Debian-referenssi ----------------- Osamu Aoki Suomenkielinen käännös: Esko Arajärvi Kohta A.1, `Tekijät' CVS, to 18.1.2007, 11:54:20 UTC ------------------------------------------------------------------------------- Tiivistelmä ----------- Debian-referenssi (http://qref.sourceforge.net/) on tarkoitettu Debian-järjestelmän laajaksi yleiskatsaukseksi ja _asennuksen jälkeiseksi käyttöohjeeksi_. Se antaa esimerkkejä _komentorivikomennoista_ ja käsittelee monia järjestelmäylläpidon puolia. Dokumentti tarjoaa perusohjeita, vinkkejä ja muuta tietoa mm. Debianin perusajatuksista, järjestelmän asentamisesta, Debianin pakettienhallintajärjestelmästä, Linux-ytimestä Debianin alla, järjestelmän virittämisestä, yhdyskäytävien rakentamisesta, tekstieditoreista, CVS:stä, ohjelmoinnista ja GnuPG:stä _muille kuin kehittäjille_. Tekijänoikeuksista ------------------ Copyright (C) 2001--2005 by Osamu Aoki . Copyright (Luku 2) (C) 1996--2001 by Software in the Public Interest. This document may be used under the terms of the GNU General Public License version 2 or higher. (http://www.gnu.org/copyleft/gpl.html) (Tätä dokumenttia saa käyttää GNU GPL -lisenssin version 2 tai uudemman ehtojen mukaisesti. Katso epävirallinen suomennos (http://www.turre.com/licenses/gpl_fi.php).) Permission is granted to make and distribute verbatim copies of this document provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this document under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this document into another language, under the above conditions for modified versions, except that this permission notice may be included in translations approved by the Free Software Foundation instead of in the original English. ------------------------------------------------------------------------------- Sisällys -------- 1. Johdanto 1.1. Virallinen dokumentti 1.2. Dokumentin käytännöt 1.3. Esimerkkiskriptit 1.4. Perusasetukset 1.5. Debian-jakeluiden perusteet 2. Debianin perusteet 2.1. Debian-arkistot 2.1.1. Hakemistorakenteet 2.1.2. Debianin jakeluversiot 2.1.3. `stable'-jakeluversio 2.1.4. `testing'-jakeluversio 2.1.5. `unstable'-jakeluversio 2.1.6. `frozen'-jakeluversio 2.1.7. Debianin jakeluversioiden koodinimet 2.1.8. Aikaisemmin käytetyt koodinimet. 2.1.9. Koodinimien lähde 2.1.10. `pool'-hakemisto 2.1.11. Sid-jakelun historiaa 2.1.12. Palvelimelle ladatut paketit `incoming/'-hakemistossa. 2.1.13. Vanhempien pakettien hakeminen 2.1.14. Laitearkkitehtuuriosiot 2.1.15. Lähdekoodi 2.2. Debianin pakettienhallintajärjestelmä 2.2.1. Debian-pakettien yleiskuvaus 2.2.2. Debian-pakettien formaatti 2.2.3. Debianin pakettitiedostojen nimeämiskäytännöt 2.2.4. Paikallisten asetusten säilyttäminen 2.2.5. Debianin ylläpitoskriptit 2.2.6. Pakettien prioriteetit 2.2.7. Virtuaaliset paketit 2.2.8. Pakettien riippuvuudet 2.2.9. Riippuvuuden "Pre-Depends" ("esi-riippuvuus") merkitys 2.2.10. Paketin tila 2.2.11. Pakettien päivittämisen estäminen 2.2.12. Lähdekoodipaketit 2.2.13. Binääripakettien rakentaminen lähdekoodipaketeista 2.2.14. Uusien Debian-pakettien teko 2.3. Debian-järjestelmän päivittäminen 2.3.1. `dpkg' 2.3.2. APT 2.3.3. `dselect' 2.3.4. Ajossa olevan järjestelmän päivittäminen 2.3.5. Ladatut ja pakettivarastossa olevat `.deb'-tiedostot 2.3.6. Päivitysten kirjanpito 2.4. Debianin käynnistysprosessi 2.4.1. `init'-ohjelma 2.4.2. Järjestelmän ajotasot 2.4.3. Ajotasojen muokkaaminen 2.5. Monimuotoisuuden tukeminen 2.6. Kansainvälistäminen 2.7. Debian ja ydin (kernel) 2.7.1. Ytimen kääntäminen ei-Debian lähdekoodista 2.7.2. Työkaluja muokatun kernelin kääntämiseen 2.7.3. Erityishuomioita modulien käytöstä 2.7.4. Vanhan ydinpaketin poistaminen 3. Debian System installation hints 3.1. General Linux system installation hints 3.1.1. Hardware compatibility basics 3.1.2. Determining a PC's hardware and chip set 3.1.3. Determining a PC's hardware via Debian 3.1.4. Determining a PC's hardware via other OSs 3.1.5. A Lilo myth 3.1.6. GRUB 3.1.7. Choice of boot floppies 3.1.8. Installation 3.1.9. Hosts and IP to use for LAN 3.1.10. User accounts 3.1.11. Creating filesystems 3.1.12. DRAM memory guidelines 3.1.13. Swap space 3.2. Bash configuration 3.3. Mouse configuration 3.3.1. PS/2 mice 3.3.2. USB mice 3.3.3. Touchpad 3.4. NFS configuration 3.5. Samba configuration 3.6. Printer configuration 3.6.1. `lpr'/`lpd' 3.6.2. CUPS(TM) 3.7. CRON for desktop PC 3.8. Other host installation hints 3.8.1. Install a few more packages after initial install 3.8.2. Modules 3.8.3. CD-RW basic setup 3.8.4. Large memory and auto power-off 3.8.5. Strange access problems with some websites 3.8.6. Dialup PPP configuration 3.8.7. Other configuration files to tweak in `/etc/' 4. Debian tutorials 4.1. Getting started 4.1.1. Login to a shell prompt as root 4.1.2. Set up minimal newbie environment 4.1.3. Add a user account 4.1.4. Switch between virtual console 4.1.5. How to shut down 4.1.6. Play time 4.2. Midnight Commander (MC) 4.2.1. Enhance MC 4.2.2. Start MC 4.2.3. File manager in MC 4.2.4. Command-line tricks in MC 4.2.5. Editor in MC 4.2.6. Viewer in MC 4.2.7. Auto-start features of MC 4.2.8. FTP virtual filesystem of MC 4.3. Unix-like work environment 4.3.1. Special key strokes 4.3.2. Basic Unix commands 4.3.3. The command execution 4.3.4. Simple command 4.3.5. Command execution and environment variable 4.3.6. Command search path 4.3.7. Command line options 4.3.8. Shell wildcards 4.3.9. Return value of the command 4.3.10. Typical command sequences 4.3.11. Command alias 4.4. Unix-like text processing 4.4.1. Regular expressions 4.4.2. Replacement expressions 4.5. Unix-like filesystem 4.5.1. Unix file basics 4.5.2. The filesystem concept in Debian 4.5.3. File and directory access permissions 4.5.4. Timestamps 4.5.5. Links 4.5.6. Named pipes (FIFOs) 4.5.7. Sockets 4.5.8. Device files 4.5.9. `/proc' filesystem 4.6. X Window System 4.6.1. Start the X Window System 4.6.2. Menu in the X Window System 4.6.3. Keyboard sequence for the X Window System 4.7. Further study 5. Päivittäminen jakeluun `stable', `testing' tai `unstable' 5.1. Päivittäminen Potatosta Woodyyn 5.2. Päivitykseen valmistautuminen 5.3. Päivittäminen 5.3.1. `dselect'-ohjelman käyttö 5.3.2. Ohjelman `apt-get' käyttäminen 6. Debianin pakettienhallinta 6.1. Esittely 6.1.1. Tärkeimmät pakettienhallintatyökalut 6.1.2. Aputyökalut 6.2. Debianin pakettien hallinnan aloitus 6.2.1. APT:n laittaminen käyttövalmiiksi 6.2.2. Tehtävien asennus 6.2.3. `aptitude' 6.2.4. `dselect' 6.2.5. Jakeluiden seuraaminen APT:lla 6.2.6. Komennot `aptitude', `apt-get' ja `apt-cache' 6.3. Debianin selviytymiskomennot 6.3.1. Tarkista Debianin virheet ja etsi apua 6.3.2. APT upgrade:n vianetsintä 6.3.3. Pelastus käyttäen ohjelmaa `dpkg' 6.3.4. Pakettien valintatietojen palauttaminen 6.3.5. Järjestelmän pelastaminen hakemiston `/var' tuhoutumisen jälkeen 6.3.6. Paketin asentaminen käynnistyskelvottomana järjestelmään 6.3.7. Mitä tehdä, jos `dpkg'-komento on hajalla 6.4. Debianin nirvana-komennot 6.4.1. Tietoa tiedostosta 6.4.2. Tietoa paketista 6.4.3. Valvomaton asennus APT:lla 6.4.4. Asennettujen pakettien asetuksien päivittäminen 6.4.5. Pakettien poistaminen ja siivoaminen 6.4.6. Vanhempien pakettien säilyttäminen 6.4.7. `stable'/`testing'/`unstable'-sekajärjestelmä 6.4.8. Pakettitiedostojen karsiminen välimuistista 6.4.9. Järjestelmäasetusten tallennus/kopiointi 6.4.10. Paketin sovittaminen `stable'-järjestelmään 6.4.11. Paikallinen pakettiarkisto 6.4.12. Vieraiden binääripakettien muuntaminen tai asentaminen 6.4.13. Automaattiasennus-komento 6.4.14. Asennettujen pakettitiedostojen varmennus 6.4.15. `sources.list':n optimointi 6.5. Muita Debianin omituisuuksia 6.5.1. `dpkg-divert' -komento 6.5.2. `equivs'-paketti 6.5.3. Vaihtoehtoiset komennot 6.5.4. Ajotasojen käyttö 6.5.5. Pois päältä kytketyt taustapalvelut 7. The Linux kernel under Debian 7.1. Kernel recompile 7.1.1. Debian standard method 7.1.2. Classic method 7.1.3. Kernel headers 7.2. The modularized 2.4 kernel 7.2.1. PCMCIA 7.2.2. SCSI 7.2.3. Network function 7.2.4. EXT3 filesystem ( > 2.4.17) 7.2.5. Realtek RTL-8139 support in 2.4 7.2.6. Parallel port support 7.3. Tuning the kernel through the proc filesystem 7.3.1. Too many open files 7.3.2. Disk flush intervals 7.3.3. Sluggish old low memory machines 7.4. The 2.6 kernel with udev 8. Debian tips 8.1. Booting the system 8.1.1. "I forgot the root password!" (1) 8.1.2. "I forgot the root password!" (2) 8.1.3. Cannot boot the system 8.1.4. "Let me disable X on boot!" 8.1.5. Other boot tricks with the boot prompt 8.1.6. Setting GRUB boot parameters 8.2. Recording activities 8.2.1. Recording shell activities 8.2.2. Recording X activities 8.3. Copy and archive a whole subdirectory 8.3.1. Basic commands for copying a whole subdirectory 8.3.2. `cp' 8.3.3. `tar' 8.3.4. `pax' 8.3.5. `cpio' 8.3.6. `afio' 8.4. Differential backup and data synchronization 8.4.1. Differential backup with rdiff 8.4.2. Daily backup with `pdumpfs' 8.4.3. Regular differential backup with RCS 8.5. System freeze recovery 8.5.1. Kill a process 8.5.2. Alt-SysRq 8.6. Nifty little commands to remember 8.6.1. Pager 8.6.2. Free memory 8.6.3. Set time (BIOS) 8.6.4. Set time (NTP) 8.6.5. How to control console features such as the screensaver 8.6.6. Search administrative database 8.6.7. Disable sound (beep) 8.6.8. Error messages on the console screen 8.6.9. Set console to the correct type 8.6.10. Get the console back to a sane state 8.6.11. Convert a text file from DOS to Unix style 8.6.12. Convert a text file with `recode' 8.6.13. Regular-expression substitution 8.6.14. Edit a file in place using a script 8.6.15. Extract differences and merge updates for source files 8.6.16. Convert a large file into small files 8.6.17. Extract data from text file table 8.6.18. Script snippets for piping commands 8.6.19. Script snippets for looping over each file 8.6.20. Perl short script madness 8.6.21. Get text or a mailing list archive from a web page 8.6.22. Pretty print a web page 8.6.23. Pretty print a manual page 8.6.24. Merge two PostScript or PDF files 8.6.25. Time a command 8.6.26. `nice' command 8.6.27. Schedule activity (`cron', `at') 8.6.28. Console switching with `screen' 8.6.29. Network testing basics 8.6.30. Flush mail from local spool 8.6.31. Remove frozen mail from local spool 8.6.32. Redeliver `mbox' contents 8.6.33. Clear file contents 8.6.34. Dummy files 8.6.35. `chroot' 8.6.36. How to check hard links 8.6.37. `mount' hard disk image file 8.6.38. Samba 8.6.39. Utilities for foreign filesystems 8.7. Typical mistakes to be noted 8.7.1. `rm -rf .*' 8.7.2. `rm /etc/passwd' 9. Tuning a Debian system 9.1. System initialization 9.1.1. Customizing init scripts 9.1.2. Customizing system logging 9.1.3. Optimizing hardware 9.2. Restricting access 9.2.1. Restricting logins with PAM 9.2.2. "Why GNU `su' does not support the `wheel' group" 9.2.3. Purposes of standard groups 9.2.4. Working more safely -- `sudo' 9.2.5. Restricting access to services 9.2.6. Centralizing authentication -- LDAP 9.3. CD writers 9.3.1. Introduction 9.3.2. Approach 1: modules + `lilo' 9.3.3. Approach 2: recompile the kernel 9.3.4. Post-configuration steps 9.3.5. CD-image file (bootable) 9.3.6. Write to the CD-writer (R, RW): 9.3.7. Make an image file of a CD 9.3.8. Debian CD images 9.3.9. Back up the system to CD-R 9.3.10. Copy a music CD to CD-R 9.3.11. Writing DVD-R, DVD-RW, and DVD+RW 9.4. X 9.4.1. X packages 9.4.2. Hardware detection for X 9.4.3. The X server 9.4.4. X clients 9.4.5. X sessions 9.4.6. Using X over TCP/IP 9.4.7. Connecting to a remote X server -- `xhost' 9.4.8. Connecting to a remote X server -- `ssh' 9.4.9. The X terminal emulator -- `xterm' 9.4.10. X resources 9.4.11. Keymaps and pointer button mappings in X 9.4.12. Getting root in X 9.4.13. TrueType fonts in X 9.4.14. Web browsers in X 9.4.15. Mail Clients (MUAs) in X 9.5. SSH 9.5.1. Basics of SSH 9.5.2. Port forwarding for SMTP/POP3 tunneling 9.5.3. Connecting with fewer passwords -- RSA 9.5.4. Dealing with alien SSH clients 9.5.5. Setting up `ssh-agent' 9.5.6. Troubleshooting SSH 9.6. Mail 9.6.1. Mail transport agents (MTAs) 9.6.2. Fetching mail -- Fetchmail 9.6.3. Processing mail -- Procmail 9.6.4. Processing spam with `crm114' 9.6.5. Reading mail -- Mutt 9.7. Localization (l10n) 9.7.1. Basics of localization 9.7.2. Locales 9.7.3. Introduction to locales 9.7.4. Activating locale support 9.7.5. Activating a particular locale 9.7.6. ISO 8601 date format locale 9.7.7. Example for the US (ISO-8859-1) 9.7.8. Example for France with Euro sign (ISO-8859-15) 9.7.9. Example for a multilingual X window system 9.7.10. Alternative X input methods 9.7.11. X terminal emulators 9.7.12. UTF-8 support for the X terminal emulator 9.7.13. Example for UTF-8 in a framebuffer console 9.7.14. Beyond locales 9.8. Multilingualization (m17n) 10. Network configuration 10.1. Basics of IP networking 10.2. Low level network configuration 10.2.1. Low level network configuration -- `ifconfig' and `route' 10.2.2. Low level network configuration -- `ip' 10.2.3. Configuring a Wi-Fi interface 10.2.4. Configuring a PPP interface 10.3. Naming the computer 10.3.1. Hostname 10.3.2. Mailname 10.4. Domain Name Service (DNS) 10.4.1. The resolver 10.4.2. Managing nameserver information -- `resolvconf' 10.4.3. Caching looked-up names -- `nscd', `dnsmasq', `pdnsd', `bind9' 10.4.4. Providing Domain Name Service -- `bind' 10.5. Configuring network interfaces using DHCP 10.6. High level network configuration in Debian 10.6.1. High level network configuration using `ifupdown' 10.6.2. High level network configuration using `ifupdown' logical interface definitions 10.6.3. Automatic network configuration using `ifupdown' 10.6.4. Automatic network configuration using `laptop-net' 10.6.5. Automatic network configuration using `network-manager' 10.7. Dealing with inconsistent naming of interfaces by the kernel 10.8. Triggering network configuration 10.8.1. Triggering network configuration at boot time 10.8.2. Triggering network configuration -- `hotplug' 10.8.3. Triggering network configuration -- `ifplugd' 10.8.4. Triggering network configuration -- `waproamd' 10.8.5. Network configuration and PCMCIA 10.9. Multi-stage mapping 10.10. Network service configuration 10.11. Network troubleshooting 10.12. Building a gateway router 10.12.1. Netfilter configuration 10.12.2. Manage multiple net connections 11. Editors 11.1. Popular editors 11.2. Rescue editors 11.3. Emacs and Vim 11.3.1. Vim hints 11.3.2. Emacs hints 11.3.3. Starting the editor 11.3.4. Editor command summary (Emacs, Vim) 11.3.5. Vim configuration 11.3.6. Ctags 11.3.7. Convert a syntax-highlighted screen to HTML source 11.3.8. Split screen with `vim' 12. Version Control Systems 12.1. Concurrent Versions System (CVS) 12.1.1. Installing a CVS server 12.1.2. CVS session examples 12.1.3. Troubleshooting CVS 12.1.4. CVS commands 12.2. Subversion 12.2.1. Installing a Subversion server 12.2.2. Moving a CVS repository to Subversion 12.2.3. Subversion usage examples 13. Programming 13.1. Where to start 13.2. Shell 13.2.1. Bash -- _GNU_ standard interactive shell 13.2.2. POSIX shells 13.2.3. Shell parameters 13.2.4. Shell redirection 13.2.5. Shell conditionals 13.2.6. Command-line processing 13.3. Awk 13.4. Perl 13.5. Python 13.6. Make 13.7. C 13.7.1. Simple C program (`gcc') 13.7.2. Debugging 13.7.3. Flex -- a better Lex 13.7.4. Bison -- a better Yacc 13.7.5. Autoconf 13.8. Web 13.9. Document preparation 13.9.1. `roff' typesetting 13.9.2. SGML 13.9.3. TeX/LaTeX 13.9.4. Literate Programming 13.10. Packaging 13.10.1. Packaging a single binary 13.10.2. Packaging with tools 14. GnuPG 14.1. Installing GnuPG 14.2. Using GnuPG 14.3. Managing GnuPG 14.4. Using GnuPG with applications 14.4.1. Using GnuPG with Mutt 14.4.2. Using GnuPG with Vim 15. Support for Debian 15.1. References 15.2. Finding the meaning of a word 15.3. Finding the popularity of a Debian package 15.4. The Debian bug tracking system 15.5. Mailing lists 15.6. Internet Relay Chat (IRC) 15.7. Search engines 15.8. Websites A. Liite A.1. Tekijät A.2. Takuut A.3. Palaute A.4. Dokumentin formaatti A.5. Debian-sokkelo A.6. Debian-lainauksia ------------------------------------------------------------------------------- 1. Johdanto ----------- Tämän Debian-referenssin (http://qref.sourceforge.net/) tarkoituksena on olla laaja yleiskatsaus Debian-järjestelmään ja toimia asennuksen jälkeisenä käyttöohjeena. Dokumentin kohdelukija on valmis lukemaan komentoriviskriptejä. Lukijalla oletetaan myös jo olevan perusosaamista Unixin kaltaisista järjestelmistä. Tätä kirjoitettaessa on tehty tietoinen päätös olla selittämättä kaikkea yksityiskohtaisesti, jos tieto löytyy ohjesivuilta, info-sivuilta tai HOWTO-dokumenteista. Täydellisten selitysten sijaan on pyritty tarjoamaan suoraan sovellettavissa olevaa tietoa antamalla tarkkoja komentosekvenssejä tekstissä ja esimerkkiskriptejä hakemistossa http://www.debian.org/doc/manuals/debian-reference/examples/. Komentojen sisältö tulisi ymmärtää ennen niiden käyttämistä. Komentojen tarkka muoto saattaa hieman vaihdella järjestelmästä toiseen. Suuri osa sisällytetystä tiedosta on muistutuksia ja viittauksia virallisiin referensseihin, jotka on listattu kappaleessa Kohta 15.1, `References'. Tämä dokumentti oli alun perin "pikareferenssi", mutta se kasvoi. Joka tapauksessa johtavia ajatuksia ovat lyhyys ja yksinkertaisuus. Hätäapua järjestelmän ylläpidossa tarjoaa kappale Kohta 6.3, `Debianin selviytymiskomennot'. 1.1. Virallinen dokumentti -------------------------- Viimeisin virallinen versio dokumentista on Debianin arkistoissa paketissa `debian-reference-fi' ja se on myös saatavissa osoitteesta: http://www.debian.org/doc/manuals/debian-reference/. Viimeisin kehitysversio löytyy osoitteesta: http://qref.sourceforge.net/Debian/. Projektin kotisivu on http://qref.sourceforge.net/, jolta tämä dokumentti löytyy seuraavissa formaateissa: tavallinen teksti, HTML, PDF, SGML ja PostScript. 1.2. Dokumentin käytännöt ------------------------- Tämä Debian-referenssi esittää ohjeet lyhyinä `bash'-komentotulkin komentoina. Dokumentissa käytetään seuraavia käytäntöjä: # komento pääkäyttäjän tunnuksella $ komento käyttäjän tunnuksella ... toiminnon kuvaus Näissä komentoriviesimerkeissä `PS2=" "'. Lisätietoja `bash':sta on kappaleessa Kohta 13.2.1, `Bash -- _GNU_ standard interactive shell'. Viitteet * UNIX-tyylisiin _ohjesivuihin_ on esitetty muodossa: bash(1) ja * GNU _TEXINFO-sivuihin_ muodossa: `info libc'. * _Kirjoihin_ muodossa: _The C Programming Language_. * _URL:eihin_ muodossa: http://www.debian.org/doc/manuals/debian-reference/. * järjestelmän _tiedostoihin_ muodossa: `/usr/share/doc/Debian/reference/'. Käytössä on seuraavat lyhenteet: * _LDP_: Linux Documentation Project eli Linux-dokumentointiprojekti (http://www.tldp.org/) * _DDP_: Debian Documentation Project eli Debian-dokumentointiprojekti (http://www.debian.org/doc/) Muut lyhenteet on määritelty tekstissä ennen niiden käyttöä. Tässä dokumentissa LDP-dokumentteihin on annettu vain URL-viitteet. LDP-dokumentit on kuitenkin myös paketoitu Debianille. Kun paketit on asennettu, dokumentit löytyvät hakemistosta `/usr/share/doc/HOWTO/'. Katso Kohta 15.1, `References'. 1.3. Esimerkkiskriptit ---------------------- Dokumentin mukana tulevat esimerkkiskriptit (http://www.debian.org/doc/manuals/debian-reference/examples/) löytyvät hakemistosta `/usr/share/doc/Debian/reference/examples/'. Piilotettujen tiedostojen nimien alussa oleva "." on vaihdettu alaviivaksi "_". Tiedostonimiin on lisätty ylimääräinen pääte, jos tiedostosta on tarjolla useampia vaihtoehtoja. 1.4. Perusasetukset ------------------- Jos järjestelmä on asennettu minimimäärällä paketteja ja tästä dokumentista halutaan ottaa kaikki irti, kannattaa ajaa seuraavat komennot muiden hyödyllistä dokumentaatiota sisältävien pakettien asentamiseksi. # aptitude install mc less ssh vim kernel-package \ manpages-dev doc-debian doc-linux-text \ debian-policy developers-reference maint-guide \ apt-howto harden-doc debian-reference \ libpam-doc glibc-doc samba-doc exim4-doc-html 1.5. Debian-jakeluiden perusteet -------------------------------- Debian ylläpitää kolmea eri jakelua yhtäaikaisesti. Nämä ovat: * `stable' --- Hyödyllisin tuotantopalvelimilla, koska sitä päivitetään vain tietoturvapäivityksillä. Katso Kohta 2.1.3, ``stable'-jakeluversio'. * `testing' --- Suositeltu jakelu työasemille, koska se sisältää työpöytäohjelmien tuoreita, mutta jonkin verran testattuja versioita. Katso Kohta 2.1.4, ``testing'-jakeluversio'. * `unstable' --- Uusinta uutta. Debianin kehittäjien valinta. Katso Kohta 2.1.5, ``unstable'-jakeluversio'. Kun `unstable'-jakelun paketeista ei ensimmäisen noin viikon aikana löydetä julkaisukriittisiä virheitä, ne siirretään automaattisesti `testing'-jakeluun. Debian-jakeluilla on myös koodinimet, jotka on kuvattu kappaleessa Kohta 2.1.7, `Debianin jakeluversioiden koodinimet'. Ennen Sargen julkaisua kesäkuussa 2005, kolme jakelua olivat Woody (stable), Sarge (testing) ja Sid (unstable). Sargen julkaisun jälkeen kolme jakelua olivat vastaavasti Sarge, Etch ja Sid. Kun Etch julkaistaan, `stable' ja `unstable' julkaisut ovat Etch ja Sid. Tällöin luodaan uusi `testing'-jakelu (aluksi se on kopio `stable':sta) ja sille annetaan uusi koodinimi. Jos haluat sähköpostia Debiania koskevista tärkeistä tiedotuksista, liity hiljaiselle sähköpostilistalle `debian-devel-announce@lists.debian.org'. Katso Kohta 2.1, `Debian-arkistot'. Jos haluat käyttää paketeista uudempia versioita kuin niitä, jotka julkaistiin julkaistaessa käyttämääsi jakelua, voit joko päivittää järjestelmäsi uudempaan jakeluun kappaleen Luku 5, `Päivittäminen jakeluun `stable', `testing' tai `unstable'' ohjeiden mukaan tai päivittää vain valitsemasi paketit. Jos pakettia ei saa helposti päivitettyä, saatat haluta rakentaa paketin uudelleen (backport) kappaleen Kohta 6.4.10, `Paketin sovittaminen `stable'-järjestelmään' ohjeiden mukaan. `testing'-jakelun seuraamisen sivuvaikutuksena tietoturvapäivityksiä sisältävien pakettien asennus saattaa viivästyä. Tämä johtuu siitä, että paketit ladataan ensin jakeluun `unstable' ja ne siirtyvät `testing'-jakeluun viiveellä. Jos paketteja käytetään sekaisin eri jakeluista esim. `testing':stä ja `stable':sta tai `unstable':sta ja `stable':sta, päivittyvät peruspaketit kuten `libc6' lähes pakolla jossain vaiheessa `testing'- tai `unstable'-versioihin, jotka saattavat sisältää virheitä. Varoitus on annettu. `testing'- tai `unstable'-jakeluiden käyttäminen lisää vakavien virheiden riskiä. Tätä riskiä voidaan hallita laittamalla tietokoneelle monikäynnistys, jossa toisena vaihtoehtona on vakaampi Debian-jakelu, tai käyttämällä `chroot'-ohjelmaa kappaleessa Kohta 8.6.35, ``chroot'' kuvatulla tavalla. Jälkimmäinen mahdollistaa eri Debian-jakeluiden ajamisen samanaikaisesti eri konsoleissa. Debian-jakeluiden perusteet on selitetty kappaleessa Luku 2, `Debianin perusteet', jonka jälkeen kerrotaan perustietoa uusimpien ohjelmien käytöstä ja `testing'- ja `unstable'-jakeluiden hyödyistä Debianissa. Kärsimättömien kannattaa siirtyä suoraan kappaleeseen Kohta 6.3, `Debianin selviytymiskomennot'. Hauskoja päivityksiä! ------------------------------------------------------------------------------- 2. Debianin perusteet --------------------- Tämä kappale tarjoaa tavallisille käyttäjille perustietoa Debian käyttöjärjestelmästä. Virallista tietoa löydät seuraavista oppaista: * Debian Policy Manual * Debian Developer's Reference * Debian New Maintainers' Guide Nämä on listattu kappaleessa Kohta 15.1, `References'. Jos etsit yleisluontoisempia selityksiä ja esimerkkejä, katso lukua Luku 6, `Debianin pakettienhallinta' tai muita relevantteja lukuja. Tämä luku perustuu "Debian FAQ" -oppaaseen. Debian-ylläpitäjien alkuun pääsemisen helpottamiseksi ohjeiden järjestystä on muutettu huomattavasti 2.1. Debian-arkistot -------------------- 2.1.1. Hakemistorakenteet ------------------------- Debiania varten pakatut ohjelmat ovat saatavissa FTP:llä tai HTTP:llä jokaiselta Debianin peilipalvelimelta (http://www.debian.org/mirror/) jostain hakemistopuusta. Seuraavat hakemistot löytyvät jokaiselta Debianin peilipalvelimelta hakemiston `debian' alta. `dists/': Tässä hakemistossa ovat "jakeluversiot" ja täältä hakeminen oli ennen kanoninen tapa saada tarjolla olevia Debianin julkaisuversioiden paketteja. Joitain vanhoja paketteja sekä tiedostot `Contents-*.gz' ja `Packages.gz' löytyvät vielä täältä. `pool/': Debianin julkaisuversioiden kaikkien pakettien uusi fyysinen sijainti. `tools/': DOS-apuohjelmia käynnistyslevykkeiden tekemiseen, kiintolevyn osiointiin, tiedostojen pakkaamiseen ja purkamiseen sekä Linuxin käynnistämiseen `doc/': Debianin perusdokumentaatio, kuten FAQ (usein kysytyt kysymykset), ohjeet ohjelmavirheiden ilmoittamiseen, jne. `indices/': Tiedosto pakettien ylläpitäjistä ja override-tiedostot. `project/': Lähinnä ohjelmakehittäjille tarkoitettua materiaalia, kuten: `project/experimental/': Tämä hakemisto sisältää paketit ja apuohjelmat, joita kehitetään edelleen ja jotka ovat vielä alfa-testausvaiheessa. Näitä paketteja ei tulisi käyttää, koska ne voivat olla vaarallisia ja haitallisia jopa kokeneimmille käyttäjille. `project/orphaned/': Paketit, jotka niiden ylläpitäjä on hylännyt, ja jotka on poistettu jakelusta. 2.1.2. Debianin jakeluversiot ----------------------------- Normaalisti `dists' hakemistossa on kolme Debianin jakeluversiota. Niiden nimet ovat `stable' (vakaa), `testing' (testattava) ja `unstable' (epävakaa) jakelu. Joskus siellä oli myös `frozen' (jäädytetty) jakeluversio (joka nykyään on vain testing-version tietty kehitysvaihe). Kukin jakeluversio on määritelty symbolisena linkkinä koodinimellä varustettuun hakemistoon `dists'-hakemistossa. 2.1.3. `stable'-jakeluversio ---------------------------- `stable'-jakeluversioon, Debian Sarge (3.1r0), lähetetyt paketit tallennetaan `stable'-hakemistoon (joka on symbolinen linkki hakemistoon `sarge/'). * `stable/main/': Tässä hakemistossa ovat pakettien uusimpaan viralliseen Debian-jakeluun kuuluvat versiot. Nämä paketit ovat kaikki vapaita, mikä tarkoittaa että ne noudattavat Debianin vapaiden ohjelmistojen ohjeistoa (http://www.debian.org/social_contract#guidelines) (DFSG). (Ohjeisto löytyy myös paketin `debian-doc' asentamana hakemistosta `/usr/share/doc/debian/social-contract.txt'.) * `stable/non-free/': Tässä hakemistossa olevat paketit eivät ole vapaita DFSG:n määritelmän mukaan. Joidenkin pakettien lisenssit esimerkiksi kieltävät kaupallisen levityksen. Toisia taas saa levittää eteenpäin, mutta ne ovat maksullisia julkisohjelmia. * `stable/contrib/': Tässä hakemistossa olevat paketit ovat itse vapaita DFSG:n mukaisesti, mutta ovat riippuvaisia jostain paketista, joka _ei_ ole vapaa. Ylläolevien sijaintien lisäksi fyysiset paketit sijaitsevat nykyään hakemistossa `pool' (Kohta 2.1.10, ``pool'-hakemisto'). `stable'-jakelun tämänhetkiset ongelmat raportoidaan verkkosivulla Stablen ongelmat (http://ftp-master.debian.org/testing/stable_probs.html). 2.1.4. `testing'-jakeluversio ----------------------------- `testing'-jakeluversioon, Debian Etch, lähetetyt paketit tallennetaan `testing'-hakemistoon (joka on symbolinen linkki hakemistoon `etch/'), kun niitä on jonkin aikaa testattu `unstable'-jakelussa. Fyysiset paketit sijaitsevat nykyään hakemistossa `pool' (Kohta 2.1.10, ``pool'-hakemisto'). `testing/'-hakemistossa on myös alihakemistot `main', `contrib' ja `non-free', jotka vastaavat `stable/'-jakelun alihakemistoja. Näistä paketeista tulee aina olla sama versio kaikilla laitearkkitehtuureilla, joilla ne on käännetty ja pakettien tulee olla asentuvia. Niissä tulee myös olla vähemmän julkaisukriittisiä virheitä kuin `unstable'-jakelussa olevissa versioissa. Tällä pyritään siihen, että `testing'-jakelu olisi aina lähes valmis julkaisuversiokandidaatti. Lisää tietoa testausmekanismeista on sivulla http://www.debian.org/devel/testing. `testing'-jakelun tilasta kerrotaan seuraavilla sivuilla: * päivitysselitykset (http://ftp-master.debian.org/testing/update_excuses.html) * testausongelmat (http://ftp-master.debian.org/testing/testing_probs.html) * julkaisukriittiset virheet (http://bugs.debian.org/release-critical/) * perusjärjestelmän virheet (http://bugs.qa.debian.org/cgi-bin/base.cgi) * standard- (vakio-) ja task- (tehtävä-) pakettien virheet (http://bugs.qa.debian.org/cgi-bin/standard.cgi) * muut virheet ja virheidenkorjaustalkoiden muistiinpanot (http://bugs.qa.debian.org/) 2.1.5. `unstable'-jakeluversio ------------------------------ `unstable'-jakeluversioon, jonka nimi on aina "Sid", lähetetyt paketit tallennetaan `unstable'-hakemistoon (joka on symbolinen linkki hakemistoon `sid/'), kun ne kopioidaan Debian-arkistoon. Paketit pysyvät hakemistossa kunnes ne siirretään `testing/'-hakemistoon. Fyysiset paketit sijaitsevat nykyään hakemistossa `pool' (Kohta 2.1.10, ``pool'-hakemisto'). `unstable/'-hakemistossa on myös alihakemistot `main', `contrib' ja `non-free', jotka vastaavat `stable/'-jakelun alihakemistoja. `unstable'-jakelu on vedos uusimmasta kehitysversiosta. Käyttäjät ovat tervetulleita testaamaan ja käyttämään näitä paketteja, mutta paketit eivät välttämättä ole kovin valmiita. `unstable'-jakelun käytön etu on se, että käytössäsi on aina Debian-projektin uusin versio; haittapuoli on se, että jos jokin hajoaa, olet omillasi. `unstable'-jakelun virheiden tilaa raportoidaan verkkosivulla Unstablen ongelmat (http://ftp-master.debian.org/testing/unstable_probs.html). 2.1.6. `frozen'-jakeluversio ---------------------------- Kun `testing'-jakelu on tarpeeksi hyvässä kunnosssa, se jäädytetään, mikä tarkoittaa ettei siihen hyväksytä enää uutta koodia, vaan ainoastaan mahdollisia virheiden korjauksia. Tällöin myös luodaan uusi testing-hakemisto `dists'-hakemistoon ja sille annetaan uusi koodinimi. Jäädytettyä jakeluversiota testataan muutaman kuukauden ajan muuttaen ja testaten sitä vuorotellen "testisykleissä". Jäädytetyn jakelun yhteydessä pidetään kirjaa pakettien virheistä, jotka voivat viivästyttää paketin julkaisua tai estää koko jakelun julkaisun. Kun virheiden määrä laskee alle hyväksyttävän enimmäismäärän, jäädytetystä jakelusta tulee uusi `stable', se julkaistaan ja edellinen vakaa jakelu jää käytöstä (ja se siirretään arkistoon). 2.1.7. Debianin jakeluversioiden koodinimet ------------------------------------------- Fyysiset hakemistonimet `dists'-hakemistossa, kuten `sarge/' ja `etch/', ovat vain "koodinimiä". Kun Debianin jakelu on kehitysvaiheessa, sillä ei ole versionumeroa vaan koodinimi. Näiden koodinimien tarkoituksena on tehdä Debianin jakeluiden peilaamisesta helpompaa. (Jos todellisen hakemiston kuten `unstable':n nimi vaihtuisi yhtäkkiä `stable/':ksi, paljon tavaraa tarvitsisi turhaan ladata uudestaan.) Tällä hetkellä `stable/' on symbolinen linkki hakemistoon `sarge/' ja `testing/' on symbolinen linkki hakemistoon `etch/'. Tämä tarkoittaa, että `Sarge' on tämänhetkinen vakaa jakeluversio ja `Etch' on tämänhetkinen testattava jakeluversio. `unstable/' on pysyvä linkki hakemistoon `sid/', koska epävakaa jakeluversio on aina nimeltään Sid. 2.1.8. Aikaisemmin käytetyt koodinimet. --------------------------------------- Seuraavat koodinimet on jo käytetty: "Buzz" versiolle 1.1, "Rex" versiolle 1.2, "Bo" versiolle 1.3.x, "Hamm" versiolle 2.0, "Slink" versiolle 2.1, "Potato" versiolle 2.2, "Woody" versiolle 3.0 ja "Sarge" versiolle 3.1. 2.1.9. Koodinimien lähde ------------------------ Tähän mennessä kaikki koodinimet ovat Pixarin elokuvasta _Toy Story_. * _Buzz_ (Buzz Lightyear) oli avaruusmies, * _Rex_ oli tyrannosaurus, * _Bo_ (Bo Peep) oli lampaista huolehtiva tyttö, * _Hamm_ oli säästöpossu, * _Slink_ (Slinky Dog) oli lelukoira, * _Potato_ oli Mr. Potato Head -nukke, * _Woody_ oli karjapaimen, * _Sarge_ oli vihreiden muovisotilaiden johtaja, * _Etch_ (Etch-a-Sketch) oli piirtolelu, * _Sid_ oli naapurin poika, joka hajotti leluja. 2.1.10. `pool'-hakemisto ------------------------ Aikaisemmin paketit olivat `dists'-hakemiston alihakemistoissa sen mukaan mihin jakeluversioon ne kuuluivat. Tästä aiheutui erinäisiä ongelmia, muun muassa suuria latausmääriä peilipalvelimilla, kun suuria muutoksia tehtiin. Nykyään paketit pidetään suuressa "altaassa", joka on organisoitu lähdekoodipakettien nimien mukaan. Jotta allas olisi hallittavissa, se on jaettu osaston (`main', `contrib' ja `non-free') ja lähdekoodipaketin nimen ensimmäisen kirjaimen mukaan alihakemistoihin. Näissä hakemistoissa on useita tiedostoja: binääripaketit jokaiselle laitearkkitehtuurille ja lähdekoodipaketit, joista binääripaketit on käännetty. Kunkin paketin sijainti löytyy komennon `apt-cache showsrc ' tulosteen riviltä "Directory:". Esimerkiksi `apache'-ohjelman paketit löytyvät hakemistosta `pool/main/a/apache/'. Koska `lib*'-nimisiä paketteja on niin paljon, niitä käsitellään hieman eri tavalla. Esimerkiksi `libpaper'-paketit ovat hakemistossa `pool/main/libp/libpaper/'. Jotkin ohjelmat, kuten `apt', käyttävät `dists'-hakemistoja edelleen tiedostojen indeksoimiseen. Normaalisti käyttäjän ei tarvitse huolehtia näistä, sillä uudempi `apt' -ohjelma ja luultavasti myös vanhempi `dpkg-ftp'-ohjelma hoitavat kaiken automaattisesti. Lisätietoa löytyy dokumentista RFC: implementation of package pools (http://lists.debian.org/debian-devel-announce/2000/debian-devel-announce-200010/msg00007.html). 2.1.11. Sid-jakelun historiaa ----------------------------- Kun nykyistä Sidiä ei ollut, Debianin arkistosivuston organisoinnissa oli yksi suuri ongelma: oletuksena oli, että kun arkkitehtuuri lisättiin sen hetkiseen `unstable/'-hakemistoon, se julkaistaisiin kun kyseisestä jakelusta tulisi uusi `stable'. Monien arkkitehtuurien kohdalla näin ei käynyt ja hakemistoja piti siirtää julkaisun aikaan. Tämä oli epäkäytännöllistä, koska siirto kulutti paljon siirtokapasiteettia. Arkiston ylläpitäjät kiersivät ongelmaa useita vuosia laittamalla julkaisemattomien arkkitehtuurien binääreitä erityiseen hakemistoon nimeltä `sid'. Kun jokin arkkitehtuuri julkaistiin ensimmäisen kerran, sen hetkisestä `stable/'-hakemistosta oli linkki hakemistoon `sid/' ja siitä eteenpäin binäärit luotiin normaalisti `unstable/'-hakemistoon. Tämä malli oli käyttäjille jossain määrin hämmentävä. Siirryttäessä pakettialtaisiin (katso Kohta 2.1.10, ``pool'-hakemisto') Woody-julkaisuversion kehityksen aikaan, binääripaketteja alettiin säilyttää kanonisessa paikassa altaassa riippumatta jakelusta. Tällöin version julkaisu ei enää aiheuta suuria latausmääriä (vaikka kehityksen aikana siirtokapasiteetin kulutus onkin suurempaa). 2.1.12. Palvelimelle ladatut paketit `incoming/'-hakemistossa. -------------------------------------------------------------- Palvelimelle ladatut paketit laitetaan hakemistoon http://incoming.debian.org/, kun on ensin tarkistettu, että ne todella tulevat joltain Debian-kehittäjältä. (Ne laitetaan alihakemistoon `DELAYED', jos lataaja ei ole kyseisen paketin ylläpitäjä (ns. Non-Maintainer Upload eli NMU).) Kerran päivässä paketit siirretään hakemistosta `incoming/' hakemistoon `unstable'. Hätätilanteessa saatat haluta asentaa paketteja hakemistosta `incoming/' jo ennen kuin ne ehtivät hakemistoon `unstable/'. 2.1.13. Vanhempien pakettien hakeminen -------------------------------------- Uusimpia Debian-jakeluita säilytetään `debian'-hakemistossa jokaisella Debian-peilipalvelimella (http://www.debian.org/mirror/), kun taas vanhempien Debian-jakeluiden, esimerkiksi Slinkin, arkistoja säilytetään osoitteessa http://archive.debian.org/ tai hakemistossa `debian-archive' Debianin peilipalvelimilla. Vanhemmat `testing'- ja `unstable'-paketit löytyvät osoitteesta http://snapshot.debian.net/. 2.1.14. Laitearkkitehtuuriosiot ------------------------------- Jokaisen päähakemistopuun (`dists/stable/main', `dists/stable/contrib', `dists/stable/non-free', `dists/unstable/main', jne.) sisällä binääripakettien kuvaukset ovat alihakemistoissa, joiden nimet kertovat laitearkkitehtuurin, jota varten paketit on käännetty. * `binary-all/' paketeille, jotka ovat riippumattomia arkkitehtuurista. Tällaisia ovat esimerkiksi Perl-skriptit ja puhdas dokumentaatio. * `binary-/' paketeille, joita voi suorittaa tietyllä alustalla. Huomaa, että todelliset binääripaketit eivät nykyään enää ole näissä hakemistoissa vaan päätason `pool'-hakemistossa. Indeksitiedostot (`Packages' ja `Packages.gz') on jätetty hakemistoihin taaksepäin yhteensopivuuden takaamiseksi. Lista tuetuista laitearkkitehtuureista löytyy kunkin jakeluversion julkistusmuistiosta (stable (http://www.debian.org/releases/stable/releasenotes), testing (http://www.debian.org/releases/testing/releasenotes)). 2.1.15. Lähdekoodi ------------------ Debian-systeemin kaikkien osien lähdekoodi on sisällytetty järjestelmään. Lisäksi useimpien järjestelmän ohjelmien lisenssi _vaatii_, että niiden lähdekoodia levitetään ohjelman mukana tai että ohjelman mukana kerrotaan kuinka lähdekoodin voi saada. Yleensä lähdekoodeja pidetään joko `source'-hakemistoissa, jotka sijaitsevat kaikkien arkkitehtuurispesifisten binäärihakemistojen rinnalla, tai nykyään `pool'-hakemistossa (Kts. Kohta 2.1.10, ``pool'-hakemisto'). Hakeaksesi paketin lähdekoodin tuntematta Debian-arkiston rakennetta, käytä komentoa `apt-get source '. Jotkin paketit, esimerkiksi `pine', ovat saatavissa ainoastaan lähdekoodipakettina lisenssirajoitusten takia. (Äskettäin Pinen asennusta helpottamaan on luotu paketti `pine-tracker'.) Kappaleissa Kohta 6.4.10, `Paketin sovittaminen `stable'-järjestelmään' ja Kohta 13.10, `Packaging' kerrotaan tavoista kääntää paketti manuaalisesti. Hakemistoissa `contrib' ja `non-free' olevien, muodollisesti Debian-järjestelmään kuulumattomien, pakettien lähdekoodi saattaa olla saatavissa tai sitten ei. 2.2. Debianin pakettienhallintajärjestelmä ------------------------------------------ 2.2.1. Debian-pakettien yleiskuvaus ----------------------------------- Paketit yleensä sisältävät kaikki joidenkin tiettyjen komentojen tai ominaisuuksien toteuttamiseen tarvittavat tiedostot. Debian-paketteja on olemassa kahdenlaisia: * _Binääripaketteja_, jotka sisältävät suoritettavia tiedostoja, asetustiedostoja, man/info-ohjesivuja, tekijänoikeustietoja ja muuta dokumentaatiota. Näitä paketteja levitetään Debianin omassa arkistointiformaatissa (kts. Kohta 2.2.2, `Debian-pakettien formaatti'). Ne tunnistaa yleensä `.deb'-tiedostopäätteestä. Binääripaketit voi purkaa Debian-apuohjelmalla `dpkg', jonka yksityiskohtaisemmat ohjeet löytyvät sen ohjesivulta. * _Lähdekoodipaketteja_, jotka sisältävät lähdekoodipaketin sisällön kuvaavan `.dsc'-tiedoston (kertoo myös seuraavien tiedostojen nimet), tar-formaatissa olevan ja gzip-pakatun, alkuperäisen ja muuttamattoman lähdekooditiedoston `.orig.tar.gz', sekä yleensä `.diff.gz'-tiedoston, joka sisältää alkuperäiseen lähdekoodiin Debiania varten tehdyt muutokset. Apuohjelmalla `dpkg-source' voi pakata ja purkaa Debian-lähdekoodipaketteja. Tarkemmat ohjeet löytyvät ohjelman ohjesivulta. Ohjelmia asennettaessa pakettienhallintajärjestelmä käyttää pakettien ylläpitäjien asettamia "riippuvuuksia". Nämä riippuvuudet kuvataan jokaisen paketin mukana olevassa `control'-tiedostossa. Esimerkiksi GNU C-kääntäjän sisältävä paketti (`gcc') on riippuvainen paketista `binutils', joka sisältää linkittäjän ja kokoajan. Jos käyttäjä yrittää asentaa paketin `gcc' asentamatta ensin pakettia `binutils', pakettienhallintajärjestelmä (dpkg) pysähtyy ja tulostaa virheilmoituksen jossa se kertoo tarvitsevansa myös paketin `binutils'. Käyttäjän on kuitenkin mahdollista ohittaa tämä toiminnallisuus (kts. dpkg(8)). Lisätietoja löytyy alta kappaleesta Kohta 2.2.8, `Pakettien riippuvuudet'. Debianin paketointityökaluja voidaan käyttää * pakettien tai niiden osien hallintaan ja muunteluun, * pakettien osiin jakamiseen, jos on tarve siirtää niitä rajallisen kokoisella tallennusmedialla kuten levykkeillä, * kehittäjien apuna pakettiarkistoa rakennettaessa ja * pakettien asentamiseen etänä Debianin arkistosivustolta. 2.2.2. Debian-pakettien formaatti --------------------------------- Debianin "paketti" eli pakattu tiedosto sisältää tiettyyn ohjelmistoon tai toisiinsa liittyviin ohjelmiin kuuluvia suoritettavia tiedostoja, ohjelmakirjastoja ja dokumentaatiota. Yleensä Debianin pakettien tiedostopääte on `.deb'. [1] Debianin binääripakettien sisällön formaatti on kuvattu ohjesivulla deb(5). Koska pakettien tämä sisäinen formaatti saattaa vaihtua (Debianin julkaisuversioiden välillä), käytä aina ohjelmaa dpkg-deb(1) `.deb'-tiedostojen muuttamiseen. Ainakin Sarge-jakelussa kaikkia Debian-paketteja on voinut käsitellä Unixin peruskomennoilla `ar' ja `tar', vaikka `dpkg'-komennot eivät olisi käytettävissä. [1] `debian-installer'-projektin yhteydessä kehitettiin paketit, joiden tiedostopääte on `.udeb'. Nämä ovat mikro-`.deb' -paketteja, jotka eivät täysin noudata Debianin linjauksia, joista puuttuu mm. dokumentaatio, ja jotka on tarkoitettu ainoastaan `debian-installer'-ohjelman käyttöön. `.deb'- ja `.udeb'-pakettien tiedostomuodot ovat identtiset. `.udeb'-pakettien käsittelyyn käytetty `udpkg'-ohjelma on rajoittuneempi kuin standardi `dpkg' ja se tukee harvempia pakettien riippuvuussuhteita. Tiedostopääte vaihdettiin, koska Debian-arkiston ylläpitäjät eivät halunneet arkistoon `.deb'-päätteisiä paketteja, jotka eivät täyttäneet kaikkia paketeille asetettuja vaatimuksia. Uusi tiedostopääte korostaa eroa ja pienentää mahdollisuutta, että käyttäjät tahattomasti asentaisivat näitä paketteja oikeisiin järjestelmiin. `.udeb'-paketteja käytetään perusasennuksen aikana hyvin rajoitetun Debian-järjestelmän luomiseen. 2.2.3. Debianin pakettitiedostojen nimeämiskäytännöt ---------------------------------------------------- Debian-pakettien tiedostonimet noudattavat seuraavaa käytäntöä: _-_.deb jossa, yleensä, on paketin nimi, on ohjelman versionumero, on Debian-version muutosnumero ja kohdelaitearkkitehtuuri. Pakettien nimiä on tietysti helppo muuttaa. Tiedoston todella sisältämän paketin saat selville komennolla: dpkg --info Debian-version muutosnumeron määrittää Debian-kehittäjä, tai kuka tahansa paketin paketoi. Muutosnumeron muuttaminen yleensä merkitsee, että paketointitapa on jollain tavalla muuttunut. 2.2.4. Paikallisten asetusten säilyttäminen ------------------------------------------- Paikallisen ylläpitäjän muokattaviksi tarkoitettuja tiedostoja säilytetään hakemistossa `/etc/'. Debianin politiikka on, että kaikki paikallisesti muokattavien tiedostojen muutosten tulee säilyä pakettien päivityksessä. Jos paikallisesti muokattavan tiedoston oletusversio toimitetaan paketissa itsessään, tiedosto listataan "asetustiedostona". Pakettienhallintajärjestelmä ei kysymättä ylläpitäjän lupaa päivitä asetustiedostoja, joita ylläpitäjä on edellisen asennuksen jälkeen muokannut. Toisaalta, jos ylläpitäjä ei ole muokannut asetustiedostoa, se päivitetään muun paketin mukana. Lähes aina tämä on toivottavaa ja siksi asetustiedostoihin tehtävät muutokset kannattaa minimoida. Pakettiin kuuluvat asetustiedostot voi listata ajamalla seuraavan komennon. dpkg --status Lista löytyy riviltä: "Conffiles:". Lisätietoja asetustiedostoista löytyy dokumentista Debian Policy Manual kappaleesta "Configuration files". (Kts. Kohta 15.1, `References'). 2.2.5. Debianin ylläpitoskriptit -------------------------------- Debianin ylläpitoskriptit ovat suoritettavia komentotiedostoja, jotka ajetaan automaattisesti ennen tai jälkeen paketin asennuksen. Nämä tiedostot yhdessä `control'-nimisen tiedoston kanssa muodostavat Debian-paketin "hallintaosion" (control section). Ylläpitotiedostoja ovat: preinst Tämä skripti suoritetaan ennen kuin Debian-paketin (`.deb/') purkamista. Monet "preinst"-skriptit pysäyttävät päivitettäviin paketteihin liittyvät ajossa olevat palvelut kunnes asennus tai päivitys on valmis (eli "postint"-skripti on onnistuneesti suoritettu). postinst Tämä skripti tyypillisesti saattaa loppuun kaikki paketin tarvitsemat asetusten määrittelyt sen jälkeen, kun Debian-paketti (`.deb') on purettu. Usein "postinst"-skriptit pyytävät käyttäjältä syötteitä ja varoittavat käyttäjää siitä, että jos tämä hyväksyy oletusasetukset, hänen tulisi muistaa määrittää asetukset myöhemmin tarvittaessa uudelleen. Monet "postinst"-skriptit myös suorittavat tarvittavat komennot pakettiin liittyvien palveluiden käynnistämiseksi asennuksen tai päivityksen jälkeen. prerm Tämä skripti tyypillisesti pysäyttää kaikkien pakettiin liittyvät taustaohjelmat. Skripti suoritetaan ennen pakettiin liittyvien tiedostojen poistamista. postrm Tämä skripti tyypillisesti muokkaa pakettiin liittyviä linkkejä ja muita tiedostoja tai poistaa paketin luomia tiedostoja. (Kts. myös Kohta 2.2.7, `Virtuaaliset paketit'.) Nykyään kaikki hallintatiedostot löytyvät hakemistosta `/var/lib/dpkg/info'. Pakettiin `foo' liittyvien tiedostojen nimi alkaa "foo" ja niiden tiedostopääte on "preinst", "postinst", jne. Samassa hakemistossa oleva tiedosto `foo.list' listaa kaikki paketin `foo' kanssa asennetut tiedostot. (Huomaa, että näiden tiedostojen sijainti on ohjelman `dpkg' määrittelemä ja saattaa muuttua.) 2.2.6. Pakettien prioriteetit ----------------------------- Jokaiselle Debian-paketille annetaan jakelun ylläpitäjien toimesta _prioriteetti_ auttamaan pakettienhallintajärjestelmää. Prioriteetteja ovat: * _Required_-paketit (vaadittavat) tarvitaan, jotta järjestelmä toimii oikein. Tähän sisältyvät kaikki työkalut, joita tarvitaan järjestelmän vikojen korjaamiseen. Näitä paketteja ei tule poistaa tai järjestelmä saattaa hajota niin ettei edes ohjelmaa `dpkg' voida käyttää aiemman tilanteen palauttamiseen. Järjestelmä, jossa on ainoastaan Required-paketit on luultavasti riittämätön useimpiin tarkoituksiin, mutta mahdollistaa ylläpitäjälle järjestelmän käynnistämisen uudelleen ja uusien ohjelmien asentamisen. * _Important_-paketit (tärkeät) tulisi löytyä jokaisesta Unixin kaltaisesta järjestelmästä. Muilla paketeilla, joita ilman järjestelmä ei toimi hyvin tai ole käyttökelpoinen, on tämä prioriteetti. Tämä _ei_ sisällä Emacsia, X11:sta tai TeX:ä tai mitään muuta suurta ohjelmaa. Nämä paketit tarjoavat vain perusrakenteen. * _Standard_-paketit (vakio) ovat tavallisia kaikissa Linux-järjestelmissä ja sisältävät melko pienen, mutta ei liian rajoitetun komentoriviltä käytettävän järjestelmän. Nämä paketit asennetaan oletuksena, jos käyttäjä ei valitse mitään muuta. "Standard" ei sisällä monia suuria ohjelmia, mutta sisältää Emacsin (joka on paremminkin osa systeemin perustaa kuin ohjelma) ja kohtuullisen osajoukon TeX:stä ja LaTeX:stö (jos tämä on mahdollista ilman X:ää). * _Optional_-paketit (valinnaiset) sisältävät kaiken sen, mitä käyttäjä saattaisi haluta asentaa, vaikkei ohjelmia tuntisikaan, jos hänellä ei ole mitään erityisvaatimuksia. Tämä sisältää X11:sta, täyden TeX-jakelun ja paljon ohjelmia. * _Extra_-paketit joko ovat yhteensopimattomia jonkin korkeamman prioriteetin paketin kanssa, ovat tarpeettomia käyttäjille, jotka eivät niitä tunne, tai niillä on erityisvaatimuksia, joiden takia ne eivät saa prioriteettia "Optional". Huomaa erot pakettikuvauksissa seuraavien välillä: "Priority: required", "Section: base" ja "Essential: yes". "Section: base" tarkoittaa, että paketti asennetaan ennen kaikkea muuta uudessa järjestelmässä. Useimmilla "Section: base"-paketeilla on "Priority: required" tai ainakin "Priority: important" ja monet niistä on merkitty tunnisteella "Essential: yes". "Essential: yes" tarkoittaa, että poistettaessa pakettia järjestelmästä pakettienhallintaohjelmalle kuten `dpkg' täytyy antaa ylimääräinen pakotusvalitsin, jotta poisto onnistuu. Esimerkiksi paketeilla `libc6', `mawk' ja `makedev' on "Priority: required" ja "Section: base", mutta ei tunnistetta "Essential: yes". 2.2.7. Virtuaaliset paketit --------------------------- Virtuaalinen paketti on yleinen nimi, jolla tarkoitetaan mitä tahansa yhtä pakettia joukosta paketteja, jotka kaikki tarjoavat saman perustoiminnallisuuden. Esimerkiksi ohjelmat `tin' ja `trn' ovat molemmat tarkoitettu uutisryhmien lukemiseen ja niinpä kumpi tahansa niistä täyttää sellaisen ohjelman tarpeen, joka toimiakseen vaatii, että järjestelmässä on uutisryhmien lukuohjelma. Näin ollen molempien ohjelmien sanotaan tarjoavan virtuaalisen paketin nimeltä `news-reader' (uutislukija). Vastaavasti monet paketit kuten `exim', `exim4', `sendmail' ja `postfix' tarjoavat toiminnallisuuden sähköpostin välitykseen. Niinpä sanotaan, että ne tarjoavat virtuaalisen paketin `mail-transport-agent' (sähköpostin välitysohjelma). Jos mikä tahansa niistä on asennettuna, tämän virtuaalisen paketin olemassaolo riittää ohjelmalle, jolle on määritelty riippuvuus sähköpostin välitysohjelmaan, Jos systeemiin on asennettuna useampia paketteja, jotka tarjoavat saman virtuaalisen paketin, järjestelmän ylläpitäjä voi valita yhden näistä ensisijaisesti käytettäväksi. Valinta tehdään komennolla `update-alternatives', joka on tarkemmin kuvattu kappaleessa Kohta 6.5.3, `Vaihtoehtoiset komennot'. 2.2.8. Pakettien riippuvuudet ----------------------------- Debianin pakettienhallintajärjestelmä käyttää riippuvuusilmoituksia, joilla ilmaistaan, että toimiakseen oikein tai paremmin paketti vaatii, että jokin toinen paketti on asennettuna. * Paketti A _riippuu_ (_Depends_) paketista B, jos B:n tulee ehdottomasti olla asennettuna, jotta A olisi käyttökelpoinen. Joissain tapauksissa A ei ole riippuvainen ainoastaan B:stä, vaan jostain tietystä B:n versiosta. Tällaisessa tapauksessa riippuvuus määritellään yleensä alarajana, joka tarkoittaa, että myös B:n uudemmat versiot kelpaavat. * Paketti A _suosittelee_ (_Recommends_) pakettia B, jos paketin ylläpitäjä arvelee, että suurin osa käyttäjistä ei halua pakettia A ilman jotain paketin B tarjoamaa toiminnallisuutta. * Paketti A _ehdottaa_ (_Suggests_) pakettia B, jos B sisältää pakettiin A liittyviä tiedostoja tai parantaa sen toiminnallisuutta. Sama riippuvuus ilmaistaan ilmoittamalla, että paketti B _parantaa_ (_Enhances_) pakettia A. * Paketti A _törmää_ (_Conflicts_) paketin B kanssa, kun A ei toimi kunnolla, jos B on asennettuna. Tämän riippuvuuden yhteydessä usein määritellään riippuvuus "korvaa". * Paketti A _korvaa_ (_Replaces_) paketin B, kun B:n asentamat tiedostot poistetaan tai korvataan A:n tiedostoilla. * Paketti A _tarjoaa_ (_Provides_) paketin B, kun kaikki B:n toiminnallisuus ja tiedostot sisältyvät A:han. Tarkempia tietoja näiden termien käytöstä löytyy dokumenteista _Packaging Manual_ ja _Policy Manual_. Huomaa, että ohjelmissa `dselect' ja `aptitude' voi tarkemmin määrätä riippuvuuksilla _Recommends_ ja _Suggests_ merkittyjen pakettien asennusta kuin ohjelmassa `apt-get', joka vain asentaa kaikki _Depends_-vaatimuksella merkityt paketit ja jättää _Recommends_- ja _Suggests_-merkityt paketit asentamatta. Molempien ohjelmien uudemmat versiot pohjautuvat APT:iin. 2.2.9. Riippuvuuden "Pre-Depends" ("esi-riippuvuus") merkitys ------------------------------------------------------------- `dpkg' aina määrittää paketin asetukset ennen kuin se määrittää paketista riippuvan toisen paketin asetukset. Normaalisti `dpkg' kuitenkin purkaa paketit satunnaisessa järjestyksessä, johon ei vaikuta pakettien väliset riippuvuudet. (Purkuprosessi koostuu tiedostojen paketista purkamisesta ja niiden siirtämisestä oikeisiin paikkoihin. Kuitenkin, jos paketille on määritetty "Pre-Depends"-riippuvuus jostain toisesta paketista, tämä toinen paketti puretaan ja sen asetukset määritetään ennen kuin siitä riippuva paketti edes puretaan. [1] Tämän riippuvuuden käyttö pyritään minimoimaan. [1] Tämä mekanismi kehitettiin, jotta `a.out'-formaatista ELF-formaattiin päivitettävät järjestelmät saadaan päivitettyä turvallisesti. Tällaisessa päivityksessä pakettien _purkujärjestys_ oli oleellinen. 2.2.10. Paketin tila -------------------- Paketin tila voi olla "unknown" (tuntematon), "install" (asenna), "remove" (poista), "purge" (siivoa) tai "hold" (säilytä). Nämä "liput" kertovat mitä käyttäjä on halunnut paketille tehdä (joko tehdessä valintoja ohjelman `dselect' valintaosiossa tai käyttäen suoraan ohjelmaa `dpkg'). Lippujen merkitykset ovat: * _unknown_ - käyttäjä ei ole koskaan kertonut haluaako hän paketin. * _install_ - käyttäjä haluaa, että paketti on asennettu tai päivitetty. * _remove_ - käyttäjä haluaa, että paketti poistetaan, mutta olemassa olevat asetustiedostot säilytetään. * _purge_ - käyttäjä haluaa, että paketti poistetaan kokonaan, mukaan lukien sen asetustiedostot. * _hold_ - käyttäjä haluaa, että paketin tilaa tai versiota ei muuteta mitenkään. 2.2.11. Pakettien päivittämisen estäminen ----------------------------------------- Pakettien päivittämisen estämiseen on kaksi tapaa ohjelmassa `dpkg', ja Woodystä alkaen ohjelmassa APT. Ohjelmassa `dpkg', tallenna ensin lista valituista paketeista: dpkg --get-selections \* > Sen jälkeen muuta tuloksena olevassa tiedostossa `' säilytettävän paketin, esimerkiksi `libc6', rivi muodosta: libc6 install muotoon: libc6 hold Tallenna tiedosto ja lataa se `dpkg':n tietokantaan komennolla: dpkg --set-selections < Jos tiedät säilytettävän paketin nimen, voit ajaa suoraan komennon: echo libc6 hold | dpkg --set-selections Tämä menetelmä säilyttää paketit kunkin paketin asennusvaiheessa. Saman voin tehdä ohjelmassa `dselect'. Etsi valintaosiossa ([S]elect) paketti, jonka nykyisen tilan haluat säilyttää ja paina näppäintä `=' (tai `H'). Muutokset tulevat voimaan heti, kun poistut valintaikkunasta. Woody:ssä ja sitä uudemmissa jakeluissa oleva APT-järjestelmä tarjoaa uuden vaihtoehtoisen mekanismin pakettien säilyttämiseen päivityksen aikana käyttäen `Pin-Priority'-järjestelmää. Katso ohjesivua apt_preferences(5) ja dokumenttia http://www.debian.org/doc/manuals/apt-howto/ tai pakettia `apt-howto'. 2.2.12. Lähdekoodipaketit ------------------------- Lähdekoodipaketteja levitetään hakemistossa `source', josta voit joko ladata ne manuaalisesti tai käyttää komentoa apt-get source niiden hakemiseen. (Katso ohjesivulta apt-get(8) kuinka tehdä tämä APT:lla.) 2.2.13. Binääripakettien rakentaminen lähdekoodipaketeista ---------------------------------------------------------- Kääntääksesi paketin `' tarvitset kaikki paketit `.dsc', `.tar.gz' ja `.gz'. (Suoraan Debianille tehdyille paketeille ei ole tiedostoa `.diff.gz'.) Kun sinulla on ne kaikki, jos paketti `dpkg-dev' on asennettuna, komento $ dpkg-source -x .dsc purkaa paketin hakemistoon `'. Anna seuraavat komennot paketoidaksesi binääripaketin: $ cd foo-versio $ su -c "apt-get update ; apt-get install fakeroot" $ dpkg-buildpackage -rfakeroot -us -uc Sitten: # su -c "dpkg -i ../.deb" asentaaksesi rakentamasi paketin. Katso Kohta 6.4.10, `Paketin sovittaminen `stable'-järjestelmään'. 2.2.14. Uusien Debian-pakettien teko ------------------------------------ Tarkat ohjeet uusien pakettien tekemisestä löytyvät dokumentista _New Maintainers' Guide_, jonka saat paketista `maint-guide' tai sivulta http://www.debian.org/doc/manuals/maint-guide/. 2.3. Debian-järjestelmän päivittäminen -------------------------------------- Yksi Debianin tavoitteista on tarjota sujuva, turvallinen ja luotettava päivitysprosessi. Pakettienhallintajärjestelmä varoittaa ylläpitäjää tärkeistä muutoksista ja pyytää joskus ylläpitäjää tekemään päätöksiä. Kannattaa myös lukea julkistusmuistio, joka toimitetaan kaikilla Debian-CD:illä ja on luettavissa verkossa sivulla http://www.debian.org/releases/stable/releasenotes tai http://www.debian.org/releases/testing/releasenotes. Käytännönläheinen opas päivittämiseen löytyy kappaleesta Luku 6, `Debianin pakettienhallinta'. Tässä kappaleessa ainoastaan hahmotellaan prosessi, alkaen paketointityökaluista. 2.3.1. `dpkg' ------------- Tämä on pääasiallinen ohjelma pakettitiedostojen käsittelyyn. Ohjesivu dpkg(8) tarjoaa ohjelman täyden kuvauksen. `dpkg' mukana tulee muutamia alkeellisia lisäohjelmia. * `dpkg-deb': `.deb'-tiedostojen käsittelyyn dpkg-deb(1) * `dpkg-ftp': Vanhempi pakettitiedostojen hakukomento dpkg-ftp(1) * `dpkg-mountable': Vanhempi pakettitiedostojen hakukomento dpkg-mountable(1) * `dpkg-split': Jakaa suuren paketin pienempiin osiin. dpkg-split(1) APT-järjestelmä on korvannut ohjelmat `dpkg-ftp' ja `dpkg-mountable'. 2.3.2. APT ---------- APT (the Advanced Packaging Tool eli kehittynyt paketointityökalu) on kehittynyt rajapinta Debianin pakettienhallintajärjestelmään. Se sisältää useampia ohjelmia, joiden nimet tyypillisesti alkavat "apt-". `apt-get', `apt-cache' ja `apt-cdrom' ovat komentorivityökaluja pakettien hallintaan. Ne toimivat myös taustaohjelmina toisille työkaluille kuten `dselect' ja `aptitude'. Nykyään `aptitude' on suositeltu työkalu järjestelmäylläpitoon. Saadaksesi lisätietoa asenna paketit `apt' ja `aptitude' ja lue ohjesivut: aptitude(8), apt-get(8), apt-cache(8), apt-cdrom(8), apt.conf(5), sources.list(5) ja apt_preferences(5). Toinen tietolähde on APT HOWTO (http://www.debian.org/doc/manuals/apt-howto/). Sen saa asennettua paketissa `apt-howto' hakemistoon `/usr/share/doc/Debian/apt-howto/'. `apt-get upgrade' ja `apt-get dist-upgrade' hakevat ainoastaan paketit, joiden riippuvuussuhde on "Depends:" ja jättävät huomioitta riippuvuussuhteet "Recommends:" ja "Suggests:". Välttääksesi tämän käytä ohjelmaa `dselect'. 2.3.3. `dselect' ---------------- Tämä ohjelma on valikkopohjainen käyttöliittymä Debianin pakettienhallintajärjestelmään. Se on erityisen hyödyllinen asennettaessa järjestelmää ensimmäistä kertaa ja tehtäessä suuria päivityksiä. Katso kappaletta Kohta 6.2.4, ``dselect''. Saadaksesi lisätietoa lue dselect Documentation for Beginners (http://www.debian.org/releases/woody/i386/dselect-beginner). 2.3.4. Ajossa olevan järjestelmän päivittäminen ----------------------------------------------- Debian-järjestelmän tiedostojärjestelmä tukee tiedostojen korvaamista toisilla vaikka ne olisivat käytössä. Kun paketti päivitetään, kaikki pakettiin liittyvät taustaprosessit käynnistetään uudelleen, jos ne on asetettu ajettavaksi nykyisellä järjestelmän ajotasolla. Debian ei vaadi siirtymistä yksikäyttäjä-tilaan päivitystä varten. 2.3.5. Ladatut ja pakettivarastossa olevat `.deb'-tiedostot ----------------------------------------------------------- Jos olet manuaalisesti ladannut pakettitiedostoja levyllesi (mikä ei ole välttämätöntä, katso ylläolevaa ohjelmien `dpkg-ftp' ja APT kuvausta), voit asennettuasi paketit poistaa lataamasi `.deb'-tiedostot järjestelmästäsi. Jos käytät ohjelmaa APT, nämä tiedostot tallennetaan hakemistoon `/var/cache/apt/archives'. Voit poistaa ne asennuksen jälkeen (komennolla `apt-get clean') tai kopioida ne toisen tietokoneen `/var/cache/apt/archives'-hakemistoon välttyäksesi lataamasta niitä uudelleen seuraavissa asennuksissa. 2.3.6. Päivitysten kirjanpito ----------------------------- `dpkg' pitää kirjaa paketeista, jotka on purettu, joille on määritetty asetukset ja jotka on poistettu tai siivottu, mutta ei (nykyään) pidä kirjaa näiden toimien lopputuloksista. Helpoin tapa kiertää tämä rajoitus on ajaa ohjelmat `dpkg', `dselect', `apt-get', jne. ohjelman script(1) sisältä. 2.4. Debianin käynnistysprosessi -------------------------------- 2.4.1. `init'-ohjelma --------------------- Kuten kaikki Unixit, Debian käynnistetään suorittamalla ohjelma `init'. `init'-ohjelman asetustiedosto (`/etc/inittab') määrää, että ensimmäisenä suoritetaan skripti `/etc/init.d/rcS'. Seuraavat tapahtumat riippuvat siitä kumpi paketeista `sysv-rc' ja `file-rc' on asennettuna. (Paketti `file-rc' sisältää oman `/etc/init.d/rcS'-skriptinsä ja käyttää tiedostoa rc-hakemistoissa olevien symbolisten linkkien sijaan kontrolloidessaan mitkä ohjelmat käynnistetään milläkin ajotasolla.) Paketin `sysv-rc' `/etc/init.d/rcS'-tiedosto ajaa kaikki hakemiston `/etc/rcS.d/' skriptit alustaakseen järjestelmän. Tällöin mm. liitetään ja tarkistetaan tiedostojärjestelmiä, ladataan moduleita, alustetaan tietoliikenneyhteydet, asetetaan kellonaika ja niin edelleen. Tämän jälkeen, yhteensopivuussyistä, se ajaa myös kaikki hakemiston `/etc/rc.boot/' skriptit, joiden nimessä ei ole pistettä. Jälkimmäinen hakemisto on varattu järjestelmän ylläpitäjän käyttöön, mutta sen käyttöä ei suositella. Lisätietoa saat Debian Policy Manualin kappaleista Kohta 9.1, `System initialization' ja System run levels and init.d scripts (http://www.debian.org/doc/debian-policy/ch-opersys#s-sysvinit). Debian ei käytä BSD-tyylistä `rc.local'-hakemistoa. 2.4.2. Järjestelmän ajotasot ---------------------------- Käynnistysprosessin jälkeen `init' käynnistää kaikki oletusajotasolla ajettavaksi määritellyt palvelut. Oletusajotaso määritetään tiedoston `/etc/inittab' rivillä `id'. Debianin oletuksissa `id=2'. Debianissa käytetään seuraavia ajotasoja: * 1 (yksikäyttäjä-tila), * 2-5 (monikäyttäjä-tilat), and * 0 (sammuttaa järjestelmän), * 6 (käynnistää järjestelmän uudelleen). Myös ajotasoja 7, 8 ja 9 voidaan käyttää, mutta niiden rc-hakemistoihin ei automaattisesti kopioida skriptejä, kun paketteja asennetaan. Ajotasoja vaihdetaan ohjelmalla `telinit'. Vaihdettaessa jollekin ajotasolle, kaikki skriptit hakemistossa `/etc/rc.d/' suoritetaan. Skriptin nimen ensimmäinen kirjain kertoo _tavan_, jolla skripti ajetaan. Kirjaimella `K' alkaville skripteille annetaan komentoriviargumentti `stop' (pysäytä) ja kirjaimella `S' alkaville skripteille argumentti `start' (käynnistä). Skriptit ajetaan aakkosjärjestyksessä. Tästä johtuen pysäytysskriptit ajetaan ennen käynnistysskriptejä ja kirjaimien `K' ja `S' perässä olevat kaksi numeroa määräävät ajojärjestyksen. Hakemistossa `/etc/rc.d' olevat skriptit ovat oikeasti vain symbolisia linkkejä hakemiston `/etc/init.d/' skripteihin. Nämä skriptit hyväksyvät myös argumentit "restart" (käynnistä uudelleen) ja "force-reload" (pakota uudelleenlataus). Näitä argumentteja voidaan käyttää järjestelmän käynnistyksen jälkeen, jos taustaohjelma tarvitsee käynnistää uudelleen tai pakottaa lukemaan asetustiedostonsa uudelleen. Esimerkiksi: # /etc/init.d/exim4 force-reload 2.4.3. Ajotasojen muokkaaminen ------------------------------ Ajotasojen muokkaaminen on vaativa järjestelmän ylläpitäjän tehtävä. Seuraavat ohjeet pätevät suurimmalle osalle palveluita. Käynnistääksesi palvelun ajotasolla , luo symbolinen linkki `/etc/rc.d/S', joka osoittaa tiedostoon `../init.d/'. Järjestysnumeron tulisi olla sama kuin palvelulle pakettia asennettaessa annettu numero. Pysäyttääksesi palvelun, nimeä symbolinen linkki siten, että sen nimi alkaa kirjaimella `K' `S':n sijaan ja sen järjestysnumero on 100 miinus . Näiden muutosten tekeminen on helpointa ajotasoeditorilla kuten `sysv-rc-conf' tai `ksysv'. On mahdollista poistaa palvelun symbolinen `S'-linkki uudelleennimeämisen sijaan. Tällöin palvelua ei pysäytetä vaan se jää `sysv-rc' init-järjestelmän mielestä "kelluvaan" tilaan. Kun ajotasoa vaihdetaan, kyseistä palvelua ei käynnistetä eikä pysäytetä vaan se jätetään siihen tilaan, jossa se oli. Huomaa kuitenkin, että riippumatta palvelun tilasta kelluvassa tilassa oleva palvelu käynnistetään, jos sen asentama paketti päivitetään. Tämä on tunnettu nykyisen Debian-järjestelmän puute. Huomaa myös, että ajotasojen 0 ja 6 `K'-linkit tulisi säilyttää. Jos poistat kaikki palveluun liittyvät symboliset linkit, niin palvelun paketin päivittäminen palauttaa linkit oletustasoille. Hakemiston `/etc/rcS.d/' symbolisia linkkejä _ei_ suositella muutettavaksi mitenkään. 2.5. Monimuotoisuuden tukeminen ------------------------------- Debian tarjoaa järjestelmän ylläpitäjälle useita tapoja toteuttaa toiveitaan rikkomatta järjestelmää. * `dpkg-divert', katso Kohta 6.5.1, ``dpkg-divert' -komento'. * `equivs', katso Kohta 6.5.2, ``equivs'-paketti'. * `update-alternative', katso Kohta 6.5.3, `Vaihtoehtoiset komennot'. * `make-kpkg' voi käyttää monia alkulataimia. Katso make-kpkg(1) and Kohta 7.1, `Kernel recompile'. Kaikki hakemistopuussa `/usr/local/' olevat tiedostot kuuluvat järjestelmän ylläpitäjälle eikä Debian koske niihin. Useimmat hakemiston `/etc/' alla olevat tiedostot ovat `asetustiedostoja', eikä Debian muokkaa niitä päivityksen yhteydessä ellei ylläpitäjä nimenomaan tätä pyydä. 2.6. Kansainvälistäminen ------------------------ Debian-järjestelmä tukee useiden eri kielien merkki- ja kirjoitusjärjestelmiä sekä komentorivillä että X:ssä. Useita dokumentteja, ohjesivuja ja järjestelmäviestejä on käännetty yhä useammalle kielelle. Asennuksen aikana Debian pyytää käyttäjää valitsemaan asennuskielen (ja joskus myös kielen variantin). Jos käyttämäsi järjestelmä ei tue kaikki kielen ominaisuuksia, joita tarvitset, tai jos haluat vaihtaa kieltä tai asentaa uuden kieltäsi tukevan näppäimistön, katso kappaletta Kohta 9.7, `Localization (l10n)'. 2.7. Debian ja ydin (kernel) ---------------------------- Katso Luku 7, `The Linux kernel under Debian'. 2.7.1. Ytimen kääntäminen ei-Debian lähdekoodista ------------------------------------------------- Debian menettelee seuraavasti otsaketietojen kanssa. Debianin C-kirjastot on käännetty käyttäen uusimman _stable_-jakelun _ytimen_ otsaketietoja. Esimerkiksi Debian-1.2 -julkaisu käytti otsaketietoja, joiden versionumero oli 5.4.13. Tämä käytäntö poikkeaa kaikista Linux FTP-sivustoilla levitetyistä lähdekoodipaketeista, jotka käyttävät vielä uudempia versioita otsaketiedoista. Ytimen lähdekoodin mukana levitetyt ytimen otsaketiedot löytyvät hakemistosta `/usr/include/linux/include/'. Jos on tarpeen kääntää ohjelma uudempien ytimen otsaketietojen kanssa kuin mitä paketti `libc6-dev' tarjoaa, on käännöskomentoon lisättävä valitsin `-I/usr/src/linux/include/'. Tämä on ollut tarpeen esimerkiksi paketoitaessa automaattista liittäjäpalvelua (automounter daemon, `amd'). Kun uusissa ytimissä muutettiin NFS:n sisäistä käsittelyä, ohjelma `amd' tarvitsisi tätä tietoa. Tämä vaati uusimpien ytimen otsikkotietojen käyttöä. 2.7.2. Työkaluja muokatun kernelin kääntämiseen ----------------------------------------------- Käyttäjien, jotka haluavat (tai joiden täytyy) kääntää itse muokattu ydin, suositellaan lataamaan paketti `kernel-package'. Paketti sisältää skriptejä ydinpaketin tekemiseen ja mahdollistaa Debianin ytimen binäärikuvan sisältävän paketin rakentamisen pelkästään ajamalla komennon # make-kpkg kernel_image ytimen lähdekoodin sisältävän hakemiston juuressa. Ohjeita saat ajamalla komennon # make-kpkg --help ja ohjesivuilta make-kpkg(1) ja Luku 7, `The Linux kernel under Debian'. Käyttäjien tarvitsee erikseen ladata viimeisimmän (tai haluamansa) ytimen lähdekoodi joltain Linux-arkistosivulta, ellei paketti kernel-source- ole saatavilla (missä on ytimen versio). Debianin `initrd' latausskripti vaatii erityisen ytimen muutostiedoston nimeltä `initrd'. Katso http://bugs.debian.org/149236. Yksityiskohtaiset ohjeet paketin `kernel-package' käytöstä löytyvät tiedostosta `/usr/share/doc/kernel-package/README.gz'. 2.7.3. Erityishuomioita modulien käytöstä ----------------------------------------- Debianin paketti `modconf' tarjoaa komentoriviskriptin, (`/usr/sbin/modconf') jonka avulla voidaan muokata modulien asetuksia. Skripti tuottaa valikkopohjaisen käyttöliittymän järjestelmän ladattavien laiteajurien valitsemiseen. Valintojen pohjalta ohjelma muokkaa tiedostoja `/etc/modules.conf' (joka listaa aliakset ja muut argumentit, joita käytetään modulien yhteydessä), `/etc/modules' (joka listaa käynnistyksen yhteydessä ladattavat modulit) ja hakemiston `/etc/modutils/' tiedostoja. (Uusien) muokattujen kernelien rakentamista helpottavien `Configure.help'-tiedostojen tapaan, paketti `modconf' asentaa ohjetiedostoja (hakemistoon `/usr/share/modconf/'), jotka sisältävät yksityiskohtaista tiedota kunkin modulin sopivista argumenteista. 2.7.4. Vanhan ydinpaketin poistaminen ------------------------------------- `kernel-image-.prerm'-skripti tarkistaa yritätkö poistaa samaa ydintä, jota juuri ajat. Niinpä voit turvallisesti poistaa tarpeettomat ydinpaketit komennolla: # dpkg --purge --force-remove-essential kernel-image- (Korvaa ytimen versio- ja muutosnumeroilla.) ------------------------------------------------------------------------------- 3. Debian System installation hints ----------------------------------- Official documentation for installing Debian is located at http://www.debian.org/releases/stable/ and http://www.debian.org/releases/stable/installmanual. The development versions are located at http://www.debian.org/releases/testing/ and http://www.debian.org/releases/testing/installmanual (work in progress, sometimes this may not exist). Although this chapter was initially written during the days of the Potato installer, most of the contents have been updated to the Woody installer and they are very similar installers. Since Sarge will use a totally new installer, please use this as a reference point for the Sarge installer. Also some key packages have changed names and priorities. For example, default MTA of Sarge is `exim4' instead of `exim', and `coreutils' has been introduced to replace several packages. You may need to adjust actions. 3.1. General Linux system installation hints -------------------------------------------- Do not forget to check http://www.debian.org/CD/netinst/ if you are looking for a compact CD image of the Debian installer. Running the `testing' or `unstable' distribution increases the risk of hitting serious bugs. This risk can be managed by deploying a multibooting scheme with a more stable Debian distribution or by using the nice trick provided by `chroot' as described in Kohta 8.6.35, ``chroot''. The latter will enable running different Debian distributions simultaneously on different consoles. 3.1.1. Hardware compatibility basics ------------------------------------ Linux is compatible with most PC hardware and can be installed to almost any system. For me it was as easy as installing Windows 95/98/Me. The hardware compatibility list just seems to keep growing. If you have a laptop PC, check Linux on Laptops (http://www.linux-laptop.net/) for installation pointers by brand and model. My recommendation for desktop PC hardware is "Just be conservative": * SCSI rather than IDE for work, IDE/ATAPI HD for private use. * IDE/ATAPI CD-ROM (or CD-RW). * PCI rather than ISA, especially for the network card (NIC). * Use a cheap NIC. Tulip for PCI, NE2000 for ISA are good. * Avoid PCMCIA (notebook) as your first Linux install. * No USB keyboard, mouse, ... unless you want a challenge. If you have a slow machine, yanking out the hard drive and plugging it into another faster machine for installation is a good idea. 3.1.2. Determining a PC's hardware and chip set ----------------------------------------------- During installation, one will be asked to identify the hardware or chip set of the PC. Sometimes that information may not seem easy to find. Here is one method: 1. Open your PC's case and look inside. 2. Record the product ID codes on the large chips on the graphics card, network card, chip near serial ports, chip near IDE ports. 3. Record card names printed on the back of the PCI and ISA cards. 3.1.3. Determining a PC's hardware via Debian --------------------------------------------- The following commands on a Linux system should give some idea of actual hardware and configuration. $ pager /proc/pci $ pager /proc/interrupts $ pager /proc/ioports $ pager /proc/bus/usb/devices These commands can be run during the install process from the console screen by pressing Alt-F2. After the initial installation, with the installation of optional packages such as `pciutils', `usbutils', and `lshw', you can obtain more extensive system information. $ lspci -v |pager $ lsusb -v |pager # lshw |pager Typical uses of interrupts: * IRQ0: timer output (8254) * IRQ1: keyboard controller * IRQ2: cascade to IRQ8--IRQ15 on PC-AT * IRQ3: secondary serial port (io-port=0x2F8) (`/dev/ttyS1') * IRQ4: primary serial port (io-port=0x3F8) (`/dev/ttyS0') * IRQ5: free [sound card (SB16: io-port=0x220, DMA-low=1, DMA-high=5)] * IRQ6: floppy disk controller (io-port=0x3F0) (`/dev/fd0', `/dev/fd1') * IRQ7: parport (io-port=0x378) (`/dev/lp0') * IRQ8: rtc * IRQ9: software interrupt (int 0x0A), redirect to IRQ2 * IRQ10: free [network interface card (NE2000: io-port=0x300)] * IRQ11: free [(SB16-SCSI: io-port=0x340, SB16-IDE: io-port=0x1E8,0x3EE)] * IRQ12: PS/2 Mouse * IRQ13: free (was 80287 math coprocessor) * IRQ14: primary IDE controller (`/dev/hda', `/dev/hdb') * IRQ15: secondary IDE controller (`/dev/hdc', `/dev/hdd') For old non-PnP ISA cards, you may want to set IRQ5, IRQ10, and IRQ11 as non-PnP from the BIOS. For USB devices, device classes are listed in `/proc/bus/usb/devices' as `Cls=': * Cls=00 : Unused * Cls=01 : Audio (speaker etc.) * Cls=02 : Communication (MODEM, NIC, ...) * Cls=03 : HID (Human Interface Device: KB, mouse, joystick) * Cls=07 : Printer * Cls=08 : Mass storage (FDD, CD/DVD drive, HDD, Flash, ...) * Cls=09 : Hub (USB hub) * Cls=255 : Vendor specific If the device class of a device is not 255, Linux supports the device. 3.1.4. Determining a PC's hardware via other OSs ------------------------------------------------ Hardware information can also be obtained from other OSs: Install another commercial Linux distribution. Hardware detection on those tends to be better than on Debian as of now. (This situation should even out once `debian-installer' is introduced with Sarge.) Install Windows. Hardware configuration can be obtained by right-clicking "My Computer" to get to Properties / Device Manager. Record all resource information such as IRQ, I/O port address, and DMA. Some old ISA cards may need to be configured under DOS and used accordingly. 3.1.5. A Lilo myth ------------------ "Lilo is limited to 1024 cylinders." Wrong! The newer `lilo' used after Debian Potato has lba32 support. If the BIOS of your motherboard is recent enough to support lba32, `lilo' should be able to load beyond the old 1024-cylinder limitation. Just make sure to add a line reading "lba32" somewhere near the beginning of your `lilo.conf' file if you have kept an old `lilo.conf'. See `/usr/share/doc/lilo/Manual.txt.gz'. 3.1.6. GRUB ----------- The new boot loader `grub' from the GNU Hurd project can be installed on a Debian Woody system: # apt-get update # apt-get install grub-doc # mc /usr/share/doc/grub-doc/html/ ... read contents # apt-get install grub # pager /usr/share/doc/grub/README.Debian.gz ... read it :) To edit the GRUB menu, edit `/boot/grub/menu.lst'. See Kohta 8.1.6, `Setting GRUB boot parameters' for how to set boot parameters during the boot process since it is slightly different from `lilo' configuration. 3.1.7. Choice of boot floppies ------------------------------ For Potato, I liked the IDEPCI disk set for normal install to a desktop. For Woody, I like the bf2.4 boot disk set. They both use a version of `boot-floppies' to create boot floppies. If you have a PCMCIA network card, you need to use the standard boot disk set (largest number of floppies but all driver modules available) and configure the NIC in the PCMCIA setup; do not try to set up an NIC card in the standard network setup dialog. For special systems, you may need to create a custom rescue disk. This can be done by replacing the kernel image named "linux" on the Debian rescue disk by overwriting it with another compressed kernel image compiled off-site for the machine. Details are documented in `readme.txt' on the rescue disk. The rescue floppy uses the MS-DOS filesystem, so you can use any system to read and edit it. This should make life easier for people with a special network card, etc. For Sarge, `debian-installer' and/or `pgi' is expected to be used for creating boot floppies. 3.1.8. Installation ------------------- Follow the official instructions found in http://www.debian.org/releases/stable/installmanual or http://www.debian.org/releases/testing/installmanual (work in progress, sometimes this may not exist). If you are installing a system using `boot-floppies' in the `testing' distribution, you may need to open a console terminal during the install process by pressing Alt-F2 and manually edit `/etc/apt/sources.list' entries, changing "stable" to "testing" to adjust APT sources. I tend to install `lilo' into places like `/dev/hda3', while installing `mbr' into `/dev/hda'. This minimizes the risk of overwriting boot information. Here is what I choose during the install process. * MD5 passwords "yes" * shadow passwords "yes" * Install "advanced" (dselect **) and select * Exclude emacs (if selected), nvi, tex, telnet, talk(d); * Include mc, vim, either one of nano-tiny or elvis-tiny. See Kohta 6.2.4, ``dselect''. Even if you are an Emacs fan, avoid it now and be content with nano during install. Also avoid installing other large packages such as TeX (Potato used to do this) at this stage. See Kohta 11.2, `Rescue editors' for the reason for installing nano-tiny or elvis-tiny here. * All configuration questions = "y" (replace current) during each package install dialog. * `exim': select 2 for machine since I send mail through my ISP's SMTP server. For more information on dselect, see Kohta 6.2.4, ``dselect''. 3.1.9. Hosts and IP to use for LAN ---------------------------------- Example of LAN configuration (C subnet: 192.168.1.0/24): Internet | +--- External ISP provides POP service (accessed by fetchmail) | Access point ISP provides DHCP service and SMTP relay service | : Cable modem (Dialup) | : LAN Gateway machine external port: eth0 (IP given by ISP's DHCP) use old notebook PC (IBM Thinkpad, 486 DX2 50MHz, 20MB RAM) run Linux 2.4 kernel with ext3 filesystem. run "ipmasq" package (with stronger patch, NAT, and firewall) run "dhcp-client" package configured for eth0 (override DNS setting) run "dhcp" package configured for eth1 run "exim" as the smarthost (mode 2) run "fetchmail" with a long interval (fallback) run "bind" as the cache nameserver for Internet from LAN as authoritative nameserver for LAN domain from LAN run "ssh" on port 22 and 8080 (connect from anywhere) run "squid" as the cache server for the Debian archive (for APT) LAN Gateway machine internal port: eth1 (IP = 192.168.1.1, fixed) | +--- LAN Switch (100base T) ---+ | | Some fixed IP clients on LAN Some DHCP clients on LAN (IP = 192.168.1.2-127, fixed) (IP = 192.168.1.128-200, dynamic) See Luku 10, `Network configuration' for the details of configuring the network. See Kohta 10.12, `Building a gateway router' for the details of configuring the LAN gateway server. 3.1.10. User accounts --------------------- In order to have a consistent feel across machines, the first few accounts are always the same in my system. I always create a first user account with a name like "admin" (uid=1000). I forward all root email there. This account is given membership in the `adm' group (see Kohta 9.2.2, `"Why GNU `su' does not support the `wheel' group"'), which can be given a good amount of root privilege through `su' using PAM or the `sudo' command. See Kohta 4.1.3, `Add a user account' for details. 3.1.11. Creating filesystems ---------------------------- 3.1.11.1. Hard disk partition ----------------------------- I prefer to use different partitions for different directory trees to limit damage upon system crash. E.g., / == (/ + /boot + /bin + /sbin) == 50MB+ /tmp == 100MB+ /var == 100MB+ /home == 100MB+ /usr == 700MB+ with X /usr/local == 100MB The size of the `/usr' directory is very dependent on X Window applications and documentation. `/usr/' can be 300MB if one runs a console terminal only, whereas 2GB--3GB is not an unusual size if one has installed many Gnome applications. When `/usr/' grows too big, moving out `/usr/share/' to a different partition is the most effective cure. With the new large prepackaged Linux 2.4 kernels, `/' may need more than 200MB. For example, the current status of my Internet gateway machine is as follows (output of the `df -h' command): Filesystem Size Used Avail Use% Mounted on /dev/hda3 300M 106M 179M 38% / /dev/hda7 100M 12M 82M 13% /home /dev/hda8 596M 53M 513M 10% /var /dev/hda6 100M 834k 94M 1% /var/lib/cvs /dev/hda9 596M 222M 343M 40% /usr /dev/hda10 596M 130M 436M 23% /var/cache/apt/archives /dev/hda11 1.5G 204M 1.2G 14% /var/spool/squid (The large area reserved for `/var/spool/squid/' is for a proxy cache for package downloading.) Following is `fdisk -l' output to provide an idea of partition structure: # fdisk -l /dev/hda # comment /dev/hda1 1 41 309928+ 6 FAT16 # DOS /dev/hda2 42 84 325080 83 Linux # (not used) /dev/hda3 * 85 126 317520 83 Linux # Main /dev/hda4 127 629 3802680 5 Extended /dev/hda5 127 143 128488+ 82 Linux swap /dev/hda6 144 157 105808+ 83 Linux /dev/hda7 158 171 105808+ 83 Linux /dev/hda8 172 253 619888+ 83 Linux /dev/hda9 254 335 619888+ 83 Linux /dev/hda10 336 417 619888+ 83 Linux /dev/hda11 418 629 1602688+ 83 Linux A few unused partitions exist. These are for installing a second Linux distribution or as expansion space for growing directory trees. 3.1.11.2. Mount filesystems --------------------------- Mounting the above filesystems properly is accomplished with the following `/etc/fstab': # /etc/fstab: static filesystem information. # # filesystem mount point type options dump pass /dev/hda3 / ext2 defaults,errors=remount-ro 0 1 /dev/hda5 none swap sw 0 0 proc /proc proc defaults 0 0 /dev/fd0 /floppy auto defaults,user,noauto 0 0 /dev/cdrom /cdrom iso9660 defaults,ro,user,noauto 0 0 # # keep partitions separate /dev/hda7 /home ext2 defaults 0 2 /dev/hda8 /var ext2 defaults 0 2 /dev/hda6 /var/lib/cvs ext2 defaults 0 2 # noatime will speed up file access for read access /dev/hda9 /usr ext2 defaults,noatime 0 2 /dev/hda10 /var/cache/apt/archives ext2 defaults 0 2 # very big partition for proxy cache /dev/hda11 /var/spool/squid ext2 rw 0 2 # backup bootable DOS /dev/hda1 /mnt/dos vfat rw,noauto 0 0 # backup bootable Linux system (not done) /dev/hda2 /mnt/linux ext2 rw,noauto 0 0 # # nfs mounts mickey:/ /mnt/mickey nfs ro,noauto,intr 0 0 goofy:/ /mnt/goofy nfs ro,noauto,intr 0 0 # minnie:/ /mnt/minnie smbfs ro,soft,intr,credentials={filename} 0 2 For NFS, I use `noauto,intr' combined with the default `hard' option. This way, it is possible to recover from a hung process due to a dead connection using Ctrl-C. For a Windows machine connected with Samba (smbfs), `rw,auto,soft,intr' may be good idea. See Kohta 3.5, `Samba configuration'. For a floppy drive, using `noauto,rw,sync,user,exec' instead prevents file corruption after accidental disk eject before unmount, but this slows the write process. 3.1.11.3. Autofs mount ---------------------- Key points to auto mount: * Load the `vfat' module to allow `/etc/auto.misc' to contain `-fstype=auto': # modprobe vfat # prior to the floppy access attempt ... or to automate this setting, # echo "vfat" >> /etc/modules ... and reboot the system. * Set `/etc/auto.misc' as follows: floppy -fstype=auto,sync,nodev,nosuid,gid=100,umask=000 :/dev/fd0 ... where gid=100 is "users". * Create `cdrom' and `floppy' links in `/home/', that point to `/var/autofs/misc/cdrom' and `/var/autofs/misc/floppy' respectively. * Add to the "users" group. 3.1.11.4. NFS mount ------------------- The external Linux NFS server (goofy) resides behind a firewall (gateway). I have a very relaxed security policy on my LAN since I am the only user. To enable NFS access, the NFS server side needs to add `/etc/exports' as follows: # /etc/exports: the access control list for filesystems which may be # exported to NFS clients. See exports(5). / (rw,no_root_squash) This is needed to activate the NFS server in addition to installing and activating the NFS server and client packages. For simplicity, I usually create a single partition of 2GB for an experimental or secondary lazy Linux install. I optionally share swap and `/tmp' partitions for these installs. A multipartition scheme is too involved for these usages. If only a simple console system is needed, 500MB may be more than sufficient. 3.1.12. DRAM memory guidelines ------------------------------ Following are rough guidelines for DRAM. 4MB: Bare minimum for Linux kernel to function. 16MB: Minimum for reasonable console system. 32MB: Minimum for simple X system. 64MB: Minimum for X system with GNOME/KDE. 128MB: Comfortable for X system with GNOME/KDE. 256MB (or more): Why not if you can afford it? DRAM is cheap. Using the boot option `mem=4m' (or lilo `append="mem=4m"') will show how the system would perform with 4MB of memory installed. A lilo boot parameter is needed for a system containing more than 64MB of memory with an old BIOS. 3.1.13. Swap space ------------------ I use the following guidelines for swap space: * Each swap partition is < 128MB (if using an old 2.0 kernel), < 2GB (with recent kernels) * Total = either (1 to 2 times installed RAM) or (128MB to 2GB) as a guideline * Spread them on different drives and mount all of them with `sw,pri=1' options in `/etc/fstab'. This ensures that the kernel does a striping RAID of the swap partitions and offers the maximum swap performance. * Use a central portion of the hard disk when possible. Even if you never need it, some swap space (128MB) is desirable so the system will slow down before it crashes hard with a program which leaks memory. 3.2. Bash configuration ----------------------- I modify shell startup scripts to my taste across the system: /etc/bash.bashrc Replace with private one /etc/profile Keep distribution copy ( \w -> \W) /etc/skel/.bashrc Replace with private copy /etc/skel/.profile Replace with private copy /etc/skel/.bash_profile Replace with private copy ~/.bashrc Replace with private copy for all accounts ~/.profile Replace with private copy for all accounts ~/.bash_profile Replace with private copy for all accounts See details in my example scripts (http://www.debian.org/doc/manuals/debian-reference/examples/). I like a transparent system, so I set `umask' to 002 or 022. `PATH' is set by the following configuration files in this order: /etc/login.defs - before the shell sets PATH /etc/profile (may call /etc/bash.bashrc) ~/.bash_profile (may call ~/.bashrc) 3.3. Mouse configuration ------------------------ 3.3.1. PS/2 mice ---------------- In the case of a PS/2-connector mouse on an ATX motherboard, the signal flow should be: mouse -> /dev/psaux -> gpm -> /dev/gpmdata = /dev/mouse -> X Here, a symlink `/dev/mouse' is created and is pointing to `/dev/gpmdata' to make some configuration utilities happy and to make reconfiguration easy. (E.g., if you decide not to use the `gpm' daemon after all, just point the symlink `/dev/mouse' to `/dev/psaux' after getting rid of the `gpm' daemon.) This signal flow allows the keyboard and mouse to be unplugged and reinitialized by restarting `gpm' upon reconnect. X will stay alive! The protocol of the signal flow between `gpm' output and X input can be implemented in either of two ways, as "ms3" (use the Microsoft 3-button serial mouse protocol) or "raw" (use the same protocol as the mouse that is connected), and this choice dictates the choice of protocol used in X configuration. I will demonstrate the configuration examples using a Logitech 3-button (traditional Unix-style mouse) PS/2 mouse as an example in the following. If you are one of the unfortunate whose graphics card is not supported by the new X4 and need to use the old X3 (some ATI 64 bit cards), configure `/etc/X11/XF86Config' instead of `/etc/X11/XF86Config-4' in the following examples while installing X3 packages. 3.3.1.1. The ms3 protocol approach ---------------------------------- /etc/gpm.conf | /etc/X11/XF86Config-4 =========================+====================================== device=/dev/psaux | Section "InputDevice" responsiveness= | Identifier "Configured Mouse" repeat_type=ms3 | Driver "mouse" type=autops2 | Option "CorePointer" append="" | Option "Device" "/dev/mouse" sample_rate= | Option "Protocol" "IntelliMouse" | EndSection If this approach is used, the mouse type adjustment is done only by editing `gpm.conf' and X configuration stays constant. See my example scripts (http://www.debian.org/doc/manuals/debian-reference/examples/). 3.3.1.2. The raw protocol approach ---------------------------------- /etc/gpm.conf | /etc/X11/XF86Config-4 =========================+====================================== device=/dev/psaux | Section "InputDevice" responsiveness= | Identifier "Configured Mouse" repeat_type=raw | Driver "mouse" type=autops2 | Option "CorePointer" append="" | Option "Device" "/dev/mouse" sample_rate= | Option "Protocol" "MouseManPlusPS/2" | EndSection If this approach is used, the mouse type adjustment is done by editing `gpm.conf' as well as adjusting X configuration. 3.3.1.3. How to adjust to different mice ---------------------------------------- The `gpm' device type `autops2' is supposed to autodetect most of the PS/2 mice in the market. Unfortunately it doesn't always work and it isn't available in pre-Woody versions. Try using `ps2', or `imps2' in `gpm.conf' instead of `autops2' for such cases. To find out the specific types of mouse `gpm' knows about, type: `gpm -t help'. See gpm(8). If a 2-button PS/2 mouse is used, set the X protocol to enable `Emulate3Buttons'. The difference of protocol between the 2-button mouse and the 3-button mouse is autodetected and auto-adjusted for `gpm' after tapping the middle button once. For X protocol with Kohta 3.3.1.2, `The raw protocol approach' or without `gpm', use: * `IntelliMouse': serial port mouse (`gpm' repeater with "ms3") * `PS/2': PS/2 port mouse (always test this first) * `IMPS/2': any PS/2 port mice (2, 3, or scroll mice, better) * `MouseManPlusPS/2': Logitech PS/2 port mouse * `...' See more at Mouse Support in XFree86 (http://www.xfree86.org/current/mouse.html). A typical Microsoft scroll mouse is reported to work best with: /etc/gpm.conf | /etc/X11/XF86Config-4 =========================+====================================== device=/dev/psaux | Section "InputDevice" responsiveness= | Identifier "Configured Mouse" repeat_type=raw | Driver "mouse" type=autops2 | Option "CorePointer" append="" | Option "Device" "/dev/mouse" sample_rate= | Option "Protocol" "IMPS/2" | Option "Buttons" "5" | Option "ZAxisMapping" "4 5" | EndSection For some recent thin Toshiba notebook PCs, activating `gpm' before PCMCIA in the System-V init script may help prevent system lockup. Weird but true. 3.3.2. USB mice --------------- Make sure you have all required kernel functions activated through kernel compile time configuration or modules: * Under "Input core support": * "Input core support" (CONFIG_INPUT, `input.o'), * "Mouse support" (CONFIG_INPUT_MOUSEDEV, `mousedev.o'), * Under "USB support": * "Support for USB" (CONFIG_USB, `usbcore.o'), * "Preliminary USB device filesystem" (CONFIG_USB_DEVICEFS), * "UHCI" or "OHCI" (CONFIG_USB_UHCI || CONFIG_USB_UHCI_ALT || CONFIG_USB_OHCI, `usb-uhci.o' || `uhci.o' || `usb-ohci.o'), * "USB Human Interface Device (full HID) support" (CONFIG_USB_HID, `hid.o'), and * "HID input layer support" (CONFIG_USB_HIDINPUT) Here, lower case names are module names. If you're not using devfs, create a device node `/dev/input/mice' with major 13 and minor 63 as follows: # cd /dev # mkdir input # mknod input/mice c 13 63 For typical scroll _USB_ mice, configuration combinations should be: /etc/gpm.conf | /etc/X11/XF86Config-4 =========================+====================================== device=/dev/input/mice | Section "InputDevice" responsiveness= | Identifier "Generic Mouse" repeat_type=raw | Driver "mouse" type=autops2 | Option "SendCoreEvents" "true" append="" | Option "Device" "/dev/input/mice" sample_rate= | Option "Protocol" "IMPS/2" | Option "Buttons" "5" | Option "ZAxisMapping" "4 5" | EndSection See the Linux USB Project (http://www.linux-usb.org/) for more information. 3.3.3. Touchpad --------------- Although the touchpad on a laptop computer emulates a 2-button PS/2 mouse as the default behavior, the `tpconfig' package enables full control of the device. For example, setting `OPTIONS="--tapmode=0"' in `/etc/default/tpconfig' will disable pesky "click by tap" behavior. Set `/etc/gpm.conf' as follows to use both touchpad and USB external mouse on the console: device=/dev/psaux responsiveness= repeat_type=ms3 type=autops2 append="-M -m /dev/input/mice -t autops2" sample_rate= 3.4. NFS configuration ---------------------- Set up NFS by setting `/etc/exports'. # apt-get install nfs-kernel-server # echo "/ *.domainname-for-lan-hosts(rw,no_root_squash,nohide)" \ >> /etc/exports See my example scripts for details (http://www.debian.org/doc/manuals/debian-reference/examples/). 3.5. Samba configuration ------------------------ References: * http://www.samba.org/ * `samba-doc' package Setting up Samba with "share" mode is much easier since this creates WfW-type share drives. But it is preferable to set it up with "user" mode. Samba can be configured through `debconf' or `vi': # dpkg-reconfigure --priority= samba # in Woody # vi /etc/samba/smb.conf See my example scripts for details (http://www.debian.org/doc/manuals/debian-reference/examples/). Adding a new user to the `smbpasswd' file can be done via `smbpasswd': $ su -c "smbpasswd -a username" Make sure to use encrypted passwords for optimum compatibility. Set `os level' according to the following system equivalences (the larger the number, the higher the priority as server): 0: Samba with a loose attitude (will never become a master browser) 1: WfW 3.1, Win95, Win98, Win/Me? 16: Win NT WS 3.51 17: Win NT WS 4.0 32: Win NT SVR 3.51 33: Win NT SVR 4.0 255: Samba with mighty power Make sure that users are members of the group owning the directory that gives shared access and that the directory path has its execution bit set to access. 3.6. Printer configuration -------------------------- The traditional method is `lpr'/`lpd'. There is a new CUPS(TM) system (Common UNIX Printing System). PDQ is another approach. See the Linux Printing HOWTO (http://www.tldp.org/HOWTO/Printing-HOWTO.html) for more information. 3.6.1. `lpr'/`lpd' ------------------ For the `lpr'/`lpd' type spoolers (`lpr', `lprng', and `gnulpr'), set up `/etc/printcap' as follows if they are connected to a PostScript or text-only printer (the basics): |:\ :sd=/var/spool/lpd/:\ :mx#0:\ :sh:\ :lp=/dev/lp0: Meaning of the above lines: * Head line: -- name of spool, = alias * mx#0 -- max file size unlimited * sh -- suppress printing of burst page header * lp=/dev/lp0 -- local printer device, or port@host for remote This is a good configuration if you are connected to a PostScript printer. Also, when printing from a Windows machine through Samba, this is a good configuration for any Windows-supported printer (no bidirectional communication is supported). You have to select the corresponding printer configuration on the Windows machine. If you do not have a PostScript printer, you need to set up a filtering system using `gs'. There are many autoconfiguration tools provided for setting up `/etc/printcap'. Any of these combinations is an option: * `gnulpr', (`lpr-ppd') and `printtool'---I use this. * `lpr' and `apsfilter' * `lpr' and `magicfilter' * `lprng' and `lprngtool' * `lprng' and `apsfilter' * `lprng' and `magicfilter' In order to run GUI configuration tools such as `printtool', see Kohta 9.4.12, `Getting root in X' to gain root privilege. Printer spools created with `printtool' use `gs' and act like PostScript printers. So when accessing them, use PostScript printer drivers. On the Windows side, "Apple LaserWriter" is the standard one. 3.6.2. CUPS(TM) --------------- The Common UNIX Printing System (or CUPS(TM)) is installed by using `aptitude' and installing all packages under "Tasks" -> "Servers" -> "Print Server". (Sarge) For the best result, you should set `aptitude' with "F10" -> "Options" -> "Dependency handling" -> "[X] Install Recommended packages automatically". KDE and Gnome Desktop Environments provide easy printer configuration. Alternatively, you can configure the system using any web browser if `swat' is installed: $ http://localhost:631 For example, to add your printer on some port to the list of accessible printers: * click "Printers" from the main page, and then "Add Printer", * enter "root" for the username and its password, * proceed to add the printer following the prompts, * go back to the "Printers" page and click "Configure Printer", and * proceed to configure the paper size, resolution, and other parameters. See more information at http://localhost:631/documentation.html and http://www.cups.org/cups-help.html. 3.7. CRON for desktop PC ------------------------ The Vixie `cron' is installed as the default for the scheduled execution of programs. It does not function well unless your system is up 24/7. For the desktop use PC, you need to install `anacron' over `cron' to address this problem. `fcron' package may be used as alternative. See Kohta 8.6.27, `Schedule activity (`cron', `at')' for the configuration of CRON jobs. 3.8. Other host installation hints ---------------------------------- 3.8.1. Install a few more packages after initial install -------------------------------------------------------- Once you have made it this far, you have a small but functioning Debian system. It is a good time to install bigger packages. * Run `tasksel'. See Kohta 6.2.2, `Tehtävien asennus'. You may choose these if you need them: * End-user -- X Window System * Development -- C and C++ * Development -- Python * Development -- Tcl/Tk * Miscellaneous -- TeX/LaTeX environment * For others, I prefer to use `tasksel' as a guide by looking into their components listed under and installing them selectively through `dselect'. * Run `dselect'. Here the first thing you may want to do is select your favorite editor and any programs you need. You can install many Emacs variants at the same time. See Kohta 6.2.4, ``dselect'' and Kohta 11.1, `Popular editors'. Also you may replace some of the default packages with full-featured ones. * ... * ... I usually edit `/etc/inittab' for easy shutdown. ... # What to do when CTRL-ALT-DEL is pressed. ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -h now ... 3.8.2. Modules -------------- Modules for the device drivers are configured during the initial installation. `modconf' provides menu-driven module configuration afterward. This program is quite useful when some modules were left out during the initial installation or a new kernel was installed after the initial installation. All preloading module names need to be listed in `/etc/modules'. I also use `lsmod' and `depmod' to control them manually. Also make sure to add a few lines in `/etc/modules' to handle IP masquerading (FTP, etc.) for 2.4 kernels. See Kohta 7.2, `The modularized 2.4 kernel', specifically Kohta 7.2.3, `Network function'. 3.8.3. CD-RW basic setup ------------------------ For IDE connected CD-RW drive with 2.4 kernel, edit the following files: /etc/lilo.conf (add append="hdc=ide-scsi ignore=hdc", run lilo to activate) /dev/cdrom (symlink # cd /dev; ln -sf scd0 cdrom) /etc/modules (add "ide-scsi" and "sg". If needed "sr" after this.) See Kohta 9.3, `CD writers' for details. 3.8.4. Large memory and auto power-off -------------------------------------- Edit `/etc/lilo.conf' as follows to set boot-prompt parameters for large memory (for 2.2 kernels) and auto power-off (for APM): append="mem=128M apm=on apm=power-off noapic" Run `lilo' to install these settings. `apm=power-off' is needed for a SMP kernel and `noapic' is needed to avoid problems for my buggy SMP hardware. The same can be done directly by entering options at the boot prompt. See Kohta 8.1.5, `Other boot tricks with the boot prompt'. If APM is compiled as a module, as in Debian default 2.4 kernels, run `insmod apm power_off=1' after boot or set `/etc/modules' by: # echo "apm power_off=1" >>/etc/modules Alternatively, compiling ACPI support achieves the same goal with newer kernels and seems to be more SMP-friendly (this requires a newer motherboard). The 2.4 kernel on newer motherboards should detect large memory correctly. CONFIG_PM=y CONFIG_ACPI=y ... CONFIG_ACPI_BUSMGR=m CONFIG_ACPI_SYS=m and add the following lines in `/etc/modules' in this order: ospm_busmgr ospm_system Or recompile the kernel with all of the kernel options above set to "y". In any case, none of the boot-prompt parameters are needed with ACPI. 3.8.5. Strange access problems with some websites ------------------------------------------------- Recent Linux kernels enable ECN by default, which may cause access problems with some websites on bad routers. To check ECN status: # cat /proc/sys/net/ipv4/tcp_ecn ... or # sysctl net.ipv4.tcp_ecn To turn it off, use: # echo "0" > /proc/sys/net/ipv4/tcp_ecn ... or # sysctl -w net.ipv4.tcp_ecn=0 To disable TCP ECN on every boot, edit `/etc/sysctl.conf' and add: net.ipv4.tcp_ecn = 0 3.8.6. Dialup PPP configuration ------------------------------- Install the `pppconfig' package to set up dialup PPP access. # apt-get install pppconfig # pppconfig ... follow the directions to configure dialup PPP # adduser dip ... allow to access dialup PPP Dialup PPP access can be initiated by the user (): $ pon # start PPP access to your ISP ... enjoy the Internet $ poff # stop PPP access, optional See Kohta 10.2.4, `Configuring a PPP interface' for more details. 3.8.7. Other configuration files to tweak in `/etc/' ---------------------------------------------------- You may want to add an `/etc/cron.deny' file, missing from the standard Debian install (you can copy `/etc/at.deny'). ------------------------------------------------------------------------------- 4. Debian tutorials ------------------- This section provides a basic orientation to the Debian world for the real newbie. If you have been using any Unix-like system for a while, you probably know everything I explained here. Please use this as a reality check. 4.1. Getting started -------------------- After the installation of the Debian system on your PC, you need to learn few things to make it useful. Let us give you an express training. 4.1.1. Login to a shell prompt as root -------------------------------------- Upon rebooting the system, you will be presented either the graphical login screen or the character based login screen depending on your initial selection of packages. For the sake of simplicity, if you are presented with the graphical login screen, press Ctrl-Alt-F1 [1] to gain the character based login screen. Suppose your hostname is `', the login prompt looks like: login: Type `root' , press the Enter-key and type the password which you selected during the install process. In the Debian system, following the Unix tradition, the password is case sensitive. Then the system starts with the greeting message and presents you with the root command prompt waiting for your input. [2] login: root Password: Last login: Sun Oct 26 19:04:09 2003 on tty3 Linux 2.4.22-1-686 #6 Sat Oct 4 14:09:08 EST 2003 i686 GNU/Linux Most of the programs included with the Debian GNU/Linux system are freely redistributable; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@:root# You are ready to perform the system administration from this root command prompt. This root account is also called superuser or privileged user. From this account, you can do anything: * read, write, and remove any files on the system irrespective of their file permissions * set file ownership and permission of any files on the system * set the password of any non-privileged users on the system * login to any accounts without their passwords It is extremely bad idea to share the access to the root account by sharing the password. Use of program such as sudo(8) is the good way to share the administrative privileges. Please note that it is considered a good Unix habit to login to the non-privileged user account first even when you plan to perform administrative activities. Use commands `sudo', `super', or `su -c' to gain the limited root privileged when needed. See Kohta 9.2.4, `Working more safely -- `sudo''. [3] [1] The left-Ctrl-key, the left-Alt-key, and the F1-key are pressed together. [2] Note that if you edited the greeting message in `/etc/motd', this will be different. [3] I have to admit I used to use the superuser account more often than needed just because it was easy and I was sloppy. 4.1.2. Set up minimal newbie environment ---------------------------------------- I think learning a computer system is like learning a new foreign language. Although tutorial books are helpful, you have to practice it with helper tools. In this context, I think it is a good idea to install few additional packages such as `mc', `vim', `lynx', `doc-linux-text', and `debian-policy'. [1] # apt-get update ... # apt-get install mc vim lynx doc-linux-text debian-policy ... If you already had these packages installed, nothing will be installed. [1] It may also be a good idea to install `gpm', `emacs21', and `doc-linux-html'. See Kohta 3.3, `Mouse configuration' and Luku 11, `Editors'. 4.1.3. Add a user account ------------------------- During the installation, you usually created a non-privileged user account who receives e-mails sent to the root account. [1] Since you do not want to use this special user account for the following training activities either, you should create another new user account. Suppose you wish this new username to be `', type: root@:root# adduser ... answer all the questions will create it. [2] Before going further, let's learn few things first. [1] I tend to name this account created during installation as `admin' but this can be any arbitrary name. [2] You may want to add this user `' to the `adm' group to enable read access to the many logfiles in `/var/log/'. See passwd(5), group(5), shadow(5), group(5), vipw(8), and vigr(8). For the official meanings of users and groups, see a recent version of the Users and Groups (/usr/share/doc/base-passwd/users-and-groups.html) document. 4.1.4. Switch between virtual console ------------------------------------- In the default Debian system, there are six independent pseudo-terminals available, i.e., you can use the PC's VGA character console screen as 6 switchable VT-100 terminals. Switch from one to another by pressing the Left-Alt-key and one of the F1--F6 keys simultaneously. Each pseudo-terminal allows independent login to accounts. The multiuser environment is a great Unix feature, and very addictive. If you accidentally typed Alt-F7 on a system running the X Window System and the console screen displays graphic screen, regain the access to the character console by pressing Ctrl-Alt-F1. Just try to move to different console and come back to the original one to get used to this. 4.1.5. How to shut down ----------------------- Just like any other modern OSs where the file operation involves caching data in the memory, the Debian system needs the proper shutdown procedure before power can safely be turned off to maintain the integrity of files. Use the following command from the root command prompt to shutdown the system: # shutdown -h now This is for the normal multiuser mode. If you are in the single-user mode, use following from the root command prompt: # poweroff -i -f Alternatively, you may type Ctrl-Alt-Delete to shutdown. [1] Wait until the system displays "System halted" then shut off power. If the APM or ACPI function has been turned on by the BIOS and Linux properly, the system will power down by itself. See Kohta 3.8.4, `Large memory and auto power-off' for the detail. [1] The left-Ctrl-key, the left-Alt-Key, and the Delete are pressed together from the console. In the default system, this will cause system reboot. You need to modify `/etc/inittab' to have `shutdown' command with `-h' option as described in Kohta 3.8.1, `Install a few more packages after initial install'. 4.1.6. Play time ---------------- Now you are ready to play with the Debian system without risks as long as you use this non-privileged user account `'. [1] Let's login to the `'. If you are at root shell prompt, type Ctrl-D [2] at the root command prompt to close the root shell activity and return to the login prompt. Enter your newly created username `' and the corresponding password. [3] You will be presented with the following command prompt. @:$ From here on, the example given will use simplified command prompt for the sake of simplicity. I will use: * `#' : root shell prompt * `$' : non-privileged user shell prompt We will start learning the Debian system first with the easy way Kohta 4.2, `Midnight Commander (MC)' and later with the proper way Kohta 4.3, `Unix-like work environment'. [1] This is because the Debian system is, even just after the default installation, configured with the proper file permissions which prevent non-privileged user to damage the system. Of course, there may still exist some holes which can be exploited but those who worry about this issue should not be reading this section but should be reading Securing Debian Manual (http://www.debian.org/doc/manuals/securing-debian-howto/). [2] The left-Ctrl-key and the d-key are pressed together. No need to press the Shift-key even though these control characters are referred as "control D" with the upper case. [3] If you enter `root' instead of `' here and the corresponding password, you will gain the access to the `root' account. This procedure will be needed to regain the access to the `root' account. 4.2. Midnight Commander (MC) ---------------------------- Midnight Commander (MC) is a GNU "Swiss army knife" for the Linux console and other terminal environments. This gives newbie a menu driven console experience which is much easier to learn than standard Unix commands. Use this command to explore the Debian system. This is the best way to learn. Please explore few key locations just using the cursor keys and Enter key: * `/etc' and its subdirectories. * `/var/log' and its subdirectories. * `/usr/share/doc' and its subdirectories. * `/sbin' and `/bin' 4.2.1. Enhance MC ----------------- In order to make MC to change working directory upon exit, you need to modify `~/.bashrc' (or `/etc/bash.bashrc', called from `.bashrc'), as detailed in its manual page, mc(1), under the `-P' option. [1] [1] If you do not understand what exactly I am talking here, you can do this later. 4.2.2. Start MC --------------- $ mc MC takes care of all file operations through its menu, requiring minimal user effort. Just press F1 to get the help screen. You can play with MC just by pressing cursor-keys and function-keys. [1] [1] If one is in a terminal, such as `kon' and `kterm' for Japanese, that has issues with certain graphics characters, adding `-a' to MC's command line may help prevent problems. 4.2.3. File manager in MC ------------------------- The default is two directory panels containing file lists. Another useful mode is to set the right window to "information" to see file access privilege information, etc. Following are some essential keystrokes. With the `gpm' daemon running, one can use a mouse, too. (Make sure to press the shift-key to obtain the normal behavior of cut and paste in MC.) * F1: Help menu * F3: Internal file viewer * F4: Internal editor * F9: Activate pulldown menu * F10: Exit Midnight Commander * Tab: Move between two windows * Insert: Mark file for a multiple-file operation such as copy * Del: Delete file (be careful---set MC to safe delete mode) * Cursor keys: Self-explanatory 4.2.4. Command-line tricks in MC -------------------------------- * Any `cd' command will change the directory shown on the selected screen. * Ctrl-Enter or Alt-Enter will copy a filename to the command line. Use this with the `cp' or `mv' command together with command-line editing. * Alt-Tab will show shell filename expansion choices. * One can specify the starting directory for both windows as arguments to MC; for example, `mc /etc /root'. * Esc + == F (i.e., Esc + `1' = F1, etc.; Esc + `0' = F10) * Esc-key == Alt-key (= Meta, M-); i.e., type Esc + `c' for Alt-C. 4.2.5. Editor in MC ------------------- The internal editor has an interesting cut-and-paste scheme. Pressing F3 marks the start of a selection, a second F3 marks the end of selection and highlights the selection. Then you can move your cursor. If you press F6, the selected area will be moved to the cursor location. If you press F5, the selected area will be copied and inserted at the cursor location. F2 will save the file. F10 will get you out. Most cursor keys work intuitively. This editor can be directly started on a file: $ mc -e filename_to_edit $ mcedit filename_to_edit This is not a multi-window editor, but one can use multiple Linux consoles to achieve the same effect. To copy between windows, use Alt-F keys to switch virtual consoles and use "File->Insert file" or "File->Copy to file" to move a portion of a file to another file. This internal editor can be replaced with any external editor of choice. Also, many programs use environment variables `EDITOR' or `VISUAL' to decide which editor to use. If you are uncomfortable with `vim', set these to `mcedit' by adding these lines to `~/.bashrc': ... export EDITOR=mcedit export VISUAL=mcedit ... I do recommend setting these to `vim' if possible. Getting used to `vim' commands is the right thing to do, since Vi-editor is always there in the Linux/Unix world. [1] [1] Actually, `vi' or `nvi' are the programs you find everywhere. I chose `vim' instead for newbie since it offers you help through F1 key while it is similar enough and more powerful. If you are uncomfortable with `vim', you can keep using `mcedit' for most system maintenance tasks. Since `mcedit' is 8-bit clean and dumb (it does not care about text encodings), it sometimes has advantages when editing unknown encoding files. `mcedit' cannot display UTF-8 files correctly. 4.2.6. Viewer in MC ------------------- Very smart viewer. This is a great tool for searching words in documents. I always use this for files in the `/usr/share/doc' directory. This is the fastest way to browse through masses of Linux information. This viewer can be directly started like so: $ mc -v filename_to_view 4.2.7. Auto-start features of MC -------------------------------- Press Enter on a file, and the appropriate program will handle the content of the file. This is a very convenient MC feature. executable file: Execute command man, html file: Pipe content to viewer software tar.gz, deb file: Browse its contents as if subdirectory In order to allow these viewer and virtual file features to function, viewable files should not be set as executable. Change their status using the `chmod' command or via the MC file menu. 4.2.8. FTP virtual filesystem of MC ----------------------------------- MC can be used to access files over the Internet using FTP. Go to the menu by pressing F9, then type `p' to activate the FTP virtual filesystem. Enter a URL in the form `username:passwd@hostname.domainname', which will retrieve a remote directory that appears like a local one. Try `http.us.debian.org/debian' as URL and browse Debian file archive. See Kohta 2.1, `Debian-arkistot' for how these are organized. 4.3. Unix-like work environment ------------------------------- Although MC enables you to do almost everything, it is very important for you to learn how to use the command line tools invoked from the shell prompt and become familiar with the Unix-like work environment. [1] [1] In this tutorial chapter, the shell means `bash'. For more insight into the different shells, see Kohta 13.2, `Shell'. 4.3.1. Special key strokes -------------------------- In the Unix-like environment, there are few key strokes which have special meanings. [1] * Ctrl-U: Erase line before cursor. * Ctrl-H: Erase a character before cursor. * Ctrl-D: Terminate input. (exit shell if you are using shell) * Ctrl-C: Terminate a running program. * Ctrl-Z: Temporarily stop program. (put it to the background job, see Kohta 4.3.10.1, ``command &'') * Ctrl-S: Halt output to screen. [2] * Ctrl-Q: Reactivate output to screen. The default shell, `bash', has history-editing and tab-completion capabilities to aide the interactive use. * up-arrow: Start command history search. * Ctrl-R: Start incremental command history search. * TAB: Complete input of the filename to the command line. * Ctrl-V TAB: Input TAB without expansion to the command line. Other important keystrokes to remember: * Ctrl-Alt-Del: Reboot/halt the system, see Kohta 3.8.1, `Install a few more packages after initial install'. * Left-click-and-drag mouse: Select and copy to the clipboard. * Click middle mouse button: Paste clipboard at the cursor. * Meta-key (Emacs terminology) is assigned traditionally to Left-Alt-key. Some system may be configured to use Windows-key for Meta-key. Here, in order to use a mouse in the Linux character console, you need to have `gpm' running as daemon. [3] See Kohta 3.3, `Mouse configuration'. [1] On a normal Linux character console, only the left-hand Ctrl and Alt keys work as expected. [2] You can disable this terminal feature using stty(1). [3] In the X Window environment, the mouse functions in the same way with the Xterm program. 4.3.2. Basic Unix commands -------------------------- Let's learn the basic Unix commands. [1] Try all the following commands from the non-privileged user account `' : * `pwd' * Display name of current/working directory. * `whoami' * Display current user name. * `file ' * Display a type of file for the file . * `type -p ' * Display a file location of command `'. * `which ' does the same. [2] * `type ' * Display information on command `'. * `apropos ' * Find commands related to `'. * `man -k ' does the same. * `whatis ' * Display one line explanation on command `'. * `man -a ' * Display explanation on command `'. (Unix style) * `info ' * Display rather long explanation on command `'. (GNU style) * `ls' * List contents of directory. (non-dot files and directories) [3] * `ls -a' * List contents of directory. (all files and directories) * `ls -A' * List contents of directory. (almost all files and directories, i.e., skip "`..'" and "`.'") * `ls -la' * List all contents of directory with detail information. See Kohta 4.5.2, `The filesystem concept in Debian'. * `ls -d' * List all directories under the current directory. * `lsof ' * List open status of file `'. * `mkdir ' * Make a new directory `' in the current directory. * `rmdir ' * Remove a directory `' in the current directory. * `cd ' * Change directory to the directory `' in the current directory or in the directory listed in the variable `CDPATH'. See `cd' command in builtins(7). * `cd /' * Change directory to the root directory. * `cd' * Change directory to the current user's home directory. * `cd /' * Change directory to the absolute path directory `/'. * `cd ..' * Change directory to the parent directory. * `cd ~' * Change directory to the home directory of the user `'. * `cd -' * Change directory to the previous directory. * `''. [4] * `touch ' * Create a empty file `'. * `cp ' * Copy a existing file `' to a new file `'. * `rm ' * Remove a file `'. * `mv ' * Rename an existing file `' to a new name `'. * `mv ' * Move an existing file `' to a new location with a new name `'. The directory `' must exist. * `chmod 600 ' * Make an existing file `' to be non-readable and non-writable by the other people. (non-executable for all) * `chmod 644 ' * Make an existing file `' to be readable but non-writable by the other people. (non-executable for all) * `chmod 755 ' * Make an existing file `' to be readable but non-writable by the other people. (executable for all) * `top' * Display process information using full screen. Type "q" to quit. * `ps aux | pager' * Display information on all the running processes using BSD style output. See Kohta 4.3.10.2, ``command1 | command2''. * `ps -ef | pager' * Display information on all the running processes using Unix system-V style output. * `ps aux | grep -e "[e]xim4*"' * Display all processes running `exim' or `exim4'. Learn the regular expression from grep(1) manual page by typing `man grep'. [5] * `ps axf | pager' * Display information on all the running processes with ASCII art output. * `kill <1234>' * Kill a process identified by the process ID: <1234>. See Kohta 8.5.1, `Kill a process'. * `grep -e "" *.html' * Find a "" in all of the files ending with `.html' in current directory and display them all. * `gzip ' * Compress `' to create `.gz' using the Lempel-Ziv coding (LZ77). * `gunzip .gz' * Decompress `.gz' to create `'. * `bzip2 ' * Compress `' to create `.bz2' using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding. (Better compression than `gzip') * `bunzip2 .bz2' * Decompress `.bz2' to create `'. * `tar -xvvf ' * Extract files from `.tar' archive. * `tar -xvvzf .tar.gz' * Extract files from gzipped `.tar.gz' archive. * `tar -xvvf --bzip2 ' * Extract files from `.tar.bz2' archive. [6] * `tar -cvvf .tar /' * Archive contents of folder `/' in `.tar' archive. * `tar -cvvzf .tar.gz /' * Archive contents of folder `/' in compressed `.tar.gz' archive. * `tar -cvvf --bzip2 .tar.bz2 /' * Archive contents of folder `/' in `.tar.bz2' archive. [7] * `zcat README.gz | pager' * Display contents of compressed `README.gz' using the default pager. * `zcat README.gz > foo' * Create a file `foo' with the decompressed content of `README.gz'. * `zcat README.gz >> foo' * Append the decompressed content of `README.gz' to the end of the file `foo'. (If it does not exist, create it first.) * `find . -name ' * find matching filenames using shell `'. (slower) * `locate -d . ' * find matching filenames using shell `'. (quicker using regularly generated database) Please traverse directories and peek into the system using above commands as a training. If you have questions on any of the console commands, please make sure to read the manual page. For example, these commands are the good start: $ man man $ man bash $ man ls Also this is a good timing to start `vim' and press F1-key. You should at least read the first 35 lines. Then do the online training course by moving cursor to `|tutor|' and pressing Ctrl-]. See Luku 11, `Editors' to learn more about editors. Please note that many Unix-like commands including ones from GNU and BSD will display brief help information if you invoke them in one of the following ways (or without any arguments in some cases): $ --help $ -h Try also examples in Luku 8, `Debian tips' as your self training. [1] Here I use "Unix" in its generic sense. Any Unix clone OSs usually offer the equivalent commands. The Debian system is no exception. Do not worry if some commands do not work as you wish now. These examples are not meant to be executed in this order. [2] If `alias' is used in the shell, their outputs are different. [3] Unix has a tradition to hide filenames which start with "`.'". They are traditionally files that contain configuration information and user preferences. [4] Default pager of the bare bone Debian system is `more' which cannot scroll back. By installing `less' package using command line `apt-get install less', `less' becomes default pager and you can scroll back with cursor keys. [5] The `[' and `]' in the regular expression enable `grep' to avoid matching itself. The `4*' in the regular expression means 0 or more repeats of character 4 thus enables `grep' to match both `exim' and `exim4'. Although `*' is used in shell filename wild card and regular expression, their meanings are different. [6] `--bzip2' is used here instead of new short option `-j' to ensure this to work with old version of `tar' in Potato. [7] `--bzip2' is used here again to ensure compatibility. 4.3.3. The command execution ---------------------------- Now you have some feel on how to use the Debian system. Let's look deep into the mechanism of the command execution in the Debian system. [1] [1] Here, I have simplified reality for the newbie. See bash(1) for the exact explanation. 4.3.4. Simple command --------------------- A simple command is a sequence of 1. variable assignments (optional) 2. command name 3. arguments (optional) 4. redirections (optional: `>' , `>>' , `<' , `<<' , etc.) 5. control operator (optional: `&&' , `||' ; , `;' , `&' , `(' , `)' ) For more complex commands with quotations and substitutions, see Kohta 13.2.6, `Command-line processing'. 4.3.5. Command execution and environment variable ------------------------------------------------- Typical command execution uses a shell line sequence like the following: [1] $ date Sun Oct 26 08:17:20 CET 2003 $ LC_ALL=fr_FR date dim oct 26 08:17:39 CET 2003 Here, the program `date' is executed in the foreground job. The environment variable `LC_ALL' is: * unset (system default, same as `C') for the first command * set to `fr_FR' (French locale) for the second command Most command executions usually do not have preceding environment variable definition. For the above example, you can alternatively execute: $ LC_ALL=fr_FR $ date dim oct 26 08:17:39 CET 2003 As you can see here, the output of command is affected by the environment variable to produce French output. If you want the environment variable to be inherited to the subprocesses (e.g., when calling shell script), you need to "export" it instead by using: $ export LC_ALL [1] To obtain the following output, you need to install French locale, see Kohta 9.7.2, `Locales'. This is not essential for the tutorial. This is done only to indicate its potential effects. 4.3.6. Command search path -------------------------- When you type a command into the shell, the shell searches the command in the list of directories contained in the `PATH' environment variable. The value of the `PATH' environment variable is also called the shell's search path. In the default Debian installation, the `PATH' environment variable of user accounts may not include `/sbin/'. So if you want to run any commands such as `ifconfig' from `/sbin/', you must change the `PATH' environment variable to include it. The `PATH' environment variable is usually set by the initialization file `~/.bash_profile', see Kohta 3.2, `Bash configuration'. 4.3.7. Command line options --------------------------- Some commands take arguments. The arguments starting with `-' or `--' are called options and control the behavior of the command. $ date Mon Oct 27 23:02:09 CET 2003 $ date -R Mon, 27 Oct 2003 23:02:40 +0100 Here the command-line argument `-R' changes the `date' command behavior to output RFC-2822 compliant date string. 4.3.8. Shell wildcards ---------------------- Often you want a command to work with a group of files without typing all of them. The filename expansion pattern using the shell _wildcards_ facilitate this needs. * `*' * This matches any group of 0 or more characters. * This does not match a filename started with "`.'". * `?' * This matches exactly one character. * `[...]' * This matches exactly one character with any character enclosed in brackets * `[a-z]' * This matches exactly one character with any character between `a' and `z'. * `[^...]' * This matches exactly one character other than any character enclosed in brackets (excluding "^"). For example, try the following and think yourself: $ mkdir junk; cd junk; touch 1.txt 2.txt 3.c 4.h .5.txt $ echo *.txt 1.txt 2.txt $ echo * 1.txt 2.txt 3.c 4.h $ echo *.[hc] 3.c 4.h $ echo .* . .. .5.txt $ echo .[^.]* .5.txt $ echo [^1-3]* 4.h $ cd ..; rm -rf junk 4.3.9. Return value of the command ---------------------------------- Each command returns its exit status as the return value. * return value = 0 if the command executes successfully. * return value = non-zero if the command exits with error. This return value can be accessed by the `$?' shell variable immediately after the execution. $ [ 1 = 1 ] ; echo $? 0 $ [ 1 = 2 ] ; echo $? 1 Please note that, when the return value is used in the logical context for the shell, _success_ is treated as the logical _TRUE_. This is somewhat non-intuitive since _success_ bears value _zero_. See Kohta 13.2.5, `Shell conditionals'. 4.3.10. Typical command sequences --------------------------------- Let's try to remember following shell command idioms. See Kohta 13.2.3, `Shell parameters', Kohta 13.2.4, `Shell redirection', Kohta 13.2.5, `Shell conditionals', and Kohta 13.2.6, `Command-line processing' after reading these idioms. 4.3.10.1. `command &' --------------------- The `command' is executed in the subshell in the _background_. Background jobs allow users to run multiple programs in a single shell. The management of the background process involves the shell built-ins: `jobs', `fg', `bg', and `kill'. Please read the sections of the bash(1) manual page under "SIGNALS", "JOB CONTROL", and "SHELL BUILTIN COMMANDS". [1] [1] The Debian system is a multi-tasking system. 4.3.10.2. `command1 | command2' ------------------------------- The standard output of `command1' is fed to the standard input of `command2' . Both commands may be running _concurrently_. This is called _pipeline_. 4.3.10.3. `command1 ; command2' ------------------------------- The `command1' and `command2' are executed _sequentially_. 4.3.10.4. `command1 && command2' -------------------------------- The `command1' is executed. If successful, `command2' is also executed _sequentially_. Return success if both `command1' _and_ `command2' are successful. 4.3.10.5. `command1 || command2' -------------------------------- The `command1' is executed. If not successful, `command2' is also executed _sequentially_. Return success if `command1' _or_ `command2' are successful. 4.3.10.6. `command > ' --------------------------- Redirect standard output of `command' to a file `'. (overwrite) 4.3.10.7. `command >> ' ---------------------------- Redirect standard output of `command' to a file `'. (append) 4.3.10.8. `command > 2>&1' -------------------------------- Redirect both standard output and standard error of `command' to a file `'. 4.3.10.9. `command < ' --------------------------- Redirect standard input of `command' to a file `'. Try: $ ' * This matches the end of a word. * `[abc...]' * This character list matches any of the characters "`abc...'". * `[^abc...]' * This negated character list matches any of the characters except "`abc...'". * `r*' * This matches zero or more regular expressions identified by "`r'". * `r+' * This matches one or more regular expressions identified by "`r'". * `r?' * This matches zero or one regular expressions identified by "`r'". * `r1|r2' * This matches one of the regular expressions identified by "`r1'" or "`r2'". * `(r1|r2)' * This matches one of the regular expressions identified by "`r1'" or "`r2'" and treats it as a _bracketed_ regular expression. In BREs the _metacharacters_ "`+ ? ( ) { } |'" lose their special meaning; instead use the backslashed versions "`\+ \? \( \) \{ \} \|'". Thus the grouping construct `(r1|r2)' needs to be quoted as `\(r1|r2\)' in BREs. Since `emacs', although being basically BRE, treats "`+ ?'" as the _metacharacters_. Thus there are no needs to quote them. See Kohta 4.4.2, `Replacement expressions' for how the grouping construct is used. For example, `grep' can be used to perform the text search using the regular expression: $ egrep 'GNU.*LICENSE|Yoyodyne' /usr/share/common-licenses/GPL GNU GENERAL PUBLIC LICENSE GNU GENERAL PUBLIC LICENSE Yoyodyne, Inc., hereby disclaims all copyright interest in the program 4.4.2. Replacement expressions ------------------------------ For the replacement expression, following characters have special meanings: * `&' * This represents what the regular expression matched. (use `\&' in `emacs') * `\' * This represents what the -th _bracketed_ regular expression matched. For Perl replacement string, `$' is used instead of `\' and `&' has no special meaning. For example: $ echo zzz1abc2efg3hij4 | \ sed -e 's/\(1[a-z]*\)[0-9]*\(.*\)$/=&=/' zzz=1abc2efg3hij4= $ echo zzz1abc2efg3hij4 | \ sed -e 's/\(1[a-z]*\)[0-9]*\(.*\)$/\2===\1/' zzzefg3hij4===1abc $ echo zzz1abc2efg3hij4 | \ perl -pe 's/(1[a-z]*)[0-9]*(.*)$/$2===$1/' zzzefg3hij4===1abc $ echo zzz1abc2efg3hij4 | \ perl -pe 's/(1[a-z]*)[0-9]*(.*)$/=&=/' zzz=&= Here please pay extra attention to the style of the _bracketed_ regular expression and how the matched strings are used in the text replacement process on different tools. These regular expressions can be used for the cursor movements and the text replacement actions in the editors too. Please read all the related manual pages to learn these commands. 4.5. Unix-like filesystem ------------------------- In the GNU/Linux and other Unix-like OS systems, the _files_ are organized into _directories_. [1] All _files_ and _directories_ are arranged in one big tree, the file hierarchy, rooted at `/'. These files and directories can be spread out over several devices. The mount(8) command serves to attach the file system found on some device to the big file tree. Conversely, the umount(8) command will detach it again. [1] _Directories_ are called _folders_ on some other systems. 4.5.1. Unix file basics ----------------------- Here are the basics: * Filenames are case sensitive. That is, `MYFILE' and `MyFile' are _different_ files. * The root directory is referred to as simply `/'. Don't confuse this "root" with the root user. See Kohta 4.1.1, `Login to a shell prompt as root'. * Every directory has a name which can contain any letters or symbols _except_ `/'. [1] The root directory is an exception; its name is `/' (pronounced "slash" or "the root directory") and it cannot be renamed. * Each file or directory is designated by a _fully-qualified filename_, _absolute filename_, or _path_, giving the sequence of directories which must be passed through to reach it. The three terms are synonymous. All absolute filenames begin with the `/' directory, and there's a `/' between each directory or file in the filename. The first `/' is the name of a directory, but the others are simply separators to distinguish the parts of the filename. The words used here can be confusing. Take the following example: /usr/share/keytables/us.map.gz This is a fully-qualified filename; some people call it a _path_. However, people will also refer to `us.map.gz' alone as a filename. [2] * The root directory has a number of branches, such as `/etc/' and `/usr/'. These subdirectories in turn branch into still more subdirectories, such as `/etc/init.d/' and `/usr/local/'. The whole thing together is called the _directory tree_. You can think of an absolute filename as a route from the base of the tree (`/') to the end of some branch (a file). You'll also hear people talk about the directory tree as if it were a _family_ tree: thus subdirectories have _parents_, and a path shows the complete ancestry of a file. There are also relative paths that begin somewhere other than the root directory. You should remember that the directory `../' refers to the parent directory. * There's no directory that corresponds to a physical device, such as your hard disk. This differs from CP/M, DOS, and Windows, where all paths begin with a device name such as `C:\'. See Kohta 4.5.2, `The filesystem concept in Debian'. The detailed best practices for the file hierarchy are described in the Filesystem Hierarchy Standard (/usr/share/doc/debian-policy/fhs/fhs.txt.gz). You should remember the following facts as the starter: * `/' * A simple `/' represents the root directory. * `/etc/' * This is the place for the system wide configuration files. * `/var/log/' * This is the place for the system log files. * `/home/' * This is the directory which contains all the home directories for all non-privileged users. [1] While you _can_ use almost any letters or symbols in a file name, in practice it's a bad idea. It is better to avoid any characters that often have special meanings on the command line, including spaces, tabs, newlines, and other special characters: `{ } ( ) [ ] ' ` " \ / > < | ; ! # & ^ * % @ $' . If you want to separate words in a name, good choices are the period, hyphen, and underscore. You could also capitalize each word, `LikeThis'. [2] There is also another use for the word _path_. See Kohta 4.3.6, `Command search path'. The intended meaning is usually clear from the context. 4.5.2. The filesystem concept in Debian --------------------------------------- Following the Unix tradition, the Debian system provides the filesystem under which physical data on harddisks and other storage devices, and the interaction with the hardware devices such as console screens and remote serial consoles are represented in an unified manner. Each file, directory, named pipe, or physical device on a Debian system has a data structure called an _inode_ which describes its associated attributes such as the user who owns it (owner), the group that it belongs to, the time last accessed, etc. See /usr/include/linux/fs.h for the exact definition of `struct inode' in the Debian GNU/Linux system. This unified representation of physical entities is very powerful since this allows us to use the same command for the same kind of operation on many totally different devices. All your files could be on one disk --- or you could have 20 disks, some of them connected to a different computer elsewhere on the network. You can't tell just by looking at the directory tree, and nearly all commands work just the same way no matter what physical device(s) your files are really on. 4.5.3. File and directory access permissions -------------------------------------------- File and directory access permissions are defined separately for the following three categories of affected users: * the _user_ who owns the file (u), * other users in the _group_ which the file belongs to (g), and * all _other_ users (o). For a file, each corresponding permission allows: * _read_ (r): to examine contents of the file, * _write_ (w): to modify the file, and * _execute_ (x): to run the file as a command. For a directory, each corresponding permission allows: * _read_ (r): to list contents of the directory, * _write_ (w): to add or remove files in the directory, and * _execute_ (x): to access files in the directory. Here, _execute_ permission on the directory means not only to allow reading of files in its directory but also to allow viewing their attributes, such as the size and the modification time. To display permission information (and more) for files and directories, `ls' is used. See ls(1). When `ls' invoked with the `-l' option, it displays the following information in the order given: * the _type of file_ (first character) * `-': normal file * `d': directory * `l': symlink * `c': character device node * `b': block device node * `p': named pipe * `s': socket * the file's access _permissions_ (the next nine characters, consisting of three characters each for user, group, and other in this order) * the _number of hard links_ to the file * the name of the _user_ who owns the file * the name of the _group_ which the file belongs to * the _size_ of the file in characters (bytes) * the _date and time_ of the file (mtime) * the _name_ of the file. To change the owner of the file, `chown' is used from the root account. To change the group of the file, `chgrp' is used from the file's owner or root account. To change file and directory access permissions, `chmod' is used from the file's owner or root account. Basic syntax to manipulate `foo' file is: # chown foo # chgrp foo # chmod [ugoa][+-=][rwx][,...] foo See chown(1), chgrp(1), and chmod(1) for the detail. For example, in order to make a directory tree to be owned by a user and shared by a group , issue the following commands from the root account: # cd /some/location/ # chown -R : . # chmod -R ug+rwX,o=rX . There are three more special permission bits: * _set user ID_ (s or S instead of user's x), * _set group ID_ (s or S instead of group's x), and * _sticky bit_ (t or T instead of other's x). Here the output of `ls -l' for these bits is capitalized if execution bits hidden by these outputs are unset. Setting _set user ID_ on an executable file allows a user to execute the executable file with the owner ID of the file (for example _root_). Similarly, setting _set group ID_ on an executable file allows a user to execute the executable file with the group ID of the file (for example _root_). Because these settings can cause security risks, enabling them requires extra caution. Setting _set group ID_ on a directory enables the BSD-like file creation scheme where all files created in the directory belong to the _group_ of the directory. Setting the _sticky bit_ on a directory prevents a file in the directory from being removed by a user who is not the owner of the file. In order to secure the contents of a file in world-writable directories such as `/tmp' or in group-writable directories, one must not only set _write_ permission off for the file but also set the _sticky bit_ on the directory. Otherwise, the file can be removed and a new file can be created with the same name by any user who has write access to the directory. Here are a few interesting examples of the file permissions. $ ls -l /etc/passwd /etc/shadow /dev/ppp /usr/sbin/pppd crw-rw---- 1 root dip 108, 0 Jan 18 13:32 /dev/ppp -rw-r--r-- 1 root root 1051 Jan 26 08:29 /etc/passwd -rw-r----- 1 root shadow 746 Jan 26 08:29 /etc/shadow -rwsr-xr-- 1 root dip 234504 Nov 24 03:58 /usr/sbin/pppd $ ls -ld /tmp /var/tmp /usr/local /var/mail /usr/src drwxrwxrwt 4 root root 4096 Feb 9 16:35 /tmp drwxrwsr-x 10 root staff 4096 Jan 18 13:31 /usr/local drwxrwsr-x 3 root src 4096 Jan 19 08:36 /usr/src drwxrwsr-x 2 root mail 4096 Feb 2 22:19 /var/mail drwxrwxrwt 3 root root 4096 Jan 25 02:48 /var/tmp There is an alternative numeric mode to describe file permissions in chmod(1) commands. This numeric mode uses 3 to 4 digit wide octal (radix=8) numbers. Each digit corresponds to: * 1st optional digit: sum of _set user ID_ (=4), _set group ID_ (=2), and _sticky bit_ (=1) * 2nd digit: sum of _read_ (=4), _write_ (=2), and _execute_ (=1) permissions for _user_ * 3rd digit: ditto for _group_ * 4th digit: ditto for _other_ This sounds complicated but it is actually quite simple. If you look at the first few (2-10) columns from `ls -l' command output and read it as a binary (radix=2) representation of file permissions ("-" being "0" and "rwx" being "1"), this numeric mode value should make sense as an octal (radix=8) representation of file permissions to you. [1] For example, try: $ touch $ chmod u=rw,go=r $ chmod 644 $ ls -l -rw-r--r-- 1 penguin penguin 0 Nov 3 23:30 -rw-r--r-- 1 penguin penguin 0 Nov 3 23:30 The default file permission mask can be set by using the `umask' shell built-in command. See builtins(7). [1] Of course this method works only for 3 digit wide numeric mode. 4.5.4. Timestamps ----------------- There are three types of timestamps for a GNU/Linux file: * _mtime_: the modification time (`ls -l'), * _ctime_: the status change time (`ls -lc'), and * _atime_: the last access time (`ls -lu'). Note that _ctime_ is not file creation time. * Overwriting a file will change all of _mtime_, _ctime_, and _atime_ of the file. * Changing permission or owner of a file will change _ctime_ and _atime_ of the file. * Reading a file will change _atime_ of the file. Note that even simply reading a file on the Debian system will normally cause a file write operation to update _atime_ information in the _inode_. Mounting a filesystem with the `noatime' option will let the system skip this operation and will result in faster file access for the read. See mount(8). Use touch(1) command to change timestamps of existing files. 4.5.5. Links ------------ There are two methods of associating a file with a different filename . * a _hard link_ is a duplicate name for an existing file (`ln '), * a _symbolic link_, or "symlink", is a special file that points to another file by name (`ln -s '). See the following example for the changes in link counts and the subtle differences in the result of the `rm' command. $ echo "Original Content" > $ ls -l -rw-r--r-- 1 osamu osamu 4 Feb 9 22:26 $ ln # hard link $ ln -s # symlink $ ls -l -rw-r--r-- 2 osamu osamu 4 Feb 9 22:26 lrwxrwxrwx 1 osamu osamu 3 Feb 9 22:28 -> -rw-r--r-- 2 osamu osamu 4 Feb 9 22:26 $ rm $ echo "New Content" > $ cat Original Content $ cat New Content The symlink always has nominal file access permissions of "rwxrwxrwx", as shown in the above example, with the effective access permissions dictated by the permissions of the file that it points to. The `.' directory links to the directory that it appears in, thus the link count of any new directory starts at 2. The `..' directory links to the parent directory, thus the link count of the directory increases with the addition of new subdirectories. 4.5.6. Named pipes (FIFOs) -------------------------- A named pipe is a file that acts like a pipe. You put something into the file, and it comes out the other end. Thus it's called a FIFO, or First-In-First-Out: the first thing you put in the pipe is the first thing to come out the other end. If you write to a named pipe, the process which is writing to the pipe doesn't terminate until the information being written is read from the pipe. If you read from a named pipe, the reading process waits until there's something to read before terminating. The size of the pipe is always zero --- it doesn't store data, it just links two processes like the shell `|'. However, since this pipe has a name, the two processes don't have to be on the same command line or even be run by the same user. You can try it by doing the following: $ cd; mkfifo mypipe $ echo "hello" >mypipe & # put into background [1] <5952> $ ls -l mypipe prw-r--r-- 1 penguin penguin 0 2003-11-06 23:18 mypipe $ cat mypipe hello [1]+ Done echo hello >mypipe $ ls mypipe prw-r--r-- 1 penguin penguin 0 2003-11-06 23:20 mypipe $ rm mypipe 4.5.7. Sockets -------------- The socket is similar to the named pipe (FIFO) and allows processes to exchange information. For the socket, those processes do not need to be running at the same time nor need to be the children of the same ancestor process. This is the endpoint for the inter process communication. The exchange of information may occur over the network between different hosts. 4.5.8. Device files ------------------- Device files refer to physical or virtual devices on your system, such as your hard disk, video card, screen, or keyboard. An example of a virtual device is the console, represented by `/dev/console'. There are two types of devices: * _character device_ * This can be accessed one character at a time, that is, the smallest unit of data which can be written to or read from the device is a character (byte). * _block device_ * This must be accessed in larger units called blocks, which contain a number of characters. Your hard disk is a block device. You can read and write device files, though the file may well contain binary data which may be an incomprehensible-to-humans gibberish. Writing data directly to these files is sometimes useful for the troubleshooting of hardware connections. For example, you can dump a text file to the printer device `/dev/lp0' or send modem commands to the appropriate serial port `/dev/ttyS0'. But, unless this is done carefully, it may cause a major disaster. So be cautious. 4.5.8.1. `/dev/null' etc. ------------------------- `/dev/null' is a special device file that discards anything you write to it. If you don't want something, throw it in `/dev/null'. It's essentially a bottomless pit. If you read `/dev/null', you'll get an end-of-file (EOF) character immediately. `/dev/zero' is similar, only if you read from it you get the `\0' character (not the same as the number zero ASCII). See Kohta 8.6.34, `Dummy files'. 4.5.8.2. Device node number --------------------------- The device node number are displayed by executing `ls' as: $ ls -l /dev/hda /dev/ttyS0 /dev/zero brw-rw---- 1 root disk 3, 0 Mar 14 2002 /dev/hda crw-rw---- 1 root dialout 4, 64 Nov 15 09:51 /dev/ttyS0 crw-rw-rw- 1 root root 1, 5 Aug 31 03:03 /dev/zero Here, * `/dev/hda' has the major device number 3 and the minor device number 0. This is read/write accessible by the user who belongs to `disk' group, * `/dev/ttyS0' has the major device number 4 and the minor device number 64. This is read/write accessible by the user who belongs to `dialout' group, and * `/dev/zero' has the major device number 1 and the minor device number 5. This is read/write accessible by anyone. In the older system, the installation process creates the device nodes using `/sbin/MAKEDEV' command. See MAKEDEV(8). In the newer system, the filesystem under in the `/dev' is automatically populated by the device filesystem similar to the `/proc' filesystem. 4.5.9. `/proc' filesystem ------------------------- The `/proc' filesystem is a pseudo-filesystem and contains information about the system and running processes. People frequently panic when they notice one file in particular - `/proc/kcore' - which is generally huge. This is (more or less) a copy of the contents of your computer's memory. It's used to debug the kernel. It doesn't actually exist anywhere, so don't worry about its size. See Kohta 7.3, `Tuning the kernel through the proc filesystem' and proc(5). 4.6. X Window System -------------------- See Kohta 9.4, `X'. 4.6.1. Start the X Window System -------------------------------- The X Window System can be started automatically with `xdm'-like graphical login daemon or type following from the console. $ exec startx 4.6.2. Menu in the X Window System ---------------------------------- Since X environment can accommodate many window managers, their user interfaces vary quite a bit. Please remember that right-clicking the root window will bring up menu selections. This is always available. * To gain the shell command prompt, start Xterm from menu: * "XShells" --> "XTerm". * For graphical browsing of the web pages, start Mozilla from menu: * "Apps" --> "Net" --> "Mozilla Navigator". * For graphical browsing of the PDF files, start Xpdf from menu: * "Apps" --> "Viewers" --> "Xpdf". If you do not find menu entry, install the pertinent packages. See Kohta 6.2, `Debianin pakettien hallinnan aloitus'. 4.6.3. Keyboard sequence for the X Window System ------------------------------------------------ Followings are the important keystrokes to remember when running the X Window System. * Ctrl-Alt-F1 through F6: Switch to other pseudo-terminals (from an X window, DOSEMU, etc.) * Alt-F7: Switch back to X window * Ctrl-Alt-minus: Change screen resolution in X window (minus refers to the keys on the numeric keypad) * Ctrl-Alt-plus: Change screen resolution opposite way in X window (plus refers to the keys on the numeric keypad) * Ctrl-Alt-Backspace: Terminate the X Server program * Alt-X, Alt-C, Alt-V: Usual Windows/Mac Cut, Copy, Paste keys combinations with Ctrl- keys are replaced by these Alt- keys in some programs such as Netscape Composer. 4.7. Further study ------------------ At this moment, I recommend you to read the key guide books from The Linux Documentation Project: Guides (http://www.tldp.org/guides.html): * "The Linux System Administrators' Guide", * This covers all of the aspects of keeping the system running, handling user accounts, backups, configuration of the system. * package: `sysadmin-guide' * file: /usr/share/doc/sysadmin-guide/html/index.html * web: http://www.tldp.org/LDP/sag/index.html * "The Linux Network Administrator's Guide, Second Edition", * This is a single reference for network administration in a Linux environment. * package: `(not available)' * file: (not applicable) * web: http://www.tldp.org/LDP/nag2/index.html * "Linux: Rute User's Tutorial and Exposition" * A nice online and hardcover book covering GNU/Linux system administration. * By Paul Sheer * Published by Prentice Hall * Package: `rutebook' (from `non-free') * File: `/usr/share/doc/rutebook/' See Luku 15, `Support for Debian' for more learning resources. ------------------------------------------------------------------------------- 5. Päivittäminen jakeluun `stable', `testing' tai `unstable' ------------------------------------------------------------ Viralliset julkaisumuistiot päivittämiseen löytyvät osoitteista http://www.debian.org/releases/stable/releasenotes ja http://www.debian.org/releases/testing/releasenotes (työn alla). Järjestelmän päivittäminen `stable'-, `testing'- tai `unstable'-jakeluun voi sisältää useita vaiheita, jotka on suoritettava seuraavassa järjestyksessä: * Päivitä Woodyyn (jos järjestelmäsi on vanhempi kuin Woody) * Päivitä `stable':en * Päivitä `testing':in * Päivitä `unstable':en Debian ei tue päivityksiä, jotka hyppäävät yli peräkkäisiä julkaisuja. 5.1. Päivittäminen Potatosta Woodyyn ------------------------------------ Tämä prosessi on kuvattu erikseen, koska Potaton APT-ohjelmassa ei ole kaikkia ohjesivulla apt_preferences(5) kuvattuja toiminnallisuuksia. Lisättyäsi Woodyn lähteet tiedostoon `/etc/apt/sources.list', päivitä APT ja vaaditut peruspaketit Woody-versioihin seuraavilla komennoilla: # apt-get update # apt-get install libc6 perl libdb2 debconf # apt-get install apt apt-utils dselect dpkg Päivitä tämän jälkeen järjestelmän loppuosa Woodyyn. # apt-get upgrade # apt-get dist-upgrade 5.2. Päivitykseen valmistautuminen ---------------------------------- Voit päivittää jakelusta toiseen hakemalla paketit verkon yli seuraavasti. Hanki puhdas lista `stablen':n säilytyspaikoista: # cd /etc/apt # cp -f sources.list sources.list.old # :>sources.list # apt-setup noprobe Jos haluat päivittää `testing'-jakeluun, lisää `testing':in lähteet tähän uuteen listaan. Jos haluat päivittää `unstable'-jakeluun, lisää myös `unstable':n lähteet listaan. # cd /etc/apt # grep -e "^deb " sources.list >srcs # :>sources.list # cp -f srcs sources.list # sed -e "s/stable/testing/" srcs >>sources.list # sed -e "s/stable/unstable/" srcs >>sources.list # apt-get update # apt-get install apt apt-utils Kappale Kohta 6.2, `Debianin pakettien hallinnan aloitus' kertoo tiedostojen `/etc/apt/sources.list' ja `/etc/apt/preferences' virittämisestä. 5.3. Päivittäminen ------------------ Muokattuasi tiedostoja `/etc/apt/sources.list' ja `/etc/apt/preferences' ylläolevien ohjeiden mukaan voit aloittaa päivityksen. Huomaa, että Debianin `testing'-jakelun käyttäminen saattaa sivuvaikutuksena aiheuttaa sen, että tietoturvapäivityksiä sisältävien pakettien asennus viivästyy, koska tällaiset paketit ladataan jakeluun `unstable' ja ne vasta myöhemmin siirtyvät jakeluun `testing'. Katso kappaleesta Luku 6, `Debianin pakettienhallinta' perusteet ja katso kappaletta Kohta 6.3.2, `APT upgrade:n vianetsintä', jos törmäät ongelmiin. 5.3.1. `dselect'-ohjelman käyttö -------------------------------- Jos järjestelmässä on useita paketteja, mukaan lukien `-dev'-paketteja jne., on suositeltavaa käyttää ohjelmaa `dselect' seuraavasti pakettien tarkempaan hallinnointiin. # dselect update # Aja tämä aina ennen päivitystä # dselect select # Valitse lisää paketteja Kaikki nykyiset paketit valitaan, kun `dselect' käynnistyy. `dselect' saattaa kysyä lisäpakettien asentamisesta perustuen asennettujen pakettin `Depends'-, `Suggests'- ja `Recommends'-riippuvuuksiin. Jos et halua asentaa lisää paketteja, kirjoita `Q' poistuaksesi ohjelmasta. # dselect install Sinun täytyy vastata joihin pakettien asetuksiin liittyviin kysymyksiin tämän prosessin aikana, joten pidä muistiinpanosi lähellä ja varaa aikaa tämän osan suorittamiseen. Katso Kohta 6.2.4, ``dselect''. Käytä ohjelmaa `dselect'. _Se toimii aina. :)_ 5.3.2. Ohjelman `apt-get' käyttäminen ------------------------------------- # apt-get update # apt-get -t stable upgrade # apt-get -t stable dist-upgrade # apt-get -t testing upgrade # apt-get -t testing dist-upgrade # apt-get -t unstable upgrade # apt-get -t unstable dist-upgrade Kun järjestelmäsi on päivitetty Sargeen, on suositeltavaa siirtyä käyttämään ohjelmaa `aptitude' ohjelman `apt-get' sijaan. (`aptitude' hyväksyy monet ohjelman `apt-get' valitsimista, mukaan lukien yllä käytetyt.) Säilyttääksesi päivityksessä nykyiset `dselect':n asetukset: # apt-get dselect-upgrade Katso Kohta 2.2.8, `Pakettien riippuvuudet'. ------------------------------------------------------------------------------- 6. Debianin pakettienhallinta ----------------------------- `aptitude' on nykyään suositeltu tekstikäyttöliittymä ohjelman APT (Advanced Package Tool) käyttöön. Se pitää erikseen kirjaa tarkoituksella asennetuista paketeista ja riippuvuuksien takia asennetuista paketeista. Jälkimmäiset `aptitude' poistaa automaattisesti, kun mikään tarkoituksella asennettu paketti ei enää riipu niistä. Se sisältää kehittyneitä pakettien suodatusominaisuuksia, mutta niiden käyttäminen voi olla vaikeaa. `synaptic' on nykyään suositeltu graafinen käyttöliittymä ohjelman APT käyttöön. Sen pakettien suodatusominaisuuksia on helpompi käyttää kuin `aptitude'n. Se tukee koeluontoisesti Debianin pakettimerkkejä (http://debtags.alioth.debian.org/). Debianin palvelimien verkkokuorman vähentämiseksi ja latausten nopeuttamiseksi tulisi paketit hakea Debianin peilipalvelimilta. Jos sama paketti on tarpeen asentaa useammalle koneelle paikallisesssa verkossa, voit ohjelmalla `squid' perustaa paikallisen HTTP-välityspalvelimen APT:n kautta ladatuille paketeille. Tarvittaessa aseta arvo ympäristömuuttujalle `http_proxy' tai aseta arvo `http' tiedostossa `/etc/apt/apt.conf'. Vaikka osiossa apt_preferences(5) kuvattu APT:n valintajärjestelmä on tehokas, sen vaikutukset saattavat olla vaikeasti ymmärrettäviä. Se on luonteeltaan edistynyt ominaisuus. Kappaleessa Kohta 8.6.35, ``chroot'' kuvattu metodi on suositeltava The use of the method described in Kohta 8.6.35, ``chroot'' is desirable for järjestelmän vakauden turvaamiseksi ja uusimpien ohjelmaversioiden saamiseksi samanaikaisesti. Tämä luku pohjaa Woodyn jälkeiseen järjestelmään. Jotkin ominaisuudet saattavat vaatia Sarge-järjestelmän tai myöhemmän. 6.1. Esittely ------------- Jos kaiken kehittäjille tarkoitetun dokumentaation lukeminen tuntuu liian paljolta, lue tämä luku ja pääset nauttimaan Debianin `testing'/`unstable'-jakeluiden täydestä voimasta. :-) 6.1.1. Tärkeimmät pakettienhallintatyökalut ------------------------------------------- dpkg -- Debian pakettitiedostojen asennusohjelma apt-get -- Komentorivikäyttöliittymä APT-ohjelmalle aptitude -- Kehittynyt teksti- ja komentorivikäyttöliittymä APT:lle synaptic -- Graafinen käyttöliittymä APT:lle dselect -- Menupohjainen pakettienhallintaohjelma tasksel -- Tehtävienasennusohjelma Nämä ohjelmat eivät kaikki ole toistensa vaihtoehtoja. Esimerkiksi `dselect' käyttää sekä APT:ia että `dpkg':tä. APT käyttää tiedostoja `/var/lib/apt/lists/*' saatavilla olevien pakettien seuraamiseen kun taas `dpkg' käyttää tiedostoa `/var/lib/dpkg/available'. Jos paketteja on asennettu `aptitude':lla tai muilla APT:n käyttöliittymillä ja halutaan asentaa paketteja `dselect':llä, tulee ensin päivittää tiedosto `/var/lib/dpkg/available' valitsemalla `[U]pdate' `dselect':n valikoista (tai ajaa "`dselect update'"). `apt-get' automaattisesti asentaa kaikki paketit, joista valittu paketti riippuu. Se ei asenna paketteja, joita ainoastaan suositellaan tai ehdotetaan. `aptitude'n asetuksissa voidaan puolestaan määrätä paketin suosittelemat tai ehdottamat paketit asennettaviksi. `dselect' Näyttää käyttäjälle listan paketeista, joita valittu paketti suosittelee tai ehdottaa ja antaa käyttäjän valita asennettavat näistä vapaasti. Katso Kohta 2.2.8, `Pakettien riippuvuudet'. 6.1.2. Aputyökalut ------------------ dpkg-reconfigure - muuttaa jo asennetun paketin asetuksia (jos se käyttää debconf:ia) dpkg-source - hallinnoi lähdekoodipaketteja dpkg-buildpackage - automatisoi pakettien rakentamisen apt-cache - tutkii paikallista pakettiarkistoa 6.2. Debianin pakettien hallinnan aloitus ----------------------------------------- 6.2.1. APT:n laittaminen käyttövalmiiksi ---------------------------------------- Muokkaa tiedostoa `sources.list' kappaleen Kohta 5.2, `Päivitykseen valmistautuminen' ohjeiden mukaan. [1] Katso myös Luku 3, `Debian System installation hints', Luku 5, `Päivittäminen jakeluun `stable', `testing' tai `unstable'' ja Kohta 11.2, `Rescue editors'. [1] Jos seuraat `testing'- tai `unstable'-jakeluita Voit poistaa viittaukset jakeluun `stable' tiedostoista `/etc/apt/sources.list' ja `/etc/apt/preferences' koska `testing' on aluksi `stable':n kopio. 6.2.2. Tehtävien asennus ------------------------ Paketteja on mahdollista asentaa ryhmittäin siten, että yhden ryhmän paketteja tyypillisesti tarvitaan Debian-järjestelmän tietynlaiseen käyttöön. Tällaisia pakettiryhmiä kutsutaan "tehtäviksi". Helpoin tapa asentaa tehtäviä on käyttää alkuasennuksen aikana ohjelmaa `tasksel'. Komento dselect update on ajettava ennen sen käyttöä. Ohjelmalla `aptitude' voi myös asentaa tehtäviä ja se on suositeltava työkalu. Sitä käytettäessä on mahdollista poistaa yksittäisiä paketteja tehtävistä ennen niiden asennusta. 6.2.3. `aptitude' ----------------- `aptitude' on uusi menu-pohjainen pakettien asennusohjelma. Se on samankaltainen kuin `dselect', mutta tehty alusta asti uudelleen APT:n päälle. Sitä voidaan käyttää `apt-get':n sijaan useimpien komentojen osalta. Katso aptitude(1) ja `/usr/share/doc/aptitude/README'. Kun `aptitude' otetaan käyttöön, on parempi jatkaa sen käyttämistä pakettien asentamiseen vaihtoehtoisten metodien sijaan. Muuten menetetään hyöty, joka saadaan `aptitude':n kyvystä pitää kirjaa tarkoituksella asennetuista paketeista. Käytettäessä `aptitude':a kokoruututilassa, sille voidaan antaa yhden kirjaimen komentoja, jotka yleensä ovat pieniä kirjaimia. Tärkeimmät komennot ovat: Näppäily Toiminto F10 Valikko ? Apua näppäinkomennoissa (täydellinen listaus) u Päivitä pakettiarkiston tiedot + Merkitse paketti päivitettäväksi tai asennettavaksi - Merkitse paketti poistettavaksi (säilytä asetukset) _ Merkitse paketti hävitettäväksi (poista asetukset) = Merkitset paketti säilytettäväksi U Merkitset päivitettäväksi kaikki paketit, jotka voidaan päivittää g Lataa ja asenna merkityt paketit q Poistu nykyisestä näkymästä ja tallenna muutokset x Poistu nykyisestä näkymästä ja hylkää muutokset Enter Näytä tietoa paketista C Näytä paketin muutosloki l Vaihda näytettävien pakettien rajoitusta / Hae seuraava osuma \ Toista edellinen haku Kuten `apt-get', `aptitude' asentaa paketit, joista valittu paketti on riippuvainen. `aptitude' tarjoaa myös mahdollisuuden suositeltujen ja ehdotettujen pakettien lataamiseen ja asentamiseen. Voit vaihtaa oletustoimintaa valitsemalla valikosta `F10 -> Options -> Dependency handling'. Muita `aptitude'n etuja ovat: * `aptitude' tarjoaa asennettavaksi paketin kaikki versiot. * `aptitude' pitää lokia toiminnastaan tiedostossa `/var/log/aptitude'. * `aptitude' helpottaa vanhentuneiden ohjelmien löytämistä listaamalla ne osiossa "Obsolete and Locally Created Packages". * `aptitude' tarjoaa tehokkaan järjestelmän tiettyjen pakettien etsimiseen ja näytettyjen pakettien rajoittamiseen. Ohjelman `mutt' tuntevat käyttäjät oppivat nämä nopeasti, koska mutt inspiroi käytettyä lausekesyntaksia. Katso osiota "SEARCHING, LIMITING, AND EXPRESSIONS" dokumentissa `/usr/share/doc/aptitude/README'. * `aptitude':n kokoruututilassa on ohjelman `su' toiminnallisuus upotettuna ja ohjelmaa voidaan ajaa tavallisena käyttäjänä kunnes todella tarvitaan ylläpitäjän oikeuksia. 6.2.4. `dselect' ---------------- Vakaissa julkaisuissa Potatoon asti `dselect' oli pääasiallinen pakettienhallintatyökalu. Sargessa kannattaisi sen sijaan käyttää ohjelmaa `aptitude'. Käynnistettäessä `dselect' automaattisesti valitsee "Required"-, "Important"- ja "Standard"-paketit (vaadittavat, tärkeät ja vakiopaketit). `dselect':ssä on jossain määrin outo käyttöliittymä. Useimmat käyttäjät kuitenkin tottuvat siihen. Siinä on neljä komentoa (Iso kirjain tarkoittaa ISOA!): Näppäily Toiminto Q Lopeta. Vahvista nykyiset valinnat ja lopeta joka tapauksessa. (kumoa riippuvuudet) R Palauta! En tarkoittanut sitä. D Toimi! dselectin mielipiteellä ei ole väliä. U Laita kaikki suositeltuun tilaan. Komentojen `D' ja `Q' kanssa on mahdollista tehdä ristiriitaisia valintoja omalla vastuulla. Näitä komentoja tulisi käyttää varoen. Rivin "expert" lisääminen tiedostoon `/etc/dpkg/dselect.cfg' vähentää ohjelman tulostuksia. Jos `dselect' toimii hitaasti jollain koneella, ohjelma voidaan ajaa nopeammalla koneella asennettavien pakettien määrittämiseksi ja käyttää sen jälkeen komentoa `apt-get install' hitaalla koneella pakettien asentamiseen. 6.2.5. Jakeluiden seuraaminen APT:lla ------------------------------------- `testing'-jakelun seuraaminen sen muuttuessa tapahtuu muuttamalla tiedoston `/etc/apt/preferences' sisältö seuraavanlaiseksi: Package: * Pin: release a=testing Pin-Priority: 800 Package: * Pin: release a=stable Pin-Priority: 600 `testing'-jakelun seuraamisen sivuvaikutuksena tietoturvapäivityksiä sisältävien pakettien asennus saattaa viivästyä. Tämä johtuu siitä, että paketit ladataan ensin jakeluun `unstable' ja ne siirtyvät `testing'-jakeluun viiveellä. Ohjesivu apt_preferences(5) sisältää monimutkaisempia esimerkkejä esimerkiksi siitä kuinka seurata `testing':iä, mutta samalla asentaa valittuja paketteja `unstable':sta. Esimerkkejä tiettyjen pakettien lukitsemisesta tiettyyn versioon, samalla kun muita paketteja päivitetään, löytyy examples-alihakemistosta (http://www.debian.org/doc/manuals/debian-reference/examples/) tiedostoista `preferences.testing' ja `preferences.unstable'. Jos paketteja käytetään sekaisin eri jakeluista esim. `testing':stä ja `stable':sta tai `unstable':sta ja `stable':sta, päivittyvät peruspaketit kuten `libc6' lähes pakolla jossain vaiheessa `testing'- tai `unstable'-versioihin, jotka saattavat sisältää virheitä. Varoitus on annettu. Toisena esimerkkinä `preferences.stable' pakottaa kaikki paketit palaamaan `stable'-versioon. _Paketin_ myöhemmästä versiosta aiempaan palaaminen ei ole virallisesti tuettua Debianissa. Saattaa kuitenkin olla, että aikaisempaan versioon palaaminen on tarpeellista, jos uudempi versio toimii virheellisesti. Aiemmat pakettiversiot löytyvät paikallisesti hakemistosta `/var/cache/apt/archives/' verkosta osoitteesta http://snapshot.debian.net/. Katso myös Kohta 6.3.3, `Pelastus käyttäen ohjelmaa `dpkg''. Palaaminen aiempaan _jakeluun_ ei myöskään ole tuettua ja aiheuttaa hyvin todennäköisesti ongelmia. Äärimäisessä hädässä tätä voi kuitenkin yrittää viimeisenä ratkaisuna. 6.2.6. Komennot `aptitude', `apt-get' ja `apt-cache' ---------------------------------------------------- Seurattaessa `testing':iä yllä olevan esimerkin mukaisesti, voidaan järjestelmää päivittää seuraavilla komennoilla: * `aptitude update' (tai `apt-get update') Nämä päivittävät listan pakettivarastoista saatavilla olevista paketeista. * `aptitude upgrade' (tai `apt-get upgrade' tai `aptitude dist-upgrade' tai `apt-get dist-upgrade') Nämä seuraavat `testing'-jakelua --- ne päivittävät vuorollaan järjestelmän jokaisen paketin asennettuaan `testing'-jakelusta muista paketeista sellaiset versiot, joista kyseinen paketti on riippuvainen. [1] * `apt-get dselect-upgrade' Tämä seuraa `testing'-jakelua --- se päivittää kunkin järjestelmän paketin ohjelman `dselect' valintojen mukaisesti. * `aptitude install /unstable' Tämä asentaa `unstable'-jakelusta, mutta paketit, joista se on riippuvainen, `testing'-jakelusta. * `aptitude install -t unstable ' Tämä asentaa `unstable'-jakelusta samoin kuin paketit, joista se on riippuvainen. Tämä saadaan aikaan asettamalla `unstable'-jakelun Pin-Priority arvoon 990. * `apt-cache policy ' Tämä tarkistaa pakettien tilan. * `aptitude show | less' (tai `apt-cache show | less') Tämä näyttää pakettien tiedot. * `aptitude install ' Tämä asentaa paketin version <2.2.4-1>. * `aptitude install ' Tämä asentaa paketin ja poistaa paketin . * `aptitude remove ' Tämä poistaa paketin , mutta ei sen asetustiedostoja. * `aptitude purge ' Tämä poistaa paketin ja kaikki sen asetustiedostot. Jos yllä olevissa esimerkeissä ohjelmalle `apt-get' annetaan valitsin `-u', se listaa kaikki päivitettävät paketit ja pyytää käyttäjältä varmistuksen ennen päivitystä. `aptitude' tekee näin oletuksena. Tämän voi asettaa `apt-get':n oletukseksi seuraavasti: $ cat >> /etc/apt/apt.conf << . // Näytä aina lista päivitettävistä paketeista (-u) APT::Get::Show-Upgraded "true"; . Valitsimen `--no-act' avulla on mahdollista simuloida toimintaa asentamatta, poistamatta, jne. mitään paketteja oikeasti. [1] Komentojen `upgrade' ja `dist-upgrade' erot näkyvät vain kun pakettien uusien versioiden riippuvuussuhteet ovat eri kuin pakettien vanhempien versioiden. Yksityiskohdat löytyvät ohjesivulta apt-get(8). Käskyt `aptitude upgrade' ja `aptitude dist-upgrade' käynnistävät `aptitude':n komentorivitilassa. Voit vaihtaa kokoruututilaan painamalla `e'-näppäintä. 6.3. Debianin selviytymiskomennot --------------------------------- Tämä tieto tuo mukanaan ikuisten päivitysten onnen. :-) 6.3.1. Tarkista Debianin virheet ja etsi apua --------------------------------------------- Jos tietyn paketin kanssa ilmenee ongemia, tulisi ennen avun etsimistä tai virheen ilmoittamista tarkistaa seuraavat sivut. (`lynx', `links' ja `w3m' toimivat kaikki): $ lynx http://bugs.debian.org/ $ lynx http://bugs.debian.org/ # jos paketin nimi on tiedossa $ lynx http://bugs.debian.org/ # jos virhenumero on tiedossa Etsi Googlessa (www.google.com) hakusanoilla, joihin sisältyy "site:debian.org". Epävarmassa tilanteessa kannattaa lukea ohjeita. Aseta `CDPATH' seuraavasti: export CDPATH=.:/usr/local:/usr/share/doc ja kirjoita $ cd $ pager README.Debian # jos tiedosto on olemassa $ mc Muita avun lähteitä on listattu kappaleessa Luku 15, `Support for Debian'. 6.3.2. APT upgrade:n vianetsintä -------------------------------- Päivitettäessä paketteja `unstable':ssa tai `testing':ssä kappaleen Kohta 5.3, `Päivittäminen' ohjeiden mukaan, saattaa riippuvuuksissa ilmetä ongelmia. Useimmiten tämän johtuu siitä, että päivitettävä paketti on riippuvainen paketista, joka ei ole vielä saatavilla. Ongelman voi korjata ajamalla komennon: # aptitude dist-upgrade Jos tämä ei auta, toista jompaa kumpaa seuraavista komennoista kunnes ongelma ratkeaa: # aptitude -f upgrade # jatka päivittämistä myös virheistä huolimatta ... tai # aptitude -f dist-upgrade # jatka päivittämistä ja tarvittaessa poistamista virheistä huolimatta Jotkin pahasti hajalla olevat päivitysskriptit saattavat aiheuttaa jatkuvia ongelmia. Tällöin kannattaa yleensä tutkia ja korjata kyseisen paketin skriptejä `/var/lib/dpkg/info/.{post,pre}{inst,rm}' ja tämän jälkeen ajaa: # dpkg --configure -a # tekee kaikkien osittain asennettujen pakettien asetukset Jos skripti valittaa puuttuvasta asetustiedostosta, etsi hakemistosta `/etc/' vastaavaa tiedostoa. Jos hakemistosta löytyy muuten samanniminen tiedosto päätteellä `.dpkg-new' (tai jotain vastaavaa), poista pääte siirtämällä tiedosto toiselle nimelle komennolla `mv'. Pakettien riippuvuussuhteissa voi ilmetä ongelmia asennettaessa niitä `unstable':ssa tai `testing':ssä. Riippuvuuksia voi kiertää seuraavasti. # aptitude -f install # unohda puuttuvat riippuvuudet Vaihtoehtoisesti tilanteen voi korjata käyttämällä pakettia `equivs'. Katso `/usr/share/doc/equivs/README.Debian' ja Kohta 6.5.2, ``equivs'-paketti'. 6.3.3. Pelastus käyttäen ohjelmaa `dpkg' ---------------------------------------- Jos APT:n käyttäminen johtaa umpikujaan, paketit voi ladata Debianin peilipalvelimilta ja asentaa ohjelmalla `dpkg'. Jos käytettävissä ei ole verkkoyhteyttä, pakettien väliaikaisia kopioita voi etsiä hakemistosta `/var/cache/apt/archives/'. # dpkg -i fetchmail_6.2.5-4_i386.deb Jos todella tarvitun paketin asennus tällä tavalla epäonnistuu riippuvuussuhdeongelmien takia, niiden tarkistusta voi ohjata mm. valitsimilla `--ignore-depends' ja `--force-depends'. Katso yksityiskohdat kappaleesta dpkg(8). 6.3.4. Pakettien valintatietojen palauttaminen ---------------------------------------------- Jos tiedosto `/var/lib/dpkg/status' korruptoituu mistään syystä, Debian-järjestelmä menettää tiedon valituista paketeista ja kärsii pahasti. Vanhempi versio tiedostosta `/var/lib/dpkg/status' voi löytyvä nimellä `/var/lib/dpkg/status-old' tai `/var/backups/dpkg.status.*'. Hakemiston `/var/backups/' pitäminen eri levyosiolla voi olla hyvä idea, koska tämä hakemisto sisältää paljon tärkeää järjestelmätietoa. Jos vanhaa versiota tiedostosta `/var/lib/dpkg/status' ei ole saatavilla, voidaan tieto palauttaa hakemistossa `/usr/share/doc/' olevista hakemistoista. # ls /usr/share/doc | \ grep -v [A-Z] | \ grep -v '^texmf$' | \ grep -v '^debian$' | \ awk '{print $1 " install"}' | \ dpkg --set-selections # dselect --expert # asentaa järjestelmän uudelleen, poista tarpeettomat 6.3.5. Järjestelmän pelastaminen hakemiston `/var' tuhoutumisen jälkeen ----------------------------------------------------------------------- Koska hakemisto `/var' sisältää usein päivitettävää tietoa, kuten sähköposteja, se korruptoituu helpommin kuin esim. `/usr/'. Hakemiston `/var' sijoittaminen omalle levyosiolleen vähentää riskejä. Jos tapahtuu katastrofi, on `/var/' ehkä rakennettava uudelleen, jotta Debian-järjestelmä voidaan pelastaa. Hajonneeseen järjestelmään voidaan kopioida toisesta toimivasta, minimaalisesta Debian-järjestelmästä hakemisto `/var', esimerkiksi `var.tar.gz (http://people.debian.org/~osamu/pub/)', kunhan lähdehakemisto on samasta tai vanhemmasta Debianin versiosta. Tämän jälkeen # cd / # mv var var-old # jos jäljellä on mitään käyttökelpoista # tar xvzf var.tar.gz # puretaan hakemisto Woody-jakelusta # aptitude # tai dselect Tämän jälkeen järjestelmän pitäisi toimia. Pakettitietojen palauttamista voidaan edistää kappaleen Kohta 6.3.4, `Pakettien valintatietojen palauttaminen' ohjeiden avulla. ([FIXME]: This procedure needs more experiments to verify.) 6.3.6. Paketin asentaminen käynnistyskelvottomana järjestelmään --------------------------------------------------------------- Linux käynnistetään Debianin pelastuslevykkeeltä tai -CD:ltä tai toiselta osiolta Linuxissa, jossa on monikäynnistys. Katso Kohta 8.1, `Booting the system'. Käynnistyskelvoton järjestelmä liitetään hakemistoon `/target' ja asennetaan paketti käyttäen `dpkg':n chroot-asennusmoodia. # dpkg --root /target -i Tämän jälkeen tehdään asetukset ja korjataan ongelmat. Jos käynnistysongelmat johtuvat vain hajonneesta `lilo':sta, voi järjestelmän käynnistää Debianin standardilta pelastuslevykkeeltä. Jos Linux-asennuksen juuriosio on `/dev/hda12' ja halutaan käynnistää ajotasolle 3, kirjoitetaan käynnistyskehotteessa: boot: rescue root=/dev/ 3 Käynnistyvä järjestelmä on lähes täysin toimiva ja käyttää ytimenään levykeellä olevaa ydintä. (Pieniä häiriöitä voi esiintyä johtuen puuttuvista ytimen ominaisuuksista tai moduleista.) 6.3.7. Mitä tehdä, jos `dpkg'-komento on hajalla ------------------------------------------------ Minkään `.deb'-paketin asentaminen saattaa olla mahdotonta, jos `dpkg' on hajonnut. Tilanteen voi korjata seuraavalla proseduurilla. (Ensimmäisellä rivillä voit korvata komennon "links" haluamallasi selainkomennolla.) $ links http:///debian/pool/main/d/dpkg/ ... lataa toimiva dpkg__.deb $ su password: ***** # ar x dpkg__.deb # mv data.tar.gz /data.tar.gz # cd / # tar xzfv data.tar.gz Alustalla `i386' voidaan käyttää myös URL:ia `http://packages.debian.org/dpkg'. 6.4. Debianin nirvana-komennot ------------------------------ Näiden komentojen ymmärtämistä seuraava _valaistuminen_ päästää käyttäjän ikuisesta pahan karman päivityshelvetistä ja päästää hänet Debianin _nirvanaan_. :-) 6.4.1. Tietoa tiedostosta ------------------------- Asennetut paketit, joihin liittyy tiedosto, jonka nimi on tiettyä muotoa, voi löytää komennolla: $ dpkg {-S|--search} lauseke Tai vastaavasti voi etsiä Debianin arkistoista: $ wget http://ftp.us.debian.org/debian/dists// $ zgrep -e lauseke Tai voi käyttää erikoistuneita pakettikomentoja: # aptitude install dlocate $ dlocate # Komentojen dpkg -L ja dpkg -S nopea vaihtoehto ... # aptitude install auto-apt # työkalu, joka asentaa paketteja tarvittaessa # auto-apt update # luo tietokannan auto-apt:lle $ auto-apt search # etsii lauseketta sekä asennetuista että asentamattomista paketeista 6.4.2. Tietoa paketista ----------------------- Tietoja voidaan etsiä pakettiarkistoista. Ennen tätä tulee varmistaa, että APT käyttää oikeita arkistoja muokkaamalla tiedostoa `/etc/apt/sources.list'. Paketin nykyisen version vertailu jakeluiden `testing' ja `unstable' versioihin onnistuu komennolla `apt-cache policy' # apt-get check # Päivitä välimuisti ja etsi rikkoutuneita paketteja $ apt-cache search # Etsi paketin tekstikuvauksesta $ apt-cache policy # Paketin tärkeys-/jakelutiedot $ apt-cache show -a # Näytä paketin kaikkien jakeluiden kuvaukset $ apt-cache showsrc # Näytä vastaavan lähdekoodipaketin kuvaus $ apt-cache showpkg # Pakettitietoja virheiden korjaukseen # dpkg --audit|-C # Etsi osittain asennettuja paketteja $ dpkg {-s|--status} ... # Asennetun paketin kuvaus $ dpkg -l ... # Asennetun paketin satuts status (1 rivi/paketti) $ dpkg -L ... # Listaa paketin asentamat tiedostot `apt-cache showsrc' -komento is ole Woody-jakelusta lähtien ole ollut dokumentoitu, mutta se toimii. :-) Pakettitietoja löytyy myös seuraavista tiedostoista (näitä voi selata esim ohjelman `mc' avulla): /var/lib/apt/lists/* /var/lib/dpkg/available Seuraavat tiedostot kertovat mitä oikeastaan on tapahtunut muutaman edellisen asennussession aikana. /var/lib/dpkg/status /var/backups/dpkg.status* 6.4.3. Valvomaton asennus APT:lla --------------------------------- Valvomattoman asennuksen voi tehdä lisäämällä seuraavan rivin tiedostoon `/etc/apt/apt.conf': Dpkg::Options {"--force-confold";} Tämä vastaa komennon `aptitude -y install ' tai `apt-get -q -y install ' ajamista. Koska kaikkiin kysymyksiin vastataan automaattisesti "kyllä", tämä voi aiheuttaa ongelmia ja sitä pitäisi käyttää varoen. Katso apt.conf(5) and dpkg(1). Minkä tahansa paketin asetuksia voidaan myöhemmin muuttaa kappaleen Kohta 6.4.4, `Asennettujen pakettien asetuksien päivittäminen' ohjeiden mukaan. 6.4.4. Asennettujen pakettien asetuksien päivittäminen ------------------------------------------------------ Asennettujen pakettien asetuksia voidaan muuttaa seuraavilla komennoilla # dpkg-reconfigure --priority= [...] # dpkg-reconfigure --all # päivitä kaikkien pakettien asetukset # dpkg-reconfigure locales # luo mahdolliset uudet maa-asetukset # dpkg-reconfigure --p= xserver-xfree86 # päivitä X serverin asetukset Jos on tarvetta muuttaa ohjelman `debconf' toimintatilaa pysyvästi, se voidaan tehdä tällä. Joissain ohjelmissa on erillisiä asetusten tekoskriptejä. [1] apt-setup - luo /etc/apt/sources.list install-mbr - asenna pääkäynnistyslohkon hallinnoija tzconfig - aseta paikallinen aikavyöhyke gpmconfig - muokkaa gpm-hiiritaustaohjelman asetuksia eximconfig - muokkaa Exim (MTA):n asetuksia texconfig - muokkaa teTeX:n asetuksia apacheconfig - muokkaa Apache:n (httpd) asetuksia cvsconfig - muokkaa CVS:n asetuksia sndconfig - muokkaa äänentoistojärjestelmän asetuksia ... update-alternatives - aseta oletuskomentoja esim., vim on vi update-rc.d - System-V init skriptien hallinta update-menus - Debian-menujärjestelmä ... [1] Jotkin `*config' skriptit ovat katoamassa uudemmassa Sarge-julkaisussa ja toiminnallisuudet siirretään `debconf'-järjestelmään. 6.4.5. Pakettien poistaminen ja siivoaminen ------------------------------------------- Paketin poisto niin, tetä sen asetustiedostot säilytetään: # aptitude remove ... # dpkg --remove ... Paketin ja asetustiedostojen poistaminen: # aptitude purge ... # dpkg --purge ... 6.4.6. Vanhempien pakettien säilyttäminen ----------------------------------------- Esimerkiksi pakettien `libc6' ja `libc6-dev' nykyisten versioiden säilyttäminen ajettaessa `dselect' tai `aptitude install ' voidaan tehdä seuraavasti: # echo -e "libc6 hold\nlibc6-dev hold" | dpkg --set-selections `aptitude install '-komentoa ei tämä "säilytys" haittaa. Säilyttääksesi paketin pakottamalla automaattisen paluun aikaisempaan versioon ajettaessa `aptitude upgrade ' tai `aptitude dist-upgrade', lisää seuraava tiedostoon `/etc/apt/preferences': Package: libc6 Pin: release a=stable Pin-Priority: 2000 "`Package:'"-kohdassa ei voi olla "`libc6*'"-tyylisiä määritelmiä. Jos kaikki lähdekoodipakettiin `glibc' liittyvät binääripaketit halutaan pitää samassa versiossa, ne on listattava kaikki erikseen. Seuraava komento listaa tällä hetkellä säilytettävät paketit: dpkg --get-selections "*"|grep -e "hold$" 6.4.7. `stable'/`testing'/`unstable'-sekajärjestelmä ---------------------------------------------------- `apt-show-versions'-komennolla voidaan listata paketin saataville olevat versiot jakeluittain. $ apt-show-versions | fgrep /testing | wc ... montako pakettia järjestelmässä on testing:stä $ apt-show-versions -u ... päivitettävissä olevat paketit $ aptitude install `apt-show-versions -u -b | fgrep /unstable` ... päivitä kaikki unstable-paketit uusimpiin versioihin 6.4.8. Pakettitiedostojen karsiminen välimuistista -------------------------------------------------- APT jättää paketteja asennettaessa pakettitiedostot välimuistiin hakemistoon `/var/cache/apt/archives/' ja se täytyy puhdistaa. # aptitude autoclean # poistaa hyödyttömät pakettitiedostot # aptitude clean # poistaa kaikki talletetut pakettitiedostot 6.4.9. Järjestelmäasetusten tallennus/kopiointi ----------------------------------------------- Paikallisen kopion tekeminen pakettien valintatiloista: # dpkg --get-selections "*" > # tai käytä \* # debconf-get-selections > `"*"' sisällyttää tiedostoon `' myös "siivotut" paketit. Tämä tiedosto voidaan siirtää toiseelle tietokoneella ja käyttää asennukseen siellä: # dselect update # debconf-set-selections < # dpkg --set-selections < # apt-get -u dselect-upgrade # dselect install 6.4.10. Paketin sovittaminen `stable'-järjestelmään --------------------------------------------------- Tehtäessä `stable'-järjestelmän osittaista päivitystä, paketin rakentaminen uudelleen lähdekoodipaketista nykyisessä ympäristössä on suositeltavaa. Tällä vältetään riippuvuuksista johtuva massiivinen pakettien päivitys. Seuraavat rivit on ensin lisättävä tiedostoon `/etc/apt/sources.list': deb-src http://http.us.debian.org/debian testing \ main contrib non-free deb-src http://http.us.debian.org/debian unstable \ main contrib non-free Tulostussyistä kukin `deb-src'-rivi on jaettu kahdelle riville, mutta tiedostossa `sources.list' kaiken tulisi olla yhdellä rivillä. Tämän jälkeen haetaan lähdekoodi ja tehdään paikallinen paketti: $ apt-get update # päivitä lista lähdekoodipaketeista $ apt-get source $ dpkg-source -x $ cd ... myös paketin vaatimat paketit (Build-Depends .dsc-tiedostossa) tulee asentaa. Myös paketti "fakeroot" tarvitaan. $ dpkg-buildpackage -rfakeroot ...tai (ei allekirjoitusta) $ dpkg-buildpackage -rfakeroot -us -uc # käytä myöhemmin "debsign"-ohjelmaa, jos tarpeen ...Sitten asennus $ su -c "dpkg -i " Yleensä vain muutama "-dev"-päätteinen paketti tarvitaan riippuvuussuhteiden tyydyttämiseen. `debsign' on paketissa `devscripts'. `auto-apt' voi auttaa riippuvuuksien tyydyttämisessä. `fakeroot'-ohjelman käyttö välttää tarpeetonta pääkäyttäjätunnuksen käyttöä. In Woody, these dependency issues can be simplified. For example, to compile a source-only `pine' package: # apt-get build-dep pine # apt-get source -b pine 6.4.11. Paikallinen pakettiarkisto ---------------------------------- APT:n ja `dselect'-järjestelmän kanssa yhteensopivan paikallisen pakettiarkiston luominen vaatii, että luodaan `Packages'-tiedosto ja että pakettitiedostot talletetaan tietynlaiseen hakemistopuuhun. Paikallinen, virallisten Debian-arkistojen kaltainen `deb'-varasto voidaan tehdä seuraavasti: # aptitude install dpkg-dev # cd # install -d # fyysiset paketit sijaitsevat täällä # install -d dists//
/binary- # ls -1 | sed 's/_.*$/
/' | uniq > # editor # määritä ja
# dpkg-scanpackages / \ > dists//
/binary-/Packages # cat > dists//
/Release << EOF Archive: Version: <3.0> Component:
Origin: Label: Architecture: EOF # echo "deb file:
" \ >> /etc/apt/sources.list Vaihtoehtoisesti, nopea karkea versio paikallisesta `deb'-varastosta voidaan tehdä seuraavasti: # aptitude install dpkg-dev # mkdir # mv # dpkg-scanpackages /dev/null | \ gzip - > /Packages.gz # echo "deb file: ./" >> /etc/apt/sources.list Näitä arkistoja voidaan etäkäyttää tarjoamalla pääsy hakemistoihin joko HTTP:llä tai FTP:llä ja vaihtamalla rivejä tiedostossa `/etc/apt/sources.list' tämän mukaisesti. 6.4.12. Vieraiden binääripakettien muuntaminen tai asentaminen -------------------------------------------------------------- `alien' mahdollistaa Red Hat:n `rpm'-, Stampeden `slp'-, Slackwaren `tgz'- ja Solariksen `pkg'-tiedostomuotojen muuntamisen Debianin `deb'-paketeiksi. Näin ollen on mahdollista käyttää `alien'-ohjelmaa toisesta Linux-jakelusta peräisin olevan paketin muuntamiseen haluamaasi pakettiformaattiin ja paketin asentamiseen järjestelmään. `alien' tukee myös LSB-paketteja. 6.4.13. Automaattiasennus-komento --------------------------------- `auto-apt' on tarvittaessa paketteja asentava työkalu. $ sudo auto-apt update ... päivitä tietokanta $ auto-apt -x -y run Entering auto-apt mode: /bin/bash Exit the command to leave auto-apt mode. $ less /usr/share/doc/med-bio/copyright # käytä tiedostoa, jota ei ole ... Asennetaan tiedoston tarjoava paketti. ... Asennetaan myös riippuvuudet 6.4.14. Asennettujen pakettitiedostojen varmennus ------------------------------------------------- `debsums' mahdollistaa asennettujen pakettitiedostojen varmennuksen MD5-tarkistussummia vastaan. Joillekin paketeille ei ole saatavissa MD5-tarkistussummia. Mahdollinen väliaikainen korjaus ylläpitäjille: # cat >>/etc/apt/apt.conf.d/90debsums DPkg::Post-Install-Pkgs {"xargs /usr/bin/debsums -sg";}; ^D tekijänä Joerg Wendland (testaamaton). 6.4.15. `sources.list':n optimointi ----------------------------------- Testattaessa USA:ssa, hienot `sources.list':n optimointiyritykset eivät tuottaneet merkittävää parannusta toimintaan. Tämä tehtiin valitsemalla käsin lähellä oleva sivusto `apt-setup'-ohjelmalla. `apt-spy' luo `sources.list'-tiedoston automaattisesti perustuen saantiviiveisiin ja kaistanleveyteen. `netselect-apt' luo täydellisemmän `sources.list':n, mutta käyttää huonompaa metodia parhaan peilin valitsemiseen (ping-aikojen vertailu). # aptitude install apt-spy # cd /etc/apt ; mv sources.list sources.list.org # apt-spy -d testing -l sources.apt 6.5. Muita Debianin omituisuuksia --------------------------------- 6.5.1. `dpkg-divert' -komento ----------------------------- Tiedostojen _ohjaukset_ ovat tapa pakottaa `dpkg' asentamaan tiedosto muualle kuin sen oletussijaintiin. Ohjauksia voidaan käyttää Debianin pakettiskripteissä tiedoston siirtämiseen, kun se aiheuttaa törmäyksen. Järjestelmän ylläpitäjät voivat myös käyttää ohjauksia paketin asetustiedoston syrjäyttämiseen tai kun `dpkg':n halutaan säilyttävän joitain tiedostoja (joita ei ole merkitty asetustiedostoiksi) asennettaessa uudempaa versiota paketista, joka sisältää kyseiset tiedostot. (Katso Kohta 2.2.4, `Paikallisten asetusten säilyttäminen'). # dpkg-divert [--add] # lisää "ohjaus" # dpkg-divert --remove # poista "ohjaus" Yleensä ohjelman `dpkg-divert' käyttöä kannattaa välttää, jos se ei ole aivan välttämätöntä. 6.5.2. `equivs'-paketti ----------------------- Käännettäessä ohjelmaa lähdekoodista, on parasta tehdä siitä oikea paikallinen Debian-paketti (`*.deb'). Käytä `equivs'-pakettia viimeisenä toivona. Package: equivs Priority: extra Section: admin Description: Circumventing Debian package dependencies This is a dummy package which can be used to create Debian packages, which only contain dependency information. (Debianin pakettiriippuvuuksien kiertäminen Tätä valepakettia voidaan käyttää sellaisten Debian-pakettien luomiseen, jotka sisältävät vain riippuvuussuhdetietoa.) 6.5.3. Vaihtoehtoiset komennot ------------------------------ Komennon `vi' voi määrätä ajamaan ohjelman `vim' ohjelmalla `update-alternatives': # update-alternatives --display vi ... # update-alternatives --config vi Selection Command ----------------------------------------------- 1 /usr/bin/elvis-tiny 2 /usr/bin/vim *+ 3 /usr/bin/nvi Enter to keep the default[*], or type selection number: 2 Debianin vaihtoehtojärjestelmän vaihtoehdot listataan hakemistossa `/etc/alternatives/' symbolisina linkkeinä. X Window -ympäristön voi asettaa käyttämällä `update-alternatives':ia tiedostoihin `/usr/bin/x-session-manager' ja `/usr/bin/x-window-manager'. Lisätietoja löytyy kappaleesta Kohta 9.4.5.1, `Custom X sessions'. `/bin/sh' on suora symbolinen linkki tiedostoon `/bin/bash' tai `/bin/dash'. On turvallisempaa käyttää `/bin/bash':ia, joka on yhteensopiva vanhojen Bashismin saastuttamien skriptien kanssa, mutta POSIX-yhteensopivuuteen vaativan `/bin/dash':n käyttö pakottaa kurinalaisuuteen. Linuxin 2.4-ytimeen päivittäminen tyypillisesti asettaa linkin tiedostoon `/bin/dash'. 6.5.4. Ajotasojen käyttö ------------------------ Asennettaessa useimmat Debian-paketit asettavat palvelunsa ajettaviksi ajotasoilla 2-5. Näin ollen ajotasojen 2, 3, 4 ja 5 välillä ei ole eroja mukauttamattomassa Debian-järjestelmässä. Debian jättää paikallisen ylläpitäjän vastuulle ajotasojen mukauttamisen kappaleen Kohta 2.4.3, `Ajotasojen muokkaaminen' ohjeiden mukaan. Tämä poikkeaa tavasta, jolla ajotasoja käytetään joissain muissa suosituista GNU/Linux-jakeluissa. Yksi mahdollisesti haluttu muutos on `xdm':n tai `gdm':n poistaminen ajotasolta 2, jolloin X-ikkunointijärjestelmä ei käynnisty käynnistyssekvenssin lopuksi. Se voidaan käynnistää vaihtamalla ajotasolle 3. Lisätietoja ajotasoista löytyy kappaleesta Kohta 2.4.2, `Järjestelmän ajotasot'. 6.5.5. Pois päältä kytketyt taustapalvelut ------------------------------------------ Debianin kehittäjät suhtautuvat vakavasti järjestelmän turvallisuuteen. Monet taustapalvelut asennetaan niin, että vain osa palveluista ja ominaisuuksista ovat käytössä. Komento `ps aux' ja tiedostojen `/etc/init.d/*' ja `/etc/inetd.conf' sisältö on tarkistettava, jos on mitään epäilyksiä (Exim:stä, DHCP:stä, ...). Myös `/etc/hosts.deny' kannattaa tarkistaa kuten kappaleessa Kohta 9.2.1, `Restricting logins with PAM'. Myös komento `pidof' on hyödyllinen (katso pidof(8)). X11 ei oletuksena salli (etä-) TCP/IP-yhteksiä uusimmissa Debianin versioissa. Katso Kohta 9.4.6, `Using X over TCP/IP'. SSH:n X-forwarding (X-yhteyksien edelleenvälittäminen) on myös estetty. Katso Kohta 9.4.8, `Connecting to a remote X server -- `ssh''. ------------------------------------------------------------------------------- 7. The Linux kernel under Debian -------------------------------- Debian has its own method of recompiling the kernel and related modules. See also Kohta 2.7, `Debian ja ydin (kernel)'. 7.1. Kernel recompile --------------------- The use of `gcc', `binutils', and `modutils' from Debian `unstable' may help when compiling the latest Linux kernel. See `/usr/share/doc/kernel-package/README.gz', especially the bottom of this, for the official information. Since it is a moving target, kernel compilation is a difficult subject that may confuse even the most admired developer: Manoj Srivastava wrote: `--initrd' requires a Debian-only cramfs patch. Herbert Xu wrote: No it does not, all you have to do to use a filesystem other than CRAMFS is to set MKIMAGE in `/etc/mkinitrd/mkinitrd.conf'. Be careful and always rely on the `/usr/share/doc/kernel-package/README.gz' by Manoj and Kent. Make sure to obtain the latest unstable version of the `kernel-package' package if you are to compile the latest version of the kernel. `initrd' is not needed for a kernel compiled only for one machine. I use it since I want my kernel to be almost the same as the one provided by the kernel-image packages. If you use `initrd', make sure to read mkinitrd(8) and mkinitrd.conf(5). See also http://bugs.debian.org/149236. 7.1.1. Debian standard method ----------------------------- Watch out for bug reports on `kernel-package', `gcc', `binutils', and `modutils'. Use new versions of them as needed. Compiling a custom kernel from source under a Debian system requires special care. Use the new `--append_to_version' with `make-kpkg' to build multiple kernel-images. # apt-get install debhelper modutils kernel-package libncurses5-dev # apt-get install kernel-source-<2.4.18> # use latest version # apt-get install fakeroot # vi /etc/kernel-pkg.conf # input name and email $ cd /usr/src # build directory $ tar --bzip2 -xvf kernel-source-<2.4.18>.tar.bz2 $ cd kernel-source-<2.4.18> # if this is your kernel source $ cp /boot/config-<2.4.18-386> .config # get current config as default $ make menuconfig # customize as one wishes $ make-kpkg clean # must run (per: man make-kpkg) $ fakeroot make-kpkg --append_to_version -<486> --initrd \ --revision= kernel_image \ modules_image # modules_image is for pcmcia-cs* etc. $ cd .. # dpkg -i kernel-image*.deb pcmcia-cs*.deb # install `make-kpkg kernel_image' actually does `make oldconfig' and `make dep'. Do not use `--initrd' if initrd is not used. If one wants to use modules from pcmcia-cs or non of the modules from kernel pcmcia source, one should select "General setup" ---> "PCMCIA/CardBus support" in `make menuconfig' dialogue and set the configuration to "< > PCMCIA/CardBus support" (i.e., uncheck the box). On an SMP machine, set CONCURRENCY_LEVEL according to kernel-pkg.conf(5). 7.1.2. Classic method --------------------- Get pristine sources from: * Linux: http://www.kernel.org/ * pcmcia-cs: http://pcmcia-cs.sourceforge.net/ or use equivalent sources in Debian and do the following: # cd /usr/src # tar xfvz linux-.tar.gz # rm -rf linux # ln -s linux- linux # tar xfvz pcmcia-cs-.tar.gz # ln -s pcmcia-cs- pcmcia # cd linux # make menuconfig ... configure stuff ... # make dep # make bzImage ... edits for lilo / grub ... ... move /usr/src/linux/arch/i386/boot/bzImage to boot ... ... /sbin/lilo or whatever you do for grub # make modules; make modules_install # cd ../pcmcia # make config # make all # make install ... add needed module names to /etc/modules # shutdown -r now ... boot to new kernel ... 7.1.3. Kernel headers --------------------- Most "normal" programs don't need kernel headers and in fact may break if you use them directly; instead they should be compiled against the headers with which _`glibc' was built_, which are the versions in `/usr/include/linux' and `/usr/include/asm' of the Debian system. So do not put symlinks to the directories in `/usr/src/linux' from `/usr/include/linux' and `/usr/include/asm', as suggested by some outdated documents. If you _need_ particular kernel headers for some kernel-specific application programs, alter the makefile(s) so that their include path points to `/include/linux' and `/include/asm'. 7.2. The modularized 2.4 kernel ------------------------------- The new Debian 2.4 kernels provided by `kernel-image-2.4.' are very modularized. You have to make sure those modules are activated to make the kernel function as you intend. Although I have many examples for `/etc/modules' in the following section as a quick fix, I hear that the correct way to fix these module-related issues is to provide an alias for the device in a file in `/etc/modutils/' since there are enough aliases available with current kernels. Some modules may be auto activated by hardware detection programs such as `discover'. See also Kohta 9.4.2, `Hardware detection for X'. See Kohta 2.7.3, `Erityishuomioita modulien käytöstä' and `Documentation/*.txt' in the Linux source for the precise information. 7.2.1. PCMCIA ------------- `/etc/modules' may need to contain the following for some old PCMCIA to function: # ISA PnP driver isa-pnp # New Low level PCMCIA driver # yenta_socket # does not seem to be needed in my case The rest is taken care of by PCMCIA scripts (from the `pcmcia-cs' package), `depmod' and `kmod'. I think I needed `isa-pnp' because my laptop is an old ISA-PCMCIA. Recent laptops with CardBus/PCMCIA may not require this. Voice of the genius Miquel van Smoorenburg : "I simply removed the entire pcmcia stuff from the laptop here at work, including the cardmgr etc and just installed a 2.4 kernel with cardbus support, and the new `hotplug' package from woody. As long as you only have 32-bit cards you don't need the pcmcia package; 2.4 has card services built in. And the standard tulip driver should work fine with your dlink card. ---Mike." See Linux PCMCIA HOWTO (http://www.tldp.org/HOWTO/PCMCIA-HOWTO.html) and Kohta 10.8.5, `Network configuration and PCMCIA'. 7.2.2. SCSI ----------- [NOT TESTED] `/etc/modules' needs to contain the following for SCSI to function: # SCSI core scsi_mod # SCSI generic driver sg # SCSI disk sd_mod # All other needed HW modules ... `depmod' may take care of some of the above modules. 7.2.3. Network function ----------------------- `/etc/modules' needs to contain the following for extra network function: # net/ipv-4 ip_gre ipip # net/ipv-4/netfilter # iptable (in order) ip_tables ip_conntrack ip_conntrack_ftp iptable_nat iptable_filter iptable_mangle # ip_nat_ftp ip_queue # ipt_LOG ipt_MARK ipt_MASQUERADE ipt_MIRROR ipt_REDIRECT ipt_REJECT ipt_TCPMSS ipt_TOS ipt_limit ipt_mac ipt_mark ipt_multiport ipt_owner ipt_state ipt_tcpmss ipt_tos ipt_unclean # #ipchains #ipfwadm The preceding may not be optimized. `depmod' may take care of some of the above modules. 7.2.4. EXT3 filesystem ( > 2.4.17) ---------------------------------- Enabling a journaling filesystem with the EXT3 FS involves the following steps using a Debian precompiled kernel-image ( > 2.4.17) package: # cd /etc; mv fstab fstab.old # sed 's/ext2/ext3,ext2/g' fstab # vi /etc/fstab ... set root filesystem type to "auto" instead of "ext3,ext2" # cd /etc/mkinitrd # echo jbd >>modules # echo ext3 >>modules # echo ext2 >>modules # cd / # apt-get update; apt-get install kernel-image-<2.4.17-686-smp> ... install latest kernel and set up boot (lilo is run here) # tune2fs -j -i 0 # tune2fs -j -i 0 ... For all EXT2 FS's converted to EXT3 # shutdown -r now Now EXT3 journaling is enabled. Using `ext3,ext2' as the `fstab' "type" entry ensures safe fallback to EXT2 if the kernel does not support EXT3 for non-root partitions. If you have previously installed a 2.4 kernel and do not wish to reinstall, perform the above steps up to the `apt-get' commands, then: # mkinitrd -o /boot/initrd.img-<2.4.17-686-smp> /lib/modules/<2.4.17-686-smp> # lilo # tune2fs -j -i 0 # tune2fs -j -i 0 ... for all EXT2 FS's converted to EXT3 # shutdown -r now Now EXT3 journaling is enabled. If `/etc/mkinitrd/modules' was not set when `mkinitrd' was run and you would like to add some modules at boot time: ... at initrd prompt to gain shell (5 sec.), type RETURN # insmod jbd # insmod ext3 # modprobe ext3 may take care of everything # insmod ext2 # ^D ... continue booting At the system boot screen (`dmesg'), "cramfs: wrong magic" may appear but this is known to be harmless. This issue has been resolved in Sarge (2002/10). See http://bugs.debian.org/135537 and the EXT3 File System mini-HOWTO (http://www.zip.com.au/~akpm/linux/ext3/ext3-usage.html) or `/usr/share/doc/HOWTO/en-txt/mini/extra/ext3-mini-HOWTO.gz' for more information. Some systems are reported to experience severe kernel lockup if EXT3 is enabled but I had no problem (as of 2.4.17). 7.2.5. Realtek RTL-8139 support in 2.4 -------------------------------------- For whatever reason, the RTL-8139 support module is no longer called rtl8139, it's now called 8139too. Just edit your `/etc/modules' to reflect this change when upgrading a 2.2 kernel to a 2.4 kernel. 7.2.6. Parallel port support ---------------------------- For `kernel-image-2.4.*', parallel port support is provided as a module. Enable it by: # modprobe lp # echo lp >> /etc/modules See `Documentation/parport.txt' in the Linux source. 7.3. Tuning the kernel through the proc filesystem -------------------------------------------------- The behavior of the Linux kernel can be changed on the fly using the proc filesystem. For basic information on changing kernel parameters through the `/proc' filesystem, read `Documentation/sysctl/*' in the Linux source. See some examples of kernel parameter manipulations in `/etc/init.d/networking' and Kohta 3.8.5, `Strange access problems with some websites'. See sysctl.conf(5) for how to set up the boot time kernel configuration through `/proc' filesystem with `/etc/init.d/procps.sh' script usually run from `/etc/rcS.d/S30procps.sh'. 7.3.1. Too many open files -------------------------- The Linux kernel may complain "Too many open files". This is due to the small default value (8096) for `file-max'. To fix this problem, run the following command as root: # echo "65536" > /proc/sys/fs/file-max # for 2.2 and 2.4 kernel # echo "131072" > /proc/sys/fs/inode-max # for 2.2 kernel only or put the following into `/etc/sysctl.conf' for the permanent change: file-max=65536 # for 2.2 and 2.4 kernel inode-max=131072 # for 2.2 kernel only 7.3.2. Disk flush intervals --------------------------- You can change disk flush intervals through the proc filesystem. The following will shorten its interval from the default five seconds to one second. # echo "40 0 0 0 100 30000 60 0 0" > /proc/sys/vm/bdflush This may negatively impact file I/O performance a little bit. But this secures file contents except for the last one second which is shorter than the default five seconds. This is true even for journaling filesystems. 7.3.3. Sluggish old low memory machines --------------------------------------- For some old low memory systems, it may still be useful to enable over-commit of memory through the proc filesystem: # echo 1 > /proc/sys/vm/overcommit_memory 7.4. The 2.6 kernel with udev ----------------------------- The udev is a dynamic replacement for `/dev/'. Device names can be chosen to be very short ones. The devfs used in the 2.4 kernel is now obsolete. Installing the new Debian 2.6 kernel provided by `kernel-image-2.6.' with `udev' package will enable this. ------------------------------------------------------------------------------- 8. Debian tips -------------- 8.1. Booting the system ----------------------- See the LDP BootPrompt-HOWTO (http://www.tldp.org/HOWTO/BootPrompt-HOWTO.html) for detailed information on the boot prompt. 8.1.1. "I forgot the root password!" (1) ---------------------------------------- It is possible to boot a system and log on to the root account without knowing the root password as long as one has access to the console keyboard. (This assumes there are no password requests from the BIOS or from a boot loader such as `lilo' that would prevent one from booting the system.) This is a procedure which requires no external boot disks and no change in BIOS boot settings. Here, "Linux" is the label for booting the Linux kernel in the default Debian install. At the `lilo' boot screen, as soon as `boot:' appears (you must press a shift key at this point on some systems to prevent automatic booting and when `lilo' uses the framebuffer you have to press TAB to see the options you type), enter: boot: Linux init=/bin/sh This causes the system to boot the kernel and run `/bin/sh' instead of its standard `init'. Now you have gained root privileges and a root shell. Since `/' is currently mounted read-only and many disk partitions have not been mounted yet, you must do the following to have a reasonably functioning system. init-2.03# mount -n -o remount,rw / init-2.03# mount -avt nonfs,noproc,nosmbfs init-2.03# cd /etc init-2.03# vi passwd init-2.03# vi shadow (If the second data field in `/etc/passwd' is "x" for every username, your system uses shadow passwords, and you must edit `/etc/shadow'.) To disable the root password, edit the second data field in the password file so that it is empty. Now the system can be rebooted and you can log on as root without a password. When booting into runlevel 1, Debian (at least after Potato) requires a password, which some older distributions did not. It is a good idea to have a minimal editor in `/bin/' in case `/usr/' is not accessible (see Kohta 11.2, `Rescue editors'). Also consider installing the `sash' package. When the system becomes unbootable, execute: boot: Linux init=/bin/sash `sash' serves as an interactive substitute for `sh' even when `/bin/sh' is unusable. It's statically linked, and includes many standard utilities as built-ins (type "help" at the prompt for a reference list). 8.1.2. "I forgot the root password!" (2) ---------------------------------------- Boot from any emergency boot/root disk set. If `' is the original root partition, the following will let one edit the password file just as easily as the above. # mkdir # mount # cd /etc # vi shadow # vi passwd The advantage of this approach over the previous method is one does not need to know the `lilo' password (if any). But to use it one must be able to access the BIOS setup to allow the system to boot from floppy disk or CD, if that is not already set. 8.1.3. Cannot boot the system ----------------------------- No problem, even if you didn't bother to make a boot disk during install. If `lilo' is broken, grab the boot disk from the Debian installation set and boot your system from it. At the boot prompt, assuming the root partition of your Linux installation is on `' and you want runlevel 3, enter: boot: rescue root= 3 Then you are booted into an almost fully functional system using the kernel on the floppy. (There may be minor glitches due to lack of kernel features or modules.) See also Kohta 6.3.6, `Paketin asentaminen käynnistyskelvottomana järjestelmään' if you have a broken system. If you need a custom boot floppy, follow `readme.txt' on the rescue disk. 8.1.4. "Let me disable X on boot!" ---------------------------------- Chasing `unstable/sid' is fun, but buggy `xdm', `gdm', `kdm', and `wdm' started during the boot process can bite you bad. First get the root shell by entering the following at the boot prompt: boot: vga=normal s Here, is the label for the kernel image you are booting; "vga=normal" will make sure `lilo' runs in normal VGA screen, and "s" (or "S") is the parameter passed to `init' to invoke single-user mode. Enter the root password at the prompt. There are few ways to disable all the X starting daemons: * run `update-rc.d -f dm remove' ; `update-rc.d dm stop 99 1 2 3 4 5 6 .' * insert "exit 0" at the start of all `/etc/init.d/dm' files. * rename all `/etc/rc<2>.d/S99dm' files to `/etc/rc2.d/K99dm'. * remove all `/etc/rc<2>.d/S99dm' files. * run `:>/etc/X11/default-display-manager' Here, number in `rc<2>.d' must correspond to the runlevel specified in the `/etc/inittab'. Also `dm' means that you need to run the command multiple times by substituting it with all of the `xdm', `gdm', `kdm', and `wdm'. Only the first one in the list is "the one true way" in Debian. The last one is easy but only works on Debian and requires you to set the display manager again later using `dpkg-reconfigure'. Others are generic methods to disable daemons. You can still start X with the `startx' command from any console shell. 8.1.5. Other boot tricks with the boot prompt --------------------------------------------- The system can be booted into a particular runlevel and configuration using the `lilo' boot prompt. Details are given in the BootPrompt-HOWTO (http://www.tldp.org/HOWTO/BootPrompt-HOWTO.html) (LDP). If you want to boot the system into runlevel 4, use the following input at the `lilo' boot prompt. boot: Linux 4 If you want to boot the system into normally functioning single-user mode and you know the root password, one of the following examples at the `lilo' boot prompt will work. boot: Linux S boot: Linux 1 boot: Linux -s If you want to boot the system with less memory than system actually has (say 48MB for a system with 64MB), use this input at the `lilo' boot prompt: boot: Linux mem=48M Make sure not to specify more than the actual memory size here, otherwise the kernel will crash. If one has more than 64MB of memory, e.g. 128MB, unless one executes `mem=128M' at the boot prompt or includes a similar append line in `/etc/lilo.conf', old kernels and/or a motherboard with an old BIOS will not use memory beyond 64MB. 8.1.6. Setting GRUB boot parameters ----------------------------------- GRUB is a new boot manager from the GNU Hurd project and is much more flexible than Lilo but has slightly different handling of boot parameters. grub> find /vmlinuz grub> root (hd0,0) grub> kernel /vmlinuz root=/dev/hda1 grub> initrd /initrd grub> boot Here, you must be aware of the Hurd device names: the Hurd/GRUB Linux MSDOS/Windows (fd0) /dev/fd0 A: (hd0,0) /dev/hda1 C: (usually) (hd0,3) /dev/hda4 F: (usually) (hd1,3) /dev/hdb4 ? See `/usr/share/doc/grub/README.Debian.gz' and `/usr/share/doc/grub-doc/html/' for details. 8.2. Recording activities ------------------------- 8.2.1. Recording shell activities --------------------------------- System administration involves much more elaborate tasks in a Unix environment than in an ordinary personal computer environment. Make sure to know the most basic means of configuration in case you need to recover from system trouble. X11-based GUI configuration tools look nice and convenient but are often unsuitable in these emergency situations. In this context, recording shell activities is a good practice, especially as root. Emacs: Use M-x `shell' to start recording into a buffer, and use C-x C-w to write the buffer to a file. Shell: Use the `screen' command with "^A H" as described in Kohta 8.6.28, `Console switching with `screen''; or use the `script' command. $ script Script started, file is typescript ... do whatever ... Ctrl-D $ col -bx savefile $ vi savefile The following can be used instead of `script': $ bash -i 2>&1 | tee typescript 8.2.2. Recording X activities ----------------------------- If you need to record the graphic image of an X application, including an `xterm' display, use `gimp' (GUI). It can capture each window or the whole screen. Alternatives are `xwd' (`xbase-clients'), `import' (`imagemagick'), and `scrot' (`scrot'). 8.3. Copy and archive a whole subdirectory ------------------------------------------ These copy and archive commands provide basics for the backup of the system and the data. An example of simple backup script is provided as `backup' in the example scripts (http://www.debian.org/doc/manuals/debian-reference/examples/). 8.3.1. Basic commands for copying a whole subdirectory ------------------------------------------------------ If you need to rearrange file structure, move content including file links by: Standard method: # cp -a /source/directory /dest/directory # requires GNU cp # (cd /source/directory && tar cf - . ) | \ (cd /dest/directory && tar xvfp - ) If a hard link is involved, a pedantic method is needed: # cd /path/to/old/directory # find . -depth -print0 | afio -p -xv -0a /mount/point/of/new/directory If remote: # (cd /source/directory && tar cf - . ) | \ ssh user@host.dom (cd /dest/directory && tar xvfp - ) If there are no linked files: # scp -pr user1@host1.dom:/source/directory \ user2@host2.dom:/dest/directory Here, `scp' <==> `rcp' and `ssh' <==> `rsh'. The following comparative information on copying a whole subdirectory was presented by Manoj Srivastava to debian-user@lists.debian.org. 8.3.2. `cp' ----------- Traditionally, `cp' was not really a candidate for this task since it did not dereference symbolic links, or preserve hard links either. Another thing to consider was sparse files (files with holes). GNU `cp' has overcome these limitations; however, on a non-GNU system, `cp' could still have problems. Also, you can't generate small, portable archives using `cp'. % cp -a . newdir 8.3.3. `tar' ------------ Tar overcame some of the problems that `cp' had with symbolic links. However, although `cpio' handles special files, traditional `tar' doesn't. `tar''s way of handling multiple hard links to a file places only one copy of the link on the tape, but the name attached to that copy is the _only_ one you can use to retrieve the file; `cpio''s way puts one copy for every link, but you can retrieve it using any of the names. The `tar' command changed its option for `.bz2' files between Potato and Woody, so use `--bzip2' in scripts instead of its short form `-I' (Potato) or `-j' (Woody). 8.3.4. `pax' ------------ The new, POSIX (IEEE Std 1003.2-1992, pages 380--388 (section 4.48) and pages 936--940 (section E.4.48)), all-singing, all-dancing, Portable Archive Interchange utility. `pax' will read, write, and list the members of an archive file, and will copy directory hierarchies. `pax' operation is independent of the specific archive format, and supports a wide variety of different archive formats. `pax' implementations are still new and wet behind the ears. # apt-get install pax $ pax -rw -p e . newdir or $ find . -depth | pax -rw -p e newdir 8.3.5. `cpio' ------------- `cpio' copies files into or out of a `cpio' or `tar' archive. The archive can be another file on the disk, a magnetic tape, or a pipe. $ find . -depth -print0 | cpio --null --sparse -pvd new-dir 8.3.6. `afio' ------------- `afio' is a better way of dealing with `cpio'-format archives. It is generally faster than `cpio', provides more diverse magnetic tape options and deals somewhat gracefully with input data corruption. It supports multivolume archives during interactive operation. `afio' can make compressed archives that are much safer than compressed `tar' or `cpio' archives. `afio' is best used as an "archive engine" in a backup script. $ find . -depth -print0 | afio -px -0a new-dir All my backups onto tape use `afio'. 8.4. Differential backup and data synchronization ------------------------------------------------- Differential backup and data synchronization can be implemented with several methods: * `rcs': backup and history, text-only * `rdiff-backup': backup and history. symlink OK. * `pdumpfs': backup and history within a filesystem. symlink OK * `rsync': 1-way synchronization * `unison': 2-way synchronization * `cvs': multi-way synchronization with server backup and history, text-only, mature. See Kohta 12.1, `Concurrent Versions System (CVS)'. * `arch': multi-way synchronization with server backup and history, no such thing as a "working directory". * `subversion': multi-way synchronization with server backup and history, Apache. Combination of one of these with the archiving method described in Kohta 8.3, `Copy and archive a whole subdirectory' and the automated regular job described in Kohta 8.6.27, `Schedule activity (`cron', `at')' will make a nice backup system. I will explain three easy-to-use utilities. 8.4.1. Differential backup with rdiff ------------------------------------- `rdiff-backup' offers nice and simple backup with differential history for any types of files, including symlinks. To back up most of `~/' to `/mnt/backup': $ rdiff-backup --include ~/tmp/keep --exclude ~/tmp ~/ /mnt/backup To restore three-day-old data from this archive to `~/old': $ rdiff-backup -r 3D /mnt/backup ~/old See rdiff-backup(1). 8.4.2. Daily backup with `pdumpfs' ---------------------------------- `pdumpfs' is a simple daily backup system similar to Plan9's `dumpfs' which preserves every daily snapshot. You can access the past snapshots at any time for retrieving a certain day's file. Let's backup your home directory with `pdumpfs' and `cron'! `pdumpfs' constructs the snapshot `YYYY/MM/DD' in the destination directory. All source files are copied to the snapshot directory when `pdumpfs' is run for the first time. On and after the second time, `pdumpfs' copies only updated or newly created files and stores unchanged files as hard links to the files of the previous day's snapshot in order to save disk space. $ pdumpfs [] See pdumpfs(8). 8.4.3. Regular differential backup with RCS ------------------------------------------- `Changetrack' will record changes to the text-based configuration files in RCS archives regularly. See changetrack(1). # apt-get install changetrack # vi changetrack.conf 8.5. System freeze recovery --------------------------- 8.5.1. Kill a process --------------------- Run `top' to see what process is acting funny. Press `P' to sort by CPU usage, `M' to sort by memory, and `k' to kill a process. Alternatively, BSD-style `ps aux | less' or System-V-style `ps -efH | less' may be used. The System-V-style syntax displays parent process IDs (`PPID') which can be used for killing zombie (defunct) children. Use `kill' to kill (or send a signal to) a process by process ID, `killall' to do the same by process command name. Frequently used signals: 1: HUP, restart daemon 15: TERM, normal kill 9: KILL, kill hard 8.5.2. Alt-SysRq ---------------- Insurance against system malfunction is provided by the kernel compile option "Magic SysRq key". Pressing Alt-SysRq on an i386, followed by one of the keys `r 0 k e i s u b', does the magic. Un`r'aw restores the keyboard after things like X crashes. Changing the console loglevel to `0' reduces error messages. sa`k' (system attention key) kills all processes on the current virtual console. t`e'rminate kills all processes on the current terminal except `init'. k`i'll kills all processes except `init'. `S'ync, `u'mount, and re`b'oot are for getting out of really bad situations. Debian default installation kernels are not compiled with this option at the time this document is written. Recompile the kernel to activate this function. Detailed information is in `/usr/share/doc/kernel-doc-/Documentation/sysrq.txt.gz' or `/usr/src//Documentation/sysrq.txt.gz'. 8.6. Nifty little commands to remember -------------------------------------- 8.6.1. Pager ------------ `less' is the default pager (file content browser). Hit `h' for help. It can do much more than `more'. `less' can be supercharged by executing `eval $(lesspipe)' or `eval $(lessfile)' in the shell startup script. See more in `/usr/share/doc/lessf/LESSOPEN'. The `-R' option allows raw character output and enables ANSI color escape sequences. See less(1). `w3m' may be a useful alternative pager for some code systems (EUC). 8.6.2. Free memory ------------------ `free' and `top' give good information on memory resources. Do not worry about the size of "used" in the "Mem:" line, but read the one under it (38792 in the example below). $ free -k # for 256MB machine total used free shared buffers cached Mem: 257136 230456 26680 45736 116136 75528 -/+ buffers/cache: 38792 218344 Swap: 264996 0 264996 The exact amount of physical memory can be confirmed by `grep '^Memory' /var/log/dmesg', which in this case gives "Memory: 256984k/262144k available (1652k kernel code, 412k reserved, 2944k data, 152k init)". Total = 262144k = 256M (1k=1024, 1M=1024k) Free to dmesg = 256984k = Total - kernel - reserved - data - init Free to shell = 257136k = Total - kernel - reserved - data About 5MB is not usable by the system because the kernel uses it. 8.6.3. Set time (BIOS) ---------------------- # date MMDDhhmmCCYY # hwclock --utc --systohc # hwclock --show This will set system and hardware time to MM/DD hh:mm, CCYY. Times are displayed in local time but hardware time uses UTC. If the hardware (BIOS) time is set to GMT, change the setting to `UTC=yes' in the `/etc/default/rcS'. 8.6.4. Set time (NTP) --------------------- Reference: Managing Accurate Date and Time HOWTO (http://www.tldp.org/HOWTO/TimePrecision-HOWTO/index.html). 8.6.4.1. Set time with permanent Internet connection ---------------------------------------------------- Set system clock to the correct time automatically via a remote server: # ntpdate This is good to have in `/etc/cron.daily/' if your system has a permanent Internet connection. 8.6.4.2. Set time with sporadic Internet connection --------------------------------------------------- Use the `chrony' package. 8.6.5. How to control console features such as the screensaver -------------------------------------------------------------- For disabling the screensaver, use following commands. In the Linux console: # setterm -powersave off Start the kon2 (kanji) console with: # kon -SaveTime 0 While running X: # xset s off or # xset -dpms or # xscreensaver-command -prefs Read the corresponding manpages for controlling other console features. See also stty(1) for changing and printing terminal line settings. 8.6.6. Search administrative database ------------------------------------- Glibc offers getent(1) for searching entries from administrative databases, i.e., passwd, group, hosts, services, protocols, or networks. getent database [key ...] 8.6.7. Disable sound (beep) --------------------------- One can always unplug the PC speaker. ;-) For the Bash shell: echo "set bell-style none">> ~/.inputrc 8.6.8. Error messages on the console screen ------------------------------------------- In order to quiet on-screen error messages, the first place to check is `/etc/init.d/klogd'. Set `KLOGD="-c <3>"' in this script and run `/etc/init.d/klogd restart'. An alternative method is to run `dmesg -n<3>'. Here error levels mean: * 0: KERN_EMERG, system is unusable * 1: KERN_ALERT, action must be taken immediately * 2: KERN_CRIT, critical conditions * 3: KERN_ERR, error conditions * 4: KERN_WARNING, warning conditions * 5: KERN_NOTICE, normal but significant condition * 6: KERN_INFO, informational * 7: KERN_DEBUG, debug-level messages If one particular useless error message bothers you a lot, consider making a trivial kernel patch like `shutup-abit-bp6' (available in the examples subdirectory (http://www.debian.org/doc/manuals/debian-reference/examples/)). Another place to look may be `/etc/syslog.conf'; check to see whether any messages are logged to a console device. 8.6.9. Set console to the correct type -------------------------------------- Console screens in Unix-like systems are usually accessed using (n)curses library routines. These give the user a terminal-independent method of updating character screens with reasonable optimization. See ncurses(3X) and terminfo(5). On a Debian system, there are quite a lot of predefined entries: $ toe | less # all entries $ toe /etc/terminfo/ | less # user reconfigurable entries Export your selection as environment variable `TERM'. If the terminfo entry for `xterm' doesn't work with a non-Debian `xterm', change your terminal type from "xterm" to one of the feature-limited versions such as "xterm-r6" when you log in to a Debian system remotely. See `/usr/share/doc/libncurses5/FAQ' for more. "dumb" is the lowest common denominator for terminfo. 8.6.10. Get the console back to a sane state -------------------------------------------- When the screen goes berserk after `cat ' (you may not be able to see the command echoed as you type): $ reset 8.6.11. Convert a text file from DOS to Unix style -------------------------------------------------- Convert a DOS text file (end-of-line = `^M^J') to a Unix text file (end-of-line = `^J'). # apt-get install sysutils $ dos2unix 8.6.12. Convert a text file with `recode' ----------------------------------------- Following will convert text files between DOS, Mac, and Unix line ending styles: $ recode /cl../cr < > $ recode /cr.. < > $ recode ../cl < > Free `recode' converts files between various character sets and surfaces with: $ recode /../ \ < > Common character sets used are (see also Kohta 9.7.3, `Introduction to locales') [1] : * `us' --- ASCII (7 bits) * `l1' --- ISO Latin-1 (ISO-8859-1, Western Europe, 8 bits) * `EUCJP' --- EUC-JP for Japanese (Unix) * `SJIS' --- Shift-JIS for Japanese (Microsoft) * `ISO2022JP' --- Mail encoding for Japanese (7 bits) * `u2' --- UCS-2 (Universal Character Set, 2 bytes) * `u8' --- UTF-8 (Universal Transformation Format, 8 bits) Common surfaces used are [2] : * `/cr' --- Carriage return as end of line (Mac text) * `/cl' --- Carriage return line feed as end of line (DOS text) * `/' --- Line feed as end of line (Unix text) * `/d1' --- Human readable bytewise decimal dump * `/x1' --- Human readable bytewise hexidecimal dump * `/64' --- Base64 encoded text * `/QP' --- Quoted-Printable encoded text For more, see pertinent description in the `info recode'. There are also more specialized conversion tools: * character set conversion: * `iconv' --- locale encoding conversions * `konwert' --- fancy encoding conversions * binary file conversion: * `uuencode' and `uudecode' --- for Unix. * `mimencode' --- for the mail. [1] `recode' allows more convenient aliases than `iconv'. [2] End of lines: * Carriage return means ASCII 13, ASCII 0xD, ^M, or \r . * Line feed means ASCII 10, ASCII 0xA, ^J, or \n . 8.6.13. Regular-expression substitution --------------------------------------- Replace all instances of with in all of the files ...: $ perl -i -p -e 's///g;' ... `-i' is for "in-place editing", `-p' is for "implicit loop over ...". If the substitution is complex, you can make recovery from errors easier by using the parameter `-i.bak' instead of `-i'; this will keep each original file, adding `.bak' as a file extension. 8.6.14. Edit a file in place using a script ------------------------------------------- The following script will remove lines 5--10 and lines 16--20 in place. #!/bin/bash ed $1 < or depending on the file location: $ diff -u > $ diff -u > The diff file (alternatively called patch file) is used to send a program update. The receiving party will apply this update to another by: $ patch -p0 < $ patch -p1 < If you have three versions of source code, you can merge them more effectively using `diff3': $ diff3 -m > 8.6.16. Convert a large file into small files --------------------------------------------- $ split -b 650m # split file into 650MB chunks $ cat x* > # merge files into 1 large file 8.6.17. Extract data from text file table ----------------------------------------- Let's consider a text file called `DPL' in which all previous Debian project leader's names and their initiation days are listed in a space-separated format. Ian Murdock August 1993 Bruce Perens April 1996 Ian Jackson January 1998 Wichert Akkerman January 1999 Ben Collins April 2001 Bdale Garbee April 2002 Martin Michlmayr March 2003 Awk is frequently used to extract data from these types of files. $ awk '{ print $3 }' , , and combined. Be careful about using this shell IFS tricks. Strange things may happen, when shell interprets some parts of the script as its _input_. $ IFS=":," # use ":" and "," as IFS $ echo IFS=$IFS, IFS="$IFS" # echo is a Bash built-in IFS= , IFS=:, $ date -R # just a command output Sat, 23 Aug 2003 08:30:15 +0200 $ echo $(date -R) # sub shell --> input to main shell Sat 23 Aug 2003 08 30 36 +0200 $ unset IFS # reset IFS to the default $ echo $(date -R) Sat, 23 Aug 2003 08:30:50 +0200 8.6.18. Script snippets for piping commands ------------------------------------------- The following scripts will do nice things as a part of a pipe. find /usr | egrep -v "/usr/var|/usr/tmp|/usr/local" # find all files in /usr excluding some files xargs -n 1 # run command for all items from stdin xargs -n 1 echo | # split white-space-separated items into lines xargs echo | # merge all lines into a line grep -e | # extract lines containing cut -d: -f3 -| # extract third field separated by : (passwd file etc.) awk '{ print $3 }' | # extract third field separated by whitespaces awk -F'\t' '{ print $3 }' | # extract third field separated by tab col -bx | # remove backspace and expand tabs to spaces expand -| # expand tabs sort -u| # sort and remove duplicates tr '\n' ' '| # concatenate lines into one line tr '\r' ''| # remove CR tr 'A-Z' 'a-z'| # convert uppercase to lowercase sed 's/^/# /'| # make each line a comment sed 's/\<.ext>//g'| # remove <.ext> sed -n -e 2p| # print the second line head -n 2 -| # print the first 2 lines tail -n 2 -| # print the last 2 lines 8.6.19. Script snippets for looping over each file -------------------------------------------------- The following ways of looping over each file matching `*.' ensures proper handling of funny file names such as ones with spaces and performs equivalent process: * Shell loop (This example is multi line style with `PS2=" "' . To do the same in one line, you insert a semicolon for each line break.): for in *.; do if test -f "$"; then "$" fi done * `find' and `xargs' combination: find . -type f -maxdepth 1 -name '*.' -print0 | \ xargs -0 -n 1 * `find' with `-exec' option with a command: find . -type f -maxdepth 1 -name '*.' \ -exec '{}' \; * `find' with `-exec' option with a short shell script: find . -type f -maxdepth 1 -name '*.' \ -exec sh -c " '{}' && echo 'successful'" \; 8.6.20. Perl short script madness --------------------------------- Although any Awk scripts can be automatically rewritten in Perl using a2p(1), one-liner Awk scripts are best converted to one-liner perl scripts manually. For example awk '($2=="1957") { print $3 }' | is equivalent to any one of the following lines: perl -ne '@f=split; if ($f[1] eq "1957") { print "$f[2]\n"}' | perl -ne 'if ((@f=split)[1] eq "1957") { print "$f[2]\n"}' | perl -ne '@f=split; print $f[2] if ( $f[1]==1957 )' | perl -lane 'print $F[2] if $F[1] eq "1957"' | Since all the whitespace in the arguments to `perl' in the line above can be removed, and taking advantage of the automatic conversions between numbers and strings in Perl: perl -lane 'print$F[2]if$F[1]eq+1957' | See perlrun(1) for the command-line options. For more crazy Perl scripts, http://perlgolf.sourceforge.net may be interesting. 8.6.21. Get text or a mailing list archive from a web page ---------------------------------------------------------- The following will read a web page into a text file. Very useful when copying configurations off the Web. $ lynx -dump http:// > `links' and `w3m' can be used here, too, with slight differences in rendering. If this is a mailing list archive, use `munpack' to obtain mime contents from text. 8.6.22. Pretty print a web page ------------------------------- The following will print a web page into a PostScript file/printer. $ apt-get install html2ps $ html2ps | lpr See Kohta 3.6.1, ``lpr'/`lpd''. Also check `a2ps' and `mpage' packages for creating PostScript files. 8.6.23. Pretty print a manual page ---------------------------------- The following will print a manual page into a PostScript file/printer. $ man -Tps | lpr $ man -Tps | mpage -2 | lpr 8.6.24. Merge two PostScript or PDF files ----------------------------------------- You can merge two PostScript or PDF files. $ gs -q -dNOPAUSE -dBATCH -sDEVICE=pswrite \ -sOutputFile= -f $ gs -q -dNOPAUSE -dBATCH -sDEVICE=pdfwrite \ -sOutputFile= -f 8.6.25. Time a command ---------------------- Display time used by a process. # time >/dev/null real 0m0.035s # time on wall clock (elapsed real time) user 0m0.000s # time in user mode sys 0m0.020s # time in kernel mode 8.6.26. `nice' command ---------------------- Use `nice' (from the GNU `shellutils' package) to set a command's nice value when starting. `renice' (`bsdutils') and `top' can renice a process. A nice value of 19 represents the slowest (lowest priority) process; negative values are "not-nice", with -20 being a very fast (high priority) process. Only the superuser can set negative nice values. # nice -19 # very nice # nice --20 # very fast Sometimes an extreme nice value does more harm than good to the system. Use this command carefully. 8.6.27. Schedule activity (`cron', `at') ---------------------------------------- Use `cron' and `at' to schedule tasks under Linux. See at(1), crontab(5), crontab(8). Run the command `crontab -e' to create or edit a crontab file to set up regularly scheduled events. Example of a crontab file: # use /bin/sh to run commands, no matter what /etc/passwd says SHELL=/bin/sh # mail any output to `paul', no matter whose crontab this is MAILTO=paul # Min Hour DayOfMonth Month DayOfWeek command (Day... are OR'ed) # run at 00:05, every day 5 0 * * * $HOME/bin/daily.job >> $HOME/tmp/out 2>&1 # run at 14:15 on the first of every month -- output mailed to paul 15 14 1 * * $HOME/bin/monthly # run at 22:00 on weekdays(1-5), annoy Joe. % for newline, last % for cc: 0 22 * * 1-5 mail -s "It's 10pm" joe%Joe,%%Where are your kids?%.%% 23 */2 1 2 * echo "run 23 minutes after 0am, 2am, 4am ..., on Feb 1" 5 4 * * sun echo "run at 04:05 every sunday" # run at 03:40 on the first Monday of each month 40 3 1-7 * * [ "$(date +%a)" == "Mon" ] && command -args Run the `at' command to schedule a one-time job: $ echo ''| at 3:40 monday 8.6.28. Console switching with `screen' --------------------------------------- The `screen' program allows you to run multiple virtual terminals, each with its own interactive shell, on a single physical terminal or terminal emulation window. Even if you use Linux virtual consoles or multiple `xterm' windows, it is worth exploring `screen' for its rich feature set, which includes * scrollback history, * copy-and-paste, * output logging, * digraph entry, and * the ability to _detach_ an entire `screen' session from your terminal and reattach it later. 8.6.28.1. Remote access scenario -------------------------------- If you frequently log on to a Linux machine from a remote terminal or using a VT100 terminal program, `screen' will make your life much easier with the _detach_ feature. 1. You are logged in via a dialup connection, and are running a complex `screen' session with editors and other programs open in several windows. 2. Suddenly you need to leave your terminal, but you don't want to lose your work by hanging up. 3. Simply type `^A d' to _detach_ the session, then log out. (Or, even quicker, type `^A DD' to have `screen' detach and log you out itself.) 4. When you log on again later, enter the command `screen -r', and `screen' will magically _reattach_ all the windows you had open. 8.6.28.2. Typical `screen' commands ----------------------------------- Once you start `screen', all keyboard input is sent to your current window except for the command keystroke, by default `^A'. All `screen' commands are entered by typing `^A' plus a single key [plus any parameters]. Useful commands: ^A ? show a help screen (display key bindings) ^A c create a new window and switch to it ^A n go to next window ^A p go to previous window ^A <0> go to window number <0> ^A w show a list of windows ^A a send a Ctrl-A to current window as keyboard input ^A h write a hardcopy of current window to file ^A H begin/end logging current window to file ^A ^X lock the terminal (password protected) ^A d detach screen session from the terminal ^A DD detach screen session and log out This is only a small subset of `screen''s commands and features. If there's something you want `screen' to be able to do, chances are it can! See screen(1) for details. 8.6.28.3. Backspace and/or Ctrl-H in `screen' session ----------------------------------------------------- If you find that backspace and/or Ctrl-H do not work properly when you are running `screen', edit `/etc/screenrc', find the line reading bindkey -k kb stuff "\177" and comment it out (i.e., add "#" as the first character). 8.6.28.4. Equivalent program to `screen' for X ---------------------------------------------- Check out `xmove'. See xmove(1). 8.6.29. Network testing basics ------------------------------ Install `netkit-ping', `traceroute', `dnsutils', `ipchains' (for 2.2 kernel), `iptables' (for 2.4 kernel), and `net-tools' packages and: $ ping # check Internet connection $ traceroute # trace IP packets $ ifconfig # check host config $ route -n # check routing config $ dig <[@dns-server.com] host.dom [{a|mx|any}]> |less # check DNS records by # for a <{a|mx|any}> record $ ipchains -L -n |less # check packet filter (2.2 kernel) $ iptables -L -n |less # check packet filter (2.4 kernel) $ netstat -a # find all open ports $ netstat -l --inet # find listening ports $ netstat -ln --tcp # find listening TCP ports (numeric) 8.6.30. Flush mail from local spool ----------------------------------- To flush mail from the local spool: # exim -q # flush waiting mail # exim -qf # flush all mail # exim -qff # flush even frozen mail `-qff' may be better as an option in the `/etc/ppp/ip-up.d/exim' script. For Sarge, replace `exim' with `exim4'. 8.6.31. Remove frozen mail from local spool ------------------------------------------- To remove frozen mail from the local spool with a delivery error message: # exim -Mg `mailq | grep frozen | awk '{ print $3 }'` For Sarge, replace `exim' with `exim4'. 8.6.32. Redeliver `mbox' contents --------------------------------- You need to manually deliver mails to the sorted mailboxes in your home directory from `/var/mail/' if your home directory became full and `procmail' failed. After making disk space in the home directory, run: # /etc/init.d/exim stop # formail -s procmail # /etc/init.d/exim start For Sarge, replace `exim' with `exim4'. 8.6.33. Clear file contents --------------------------- In order to clear the contents of a file such as a logfile, do not use `rm' to delete the file and then create a new empty file, because the file may still be accessed in the interval between commands. The following is the safe way to clear the contents of the file. $ :> 8.6.34. Dummy files ------------------- The following commands will create dummy or empty files: $ dd if=/dev/zero of= bs=1k count=5 # 5KB of zero content $ dd if=/dev/urandom of= bs=1M count=7 # 7MB of random content $ touch # create 0B file (if file exists, updates mtime) For example, the following commands executed from the shell of the Debian boot floppy will erase all the content of the hard disk `/dev/hda' completely for most practical uses. # dd if=/dev/urandom of=/dev/hda ; dd if=/dev/zero of=/dev/hda 8.6.35. `chroot' ---------------- The `chroot' program, chroot(8), enables us to run different instances of the GNU/Linux environment on a single system simultaneously without rebooting. One may also run a resource hungry program such as `apt-get' or `dselect' under the chroot of a fast host machine while NFS-mounting a slow satellite machine to the host as r/w and the chroot point being the mount point of the satellite machine. 8.6.35.1. Run a different Debian distribution with `chroot' ----------------------------------------------------------- A chroot Debian environment can easily be created by the `debootstrap' command in Sarge. For post-Sarge distributions, you may use `cdebootstrap' command instead with appropriate option. For example, to create a Sid chroot on while having fast Internet access: main # cd / ; mkdir main # debootstrap sid ... watch it download the whole system main # echo "proc-sid /proc proc none 0 0" >> /etc/fstab main # mount proc-sid /proc -t proc main # cp /etc/hosts /etc/hosts main # chroot /bin/bash chroot # cd /dev; /sbin/MAKEDEV generic ; cd - chroot # apt-setup # set-up /etc/apt/sources.list chroot # vi /etc/apt/sources.list # point the source to unstable chroot # dselect # you may use aptitude, install mc and vim :-) At this point you should have a fully working Debian system, where you can play around without fear of affecting your main Debian installation. This `debootstrap' trick can also be used to install Debian to a system without using a Debian install disk, but instead one for another GNU/Linux distribution. See http://www.debian.org/releases/stable/i386/apcs04. 8.6.35.2. Setting up login for `chroot' --------------------------------------- Typing `chroot /bin/bash' is easy, but it retains all sorts of environment variables that you may not want, and has other issues. A much better approach is to run another login process on a separate virtual terminal where you can log in to the chroot directly. Since on default Debian systems `tty1' to `tty6' run Linux consoles and `tty7' runs the X Window System, let's set up `tty8' for a chrooted console as an example. After creating a chroot system as described in Kohta 8.6.35.1, `Run a different Debian distribution with `chroot'', type from the root shell of the main system: main # echo "8:23:respawn:/usr/sbin/chroot "\ "/sbin/getty 38400 tty8" >> /etc/inittab main # init q # reload init 8.6.35.3. Setting up X for `chroot' ----------------------------------- You want to run the latest X and GNOME safely in your chroot? That's entirely possible! The following example will make GDM run on virtual terminal `vt9'. First install a chroot system using the method described in Kohta 8.6.35.1, `Run a different Debian distribution with `chroot''. From the root of the main system, copy key configuration files to the chroot system. main # cp /etc/X11/XF86Config-4 /etc/X11/XF86Config-4 main # chroot # or use chroot console chroot # cd /dev; /sbin/MAKEDEV generic ; cd - chroot # apt-get install gdm gnome x-window-system chroot # vi /etc/gdm/gdm.conf # do s/vt7/vt9/ in [servers] section chroot # /etc/init.d/gdm start Here, `/etc/gdm/gdm.conf' was edited to change the first virtual console from `vt7' to `vt9'. Now you can easily switch back and forth between full X environments in your chroot and your main system just by switching between Linux virtual terminals; e.g. by using Ctrl-Alt-F7 and Ctrl-Alt-F9. Have fun! [FIXME] Add a comment and link to the init script of the chrooted `gdm'. 8.6.35.4. Run other distributions with `chroot' ----------------------------------------------- A chroot environment for another Linux distribution can easily be created. You install a system into separate partitions using the installer of the other distribution. If its root partition is in `': main # cd / ; mkdir main # mount -t ext3 main # chroot /bin/bash Then proceed as in Kohta 8.6.35.1, `Run a different Debian distribution with `chroot'', Kohta 8.6.35.2, `Setting up login for `chroot'', and Kohta 8.6.35.3, `Setting up X for `chroot''. 8.6.35.5. Build a package with `chroot' --------------------------------------- There is a more specialized chroot package, `pbuilder', which constructs a chroot system and builds a package inside the chroot. It is an ideal system to use to check that a package's build-dependencies are correct, and to be sure that unnecessary and wrong build dependencies will not exist in the resulting package. 8.6.36. How to check hard links ------------------------------- You can check whether two files are the same file with two hard links by: $ ls -li 8.6.37. `mount' hard disk image file ------------------------------------ If `' contains an image of hard disk contents and the original hard disk had a disk configuration which gives = (bytes/sector) * (sectors/cylinder), then the following will mount it to `/mnt': # mount -o loop,offset= /mnt Note that most hard disks have 512 bytes/sector. 8.6.38. Samba ------------- Basics of getting files from Windows: # mount -t smbfs -o \ # mount Windows files to Linux # smbmount \ -o "" # smbclient -L <192.168.1.2> # list the shares on a computer Samba neighbors can be checked from Linux using: # smbclient -N -L | less # nmblookup -T "*" 8.6.39. Utilities for foreign filesystems ----------------------------------------- Many foreign filesystems have Linux kernel support, and can thus be accessed simply by mounting the devices containing the filesystems. For certain filesystems, there are also a few specialized tools to access the filesystems without mounting the devices. This is accomplished with user-space programs so that kernel filesystem support is not needed. * `mtools': for MSDOS filesystem (MS-DOS, Windows) * `cpmtools': for CP/M filesystem * `hfsutils': for HFS filesystem (native Macintosh) * `hfsplus': for HFS+ filesystem (modern Macintosh) In order to create and check an MS-DOS FAT filesystem, `dosfstools' is useful. 8.7. Typical mistakes to be noted --------------------------------- Here are few examples of dangerous actions. The negative impacts will be enhanced if you are using privileged account: `root'. 8.7.1. `rm -rf .*' ------------------ The use of wild card file name in command line argument such as "`rm -rf .*'" may cause dangerous result, since "`.*'" expands to include "`.'" and "`..'". Fortunately for the current verion of "`rm'" command in the Debian distribution, it checks sanity of the argument file names and refuses to remove "`.'" and "`..'". But this is not always the case. Try following to see how the wild card file names work. * "`echo .'" : lists everything under current directory and current directory itself. * "`echo *'" : lists every non-dot files and non-dot directories under current directory * "`echo .[^.]*'" : lists every dot files and dot-directories under current directory. * "`echo .*'" : lists everything under parent directory and parent directory itself. 8.7.2. `rm /etc/passwd' ----------------------- Loss of some important files such as `/etc/passwd' through your stupidity is tough. The Debian system makes regular backups of them in `/var/backups/'. When you restore these files, you may manually have to set the proper permissions. # cp /var/backups/passwd /etc/passwd # chmod 644 /etc/passwd See also Kohta 6.3.4, `Pakettien valintatietojen palauttaminen'. ------------------------------------------------------------------------------- 9. Tuning a Debian system ------------------------- This chapter describes only the basics of system configuration through a command-line interface. Before reading this chapter you should read Luku 3, `Debian System installation hints'. If you are concerned about security then you should read the Securing Debian Manual (http://www.debian.org/doc/manuals/securing-debian-howto/) which comes in the `harden-doc' package. 9.1. System initialization -------------------------- Debian uses the System V init script system. See Kohta 2.4.1, ``init'-ohjelma' for an introduction. 9.1.1. Customizing init scripts ------------------------------- The easiest way to control the behavior of an init script is by changing environment variable assignments in the file named like the init script in the `/etc/default' directory. [1] For example, `/etc/default/hotplug' can be used to control how `/etc/init.d/hotplug' works. The `/etc/default/rcS' file can be used to customize boot-time defaults for `motd', `sulogin', etc. If you cannot get the behavior you want by changing such variables then you can modify the init scripts themselves: they are all configuration files. [1] Files in `/etc/default/' contain environment variable assignments _only_. Each file is sourced by the init script to which it corresponds in such a way that these assignments override any default variable settings in the init script itself. The choice of directory name is peculiar (http://lists.debian.org/debian-devel/2003/debian-devel-200308/msg02114.html) to Debian. It is roughly the equivalent of the `/etc/sysconfig' directory found in Red Hat and other distributions. 9.1.2. Customizing system logging --------------------------------- System log mode can be configured using `/etc/syslog.conf'. Check the `colorize' package for a program to colorize system logfiles. See also syslogd(8) and syslog.conf(5). 9.1.3. Optimizing hardware -------------------------- There are a few hardware optimization configurations that Debian leaves to the sysadmin to take care of. * `hdparm' * Hard disk access optimization. Very effective. * Dangerous. You must read hdparm(8) first. * `hdparm -tT ' to test disk access speed. * `hdparm -q -c3 -d1 -u1 -m16 ' to speed up a modern IDE system. (It may be dangerous.) * `setcd' * Compact disc drive access optimization. * `setcd -x <2>' to slow down to <2>x speed. * See setcd(1). * `setserial' * Collection of tools for serial port management. * `scsitools' * Collection of tools for SCSI hardware management. * `memtest86' * Collection of tools for memory hardware management. * `hwtools' * Collection of tools for low-level hardware management. * `irqtune': changes the IRQ priority of devices to allow devices that require high priority and fast service (e.g. serial ports, modems) to have it. 3x speedup of serial/modem throughput is possible. * `scanport': scans I/O space from 0x100 to 0x3ff looking for installed ISA devices. * `inb': a quick little hack that reads an I/O port and dumps the value in hex and binary. * `schedutils' * Linux scheduler utilities. * `taskset', `irqset', `lsrt', and `rt' are included. * Together with `nice' and `renice' (not included), they allow full control of process scheduling parameters. Mounting a filesystem with the `noatime' option is also very effective in speeding up read access to the file. See fstab(5) and mount(8). Some hardware can be tuned directly by the Linux kernel itself through the proc filesystem. See Kohta 7.3, `Tuning the kernel through the proc filesystem'. There are many hardware-specific configuration utilities in Debian. Many of them address needs specific to the laptop PC. Here are some interesting packages available in Debian: * `tpconfig' - A program to configure touchpad devices * `apmd' - Utilities for Advanced Power Management (APM) * `acpi' - displays information on ACPI devices * `acpid' - Utilities for using ACPI * `lphdisk' - prepares hibernation partition for Phoenix NoteBIOS * `sleepd' - puts a laptop to sleep during inactivity * `noflushd' - allow idle hard disks to spin down * `big-cursor' - larger mouse cursors for X * `acme' - Enables the "multimedia buttons" found on laptops * `tpctl' - IBM ThinkPad hardware configuration tools * `mwavem' - Mwave/ACP modem support * `toshset' - Access much of the Toshiba laptop hardware interface * `toshutils' - Toshiba laptop utilities * `sjog' - A program to use the "Jog Dial" on Sony Vaio Laptops * `spicctrl' - Sony Vaio controller program to set LCD backlight brightness Here, ACPI is a newer framework for the power management system than APM. Some of these packages require special kernel modules. They are already included in the latest kernel source in many cases. In case of trouble, you may need to apply the latest patch to the kernel yourself. 9.2. Restricting access ----------------------- 9.2.1. Restricting logins with PAM ---------------------------------- PAM (Pluggable Authentication Modules) allow you to control how users log in. /etc/pam.d/* # PAM control files /etc/pam.d/login # PAM control file for login /etc/security/* # PAM module parameters /etc/securetty # this controls root login by console (login) /etc/login.defs # this controls login behaviors (login) Change the contents of `/etc/pam.d/login' as follows, if you want insecure but passwordless console terminals at your own risk. #auth required pam_unix.so nullok auth required pam_permit.so Similar tricks can be applied for `xdm', `gdm', ..., for passwordless console X. On the other hand, install `cracklib2' and set `/etc/pam.d/passwd' as follows, if you want to enforce a good password policy. password required pam_cracklib.so retry=3 minlen=6 difok=3 A one-time login password for account activation may also help. For this, use the `passwd' command with the `-e' option. See passwd(1). The maximum number of processes can be set with `ulimit -u 1000' in a Bash shell or with settings in `/etc/security/limits.conf' from PAM. Other parameters such as `core' can be set similarly. The initial value of `PATH' can be set by `/etc/login.defs' before the shell startup script. The documentation for PAM is packaged in the `libpam-doc' package. The _Linux-PAM System Administrator's Guide_ covers configuring PAM, what modules are available, etc. The documentation also includes _The Linux-PAM Application Developers' Guide_ and _The Linux-PAM Module Writers' Guide_. 9.2.2. "Why GNU `su' does not support the `wheel' group" -------------------------------------------------------- This is the famous phrase at the bottom of the old `info su' page by Richard M. Stallman. Not to worry: the current `su' in Debian uses PAM, so that one can restrict the ability to use `su' to any group using `pam_wheel.so' in `/etc/pam.d/su'. The following will set the `adm' group in a Debian system as an equivalent of the BSD `wheel' group and allow `su' without a password for its members. # anti-RMS configuration in /etc/pam.d/su auth required pam_wheel.so group=adm # Wheel members to be able to su without a password auth sufficient pam_wheel.so trust group=adm 9.2.3. Purposes of standard groups ---------------------------------- A few interesting groups: * `root' group is the default wheel group for `su' if `pam_wheel.so' is used without the `group=' argument. * `adm' group can read logfiles. * `cdrom' group can be used locally to give a set of users access to a CD-ROM drive. * `floppy' group can be used locally to give a set of users access to a floppy drive. * `audio' group can be used locally to give a set of users access to an audio device. * `src' group owns source code, including files in `/usr/src'. It can be used locally to give a user the ability to manage system source code. * `staff' membership is useful for helpdesk types or junior sysadmins, giving them the ability to do things in `/usr/local' and to create directories in `/home'. For a complete list, see the "FAQ" section in the Securing Debian Manual (http://www.debian.org/doc/manuals/securing-debian-howto/), which can also be found as the `harden-doc' package in Woody. Also the new `base-passwd' (>3.4.6) contains an authoritative list: `/usr/share/doc/base-passwd/users-and-groups.html'. 9.2.4. Working more safely -- `sudo' ------------------------------------ My usage of `sudo' is mostly a protection from my own stupidity. Personally, I consider using `sudo' a better alternative to always using the system as root. Install `sudo' and activate it by setting options in `/etc/sudoers (http://www.debian.org/doc/manuals/debian-reference/examples/)'. Also check out the `sudo' group feature in `/usr/share/doc/sudo/OPTIONS'. The sample configuration provides "staff" group members access to any commands run as root under `sudo' and also gives "src" members access to selected commands run as root under `sudo'. The advantage of `sudo' is that it only requires an ordinary user's password to log in, and activity is monitored. This is a nice way to give some authority to a junior administrator. For example: $ sudo chown -R : . Of course if you know the root password (as most home users do), any command can be run under root from a user account: $ su -c "shutdown -h now" Password: (I know I should tighten the admin account's `sudo' privileges. But since this is my home server, I have not bothered yet.) For a different program that allows ordinary users to run commands with root privileges, see the `super' package. 9.2.5. Restricting access to services ------------------------------------- The Internet _super-server_, `inetd', is started at boot time by `/etc/rc2.d/S20inetd' (for RUNLEVEL=2), which is a symlink to `/etc/init.d/inetd'. Essentially, `inetd' allows one running daemon to invoke several others, reducing load on the system. Whenever a request for service arrives, its protocol and service are identified by looking them up in the databases in `/etc/protocols' and `/etc/services'. `inetd' then looks up a normal Internet service in the `/etc/inetd.conf' database, or a Sun-RPC based service in `/etc/rpc.conf'. For system security, make sure to disable unused services in `/etc/inetd.conf'. Sun-RPC services need to be active for NFS and other RPC-based programs. Sometimes, `inetd' does not start the intended server directly but starts the `tcpd' TCP/IP daemon wrapper program with the intended server name as its argument in `/etc/inetd.conf'. In this case, `tcpd' runs the appropriate server program after logging the request and doing some additional checks using `/etc/hosts.deny' and `/etc/hosts.allow'. If you have problems with remote access in a recent Debian system, comment out "ALL: PARANOID" in `/etc/hosts.deny' if it exists. For details, see inetd(8), inetd.conf(5), protocols(5), services(5), tcpd(8), hosts_access(5), and hosts_options(5). For more information on Sun-RPC, see rpcinfo(8), portmap(8), and `/usr/share/doc/portmap/portmapper.txt.gz'. 9.2.6. Centralizing authentication -- LDAP ------------------------------------------ Use Lightweight Directory Access Protocol (LDAP). References: * OpenLDAP (http://www.openldap.org/) * OpenLDAP Admin Guide in the `openldap-guide' package * LDP: LDAP Linux HOWTO (http://www.tldp.org/HOWTO/LDAP-HOWTO/index.html) * LDP: LDAP Implementation HOWTO (http://www.tldp.org/HOWTO/LDAP-Implementation-HOWTO/index.html) * OpenLDAP, extensive use reports (http://portal.aphroland.org/~aphro/ldap-docs/ldap.html) * Open LDAP with Courier IMAP and Postfix (http://alinux.washcoll.edu/docs/plc/postfix-courier-howto.html) 9.3. CD writers --------------- CD-writers with ATAPI/IDE interfaces have recently become a very popular option. It is a nice medium for system backup and archiving for the home user needing < 640MB capacity. For the most authoritative information, see the LDP CD-Writing-HOWTO (http://www.tldp.org/HOWTO/CD-Writing-HOWTO.html). 9.3.1. Introduction ------------------- First, any disruption of data sent to the CD-writer will cause irrecoverable damage to the CD. Get a CD-writer with as large a buffer as possible. If money is no object, do not bother with ATAPI/IDE, just get a SCSI version. If you have a choice of IDE interface to be connected, use the one on the PCI-bus (i.e., on the motherboard) rather than one on the ISA-bus (an SB16 card, etc.). When a CD-writer is connected to IDE, it has to be driven by the IDE-SCSI driver instead of an ordinary IDE CD driver for Linux 2.2 and 2.4 kernels. Also, the SCSI generic driver needs to be activated. There are two possible approaches to doing this, assuming a kernel distributed with modern distributions (as of March 2001). For Linux 2.6 kernel, you should use ordinary IDE driver and access CD-RW device directly with device name such as `/dev/hd' instead. You can use DMA this way. 9.3.2. Approach 1: modules + `lilo' ----------------------------------- Add the following line to `/etc/lilo.conf' if you are using a stock Debian kernel. If multiple options are used, list them separated by spaces: append="hd=ide-scsi ignore=hd" Here the location of the CD-writer, which is accessed through the ide-scsi driver, is indicated by `hd', where represents one of the following: hda for a master on the first IDE port hdb for a slave on the first IDE port hdc for a master on the second IDE port hdd for a slave on the second IDE port hde ... hdh for a drive on an external IDE port or ATA66/100 IDE port Type the following commands as root to activate after finishing all the configuration: # lilo # shutdown -h now 9.3.3. Approach 2: recompile the kernel --------------------------------------- Debian uses `make-kpkg' to create a kernel. Use the new `--append_to_version' with `make-kpkg' to build multiple kernel images. See Luku 7, `The Linux kernel under Debian'. Use the following setup through `make menuconfig': * bzImage * Exclude the IDE CD driver (not a must, but simpler to do this) * Compile in ide-scsi and sg, or make them modules 9.3.4. Post-configuration steps ------------------------------- Kernel support for the CD-writer can be activated during booting by the following: # echo ide-scsi >>/etc/modules # echo sg >>/etc/modules # cd /dev; ln -sf scd0 cdrom Manual activation can be done by: # modprobe ide-scsi # modprobe sg After reboot, you can check installation by: $ dmesg|less # apt-get install cdrecord # cdrecord -scanbus [Per Warren Dodge] Sometimes there may be conflicts between `ide-scsi' and `ide-cd' if there are both CD-ROM and CD-R/RW on the system. Try adding the following line to your `/etc/modutils/aliases', running `update-modules', and rebooting. pre-install ide-scsi modprobe ide-cd This causes the IDE driver to load before `ide-scsi'. The IDE driver `ide-cd' takes control of the ATAPI CD-ROM---anything that it hasn't been told to _ignore_. That leaves just the ignored devices for `ide-scsi' to control. 9.3.5. CD-image file (bootable) ------------------------------- To create a CD-image of files under `target-directory/' as `cd-image.raw' (bootable, Joliet TRANS.TBL-enabled format; if not bootable, take out `-b' and `-c' options), insert a boot floppy in the first floppy drive and # dd if= # mkisofs -r -V -b -c -J -T \ -o One funny hack is to make a bootable DOS CD-ROM. If an ordinary DOS boot floppy disk image is in the above `', the CD-ROM will boot as if a DOS floppy were in the first floppy drive (A:). Doing this with freeDOS may be more interesting. This CD-image file can be inspected by mounting it on the loop device. # mount -t iso9660 -o ro,loop /cdrom # cd /cdrom # mc # umount /cdrom 9.3.6. Write to the CD-writer (R, RW): -------------------------------------- First test with (assuming double speed) # nice --10 cdrecord -dummy speed=2 dev=0,0 Then if OK, write to CD-R with # nice --10 cdrecord -v -eject speed=2 dev=0,0 Or write to a CD-RW disk with # nice --10 cdrecord -v -eject blank=fast speed=2 dev=0,0 Some CD-RW drives work better with # nice --10 cdrecord -v blank=all speed=2 dev=0,0 followed by # nice --10 cdrecord -v -eject speed=2 dev=0,0 Two steps are needed to prevent SCSI timeouts during blanking from interfering with the burning step. The argument value to `nice' may require some adjustments. 9.3.7. Make an image file of a CD --------------------------------- Some CD-Rs and commercial CDs have junk sectors at the end that make copying by `dd' impossible (the Windows 98 CD is one of them). The `cdrecord' package comes with the `readcd' command. Use this to copy any CD contents to an image file. If it is a data disk, mount it and run `df' to see its actual size. Divide the number shown in blocks (1 block = 1024 bytes) by 2 to get the number of actual CD sectors (1 sector = 2048 bytes). Run `readcd' with options and use this disk image to burn the CD-R/RW. # readcd dev=,, # select function 11 Here, set all three parameters to 0 for most cases. Usually the number of sectors given by `readcd' is excessive! Use the above number from an actual mount for better results. It should be noted that the use of `dd' has a few problems if used on CD-ROM. The first run of the `dd' command may cause an error message and may yield a shorter disk image with a lost tail-end. The second run of `dd' command may yield a larger disk image with garbage data attached at the end on some systems if the data size is not specified. Only the second run of the `dd' command with the correct data size specified, and without ejecting the CD after an error message, seems to avoid these problems. If for example the image size displayed by `df' is `46301184' blocks, use the following command twice to get the right image (this is my empirical information): # dd if=/dev/cdrom of=cd.img bs=2048 count=$((46301184/2)) 9.3.8. Debian CD images ----------------------- To obtain the latest information on Debian CDs, visit the Debian CD site (http://www.debian.org/CD/). If you have a fast Internet connection, think about installing over the network using: * a few floppy images (http://www.debian.org/distrib/floppyinst). * a minimal bootable CD image (http://www.debian.org/CD/netinst/). If you do not have a fast Internet connection, think about purchasing CDs from a CD vendor (http://www.debian.org/CD/vendors/). Please do not waste bandwidth by downloading standard CD images unless you are a CD image tester (even with the new jigdo method). One noteworthy CD image is KNOPPIX - Live Linux Filesystem On CD (http://www.knopper.net/knoppix/index-en.html). This CD will boot a functioning Debian system without installing itself to the hard disk. 9.3.9. Back up the system to CD-R --------------------------------- To copy key configuration files and data files to CD-R, use the example backup script `backup (http://www.debian.org/doc/manuals/debian-reference/examples/)'. Also see Kohta 8.3, `Copy and archive a whole subdirectory' and Kohta 8.4, `Differential backup and data synchronization'. 9.3.10. Copy a music CD to CD-R ------------------------------- Not tested by me: # apt-get install cdrecord cdparanoia # cdparanoia -s -B # cdrecord dev=0,0,0 speed=2 -v -dao -eject defpregap=1 -audio *.wav or, # apt-get install cdrdao #disk at once # cdrdao read-cd --device /dev/cdrom --paranoia-mode 3 my_cd # read cd # cdrdao write --device /dev/cdrom --speed 8 my_cd # write a new CD `cdrdao' does a real copy (no gaps, etc...). 9.3.11. Writing DVD-R, DVD-RW, and DVD+RW ----------------------------------------- For DVD writing, you have 2 approaches: * Use `growisofs' with `mkisofs'. * Recompile `cdrecord' with dvd option to create local package following `/usr/share/doc/cdrecord/README.DVD.Debian'. 9.4. X ------ The X Window System is provided by XFree86 (http://www.xfree86.org/). There are two major versions of X server available on the Debian system: XFree86 Version 3.3 (XF3) and XFree86 Version 4.x series (XF4) both based on X11R6 specifications by X.Org (http://www.x.org/). For the basics of X, refer to X(7), the LDP XWindow-User-HOWTO (http://www.tldp.org/HOWTO/XWindow-User-HOWTO.html), and the Remote X Apps mini-HOWTO (http://www.tldp.org/HOWTO/mini/Remote-X-Apps.html). For a Debian-specific user guide, read `/usr/share/doc/xfree86-common/FAQ.gz' provided in the `xfree86-common' package. This contains an interesting and authoritative review of the key binding issues by Branden Robinson. Kohta 9.4.3, `The X server' a program on a local host that displays an X window and/or desktop on a user's monitor (CRT, LCD) and accepts keyboard and mouse input. Kohta 9.4.4, `X clients' a program on a (local or remote) host that runs X-compatible application software. This reverses the ordinary use of "server" and "client" in other contexts. There are several ways of getting the "X server" (display side) to accept remote connections from an "X client" (application side): * `xhost' method * the host list mechanism (very insecure). * non-encrypted protocol (prone to eavesdropping attack). * Do not use this, if possible. * See Kohta 9.4.7, `Connecting to a remote X server -- `xhost'' and xhost(1x). * _`xauth'_ method * the MIT magic cookie mechanism (insecure but better than `xhost'). * non-encrypted protocol (prone to eavesdropping attack). * use this only for local connection since it is less CPU-intensive than `ssh -X'. * See Kohta 9.4.12, `Getting root in X' and xauth(1x). * `xdm', `wdm', `gdm', `kdm', ... methods * the MIT magic cookie mechanism (insecure as `xauth'). * See xdm(1x) and Xsecurity(7) for the basics of X display access control. * See wdm(1x), gdm(8), and kdm.options(5) for more information, if these are installed. * See Kohta 2.4.3, `Ajotasojen muokkaaminen' for how to disable `xdm' to gain a Linux console upon boot without purging the `xdm' package. * _`ssh -X'_ method * port forwarding mechanism through secure shell (_secure_). * encrypted protocol (a waste of resources if used locally). * use this for remote connections. * See Kohta 9.4.8, `Connecting to a remote X server -- `ssh''. All remote connection methods, except `ssh', require TCP/IP connection enabled on the X server. See Kohta 9.4.6, `Using X over TCP/IP'. 9.4.1. X packages ----------------- There are a few (meta)packages provided to ease installation of the X system in Woody. `x-window-system-core' This metapackage provides the essential components for a stand-alone workstation running the X Window System. It provides the X libraries, an X server (`xserver-xfree86'), a set of fonts, and a group of basic X clients and utilities. `x-window-system' This metapackage provides substantially all the components of the X Window System as developed by the XFree86 Project, as well as a set of historically popular accessory programs. (Notably, it depends on `x-window-system-core', `twm', and `xdm', i.e., no need to install `x-window-system-core' if you install this.) `xserver-common-v3' Files and utilities common to XFree86 3.x X servers (XF3) `xserver-*' Supplemental XF3 server packages to support hardware not supported by the new XF4 server (`xserver-xfree86') for whatever reason. Some old ATI mach64 cards are not supported in XF4, other cards hang badly in the Woody version of XF4, etc. (For available packages, use `apt-cache search xserver-|less'. All of these XF3 servers depend on `xserver-common-v3'.) For most cases, `x-window-system' is the package to install. (If you want console login, be sure to disable `xdm' as described in Kohta 8.1.4, `"Let me disable X on boot!"'.) 9.4.2. Hardware detection for X ------------------------------- To enable hardware detection during the X configuration stage, install the following packages prior to installing the X system: * `discover' -- hardware identification system. * `mdetect' -- mouse device autodetection tool. * `read-edid' -- hardware information-gathering tool for VESA PnP monitors. 9.4.3. The X server ------------------- See XFree86(1x) for X server information. Invoke X server from a local console: $ startx -- : e.g.: $ startx -- :1 vt8 -bpp 16 ... start on vt8 connected to localhost:1 with 16 bpp mode Arguments given after `--' are for the X server. Note, when using a `~/.xserverrc' script to customize the X server startup process, be sure to `exec' the real X server. Failing to do this can make the X server slow to start and exit. For example: #!/bin/sh exec /usr/bin/X11/X -dpi 100 -nolisten tcp 9.4.3.1. Configuring the X server (version 4) --------------------------------------------- To (re-)configure an XF4 server, # dpkg-reconfigure --priority=low xserver-common # dpkg-reconfigure --priority=low xserver-xfree86 will generate `/etc/X11/XF86Config-4' file and configure X using the script `dexconf'. 9.4.3.2. Configuring the X server (version 3) --------------------------------------------- To (re-)configure an XF3 server, for example, for ATI mach64, # dpkg-reconfigure --priority=low xserver-common-v3 # dpkg-reconfigure --priority=low xserver-mach64 will generate `/etc/X11/XF86Config' file and configure X using the script `xf86config-v3'. 9.4.3.3. Configuring the X server manually ------------------------------------------ For Woody, to add user customizations to `/etc/X11/XF86Config-4' file, _do not edit the configuration file between the text_: ### BEGIN DEBCONF SECTION [snip] ### END DEBCONF SECTION Instead, _add the customizations before the text_. For example, to use a custom video device, add something resembling the following text to the _top_ of the file: Section "Device" Identifier "Custom Device" Driver "ati" Option "NoAccel" EndSection Section "Screen" Identifier "Custom Screen" Device "Custom Device" Monitor "Generic Monitor" DefaultDepth 24 Subsection "Display" Depth 8 Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480" EndSubsection Subsection "Display" Depth 16 Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480" EndSubsection Subsection "Display" Depth 24 Modes "1280x960" "1152x864" "1024x768" "800x600" "640x480" EndSubsection EndSection Section "ServerLayout" Identifier "Custom" Screen "Custom Screen" InputDevice "Generic Keyboard" "CoreKeyboard" InputDevice "Configured Mouse" "CorePointer" EndSection For Sarge (`testing' at the time of writing), if you wish to retain user customizations to `/etc/X11/XF86Config' file through upgrade, run the following commands as root: # cp /etc/X11/XF86Config-4 /etc/X11/XF86Config-4.custom # md5sum /etc/X11/XF86Config-4 > /var/lib/xfree86/XF86Config-4.md5sum # dpkg-reconfigure xserver-xfree86 In order to achieve _font de-uglification_, you need to edit `/etc/X11/XF86Config-4' as described in Kohta 9.4.13, `TrueType fonts in X'. Please also check the other parts of your X configuration. Bad monitor settings can be even more of a headache than bad fonts, so make sure your refresh rate is as high as your monitor can handle (85 Hz is great, 75 Hz is OK, 60 Hz is painful). 9.4.4. X clients ---------------- Most X client programs can be started with a command like this: client $ xterm -geometry 80x24+30+200 -fn 6x10 -display :0 & Here, the optional command-line arguments mean: * `-geometry x++': the initial size and location of the window. * `-fn ': the font to use for displaying text. `' can be: * a14: Normal size font * a24: Large size font * ... (check available fonts with `xlsfont'.) * `-display ': the name of the X server to use. `' can be: * `:' means screen `' on display `' of host `'; the X server for this display is listening to TCP port 6000+D. * `/unix:' means screen `' on display of host `'; the X server for this display is listening to UNIX domain socket `/tmp/.X11-unix/XD' (so it's only reachable from `'). * `<:D.S>' is equivalent to `/unix:', where `' is the local hostname. The default `' for the X client program (application side) can be set by the DISPLAY environment variable. For example, prior to running an X client program, executing one of the following commands achieves this: $ export DISPLAY=:0 # The default, local machine using the first X screen $ export DISPLAY=:0.2 $ export DISPLAY=localhost:0 Its startup can be customized by `~/.xinitrc'. For example: xrdb -load $HOME/.Xresources xsetroot -solid gray & xclock -g 50x50-0+0 -bw 0 & xload -g 50x50-50+0 -bw 0 & xterm -g 80x24+0+0 & xterm -g 80x24+0-0 & twm As described in Kohta 9.4.5.1, `Custom X sessions', this overrides everything normal execution of `Xsession' does when started from `startx'. Use `~/.xsession' instead and use this approach only as the last resort. See xsetroot(1x), xset(1x), and Kohta 9.4.10, `X resources'. 9.4.5. X sessions ----------------- An X session (X server + X client) can be started by: * `startx': wrapper script command for `xinit' to start an X server and client from a Linux character console. If `~/.xinitrc' does not exist, `/etc/X11/Xsession' is executed through `/etc/X11/xinit/xinitrc'. * `xdm', `gdm', `kdm', or `wdm': X display manager daemons to start the X server and client, and to control login via a GUI screen. `/etc/X11/Xsession' is directly executed. The console can be made available as in Kohta 8.1.4, `"Let me disable X on boot!"'. 9.4.5.1. Custom X sessions -------------------------- The default startup script `/etc/X11/Xsession' is effectively a combination of `/etc/X11/Xsession.d/50xfree86-common_determine-startup' and `/etc/X11/Xsession.d/99xfree86-common_start'. Execution of `/etc/X11/Xsession' is somewhat affected by `/etc/X11/Xsession.options' and is essentially an execution of a program which was first found in the following order with the `exec' command: 1. `~/.xsession' or `~/.Xsession', if it is defined. 2. `/usr/bin/x-session-manager', if it is defined. 3. `/usr/bin/x-window-manager', if it is defined. 4. `/usr/bin/x-terminal-emulator', if it is defined. The exact meaning of these commands is determined by the Debian alternative system described in Kohta 6.5.3, `Vaihtoehtoiset komennot'. For example: # update-alternatives --config x-session-manager ... or # update-alternatives --config x-window-manager In order to make any X window manager a default while keeping GNOME and KDE session managers installed, replace `/etc/X11/Xsession.d/50xfree86-common_determine-startup' with the one attached in the second bug report at http://bugs.debian.org/168347 (I hope this will be included soon) and edit `/etc/X11/Xsession.options' as follows to disallow the X session manager: # /etc/X11/Xsession.options # # configuration options for /etc/X11/Xsession # See Xsession.options(5) for an explanation of the available options. # Default enabled allow-failsafe allow-user-resources allow-user-xsession use-ssh-agent # Default disabled (enable them by uncommenting) do-not-use-x-session-manager #do-not-use-x-window-manager Without the above mentioned modification to the system, `gnome-session' and `kdebase' are the packages containing these X session managers. Removing them allows X window manager to be a default. (Yack, any better idea?) On a system where `/etc/X11/Xsession.options' contains a line `allow-user-xsession' without preceding characters, any user who defines `~/.xsession' or `~/.Xsession' will be able to customize the action of `/etc/X11/Xsession'. The last command in the `~/.xsession' file should use form of `exec ' to start your favorite X window/session manager. A good example of an `~/.xsession' script is given at `/usr/share/doc/xfree86-common/examples/xsession.gz'. I use this to set the window manager, screen access, and language support for each user account. See Kohta 9.4.5.2, `Starting an X session for a user', Kohta 9.4.12, `Getting root in X', and Kohta 9.7.9, `Example for a multilingual X window system'. If you wish to have several X client programs started automatically, see Kohta 9.4.4, `X clients' examples and invoke them from `~/.xsession' instead of `~/.xinitrc'. User-specific additional X resources can be stored in `~/.Xresources'. See Kohta 9.4.10, `X resources'. User-customized keymaps and pointer button mappings in X can also be specified in the user's start up script. See Kohta 9.4.11, `Keymaps and pointer button mappings in X'. 9.4.5.2. Starting an X session for a user ----------------------------------------- Following the principle described at Kohta 9.4.5.1, `Custom X sessions', a user-specific X session/window manager can be activated by installing the package indicated and setting the contents at the end of `~/.xsession' file as follows. (I like `blackbox'/`fluxbox' for its simple style and fast speed.): * default X session manager * See Kohta 6.5.3, `Vaihtoehtoiset komennot' * `exec /usr/bin/x-session-manager' * default X window manager * See Kohta 6.5.3, `Vaihtoehtoiset komennot' * `exec /usr/bin/x-window-manager' * GNOME session manager (loaded) * Install package: `gnome-session' * `exec /usr/bin/gnome-session' * KDE session manager (loaded) * Install package: `kdebase' (or `kdebase3' for KDE3) * `exec /usr/bin/kde2' * Blackbox window manager (lightweight, slick) * Install package: `blackbox' * `exec /usr/bin/blackbox' * Fluxbox window manager (lightweight, new blackbox) * Install package: `fluxbox' * `exec /usr/bin/fluxbox' * Xfce window manager (Mac OS-X, SUN CDE--like) * Install package: `xfce' * `exec /usr/bin/xfwm' * IceWM window manager (lightweight, GNOME alternative) * Install package: `icewm' * `exec /usr/bin/X11/icewm' * FVWM2 virtual window manager (lightweight, Win95-like) * Install package: `fvwm' * `exec /usr/bin/fvwm2' * Windowmaker window manager (somewhat NexT-like) * Install package: `wmaker' * `exec /usr/bin/wmaker' * Enlightenment window manager (loaded) * Install package: `enlightenment' * `exec /usr/bin/enlightenment' See Window Managers for X (http://www.xwinman.org). 9.4.5.3. Setting up KDE and GNOME --------------------------------- In order to setup full KDE or GNOME environment, the following metapackages are useful: * KDE: install the `kde' package * GNOME: install the `gnome' package Installing these packages with tools which handle `Recommends', such as `dselect' and `aptitude', provides you with richer choices of software than just installing these with `apt-get'. If you want console login, be sure to disable X display managers, such as `kdm', `gdm', and `wdm', which may be pulled in by the dependencies, as described in Kohta 8.1.4, `"Let me disable X on boot!"'. If you want to have GNOME as the system default over KDE, make sure to configure `x-session-manager' as in Kohta 6.5.3, `Vaihtoehtoiset komennot'. 9.4.6. Using X over TCP/IP -------------------------- Because a remote TCP/IP socket connection without encryption is prone to an eavesdropping attack, the default setting for X in recent Debian versions disables the TCP/IP socket. Consider using `ssh' for a remote X connection (see Kohta 9.4.8, `Connecting to a remote X server -- `ssh''). The method described here is not encouraged unless one is in a very secure environment behind a good firewall system with only trusted users present. Use the following command to verify your current X server setting for the TCP/IP socket: # find /etc/X11 -type f -print0 | xargs -0 grep nolisten /etc/X11/xinit/xserverrc:exec /usr/bin/X11/X -dpi 100 -nolisten tcp Remove `-nolisten' to restore TCP/IP listening on the X server. 9.4.7. Connecting to a remote X server -- `xhost' ------------------------------------------------- `xhost' allows access based on hostnames. This is very insecure. The following will disable host checking and allow connections from anywhere if a TCP/IP socket connection is allowed (see Kohta 9.4.6, `Using X over TCP/IP'): $ xhost + You can re-enable host checking with: $ xhost - `xhost' does not distinguish between different users on the remote host. Also, hostnames (addresses actually) can be spoofed. This method must be avoided even with more restrictive host criteria if you're on an untrusted network (for instance with dial-up PPP access to the Internet). See xhost(1x). 9.4.8. Connecting to a remote X server -- `ssh' ----------------------------------------------- The use of `ssh' enables a secure connection from a local X server to a remote application server. * Set `X11Forwarding' and `AllowTcpForwarding' entries to `yes' in `/etc/ssh/sshd_config' of the remote host, if you want to avoid corresponding command-line options. * Start the X server on the local host. * Open an `xterm' in the local host. * Run `ssh' to establish a connection with the remote site. localname @ localhost $ ssh -q -X -l loginname remotehost.domain Password: ..... * Run X application commands on the remote site. loginname @ remotehost $ gimp & This method allows the display of the remote X client output as if it were locally connected through a local UNIX domain socket. 9.4.9. The X terminal emulator -- `xterm' ----------------------------------------- Learn everything about `xterm' at http://dickey.his.com/xterm/xterm.faq.html. 9.4.10. X resources ------------------- Many older X programs, such as `xterm', use the X resource database to configure their appearance. The file `~/.Xresources' is used to store user resource specifications. This file is automatically merged into the default X resources upon login. The system-wide defaults of X resources are stored in `/etc/X11/Xresources/*' and application defaults of them are stored in `/etc/X11/app-defaults/*'. Use these settings as the starting points. Here are some helpful settings to add to your `~/.Xresources' file: ! Set the font to a more readable 9x15 XTerm*font: 9x15 ! Display a scrollbar XTerm*scrollBar: true ! Set the size of the buffer to 1000 lines XTerm*saveLines: 1000 ! Large kterm screen KTerm*VT100*fontList: -*-fixed-medium-r-normal--24-*,\ -*-gothic-medium-r-normal--24-*,\ -*-mincho-medium-r-normal--24-* To make these settings take effect immediately, merge them into the database using the command: xrdb -merge ~/.Xresources See xrdb(1x). 9.4.11. Keymaps and pointer button mappings in X ------------------------------------------------ The `xmodmap' program is used to edit and display the keyboard modifier map and keymap table that are used by client applications to convert event keycodes into keysyms in X. $ xmodmap -pm ... display the current modifier map $ xmodmap -pk | pager ... display the current keymap table $ xmodmap -e "pointer = 3 2 1" # set mouse for the left hand. $ xmodmap ~/.xmodmaprc # set keyboard as in ~/.xmodmaprc It is usually run from the user's session startup script, `~/.xsession'. To get the `keycode', run `xev' in X and press keys. To get the meaning of `keysym', look into the MACRO definition in `/usr/include/X11/keysymdef.h' file. All the `#define' statements in this file are named as `XK_' prepended to the `keysym' names. See xmodmap(1x). 9.4.12. Getting root in X ------------------------- If a GUI program needs to be run with root privilege, use the following procedures to display program output on a user's X server. _Never attempt to start an X server directly from the root account_ in order to avoid possible security risks. Start the X server as a normal user and open an `xterm' console. Then: $ XAUTHORITY=$HOME/.Xauthority $ export XAUTHORITY $ su root Password:***** # printtool & When using this trick to `su' to a non-root user, make sure `~/.Xauthority' is group readable by this non-root user. To automate this command sequence, create a file `~/.xsession' from the user's account, containing the following lines: # This makes X work when I su to the root account. if [ -z "$XAUTHORITY" ]; then XAUTHORITY=$HOME/.Xauthority export XAUTHORITY fi unset XSTARTUP # If a particular window/session manager is desired, uncomment # the following and edit it to fit your needs. #XSTARTUP=/usr/bin/blackbox # This starts x-window/session-manager program if [ -z "$XSTARTUP" ]; then if [ -x /usr/bin/x-session-manager ]; then XSTARTUP=x-session-manager elif [ -x /usr/bin/x-window-manager ]; then XSTARTUP=x-window-manager elif [ -x /usr/bin/x-terminal-emulator ]; then XSTARTUP=x-terminal-emulator fi fi # execute auto selected X window/session manager exec $XSTARTUP Then run `su' (not `su -') in an `xterm' window of the user. Now GUI programs started from this `xterm' can display output on this user's X window while running with root privilege. This trick works as long as the default `/etc/X11/Xsession' is executed. If a user set up his customization using `~/.xinitrc' or `~/.xsession', the above mentioned environment variable `XAUTHORITY' needs to be set similarly in those scripts. Alternatively, `sudo' can be used to automate the command sequence: $ sudo xterm ... or $ sudo -H -s Here `/root/.bashrc' should contain: if [ $SUDO_USER ]; then sudo -H -u $SUDO_USER xauth extract - $DISPLAY | xauth merge - fi This works fine even with the home directory of the user on an NFS mount, because root does not read the `.Xauthority' file. There are also several specialized packages for this purpose: `kdesu', `gksu', `gksudo', `gnome-sudo', and `xsu'. Some other methods can be used to achieve similar results: creating a symlink from `/root/.Xauthority' to the user's corresponding one; use of the script sux (http://fgouget.free.fr/sux/sux-readme.shtml); or putting "`xauth merge ~/.Xauthority'" in the root initialization script. See more on the debian-devel mailing list (http://lists.debian.org/debian-devel/2002/debian-devel-200207/msg00259.html). 9.4.13. TrueType fonts in X --------------------------- The standard `xfs' in XFree86-4 works fine with TrueType fonts. You have to install a third-party font server such as `xfs-xtt', if you are using XFree86-3. You just need to make sure that whatever applications you want to use the TrueType fonts are linked against libXft or libfreetype (you probably don't even have to worry about this if you're using pre-compiled .debs). First set up font support infrastructure: * Install `x-ttcidfont-conf' and `defoma' packages. This automates generation of the `fonts.scale' and `fonts.dir' files. # apt-get install x-ttcidfont-conf * Edit `/etc/X11/XF86Config-4' in the `Section "Files"' as: Section "Files" FontPath "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType" FontPath "/usr/share/fonts/truetype" FontPath "/usr/lib/X11/fonts/CID" FontPath "/usr/lib/X11/fonts/Speedo" FontPath "/usr/lib/X11/fonts/misc" FontPath "/usr/lib/X11/fonts/cyrillic" FontPath "/usr/lib/X11/fonts/100dpi:unscaled" FontPath "/usr/lib/X11/fonts/75dpi:unscaled" FontPath "/usr/lib/X11/fonts/Type1" EndSection The first line will setup XFree86 to use any TrueType fonts you install from Debian packages. Type1 font entry is moved down since XFree86 does a rather poor job of rendering Type1 fonts. The `:unscaled' trick for bitmap fonts should not be needed for new XF4 anymore but I included it here just be sure. In order to preserve manual changes of `/etc/X11/XF86Config-4' follow instructions in Kohta 9.4.3.3, `Configuring the X server manually'. Then install DFSG font packages: * Western TrueType fonts: * `ttf-bitstream-vera': A set of high-quality TrueType fonts created by Bitstream, Inc. [1] * `ttf-freefont': A set of free high-quality TrueType fonts covering the UCS character set. * `ttf-thryomanes': A TrueType Unicode font covering Latin, Greek, Cyrillic, and IPA. * Asian fonts: * `tfm-arphic-bsmi00lp': Chinese Arphic "AR PL Mingti2L Big5" TrueType font TeX font metric data * `tfm-arphic-bkai00mp': Chinese Arphic "AR PL KaitiM Big5" TrueType font TeX font metric data * `tfm-arphic-gbsn00lp': Chinese Arphic "AR PL SungtiL GB" TrueType font TeX font metric data * `tfm-arphic-gkai00mp': Chinese Arphic "AR PL KaitiM GB" TrueType font TeX font metric data * `ttf-baekmuk': Korean Baekmuk series TrueType fonts * `hbf-jfs56': Chinese Jianti Fangsong 56x56 bitmap font (GB2312) for CJK * `hbf-cns40-b5': Chinese Fanti Song 40x40 bitmap font (Big5) for CJK * `hbf-kanji48': Japanese Kanji 48x48 bitmap font (JIS X-0208) for CJK Since _Free_ fonts are sometimes limited, installing or sharing some commercial TrueType fonts is an option for a Debian users. In order to make this process easy for the user, some convenience packages have been created: * `ttf-commercial' * `msttcorefonts (>1.1.0)' [2] You'll have a really good selection of TrueType fonts at the expense of contaminating your _Free_ system with non-Free fonts. All these font packages in Debian should work without any efforts and appear available to all X programs that use the regular "core" font system. This includes things like Xterm, Emacs, and most other non-KDE and non-GNOME applications. Now, run `xfontsel' and select any TrueType fonts in the fndry menu, you should be able to see many ungrayed out entries in the "fmly" menu. For KDE2.2 and GNOME1.4 (with libgdkxft0, which is a hack to get GTK 1.2 to do anti-aliased font rendering), you need to setup Xft1, as well. Xft1 is highly deprecated, and is basically only used by GNOME1.4 and KDE2.2. Edit `/etc/X11/XftConfig' and add a line like dir "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType" before the other dir lines. [3] For GNOME2 and KDE3 (post Sarge release), you need to setup `fontconfig' which Xft2 uses to find fonts. [4] You shouldn't need to install anything extra for this because every package using `fontconfig' Depends on it (indirectly) already. First, look in `/etc/fonts/fonts.conf'. There should be a line like the one below. If not, open up `/etc/fonts/local.conf' and add this /var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType just after the line. `Fontconfig' should pick these up immediately, and "fc-list" should list your new fonts. Another neat feature of `fontconfig' is that you can just drop fonts in `~/.fonts/' and all your fontconfigified programs will have access to them immediately. If you manually install a new set of TrueType fonts while in X without using Debian package, run # xset fp rehash to get XFree86 to look at the contents of that directory again and to pickup new ones. [1] Though this is not available in Woody, you can install this from Sarge. [2] The package in Woody does not work as of 8/2002 due to a change in Microsoft's website. Use Sarge version even in Woody instead. [3] I don't have any xft1 stuff on my machine anymore, so I'm not sure if you need to restart X or not before this change will take effect. I seem to remember that "xftcache" would update the Xft1 cache, but it'd be good if someone could confirm that for me. [4] `Fontconfig' does not exist in Woody. 9.4.14. Web browsers in X ------------------------- There are many web browser packages with graphical display capabilities as of the Sarge release: * `mozilla' The Mozilla browser * `mozilla-firefox' Mozilla browser variant (stand-alone) * `epiphany-browser' Mozilla browser variant (Gnome) * `konqueror' KDE browser * `amaya' W3C reference browser * ... In `testing' or `unstable', you may face version mismatch problems among `mozilla' variant browsers since they may require matched versions of shared libraries. Plug-ins for browsers such as `mozilla' can be enabled by installing "`*.so'" manually in the plug-in directory and restarting the browsers. Plug-in resources: * Java plug-in: install binary "J2SE" from http://java.sun.com. * Flash plug-in: install binary "Macromedia Flash Player 5" from http://www.macromedia.com/software/flashplayer/. * `freewrl': VRML browser and Netscape plug-in * ... 9.4.15. Mail Clients (MUAs) in X -------------------------------- There are sevral client packages with graphical display capabilities as of the Sarge release: * `mozilla-thunderbird' stand-alone mail client * `kmail' KDE mail client * `evolution' groupware suite from Novell * ... 9.5. SSH -------- SSH (Secure SHell) is the secure way to connect over the Internet. A free version of SSH called OpenSSH is available as the `ssh' package in Debian. 9.5.1. Basics of SSH -------------------- First install the OpenSSH server and client. # apt-get update && apt-get install ssh `/etc/ssh/sshd_not_to_be_run' must not be present if one wishes to run the OpenSSH server. SSH has two authentication protocols: * SSH protocol version 1: * Potato version only supports this protocol. * available authentication methods: * RSAAuthentication: RSA identity key based user authentication * RhostsAuthentication: .rhosts based host authentication (insecure, disabled) * RhostsRSAAuthentication: .rhosts authentication combined with RSA host key (disabled) * ChallengeResponseAuthentication: RSA challenge-response authentication * PasswordAuthentication: password based authentication * SSH protocol version 2: * post-Woody versions use this as the primary protocol. * available authentication methods: * PubkeyAuthentication: public key based user authentication * HostbasedAuthentication: `.rhosts' or `/etc/hosts.equiv' authentication combined with public key client host authentication (disabled) * ChallengeResponseAuthentication: challenge-response authentication * PasswordAuthentication: password based authentication Be careful about these differences if you are migrating to Woody or using a non-Debian system. See `/usr/share/doc/ssh/README.Debian.gz', ssh(1), sshd(8), ssh-agent(1), and ssh-keygen(1) for details. Following are the key configuration files: * `/etc/ssh/ssh_config': SSH client defaults. See ssh(1). Notable entries are: * `Host': Restricts the following declarations (up to the next Host keyword) to be only for those hosts that match one of the patterns given after the keyword. * `Protocol': Specifies the SSH protocol versions. The default is "2,1". * `PreferredAuthentications': Specifies the SSH2 client authentication method. The default is "hostbased,publickey,keyboard-interactive,password". * `PasswordAuthentication': If you want to log in with a password, you have to make sure this is not set `no'. * `ForwardX11': The default is disabled. This can be overridden by the command-line option "`-X'". * `/etc/ssh/sshd_config': SSH server defaults. See sshd(8). Notable entries are: * `ListenAddress': Specifies the local addresses `sshd' should listen on. Multiple options are permitted. * `AllowTcpForwarding': The default is disabled. * `X11Forwarding': The default is disabled. * `$HOME/.ssh/authorized_keys': the lists of the default public keys that clients use to connect to this account on this host. See ssh-keygen(1). * `$HOME/.ssh/identity': See ssh-add(1) and ssh-agent(1). The following will start an `ssh' connection from a client. $ ssh username@hostname.domain.ext $ ssh -1 username@hostname.domain.ext # Force SSH version 1 $ ssh -1 -o RSAAuthentication=no -l username foo.host # force password on SSH1 $ ssh -o PreferredAuthentications=password -l username foo.host # force password on SSH2 For the user, `ssh' functions as a smarter and more secure `telnet' (will not bomb with ^]). 9.5.2. Port forwarding for SMTP/POP3 tunneling ---------------------------------------------- To establish a pipe to connect to port 25 of from port 4025 of localhost, and to port 110 of from port 4110 of localhost through `ssh', execute on the local machine: # ssh -q -L 4025:remote-server:25 4110:remote-server:110 \ username@remote-server This is a secure way to make connections to SMTP/POP3 servers over the Internet. Set the `AllowTcpForwarding' entry to `yes' in `/etc/ssh/sshd_config' of the remote host. 9.5.3. Connecting with fewer passwords -- RSA --------------------------------------------- One can avoid having to remember a password for each remote system by using RSAAuthentication (SSH1 protocol) or PubkeyAuthentication (SSH2 protocol). On the remote system, set the respective entries, "RSAAuthentication yes" or "PubkeyAuthentication yes", in `/etc/ssh/sshd_config'. Then generate authentication keys locally and install the public key on the remote system: $ ssh-keygen # RSAAuthentication: RSA1 key for SSH1 $ cat .ssh/identity.pub | ssh user1@remote \ "cat - >>.ssh/authorized_keys" ... $ ssh-keygen -t rsa # PubkeyAuthentication: RSA key for SSH2 $ cat .ssh/id_rsa.pub | ssh user1@remote \ "cat - >>.ssh/authorized_keys" ... $ ssh-keygen -t dsa # PubkeyAuthentication: DSA key for SSH2 $ cat .ssh/id_dsa.pub | ssh user1@remote \ "cat - >>.ssh/authorized_keys" One can change the passphrase later with "`ssh-keygen -p'". Make sure to verify settings by testing the connection. In case of any problem, use "`ssh -v'". You can add options to the entries in `authorized_keys' to limit hosts and to run specific commands. See sshd(8) for details. Note that SSH2 has `HostbasedAuthentication'. For this to work, you must adjust the settings of `HostbasedAuthentication' to `yes' in both `/etc/ssh/sshd_config' on the server machine and `/etc/ssh/ssh_config' or `$HOME/.ssh/config' on the client machine. 9.5.4. Dealing with alien SSH clients ------------------------------------- There are a few free SSH clients available for non-Unix-like platforms. Windows puTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/) (GPL) Windows (cygwin) SSH in cygwin (http://www.cygwin.com/) (GPL) Macintosh Classic macSSH (http://www.macssh.com/) (GPL) [Note that Mac OS X includes OpenSSH; use `ssh' in the Terminal application] See also SourceForge.net, site documentation (http://www.sourceforge.net/docman/?group_id=1), "6. CVS Instructions". 9.5.5. Setting up `ssh-agent' ----------------------------- It is safer to protect your SSH authentication key with a passphrase. If it was not set, use `ssh-keygen -p' to set it. Place your public key (e.g. `~/.ssh/id_rsa.pub') into `~/.ssh/authorized_keys' on a remote host using a password-based connection to the remote host as described in Kohta 9.5.3, `Connecting with fewer passwords -- RSA'. $ ssh-agent bash # or run zsh/tcsh/pdksh program instead. $ ssh-add ~/.ssh/id_rsa Enter passphrase for /home/osamu/.ssh/id_rsa: Identity added: /home/osamu/.ssh/id_rsa (/home/osamu/.ssh/id_rsa) $ scp ... no passphrase needed from here on :-) $^D ... terminating ssh-agent session For the X server, normal Debian startup scripts execute `ssh-agent' as parent process. So you only need to execute `ssh-add' once. For more, read ssh-agent(1)and ssh-add(1). 9.5.6. Troubleshooting SSH -------------------------- If you have problems, check the permissions of configuration files and run `ssh' with the "`-v'" option. Use the "`-P'" option if you are root and have trouble with a firewall; this avoids the use of server ports 1--1023. If `ssh' connections to a remote site suddenly stop working, it may be the result of tinkering by the sysadmin, most likely a change in `host_key' during system maintenance. After making sure this is the case and nobody is trying to fake the remote host by some clever hack, one can regain a connection by removing the `host_key' entry from `$HOME/.ssh/known_hosts' on the local machine. 9.6. Mail --------- Mail configuration divides into three categories: * mail transfer agent (MTA): `exim4', `exim', `postfix', `sendmail', `qmail', `ssmtp', `nullmailer', ... * mail utilities: `procmail', `fetchmail', `mailx', `crm114', ... * mail user agent (MUA): `mutt', `emacs'+`gnus', ... 9.6.1. Mail transport agents (MTAs) ----------------------------------- For a full-featured MTA, use `exim' in Woody and use `exim4' in Sarge. [1] References: * `exim-doc' and `exim-doc-html' packages for `exim' * `exim4-doc-info' and `exim4-doc-html' packages for `exim4' * http://www.exim.org/ The only reasonable alternative MTA is `postfix' if you care about security. `sendmail' and `qmail' are available as Debian packages but are not recommended. If you do not need the relay capability of an MTA as in the case of a satellite system such as a laptop PC, you may consider using one of these lightweight packages: * `ssmtp': needs an SMTP connection and is alias-capable, or * `nullmailer': can spool but is not alias-capable. At this moment, I find `exim' to be more suitable even for my personal workstation machine, which is a laptop PC. You may need to remove `exim' for the installation of these conflicting packages: # dpkg -P --force-depends exim # apt-get install nullmailer # or ssmtp [1] Following sections use `exim' in examples. For Sarge replace this with `exim4' as needed. 9.6.1.1. Smarthost ------------------ If you are running `exim4' or `exim' on a host which is connected through the consumer grade services, please make sure to send outgoing mail through a smarthost offered by your ISP or some others. [1] There are few good reasons: * to ensure SMTP retries since your ISP's smarthost usually have more reliably connection. * to avoid sending mail directly from a _dynamic IP address_ which will likely be blocked by dial-up spam lists. * to save your local bandwidth to send mails with multiple recipients. The only conceivable exceptions are: * the emergency cure for your ISP's SMTP service trouble. * an experiment for the educational purpose. * your host being a professionally hosted server. [1] You must follow this rule for any hosts on dial-up, DSL, cable services or LAN through some broadband router. Even if your home host has a fixed IP from your ISP, it is still a good idea to follow this rule. Most workstations and home servers fall into this category. 9.6.1.2. Basic configuration of Exim ------------------------------------ In order to use `exim4' or `exim' as your MTA, configure the following: /etc/exim/exim.conf "eximconfig" to create and edit (exim) /etc/exim4/* "dpkg-reconfigure exim4-config" to create and edit (exim4) /etc/inetd.conf comment out smtp to run exim as daemon /etc/email-addresses Add spoofed source address lists check filters using `exim4' or `exim' with `-brw, -bf, -bF, -bV, ...' etc. 9.6.1.3. Setting up a catchall for nonexistent email addresses under Exim ------------------------------------------------------------------------- In `/etc/exim/exim.conf' (Woody or later), in the DIRECTORS part, at the end (after the localuser: director) add a catch-all director that matches all addresses that the previous directors couldn't resolve (per Miquel van Smoorenburg): catchall: driver = smartuser new_address = If one wants to have more a detailed recipe for each virtual domain, etc., add the following at the end of `/etc/exim/exim.conf' (per me, not well tested): *@yourdomain.com ${lookup{$1}lsearch*{/etc/email-addresses} \ {$value}fail} T Then have an "*" entry in `/etc/email-addresses'. 9.6.1.4. Configuring selective address rewriting for outgoing mail under Exim ---------------------------------------------------------------------------- Selective address rewrite for outgoing mail to produce proper "From:" headers can be done using `exim' by configuring near the end of `/etc/exim/exim.conf': *@host1.something.dyndns.org \ "${if eq {${lookup{$1}lsearch{/etc/passwd}{1}{0}}} {1} \ {$0}{$1@something.dyndns.org}}" frFs This rewrites all addresses matching `*@host1.something.dyndns.org'. 1. It searches through `/etc/password' to see if the local part ($1) is a local user or not. 2. If it is a local user, it rewrites the address to the same thing it was in the first place ($0). 3. If it is not a local user, it rewrites the domain part. 9.6.1.5. Configuring SMTP authentication under Exim --------------------------------------------------- Some SMTP services such as yahoo.com require SMTP auth. Configure `/etc/exim/exim.conf' as follows: remote_smtp: driver = smtp authenticate_hosts = smtp.mail.yahoo.com ... smarthost: driver = domainlist transport = remote_smtp route_list = "* smtp.mail.yahoo.com bydns_a" ... plain: driver = plaintext public_name = PLAIN client_send = "^cmatheson3^this_is_my_password" Do not forget double quotes in the last line. 9.6.2. Fetching mail -- Fetchmail --------------------------------- `fetchmail' is run in daemon mode to fetch mail from a POP3 account with an ISP into the local mail system. Configure: /etc/init.d/fetchmail /etc/rc?.d/???fetchmail run update-rc.d fetchmail default priority 30 /etc/fetchmailrc configuration file (chown 600, owned by fetchmail) Information on how to start `fetchmail' as a daemon from the `init.d' script for Potato is confusing (Woody fixed this). See the sample `/etc/init.d/fetchmail' and `/etc/fetchmailrc' files in the example scripts (http://www.debian.org/doc/manuals/debian-reference/examples/). If your email headers are contaminated by ^M due to your ISP's mailer, add "stripcr" to your options in `$HOME/.fetchmailrc': options fetchall no keep stripcr 9.6.3. Processing mail -- Procmail ---------------------------------- `procmail' is a local mail delivery and filter program. One needs to create `$HOME/.procmailrc' for each account that uses it. Example: _procmailrc (http://www.debian.org/doc/manuals/debian-reference/examples/) 9.6.4. Processing spam with `crm114' ------------------------------------ `crm114' package provides `/usr/share/crm114/mailfilter.crm' script which is written in CRM114. This script provides a very effective spam filter which can be trained by feeding the spam and the ham. CRM114 is a small language designed to write filters in; consider it to be a version of grep with super powers. See crm(1). 9.6.5. Reading mail -- Mutt --------------------------- Use `mutt' as the mail user agent (MUA) in combination with `vim'. Customize with `~/.muttrc'; for example: # use visual mode and "gq" to reformat quotes set editor="vim -c 'set tw=72 et ft=mail'" # # header weeding taken from the manual (Sven's Draconian header weeding) # ignore * unignore from: date subject to cc unignore user-agent x-mailer hdr_order from subject to cc date user-agent x-mailer auto_view application/msword .... Add the following to `/etc/mailcap' or `$HOME/.mailcap' to display HTML mail and MS Word attachments inline: text/html; lynx -force_html %s; needsterminal; application/msword; /usr/bin/antiword '%s'; copiousoutput; description="Microsoft Word Text"; nametemplate=%s.doc 9.7. Localization (l10n) ------------------------ Debian is internationalized, offering support for a growing number of languages and local usage conventions. The next subsection lists some of the forms of diversity that Debian currently supports, and the following subsections discuss _localization_, the process of customizing your working environment to allow current input and output of your chosen language(s) and conventions for dates, numeric and monetary formats, and other aspects of a system that differ according to your region. 9.7.1. Basics of localization ----------------------------- There are several aspects to customizing for localization and national language support. 9.7.1.1. Localizing the keyboard -------------------------------- Debian is distributed with keymaps for nearly two dozen keyboards. In Woody, reconfigure the keyboard by: * `dpkg-reconfigure --priority=low console-data # console' * `dpkg-reconfigure --priority=low xserver-xfree86 # XF4' * `dpkg-reconfigure --priority=low xserver-common-v3 # XF3' 9.7.1.2. Localizing data files ------------------------------ The vast majority of Debian software packages support data handling of non-US-ASCII characters through the LC_CTYPE environment variable offered by the _locale_ technology in glibc. * 8-bit clean: practically all programs * other Latin character sets (e.g. ISO-8859-1 or ISO-8859-2): the majority of programs * multibyte languages such as Chinese, Japanese, or Korean: many new applications 9.7.1.3. Localizing the display ------------------------------- X can display any coding, including UTF-8, and supports all fonts. The list includes not only all the 8-bit fonts but also 16-bit fonts such as Chinese, Japanese, or Korean. Multibyte character input method is supported by the Kohta 9.7.10, `Alternative X input methods' mechanism. See Kohta 9.7.9, `Example for a multilingual X window system' and Kohta 9.7.12, `UTF-8 support for the X terminal emulator'. Japanese EUC code display is also available in a (S)VGA graphics console through the `kon2' package. There is an alternative new Japanese display, `jfbterm', which uses a frame-buffer console, too. In these console environments, the Japanese input method must be supplied by the application. Use `egg' package for Emacs and use japanized `jvim' package for a Vim environment. Installation of non Unicode fonts to X will help in displaying documents with any encoding in X. So do not worry too much about encoding of fonts. 9.7.1.4. Localizing messages and documentation ---------------------------------------------- Translations exist for many of the text messages and documents that are displayed in the Debian system, such as error messages, standard program output, menus, and manual pages. Currently, support for manual pages in German, Spanish, Finnish, French, Hungarian, Italian, Japanese, Korean, Polish, Portuguese, Chinese, and Russian is provided through the `manpages-' packages (where is a comma-separated list of two-letter ISO country codes. Use `apt-cache search manpages-|less' to get a list of available Unix manual pages.) To access an NLS manual page, the user must set the environment variable LC_MESSAGES to the appropriate string. For example, in the case of the Italian-language manual pages, LC_MESSAGES needs to be set to `it'. The `man' program will then search for Italian manual pages under `/usr/share/man/it/'. 9.7.2. Locales -------------- Debian supports _locale_ technology. Locale is a mechanism that allows programs to provide suitable output and functionality according to local conventions such as character set, format for date and time, currency symbol, and so on. It uses environment variables to determine the appropriate behavior. For example, assuming you have both the American English and German locales installed on your system, the error messages of many programs can be multilingual: $ LANG="en_US" cat foo cat: foo: No such file or directory $ LANG="de_DE" cat foo cat: foo: Datei oder Verzeichnis nicht gefunden Glibc offers support for this functionality to programs as a library. See locale(7). 9.7.3. Introduction to locales ------------------------------ Full locale description consists of 3 parts: `xx_YY.ZZZZ'. * _`xx'_: ISO 639 language codes (lower case) * _`YY'_: ISO 3166 country codes (upper case) * _`ZZZZ'_: codeset, i.e., character set or encoding identifier. For language codes and country codes, see pertinent description in the `info gettext'. Please note this codeset part may be normalized internally to achieve cross platform compatibility by removing all `-' and by converting all characters into lower case. Typical codesets are: * _UTF-8_: Unicode for all regions, mostly in 1-3 Octets (new de facto standard) * _ISO-8859-1_: western Europe (de facto old standard) * _ISO-8859-2_: eastern Europe (Bosnian, Croatian, Czech, Hungarian, Polish, Romanian, Serbian, Slovak, Slovenian) * _ISO-8859-3_: Maltese * _ISO-8859-5_: Macedonian, Serbian * _ISO-8859-6_: Arabic * _ISO-8859-7_: Greek * _ISO-8859-8_: Hebrew * _ISO-8859-9_: Turkish * _ISO-8859-11_: Thai (=TIS-620) * _ISO-8859-13_: Latvian, Lithuanian, Maori * _ISO-8859-14_: Welsh * _ISO-8859-15_: western Europe with euro * _KOI8-R_: Russian * _KOI8-U_: Ukrainian * _CP1250_: Czech, Hungarian, Polish (MS Windows origin) * _CP1251_: Bulgarian, Byelorussian (MS Windows origin) * _eucJP_: Unix style Japanese (=ujis) * _eucKR_: Unix style Korean * _GB2312_: Unix style Simplified Chinese (=GB, =eucCN) for zh_CN * _Big5_: Traditional Chinese for zh_TW * _sjis_: Microsoft style Japanese (Shift-JIS) As for the meaning of basic encoding system jargons: * _ASCII_: 7 bits (0-0x7f) * _ISO-8859-?_: 8 bits (0-0xff) * _ISO-10646-1_: Universal Character Set (UCS) (31 bits, 0-0x7fffffff) * _UCS-2_: First 16 bit of UCS as straight 2 Octets (Unicode: 0-0xffff) * _UCS-4_: UCS as straight 4 Octets (UCS: 0-0x7fffffff) * _UTF-8_: UCS encoded in 1-6 Octets (mostly in 3 Octets) * _ISO-2022_: 7 bits (0-0xff) with the escape sequence. ISO-2022-JP is the most popular encoding for the Japanese e-mail. * _EUC_: 8 bits + 16 bits combination (0-0xff), Unix style * _Shift-JIS_: 8 bits + 16 bits combination (0-0xff), Microsoft style. ISO-8859-?, EUC, ISO-10646-1, UCS-2, UCS-4, and UTF-8 share the same code with ASCII for the 7 bit characters. EUC or Shift-JIS uses high-bit characters (0x80-0xff) to indicate that part of encoding is 16 bit. UTF-8 also uses high-bit characters (0x80-0xff) to indicate non 7 bit character sequence bytes and this is the most sane encoding system to handle non-ASCII characters. Please note the byte order difference of Unicode implementation: * _Standard UCS-2, UCS-4_: big endian * _Microsoft UCS-2, UCS-4_: little endian for ix86 (machine-dependent) See Kohta 8.6.12, `Convert a text file with `recode'' for conversion between various character sets. For more see Introduction to i18n (http://www.debian.org/doc/manuals/intro-i18n/). 9.7.4. Activating locale support -------------------------------- Debian does _not_ come with all available locales pre-compiled. Check `/usr/lib/locale' to see which locales (besides the default "C") are compiled for your system. If the one you need is not present, you have two options: * Edit `/etc/locale.gen' to add the desired locale, then run `locale-gen' as root to compile it. See locale-gen(8) and the manpages listed in its "SEE ALSO" section. * Run `dpkg-reconfigure locales' to reconfigure the `locales' package. Or if it is not already installed, installing `locales' will invoke the debconf interface to let you choose needed locales and compile the database. 9.7.5. Activating a particular locale ------------------------------------- The following environment variables are evaluated in this order to provide particular locale values to programs: 1. LANGUAGE: This environment variable consists of a colon-separated list of locale names in order of priority. Used only if the POSIX locale is set to a value other than "C" [in Woody; the Potato version always has priority over the POSIX locale]. (GNU extension) 2. LC_ALL: If this is non-null, the value is used for all locale categories. (POSIX.1) Usually "" (null). 3. LC_*: If this is non-null, the value is used for the corresponding category (POSIX.1). Usually "C". LC_* variables are: * LC_CTYPE: Character classification and case conversion. * LC_COLLATE: Collation order. * LC_TIME: Date and time formats. * LC_NUMERIC: Non-monetary numeric formats. * LC_MONETARY: Monetary formats. * LC_MESSAGES: Formats of informative and diagnostic messages and interactive responses. * LC_PAPER: Paper size. * LC_NAME: Name formats. * LC_ADDRESS: Address formats and location information. * LC_TELEPHONE: Telephone number formats. * LC_MEASUREMENT: Measurement units (Metric or Other). * LC_IDENTIFICATION: Metadata about the locale information. 4. LANG: If this is non-null and LC_ALL is undefined, the value is used for all LC_* locale categories with undefined values. (POSIX.1) Usually "C". Note that some applications (e.g., Netscape 4) ignore LC_* settings. The `locale' program can display active locale settings and available locales; see locale(1). (NOTE: `locale -a' lists all the locales that your system knows about; this does _not_ mean that all of them are compiled! See Kohta 9.7.4, `Activating locale support'.) 9.7.6. ISO 8601 date format locale ---------------------------------- The locale support for the international date standard of `yyyy-mm-dd' (ISO 8601 date format) is provided by the locale called `en_DK', "English in Denmark", which is a bit of joke :-) This seems to work only in a console screen for `ls'. 9.7.7. Example for the US (ISO-8859-1) -------------------------------------- Add the following lines to `~/.bash_profile': LC_CTYPE=en_US.ISO-8859-1 export LC_CTYPE 9.7.8. Example for France with Euro sign (ISO-8859-15) ------------------------------------------------------ Add the following lines to `~/.bash_profile': LANG=fr_FR@euro export LANG LC_CTYPE=fr_FR@euro export LC_CTYPE Configure the keyboard for French "AZERTY" as described in Kohta 9.7.1.1, `Localizing the keyboard'; add French manual pages by installing `manpages-fr'. The Right-Alt key in the US is called Alt-Gr in Europe. Pressing this together with other keys creates numerous accented and special characters. For example, Alt-Gr+E creates a Euro sign. Most western European languages can be configured similarly. See Debian Euro HOWTO (http://www.debian.org/doc/manuals/debian-euro-support/) for adding support for the new Euro currency and Utiliser et configurer Debian pour le français (http://www.debian.org/doc/manuals/fr/debian-fr-howto/) for more details in French. 9.7.9. Example for a multilingual X window system ------------------------------------------------- Let us set up a multilingual X window system which simultaneously supports Japanese, English, German, and French with EUC, UTF-8, and ISO-8859-1 encodings in different consoles. I will show you a customization using the Debian menu system. See the details of Debian menu system in /usr/share/doc/menu/html/index.html. I also create a shortcut to the `mozilla' web browser in this example. [1] * add locale support for the Japanese ja_JP.eucJP locale and other required locales using the method described at Kohta 9.7, `Localization (l10n)'. (for all) * install Kana-to-Kanji conversion system and dictionary (for Japanese): * `canna' -- Local server ("free-beer" license), or * `freewnn-jserver' -- Network-extensible server (Public Domain) * install Japanese input method system (for Japanese): * `kinput2-canna' -- for X, or * `kinput2-canna-wnn' -- for X, and * `egg' -- directly works with Emacsen even in console (optional) * Install compatible terminals (for all): * `xterm' -- X (for ISO-8859-1 and UTF-8), * `kterm' -- X (for Japanese EUC), and * `mlterm' -- X (multilingual). * add all the required font packages. (for all) * create the `~/.xsession' that sets the user-specific X environment as described in Kohta 9.4.5.1, `Custom X sessions' (for all): #!/bin/sh # This makes X work when I su to root. if [ -z "$XAUTHORITY" ]; then XAUTHORITY=$HOME/.Xauthority export XAUTHORITY fi # Set specific environment through debian menu system. # Reset locale unset LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES unset LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT unset LC_IDENTIFICATION LC_ALL LANG LANGUAGE PAGER # set locale default in X LANG=C # export locale export LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES export LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT export LC_IDENTIFICATION LC_ALL LANG LANGUAGE PAGER ### # activate input method for Japanese with kinput2 kinput2 & XMODIFIERS="@im=kinput2" export XMODIFIERS # How about blackbox window manager (lightweight) exec blackbox #exec xfwm #exec wmaker * set locale in `~/.bash_profile' for Linux consoles (for all). * remove locale settings from `~/.bashrc', if existed (for all). * create few files in `/etc/menu/' (for all). * `/etc/menu/xterm-local': (add new entries to menu) [2] ?package(xterm):\ needs=x11\ section=XShells\ longtitle="XTerm: terminal emulator (en_US.ISO-8859-1)"\ title="XTerm (en_US.ISO-8859-1)"\ command="sh -c 'LC_ALL=en_US.ISO-8859-1 xterm'" ?package(xterm):\ needs=x11\ section=XShells\ longtitle="XTerm: terminal emulator (de_DE.ISO-8859-1)"\ title="XTerm (de_DE.ISO-8859-1)"\ command="sh -c 'LC_ALL=de_DE.ISO-8859-1 xterm -T xterm-de'" ?package(xterm):\ needs=x11\ section=XShells\ longtitle="XTerm: terminal emulator for X with Unicode support (Japanese)"\ title="UXTerm (ja_JP.UTF-8)"\ command="sh -c 'LC_ALL=ja_JP.UTF-8 uxterm'" * `/etc/menu/kterm': (override the system default) [3] ?package(kterm):\ needs="x11"\ section="XShells"\ command="sh -c 'LC_ALL=ja_JP.eucJP PAGER=w3m /usr/X11R6/bin/kterm -xim'" \ title="Kanji Terminal" ?package(kterm):\ needs="x11"\ section="XShells"\ command="sh -c 'LANG=ja_JP.eucJP \ LC_MESSAGES=en_US.ISO-8859-1 PAGER=w3m /usr/X11R6/bin/kterm -xim'" \ title="Kanji Terminal (bilingal)" * `/etc/menu/mozilla-local': (add a new shortcut) [4] ?package(mozilla-browser):needs="x11" section="/" \ title=" Mozilla Navigator" command="mozilla-1.5" hints="Web browsers" \ icon=/usr/share/pixmaps/mozilla.xpm * run `update-menus' from the root account. * add the following lines to `~/.muttrc' (for Japanese): # UTF-8 support is not popular in popular Japanese EMACS environment # 7-bit encoding of iso-2022-jp is easier for everyone. # default encoding order = us-ascii --> iso-8859-1 --> iso-2022-jp set send_charset="us-ascii:iso-8859-1:iso-2022-jp" set allow_8bit=no * activate XIM `kinput2' for X applications (for Japanese): * add `*inputMethod: kinput2' and `KTerm*VT100*OpenIm: true' to your X resources file, `~/.Xresources' (it looks like Debian takes care of this automatically somehow). * Some applications (such as `mlterm') also allow you to set up `*inputMethod:' and other information dynamically at runtime (press _Ctrl-MouseButton-3_ in `mlterm'). * start X by typing `startx' or from one of the display managers (`xdm', `gdm', `kdm', `wdm', ...) (for all). * start a Japanese-compatible application such as Vim 6, (x)emacs21, mc-4.5, mutt-1.4, ... in `kterm' (for Japanese). (Emacs seems to be the most popular platform, though I do not use it.) * press _Shift+Space_ to toggle Japanese character input mode on and off (for Japanese). * read the localized manual page by starting command in localized console (for all). For other CJK language supports, see the following sections and SuSE pages for CJK (http://www.suse.de/~mfabian/suse-cjk/suse-cjk.html). [1] In this example, 2 bug workarounds are deployed for the version of `blackbox' in 2003. I use `sh -c' in command. Also `~/.menu/*' entry is not used but root requiring `/etc/menu/*' was used instead. [2] Use a file name which does not overwrap with any package names. [3] Use a file name which overwraps with the package name. [4] The slash in `section="/"' enables entry to the initial menu, and the leading space in `title=" Mozilla Navigator"' enables entry to the top of the list. 9.7.10. Alternative X input methods ----------------------------------- There are many alternative X input methods support packages available: Language LC_CTYPE XIM server XMODIFIERS Start key Japanese ja_JP* kinput2 "@im=kinput2" Shift-Space Korean ko_KR* ami "@im=Ami" Shift-Space Chinese(T) zh_TW.Big5 xcin "@im=xcin-zh_TW.big5" Ctrl-Space Chinese(S) zh_CN.GB2312 xcin "@im=xcin-zh_CN.GB2312" Ctrl-Space Japanese input method `kinput2' is offered by the packages such as `kinput2-canna-wnn', `kinput2-canna', and `kinput2-wnn'. Japanese needs dictionary server such as `canna' and `freewnn-jserver' to be practical. 9.7.11. X terminal emulators ---------------------------- There are many X consoles which support simple 8 bit encodings when pertinent font packages are installed: * `xterm' -- The X terminal emulator * `gnome-terminal' -- `xterm' for Gnome * `konsole' -- `xterm' for KDE * `rxvt' -- VT102 terminal (lighter) * `aterm' -- VT102 for Afterstep WM * `eterm' -- VT102 for Enlightment WM * `wterm' -- VT102 for WindowMaker WM Multi-byte encoding supports of X console are provided by `xterm' through UTF-8 encoding (Kohta 9.7.12, `UTF-8 support for the X terminal emulator'). Other traditional encoding supports are in progress (as of 2003). Following packages offer traditional encoding supports: * `aterm-ml' -- Multi-lingual * `kterm' -- Multi-lingual (Japanese, ...) * `rxvt-ml' -- Multi-lingual * `wterm-ml' -- Multi-lingual * `cxterm-big5' -- Chinese (Trad., Big5) * `cxterm-gb' -- Chinese (Simp., GB) * `cxterm-ks' -- Chinese (KS) * `cxterm-jis' -- Japanese * `hanterm-classic' -- Korean (Hangul) * `hanterm-xf' -- Korean (Hangul) * `hztty' -- Chinese (GB, Big5, zW/HZ) For `kterm' (and possibly others), you may want to activate XIM through menu after Ctrl-middle-click mouse action. 9.7.12. UTF-8 support for the X terminal emulator ------------------------------------------------- UTF-8 support for X terminal emulator is provided by the `uxterm' program in the `xterm' package for XFree86 4.x. It enables support for all languages. It is a wrapper around the xterm(1) program that invokes the latter program with the "UXTerm" X resource class set. For example, to enable nice large display of English, Russian, Japanese, Chinese, and Korean characters, add following to your `~/.Xresources' after installing all the pertinent fonts: ! set large font UXTerm*font: -misc-fixed-medium-r-normal-*-18-120-100-100-c-90-iso10646-1 ! Use XIM for Japanese *inputMethod: kinput2 Then run `xrdb -merge ~/.Xresources' to update X resources as described in Kohta 9.4.10, `X resources'. Although most of the popular console program packages such as `vim', `mutt', and `emacs' have been made compatible with UTF-8 recently (Woody-Sarge). Program such as `mc' still is not UTF-8 compatible but simply 8-bit clean. If you are editing 7 bit ASCII part of unknown or mixed encoding file, it is safer to use the locale unaware 8-bit clean editor. See The Unicode HOWTO (http://www.tldp.org/HOWTO/Unicode-HOWTO.html). 9.7.13. Example for UTF-8 in a framebuffer console -------------------------------------------------- UTF-8 support on a FB console is provided by `bterm' used in the `debian-installer'. 9.7.14. Beyond locales ---------------------- When you are first setting the system up for a _national language environment_, please consider using `tasksel' or `aptitude' to find out what packages are selected by choosing the corresponding language environment task. The package choice made is useful even for a multilingual setup. If you encounter any package dependency conflicts during the install to your carefully configured system, avoid installing any software that conflicts with the existing system. You may have to use `update-alternative' to regain the original state for some commands since a newly installed one may have higher priority than existing ones. Newer major programs are using glibc 2.2 and are mostly internationalized. So a specially localized version such as `jvim' for Vim may not be needed as its functionality is offered by `vim' version 6.0 in X. In reality, it is still somewhat rough-edged. Since `jvim' has a version compiled with direct Japanese input method (`canna') support even in the console and addresses many other Japanese-specific issues maturely, you may still want it :-) Programs may need to be configured beyond `locale' configuration to enable a comfortable working environment. The `language-env' package and its command `set-language-env' greatly eases this process. Also see the internationalization document, Introduction to i18n (http://www.debian.org/doc/manuals/intro-i18n/). It is aimed at developers but is also useful for system administrators. 9.8. Multilingualization (m17n) ------------------------------- Kohta 9.7, `Localization (l10n)' enabled by `language-env' package and alike are aimed to achieve monolingual localization. These packages also use traditional encodings as the choice for the text encoding. You cannot mix French and Japanese text in such environment since they use incompatible ISO-8859-1 and EUC-JP encodings respectively. You can obtain multilingualized UTF-8 Desktop using Gnome and KDE programs started under one of the available UTF-8 locales. (Sarge) In such environment, you can mix English, Chinese, Russian, and Japanese characters under UTF-8 compliant softwares. [1] Under such environment, new multilingualized input method (IM) using `scim' is preferred. IM offered by the `scim' is turned on and off by typing Ctrl-Space together. The input conversion engine can be switched by clicking small SCIM panel. `vim' offers the multilingualized environment and can handle both UTF-8 and conventionally encoded files (EUC-JP, ISO-8859-1, ...) when it is run under the UTF-8 console such as `gnome-teminal'. See vim help message with pressing [Esc] and typing `:help mbyte.txt'. [1] `language-env' package is not much useful under the multilingualized environment. ------------------------------------------------------------------------------- 10. Network configuration ------------------------- This chapter focuses on network administration in Debian. For a general introduction to GNU/Linux networking read the Net-HOWTO (http://www.tldp.org/HOWTO/Net-HOWTO/index.html). In order for a Debian host to be able to access the Internet its network interfaces need to be properly configured. The first requirement is kernel support for the devices. Examples of such devices are: Ethernet cards, Wi-Fi cards, and modems. To obtain this support you may need to recompile the kernel or add modules to it as described in Luku 7, `The Linux kernel under Debian'. Configuration of network devices is explained below. The information in this chapter was updated for Sarge. Much of it does not apply to earlier releases. 10.1. Basics of IP networking ----------------------------- A Debian host may have several interfaces each with a different Internet Protocol (IP) address. Interfaces may be of several different types, including: * Loopback: `lo' * Ethernet: `eth0', `eth1', ... * Wi-Fi: `wlan0', `wlan1', `wifi0', ... [1] * Token Ring: `tr0', `tr1', ... * PPP: `ppp0', `ppp1', ... There is a wide range of other network devices available, including SLIP, PLIP (serial and parallel line IP), "shaper" devices for controlling the traffic on certain interfaces, frame relay, AX.25, X.25, ARCnet, and LocalTalk. Every network interface connected directly to the Internet (or to any IP-based network) is identified by a unique 32 bit IP address. [2] The IP address can be divided into the part that addresses the network and the part that addresses the host. If you take an IP address, set to 1 the bits that are part of the network address and set to 0 the bits that are part of the host address then you get the so-called netmask of the network. Traditionally, IP networks were grouped into classes whose net address parts were 8, 16 or 24 bits in length. This system was inflexible and wasted many IP addresses, so today IPv4 networks are allocated with network address parts of varying length. IP addresses net mask length Class A 1.0.0.0 - 126.255.255.255 255.0.0.0 = /8 Class B 128.0.0.0 - 191.255.255.255 255.255.0.0 = /16 Class C 192.0.0.0 - 223.255.255.255 255.255.255.0 = /24 IP addresses not in these ranges are used for special purposes. There are address ranges in each class reserved for use on local area networks (LANs). These addresses are guaranteed not to conflict with any addresses on the Internet proper. (By the same token, if one of these addresses is assigned to a host then that host must not access the Internet directly but must access it through a gateway that acts as a proxy for individual services or else does Network Address Translation.) These address ranges are given in the following table along with the number of ranges in each class. network addresses length how many Class A 10.x.x.x /8 1 Class B 172.16.x.x - 172.31.x.x /16 16 Class C 192.168.0.x - 192.168.255.x /24 256 The first address in an IP network is the address of the network itself. The last address is the broadcast address for the network. [3] All other addresses may be allocated to hosts on the network. Of these, the first or the last address is usually allocated to the Internet gateway for the network. The routing table contains the kernel's information on how to send IP packets to their destinations. Here is a sample routing table printout for a Debian host on a local area network (LAN) with IP address 192.168.50.x/24. Host 192.168.50.1 (also on the LAN) is a router for the corporate network 172.20.x.x/16 and host 192.168.50.254 (also on the LAN) is a router for the Internet at large. # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 127.0.0.0 * 255.0.0.0 U 0 0 2 lo 192.168.50.0 * 255.255.255.0 U 0 0 137 eth0 172.20.0.0 192.168.50.1 255.255.0.0 UG 1 0 7 eth0 default 192.168.50.254 0.0.0.0 UG 1 0 36 eth0 * The first line after the heading says that traffic destined for network `127.x.x.x' will be routed through `lo', the loopback interface. * The second line says that traffic destined for hosts on the LAN will be routed through `eth0'. * The third line says that traffic destined for the corporate network will be routed toward gateway `192.168.50.1' also through `eth0'. * The fourth line says that traffic destined for the Internet at large will be routed toward gateway `192.168.50.254' also through `eth0'. IP addresses in the table may also appear as names that are obtained by looking up addresses in `/etc/networks' or by using the C Library resolver. In addition to routing, the kernel can perform network address translation, traffic shaping and filtering. See the Net-HOWTO (http://www.tldp.org/HOWTO/Net-HOWTO/index.html) and other networking HOWTOs (http://www.tldp.org/HOWTO/Networking-Overview-HOWTO.html) for more background information. [1] Note that some Wi-Fi interfaces are really aliases for Ethernet interfaces, giving access to configuration parameters peculiar to Wi-Fi. These parameters are controlled using the `iwconfig' program. [2] This is true if IP version 4 is being used. In IPv6 addresses are 128 bits. See http://www.ipv6.org/. [3] The address of the network can be obtained by bitwise ANDing an address on the network with the net mask. The broadcast address can be obtained by bitwise ORing the network address with the 1's complement of the net mask. 10.2. Low level network configuration ------------------------------------- The traditional low level network configuration tools on GNU/Linux systems are the `ifconfig' and `route' programs which come in the `net-tools' package. These tools have officially been superseded by `ip' which comes in the `iproute' package. The `ip' program works with Linux 2.2 and higher and is more capable than the old tools. However, the old tools still work and are more familiar to many users. 10.2.1. Low level network configuration -- `ifconfig' and `route' ----------------------------------------------------------------- Here is an illustration of how to change the IP address of interface `eth0' from `192.168.0.3' to `192.168.0.111' and to make `eth0' the route to network `10.0.0.0' via `192.168.0.1'. We begin by running `ifconfig' and `route' without interface arguments in order to display the current status of all network interfaces and routing. # ifconfig eth0 Link encap:Ethernet HWaddr 08:00:46:7A:02:B0 inet addr:192.168.0.3 Bcast:192.168.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:23363 errors:0 dropped:0 overruns:0 frame:0 TX packets:21798 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:13479541 (12.8 MiB) TX bytes:20262643 (19.3 MiB) Interrupt:9 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:230172 errors:0 dropped:0 overruns:0 frame:0 TX packets:230172 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:22685256 (21.6 MiB) TX bytes:22685256 (21.6 MiB) # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 * 255.255.0.0 U 0 0 0 eth0 default 192.168.0.1 255.255.255.255 UG 0 0 0 eth0 First we bring down the interface. # ifconfig eth0 inet down # ifconfig lo Link encap:Local Loopback ... (no more eth0 entry) # route ... (no more routing table entries) Then we bring it up with the new IP address and new routing. # ifconfig eth0 inet up 192.168.0.111 \ netmask 255.255.255.0 broadcast 192.168.0.255 # route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.1 dev eth0 The result: # ifconfig eth0 Link encap:Ethernet HWaddr 08:00:46:7A:02:B0 inet addr:192.168.0.111 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 ... lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 ... # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 * 255.255.255.0 U 0 0 0 eth0 10.0.0.0 192.168.0.1 255.0.0.0 UG 0 0 0 eth0 For more information see ifconfig(8) and route(8). 10.2.2. Low level network configuration -- `ip' ----------------------------------------------- The `ip' equivalents of the preceding `ifconfig' and `route' commands are: * `ip link show' * `ip route list' * `ip link set eth0 down' * `ip addr del dev eth0 local 192.168.0.3' * `ip addr add dev eth0 local 192.168.0.111/24 broadcast 192.168.0.255' * `ip link set eth0 up' * `ip route add dev eth0 to 10.0.0.0/8 src 192.168.0.111 via 192.168.0.1' The `ip' program prints its command syntax when run with the argument `help'. For example, `ip link help' prints: Usage: ip link set DEVICE { up | down | arp { on | off } | dynamic { on | off } | multicast { on | off } | txqueuelen PACKETS | name NEWNAME | address LLADDR | broadcast LLADDR | mtu MTU } ip link show [ DEVICE ] See also ip(8). 10.2.3. Configuring a Wi-Fi interface ------------------------------------- For Wi-Fi interfaces the `iwconfig' program which comes in the `wireless-tools' package is used in addition to either `ifconfig' or `ip'. See iwconfig(8). 10.2.4. Configuring a PPP interface ----------------------------------- If you access the Internet through a modem connected to a dial-up telephone line then the connection is negotiated using the Point-to-Point Protocol (PPP). Such connections are accessed as network interface `ppp0', `ppp1', and so on. A PPP interface is managed by the PPP daemon `pppd' which comes in the `ppp' package. Thus, for the user, configuring a PPP interface means configuring `pppd'. 10.2.4.1. Configuring `pppd' manually ------------------------------------- For a network link to be established, a communication port (usually a serial port) needs to be opened, commands have to be sent to a communication device (usually a modem), a telephone number may have to be dialed, identity has to be authenticated to a foreign PPP daemon, a PPP interface has to be created by the kernel and then routing tables have to be modified so that traffic can be sent over the link. `pppd' can do all of this and consequently has a very long list of operating options. These options are described in pppd(8). On a Debian system, global options are set up in `/etc/ppp/options'. User-specific options are set up in `~/.ppprc'. Options that must depend on the communication port used are stored in `/etc/ppp/options.'. For example, suppose you have two modems---a built-in Lucent LT modem accessed through /dev/LT-modem and an external modem accessed through /dev/ttyS0. Create the following two options files. # cat > /etc/ppp/options.LT-modem < /etc/ppp/options.ttyS0 < /etc/ppp/peers/KPN < /etc/ppp/peers/Planet < /etc/ppp/peers/KPN-Amsterdam < /etc/ppp/peers/KPN-DenHaag < /etc/ppp/peers/Planet-Amsterdam < /etc/ppp/peers/Planet-DenHaag < /etc/chatscripts/KPN-DenHaag < CONNECT \d\c EOF # cat > /etc/chatscripts/Planet-DenHaag < CONNECT \d\c EOF To be able to connect to these ISPs you need client names and passwords that `pppd' can supply to the peer on demand. This information is stored either in `/etc/ppp/pap-secrets' (if the PAP protocol is used) or in `/etc/ppp/chap-secrets' (if the CHAP protocol is used). Although CHAP is more secure, PAP is still more widely used. Because these files contain secrets, group and world should not have permission to read or write them. The format of these files is explained in pppd(8). A "secret" (third field) is looked up in the file by finding the client name (first field) and/or the server name (second field). When connecting to an ISP one generally doesn't know the server name, so one supplies a client name instead; this was done on the `user' lines in `peers/KPN' and `peers/Planet' above. # client name server name secret kpn * kpn user3579@planet.nl * myfavoritepet See `/usr/share/doc/ppp/README.Debian.gz' for more information. [1] This options file is included using the `call' option. 10.2.4.2. Configuring `pppd' using `pppconfig' ---------------------------------------------- A quick way to configure `pppd' is to use the `pppconfig' program which comes in the package of the same name. `pppconfig' sets up files like those above after asking the user questions through a menu interface. 10.2.4.3. Configuring a PPP interface using `wvdial' ---------------------------------------------------- A different approach to using `pppd' is to run it from `wvdial' which comes in the `wvdial' package. Instead of `pppd' running `chat' to dial in and negotiate the connection, `wvdial' does the dialing and initial negotiating and then starts `pppd' to do the rest. Given only phone number, username, and password `wvdial' succeeds in making the connection in most cases. 10.3. Naming the computer ------------------------- 10.3.1. Hostname ---------------- The kernel maintains a system _hostname_. The initscript `/etc/init.d/hostname.sh' sets the system hostname at boot time (using the `hostname' command) to the name stored in `/etc/hostname'. This file should contain _only_ the system hostname, not a fully qualified domain name. To print out the current hostname run `hostname' without an argument. 10.3.2. Mailname ---------------- The _mailname_ of a host is the name that mail-related programs use to identify the host. The file `/etc/mailname' contains of this name followed by a newline. The mailname is usually a fully qualified domain name that resolves to one of the host's IP addresses. See mailname(5). What the recipient of e-mail sees in the `From:' header of mail sent by your Debian host depends on how Mail User Agents (MUA) and Mail Transfer Agents (MTA) are configured. Suppose a local user `' sends a mail from a host with mailname `'. The `From:' header of outgoing e-mail will be: * "`From: @'" if the MUA has no `From:' header set; * "`From: @'" if the MUA has "`From: '" set; * "`From: @'" if the MUA has "`From: @'" set. Even when the MUA has a `From:' header set the MTA may add a "`Sender:@'" header to indicate its true origin. Of course when any involved MTA performs address rewriting as discussed in Kohta 9.6.1.3, `Setting up a catchall for nonexistent email addresses under Exim' and Kohta 9.6.1.4, `Configuring selective address rewriting for outgoing mail under Exim', the e-mail address seen by the recipient can be changed to something else. 10.4. Domain Name Service (DNS) ------------------------------- Hosts are referred to by domain name as well as by IP address. DNS is a client-server system in which name resolvers consult nameservers in order to associate domain names with IP addresses and other properties of hosts. The GNU C Library resolver(3) can also look up IP addresses in files or consult Network Information Services (NIS). Some software (e.g., GNOME) expects the system hostname to be resolvable to an IP address with a canonical fully qualified domain name. This is really improper because system hostnames and domain names are two very different things; but there you have it. In order to support that software, it is necessary to ensure that the system hostname can be resolved. Most often this is done by putting a line in `/etc/hosts' containing some IP address and the system hostname. If your system has a permanent IP address then use that; otherwise use the address 127.0.1.1. 127.0.0.1 localhost 127.0.1.1 uranus To see whether your system hostname can be resolved to an IP address with a fully qualified domain name, use the `hostname --fqdn' command. 10.4.1. The resolver -------------------- The job of finding out what IP addresses are associated with a particular domain name is the job of a resolver. The most commonly used resolver is the set of functions that go by that name (resolver(3)) in the GNU C Library. Another is the FireDNS resolver which comes in the `libfiredns' package. There are others. How the GNU LIBC resolver resolves names is governed by the `hosts' line in the `/etc/nsswitch.conf' configuration file. This line lists the services that should be used to resolve a name: e.g., `dns', `files', `nis', `nisplus'. See nsswitch.conf(5). Insofar as the `files' service is used, the behavior of the resolver is also governed by the `/etc/hosts' configuration file. See hosts(5). All of the above files are static and can be edited with your favorite editor. Insofar as the `dns' service is used, the behavior of the resolver is also governed by the `/etc/resolv.conf' configuration file. See resolv.conf(5). One of the important functions of `resolv.conf' is to list the IP addresses of nameservers that will be contacted to resolve the name. This list often has to depend upon the network environment and the network environment may change from time to time while your computer is running. Programs such as `pppd' and `dhclient' are able to manipulate `resolv.conf' to add and remove lines, but these features do not always work properly and they conflict with one another. The `resolvconf' package solves the problem better by providing a standard framework for updating this file. See Kohta 10.4.2, `Managing nameserver information -- `resolvconf''. 10.4.2. Managing nameserver information -- `resolvconf' ------------------------------------------------------- The `resolvconf' package provides a framework for dynamic management of information about available nameservers. It solves the long standing problem of how to maintain dynamic lists of nameservers for the resolver and DNS caches to use. Resolvconf sets itself up as the intermediary between programs that control network interfaces and supply nameserver information, and applications that need nameserver information. `resolvconf' is designed to work without any manual configuration needing to be done. However, the package is quite new and may require some manual intervention to get it to work properly. This is certainly true if you have ever customized packages so that they update `/etc/resolv.conf': you will need to disable your customizations. See /usr/share/doc/resolvconf/README.gz for details. 10.4.3. Caching looked-up names -- `nscd', `dnsmasq', `pdnsd', `bind9' ---------------------------------------------------------------------- If your nameserver is slow to respond then you may want to use `nscd' to cache the results of things that are looked up using the `libc6' resolver. If you want to cache results for other hosts on your local network then you may want to run a caching forwarding nameserver such as `dnsmasq' or `pdnsd'. If you wish you can also use `bind9''s `named' as a caching forwarding nameserver. It is a heavy program, though, so unless you need its advanced features you are better off with one of the packages mentioned earlier. All of these packages work well with `resolvconf'. 10.4.4. Providing Domain Name Service -- `bind' ----------------------------------------------- If you need to provide authoritative name service for a domain then you need a fully fledged nameserver such as `named' which comes in the `bind9' package. If you install `bind9' you should also install `dnsutils'. You may also want to install these utility packages: `bind9-host'; `dns-browse'; `dnscvsutil'; `nslint'. You may also want to install this documentation package: `bind9-doc'. You may also want to install these development packages: `libbind-dev'; `libnet-dns-perl'. If you configure interfaces using DHCP then you may find this package useful: `dhcp-dns'. Install `bind9' or `dpkg-reconfigure' it to do the basic set-up. Configuration consists of editing `named.conf'. In Debian this file is found in `/etc/bind/' and is used mainly to define the basic DNS zones; it `includes' two other files: `named.conf.local', used for defining local zones, and `named.conf.options', used for setting options. (The latter is processed by `resolvconf' to produce `/var/run/bind/named.options' which is the same as the original except that the `forwarders' specification is a list of the currently available non-local nameservers. To make use of this, change the `include' line in `named.conf' so that it includes `/var/run/bind/named.options'. See Kohta 10.4.2, `Managing nameserver information -- `resolvconf''.) Database files named in `named.conf*' without a full pathname will be stored in `/var/cache/bind/'. This is the right place to store files generated by `named': for example, database files for zones for which the daemon is secondary. Static database files in `/etc/bind/' are and must be referred to in `named.conf' by their full path names. See /usr/share/doc/bind9/README.Debian.gz for details. 10.5. Configuring network interfaces using DHCP ----------------------------------------------- Low-level configuration of network interfaces can be automated by means of the Dynamic Host Configuration Protocol (DHCP). Your firewall or router box or your broadband ISP may furnish IP addresses and other parameters this way. To make this work you must install one of the following packages: * `dhcp3-client' (version 3, Internet Software Consortium) * `dhcpcd' (Yoichi Hariguchi and Sergei Viznyuk) * `pump' (Red Hat) `pump' is simple and widely used. `dhcp3-client' is complex but more configurable. [1] [1] As of April 2004 there is also a `dhcp-client' package available. This contains version 2 of the ISC DHCP Client. This has been superseded by version 3 which is currently packaged as `dhcp3-client'. The maintainers plan to rename `dhcp3-client' to `dhcp-client' after the release of Sarge. Make sure you do not have the experimental versions of `dhcp-client' installed. `ifupdown' does not work with them. 10.6. High level network configuration in Debian ------------------------------------------------ 10.6.1. High level network configuration using `ifupdown' --------------------------------------------------------- In order to make network configuration easier Debian provides a standard high level network configuration tool consisting of the `ifup' and `ifdown' programs and the `/etc/network/interfaces' file. [1] If you choose to use `ifupdown' to do your network configuration then normally you should _not_ use low-level commands too. This means also that you should not use other high level configuration tools such as `whereami', `divine', `intuitively', etc., that call low level configuration tools. The `ifupdown' program was written with the intent that it alone be used to configure and deconfigure network interfaces. To update interface configuration do this: # ifdown eth0 # editor /etc/network/interfaces # tweak as you wish # ifup eth0 For more information see interfaces(5), /usr/share/doc/ifupdown/examples/network-interfaces.gz, and ifup(8). [1] The `/etc/network/interfaces' file format for current versions of `ifupdown' is slightly incompatible with the file format for earlier Potato versions of the package. The `ifupdown' post-installation script should upgrade the file automatically if necessary. However, it is a good idea to check over the converted file. 10.6.1.1. Configuring an interface with a static IP address ----------------------------------------------------------- Suppose you want to configure an Ethernet interface such that it has a fixed IP address of `192.168.0.111'. This address begins with `192.168.0' so it must be on a LAN. Suppose further that `192.168.0.1' is the address of the LAN's gateway to the Internet. Edit `/etc/network/interfaces' so that it includes a stanza like this: iface eth0 inet static address 192.168.0.111 netmask 255.255.255.0 gateway 192.168.0.1 You can configure other aspects of the interface or perform other actions after the interface is brought up or before it is brought down by specifying appropriate commands on "up" and "down" lines. iface eth0 inet static address 192.168.0.111 netmask 255.255.255.0 gateway 192.168.0.1 up route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.2 dev $IFACE down route del -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.0.2 dev $IFACE up echo Interface $IFACE going up | /usr/bin/logger -t ifup down echo Interface $IFACE Going down | /usr/bin/logger -t ifdown Alternatively, commands can be inserted into scripts in the `/etc/network/if-up.d' and `/etc/network/if-down.d' directories. Such scripts can also implement extended options. See interfaces(5) for details. For example, the `resolvconf' package includes scripts that allow you to add options specifying DNS information to be included in `/etc/resolv.conf' while the interface is up: iface eth0 inet static address 192.168.0.111 netmask 255.255.255.0 gateway 192.168.0.1 dns-search somedomain.org dns-nameservers 195.238.2.21 195.238.2.22 The argument `somedomain.org' of the `dns-search' option corresponds to the argument of a `search' option in resolv.conf(5). The arguments `195.238.2.21' and `195.238.2.22' of the `dns-nameservers' option correspond to the arguments of `nameserver' options. Other recognized options are `dns-domain' and `dns-sortlist'. See Kohta 10.4.2, `Managing nameserver information -- `resolvconf''. 10.6.1.2. Configuring an interface using DHCP --------------------------------------------- To configure an interface using DHCP edit `/etc/network/interfaces' so that it includes a stanza like this: iface eth0 inet dhcp In order for this to work you must have installed one of the DHCP clients mentioned in Kohta 10.5, `Configuring network interfaces using DHCP'. 10.6.1.3. Configuring a Wi-Fi interface --------------------------------------- The `wireless-tools' package includes a hook script `/etc/network/if-pre-up.d/wireless-tools' which makes it possible to configure Wi-Fi (802.11a/b/g) hardware before the interface is brought up. Configuration is done using the `iwconfig' program; see iwconfig(8). For each possible command parameter of `iwconfig' you can include an option in `/etc/network/interfaces' named like that parameter with a "wireless-" prefix. For example, to set the ESSID of `eth0' to `myessid' and the encryption key to `123456789e' prior to bringing `eth0' up using DHCP, edit `/etc/network/interfaces' so that it includes a stanza like this: iface eth0 inet dhcp wireless-essid myessid wireless-key 123456789e Note that you should not use this method of setting the ESSID and key if you are running `waproamd' for this interface. By the time `ifup' is run `waproamd' has already set the ESSID and key. See Kohta 10.8.4, `Triggering network configuration -- `waproamd''. 10.6.1.4. Configuring a PPP interface ------------------------------------- The `ifup' and `ifdown' programs use `pon' and `poff' to add and remove PPP interfaces so first read Kohta 10.2.4, `Configuring a PPP interface'. Suppose you have set up PPP to work with peer `myisp'. Edit `/etc/network/interfaces' so that it includes a stanza like this: iface ppp0 inet ppp provider myisp With this stanza in place, `ifup ppp0' does pon myisp Unfortunately it is currently not possible to provide additional `pppd' options in a `ppp' stanza in `/etc/network/interfaces'. [1] It is currently not possible to use `ifupdown' to perform auxiliary configuration of PPP interfaces. Because `pon' exits before `pppd' has finished making the connection, `ifup' runs `up' scripts before the PPP interface is ready for use. Until this bug [2] is fixed it remains necessary to do auxiliary configuration in `/etc/ppp/ip-up' or `/etc/ppp/ip-up.d/'. [1] See bug #196877 (http://bugs.debian.org/196877). [2] See bug #127786 (http://bugs.debian.org/127786). 10.6.1.5. Configuring a PPPoE interface --------------------------------------- Many broadband Internet Service Providers (ISPs) use PPP to negotiate connections even though customer machines are connected to them through Ethernet and/or ATM networks. This is accomplished by means of PPP over Ethernet (PPPoE) which is a technique for the encapsulation of PPP streams inside of Ethernet frames. Suppose your ISP is called `'. First configure PPP and PPPoE for peer `'. The easiest way to do this is to install the `pppoeconf' package and to run `pppoeconf' from the console. Then edit `/etc/network/interfaces' so that it includes a stanza like this: iface eth0 inet ppp provider There are sometimes Maximum Transmit Unit (MTU) issues with PPPoE over Digital Subscriber Line (DSL). See DSL-HOWTO (http://www.tldp.org/HOWTO/DSL-HOWTO/) for details. Note that if your broadband modem contains a router then the modem/router handles the PPPoE connection itself and appears on the LAN side as a simple Ethernet gateway to the Internet. 10.6.1.6. Configuring multiple Ethernet interfaces for a gateway ---------------------------------------------------------------- Suppose `eth0' is connected to the Internet with a DHCP-configured IP address and `eth1' is connected to the LAN with static IP address `192.168.1.1'. Edit `/etc/network/interfaces' so that it includes stanzas like these: iface eth0 inet dhcp iface eth1 inet static address 192.168.1.1 netmask 255.255.255.0 If you activate NAT on this host as described in Kohta 10.12, `Building a gateway router' then you can share the Internet connection with all the hosts on the LAN. 10.6.1.7. Configuring virtual interfaces ---------------------------------------- Using virtual interfaces you can configure a single Ethernet card to be an interface to several IP subnetworks. For example, suppose your host is on LAN network 192.168.0.x/24. You want to connect the host to the Internet using a public IP address provided via DHCP using your existing Ethernet card. Edit `/etc/network/interfaces' so that it includes stanzas like these: iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 iface eth0:0 inet dhcp The interface `eth0:0' is a virtual interface. When it is brought up, so will its parent `eth0'. 10.6.2. High level network configuration using `ifupdown' logical interface definitions ---------------------------------------------------------------------------- In the following it will be important for the reader to understand the difference between a _physical interface_ and a _logical interface_. [1] A _physical_ interface is what we have been calling "the interface", the thing that the kernel names `eth0', `eth1', `ppp0', or what have you. A _logical_ interface is a set of values that can be assigned to the variable parameters of a physical interface. If you find that confusing, replace the expression "configured as logical interface " with the expression "configured with interface profile " as you read. The `iface' definitions in `/etc/network/interfaces' are actually definitions of logical interfaces, not of physical interfaces. [2] If you never want to reconfigure your interfaces then you can ignore this fact since the physical interface will by default be configured as logical interface . However, suppose your computer is a laptop that you transport between home and work. When you connect the computer to the corporate network or to your home LAN you need to configure `eth0' accordingly. First define two logical interfaces `home' and `work' (instead of `eth0' as we did earlier) which describe how the interface should be configured for the home network and the work network, respectively. iface home inet static address 192.168.0.123 netmask 255.255.255.0 gateway 192.168.0.1 iface work inet static address 81.201.3.123 netmask 255.255.0.0 gateway 81.201.1.1 Then physical interface `eth0' can be brought up for the home network with the appropriate configuration by specifying it on the command line: # ifup eth0=home To reconfigure `eth0' for the work network issue the commands: # ifdown eth0 # ifup eth0=work Note that with the `interfaces' file written as above it will no longer be possible to bring up `eth0' by doing `ifup eth0' alone. The reason is that `ifup' uses the physical interface name as the default logical interface name and now in our example no `eth0' logical interface is defined. [1] This terminology is used in the `ifupdown' documentation. [2] Note that the interfaces named on `auto' lines must be physical interfaces, not logical interfaces. 10.6.3. Automatic network configuration using `ifupdown' -------------------------------------------------------- Interface names can be "mapped" to other names when `ifup' runs. How names are mapped can be made to depend on circumstances. Thus `ifup' can be so configured that it brings up a given physical interface as the appropriate logical interface among a set of predefined alternatives. Logical interface name mapping occurs as follows: * If no logical interface name is given on the `ifup' command line then the physical interface name is used as the initial logical interface name. * If the logical interface name matches the glob-pattern of a `mapping' stanza then that mapping is applied to generate a new logical interface name. This is done for each mapping stanza in turn. * If the final logical interface name is the label of a logical interface definition in `/etc/network/interfaces' then the physical interface is brought up as that logical interface. Otherwise `ifup' prints a message that it is "Ignoring unknown interface" and exits. The syntax of a `mapping' stanza is: mapping script [map