Adding current state of documentation to github
This commit is contained in:
parent
f237f33e89
commit
3aaad6e45c
|
@ -0,0 +1,76 @@
|
|||
This document is licensed under the Creative Commons Attribution NonCommercial
|
||||
ShareAlike 2.0 Belgium license. The general overview of this license can be
|
||||
seen at http://creativecommons.org/licenses/by-nc-sa/2.0/be/deed.en
|
||||
|
||||
The full legal text is available below this. The document text is in Dutch.
|
||||
|
||||
---
|
||||
|
||||
Creative Commons Legal Code
|
||||
|
||||
Naamsvermelding – NietCommercieel - GelijkDelen 2.0
|
||||
CREATIVE COMMONS CORPORATION IS GEEN ADVOCATENKANTOOR EN VERLEENT GEEN JURIDISCHE DIENSTEN. DE VERSPREIDING VAN DEZE LICENTIE VEROORZAAKT GEEN JURIDISCHE OF CONTRACTUELE RELATIE TUSSEN DE PARTIJEN BIJ DEZE LICENTIE EN CREATIVE COMMONS. CREATIVE COMMONS VERSTREKT DEZE INFORMATIE ZOALS ZE IS, ZONDER GARANTIE. CREATIVE COMMONS STAAT NIET IN VOOR DE VERSTREKTE INFORMATIE EN SLUIT ALLE AANSPRAKELIJKHEID UIT VOOR WELKE SCHADE DAN OOK DIE ZOU VOORTVLOEIEN UIT HET GEBRUIK VAN DEZE INFORMATIE.
|
||||
|
||||
Licentie
|
||||
|
||||
HET WERK (ZOALS HIERONDER OMSCHREVEN) WORDT TER BESCHIKKING GESTELD OVEREENKOMSTIG DE BEPALINGEN VAN DEZE CREATIVE COMMONS PUBLIC LICENSE (HIERNA “CCPL” OF “LICENTIE”). HET WERK WORDT BESCHERMD DOOR HET AUTEURSRECHT, EN/OF, INDIEN RELEVANT, DOOR DE NABURIGE RECHTEN, OF HET SUI GENERIS DATABANKENRECHT EN/OF ELK KRACHTENS DE GELDENDE WETGEVING VAN TOEPASSING ZIJNDE RECHT.
|
||||
ELK GEBRUIK VAN HET WERK DAT NIET UITDRUKKELIJK DOOR DEZE LICENTIE TOEGESTAAN WORDT, IS VERBODEN.
|
||||
ELK GEBRUIK VAN HET WERK, OP EEN MANIER DIE ONDER EEN IN DEZE LICENTIE BEHANDELD RECHT VALT, BRENGT DE AANVAARDING VAN DEZE LICENTIE MET ZICH MEE. DOOR DEZE LICENTIE KENT DE LICENTIEGEVER U DE HIERNA OMSCHREVEN RECHTEN TOE INDIEN U DE VOLGENDE BEPALINGEN EN VOORWAARDEN AANVAARDT
|
||||
1. Definities
|
||||
|
||||
1. Met “Collectief Werk” wordt een werk bedoeld waarin het Werk, in zijn geheel en in ongewijzigde vorm, samen met een aantal andere bijdragen, die elk een afzonderlijk en zelfstandig Werk vormen, tot een collectief geheel is samengevoegd. Collectieve Werken zijn onder andere geregeld een uitgave van een tijdschrift, bloemlezingen of encyclopedieën. Een Werk dat een Collectief Werk is, zal, krachtens deze Licentie, niet beschouwd worden als een Afgeleid Werk (zoals hieronder omschreven).
|
||||
2. Met "Afgeleid Werk" wordt een werk bedoeld dat gebaseerd is op het Werk of op het Werk en andere reeds bestaande werken, zoals een vertaling, een muziekarrangement, een toneel-, literaire of cinematografische bewerking, een geluidsopname, een kunstreproductie, een ingekorte versie, een samenvatting of elke andere vorm waarin het Werk gewijzigd, omgezet of bewerkt kan worden, met uitzondering van de Collectieve Werken, die niet als Afgeleide Werken zullen beschouwd worden in de zin van deze Licentie. Om onduidelijkheid te vermijden zal, indien het Werk een muziekwerk of een fonogram is, de synchronisatie van het Werk met een bewegend beeld (“synching”) als een Afgeleid Werk in de zin van deze Licentie beschouwd worden.
|
||||
3. Met "Licentiegever" wordt de natuurlijke persoon of rechtspersoon bedoeld die de rechten op het Werk toekent volgens de bepalingen van deze Licentie.
|
||||
4. Met "Oorspronkelijke Auteur” wordt de natuurlijke persoon bedoeld die het Werk gemaakt heeft of, indien het gaat om een voorwerp dat door een naburig recht beschermd wordt, de oorspronkelijke titularis van het naburig recht.
|
||||
5. Met "Werk” wordt het Werk van letterkunde of kunst bedoeld dat beschermd wordt door het auteursrecht en dat het voorwerp is van deze licentie. Voor de toepassing van deze Licentie omvat het “Werk” ook voorwerpen die beschermd worden door een naburig recht, zoals een uitvoering, een fonogram, een eerste vastlegging van film of radio-uitzending, alsook de databanken die beschermd worden door een sui generis-recht, voor zover deze het voorwerp vormen van deze licentie. Indien nodig, zullen de bepalingen van deze Licentie op zo een manier geïnterpreteerd worden dat ze op dergelijke beschermde voorwerpen toegepast kunnen worden.
|
||||
6. Met "U" wordt de natuurlijke persoon of rechtspersoon bedoeld die het Werk gebruikt op een wijze die geregeld wordt door de rechten waarop deze Licentie betrekking heeft en die de bepalingen van deze Licentie met betrekking tot het Werk niet eerder geschonden heeft of die de uitdrukkelijke toestemming van de Licentiegever gekregen heeft om rechten krachtens deze Licentie uit te oefenen ondanks een eerdere schending van deze.
|
||||
7. Met "Licentiekenmerken" worden de volgende generieke kenmerken van de licentie bedoeld, zoals gekozen door de Licentiegever en aangeduid in de titel van deze Licentie: Naamsvermelding, NietCommercieel, GelijkDelen.
|
||||
|
||||
2. Uitzonderingen en beperkingen op de exclusieve rechten
|
||||
|
||||
Niets in deze Licentie heeft de bedoeling de toepassing van de uitzonderingen op de exclusieve rechten van de rechthebbenden, de uitputting van deze rechten of andere beperkingen op deze rechten krachtens het auteursrecht, de naburige rechten, het sui generis databankenrecht of elk ander van toepasselijk recht te verminderen, te begrenzen of te beperken.
|
||||
3. Omvang van de toegekende Licentie
|
||||
|
||||
In overeenstemming met de bepalingen en voorwaarden van deze Licentie, verleent de Licentiegever U een licentie die wereldwijd, gratis, niet-exclusief en onbeperkt in tijd (voor de volledige duur van de bescherming van het Werk door het auteursrecht, de naburige rechten, het sui generis recht op de databanken) is om de volgende rechten met betrekking tot het Werk uit te oefenen:
|
||||
|
||||
1. het reproduceren, op welke wijze en in welke vorm dan ook, van het Werk, het opnemen van het Werk in één of meer Collectieve Werken en het reproduceren van het Werk zoals het opgenomen is in de genoemde Collectieve Werken;
|
||||
2. het maken en reproduceren van Afgeleide Werken;
|
||||
3. het uitlenen en verspreiden van exemplaren van het Werk, het meedelen aan het publiek en het ter beschikking stellen van het publiek. Hetzelfde geldt voor het Werk wanneer het opgenomen is in een Collectief Werk;
|
||||
4. het uitlenen en verspreiden van exemplaren van Afgeleide Werken, ze meedelen aan het publiek en ze ter beschikking stellen van het publiek;
|
||||
5. indien het Werk een databank is, het opvragen en hergebruiken van substantiële delen van de databank.
|
||||
|
||||
De hierboven vermelde rechten mogen uitgeoefend worden op alle bekende en onbekende dragers, media en formaten, met uitzondering van onbekende exploitatievormen. U heeft eveneens het recht om die wijzigingen aan het Werk aan te brengen die technisch noodzakelijk zijn voor de uitoefening van de hoger genoemde rechten op andere dragers, media en formaten. Oorspronkelijke Auteur ziet af van de uitoefening van zijn/haar morele rechten met betrekking tot de wijzigingen die technisch noodzakelijk zijn.
|
||||
De Licentiegever behoudt zich alle rechten voor die niet uitdrukkelijk overgedragen zijn in deze Licentie, waaronder inbegrepen, doch niet beperkt tot, de rechten die onder sectie 4(e) opgenomen zijn.
|
||||
|
||||
4. Beperkingen De in artikel 3 toegekende licentie wordt uitdrukkelijk op de volgende manier beperkt:
|
||||
|
||||
1. U mag het Werk enkel in overeenstemming met de bepalingen van deze Licentie, uitlenen, verspreiden, ter beschikking stellen van het publiek of meedelen aan het publiek op voorwaarde dat U een kopie van deze Licentie of de Uniform Resource Identifier van deze Licentie toevoegt aan elke kopie van het Werk dat U uitleent, verspreidt, ter beschikking stelt van het publiek of meedeelt aan het publiek. U mag geen voorwaarden op het gebruik van het Werk aanbieden of opleggen die de bepalingen van deze Licentie of de uitoefening van de toegekende rechten wijzigen of beperken. U mag het werk niet in onderlicentie geven. U moet alle aanduidingen die verwijzen naar deze Licentie en naar de garantieclausule en de uitsluiting van aansprakelijkheid intact houden. U mag het Werk niet uitlenen, verspreiden, ter beschikking stellen van het publiek of meedelen aan het publiek indien daarbij een technische maatregel gebruikt wordt die de toegang tot of het gebruik van het Werk op een met de bepalingen van deze Licentie strijdige wijze controleert. Het voorgaande geldt voor het Werk dat opgenomen is in een Collectief Werk maar dat houdt niet in dat het Collectief Werk zelf, afgezien van het Werk, onderworpen wordt aan de bepalingen van deze Licentie. Indien U een Collectief Werk maakt, dan moet U, op aanvraag van om het even welke Licentiegever en in de mate van het mogelijke, elke verwijzing naar de Licentiegever of de Oorspronkelijke Auteur uit het Collectief Werk verwijderen. Indien U een Afgeleid Werk maakt, dan moet U, op aanvraag van om het even welke Licentiegever en in de mate van het mogelijke, elke verwijzing naar de Licentiegever of de Oorspronkelijke Auteur uit het Afgeleide Werk verwijderen.
|
||||
2. U mag een Afgeleid Werk enkel uitlenen, verspreiden, ter beschikking stellen van het publiek of meedelen aan het publiek krachtens de bepalingen van deze Licentie, van een latere versie van deze Licentie met dezelfde Licentiekenmerken als deze Licentie of van een Creative Commons iCommons-licentie die dezelfde Licentiekenmerken bevat als deze Licentie (bv. Naamsvermelding – Niet-Commercieel – Gelijk Delen 2.0 Japan). U moet een kopie van deze Licentie, of elk andere licentie die in de voorafgaande zin gespecificeerd werd, of de Uniform Resource Identifier van deze Licentie toevoegen aan elke kopie van het Afgeleid Werk dat U uitleent, verspreidt, ter beschikking stelt van het publiek of meedeelt aan het publiek. U mag geen voorwaarden op het gebruik van het Afgeleid Werk aanbieden of opleggen die de bepalingen van deze Licentie of de uitoefening van de toegekende rechten wijzigen of beperken. U moet alle aanduidingen die verwijzen naar deze Licentie en naar de garantieclausule en de uitsluiting van aansprakelijkheid intact houden. U mag het Afgeleid Werk niet uitlenen, verspreiden, ter beschikking stellen aan het publiek of meedelen aan het publiek indien daarbij een technische maatregel gebruikt wordt die de toegang tot of het gebruik van het Werk op een met de bepalingen van deze Licentie strijdige wijze controleert. Het voorgaande geldt voor het Afgeleid Werk dat opgenomen is in een Collectief Werk maar dat houdt niet in dat het Collectief Werk zelf, afgezien van het Afgeleid Werk, onderworpen wordt aan de bepalingen van deze Licentie.
|
||||
3. U mag geen enkel van de door artikel 3 aan U toegekende rechten uitoefenen op een manier die voornamelijk bedoeld is voor of gericht is op het bekomen van een commercieel voordeel of een persoonlijke financiële compensatie. De uitwisseling van het Werk tegen andere Werken, die beschermd worden door het auteursrecht, de naburige rechten of het sui generis databankenrecht, door het elektronisch delen van bestanden of op een andere wijze, wordt niet beschouwd als zijnde bedoeld voor of gericht op het bekomen van een commercieel voordeel of een persoonlijke financiële compensatie, op voorwaarde dat de uitwisseling van de beschermde Werken geen betaling of financiële compensatie met zich meebrengt.
|
||||
4. Indien U het Werk, Afgeleide Werken of Collectieve Werken uitleent, verspreidt, ter beschikking stelt aan het publiek of meedeelt aan het publiek, dan moet U alle informatie betreffende het beheer van rechten met betrekking tot het Werk intact houden en, op een wijze die redelijk is in verhouding tot het gebruikte medium of middel, verwijzen naar de Oorspronkelijke Auteur, door het verstrekken van de naam van de Oorspronkelijke Auteur (of het pseudoniem indien van toepassing) indien deze wordt vermeld; de titel van het Werk indien deze wordt vermeld; in de mate dit redelijkerwijze mogelijk is en indien deze beschikbaar is, de Uniform Resource Identifier, dat de Licentiegever aanduidt als verbonden met het Werk, tenzij die URI niet verwijst naar de informatie betreffende het beheer van rechten met betrekking tot het Werk of naar de van toepassing zijnde licenties op het Werk; en in het geval van een Afgeleid Werk, door het aanduiden van het gebruik van het Werk in het Afgeleid Werk en door het identificeren van de elementen (bijvoorbeeld, door de aanduiding “Franse vertaling van het Oorspronkelijk Werk door de Auteur” “Franse vertaling van het Werk door de Oorspronkelijke Auteur” of “scenario gebaseerd op het Oorspronkelijk Werk door de Oorspronkelijke Auteur”). De verwijzing naar de Oorspronkelijke Auteur moet gebeuren op een redelijke manier. In het geval van een Afgeleid Werk of een Collectief Werk, moeten deze verwijzingen echter minstens weergegeven worden op dezelfde plaats en op dezelfde wijze als andere vergelijkbare auteursvermeldingen.
|
||||
5. Deze Licentie wijzigt geenszinsnde regeling van de billijke vergoedingen, die eventueel van kracht is in België of in andere landen, ter compensatie van de wettelijke erkenning van gedwongen licenties en heeft geen invloed op de inning van deze vergoedingen.
|
||||
|
||||
5. Garantieclausule en uitsluiting van aansprakelijkheid
|
||||
|
||||
TENZIJ ER TUSSEN DE PARTIJEN SCHRIFTELIJK ANDERS OVEREENGEKOMEN IS, BIEDT DE LICENTIEGEVER HET WERK AAN ZOALS HET IS EN DOET DE LICENTIEGEVER GEEN VERKLARINGEN OVER HET WERK OF VERPLICHT HIJ ZICH TOT GEEN ENKELE GARANTIE, ONGEACHT OF DEZE UITDRUKKELIJK OF STILZWIJGEND, KRACHTENS DE WET OF OP EEN ANDERE GRONDSLAG RUST, HIERIN BEGREPEN, MAAR NIET BEPERKT TOT DE GARANTIE TEGEN UITWINNING, DE COMMERCIALISEERBAARHEID VAN HET WERK, DE FUNCTIONELE CONFORMITEIT, DE AFWEZIGHEID VAN INBREUK OP RECHTEN VAN DERDEN, DE AFWEZIGHEID VAN VERBORGEN OF ANDERE GEBREKEN, DE NAUWKEURIGHEID VAN HET WERK OF DE AFWEZIGHEID VAN FOUTEN EN GEBREKEN MET BETREKKING TOT DE INFORMATIE, ONGEACHT OF DEZE AL DAN NIET OPSPOORBAAR ZIJN. INDIEN DE OP DEZE LICENTIE VAN TOEPASSELIJKE WETGEVING EEN DERGELIJKE UITSLUITING VAN VERANTWOORDELIJKHEID VERBIEDT OF REGLEMENTEERT, DAN IS DEZE UITSLUITING VAN AANSPRAKELIJKHEID EN GARANTIE SLECHTS IN DE MATE TOEGELATEN DOOR DE WET VAN TOEPASSING.
|
||||
6. Beperking van aansprakelijkheid
|
||||
|
||||
VOOR ZOVER DE VAN TOEPASSELIJKE WETGEVING DIT TOELAAT, ZAL DE LICENTIEGEVER IN GEEN ENKEL GEVAL AANSPRAKELIJK GEACHT WORDEN VOOR WELKE RECHTSTREEKSE OF ONRECHTSTREEKSE, MATERIËLE OF MORELE SCHADE DAN OOK, DIE VOORTVLOEIT UIT DEZE LICENTIE OF UIT HET GEBRUIK VAN HET WERK, ONGEACHT OF DE LICENTIEGEVER INGELICHT WERD OVER DE MOGELIJKHEID VAN DERGELIJKE SCHADE.
|
||||
7. Beëindiging
|
||||
|
||||
1. Elke inbreuk op de bepalingen van deze Licentie waarvoor U verantwoordelijk bent, leidt tot de ontbinding van rechtswege van deze Licentie en het einde van de rechten die er uit voortvloeien. Niettemin behouden de licenties op Afgeleide Werken of Collectieve Werken, die door U krachtens deze Licentie verleend werden aan natuurlijke personen of rechtspersonen, hun werking ten opzichte van deze natuurlijke personen of rechtspersonen, voor zover deze personen de bepalingen van deze licenties niet schenden. De artikels 1, 2, 5, 6, 7 en 8, blijven van kracht ongeacht de beëindiging van deze Licentie.
|
||||
2. Indien de hierboven vermelde bepalingen en voorwaarden in acht genomen worden, is deze licentie onbeperkt in tijd (voor de duur van de bescherming van het Werk door het auteursrecht, de naburige rechten en het sui generis databankenrecht). Desalniettemin behoudt de Licentiegever zich op elk ogenblik het recht voor om het Werk onder een andere licentie of onder andere voorwaarden te exploiteren of om elke verspreiding van het Werk stop te zetten, zonder dat het gebruik maken van deze mogelijkheid deze Licentie (of elke andere licentie die, krachtens de bepalingen van deze Licentie, verleend werd of verleend moest worden) ongedaan kan maken, en deze Licentie zal onverminderd van kracht blijven tenzij de beëindiging intreedt wegens de hoger aangegeven redenen.
|
||||
|
||||
8. Diversen
|
||||
|
||||
1. Telkens U het Werk of een Collectief Werk uitleent, verspreidt, meedeelt of ter beschikking stelt van het publiek, verleent de Licentiegever aan de ontvanger een licentie die van toepassing is op het Werk en die dezelfde bepalingen en voorwaarden bevat als deze Licentie.
|
||||
2. Telkens U het Afgeleid Werk uitleent, verspreidt, meedeelt of ter beschikking stelt van het publiek, verleent de Licentiegever aan de ontvanger een licentie die van toepassing is op het oorspronkelijke Werk en die dezelfde bepalingen en voorwaarden bevat als deze Licentie
|
||||
3. Indien een bepaling uit deze Licentie, krachtens het van toepassing zijnde recht, nietig of niet afdwingbaar is, dan zal dit geen invloed hebben op de geldigheid en de afdwingbaarheid van de andere bepalingen. In dit geval zal, zonder dat enige tussenkomst van de partijen hiervoor nodig is, een dergelijke bepaling op een zodanige wijze geïnterpreteerd worden dat haar geldigheid en afdwingbaarheid gevrijwaard blijven.
|
||||
4. Geen enkele afstand ten opzichte van de bepalingen en voorwaarden van deze Licentie wordt vermoed zonder een schriftelijke overeenkomst die ondertekend is door de partij die afstand doet. Geen enkele inbreuk op deze Licentie wordt door de andere partij aanvaard zonder schriftelijke overeenkomst, ondertekend door deze partij.
|
||||
5. Deze Licentie is het enige contract tussen de partijen met betrekking tot het Werk, dat het voorwerp is van deze Licentie. Er bestaat geen enkele overeenkomst of document van welke aard dan ook, die betrekking heeft op het Werk, bovenop wat hier bepaald is. De Licentiegever is gebonden door geen enkele bijkomende verplichting die voortvloeit uit enige communicatie afkomstig van U, ongeacht de vorm. Deze Licentie kan niet gewijzigd worden zonder de schriftelijke overeenkomst van beide partijen.
|
||||
|
||||
Creative Commons is geen partij bij deze Licentie en verleent geen enkele garantie met betrekking tot het Werk. Creative Commons sluit alle verantwoordelijkheid met betrekking tot deze Licentie tegenover U en tegenover elke derde uit, ongeacht de juridische grondslag van deze verantwoordelijkheid en ongeacht de aard van de opgelopen schade, of deze rechtstreeks of onrechtstreeks, materieel of moreel is.
|
||||
Zonder dat afbreuk gedaan wordt aan de vorige alinea, zal Creative Commons, indien deze zich uitdrukkelijk bekendgemaakt heeft als Licentiegever in het kader van deze Licentie, alle rechten en plichten van Licentiegever bezitten.
|
||||
Met uitzondering van het gebruik dat bestemd is om het publiek te informeren dat het Werk onder CCPL valt, zal geen enkele partij het merk “Creative Commons” of enige andere aanduiding of logo dat toekomt aan Creative Commons gebruiken zonder de voorafgaande schriftelijke instemming van Creative Commons. Elk door Creative Commons toegelaten gebruik moet in overeenstemming zijn met de trademark usage guidelines die van kracht zijn op het ogenblik van het gebruik, zoals deze gepubliceerd worden op de website of beschikbaar worden gesteld op individueel verzoek.
|
||||
Creative Commons kan gecontacteerd worden op http://creativecommons.org/
|
||||
|
|
@ -0,0 +1,112 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
||||
<!ENTITY whatislinux.xml SYSTEM "linux_sea/01-whatislinux.xml">
|
||||
<!ENTITY freesoftware.xml SYSTEM "linux_sea/02-freesoftware.xml">
|
||||
<!ENTITY community.xml SYSTEM "linux_sea/03-community.xml">
|
||||
<!ENTITY runninglinux.xml SYSTEM "linux_sea/04-runninglinux.xml">
|
||||
<!ENTITY linuxfs.xml SYSTEM "linux_sea/05-linuxfs.xml">
|
||||
<!ENTITY processes.xml SYSTEM "linux_sea/06-processes.xml">
|
||||
<!ENTITY kernelbuilding.xml SYSTEM "linux_sea/07-kernelbuilding.xml">
|
||||
<!ENTITY hardwaremanagement.xml SYSTEM "linux_sea/08-hardwaremanagement.xml">
|
||||
<!ENTITY softwaremanagement.xml SYSTEM "linux_sea/09-softwaremanagement.xml">
|
||||
<!ENTITY usermanagement.xml SYSTEM "linux_sea/10-usermanagement.xml">
|
||||
<!ENTITY networkmanagement.xml SYSTEM "linux_sea/11-networkmanagement.xml">
|
||||
<!ENTITY servicemanagement.xml SYSTEM "linux_sea/12-servicemanagement.xml">
|
||||
<!ENTITY storagemanagement.xml SYSTEM "linux_sea/13-storagemanagement.xml">
|
||||
<!ENTITY systemmanagement.xml SYSTEM "linux_sea/14-systemmanagement.xml">
|
||||
<!ENTITY graphicenvironment.xml SYSTEM "linux_sea/15-graphicenvironment.xml">
|
||||
<!ENTITY installgentoo.xml SYSTEM "linux_sea/16-installgentoo.xml">
|
||||
|
||||
<!ENTITY tipsandanswers.xml SYSTEM "linux_sea/90-tipsandanswers.xml">
|
||||
<!ENTITY glossary.xml SYSTEM "linux_sea/91-glossary.xml">
|
||||
<!ENTITY genindex.sgm SYSTEM "genindex.sgm">
|
||||
]>
|
||||
<book>
|
||||
<title>Linux Sea</title>
|
||||
|
||||
<bookinfo>
|
||||
<title>Linux Sea</title>
|
||||
|
||||
<author>
|
||||
<firstname>Sven</firstname>
|
||||
|
||||
<surname>Vermeulen</surname>
|
||||
</author>
|
||||
|
||||
<authorblurb>
|
||||
<para>
|
||||
Sven Vermeulen is a Gentoo Linux documentation developer, largely
|
||||
to blame for the Gentoo Handbook and a large number of Gentoo-related
|
||||
guides. You can find him online under the alias "SwifT" or reach him
|
||||
through his Gentoo e-mail address "swift@gentoo.org".
|
||||
</para>
|
||||
</authorblurb>
|
||||
|
||||
<abstract>
|
||||
<para>
|
||||
The book "Linux Sea" offers a gentle yet technical (from end-user
|
||||
perspective) introduction to the Linux operating system, using Gentoo
|
||||
Linux as the example Linux distribution. It does not nor will it ever
|
||||
talk about the history of the Linux kernel or Linux distributions or
|
||||
dive into details that are less interesting for Linux users.
|
||||
</para>
|
||||
<para>
|
||||
For various topics, the online Gentoo Handbook offers a very detailed
|
||||
approach and as such is mandatory reading for any Gentoo Linux user who
|
||||
wants to know the full power of this Operating System. Although there is
|
||||
definitely overlap between "Linux Sea" and the online Gentoo Handbook,
|
||||
"Linux Sea" is by no means meant to replace the online Gentoo Handbook.
|
||||
</para>
|
||||
<para>
|
||||
"Linux Sea" will attempt to focus on topics that everyday users would
|
||||
probably need to know to continue working with Gentoo Linux.
|
||||
</para>
|
||||
</abstract>
|
||||
|
||||
<edition>Linux Sea v1.1</edition>
|
||||
|
||||
<copyright>
|
||||
<year>2009, 2010</year>
|
||||
|
||||
<holder>Sven Vermeulen</holder>
|
||||
</copyright>
|
||||
|
||||
<legalnotice>
|
||||
<para>
|
||||
You are free to share (copy, distribute and transmit) the work as well
|
||||
as remix (adapt) the work under the conditions of the Creative Commons
|
||||
Attribution Noncommercial Share Alike 2.0 license, available at
|
||||
http://creativecommons.org/licenses/by-nc-sa/2.0/be/deed.en
|
||||
</para>
|
||||
</legalnotice>
|
||||
</bookinfo>
|
||||
|
||||
<toc></toc>
|
||||
|
||||
<!-- Part - On Linux and Free Software -->
|
||||
&whatislinux.xml;
|
||||
&freesoftware.xml;
|
||||
&community.xml;
|
||||
<!-- Part - Working with Linux -->
|
||||
&runninglinux.xml;
|
||||
&linuxfs.xml;
|
||||
&processes.xml;
|
||||
<!-- Part - Simple System Administration -->
|
||||
&kernelbuilding.xml;
|
||||
&hardwaremanagement.xml;
|
||||
&softwaremanagement.xml;
|
||||
&usermanagement.xml;
|
||||
&networkmanagement.xml;
|
||||
&servicemanagement.xml;
|
||||
&storagemanagement.xml;
|
||||
&systemmanagement.xml;
|
||||
&graphicenvironment.xml;
|
||||
<!-- Part - Installing Gentoo Linux -->
|
||||
&installgentoo.xml;
|
||||
<!-- Part - Addenda -->
|
||||
&tipsandanswers.xml;
|
||||
&glossary.xml;
|
||||
|
||||
&genindex.sgm;
|
||||
</book>
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,791 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>How does Free Software affect Linux?</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>The Linux OS has become increasingly popular mainly due to the
|
||||
freedom it allows (and of course also the low or zero-fee price of the
|
||||
entire operating system). In this chapter we see how these freedoms come
|
||||
to life and how they are protected and sustained.</para>
|
||||
|
||||
<para>We also take a look at the development model used by free software
|
||||
projects in general because it is a major result of said freedoms, one
|
||||
that makes free software projects often more interesting than
|
||||
closed-source commercial software projects. The development model is also
|
||||
one of the major strengths of free software.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Free Software</title>
|
||||
|
||||
<para>If we take a step back from all technical aspects, Linux differs
|
||||
from the closed-source commercial software in an important aspect:
|
||||
licensing. Licensing is what drives free software...</para>
|
||||
|
||||
<section>
|
||||
<title>What are Software Licenses?</title>
|
||||
|
||||
<para>Software is someone's intellectual property. Intellectual
|
||||
property<indexterm>
|
||||
<primary>intellectual property</primary>
|
||||
</indexterm> is a heavy word that shouldn't be interpreted to anything
|
||||
else than the result of some effort to create something that is not a
|
||||
plain copy. If you write some text, the resulting text is your
|
||||
intellectual property (unless you've copied it from somewhere).</para>
|
||||
|
||||
<para>Intellectual property is protected by law. Copyright<indexterm>
|
||||
<primary>copyright</primary>
|
||||
</indexterm> protects your intellectual property by prohibiting others
|
||||
to copy, adapt, reproduce and/or redistribute your ``thing'' without
|
||||
your consent. Mind you though that not every intellectual property is
|
||||
copyright protected and copyright differs from country to country. An
|
||||
example of intellectual property that isn't copyright protected is a
|
||||
mathematical method: even though the inventor of the method had to
|
||||
ponder years and years on it, his method isn't copyright protected (but
|
||||
if he wrote a text about this method, the text itself is). Copyright is
|
||||
automatically assigned: it doesn't cost you anything and it is broadly
|
||||
accepted.</para>
|
||||
|
||||
<para>Another protection is a patent<indexterm>
|
||||
<primary>patent</primary>
|
||||
</indexterm>. Patents are (or should be) granted to new inventions who
|
||||
are not known to the public at the time of the patent request. Patents
|
||||
are often used to protect intellectual property that isn't protected by
|
||||
the copyright: methods for doing stuff (including medical compositions).
|
||||
Sadly, the industry is often abusing patents for much more when they
|
||||
have a patent with a broad action field: the patent covers too much,
|
||||
allowing the company to force others not to use a method they actually
|
||||
do have the right to use. Also, both the request and the patent grant
|
||||
are very costly and only larger companies have the abilities to obtain
|
||||
(and protect) several patents. Smaller companies or individuals don't
|
||||
have the means to obtain a patent, let alone protect themselves in a
|
||||
court because they might have used a method that is described in one or
|
||||
more patents.</para>
|
||||
|
||||
<para>I use the word <emphasis>abuse</emphasis> because companies often
|
||||
get patents for methods that are broadly used or are so silly that you'd
|
||||
wonder what patent office (patent requests are - or should be - checked
|
||||
for their validity before they are granted) has granted those
|
||||
patents.</para>
|
||||
|
||||
<para>I'll abstain from elaborating on this (politically sensitive)
|
||||
topic more and move on to <emphasis>software
|
||||
licenses</emphasis><indexterm>
|
||||
<primary>software license</primary>
|
||||
</indexterm>. A software license is a contract between you, the
|
||||
software user, and the software copyright owner. It tells you what you
|
||||
can and cannot do with the software. Any software that is not licensed
|
||||
is fully copyright protected, meaning you shouldn't even have it, let
|
||||
alone run it.</para>
|
||||
|
||||
<para>Most commercial-grade licenses are often called the
|
||||
EULAs<indexterm>
|
||||
<primary>EULA</primary>
|
||||
</indexterm>, or End User License Agreements. They usually say what
|
||||
you are allowed to do with the software (often including what you are
|
||||
allowed to use the software for). The EULAs more often stress what is
|
||||
denied rather than allow anything. One of the many topics is
|
||||
redistribution of the software. Most EULAs explicitly disallow
|
||||
redistribution.</para>
|
||||
|
||||
<para>Linux (and free software in general) is different. The
|
||||
accompanying license grants you the right to copy the software, obtain
|
||||
the source code, modify it and redistribute it (with or without
|
||||
modifications) and even sell it. Because there are many variations
|
||||
possible there are many popular licenses.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>What Licenses Exist?</title>
|
||||
|
||||
<para>I'll list a few of the more popular licenses here, but be advised,
|
||||
there are more than 800 licenses around. Many of those licenses are
|
||||
quite similar (or are exactly the same) and the free software community
|
||||
should start to consolidate all those licenses in a much smaller set.
|
||||
Sadly, they haven't done so yet. Luckily, the 90-10 rule here applies:
|
||||
90% of all free software uses 10% of the free software (or other)
|
||||
licenses. The other licenses are only marginally used, sometimes just
|
||||
for a single application.</para>
|
||||
|
||||
<section>
|
||||
<title>Public Domain</title>
|
||||
|
||||
<para>When software is placed under the public domain, you're free to
|
||||
do whatever you want with it: the author waves any right he can to
|
||||
allow for full freedom of his software.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>MIT License and some BSD-like Licenses</title>
|
||||
|
||||
<para>The MIT license and some BSD-like licenses are almost like the
|
||||
public domain, but ask you to keep the copyright notice intact. This
|
||||
is a very popular license because the author allows you to do whatever
|
||||
you want as long as you keep his name on the product copyright notice
|
||||
as well.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>GPL</title>
|
||||
|
||||
<para>The GNU Public License<indexterm>
|
||||
<primary>GPL</primary>
|
||||
</indexterm> is the most widely used free software license, but for
|
||||
some people also the most restrictive free software license. The GPL
|
||||
tells you that you can do whatever you want with the software, as long
|
||||
as you provide the source code of your modifications to whoever you
|
||||
distributed the modified version to and as long as this modification
|
||||
is under the GPL as well.</para>
|
||||
|
||||
<para>The Linux kernel is GPL licensed.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>OSI Approved Licenses</title>
|
||||
|
||||
<para>An OSI approved license is a license that adheres to the
|
||||
<emphasis>Open Source Definition</emphasis><indexterm>
|
||||
<primary>Open Source Definition</primary>
|
||||
</indexterm> written down by the <emphasis>Open Source
|
||||
Initiative</emphasis><indexterm>
|
||||
<primary>Open Source Initiative</primary>
|
||||
</indexterm><indexterm>
|
||||
<primary>OSI</primary>
|
||||
</indexterm> of which the following points are a free
|
||||
interpretation:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>free redistribution</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>source code available</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>modifications are allowed (including redistribution)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>no discrimination (people, fields ...)</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>FSF Approved Licenses</title>
|
||||
|
||||
<para>An FSF<indexterm>
|
||||
<primary>FSF</primary>
|
||||
</indexterm> approved license adheres to the <emphasis>Free Software
|
||||
</emphasis><indexterm>
|
||||
<primary>free software</primary>
|
||||
</indexterm>definition written down by the <emphasis>Free Software
|
||||
Foundation</emphasis> of which the following points are the core of
|
||||
the definition:</para>
|
||||
|
||||
<para>You should be free to ...</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>run the program for any purpose</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>study how the program works and adapt it to your
|
||||
needs</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>redistribute copies</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>improve the program and release your changes to the
|
||||
public</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Free Software isn't Non-Commercial</title>
|
||||
|
||||
<para>Free software is often perceived to be a pure hobbyist project: it
|
||||
would not be commercially viable to bring free software to the
|
||||
enterprise world. After all, if software is freely available, what kind
|
||||
of profit could a company make from it. Nothing could be further from
|
||||
the truth...</para>
|
||||
|
||||
<para>It is true that free software requires a different look on
|
||||
software in a commercial environment (including companies). Companies
|
||||
who <emphasis>use</emphasis> software want to be assured that they have
|
||||
support for the software when things go wrong. They often close (costly)
|
||||
support contracts with the software company where service level
|
||||
agreements (abbreviated to SLAs) are defined. Based on these contracts,
|
||||
the company has the assurance that if certain services become
|
||||
unavailable, the supporting company will do whatever it can to bring the
|
||||
service back or, in some occasions, compensate the financial damage that
|
||||
the downfall has caused.</para>
|
||||
|
||||
<para>Most of the time, these support contracts are closed with the
|
||||
software company itself because it has the most knowledge of the
|
||||
software (as it is probably the only company with access to the software
|
||||
code). Sadly, as good as this reason is, companies don't look at free
|
||||
software ``because there is no support''. This isn't true; support for
|
||||
free software is still (commercially) available, but most of the time
|
||||
not from the creators themselves. And although this scares the
|
||||
companies, the reason why this support is still as good as with
|
||||
off-the-shelf software remains the same: the supporting company has
|
||||
access to the source code of the tool and has professional knowledge
|
||||
about the tool. It probably has developers in the software project
|
||||
itself.</para>
|
||||
|
||||
<para>Companies that <emphasis>sell</emphasis> software are of course
|
||||
often against free software. When these companies major income depends
|
||||
on the sales of their software, it would not be viable to make the
|
||||
software free. If they would, competiting companies would have full
|
||||
access to the source code and improve their own product with it.</para>
|
||||
|
||||
<para>I don't think this is a disadvantage though. Software companies
|
||||
should use their main strength: knowledge about the tool. As mentioned
|
||||
before, other companies often want to close support contracts to ensure
|
||||
the service that the software delivers; if the software company creates
|
||||
free software, this wouldn't change. For many software companies,
|
||||
support contracts are the main source of income.</para>
|
||||
|
||||
<para>It is still possible to sell free software; some pioneering
|
||||
companies are payed to made modifications to free software because
|
||||
companies don't have the resources to do so themselves. These companies
|
||||
can keep the modifications private if the free software license allows
|
||||
this) but can also bring these modifications to the public by
|
||||
contributing it to the software project itself.</para>
|
||||
|
||||
<para>A major proof of this is the acceptance of free software by major
|
||||
software players such as Sun Microsystems and IBM, and the emergance of
|
||||
new software players that build their business upon free software, such
|
||||
as RedHat or MySQL<indexterm>
|
||||
<primary>MySQL</primary>
|
||||
</indexterm> (recently acquired by Sun Microsystems). The latter
|
||||
company uses a dual-licensed software approach: the MySQL source code is
|
||||
available in two licenses, a free software one for the public and a more
|
||||
closed one for companies who want support from MySQL itself. Using a
|
||||
dual-licensed approach allows the company to support a fixed state of
|
||||
their product while keeping the software free. Supporting a fixed state
|
||||
of the product is of course much easier than to support the software in
|
||||
general.</para>
|
||||
|
||||
<para>However, don't think that every free software project is
|
||||
enterprise-ready or that you will be able to find (paid) support for
|
||||
every software project. You should carefully check out every software
|
||||
title you want to use if you want to use software, free or not. For end
|
||||
users, distributions help you to pick software. If a distribution
|
||||
packages a certain software title, it feels that the software title is
|
||||
stable and well supported.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>So Linux is Free?</title>
|
||||
|
||||
<para>Yes, Linux is free. It is certainly free in the sense of ``free
|
||||
speech'' and although most software titles are also free in the sense of
|
||||
``free beer'', you shouldn't be surprised to see distributions you can
|
||||
or have to pay for. In that case, you can be paying for the software
|
||||
medium (the burned DVD), accompanying printed documentation, 30-day
|
||||
installation and usage support or for the resources that the
|
||||
distribution has to acquire itself (like infrastructure).</para>
|
||||
|
||||
<para>Most distributions have free downloads with online documentation
|
||||
and wonderfull community support (active mailing lists or Internet
|
||||
fora), which is why Linux is that popular: you can download, install and
|
||||
use several distributions to decide which one is best for you. You can
|
||||
try the software (without loosing any functionality) and you don't even
|
||||
have to pay for it to continue using it (as is the case with
|
||||
shareware<indexterm>
|
||||
<primary>shareware</primary>
|
||||
</indexterm>). Gentoo is one of those distribution projects. Such
|
||||
distributions get their financial backing (for infrastructure and
|
||||
organisational needs, including juridical support and bureaucratic
|
||||
paperwork) from user donations or sales of pressed DVDs. Companies also
|
||||
tend to support distributions financially or with hardware / bandwidth
|
||||
donations.</para>
|
||||
|
||||
<para>Some distributions are only available when you pay for it. In that
|
||||
case you often pay for the support or for additional software in the
|
||||
distribution which isn't freely available. A popular distribution is
|
||||
RedHat Enterprise Linux, a Linux distribution specifically targetting
|
||||
companies who want to set up Linux servers. You don't just pay for the
|
||||
support, but also for the resources that RedHat has put in the
|
||||
distribution to make it certified for other software (such as Oracle and
|
||||
SAP) so that you can run (with support from the software company) this
|
||||
software on your RHEL installations.</para>
|
||||
|
||||
<para>It is important however to understand that distribution projects
|
||||
only develop a very small part of the software that you install on your
|
||||
system. Most software comes from other free software projects and these
|
||||
projects often don't get gifts from the distribution projects.
|
||||
Nonetheless they do face the same problems as any other (larger) free
|
||||
software project: bureaucratic paperwork, juridical support,
|
||||
infrastructure needs, ... So it comes to no surprise that these projects
|
||||
also have the same income streams as the distribution projects: user
|
||||
gifts, commercial sponsorship and software / support sales.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Development Model</title>
|
||||
|
||||
<para>Due to the nature of free software projects, you'll find that it has
|
||||
quite some differences with closed-source commercial, off the shelf
|
||||
software...</para>
|
||||
|
||||
<section>
|
||||
<title>Multi-Project Development</title>
|
||||
|
||||
<para>One distribution provides an aggregation of software. Each of
|
||||
those software titles is built by a software project which usually
|
||||
differs from the distribution project. Hence, when you install a
|
||||
distribution on your system, it contains software from hundreds of
|
||||
software projects around the world.</para>
|
||||
|
||||
<para>So to obtain support for a flaw you found, or an issue you come
|
||||
across, the first place to seek support would be the distribution, but
|
||||
chances are that the distribution will put the support question
|
||||
<emphasis>upstream</emphasis><indexterm>
|
||||
<primary>upstream</primary>
|
||||
</indexterm>, meaning that it forwards the request to the software
|
||||
project that develops the software you have an issue with.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Transparent Development</title>
|
||||
|
||||
<para>Free software is usually developed transparently: if you are
|
||||
interested in the development of your favorite software title, you can
|
||||
quickly find out how its development works and how to
|
||||
participate.</para>
|
||||
|
||||
<para>Usually, software projects use a <emphasis>concurrent versioning
|
||||
system</emphasis><indexterm>
|
||||
<primary>concurrent versioning system</primary>
|
||||
</indexterm> such as CVS<indexterm>
|
||||
<primary>CVS</primary>
|
||||
</indexterm> or SVN<indexterm>
|
||||
<primary>SVN</primary>
|
||||
</indexterm> to keep the source code in. Such systems allow for dozens
|
||||
(or even hundreds) of developers to work on the same source code
|
||||
simultaneously and keep track of all changes that have happened (so they
|
||||
can easily be reverted). This isn't just for free software projects -
|
||||
almost all software projects use such a system. However, free software
|
||||
projects usually allow non-developers to see the progress of the
|
||||
development by giving them read-only access to the system. This way, you
|
||||
can track every change to the software personally.</para>
|
||||
|
||||
<para>To discuss the future of the software, or to take software design
|
||||
decisions, most free software projects can't use real-life meetings:
|
||||
their developers are scattered around the world. A solution to this
|
||||
problem are communication systems such as mailing lists, IRC (chat) or
|
||||
forums (Internet or Usenet). Most of these communication systems are
|
||||
also open for non-developers to participate in the discussions, meaning
|
||||
that end users have direct communication with developers.</para>
|
||||
|
||||
<para>The latter has a major advantage: changes requested by the users
|
||||
are directly communicated to the developers so that misinterpretation is
|
||||
less frequent, allowing for projects to update their software more
|
||||
accurate and frequent.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Fast Release Cycles</title>
|
||||
|
||||
<para>Larger free software projects have hundreds of contributors and
|
||||
several dozens of developers. Those developers are very motivated to
|
||||
work on the software by passion. If they weren't, they wouldn't be
|
||||
working on the software as there usually is no other incentive to work
|
||||
for (such as a nice pay check) although it must be said that there are
|
||||
software projects (and they aren't small in numbers) who have paid
|
||||
developers as well. As a result, the software is quickly progressing and
|
||||
new features are added quickly (some projects even have new features on
|
||||
an almost daily basis).</para>
|
||||
|
||||
<para>To make sure that new features and fixes are tested properly,
|
||||
software development snapshots are communicated to a broad community of
|
||||
testers and stable snapshots are often released to the general public as
|
||||
a new release of the software. Different release types are commonly used
|
||||
in free software environments:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><emphasis>nightly snapshots</emphasis><indexterm>
|
||||
<primary>release</primary>
|
||||
|
||||
<secondary>nightly snapshot</secondary>
|
||||
</indexterm> are extracts of the source code at a certain period
|
||||
in time which are built and put online for everyone to use. These
|
||||
releases are automatically generated and are bleeding-edge as they
|
||||
represent the state of the software title only a few moments ago.
|
||||
They are highly experimental and only meant for developers or
|
||||
experienced contributors</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>development releases</emphasis> are intermediate
|
||||
releases, similar to nightly snapshots, but somewhat more
|
||||
coördinated by the developers. They usually have a
|
||||
ChangeLog<indexterm>
|
||||
<primary>ChangeLog</primary>
|
||||
</indexterm> which lists the changes in it since the previous
|
||||
release. Such releases are meant for experienced contributors and
|
||||
testers who don't mind the software to be broken from time to
|
||||
time.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>beta releases</emphasis><indexterm>
|
||||
<primary>release</primary>
|
||||
|
||||
<secondary>beta</secondary>
|
||||
</indexterm> contain a preliminary vision of how the final release
|
||||
will look like. It might not be fully stable or complete but
|
||||
individuals who don't participate in the frequent tests can try and
|
||||
see if the new release would still work for them and contain the
|
||||
fixes they requested. Beta releases are also important for
|
||||
distributions as they can now start developing packages for the
|
||||
software so that they are ready when the final release of the
|
||||
software is made.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>release candidates</emphasis><indexterm>
|
||||
<primary>release</primary>
|
||||
|
||||
<secondary>candidate</secondary>
|
||||
</indexterm> are proposals for final releases. They contain the
|
||||
software such as the developers would like to release it. They now
|
||||
wait for a certain period so that the testers and general public can
|
||||
run their tests to ensure no bugs are in it anymore. New features
|
||||
aren't added to the software now, only bug fixes. When no new (or
|
||||
major) bugs are found, the release candidate is converted to a new
|
||||
release</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><emphasis>stable release</emphasis><indexterm>
|
||||
<primary>release</primary>
|
||||
|
||||
<secondary>stable</secondary>
|
||||
</indexterm> are the final releases of the entire development
|
||||
process. These releases are now used by the users and distributions
|
||||
and the entire development process can start over.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Stable releases also tend to be released in specific gradations,
|
||||
reflected by their version number. A popular numbering scheme is x.y.z
|
||||
where:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>x is the major version; this version number is only updated
|
||||
when the software has been substantially changed. Often such
|
||||
releases also require all packages that depend on it to be updated
|
||||
as well because they might use features or libraries that are
|
||||
changed.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>y is the minor version; this version number is updated every
|
||||
time the software has been updated with lots of new features</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>z is the bugfix version; this version number is updated
|
||||
whenever mainly bug fixes have been added to the software</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>As an example I'll list the release dates for the KDE 4.1 release.
|
||||
Since KDE is a complete graphical environment its release cycle is
|
||||
``slower'' than others. Yet if you compare it with the release cycle of
|
||||
for instance Microsoft Windows its still blazingly fast. Of course, that
|
||||
would be like comparing apples with glass...</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>2008-04-29: KDE 4.1.0 alpha1 is released</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>2008-05-27: KDE 4.1.0 beta1 is released</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>2008-06-24: KDE 4.1.0 beta2 is released</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>2008-07-15: KDE 4.1.0 release candidate is released</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>2008-07-29: KDE 4.1.0 is released</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>2008-09-03: KDE 4.1.1 is released</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>2008-10-03: KDE 4.1.2 is released</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>2008-11-05: KDE 4.1.3 is released</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Just for your information, KDE 4.2 beta 1 is released on November
|
||||
26th, 2008, merely 7 months after KDE 4.1's alpha release.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Large Documentation Base</title>
|
||||
|
||||
<para>Because the project often can't deliver human, paid support for
|
||||
the software, its success is largely based on the documentation the
|
||||
project delivers. If the accompanying documentation contains all
|
||||
information about the software, experienced or independent users can
|
||||
find all user related answers in the documentation.</para>
|
||||
|
||||
<para>Free software projects usually have high profile documentation,
|
||||
often better than the online available documentation of closed-source
|
||||
off the shelf software. Many larger projects even have all this
|
||||
documentation available in several languages. And if you don't find your
|
||||
answer in the project documentation, chances are that one or more users
|
||||
have written independent guides on the software elsewhere.</para>
|
||||
|
||||
<para>There are many sites on the internet that link to the various
|
||||
documentation resources and the same problem as with free software
|
||||
itself arises: often you have too many resources making it harder to
|
||||
find the correct document to guide you through your end user experience
|
||||
of the software. However, unlike the plethora on software titles around
|
||||
(making it difficult to find the right software for the right job) it is
|
||||
easier for a user to know if documentation is good or not so there is no
|
||||
need for a ``documentation distribution''.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Software Life Cycle</title>
|
||||
|
||||
<para>If you buy software of an unknown, smaller company, you have the
|
||||
chance that after a number of years, the company doesn't exist anymore
|
||||
or is taken over and doesn't support that software since. Something
|
||||
similar is true with free software: if the project decides that there
|
||||
aren't enough resources to continue the development of the software
|
||||
(usually due to a shortage on developers) it can stop the development of
|
||||
the software, usually resulting in a drop of support from users as
|
||||
well.</para>
|
||||
|
||||
<para>However, unlike the case of the software company, the free
|
||||
software source code remains available to the public. If you desperately
|
||||
need the software to work for you, you can just pick the source code and
|
||||
continue the development of it yourself (or pay others to do it for
|
||||
you). You're also confident that the software will remain free.</para>
|
||||
|
||||
<para>If at any time all the copyright owners of the free software
|
||||
decide that the software falls under a different license which you don't
|
||||
agree after, you can take the sourcecode of the moment right before the
|
||||
copyright holders decided to switch the licenses and continue the
|
||||
development under that license (as that software is still under the
|
||||
original license and not the new one). This process (where a group of
|
||||
developers disagree with the development plans of the software and start
|
||||
a new project based on the same source code) is called
|
||||
<emphasis>forking</emphasis><indexterm>
|
||||
<primary>fork</primary>
|
||||
</indexterm> the project.</para>
|
||||
|
||||
<para>A well known example of such a fork is the creation of the X.org
|
||||
project, a fork of the XFree86 project which at a certain point in time
|
||||
decided to change their license. The license change wasn't the only
|
||||
reason for that fork: some developers were also unhappy with the
|
||||
development policy on new features and the development pace. Both
|
||||
projects are currently still around although X.org is now the most
|
||||
popular one.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Open Standards</title>
|
||||
|
||||
<para>Because so many projects are involved, it is important that each
|
||||
project uses standards as much as possible. Only by complying to open
|
||||
standards can projects easily and efficiently work together. Next are a
|
||||
few important standards or well perceived specifications in the free
|
||||
software world.</para>
|
||||
|
||||
<section>
|
||||
<title id="fhs" xreflabel="Filesystem Hierarchy Standard">Filesystem
|
||||
Hierarchy Standard</title>
|
||||
|
||||
<para>The first standard I discuss is the <emphasis>Filesystem Hierarchy
|
||||
Standard</emphasis><indexterm>
|
||||
<primary>Filesystem Hierarchy Standard</primary>
|
||||
</indexterm>, abbreviated to FHS<indexterm>
|
||||
<primary>FHS</primary>
|
||||
</indexterm>. This standard is used by almost all distributions and
|
||||
discusses the file locations on a Linux file system. One can read the
|
||||
FHS online at <ulink
|
||||
url="http://www.pathname.com/fhs"><uri>http://www.pathname.com/fhs/</uri></ulink>
|
||||
but many other resources describe the FHS layout as well.</para>
|
||||
|
||||
<para>The file system layout for Unix/Linux is quite different from the
|
||||
file system layout as seen from within Microsoft Windows. Instead of
|
||||
marking partitions by a drive letter, Unix/Linux sees a file system as a
|
||||
tree-like structure, starting with a root and building up through
|
||||
directories and files. You could say that the branches in the structure
|
||||
are the directories and the leaves are the files. If you think you have
|
||||
not encountered a Unix/Linux file system before, think again: URLs that
|
||||
you use on the Internet are based upon this structure. For instance, the
|
||||
URL <ulink
|
||||
url="http://www.gentoo.org/doc/en/faq.xml">http://www.gentoo.org/doc/en/faq.xml</ulink>
|
||||
denotes the file called <filename>faq.xml</filename> which can be found
|
||||
on the server of <ulink
|
||||
url="http://www.gentoo.org">www.gentoo.org</ulink>, in the directory
|
||||
<filename>/doc/en</filename>. So, / is the root, "doc" is a branch of
|
||||
this root and "en" is a branch of "doc".</para>
|
||||
|
||||
<para>Distributions that adhere to the FHS allow their Linux users to
|
||||
easily switch between distributions: the file system structure remains
|
||||
the same so navigation between folders, device files ... doesn't change.
|
||||
It also enables independent packagers to create packages for several
|
||||
distributions at once (as long as the distributions use the same package
|
||||
format). But foremost, it allows Linux users of one distribution to help
|
||||
users of other distributions as there isn't actually any difference
|
||||
between their file system layouts.</para>
|
||||
|
||||
<para>The current version of this standard is 2.3, released on January
|
||||
29th, 2004.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Linux Standard Base</title>
|
||||
|
||||
<para>The <emphasis>Linux Standard Base</emphasis><indexterm>
|
||||
<primary>Linux Standard Base</primary>
|
||||
</indexterm>, or LSB<indexterm>
|
||||
<primary>LSB</primary>
|
||||
</indexterm> sets the layout, binary compatibility, required
|
||||
libraries, required commands and more for a Linux operating system. If a
|
||||
distribution adheres to the LSB standard it can install, run and
|
||||
maintain LSB compliant (software) packages.</para>
|
||||
|
||||
<para>Distributions should adhere to the LSB if they want to ensure that
|
||||
they don't deviate from a good Linux standard. As a consequence, the LSB
|
||||
is an effort to ensure that distributions stay similar with regards to
|
||||
libraries, commands ... or in overall, user experience. It is a good
|
||||
effort to ensure that no fragmentation occurs in the Linux world.</para>
|
||||
|
||||
<para>Because the LSB is a broad standard, it comprises of other
|
||||
standards, including the forementioned FHS but also the <emphasis>Single
|
||||
Unix Specification</emphasis><indexterm>
|
||||
<primary>Single Unix Specification</primary>
|
||||
</indexterm> (SUS<indexterm>
|
||||
<primary>SUS</primary>
|
||||
</indexterm>) which defines how a Unix system should be. However, one
|
||||
cannot say that his Linux operating system is Unix because he would need
|
||||
to certify the OS (which requires serious financial support) and this
|
||||
certification wouldn't last long because the Linux OS changes
|
||||
often.</para>
|
||||
|
||||
<para>One of LSBs' largest advantages is that ISVs (Independent Software
|
||||
Vendors) such as Oracle, IBM, Sybase ... can package their software in
|
||||
an LSB-compatible software package which can then be installed on any
|
||||
LSB-compliant distribution.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Free Desktop Specifications</title>
|
||||
|
||||
<para>On <uri>http://www.freedesktop.org</uri> you'll find a set of
|
||||
desktop specifications that are well known in the free software
|
||||
community. Although they aren't standards (as freedesktop<indexterm>
|
||||
<primary>freedesktop</primary>
|
||||
</indexterm> is no standards body and the specifications haven't been
|
||||
converted into OASIS or ISO standards) many distributions adhere to
|
||||
them.</para>
|
||||
|
||||
<para>These specifications define how menu entries are created and
|
||||
maintained, where icons should reside, but also how drag and drop
|
||||
between different libraries (most notably Qt<indexterm>
|
||||
<primary>Qt</primary>
|
||||
</indexterm> and GTK+<indexterm>
|
||||
<primary>GTK+</primary>
|
||||
</indexterm>, the graphical libraries for KDE and GNOME) should be
|
||||
made possible.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Exercises</title>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>What is the difference between GPLv2 and GPLv3?</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Part of LSBs standard is the ELF or Executable and Linking
|
||||
Format, the binary format for executable, compiled code used by
|
||||
various Linux/Unix distributions. Can you find other operating systems
|
||||
that support the ELF format beyond Linux/Unix?</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Some people see fast releases as a weakness in the free software
|
||||
community: users are "forced" to upgrade their software more often and
|
||||
even though it is free, it still takes time (and sometimes headaches)
|
||||
to upgrade the software this often. Some distributions tend to help
|
||||
those users by offering stable (both in stability and in version
|
||||
releases) software only. How is this possible?</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>How is it possible that many distributions allow you to upgrade
|
||||
to the latest version without needing an installation CD or
|
||||
reinstallation from scratch?</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Further Resources</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/">The
|
||||
Cathedral and The Bazaar</ulink>, by Eric Steven Raymond - an essay on
|
||||
two different development models used in the Free Software
|
||||
community.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://www.ffii.org">Foundation for a Free
|
||||
Information Infrastructure</ulink>, a NPO dedicated to establishing a
|
||||
free market in information technology.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.gnu.org/philosophy/fighting-software-patents.htmlhttp://www.gnu.org/philosophy/fighting-software-patents.html">Fighting
|
||||
Software Patents</ulink>, by Richard Stallman - GNUs vision on
|
||||
software patents.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</chapter>
|
|
@ -0,0 +1,489 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>The Role of the Community</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>A very important asset of free software is the free software
|
||||
community. Just like with any technology or concept, free software has
|
||||
adepts that defend and promote free software to great extend. The free
|
||||
software community itself is very vivid and eager to help others in
|
||||
exploring the wonderful world of free software...</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Communities</title>
|
||||
|
||||
<para>Free software communities are similar to real communities, but with
|
||||
the Internet as main communication channel. Hence, these communities
|
||||
aren't clustered in space like real life communities would, but are
|
||||
scattered throughout the world. Nevertheless, the Internet ensures that
|
||||
participants of a community, even when they are lightyears (figure of
|
||||
speech) apart, talk to each other the same way as neighbours do.</para>
|
||||
|
||||
<para>The Internet is a great asset for these communities: you are not
|
||||
judged based on the color of your skin, your age or your looks. What
|
||||
matters is how you communicate with others, how you present yourself and
|
||||
how you react in discussions. Debates in a community can often become
|
||||
quite vivid, especially when the subject is one where facts aren't
|
||||
sufficient to provide good answers. And when these discussions change from
|
||||
debates into almost insulting fights, a flamewar<indexterm>
|
||||
<primary>flamewar</primary>
|
||||
</indexterm> is born.</para>
|
||||
|
||||
<para>In flamewars, facts and reason are often far away. You should
|
||||
definitely try to avoid flamewars for discussions where decisions have to
|
||||
be made, but it is impossible to really prevent them as they are the
|
||||
result of people who have an active interest in a subject they are eager
|
||||
to defend, especially when there is no clear answer to the question that
|
||||
started the flamewar.</para>
|
||||
|
||||
<para>Examples of such flamewars are ``What is the best Linux
|
||||
distribution?'' or ``What text editor should I choose?'' because these
|
||||
questions don't have clear answers: the best distribution for one person
|
||||
might be the worst for another, and there are many text editors around. In
|
||||
latin one would say ``de gustibus et coloribus non est disputandum'' (one
|
||||
shouldn't argue about tastes and colors) and this is very true for these
|
||||
kind of questions.</para>
|
||||
|
||||
<para>When you don't have a choice, flamewars don't exist: you cannot
|
||||
compare one product with itself. But in the free software world, choice is
|
||||
an important concept. You have the choice between many free operating
|
||||
systems (next to Linux you have many BSD flavors, Sun Solaris 10 and even
|
||||
less popular but promising operating systems like the GNU Hurd),
|
||||
distributions (there are over a hundred distributions around), graphical
|
||||
environments (not a single day goes by without battles about GNOME versus
|
||||
KDE), office suites, etc.</para>
|
||||
|
||||
<para>An often debated subject is ``the best distribution'' and although
|
||||
this book might seem a bit biased on the subject the best answer I can
|
||||
give you is that there is no best distribution, at least not generally
|
||||
speaking. The meaning of the term ``best'' is judged by people who have
|
||||
personal preferences about their operating system. And many of these
|
||||
people defend their best distribution very vividly.</para>
|
||||
|
||||
<para>Distribution communities are very active, mostly because they are
|
||||
quite large. The Gentoo community for instance is known for its
|
||||
responsiveness: the Gentoo chat channel is always alive (with more than
|
||||
800 participants at any time) as is its forum (with more than a thousand
|
||||
posts per day) and mailinglists. Of course, general flamewars on
|
||||
distributions are often on more neutral grounds, but heated discussions on
|
||||
other topics are a daily routine.</para>
|
||||
|
||||
<para>For this reason, most communities have people who keep the
|
||||
discussions sane and prevent flamewars from growing too much. People who
|
||||
try to induce flamewars on the communication channels (called
|
||||
<emphasis>trolls</emphasis><indexterm>
|
||||
<primary>troll</primary>
|
||||
</indexterm>) are taken care of by these operators: channel operators
|
||||
can kick or even ban such people from the chat channel, mailinglist
|
||||
operators remove these people from the list and forum operators remove the
|
||||
profiles of these users. You can safely say these people are the police of
|
||||
the community.</para>
|
||||
|
||||
<section>
|
||||
<title>Local Communities</title>
|
||||
|
||||
<para>A specific type of community is one which is local in space. Such
|
||||
communities often organise meetings (conferences, talks, barbequeues,
|
||||
...) and offer help to people local to the location where the community
|
||||
is hosted.</para>
|
||||
|
||||
<para>LUG<indexterm>
|
||||
<primary>LUG</primary>
|
||||
</indexterm>s (Linux User Group<indexterm>
|
||||
<primary>Linux User Group</primary>
|
||||
</indexterm>s) are succesful examples of such communities: these
|
||||
groups aggregate together, debating on the evolution in the Linux world
|
||||
and help others with Linux installations (Linux Install Fests<indexterm>
|
||||
<primary>Linux Install Fest</primary>
|
||||
</indexterm> are local meetings that offer help in deploying your
|
||||
favorite Linux distribution on your system). You might find a LUG very
|
||||
close by.</para>
|
||||
|
||||
<para>Many LUGs offer various services to their users which is often
|
||||
unseen in communities for commercial software. Moreover, many LUGs offer
|
||||
these services free-of-charge:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>individual, on-site help with installation, configuration and
|
||||
maintenance of a Linux distribution or other free software</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>courses, talks and presentations offering you more insight in
|
||||
available Free Software</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>specific documentation tailored to the needs of its own
|
||||
users</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>If you have some time to spare, I really recommend to join a local
|
||||
LUG - even if you are not searching for help, you can still offer your
|
||||
own expertise to others and make connections (yes, social networking is
|
||||
important).</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Online Communities</title>
|
||||
|
||||
<para>When people want to discuss a particular software topic or
|
||||
distribution, online communities are often formed. These communities do
|
||||
not (or to a less extend) organise meetings at a specific location
|
||||
(often called "in real life") but rather use the Internet as the meeting
|
||||
place ("online" meetings).</para>
|
||||
|
||||
<para>Online communities have the advantage that its members can be
|
||||
anywhere in the world and just like LUGs, they still offer services to
|
||||
its users, also most of the time free-of-charge:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>online help with installation, configuration and maintenance
|
||||
of the software</para>
|
||||
|
||||
<para>In particular cases, communities can even offer interactive
|
||||
help through technologies such as SSH<indexterm>
|
||||
<primary>SSH</primary>
|
||||
</indexterm> (Secure SHell - allows users to log on and work on
|
||||
another machine) and VNC<indexterm>
|
||||
<primary>VNC</primary>
|
||||
</indexterm> (Virtual Network Computing - allows users to
|
||||
graphically log on and work on another machine, or see read-only
|
||||
sessions).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>courses and online presentations</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>documentation, more specialised to the software title but
|
||||
often also localised (translated)</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>This is possible thanks to the various technologies available on
|
||||
the Internet, including</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Wiki (online collaboration software for developing
|
||||
documentation) software has become quite popular for developing and
|
||||
releasing documentation. The use of wiki's allows users to edit
|
||||
existing documentation or author new documentation online (with a
|
||||
simple browser) and the results of their editing is immediately
|
||||
visible to others.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Online (web)forums, where people can participate in
|
||||
discussions by placing messages and reacting to other messages. The
|
||||
advantage of web forums is that they are accessible through your web
|
||||
browser (which most firewalls still allow), can be consulted after
|
||||
the discussion has long been closed and where messages can be
|
||||
extended with images, attachments and formatted text.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Mailinglists, which is similar (function-wise) to web forums,
|
||||
but then organised through e-mail. People subscribe to a mailinglist
|
||||
and then receive all mails sent to that mailinglist to their
|
||||
personal mailbox. Replies to these mails are sent back to the
|
||||
mailinglists where they are again distributed to all mailinglist
|
||||
participants. Mailinglists are quite popular in free software
|
||||
communities as they are easily moderated and can be filtered. Also,
|
||||
mails often reach people faster than messages on a webforum so you
|
||||
could see a mailinglist as a faster discussion medium.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>IRC<indexterm>
|
||||
<primary>IRC</primary>
|
||||
</indexterm> (Internet Relay Chat) is a way of communicating with
|
||||
many people interactively. Most people know Instant Messaging
|
||||
software such as MSN or Google Talk. Well, IRC is somewhat older but
|
||||
still very much used as it supports chatrooms where several hundreds
|
||||
of people can participate. IRC is the fastest medium for
|
||||
participating in discussions and can be seen as a method for
|
||||
creating "online" meetings.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Support</title>
|
||||
|
||||
<para>Communities often perform the role of support people: if you have a
|
||||
question about their software project they are eager to answer and help.
|
||||
If you think the software is insufficient, they will help you expand it or
|
||||
have it work together with other tools (or even redirect you to other
|
||||
software projects if they feel you want something out of their favorite
|
||||
tool that the tool isn't made for).</para>
|
||||
|
||||
<para>Support can be given on many levels...</para>
|
||||
|
||||
<section>
|
||||
<title>Documentation Guides</title>
|
||||
|
||||
<para>A documentation guide is often created with one goal: describe how
|
||||
to do something with the tool. Such guides are therefor often called
|
||||
HOWTOs<indexterm>
|
||||
<primary>HOWTO</primary>
|
||||
</indexterm>. Much work is put in such HOWTOs because they should be
|
||||
correct, well formed but also complete. The better the HOWTO, the lesser
|
||||
questions are asked after reading it. If you ask the community how to
|
||||
perform a certain action and the action is described in such a HOWTO,
|
||||
you'll be redirected to that HOWTO (sometimes with a more crude
|
||||
reference to the RTFM<indexterm>
|
||||
<primary>RTFM</primary>
|
||||
</indexterm> term, or ``Read The Fucking Manual'' - although the third
|
||||
term is also often read as ``Fine'').</para>
|
||||
|
||||
<para>Other types of documentation are FAQs (<emphasis>Frequently Asked
|
||||
Questions</emphasis>) which are generally very small HOWTOs or answers
|
||||
to conceptual questions rather than technical ones. When you're new to a
|
||||
certain tool it is very interesting to read through the FAQs before you
|
||||
ask your question. Not only are chances high that you find your answer,
|
||||
you might find out more about the tool which can be very
|
||||
interesting.</para>
|
||||
|
||||
<para>Some communities also offer a knowledge base. Such systems can be
|
||||
seen as an aggregation of questions and answers, but unlike FAQs they
|
||||
might not be frequently asked. Knowledge bases often offer support
|
||||
solutions to specific setups.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Internet and Usenet Forums</title>
|
||||
|
||||
<para>Internet forums (webbased) or Usenet forums (newsgroups<indexterm>
|
||||
<primary>newsgroup</primary>
|
||||
</indexterm>) are a more interactive approach to obtain support.
|
||||
Internet forums have the additional advantage that you can add specific
|
||||
formatting in your questions: you can show command code, exceptions or
|
||||
errors better than in plain text. You can even include screenshots.
|
||||
These forums allow for any user to be helped quite fast: forums are read
|
||||
by many and the interface is simple enough to quickly see the new
|
||||
topics.</para>
|
||||
|
||||
<para>An additional advantage of internet forums is that, once a
|
||||
question has been asked and answered, it is stored in the database of
|
||||
the forum. Hence, the entire forum can be seen as a knowledge base with
|
||||
a multitude of answers. Very popular topics are often made sticky,
|
||||
meaning that the topic remains on top even when no further discussion
|
||||
happens on it, increasing the chance that new users read the
|
||||
topic.</para>
|
||||
|
||||
<para>Usenet forums (or newsgroups) are another popular approach to
|
||||
support although it must be said that newsgroups are not used that often
|
||||
for free software tools. Usually you'll find a newsgroup when the
|
||||
project itself doesn't provide a forum (anyone can launch a new
|
||||
newsgroup) although it does happen that internet forums and usenet
|
||||
forums are linked: posts in one forum are merged with the other.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Mailinglists</title>
|
||||
|
||||
<para>A more direct approach are mailinglists<indexterm>
|
||||
<primary>mailinglist</primary>
|
||||
</indexterm>, e-mail addresses where several dozens (or even hundreds)
|
||||
individuals listen to. A mailinglist is often perceived to be a bit
|
||||
faster than forums because many developers frequent mailinglists but not
|
||||
forums due to the ease of use: mailinglists result in plain e-mails
|
||||
which can be easily filtered.</para>
|
||||
|
||||
<para>Most mailinglists are archived as well, allowing you to skim
|
||||
through the older topics in the list. Whereas forums are usually pure
|
||||
for user experience, mailinglists are used as the primary communication
|
||||
channel for development purposes. Some projects also have internal
|
||||
development mailinglists which aren't readable to the public. This isn't
|
||||
because they want to hide development stuff from the users: such mailing
|
||||
lists are used to communicate security issues, personal information
|
||||
(including account information) but also to talk about topics that are
|
||||
juridically difficult to defend if they are made public.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Chat</title>
|
||||
|
||||
<para>Chatting is almost the most direct form of communicating with each
|
||||
other. Many free software projects use IRC<indexterm>
|
||||
<primary>IRC</primary>
|
||||
</indexterm> (Internet Relay Chat) as a central communication channel.
|
||||
Users can be quickly helped through IRC while developers can talk and
|
||||
discuss changes quickly.</para>
|
||||
|
||||
<para>Chat channels can be very popular. Gentoo's main chat channel
|
||||
(#gentoo on the freenode network) has between 800 and 1000 participants
|
||||
at any time.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Real-life Meetings</title>
|
||||
|
||||
<para>Once in a while, developer groups come together for real-life
|
||||
support or to discuss the evolution of their software. In many cases,
|
||||
real-life meetings offer a way for people to get hands-on, interactive
|
||||
help. We have talked about LUG meetings (where real-life meetings are
|
||||
often held) but also software communities have real-life meetings. Many
|
||||
of these meetings offer a way for developers to meet each other (for the
|
||||
first time), discuss topics and learn from each other.</para>
|
||||
|
||||
<para>In some cases, <emphasis>hackfest</emphasis>s<indexterm>
|
||||
<primary>hackfest</primary>
|
||||
</indexterm> are organized. During these meetings, developers
|
||||
aggregate together with a single goal: to develop new features or remove
|
||||
bugs from the software. Although this can well be done offline,
|
||||
hackfests allow developers to communicate freely and help other
|
||||
developers with their problems. Meeting in real life allows developers
|
||||
to easily show the problem they have (some problems can be difficult or
|
||||
too time consuming to write down).</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Conferences</title>
|
||||
|
||||
<para>In the Free Software world, conferences are often organized. During
|
||||
these conferences</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>talks are given about certain software titles (design, features,
|
||||
evolution, ...) or projects (infrastructure, offered services, used
|
||||
technologies, ...)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>booths are organized where projects can show themselves to the
|
||||
wide(r) public. Distributions frequently use booths to hand out
|
||||
installation CD/DVDs and show systems running the distribution.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>companies offer information on how they use (or develop) free
|
||||
software (and sometimes recruit developers)</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<section>
|
||||
<title>FOSDEM</title>
|
||||
|
||||
<para>FOSDEM<indexterm>
|
||||
<primary>FOSDEM</primary>
|
||||
</indexterm>, or the <emphasis>Free and Open Source Developers
|
||||
European Meeting</emphasis>, takes place in Brussels, Belgium at the
|
||||
beginning of each year (around mid-february). During this conference,
|
||||
talks are given about coding and development of software, but you'll
|
||||
also find booths about various software projects/distributions and
|
||||
developer rooms (where a single project can offer talks about
|
||||
project-specific topics).</para>
|
||||
|
||||
<para>FOSDEM is held during two days and has become a major conference
|
||||
in the Free Software community, especially in Europe as many other
|
||||
conferences are held in the USA.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>FOSS.IN</title>
|
||||
|
||||
<para>FOSS.IN<indexterm>
|
||||
<primary>FOSS.IN</primary>
|
||||
</indexterm>, or the <emphasis>Free and Open Source Software
|
||||
conference in India</emphasis>, is one of Asia's largest FOSS
|
||||
conferences. It occurs at the end of every year in Balgalore, India,
|
||||
featuring talks, discussions, workshops, meetings and more from
|
||||
international speakers, users and developers.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>LinuxTag</title>
|
||||
|
||||
<para>LinuxTag<indexterm>
|
||||
<primary>LinuxTag</primary>
|
||||
</indexterm> is a free software exposition with primary focus on the
|
||||
Linux-based operating systems and solutions. Unlike FOSDEM, LinuxTag
|
||||
focuses more on the integration of Linux (and free software) in larger
|
||||
environments, offering booths to both commercial companies and
|
||||
non-commercial organisations.</para>
|
||||
|
||||
<para>It's slogan is "Where .COM meets .ORG". You can visit LinuxTag
|
||||
around spring every year. </para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Exercises</title>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Try to find the online discussion methods (webforum,
|
||||
mailinglists, IRC) offered by the Gentoo Linux distribution.</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Resources</title>
|
||||
|
||||
<para>A few more free software conferences:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>The <ulink url="http://www.linuxsymposium.org">Ottawa Linux
|
||||
Symposium</ulink> is held every year in Ottawa, Canada during summer
|
||||
break.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://www.linux-kongress.org">Linux
|
||||
Kongress</ulink> has almost always been held in Germany although a
|
||||
single instance was in Cambridge, England.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://linux.conf.au/">Linux.conf.au</ulink> is
|
||||
hosted in Australia in the beginning of every year</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://www.ohiolinux.org/">Ohio Linux Fest</ulink>
|
||||
is held in Ohio every fall.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://www.linuxfestnorthwest.org/">Linux Fest
|
||||
Northwest</ulink> is held in Washington every spring.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://scale7x.socallinuxexpo.org/">SCaLE (Southern
|
||||
California Linux Expo)</ulink> is held late winter.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://onlinux.ca/">Ontario Linux
|
||||
Fest</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://www.linuxworldexpo.com/">LinuxWorld
|
||||
Conference and Expo</ulink></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink url="http://freed.in/">Freed.IN</ulink></para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</chapter>
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,646 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>Working with Processes</title>
|
||||
|
||||
<section>
|
||||
<title>Process Trees</title>
|
||||
|
||||
<section>
|
||||
<title>Parent and Child Relationships</title>
|
||||
|
||||
<para>Each Linux (and Unix) process has a parent (except for the top
|
||||
process) and can have one or more childs. The relationship is crafted
|
||||
when a process is launched: the process that launched the new process
|
||||
becomes the parent of that process. As a user, you might not know what
|
||||
process you are currently working in. Every program is a process, being
|
||||
it the shell you're typing the commands in or the graphical environment
|
||||
you're working with.</para>
|
||||
|
||||
<para>For instance, a user who has a terminal open can have the
|
||||
following process structure for this terminal:</para>
|
||||
|
||||
<programlisting>init
|
||||
`- xterm
|
||||
`- bash</programlisting>
|
||||
|
||||
<para>You can obtain a tree of running processes using the
|
||||
<command>pstree</command> command:</para>
|
||||
|
||||
<programlisting>$ <command>pstree</command>
|
||||
init-+-acpid
|
||||
|-4*[agetty]
|
||||
|-agiletrack---java---19*[{java}]
|
||||
|-apache2---8*[apache2]
|
||||
|-bonobo-activati---{bonobo-activati}
|
||||
|-5*[dbus-daemon]
|
||||
|-dhcpcd
|
||||
|-gconfd-2
|
||||
|-gnome-keyring-d
|
||||
|-gnome-power-man
|
||||
|-gnome-screensav
|
||||
|-gnome-settings----{gnome-settings-}
|
||||
|-4*[gnome-vfs-daemo]
|
||||
|-gnome-volume-ma
|
||||
|-gpg-agent
|
||||
|-hald---hald-runner-+-hald-addon-acpi
|
||||
| |-hald-addon-cpuf
|
||||
| `-hald-addon-stor
|
||||
|-java---15*[{java}]
|
||||
|-login---bash---startx---xinit-+-X
|
||||
| `-gnome-session-+-gnome-panel
|
||||
| |-metacity
|
||||
| |-nautilus
|
||||
| `-{gnome-session}
|
||||
[...]</programlisting>
|
||||
|
||||
<para>Now, not every process launched immediately becomes a child of the
|
||||
process where it was launched from. Some processes might immediately
|
||||
become child of the root process, most often called
|
||||
<command>init</command><indexterm>
|
||||
<primary>init</primary>
|
||||
</indexterm>. The root process is the first process launched by the
|
||||
kernel when it boots up. It is responsible for running the necessary
|
||||
startup services and prepare the system for its duties.</para>
|
||||
|
||||
<para>Processes that become child of the root process usually do this
|
||||
because they don't want to be terminated when their parent process exits
|
||||
or dies: when this happens, the child processes become orphaned and the
|
||||
init process will terminate these processes as well. So, becoming a
|
||||
child of the init process will ensure that the process remains
|
||||
available. In the above example you'll find a good example: the
|
||||
<command>dhcpcd</command> command governs the IP address of the network
|
||||
interface through the DHCP protocol. If the process didn't continuously
|
||||
run, your IP address would be dismissed after a few minutes (or
|
||||
hours).</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Process Ownership</title>
|
||||
|
||||
<para>When a process is launched (usually through a command the user
|
||||
entered) it, by default, obtains the user id and group id of its parent
|
||||
process. When a user logs on to the system, the <command>login</command>
|
||||
process launches a shell process with the user id and group id of the
|
||||
user that logged on, so every command the user launches takes the user
|
||||
id and group id of that user, since the parent process of every launched
|
||||
command is either the beforementioned shell process or one of its child
|
||||
processes.</para>
|
||||
|
||||
<para>Some processes however explicitly ask the Linux kernel to use a
|
||||
different user id and group id. This is accomplished by setting the
|
||||
<emphasis>setuid</emphasis> or <emphasis>setgid</emphasis> flags on the
|
||||
process file itself. With <emphasis>setuid</emphasis><indexterm>
|
||||
<primary>setuid</primary>
|
||||
</indexterm> (set user id) and <emphasis>setgid</emphasis><indexterm>
|
||||
<primary>setgid</primary>
|
||||
</indexterm> (set group id) the owner of the process is the owner of
|
||||
the file rather than the user that launched the process.</para>
|
||||
|
||||
<para>An example is the <command>passwd</command> command, used to
|
||||
change the password of a user:</para>
|
||||
|
||||
<programlisting>$ <command>ls -l /bin/passwd</command>
|
||||
-rws--x--x 1 root root 28956 Jul 15 2007 passwd</programlisting>
|
||||
|
||||
<para>As you can see, the command file itself is owned by root. It also
|
||||
has the setuid bit set (see the s in <filename>-rws--x--x</filename>).
|
||||
If a user runs the <command>passwd</command> command, the command itself
|
||||
has root privileges rather than the privileges for the user. For the
|
||||
<command>passwd</command> command, this is necessary because it needs to
|
||||
update the password files (<filename>/etc/passwd</filename> and
|
||||
<filename>/etc/shadow</filename>) which are only writeable by the root
|
||||
user (the <filename>/etc/shadow</filename> file is not even readable for
|
||||
regular users).</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Viewing Process Information</title>
|
||||
|
||||
<para>Various tools exist to obtain process information. The next few
|
||||
chapters give a nice overview of these tools...</para>
|
||||
|
||||
<section>
|
||||
<title>Process Lists</title>
|
||||
|
||||
<para>The main program to create a process list is the
|
||||
<command>ps</command> command. If ran inside a shell, it shows the
|
||||
processes that are running inside the session (meaning the processes
|
||||
launched from the shell, including the shell itself):</para>
|
||||
|
||||
<programlisting>$ <command>ps</command>
|
||||
PID TTY TIME CMD
|
||||
24064 pts/3 00:00:00 bash
|
||||
24116 pts/3 00:00:00 ps</programlisting>
|
||||
|
||||
<para>The columns shown are:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>PID - process id of the process</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>TTY - controlling terminal (this is Unix inheritage where
|
||||
users were logged on through terminals, pts is a
|
||||
pseudoterminal)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>TIME - the execution time the process took. In the above
|
||||
example, both commands hardly took any CPU time on the system
|
||||
(bash is the shell, which is most of the time waiting for input so
|
||||
not consuming any CPU time, the other one is ps which gave its
|
||||
results in less than a second)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>CMD - the process name itself (the command)</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>Of course, several arguments to ps exist which change its
|
||||
behavior. For instance, with <command>ps -e</command> you see the same
|
||||
information, but for all processes runnin on the system. With
|
||||
<command>ps -f</command> a few more columns are added, including the
|
||||
parent process id and the time the process started.</para>
|
||||
|
||||
<para>You can also limit the processes to see based on the user
|
||||
(<command>ps -u username</command>), command name (<command>ps -C
|
||||
command</command>), really running processes (taking cpu time at the
|
||||
moment: <command>ps -r</command>) and more. For more information, see
|
||||
the ps manual page.</para>
|
||||
|
||||
<para>Another command that is often used to obtain process list
|
||||
information is the <command>top</command> program. The top command is
|
||||
an interactive command that shows you a process list, sorted by one or
|
||||
more values (default is CPU usage) and refreshes this list every 5
|
||||
seconds (this is of course configurable):</para>
|
||||
|
||||
<programlisting>top - 10:19:47 up 6 days, 6:41, 5 users, load average: 1.00, 1.27, 0.92
|
||||
Tasks: 120 total, 1 running, 119 sleeping, 0 stopped, 0 zombie
|
||||
Cpu(s): 3.2%us, 0.7%sy, 0.0%ni, 95.6%id, 0.3%wa, 0.1%hi, 0.0%si, 0.0%st
|
||||
Mem: 1545408k total, 1490968k used, 54440k free, 177060k buffers
|
||||
Swap: 2008084k total, 132k used, 2007952k free, 776060k cached
|
||||
|
||||
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
|
||||
4458 haldaemo 16 0 5488 3772 2388 S 2.0 0.2 4:23.69 hald
|
||||
27255 swift 15 0 2272 1064 768 R 2.0 0.1 0:00.01 top
|
||||
1 root 15 0 1612 544 468 S 0.0 0.0 0:00.48 init
|
||||
2 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 kthreadd
|
||||
3 root 39 19 0 0 0 S 0.0 0.0 0:00.45 ksoftirqd/0
|
||||
4 root 10 -5 0 0 0 S 0.0 0.0 0:01.95 events/0
|
||||
5 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khelper
|
||||
60 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
|
||||
61 root 11 -5 0 0 0 S 0.0 0.0 0:25.77 kacpid
|
||||
62 root 11 -5 0 0 0 S 0.0 0.0 0:09.60 kacpi_notify
|
||||
171 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ata/0
|
||||
172 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ata_aux
|
||||
173 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ksuspend_usbd
|
||||
176 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khubd
|
||||
178 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 kseriod
|
||||
196 root 10 -5 0 0 0 S 0.0 0.0 0:01.13 kswapd0
|
||||
197 root 20 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0</programlisting>
|
||||
|
||||
<para>There is plenty of information in the top screen...</para>
|
||||
|
||||
<programlisting>top - 10:19:47 up 6 days, 6:41, 5 users, load average: 1.00, 1.27, 0.92</programlisting>
|
||||
|
||||
<para>The first line shows you the uptime of the system (this system
|
||||
is running for 6 days, 6 hours and 41 minutes), the number of logged
|
||||
on users (beware, this is not the number of different users - if a
|
||||
user launches 3 xterms inside a graphical session he will be shown as
|
||||
four logged on users) and the load average.</para>
|
||||
|
||||
<para>The load average is something many people misinterprete. The
|
||||
load average shows the number of processes that were running or asking
|
||||
for CPU time during the given interval. In the above example, this
|
||||
means that:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>in the last minute, an average of 1 process was asking for
|
||||
or using CPU time</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>in the last 5 minutes, an average of 1.27 processes were
|
||||
asking for or using CPU time</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>in the last 15 minutes, an average of 0.92 processes were
|
||||
asking for or using CPU time</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>For a single CPU system, you most likely don't want a number
|
||||
higher than 1 in the long run (for instance, the 15-minute span). The
|
||||
more CPUs, the higher the load average can become.</para>
|
||||
|
||||
<programlisting>Tasks: 120 total, 1 running, 119 sleeping, 0 stopped, 0 zombie</programlisting>
|
||||
|
||||
<para>The number of processes running on this system (120) of which
|
||||
119 are sleeping (not performing any duties), 1 running (the top
|
||||
command itself), 0 stopped (a process in the stopped state can still
|
||||
be revived but is, at this moment, not accepting input or performing
|
||||
any tasks) and 0 zombie.</para>
|
||||
|
||||
<para>A zombie process is not really a real process: the process
|
||||
itself has already finished, but its parent process doesn't know this
|
||||
yet, so the kernel is keeping some process information until the
|
||||
parent process asks for the child process state.</para>
|
||||
|
||||
<programlisting>Cpu(s): 3.2%us, 0.7%sy, 0.0%ni, 95.6%id, 0.3%wa, 0.1%hi, 0.0%si, 0.0%st</programlisting>
|
||||
|
||||
<para>CPU state information, showing the CPU usage percentages: user
|
||||
processes (us), system/kernel CPU usage (sy), niced processes (ni),
|
||||
idle CPU (id), waiting for I/O (wa), hardware interrupts (hi),
|
||||
software interrupts (si) and virtual cpu stealing (st).</para>
|
||||
|
||||
<para>Most of the states are self-explanatory. The niced processes is
|
||||
for processes the user reniced and is a subset of the user processes
|
||||
percentage. The virtual CPU stealing is the percentage of time a
|
||||
virtual CPU waits for a real CPU and is not interesting for regular
|
||||
Linux/Unix users (as they don't work with virtualization).</para>
|
||||
|
||||
<programlisting>Mem: 1545408k total, 1490968k used, 54440k free, 177060k buffers
|
||||
Swap: 2008084k total, 132k used, 2007952k free, 776060k cached</programlisting>
|
||||
|
||||
<para>Memory usage: of the 1.5 Gbyte of memory available, 1.45Gbyte is
|
||||
in use and 54Mbyte is free. Of the used memory, 177 Mbyte is used by
|
||||
the kernel for internal buffers. Also, 776 Mbyte of the used memory
|
||||
actually consists out of cached data which can potentially be cleared
|
||||
if a process would require more memory than currently
|
||||
available.</para>
|
||||
|
||||
<para>The swap space itself is hardly used: of the 2Gbyte of swap
|
||||
space defined, only 132 kbyte is in use.</para>
|
||||
|
||||
<programlisting> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
|
||||
4458 haldaemo 16 0 5488 3772 2388 S 2.0 0.2 4:23.69 hald
|
||||
...</programlisting>
|
||||
|
||||
<para>The rest of the screen gives the process listing itself. The
|
||||
columns shown are:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Process ID (PID) of the process</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Username (USER) showing the owner of the process</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Priority value (PR) of the process (the higher the value,
|
||||
the higher the priority). Priorities are exclusively determined by
|
||||
the Linux kernel.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Nice value (NI) of the process (is a user sets a nice value,
|
||||
or renices a tool, it tells the Linux kernel how "nice" the
|
||||
program is - the higher the nice value, the nicer it is so
|
||||
(generally) the lower the priority should be).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The virtual memory (VIRT) the process is occupying. This
|
||||
includes the memory it is actually using, mapped memory from
|
||||
devices, files mapped into memory and shared memory.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The resident (really used) memory (RES) the process is
|
||||
using.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The amount of possibly shared memory (SHR). It is "possibly"
|
||||
because the memory is shareable, but not automatically used by
|
||||
others already.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Process state (S), which can be any of S (sleeping), R
|
||||
(running), D (uninterruptible sleep), T (traced or stopped) or Z
|
||||
(zombie).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>CPU usage (%CPU)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Memory usage (%MEM - based on RES)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Runtime (TIME+)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Command (COMMAND)</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Process Information</title>
|
||||
|
||||
<para>You can also be interested in more detailed process information
|
||||
such as the files (or connections) the process has currently
|
||||
open.</para>
|
||||
|
||||
<para>With <command>lsof</command><indexterm>
|
||||
<primary>lsof</primary>
|
||||
</indexterm> you can view this information. Just give the process id
|
||||
with it (lsof -p PID) and you get all this information. However, lsof
|
||||
can do much more. For instance, with lsof you can see what process is
|
||||
listening on a particular port:</para>
|
||||
|
||||
<programlisting># <command>lsof -i :443</command>
|
||||
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
|
||||
apache2 4346 root 3u IPv4 11484 TCP *:https (LISTEN)</programlisting>
|
||||
|
||||
<para>Another tool that can do the same is
|
||||
<command>fuser</command><indexterm>
|
||||
<primary>fuser</primary>
|
||||
</indexterm>:</para>
|
||||
|
||||
<programlisting># <command>fuser -v 443/tcp</command>
|
||||
USER PID ACCESS COMMAND
|
||||
443/tcp: root 4346 F.... apache2</programlisting>
|
||||
|
||||
<para>The same can be accomplished with files. For instance, to see
|
||||
what processes are using a particular file with fuser, just give the
|
||||
filename (<command>fuser -v /path/to/file</command>).</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Backgrounding Processes</title>
|
||||
|
||||
<para>Processes can be started in the background, either because the
|
||||
process immediately detaches it from the running session (daemons) or
|
||||
because the user asks to run it in the background.</para>
|
||||
|
||||
<para>Daemons<indexterm>
|
||||
<primary>daemon</primary>
|
||||
</indexterm> are processes that do not stay in the running session.
|
||||
The moment you launch a daemon process, you immediately get your prompt
|
||||
back as if the process has finished. However, this isn't true: the
|
||||
process is still running, but it is running in the background. Most
|
||||
daemons do not have the possibility to reattach to the session. Wether
|
||||
or not a process is a daemon depends on the process itself as this is a
|
||||
pure programmatical decision.</para>
|
||||
|
||||
<para>Backgrounded processes however are processes that stay in the
|
||||
running session, but do not "lock" the input devices (keyboard). As a
|
||||
result, the user gets the prompt back and can continue launching other
|
||||
processes or do other tasks. To background a process, a user can add a
|
||||
"&" sign at the end of the command line. For instance, to put the
|
||||
command "eix-update" in the background:</para>
|
||||
|
||||
<programlisting># <command>eix-update &</command></programlisting>
|
||||
|
||||
<para>You can see what processes are running in your session in the
|
||||
background using the <command>jobs</command><indexterm>
|
||||
<primary>jobs</primary>
|
||||
</indexterm> command:</para>
|
||||
|
||||
<programlisting># <command>jobs</command>
|
||||
[1]- Running eix-update &</programlisting>
|
||||
|
||||
<para>You can put a job back into the foreground using the
|
||||
<command>fg</command><indexterm>
|
||||
<primary>fg</primary>
|
||||
</indexterm> command. If you just enter fg, it'll put the last job put
|
||||
in the background back. If you want to select a different job, use the
|
||||
number that jobs returned. For instance, to return the 3rd job back to
|
||||
the foreground:</para>
|
||||
|
||||
<programlisting># <command>fg %3</command></programlisting>
|
||||
|
||||
<para>If you want to put a process that you are running in the
|
||||
background, use Ctrl-Z to put the process in the background. Ctrl-Z also
|
||||
pauzes the process, so if you want to continue the process in the
|
||||
background, enter "<command>bg</command>" afterwards as well:</para>
|
||||
|
||||
<programlisting># <command>eix-update</command>
|
||||
(...)
|
||||
(Press <command>Ctrl-Z</command>)
|
||||
[1]+ Stopped eix-update
|
||||
# <command>bg</command>
|
||||
[1]+ eix-update &</programlisting>
|
||||
|
||||
<para>There are a few things you must keep in mind when using
|
||||
jobs:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>A (non-daemon) process is attached to a running session. The
|
||||
moment you terminate your session, all jobs that were running in
|
||||
that session (both foreground and background processes) are
|
||||
terminated as well.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Although processes can be ran in the background, their output
|
||||
is still forwarded to your terminal. If you do not want this, you
|
||||
can redirect the output of a command using the > redirect. For
|
||||
instance, to redirect the standard output (default - 1) of
|
||||
update-eix to a logfile and do the same for the error output
|
||||
(2):</para>
|
||||
|
||||
<programlisting># <command>eix-update > /var/tmp/update-eix.log 2>&1 &</command></programlisting>
|
||||
|
||||
<para>Another popular redirect is to ignore output
|
||||
completely:</para>
|
||||
|
||||
<programlisting># <command>eix-update > /dev/null 2>&1 &</command></programlisting>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Process Behavior</title>
|
||||
|
||||
<para>Programs are most often launched when a user selects a tool or
|
||||
executes a command. They can also be invoked automatically by a running
|
||||
program or by the Linux kernel (although the init tool is probably the
|
||||
only one ever invoked by the kernel autonomously).</para>
|
||||
|
||||
<para>The next few sections give pointers on process behavior and how you
|
||||
can modify it (if appropriate).</para>
|
||||
|
||||
<section>
|
||||
<title>Command Return Codes</title>
|
||||
|
||||
<para>The simplest example of launching a program is a simple command
|
||||
you enter in the command line. Once the program has finished, it leaves
|
||||
behind its <emphasis>return code</emphasis><indexterm>
|
||||
<primary>return code</primary>
|
||||
</indexterm> (or <emphasis>exit code</emphasis><indexterm>
|
||||
<primary>exit code</primary>
|
||||
</indexterm>) informing you how well it did its job.</para>
|
||||
|
||||
<para>A returncode is always an integer in the range of 0 to 255. Some
|
||||
programs might attempt to return a code larger than 255 (or even
|
||||
negative). Although not technically restricted, this is not a good idea
|
||||
as some applications only expect a returncode between 0 to 255 and might
|
||||
even "wrap" return codes to this range. If a program would ever have a
|
||||
return code of 512 for instance, it might be mapped into 0.</para>
|
||||
|
||||
<para>Every program that has succesfully finished its job will (or
|
||||
should) return code 0. A non-zero return code means that the application
|
||||
has failed to finish its tasks (completely).</para>
|
||||
|
||||
<para>Inside any POSIX-compliant shell (POSIX has a standard for Unix
|
||||
environments, including how a shell should function) such as
|
||||
<command>ksh</command> or <command>bash</command> you can obtain the
|
||||
return code of the last command using <filename>$?</filename>:</para>
|
||||
|
||||
<programlisting>$ <command>ls -l</command>
|
||||
...
|
||||
$ <command>echo $?</command>
|
||||
0
|
||||
$ <command>ls -z</command>
|
||||
ls: invalid option -- z
|
||||
Try `ls --help' for more information
|
||||
$ <command>echo $?</command>
|
||||
2</programlisting>
|
||||
|
||||
<para>These return codes are important as they are the means to
|
||||
investigate if all commands went succesfully or not, allowing you to
|
||||
write quite intelligent shell scripts which trigger several commands and
|
||||
include logic to handle command failures.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Priority and Niceness</title>
|
||||
|
||||
<para>On Linux, you can't set the priority of a process yourself: the
|
||||
Linux kernel does that for you, based on information about the process
|
||||
itself, including but not limited to if the process is I/O-bound (as
|
||||
such programs are most of the time user-interactive), its previous CPU
|
||||
consumation, possible locks it is holding and more.</para>
|
||||
|
||||
<para>You can, however, inform the kernel on what you think the process'
|
||||
priority ought to be. For this, you can set a
|
||||
<emphasis>nice</emphasis><indexterm>
|
||||
<primary>nice value</primary>
|
||||
</indexterm> value for the application. The value, in the range of -20
|
||||
to 10, informs the Linux kernel about how nice the program should be
|
||||
towards the rest of the system. Negative numbers (-1 to -20) are not
|
||||
that nice; the Linux kernel will thus assign those a larger time slice
|
||||
and you'll notice that such programs usually get a higher priority.
|
||||
However, only the root user can assign a negative nice number to a
|
||||
program. Positive numbers (1 to 19) make a process more nice to the
|
||||
system; they will receive a lower time slice and usually a lower
|
||||
priority.</para>
|
||||
|
||||
<para>Thanks to this system you can launch long-lasting, non-interactive
|
||||
commands in the background without worrying about the inpact to your
|
||||
interactive user experience. The <command>nice</command><indexterm>
|
||||
<primary>nice</primary>
|
||||
|
||||
<secondary>tool</secondary>
|
||||
</indexterm> tool allows you to start up a command with a particular
|
||||
nice value.</para>
|
||||
|
||||
<para>For instance, to start a Gentoo system upgrade with the highest
|
||||
possible nice value (as this is something you usually want to perform in
|
||||
the background):</para>
|
||||
|
||||
<programlisting># <command>nice -n 19 emerge -uDN world</command></programlisting>
|
||||
|
||||
<para>If a process is already running, you can change its nice value
|
||||
with the renice tool (for instance, to increase the nice value of the
|
||||
process with process id 219 with 5):</para>
|
||||
|
||||
<programlisting># <command>renice +5 219</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Sending Signals (and Killing Processes)</title>
|
||||
|
||||
<para>Some processes allow you to send certain signals to them. A signal
|
||||
is a simple integer between 0 and 64; each of them is also given a
|
||||
particular name. The <command>kill</command><indexterm>
|
||||
<primary>kill</primary>
|
||||
</indexterm> tool can be used to send signals to processes, but also
|
||||
to obtain a list of available signals:</para>
|
||||
|
||||
<programlisting>$ <command>kill -l</command>
|
||||
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
|
||||
5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE
|
||||
9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2
|
||||
13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGSTKFLT
|
||||
17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
|
||||
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU
|
||||
25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH
|
||||
29) SIGIO 30) SIGPWR 31) SIGSYS 34) SIGRTMIN
|
||||
35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 38) SIGRTMIN+4
|
||||
39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
|
||||
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12
|
||||
47) SIGRTMIN+13 48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14
|
||||
51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10
|
||||
55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6
|
||||
59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
|
||||
63) SIGRTMAX-1 64) SIGRTMAX</programlisting>
|
||||
|
||||
<para>Its name might already inform you about its usual task: killing
|
||||
processes. By default, if you want to terminate a process but you can't
|
||||
commicate with the process directly (like hitting "Quit" or "Exit"), you
|
||||
should send a signal 15 (SIGTERM<indexterm>
|
||||
<primary>SIGTERM</primary>
|
||||
</indexterm>) to the program. This is also what
|
||||
<command>kill</command> does by default.</para>
|
||||
|
||||
<para>However, if the process doesn't listen to this signal or has gone
|
||||
haywire, you can use the SIGKILL signal. The SIGKILL<indexterm>
|
||||
<primary>SIGKILL</primary>
|
||||
</indexterm> signal doesn't actually reach the application (ever) but
|
||||
immediately terminates the process. Its number is 9:</para>
|
||||
|
||||
<programlisting>$ <command>kill -9 219</command></programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Exercises</title>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>How do you obtain the process ID of a running process?</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>How can you run a process in background and still be able to
|
||||
terminate the session without terminating the process (without the
|
||||
process being a daemon)?</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>What is a <defunct> process?</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Further Resources</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.gnu.org/software/bash/manual/bashref.html#Redirections">Bash
|
||||
redirection</ulink></para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</chapter>
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,422 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>Hardware Support</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>Some hardware is automatically enabled once you have configured it
|
||||
inside the Linux kernel: access to PCI chipsets, graphical card, disks,
|
||||
USB storage, etc. Yet, most hardware requires additional work. After all,
|
||||
the Linux kernel provides you with a programmatical interface to access
|
||||
the devices, but you still need the necessary tooling to get the device to
|
||||
function properly. Good examples are network cards and printers, but also
|
||||
sound cards.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>ALSA - Advanced Linux Sound Architecture</title>
|
||||
|
||||
<para>ALSA<indexterm>
|
||||
<primary>ALSA</primary>
|
||||
</indexterm> is an open source project that provides audio functionality
|
||||
to the Linux kernel. It supports professional audio hardware (next to the
|
||||
consumer audio hardware, including sound cards) and provides a powerful,
|
||||
standard interface which allows, for instance, multiple software access to
|
||||
a single audio device. For programmers, ALSA's API is well documented and
|
||||
you'll quickly find that the ALSA library provides thread-safe access to
|
||||
the device(s).</para>
|
||||
|
||||
<para>The project also provides tools to manage the audio devices such as
|
||||
a simple mixer program (<command>alsamixer</command>), modular sound
|
||||
drivers which allow users to fine-tune the drivers' configuration aspects
|
||||
and of course support for the older OSS/Free implementation (Linux'
|
||||
previous open sound system).</para>
|
||||
|
||||
<section>
|
||||
<title>Installing ALSA</title>
|
||||
|
||||
<para>Installing ALSA consists of two distinct steps:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Configure the Linux kernel with ALSA support and with support
|
||||
for your sound card(s)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Install the ALSA utilities</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>If you configure your kernel, you can either opt to install the
|
||||
sound card drivers in your kernel or as a kernel module. ALSA's
|
||||
configuration utility (<command>alsaconf</command>) assumes that you use
|
||||
kernel modules for your sound cards. However, this is not a requirement
|
||||
- you can still configure ALSA sound card drivers if they are built
|
||||
inside the kernel. The interface to do so however is a bit more
|
||||
complex.</para>
|
||||
|
||||
<para>To install the ALSA utilities, it is sufficient to emerge
|
||||
alsa-utils:</para>
|
||||
|
||||
<programlisting># <command>emerge alsa-utils</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Basic ALSA Configuration</title>
|
||||
|
||||
<para>The basic ALSA configuration starts with detecting your sound card
|
||||
and enabling the channels on it (sound channels) as ALSA will, by
|
||||
default, mute the channels (this is for precautionary reasons - you
|
||||
don't want to blow your speakers the first time you launch your computer
|
||||
do you?).</para>
|
||||
|
||||
<para>The first part (detecting the sound card) can be done using
|
||||
<command>alsaconf</command>. The <command>alsaconf</command><indexterm>
|
||||
<primary>alsaconf</primary>
|
||||
</indexterm> tool will attempt to detect your sound card(s), load the
|
||||
necessary modules and configure those with sane settings. It will save
|
||||
whatever it found to a general file which is read by your favorite
|
||||
distribution (which is undoubtedly Gentoo ;-) at start up so you don't
|
||||
have to rerun <command>alsaconf</command> after every boot.</para>
|
||||
|
||||
<programlisting># <command>alsaconf</command></programlisting>
|
||||
|
||||
<para>With your sound card(s) detected, launch
|
||||
<command>alsamixer</command> to view the available channels. The
|
||||
<command>alsamixer</command><indexterm>
|
||||
<primary>alsamixer</primary>
|
||||
</indexterm> tool will show you all channels associated with your
|
||||
sound card. You will find that, by default, all channels are muted.
|
||||
Unmute them, but bring the volume of the channels to a safe setting.
|
||||
Don't worry, you can increase them whenever you want later.</para>
|
||||
|
||||
<programlisting># <command>alsamixer</command></programlisting>
|
||||
|
||||
<para>Inside alsamixer, you can</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>move from one channel to the other with the arrow keys
|
||||
(left/right)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>increase/decrease the volume of each channel with the arrow
|
||||
keys (up/down)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>mute/unmute the channel using the 'M' key</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>exit the application using the Escape key (or Alt+Q)</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>If your sound card has particular features you can't seem to find
|
||||
inside the mixer application, you will need to turn to the
|
||||
<command>alsactl</command> command. The
|
||||
<command>alsactl</command><indexterm>
|
||||
<primary>alsactl</primary>
|
||||
</indexterm> utility supports multiple devices and allows you to tweak
|
||||
every supported feature of your sound card. Its interface is quite
|
||||
simple: use alsactl to dump the sound card information to a file, then
|
||||
edit the file to your likings. Once finished, use alsactl to read the
|
||||
(modified) file back.</para>
|
||||
|
||||
<programlisting># <command>alsactl -f /path/to/asound.state store</command>
|
||||
(Now edit /path/to/asound.state)
|
||||
# <command>alsactl -f /path/to/asound.state restore</command></programlisting>
|
||||
|
||||
<para>If you have changed the file to such an extend that you can't get
|
||||
the sound to work again, you can re-initialize the settings using
|
||||
<command>alsactl init</command>.</para>
|
||||
|
||||
<para>Finally, if you have multiple devices, use a sequence number to
|
||||
identify them. You can find your list of numbers in
|
||||
/proc/asound/cards:</para>
|
||||
|
||||
<programlisting>$ <command>cat /proc/asound/cards</command>
|
||||
0 [ICH6 ]: ICH4 - Intel ICH6
|
||||
Intel ICH6 with Cx20468-31 at irq 17</programlisting>
|
||||
|
||||
<para>The number (I only have one card, so mine is 0) can then be passed
|
||||
on to the various alsa utilities, like so:</para>
|
||||
|
||||
<programlisting>$ <command>alsamixer -c 0</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Keeping your Changes</title>
|
||||
|
||||
<para>When you booted your system, you unmuted the channels and set the
|
||||
mixer channels according to your likings. However, if you do nothing
|
||||
more now, you'll have to redo all this again after every boot. To solve
|
||||
this, you need to store the current settings in a state file (yes, using
|
||||
alsactl) and automatically read those in at boot time.</para>
|
||||
|
||||
<para>This is exactly what the alsasound init script does (as provided
|
||||
by Gentoo's alsa-utils package). So, add alsasound to your boot
|
||||
runlevel, save your current settings and then start the initialization
|
||||
script:</para>
|
||||
|
||||
<programlisting># <command>rc-update add alsasound boot</command>
|
||||
# <command>alsactl -f /var/lib/alsa/asound.state store</command>
|
||||
# <command>/etc/init.d/alsasound start</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Using Sound Servers</title>
|
||||
|
||||
<para>I mentioned before that ALSA supports multiple software access to
|
||||
a single device. With the above configuration, you're still not able to
|
||||
do so. To provide such multiplexing capabilities, you can create a new
|
||||
audio device (some sort of mixer) which aggregates information to/from
|
||||
the device and sends/reads it from as many software processes as you
|
||||
like.</para>
|
||||
|
||||
<para>This is one of the tasks that sound servers do: these programs
|
||||
manage access to the sound card (interfaces) and allow multiple software
|
||||
processes to use the sound facilities of your system. Some well known
|
||||
sound servers are esd, aRTs (deprecated), JACK and PulseAudio.</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>esd<indexterm>
|
||||
<primary>esd</primary>
|
||||
</indexterm> (Enlightenment Sound Daemon) is GNOME's sound
|
||||
management daemon. esd, also known as ESounD, not only supports the
|
||||
abovementioned mixing, but can also manage network-transparent
|
||||
audio: audio played on one system can be heard on another. To this
|
||||
end, any application supporting esd can stream its audio to any
|
||||
system running esd on the network.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>aRTs<indexterm>
|
||||
<primary>aRTs</primary>
|
||||
</indexterm> (Analog RealTime Synthesizer) is KDE's former sound
|
||||
daemon. Although development has been abandoned, you will still find
|
||||
references to aRTs here and there on the Internet. Its main power
|
||||
was its real-time audio streaming capabilities.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>JACK<indexterm>
|
||||
<primary>JACK</primary>
|
||||
</indexterm> (JACK Audio Connection Kit) is a real-time sound
|
||||
server which supports various operating systems (including GNU/Linux
|
||||
and Apple's OS X). It also supports network-transparent audio,
|
||||
real-time mixing, etc.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>PulseAudio<indexterm>
|
||||
<primary>PulseAudio</primary>
|
||||
</indexterm> (PulseAudio) is another sound daemon. It is meant to
|
||||
be a replacement for esd but with a wider support field (including
|
||||
Microsoft Windows and POSIX-compliant operating systems).</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>If you'd like to use one of these sound servers (you do need to
|
||||
pick one if you don't want to get confused), install one of the
|
||||
following packages:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>esd can be installed from
|
||||
<package>media-sound/esound</package>, although most people will
|
||||
already have it installed if they are running GNOME (it is a
|
||||
dependency of the GNOME installation)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>JACK can be installed with
|
||||
<package>media-sound/jack</package></para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>PulseAudio can be installed from
|
||||
<package>media-sound/pulseaudio</package>.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Enable the corresponding USE flag (esd, jack or pulseaudio) and
|
||||
update your system. Portage will automatically rebuild those packages
|
||||
that are influenced by the USE flag change and incorporate support for
|
||||
the selected sound daemon in those packages:</para>
|
||||
|
||||
<programlisting># <command>nano -w /etc/make.conf</command>
|
||||
<emphasis>(Edit USE, add the appropriate USE flag)</emphasis>
|
||||
# <command>emerge --update --deep --newuse world</command></programlisting>
|
||||
|
||||
<para>You can also ask euse which packages are affected by a USE flag
|
||||
change:</para>
|
||||
|
||||
<programlisting># <command>euse -I pulseaudio</command></programlisting>
|
||||
|
||||
<para>If you want to know which packages all use a specific USE flag
|
||||
(even uninstalled packages), use <command>euse -i</command>:</para>
|
||||
|
||||
<programlisting># <command>euse -i pulseaudio</command></programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>CUPS - former "Common Printing Unix System"</title>
|
||||
|
||||
<para>If you need to connect your Linux system to a printer, using the
|
||||
CUPS<indexterm>
|
||||
<primary>CUPS</primary>
|
||||
</indexterm> tool is advised. With CUPS you can both connect to locally
|
||||
attached printers (USB, LPT) as well as remote (through Windows sharing or
|
||||
IPP). You can also use CUPS to build a print server yourself, although
|
||||
this is definitely outside the scope of this book.</para>
|
||||
|
||||
<section>
|
||||
<title>Installing CUPS</title>
|
||||
|
||||
<para>Before you start installing the software, you will first need to
|
||||
make sure that your kernel configuration supports the printer:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>for locally attached printers using the (old) LPT interface,
|
||||
look for "Parallel port support -> PC-style hardware" and
|
||||
"Parallel printer support -> IEEE 1284 transfer modes")</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>for locally attached printers using the USB interface, look
|
||||
for "USB Printer support" (as well as all other USB-required
|
||||
settings such as one of the xHCI supports)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>for remote printers using the Windows sharing
|
||||
(SMB-CIFS<indexterm>
|
||||
<primary>SMB-CIFS</primary>
|
||||
</indexterm> protocol), look for "Network File Systems -> SMB
|
||||
file system support" and "CIFS support")</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>for remote printers using the IPP protocol, you generally do
|
||||
not need to enable any additional settings in the kernel</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>If you notice that you have not selected the right configuration
|
||||
yet, you'll need to rebuild the kernel and reboot (see our chapter on
|
||||
"<link linkend="configuringkernel">Configuring a Linux
|
||||
Kernel</link>").</para>
|
||||
|
||||
<para>Next, install the <package>net-print/cups</package> package,
|
||||
making sure you select the correct USE flags (this is discussed in a
|
||||
different chapter).</para>
|
||||
|
||||
<programlisting>~# <command>emerge net-print/cups</command></programlisting>
|
||||
|
||||
<para>Don't worry if you do not have all USE flags correct from the
|
||||
first run. As I will mention later, it is always possible to update USE
|
||||
flags afterwards and then have Gentoo rebuild those packages affected by
|
||||
that change.</para>
|
||||
|
||||
<para>If your printer is locally attached, you need to start the CUPS
|
||||
service:</para>
|
||||
|
||||
<programlisting>~# <command>/etc/init.d/cups start</command></programlisting>
|
||||
|
||||
<para>Also, make sure it is started upon every (re)boot:</para>
|
||||
|
||||
<programlisting>~# <command>rc-update add cups default</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Configuring CUPS</title>
|
||||
|
||||
<para>CUPS offers a web interface to configure CUPS (and configure your
|
||||
printer). You can reach it through <ulink
|
||||
url="http://localhost:631">http://localhost:631</ulink>. In the
|
||||
Administration page, enter your root login and password information and
|
||||
you can get started with the configuration. <ulink
|
||||
url="http://www.gentoo.org/doc/en/printing-howto.xml">The Gentoo
|
||||
Printing HOWTO</ulink> offers a great walkthrough of the
|
||||
configuration.</para>
|
||||
|
||||
<para>You probably hoped for a more elaborate discussion on printer
|
||||
configuration. Perhaps in the far future I will discuss printer
|
||||
configuration more, but for the time being I'm going to limit this and
|
||||
refer to Gentoo's guide and the main <ulink
|
||||
url="http://www.cups.org">CUPS</ulink> site.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Managing Device Files</title>
|
||||
|
||||
<para>Almost every device on your system is represented by a device file.
|
||||
The <command>udev</command><indexterm>
|
||||
<primary>udev</primary>
|
||||
</indexterm> device manager discovers attached devices, creates device
|
||||
files in <filename>/dev</filename> (yes, you can create them - take a look
|
||||
at the <command>mknod</command><indexterm>
|
||||
<primary>mknod</primary>
|
||||
</indexterm> manpage) and often also creates symbolic links to those
|
||||
device files so you can find the correct device file more easily.</para>
|
||||
|
||||
<para>The <command>udev</command> tool receives events from the Linux
|
||||
kernel; the moment such an event is received, <command>udev</command>
|
||||
matches the device attributes as offered by sysfs (you can browse through
|
||||
<filename>/sys</filename> if you want to see what
|
||||
<emphasis>sysfs</emphasis><indexterm>
|
||||
<primary>sysfs</primary>
|
||||
</indexterm> offers) against a set of rules. These rules you can view at
|
||||
<filename>/lib/udev/rules.d</filename> (provided by the udev distribution)
|
||||
and <filename>/etc/udev/rules.d</filename> (provided by third-party
|
||||
packages and, of course, your own rules if you write them
|
||||
yourself).</para>
|
||||
|
||||
<para>Gentoo offers a set of default rules which should be sufficient for
|
||||
most users. For instance, they create links to the (removable) disks
|
||||
inside <filename>/dev/disk/by-id</filename>, <filename>by-path</filename>
|
||||
and <filename>by-uuid</filename>, which should allow you to have a device
|
||||
link for fstab which will be the same regardless of when you plug it in
|
||||
(in case of a hot pluggable device, of course). This is important, because
|
||||
if you have, for instance, two USB storage devices, the order in which
|
||||
they are plugged in defines the <filename>/dev/sd*</filename> device
|
||||
naming. By using the links at <filename>/dev/disk/by-*</filename> you can
|
||||
make sure that the correct device is targeted.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Further Resources</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><ulink url="http://www.gentoo.org/doc/en/alsa-guide.xml">Gentoo
|
||||
ALSA Guide</ulink>, an excellent resource on configuring ALSA within
|
||||
Gentoo.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.reactivated.net/writing_udev_rules.html">Writing udev
|
||||
rules</ulink>, written by Daniel Drake</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.gentoo.org/doc/en/printing-howto.xml">Gentoo Printing
|
||||
HOWTO</ulink>, another excellent resource by Gentoo, now on printer
|
||||
configuration.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</chapter>
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,659 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>User Management</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>Linux is a multi-user operating system. Even systems that will be
|
||||
used by a single user are configured as a multi-user system. This has
|
||||
various advantages:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>security-wise, your system is protected from malicious software
|
||||
execution as the software is executed as an unprivileged user rather
|
||||
than the system administrator</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>if at any time multiple users are going to work on the system,
|
||||
you just need to add the user to the system (no need to upgrade to a
|
||||
multi-user environment first)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>you can easily back up all files belonging to a particular user
|
||||
as all user files are located inside his home directory</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>if you messed up your personal configuration for a particular
|
||||
software title, you can just remove the configuration files (or move
|
||||
them aside) and start the software title up again to start with a
|
||||
clean slate. No configuration changes made by a user are propagated
|
||||
system-wide</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>How you deal with this multi-user environment depends on your
|
||||
needs...</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Adding or Removing Users</title>
|
||||
|
||||
<para>If your system is used by various users, you will need to add or
|
||||
remove their user accounts. Before starting with the command syntax, first
|
||||
a few words on how this information is stored on the Linux system.</para>
|
||||
|
||||
<section>
|
||||
<title>User Account Information</title>
|
||||
|
||||
<para>A user is identified by his user id, which is an ordinary integer
|
||||
number. However, it is much easier to use a username instead of a
|
||||
number. For this purpose, a Unix/Linux system maps a username to a user
|
||||
id. By default, this information is stored within the
|
||||
<filename>/etc/passwd</filename><indexterm>
|
||||
<primary>passwd</primary>
|
||||
|
||||
<secondary>file</secondary>
|
||||
</indexterm> file. However, you can also configure your system to
|
||||
obtain this information from a central repository (like an LDAP
|
||||
service), similar to how Windows can be configured to connect to an
|
||||
Active Directory.</para>
|
||||
|
||||
<section>
|
||||
<title id="passwdfile">The passwd file</title>
|
||||
|
||||
<para>The <filename>passwd</filename> file contains a line for every
|
||||
user. Each line contains 7 fields, separated by colons:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Username</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Password, or "x" if the password is stored elsewhere</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>User ID</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Primary group ID</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Comment or description</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Home directory</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Default shell</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>The <emphasis>password field</emphasis><indexterm>
|
||||
<primary>password</primary>
|
||||
|
||||
<secondary>passwd file</secondary>
|
||||
</indexterm> on modern systems contains an "x", telling the system
|
||||
that the password is stored inside the
|
||||
<filename>/etc/shadow</filename> file. Storing the passwords elsewhere
|
||||
is needed to improve the security of the system: the
|
||||
<filename>passwd</filename> file should be world readable because many
|
||||
tools rely on it. Storing the password (even when it is encrypted or
|
||||
hashed) in a publically readable file is asking for troubles - tools
|
||||
exist that attempt to crack user account passwords given the encrypted
|
||||
/ hashed password values.</para>
|
||||
|
||||
<para>For this reason, the hashed password is stored inside the
|
||||
<filename>/etc/shadow</filename> file which is only readable by the
|
||||
root user (system administrator). The tools that work with passwords
|
||||
are small in number and highly audited to decrease the chance that
|
||||
they contain any vulnerabilities. More about the shadow file
|
||||
later...</para>
|
||||
|
||||
<para>As you will see in the next section, a user can be a member of
|
||||
many groups. However, every user has a single, <emphasis>primary
|
||||
group</emphasis><indexterm>
|
||||
<primary>primary group</primary>
|
||||
</indexterm>: this is the active group at the moment that the user
|
||||
is logged on. The active group defines the group ownership of the
|
||||
resources the user creates while logged on (remember, resources are
|
||||
assigned three ownership groups: user, group and others).</para>
|
||||
|
||||
<para>The users' <emphasis>home directory</emphasis><indexterm>
|
||||
<primary>home directory</primary>
|
||||
</indexterm> is usually the directory where the user has full write
|
||||
access to (even more, it is most often the <emphasis>only</emphasis>
|
||||
directory where the user has write access to). If a user is logged on
|
||||
through the command line (not graphically), it is also the directory
|
||||
where the user starts to work from.</para>
|
||||
|
||||
<para>Finally, the default <emphasis>shell</emphasis> for this
|
||||
particular user is defined. We've talked about what a shell is before.
|
||||
Unix/Linux has several shells, each shell provides roughly the same
|
||||
functionality, but is manipulated differently. Gentoo Linux by default
|
||||
uses the bash<indexterm>
|
||||
<primary>bash</primary>
|
||||
</indexterm> shell (bourne again shell), a powerfull shell with lots
|
||||
of additional functions such as command autocompletion, output
|
||||
coloring and more. Smaller shells also exist, such as csh (c shell) or
|
||||
ksh (korn shell).</para>
|
||||
|
||||
<para>More information about shells is available online.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>The shadow file</title>
|
||||
|
||||
<para>The <filename>shadow</filename> file<indexterm>
|
||||
<primary>shadow</primary>
|
||||
|
||||
<secondary>file</secondary>
|
||||
</indexterm> contains all information regarding a users' password.
|
||||
The most important field for many is the (hashed) password itself, but
|
||||
other information is available as well. The shadow file, like the
|
||||
passwd file, has a single line for every user; fields are separated by
|
||||
colons.</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Username</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Hashed password value</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Date of last password change (counted in days since Jan 1,
|
||||
1970)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Number of days that need to pass before the password can be
|
||||
changed by the user</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Maximum number of days since the password change that the
|
||||
password can be used; after this amount of days, the password will
|
||||
need to be changed by the user</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Number of days before expiry date (see field 5) that the
|
||||
user will be warned about the pending password change
|
||||
policy</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>If the password isn't changed after this many days after the
|
||||
forced password change, the account is locked</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Date when the account is (or will be) locked (counted in
|
||||
days since Jan 1, 1970)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Reserved field (not used)</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>If the last three fields are left empty (which is the default
|
||||
case), their enforcement isn't valid.</para>
|
||||
|
||||
<para>The password value is <emphasis>hashed</emphasis><indexterm>
|
||||
<primary>hash function</primary>
|
||||
</indexterm>, meaning that the password itself is not stored on the
|
||||
disk (nor in any encrypted form). Instead, a mathematical formula is
|
||||
used to create a unique number or string from a password. To verify if
|
||||
a password given by a user matches, the given password is passed
|
||||
through the same mathematical formula and the resulting number or
|
||||
string is matched against the stored string. Such method makes it
|
||||
harder for a user to find out the password even if he has access to
|
||||
the shadow file because he can't deduce the password from the hash
|
||||
value.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Other account storage: nsswitch.conf</title>
|
||||
|
||||
<para>Account information can be stored elsewhere - any repository
|
||||
will do, as long as it provides at least the same information as the
|
||||
passwd (and shadow) file. This is important because in enterprise
|
||||
environments, you rather want to keep track of user accounts in a
|
||||
central repository rather than in the files on several hundreds of
|
||||
systems.</para>
|
||||
|
||||
<para>The <filename>/etc/nsswitch.conf</filename><indexterm>
|
||||
<primary>nsswitch.conf</primary>
|
||||
</indexterm> file defines where the system can find this
|
||||
information. An excerpt from an nsswitch.conf file is given below. You
|
||||
notice that it defines services on every line followed by the
|
||||
repository (or repositories) that manages the information.</para>
|
||||
|
||||
<programlisting>passwd: compat
|
||||
shadow: compat
|
||||
group: compat
|
||||
hosts: files dns</programlisting>
|
||||
|
||||
<para>In the example, the passwd, shadow and group services are
|
||||
managed by the "compat" implementation. Compat is the default
|
||||
implementation provided by glibc (GNU C Library) which offers access
|
||||
to the various <filename>/etc/*</filename> files. The hosts service
|
||||
(used to resolve hostnames to IP addresses and vice versa) is managed
|
||||
by two implementations:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>"files", which is the implementation that offers access to
|
||||
the /etc/hosts file (a table containing IP address and
|
||||
hostname(s))</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>"dns", which is the implementation that offers queries with
|
||||
DNS servers</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Group Information</title>
|
||||
|
||||
<para>Group membership is used to group different users who need access
|
||||
to a shared resource: assign the resource to a particular group and add
|
||||
the users to this group.</para>
|
||||
|
||||
<section>
|
||||
<title>The /etc/group file</title>
|
||||
|
||||
<para>Similar with the /etc/passwd file, group information is stored
|
||||
inside the /etc/group. Again, every line in this text file defines a
|
||||
group; the fields within a group definition are separated by a
|
||||
colon.</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>Group name</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Group password, or "x" if the password is stored
|
||||
elsewhere</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Group ID</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Group members (who don't have the group as a primary
|
||||
group)</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
|
||||
<para>It might seem strange to have a password on a group. After all,
|
||||
a user logs on using his username. However, there is a sane reason for
|
||||
this: you can add users to a different group and password-protect this
|
||||
group. If a user is logged on to the system (but doesn't use the
|
||||
particular group as primary group) and leaves his terminal, malicious
|
||||
users can't change to this particular group without knowing the
|
||||
password even if they have access to the users' terminal (and
|
||||
therefore logged on session).</para>
|
||||
|
||||
<para>Group passwords aren't used often though. The cases where group
|
||||
passwords can be used (privileged groups) are usually implemented
|
||||
differently (for instance using privilege escalation tools like
|
||||
sudo).</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Creating or Deleting Users</title>
|
||||
|
||||
<section>
|
||||
<title>The useradd command</title>
|
||||
|
||||
<para>If you want to add a user to the system, you can use the
|
||||
<command>useradd</command><indexterm>
|
||||
<primary>useradd</primary>
|
||||
</indexterm> command (you'll need to be root to perform this
|
||||
action):</para>
|
||||
|
||||
<programlisting># <command>useradd -D thomas</command></programlisting>
|
||||
|
||||
<para>In the above example, a user account identified by "thomas" is
|
||||
created using the system default settings (which, for a Gentoo Linux
|
||||
system, means that the default shell is bash, the home directory is
|
||||
/home/thomas, etc) after which his password is set.</para>
|
||||
|
||||
<para>You can pass on additional arguments to the useradd command to
|
||||
alter the users' attributes (such as the user id, home directory,
|
||||
primary group ...). I encourage you to read the useradd manual page
|
||||
for more information.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>The userdel command</title>
|
||||
|
||||
<para>If a user account needs to be removed from the system, you can
|
||||
use the <command>userdel</command><indexterm>
|
||||
<primary>userdel</primary>
|
||||
</indexterm> command.</para>
|
||||
|
||||
<programlisting># <command>userdel -r thomas</command></programlisting>
|
||||
|
||||
<para>With the <command>-r</command> option,
|
||||
<command>userdel</command> not only removes the user account from the
|
||||
system but also cleans and removes the users' home directory. If you
|
||||
omit this option, the users' home directory remains available on the
|
||||
system, allowing you to keep his (private or not) files for future
|
||||
use.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>The usermod command</title>
|
||||
|
||||
<para>To manipulate an existing account, you can use the
|
||||
<command>usermod</command><indexterm>
|
||||
<primary>usermod</primary>
|
||||
</indexterm> command. For instance, to modify the primary group of
|
||||
the thomas account to the "localusers" group:</para>
|
||||
|
||||
<programlisting># <command>usermod -g localusers thomas</command></programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Adding or Removing Users to/from Groups</title>
|
||||
|
||||
<para>Once a user account is created, you can't use
|
||||
<command>useradd</command> to add the user to one or more groups.</para>
|
||||
|
||||
<section>
|
||||
<title>Creating or Deleting Groups</title>
|
||||
|
||||
<para>First of all, if a group doesn't exist yet, you'll need to
|
||||
create it: the <command>groupadd</command><indexterm>
|
||||
<primary>groupadd</primary>
|
||||
</indexterm> command does this for you. Similarly, to remove a group
|
||||
from the system, you can use <command>groupdel</command><indexterm>
|
||||
<primary>groupdel</primary>
|
||||
</indexterm>.</para>
|
||||
|
||||
<warning>
|
||||
<para>You will be able to remove groups even though there are still
|
||||
users member of this group. The only check that groupdel performs is
|
||||
to see if a group is a users' primary group (in which case the
|
||||
operation fails).</para>
|
||||
</warning>
|
||||
|
||||
<programlisting># <command>groupadd audio</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Manipulating Group Membership</title>
|
||||
|
||||
<para>Suppose you want to add or remove a user from a group, you can
|
||||
use the <command>usermod</command> tool (as seen before) or the
|
||||
<command>gpasswd</command> tool.</para>
|
||||
|
||||
<para>The <command>gpasswd</command><indexterm>
|
||||
<primary>gpasswd</primary>
|
||||
</indexterm> tool is the main tool used to manipulate the group
|
||||
file. For instance, to add a user to a particular group (in the
|
||||
example the "audio" group):</para>
|
||||
|
||||
<programlisting># <command>gpasswd -a audio thomas</command></programlisting>
|
||||
|
||||
<para>Most resources on a Unix system are protected by a particular
|
||||
group: you need to be a member of a particular group in order to
|
||||
access those resources. The following tables gives an overview of
|
||||
interesting groups.</para>
|
||||
|
||||
<table>
|
||||
<title>Incomplete (!) list of system groups</title>
|
||||
|
||||
<tgroup cols="2">
|
||||
<thead>
|
||||
<row>
|
||||
<entry align="center">Group name</entry>
|
||||
|
||||
<entry align="center">Description / resources</entry>
|
||||
</row>
|
||||
</thead>
|
||||
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>wheel</entry>
|
||||
|
||||
<entry>Be able to "<command>su -</command>" to switch to the
|
||||
root user</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>audio</entry>
|
||||
|
||||
<entry>Be able to use the sound card on the system</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>video</entry>
|
||||
|
||||
<entry>Be able to use the graphical card for hardware
|
||||
rendering purposes (not needed for plain 2D
|
||||
operations)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>cron</entry>
|
||||
|
||||
<entry>Be able to use the system scheduler (cron)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>cdrom</entry>
|
||||
|
||||
<entry>Be able to mount a CD/DVD</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Setting and Changing Passwords</title>
|
||||
|
||||
<para>The <command>passwd</command> command allows you to change or set
|
||||
an accounts' password.</para>
|
||||
|
||||
<programlisting># <command>passwd thomas</command>
|
||||
New UNIX password: <emphasis>(enter thomas' password)</emphasis>
|
||||
Retype new UNIX password: <emphasis>(re-enter thomas' password)</emphasis>
|
||||
passwd: password updated succesfully</programlisting>
|
||||
|
||||
<para>The root user is always able to alter a users' password. If a user
|
||||
wants to change his own password, the passwd command will first ask the
|
||||
user to enter his current password (to make sure it is the user and not
|
||||
someone who took the users' session in the users' absence) before
|
||||
prompting to enter the new password.</para>
|
||||
|
||||
<para>With the tool, you can also immediately expire the users' password
|
||||
(<command>-e</command>), lock or unlock the account
|
||||
(<command>-l</command> or <command>-u</command>) and more. In effect,
|
||||
this tool allows you to manipulate the <filename>/etc/shadow</filename>
|
||||
file.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Elevating User Privileges</title>
|
||||
|
||||
<para>On any system, a regular user has little to no rights to perform
|
||||
administrative tasks. However, on a home workstation you'd probably want
|
||||
to be able to shut down the system. You can log on as the root user on a
|
||||
different (virtual) terminal, but you can also elevate your own
|
||||
privileges...</para>
|
||||
|
||||
<section>
|
||||
<title>Switching User</title>
|
||||
|
||||
<para>With the <command>su</command><indexterm>
|
||||
<primary>su</primary>
|
||||
</indexterm> command you can switch your user identity in the selected
|
||||
session.</para>
|
||||
|
||||
<programlisting>$ <command>su -</command>
|
||||
Password: <emphasis>(Enter the root password)</emphasis>
|
||||
# </programlisting>
|
||||
|
||||
<para>In the above example, a regular user has switched his session to
|
||||
become a root session. The "<command>-</command>" argument informs the
|
||||
su command that not only the users' privileges should be switched, but
|
||||
also that the root users' environment should be loaded. Without the
|
||||
"<command>-</command>" option, the regular users' environment would be
|
||||
used.</para>
|
||||
|
||||
<para>This environment defines the shell behavior; its most important
|
||||
setting is the PATH variable which defines where the binaries are
|
||||
located for the commands that this user might summon.</para>
|
||||
|
||||
<para>With su, you can also switch to a different user:</para>
|
||||
|
||||
<programlisting>$ <command>su thomas -</command>
|
||||
Password: (Enter thomas' password)
|
||||
$ </programlisting>
|
||||
|
||||
<para>If you just want to execute a single command as a different user,
|
||||
you can use the "-c" argument:</para>
|
||||
|
||||
<programlisting>$ <command>su -c "shutdown -h now"</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Assigning Specific Privileged Commands</title>
|
||||
|
||||
<para>The su-based methods require the user to know the password of the
|
||||
other accounts. On many systems, you might not want this. There are two
|
||||
ways of dealing with such situations: marking a command so that it
|
||||
always runs as a privileged user, or use a tool that elevates privileges
|
||||
without requiring the password for the elevated privilege...</para>
|
||||
|
||||
<section>
|
||||
<title>Marking Commands for Elevated Execution</title>
|
||||
|
||||
<para>Executable binaries (not shell scripts) can be marked so that
|
||||
the Unix/Linux kernel executes that command as a specific user,
|
||||
regardless of who started the command. This mark is the
|
||||
<emphasis>setuid</emphasis><indexterm>
|
||||
<primary>setuid</primary>
|
||||
</indexterm> bit. Once set (using the chmod command), the tool is
|
||||
always executed with the rights of the owner and not the rights of the
|
||||
executor:</para>
|
||||
|
||||
<programlisting># <command>chmod +s /path/to/command</command></programlisting>
|
||||
|
||||
<warning>
|
||||
<para>Using setuid tools is generally considered a security risk. It
|
||||
is better to avoid setuid tools when possible and use tools such as
|
||||
sudo, as explained later.</para>
|
||||
</warning>
|
||||
|
||||
<para>For instance, if the shutdown command is marked setuid, then
|
||||
every user is able to run the shutdown command as root (which is the
|
||||
commands' owner) and thus be able to shut down or reboot the
|
||||
system.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Using sudo</title>
|
||||
|
||||
<para>If you mark an executable using the setuid bit, every user can
|
||||
execute the command as the application owner (root). You usually don't
|
||||
want to allow this but rather assign the necessary rights on a
|
||||
per-user, per-command basis. Enter sudo.</para>
|
||||
|
||||
<para>The <command>sudo</command><indexterm>
|
||||
<primary>sudo</primary>
|
||||
</indexterm> tool allows the system administrator to grant a set of
|
||||
users (individually or through groups) the rights to execute one or
|
||||
more commands as a different user (such as root), with or without
|
||||
requiring their password (for the same reason as the passwd command
|
||||
which asks the users' password before continuing).</para>
|
||||
|
||||
<para>Once available, the system administrator can run the
|
||||
<command>visudo</command><indexterm>
|
||||
<primary>visudo</primary>
|
||||
</indexterm> command to edit the configuration file. In the next
|
||||
example, the following definitions are set:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>All users in the wheel group are allowed to execute any
|
||||
command as root</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>All users in the operator group are allowed to shutdown the
|
||||
system</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The test user is allowed to run a script called webctl.ksh
|
||||
without a password</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>All users in the httpd group are allowed to edit the
|
||||
/etc/apache2/conf/httpd.conf file through sudoedit</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<programlisting>%wheel ALL=(ALL) ALL
|
||||
%operator ALL=/sbin/shutdown
|
||||
test ALL=NOPASSWD: /usr/local/bin/webctl.ksh
|
||||
%httpd ALL=(ALL) sudoedit /etc/apache2/conf/httpd.conf</programlisting>
|
||||
|
||||
<para>If sudo is set up, users can execute commands by prepending
|
||||
<command>sudo</command> to it. If allowed, some users can even obtain
|
||||
a root shell through the <command>sudo -i</command> command.</para>
|
||||
|
||||
<programlisting><emphasis>(Execute a single command as root)</emphasis>
|
||||
$ <command>sudo mount /media/usb</command>
|
||||
Enter password: <emphasis>(unless configured with NOPASSWD)</emphasis>
|
||||
<emphasis>(Obtain a root shell)</emphasis>
|
||||
$ <command>sudo -i</command>
|
||||
Enter password: <emphasis>(unless configured with NOPASSWD)</emphasis>
|
||||
# </programlisting>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Exercises</title>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>When invoking commands using sudo, sudo logs every attempt
|
||||
(including username, working directory and command itself). Where is
|
||||
this log?</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</section>
|
||||
</chapter>
|
|
@ -0,0 +1,823 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>Network Management</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>An important aspect of system management is networking
|
||||
configuration. Linux is a very powerful operating system with major
|
||||
networking capabilities. Even more, many network appliances are in fact
|
||||
Linux-based.</para>
|
||||
|
||||
<para>There are two configurations you'll most likely get in contact with:
|
||||
wired network configuration (of which I'll discuss the Ethernet
|
||||
connection) and wireless (IEEE 802.11* standards).</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Supporting your Network Card</title>
|
||||
|
||||
<section>
|
||||
<title>Native Driver Support</title>
|
||||
|
||||
<section>
|
||||
<title>PCI Cards</title>
|
||||
|
||||
<para>First of all, check how many interfaces you would expect on your
|
||||
system. Verify this with the PCI devices found by Linux. For instance,
|
||||
to find out about a wired network controller ("Ethernet"
|
||||
controller):</para>
|
||||
|
||||
<programlisting># <command>lspci | grep Ethernet</command>
|
||||
06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
|
||||
RTL-8169 Gigabit Ethernet (rev 10)</programlisting>
|
||||
|
||||
<para>In this case, one network card was found that offered Ethernet
|
||||
capabilities. The card uses the Realtek 8169 chipset.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>USB Network Cards</title>
|
||||
|
||||
<para>There are a few USB devices which offer networking capabilities
|
||||
(most of them wireless) which have native Linux support. An example
|
||||
are the USB devices with the Intel 4965agn chipset. If your Linux
|
||||
kernel supports it, the moment you plug it in, a network interface
|
||||
should be made available. For instance, for wireless devices you could
|
||||
use <command>iwconfig</command>, for regular Ethernet cards
|
||||
<command>ifconfig</command>:</para>
|
||||
|
||||
<programlisting># <command>iwconfig</command>
|
||||
lo no wireless extensions.
|
||||
|
||||
dummy0 no wireless extensions.
|
||||
|
||||
eth0 no wireless extensions.
|
||||
|
||||
wlan0 IEEE 802.11g ESSID:"default" Nickname:"default"
|
||||
Mode:Managed Frequency:2.412 GHz Access Point: 00:1D:6A:A2:CD:29
|
||||
Bit Rate:54 Mb/s Tx-Power=20 dBm Sensitivity=8/0
|
||||
Retry limit:7 RTS thr:off Fragment thr:off
|
||||
Power Management:off
|
||||
Link Quality=89/100 Signal level=-37 dBm Noise level=-89 dBm
|
||||
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
|
||||
Tx excessive retries:0 Invalid misc:0 Missed beacon:7</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Support through Windows Drivers</title>
|
||||
|
||||
<para>It is possible to support your (wireless or not) network card
|
||||
using the Windows drivers. The tool you need to install for that is
|
||||
called <command>ndiswrapper</command><indexterm>
|
||||
<primary>ndiswrapper</primary>
|
||||
</indexterm>. First, install ndiswrapper:</para>
|
||||
|
||||
<programlisting># <command>emerge ndiswrapper</command></programlisting>
|
||||
|
||||
<para>Next, either download the windows drivers for the network card or
|
||||
mount the driver CD that was provided with the card. In the drivers, you
|
||||
should find an .inf file. This file contains information regarding the
|
||||
driver(s) for the card and is used by ndiswrapper to create a
|
||||
wrapper.</para>
|
||||
|
||||
<para>Install the driver using <command>ndiswrapper -i</command> from
|
||||
within the location where the driver is unpacked:</para>
|
||||
|
||||
<programlisting># <command>ndiswrapper -i net8191se.inf</command></programlisting>
|
||||
|
||||
<para>To verify if the driver installation succeeded, get an overview of
|
||||
the installed drivers using <command>ndiswrapper -l</command>:</para>
|
||||
|
||||
<programlisting># <command>ndiswrapper -l</command>
|
||||
|
||||
net8191se: driver installed, hardware present</programlisting>
|
||||
|
||||
<para>As you can see, the driver got installed and detected compatible
|
||||
hardware.</para>
|
||||
|
||||
<para>Now have ndiswrapper create the necessary modprobe information
|
||||
(modprobe is used by the system to load kernel modules with the correct
|
||||
information; ndiswrapper creates modprobe information that ensures that,
|
||||
when the ndiswrapper kernel module is loaded, the installed wrapper
|
||||
drivers are enabled as well) and make sure that the ndiswrapper kernel
|
||||
module is started when you boot your system:</para>
|
||||
|
||||
<programlisting># <command>ndiswrapper -m</command>
|
||||
# <command>nano -w /etc/modules.autoload.d/kernel-2.6</command>
|
||||
(Add "ndiswrapper" on a new line)</programlisting>
|
||||
|
||||
<para>You can manually load the ndiswrapper kernel module as
|
||||
well:</para>
|
||||
|
||||
<programlisting># <command>modprobe ndiswrapper</command></programlisting>
|
||||
|
||||
<para>You can now check if the network interface is available
|
||||
(<command>iwconfig</command> or <command>ifconfig</command>).</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Verify your Networking Abilities</title>
|
||||
|
||||
<para>To find out if Linux has recognized this interface, run the
|
||||
<command>ip link</command><indexterm>
|
||||
<primary>ip</primary>
|
||||
|
||||
<secondary>command</secondary>
|
||||
</indexterm> command. It will show you the interfaces that it has
|
||||
recognized on your system:</para>
|
||||
|
||||
<programlisting># <command>ip link</command>
|
||||
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
|
||||
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|
||||
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
|
||||
link/ether 00:c0:9f:94:6b:f5 brd ff:ff:ff:ff:ff:ff
|
||||
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
|
||||
qlen 1000
|
||||
link/ether 00:12:f0:57:99:37 brd ff:ff:ff:ff:ff:ff</programlisting>
|
||||
|
||||
<para>Now, to find out which interface maps to the Ethernet controller
|
||||
shown before you'll need to check the Linux kernel output when it
|
||||
detected the interfaces. You can either use
|
||||
<command>dmesg</command><indexterm>
|
||||
<primary>dmesg</primary>
|
||||
</indexterm> (which displays the last few thousands of lines produced
|
||||
by the Linux kernel) or <filename>/var/log/dmesg</filename> (depending
|
||||
on your system logger) which is the logfile where all Linux kernel
|
||||
output is stored for the duration of the systems' session (i.e. until
|
||||
the next reboot).</para>
|
||||
|
||||
<programlisting># <command>grep -i eth0 /var/log/dmesg</command>
|
||||
eth0: RTL8169sb/8110sb at 0xf8826000, 00:c0:9f:94:6b:f5, XID 10000000
|
||||
IRQ 11</programlisting>
|
||||
|
||||
<para>In this case, the eth0 interface indeed maps to the Ethernet
|
||||
controller found before.</para>
|
||||
|
||||
<para>If Linux does not recognize your device, you'll need to
|
||||
reconfigure your Linux kernel to include support for your network
|
||||
driver. The Linux kernel configuration has been discussed before as part
|
||||
of the device management chapter.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Wired Network Configuration</title>
|
||||
|
||||
<para>Most systems have support for the popular Ethernet network
|
||||
connection. I assume that you are already familiar with the term Ethernet
|
||||
and the TCP/IP basics.</para>
|
||||
|
||||
<para>Before you configure Gentoo Linux to support your Ethernet
|
||||
connection, you'll first need to make sure that your network card is
|
||||
supported. Once available, you'll configure your interface to either use a
|
||||
manually set IP address or automatically obtain an IP address.</para>
|
||||
|
||||
<section>
|
||||
<title>Configuring the Wired Network</title>
|
||||
|
||||
<para>There are two methods you can use to configure your wired network:
|
||||
a manual approach (which works on all Linux systems) or the Gentoo Linux
|
||||
specific approach.</para>
|
||||
|
||||
<section>
|
||||
<title>Manual Configuration</title>
|
||||
|
||||
<para>The quickest method for configuring your network is to tell
|
||||
Linux what you want - a static IP address for your interface, or
|
||||
automatically obtain the IP address information from a DHCP server
|
||||
which is running on your network (most Internet sharing tools or
|
||||
appliances include DHCP functionality).</para>
|
||||
|
||||
<para>To set the static IP address 192.168.0.100 to the eth0
|
||||
interface, telling Linux that the gateway on the network is reachable
|
||||
through 192.168.0.1 (the IP address that shares access to outside
|
||||
networks):</para>
|
||||
|
||||
<programlisting># <command>ifconfig eth0 192.168.0.100 netmask 255.255.255.0
|
||||
broadcast 192.168.0.255 up</command>
|
||||
# <command>ip route add default via 192.168.0.1</command></programlisting>
|
||||
|
||||
<para>In the example, I used the <command>ifconfig</command><indexterm>
|
||||
<primary>ifconfig</primary>
|
||||
</indexterm> command to tell Linux to assign the IP address
|
||||
192.168.0.100 to the eth0 interface, setting the netmask (part of the
|
||||
IP address that denotes the network) to 255.255.255.0 and broadcast
|
||||
(IP address which addresses all IP addresses in the local network) to
|
||||
192.168.0.255. This is the same as assigning the IP address on a
|
||||
192.168.0.1/24 network (for those who understand the CIDR
|
||||
notation).</para>
|
||||
|
||||
<para>If you need static IP addresses but don't know the netmask (and
|
||||
broadcast), please ask your network administrator - these are quite
|
||||
basic settings necessary for an IP configuration.</para>
|
||||
|
||||
<para>You'll most likely also receive a set of IP addresses which
|
||||
correspond to the DNS servers (name servers) for your network. You'll
|
||||
need to set those IP addresses inside the
|
||||
<filename>/etc/resolv.conf</filename><indexterm>
|
||||
<primary>resolv.conf</primary>
|
||||
</indexterm> file:</para>
|
||||
|
||||
<programlisting># <command>nano /etc/resolv.conf</command></programlisting>
|
||||
|
||||
<programlisting>search lan
|
||||
nameserver 10.2.3.4
|
||||
nameserver 10.2.3.5</programlisting>
|
||||
|
||||
<para>With this configuration file you tell Linux that a hostname can
|
||||
be resolved through the DNS services at the corresponding IP addresses
|
||||
(the name servers) if it does not know the IP address itself.</para>
|
||||
|
||||
<para>If you want to configure eth0 to automatically obtain its IP
|
||||
address (and default gateway and even DNS servers), which is the most
|
||||
popular method for local network configurations, you can use a DHCP
|
||||
client such as <command>dhcpcd</command><indexterm>
|
||||
<primary>dhcpcd</primary>
|
||||
</indexterm>:</para>
|
||||
|
||||
<programlisting># <command>dhcpcd eth0</command></programlisting>
|
||||
|
||||
<para>That's all there is to it (unless the command fails of course
|
||||
;-)</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Gentoo Linux Network Configuration</title>
|
||||
|
||||
<para>If you want to have Gentoo Linux configure your network device,
|
||||
you'll need to edit the /etc/conf.d/net file.</para>
|
||||
|
||||
<programlisting># <command>nano /etc/conf.d/net</command></programlisting>
|
||||
|
||||
<para>If you need to set the IP address yourself (static IP address),
|
||||
you'll need to set the following (suppose the static IP address is
|
||||
192.168.0.100, gateway 192.168.0.1 and netmask 255.255.255.0 and the
|
||||
name servers are 10.2.3.4 and 10.2.3.5):</para>
|
||||
|
||||
<programlisting>config_eth0=( "192.168.0.100 netmask 255.255.255.0" )
|
||||
dns_servers_eth0=( "10.2.3.4 10.2.3.5" )</programlisting>
|
||||
|
||||
<para>If you want to configure the interface to use DHCP
|
||||
(automatically obtain IP address):</para>
|
||||
|
||||
<programlisting>config_eth0=( "dhcp" )</programlisting>
|
||||
|
||||
<para>For more examples on the Gentoo Linux network configuration
|
||||
(with more advanced features), check out the
|
||||
<filename>/etc/conf.d/net.example</filename> file.</para>
|
||||
|
||||
<para>To enable this support, you need to add the net.eth0 service to
|
||||
the default runlevel and start the net.eth0 service.</para>
|
||||
|
||||
<programlisting># <command>rc-update add net.eth0 default</command>
|
||||
# <command>/etc/init.d/net.eth0 start</command></programlisting>
|
||||
|
||||
<para>If a command tells you that net.eth0 doesn't exist, create it as
|
||||
a symbolic link to the net.lo service script:</para>
|
||||
|
||||
<programlisting># <command>cd /etc/init.d; ln -s net.lo net.eth0</command></programlisting>
|
||||
|
||||
<para>More about services later.</para>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Wireless Network Configuration</title>
|
||||
|
||||
<para>For wireless configurations, a few technologies on Linux exist. One
|
||||
of them uses the native support for wireless cards, the other one is a
|
||||
software component called wpa_supplicant which also supports wireless
|
||||
cards through the device drivers provided for the Windows operating
|
||||
system.</para>
|
||||
|
||||
<section>
|
||||
<title>Supporting your Network Card</title>
|
||||
|
||||
<para>If you have configured your kernel with support for your wireless
|
||||
network card, you should be able to find the interface in the iwconfig
|
||||
output:</para>
|
||||
|
||||
<programlisting># <command>iwconfig</command>
|
||||
lo no wireless extensions.
|
||||
|
||||
eth0 no wireless extensions.
|
||||
|
||||
eth1 IEEE 802.11g ESSID:"aaa"
|
||||
Mode:Managed Frequency:2.417 GHz Access Point: 00:11:0A:2A:73:03
|
||||
Bit Rate:54 Mb/s Tx-Power=20 dBm Sensitivity=8/0
|
||||
Retry limit:7 RTS thr:off Fragment thr:off
|
||||
Encryption key:off
|
||||
Power Management:off
|
||||
Link Quality=84/100 Signal level=-49 dBm Noise level=-89 dBm
|
||||
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
|
||||
Tx excessive retries:1 Invalid misc:2 Missed beacon:7</programlisting>
|
||||
|
||||
<para>In the above example, the eth0 interface (which is a regular
|
||||
Ethernet interface) is detected but seen as not having a wireless
|
||||
capability. The eth1 interface has wireless capabilities, and its
|
||||
current wireless settings are displayed.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Using Wireless Extensions Support</title>
|
||||
|
||||
<section>
|
||||
<title>Accessing a Wireless Network</title>
|
||||
|
||||
<para>To access an existing wireless network, you need a few settings.
|
||||
Some of them can be obtained quickly, others might require information
|
||||
from your network administrator.</para>
|
||||
|
||||
<para>To use the Linux wireless extensions, install the necessary
|
||||
tools:</para>
|
||||
|
||||
<programlisting># <command>emerge -a wireless-tools</command></programlisting>
|
||||
|
||||
<para>Let's first start with the wireless network name, called the
|
||||
ESSID<indexterm>
|
||||
<primary>ESSID</primary>
|
||||
</indexterm>. With <command>iwlist</command><indexterm>
|
||||
<primary>iwlist</primary>
|
||||
</indexterm> you can obtain a list of detected wireless networks and
|
||||
their accompanying ESSIDs:</para>
|
||||
|
||||
<programlisting># <command>iwlist eth1 scan</command>
|
||||
eth1 Scan completed :
|
||||
Cell 01 - Address: 00:11:0A:2A:73:03
|
||||
ESSID:"aaa"
|
||||
Protocol:IEEE 802.11bg
|
||||
Mode:Master
|
||||
Frequency:2.417 GHz (Channel 2)
|
||||
Encryption key:off
|
||||
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 9 Mb/s; 11 Mb/s
|
||||
6 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
|
||||
48 Mb/s; 54 Mb/s
|
||||
Quality=82/100 Signal level=-48 dBm
|
||||
Extra: Last beacon: 37ms ago
|
||||
Cell 02 - Address: 00:C0:49:B0:37:43
|
||||
ESSID:"USR8022"
|
||||
Protocol:IEEE 802.11b
|
||||
Mode:Master
|
||||
Frequency:2.462 GHz (Channel 11)
|
||||
Encryption key:on
|
||||
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 22 Mb/s
|
||||
Quality=41/100 Signal level=-76 dBm
|
||||
Extra: Last beacon: 7665ms ago</programlisting>
|
||||
|
||||
<para>In this case, two wireless networks are found. The first one has
|
||||
ESSID "aaa" and does not require any encryption (so you don't need to
|
||||
know any password or passphraze to access this network) - notice the
|
||||
"Encryption key:off" setting. The second one has ESSID USR8022 and
|
||||
requires an encryption key. However, the second network's signal is
|
||||
also less powerful (lower quality and signal level).</para>
|
||||
|
||||
<para>To configure your card to use a particular ESSID, you can use
|
||||
the iwconfig command:</para>
|
||||
|
||||
<programlisting># <command>iwconfig eth1 essid aaa</command></programlisting>
|
||||
|
||||
<para>Suppose that you need to enter an encryption key as well, you
|
||||
can add the key either in its hexadecimal form, or through the ASCII
|
||||
representation.</para>
|
||||
|
||||
<programlisting># <command>iwconfig eth1 essid USR8022 key FF83-D9B3-58C4-200F-ADEA-DBEE-F3</command>
|
||||
# <command>iwconfig eth1 essid USR8022 key s:MyPassPhraze</command></programlisting>
|
||||
|
||||
<para>Once you have attached your wireless interface to a particular
|
||||
network, you can configure it as if it was a fixed Ethernet
|
||||
interface.</para>
|
||||
|
||||
<para>Now, Gentoo Linux allows you to configure your wireless network
|
||||
card through <filename>/etc/conf.d/net</filename> as well.</para>
|
||||
|
||||
<para>In the next example, the wireless configuration is set so that
|
||||
the two networks (aaa and USR8022) are supported where aaa is the
|
||||
preferred network.</para>
|
||||
|
||||
<programlisting>modules=( "iwconfig" )
|
||||
key_aaa="key off"
|
||||
key_USR8022="s:MyPassPhraze enc open"
|
||||
preferred_aps=( "aaa" "USR8022" )</programlisting>
|
||||
|
||||
<para>Again, you'll need to add the net.eth1 service to the default
|
||||
runlevel and then fire up the net.eth1 service:</para>
|
||||
|
||||
<programlisting># <command>rc-update add net.eth1 default</command>
|
||||
# <command>/etc/init.d/net.eth1 start</command></programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Using wpa_supplicant</title>
|
||||
|
||||
<para>The wpa_supplicant<indexterm>
|
||||
<primary>wpa_supplicant</primary>
|
||||
</indexterm> tool is a software component which controls the wireless
|
||||
connection between your system and an access point. A major advantage of
|
||||
<command>wpa_supplicant</command> over the previously described wireless
|
||||
tools is its support for WPA/WPA2.</para>
|
||||
|
||||
<para>Before you can use wpa_supplicant, you first need to install
|
||||
it:</para>
|
||||
|
||||
<programlisting># <command>emerge -a wpa_supplicant</command></programlisting>
|
||||
|
||||
<section>
|
||||
<title>Accessing a Wireless Network</title>
|
||||
|
||||
<para>You need to configure your wpa_supplicant to support the
|
||||
wireless network(s) you want to access. Suppose that your home network
|
||||
is called "home" and is a secured (WPA) environment with key
|
||||
"myHomeKey" and at your work there is a wireless network called
|
||||
"CompanyGuests", secured (WPA) environment with key "myCompanyKey" and
|
||||
a third network at your local computer club called "hobby", not
|
||||
secured, then the following
|
||||
<filename>wpa_supplicant.conf</filename><indexterm>
|
||||
<primary>wpa_supplicant.conf</primary>
|
||||
</indexterm> configuration could work:</para>
|
||||
|
||||
<programlisting>ctrl_interface=/var/run/wpa_supplicant
|
||||
ctrl_interface_group=wheel
|
||||
|
||||
network={
|
||||
ssid="home"
|
||||
psk="myHomeKey"
|
||||
}
|
||||
|
||||
network={
|
||||
ssid="CompanyGuests"
|
||||
psk="myCompanyKey"
|
||||
}
|
||||
|
||||
network={
|
||||
ssid="hobby"
|
||||
key_mgmt=NONE
|
||||
}</programlisting>
|
||||
|
||||
<para>The <command>wpa_supplicant</command> tool also supports WPA2.
|
||||
For instance:</para>
|
||||
|
||||
<programlisting>network={
|
||||
ssid="akkerdjie"
|
||||
proto=WPA2
|
||||
psk="highly private key"
|
||||
}</programlisting>
|
||||
|
||||
<para>If you do not like to see your private key in plain text, use
|
||||
<command>wpa_passphraze</command><indexterm>
|
||||
<primary>wpa_passphraze</primary>
|
||||
</indexterm> to encrypt your key:</para>
|
||||
|
||||
<programlisting>$ <command>wpa_passphraze akkerdjie "highly private key"</command>
|
||||
network={
|
||||
ssid="akkerdjie"
|
||||
#psk="highly private key" <remark><-- Plain comment, can be removed!</remark>
|
||||
psk=cbcb52ca4577c8c05b05e84bdd2ef72f313d3c83da18c9da388570ae3a2a0921
|
||||
}</programlisting>
|
||||
|
||||
<para>You can copy/paste the resulting information in
|
||||
<filename>wpa_supplicant.conf</filename> and remove the (commented)
|
||||
plain-text key information.</para>
|
||||
|
||||
<para>If your wireless card is found by Linux (and its powered on),
|
||||
then running the following command will activate the wpa_supplicant on
|
||||
top of it (assume the wireless interface is called wlan0):</para>
|
||||
|
||||
<programlisting># <command>wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf</command></programlisting>
|
||||
|
||||
<para>One interesting option is the -D option: with this you select
|
||||
the wireless driver to use. With -Dwext, we use the Linux wireless
|
||||
extensions (which is quite generic). In certain cases you might need
|
||||
to use a different driver - the Internet has many resources on how to
|
||||
configure your specific wireless network card with Linux if the Linux
|
||||
wireless extensions don't work.</para>
|
||||
|
||||
<para>Of course, once the configuration file is finished, you can use
|
||||
Gentoo's networking scripts as well. First, edit
|
||||
<filename>/etc/conf.d/net</filename> to use wpa_supplicant:</para>
|
||||
|
||||
<programlisting>modules=( "wpa_supplicant" )
|
||||
wpa_supplicant_wlan0="-Dwext"</programlisting>
|
||||
|
||||
<para>To have the wireless support active when you boot up your
|
||||
system, enable the net.wlan0 init script. If /etc/init.d/net.wlan0
|
||||
doesn't exist yet, first create it:</para>
|
||||
|
||||
<programlisting># <command>cd /etc/init.d</command>
|
||||
# <command>ln -s net.lo net.wlan0</command></programlisting>
|
||||
|
||||
<para>Next, add the net.wlan0 init script to the default
|
||||
runlevel:</para>
|
||||
|
||||
<programlisting># <command>rc-update add net.wlan0 default</command></programlisting>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>User-friendly Network Configuration Tools</title>
|
||||
|
||||
<para>The above information should allow you to work with any possible
|
||||
Linux installation. However, the commands might look a bit tricky and,
|
||||
especially with the wireless configuration, might even require you to hop
|
||||
between various commands or windows before you get the connection
|
||||
working.</para>
|
||||
|
||||
<para>Luckily, there are other tools around which rely on the same tools
|
||||
as mentioned before, but offer the user a saner interface from which they
|
||||
can configure their network. Note that these do require that the network
|
||||
card is already detected by Linux (so the kernel configuration part should
|
||||
have succeeded).</para>
|
||||
|
||||
<section>
|
||||
<title>Wicd</title>
|
||||
|
||||
<para>My personal favorite is Wicd, installable through
|
||||
net-misc/wicd<indexterm>
|
||||
<primary>wicd</primary>
|
||||
</indexterm>. The tool exists out of two parts: a daemon and an
|
||||
end-user configuration interface.</para>
|
||||
|
||||
<programlisting># <command>emerge wicd</command></programlisting>
|
||||
|
||||
<para>Once installed, add the wicd service to the boot or default
|
||||
runlevel:</para>
|
||||
|
||||
<programlisting># <command>rc-update add wicd default</command></programlisting>
|
||||
|
||||
<para>Next, make sure Gentoo doesn't start its own network configuration
|
||||
by editing <filename>/etc/conf.d/rc</filename>, setting the
|
||||
following:</para>
|
||||
|
||||
<programlisting>RC_PLUG_SERVICES="!net.*"</programlisting>
|
||||
|
||||
<para>Now, start the wicd service (and shut down the services you are
|
||||
currently using):</para>
|
||||
|
||||
<programlisting># <command>/etc/init.d/net.eth1 stop</command>
|
||||
# <command>/etc/init.d/wicd start</command></programlisting>
|
||||
|
||||
<para>If you run inside a graphical environment that supports applets
|
||||
(most desktop environments do), run
|
||||
<command>wicd-client</command><indexterm>
|
||||
<primary>wicd-client</primary>
|
||||
</indexterm> (from a "Run Program..." prompt or so). From within a
|
||||
command-line interface, you can use
|
||||
<command>wicd-curses</command><indexterm>
|
||||
<primary>wicd-curses</primary>
|
||||
</indexterm>. This client will connect with the service and allow you
|
||||
to configure your networks (both wired and wireless) more easily.</para>
|
||||
|
||||
<para>I refer you to the <ulink url="http://wicd.sourceforge.net">Wicd
|
||||
homepage</ulink> for more information / documentation on the
|
||||
tool.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Firewall Configuration</title>
|
||||
|
||||
<para>When your system is going to use the Internet often, using a
|
||||
firewall is encouraged. People generally believe that their operating
|
||||
system is secure out of the box if they don't click on "weird" links
|
||||
inside e-mails or Internet sites. Sadly, this isn't true. Also, Linux
|
||||
should never be seen as a secure operating system - security of a system
|
||||
is completely defined by the competence of the system
|
||||
administrator.</para>
|
||||
|
||||
<para>A firewall will not fully protect your system from malicious users
|
||||
on the (Inter)net, but it will filter many - of course, depending on the
|
||||
strength of the firewall.</para>
|
||||
|
||||
<para>There are many firewalls available for Linux; on Gentoo Linux alone
|
||||
more than a dozen tools exist (just check out the content of the
|
||||
net-firewall category). Most firewall tools use
|
||||
<command>iptables</command><indexterm>
|
||||
<primary>iptables</primary>
|
||||
</indexterm> as underlying tool. The iptables tool is an administration
|
||||
tool for manipulating IPv4 packets and is a very known and popular
|
||||
tool.</para>
|
||||
|
||||
<para>Firewall tools will often generate iptables rules to create filters
|
||||
(the actual firewall).</para>
|
||||
|
||||
<para>Because writing firewall rules is quite custom (it depends on what
|
||||
services your system offers and what tools you often use) I suggest using
|
||||
firewall tools first. Later, when you want to customize them further, you
|
||||
can write your own iptables rules.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Sharing your Internet Connection</title>
|
||||
|
||||
<para>We have seen the iptables command previously, as part of the
|
||||
firewall configuration. iptables however is not Linux' firewall tool: its
|
||||
purpose is to create rules on how to deal with network packets on your
|
||||
computer. As such, iptables can also be used to create a NAT gateway
|
||||
through which clients can access the Internet.</para>
|
||||
|
||||
<para>In the following examples, we suppose that Internet is available at
|
||||
the wlan0 interface while all clients access through the eth0 interface.
|
||||
Also, we will be assigning IP addresses in the range of
|
||||
192.168.20.200-192.168.20.250 to our clients...</para>
|
||||
|
||||
<section>
|
||||
<title>Forwarding Requests</title>
|
||||
|
||||
<para>This is the simplest step: we ask iptables to enable
|
||||
masquerading<indexterm>
|
||||
<primary>masquerading</primary>
|
||||
</indexterm> on the Internet interface. Masquerading keeps track of
|
||||
connections packets going out on this interface with their original
|
||||
source IP address; the packets on the connection are altered so it seems
|
||||
as if the local system has created the connection rather than a
|
||||
client:</para>
|
||||
|
||||
<programlisting>iptables -A POSTROUTING -t nat -o wlan0 -j MASQUERADE</programlisting>
|
||||
|
||||
<para>The only remaining tasks here is to enable forwarding packets from
|
||||
the clients to the Internet and back:</para>
|
||||
|
||||
<programlisting># <command>iptables -A FORWARD -i eth0 -o wlan0 -s 192.168.20.1/24
|
||||
-d ! 192.168.20.1/24 -j ACCEPT</command>
|
||||
# <command>iptables -A FORWARD -o eth0 -i wlan0 -d 192.168.20.1/24
|
||||
-s ! 192.168.20.1/24 -j ACCEPT</command></programlisting>
|
||||
|
||||
<para>More information about iptables and masquerading can be found on
|
||||
the Internet...</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Distributing IP Addresses</title>
|
||||
|
||||
<para>Now, if eth0 is accessible then all clients with a correct IP
|
||||
address attached to the eth0 interface can access the Internet; however,
|
||||
they will manually need to mark the local system as the default gateway
|
||||
as well as defining the necessary DNS servers. Luckily, we can automate
|
||||
this by installing a DHCP server so that clients can automatically
|
||||
obtain their IP address and necessary settings.</para>
|
||||
|
||||
<para>There are plenty of DHCP servers around. For local, small use, I
|
||||
myself use dhcp<indexterm>
|
||||
<primary>dhcp</primary>
|
||||
</indexterm>:</para>
|
||||
|
||||
<programlisting># <command>emerge dhcp</command></programlisting>
|
||||
|
||||
<para>Next, I configure dhcp to distribute the necessary IP address and
|
||||
other settings:</para>
|
||||
|
||||
<programlisting># <command>nano -w /etc/dhcp/dhcpd.conf</command></programlisting>
|
||||
|
||||
<programlisting>option domain-name "siphos.be";
|
||||
option domain-name-servers 192.168.2.1;
|
||||
default-lease-time 600;
|
||||
max-lease-time 7200;
|
||||
ddns-update-style none ;
|
||||
|
||||
option option-150 code 150 = text ;
|
||||
|
||||
subnet 192.168.20.0 netmask 255.255.255.0 {
|
||||
range 192.168.20.100 192.168.20.200;
|
||||
option routers 192.168.20.1;
|
||||
}</programlisting>
|
||||
|
||||
<para>Now that dhcpd is configured, we only need to start it when we
|
||||
need it:</para>
|
||||
|
||||
<programlisting># <command>/etc/init.d/dhcpd start</command></programlisting>
|
||||
|
||||
<para>Again, if you want to have the script started automatically, add
|
||||
it to the default runlevel.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Allowing Remote Access</title>
|
||||
|
||||
<para>If you need to allow remote access to your machine, there are a few
|
||||
tools available. As this book isn't focusing on graphical environments
|
||||
much, I'll stick with SSH access, or <emphasis>Secure
|
||||
SHell</emphasis>.</para>
|
||||
|
||||
<warning>
|
||||
<para>Allowing remote access to a system is never without security
|
||||
risks. If your security software is not up to date, or your password is
|
||||
easy to guess, or ... you risk being the target for more maliciously
|
||||
minded people. This is especially true if the IP address you have is
|
||||
immediately reachable from the Internet (either directly or because you
|
||||
use port forwarding on your routers).</para>
|
||||
</warning>
|
||||
|
||||
<section>
|
||||
<title>Secure Shell</title>
|
||||
|
||||
<para>By enabling secure shell access to your machine, people on your
|
||||
network who have an account on your system (or know the credentials of
|
||||
an account) can access your system. The tool, which is called
|
||||
<command>ssh</command><indexterm>
|
||||
<primary>ssh</primary>
|
||||
</indexterm>, encrypts the data that is sent on the network so no-one
|
||||
can eavesdrop on the network and see usernames, passwords or even more
|
||||
confidential information flow by.</para>
|
||||
|
||||
<para>To enable SSH access to your system, first install the
|
||||
<package>net-misc/openssh</package> package:</para>
|
||||
|
||||
<programlisting># <command>emerge openssh</command></programlisting>
|
||||
|
||||
<para>Of course, this doesn't automatically enable remote access: you
|
||||
still need to tell your system to start the SSH daemon. You can do this
|
||||
manually using <command>/etc/init.d/sshd</command>, but also ask Gentoo
|
||||
to automatically do this for you every time the system boots using
|
||||
<command>rc-update</command>.</para>
|
||||
|
||||
<programlisting># <command>/etc/init.d/sshd start</command>
|
||||
# <command>rc-update add sshd default</command></programlisting>
|
||||
|
||||
<para>Now that that is accomplished, you (or other users on your
|
||||
network) can access your system using any SSH client (on Windows, I
|
||||
seriously recommend <ulink
|
||||
url="http://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</ulink>).
|
||||
For instance, to access your system from another Linux system, the
|
||||
command could look like so (assuming that your IP address is
|
||||
192.168.2.100 and your username is "captain"):</para>
|
||||
|
||||
<programlisting>$ <command>ssh -l captain 192.168.2.100</command></programlisting>
|
||||
|
||||
<para>You will be asked to enter captain's password, and then you get a
|
||||
shell just like you would when you log on to the system
|
||||
physically.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Secure File Transfer</title>
|
||||
|
||||
<para>By installing and enabling SSH access to your system, you can now
|
||||
also perform secure file transfers.</para>
|
||||
|
||||
<para>There are two methods for doing secure file transfer using
|
||||
standard openssh tools: scp and sftp.</para>
|
||||
|
||||
<section>
|
||||
<title>Secure Copy</title>
|
||||
|
||||
<para>With <command>scp</command><indexterm>
|
||||
<primary>scp</primary>
|
||||
</indexterm> (secure copy) you can copy files between systems. If
|
||||
your source or destination (or both) are on a remote system, prepend
|
||||
the source/destination folder with the hostname or IP address followed
|
||||
by a colon, like so:</para>
|
||||
|
||||
<programlisting>$ <command>scp thesis.tar.gz 192.168.2.1:/mnt/usb-stick</command></programlisting>
|
||||
|
||||
<para>If the copy also needs to change to a different user (say that
|
||||
you are currently logged on as "bunny" but on the remote side, you
|
||||
only have an account "wolf"):</para>
|
||||
|
||||
<programlisting>$ <command>scp wolf@192.168.2.2:/usr/portage/distfiles/YAML-0.71.tar.gz .</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Secure FTP</title>
|
||||
|
||||
<para>With <command>sftp</command><indexterm>
|
||||
<primary>sftp</primary>
|
||||
</indexterm> (secure FTP) you have an ftp-alike tool (which supports
|
||||
the same commands) but which uses the SSH protocol for all data (and
|
||||
command) transfers.</para>
|
||||
|
||||
<programlisting>$ <command>sftp wolf@192.168.2.2</command>
|
||||
Connecting to 192.168.2.2...
|
||||
Password: <remark>(enter wolf's password)</remark>
|
||||
sftp> <command>cd /usr/portage/distfiles</command>
|
||||
sftp> <command>pwd</command>
|
||||
Remote working directory: /usr/portage/distfiles
|
||||
sftp> <command>lpwd</command>
|
||||
Local working directory: /home/bunny
|
||||
sftp> <command>get YAML-*</command>
|
||||
Fetching /usr/portage/distfiles/YAML-0.71.tar.gz to YAML-0.71.tar.gz
|
||||
/usr/portage/distfiles/YAML-0.71.tar.gz 100% 110KB 110.3KB/s 00:00
|
||||
sftp> </programlisting>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Further Resources</title>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><ulink
|
||||
url="http://www.linuxquestions.org/linux/answers/Networking/NdisWrapper_The_Ultimate_Guide/">NdisWrapper:
|
||||
The Ultimate Guide</ulink> on www.linuxquestions.org</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</chapter>
|
|
@ -0,0 +1,676 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>Service Management</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>A <emphasis>service</emphasis><indexterm>
|
||||
<primary>service</primary>
|
||||
</indexterm> is a generic term which can be used in many contexts. Here,
|
||||
a service is a tool that runs in the background (also known as a
|
||||
<emphasis>daemon</emphasis><indexterm>
|
||||
<primary>daemon</primary>
|
||||
</indexterm>) which offers a certain functionality to the system or to
|
||||
the users. It is also possible that the tool just performs a single set of
|
||||
tasks and then quits.</para>
|
||||
|
||||
<para>Examples of services on a Linux system are:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>the logger service, allowing programs on the system to send
|
||||
logging notifications to a global location which is then parsed and
|
||||
processed by a logger tool (example: syslog-ng).</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>the clock service, which sets the necessary environmental
|
||||
definitions (like timezone information)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>the SSH service, allowing users to log on to your system
|
||||
remotely (through the secure shell)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>...</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>The scripts that manipulate the services are called <emphasis>init
|
||||
scripts</emphasis><indexterm>
|
||||
<primary>init scripts</primary>
|
||||
</indexterm> (initialization scripts) and reside inside
|
||||
<filename>/etc/init.d</filename>. Although this is quite generic for all
|
||||
Linux distributions, Gentoo offers a somewhat different way of working
|
||||
with services, so not all activities mentioned in this chapter can be used
|
||||
for other distributions.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Services at System Boot / Shutdown</title>
|
||||
|
||||
<para>When your system boots, the Linux kernel starts a process called
|
||||
<command>init</command>. This tool executes a set of tasks defined by the
|
||||
various init levels on the system. Each init level defines a set of
|
||||
services to start (or stop) at this stage.</para>
|
||||
|
||||
<para>Within Gentoo, init levels are mapped onto named runlevels.</para>
|
||||
|
||||
<para>When init is launched, it will first run the sysinit and bootwait
|
||||
init levels. On Gentoo, the associated runlevels are also called sysinit
|
||||
and boot (sysinit is not configurable). Then, it will start the services
|
||||
for the runlevel it is configured to boot into (by default, init level 3).
|
||||
This init level at Gentoo is mapped onto the "default" runlevel.</para>
|
||||
|
||||
<para>For instance, the following services are launched when I start my
|
||||
laptop (sysinit not shown, but sysinit is always launched).</para>
|
||||
|
||||
<programlisting># <command>rc-status boot</command>
|
||||
Runlevel: boot
|
||||
alsasound [ started ]
|
||||
bootmisc [ started ]
|
||||
checkfs [ started ]
|
||||
checkroot [ started ]
|
||||
clock [ started ]
|
||||
consolefont [ started ]
|
||||
hostname [ started ]
|
||||
keymaps [ started ]
|
||||
localmount [ started ]
|
||||
modules [ started ]
|
||||
net.lo [ started ]
|
||||
rmnologin [ started ]
|
||||
urandom [ started ]
|
||||
# <command>rc-status default</command>
|
||||
Runlevel: default
|
||||
hald [ started ]
|
||||
local [ started ]
|
||||
net.eth0 [ started ]
|
||||
net.eth1 [ stopped ]
|
||||
sshd [ started ]
|
||||
syslog-ng [ started ]
|
||||
udev-postmount [ started ]
|
||||
xdm [ started ]</programlisting>
|
||||
|
||||
<para>As you can see, all configured services for the two runlevels (boot
|
||||
and default) are launched but one: net.eth1 isn't started (because it is
|
||||
my wireless interface and I'm currently on a cabled network which uses
|
||||
net.eth0).</para>
|
||||
|
||||
<para>The init configuration file is called
|
||||
<filename>/etc/inittab</filename><indexterm>
|
||||
<primary>inittab</primary>
|
||||
</indexterm>. The next excerpt is not a full
|
||||
<filename>inittab</filename> but explains most important settings:</para>
|
||||
|
||||
<programlisting>id:3:initdefault: # The default init level is 3
|
||||
si::sysinit:/sbin/rc sysinit # sysinit > run the Gentoo "sysinit" runlevel
|
||||
rc::bootwait:/sbin/rc boot # bootwait > run the Gentoo "boot" runlevel
|
||||
l0:0:wait:/sbin/rc shutdown # init level 0 > run the Gentoo "shutdown" runlevel
|
||||
l1:S1:wait:/sbin/rc single # init level S1 > run the Gentoo "single" runlevel
|
||||
l3:3:wait:/sbin/rc default # init level 3 > run the Gentoo "default" runlevel
|
||||
l6:6:wait:/sbin/rc reboot # init level 6 > run the Gentoo "reboot" runlevel</programlisting>
|
||||
|
||||
<para>Okay, so in the end, init uses Gentoo's runlevels. How do you
|
||||
configure those?</para>
|
||||
|
||||
<section>
|
||||
<title>Init Scripts</title>
|
||||
|
||||
<para>An init script is a script that manipulates a particular service.
|
||||
It should support the "start" and "stop" arguments as these are used by
|
||||
the <command>init</command> tool (actually the
|
||||
<command>rc</command><indexterm>
|
||||
<primary>rc</primary>
|
||||
</indexterm> tool which is called by <command>init</command>). For
|
||||
instance:</para>
|
||||
|
||||
<programlisting># <command>/etc/init.d/udhcp start</command>
|
||||
# <command>/etc/init.d/syslog-ng stop</command></programlisting>
|
||||
|
||||
<para>As you can see, the scripts reside in the
|
||||
<filename>/etc/init.d</filename> directory. These scripts are usually
|
||||
provided by the tools themselves (udhcp and syslog-ng in our examples)
|
||||
but sometimes you might need to write one yourself. Luckily, this is
|
||||
less and less the case.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Gentoo Runlevels</title>
|
||||
|
||||
<para>Inside <filename>/etc/runlevels</filename>, Gentoo keeps track of
|
||||
the various scripts that need to be started when init starts a specific
|
||||
init level (which maps onto a Gentoo runlevel):</para>
|
||||
|
||||
<programlisting># <command>ls /etc/runlevels</command>
|
||||
boot default nonetwork single</programlisting>
|
||||
|
||||
<para>Inside the directories you get an overview of the services that
|
||||
should be started when the runlevel is active. For instance, inside the
|
||||
default runlevel one could see:</para>
|
||||
|
||||
<programlisting># <command>ls /etc/runlevels/default</command>
|
||||
local net.eth0 net.wlan0 syslog-ng xdm</programlisting>
|
||||
|
||||
<para>The files found inside these directories are symbolic links,
|
||||
pointing to the associated init script found inside /etc/init.d:</para>
|
||||
|
||||
<programlisting># <command>ls -l /etc/runlevels/default/local</command>
|
||||
lrwxrwxrwx 1 root root 17 Jul 12 2004
|
||||
/etc/runlevels/default/local -> /etc/init.d/local</programlisting>
|
||||
|
||||
<para>To manipulate the Gentoo runlevels, you can manipulate the
|
||||
symbolic links inside these directories directly, but you can also use
|
||||
the tools rc-update, rc-config and rc-status.</para>
|
||||
|
||||
<para>With <command>rc-update</command><indexterm>
|
||||
<primary>rc-update</primary>
|
||||
</indexterm>, you can add or delete links from a particular runlevel.
|
||||
For instance, to remove the xdm init script from the default
|
||||
runlevel:</para>
|
||||
|
||||
<programlisting># <command>rc-update del xdm default</command></programlisting>
|
||||
|
||||
<para>With <command>rc-status</command><indexterm>
|
||||
<primary>rc-status</primary>
|
||||
</indexterm>, you can see what scripts should be started in the
|
||||
selected runlevel and the current state. The next example shows that the
|
||||
net.eth0 runlevel is not started currently even though it is a service
|
||||
for the default runlevel (the reason is simple: I deactivated it as I
|
||||
don't need the interface currently):</para>
|
||||
|
||||
<programlisting># <command>rc-status default</command>
|
||||
Runlevel: default
|
||||
local [started]
|
||||
net.eth0 [stopped]
|
||||
net.wlan0 [started]
|
||||
syslog-ng [started]
|
||||
xdm [started]</programlisting>
|
||||
|
||||
<para>With <command>rc-config</command><indexterm>
|
||||
<primary>rc-config</primary>
|
||||
</indexterm>, you can manipulate the runlevels (just like with
|
||||
<command>rc-update</command>), show the current status of a particular
|
||||
runlevel (just like with <command>rc-status</command>) and view all
|
||||
currently available init scripts and the runlevels in which they are
|
||||
available (actually, <command>rc-update</command> can also do this using
|
||||
<command>rc-update show</command>):</para>
|
||||
|
||||
<programlisting># <command>rc-config list</command>
|
||||
(...)</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>List of Default Services</title>
|
||||
|
||||
<para>When a pristine Gentoo install has finished, you will already have
|
||||
quite a few services available. The following sections give a quick
|
||||
overview of those services and what they stand for.</para>
|
||||
|
||||
<section>
|
||||
<title>alsasound</title>
|
||||
|
||||
<para>The alsasound<indexterm>
|
||||
<primary>alsasound</primary>
|
||||
</indexterm> service is responsible for loading the appropriate
|
||||
sound kernel modules (if they are known as modules) and
|
||||
saving/restoring the sound configuration at boot-up / shutdown.</para>
|
||||
|
||||
<para>When the service is started, you might see kernel modules being
|
||||
loaded in memory. However, no other processes are started as part of
|
||||
this service.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>bootmisc</title>
|
||||
|
||||
<para>The bootmisc<indexterm>
|
||||
<primary>bootmisc</primary>
|
||||
</indexterm> service is responsible for various boot-level
|
||||
activities, such as:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>loading the kernel parameters from
|
||||
<filename>/etc/sysctl.conf</filename><indexterm>
|
||||
<primary>sysctl.conf</primary>
|
||||
</indexterm>.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>cleaning up directories to ensure they don't contain rogue
|
||||
information that might hinder the bootup</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>create, if they don't exist, system files with the correct
|
||||
permissions</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>checkfs</title>
|
||||
|
||||
<para>The checkfs<indexterm>
|
||||
<primary>checkfs</primary>
|
||||
</indexterm> service is responsible for verifying the integrity of
|
||||
your systems' file systems. By default, it will verify the integrity
|
||||
of the file systems whose last digit in
|
||||
<filename>/etc/fstab</filename> isn't zero. You can force a root file
|
||||
system check by adding the <parameter>forcefsck</parameter><indexterm>
|
||||
<primary>forcefsck</primary>
|
||||
</indexterm> boot parameter or force a full file system check for
|
||||
all partitions (listed in the fstab file) by creating an empty
|
||||
"/forcefsck" file. This file will be automatically removed once the
|
||||
check has been finished.</para>
|
||||
|
||||
<programlisting># <command>touch /forcefsck</command></programlisting>
|
||||
|
||||
<para>On the other hand, if you want to ignore the file system checks,
|
||||
add the <parameter>fastboot</parameter><indexterm>
|
||||
<primary>fastboot</primary>
|
||||
</indexterm> boot parameter.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>checkroot</title>
|
||||
|
||||
<para>The checkroot<indexterm>
|
||||
<primary>checkroot</primary>
|
||||
</indexterm> service is responsible for checking the consistency of
|
||||
the root file system. This service uses the same boot parameters
|
||||
(forcefsck or fastboot) as the checkfs service. </para>
|
||||
|
||||
<para>The service is also responsible for remounting the root file
|
||||
system read-write (by default it gets mounted read-only by the Linux
|
||||
kernel).</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>clock</title>
|
||||
|
||||
<para>The clock<indexterm>
|
||||
<primary>clock</primary>
|
||||
|
||||
<secondary>service</secondary>
|
||||
</indexterm> service is responsible for setting the system time
|
||||
based on the BIOS clock and the settings defined in
|
||||
<filename>/etc/conf.d/clock</filename>. It will also synchronise the
|
||||
system clock with your hardware clock during shutdown.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>consolefont</title>
|
||||
|
||||
<para>The consolefont<indexterm>
|
||||
<primary>consolefont</primary>
|
||||
</indexterm> service is responsible for setting the console
|
||||
font.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>hald</title>
|
||||
|
||||
<para>The hald<indexterm>
|
||||
<primary>hald</primary>
|
||||
|
||||
<secondary>service</secondary>
|
||||
</indexterm> service is responsible for starting the hardware
|
||||
abstraction layer daemon (see <link linkend="HAL">HAL</link>).</para>
|
||||
|
||||
<para>Once the service has finished starting, you will find the hald
|
||||
process running as the haldaemon user.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>hostname</title>
|
||||
|
||||
<para>The hostname<indexterm>
|
||||
<primary>hostname</primary>
|
||||
|
||||
<secondary>service</secondary>
|
||||
</indexterm> service is responsible for setting your systems'
|
||||
hostname based on the input of
|
||||
<filename>/etc/conf.d/hostname</filename>.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>keymaps</title>
|
||||
|
||||
<para>The keymaps<indexterm>
|
||||
<primary>keymaps</primary>
|
||||
</indexterm> service is responsible for setting your keyboard
|
||||
mapping (qwerty, azerty, dvorak, ...) based on the
|
||||
<filename>/etc/conf.d/keymaps</filename> file.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>local</title>
|
||||
|
||||
<para>The local<indexterm>
|
||||
<primary>local</primary>
|
||||
</indexterm> service is responsible for handling your custom
|
||||
activities which you have stated in
|
||||
<filename>/etc/conf.d/local.start</filename> and
|
||||
<filename>/etc/conf.d/local.stop</filename>. The local service is ran
|
||||
as last service before you can log on to your system.</para>
|
||||
|
||||
<para>As you completely manage what this service does, I can't tell
|
||||
you what will happen when the service has finished starting. By
|
||||
default however, it doesn't do anything.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>localmount</title>
|
||||
|
||||
<para>The localmount<indexterm>
|
||||
<primary>localmount</primary>
|
||||
</indexterm> service is responsible for mounting all local file
|
||||
systems (mentioned in <filename>/etc/fstab</filename>). It also
|
||||
initiates the necessary support for USB file systems, specific binary
|
||||
format file systems, security file systems and enabling the swap file
|
||||
system.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>modules</title>
|
||||
|
||||
<para>The modules<indexterm>
|
||||
<primary>modules</primary>
|
||||
|
||||
<secondary>service</secondary>
|
||||
</indexterm> service is responsible for automatically loading the
|
||||
kernel modules listed in
|
||||
<filename>/etc/modules.autoload</filename><indexterm>
|
||||
<primary>modules.autoload</primary>
|
||||
</indexterm>.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>net.lo (net.*)</title>
|
||||
|
||||
<para>The net.lo<indexterm>
|
||||
<primary>net.lo</primary>
|
||||
</indexterm> service is responsible for loading networking support
|
||||
for a specific interface. Although the name suggests that it only
|
||||
supports the lo (loopback) interface, the service actually supports
|
||||
any interface. Other interface scripts are just symbolic links to this
|
||||
script.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>rmnologin</title>
|
||||
|
||||
<para>The rmnologin<indexterm>
|
||||
<primary>rmnologin</primary>
|
||||
</indexterm> service is responsible for changing the state of your
|
||||
system from a non-logon-capable system (set by the bootmisc service)
|
||||
to a logon-capable one. This is needed to ensure no-one can log on to
|
||||
your system while important services are being loaded.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>sshd</title>
|
||||
|
||||
<para>The sshd<indexterm>
|
||||
<primary>sshd</primary>
|
||||
|
||||
<secondary>service</secondary>
|
||||
</indexterm> service is responsible for launching the secure shell
|
||||
daemon, which allows you to access your system from a remote location
|
||||
(as long as the network / firewalls permit it) in a secure manner.
|
||||
</para>
|
||||
|
||||
<para>Once the service has finished starting, you will find the sshd
|
||||
process running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>syslog-ng (or any other system logger service)</title>
|
||||
|
||||
<para>The syslog-ng<indexterm>
|
||||
<primary>syslog-ng</primary>
|
||||
|
||||
<secondary>service</secondary>
|
||||
</indexterm> service is responsible for starting the syslog-ng
|
||||
daemon, which is responsible for watching the
|
||||
<filename>/dev/log</filename> socket for log events and managing those
|
||||
events by dispatching them towards the right log file (or other log
|
||||
server).</para>
|
||||
|
||||
<para>Once the service has finished starting, you will find the
|
||||
syslog-ng process running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>udev-postmount</title>
|
||||
|
||||
<para>The udev-postmount<indexterm>
|
||||
<primary>udev-postmount</primary>
|
||||
</indexterm> service is responsible for re-evaluating udev events
|
||||
between the moment udev was started and the moment udev-postmount is
|
||||
started which might have failed for any reason (for instance because
|
||||
not everything was up and running yet).</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>urandom</title>
|
||||
|
||||
<para>The urandom<indexterm>
|
||||
<primary>urandom</primary>
|
||||
</indexterm> service is responsible for initializing the random
|
||||
number generator in a somewhat more secure manner (using a random seed
|
||||
obtained during the last shutdown of the system). Without this, the
|
||||
random number generator would be a bit more predictable.</para>
|
||||
|
||||
<para>Once the service has finished starting, no additional processes
|
||||
will be running.</para>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Service Configurations</title>
|
||||
|
||||
<section>
|
||||
<title>General Service Configuration</title>
|
||||
|
||||
<para>Gentoo's general configuration file for the start-up service
|
||||
behavior is <filename>/etc/rc.conf</filename> and
|
||||
<filename>/etc/conf.d/rc</filename>.</para>
|
||||
|
||||
<section>
|
||||
<title>/etc/rc.conf</title>
|
||||
|
||||
<para>Inside the <filename>rc.conf</filename> file, generic settings
|
||||
which are (or might be) needed by several services can be configured.
|
||||
The syntax is, as usual, "key=value".</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>UNICODE="yes" (or "no"), which specifies if you want to use
|
||||
Unicode support at the console</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>EDITOR="/bin/nano" (or any other text editor), which
|
||||
specifies the default text editor you want to use</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>XSESSION="Xfce4" (or any other supported graphical session
|
||||
manager), which specifies the default graphical environment to
|
||||
launch</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>/etc/conf.d/rc</title>
|
||||
|
||||
<para>In the /etc/conf.d/rc file, you specify configuration settings
|
||||
that affect or influence the system service handling behaviour. The
|
||||
file contains lots of comments which should make it a bit easier to
|
||||
work with. So consider the list below more of a small introduction
|
||||
rather than a complete list. As usual, the syntax uses a key=value
|
||||
set.</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><parameter>RC_PARALLEL_STARTUP</parameter><indexterm>
|
||||
<primary>RC_PARALLEL_STARTUP</primary>
|
||||
</indexterm> ("yes" or "no") informs the system service handling
|
||||
to attempt to start services in parallel as much as
|
||||
possible.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para><parameter>RC_NET_STRICT_CHECKING</parameter><indexterm>
|
||||
<primary>RC_NET_STRICT_CHECKING</primary>
|
||||
</indexterm> ("none", "lo", "no", "yes") informs the system when
|
||||
it should consider networking to be available:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>none = networking is always available</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>lo = networking is available the moment the loopback
|
||||
interface (lo) is available</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>no = networking is available the moment at least one
|
||||
non-loopback interface is available</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>yes = networking is available when all non-loopback
|
||||
interfaces are available</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>The <emphasis>loopback interface</emphasis><indexterm>
|
||||
<primary>loopback interface</primary>
|
||||
</indexterm> is a surreal interface which only supports local
|
||||
traffic (localhost, 127.0.0.1). Linux by default enables this
|
||||
interface (it is a kernel configuration) so that one can work with
|
||||
networking tools even if the system isn't on any network. It also
|
||||
makes the development of certain applications a lot easier once
|
||||
they can assume some networking is available (even if it is "just"
|
||||
localhost).</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Specific Service Configuration</title>
|
||||
|
||||
<para>Each system service within Gentoo can be configured using a file
|
||||
in <filename>/etc/conf.d</filename> which is named the same as the
|
||||
service itself (except in a few specific cases like network
|
||||
configurations, which use the <filename>/etc/conf.d/net</filename>
|
||||
configuration file). All these files use a key=value syntax for
|
||||
configuration purposes.</para>
|
||||
|
||||
<para>For instance, the <command>/etc/init.d/clock</command> init script
|
||||
can be configured using the <filename>/etc/conf.d/clock</filename>
|
||||
configuration file.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Softlevel States</title>
|
||||
|
||||
<para>Gentoo supports softlevels, which are specific configurations of
|
||||
one or more services. The need exists, because you might create
|
||||
different runlevels (say "work" and "home" instead of just "default") in
|
||||
which services need to be configured differently. As the services would
|
||||
only use their general configuration file, this wouldn't work.</para>
|
||||
|
||||
<para>To initiate softlevels, you need to specify
|
||||
"softlevel=<yoursoftlevel>" at the kernel option line (for
|
||||
instance, in GRUB, this means you add it to grub.conf's kernel line).
|
||||
Once set, Gentoo will try to start the softlevel given instead of the
|
||||
default runlevel (coincidentally named "default") and first look for
|
||||
configurations of this softlevel for each service. If it cannot find
|
||||
specific configurations, it will use the default one.</para>
|
||||
|
||||
<para>An example use of softlevels would be to define a softlevel "work"
|
||||
and a softlevel "home". Both initiate different settings, such as
|
||||
different networking settings, different clock settings, different
|
||||
crypto-loop settings, etc. This could result in the following two GRUB
|
||||
configuration entries:</para>
|
||||
|
||||
<programlisting>title=Gentoo Linux @Home
|
||||
kernel /kernel-2.6.31 root=/dev/sda2 softlevel=home
|
||||
|
||||
title=Gentoo Linux @Work
|
||||
kernel /kernel-2.6.31 root=/dev/sda2 softlevel=work</programlisting>
|
||||
|
||||
<para>Whenever a service is started (or stopped), it will look for its
|
||||
configuration file called
|
||||
<filename>/etc/conf.d/<servicename>.<softlevel></filename>
|
||||
(for instance, <filename>/etc/conf.d/clock.work</filename>) and if that
|
||||
doesn't exist, use the default one (for instance,
|
||||
<filename>/etc/conf.d/clock</filename>).</para>
|
||||
|
||||
<para>To finish the softlevel, create a new runlevel with the
|
||||
softlevels' name:</para>
|
||||
|
||||
<programlisting># <command>mkdir /etc/runlevels/work</command></programlisting>
|
||||
|
||||
<para>Finish up by adding the services you need to this runlevel.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Bootlevel States</title>
|
||||
|
||||
<para>The idea behind bootlevel is the same as softlevel, but instead of
|
||||
changing the default runlevel "default", you change the default boot
|
||||
runlevel "boot".</para>
|
||||
</section>
|
||||
</section>
|
||||
</chapter>
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,572 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>System Management</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>System management is a broad term. It is my attempt to cover the
|
||||
system administration tasks that almost every administrator (or end user)
|
||||
will need to know for his system, such as time management, language
|
||||
management, keyboard settings and more.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Environment Variables</title>
|
||||
|
||||
<para>The Linux operating system makes extensive use of environment
|
||||
variables.</para>
|
||||
|
||||
<para>An environment variable<indexterm>
|
||||
<primary>environment variable</primary>
|
||||
</indexterm> is a simply a key-value pair which a process can read out.
|
||||
For instance, the environment variable <varname>EDITOR</varname> (with, as
|
||||
an example, value <filename>/bin/nano</filename>) informs the process who
|
||||
reads it that the default text editor is (in this case) nano. These
|
||||
variables are not system-wide: if you alter the value of a variable, the
|
||||
change is only active in the session where you are in (which is your shell
|
||||
and the processes started from the shell).</para>
|
||||
|
||||
<section>
|
||||
<title>List of Environment Variables</title>
|
||||
|
||||
<para>There are quite a few environment variables you'll come across
|
||||
often.</para>
|
||||
|
||||
<section>
|
||||
<title>DISPLAY</title>
|
||||
|
||||
<para>The <parameter>DISPLAY</parameter><indexterm>
|
||||
<primary>DISPLAY</primary>
|
||||
</indexterm> environment variable is used when you're logged on to a
|
||||
Unix/Linux system graphically. It identifies where X applications
|
||||
should "send" their graphical screens to. When you log on to a system
|
||||
remotely, this variable is set to your local IP address and the screen
|
||||
number you're using on this system. Most of the time, when you're
|
||||
logged on locally, it's content is ":0.0" (the first screen on the
|
||||
system).</para>
|
||||
|
||||
<para>Note that "screen" here isn't the hardware device, but a name
|
||||
given to a running X instance.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>EDITOR</title>
|
||||
|
||||
<para>The <parameter>EDITOR</parameter><indexterm>
|
||||
<primary>EDITOR</primary>
|
||||
</indexterm> variable identifies the default text editor you want to
|
||||
use. Applications that spawn a text editor (for instance, visudo) to
|
||||
edit one or more files, use this variable to know which text editor to
|
||||
launch.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>LANG and other locale specific variables</title>
|
||||
|
||||
<para>Locales are discussed later in this chapter. Its environment
|
||||
variables (<parameter>LANG</parameter> and the various
|
||||
<parameter>LC_*</parameter> variables) identify the users' language,
|
||||
timezone, currency, number formatting and more.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>PATH</title>
|
||||
|
||||
<para>The PATH variable identifies the directories where the system
|
||||
should look for executable files (being binaries or shell scripts). If
|
||||
unset or set incorrectly, you cannot execute a command without
|
||||
providing the entire path to this command (except built-in shell
|
||||
commands as those are no executable files).</para>
|
||||
|
||||
<para>Below is a small example of a PATH variable:</para>
|
||||
|
||||
<programlisting>~$ <command>echo $PATH</command>
|
||||
/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.2:
|
||||
/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin:
|
||||
/usr/kde/3.5/bin:/usr/qt/3/bin:/usr/games/bin:/home/swift/bin/</programlisting>
|
||||
|
||||
<para>An example of what happens when PATH is not set:</para>
|
||||
|
||||
<programlisting>~$ <command>ls</command>
|
||||
(... listing of current directory ...)
|
||||
~$ <command>unset PATH</command>
|
||||
~$ <command>ls</command>
|
||||
-bash: ls: No such file or directory
|
||||
~$ <command>/bin/ls</command>
|
||||
(... listing of current directory ...)</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>TERM</title>
|
||||
|
||||
<para>The <parameter>TERM</parameter><indexterm>
|
||||
<primary>TERM</primary>
|
||||
</indexterm> variable allows command-line programs with special
|
||||
characters to identify which terminal you use to run them. Although
|
||||
nowadays the xterm TERM is most used, sometimes you will find yourself
|
||||
logged on to a different system which doesn't know xterm or where the
|
||||
application looks really awkward. In such cases a solution could be to
|
||||
set the TERM variable to, for instance, vt100.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>How to Set an Environment Variable</title>
|
||||
|
||||
<para>Environment variables are user specific, but can be set on three
|
||||
levels: session (only valid for the current, open session), user (only
|
||||
valid for this user and used as default for all sessions of this user)
|
||||
or system wide (used as a global default).</para>
|
||||
|
||||
<section>
|
||||
<title>Session Specific</title>
|
||||
|
||||
<para>When you want to set an environment variable for a specific
|
||||
session, you can use the shell <command>set</command><indexterm>
|
||||
<primary>set</primary>
|
||||
</indexterm> or <command>export</command><indexterm>
|
||||
<primary>export</primary>
|
||||
</indexterm> command:</para>
|
||||
|
||||
<programlisting>~$ <command>ls -z</command>
|
||||
ls: invalid option -- z
|
||||
Try `ls --help` for more information.
|
||||
~$ <command>export LANG="fr"</command>
|
||||
~$ <command>ls -z</command>
|
||||
ls: option invalide -- z
|
||||
Pour en savoir davantage, faites: `ls --help`</programlisting>
|
||||
|
||||
<para>Which one to use depends on what you actually want to
|
||||
achieve:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>With <command>set</command>, you change the environment
|
||||
variable for this session, but not for the subshells you might
|
||||
want to start from the current shell. In other words, set is local
|
||||
to the shell session.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>With <command>export</command>, you change the environment
|
||||
variable for this session as well as subshells you might want to
|
||||
start from the current shell from this point onward. In other
|
||||
words, export is global.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>User Specific</title>
|
||||
|
||||
<para>User specific environment settings are best placed inside the
|
||||
<filename>.bashrc</filename><indexterm>
|
||||
<primary>.bashrc</primary>
|
||||
</indexterm> file. This file is automatically read when a user is
|
||||
logged on (at least when he is using the bash shell). A more
|
||||
shell-agnostic file is <filename>.profile</filename><indexterm>
|
||||
<primary>.profile</primary>
|
||||
</indexterm>. Inside the file, define the variables as you would for
|
||||
a specific session:</para>
|
||||
|
||||
<programlisting>export LANG="fr"</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>System Wide Defaults</title>
|
||||
|
||||
<para>To make an environment variable system wide, you must make sure
|
||||
that your environment variable is stored in a file or location that
|
||||
every session reads out when it is launched. By convention,
|
||||
<filename>/etc/profile</filename> is a script in which system wide
|
||||
environment variables can be placed. Gentoo offers a nice interface
|
||||
for this: inside <filename>/etc/env.d</filename> you can manage
|
||||
environment variables in a more structured approach, and the
|
||||
<command>env-update.sh</command> script will then make sure that the
|
||||
environment variables are stored elsewhere so that
|
||||
<filename>/etc/profile</filename> reads them out.</para>
|
||||
|
||||
<note>
|
||||
<para>The /etc/profile script does not read out all values inside
|
||||
/etc/env.d itself for (at least) two reasons:</para>
|
||||
|
||||
<orderedlist>
|
||||
<listitem>
|
||||
<para>The structure used in /etc/env.d uses a specific
|
||||
"appending" logic (i.e. variables that are defined several times
|
||||
do not overwrite each other; instead, their values are appended)
|
||||
which could be too hard to implement in /etc/profile without too
|
||||
much overhead. After all, /etc/profile is read by every newly
|
||||
launched session, so if it took too much time, your system would
|
||||
start up much slower.</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>The system administrator might want to make a set of
|
||||
changes which should be made atomic (for instance, remove a
|
||||
value from one variable and add it to another). If changes are
|
||||
publicized immediately, a session could read in /etc/profile
|
||||
which loads an at that time incorrect environment variable set
|
||||
(especially when a process is launched after the administrators'
|
||||
first change but before the second).</para>
|
||||
</listitem>
|
||||
</orderedlist>
|
||||
</note>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Managing Environment Entries</title>
|
||||
|
||||
<para>On Linux, the behavior of many commands is manipulated by values
|
||||
of environment entries, or environment variables. Within Gentoo Linux,
|
||||
you can manage the system-wide environment variables through the
|
||||
<filename>/etc/env.d</filename> directory.</para>
|
||||
|
||||
<section>
|
||||
<title>Environment Files</title>
|
||||
|
||||
<para>Inside /etc/env.d, you will find environment files which use a
|
||||
simple key=value syntax. For instance, the /etc/env.d/20java file
|
||||
defines, amongst other environment variables, the PATH and MANPATH
|
||||
variables:</para>
|
||||
|
||||
<programlisting># <command>cat /etc/env.d/20java</command>
|
||||
...
|
||||
MANPATH=/opt/blackdown-jdk-1.4.2.03/man
|
||||
PATH=/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin</programlisting>
|
||||
|
||||
<para>With these settings, the value of MANPATH (location where man
|
||||
will search for its manual pages) and PATH (location where the system
|
||||
will look for executable binaries every time you enter a command) is
|
||||
<emphasis>extended</emphasis> with the given values (note that the
|
||||
variables are not rewritten: their value is appended to the value
|
||||
previously assigned to the variable).</para>
|
||||
|
||||
<para>The order in which variable values are appended is based on the
|
||||
filename inside <filename>/etc/env.d</filename>. This is why most
|
||||
files start with a number (as most people find it easier to deal with
|
||||
order based on numbers, plus that the filenames themselves are still
|
||||
explanatory to what purpose they serve).</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Changing Environment Variables</title>
|
||||
|
||||
<para>If you want to change a system variable globally, you can either
|
||||
add another file to <filename>/etc/env.d</filename> or manipulate an
|
||||
existing one. In the latter case, you should be aware that application
|
||||
upgrades automatically update their entries inside
|
||||
<filename>/etc/env.d</filename> without warning (this location is not
|
||||
protected, unlike many other configuration locations).</para>
|
||||
|
||||
<para>As such, it is adviseable to always add your own files rather
|
||||
than manipulate existing ones.</para>
|
||||
|
||||
<para>When you have altered an environment file or added a new one,
|
||||
you need to call <command>env-update</command><indexterm>
|
||||
<primary>env-update</primary>
|
||||
</indexterm> to have Gentoo process the changes for you:</para>
|
||||
|
||||
<programlisting># <command>env-update</command></programlisting>
|
||||
|
||||
<para>This command will read in all environment files and write the
|
||||
final result in <filename>/etc/profile.env</filename> (which is
|
||||
sourced by <filename>/etc/profile</filename>, which is always sourced
|
||||
when a user logs on).</para>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Location Specific Settings</title>
|
||||
|
||||
<para>When I talk about location specific settings, I mean the settings
|
||||
that your neighbour is most likely to need as well: language settings,
|
||||
keyboard settings, timezone / currency settings, ... Within the Linux/Unix
|
||||
environment, these settings are combined in the locale settings and
|
||||
keyboard settings.</para>
|
||||
|
||||
<section>
|
||||
<title>Locale Settings</title>
|
||||
|
||||
<para>A <emphasis>locale</emphasis><indexterm>
|
||||
<primary>locale</primary>
|
||||
</indexterm> is a setting that identifies the language, number format,
|
||||
date/time format, timezone, daylight saving time and currency
|
||||
information for a particular user or system. This locale information is
|
||||
stored inside a variable called <parameter>LANG</parameter>; however, it
|
||||
is possible to switch a particular locale setting to another locale (for
|
||||
instance, use the American English settings for everything, but currency
|
||||
to european euro).</para>
|
||||
|
||||
<para>The following table gives an overview of the most important
|
||||
variables:</para>
|
||||
|
||||
<table>
|
||||
<title>Locale variables supported on a Linux system</title>
|
||||
|
||||
<tgroup cols="2">
|
||||
<tbody>
|
||||
<row>
|
||||
<entry><parameter>LANG</parameter></entry>
|
||||
|
||||
<entry>A catch-all setting which identifies the locale for all
|
||||
possible features. However, individual topics can be overridden
|
||||
using one of the following variables.</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>LC_COLLATE</parameter> and
|
||||
<parameter>LC_CTYPE</parameter></entry>
|
||||
|
||||
<entry>Character handling (which characters are part of the
|
||||
alphabet) and (alphabetical) order</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>LC_MESSAGES</parameter></entry>
|
||||
|
||||
<entry>Applications that use message-based output use this
|
||||
setting to identify what language their output should be</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>LC_MONETARY</parameter></entry>
|
||||
|
||||
<entry>Currency-related settings</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>LC_NUMERIC</parameter></entry>
|
||||
|
||||
<entry>Formatting of numerical values</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry><parameter>LC_TIME</parameter></entry>
|
||||
|
||||
<entry>Time related settings</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>There is another variable available as well, called
|
||||
<parameter>LC_ALL</parameter>. If this variable is set, none of the
|
||||
above variables is used anymore. However, use of this variable is
|
||||
strongly discouraged.</para>
|
||||
|
||||
<para>To get an overview of your locale settings (including a full list
|
||||
of supported variables), enter the <command>locale</command><indexterm>
|
||||
<primary>locale</primary>
|
||||
</indexterm> command.</para>
|
||||
|
||||
<para>The format of a locale variable is as follows:</para>
|
||||
|
||||
<programlisting>language[_territory][.codeset][@modifier]</programlisting>
|
||||
|
||||
<para>The settings used in this format are:</para>
|
||||
|
||||
<table>
|
||||
<title>List of settings used in a locale definition</title>
|
||||
|
||||
<tgroup cols="2">
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>language</entry>
|
||||
|
||||
<entry>Language used. Examples are "en" (English), "nl" (Dutch),
|
||||
"fr" (French), "zh" (Chinese)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>territory</entry>
|
||||
|
||||
<entry>Location used. Examples are "US" (United states), "BE"
|
||||
(Belgium), "FR" (France), "CN" (China)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>codeset</entry>
|
||||
|
||||
<entry>Codeset used. Examples are "utf-8" and
|
||||
"iso-8859-1"</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>modifier</entry>
|
||||
|
||||
<entry>Modifier used, which allows a different definition of a
|
||||
locale even when all other settings are the same. Examples are
|
||||
"euro" and "preeuro" (which has its consequences on the monetary
|
||||
aspect).</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>So, a few examples are:</para>
|
||||
|
||||
<programlisting>LANG="en"
|
||||
LANG="nl_BE"
|
||||
LANG="en_US.utf-8"
|
||||
LANG="nl_NL@euro"</programlisting>
|
||||
|
||||
<para>These settings are read as environment variables (which are
|
||||
discussed later) by the applications. You can mark locales systemwide,
|
||||
but it is advised that this is stored on a per-user basis. As such, I
|
||||
recommend that you set something like the following in your
|
||||
<filename>~/.bashrc</filename> file (and in
|
||||
<filename>/etc/skel/.bashrc</filename> so that newly created user
|
||||
accounts have this set automatically as well):</para>
|
||||
|
||||
<programlisting>$ <command>nano -w ~/.bashrc</command>
|
||||
...
|
||||
# Put your fun stuff here
|
||||
LANG="en_US.utf-8"</programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Keyboard Settings</title>
|
||||
|
||||
<para>When you aren't using the default qwerty layout, you'll need to
|
||||
modify the keyboard mapping setting on your system. Gentoo makes this
|
||||
easy for you: edit /etc/conf.d/keymaps and set the KEYMAP variable to
|
||||
the mapping you need:</para>
|
||||
|
||||
<programlisting># <command>nano -w /etc/conf.d/keymaps</command>
|
||||
...
|
||||
KEYMAP="be-latin1"</programlisting>
|
||||
|
||||
<para>A list of supported keymaps can be found in the subdirectories of
|
||||
<filename>/usr/share/keymaps</filename>.</para>
|
||||
|
||||
<para>If you want to test and see if a particular keymap is correct,
|
||||
load it manually using the <command>loadkeys</command><indexterm>
|
||||
<primary>loadkeys</primary>
|
||||
</indexterm> command:</para>
|
||||
|
||||
<programlisting># <command>loadkeys <keymap></command></programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Time Settings</title>
|
||||
|
||||
<para>To change the system time/date, you can use the
|
||||
<command>date</command><indexterm>
|
||||
<primary>date</primary>
|
||||
</indexterm> command. For instance, to set the date to september 30th,
|
||||
2008 and time to 17.34h:</para>
|
||||
|
||||
<programlisting># <command>date 093017342008</command></programlisting>
|
||||
|
||||
<para>If your system has Internet access, it is wise to install
|
||||
ntp-supporting tools such as the net-misc/ntp package. With
|
||||
<command>ntpdate</command><indexterm>
|
||||
<primary>ntpdate</primary>
|
||||
</indexterm> (and other similar tools), you can use online time servers
|
||||
to set the time of your system correct to the second.</para>
|
||||
|
||||
<programlisting># <command>ntpdate pool.ntp.org</command></programlisting>
|
||||
|
||||
<para>To save the current (operating system) time to your hardware clock,
|
||||
you can use the <command>hwclock</command><indexterm>
|
||||
<primary>hwclock</primary>
|
||||
</indexterm> program:</para>
|
||||
|
||||
<programlisting># <command>hwclock --systohc</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>System Scheduler</title>
|
||||
|
||||
<para>Within Unix/Linux, the default scheduler often used is called
|
||||
<emphasis>cron</emphasis><indexterm>
|
||||
<primary>cron</primary>
|
||||
</indexterm>. There are quite a few cron implementations available, such
|
||||
as the popular <command>vixie-cron</command>, <command>fcron</command>,
|
||||
<command>bcron</command> and <command>anacron</command>. Once installed,
|
||||
you start the cron service through an init script (which you most likely
|
||||
add to the default runlevel):</para>
|
||||
|
||||
<programlisting># <command>rc-update add vixie-cron default</command>
|
||||
# <command>/etc/init.d/vixie-cron start</command></programlisting>
|
||||
|
||||
<para>When the cron service is running, every user can define one or more
|
||||
commands he wants to periodically execute. </para>
|
||||
|
||||
<para>To edit your personal scheduling rules, run <command>crontab
|
||||
-e</command><indexterm>
|
||||
<primary>crontab</primary>
|
||||
</indexterm>:</para>
|
||||
|
||||
<programlisting>$ <command>crontab -e</command></programlisting>
|
||||
|
||||
<para>Your current rule file will be shown in the default editor (nano,
|
||||
vim, ...). A crontab entry has 6 columns:</para>
|
||||
|
||||
<table>
|
||||
<title>Crontab columns</title>
|
||||
|
||||
<tgroup cols="2">
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>Minute</entry>
|
||||
|
||||
<entry>Minute of the hour (0-59)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Hour</entry>
|
||||
|
||||
<entry>Hour of the day (0-23)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Day</entry>
|
||||
|
||||
<entry>Day of the month (1-31)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Month</entry>
|
||||
|
||||
<entry>Month of the year (1-12 or use names)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Weekday</entry>
|
||||
|
||||
<entry>Day of the week (0-7 or use names. 0/7 are Sunday)</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>Command</entry>
|
||||
|
||||
<entry>Command to execute</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<para>Next to the number representation, you can use ranges (first-last),
|
||||
summation (1,3,5), steps (0-23/2) and wildcards.</para>
|
||||
|
||||
<para>For instance, to execute "<command>ntpdate ntp.pool.org</command>"
|
||||
every 15 minutes, the line could look like:</para>
|
||||
|
||||
<programlisting>*/15 * * * * ntpdate ntp.pool.org</programlisting>
|
||||
|
||||
<para>or</para>
|
||||
|
||||
<programlisting>0,15,30,45 * * * * ntpdate ntp.pool.org</programlisting>
|
||||
|
||||
<para>If you just want to view the scheduled commands, run
|
||||
<command>crontab -l</command>.</para>
|
||||
</section>
|
||||
</chapter>
|
|
@ -0,0 +1,428 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>Introducing the Graphical Environment</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>Linux is often seen as a command-only operating system. This is far
|
||||
from true: although its command-line is a powerful interface, you can also
|
||||
launch graphical environments on Linux. In this chapter, we briefly cover
|
||||
the graphical environments in Linux.</para>
|
||||
|
||||
<para>Graphical environments are the defacto standard for working with a
|
||||
workstation. Many users know the Microsoft Windows family or the Apple
|
||||
MacOS series. However, those two aren't the only providers of a graphical
|
||||
environment. When the Intel-compliant PCs were hardly known to the world,
|
||||
consoles and other personal computers already provided a graphical
|
||||
environment to their users.</para>
|
||||
|
||||
<para>It comes to no surprise to hear that the free software community
|
||||
also provides graphical environments. And, just like you have choice
|
||||
amongst distributions, you have choice amongst graphical environments:
|
||||
GNOME, KDE, XFCE4 are popular desktop graphical environments;
|
||||
enlightenment, fluxbox, window maker, icewm, ... are window
|
||||
managers.</para>
|
||||
|
||||
<para>Although most readers will be sufficiently fluent in using a
|
||||
graphical environment, this book wouldn't be complete if it didn't cover
|
||||
it. As such, and with the danger of being overly simple on the subject,
|
||||
this chapter will briefly cover the concept of graphical
|
||||
environments.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>The Structure of X</title>
|
||||
|
||||
<para>On Linux, a graphical environment consists of many
|
||||
components:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Applications</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Widget Toolkits</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Window Manager</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>X Server</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Hardware</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Each of those components interacts with others through specific
|
||||
interfaces.</para>
|
||||
|
||||
<figure>
|
||||
<title>A possible representation of how X is structured</title>
|
||||
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/xschema.png" scale="75" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</figure>
|
||||
|
||||
<para>An application is able to draw graphic components (buttons, windows,
|
||||
progress bars, labels etc.) through a common API called a <emphasis>widget
|
||||
toolkit</emphasis><indexterm>
|
||||
<primary>widget toolkit</primary>
|
||||
</indexterm>. Popular widget toolkits on Linux are GTK+ and Qt. However,
|
||||
not all applications require a widget toolkit - they can also talk to the
|
||||
X server immediately. Using such toolkits however facilitates the
|
||||
development of graphical applications.</para>
|
||||
|
||||
<para>The widget toolkits communicate with the X server through an
|
||||
interface which basically drives all commands to a <emphasis>window
|
||||
manager</emphasis><indexterm>
|
||||
<primary>window manager</primary>
|
||||
</indexterm>. A window manager manages the layout of the users' screen:
|
||||
where are the windows positioned, can he drag windows from one location to
|
||||
another, how are buttons rendered, ... Popular window managers are
|
||||
metacity (used by the GNOME desktop environment), KWin (used by the KDE
|
||||
desktop environment), fluxbox, enlightenment, ...</para>
|
||||
|
||||
<para>Most window managers are written for specific widget toolkits, but
|
||||
some of their functionality extends beyond one particular window manager:
|
||||
this allows window managers to support not only rendering of applications
|
||||
built with different widget toolkits, but also interoperability between
|
||||
these applications (copy/paste, drag 'n drop ...).</para>
|
||||
|
||||
<para>The window manager receives commands from the <emphasis>X
|
||||
server</emphasis><indexterm>
|
||||
<primary>X server</primary>
|
||||
</indexterm>. The X server is responsible for turning requests into
|
||||
hardware-specific actions (draw window means to render a window through
|
||||
the graphic card, mouse movements are events coming from the mouse device
|
||||
and directed to the window manager to move the cursor, ...).</para>
|
||||
|
||||
<para>In the following sections, we dive a little bit deeper into each of
|
||||
those components...</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>The X Window System</title>
|
||||
|
||||
<para>On a Unix/Linux system, the <emphasis>X server</emphasis><indexterm>
|
||||
<primary>X server</primary>
|
||||
</indexterm> is a tool which manages the graphical card on your system
|
||||
and offers services to draw things on your screen. These services are
|
||||
defined in the X11 protocol, an industry open standard. Because the
|
||||
interface is open, many X servers exist, one more powerful than the other.
|
||||
Popular X servers are Xorg and XFree86. However, on Gentoo Linux, Xorg is
|
||||
the only available X server (due to legal restrictions as well as support
|
||||
base).</para>
|
||||
|
||||
<section>
|
||||
<title>Installing Xorg</title>
|
||||
|
||||
<para>To install Xorg on Gentoo Linux, I suggest to read the <ulink
|
||||
url="http://www.gentoo.org/doc/en/xorg-config.xml">X Server
|
||||
Configuration HOWTO</ulink> from Gentoo's documentation repository. It
|
||||
describes how to install Xorg, configure it to work with your hardware
|
||||
and more. This chapter only gives a quick introduction to this.</para>
|
||||
|
||||
<para>You should understand that the Xorg configuration defines, amongst
|
||||
other things,</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>the resolution and refresh rates of your screen(s)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>the language used by your input (keyboard)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>the drivers used to render stuff (i810, vesa, but also closed,
|
||||
propriatary drivers like nVidia and ATIs)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>...</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Once configured to your likings, do not forget to take a backup of
|
||||
your configuration (hint: some people place their X configuration online
|
||||
for others to see - there is nothing personal inside anyway).</para>
|
||||
|
||||
<section>
|
||||
<title>Installing Xorg</title>
|
||||
|
||||
<para>Before installing Xorg, first make sure that the
|
||||
<parameter>VIDEO_CARDS</parameter><indexterm>
|
||||
<primary>VIDEO_CARDS</primary>
|
||||
</indexterm> and <parameter>INPUT_DEVICES</parameter><indexterm>
|
||||
<primary>INPUT_DEVICES</primary>
|
||||
</indexterm> variables are set in
|
||||
<filename>/etc/make.conf</filename>:</para>
|
||||
|
||||
<programlisting>INPUT_DEVICES="evdev keyboard mouse"
|
||||
VIDEO_CARDS="vesa intel"</programlisting>
|
||||
|
||||
<para>In the above example, I selected the vesa video driver (a
|
||||
default driver that is supported by most video cards, but with little
|
||||
functionality) and intel video driver (as I have an Intel graphic
|
||||
card).</para>
|
||||
|
||||
<para>Next, install <package>x11-base/xorg-server</package><indexterm>
|
||||
<primary>xorg-server</primary>
|
||||
</indexterm>:</para>
|
||||
|
||||
<programlisting># <command>emerge x11-base/xorg-server</command></programlisting>
|
||||
|
||||
<para>Once finished, it is time to check out the graphical server
|
||||
environment.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Testing Xorg</title>
|
||||
|
||||
<para>Try out Xorg without using any configuration file. The Xorg
|
||||
server will try to autodetect the necessary settings and, to be
|
||||
honest, does a fine job at that. Don't test out things as root
|
||||
though!</para>
|
||||
|
||||
<programlisting>$ <command>startx</command></programlisting>
|
||||
|
||||
<para>If you haven't configured a graphical environment yet, you'll be
|
||||
greeted with a console and an ugly background. However, that alone
|
||||
should suffice to verify if your mouse and keyboard are working as
|
||||
well as do a preliminary verification of the resolution of your
|
||||
screen.</para>
|
||||
|
||||
<para>If the graphical server doesn't seem to function properly, make
|
||||
sure to read up on Gentoo's <ulink
|
||||
url="http://www.gentoo.org/doc/en/xorg-config.xml">Xorg Server
|
||||
Configuration HOWTO</ulink>.</para>
|
||||
</section>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Window Managers</title>
|
||||
|
||||
<para>Window managers interact with the X server using the X11 interface
|
||||
and manage how your graphical environment looks like, but also how it
|
||||
behaves (for instance, there are window managers that do not support
|
||||
dragging windows).</para>
|
||||
|
||||
<para>Certain window managers are accompanied by various other tools that
|
||||
integrate nicely with the window manager. These tools offer services like
|
||||
a panel (from which you can launch commands or programs immediately),
|
||||
application menus, file manager etc. The aggregation of these tools is
|
||||
often called a <emphasis>desktop environment</emphasis><indexterm>
|
||||
<primary>desktop environment</primary>
|
||||
</indexterm> because it offers a complete desktop to the user.</para>
|
||||
|
||||
<section>
|
||||
<title>Installing a Window Manager</title>
|
||||
|
||||
<para>Gentoo supports many window managers. To install one, simply
|
||||
emerge it.</para>
|
||||
|
||||
<para>For fluxbox, a popular, lightweight window manager, Gentoo even
|
||||
has official documentation available: the <ulink
|
||||
url="http://www.gentoo.org/doc/en/fluxbox-config.xml">Fluxbox
|
||||
Configuration HOWTO</ulink>.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Activating a Window Manager</title>
|
||||
|
||||
<para>To activate a window manager for your end user, create a file
|
||||
called <filename>.xinitrc</filename><indexterm>
|
||||
<primary>.xinitrc</primary>
|
||||
</indexterm> in your home directory. Inside it, you just add "exec
|
||||
<manager>" where <manager> is the command to launch the
|
||||
window manager.</para>
|
||||
|
||||
<para>For instance, for fluxbox:</para>
|
||||
|
||||
<programlisting>exec fluxbox</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Desktop Environments</title>
|
||||
|
||||
<para>The majority of Linux users use a desktop environment to work with
|
||||
their work station. The two most used desktop environments are KDE and
|
||||
GNOME. The third environment, XFCE4, is gaining momentum as a lightweight
|
||||
yet powerful desktop environment.</para>
|
||||
|
||||
<section>
|
||||
<title>GNOME</title>
|
||||
|
||||
<para>The GNOME<indexterm>
|
||||
<primary>GNOME</primary>
|
||||
</indexterm> desktop environment is the default desktop environment
|
||||
for many Linux distributions, including Ubuntu and Fedora. Its desktop
|
||||
is very simple to use: the number of visible options is kept low to not
|
||||
confuse users, and all applications that want to integrate with the
|
||||
GNOME desktop should adhere to various guidelines such as the user
|
||||
interface guideline.</para>
|
||||
|
||||
<para>The GNOME community offers a good introduction to the graphical
|
||||
environment called the <ulink
|
||||
url="http://www.gnome.org/learn/users-guide/latest/">GNOME User
|
||||
Guide</ulink>.</para>
|
||||
|
||||
<para>Gentoo has a <ulink
|
||||
url="http://www.gentoo.org/doc/en/gnome-config.xml">GNOME Configuration
|
||||
HOWTO</ulink> available as well.</para>
|
||||
|
||||
<figure>
|
||||
<title>An example view of a GNOME desktop</title>
|
||||
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/gnomedesktop.png" scale="75"
|
||||
width="13cm" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</figure>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>KDE</title>
|
||||
|
||||
<para>The KDE desktop is a fully featured desktop environment which
|
||||
offers all the functionality a regular user might expect from his
|
||||
system. KDE comes with many tools, ranging from network related tools
|
||||
(browsers, IM, P2P) to office tools, multimedia tools, authoring and
|
||||
even development environments.</para>
|
||||
|
||||
<para>Gentoo provides a <ulink
|
||||
url="http://www.gentoo.org/doc/en/kde-config.xml">KDE Configuration
|
||||
HOWTO</ulink>.</para>
|
||||
|
||||
<figure>
|
||||
<title>An example view of a KDE desktop</title>
|
||||
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/kdedesktop.png" scale="75" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</figure>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>XFCE4</title>
|
||||
|
||||
<para>The XFCE4 desktop is designed to still run smoothly on low memory
|
||||
systems (32 Mbytes and more). Often, power users use XFCE4 even on large
|
||||
memory systems just to reduce the memory overhead of the graphical
|
||||
environment.</para>
|
||||
|
||||
<para>Gentoo provides an <ulink
|
||||
url="http://www.gentoo.org/doc/en/xfce-config.xml">XFCE Configuration
|
||||
Howto</ulink>.</para>
|
||||
|
||||
<figure>
|
||||
<title>An example view of an XFCE4 desktop</title>
|
||||
|
||||
<mediaobject>
|
||||
<imageobject>
|
||||
<imagedata fileref="images/xfce4desktop.png" scale="75"
|
||||
scalefit="" />
|
||||
</imageobject>
|
||||
</mediaobject>
|
||||
</figure>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Activating a Desktop Environment</title>
|
||||
|
||||
<para>To activate a desktop environment for your end user, create a file
|
||||
called <filename>.xinitrc</filename><indexterm>
|
||||
<primary>.xinitrc</primary>
|
||||
</indexterm> in your home directory. Inside it, you just add "exec
|
||||
<environment>" where <environment> is the command to launch
|
||||
the desktop environment.</para>
|
||||
|
||||
<para>For instance, for Xfce4:</para>
|
||||
|
||||
<programlisting>exec xfce4-session</programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Logging on Graphically</title>
|
||||
|
||||
<para>If you want to log on to your system using a graphical logon
|
||||
manager, you need to do two things:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>Install a graphical logon manager</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>Setup the default graphical environment</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<section>
|
||||
<title>Install Graphical Logon Manager</title>
|
||||
|
||||
<para>The desktop environments KDE and GNOME provide their own graphical
|
||||
logon manager (which are called kdm and gdm respectively). If you don't
|
||||
have them or want to use a different one, I recommend x11-misc/slim. It
|
||||
is a lightweight graphical logon manager.</para>
|
||||
|
||||
<programlisting># <command>emerge x11-misc/slim</command></programlisting>
|
||||
|
||||
<para>Once a graphical logon manager is available, configure the xdm
|
||||
service to use it.</para>
|
||||
|
||||
<para>In <filename>/etc/conf.d/xdm</filename>:</para>
|
||||
|
||||
<programlisting>DISPLAYMANAGER="slim"</programlisting>
|
||||
|
||||
<para>Finally, add the xdm service to the default runlevel.</para>
|
||||
|
||||
<programlisting># <command>rc-update add xdm default</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Setup the Default Graphical Environment</title>
|
||||
|
||||
<para>To setup the default graphical environment for a user, you need to
|
||||
create your .xinitrc file as mentioned before (Activating a Window
|
||||
Manager or Desktop Environment).</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Supporting 3D Acceleration</title>
|
||||
|
||||
<para>The graphical environment can also use 3D acceleration.</para>
|
||||
|
||||
<para>Now, 3D acceleration is a tricky subject because there are many
|
||||
implementations that offer 3D services. For instance, you can have 3D
|
||||
services with software rendering (i.e. no delegation of rendering to
|
||||
specific 3D hardware) but this usually isn't seen as 3D
|
||||
acceleration.</para>
|
||||
|
||||
<para>When you have a graphic card capable of rendering 3D, you will need
|
||||
to configure the X Window System to hand over 3D rendering tasks to the
|
||||
graphic card. This can happen through either open standards or
|
||||
specifications (such as OpenGL) or through closed, propriatary drivers
|
||||
(such as the nVidia drivers).</para>
|
||||
</section>
|
||||
</chapter>
|
|
@ -0,0 +1,467 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
||||
<chapter>
|
||||
<title>Installing Gentoo Linux</title>
|
||||
|
||||
<section>
|
||||
<title>Introduction</title>
|
||||
|
||||
<para>I've waited a few chapters before I started discussing the Gentoo
|
||||
Linux installation because it isn't for the faint of hearted. Although
|
||||
Gentoo has tried to offer a graphical installer in the past, its user- and
|
||||
developer base swore by the manual installation approach. As a result, the
|
||||
graphical installer has been deprecated and the installation procedure is
|
||||
once more a manual, step by step guide.</para>
|
||||
|
||||
<para>With the previous chapters discussed, you should now be able to
|
||||
install a Gentoo Linux yourself with the following simple set of
|
||||
instructions. However, if you want to do it the official way, do not
|
||||
hesitate to read the <ulink
|
||||
url="http://www.gentoo.org/doc/en/handbook/handbook-x86.xml">Gentoo
|
||||
Handbook</ulink>. There are also <ulink type=""
|
||||
url="http://www.gentoo.org/doc/en/handbook">handbooks</ulink> available
|
||||
for other architectures.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Booting a Linux Environment</title>
|
||||
|
||||
<para>A Gentoo Linux installation starts from a Linux environment. You can
|
||||
use any Linux environment you want, but most people suggest to use a
|
||||
LiveCD.</para>
|
||||
|
||||
<para>A popular LiveCD to install Gentoo from is <ulink
|
||||
url="http://www.sysresccd.org">System Rescue CD</ulink>. All necessary
|
||||
documentation about booting the CD, including setting up networking (which
|
||||
you definitely need to do in order to install Gentoo) is available on the
|
||||
site.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Disk Setup</title>
|
||||
|
||||
<para>Once your environment is set up, you'll need to setup your disks by
|
||||
partitioning them and then putting a file system on them. Partitioning and
|
||||
file system management has been discussed <link
|
||||
linkend="hdpartitions">beforehand</link>:</para>
|
||||
|
||||
<programlisting># <command>fdisk /dev/sda</command>
|
||||
<emphasis>(Partition the disk)</emphasis>
|
||||
# <command>mkfs.ext2 /dev/sda1</command>
|
||||
# <command>mkfs.ext3 /dev/sda2</command>
|
||||
# <command>mkfs.ext3 /dev/sda3</command></programlisting>
|
||||
|
||||
<para>Once that your partitions are created and a file system is put on
|
||||
it, it is time to really start the Gentoo Linux installation.</para>
|
||||
|
||||
<para>First, mount all the necessary partitions onto your Linux
|
||||
environment. In the rest of this chapter I will assume the partitioning
|
||||
layout as described in <link
|
||||
linkend="example_partitiontable">here</link>.</para>
|
||||
|
||||
<table id="example_partitiontable">
|
||||
<title>Example partition layout</title>
|
||||
|
||||
<tgroup cols="3">
|
||||
<tbody>
|
||||
<row>
|
||||
<entry>Device</entry>
|
||||
|
||||
<entry>Partition</entry>
|
||||
|
||||
<entry>Description</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>/dev/sda1</entry>
|
||||
|
||||
<entry>/boot</entry>
|
||||
|
||||
<entry>Small boot partition to hold the Linux kernel and
|
||||
bootloader information. Can be ext2</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>/dev/sda2</entry>
|
||||
|
||||
<entry>/</entry>
|
||||
|
||||
<entry>Root partition; should be fairly large in this example.
|
||||
Suggested is ext3</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>/dev/sda3</entry>
|
||||
|
||||
<entry>/home</entry>
|
||||
|
||||
<entry>Home partition where all users' files are stored. Best to
|
||||
always have a separate partition for the home directories so that
|
||||
future reinstallations can reuse the home structure.</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>/dev/sda4</entry>
|
||||
|
||||
<entry><none></entry>
|
||||
|
||||
<entry>Swap partition, roughly 1.5 times the amount of physical
|
||||
memory nowadays (still this large because I want to use
|
||||
hibernate-to-disk).</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
<programlisting>~# <command>mkdir /mnt/gentoo</command>
|
||||
~# <command>mount /dev/sda2 /mnt/gentoo</command>
|
||||
~# <command>mkdir /mnt/gentoo/boot</command>
|
||||
~# <command>mount /dev/sda1 /mnt/gentoo/boot</command>
|
||||
~# <command>mkdir /mnt/gentoo/home</command>
|
||||
~# <command>mount /dev/sda3 /mnt/gentoo/home</command>
|
||||
~# <command>swapon /dev/sda4</command></programlisting>
|
||||
|
||||
<para>With the above commands executed, the various file systems we will
|
||||
use for the Gentoo installation are now available at
|
||||
<filename>/mnt/gentoo</filename>. Every file or directory we put beneath
|
||||
<filename>/mnt/gentoo</filename> will show up on our final Gentoo
|
||||
installation. For instance, <filename>/mnt/gentoo/boot</filename> =
|
||||
<filename>/boot</filename>.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Installing Gentoo Base</title>
|
||||
|
||||
<para>First, set your system time correct so that the files you're going
|
||||
to create do not have a weird timestamp:</para>
|
||||
|
||||
<programlisting>~# <command>ntpdate pool.ntp.org</command></programlisting>
|
||||
|
||||
<para>Next, surf to the <ulink
|
||||
url="http://www.gentoo.org/main/en/mirrors2.xml">Gentoo mirror
|
||||
list</ulink> and pick a mirror close to you. On most LiveCDs browsers are
|
||||
available. On the sysresccd you can use links or lynx (command-line
|
||||
browsers). Navigate to releases, select your architecture, autobuilds, the
|
||||
latest date directory to find a listing of stage3 files and install
|
||||
files.</para>
|
||||
|
||||
<programlisting>~# <command>cd /mnt/gentoo</command>
|
||||
~# <command>links http://www.gentoo.org/main/en/mirrors2.xml</command></programlisting>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>A stage3 file is an archive of a prebuilt Gentoo environment
|
||||
which we will extract to the installation location
|
||||
(<filename>/mnt/gentoo</filename>)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>An install file is an ISO file (CD image) which contains a
|
||||
minimal Gentoo environment from which you can boot and install Gentoo
|
||||
from.</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>Download the stage3 file and store it in
|
||||
<filename>/mnt/gentoo</filename>. If you have the full URL at hand, you
|
||||
can also use <command>wget</command>:</para>
|
||||
|
||||
<programlisting># <command>cd /mnt/gentoo</command>
|
||||
# <command>wget http://gentoo.osuosl.org/releases/x86/autobuilds/20091201/stage3-i686-20091201.tar.bz2</command></programlisting>
|
||||
|
||||
<para>On many forums, you will find the notion of "funtoo" stages. <ulink
|
||||
url="http://www.funtoo.org">Funtoo</ulink> is, to say it in the author's
|
||||
own words (who happens to be Daniel Robbins, the founder of Gentoo Linux),
|
||||
a Gentoo Linux variant which offers freshly-built Gentoo Linux stable
|
||||
stages using Gentoo's official stable branch. You can use a funtoo stage
|
||||
instead of a Gentoo official stage if you want. After all, they both
|
||||
contain roughly the same material. Both (official and funtoo) stages are
|
||||
fine as they are both quite recent.</para>
|
||||
|
||||
<para>Next, go back a few directories until you can select snapshots.
|
||||
Enter this directory and download the latest
|
||||
<filename>portage-<date>.tar.bz2</filename> you can find. Store it
|
||||
in <filename>/mnt/gentoo</filename> as well. Finally, quit your browser
|
||||
and extract the downloaded files on your installation location.</para>
|
||||
|
||||
<programlisting>~# <command>tar xvjpf stage3-*.tar.bz2</command>
|
||||
~# <command>tar xvjf portage-*.tar.bz2 -C /mnt/gentoo/usr</command></programlisting>
|
||||
|
||||
<para>Again, you can use <command>wget</command> if you want:</para>
|
||||
|
||||
<programlisting># <command>wget http://gentoo.osuosl.org/snapshots/portage-latest.tar.bz2</command></programlisting>
|
||||
|
||||
<para>The <filename>portage-</filename> file is a snapshot of Gentoo's
|
||||
Portage tree.</para>
|
||||
|
||||
<para>Next, edit the <filename>/mnt/gentoo/etc/make.conf</filename> file.
|
||||
As discussed previously, this file contains variables that define Portage'
|
||||
behavior. Right now I'm focussing on the variables CFLAGS, CXXFLAGS and
|
||||
MAKEOPTS...</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para><varname>CFLAGS</varname> (C) and <varname>CXXFLAGS</varname>
|
||||
(C++) inform gcc (GNU's Compiler Collection) what optimizations it
|
||||
should use (see <link linkend="compilerdirectives">Compiler
|
||||
Directives</link>)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>MAKEOPTS defines how many parallel compilations should occur
|
||||
when you install a package (especially useful for multicore / SMP
|
||||
systems). A good choice is the number of core's in your system plus
|
||||
one (for instance, a dual-core CPU would lead to
|
||||
<varname>MAKEOPTS</varname>="<parameter>-j3</parameter>").</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>You can edit the <filename>make.conf</filename> file using
|
||||
<command>nano</command>, <command>vim</command> or any other text
|
||||
editor.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Configuring the System</title>
|
||||
|
||||
<para>Our next step is to configure the installation environment.</para>
|
||||
|
||||
<section>
|
||||
<title>Preparing the Installation Environment</title>
|
||||
|
||||
<para>First, prepare the environment for chrooting.
|
||||
<emphasis>Chrooting</emphasis><indexterm>
|
||||
<primary>chroot</primary>
|
||||
</indexterm> is the process of altering your sessions' file system
|
||||
root to another location. In our case, <filename>/mnt/gentoo</filename>
|
||||
should become <filename>/</filename> for your running session. In order
|
||||
to chroot succesfully, we need to ensure that networking will still
|
||||
function properly and that both kernel data and device drivers are
|
||||
available inside the chroot:</para>
|
||||
|
||||
<programlisting>~# <command>cp -L /etc/resolv.conf /mnt/gentoo/resolv.conf</command>
|
||||
~# <command>mount -t proc none /mnt/gentoo/proc</command>
|
||||
~# <command>mount -o bind /dev /mnt/gentoo/dev</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Chrooting</title>
|
||||
|
||||
<para>Now, chroot into the Gentoo installation environment, update your
|
||||
environment variables and, for safety reasons, change your prompt so
|
||||
that you know you're inside your Gentoo installation environment.</para>
|
||||
|
||||
<programlisting>~# <command>chroot /mnt/gentoo /bin/bash</command>
|
||||
~# <command>env-update</command>
|
||||
~# <command>source /etc/profile</command>
|
||||
~# <command>export PS1="(chroot) $PS1"</command></programlisting>
|
||||
|
||||
<para>Right now, this session (where the prompt starts with "(chroot)")
|
||||
is inside your Gentoo installation environment.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Configuring Portage</title>
|
||||
|
||||
<para>Now, update the Portage tree to make sure you have the current set
|
||||
of packages at your disposal:</para>
|
||||
|
||||
<programlisting>~# <command>emerge --sync</command></programlisting>
|
||||
|
||||
<para>Next, select a Gentoo profile for your environment. A
|
||||
<emphasis>Gentoo profile</emphasis><indexterm>
|
||||
<primary>profile</primary>
|
||||
</indexterm> is a collection of default Portage settings. If you want
|
||||
to know what a particular profile selects of default settings, check out
|
||||
its content at <filename>/usr/portage/profiles</filename> (and don't
|
||||
forget to read up on cascading profiles). Currently, the 2008.0 set of
|
||||
profiles is the stable, default one. The 10.0 set of profiles is still
|
||||
being developed for the upcoming Gentoo 10 release.</para>
|
||||
|
||||
<programlisting>~# <command>eselect profile list</command>
|
||||
~# <command>eselect profile set <number></command></programlisting>
|
||||
|
||||
<para>Finally, set the USE flags you want in either
|
||||
<filename>/etc/make.conf</filename> (global USE flags) or
|
||||
<filename>/etc/portage/package.use</filename> (local USE flags).</para>
|
||||
|
||||
<programlisting>~# <command>nano -w /etc/make.conf</command></programlisting>
|
||||
|
||||
<para>For those of you who want to run Gentoo Linux with support for
|
||||
international locales, edit <filename>/etc/locale.gen</filename> and
|
||||
specify the locales you want to support. An example of locales are given
|
||||
below. Once set, generate the locale files for your system.</para>
|
||||
|
||||
<programlisting>~# <command>nano -w /etc/locale.gen</command>
|
||||
en_US ISO-8859-1
|
||||
en_US.UTF-8 UTF-8
|
||||
de_DE ISO-8859-1
|
||||
de_DE@euro ISO-8859-15
|
||||
|
||||
~# <command>locale-gen</command></programlisting>
|
||||
|
||||
<para>If you want to know which locales are supported, view the contents
|
||||
of the /usr/share/i18n/SUPPORTED file:</para>
|
||||
|
||||
<programlisting># <command>less /usr/share/i18n/SUPPORTED</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Configuring the Linux Kernel</title>
|
||||
|
||||
<para>First select your time zone file from inside /usr/share/zoneinfo
|
||||
and copy it to /etc/localtime. For instance, to use the GMT time
|
||||
zone:</para>
|
||||
|
||||
<programlisting>~# <command>cp /usr/share/zoneinfo/GMT /etc/localtime</command></programlisting>
|
||||
|
||||
<para>Next, install the kernel sources. Gentoo profiles a few kernel
|
||||
packages like <package>vanilla-sources</package> (bare Linux kernel as
|
||||
delivered by the kernel developers) and
|
||||
<package>gentoo-sources</package> (vanilla Linux kernel with patches
|
||||
managed by Gentoo developers).</para>
|
||||
|
||||
<programlisting>~# <command>emerge gentoo-sources</command></programlisting>
|
||||
|
||||
<para>You will find the kernel sources at
|
||||
<filename>/usr/src/linux</filename>. Now continue with building the
|
||||
Linux kernel as discussed in <link
|
||||
linkend="configuringkernel">Configuring a Kernel</link>.</para>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Configuring the System</title>
|
||||
|
||||
<para>There are three blocks of information we need to configure
|
||||
now:</para>
|
||||
|
||||
<itemizedlist>
|
||||
<listitem>
|
||||
<para>file system information
|
||||
(<filename>/etc/fstab</filename>)</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>networking information</para>
|
||||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>system information</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
|
||||
<para>To start with the file system information, you need to edit the
|
||||
<filename>/etc/fstab</filename> file. The structure of this file has
|
||||
been discussed before so this shouldn't be an issue (see <link
|
||||
linkend="mountsection">The mount command</link>).</para>
|
||||
|
||||
<programlisting>/dev/sda1 /boot ext2 noauto,noatime 0 0
|
||||
/dev/sda2 / ext3 defaults,noatime 0 0
|
||||
/dev/sda3 /home ext3 defaults,noatime 0 0
|
||||
/dev/sda4 none swap sw 0 0
|
||||
none /dev/shm tmpfs defaults 0 0</programlisting>
|
||||
|
||||
<para>Next, configure your network settings. Start by setting the system
|
||||
hostname in <filename>/etc/conf.d/hostname</filename> and then configure
|
||||
the networking settings in <filename>/etc/conf.d/net</filename>.
|
||||
Finally, add your network interface initialization script to the default
|
||||
run level so that networking is automatically started at boot
|
||||
time.</para>
|
||||
|
||||
<programlisting>~# <command>nano -w /etc/conf.d/hostname</command>
|
||||
~# <command>nano -w /etc/conf.d/net</command>
|
||||
~# <command>rc-update add net.eth0 default</command></programlisting>
|
||||
|
||||
<para>Also edit your <filename>/etc/hosts</filename> file to include the
|
||||
IP addresses and host names of other systems you might need. Also add
|
||||
your hostname to the 127.0.0.1 entry in
|
||||
<filename>/etc/hosts</filename>.</para>
|
||||
|
||||
<programlisting>~# <command>nano -w /etc/hosts</command></programlisting>
|
||||
|
||||
<para>Now, set your root password</para>
|
||||
|
||||
<programlisting>~# <command>passwd</command></programlisting>
|
||||
|
||||
<para>Next, edit <filename>/etc/rc.conf</filename> which contains your
|
||||
general system configuration settings:</para>
|
||||
|
||||
<programlisting>~# <command>nano -w /etc/rc.conf</command></programlisting>
|
||||
|
||||
<para>Next, edit <filename>/etc/conf.d/keymaps</filename> to set your
|
||||
system-wide keyboard layout settings:</para>
|
||||
|
||||
<programlisting>~# <command>nano -w /etc/conf.d/keymaps</command></programlisting>
|
||||
|
||||
<para>Finally, edit <filename>/etc/conf.d/clock</filename> to set the
|
||||
clock options:</para>
|
||||
|
||||
<programlisting>~# <command>nano -w /etc/conf.d/clock</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Installing System Tools</title>
|
||||
|
||||
<para>Install a system logger, like syslog-ng:</para>
|
||||
|
||||
<programlisting>~# <command>emerge syslog-ng</command>
|
||||
~# <command>rc-update add syslog-ng default</command></programlisting>
|
||||
|
||||
<para>Install a system scheduler (cron daemon), like vixie-cron:</para>
|
||||
|
||||
<programlisting>~# <command>emerge vixie-cron</command>
|
||||
~# <command>rc-update add vixie-cron default</command></programlisting>
|
||||
|
||||
<para>Install the file system tools for the file systems you use:</para>
|
||||
|
||||
<programlisting>~# <command>emerge xfsprogs</command>
|
||||
~# <command>emerge reiserfsprogs</command>
|
||||
~# <command>emerge jfsutils</command></programlisting>
|
||||
|
||||
<para>Install the necessary networking tools, like a DHCP client:</para>
|
||||
|
||||
<programlisting>~# <command>emerge dhcpcd</command></programlisting>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Configuring the Boot Loader</title>
|
||||
|
||||
<para>Now, we install the GRUB boot loader:</para>
|
||||
|
||||
<programlisting>~# <command>emerge grub</command></programlisting>
|
||||
|
||||
<para>Once installed, edit the grub configuration file
|
||||
(<filename>/boot/grub/grub.conf</filename>) as we've seen before. Finally,
|
||||
install GRUB on the master boot record:</para>
|
||||
|
||||
<programlisting>~# <command>grep -v rootfs /proc/mounts > /etc/mtab</command>
|
||||
~# <command>grub-install --no-floppy /dev/sda</command></programlisting>
|
||||
</section>
|
||||
|
||||
<section>
|
||||
<title>Finishing Up</title>
|
||||
|
||||
<para>Now that everything is installed, reboot your system by exiting the
|
||||
chroot, umounting all mounted file systems and reboot:</para>
|
||||
|
||||
<programlisting>~# <command>exit</command>
|
||||
~# <command>cd</command>
|
||||
~# <command>umount /mnt/gentoo/boot /mnt/gentoo/dev /mnt/gentoo/proc</command>
|
||||
~# <command>umount /mnt/gentoo/home /mnt/gentoo</command>
|
||||
~# <command>reboot</command></programlisting>
|
||||
|
||||
<para>Once rebooted (and hopefully inside your Gentoo Linux environment),
|
||||
log in as root and create a user for daily use:</para>
|
||||
|
||||
<programlisting>~# <command>useradd -m -G users,wheel,audio -s /bin/bash yournick</command>
|
||||
~# <command>passwd yournick</command></programlisting>
|
||||
|
||||
<para>And to remove the traces from the installation, remove the
|
||||
downloaded tarballs from your / file system:</para>
|
||||
|
||||
<programlisting>~# <command>rm /stage3-*.tar.bz2</command>
|
||||
~# <command>rm /portage-*.tar.bz2</command></programlisting>
|
||||
</section>
|
||||
</chapter>
|
Reference in New Issue