WebMO Home Page
   Pro Features
   Enterprise Features
   Compare Features
   System Requirements
   Screen Shots
   Working Demo
   Support & Tutorials
   Support Forum
   Revision History
   Mailing List
   Educational Resources
   License Info
   Buy WebMO Pro/Ent
   Obtain Free License
WebMO - Computational chemistry on the WWW
Recent news

WebMO 19.0 is now available for free download!

WebMO 19.0 Pro and Enterprise have a variety of additional features and is available for purchase.

The WebMO app is now available for iOS and Android.

March 31, 2020
Installation of Red Hat Linux 7.2

These instructions can be used to install and configure Red Hat Linux 7.2 on a typical PC. They may need to be tweaked slightly, depending on the exact configuration of your PC.

  1. Install Linux

    1. Turn on computer and quickly insert disk 1 of Red Hat Linux 7.2

    2. If system fails to boot Linux, insert boot disk into floppy drive and restart

    3. At the boot prompt, press the 'Enter' key

    4. Initial Selections
      1. Language Selection: English
      2. Keyboard Configuration:
        1. Model: Generic 104-key PC
        2. Layout: U.S. English
        3. Dead Keys: Disable dead keys
      3. Mouse Configuration:
        1. Microsoft: IntelliMouse (PS/2)
        2. Uncheck 'Emulate 3 Buttons'

    5. Welcome to Red Hat Linux, click Next

    6. Install Options, choose Install: Custom

    7. Disk Partitioning
      1. Choose Manually partition with Disk Druid for easy partitioning, or choose Manually partition with fdisk [experts only] for full control over the partition layout
      2. Create the following partitions (sizes suggested):
        1. /boot 64MB (only if your computer is pre-1999)
        2. swap 1024MB (or twice RAM size)
        3. / 8192MB
        4. /home 8192MB
        5. /scratch 1MB and Click 'Fill to maximum allowable size'
      3. Accept defaults if satisfied with mount points, filesystem types, and formatting; otherwise, select each partition and click Edit
        Note: Only 4 primary partitions are allowed. One of these may be an extended partition, which can contain up to 12 logical partitions. Some older BIOS limitations require that the Linux /boot directory be contained in its own partition which does not extend beyond cylinder 1024. DOS/Windows requires a primary partition from which to boot, and additional drives must be logical partitions.

    8. Boot Loader Installation
      1. Use GRUB as the boot loader
      2. Install Boot Loader record on /dev/hda Master Boot Record (MBR)
      3. Do not enter a GRUB password unless needed

    9. Network Configuration
      1. Uncheck 'Configure using DHCP'
      2. Make the following settings: (talk to you network adminstrator for correct values)
        1. IP address: {ip_address}
        2. Netmask: {subnet_mask}
        3. Network: xxx.xxx.xxx.xxx (Fills in automatically)
        4. Broadcast: xxx.xxx.xxx.xxx (Fills in automatically)
        5. Hostname: {hostname.domain}
        6. Gateway: {gateway_address}
        7. Primary DNS: {dns1_server_address}
        8. Secondary DNS: {dns2_server_address}

    10. Firewall Configuration
      1. Choose Medium security
      2. Choose Customize and allow incoming SSH and WWW(HTTP); if desired, also allow incoming Telnet and FTP

    11. Language Support Selection, click Next

    12. Time Zone Selection
      1. America/Detroit (or your timezone)
      2. Leave 'System Clock uses UTC' unchecked for Linux/Windows dual boot systems

    13. Account Configuration
      1. Set root password
      2. Add at least one user account

    14. Authentication Configuration, accept defaults and click Next

    15. Package Group Selection
      1. Printer Support
      2. Classic X Window System
      3. X Window System
      4. Gnome
      5. KDE
      6. Sound and Multimedia Support
      7. Network Support
      8. Messaging and Web Tools
      9. Graphics and Image Manipulation
      10. Windows File Server (only if you will run samba)
      11. Anonymous FTP Server (not recommended)
      12. Web Server
      13. Authoring/Publishing
      14. Emacs
      15. Utilities
      16. Software Development

    16. Video Card Configuration, accept default video card or choose one manually

    17. Preparing to Install. This is the last chance to safely cancel the installation process. Click Next, and wait a very long time while partitions are formatted and packages are installed. Insert disk 2 when prompted and click OK. A log will be written to /tmp/install.log

    18. Boot Disk Creation. Insert formatted floppy and click Next. Label disk as "Linux 7.2 Boot Disk for {hostname}"

    19. Monitor Selection and X Configuration
      1. Choose specific monitor, or choose and appropriate Generic Monitor
      2. Adjust syncronization rates as follows
        1. Horizontal sync: 30-64 kHz
        2. Vertical sync: 50-75 Hz
      3. Customize graphics configuration as follows
        1. Color Depth: High Color (16 Bit)
        2. Screen Resolution: 1024x768
        3. Desktop Environment: GNOME (default) or KDE (recommended)
        4. Login Type: Graphical (for use as workstation) or Text (for use as server by experts)
      4. Click 'Test Setting' to test X screen settings
        NOTE: (Control+Alt+Backspace) exits X immediately
      5. Click 'Next'

    20. Congratulations, Linux has been installed! Remove floppy, click Exit, and remove CD-ROM to reboot

  2. Verify aspects of the system configuration

    1. Verify the date and time
      $ date
      Adjust the date and time if necessary
      # date MMDDhhmm[YYYY].ss
      Write the new date and time to the system's CMOS clock
      # clock -w

    2. Verify that all of the machine's RAM has been detected
      $ free
      If Linux reports less RAM than is actually installed your system, follow instructions to specify at boot time the amount of available RAM

    3. Verify that domainname can be determined
      $ hostname -d
      If the domainname is not reported, then edit /etc/hosts so that the fully qualified domain name appears before the hostname
      # cd /etc
      # cp -p hosts hosts.000
      # vi hosts
     {hostname.domain}   {hostname}   localhost.localdomain   localhost

  3. Install update packages from RedHat

      It is critical that any security related updates be applied to your system. Root access security holes are reguarlay uncovered, and machines connected to the internet are regularly probed for these weaknesses. It is a certainty that unpatched machines will soon be hacked.

    • Option A: Manual download and installation of updates
      1. Visit the Redhat Errata page and determine which updates should be downloaded and applied
      2. Check whether or not packages are installed with
        # rpm -qa | grep {package}
      3. Download the appropriate rpm's from Redhat
        or from a mirror site
      4. Install the updates
        # rpm -Fvh {package-version.rpm}
      5. Restart your computer so that new versions of any updated services are restarted
        # /sbin/shutdown -r now

    • Option B: Purchase Official Red Hat Update CD-ROM and automatic installation of updates
      1. Order the most recent Update CD from
      2. Mount the Update CD
        # mount /mnt/cdrom
      3. Run the installation program
        # cd /mnt/cdrom
        # ./install-updates
        Answer 'y' to all prompts
      4. If the update fails during the dependency check, then the missing package(s) must be installed manually with
        # rpm -ivh 7.2/{package}*
        and ./install-updates must be run again
      5. After the update is complete, restart your computer with
        # cd /
        # umount /mnt/cdrom
        # shutdown -r now
      6. Note that the root file system may fail to unmount during shutdown and is therefore automatically checked upon restart; inodes having zero dtime will be deleted. A log of the update may be found in /tmp/update.log, and any error messages or warnings may be found in /tmp/update.err

    • Kernal upgrades are more complex, and one should definitely read the instructions in The Official Red Hat Linux Customization Guide. A brief summary of the procedure is given here
      1. Locate your boot floppy disk and verify its operation
      2. Backup the previous /boot directory
        # mkdir /boot.000
        # cd /boot
        # tar cf - . | (cd ../boot.000; tar xvf -)
      3. Note what version of the kernel you are currently running
        # uname -r
      4. Note what current kernel components are installed
        # rpm -qa | grep kernel-
      5. Install new versions of the kernel components (only if they were already installed), using -U or --force options if necessary
        # rpm -ivh kernel-{new_version}.i686.rpm
        # rpm -Uvh kernel-headers-{new_version}.i386.rpm
        # rpm -ivh --force kernel-pcmcia-cs-{new_version}.i386.rpm
      6. Verify that symbolic links are correct
        # ls -lF /boot
      7. If you have a SCSI hard disk, verify that a new disk image file was created
        # ls -l /boot/initrd*
      8. If GRUB bootloader is being used, verify and/or edit its configuration file
        # cd /boot/grub
        # cp -p grub.conf grub.conf.000
        # vi grub.conf
      9. If LILO boatloader is being used, verify and/or edit its configuration file, and write changes to hard disk MBR
        # cd /etc
        # cp -p lilo.conf lilo.conf.000
        # vi /etc/lilo.conf
        # /sbin/lilo -v
      10. Reboot
        # /sbin/shutdown -r now
      11. Make a new boot floppy disk
        # uname -r
        # /sbin/mkbootdisk {new_version}

  4. Customize Linux

    1. Forward root's email
      It is critical that a human actually read root's email, so that logwatch output, system problems, or security breaches are quickly noted
      # vi /root/.forward

    2. Create useful mount points, for example
      # mkdir /mnt/zip
      # mount -t vfat /dev/hdd4 /mnt/zip
      # ls -alF /mnt/zip
      # umount /mnt/zip
      If the following line is added to /etc/fstab
            /dev/hdd4   /mnt/zip   vfat   noauto,owner   0 0
      then the mount command can be simplified to
      # mount /mnt/zip

  5. Turn on desired services

    1. Understand background concepts about access to services
      Access to system services over the network is controlled at multiple levels:
      1. A firewall controls what packets are accepted by the system and which are dropped or rejected. The default firewall is defined in /etc/sysconfig/ipchains, which was created during Firewall Configuration step of the installation process. The syntax of this file is explained in the ipchains man page and on the many websites devoted to explaining ipchains and firewalls. (Note that the Linux 2.4 kernel in Red Hat Linux 7.2 also supports iptables. You may use only one type of firewall, the older default ipchains or the newer iptables.)
      2. The software for the service must be installed on the system, which can be checked with the command rpm -qa | grep {servicename}. Many services have both client and server rpm's, and it is the server package that must be present.
      3. The service must be started by the system. Some services (apache, ssh, samba, sendmail) are always in memory running as daemons. These may be specified to start at boot time with /sbin/chkconfig {servicename} on|off or controlled manually with /sbin/service {servicename} start|stop. Other services (telnet, ftp, rsh, rexec) are controlled by the xinetd daemon. These may be turned on by editing the appropriate file in /etc/xinet.d and setting disable=no. Then restart the xinetd daemon with /sbin/service xinetd restart.
      4. Access to services can be restricted to specific IP address. This is done most fundamentally in the firewall configuration file, which can be configured to only allow access to certain services (ports) by certain IP address ranges. This can also be done for the xinetd services with the /etc/hosts.allow and /etc/hosts.deny files. (Note that /etc/hosts.allow is processed first, and then /etc/hosts.deny. Thus, it is generally best to allow access to specific services by certain address in hosts.allow and then deny all other access in hosts.deny.) Also, some of the services (ssh, sendmail) running as permanent daemons respect /etc/hosts.allow and /etc/hosts.deny. Finally, some services (apache, samba) allow access to be restricted to certain IP addresses through their configurations files.
      When troubleshoting access to services, you need to consider all of the above factors. If access is denied at any level, then the service will appear to fail.

    2. Telnet
      Telnet is not generally recommended because login information (username and password) and all commands (su and root password) are transmitted as plain text. One should use ssh instead. However, telnet is sometimes used on a secure local network when security is less of a concern. To turn on telnet
      # cd /etc/xinet.d
      # vi telnet
            disable = no
      # /sbin/service xinetd restart
      If telnet fails,make sure that the iphains firewall contains a line for service 23 (telnet) like
            -A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
      that the telnet server software is installed
      # rpm -qa | grep telnet-server
      and that either /etc/hosts.deny contains no entries or /etc/hosts.allow permits access by the client
      where {network_address} may be calculated from
      $ ipcalc --network {ip_address} {subnet_mask}

    3. Ftp
      Ftp is not generally recommended because login information (username and password) and all files are transmitted as plain text. One should use sftp instead. However, ftp is sometimes used on a secure local network when security is less of a concern.
      To turn on ftp
      # cd /etc/xinet.d
      # vi wu-ftp
            disable = no
      # /sbin/service xinetd restart
      If ftp fails,make sure that the iphains firewall contains a line for service 21 (ftp) like
            -A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
      that the ftp server software is installed
      # rpm -qa | grep wu-ftp
      and that either /etc/hosts.deny contains no entries or /etc/hosts.allow permits access by the client
      where {network_address} may be calculated from
      $ ipcalc --network {ip_address} {subnet_mask}

    4. Ssh and sftp
      Ssh and sftp are secure shell and file transfer programs. Ssh should be installed by default on Red Hat Linux 7.X systems. However, ssh client software is not part of the typical desktop PC installation (e.g. Microsoft Windows) and must be installed separately as third party software.
      If ssh fails,make sure that the iphains firewall contains a line for service 22 (ssh) like
            -A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
      that the ssh server software is installed
      # rpm -qa | grep openssh-server
      and that either /etc/hosts.deny contains no entries or /etc/hosts.allow permits access by the client

    5. Apache
      The apache web server runs as the "apache" user in Red Hat Linux 7.X as well as Fedora. In order for apache to access a user's www files, the user's home directory must be set to mode 711 and the public_html subdirectory must be set to mode 755. Since this is not the default installation, one must become root and do a chmod 711 on all /home/user directories
      # cd /home
      # chmod 711 {user}
      Each user must then create a public_html directory structure
      $ cd ~
      $ mkdir public_html
      $ cd public_html
      $ mkdir cgi-bin
      $ chmod 755 cgi-bin
      Edit the apache configuration file
      # cd /etc/httpd/conf
      # cp -p httpd.conf httpd.conf.000
      # vi httpd.conf
            In the <IfModule mod_userdir.c> section, verify that
                  UserDir public_html
            Uncomment the section
                  <Directory /home/*/public_html>
            Uncomment the line
                  AddHandler cgi-script .cgi
            Add the lines
                  <Directory /home/*/public_html/cgi-bin>
                  Options ExecCGI
                  SetHandler cgi-script
      It is recommended that directory browsing be disabled. Search for and delete any instances of "Indexes" within "Options" statements, which can be located with
      # grep ^[[:space:]]*Options httpd.conf | grep Indexes
      For example, change
            Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
            Options MultiViews SymLinksIfOwnerMatch IncludesNoExec
      Make sure that the /etc/sysconfig/ipchains firewall configuration file contains a line for service 80 (http) like
            -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
      Restart the firewall if ipchains was edited
      # /sbin/service ipchains restart
      Start the apache server
      # /sbin/chkconfig httpd on
      # /sbin/service httpd start
      Note that
      suexec is turned on by default in Red Hat Linux 7.2 and Fedora. Thus all user cgi scripts run as the user in whose directory they are installed, instead of as the 'apache' user. Suexec imposes many security restrictions upon cgi scripts. Not only must the scripts by nonwritable by others, the directory containing the cgi script must be non writable by others, e.g., mode 755. By default, directories are created with mode 775 in Red Hat Linux. Therefore, one must manually do a 'chmod 755' on any directory containing cgi scripts.
      Some administrators prefer to add the apache user to the each user's group instead of changing each user's home directory permissions
      # vi /etc/group
      # vi /etc/gshadow

    6. Samba
      Samba permits access to files on the Linux system via Windows networking. By default, Red Hat Linux 7.X configures Samba to use "security=user", which requires that a user have a Linux account with the same name as their Windows login name, and "encrypt passwords = yes", which requires that users (or the Linux administrator) maintain a separate samba password list on the Linux machine with the user's Window's password that is in general different than their Linux password. The following instructions configure Samba to use "security=share", which behaves more like Windows networking and allows users to access any home directories for which they know the password. However, passwords for these shares are maintained separately from the Linux login passwords.
      Edit the samba configuration file
      # cd /etc/samba
      # cp -p smb.conf smb.conf.000
      # vi smb.conf
            In the [globals] section
                  workgroup = {workgroup}
                  server string = {hostname}
            Comment out
                  ; printcap name = /etc/printcap
                  ; load printers = yes
                  max log size = 50
                  security = share
                  browseable = yes
                  oplocks = no
                  level2 oplocks = no
                  preserve case = yes
                  short preserve case = yes
            In the [homes] section
            Add if not present
                  valid users = %S
      Let samba packets across the firewall
      # vi /etc/sysconfig/ipchains
            -A input -s {network address}/{network mask} -d 0/0 137:139 -p tcp -y -j ACCEPT
            -A input -s {network address}/{network mask} -d 0/0 137:139 -p udp -j ACCEPT
      Restart the firewall
      # /sbin/service ipchains restart
      Start the samba server
      # /sbin/chkconfig smb on
      # /sbin/service smb start
      Add the samba share password
      # smbpasswd -a {user}
      Users may now change their password with
      $ smbpasswd
      Browse the samba shares from the Windows "Network Neighborhood". Shares which do not appear may be accessed from Start: Run...: \\{serverhostname}\{sharename}.
      Some administrators prefer to set "encrypt password = no", which does not require a separate samba password list to be maintained and allows users to use their Linux passwords to access their files. This configuration is appropriate only for a system which operates on a secure local network, as the password is transmitted as plaintext (like telnet and ftp). To do this, comment out
            ; encrypt passwords = yes
            ; smb passwd file = /etc/samba/smbpasswd
      in smb.conf and restart the samba server. Note that post-Windows 95 machines (Windows 95SE, 98, ME, NT, 2000, XP) must be configured to transmit their passwords as plaintext by modifying their registry as described by the appropriate /usr/share/doc/samba-2.2.1a/docs/*PlainPassword.reg file.

    7. Sendmail (not recommended)
      By default, Red Hat Linux 7.1+ configures sendmail to only accept mail from the localhost, which should be fine in almost all cases. Since you probably already have an email account on a centralized server, you do not need to accept email from the outside world on your Linux machine. Do not allow outsiders to access sendmail unless you thoroughly understand how relaying works (which permits massive spamming), are prepared to administer an email system, and are willing to accept reponsibility for any spam forwarded by your system!
      If you do need to set up a centralized email server on your system, do the following:
      If necessary, install the sendmail configuration file package from distribution CDROM #1
      # rpm -Uhv /mnt/cdrom/RedHat/RPMS/sendmail-cf-8.11.6-3.i386.rpm
      Edit the sendmail configuration file
      # cd /etc
      # cp -p sendmail.cf sendmail.cf.000
      # cd /etc/mail
      # cp -p sendmail.mc sendmail.mc.000
      # vi sendmail.mc
            dnl DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')
      # m4 sendmail.mc >/etc/sendmail.cf
      Allow external access to sendmail
      # cd /etc
      # vi hosts.allow
      # cd /etc/sysconfig
      # vi ipchains
            -A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
      # /sbin/service ipchains restart
      Restart sendmail
      # /sbin/service sendmail restart

    8. Pop3 and imap (not recommended)
      These mail access agents are probably only needed if sendmail has been set to allow access from other computers, i.e., the system is intended to be a mail server from which you will regularly read mail. In general, you will not do this, but would instead simply forward any mail from Linux account to an existing email account.
      $ cd ~
      $ vi .forward
      If you do wish to set up pop3 or other mail retrieval services, do the following:
      Install the imap package from distribution CDROM #2
      # rpm -Uhv /mnt/cdrom/RedHat/RPMS/imap-2000c-15.i386.rpm
      Allow external access to pop3 (and/or pop3s, imap, ...) services
      # cd /etc/xinet.d
      # vi ipop3
      # /sbin/service xinetd restart
      # cd /etc
      # vi hosts.allow
      # cd /etc/sysconfig
      # vi ipchains
            -A input -s 0/0 -d 0/0 110 -p tcp -y -j ACCEPT
            -A input -s 0/0 -d 0/0 110 -p udp -j ACCEPT
      # /sbin/service ipchains restart

    9. Remove anonymous ftp access
      Most servers prefer not provide anonymous ftp service, which would permit anyone to download files from the /var/ftp/pub directory without providing a password. Check whether anonymous ftp is installed with with
      $ rpm -qa | grep anonftp
      If so, turn off anonymous access to your Linux machine by adding the following lines to the ftp configuration files
      # cd /etc
      # cp -p ftpaccess ftpaccess.000
      # vi ftpaccess
            #Turn off anonymous ftp
            defaultserver private
      # cp -p ftpusers ftpusers.000
      # vi ftpusers

    10. Additonal comments about access control files
      1. /etc/sysconfig/ipchains
        The ipchains configuration file defines which IP packets are accepted, rejected, or denied by the Linux machine. It is often preferable to limit accepted packets to the local network, rather than accept them from anywhere. For example, to accept WWW packets from anywhere, but limit telnet packets to being from the local network, one would use
              -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
              -A input -s {network_address}/{subnet_mask} -d 0/0 23 -p tcp -y -j ACCEPT
        where {network_address} may be calculated from
        $ ipcalc --network {ip_address} {subnet_mask}
        {subnet_mask} may also be specified as an integer equalling the number of nonzero bits starting from the left, e.g., or
        After editing /etc/sysconfig/ipchains, restart the ipchains service for the changes to take effect
        # /sbin/service ipchains restart
      2. /etc/xinet.d
        Filenames in this directory correspond to services that are controlled by the internet services daemon (formerly known as tcp_wrappers). Edit these files to disable (disable = yes) or enable (disable = no) these services. Restart the xinetd daemon for changes to take effect.
        # /sbin/service xinetd restart
        Access to the services is further controlled by the /etc/hosts.allow and etc/hosts.allow files as described below.
      3. /etc/hosts.allow and /etc/hosts.deny
        These files control what IP addresses are allowed to access various services on the Linux machine. It is best to allow access for various services to some IP numbers, and then to deny all other access. An example of an /etc/hosts.allow entry that permits access to all services from a limited IP address range is
              ALL: {network_address}/{subnet_mask}
        An example of an /etc/hosts.allow entry that permits access to ssh from anywhere is
              sshd: ALL
        Other services controlled by these access files include
        If access is permitted to specific services as above, then it is recommended that the /etc/hosts.deny file consist of
              ALL: ALL
        The efect of these entries is immediate, and the xinetd daemon does not need to be restarted after making changes.
        Note that if one properly configures the ipchains firewall, then these access control files are redundant and no changes are needed from the default configuration (empty, which permits access to all services by anyone).

  6. Install additional packages and software

    1. f2c
      Obtain f2c-19991109-2.i386.rpm from the Red Hat Linux 7.1 Powertools CD-ROM. (Note that the Powertools CDROM is no longer produced as of Red Hat Linux 7.2, and therefore one must use the 7.1 distribution available from www.webmo.net, www.redhat.com, or www.rpmfind.net.)
      # rpm -Uhv f2c-20000510-5.i386.rpm

    2. g77
      g77 should be installed by default when the Software Development package group was selected during installation. Verify with
      $ rpm -qa | grep g77
      If it is not present, install it from distribution CDROM disk #2
      # rpm -Uhv /mnt/cdrom/RedHat/RPMS/gcc-g77-2.96-98.i386.rpm

  7. Install and setup computational chemistry software

    1. Setup scratch directory
      # cd /scratch
      # rm -r lost+found
      # chmod 777 /scratch
      # chmod +t /scratch

    2. Install computational chemistry engines

    3. Install WebMO
      WebMO installation instructions

Copyright © 2001, WebMO, LLC, all rights reserved.