dev/vg01/scratch

If there is available space in the underlying partition, an ext3 or ext4 filesystem can be enlarged, while it's mounted. There was a special command "ext2online", but the operation has since been included as part of the standard "resize2fs" command. See the man pages to see which command to use.

All these commands can be invoked under cl-asuser, or can be combined using cl-admin, e.g.

cl-admin resize2fs /dev/vg01/scratch +16G

Thus to extend the scratch directory to 64GB (if there is free space in the VG, the first command is not needed), use commands such as

cl-admin vgextend vg01 /dev/md7
cl-admin resize2fs /dev/vg01/scratch 64G

where /dev/md7 is replaced by a suitable free partition. The command "cl-asuser blkid" can be used to see which partitions are in use. Compare it with /proc/partitions to see what is free. The first "three" (not including a small EFI boot partition on some modern systems) partitions are normally 2x8GB and 1x16GB for OS installs. The next one (it ends up as "5") is normally used to generate vg01 which has scratch. Subsequent ones (6 etc) are assigned as needed for particular needs. Change the partition type as appropriate (e.g. to LVM or RAID) using a *disk command gdisk, fdisk, cfdisk, gparted, etc), but do NOT rely on a value of (e.g.) 0xFF to mean that it is free.

If there is no free partition, but there is free disk space, allocate a new partition, taking care to leave a gap between partitions, and suitably align it. If using RAID, create the device, e.g. "cl-admin mkraid1 6" or "cl-asuser mdadm -C -n2 -l1 /dev/md6 /dev/sd[ab]6; cl-asuser mdadm-E". Having done so, run "cl-asuser partprobe" and check that the device appears in /proc/partitions.

An alternative is to create the RAID1 device using cl-admin and then use system-config-lvm GUI to do the rest:

fowey:~: cl-admin pvcreate /dev/md7
cl-admin: run: cl-asuser mknod /dev/md7 b 9 7
cl-admin: First  device for /dev/md7 [/dev/sda7]:
cl-admin: Second device for /dev/md7 [/dev/sdb7]:
cl-admin: run: cl-asuser sfdisk --change-id /dev/sda 7 fd [y]?
cl-admin: run: cl-asuser sfdisk --change-id /dev/sdb 7 fd [y]?
cl-admin: run: cl-asuser mdadm -C -n2 -l1 /dev/md7 /dev/sda7 /dev/sdb7 [y]?
mdadm: array /dev/md7 started.
cl-admin: run: cl-asuser lvm pvcreate /dev/md7 [y]?
  Physical volume "/dev/md7" successfully created
fowey:~: cl-asuser system-config-lvm

In the GUI, select the right pointing arrow on "Unallocated Volumes" to reveal "/dev/md7", select it, and click on "Create New Volume Group". Type in the volume name (usually "vgnn", e.g. "vg01"), leave the other fields ASIS, and click "OK". The new Volume Group should then be displayed (if not, select it). Select "Logical View", and click on "Create New Logical Volume". Type in the "LV name" (e.g. "scratch"), set the "LV size" or click on "Use Remaining", select "Ext3" as the "Filesystem", select both "Mount" and "Mount when rebooted", type in the mount path in "Mount point" (e.g. "/local/scratch"), and click on "OK". Click on "OK" when it says that the mount point does not exist, to create it. Unfortunately it will not auto-create the parent directory (e.g. "/local").

Other cl-admin tasks

The cl-admin command can perform a number of admin tasks. It does not run with any privs, but calls cl-asuser to run any commands which need priv. It asks for common missing arguments, and requests confirmation before running non obvious commands ("--ask" makes it ask for even trivial commands, and "--yes" stops it asking). For a full list see "cl-admin --list". Subcommands include:

Thus to fix all failed RAID1 partitions:

greta:~: cl-admin raid1-fix
cl-admin: run: cl-asuser mdadm /dev/md1 -r /dev/hdc1 && cl-asuser mdadm /dev/md1 -a /dev/hdc1
mdadm: hot removed /dev/hdc1
mdadm: re-added /dev/hdc1
cl-admin: run: cl-asuser mdadm -a /dev/md6 /dev/hdc6
mdadm: re-added /dev/hdc6

chown / chmod

Some operations do not come pre-potted with a cl-admin entry, but have to be done manually by the user. Please take care with such operations, as they may break your machine, or leave it (and hence the Lab) open to CRACKers. It is best (required in some cases) to grant yourself access to the file, make the change, the restore the file access as it was (some commands require certain users or modes on their config files). e.g.

cl-asuser chown pb22 /etc/sysconfig/iptables
vi /etc/sysconfig/iptable
cl-asuser chown root /etc/sysconfig/iptables
cl-asuser service iptables restart

Examples are:


Many machine run with no swap as they have enough memory for general use, and having swap space allows run away processes to go mostly unnoticed, but cause the machine to become "sluggish". However, if the machine is sometimes short on memory, or hibernation is required, swap space is required (for hibernation it should be a partition). The current swap space can be seen in /proc/swaps, and /etc/fstab has the list which are automatically used -- normally partitions with labels "swap" and "SWAP". To add sda7 as a new swap partition with label swap, use "cl-admin mkswap -L swap /dev/sda7".

Shared servers

Machines are registered in the database as having an owner and an assigned user. The former makes policy decisions about the machine, and does things if the latter is not contactable. The latter does day to day management of the machine, has "cl-asuser" access and full "sudo" access. This is true for user Work Stations and group servers.

In the case of group servers only, there may be cases where other people need special rights. Requests for such access should be negotiated via the owner and sent to the user.

If there is a need to change the assigned user, please email sys-admin so that we can update the DB. The change can then be done using

cl-asuser cl-hostid-fix --user=$user

which will show what would be done - adding a "-a" flag will actually do it.

cl-asuser access

grant write access to /etc/user-config/bundles e.g. using "sudo setfacl -u:''$user'':rw /etc/user-config/bundles}}"[[FootNote(ubuntu needs to mount the root FS {{{acl)]] or by selecting a suitable group.

sudo access

add extra users to a grpoup which is listed as having "%''$group'' ALL=(ALL) ALL" in /etc/sudoers, e.g. wheel under Redhat or sudo or admin under Ubuntu.

"standalone" servers

details of cl-asuser passwd to bootstrap; cl-add-user and updates; reminder on backup


Eclipse "install & update" manager

If you experience difficulties with the "Install & Update" manager, it may be simplest to remove the eclipse RPMs and download the appropriate tarball from and drop it in the user scratch directory. The FC6 release notes include:

14.5.1. Non-packaged Plugins/Feature
Fedora Eclipse contains a patch to allow non-root users to make use of the Update Manager functionality for installing non-packaged plugins and features. Such plugins are installed in the user's home directory under the .eclipse directory. Please note, however, that these plugins do not have associated GCJ-compiled bits and may therefore run slower than expected.


SysInfo/LinuxUserAdmin (last edited 2013-03-13 14:45:27 by PieteBrooks)