Kickstart

 

Kickstart

 

Authentication

In the Authentication section, select whether to use shadow passwords and MD5 encryption for user passwords. These options are highly recommended and chosen by default.

The Authentication Configuration options allow you to configure the following methods of authentication:

These methods are not enabled by default. To enable one or more of these methods, click the appropriate tab, click the checkbox next to Enable, and enter the appropriate information for the authentication method.

Boot Loader Options

You have the option of installing GRUB or LILO as the boot loader. If you do not want to install a boot loader, select Do not install a boot loader. If you choose not to install a boot loader, make sure you create a boot diskette or have another way to boot (such as a third-party boot loader) your system.

If you choose to install a boot loader, also choose which boot loader to install (GRUB or LILO) and where to to install the boot loader (the Master Boot Record or the first sector of the /boot partition). Install the boot loader on the MBR if you plan to use it as your boot loader. If you are using a different boot loader, install LILO or GRUB on the first sector of the /boot partition and configure the other boot loader to boot Red Hat Linux.

To pass any special parameters to the kernel to be used when the system boots, enter them in the Kernel parameters text field. For example, if you have an IDE CD-ROM Writer, you can tell the kernel to use the SCSI emulation driver that must be loaded before using cdrecord by typing hdd=ide-scsi as a kernel parameter (where hdd is the CD-ROM device).

If you choose GRUB as the boot loader, you can password protect it by configuring a GRUB password. Enter a password in the Use GRUB password text entry area. To save the password as an encrypted password in the file, select Encrypt GRUB password. If the encryption option is selected, when the file is saved, the plain text password that you typed will be encrypted and written to the kickstart file. Do not type an already encrypted password and select to encrypt it.

If you choose LILO as the boot loader, choose whether to use linear mode and whether to force the use of lba32 mode.

If Upgrade an existing installation is selected on the Installation Method page, select Upgrade existing boot loader to upgrade the existing boot loader configuration, while preserving the old entries.

 

Firewall Configuration

The Firewall Configuration window is identical to the screen in the Red Hat Linux installation program and the Security Level Configuration Tool, with the same functionality. Choose between High, Medium, and Disabled security levels.

 

Installation Method

The Installation Method screen allows you to choose whether to perform a new installation or an upgrade. If you choose upgrade, the Partition Information and Package Selection options will be disabled. They are not supported for kickstart upgrades.

Also choose the type of kickstart installation to perform from this screen. You can choose from the following options:

 

Network Configuration

If the system to be installed via kickstart does not have an Ethernet card, do not configure one on the Network Configuration page.

Networking is only required if you choose a networking-based installation method (NFS, FTP, or HTTP). Networking can always be configured after installation with the Network Administration Tool ( redhat-config-network).

For each Ethernet card on the system, click Add Network Device and select the network device and network type of the device. Select eth0 as the network device for the first Ethernet card, select eth1 for the second Ethernet card, and so on.

 

Partition Information

Select whether or not to clear the Master Boot Record (MBR). You can also choose to remove all existing partitions, remove all existing Linux partitions, or preserve existing partitions.

You can initialize the disk label to the default for the architecture of the system (for example, msdos for x86 and gpt for Itanium). Select Initialize the disk label if you are installing on a brand new hard drive.

 

Creating Partitions

To create a partition, click the Add button. Choose mount point, file system type, and partition size for the new partition. Optionally, you can also choose from the following:

 

Creating Partitions

To edit an existing partition, select the partition from the list and click the Edit button. The same Partition Options window appears as when you choose to add a partition except it reflects the values for the selected partition. Modify the partition options and click OK.

To delete an existing partition, select the partition from the list and click the Delete button.

 

Creating Software RAID Partitions

To create a software RAID partition, use the following steps:

  1. Click the RAID button.

  2. Select Create a software RAID partition.

  3. Configure the partitions as previously described, except select Software RAID as the file system type. Also, specify a hard drive on which to make the partition or specify an existing partition to use.

 

Creating a Software RAID Partition

Repeat these steps to create as many partitions as needed for your RAID setup. All of your partitions do not have to be RAID partitions.

After creating all the partitions needed to form a RAID device, follow these steps:

  1. Click the RAID button.

  2. Select Create a RAID device.

  3. Select a mount point, file system type, RAID device name, RAID level, RAID members, number of spares for the software RAID device, and whether to format the RAID device.

  4. Click OK to add the device to the list.

 

Package Selection

The Package Selection window allows you to choose which package groups to install.

There are also options available to resolve and ignore package dependencies automatically.

Currently, Kickstart Configurator does not allow you to select individual packages. To install individual packages, modify the %packages section of the kickstart file after you save it.

 

Post-Installation Script

You can also add commands to execute on the system after the installation is completed. If the network is properly configured in the kickstart file, the network is enabled, and the script can include commands to access resources on the network. To include a post-installation script, type it in the text area.

Do not include the %post command. It will be added for you.

For example, to change the message of the day for the newly installed system, add the following command to the %post section: 

 echo "Hackers will be punished!" > /etc/motd

More examples can be found in Section 7.7.1 Examples.

 

Chroot Environment

To run the post-installation script outside of the chroot environment, click the checkbox next to this option on the top of the Post-Installation window. This is equivalent to the using the --nochroot option in the %post section.

To make any changes to the newly installed file system in the post-installation section outside of the chroot environment, you must append the directory name with /mnt/sysimage/.

For example, if you select Run outside of the chroot environment, the previous example needs to be changed to the following: 

 echo "Hackers will be punished!" > /mnt/sysimage/etc/motd

 

Use an Interpreter

To specify a scripting language to use to execute the script, select the Use an interpreter option and enter the interpreter in the text box beside it. For example, /usr/bin/python2.2 can be specified for a Python script. This option corresponds to using %post --interpreter /usr/bin/python2.2 in your kickstart file.

 

Pre-Installation Script

You can add commands to run on the system immediately after the kickstart file has been parsed and before the installation begins. If you have configured the network in the kickstart file, the network is enabled before this section is processed. To include a pre-installation script, type it in the text area.

To specify a scripting language to use to execute the script, select the Use an interpreter option and enter the interpreter in the text box beside it. For example, /usr/bin/python2.2 can be specified for a Python script. This option corresponds to using %pre --interpreter /usr/bin/python2.2 in your kickstart file.

Do not include the %pre command. It will be added for you.

 

12. Saving the File

To review the contents of the kickstart file after you have finished choosing your kickstart options, select File --> Preview from the pull-down menu.

 

Preview

To save the kickstart file, click the Save to File button in the preview window. To save the file without previewing it, select File => Save File or press [Ctrl]-[S]. A dialog box appears. Select where to save the file.

 

X Configuration

If you are installing the X Window System, you can configure it during the kickstart installation by checking the Configure the X Window System option on the X Configuration window If this option is not chosen, the X configuration options will be disabled and the skipx option will be written to the kickstart file.

 

General

The first step in configuring X is to choose the default color depth and resolution. Select them from their respective pulldown menus. Be sure to specify a color depth and resolution that is compatible with the video card and monitor for the system.

 

X Configuration - General

If you are installing both the GNOME and KDE desktops, choose which desktop should be the default. If only one desktop is to be installed, be sure to choose it. Once the system is installed, users can choose which desktop they want to be their default.

Next, choose whether to start the X Window System when the system is booted. This option will start the system in runlevel 5 with the graphical login screen. After the system is installed, this can be changed by modifying the /etc/inittab configuration file.

 

Video Card

Probe for video card is selected by default. Accept this default to have the installation program probe for the video card during installation. Probing works for most modern video cards. If this option is selected and the installation program cannot successfully probe the video card, the installation program will stop at the video card configuration screen. To continue the installation process, select your video card from the list and click Next.

Alternatively, you can select the video card from the list on the Video Card tab Specify the amount of video RAM the selected video card has from the Video Card RAM pulldown menu. These values are used by the installation program to configure the X Window System.

 

X Configuration - Video Card

 

Monitor

After configuring the video card, click on the Monitor tab

 

X Configuration - Monitor

Probe for monitor is selected by default. Accept this default to have the installation program probe for the monitor during installation. Probing works for most modern monitors. If this option is selected and the installation program cannot successfully probe the monitor, the installation program will stop at the monitor configuration screen. To continue the installation process, select your monitor from the list and click Next.

Alternatively, you can select your monitor from the list. You can also specify the horizontal and vertical sync rates instead of selecting a specific monitor by checking the Specify hysnc and vsync instead of monitor option. This option is useful if the monitor for the system is not listed. Notice that when this option is enabled, the monitor list is disabled.

 

Command Line Configuration

If you prefer command-line tools or do not have the X Window System installed, use this chapter to configure users and groups.

To add a user to the system:

  1. Issue the useradd command to create a locked user account: 
     useradd <username>

  2. Unlock the account by issuing the passwd command to assign a password and set password aging guidelines: 
     passwd <username>

To add a group to the system, use the command groupadd: 

 groupadd <group-name>

 

Adding a New Group

To add a new user group, click the Add Group button. A window similar to Figure 25-4 appears. Type the name of the new group to create. To specify a group ID for the new group, select Specify group ID manually and select the GID. Red Hat Linux reserves group IDs lower than 500 for system groups.

Click OK to create the group. The new group will appear in the group list.

New Group

To add users to the group, refer to Section 25.4 Modifying Group Properties.

 

Modifying Group Properties

To view the properties of an existing group, select the group from the group list and click Properties from the button menu (or choose File => Properties from the pulldown menu). A window similar to Figure 25-5 will appear.

Group Properties

The Group Users tab displays which users are members of the group. Select additional users to be added to the group, or unselect users to be removed from the group. Click OK or Apply to modify the users in the group.

 

Password Aging

If passwords within an organization are created centrally by the administrator, adding new users to the organization means the administrators must configure the account so the user is asked to create a password when logging in for the first time.

To configure a user account in this manner, follow these steps:

  1. Create the user account using the useradd command. — At this point the account is created, but locked.

  2. Force immediate password expiration — To do this. type the following command: 
     chage -d 0

    This sets the value for the date the password was last changed to the epoch (January 1, 1970). This value forces immediate password expiration no matter what password aging policy, if any, is in place.

  3. Unlock the account — There are two common approaches to this. The administrator can assign an initial password: 
     /usr/sbin/usermod -p "<password>"

    In the above command, replace <password> with the initial password.

    Or, the administrator can assign a null password: 

     /usr/sbin/usermod -p ""

    While using a null password is convenient for both the user and the administrator, there is a slight risk that a third party can log in first and access the system. To minimize this threat, IBM recommends that administrators verify that user is ready to log in when they unlock the account.

    In either case, upon initial log in, the user is prompted for a new password.

 

Explaining the Process

The following steps illustrate what happens if the command useradd juan is issued on a system that has shadow passwords enabled:

  1. A new line for juan is created in /etc/passwd. The line has the following characteristics:

    • It begins with the username juan.

    • There is an x for the password field indicating that the system is using shadow passwords.

    • A UID at or above 500 is created. (Under Red Hat Linux, UIDs and GIDs below 500 are reserved for system use.)

    • A GID at or above 500 is created.

    • The optional GECOS information is left blank.

    • The home directory for juan is set to /home/juan/.

    • The default shell is set to /bin/bash.

  2. A new line for juan is created in /etc/shadow. The line has the following characteristics:

    • It begins with the username juan.

    • Two exclamation points ( !!) appear in the password field of the /etc/shadow file, which locks the account.

      If an encrypted password is passed using the -p flag, it is placed in the /etc/shadow file on the new line for the user.

    • The password is set to never expire.

  3. A new line for a group named juan is created in /etc/group. A group with the same name as a user is called a user private group.

    The line created in /etc/group has the following characteristics:

    • It begins with the group name juan.

    • An x appears in the password field indicating that the system is using shadow group passwords.

    • The GID matches the one listed for user juan in /etc/passwd.

  4. A new line for a group named juan is created in /etc/gshadow. The line has the following characteristics:

    • It begins with the group name juan.

    • An exclamation point ( !) appears in the password field of the /etc/gshadow file, which locks the group.

    • All other fields are blank.

  5. A directory for user juan is created in the /home/ directory. This directory is owned by user juan and group juan. However, it has read, write, and execute privileges only for the user juan. All other permissions are denied.

  6. The files within the /etc/skel/ directory (which contain default user settings) are copied into the new /home/juan/ directory.

At this point, a locked account called juan exists on the system. To activate it, the administrator must next assign a password to the account using the passwd command and, optionally, set password aging guidelines.

 

Modifying User Properties

To view the properties of an existing user, click on the Users tab, select the user from the user list, and click Properties from the button menu (or choose File => Properties from the pulldown menu). A window similar to Figure 25-3 will appear.

User Properties

The User Properties window is divided into multiple tabbed pages:

 

Home