Which Linux for Professional Admins?

LazloToth asks: "Short and sweet: with so many distributions of Linux to choose from, and so many of them good to excellent, which Linux delivers the best balance of stability, high-level support options, security, rapid updates, and ease of administration? If an admin wants to standardize on one Linux distribution and have the best of all worlds on everything from file-and-print servers to database boxes, what, in the experience of the Slashdot pros, is that Holy Grail of Linuxes - - the one that does it all while also making upper management feel warm and fuzzy?"

Re:Ubuntu

[yamla]

I agree, though I still prefer Debian itself for servers which will not run any GUI at all. But then, I tend to be fairly conservative in my distributions for servers.

I tried FreeBSD but gave it up. The main problem was that it does not run the 4.x versions of VMWare, unfortunately still a requirement for me. However, I also found that Debian did a better job managing configuration files.

One vote for SuSE...

[badasscat]

I'm gonna give my vote to SuSE... the ease and speed of updates is one reason I've stuck with it, after giving up on Mandrake and Red Hat/Fedora. YAST2 (the built-in setup utility) is just such an easy and powerful tool, and it "just works" - you can set it to auto-update if you want (it sets up a cron job for you if you select this option), but even on manual it will identify critical patches separately from non-critical patches, which makes it easy to pick and choose.

Plus, it's Novell now, so it's owned by a "real company", which may or may not be something your own company/organization is looking for (some business do require some level of centralized accountability and support).

I've also been pleasantly surprised with SuSE 9.2 in other areas - it's the cleanest and easiest-to-use distro out of the box that I've used, with no obvious bugs that I've seen. No reason not to use it, and lots of reasons to use it. YAST2 is a big selling point, in my opinion.

Good admins don't need a specific distro...

[Anonymous Coward]

actually - a good admin is able to handle any distribution.
That's what makes the difference between the "called" admins - and the real ones.
If you know how a Linux System works - you can administrate any system, e.g. any Distribution.

Re:SuSE

[Anonymous Coward]

Keep preaching, Faithful!

SuSE

- great administrative tools to support large networks

- rolling out new servers / workstation with auto-yast with pre-installed configuration/software

- YaST - Best configuration tool under the sun for Linux.

- 10+ years experience + now Novell.

Re:Gentoo

[sigaar]

I believed the question was about administration, not what your fav fanboy-itch-scratchin' distro was.

By the time you start compiling your kernel before you even boot gentoo the first time, I'll have my users working on a file/print/mail server already.

Re:Gentoo

[Talrias]

Yes, I personally like Gentoo, but I really think this is something you have to test for yourself, like buying a new house or car. You can be recommended, surely, but the best way to choose a new product you want is to test it yourself. Wikipedia's overview/comparison of Linux distros [wikipedia.org] will give you a guide and allow you to make your own choice.

Now onto my advice. :) The most important aspect of a Linux distro, in my opinion, is the package management system. Ideally you want a system which makes it easy to upgrade, doesn't screw up configuration files, is easy to use, and has a great number of packages available.

For the record, I use Gentoo on my home computer, and Debian on my server (as well as a Windows XP box for gaming).

Chris

Re:SuSE What more could you ask???

[LWATCDR]

Well he did ask for high level support and stability. SuSE is now owned by Novell so I would say that answers the high level support issue.
For support I would have to put Red Hat and SuSE at the top. I think SuSE has newer stuff than Red Hat "Not counting Fedora". Mandrake is very good but I have no idea how good their enterprise level support is. That may actually depend a lot on where you are. If you are in France Mandrake maybe a clear winner for support. In Germany SuSE may have an advantage.
If one of the BSDs is an option the best supported one is probably OS/X.

Re:One vote for SuSE...

[badasscat]

I'm gonna give my vote to SuSE... the ease and speed of updates is one reason I've stuck with it, after giving up on Mandrake and Red Hat/Fedora.

Argh...this kinda came out wrong... the reasons I gave up on other distros were not specifically due to the updates (Red Hat has a nice auto-update utility as well) but for a variety of reasons. SuSE is, IMO, the most polished distro I have used overall, and that includes the very nice YAST2. I have just not had any real problems with it, whereas I've had various bits of hardware that could never be properly configured under Mandrake or RH/Fedora, despite the fact that they were supposed to work out of the box. (This included the complete inability to even set hard drive mount points under Fedora Core 3, which is what finally led me to dump Fedora altogether.)

Re:Debian of course

[Anonymous Coward]

http://www.debian.org/consultants/ [debian.org]

Re:Gentoo

[kernel_dan]

For someone who doesn't seem to have much experience with the distributions, Gentoo may not be the best thing to use for immediate use. Gentoo is great but it takes a while to get things tweaked to take full advantage of your system. Everything is an adventure with Gentoo (your first time) and probably isn't good for the faint of hearted sysadmin in a production environment.

My suggestion: start with Debian (or anything quick and stable) then experiment with Gentoo until you think you've got it down. Once you're ready, make an iso and you're good to go for any level of deployment.

Re:Hardware

[clard11]

I think this is a very good point. How about Linux on an IBM zSeries box ? This would get plus points from management for scalability, managability and decent service, all on reliable hardware. I think there are three distros that are packaged for the "Iron Penguin" : Suse, Redhat or Turbolinux.

Re:Debian of course

[direwolf puppy]

It's my understanding that you can get Debian support through HP. I know you could get per-incident before, and according to this [hp.com], it looks like they support Debian as well as the "more commercial-friendly" distros.

Re:Gentoo and Debian the only serious contenders

[lysander]

I, a Debian user, tried Gentoo on two machines. Here were the problems I found:

• Gentoo's idea of security updates is not yet fully developed. There should be a logical step between "this is a security problem" and "ooh, here is a new version". glsa-check needs to work in concert with portage, rather than as an afterthought. This will get better.
• Gentoo's build process doesn't include sensible FEATURES flags by default. In particular, collision-protect, maketest, sandbox, userpriv, and usersandbox really need to be on. I don't want to be building as root. I sure as hell want software to run its own tests to make sure it works (especially if I were trying crazy optimization flags, which I wasn't). And collision-protect, to make sure that packages weren't overwriting other packages' files, seems like a bright idea as well -- except that it doesn't work. I have to turn it off every other week to 'emerge world' for updates. It needs to work, and it needs to be on by default.

Re:Ubuntu

[Seumas]

My vote is for Debian, too. Out of personal experience and preference. But I would also nominate Slackware.

Outside of those two distros, I've only used RedHat and Caldera. Hope that puts things in scope. As far as UNIX, I've used pretty much everything out there. Still prefer Debian. ;)

what about GRML?!

[crawancon]

GRML is debian based and tailored towards sysadmins. It is console/text centric, and provides a number of security "features". For those still(?) afraid of runlevel 2, there is fluxbox. It is Reaping the benefits of knoppix's hardware detection, debian's repositories/apt-getables, and gutted out KDE and others from knoppix and replaced with MANY console/text based tools. give it a whirl. For the afraid-to-leave-M$, try QEMU and run grml within your current OS. http://grml.org/

Re:Debian of course

[kinema]

Actually if you are looking for a good support option for Debian (or any other distro for that mater) check out Progeny [progeny.com]

Re:One vote for SuSE...

[glsunder]

Yast also works just fine without requiring gui, which is a big plus to many of us.

Not Gentoo

[Drakino]

I hate to say this, but after running Gentoo on my home server for a year, it is not enterprise worthy.

Main reason?

Sure, on the surface, Gentoo seems easy to update. Problem is, updates break things. Time and again, I have watched emerge upgrade things, possibly give me important info somewhere in the millions of lines of code it scrolls pointlessly, then I reboot to a service not acting right. This last emerge cycle left me with:

Samba in a broken state. Non protected shares worked, anything else gave access denied. Why? Someone decided to move the default location of smbpasswd and didn't notify me in a way to catch it since I wasn't watching emerge line by line.

Apache was broken. It would start one process and hang. Examining the error log showed a problem in PHP. For some reason, it missed a package that has to be recompiled every time PHP is upgraded.

Postfix has been broken in the past by similar, as well as my imap server. Filing a bug report on one of the changes was simply met with "so, deal with it" basicially.

Gentoo has a lot of hype. Actually using it across 10 servers scares me though. It turns out to be worse then any other distro in the amount of work needed to keep it up to date, since you get to spend time hunting down problems. At lease SuSE was nice enough to generate messages to root about important changes I may need to check on manually.

Re:Personally...

[opkool]

Yes, Mandrake is pretty good:
* Mandrake is Linux, as it is as stable as all other Linux distros
* includes recent versions of software
* easy administration: point-and-click interfaces (with text versions using ncurses) plus the classic ssh + vi + /etc
* company commited to GPL Mandrake golden rules [mandrakesoft.com]
* LSB-compliant (Linux Standard Base)
* The company is making money (the company will be here for a long time)
* 2 main versions
- regular version (including gratis download edition)
- corporate edition (including support 24x7 and all that jazz)
And, oh, yeah, Mandrake has a native apt-get like tool called urpmi, with both GUI and text interfaces.
Peace

So true

[BinLadenMyHero]

The parent is absolutely right.

And as a competent admin, I choose the distro that don't get in the way, that let me do the things my way. By that aspect alone, LFS [linuxfromscratch.org] would be the best, but it a bit exagerated. (I highly recommend to install it [linuxfromscratch.org] once though, if you are interested in better understanding of the system, it's parts and how they work, from boot to the password prompt and applications. I used it at my machine at home for quite some time.)

I choose Slackware. I used to install everything (after the initial instalation from the distro CD) from source, but it got tedious. Now I use swaret to upgrade the security-related packages. The software more importantly used (in my case: postfix, clamav and spamassassin and squirrelmail) are monitored from freshmeat and upgraded manually as I see fit (some from source code). Other software are not upgraded unless needed (if it works, don't mess with it).

The main source of problem, in all the distributions I tried, is the package system. Ugrading (or, in some cases, even installing new packages) can break the system. Of course when installing from source you also have the risk, but things are more under control if you know what you're doing.

RHEL no question

[ComputerSlicer23]

I've built up my "RedHat-fu", to the point, that it's the one distro I know how to to completely configure a machine from start to finish to be setup exactly the way I want via network boot. It might be possible with Suse, but I've never run that.

I purchase RedHat licenses for everything that is in the DMZ, or runs software that requires RedHat Enterprise Linux for support (think Oracle Databases).

Then I use Whitebox Linux [whiteboxlinux.org] for everything else. It's pretty much exactly the same as RedHat (you can pick another RHEL rebuild if you want, CentOS and Whitebox Linux are my two favorites). Whitebox can have problems from time to time, because it's a one man show. CentOS looks nice, but it sounds like the mailing lists are used less, and the web boards more for discussion and help (I've never participated, but that's the a complaint I've seen on WhiteBox lists about CentOS). I like e-mail lists for help/support. Call me silly. While web boards are nice for random discussions, I'd much rather review e-mail for technical support (both on the giving and receiving end).

I use that for the desktop. Other then, it's a bit RAM hungry, it's fine for a desktop for most people (the lack of a good MP3 player might bother most, but I play oggs, so I'm good with it). You need more then 128MB of RAM to run OpenOffice on it at a reasonable speed. (I was running a PIII-500 w/ 384MB of RAM and it was acceptable, with a new P4 w/ 128MB of RAM it was unbearably slow running Mozilla and OpenOffice at the same time. I put a 1GB of RAM in and now it's wonderful).

In the end, it means I can run almost exactly the same OS at home that I do at work. It's industrial strength, and all of the expertise I build up using it, is going towards one of the two distro's that all major software vendors support. I don't know of any Suse "rebuilds", otherwise I might recommend those.

Kirby

Re:Not Gentoo

[Jestrzcap]

If you are running updates in the background and want to catch important information just grep the output to a file.

Something like "emerge -u world | grep '*' >> important_update_info.txt"

The imporant messenges are all prefixed with * so you can easily catch them. Make a shell script to do it for you. Mail it to youself if thats what you need.

As for just blindly updating, thats not something you should be doing on a production server. Test server first, then roll changes to production.

Re:Goodness

[slashdot_commentator]

Using your rationalizations, I'd go Suse. Owned by a major corporation (Novell), provides support contracts, and once linux is the standard platform for their Netware services, you'll have better management software for your enterprise networks.

Agree & love Gentoo

[dougnaka]

I love Gentoo, am running it on my home and work desktops. But this has been a problem historically. What parent talks about as problems are real problems with Gentoo, but are not the only reasons not to run it blindly in production. Another problem is having a C compiler be required. If your box gets compromised you've given a potential cracker all the tools he needs to do even more damage.

Now, it's very likely that the above poster upgraded his config files blindly and this is what messed up his installation, FYI config files in Gentoo aren't automatically overwritten, you're supposed to "merge" / manage them, and the process isn't very simple.

So, what to run in Production? Ideally you roll your own to production, Gentoo makes a great base system, trim it down to minimal files you need to do what your server needs, and then lock down all permissions. Ideally your production server will be as tight as it can be and still do its job. So keep a "master/build" server that has all your development files on it, and then a "production" server that only has what's needed to run on it. Make images of your production, and update by updating the master server, then the test production servers then the production servers. If you're running yum/emerge/urpmi/etc on a live production server you're opening yourself up for many risks.

Oh, it's hard to go wrong putting FreeBSD into production also, too bad it's

Re:Slackware!

[Vulture101]

tried almost all other distros but in the end its always slack that stays

Re:Gentoo

[sloanster]

For the record, I use Gentoo on my home computer, and Debian on my server (as well as a Windows XP box for gaming).

Interesting. For the record, I use suse pro 9.2 on my desktop, and suse 9.2 pro on my servers. (and a suse 9.2 pro box for gaming - personally, I don't see the point of bothering with microsoft issues just to play ut2004, doom3 or quake 3 arena when those games run quite nicely on linux)

But more to point of the original discussion, my employer's requirements are different from mine, and so they are running suse enterprise linux, aka SLES 9. They need the extra support and feel-good indemnification clauses that come with the enterprise version, but otherwise, it's actually pretty hard to tell the difference between suse pro and suse enterprise.

When it comes to smaller businesses, I've set up linux servers (yes, suse pro) for several of them. They all seem quite happy with it, since it tends to be a set-up and forget it proposition. It's cheaper, but no indemnification. Then again, they just want something that works, and there's usually no money lying around for sco extortion insurance anyway.

Re:SuSE

[tzanger]

No .iso's to download? Another strike. Ya, I'm a free beer kinda guy.

Acutally I downloaded the SuSE 9.2 pro .iso the other day and installed it. I'm a slackware user myself, but SuSE is *nice*.

Re:Not Gentoo

[Meaulnes]

This seems a little off base to me. We have several Gentoo servers (6 or 7, I can't remember the exact number) at work, and I use gentoo on my work desktop, laptop, and personal desktop. (Oh I shouldn't forget running Gentoo on my Xbox). Someone in my department also uses Gentoo on his work desktop as well as his personal desktop. I personally have been running Gentoo since it was at release 1.2 (with a few month haitus whilst I learned *BSD). The Xbox aside, I have never had an emerge -u world break a a well-maintained box.

Now, I have a friend who has a remote dedicated Gentoo server who adamantly refuses to run etc-update and his box breaks every time he runs emerge -u world.

For my money Gentoo is the answer. Weekly emerge sync's & upgrades (look at what you are upgrading), consitent usage of etc-update, and a good thorough understanding of Gentoo's USE and ARCH settings will keep a Gentoo box in good working order.

At work, when we have a new service to provide, we look at the following OSs in order

1. OpenBSD
2. Gentoo Linux
3. Mac OS X
4. Windows.

All of our external services run from OpenBSD, most of our internal services run in Gentoo (even a predictive dialer) or OS X, and a total of 3 servers run windows.

When security is really important however, we don't even consider Linux, opting instead for OpenBSD.

Just my $.02

Re:Gentoo

[Pharmboy]

Er, are there any distros around that don't have this?

Perhaps the whole up2date versus yum versus yast versus apt-get debate. Easy to upgrade depends as well, since Fedora is easy to upgrade but they drop support so damn quick that you better upgrade, unless you are using software that borks unless you use a specific distro (Ensim for instance)

Personally, I see a great deal of difference in SuSe (my new fav) and debian and redhat (my first distro). In package management, configuration setup and number of preconfigured packages (although I don't really mind compiling my own sources).

Me, I use SuSe on the desktop and was using Redhat on the server, although that is getting migrated to SuSe as well. (if they weren't that different, I wouldn't need to migrate now, would I?)

Re:Debian

[808140]

You do realize that there are three distinct flavours of Debian -- well, four, actually -- with varying policies on updates?

Debian stable is enterprise grade. Bugs and security fixes are backported, very slow upgrade cycle (typically 2 to 3 years), extensive testing. It is, in my experience, the only truly stable (in the tradition of Solaris and BSD) Linux distribution. It's great in an enterprise environment because you don't need to upgrade it frequently, and the Debian security team provides security patches that don't screw your system up -- you can configure apt to download and install security updates immediately in the background. Debian stable is the server you put in the corner and forget about. It'll run forever.

Then, there's Debian testing, which will eventually become the next stable. For most people who don't need the very latest software (especially GUI environments) but who do want more frequent updates, testing is ideal. It's not much less stable than Debian stable, much more up to date, but not so bleeding edge that it breaks constantly (like Gentoo).

Debian unstable, despite its name, is actually quite stable -- I rarely have any problems with it. It's good for a desktop machine when you want the latest and the greatest, and are willing to spend some time updating the machine (because you'll need to do it frequently).

Those are the big three that people run. There is a fourth: Debian experimental. This contains packages that haven't made it into unstable yet, usually because they have bugs or other problems. I don't know anyone (other than clueless noobs) that would try to run experimental -- what's much more typical is to run unstable and pick occasional experimental packages out by hand.

People that talk about how far behind Debian is usually only use stable, which is the default install -- but upgrading to testing or unstable is trivial (ie, one command). Understand that for enterprise servers, new is not the same as good. Take a look at Solaris and see how old a lot of the included software is -- that's because you're supposed to configure Solaris (and most servers) to do what you want and forget about them. Debian follows this model. Stable is amazingly stable.

The only real issue (as some other posters pointed out) is that many commercial vendors only support stuff like RHEL and SuSE, which ties your hands sometimes. But in other situations, Debian Stable beats the pants off of both of those offerings in terms of stability -- they never fail (well, almost -- x86 hardware is flaky, after all, but that's not Debian's fault).

Re:Gentoo

[Penguin Follower]

You do know that you can do a stage 3 install & use prebuilt packages these days, don't you? You only have to compile the kernel. Later when you update/upgrade the system you can compile the components being upgraded/updated. Let's face it: even though many of us linux geeks like to compile stuff from scratch (stage 1 baby!) Portage is really damn cool. You've got a huge repository of packages from which to choose. All of which are just an emerge away! ;) Pretty painless management as I've experienced it.

Oh and while I'm on it, Gentoo is already working on a GUI frontend for installation. That will make the stage 3 w/ prebuilt packages install quite painless.

Re:Ubuntu

[Bald Wookie]

Might want to stay away from Sun then.

No, I'm not really serious. Yet.

Re:Well, SuSE or RedHat, obviously.

[scheme]

People on this thread have been hammering Redhat and Suse like these companies own Linux. Yes, Debian and Gentoo aren't huge companes with hundreds of programmers sitting at the edge of their seats ready to help you and instantly fix security bugs, but neither are the big guys. Redhat and Suse/Novell are Linux "Packagers". They put together a bunch of open source software written by everyone from paid full time programmers to 15 years olds in their basement.

That might have been true a few years back but it's no longer true. Redhat employs Alan Cox, Ulrich Drepper (glibc), Tom Lane (postgresql) and quite a few other glibc, kernel, gcc, and application developers to write code. They help get the code ready and apply/develop any patches necessary to get software stable and bug free. Suse/Novell employs similar big names (Miguel de Icaza, etc.) to help in developing and fixing their releases.

With Suse or Redhat if you have a problem after installing Oracle, I'm sure they will work with you and Oracle to get the problem fixed. And less that may involve the developers on staff at Redhat or Suse to work on it and come up with fixes.

Re:Gentoo

[andrewscraig]

That's what 'nice' is for!
I run my emerge --update using nice, and this then allows the rest of the system to run normally, while updates operate on a low priority thread. This minimizes the affect on the box.

Re:Gentoo

[Anonymous Coward]

www.distrowatch.com gives a very quick description of all the distros. you can get a good feel for the flavor of different ones in no time