Adding current state of documentation to github

This commit is contained in:
Sven Vermeulen 2010-07-23 20:37:20 +02:00
parent f237f33e89
commit 3aaad6e45c
18 changed files with 16014 additions and 0 deletions

76
LICENSE Normal file
View File

@ -0,0 +1,76 @@
This document is licensed under the Creative Commons Attribution NonCommercial
ShareAlike 2.0 Belgium license. The general overview of this license can be
seen at http://creativecommons.org/licenses/by-nc-sa/2.0/be/deed.en
The full legal text is available below this. The document text is in Dutch.
---
Creative Commons Legal Code
Naamsvermelding NietCommercieel - GelijkDelen 2.0
CREATIVE COMMONS CORPORATION IS GEEN ADVOCATENKANTOOR EN VERLEENT GEEN JURIDISCHE DIENSTEN. DE VERSPREIDING VAN DEZE LICENTIE VEROORZAAKT GEEN JURIDISCHE OF CONTRACTUELE RELATIE TUSSEN DE PARTIJEN BIJ DEZE LICENTIE EN CREATIVE COMMONS. CREATIVE COMMONS VERSTREKT DEZE INFORMATIE ZOALS ZE IS, ZONDER GARANTIE. CREATIVE COMMONS STAAT NIET IN VOOR DE VERSTREKTE INFORMATIE EN SLUIT ALLE AANSPRAKELIJKHEID UIT VOOR WELKE SCHADE DAN OOK DIE ZOU VOORTVLOEIEN UIT HET GEBRUIK VAN DEZE INFORMATIE.
Licentie
HET WERK (ZOALS HIERONDER OMSCHREVEN) WORDT TER BESCHIKKING GESTELD OVEREENKOMSTIG DE BEPALINGEN VAN DEZE CREATIVE COMMONS PUBLIC LICENSE (HIERNA “CCPL” OF “LICENTIE”). HET WERK WORDT BESCHERMD DOOR HET AUTEURSRECHT, EN/OF, INDIEN RELEVANT, DOOR DE NABURIGE RECHTEN, OF HET SUI GENERIS DATABANKENRECHT EN/OF ELK KRACHTENS DE GELDENDE WETGEVING VAN TOEPASSING ZIJNDE RECHT.
ELK GEBRUIK VAN HET WERK DAT NIET UITDRUKKELIJK DOOR DEZE LICENTIE TOEGESTAAN WORDT, IS VERBODEN.
ELK GEBRUIK VAN HET WERK, OP EEN MANIER DIE ONDER EEN IN DEZE LICENTIE BEHANDELD RECHT VALT, BRENGT DE AANVAARDING VAN DEZE LICENTIE MET ZICH MEE. DOOR DEZE LICENTIE KENT DE LICENTIEGEVER U DE HIERNA OMSCHREVEN RECHTEN TOE INDIEN U DE VOLGENDE BEPALINGEN EN VOORWAARDEN AANVAARDT
1. Definities
1. Met “Collectief Werk” wordt een werk bedoeld waarin het Werk, in zijn geheel en in ongewijzigde vorm, samen met een aantal andere bijdragen, die elk een afzonderlijk en zelfstandig Werk vormen, tot een collectief geheel is samengevoegd. Collectieve Werken zijn onder andere geregeld een uitgave van een tijdschrift, bloemlezingen of encyclopedieën. Een Werk dat een Collectief Werk is, zal, krachtens deze Licentie, niet beschouwd worden als een Afgeleid Werk (zoals hieronder omschreven).
2. Met "Afgeleid Werk" wordt een werk bedoeld dat gebaseerd is op het Werk of op het Werk en andere reeds bestaande werken, zoals een vertaling, een muziekarrangement, een toneel-, literaire of cinematografische bewerking, een geluidsopname, een kunstreproductie, een ingekorte versie, een samenvatting of elke andere vorm waarin het Werk gewijzigd, omgezet of bewerkt kan worden, met uitzondering van de Collectieve Werken, die niet als Afgeleide Werken zullen beschouwd worden in de zin van deze Licentie. Om onduidelijkheid te vermijden zal, indien het Werk een muziekwerk of een fonogram is, de synchronisatie van het Werk met een bewegend beeld (“synching”) als een Afgeleid Werk in de zin van deze Licentie beschouwd worden.
3. Met "Licentiegever" wordt de natuurlijke persoon of rechtspersoon bedoeld die de rechten op het Werk toekent volgens de bepalingen van deze Licentie.
4. Met "Oorspronkelijke Auteur” wordt de natuurlijke persoon bedoeld die het Werk gemaakt heeft of, indien het gaat om een voorwerp dat door een naburig recht beschermd wordt, de oorspronkelijke titularis van het naburig recht.
5. Met "Werk” wordt het Werk van letterkunde of kunst bedoeld dat beschermd wordt door het auteursrecht en dat het voorwerp is van deze licentie. Voor de toepassing van deze Licentie omvat het “Werk” ook voorwerpen die beschermd worden door een naburig recht, zoals een uitvoering, een fonogram, een eerste vastlegging van film of radio-uitzending, alsook de databanken die beschermd worden door een sui generis-recht, voor zover deze het voorwerp vormen van deze licentie. Indien nodig, zullen de bepalingen van deze Licentie op zo een manier geïnterpreteerd worden dat ze op dergelijke beschermde voorwerpen toegepast kunnen worden.
6. Met "U" wordt de natuurlijke persoon of rechtspersoon bedoeld die het Werk gebruikt op een wijze die geregeld wordt door de rechten waarop deze Licentie betrekking heeft en die de bepalingen van deze Licentie met betrekking tot het Werk niet eerder geschonden heeft of die de uitdrukkelijke toestemming van de Licentiegever gekregen heeft om rechten krachtens deze Licentie uit te oefenen ondanks een eerdere schending van deze.
7. Met "Licentiekenmerken" worden de volgende generieke kenmerken van de licentie bedoeld, zoals gekozen door de Licentiegever en aangeduid in de titel van deze Licentie: Naamsvermelding, NietCommercieel, GelijkDelen.
2. Uitzonderingen en beperkingen op de exclusieve rechten
Niets in deze Licentie heeft de bedoeling de toepassing van de uitzonderingen op de exclusieve rechten van de rechthebbenden, de uitputting van deze rechten of andere beperkingen op deze rechten krachtens het auteursrecht, de naburige rechten, het sui generis databankenrecht of elk ander van toepasselijk recht te verminderen, te begrenzen of te beperken.
3. Omvang van de toegekende Licentie
In overeenstemming met de bepalingen en voorwaarden van deze Licentie, verleent de Licentiegever U een licentie die wereldwijd, gratis, niet-exclusief en onbeperkt in tijd (voor de volledige duur van de bescherming van het Werk door het auteursrecht, de naburige rechten, het sui generis recht op de databanken) is om de volgende rechten met betrekking tot het Werk uit te oefenen:
1. het reproduceren, op welke wijze en in welke vorm dan ook, van het Werk, het opnemen van het Werk in één of meer Collectieve Werken en het reproduceren van het Werk zoals het opgenomen is in de genoemde Collectieve Werken;
2. het maken en reproduceren van Afgeleide Werken;
3. het uitlenen en verspreiden van exemplaren van het Werk, het meedelen aan het publiek en het ter beschikking stellen van het publiek. Hetzelfde geldt voor het Werk wanneer het opgenomen is in een Collectief Werk;
4. het uitlenen en verspreiden van exemplaren van Afgeleide Werken, ze meedelen aan het publiek en ze ter beschikking stellen van het publiek;
5. indien het Werk een databank is, het opvragen en hergebruiken van substantiële delen van de databank.
De hierboven vermelde rechten mogen uitgeoefend worden op alle bekende en onbekende dragers, media en formaten, met uitzondering van onbekende exploitatievormen. U heeft eveneens het recht om die wijzigingen aan het Werk aan te brengen die technisch noodzakelijk zijn voor de uitoefening van de hoger genoemde rechten op andere dragers, media en formaten. Oorspronkelijke Auteur ziet af van de uitoefening van zijn/haar morele rechten met betrekking tot de wijzigingen die technisch noodzakelijk zijn.
De Licentiegever behoudt zich alle rechten voor die niet uitdrukkelijk overgedragen zijn in deze Licentie, waaronder inbegrepen, doch niet beperkt tot, de rechten die onder sectie 4(e) opgenomen zijn.
4. Beperkingen De in artikel 3 toegekende licentie wordt uitdrukkelijk op de volgende manier beperkt:
1. U mag het Werk enkel in overeenstemming met de bepalingen van deze Licentie, uitlenen, verspreiden, ter beschikking stellen van het publiek of meedelen aan het publiek op voorwaarde dat U een kopie van deze Licentie of de Uniform Resource Identifier van deze Licentie toevoegt aan elke kopie van het Werk dat U uitleent, verspreidt, ter beschikking stelt van het publiek of meedeelt aan het publiek. U mag geen voorwaarden op het gebruik van het Werk aanbieden of opleggen die de bepalingen van deze Licentie of de uitoefening van de toegekende rechten wijzigen of beperken. U mag het werk niet in onderlicentie geven. U moet alle aanduidingen die verwijzen naar deze Licentie en naar de garantieclausule en de uitsluiting van aansprakelijkheid intact houden. U mag het Werk niet uitlenen, verspreiden, ter beschikking stellen van het publiek of meedelen aan het publiek indien daarbij een technische maatregel gebruikt wordt die de toegang tot of het gebruik van het Werk op een met de bepalingen van deze Licentie strijdige wijze controleert. Het voorgaande geldt voor het Werk dat opgenomen is in een Collectief Werk maar dat houdt niet in dat het Collectief Werk zelf, afgezien van het Werk, onderworpen wordt aan de bepalingen van deze Licentie. Indien U een Collectief Werk maakt, dan moet U, op aanvraag van om het even welke Licentiegever en in de mate van het mogelijke, elke verwijzing naar de Licentiegever of de Oorspronkelijke Auteur uit het Collectief Werk verwijderen. Indien U een Afgeleid Werk maakt, dan moet U, op aanvraag van om het even welke Licentiegever en in de mate van het mogelijke, elke verwijzing naar de Licentiegever of de Oorspronkelijke Auteur uit het Afgeleide Werk verwijderen.
2. U mag een Afgeleid Werk enkel uitlenen, verspreiden, ter beschikking stellen van het publiek of meedelen aan het publiek krachtens de bepalingen van deze Licentie, van een latere versie van deze Licentie met dezelfde Licentiekenmerken als deze Licentie of van een Creative Commons iCommons-licentie die dezelfde Licentiekenmerken bevat als deze Licentie (bv. Naamsvermelding Niet-Commercieel Gelijk Delen 2.0 Japan). U moet een kopie van deze Licentie, of elk andere licentie die in de voorafgaande zin gespecificeerd werd, of de Uniform Resource Identifier van deze Licentie toevoegen aan elke kopie van het Afgeleid Werk dat U uitleent, verspreidt, ter beschikking stelt van het publiek of meedeelt aan het publiek. U mag geen voorwaarden op het gebruik van het Afgeleid Werk aanbieden of opleggen die de bepalingen van deze Licentie of de uitoefening van de toegekende rechten wijzigen of beperken. U moet alle aanduidingen die verwijzen naar deze Licentie en naar de garantieclausule en de uitsluiting van aansprakelijkheid intact houden. U mag het Afgeleid Werk niet uitlenen, verspreiden, ter beschikking stellen aan het publiek of meedelen aan het publiek indien daarbij een technische maatregel gebruikt wordt die de toegang tot of het gebruik van het Werk op een met de bepalingen van deze Licentie strijdige wijze controleert. Het voorgaande geldt voor het Afgeleid Werk dat opgenomen is in een Collectief Werk maar dat houdt niet in dat het Collectief Werk zelf, afgezien van het Afgeleid Werk, onderworpen wordt aan de bepalingen van deze Licentie.
3. U mag geen enkel van de door artikel 3 aan U toegekende rechten uitoefenen op een manier die voornamelijk bedoeld is voor of gericht is op het bekomen van een commercieel voordeel of een persoonlijke financiële compensatie. De uitwisseling van het Werk tegen andere Werken, die beschermd worden door het auteursrecht, de naburige rechten of het sui generis databankenrecht, door het elektronisch delen van bestanden of op een andere wijze, wordt niet beschouwd als zijnde bedoeld voor of gericht op het bekomen van een commercieel voordeel of een persoonlijke financiële compensatie, op voorwaarde dat de uitwisseling van de beschermde Werken geen betaling of financiële compensatie met zich meebrengt.
4. Indien U het Werk, Afgeleide Werken of Collectieve Werken uitleent, verspreidt, ter beschikking stelt aan het publiek of meedeelt aan het publiek, dan moet U alle informatie betreffende het beheer van rechten met betrekking tot het Werk intact houden en, op een wijze die redelijk is in verhouding tot het gebruikte medium of middel, verwijzen naar de Oorspronkelijke Auteur, door het verstrekken van de naam van de Oorspronkelijke Auteur (of het pseudoniem indien van toepassing) indien deze wordt vermeld; de titel van het Werk indien deze wordt vermeld; in de mate dit redelijkerwijze mogelijk is en indien deze beschikbaar is, de Uniform Resource Identifier, dat de Licentiegever aanduidt als verbonden met het Werk, tenzij die URI niet verwijst naar de informatie betreffende het beheer van rechten met betrekking tot het Werk of naar de van toepassing zijnde licenties op het Werk; en in het geval van een Afgeleid Werk, door het aanduiden van het gebruik van het Werk in het Afgeleid Werk en door het identificeren van de elementen (bijvoorbeeld, door de aanduiding “Franse vertaling van het Oorspronkelijk Werk door de Auteur” “Franse vertaling van het Werk door de Oorspronkelijke Auteur” of “scenario gebaseerd op het Oorspronkelijk Werk door de Oorspronkelijke Auteur”). De verwijzing naar de Oorspronkelijke Auteur moet gebeuren op een redelijke manier. In het geval van een Afgeleid Werk of een Collectief Werk, moeten deze verwijzingen echter minstens weergegeven worden op dezelfde plaats en op dezelfde wijze als andere vergelijkbare auteursvermeldingen.
5. Deze Licentie wijzigt geenszinsnde regeling van de billijke vergoedingen, die eventueel van kracht is in België of in andere landen, ter compensatie van de wettelijke erkenning van gedwongen licenties en heeft geen invloed op de inning van deze vergoedingen.
5. Garantieclausule en uitsluiting van aansprakelijkheid
TENZIJ ER TUSSEN DE PARTIJEN SCHRIFTELIJK ANDERS OVEREENGEKOMEN IS, BIEDT DE LICENTIEGEVER HET WERK AAN ZOALS HET IS EN DOET DE LICENTIEGEVER GEEN VERKLARINGEN OVER HET WERK OF VERPLICHT HIJ ZICH TOT GEEN ENKELE GARANTIE, ONGEACHT OF DEZE UITDRUKKELIJK OF STILZWIJGEND, KRACHTENS DE WET OF OP EEN ANDERE GRONDSLAG RUST, HIERIN BEGREPEN, MAAR NIET BEPERKT TOT DE GARANTIE TEGEN UITWINNING, DE COMMERCIALISEERBAARHEID VAN HET WERK, DE FUNCTIONELE CONFORMITEIT, DE AFWEZIGHEID VAN INBREUK OP RECHTEN VAN DERDEN, DE AFWEZIGHEID VAN VERBORGEN OF ANDERE GEBREKEN, DE NAUWKEURIGHEID VAN HET WERK OF DE AFWEZIGHEID VAN FOUTEN EN GEBREKEN MET BETREKKING TOT DE INFORMATIE, ONGEACHT OF DEZE AL DAN NIET OPSPOORBAAR ZIJN. INDIEN DE OP DEZE LICENTIE VAN TOEPASSELIJKE WETGEVING EEN DERGELIJKE UITSLUITING VAN VERANTWOORDELIJKHEID VERBIEDT OF REGLEMENTEERT, DAN IS DEZE UITSLUITING VAN AANSPRAKELIJKHEID EN GARANTIE SLECHTS IN DE MATE TOEGELATEN DOOR DE WET VAN TOEPASSING.
6. Beperking van aansprakelijkheid
VOOR ZOVER DE VAN TOEPASSELIJKE WETGEVING DIT TOELAAT, ZAL DE LICENTIEGEVER IN GEEN ENKEL GEVAL AANSPRAKELIJK GEACHT WORDEN VOOR WELKE RECHTSTREEKSE OF ONRECHTSTREEKSE, MATERIËLE OF MORELE SCHADE DAN OOK, DIE VOORTVLOEIT UIT DEZE LICENTIE OF UIT HET GEBRUIK VAN HET WERK, ONGEACHT OF DE LICENTIEGEVER INGELICHT WERD OVER DE MOGELIJKHEID VAN DERGELIJKE SCHADE.
7. Beëindiging
1. Elke inbreuk op de bepalingen van deze Licentie waarvoor U verantwoordelijk bent, leidt tot de ontbinding van rechtswege van deze Licentie en het einde van de rechten die er uit voortvloeien. Niettemin behouden de licenties op Afgeleide Werken of Collectieve Werken, die door U krachtens deze Licentie verleend werden aan natuurlijke personen of rechtspersonen, hun werking ten opzichte van deze natuurlijke personen of rechtspersonen, voor zover deze personen de bepalingen van deze licenties niet schenden. De artikels 1, 2, 5, 6, 7 en 8, blijven van kracht ongeacht de beëindiging van deze Licentie.
2. Indien de hierboven vermelde bepalingen en voorwaarden in acht genomen worden, is deze licentie onbeperkt in tijd (voor de duur van de bescherming van het Werk door het auteursrecht, de naburige rechten en het sui generis databankenrecht). Desalniettemin behoudt de Licentiegever zich op elk ogenblik het recht voor om het Werk onder een andere licentie of onder andere voorwaarden te exploiteren of om elke verspreiding van het Werk stop te zetten, zonder dat het gebruik maken van deze mogelijkheid deze Licentie (of elke andere licentie die, krachtens de bepalingen van deze Licentie, verleend werd of verleend moest worden) ongedaan kan maken, en deze Licentie zal onverminderd van kracht blijven tenzij de beëindiging intreedt wegens de hoger aangegeven redenen.
8. Diversen
1. Telkens U het Werk of een Collectief Werk uitleent, verspreidt, meedeelt of ter beschikking stelt van het publiek, verleent de Licentiegever aan de ontvanger een licentie die van toepassing is op het Werk en die dezelfde bepalingen en voorwaarden bevat als deze Licentie.
2. Telkens U het Afgeleid Werk uitleent, verspreidt, meedeelt of ter beschikking stelt van het publiek, verleent de Licentiegever aan de ontvanger een licentie die van toepassing is op het oorspronkelijke Werk en die dezelfde bepalingen en voorwaarden bevat als deze Licentie
3. Indien een bepaling uit deze Licentie, krachtens het van toepassing zijnde recht, nietig of niet afdwingbaar is, dan zal dit geen invloed hebben op de geldigheid en de afdwingbaarheid van de andere bepalingen. In dit geval zal, zonder dat enige tussenkomst van de partijen hiervoor nodig is, een dergelijke bepaling op een zodanige wijze geïnterpreteerd worden dat haar geldigheid en afdwingbaarheid gevrijwaard blijven.
4. Geen enkele afstand ten opzichte van de bepalingen en voorwaarden van deze Licentie wordt vermoed zonder een schriftelijke overeenkomst die ondertekend is door de partij die afstand doet. Geen enkele inbreuk op deze Licentie wordt door de andere partij aanvaard zonder schriftelijke overeenkomst, ondertekend door deze partij.
5. Deze Licentie is het enige contract tussen de partijen met betrekking tot het Werk, dat het voorwerp is van deze Licentie. Er bestaat geen enkele overeenkomst of document van welke aard dan ook, die betrekking heeft op het Werk, bovenop wat hier bepaald is. De Licentiegever is gebonden door geen enkele bijkomende verplichting die voortvloeit uit enige communicatie afkomstig van U, ongeacht de vorm. Deze Licentie kan niet gewijzigd worden zonder de schriftelijke overeenkomst van beide partijen.
Creative Commons is geen partij bij deze Licentie en verleent geen enkele garantie met betrekking tot het Werk. Creative Commons sluit alle verantwoordelijkheid met betrekking tot deze Licentie tegenover U en tegenover elke derde uit, ongeacht de juridische grondslag van deze verantwoordelijkheid en ongeacht de aard van de opgelopen schade, of deze rechtstreeks of onrechtstreeks, materieel of moreel is.
Zonder dat afbreuk gedaan wordt aan de vorige alinea, zal Creative Commons, indien deze zich uitdrukkelijk bekendgemaakt heeft als Licentiegever in het kader van deze Licentie, alle rechten en plichten van Licentiegever bezitten.
Met uitzondering van het gebruik dat bestemd is om het publiek te informeren dat het Werk onder CCPL valt, zal geen enkele partij het merk “Creative Commons” of enige andere aanduiding of logo dat toekomt aan Creative Commons gebruiken zonder de voorafgaande schriftelijke instemming van Creative Commons. Elk door Creative Commons toegelaten gebruik moet in overeenstemming zijn met de trademark usage guidelines die van kracht zijn op het ogenblik van het gebruik, zoals deze gepubliceerd worden op de website of beschikbaar worden gesteld op individueel verzoek.
Creative Commons kan gecontacteerd worden op http://creativecommons.org/

112
src/linux_sea.xml Normal file
View File

@ -0,0 +1,112 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY whatislinux.xml SYSTEM "linux_sea/01-whatislinux.xml">
<!ENTITY freesoftware.xml SYSTEM "linux_sea/02-freesoftware.xml">
<!ENTITY community.xml SYSTEM "linux_sea/03-community.xml">
<!ENTITY runninglinux.xml SYSTEM "linux_sea/04-runninglinux.xml">
<!ENTITY linuxfs.xml SYSTEM "linux_sea/05-linuxfs.xml">
<!ENTITY processes.xml SYSTEM "linux_sea/06-processes.xml">
<!ENTITY kernelbuilding.xml SYSTEM "linux_sea/07-kernelbuilding.xml">
<!ENTITY hardwaremanagement.xml SYSTEM "linux_sea/08-hardwaremanagement.xml">
<!ENTITY softwaremanagement.xml SYSTEM "linux_sea/09-softwaremanagement.xml">
<!ENTITY usermanagement.xml SYSTEM "linux_sea/10-usermanagement.xml">
<!ENTITY networkmanagement.xml SYSTEM "linux_sea/11-networkmanagement.xml">
<!ENTITY servicemanagement.xml SYSTEM "linux_sea/12-servicemanagement.xml">
<!ENTITY storagemanagement.xml SYSTEM "linux_sea/13-storagemanagement.xml">
<!ENTITY systemmanagement.xml SYSTEM "linux_sea/14-systemmanagement.xml">
<!ENTITY graphicenvironment.xml SYSTEM "linux_sea/15-graphicenvironment.xml">
<!ENTITY installgentoo.xml SYSTEM "linux_sea/16-installgentoo.xml">
<!ENTITY tipsandanswers.xml SYSTEM "linux_sea/90-tipsandanswers.xml">
<!ENTITY glossary.xml SYSTEM "linux_sea/91-glossary.xml">
<!ENTITY genindex.sgm SYSTEM "genindex.sgm">
]>
<book>
<title>Linux Sea</title>
<bookinfo>
<title>Linux Sea</title>
<author>
<firstname>Sven</firstname>
<surname>Vermeulen</surname>
</author>
<authorblurb>
<para>
Sven Vermeulen is a Gentoo Linux documentation developer, largely
to blame for the Gentoo Handbook and a large number of Gentoo-related
guides. You can find him online under the alias "SwifT" or reach him
through his Gentoo e-mail address "swift@gentoo.org".
</para>
</authorblurb>
<abstract>
<para>
The book "Linux Sea" offers a gentle yet technical (from end-user
perspective) introduction to the Linux operating system, using Gentoo
Linux as the example Linux distribution. It does not nor will it ever
talk about the history of the Linux kernel or Linux distributions or
dive into details that are less interesting for Linux users.
</para>
<para>
For various topics, the online Gentoo Handbook offers a very detailed
approach and as such is mandatory reading for any Gentoo Linux user who
wants to know the full power of this Operating System. Although there is
definitely overlap between "Linux Sea" and the online Gentoo Handbook,
"Linux Sea" is by no means meant to replace the online Gentoo Handbook.
</para>
<para>
"Linux Sea" will attempt to focus on topics that everyday users would
probably need to know to continue working with Gentoo Linux.
</para>
</abstract>
<edition>Linux Sea v1.1</edition>
<copyright>
<year>2009, 2010</year>
<holder>Sven Vermeulen</holder>
</copyright>
<legalnotice>
<para>
You are free to share (copy, distribute and transmit) the work as well
as remix (adapt) the work under the conditions of the Creative Commons
Attribution Noncommercial Share Alike 2.0 license, available at
http://creativecommons.org/licenses/by-nc-sa/2.0/be/deed.en
</para>
</legalnotice>
</bookinfo>
<toc></toc>
<!-- Part - On Linux and Free Software -->
&whatislinux.xml;
&freesoftware.xml;
&community.xml;
<!-- Part - Working with Linux -->
&runninglinux.xml;
&linuxfs.xml;
&processes.xml;
<!-- Part - Simple System Administration -->
&kernelbuilding.xml;
&hardwaremanagement.xml;
&softwaremanagement.xml;
&usermanagement.xml;
&networkmanagement.xml;
&servicemanagement.xml;
&storagemanagement.xml;
&systemmanagement.xml;
&graphicenvironment.xml;
<!-- Part - Installing Gentoo Linux -->
&installgentoo.xml;
<!-- Part - Addenda -->
&tipsandanswers.xml;
&glossary.xml;
&genindex.sgm;
</book>

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,791 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>How does Free Software affect Linux?</title>
<section>
<title>Introduction</title>
<para>The Linux OS has become increasingly popular mainly due to the
freedom it allows (and of course also the low or zero-fee price of the
entire operating system). In this chapter we see how these freedoms come
to life and how they are protected and sustained.</para>
<para>We also take a look at the development model used by free software
projects in general because it is a major result of said freedoms, one
that makes free software projects often more interesting than
closed-source commercial software projects. The development model is also
one of the major strengths of free software.</para>
</section>
<section>
<title>Free Software</title>
<para>If we take a step back from all technical aspects, Linux differs
from the closed-source commercial software in an important aspect:
licensing. Licensing is what drives free software...</para>
<section>
<title>What are Software Licenses?</title>
<para>Software is someone's intellectual property. Intellectual
property<indexterm>
<primary>intellectual property</primary>
</indexterm> is a heavy word that shouldn't be interpreted to anything
else than the result of some effort to create something that is not a
plain copy. If you write some text, the resulting text is your
intellectual property (unless you've copied it from somewhere).</para>
<para>Intellectual property is protected by law. Copyright<indexterm>
<primary>copyright</primary>
</indexterm> protects your intellectual property by prohibiting others
to copy, adapt, reproduce and/or redistribute your ``thing'' without
your consent. Mind you though that not every intellectual property is
copyright protected and copyright differs from country to country. An
example of intellectual property that isn't copyright protected is a
mathematical method: even though the inventor of the method had to
ponder years and years on it, his method isn't copyright protected (but
if he wrote a text about this method, the text itself is). Copyright is
automatically assigned: it doesn't cost you anything and it is broadly
accepted.</para>
<para>Another protection is a patent<indexterm>
<primary>patent</primary>
</indexterm>. Patents are (or should be) granted to new inventions who
are not known to the public at the time of the patent request. Patents
are often used to protect intellectual property that isn't protected by
the copyright: methods for doing stuff (including medical compositions).
Sadly, the industry is often abusing patents for much more when they
have a patent with a broad action field: the patent covers too much,
allowing the company to force others not to use a method they actually
do have the right to use. Also, both the request and the patent grant
are very costly and only larger companies have the abilities to obtain
(and protect) several patents. Smaller companies or individuals don't
have the means to obtain a patent, let alone protect themselves in a
court because they might have used a method that is described in one or
more patents.</para>
<para>I use the word <emphasis>abuse</emphasis> because companies often
get patents for methods that are broadly used or are so silly that you'd
wonder what patent office (patent requests are - or should be - checked
for their validity before they are granted) has granted those
patents.</para>
<para>I'll abstain from elaborating on this (politically sensitive)
topic more and move on to <emphasis>software
licenses</emphasis><indexterm>
<primary>software license</primary>
</indexterm>. A software license is a contract between you, the
software user, and the software copyright owner. It tells you what you
can and cannot do with the software. Any software that is not licensed
is fully copyright protected, meaning you shouldn't even have it, let
alone run it.</para>
<para>Most commercial-grade licenses are often called the
EULAs<indexterm>
<primary>EULA</primary>
</indexterm>, or End User License Agreements. They usually say what
you are allowed to do with the software (often including what you are
allowed to use the software for). The EULAs more often stress what is
denied rather than allow anything. One of the many topics is
redistribution of the software. Most EULAs explicitly disallow
redistribution.</para>
<para>Linux (and free software in general) is different. The
accompanying license grants you the right to copy the software, obtain
the source code, modify it and redistribute it (with or without
modifications) and even sell it. Because there are many variations
possible there are many popular licenses.</para>
</section>
<section>
<title>What Licenses Exist?</title>
<para>I'll list a few of the more popular licenses here, but be advised,
there are more than 800 licenses around. Many of those licenses are
quite similar (or are exactly the same) and the free software community
should start to consolidate all those licenses in a much smaller set.
Sadly, they haven't done so yet. Luckily, the 90-10 rule here applies:
90% of all free software uses 10% of the free software (or other)
licenses. The other licenses are only marginally used, sometimes just
for a single application.</para>
<section>
<title>Public Domain</title>
<para>When software is placed under the public domain, you're free to
do whatever you want with it: the author waves any right he can to
allow for full freedom of his software.</para>
</section>
<section>
<title>MIT License and some BSD-like Licenses</title>
<para>The MIT license and some BSD-like licenses are almost like the
public domain, but ask you to keep the copyright notice intact. This
is a very popular license because the author allows you to do whatever
you want as long as you keep his name on the product copyright notice
as well.</para>
</section>
<section>
<title>GPL</title>
<para>The GNU Public License<indexterm>
<primary>GPL</primary>
</indexterm> is the most widely used free software license, but for
some people also the most restrictive free software license. The GPL
tells you that you can do whatever you want with the software, as long
as you provide the source code of your modifications to whoever you
distributed the modified version to and as long as this modification
is under the GPL as well.</para>
<para>The Linux kernel is GPL licensed.</para>
</section>
<section>
<title>OSI Approved Licenses</title>
<para>An OSI approved license is a license that adheres to the
<emphasis>Open Source Definition</emphasis><indexterm>
<primary>Open Source Definition</primary>
</indexterm> written down by the <emphasis>Open Source
Initiative</emphasis><indexterm>
<primary>Open Source Initiative</primary>
</indexterm><indexterm>
<primary>OSI</primary>
</indexterm> of which the following points are a free
interpretation:</para>
<itemizedlist>
<listitem>
<para>free redistribution</para>
</listitem>
<listitem>
<para>source code available</para>
</listitem>
<listitem>
<para>modifications are allowed (including redistribution)</para>
</listitem>
<listitem>
<para>no discrimination (people, fields ...)</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>FSF Approved Licenses</title>
<para>An FSF<indexterm>
<primary>FSF</primary>
</indexterm> approved license adheres to the <emphasis>Free Software
</emphasis><indexterm>
<primary>free software</primary>
</indexterm>definition written down by the <emphasis>Free Software
Foundation</emphasis> of which the following points are the core of
the definition:</para>
<para>You should be free to ...</para>
<itemizedlist>
<listitem>
<para>run the program for any purpose</para>
</listitem>
<listitem>
<para>study how the program works and adapt it to your
needs</para>
</listitem>
<listitem>
<para>redistribute copies</para>
</listitem>
<listitem>
<para>improve the program and release your changes to the
public</para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Free Software isn't Non-Commercial</title>
<para>Free software is often perceived to be a pure hobbyist project: it
would not be commercially viable to bring free software to the
enterprise world. After all, if software is freely available, what kind
of profit could a company make from it. Nothing could be further from
the truth...</para>
<para>It is true that free software requires a different look on
software in a commercial environment (including companies). Companies
who <emphasis>use</emphasis> software want to be assured that they have
support for the software when things go wrong. They often close (costly)
support contracts with the software company where service level
agreements (abbreviated to SLAs) are defined. Based on these contracts,
the company has the assurance that if certain services become
unavailable, the supporting company will do whatever it can to bring the
service back or, in some occasions, compensate the financial damage that
the downfall has caused.</para>
<para>Most of the time, these support contracts are closed with the
software company itself because it has the most knowledge of the
software (as it is probably the only company with access to the software
code). Sadly, as good as this reason is, companies don't look at free
software ``because there is no support''. This isn't true; support for
free software is still (commercially) available, but most of the time
not from the creators themselves. And although this scares the
companies, the reason why this support is still as good as with
off-the-shelf software remains the same: the supporting company has
access to the source code of the tool and has professional knowledge
about the tool. It probably has developers in the software project
itself.</para>
<para>Companies that <emphasis>sell</emphasis> software are of course
often against free software. When these companies major income depends
on the sales of their software, it would not be viable to make the
software free. If they would, competiting companies would have full
access to the source code and improve their own product with it.</para>
<para>I don't think this is a disadvantage though. Software companies
should use their main strength: knowledge about the tool. As mentioned
before, other companies often want to close support contracts to ensure
the service that the software delivers; if the software company creates
free software, this wouldn't change. For many software companies,
support contracts are the main source of income.</para>
<para>It is still possible to sell free software; some pioneering
companies are payed to made modifications to free software because
companies don't have the resources to do so themselves. These companies
can keep the modifications private if the free software license allows
this) but can also bring these modifications to the public by
contributing it to the software project itself.</para>
<para>A major proof of this is the acceptance of free software by major
software players such as Sun Microsystems and IBM, and the emergance of
new software players that build their business upon free software, such
as RedHat or MySQL<indexterm>
<primary>MySQL</primary>
</indexterm> (recently acquired by Sun Microsystems). The latter
company uses a dual-licensed software approach: the MySQL source code is
available in two licenses, a free software one for the public and a more
closed one for companies who want support from MySQL itself. Using a
dual-licensed approach allows the company to support a fixed state of
their product while keeping the software free. Supporting a fixed state
of the product is of course much easier than to support the software in
general.</para>
<para>However, don't think that every free software project is
enterprise-ready or that you will be able to find (paid) support for
every software project. You should carefully check out every software
title you want to use if you want to use software, free or not. For end
users, distributions help you to pick software. If a distribution
packages a certain software title, it feels that the software title is
stable and well supported.</para>
</section>
<section>
<title>So Linux is Free?</title>
<para>Yes, Linux is free. It is certainly free in the sense of ``free
speech'' and although most software titles are also free in the sense of
``free beer'', you shouldn't be surprised to see distributions you can
or have to pay for. In that case, you can be paying for the software
medium (the burned DVD), accompanying printed documentation, 30-day
installation and usage support or for the resources that the
distribution has to acquire itself (like infrastructure).</para>
<para>Most distributions have free downloads with online documentation
and wonderfull community support (active mailing lists or Internet
fora), which is why Linux is that popular: you can download, install and
use several distributions to decide which one is best for you. You can
try the software (without loosing any functionality) and you don't even
have to pay for it to continue using it (as is the case with
shareware<indexterm>
<primary>shareware</primary>
</indexterm>). Gentoo is one of those distribution projects. Such
distributions get their financial backing (for infrastructure and
organisational needs, including juridical support and bureaucratic
paperwork) from user donations or sales of pressed DVDs. Companies also
tend to support distributions financially or with hardware / bandwidth
donations.</para>
<para>Some distributions are only available when you pay for it. In that
case you often pay for the support or for additional software in the
distribution which isn't freely available. A popular distribution is
RedHat Enterprise Linux, a Linux distribution specifically targetting
companies who want to set up Linux servers. You don't just pay for the
support, but also for the resources that RedHat has put in the
distribution to make it certified for other software (such as Oracle and
SAP) so that you can run (with support from the software company) this
software on your RHEL installations.</para>
<para>It is important however to understand that distribution projects
only develop a very small part of the software that you install on your
system. Most software comes from other free software projects and these
projects often don't get gifts from the distribution projects.
Nonetheless they do face the same problems as any other (larger) free
software project: bureaucratic paperwork, juridical support,
infrastructure needs, ... So it comes to no surprise that these projects
also have the same income streams as the distribution projects: user
gifts, commercial sponsorship and software / support sales.</para>
</section>
</section>
<section>
<title>Development Model</title>
<para>Due to the nature of free software projects, you'll find that it has
quite some differences with closed-source commercial, off the shelf
software...</para>
<section>
<title>Multi-Project Development</title>
<para>One distribution provides an aggregation of software. Each of
those software titles is built by a software project which usually
differs from the distribution project. Hence, when you install a
distribution on your system, it contains software from hundreds of
software projects around the world.</para>
<para>So to obtain support for a flaw you found, or an issue you come
across, the first place to seek support would be the distribution, but
chances are that the distribution will put the support question
<emphasis>upstream</emphasis><indexterm>
<primary>upstream</primary>
</indexterm>, meaning that it forwards the request to the software
project that develops the software you have an issue with.</para>
</section>
<section>
<title>Transparent Development</title>
<para>Free software is usually developed transparently: if you are
interested in the development of your favorite software title, you can
quickly find out how its development works and how to
participate.</para>
<para>Usually, software projects use a <emphasis>concurrent versioning
system</emphasis><indexterm>
<primary>concurrent versioning system</primary>
</indexterm> such as CVS<indexterm>
<primary>CVS</primary>
</indexterm> or SVN<indexterm>
<primary>SVN</primary>
</indexterm> to keep the source code in. Such systems allow for dozens
(or even hundreds) of developers to work on the same source code
simultaneously and keep track of all changes that have happened (so they
can easily be reverted). This isn't just for free software projects -
almost all software projects use such a system. However, free software
projects usually allow non-developers to see the progress of the
development by giving them read-only access to the system. This way, you
can track every change to the software personally.</para>
<para>To discuss the future of the software, or to take software design
decisions, most free software projects can't use real-life meetings:
their developers are scattered around the world. A solution to this
problem are communication systems such as mailing lists, IRC (chat) or
forums (Internet or Usenet). Most of these communication systems are
also open for non-developers to participate in the discussions, meaning
that end users have direct communication with developers.</para>
<para>The latter has a major advantage: changes requested by the users
are directly communicated to the developers so that misinterpretation is
less frequent, allowing for projects to update their software more
accurate and frequent.</para>
</section>
<section>
<title>Fast Release Cycles</title>
<para>Larger free software projects have hundreds of contributors and
several dozens of developers. Those developers are very motivated to
work on the software by passion. If they weren't, they wouldn't be
working on the software as there usually is no other incentive to work
for (such as a nice pay check) although it must be said that there are
software projects (and they aren't small in numbers) who have paid
developers as well. As a result, the software is quickly progressing and
new features are added quickly (some projects even have new features on
an almost daily basis).</para>
<para>To make sure that new features and fixes are tested properly,
software development snapshots are communicated to a broad community of
testers and stable snapshots are often released to the general public as
a new release of the software. Different release types are commonly used
in free software environments:</para>
<itemizedlist>
<listitem>
<para><emphasis>nightly snapshots</emphasis><indexterm>
<primary>release</primary>
<secondary>nightly snapshot</secondary>
</indexterm> are extracts of the source code at a certain period
in time which are built and put online for everyone to use. These
releases are automatically generated and are bleeding-edge as they
represent the state of the software title only a few moments ago.
They are highly experimental and only meant for developers or
experienced contributors</para>
</listitem>
<listitem>
<para><emphasis>development releases</emphasis> are intermediate
releases, similar to nightly snapshots, but somewhat more
coördinated by the developers. They usually have a
ChangeLog<indexterm>
<primary>ChangeLog</primary>
</indexterm> which lists the changes in it since the previous
release. Such releases are meant for experienced contributors and
testers who don't mind the software to be broken from time to
time.</para>
</listitem>
<listitem>
<para><emphasis>beta releases</emphasis><indexterm>
<primary>release</primary>
<secondary>beta</secondary>
</indexterm> contain a preliminary vision of how the final release
will look like. It might not be fully stable or complete but
individuals who don't participate in the frequent tests can try and
see if the new release would still work for them and contain the
fixes they requested. Beta releases are also important for
distributions as they can now start developing packages for the
software so that they are ready when the final release of the
software is made.</para>
</listitem>
<listitem>
<para><emphasis>release candidates</emphasis><indexterm>
<primary>release</primary>
<secondary>candidate</secondary>
</indexterm> are proposals for final releases. They contain the
software such as the developers would like to release it. They now
wait for a certain period so that the testers and general public can
run their tests to ensure no bugs are in it anymore. New features
aren't added to the software now, only bug fixes. When no new (or
major) bugs are found, the release candidate is converted to a new
release</para>
</listitem>
<listitem>
<para><emphasis>stable release</emphasis><indexterm>
<primary>release</primary>
<secondary>stable</secondary>
</indexterm> are the final releases of the entire development
process. These releases are now used by the users and distributions
and the entire development process can start over.</para>
</listitem>
</itemizedlist>
<para>Stable releases also tend to be released in specific gradations,
reflected by their version number. A popular numbering scheme is x.y.z
where:</para>
<itemizedlist>
<listitem>
<para>x is the major version; this version number is only updated
when the software has been substantially changed. Often such
releases also require all packages that depend on it to be updated
as well because they might use features or libraries that are
changed.</para>
</listitem>
<listitem>
<para>y is the minor version; this version number is updated every
time the software has been updated with lots of new features</para>
</listitem>
<listitem>
<para>z is the bugfix version; this version number is updated
whenever mainly bug fixes have been added to the software</para>
</listitem>
</itemizedlist>
<para>As an example I'll list the release dates for the KDE 4.1 release.
Since KDE is a complete graphical environment its release cycle is
``slower'' than others. Yet if you compare it with the release cycle of
for instance Microsoft Windows its still blazingly fast. Of course, that
would be like comparing apples with glass...</para>
<itemizedlist>
<listitem>
<para>2008-04-29: KDE 4.1.0 alpha1 is released</para>
</listitem>
<listitem>
<para>2008-05-27: KDE 4.1.0 beta1 is released</para>
</listitem>
<listitem>
<para>2008-06-24: KDE 4.1.0 beta2 is released</para>
</listitem>
<listitem>
<para>2008-07-15: KDE 4.1.0 release candidate is released</para>
</listitem>
<listitem>
<para>2008-07-29: KDE 4.1.0 is released</para>
</listitem>
<listitem>
<para>2008-09-03: KDE 4.1.1 is released</para>
</listitem>
<listitem>
<para>2008-10-03: KDE 4.1.2 is released</para>
</listitem>
<listitem>
<para>2008-11-05: KDE 4.1.3 is released</para>
</listitem>
</itemizedlist>
<para>Just for your information, KDE 4.2 beta 1 is released on November
26th, 2008, merely 7 months after KDE 4.1's alpha release.</para>
</section>
<section>
<title>Large Documentation Base</title>
<para>Because the project often can't deliver human, paid support for
the software, its success is largely based on the documentation the
project delivers. If the accompanying documentation contains all
information about the software, experienced or independent users can
find all user related answers in the documentation.</para>
<para>Free software projects usually have high profile documentation,
often better than the online available documentation of closed-source
off the shelf software. Many larger projects even have all this
documentation available in several languages. And if you don't find your
answer in the project documentation, chances are that one or more users
have written independent guides on the software elsewhere.</para>
<para>There are many sites on the internet that link to the various
documentation resources and the same problem as with free software
itself arises: often you have too many resources making it harder to
find the correct document to guide you through your end user experience
of the software. However, unlike the plethora on software titles around
(making it difficult to find the right software for the right job) it is
easier for a user to know if documentation is good or not so there is no
need for a ``documentation distribution''.</para>
</section>
<section>
<title>Software Life Cycle</title>
<para>If you buy software of an unknown, smaller company, you have the
chance that after a number of years, the company doesn't exist anymore
or is taken over and doesn't support that software since. Something
similar is true with free software: if the project decides that there
aren't enough resources to continue the development of the software
(usually due to a shortage on developers) it can stop the development of
the software, usually resulting in a drop of support from users as
well.</para>
<para>However, unlike the case of the software company, the free
software source code remains available to the public. If you desperately
need the software to work for you, you can just pick the source code and
continue the development of it yourself (or pay others to do it for
you). You're also confident that the software will remain free.</para>
<para>If at any time all the copyright owners of the free software
decide that the software falls under a different license which you don't
agree after, you can take the sourcecode of the moment right before the
copyright holders decided to switch the licenses and continue the
development under that license (as that software is still under the
original license and not the new one). This process (where a group of
developers disagree with the development plans of the software and start
a new project based on the same source code) is called
<emphasis>forking</emphasis><indexterm>
<primary>fork</primary>
</indexterm> the project.</para>
<para>A well known example of such a fork is the creation of the X.org
project, a fork of the XFree86 project which at a certain point in time
decided to change their license. The license change wasn't the only
reason for that fork: some developers were also unhappy with the
development policy on new features and the development pace. Both
projects are currently still around although X.org is now the most
popular one.</para>
</section>
</section>
<section>
<title>Open Standards</title>
<para>Because so many projects are involved, it is important that each
project uses standards as much as possible. Only by complying to open
standards can projects easily and efficiently work together. Next are a
few important standards or well perceived specifications in the free
software world.</para>
<section>
<title id="fhs" xreflabel="Filesystem Hierarchy Standard">Filesystem
Hierarchy Standard</title>
<para>The first standard I discuss is the <emphasis>Filesystem Hierarchy
Standard</emphasis><indexterm>
<primary>Filesystem Hierarchy Standard</primary>
</indexterm>, abbreviated to FHS<indexterm>
<primary>FHS</primary>
</indexterm>. This standard is used by almost all distributions and
discusses the file locations on a Linux file system. One can read the
FHS online at <ulink
url="http://www.pathname.com/fhs"><uri>http://www.pathname.com/fhs/</uri></ulink>
but many other resources describe the FHS layout as well.</para>
<para>The file system layout for Unix/Linux is quite different from the
file system layout as seen from within Microsoft Windows. Instead of
marking partitions by a drive letter, Unix/Linux sees a file system as a
tree-like structure, starting with a root and building up through
directories and files. You could say that the branches in the structure
are the directories and the leaves are the files. If you think you have
not encountered a Unix/Linux file system before, think again: URLs that
you use on the Internet are based upon this structure. For instance, the
URL <ulink
url="http://www.gentoo.org/doc/en/faq.xml">http://www.gentoo.org/doc/en/faq.xml</ulink>
denotes the file called <filename>faq.xml</filename> which can be found
on the server of <ulink
url="http://www.gentoo.org">www.gentoo.org</ulink>, in the directory
<filename>/doc/en</filename>. So, / is the root, "doc" is a branch of
this root and "en" is a branch of "doc".</para>
<para>Distributions that adhere to the FHS allow their Linux users to
easily switch between distributions: the file system structure remains
the same so navigation between folders, device files ... doesn't change.
It also enables independent packagers to create packages for several
distributions at once (as long as the distributions use the same package
format). But foremost, it allows Linux users of one distribution to help
users of other distributions as there isn't actually any difference
between their file system layouts.</para>
<para>The current version of this standard is 2.3, released on January
29th, 2004.</para>
</section>
<section>
<title>Linux Standard Base</title>
<para>The <emphasis>Linux Standard Base</emphasis><indexterm>
<primary>Linux Standard Base</primary>
</indexterm>, or LSB<indexterm>
<primary>LSB</primary>
</indexterm> sets the layout, binary compatibility, required
libraries, required commands and more for a Linux operating system. If a
distribution adheres to the LSB standard it can install, run and
maintain LSB compliant (software) packages.</para>
<para>Distributions should adhere to the LSB if they want to ensure that
they don't deviate from a good Linux standard. As a consequence, the LSB
is an effort to ensure that distributions stay similar with regards to
libraries, commands ... or in overall, user experience. It is a good
effort to ensure that no fragmentation occurs in the Linux world.</para>
<para>Because the LSB is a broad standard, it comprises of other
standards, including the forementioned FHS but also the <emphasis>Single
Unix Specification</emphasis><indexterm>
<primary>Single Unix Specification</primary>
</indexterm> (SUS<indexterm>
<primary>SUS</primary>
</indexterm>) which defines how a Unix system should be. However, one
cannot say that his Linux operating system is Unix because he would need
to certify the OS (which requires serious financial support) and this
certification wouldn't last long because the Linux OS changes
often.</para>
<para>One of LSBs' largest advantages is that ISVs (Independent Software
Vendors) such as Oracle, IBM, Sybase ... can package their software in
an LSB-compatible software package which can then be installed on any
LSB-compliant distribution.</para>
</section>
<section>
<title>Free Desktop Specifications</title>
<para>On <uri>http://www.freedesktop.org</uri> you'll find a set of
desktop specifications that are well known in the free software
community. Although they aren't standards (as freedesktop<indexterm>
<primary>freedesktop</primary>
</indexterm> is no standards body and the specifications haven't been
converted into OASIS or ISO standards) many distributions adhere to
them.</para>
<para>These specifications define how menu entries are created and
maintained, where icons should reside, but also how drag and drop
between different libraries (most notably Qt<indexterm>
<primary>Qt</primary>
</indexterm> and GTK+<indexterm>
<primary>GTK+</primary>
</indexterm>, the graphical libraries for KDE and GNOME) should be
made possible.</para>
</section>
</section>
<section>
<title>Exercises</title>
<orderedlist>
<listitem>
<para>What is the difference between GPLv2 and GPLv3?</para>
</listitem>
<listitem>
<para>Part of LSBs standard is the ELF or Executable and Linking
Format, the binary format for executable, compiled code used by
various Linux/Unix distributions. Can you find other operating systems
that support the ELF format beyond Linux/Unix?</para>
</listitem>
<listitem>
<para>Some people see fast releases as a weakness in the free software
community: users are "forced" to upgrade their software more often and
even though it is free, it still takes time (and sometimes headaches)
to upgrade the software this often. Some distributions tend to help
those users by offering stable (both in stability and in version
releases) software only. How is this possible?</para>
</listitem>
<listitem>
<para>How is it possible that many distributions allow you to upgrade
to the latest version without needing an installation CD or
reinstallation from scratch?</para>
</listitem>
</orderedlist>
</section>
<section>
<title>Further Resources</title>
<itemizedlist>
<listitem>
<para><ulink
url="http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/">The
Cathedral and The Bazaar</ulink>, by Eric Steven Raymond - an essay on
two different development models used in the Free Software
community.</para>
</listitem>
<listitem>
<para><ulink url="http://www.ffii.org">Foundation for a Free
Information Infrastructure</ulink>, a NPO dedicated to establishing a
free market in information technology.</para>
</listitem>
<listitem>
<para><ulink
url="http://www.gnu.org/philosophy/fighting-software-patents.htmlhttp://www.gnu.org/philosophy/fighting-software-patents.html">Fighting
Software Patents</ulink>, by Richard Stallman - GNUs vision on
software patents.</para>
</listitem>
</itemizedlist>
</section>
</chapter>

View File

@ -0,0 +1,489 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>The Role of the Community</title>
<section>
<title>Introduction</title>
<para>A very important asset of free software is the free software
community. Just like with any technology or concept, free software has
adepts that defend and promote free software to great extend. The free
software community itself is very vivid and eager to help others in
exploring the wonderful world of free software...</para>
</section>
<section>
<title>Communities</title>
<para>Free software communities are similar to real communities, but with
the Internet as main communication channel. Hence, these communities
aren't clustered in space like real life communities would, but are
scattered throughout the world. Nevertheless, the Internet ensures that
participants of a community, even when they are lightyears (figure of
speech) apart, talk to each other the same way as neighbours do.</para>
<para>The Internet is a great asset for these communities: you are not
judged based on the color of your skin, your age or your looks. What
matters is how you communicate with others, how you present yourself and
how you react in discussions. Debates in a community can often become
quite vivid, especially when the subject is one where facts aren't
sufficient to provide good answers. And when these discussions change from
debates into almost insulting fights, a flamewar<indexterm>
<primary>flamewar</primary>
</indexterm> is born.</para>
<para>In flamewars, facts and reason are often far away. You should
definitely try to avoid flamewars for discussions where decisions have to
be made, but it is impossible to really prevent them as they are the
result of people who have an active interest in a subject they are eager
to defend, especially when there is no clear answer to the question that
started the flamewar.</para>
<para>Examples of such flamewars are ``What is the best Linux
distribution?'' or ``What text editor should I choose?'' because these
questions don't have clear answers: the best distribution for one person
might be the worst for another, and there are many text editors around. In
latin one would say ``de gustibus et coloribus non est disputandum'' (one
shouldn't argue about tastes and colors) and this is very true for these
kind of questions.</para>
<para>When you don't have a choice, flamewars don't exist: you cannot
compare one product with itself. But in the free software world, choice is
an important concept. You have the choice between many free operating
systems (next to Linux you have many BSD flavors, Sun Solaris 10 and even
less popular but promising operating systems like the GNU Hurd),
distributions (there are over a hundred distributions around), graphical
environments (not a single day goes by without battles about GNOME versus
KDE), office suites, etc.</para>
<para>An often debated subject is ``the best distribution'' and although
this book might seem a bit biased on the subject the best answer I can
give you is that there is no best distribution, at least not generally
speaking. The meaning of the term ``best'' is judged by people who have
personal preferences about their operating system. And many of these
people defend their best distribution very vividly.</para>
<para>Distribution communities are very active, mostly because they are
quite large. The Gentoo community for instance is known for its
responsiveness: the Gentoo chat channel is always alive (with more than
800 participants at any time) as is its forum (with more than a thousand
posts per day) and mailinglists. Of course, general flamewars on
distributions are often on more neutral grounds, but heated discussions on
other topics are a daily routine.</para>
<para>For this reason, most communities have people who keep the
discussions sane and prevent flamewars from growing too much. People who
try to induce flamewars on the communication channels (called
<emphasis>trolls</emphasis><indexterm>
<primary>troll</primary>
</indexterm>) are taken care of by these operators: channel operators
can kick or even ban such people from the chat channel, mailinglist
operators remove these people from the list and forum operators remove the
profiles of these users. You can safely say these people are the police of
the community.</para>
<section>
<title>Local Communities</title>
<para>A specific type of community is one which is local in space. Such
communities often organise meetings (conferences, talks, barbequeues,
...) and offer help to people local to the location where the community
is hosted.</para>
<para>LUG<indexterm>
<primary>LUG</primary>
</indexterm>s (Linux User Group<indexterm>
<primary>Linux User Group</primary>
</indexterm>s) are succesful examples of such communities: these
groups aggregate together, debating on the evolution in the Linux world
and help others with Linux installations (Linux Install Fests<indexterm>
<primary>Linux Install Fest</primary>
</indexterm> are local meetings that offer help in deploying your
favorite Linux distribution on your system). You might find a LUG very
close by.</para>
<para>Many LUGs offer various services to their users which is often
unseen in communities for commercial software. Moreover, many LUGs offer
these services free-of-charge:</para>
<itemizedlist>
<listitem>
<para>individual, on-site help with installation, configuration and
maintenance of a Linux distribution or other free software</para>
</listitem>
<listitem>
<para>courses, talks and presentations offering you more insight in
available Free Software</para>
</listitem>
<listitem>
<para>specific documentation tailored to the needs of its own
users</para>
</listitem>
</itemizedlist>
<para>If you have some time to spare, I really recommend to join a local
LUG - even if you are not searching for help, you can still offer your
own expertise to others and make connections (yes, social networking is
important).</para>
</section>
<section>
<title>Online Communities</title>
<para>When people want to discuss a particular software topic or
distribution, online communities are often formed. These communities do
not (or to a less extend) organise meetings at a specific location
(often called "in real life") but rather use the Internet as the meeting
place ("online" meetings).</para>
<para>Online communities have the advantage that its members can be
anywhere in the world and just like LUGs, they still offer services to
its users, also most of the time free-of-charge:</para>
<itemizedlist>
<listitem>
<para>online help with installation, configuration and maintenance
of the software</para>
<para>In particular cases, communities can even offer interactive
help through technologies such as SSH<indexterm>
<primary>SSH</primary>
</indexterm> (Secure SHell - allows users to log on and work on
another machine) and VNC<indexterm>
<primary>VNC</primary>
</indexterm> (Virtual Network Computing - allows users to
graphically log on and work on another machine, or see read-only
sessions).</para>
</listitem>
<listitem>
<para>courses and online presentations</para>
</listitem>
<listitem>
<para>documentation, more specialised to the software title but
often also localised (translated)</para>
</listitem>
</itemizedlist>
<para>This is possible thanks to the various technologies available on
the Internet, including</para>
<itemizedlist>
<listitem>
<para>Wiki (online collaboration software for developing
documentation) software has become quite popular for developing and
releasing documentation. The use of wiki's allows users to edit
existing documentation or author new documentation online (with a
simple browser) and the results of their editing is immediately
visible to others.</para>
</listitem>
<listitem>
<para>Online (web)forums, where people can participate in
discussions by placing messages and reacting to other messages. The
advantage of web forums is that they are accessible through your web
browser (which most firewalls still allow), can be consulted after
the discussion has long been closed and where messages can be
extended with images, attachments and formatted text.</para>
</listitem>
<listitem>
<para>Mailinglists, which is similar (function-wise) to web forums,
but then organised through e-mail. People subscribe to a mailinglist
and then receive all mails sent to that mailinglist to their
personal mailbox. Replies to these mails are sent back to the
mailinglists where they are again distributed to all mailinglist
participants. Mailinglists are quite popular in free software
communities as they are easily moderated and can be filtered. Also,
mails often reach people faster than messages on a webforum so you
could see a mailinglist as a faster discussion medium.</para>
</listitem>
<listitem>
<para>IRC<indexterm>
<primary>IRC</primary>
</indexterm> (Internet Relay Chat) is a way of communicating with
many people interactively. Most people know Instant Messaging
software such as MSN or Google Talk. Well, IRC is somewhat older but
still very much used as it supports chatrooms where several hundreds
of people can participate. IRC is the fastest medium for
participating in discussions and can be seen as a method for
creating "online" meetings.</para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Support</title>
<para>Communities often perform the role of support people: if you have a
question about their software project they are eager to answer and help.
If you think the software is insufficient, they will help you expand it or
have it work together with other tools (or even redirect you to other
software projects if they feel you want something out of their favorite
tool that the tool isn't made for).</para>
<para>Support can be given on many levels...</para>
<section>
<title>Documentation Guides</title>
<para>A documentation guide is often created with one goal: describe how
to do something with the tool. Such guides are therefor often called
HOWTOs<indexterm>
<primary>HOWTO</primary>
</indexterm>. Much work is put in such HOWTOs because they should be
correct, well formed but also complete. The better the HOWTO, the lesser
questions are asked after reading it. If you ask the community how to
perform a certain action and the action is described in such a HOWTO,
you'll be redirected to that HOWTO (sometimes with a more crude
reference to the RTFM<indexterm>
<primary>RTFM</primary>
</indexterm> term, or ``Read The Fucking Manual'' - although the third
term is also often read as ``Fine'').</para>
<para>Other types of documentation are FAQs (<emphasis>Frequently Asked
Questions</emphasis>) which are generally very small HOWTOs or answers
to conceptual questions rather than technical ones. When you're new to a
certain tool it is very interesting to read through the FAQs before you
ask your question. Not only are chances high that you find your answer,
you might find out more about the tool which can be very
interesting.</para>
<para>Some communities also offer a knowledge base. Such systems can be
seen as an aggregation of questions and answers, but unlike FAQs they
might not be frequently asked. Knowledge bases often offer support
solutions to specific setups.</para>
</section>
<section>
<title>Internet and Usenet Forums</title>
<para>Internet forums (webbased) or Usenet forums (newsgroups<indexterm>
<primary>newsgroup</primary>
</indexterm>) are a more interactive approach to obtain support.
Internet forums have the additional advantage that you can add specific
formatting in your questions: you can show command code, exceptions or
errors better than in plain text. You can even include screenshots.
These forums allow for any user to be helped quite fast: forums are read
by many and the interface is simple enough to quickly see the new
topics.</para>
<para>An additional advantage of internet forums is that, once a
question has been asked and answered, it is stored in the database of
the forum. Hence, the entire forum can be seen as a knowledge base with
a multitude of answers. Very popular topics are often made sticky,
meaning that the topic remains on top even when no further discussion
happens on it, increasing the chance that new users read the
topic.</para>
<para>Usenet forums (or newsgroups) are another popular approach to
support although it must be said that newsgroups are not used that often
for free software tools. Usually you'll find a newsgroup when the
project itself doesn't provide a forum (anyone can launch a new
newsgroup) although it does happen that internet forums and usenet
forums are linked: posts in one forum are merged with the other.</para>
</section>
<section>
<title>Mailinglists</title>
<para>A more direct approach are mailinglists<indexterm>
<primary>mailinglist</primary>
</indexterm>, e-mail addresses where several dozens (or even hundreds)
individuals listen to. A mailinglist is often perceived to be a bit
faster than forums because many developers frequent mailinglists but not
forums due to the ease of use: mailinglists result in plain e-mails
which can be easily filtered.</para>
<para>Most mailinglists are archived as well, allowing you to skim
through the older topics in the list. Whereas forums are usually pure
for user experience, mailinglists are used as the primary communication
channel for development purposes. Some projects also have internal
development mailinglists which aren't readable to the public. This isn't
because they want to hide development stuff from the users: such mailing
lists are used to communicate security issues, personal information
(including account information) but also to talk about topics that are
juridically difficult to defend if they are made public.</para>
</section>
<section>
<title>Chat</title>
<para>Chatting is almost the most direct form of communicating with each
other. Many free software projects use IRC<indexterm>
<primary>IRC</primary>
</indexterm> (Internet Relay Chat) as a central communication channel.
Users can be quickly helped through IRC while developers can talk and
discuss changes quickly.</para>
<para>Chat channels can be very popular. Gentoo's main chat channel
(#gentoo on the freenode network) has between 800 and 1000 participants
at any time.</para>
</section>
<section>
<title>Real-life Meetings</title>
<para>Once in a while, developer groups come together for real-life
support or to discuss the evolution of their software. In many cases,
real-life meetings offer a way for people to get hands-on, interactive
help. We have talked about LUG meetings (where real-life meetings are
often held) but also software communities have real-life meetings. Many
of these meetings offer a way for developers to meet each other (for the
first time), discuss topics and learn from each other.</para>
<para>In some cases, <emphasis>hackfest</emphasis>s<indexterm>
<primary>hackfest</primary>
</indexterm> are organized. During these meetings, developers
aggregate together with a single goal: to develop new features or remove
bugs from the software. Although this can well be done offline,
hackfests allow developers to communicate freely and help other
developers with their problems. Meeting in real life allows developers
to easily show the problem they have (some problems can be difficult or
too time consuming to write down).</para>
</section>
</section>
<section>
<title>Conferences</title>
<para>In the Free Software world, conferences are often organized. During
these conferences</para>
<itemizedlist>
<listitem>
<para>talks are given about certain software titles (design, features,
evolution, ...) or projects (infrastructure, offered services, used
technologies, ...)</para>
</listitem>
<listitem>
<para>booths are organized where projects can show themselves to the
wide(r) public. Distributions frequently use booths to hand out
installation CD/DVDs and show systems running the distribution.</para>
</listitem>
<listitem>
<para>companies offer information on how they use (or develop) free
software (and sometimes recruit developers)</para>
</listitem>
</itemizedlist>
<section>
<title>FOSDEM</title>
<para>FOSDEM<indexterm>
<primary>FOSDEM</primary>
</indexterm>, or the <emphasis>Free and Open Source Developers
European Meeting</emphasis>, takes place in Brussels, Belgium at the
beginning of each year (around mid-february). During this conference,
talks are given about coding and development of software, but you'll
also find booths about various software projects/distributions and
developer rooms (where a single project can offer talks about
project-specific topics).</para>
<para>FOSDEM is held during two days and has become a major conference
in the Free Software community, especially in Europe as many other
conferences are held in the USA.</para>
</section>
<section>
<title>FOSS.IN</title>
<para>FOSS.IN<indexterm>
<primary>FOSS.IN</primary>
</indexterm>, or the <emphasis>Free and Open Source Software
conference in India</emphasis>, is one of Asia's largest FOSS
conferences. It occurs at the end of every year in Balgalore, India,
featuring talks, discussions, workshops, meetings and more from
international speakers, users and developers.</para>
</section>
<section>
<title>LinuxTag</title>
<para>LinuxTag<indexterm>
<primary>LinuxTag</primary>
</indexterm> is a free software exposition with primary focus on the
Linux-based operating systems and solutions. Unlike FOSDEM, LinuxTag
focuses more on the integration of Linux (and free software) in larger
environments, offering booths to both commercial companies and
non-commercial organisations.</para>
<para>It's slogan is "Where .COM meets .ORG". You can visit LinuxTag
around spring every year. </para>
</section>
</section>
<section>
<title>Exercises</title>
<orderedlist>
<listitem>
<para>Try to find the online discussion methods (webforum,
mailinglists, IRC) offered by the Gentoo Linux distribution.</para>
</listitem>
</orderedlist>
</section>
<section>
<title>Resources</title>
<para>A few more free software conferences:</para>
<itemizedlist>
<listitem>
<para>The <ulink url="http://www.linuxsymposium.org">Ottawa Linux
Symposium</ulink> is held every year in Ottawa, Canada during summer
break.</para>
</listitem>
<listitem>
<para><ulink url="http://www.linux-kongress.org">Linux
Kongress</ulink> has almost always been held in Germany although a
single instance was in Cambridge, England.</para>
</listitem>
<listitem>
<para><ulink url="http://linux.conf.au/">Linux.conf.au</ulink> is
hosted in Australia in the beginning of every year</para>
</listitem>
<listitem>
<para><ulink url="http://www.ohiolinux.org/">Ohio Linux Fest</ulink>
is held in Ohio every fall.</para>
</listitem>
<listitem>
<para><ulink url="http://www.linuxfestnorthwest.org/">Linux Fest
Northwest</ulink> is held in Washington every spring.</para>
</listitem>
<listitem>
<para><ulink url="http://scale7x.socallinuxexpo.org/">SCaLE (Southern
California Linux Expo)</ulink> is held late winter.</para>
</listitem>
<listitem>
<para><ulink url="http://onlinux.ca/">Ontario Linux
Fest</ulink></para>
</listitem>
<listitem>
<para><ulink url="http://www.linuxworldexpo.com/">LinuxWorld
Conference and Expo</ulink></para>
</listitem>
<listitem>
<para><ulink url="http://freed.in/">Freed.IN</ulink></para>
</listitem>
</itemizedlist>
</section>
</chapter>

File diff suppressed because it is too large Load Diff

1551
src/linux_sea/05-linuxfs.xml Normal file

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,646 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>Working with Processes</title>
<section>
<title>Process Trees</title>
<section>
<title>Parent and Child Relationships</title>
<para>Each Linux (and Unix) process has a parent (except for the top
process) and can have one or more childs. The relationship is crafted
when a process is launched: the process that launched the new process
becomes the parent of that process. As a user, you might not know what
process you are currently working in. Every program is a process, being
it the shell you're typing the commands in or the graphical environment
you're working with.</para>
<para>For instance, a user who has a terminal open can have the
following process structure for this terminal:</para>
<programlisting>init
`- xterm
`- bash</programlisting>
<para>You can obtain a tree of running processes using the
<command>pstree</command> command:</para>
<programlisting>$ <command>pstree</command>
init-+-acpid
|-4*[agetty]
|-agiletrack---java---19*[{java}]
|-apache2---8*[apache2]
|-bonobo-activati---{bonobo-activati}
|-5*[dbus-daemon]
|-dhcpcd
|-gconfd-2
|-gnome-keyring-d
|-gnome-power-man
|-gnome-screensav
|-gnome-settings----{gnome-settings-}
|-4*[gnome-vfs-daemo]
|-gnome-volume-ma
|-gpg-agent
|-hald---hald-runner-+-hald-addon-acpi
| |-hald-addon-cpuf
| `-hald-addon-stor
|-java---15*[{java}]
|-login---bash---startx---xinit-+-X
| `-gnome-session-+-gnome-panel
| |-metacity
| |-nautilus
| `-{gnome-session}
[...]</programlisting>
<para>Now, not every process launched immediately becomes a child of the
process where it was launched from. Some processes might immediately
become child of the root process, most often called
<command>init</command><indexterm>
<primary>init</primary>
</indexterm>. The root process is the first process launched by the
kernel when it boots up. It is responsible for running the necessary
startup services and prepare the system for its duties.</para>
<para>Processes that become child of the root process usually do this
because they don't want to be terminated when their parent process exits
or dies: when this happens, the child processes become orphaned and the
init process will terminate these processes as well. So, becoming a
child of the init process will ensure that the process remains
available. In the above example you'll find a good example: the
<command>dhcpcd</command> command governs the IP address of the network
interface through the DHCP protocol. If the process didn't continuously
run, your IP address would be dismissed after a few minutes (or
hours).</para>
</section>
<section>
<title>Process Ownership</title>
<para>When a process is launched (usually through a command the user
entered) it, by default, obtains the user id and group id of its parent
process. When a user logs on to the system, the <command>login</command>
process launches a shell process with the user id and group id of the
user that logged on, so every command the user launches takes the user
id and group id of that user, since the parent process of every launched
command is either the beforementioned shell process or one of its child
processes.</para>
<para>Some processes however explicitly ask the Linux kernel to use a
different user id and group id. This is accomplished by setting the
<emphasis>setuid</emphasis> or <emphasis>setgid</emphasis> flags on the
process file itself. With <emphasis>setuid</emphasis><indexterm>
<primary>setuid</primary>
</indexterm> (set user id) and <emphasis>setgid</emphasis><indexterm>
<primary>setgid</primary>
</indexterm> (set group id) the owner of the process is the owner of
the file rather than the user that launched the process.</para>
<para>An example is the <command>passwd</command> command, used to
change the password of a user:</para>
<programlisting>$ <command>ls -l /bin/passwd</command>
-rws--x--x 1 root root 28956 Jul 15 2007 passwd</programlisting>
<para>As you can see, the command file itself is owned by root. It also
has the setuid bit set (see the s in <filename>-rws--x--x</filename>).
If a user runs the <command>passwd</command> command, the command itself
has root privileges rather than the privileges for the user. For the
<command>passwd</command> command, this is necessary because it needs to
update the password files (<filename>/etc/passwd</filename> and
<filename>/etc/shadow</filename>) which are only writeable by the root
user (the <filename>/etc/shadow</filename> file is not even readable for
regular users).</para>
</section>
<section>
<title>Viewing Process Information</title>
<para>Various tools exist to obtain process information. The next few
chapters give a nice overview of these tools...</para>
<section>
<title>Process Lists</title>
<para>The main program to create a process list is the
<command>ps</command> command. If ran inside a shell, it shows the
processes that are running inside the session (meaning the processes
launched from the shell, including the shell itself):</para>
<programlisting>$ <command>ps</command>
PID TTY TIME CMD
24064 pts/3 00:00:00 bash
24116 pts/3 00:00:00 ps</programlisting>
<para>The columns shown are:</para>
<orderedlist>
<listitem>
<para>PID - process id of the process</para>
</listitem>
<listitem>
<para>TTY - controlling terminal (this is Unix inheritage where
users were logged on through terminals, pts is a
pseudoterminal)</para>
</listitem>
<listitem>
<para>TIME - the execution time the process took. In the above
example, both commands hardly took any CPU time on the system
(bash is the shell, which is most of the time waiting for input so
not consuming any CPU time, the other one is ps which gave its
results in less than a second)</para>
</listitem>
<listitem>
<para>CMD - the process name itself (the command)</para>
</listitem>
</orderedlist>
<para>Of course, several arguments to ps exist which change its
behavior. For instance, with <command>ps -e</command> you see the same
information, but for all processes runnin on the system. With
<command>ps -f</command> a few more columns are added, including the
parent process id and the time the process started.</para>
<para>You can also limit the processes to see based on the user
(<command>ps -u username</command>), command name (<command>ps -C
command</command>), really running processes (taking cpu time at the
moment: <command>ps -r</command>) and more. For more information, see
the ps manual page.</para>
<para>Another command that is often used to obtain process list
information is the <command>top</command> program. The top command is
an interactive command that shows you a process list, sorted by one or
more values (default is CPU usage) and refreshes this list every 5
seconds (this is of course configurable):</para>
<programlisting>top - 10:19:47 up 6 days, 6:41, 5 users, load average: 1.00, 1.27, 0.92
Tasks: 120 total, 1 running, 119 sleeping, 0 stopped, 0 zombie
Cpu(s): 3.2%us, 0.7%sy, 0.0%ni, 95.6%id, 0.3%wa, 0.1%hi, 0.0%si, 0.0%st
Mem: 1545408k total, 1490968k used, 54440k free, 177060k buffers
Swap: 2008084k total, 132k used, 2007952k free, 776060k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4458 haldaemo 16 0 5488 3772 2388 S 2.0 0.2 4:23.69 hald
27255 swift 15 0 2272 1064 768 R 2.0 0.1 0:00.01 top
1 root 15 0 1612 544 468 S 0.0 0.0 0:00.48 init
2 root 12 -5 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 39 19 0 0 0 S 0.0 0.0 0:00.45 ksoftirqd/0
4 root 10 -5 0 0 0 S 0.0 0.0 0:01.95 events/0
5 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khelper
60 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 kblockd/0
61 root 11 -5 0 0 0 S 0.0 0.0 0:25.77 kacpid
62 root 11 -5 0 0 0 S 0.0 0.0 0:09.60 kacpi_notify
171 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ata/0
172 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ata_aux
173 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 ksuspend_usbd
176 root 10 -5 0 0 0 S 0.0 0.0 0:00.00 khubd
178 root 10 -5 0 0 0 S 0.0 0.0 0:00.01 kseriod
196 root 10 -5 0 0 0 S 0.0 0.0 0:01.13 kswapd0
197 root 20 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0</programlisting>
<para>There is plenty of information in the top screen...</para>
<programlisting>top - 10:19:47 up 6 days, 6:41, 5 users, load average: 1.00, 1.27, 0.92</programlisting>
<para>The first line shows you the uptime of the system (this system
is running for 6 days, 6 hours and 41 minutes), the number of logged
on users (beware, this is not the number of different users - if a
user launches 3 xterms inside a graphical session he will be shown as
four logged on users) and the load average.</para>
<para>The load average is something many people misinterprete. The
load average shows the number of processes that were running or asking
for CPU time during the given interval. In the above example, this
means that:</para>
<itemizedlist>
<listitem>
<para>in the last minute, an average of 1 process was asking for
or using CPU time</para>
</listitem>
<listitem>
<para>in the last 5 minutes, an average of 1.27 processes were
asking for or using CPU time</para>
</listitem>
<listitem>
<para>in the last 15 minutes, an average of 0.92 processes were
asking for or using CPU time</para>
</listitem>
</itemizedlist>
<para>For a single CPU system, you most likely don't want a number
higher than 1 in the long run (for instance, the 15-minute span). The
more CPUs, the higher the load average can become.</para>
<programlisting>Tasks: 120 total, 1 running, 119 sleeping, 0 stopped, 0 zombie</programlisting>
<para>The number of processes running on this system (120) of which
119 are sleeping (not performing any duties), 1 running (the top
command itself), 0 stopped (a process in the stopped state can still
be revived but is, at this moment, not accepting input or performing
any tasks) and 0 zombie.</para>
<para>A zombie process is not really a real process: the process
itself has already finished, but its parent process doesn't know this
yet, so the kernel is keeping some process information until the
parent process asks for the child process state.</para>
<programlisting>Cpu(s): 3.2%us, 0.7%sy, 0.0%ni, 95.6%id, 0.3%wa, 0.1%hi, 0.0%si, 0.0%st</programlisting>
<para>CPU state information, showing the CPU usage percentages: user
processes (us), system/kernel CPU usage (sy), niced processes (ni),
idle CPU (id), waiting for I/O (wa), hardware interrupts (hi),
software interrupts (si) and virtual cpu stealing (st).</para>
<para>Most of the states are self-explanatory. The niced processes is
for processes the user reniced and is a subset of the user processes
percentage. The virtual CPU stealing is the percentage of time a
virtual CPU waits for a real CPU and is not interesting for regular
Linux/Unix users (as they don't work with virtualization).</para>
<programlisting>Mem: 1545408k total, 1490968k used, 54440k free, 177060k buffers
Swap: 2008084k total, 132k used, 2007952k free, 776060k cached</programlisting>
<para>Memory usage: of the 1.5 Gbyte of memory available, 1.45Gbyte is
in use and 54Mbyte is free. Of the used memory, 177 Mbyte is used by
the kernel for internal buffers. Also, 776 Mbyte of the used memory
actually consists out of cached data which can potentially be cleared
if a process would require more memory than currently
available.</para>
<para>The swap space itself is hardly used: of the 2Gbyte of swap
space defined, only 132 kbyte is in use.</para>
<programlisting> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4458 haldaemo 16 0 5488 3772 2388 S 2.0 0.2 4:23.69 hald
...</programlisting>
<para>The rest of the screen gives the process listing itself. The
columns shown are:</para>
<orderedlist>
<listitem>
<para>Process ID (PID) of the process</para>
</listitem>
<listitem>
<para>Username (USER) showing the owner of the process</para>
</listitem>
<listitem>
<para>Priority value (PR) of the process (the higher the value,
the higher the priority). Priorities are exclusively determined by
the Linux kernel.</para>
</listitem>
<listitem>
<para>Nice value (NI) of the process (is a user sets a nice value,
or renices a tool, it tells the Linux kernel how "nice" the
program is - the higher the nice value, the nicer it is so
(generally) the lower the priority should be).</para>
</listitem>
<listitem>
<para>The virtual memory (VIRT) the process is occupying. This
includes the memory it is actually using, mapped memory from
devices, files mapped into memory and shared memory.</para>
</listitem>
<listitem>
<para>The resident (really used) memory (RES) the process is
using.</para>
</listitem>
<listitem>
<para>The amount of possibly shared memory (SHR). It is "possibly"
because the memory is shareable, but not automatically used by
others already.</para>
</listitem>
<listitem>
<para>Process state (S), which can be any of S (sleeping), R
(running), D (uninterruptible sleep), T (traced or stopped) or Z
(zombie).</para>
</listitem>
<listitem>
<para>CPU usage (%CPU)</para>
</listitem>
<listitem>
<para>Memory usage (%MEM - based on RES)</para>
</listitem>
<listitem>
<para>Runtime (TIME+)</para>
</listitem>
<listitem>
<para>Command (COMMAND)</para>
</listitem>
</orderedlist>
</section>
<section>
<title>Process Information</title>
<para>You can also be interested in more detailed process information
such as the files (or connections) the process has currently
open.</para>
<para>With <command>lsof</command><indexterm>
<primary>lsof</primary>
</indexterm> you can view this information. Just give the process id
with it (lsof -p PID) and you get all this information. However, lsof
can do much more. For instance, with lsof you can see what process is
listening on a particular port:</para>
<programlisting># <command>lsof -i :443</command>
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
apache2 4346 root 3u IPv4 11484 TCP *:https (LISTEN)</programlisting>
<para>Another tool that can do the same is
<command>fuser</command><indexterm>
<primary>fuser</primary>
</indexterm>:</para>
<programlisting># <command>fuser -v 443/tcp</command>
USER PID ACCESS COMMAND
443/tcp: root 4346 F.... apache2</programlisting>
<para>The same can be accomplished with files. For instance, to see
what processes are using a particular file with fuser, just give the
filename (<command>fuser -v /path/to/file</command>).</para>
</section>
</section>
<section>
<title>Backgrounding Processes</title>
<para>Processes can be started in the background, either because the
process immediately detaches it from the running session (daemons) or
because the user asks to run it in the background.</para>
<para>Daemons<indexterm>
<primary>daemon</primary>
</indexterm> are processes that do not stay in the running session.
The moment you launch a daemon process, you immediately get your prompt
back as if the process has finished. However, this isn't true: the
process is still running, but it is running in the background. Most
daemons do not have the possibility to reattach to the session. Wether
or not a process is a daemon depends on the process itself as this is a
pure programmatical decision.</para>
<para>Backgrounded processes however are processes that stay in the
running session, but do not "lock" the input devices (keyboard). As a
result, the user gets the prompt back and can continue launching other
processes or do other tasks. To background a process, a user can add a
"&amp;" sign at the end of the command line. For instance, to put the
command "eix-update" in the background:</para>
<programlisting># <command>eix-update &amp;</command></programlisting>
<para>You can see what processes are running in your session in the
background using the <command>jobs</command><indexterm>
<primary>jobs</primary>
</indexterm> command:</para>
<programlisting># <command>jobs</command>
[1]- Running eix-update &amp;</programlisting>
<para>You can put a job back into the foreground using the
<command>fg</command><indexterm>
<primary>fg</primary>
</indexterm> command. If you just enter fg, it'll put the last job put
in the background back. If you want to select a different job, use the
number that jobs returned. For instance, to return the 3rd job back to
the foreground:</para>
<programlisting># <command>fg %3</command></programlisting>
<para>If you want to put a process that you are running in the
background, use Ctrl-Z to put the process in the background. Ctrl-Z also
pauzes the process, so if you want to continue the process in the
background, enter "<command>bg</command>" afterwards as well:</para>
<programlisting># <command>eix-update</command>
(...)
(Press <command>Ctrl-Z</command>)
[1]+ Stopped eix-update
# <command>bg</command>
[1]+ eix-update &amp;</programlisting>
<para>There are a few things you must keep in mind when using
jobs:</para>
<itemizedlist>
<listitem>
<para>A (non-daemon) process is attached to a running session. The
moment you terminate your session, all jobs that were running in
that session (both foreground and background processes) are
terminated as well.</para>
</listitem>
<listitem>
<para>Although processes can be ran in the background, their output
is still forwarded to your terminal. If you do not want this, you
can redirect the output of a command using the &gt; redirect. For
instance, to redirect the standard output (default - 1) of
update-eix to a logfile and do the same for the error output
(2):</para>
<programlisting># <command>eix-update &gt; /var/tmp/update-eix.log 2&gt;&amp;1 &amp;</command></programlisting>
<para>Another popular redirect is to ignore output
completely:</para>
<programlisting># <command>eix-update &gt; /dev/null 2&gt;&amp;1 &amp;</command></programlisting>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Process Behavior</title>
<para>Programs are most often launched when a user selects a tool or
executes a command. They can also be invoked automatically by a running
program or by the Linux kernel (although the init tool is probably the
only one ever invoked by the kernel autonomously).</para>
<para>The next few sections give pointers on process behavior and how you
can modify it (if appropriate).</para>
<section>
<title>Command Return Codes</title>
<para>The simplest example of launching a program is a simple command
you enter in the command line. Once the program has finished, it leaves
behind its <emphasis>return code</emphasis><indexterm>
<primary>return code</primary>
</indexterm> (or <emphasis>exit code</emphasis><indexterm>
<primary>exit code</primary>
</indexterm>) informing you how well it did its job.</para>
<para>A returncode is always an integer in the range of 0 to 255. Some
programs might attempt to return a code larger than 255 (or even
negative). Although not technically restricted, this is not a good idea
as some applications only expect a returncode between 0 to 255 and might
even "wrap" return codes to this range. If a program would ever have a
return code of 512 for instance, it might be mapped into 0.</para>
<para>Every program that has succesfully finished its job will (or
should) return code 0. A non-zero return code means that the application
has failed to finish its tasks (completely).</para>
<para>Inside any POSIX-compliant shell (POSIX has a standard for Unix
environments, including how a shell should function) such as
<command>ksh</command> or <command>bash</command> you can obtain the
return code of the last command using <filename>$?</filename>:</para>
<programlisting>$ <command>ls -l</command>
...
$ <command>echo $?</command>
0
$ <command>ls -z</command>
ls: invalid option -- z
Try `ls --help' for more information
$ <command>echo $?</command>
2</programlisting>
<para>These return codes are important as they are the means to
investigate if all commands went succesfully or not, allowing you to
write quite intelligent shell scripts which trigger several commands and
include logic to handle command failures.</para>
</section>
<section>
<title>Priority and Niceness</title>
<para>On Linux, you can't set the priority of a process yourself: the
Linux kernel does that for you, based on information about the process
itself, including but not limited to if the process is I/O-bound (as
such programs are most of the time user-interactive), its previous CPU
consumation, possible locks it is holding and more.</para>
<para>You can, however, inform the kernel on what you think the process'
priority ought to be. For this, you can set a
<emphasis>nice</emphasis><indexterm>
<primary>nice value</primary>
</indexterm> value for the application. The value, in the range of -20
to 10, informs the Linux kernel about how nice the program should be
towards the rest of the system. Negative numbers (-1 to -20) are not
that nice; the Linux kernel will thus assign those a larger time slice
and you'll notice that such programs usually get a higher priority.
However, only the root user can assign a negative nice number to a
program. Positive numbers (1 to 19) make a process more nice to the
system; they will receive a lower time slice and usually a lower
priority.</para>
<para>Thanks to this system you can launch long-lasting, non-interactive
commands in the background without worrying about the inpact to your
interactive user experience. The <command>nice</command><indexterm>
<primary>nice</primary>
<secondary>tool</secondary>
</indexterm> tool allows you to start up a command with a particular
nice value.</para>
<para>For instance, to start a Gentoo system upgrade with the highest
possible nice value (as this is something you usually want to perform in
the background):</para>
<programlisting># <command>nice -n 19 emerge -uDN world</command></programlisting>
<para>If a process is already running, you can change its nice value
with the renice tool (for instance, to increase the nice value of the
process with process id 219 with 5):</para>
<programlisting># <command>renice +5 219</command></programlisting>
</section>
<section>
<title>Sending Signals (and Killing Processes)</title>
<para>Some processes allow you to send certain signals to them. A signal
is a simple integer between 0 and 64; each of them is also given a
particular name. The <command>kill</command><indexterm>
<primary>kill</primary>
</indexterm> tool can be used to send signals to processes, but also
to obtain a list of available signals:</para>
<programlisting>$ <command>kill -l</command>
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL
5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE
9) SIGKILL 10) SIGUSR1 11) SIGSEGV 12) SIGUSR2
13) SIGPIPE 14) SIGALRM 15) SIGTERM 16) SIGSTKFLT
17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU
25) SIGXFSZ 26) SIGVTALRM 27) SIGPROF 28) SIGWINCH
29) SIGIO 30) SIGPWR 31) SIGSYS 34) SIGRTMIN
35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3 38) SIGRTMIN+4
39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12
47) SIGRTMIN+13 48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14
51) SIGRTMAX-13 52) SIGRTMAX-12 53) SIGRTMAX-11 54) SIGRTMAX-10
55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 58) SIGRTMAX-6
59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX</programlisting>
<para>Its name might already inform you about its usual task: killing
processes. By default, if you want to terminate a process but you can't
commicate with the process directly (like hitting "Quit" or "Exit"), you
should send a signal 15 (SIGTERM<indexterm>
<primary>SIGTERM</primary>
</indexterm>) to the program. This is also what
<command>kill</command> does by default.</para>
<para>However, if the process doesn't listen to this signal or has gone
haywire, you can use the SIGKILL signal. The SIGKILL<indexterm>
<primary>SIGKILL</primary>
</indexterm> signal doesn't actually reach the application (ever) but
immediately terminates the process. Its number is 9:</para>
<programlisting>$ <command>kill -9 219</command></programlisting>
</section>
</section>
<section>
<title>Exercises</title>
<orderedlist>
<listitem>
<para>How do you obtain the process ID of a running process?</para>
</listitem>
<listitem>
<para>How can you run a process in background and still be able to
terminate the session without terminating the process (without the
process being a daemon)?</para>
</listitem>
<listitem>
<para>What is a &lt;defunct&gt; process?</para>
</listitem>
</orderedlist>
</section>
<section>
<title>Further Resources</title>
<itemizedlist>
<listitem>
<para><ulink
url="http://www.gnu.org/software/bash/manual/bashref.html#Redirections">Bash
redirection</ulink></para>
</listitem>
</itemizedlist>
</section>
</chapter>

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,422 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>Hardware Support</title>
<section>
<title>Introduction</title>
<para>Some hardware is automatically enabled once you have configured it
inside the Linux kernel: access to PCI chipsets, graphical card, disks,
USB storage, etc. Yet, most hardware requires additional work. After all,
the Linux kernel provides you with a programmatical interface to access
the devices, but you still need the necessary tooling to get the device to
function properly. Good examples are network cards and printers, but also
sound cards.</para>
</section>
<section>
<title>ALSA - Advanced Linux Sound Architecture</title>
<para>ALSA<indexterm>
<primary>ALSA</primary>
</indexterm> is an open source project that provides audio functionality
to the Linux kernel. It supports professional audio hardware (next to the
consumer audio hardware, including sound cards) and provides a powerful,
standard interface which allows, for instance, multiple software access to
a single audio device. For programmers, ALSA's API is well documented and
you'll quickly find that the ALSA library provides thread-safe access to
the device(s).</para>
<para>The project also provides tools to manage the audio devices such as
a simple mixer program (<command>alsamixer</command>), modular sound
drivers which allow users to fine-tune the drivers' configuration aspects
and of course support for the older OSS/Free implementation (Linux'
previous open sound system).</para>
<section>
<title>Installing ALSA</title>
<para>Installing ALSA consists of two distinct steps:</para>
<orderedlist>
<listitem>
<para>Configure the Linux kernel with ALSA support and with support
for your sound card(s)</para>
</listitem>
<listitem>
<para>Install the ALSA utilities</para>
</listitem>
</orderedlist>
<para>If you configure your kernel, you can either opt to install the
sound card drivers in your kernel or as a kernel module. ALSA's
configuration utility (<command>alsaconf</command>) assumes that you use
kernel modules for your sound cards. However, this is not a requirement
- you can still configure ALSA sound card drivers if they are built
inside the kernel. The interface to do so however is a bit more
complex.</para>
<para>To install the ALSA utilities, it is sufficient to emerge
alsa-utils:</para>
<programlisting># <command>emerge alsa-utils</command></programlisting>
</section>
<section>
<title>Basic ALSA Configuration</title>
<para>The basic ALSA configuration starts with detecting your sound card
and enabling the channels on it (sound channels) as ALSA will, by
default, mute the channels (this is for precautionary reasons - you
don't want to blow your speakers the first time you launch your computer
do you?).</para>
<para>The first part (detecting the sound card) can be done using
<command>alsaconf</command>. The <command>alsaconf</command><indexterm>
<primary>alsaconf</primary>
</indexterm> tool will attempt to detect your sound card(s), load the
necessary modules and configure those with sane settings. It will save
whatever it found to a general file which is read by your favorite
distribution (which is undoubtedly Gentoo ;-) at start up so you don't
have to rerun <command>alsaconf</command> after every boot.</para>
<programlisting># <command>alsaconf</command></programlisting>
<para>With your sound card(s) detected, launch
<command>alsamixer</command> to view the available channels. The
<command>alsamixer</command><indexterm>
<primary>alsamixer</primary>
</indexterm> tool will show you all channels associated with your
sound card. You will find that, by default, all channels are muted.
Unmute them, but bring the volume of the channels to a safe setting.
Don't worry, you can increase them whenever you want later.</para>
<programlisting># <command>alsamixer</command></programlisting>
<para>Inside alsamixer, you can</para>
<itemizedlist>
<listitem>
<para>move from one channel to the other with the arrow keys
(left/right)</para>
</listitem>
<listitem>
<para>increase/decrease the volume of each channel with the arrow
keys (up/down)</para>
</listitem>
<listitem>
<para>mute/unmute the channel using the 'M' key</para>
</listitem>
<listitem>
<para>exit the application using the Escape key (or Alt+Q)</para>
</listitem>
</itemizedlist>
<para>If your sound card has particular features you can't seem to find
inside the mixer application, you will need to turn to the
<command>alsactl</command> command. The
<command>alsactl</command><indexterm>
<primary>alsactl</primary>
</indexterm> utility supports multiple devices and allows you to tweak
every supported feature of your sound card. Its interface is quite
simple: use alsactl to dump the sound card information to a file, then
edit the file to your likings. Once finished, use alsactl to read the
(modified) file back.</para>
<programlisting># <command>alsactl -f /path/to/asound.state store</command>
(Now edit /path/to/asound.state)
# <command>alsactl -f /path/to/asound.state restore</command></programlisting>
<para>If you have changed the file to such an extend that you can't get
the sound to work again, you can re-initialize the settings using
<command>alsactl init</command>.</para>
<para>Finally, if you have multiple devices, use a sequence number to
identify them. You can find your list of numbers in
/proc/asound/cards:</para>
<programlisting>$ <command>cat /proc/asound/cards</command>
0 [ICH6 ]: ICH4 - Intel ICH6
Intel ICH6 with Cx20468-31 at irq 17</programlisting>
<para>The number (I only have one card, so mine is 0) can then be passed
on to the various alsa utilities, like so:</para>
<programlisting>$ <command>alsamixer -c 0</command></programlisting>
</section>
<section>
<title>Keeping your Changes</title>
<para>When you booted your system, you unmuted the channels and set the
mixer channels according to your likings. However, if you do nothing
more now, you'll have to redo all this again after every boot. To solve
this, you need to store the current settings in a state file (yes, using
alsactl) and automatically read those in at boot time.</para>
<para>This is exactly what the alsasound init script does (as provided
by Gentoo's alsa-utils package). So, add alsasound to your boot
runlevel, save your current settings and then start the initialization
script:</para>
<programlisting># <command>rc-update add alsasound boot</command>
# <command>alsactl -f /var/lib/alsa/asound.state store</command>
# <command>/etc/init.d/alsasound start</command></programlisting>
</section>
<section>
<title>Using Sound Servers</title>
<para>I mentioned before that ALSA supports multiple software access to
a single device. With the above configuration, you're still not able to
do so. To provide such multiplexing capabilities, you can create a new
audio device (some sort of mixer) which aggregates information to/from
the device and sends/reads it from as many software processes as you
like.</para>
<para>This is one of the tasks that sound servers do: these programs
manage access to the sound card (interfaces) and allow multiple software
processes to use the sound facilities of your system. Some well known
sound servers are esd, aRTs (deprecated), JACK and PulseAudio.</para>
<itemizedlist>
<listitem>
<para>esd<indexterm>
<primary>esd</primary>
</indexterm> (Enlightenment Sound Daemon) is GNOME's sound
management daemon. esd, also known as ESounD, not only supports the
abovementioned mixing, but can also manage network-transparent
audio: audio played on one system can be heard on another. To this
end, any application supporting esd can stream its audio to any
system running esd on the network.</para>
</listitem>
<listitem>
<para>aRTs<indexterm>
<primary>aRTs</primary>
</indexterm> (Analog RealTime Synthesizer) is KDE's former sound
daemon. Although development has been abandoned, you will still find
references to aRTs here and there on the Internet. Its main power
was its real-time audio streaming capabilities.</para>
</listitem>
<listitem>
<para>JACK<indexterm>
<primary>JACK</primary>
</indexterm> (JACK Audio Connection Kit) is a real-time sound
server which supports various operating systems (including GNU/Linux
and Apple's OS X). It also supports network-transparent audio,
real-time mixing, etc.</para>
</listitem>
<listitem>
<para>PulseAudio<indexterm>
<primary>PulseAudio</primary>
</indexterm> (PulseAudio) is another sound daemon. It is meant to
be a replacement for esd but with a wider support field (including
Microsoft Windows and POSIX-compliant operating systems).</para>
</listitem>
</itemizedlist>
<para>If you'd like to use one of these sound servers (you do need to
pick one if you don't want to get confused), install one of the
following packages:</para>
<itemizedlist>
<listitem>
<para>esd can be installed from
<package>media-sound/esound</package>, although most people will
already have it installed if they are running GNOME (it is a
dependency of the GNOME installation)</para>
</listitem>
<listitem>
<para>JACK can be installed with
<package>media-sound/jack</package></para>
</listitem>
<listitem>
<para>PulseAudio can be installed from
<package>media-sound/pulseaudio</package>.</para>
</listitem>
</itemizedlist>
<para>Enable the corresponding USE flag (esd, jack or pulseaudio) and
update your system. Portage will automatically rebuild those packages
that are influenced by the USE flag change and incorporate support for
the selected sound daemon in those packages:</para>
<programlisting># <command>nano -w /etc/make.conf</command>
<emphasis>(Edit USE, add the appropriate USE flag)</emphasis>
# <command>emerge --update --deep --newuse world</command></programlisting>
<para>You can also ask euse which packages are affected by a USE flag
change:</para>
<programlisting># <command>euse -I pulseaudio</command></programlisting>
<para>If you want to know which packages all use a specific USE flag
(even uninstalled packages), use <command>euse -i</command>:</para>
<programlisting># <command>euse -i pulseaudio</command></programlisting>
</section>
</section>
<section>
<title>CUPS - former "Common Printing Unix System"</title>
<para>If you need to connect your Linux system to a printer, using the
CUPS<indexterm>
<primary>CUPS</primary>
</indexterm> tool is advised. With CUPS you can both connect to locally
attached printers (USB, LPT) as well as remote (through Windows sharing or
IPP). You can also use CUPS to build a print server yourself, although
this is definitely outside the scope of this book.</para>
<section>
<title>Installing CUPS</title>
<para>Before you start installing the software, you will first need to
make sure that your kernel configuration supports the printer:</para>
<itemizedlist>
<listitem>
<para>for locally attached printers using the (old) LPT interface,
look for "Parallel port support -&gt; PC-style hardware" and
"Parallel printer support -&gt; IEEE 1284 transfer modes")</para>
</listitem>
<listitem>
<para>for locally attached printers using the USB interface, look
for "USB Printer support" (as well as all other USB-required
settings such as one of the xHCI supports)</para>
</listitem>
<listitem>
<para>for remote printers using the Windows sharing
(SMB-CIFS<indexterm>
<primary>SMB-CIFS</primary>
</indexterm> protocol), look for "Network File Systems -&gt; SMB
file system support" and "CIFS support")</para>
</listitem>
<listitem>
<para>for remote printers using the IPP protocol, you generally do
not need to enable any additional settings in the kernel</para>
</listitem>
</itemizedlist>
<para>If you notice that you have not selected the right configuration
yet, you'll need to rebuild the kernel and reboot (see our chapter on
"<link linkend="configuringkernel">Configuring a Linux
Kernel</link>").</para>
<para>Next, install the <package>net-print/cups</package> package,
making sure you select the correct USE flags (this is discussed in a
different chapter).</para>
<programlisting>~# <command>emerge net-print/cups</command></programlisting>
<para>Don't worry if you do not have all USE flags correct from the
first run. As I will mention later, it is always possible to update USE
flags afterwards and then have Gentoo rebuild those packages affected by
that change.</para>
<para>If your printer is locally attached, you need to start the CUPS
service:</para>
<programlisting>~# <command>/etc/init.d/cups start</command></programlisting>
<para>Also, make sure it is started upon every (re)boot:</para>
<programlisting>~# <command>rc-update add cups default</command></programlisting>
</section>
<section>
<title>Configuring CUPS</title>
<para>CUPS offers a web interface to configure CUPS (and configure your
printer). You can reach it through <ulink
url="http://localhost:631">http://localhost:631</ulink>. In the
Administration page, enter your root login and password information and
you can get started with the configuration. <ulink
url="http://www.gentoo.org/doc/en/printing-howto.xml">The Gentoo
Printing HOWTO</ulink> offers a great walkthrough of the
configuration.</para>
<para>You probably hoped for a more elaborate discussion on printer
configuration. Perhaps in the far future I will discuss printer
configuration more, but for the time being I'm going to limit this and
refer to Gentoo's guide and the main <ulink
url="http://www.cups.org">CUPS</ulink> site.</para>
</section>
</section>
<section>
<title>Managing Device Files</title>
<para>Almost every device on your system is represented by a device file.
The <command>udev</command><indexterm>
<primary>udev</primary>
</indexterm> device manager discovers attached devices, creates device
files in <filename>/dev</filename> (yes, you can create them - take a look
at the <command>mknod</command><indexterm>
<primary>mknod</primary>
</indexterm> manpage) and often also creates symbolic links to those
device files so you can find the correct device file more easily.</para>
<para>The <command>udev</command> tool receives events from the Linux
kernel; the moment such an event is received, <command>udev</command>
matches the device attributes as offered by sysfs (you can browse through
<filename>/sys</filename> if you want to see what
<emphasis>sysfs</emphasis><indexterm>
<primary>sysfs</primary>
</indexterm> offers) against a set of rules. These rules you can view at
<filename>/lib/udev/rules.d</filename> (provided by the udev distribution)
and <filename>/etc/udev/rules.d</filename> (provided by third-party
packages and, of course, your own rules if you write them
yourself).</para>
<para>Gentoo offers a set of default rules which should be sufficient for
most users. For instance, they create links to the (removable) disks
inside <filename>/dev/disk/by-id</filename>, <filename>by-path</filename>
and <filename>by-uuid</filename>, which should allow you to have a device
link for fstab which will be the same regardless of when you plug it in
(in case of a hot pluggable device, of course). This is important, because
if you have, for instance, two USB storage devices, the order in which
they are plugged in defines the <filename>/dev/sd*</filename> device
naming. By using the links at <filename>/dev/disk/by-*</filename> you can
make sure that the correct device is targeted.</para>
</section>
<section>
<title>Further Resources</title>
<itemizedlist>
<listitem>
<para><ulink url="http://www.gentoo.org/doc/en/alsa-guide.xml">Gentoo
ALSA Guide</ulink>, an excellent resource on configuring ALSA within
Gentoo.</para>
</listitem>
<listitem>
<para><ulink
url="http://www.reactivated.net/writing_udev_rules.html">Writing udev
rules</ulink>, written by Daniel Drake</para>
</listitem>
<listitem>
<para><ulink
url="http://www.gentoo.org/doc/en/printing-howto.xml">Gentoo Printing
HOWTO</ulink>, another excellent resource by Gentoo, now on printer
configuration.</para>
</listitem>
</itemizedlist>
</section>
</chapter>

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,659 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>User Management</title>
<section>
<title>Introduction</title>
<para>Linux is a multi-user operating system. Even systems that will be
used by a single user are configured as a multi-user system. This has
various advantages:</para>
<itemizedlist>
<listitem>
<para>security-wise, your system is protected from malicious software
execution as the software is executed as an unprivileged user rather
than the system administrator</para>
</listitem>
<listitem>
<para>if at any time multiple users are going to work on the system,
you just need to add the user to the system (no need to upgrade to a
multi-user environment first)</para>
</listitem>
<listitem>
<para>you can easily back up all files belonging to a particular user
as all user files are located inside his home directory</para>
</listitem>
<listitem>
<para>if you messed up your personal configuration for a particular
software title, you can just remove the configuration files (or move
them aside) and start the software title up again to start with a
clean slate. No configuration changes made by a user are propagated
system-wide</para>
</listitem>
</itemizedlist>
<para>How you deal with this multi-user environment depends on your
needs...</para>
</section>
<section>
<title>Adding or Removing Users</title>
<para>If your system is used by various users, you will need to add or
remove their user accounts. Before starting with the command syntax, first
a few words on how this information is stored on the Linux system.</para>
<section>
<title>User Account Information</title>
<para>A user is identified by his user id, which is an ordinary integer
number. However, it is much easier to use a username instead of a
number. For this purpose, a Unix/Linux system maps a username to a user
id. By default, this information is stored within the
<filename>/etc/passwd</filename><indexterm>
<primary>passwd</primary>
<secondary>file</secondary>
</indexterm> file. However, you can also configure your system to
obtain this information from a central repository (like an LDAP
service), similar to how Windows can be configured to connect to an
Active Directory.</para>
<section>
<title id="passwdfile">The passwd file</title>
<para>The <filename>passwd</filename> file contains a line for every
user. Each line contains 7 fields, separated by colons:</para>
<orderedlist>
<listitem>
<para>Username</para>
</listitem>
<listitem>
<para>Password, or "x" if the password is stored elsewhere</para>
</listitem>
<listitem>
<para>User ID</para>
</listitem>
<listitem>
<para>Primary group ID</para>
</listitem>
<listitem>
<para>Comment or description</para>
</listitem>
<listitem>
<para>Home directory</para>
</listitem>
<listitem>
<para>Default shell</para>
</listitem>
</orderedlist>
<para>The <emphasis>password field</emphasis><indexterm>
<primary>password</primary>
<secondary>passwd file</secondary>
</indexterm> on modern systems contains an "x", telling the system
that the password is stored inside the
<filename>/etc/shadow</filename> file. Storing the passwords elsewhere
is needed to improve the security of the system: the
<filename>passwd</filename> file should be world readable because many
tools rely on it. Storing the password (even when it is encrypted or
hashed) in a publically readable file is asking for troubles - tools
exist that attempt to crack user account passwords given the encrypted
/ hashed password values.</para>
<para>For this reason, the hashed password is stored inside the
<filename>/etc/shadow</filename> file which is only readable by the
root user (system administrator). The tools that work with passwords
are small in number and highly audited to decrease the chance that
they contain any vulnerabilities. More about the shadow file
later...</para>
<para>As you will see in the next section, a user can be a member of
many groups. However, every user has a single, <emphasis>primary
group</emphasis><indexterm>
<primary>primary group</primary>
</indexterm>: this is the active group at the moment that the user
is logged on. The active group defines the group ownership of the
resources the user creates while logged on (remember, resources are
assigned three ownership groups: user, group and others).</para>
<para>The users' <emphasis>home directory</emphasis><indexterm>
<primary>home directory</primary>
</indexterm> is usually the directory where the user has full write
access to (even more, it is most often the <emphasis>only</emphasis>
directory where the user has write access to). If a user is logged on
through the command line (not graphically), it is also the directory
where the user starts to work from.</para>
<para>Finally, the default <emphasis>shell</emphasis> for this
particular user is defined. We've talked about what a shell is before.
Unix/Linux has several shells, each shell provides roughly the same
functionality, but is manipulated differently. Gentoo Linux by default
uses the bash<indexterm>
<primary>bash</primary>
</indexterm> shell (bourne again shell), a powerfull shell with lots
of additional functions such as command autocompletion, output
coloring and more. Smaller shells also exist, such as csh (c shell) or
ksh (korn shell).</para>
<para>More information about shells is available online.</para>
</section>
<section>
<title>The shadow file</title>
<para>The <filename>shadow</filename> file<indexterm>
<primary>shadow</primary>
<secondary>file</secondary>
</indexterm> contains all information regarding a users' password.
The most important field for many is the (hashed) password itself, but
other information is available as well. The shadow file, like the
passwd file, has a single line for every user; fields are separated by
colons.</para>
<orderedlist>
<listitem>
<para>Username</para>
</listitem>
<listitem>
<para>Hashed password value</para>
</listitem>
<listitem>
<para>Date of last password change (counted in days since Jan 1,
1970)</para>
</listitem>
<listitem>
<para>Number of days that need to pass before the password can be
changed by the user</para>
</listitem>
<listitem>
<para>Maximum number of days since the password change that the
password can be used; after this amount of days, the password will
need to be changed by the user</para>
</listitem>
<listitem>
<para>Number of days before expiry date (see field 5) that the
user will be warned about the pending password change
policy</para>
</listitem>
<listitem>
<para>If the password isn't changed after this many days after the
forced password change, the account is locked</para>
</listitem>
<listitem>
<para>Date when the account is (or will be) locked (counted in
days since Jan 1, 1970)</para>
</listitem>
<listitem>
<para>Reserved field (not used)</para>
</listitem>
</orderedlist>
<para>If the last three fields are left empty (which is the default
case), their enforcement isn't valid.</para>
<para>The password value is <emphasis>hashed</emphasis><indexterm>
<primary>hash function</primary>
</indexterm>, meaning that the password itself is not stored on the
disk (nor in any encrypted form). Instead, a mathematical formula is
used to create a unique number or string from a password. To verify if
a password given by a user matches, the given password is passed
through the same mathematical formula and the resulting number or
string is matched against the stored string. Such method makes it
harder for a user to find out the password even if he has access to
the shadow file because he can't deduce the password from the hash
value.</para>
</section>
<section>
<title>Other account storage: nsswitch.conf</title>
<para>Account information can be stored elsewhere - any repository
will do, as long as it provides at least the same information as the
passwd (and shadow) file. This is important because in enterprise
environments, you rather want to keep track of user accounts in a
central repository rather than in the files on several hundreds of
systems.</para>
<para>The <filename>/etc/nsswitch.conf</filename><indexterm>
<primary>nsswitch.conf</primary>
</indexterm> file defines where the system can find this
information. An excerpt from an nsswitch.conf file is given below. You
notice that it defines services on every line followed by the
repository (or repositories) that manages the information.</para>
<programlisting>passwd: compat
shadow: compat
group: compat
hosts: files dns</programlisting>
<para>In the example, the passwd, shadow and group services are
managed by the "compat" implementation. Compat is the default
implementation provided by glibc (GNU C Library) which offers access
to the various <filename>/etc/*</filename> files. The hosts service
(used to resolve hostnames to IP addresses and vice versa) is managed
by two implementations:</para>
<orderedlist>
<listitem>
<para>"files", which is the implementation that offers access to
the /etc/hosts file (a table containing IP address and
hostname(s))</para>
</listitem>
<listitem>
<para>"dns", which is the implementation that offers queries with
DNS servers</para>
</listitem>
</orderedlist>
</section>
</section>
<section>
<title>Group Information</title>
<para>Group membership is used to group different users who need access
to a shared resource: assign the resource to a particular group and add
the users to this group.</para>
<section>
<title>The /etc/group file</title>
<para>Similar with the /etc/passwd file, group information is stored
inside the /etc/group. Again, every line in this text file defines a
group; the fields within a group definition are separated by a
colon.</para>
<orderedlist>
<listitem>
<para>Group name</para>
</listitem>
<listitem>
<para>Group password, or "x" if the password is stored
elsewhere</para>
</listitem>
<listitem>
<para>Group ID</para>
</listitem>
<listitem>
<para>Group members (who don't have the group as a primary
group)</para>
</listitem>
</orderedlist>
<para>It might seem strange to have a password on a group. After all,
a user logs on using his username. However, there is a sane reason for
this: you can add users to a different group and password-protect this
group. If a user is logged on to the system (but doesn't use the
particular group as primary group) and leaves his terminal, malicious
users can't change to this particular group without knowing the
password even if they have access to the users' terminal (and
therefore logged on session).</para>
<para>Group passwords aren't used often though. The cases where group
passwords can be used (privileged groups) are usually implemented
differently (for instance using privilege escalation tools like
sudo).</para>
</section>
</section>
<section>
<title>Creating or Deleting Users</title>
<section>
<title>The useradd command</title>
<para>If you want to add a user to the system, you can use the
<command>useradd</command><indexterm>
<primary>useradd</primary>
</indexterm> command (you'll need to be root to perform this
action):</para>
<programlisting># <command>useradd -D thomas</command></programlisting>
<para>In the above example, a user account identified by "thomas" is
created using the system default settings (which, for a Gentoo Linux
system, means that the default shell is bash, the home directory is
/home/thomas, etc) after which his password is set.</para>
<para>You can pass on additional arguments to the useradd command to
alter the users' attributes (such as the user id, home directory,
primary group ...). I encourage you to read the useradd manual page
for more information.</para>
</section>
<section>
<title>The userdel command</title>
<para>If a user account needs to be removed from the system, you can
use the <command>userdel</command><indexterm>
<primary>userdel</primary>
</indexterm> command.</para>
<programlisting># <command>userdel -r thomas</command></programlisting>
<para>With the <command>-r</command> option,
<command>userdel</command> not only removes the user account from the
system but also cleans and removes the users' home directory. If you
omit this option, the users' home directory remains available on the
system, allowing you to keep his (private or not) files for future
use.</para>
</section>
<section>
<title>The usermod command</title>
<para>To manipulate an existing account, you can use the
<command>usermod</command><indexterm>
<primary>usermod</primary>
</indexterm> command. For instance, to modify the primary group of
the thomas account to the "localusers" group:</para>
<programlisting># <command>usermod -g localusers thomas</command></programlisting>
</section>
</section>
<section>
<title>Adding or Removing Users to/from Groups</title>
<para>Once a user account is created, you can't use
<command>useradd</command> to add the user to one or more groups.</para>
<section>
<title>Creating or Deleting Groups</title>
<para>First of all, if a group doesn't exist yet, you'll need to
create it: the <command>groupadd</command><indexterm>
<primary>groupadd</primary>
</indexterm> command does this for you. Similarly, to remove a group
from the system, you can use <command>groupdel</command><indexterm>
<primary>groupdel</primary>
</indexterm>.</para>
<warning>
<para>You will be able to remove groups even though there are still
users member of this group. The only check that groupdel performs is
to see if a group is a users' primary group (in which case the
operation fails).</para>
</warning>
<programlisting># <command>groupadd audio</command></programlisting>
</section>
<section>
<title>Manipulating Group Membership</title>
<para>Suppose you want to add or remove a user from a group, you can
use the <command>usermod</command> tool (as seen before) or the
<command>gpasswd</command> tool.</para>
<para>The <command>gpasswd</command><indexterm>
<primary>gpasswd</primary>
</indexterm> tool is the main tool used to manipulate the group
file. For instance, to add a user to a particular group (in the
example the "audio" group):</para>
<programlisting># <command>gpasswd -a audio thomas</command></programlisting>
<para>Most resources on a Unix system are protected by a particular
group: you need to be a member of a particular group in order to
access those resources. The following tables gives an overview of
interesting groups.</para>
<table>
<title>Incomplete (!) list of system groups</title>
<tgroup cols="2">
<thead>
<row>
<entry align="center">Group name</entry>
<entry align="center">Description / resources</entry>
</row>
</thead>
<tbody>
<row>
<entry>wheel</entry>
<entry>Be able to "<command>su -</command>" to switch to the
root user</entry>
</row>
<row>
<entry>audio</entry>
<entry>Be able to use the sound card on the system</entry>
</row>
<row>
<entry>video</entry>
<entry>Be able to use the graphical card for hardware
rendering purposes (not needed for plain 2D
operations)</entry>
</row>
<row>
<entry>cron</entry>
<entry>Be able to use the system scheduler (cron)</entry>
</row>
<row>
<entry>cdrom</entry>
<entry>Be able to mount a CD/DVD</entry>
</row>
</tbody>
</tgroup>
</table>
</section>
</section>
<section>
<title>Setting and Changing Passwords</title>
<para>The <command>passwd</command> command allows you to change or set
an accounts' password.</para>
<programlisting># <command>passwd thomas</command>
New UNIX password: <emphasis>(enter thomas' password)</emphasis>
Retype new UNIX password: <emphasis>(re-enter thomas' password)</emphasis>
passwd: password updated succesfully</programlisting>
<para>The root user is always able to alter a users' password. If a user
wants to change his own password, the passwd command will first ask the
user to enter his current password (to make sure it is the user and not
someone who took the users' session in the users' absence) before
prompting to enter the new password.</para>
<para>With the tool, you can also immediately expire the users' password
(<command>-e</command>), lock or unlock the account
(<command>-l</command> or <command>-u</command>) and more. In effect,
this tool allows you to manipulate the <filename>/etc/shadow</filename>
file.</para>
</section>
</section>
<section>
<title>Elevating User Privileges</title>
<para>On any system, a regular user has little to no rights to perform
administrative tasks. However, on a home workstation you'd probably want
to be able to shut down the system. You can log on as the root user on a
different (virtual) terminal, but you can also elevate your own
privileges...</para>
<section>
<title>Switching User</title>
<para>With the <command>su</command><indexterm>
<primary>su</primary>
</indexterm> command you can switch your user identity in the selected
session.</para>
<programlisting>$ <command>su -</command>
Password: <emphasis>(Enter the root password)</emphasis>
# </programlisting>
<para>In the above example, a regular user has switched his session to
become a root session. The "<command>-</command>" argument informs the
su command that not only the users' privileges should be switched, but
also that the root users' environment should be loaded. Without the
"<command>-</command>" option, the regular users' environment would be
used.</para>
<para>This environment defines the shell behavior; its most important
setting is the PATH variable which defines where the binaries are
located for the commands that this user might summon.</para>
<para>With su, you can also switch to a different user:</para>
<programlisting>$ <command>su thomas -</command>
Password: (Enter thomas' password)
$ </programlisting>
<para>If you just want to execute a single command as a different user,
you can use the "-c" argument:</para>
<programlisting>$ <command>su -c "shutdown -h now"</command></programlisting>
</section>
<section>
<title>Assigning Specific Privileged Commands</title>
<para>The su-based methods require the user to know the password of the
other accounts. On many systems, you might not want this. There are two
ways of dealing with such situations: marking a command so that it
always runs as a privileged user, or use a tool that elevates privileges
without requiring the password for the elevated privilege...</para>
<section>
<title>Marking Commands for Elevated Execution</title>
<para>Executable binaries (not shell scripts) can be marked so that
the Unix/Linux kernel executes that command as a specific user,
regardless of who started the command. This mark is the
<emphasis>setuid</emphasis><indexterm>
<primary>setuid</primary>
</indexterm> bit. Once set (using the chmod command), the tool is
always executed with the rights of the owner and not the rights of the
executor:</para>
<programlisting># <command>chmod +s /path/to/command</command></programlisting>
<warning>
<para>Using setuid tools is generally considered a security risk. It
is better to avoid setuid tools when possible and use tools such as
sudo, as explained later.</para>
</warning>
<para>For instance, if the shutdown command is marked setuid, then
every user is able to run the shutdown command as root (which is the
commands' owner) and thus be able to shut down or reboot the
system.</para>
</section>
<section>
<title>Using sudo</title>
<para>If you mark an executable using the setuid bit, every user can
execute the command as the application owner (root). You usually don't
want to allow this but rather assign the necessary rights on a
per-user, per-command basis. Enter sudo.</para>
<para>The <command>sudo</command><indexterm>
<primary>sudo</primary>
</indexterm> tool allows the system administrator to grant a set of
users (individually or through groups) the rights to execute one or
more commands as a different user (such as root), with or without
requiring their password (for the same reason as the passwd command
which asks the users' password before continuing).</para>
<para>Once available, the system administrator can run the
<command>visudo</command><indexterm>
<primary>visudo</primary>
</indexterm> command to edit the configuration file. In the next
example, the following definitions are set:</para>
<itemizedlist>
<listitem>
<para>All users in the wheel group are allowed to execute any
command as root</para>
</listitem>
<listitem>
<para>All users in the operator group are allowed to shutdown the
system</para>
</listitem>
<listitem>
<para>The test user is allowed to run a script called webctl.ksh
without a password</para>
</listitem>
<listitem>
<para>All users in the httpd group are allowed to edit the
/etc/apache2/conf/httpd.conf file through sudoedit</para>
</listitem>
</itemizedlist>
<programlisting>%wheel ALL=(ALL) ALL
%operator ALL=/sbin/shutdown
test ALL=NOPASSWD: /usr/local/bin/webctl.ksh
%httpd ALL=(ALL) sudoedit /etc/apache2/conf/httpd.conf</programlisting>
<para>If sudo is set up, users can execute commands by prepending
<command>sudo</command> to it. If allowed, some users can even obtain
a root shell through the <command>sudo -i</command> command.</para>
<programlisting><emphasis>(Execute a single command as root)</emphasis>
$ <command>sudo mount /media/usb</command>
Enter password: <emphasis>(unless configured with NOPASSWD)</emphasis>
<emphasis>(Obtain a root shell)</emphasis>
$ <command>sudo -i</command>
Enter password: <emphasis>(unless configured with NOPASSWD)</emphasis>
# </programlisting>
</section>
</section>
</section>
<section>
<title>Exercises</title>
<orderedlist>
<listitem>
<para>When invoking commands using sudo, sudo logs every attempt
(including username, working directory and command itself). Where is
this log?</para>
</listitem>
</orderedlist>
</section>
</chapter>

View File

@ -0,0 +1,823 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>Network Management</title>
<section>
<title>Introduction</title>
<para>An important aspect of system management is networking
configuration. Linux is a very powerful operating system with major
networking capabilities. Even more, many network appliances are in fact
Linux-based.</para>
<para>There are two configurations you'll most likely get in contact with:
wired network configuration (of which I'll discuss the Ethernet
connection) and wireless (IEEE 802.11* standards).</para>
</section>
<section>
<title>Supporting your Network Card</title>
<section>
<title>Native Driver Support</title>
<section>
<title>PCI Cards</title>
<para>First of all, check how many interfaces you would expect on your
system. Verify this with the PCI devices found by Linux. For instance,
to find out about a wired network controller ("Ethernet"
controller):</para>
<programlisting># <command>lspci | grep Ethernet</command>
06:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL-8169 Gigabit Ethernet (rev 10)</programlisting>
<para>In this case, one network card was found that offered Ethernet
capabilities. The card uses the Realtek 8169 chipset.</para>
</section>
<section>
<title>USB Network Cards</title>
<para>There are a few USB devices which offer networking capabilities
(most of them wireless) which have native Linux support. An example
are the USB devices with the Intel 4965agn chipset. If your Linux
kernel supports it, the moment you plug it in, a network interface
should be made available. For instance, for wireless devices you could
use <command>iwconfig</command>, for regular Ethernet cards
<command>ifconfig</command>:</para>
<programlisting># <command>iwconfig</command>
lo no wireless extensions.
dummy0 no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11g ESSID:"default" Nickname:"default"
Mode:Managed Frequency:2.412 GHz Access Point: 00:1D:6A:A2:CD:29
Bit Rate:54 Mb/s Tx-Power=20 dBm Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Power Management:off
Link Quality=89/100 Signal level=-37 dBm Noise level=-89 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:7</programlisting>
</section>
</section>
<section>
<title>Support through Windows Drivers</title>
<para>It is possible to support your (wireless or not) network card
using the Windows drivers. The tool you need to install for that is
called <command>ndiswrapper</command><indexterm>
<primary>ndiswrapper</primary>
</indexterm>. First, install ndiswrapper:</para>
<programlisting># <command>emerge ndiswrapper</command></programlisting>
<para>Next, either download the windows drivers for the network card or
mount the driver CD that was provided with the card. In the drivers, you
should find an .inf file. This file contains information regarding the
driver(s) for the card and is used by ndiswrapper to create a
wrapper.</para>
<para>Install the driver using <command>ndiswrapper -i</command> from
within the location where the driver is unpacked:</para>
<programlisting># <command>ndiswrapper -i net8191se.inf</command></programlisting>
<para>To verify if the driver installation succeeded, get an overview of
the installed drivers using <command>ndiswrapper -l</command>:</para>
<programlisting># <command>ndiswrapper -l</command>
net8191se: driver installed, hardware present</programlisting>
<para>As you can see, the driver got installed and detected compatible
hardware.</para>
<para>Now have ndiswrapper create the necessary modprobe information
(modprobe is used by the system to load kernel modules with the correct
information; ndiswrapper creates modprobe information that ensures that,
when the ndiswrapper kernel module is loaded, the installed wrapper
drivers are enabled as well) and make sure that the ndiswrapper kernel
module is started when you boot your system:</para>
<programlisting># <command>ndiswrapper -m</command>
# <command>nano -w /etc/modules.autoload.d/kernel-2.6</command>
(Add "ndiswrapper" on a new line)</programlisting>
<para>You can manually load the ndiswrapper kernel module as
well:</para>
<programlisting># <command>modprobe ndiswrapper</command></programlisting>
<para>You can now check if the network interface is available
(<command>iwconfig</command> or <command>ifconfig</command>).</para>
</section>
<section>
<title>Verify your Networking Abilities</title>
<para>To find out if Linux has recognized this interface, run the
<command>ip link</command><indexterm>
<primary>ip</primary>
<secondary>command</secondary>
</indexterm> command. It will show you the interfaces that it has
recognized on your system:</para>
<programlisting># <command>ip link</command>
1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: &lt;BROADCAST,MULTICAST&gt; mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:c0:9f:94:6b:f5 brd ff:ff:ff:ff:ff:ff
3: eth1: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:12:f0:57:99:37 brd ff:ff:ff:ff:ff:ff</programlisting>
<para>Now, to find out which interface maps to the Ethernet controller
shown before you'll need to check the Linux kernel output when it
detected the interfaces. You can either use
<command>dmesg</command><indexterm>
<primary>dmesg</primary>
</indexterm> (which displays the last few thousands of lines produced
by the Linux kernel) or <filename>/var/log/dmesg</filename> (depending
on your system logger) which is the logfile where all Linux kernel
output is stored for the duration of the systems' session (i.e. until
the next reboot).</para>
<programlisting># <command>grep -i eth0 /var/log/dmesg</command>
eth0: RTL8169sb/8110sb at 0xf8826000, 00:c0:9f:94:6b:f5, XID 10000000
IRQ 11</programlisting>
<para>In this case, the eth0 interface indeed maps to the Ethernet
controller found before.</para>
<para>If Linux does not recognize your device, you'll need to
reconfigure your Linux kernel to include support for your network
driver. The Linux kernel configuration has been discussed before as part
of the device management chapter.</para>
</section>
</section>
<section>
<title>Wired Network Configuration</title>
<para>Most systems have support for the popular Ethernet network
connection. I assume that you are already familiar with the term Ethernet
and the TCP/IP basics.</para>
<para>Before you configure Gentoo Linux to support your Ethernet
connection, you'll first need to make sure that your network card is
supported. Once available, you'll configure your interface to either use a
manually set IP address or automatically obtain an IP address.</para>
<section>
<title>Configuring the Wired Network</title>
<para>There are two methods you can use to configure your wired network:
a manual approach (which works on all Linux systems) or the Gentoo Linux
specific approach.</para>
<section>
<title>Manual Configuration</title>
<para>The quickest method for configuring your network is to tell
Linux what you want - a static IP address for your interface, or
automatically obtain the IP address information from a DHCP server
which is running on your network (most Internet sharing tools or
appliances include DHCP functionality).</para>
<para>To set the static IP address 192.168.0.100 to the eth0
interface, telling Linux that the gateway on the network is reachable
through 192.168.0.1 (the IP address that shares access to outside
networks):</para>
<programlisting># <command>ifconfig eth0 192.168.0.100 netmask 255.255.255.0
broadcast 192.168.0.255 up</command>
# <command>ip route add default via 192.168.0.1</command></programlisting>
<para>In the example, I used the <command>ifconfig</command><indexterm>
<primary>ifconfig</primary>
</indexterm> command to tell Linux to assign the IP address
192.168.0.100 to the eth0 interface, setting the netmask (part of the
IP address that denotes the network) to 255.255.255.0 and broadcast
(IP address which addresses all IP addresses in the local network) to
192.168.0.255. This is the same as assigning the IP address on a
192.168.0.1/24 network (for those who understand the CIDR
notation).</para>
<para>If you need static IP addresses but don't know the netmask (and
broadcast), please ask your network administrator - these are quite
basic settings necessary for an IP configuration.</para>
<para>You'll most likely also receive a set of IP addresses which
correspond to the DNS servers (name servers) for your network. You'll
need to set those IP addresses inside the
<filename>/etc/resolv.conf</filename><indexterm>
<primary>resolv.conf</primary>
</indexterm> file:</para>
<programlisting># <command>nano /etc/resolv.conf</command></programlisting>
<programlisting>search lan
nameserver 10.2.3.4
nameserver 10.2.3.5</programlisting>
<para>With this configuration file you tell Linux that a hostname can
be resolved through the DNS services at the corresponding IP addresses
(the name servers) if it does not know the IP address itself.</para>
<para>If you want to configure eth0 to automatically obtain its IP
address (and default gateway and even DNS servers), which is the most
popular method for local network configurations, you can use a DHCP
client such as <command>dhcpcd</command><indexterm>
<primary>dhcpcd</primary>
</indexterm>:</para>
<programlisting># <command>dhcpcd eth0</command></programlisting>
<para>That's all there is to it (unless the command fails of course
;-)</para>
</section>
<section>
<title>Gentoo Linux Network Configuration</title>
<para>If you want to have Gentoo Linux configure your network device,
you'll need to edit the /etc/conf.d/net file.</para>
<programlisting># <command>nano /etc/conf.d/net</command></programlisting>
<para>If you need to set the IP address yourself (static IP address),
you'll need to set the following (suppose the static IP address is
192.168.0.100, gateway 192.168.0.1 and netmask 255.255.255.0 and the
name servers are 10.2.3.4 and 10.2.3.5):</para>
<programlisting>config_eth0=( "192.168.0.100 netmask 255.255.255.0" )
dns_servers_eth0=( "10.2.3.4 10.2.3.5" )</programlisting>
<para>If you want to configure the interface to use DHCP
(automatically obtain IP address):</para>
<programlisting>config_eth0=( "dhcp" )</programlisting>
<para>For more examples on the Gentoo Linux network configuration
(with more advanced features), check out the
<filename>/etc/conf.d/net.example</filename> file.</para>
<para>To enable this support, you need to add the net.eth0 service to
the default runlevel and start the net.eth0 service.</para>
<programlisting># <command>rc-update add net.eth0 default</command>
# <command>/etc/init.d/net.eth0 start</command></programlisting>
<para>If a command tells you that net.eth0 doesn't exist, create it as
a symbolic link to the net.lo service script:</para>
<programlisting># <command>cd /etc/init.d; ln -s net.lo net.eth0</command></programlisting>
<para>More about services later.</para>
</section>
</section>
</section>
<section>
<title>Wireless Network Configuration</title>
<para>For wireless configurations, a few technologies on Linux exist. One
of them uses the native support for wireless cards, the other one is a
software component called wpa_supplicant which also supports wireless
cards through the device drivers provided for the Windows operating
system.</para>
<section>
<title>Supporting your Network Card</title>
<para>If you have configured your kernel with support for your wireless
network card, you should be able to find the interface in the iwconfig
output:</para>
<programlisting># <command>iwconfig</command>
lo no wireless extensions.
eth0 no wireless extensions.
eth1 IEEE 802.11g ESSID:"aaa"
Mode:Managed Frequency:2.417 GHz Access Point: 00:11:0A:2A:73:03
Bit Rate:54 Mb/s Tx-Power=20 dBm Sensitivity=8/0
Retry limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=84/100 Signal level=-49 dBm Noise level=-89 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:1 Invalid misc:2 Missed beacon:7</programlisting>
<para>In the above example, the eth0 interface (which is a regular
Ethernet interface) is detected but seen as not having a wireless
capability. The eth1 interface has wireless capabilities, and its
current wireless settings are displayed.</para>
</section>
<section>
<title>Using Wireless Extensions Support</title>
<section>
<title>Accessing a Wireless Network</title>
<para>To access an existing wireless network, you need a few settings.
Some of them can be obtained quickly, others might require information
from your network administrator.</para>
<para>To use the Linux wireless extensions, install the necessary
tools:</para>
<programlisting># <command>emerge -a wireless-tools</command></programlisting>
<para>Let's first start with the wireless network name, called the
ESSID<indexterm>
<primary>ESSID</primary>
</indexterm>. With <command>iwlist</command><indexterm>
<primary>iwlist</primary>
</indexterm> you can obtain a list of detected wireless networks and
their accompanying ESSIDs:</para>
<programlisting># <command>iwlist eth1 scan</command>
eth1 Scan completed :
Cell 01 - Address: 00:11:0A:2A:73:03
ESSID:"aaa"
Protocol:IEEE 802.11bg
Mode:Master
Frequency:2.417 GHz (Channel 2)
Encryption key:off
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 9 Mb/s; 11 Mb/s
6 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
48 Mb/s; 54 Mb/s
Quality=82/100 Signal level=-48 dBm
Extra: Last beacon: 37ms ago
Cell 02 - Address: 00:C0:49:B0:37:43
ESSID:"USR8022"
Protocol:IEEE 802.11b
Mode:Master
Frequency:2.462 GHz (Channel 11)
Encryption key:on
Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 22 Mb/s
Quality=41/100 Signal level=-76 dBm
Extra: Last beacon: 7665ms ago</programlisting>
<para>In this case, two wireless networks are found. The first one has
ESSID "aaa" and does not require any encryption (so you don't need to
know any password or passphraze to access this network) - notice the
"Encryption key:off" setting. The second one has ESSID USR8022 and
requires an encryption key. However, the second network's signal is
also less powerful (lower quality and signal level).</para>
<para>To configure your card to use a particular ESSID, you can use
the iwconfig command:</para>
<programlisting># <command>iwconfig eth1 essid aaa</command></programlisting>
<para>Suppose that you need to enter an encryption key as well, you
can add the key either in its hexadecimal form, or through the ASCII
representation.</para>
<programlisting># <command>iwconfig eth1 essid USR8022 key FF83-D9B3-58C4-200F-ADEA-DBEE-F3</command>
# <command>iwconfig eth1 essid USR8022 key s:MyPassPhraze</command></programlisting>
<para>Once you have attached your wireless interface to a particular
network, you can configure it as if it was a fixed Ethernet
interface.</para>
<para>Now, Gentoo Linux allows you to configure your wireless network
card through <filename>/etc/conf.d/net</filename> as well.</para>
<para>In the next example, the wireless configuration is set so that
the two networks (aaa and USR8022) are supported where aaa is the
preferred network.</para>
<programlisting>modules=( "iwconfig" )
key_aaa="key off"
key_USR8022="s:MyPassPhraze enc open"
preferred_aps=( "aaa" "USR8022" )</programlisting>
<para>Again, you'll need to add the net.eth1 service to the default
runlevel and then fire up the net.eth1 service:</para>
<programlisting># <command>rc-update add net.eth1 default</command>
# <command>/etc/init.d/net.eth1 start</command></programlisting>
</section>
</section>
<section>
<title>Using wpa_supplicant</title>
<para>The wpa_supplicant<indexterm>
<primary>wpa_supplicant</primary>
</indexterm> tool is a software component which controls the wireless
connection between your system and an access point. A major advantage of
<command>wpa_supplicant</command> over the previously described wireless
tools is its support for WPA/WPA2.</para>
<para>Before you can use wpa_supplicant, you first need to install
it:</para>
<programlisting># <command>emerge -a wpa_supplicant</command></programlisting>
<section>
<title>Accessing a Wireless Network</title>
<para>You need to configure your wpa_supplicant to support the
wireless network(s) you want to access. Suppose that your home network
is called "home" and is a secured (WPA) environment with key
"myHomeKey" and at your work there is a wireless network called
"CompanyGuests", secured (WPA) environment with key "myCompanyKey" and
a third network at your local computer club called "hobby", not
secured, then the following
<filename>wpa_supplicant.conf</filename><indexterm>
<primary>wpa_supplicant.conf</primary>
</indexterm> configuration could work:</para>
<programlisting>ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
ssid="home"
psk="myHomeKey"
}
network={
ssid="CompanyGuests"
psk="myCompanyKey"
}
network={
ssid="hobby"
key_mgmt=NONE
}</programlisting>
<para>The <command>wpa_supplicant</command> tool also supports WPA2.
For instance:</para>
<programlisting>network={
ssid="akkerdjie"
proto=WPA2
psk="highly private key"
}</programlisting>
<para>If you do not like to see your private key in plain text, use
<command>wpa_passphraze</command><indexterm>
<primary>wpa_passphraze</primary>
</indexterm> to encrypt your key:</para>
<programlisting>$ <command>wpa_passphraze akkerdjie "highly private key"</command>
network={
ssid="akkerdjie"
#psk="highly private key" <remark>&lt;-- Plain comment, can be removed!</remark>
psk=cbcb52ca4577c8c05b05e84bdd2ef72f313d3c83da18c9da388570ae3a2a0921
}</programlisting>
<para>You can copy/paste the resulting information in
<filename>wpa_supplicant.conf</filename> and remove the (commented)
plain-text key information.</para>
<para>If your wireless card is found by Linux (and its powered on),
then running the following command will activate the wpa_supplicant on
top of it (assume the wireless interface is called wlan0):</para>
<programlisting># <command>wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf</command></programlisting>
<para>One interesting option is the -D option: with this you select
the wireless driver to use. With -Dwext, we use the Linux wireless
extensions (which is quite generic). In certain cases you might need
to use a different driver - the Internet has many resources on how to
configure your specific wireless network card with Linux if the Linux
wireless extensions don't work.</para>
<para>Of course, once the configuration file is finished, you can use
Gentoo's networking scripts as well. First, edit
<filename>/etc/conf.d/net</filename> to use wpa_supplicant:</para>
<programlisting>modules=( "wpa_supplicant" )
wpa_supplicant_wlan0="-Dwext"</programlisting>
<para>To have the wireless support active when you boot up your
system, enable the net.wlan0 init script. If /etc/init.d/net.wlan0
doesn't exist yet, first create it:</para>
<programlisting># <command>cd /etc/init.d</command>
# <command>ln -s net.lo net.wlan0</command></programlisting>
<para>Next, add the net.wlan0 init script to the default
runlevel:</para>
<programlisting># <command>rc-update add net.wlan0 default</command></programlisting>
</section>
</section>
</section>
<section>
<title>User-friendly Network Configuration Tools</title>
<para>The above information should allow you to work with any possible
Linux installation. However, the commands might look a bit tricky and,
especially with the wireless configuration, might even require you to hop
between various commands or windows before you get the connection
working.</para>
<para>Luckily, there are other tools around which rely on the same tools
as mentioned before, but offer the user a saner interface from which they
can configure their network. Note that these do require that the network
card is already detected by Linux (so the kernel configuration part should
have succeeded).</para>
<section>
<title>Wicd</title>
<para>My personal favorite is Wicd, installable through
net-misc/wicd<indexterm>
<primary>wicd</primary>
</indexterm>. The tool exists out of two parts: a daemon and an
end-user configuration interface.</para>
<programlisting># <command>emerge wicd</command></programlisting>
<para>Once installed, add the wicd service to the boot or default
runlevel:</para>
<programlisting># <command>rc-update add wicd default</command></programlisting>
<para>Next, make sure Gentoo doesn't start its own network configuration
by editing <filename>/etc/conf.d/rc</filename>, setting the
following:</para>
<programlisting>RC_PLUG_SERVICES="!net.*"</programlisting>
<para>Now, start the wicd service (and shut down the services you are
currently using):</para>
<programlisting># <command>/etc/init.d/net.eth1 stop</command>
# <command>/etc/init.d/wicd start</command></programlisting>
<para>If you run inside a graphical environment that supports applets
(most desktop environments do), run
<command>wicd-client</command><indexterm>
<primary>wicd-client</primary>
</indexterm> (from a "Run Program..." prompt or so). From within a
command-line interface, you can use
<command>wicd-curses</command><indexterm>
<primary>wicd-curses</primary>
</indexterm>. This client will connect with the service and allow you
to configure your networks (both wired and wireless) more easily.</para>
<para>I refer you to the <ulink url="http://wicd.sourceforge.net">Wicd
homepage</ulink> for more information / documentation on the
tool.</para>
</section>
</section>
<section>
<title>Firewall Configuration</title>
<para>When your system is going to use the Internet often, using a
firewall is encouraged. People generally believe that their operating
system is secure out of the box if they don't click on "weird" links
inside e-mails or Internet sites. Sadly, this isn't true. Also, Linux
should never be seen as a secure operating system - security of a system
is completely defined by the competence of the system
administrator.</para>
<para>A firewall will not fully protect your system from malicious users
on the (Inter)net, but it will filter many - of course, depending on the
strength of the firewall.</para>
<para>There are many firewalls available for Linux; on Gentoo Linux alone
more than a dozen tools exist (just check out the content of the
net-firewall category). Most firewall tools use
<command>iptables</command><indexterm>
<primary>iptables</primary>
</indexterm> as underlying tool. The iptables tool is an administration
tool for manipulating IPv4 packets and is a very known and popular
tool.</para>
<para>Firewall tools will often generate iptables rules to create filters
(the actual firewall).</para>
<para>Because writing firewall rules is quite custom (it depends on what
services your system offers and what tools you often use) I suggest using
firewall tools first. Later, when you want to customize them further, you
can write your own iptables rules.</para>
</section>
<section>
<title>Sharing your Internet Connection</title>
<para>We have seen the iptables command previously, as part of the
firewall configuration. iptables however is not Linux' firewall tool: its
purpose is to create rules on how to deal with network packets on your
computer. As such, iptables can also be used to create a NAT gateway
through which clients can access the Internet.</para>
<para>In the following examples, we suppose that Internet is available at
the wlan0 interface while all clients access through the eth0 interface.
Also, we will be assigning IP addresses in the range of
192.168.20.200-192.168.20.250 to our clients...</para>
<section>
<title>Forwarding Requests</title>
<para>This is the simplest step: we ask iptables to enable
masquerading<indexterm>
<primary>masquerading</primary>
</indexterm> on the Internet interface. Masquerading keeps track of
connections packets going out on this interface with their original
source IP address; the packets on the connection are altered so it seems
as if the local system has created the connection rather than a
client:</para>
<programlisting>iptables -A POSTROUTING -t nat -o wlan0 -j MASQUERADE</programlisting>
<para>The only remaining tasks here is to enable forwarding packets from
the clients to the Internet and back:</para>
<programlisting># <command>iptables -A FORWARD -i eth0 -o wlan0 -s 192.168.20.1/24
-d ! 192.168.20.1/24 -j ACCEPT</command>
# <command>iptables -A FORWARD -o eth0 -i wlan0 -d 192.168.20.1/24
-s ! 192.168.20.1/24 -j ACCEPT</command></programlisting>
<para>More information about iptables and masquerading can be found on
the Internet...</para>
</section>
<section>
<title>Distributing IP Addresses</title>
<para>Now, if eth0 is accessible then all clients with a correct IP
address attached to the eth0 interface can access the Internet; however,
they will manually need to mark the local system as the default gateway
as well as defining the necessary DNS servers. Luckily, we can automate
this by installing a DHCP server so that clients can automatically
obtain their IP address and necessary settings.</para>
<para>There are plenty of DHCP servers around. For local, small use, I
myself use dhcp<indexterm>
<primary>dhcp</primary>
</indexterm>:</para>
<programlisting># <command>emerge dhcp</command></programlisting>
<para>Next, I configure dhcp to distribute the necessary IP address and
other settings:</para>
<programlisting># <command>nano -w /etc/dhcp/dhcpd.conf</command></programlisting>
<programlisting>option domain-name "siphos.be";
option domain-name-servers 192.168.2.1;
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none ;
option option-150 code 150 = text ;
subnet 192.168.20.0 netmask 255.255.255.0 {
range 192.168.20.100 192.168.20.200;
option routers 192.168.20.1;
}</programlisting>
<para>Now that dhcpd is configured, we only need to start it when we
need it:</para>
<programlisting># <command>/etc/init.d/dhcpd start</command></programlisting>
<para>Again, if you want to have the script started automatically, add
it to the default runlevel.</para>
</section>
</section>
<section>
<title>Allowing Remote Access</title>
<para>If you need to allow remote access to your machine, there are a few
tools available. As this book isn't focusing on graphical environments
much, I'll stick with SSH access, or <emphasis>Secure
SHell</emphasis>.</para>
<warning>
<para>Allowing remote access to a system is never without security
risks. If your security software is not up to date, or your password is
easy to guess, or ... you risk being the target for more maliciously
minded people. This is especially true if the IP address you have is
immediately reachable from the Internet (either directly or because you
use port forwarding on your routers).</para>
</warning>
<section>
<title>Secure Shell</title>
<para>By enabling secure shell access to your machine, people on your
network who have an account on your system (or know the credentials of
an account) can access your system. The tool, which is called
<command>ssh</command><indexterm>
<primary>ssh</primary>
</indexterm>, encrypts the data that is sent on the network so no-one
can eavesdrop on the network and see usernames, passwords or even more
confidential information flow by.</para>
<para>To enable SSH access to your system, first install the
<package>net-misc/openssh</package> package:</para>
<programlisting># <command>emerge openssh</command></programlisting>
<para>Of course, this doesn't automatically enable remote access: you
still need to tell your system to start the SSH daemon. You can do this
manually using <command>/etc/init.d/sshd</command>, but also ask Gentoo
to automatically do this for you every time the system boots using
<command>rc-update</command>.</para>
<programlisting># <command>/etc/init.d/sshd start</command>
# <command>rc-update add sshd default</command></programlisting>
<para>Now that that is accomplished, you (or other users on your
network) can access your system using any SSH client (on Windows, I
seriously recommend <ulink
url="http://www.chiark.greenend.org.uk/~sgtatham/putty/">PuTTY</ulink>).
For instance, to access your system from another Linux system, the
command could look like so (assuming that your IP address is
192.168.2.100 and your username is "captain"):</para>
<programlisting>$ <command>ssh -l captain 192.168.2.100</command></programlisting>
<para>You will be asked to enter captain's password, and then you get a
shell just like you would when you log on to the system
physically.</para>
</section>
<section>
<title>Secure File Transfer</title>
<para>By installing and enabling SSH access to your system, you can now
also perform secure file transfers.</para>
<para>There are two methods for doing secure file transfer using
standard openssh tools: scp and sftp.</para>
<section>
<title>Secure Copy</title>
<para>With <command>scp</command><indexterm>
<primary>scp</primary>
</indexterm> (secure copy) you can copy files between systems. If
your source or destination (or both) are on a remote system, prepend
the source/destination folder with the hostname or IP address followed
by a colon, like so:</para>
<programlisting>$ <command>scp thesis.tar.gz 192.168.2.1:/mnt/usb-stick</command></programlisting>
<para>If the copy also needs to change to a different user (say that
you are currently logged on as "bunny" but on the remote side, you
only have an account "wolf"):</para>
<programlisting>$ <command>scp wolf@192.168.2.2:/usr/portage/distfiles/YAML-0.71.tar.gz .</command></programlisting>
</section>
<section>
<title>Secure FTP</title>
<para>With <command>sftp</command><indexterm>
<primary>sftp</primary>
</indexterm> (secure FTP) you have an ftp-alike tool (which supports
the same commands) but which uses the SSH protocol for all data (and
command) transfers.</para>
<programlisting>$ <command>sftp wolf@192.168.2.2</command>
Connecting to 192.168.2.2...
Password: <remark>(enter wolf's password)</remark>
sftp&gt; <command>cd /usr/portage/distfiles</command>
sftp&gt; <command>pwd</command>
Remote working directory: /usr/portage/distfiles
sftp&gt; <command>lpwd</command>
Local working directory: /home/bunny
sftp&gt; <command>get YAML-*</command>
Fetching /usr/portage/distfiles/YAML-0.71.tar.gz to YAML-0.71.tar.gz
/usr/portage/distfiles/YAML-0.71.tar.gz 100% 110KB 110.3KB/s 00:00
sftp&gt; </programlisting>
</section>
</section>
</section>
<section>
<title>Further Resources</title>
<itemizedlist>
<listitem>
<para><ulink
url="http://www.linuxquestions.org/linux/answers/Networking/NdisWrapper_The_Ultimate_Guide/">NdisWrapper:
The Ultimate Guide</ulink> on www.linuxquestions.org</para>
</listitem>
</itemizedlist>
</section>
</chapter>

View File

@ -0,0 +1,676 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>Service Management</title>
<section>
<title>Introduction</title>
<para>A <emphasis>service</emphasis><indexterm>
<primary>service</primary>
</indexterm> is a generic term which can be used in many contexts. Here,
a service is a tool that runs in the background (also known as a
<emphasis>daemon</emphasis><indexterm>
<primary>daemon</primary>
</indexterm>) which offers a certain functionality to the system or to
the users. It is also possible that the tool just performs a single set of
tasks and then quits.</para>
<para>Examples of services on a Linux system are:</para>
<itemizedlist>
<listitem>
<para>the logger service, allowing programs on the system to send
logging notifications to a global location which is then parsed and
processed by a logger tool (example: syslog-ng).</para>
</listitem>
<listitem>
<para>the clock service, which sets the necessary environmental
definitions (like timezone information)</para>
</listitem>
<listitem>
<para>the SSH service, allowing users to log on to your system
remotely (through the secure shell)</para>
</listitem>
<listitem>
<para>...</para>
</listitem>
</itemizedlist>
<para>The scripts that manipulate the services are called <emphasis>init
scripts</emphasis><indexterm>
<primary>init scripts</primary>
</indexterm> (initialization scripts) and reside inside
<filename>/etc/init.d</filename>. Although this is quite generic for all
Linux distributions, Gentoo offers a somewhat different way of working
with services, so not all activities mentioned in this chapter can be used
for other distributions.</para>
</section>
<section>
<title>Services at System Boot / Shutdown</title>
<para>When your system boots, the Linux kernel starts a process called
<command>init</command>. This tool executes a set of tasks defined by the
various init levels on the system. Each init level defines a set of
services to start (or stop) at this stage.</para>
<para>Within Gentoo, init levels are mapped onto named runlevels.</para>
<para>When init is launched, it will first run the sysinit and bootwait
init levels. On Gentoo, the associated runlevels are also called sysinit
and boot (sysinit is not configurable). Then, it will start the services
for the runlevel it is configured to boot into (by default, init level 3).
This init level at Gentoo is mapped onto the "default" runlevel.</para>
<para>For instance, the following services are launched when I start my
laptop (sysinit not shown, but sysinit is always launched).</para>
<programlisting># <command>rc-status boot</command>
Runlevel: boot
alsasound [ started ]
bootmisc [ started ]
checkfs [ started ]
checkroot [ started ]
clock [ started ]
consolefont [ started ]
hostname [ started ]
keymaps [ started ]
localmount [ started ]
modules [ started ]
net.lo [ started ]
rmnologin [ started ]
urandom [ started ]
# <command>rc-status default</command>
Runlevel: default
hald [ started ]
local [ started ]
net.eth0 [ started ]
net.eth1 [ stopped ]
sshd [ started ]
syslog-ng [ started ]
udev-postmount [ started ]
xdm [ started ]</programlisting>
<para>As you can see, all configured services for the two runlevels (boot
and default) are launched but one: net.eth1 isn't started (because it is
my wireless interface and I'm currently on a cabled network which uses
net.eth0).</para>
<para>The init configuration file is called
<filename>/etc/inittab</filename><indexterm>
<primary>inittab</primary>
</indexterm>. The next excerpt is not a full
<filename>inittab</filename> but explains most important settings:</para>
<programlisting>id:3:initdefault: # The default init level is 3
si::sysinit:/sbin/rc sysinit # sysinit &gt; run the Gentoo "sysinit" runlevel
rc::bootwait:/sbin/rc boot # bootwait &gt; run the Gentoo "boot" runlevel
l0:0:wait:/sbin/rc shutdown # init level 0 &gt; run the Gentoo "shutdown" runlevel
l1:S1:wait:/sbin/rc single # init level S1 &gt; run the Gentoo "single" runlevel
l3:3:wait:/sbin/rc default # init level 3 &gt; run the Gentoo "default" runlevel
l6:6:wait:/sbin/rc reboot # init level 6 &gt; run the Gentoo "reboot" runlevel</programlisting>
<para>Okay, so in the end, init uses Gentoo's runlevels. How do you
configure those?</para>
<section>
<title>Init Scripts</title>
<para>An init script is a script that manipulates a particular service.
It should support the "start" and "stop" arguments as these are used by
the <command>init</command> tool (actually the
<command>rc</command><indexterm>
<primary>rc</primary>
</indexterm> tool which is called by <command>init</command>). For
instance:</para>
<programlisting># <command>/etc/init.d/udhcp start</command>
# <command>/etc/init.d/syslog-ng stop</command></programlisting>
<para>As you can see, the scripts reside in the
<filename>/etc/init.d</filename> directory. These scripts are usually
provided by the tools themselves (udhcp and syslog-ng in our examples)
but sometimes you might need to write one yourself. Luckily, this is
less and less the case.</para>
</section>
<section>
<title>Gentoo Runlevels</title>
<para>Inside <filename>/etc/runlevels</filename>, Gentoo keeps track of
the various scripts that need to be started when init starts a specific
init level (which maps onto a Gentoo runlevel):</para>
<programlisting># <command>ls /etc/runlevels</command>
boot default nonetwork single</programlisting>
<para>Inside the directories you get an overview of the services that
should be started when the runlevel is active. For instance, inside the
default runlevel one could see:</para>
<programlisting># <command>ls /etc/runlevels/default</command>
local net.eth0 net.wlan0 syslog-ng xdm</programlisting>
<para>The files found inside these directories are symbolic links,
pointing to the associated init script found inside /etc/init.d:</para>
<programlisting># <command>ls -l /etc/runlevels/default/local</command>
lrwxrwxrwx 1 root root 17 Jul 12 2004
/etc/runlevels/default/local -&gt; /etc/init.d/local</programlisting>
<para>To manipulate the Gentoo runlevels, you can manipulate the
symbolic links inside these directories directly, but you can also use
the tools rc-update, rc-config and rc-status.</para>
<para>With <command>rc-update</command><indexterm>
<primary>rc-update</primary>
</indexterm>, you can add or delete links from a particular runlevel.
For instance, to remove the xdm init script from the default
runlevel:</para>
<programlisting># <command>rc-update del xdm default</command></programlisting>
<para>With <command>rc-status</command><indexterm>
<primary>rc-status</primary>
</indexterm>, you can see what scripts should be started in the
selected runlevel and the current state. The next example shows that the
net.eth0 runlevel is not started currently even though it is a service
for the default runlevel (the reason is simple: I deactivated it as I
don't need the interface currently):</para>
<programlisting># <command>rc-status default</command>
Runlevel: default
local [started]
net.eth0 [stopped]
net.wlan0 [started]
syslog-ng [started]
xdm [started]</programlisting>
<para>With <command>rc-config</command><indexterm>
<primary>rc-config</primary>
</indexterm>, you can manipulate the runlevels (just like with
<command>rc-update</command>), show the current status of a particular
runlevel (just like with <command>rc-status</command>) and view all
currently available init scripts and the runlevels in which they are
available (actually, <command>rc-update</command> can also do this using
<command>rc-update show</command>):</para>
<programlisting># <command>rc-config list</command>
(...)</programlisting>
</section>
<section>
<title>List of Default Services</title>
<para>When a pristine Gentoo install has finished, you will already have
quite a few services available. The following sections give a quick
overview of those services and what they stand for.</para>
<section>
<title>alsasound</title>
<para>The alsasound<indexterm>
<primary>alsasound</primary>
</indexterm> service is responsible for loading the appropriate
sound kernel modules (if they are known as modules) and
saving/restoring the sound configuration at boot-up / shutdown.</para>
<para>When the service is started, you might see kernel modules being
loaded in memory. However, no other processes are started as part of
this service.</para>
</section>
<section>
<title>bootmisc</title>
<para>The bootmisc<indexterm>
<primary>bootmisc</primary>
</indexterm> service is responsible for various boot-level
activities, such as:</para>
<itemizedlist>
<listitem>
<para>loading the kernel parameters from
<filename>/etc/sysctl.conf</filename><indexterm>
<primary>sysctl.conf</primary>
</indexterm>.</para>
</listitem>
<listitem>
<para>cleaning up directories to ensure they don't contain rogue
information that might hinder the bootup</para>
</listitem>
<listitem>
<para>create, if they don't exist, system files with the correct
permissions</para>
</listitem>
</itemizedlist>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>checkfs</title>
<para>The checkfs<indexterm>
<primary>checkfs</primary>
</indexterm> service is responsible for verifying the integrity of
your systems' file systems. By default, it will verify the integrity
of the file systems whose last digit in
<filename>/etc/fstab</filename> isn't zero. You can force a root file
system check by adding the <parameter>forcefsck</parameter><indexterm>
<primary>forcefsck</primary>
</indexterm> boot parameter or force a full file system check for
all partitions (listed in the fstab file) by creating an empty
"/forcefsck" file. This file will be automatically removed once the
check has been finished.</para>
<programlisting># <command>touch /forcefsck</command></programlisting>
<para>On the other hand, if you want to ignore the file system checks,
add the <parameter>fastboot</parameter><indexterm>
<primary>fastboot</primary>
</indexterm> boot parameter.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>checkroot</title>
<para>The checkroot<indexterm>
<primary>checkroot</primary>
</indexterm> service is responsible for checking the consistency of
the root file system. This service uses the same boot parameters
(forcefsck or fastboot) as the checkfs service. </para>
<para>The service is also responsible for remounting the root file
system read-write (by default it gets mounted read-only by the Linux
kernel).</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>clock</title>
<para>The clock<indexterm>
<primary>clock</primary>
<secondary>service</secondary>
</indexterm> service is responsible for setting the system time
based on the BIOS clock and the settings defined in
<filename>/etc/conf.d/clock</filename>. It will also synchronise the
system clock with your hardware clock during shutdown.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>consolefont</title>
<para>The consolefont<indexterm>
<primary>consolefont</primary>
</indexterm> service is responsible for setting the console
font.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>hald</title>
<para>The hald<indexterm>
<primary>hald</primary>
<secondary>service</secondary>
</indexterm> service is responsible for starting the hardware
abstraction layer daemon (see <link linkend="HAL">HAL</link>).</para>
<para>Once the service has finished starting, you will find the hald
process running as the haldaemon user.</para>
</section>
<section>
<title>hostname</title>
<para>The hostname<indexterm>
<primary>hostname</primary>
<secondary>service</secondary>
</indexterm> service is responsible for setting your systems'
hostname based on the input of
<filename>/etc/conf.d/hostname</filename>.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>keymaps</title>
<para>The keymaps<indexterm>
<primary>keymaps</primary>
</indexterm> service is responsible for setting your keyboard
mapping (qwerty, azerty, dvorak, ...) based on the
<filename>/etc/conf.d/keymaps</filename> file.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>local</title>
<para>The local<indexterm>
<primary>local</primary>
</indexterm> service is responsible for handling your custom
activities which you have stated in
<filename>/etc/conf.d/local.start</filename> and
<filename>/etc/conf.d/local.stop</filename>. The local service is ran
as last service before you can log on to your system.</para>
<para>As you completely manage what this service does, I can't tell
you what will happen when the service has finished starting. By
default however, it doesn't do anything.</para>
</section>
<section>
<title>localmount</title>
<para>The localmount<indexterm>
<primary>localmount</primary>
</indexterm> service is responsible for mounting all local file
systems (mentioned in <filename>/etc/fstab</filename>). It also
initiates the necessary support for USB file systems, specific binary
format file systems, security file systems and enabling the swap file
system.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>modules</title>
<para>The modules<indexterm>
<primary>modules</primary>
<secondary>service</secondary>
</indexterm> service is responsible for automatically loading the
kernel modules listed in
<filename>/etc/modules.autoload</filename><indexterm>
<primary>modules.autoload</primary>
</indexterm>.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>net.lo (net.*)</title>
<para>The net.lo<indexterm>
<primary>net.lo</primary>
</indexterm> service is responsible for loading networking support
for a specific interface. Although the name suggests that it only
supports the lo (loopback) interface, the service actually supports
any interface. Other interface scripts are just symbolic links to this
script.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>rmnologin</title>
<para>The rmnologin<indexterm>
<primary>rmnologin</primary>
</indexterm> service is responsible for changing the state of your
system from a non-logon-capable system (set by the bootmisc service)
to a logon-capable one. This is needed to ensure no-one can log on to
your system while important services are being loaded.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>sshd</title>
<para>The sshd<indexterm>
<primary>sshd</primary>
<secondary>service</secondary>
</indexterm> service is responsible for launching the secure shell
daemon, which allows you to access your system from a remote location
(as long as the network / firewalls permit it) in a secure manner.
</para>
<para>Once the service has finished starting, you will find the sshd
process running.</para>
</section>
<section>
<title>syslog-ng (or any other system logger service)</title>
<para>The syslog-ng<indexterm>
<primary>syslog-ng</primary>
<secondary>service</secondary>
</indexterm> service is responsible for starting the syslog-ng
daemon, which is responsible for watching the
<filename>/dev/log</filename> socket for log events and managing those
events by dispatching them towards the right log file (or other log
server).</para>
<para>Once the service has finished starting, you will find the
syslog-ng process running.</para>
</section>
<section>
<title>udev-postmount</title>
<para>The udev-postmount<indexterm>
<primary>udev-postmount</primary>
</indexterm> service is responsible for re-evaluating udev events
between the moment udev was started and the moment udev-postmount is
started which might have failed for any reason (for instance because
not everything was up and running yet).</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
<section>
<title>urandom</title>
<para>The urandom<indexterm>
<primary>urandom</primary>
</indexterm> service is responsible for initializing the random
number generator in a somewhat more secure manner (using a random seed
obtained during the last shutdown of the system). Without this, the
random number generator would be a bit more predictable.</para>
<para>Once the service has finished starting, no additional processes
will be running.</para>
</section>
</section>
</section>
<section>
<title>Service Configurations</title>
<section>
<title>General Service Configuration</title>
<para>Gentoo's general configuration file for the start-up service
behavior is <filename>/etc/rc.conf</filename> and
<filename>/etc/conf.d/rc</filename>.</para>
<section>
<title>/etc/rc.conf</title>
<para>Inside the <filename>rc.conf</filename> file, generic settings
which are (or might be) needed by several services can be configured.
The syntax is, as usual, "key=value".</para>
<itemizedlist>
<listitem>
<para>UNICODE="yes" (or "no"), which specifies if you want to use
Unicode support at the console</para>
</listitem>
<listitem>
<para>EDITOR="/bin/nano" (or any other text editor), which
specifies the default text editor you want to use</para>
</listitem>
<listitem>
<para>XSESSION="Xfce4" (or any other supported graphical session
manager), which specifies the default graphical environment to
launch</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>/etc/conf.d/rc</title>
<para>In the /etc/conf.d/rc file, you specify configuration settings
that affect or influence the system service handling behaviour. The
file contains lots of comments which should make it a bit easier to
work with. So consider the list below more of a small introduction
rather than a complete list. As usual, the syntax uses a key=value
set.</para>
<itemizedlist>
<listitem>
<para><parameter>RC_PARALLEL_STARTUP</parameter><indexterm>
<primary>RC_PARALLEL_STARTUP</primary>
</indexterm> ("yes" or "no") informs the system service handling
to attempt to start services in parallel as much as
possible.</para>
</listitem>
<listitem>
<para><parameter>RC_NET_STRICT_CHECKING</parameter><indexterm>
<primary>RC_NET_STRICT_CHECKING</primary>
</indexterm> ("none", "lo", "no", "yes") informs the system when
it should consider networking to be available:</para>
<itemizedlist>
<listitem>
<para>none = networking is always available</para>
</listitem>
<listitem>
<para>lo = networking is available the moment the loopback
interface (lo) is available</para>
</listitem>
<listitem>
<para>no = networking is available the moment at least one
non-loopback interface is available</para>
</listitem>
<listitem>
<para>yes = networking is available when all non-loopback
interfaces are available</para>
</listitem>
</itemizedlist>
<para>The <emphasis>loopback interface</emphasis><indexterm>
<primary>loopback interface</primary>
</indexterm> is a surreal interface which only supports local
traffic (localhost, 127.0.0.1). Linux by default enables this
interface (it is a kernel configuration) so that one can work with
networking tools even if the system isn't on any network. It also
makes the development of certain applications a lot easier once
they can assume some networking is available (even if it is "just"
localhost).</para>
</listitem>
</itemizedlist>
</section>
</section>
<section>
<title>Specific Service Configuration</title>
<para>Each system service within Gentoo can be configured using a file
in <filename>/etc/conf.d</filename> which is named the same as the
service itself (except in a few specific cases like network
configurations, which use the <filename>/etc/conf.d/net</filename>
configuration file). All these files use a key=value syntax for
configuration purposes.</para>
<para>For instance, the <command>/etc/init.d/clock</command> init script
can be configured using the <filename>/etc/conf.d/clock</filename>
configuration file.</para>
</section>
<section>
<title>Softlevel States</title>
<para>Gentoo supports softlevels, which are specific configurations of
one or more services. The need exists, because you might create
different runlevels (say "work" and "home" instead of just "default") in
which services need to be configured differently. As the services would
only use their general configuration file, this wouldn't work.</para>
<para>To initiate softlevels, you need to specify
"softlevel=&lt;yoursoftlevel&gt;" at the kernel option line (for
instance, in GRUB, this means you add it to grub.conf's kernel line).
Once set, Gentoo will try to start the softlevel given instead of the
default runlevel (coincidentally named "default") and first look for
configurations of this softlevel for each service. If it cannot find
specific configurations, it will use the default one.</para>
<para>An example use of softlevels would be to define a softlevel "work"
and a softlevel "home". Both initiate different settings, such as
different networking settings, different clock settings, different
crypto-loop settings, etc. This could result in the following two GRUB
configuration entries:</para>
<programlisting>title=Gentoo Linux @Home
kernel /kernel-2.6.31 root=/dev/sda2 softlevel=home
title=Gentoo Linux @Work
kernel /kernel-2.6.31 root=/dev/sda2 softlevel=work</programlisting>
<para>Whenever a service is started (or stopped), it will look for its
configuration file called
<filename>/etc/conf.d/&lt;servicename&gt;.&lt;softlevel&gt;</filename>
(for instance, <filename>/etc/conf.d/clock.work</filename>) and if that
doesn't exist, use the default one (for instance,
<filename>/etc/conf.d/clock</filename>).</para>
<para>To finish the softlevel, create a new runlevel with the
softlevels' name:</para>
<programlisting># <command>mkdir /etc/runlevels/work</command></programlisting>
<para>Finish up by adding the services you need to this runlevel.</para>
</section>
<section>
<title>Bootlevel States</title>
<para>The idea behind bootlevel is the same as softlevel, but instead of
changing the default runlevel "default", you change the default boot
runlevel "boot".</para>
</section>
</section>
</chapter>

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,572 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>System Management</title>
<section>
<title>Introduction</title>
<para>System management is a broad term. It is my attempt to cover the
system administration tasks that almost every administrator (or end user)
will need to know for his system, such as time management, language
management, keyboard settings and more.</para>
</section>
<section>
<title>Environment Variables</title>
<para>The Linux operating system makes extensive use of environment
variables.</para>
<para>An environment variable<indexterm>
<primary>environment variable</primary>
</indexterm> is a simply a key-value pair which a process can read out.
For instance, the environment variable <varname>EDITOR</varname> (with, as
an example, value <filename>/bin/nano</filename>) informs the process who
reads it that the default text editor is (in this case) nano. These
variables are not system-wide: if you alter the value of a variable, the
change is only active in the session where you are in (which is your shell
and the processes started from the shell).</para>
<section>
<title>List of Environment Variables</title>
<para>There are quite a few environment variables you'll come across
often.</para>
<section>
<title>DISPLAY</title>
<para>The <parameter>DISPLAY</parameter><indexterm>
<primary>DISPLAY</primary>
</indexterm> environment variable is used when you're logged on to a
Unix/Linux system graphically. It identifies where X applications
should "send" their graphical screens to. When you log on to a system
remotely, this variable is set to your local IP address and the screen
number you're using on this system. Most of the time, when you're
logged on locally, it's content is ":0.0" (the first screen on the
system).</para>
<para>Note that "screen" here isn't the hardware device, but a name
given to a running X instance.</para>
</section>
<section>
<title>EDITOR</title>
<para>The <parameter>EDITOR</parameter><indexterm>
<primary>EDITOR</primary>
</indexterm> variable identifies the default text editor you want to
use. Applications that spawn a text editor (for instance, visudo) to
edit one or more files, use this variable to know which text editor to
launch.</para>
</section>
<section>
<title>LANG and other locale specific variables</title>
<para>Locales are discussed later in this chapter. Its environment
variables (<parameter>LANG</parameter> and the various
<parameter>LC_*</parameter> variables) identify the users' language,
timezone, currency, number formatting and more.</para>
</section>
<section>
<title>PATH</title>
<para>The PATH variable identifies the directories where the system
should look for executable files (being binaries or shell scripts). If
unset or set incorrectly, you cannot execute a command without
providing the entire path to this command (except built-in shell
commands as those are no executable files).</para>
<para>Below is a small example of a PATH variable:</para>
<programlisting>~$ <command>echo $PATH</command>
/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.2:
/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin:
/usr/kde/3.5/bin:/usr/qt/3/bin:/usr/games/bin:/home/swift/bin/</programlisting>
<para>An example of what happens when PATH is not set:</para>
<programlisting>~$ <command>ls</command>
(... listing of current directory ...)
~$ <command>unset PATH</command>
~$ <command>ls</command>
-bash: ls: No such file or directory
~$ <command>/bin/ls</command>
(... listing of current directory ...)</programlisting>
</section>
<section>
<title>TERM</title>
<para>The <parameter>TERM</parameter><indexterm>
<primary>TERM</primary>
</indexterm> variable allows command-line programs with special
characters to identify which terminal you use to run them. Although
nowadays the xterm TERM is most used, sometimes you will find yourself
logged on to a different system which doesn't know xterm or where the
application looks really awkward. In such cases a solution could be to
set the TERM variable to, for instance, vt100.</para>
</section>
</section>
<section>
<title>How to Set an Environment Variable</title>
<para>Environment variables are user specific, but can be set on three
levels: session (only valid for the current, open session), user (only
valid for this user and used as default for all sessions of this user)
or system wide (used as a global default).</para>
<section>
<title>Session Specific</title>
<para>When you want to set an environment variable for a specific
session, you can use the shell <command>set</command><indexterm>
<primary>set</primary>
</indexterm> or <command>export</command><indexterm>
<primary>export</primary>
</indexterm> command:</para>
<programlisting>~$ <command>ls -z</command>
ls: invalid option -- z
Try `ls --help` for more information.
~$ <command>export LANG="fr"</command>
~$ <command>ls -z</command>
ls: option invalide -- z
Pour en savoir davantage, faites: `ls --help`</programlisting>
<para>Which one to use depends on what you actually want to
achieve:</para>
<itemizedlist>
<listitem>
<para>With <command>set</command>, you change the environment
variable for this session, but not for the subshells you might
want to start from the current shell. In other words, set is local
to the shell session.</para>
</listitem>
<listitem>
<para>With <command>export</command>, you change the environment
variable for this session as well as subshells you might want to
start from the current shell from this point onward. In other
words, export is global.</para>
</listitem>
</itemizedlist>
</section>
<section>
<title>User Specific</title>
<para>User specific environment settings are best placed inside the
<filename>.bashrc</filename><indexterm>
<primary>.bashrc</primary>
</indexterm> file. This file is automatically read when a user is
logged on (at least when he is using the bash shell). A more
shell-agnostic file is <filename>.profile</filename><indexterm>
<primary>.profile</primary>
</indexterm>. Inside the file, define the variables as you would for
a specific session:</para>
<programlisting>export LANG="fr"</programlisting>
</section>
<section>
<title>System Wide Defaults</title>
<para>To make an environment variable system wide, you must make sure
that your environment variable is stored in a file or location that
every session reads out when it is launched. By convention,
<filename>/etc/profile</filename> is a script in which system wide
environment variables can be placed. Gentoo offers a nice interface
for this: inside <filename>/etc/env.d</filename> you can manage
environment variables in a more structured approach, and the
<command>env-update.sh</command> script will then make sure that the
environment variables are stored elsewhere so that
<filename>/etc/profile</filename> reads them out.</para>
<note>
<para>The /etc/profile script does not read out all values inside
/etc/env.d itself for (at least) two reasons:</para>
<orderedlist>
<listitem>
<para>The structure used in /etc/env.d uses a specific
"appending" logic (i.e. variables that are defined several times
do not overwrite each other; instead, their values are appended)
which could be too hard to implement in /etc/profile without too
much overhead. After all, /etc/profile is read by every newly
launched session, so if it took too much time, your system would
start up much slower.</para>
</listitem>
<listitem>
<para>The system administrator might want to make a set of
changes which should be made atomic (for instance, remove a
value from one variable and add it to another). If changes are
publicized immediately, a session could read in /etc/profile
which loads an at that time incorrect environment variable set
(especially when a process is launched after the administrators'
first change but before the second).</para>
</listitem>
</orderedlist>
</note>
</section>
</section>
<section>
<title>Managing Environment Entries</title>
<para>On Linux, the behavior of many commands is manipulated by values
of environment entries, or environment variables. Within Gentoo Linux,
you can manage the system-wide environment variables through the
<filename>/etc/env.d</filename> directory.</para>
<section>
<title>Environment Files</title>
<para>Inside /etc/env.d, you will find environment files which use a
simple key=value syntax. For instance, the /etc/env.d/20java file
defines, amongst other environment variables, the PATH and MANPATH
variables:</para>
<programlisting># <command>cat /etc/env.d/20java</command>
...
MANPATH=/opt/blackdown-jdk-1.4.2.03/man
PATH=/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin</programlisting>
<para>With these settings, the value of MANPATH (location where man
will search for its manual pages) and PATH (location where the system
will look for executable binaries every time you enter a command) is
<emphasis>extended</emphasis> with the given values (note that the
variables are not rewritten: their value is appended to the value
previously assigned to the variable).</para>
<para>The order in which variable values are appended is based on the
filename inside <filename>/etc/env.d</filename>. This is why most
files start with a number (as most people find it easier to deal with
order based on numbers, plus that the filenames themselves are still
explanatory to what purpose they serve).</para>
</section>
<section>
<title>Changing Environment Variables</title>
<para>If you want to change a system variable globally, you can either
add another file to <filename>/etc/env.d</filename> or manipulate an
existing one. In the latter case, you should be aware that application
upgrades automatically update their entries inside
<filename>/etc/env.d</filename> without warning (this location is not
protected, unlike many other configuration locations).</para>
<para>As such, it is adviseable to always add your own files rather
than manipulate existing ones.</para>
<para>When you have altered an environment file or added a new one,
you need to call <command>env-update</command><indexterm>
<primary>env-update</primary>
</indexterm> to have Gentoo process the changes for you:</para>
<programlisting># <command>env-update</command></programlisting>
<para>This command will read in all environment files and write the
final result in <filename>/etc/profile.env</filename> (which is
sourced by <filename>/etc/profile</filename>, which is always sourced
when a user logs on).</para>
</section>
</section>
</section>
<section>
<title>Location Specific Settings</title>
<para>When I talk about location specific settings, I mean the settings
that your neighbour is most likely to need as well: language settings,
keyboard settings, timezone / currency settings, ... Within the Linux/Unix
environment, these settings are combined in the locale settings and
keyboard settings.</para>
<section>
<title>Locale Settings</title>
<para>A <emphasis>locale</emphasis><indexterm>
<primary>locale</primary>
</indexterm> is a setting that identifies the language, number format,
date/time format, timezone, daylight saving time and currency
information for a particular user or system. This locale information is
stored inside a variable called <parameter>LANG</parameter>; however, it
is possible to switch a particular locale setting to another locale (for
instance, use the American English settings for everything, but currency
to european euro).</para>
<para>The following table gives an overview of the most important
variables:</para>
<table>
<title>Locale variables supported on a Linux system</title>
<tgroup cols="2">
<tbody>
<row>
<entry><parameter>LANG</parameter></entry>
<entry>A catch-all setting which identifies the locale for all
possible features. However, individual topics can be overridden
using one of the following variables.</entry>
</row>
<row>
<entry><parameter>LC_COLLATE</parameter> and
<parameter>LC_CTYPE</parameter></entry>
<entry>Character handling (which characters are part of the
alphabet) and (alphabetical) order</entry>
</row>
<row>
<entry><parameter>LC_MESSAGES</parameter></entry>
<entry>Applications that use message-based output use this
setting to identify what language their output should be</entry>
</row>
<row>
<entry><parameter>LC_MONETARY</parameter></entry>
<entry>Currency-related settings</entry>
</row>
<row>
<entry><parameter>LC_NUMERIC</parameter></entry>
<entry>Formatting of numerical values</entry>
</row>
<row>
<entry><parameter>LC_TIME</parameter></entry>
<entry>Time related settings</entry>
</row>
</tbody>
</tgroup>
</table>
<para>There is another variable available as well, called
<parameter>LC_ALL</parameter>. If this variable is set, none of the
above variables is used anymore. However, use of this variable is
strongly discouraged.</para>
<para>To get an overview of your locale settings (including a full list
of supported variables), enter the <command>locale</command><indexterm>
<primary>locale</primary>
</indexterm> command.</para>
<para>The format of a locale variable is as follows:</para>
<programlisting>language[_territory][.codeset][@modifier]</programlisting>
<para>The settings used in this format are:</para>
<table>
<title>List of settings used in a locale definition</title>
<tgroup cols="2">
<tbody>
<row>
<entry>language</entry>
<entry>Language used. Examples are "en" (English), "nl" (Dutch),
"fr" (French), "zh" (Chinese)</entry>
</row>
<row>
<entry>territory</entry>
<entry>Location used. Examples are "US" (United states), "BE"
(Belgium), "FR" (France), "CN" (China)</entry>
</row>
<row>
<entry>codeset</entry>
<entry>Codeset used. Examples are "utf-8" and
"iso-8859-1"</entry>
</row>
<row>
<entry>modifier</entry>
<entry>Modifier used, which allows a different definition of a
locale even when all other settings are the same. Examples are
"euro" and "preeuro" (which has its consequences on the monetary
aspect).</entry>
</row>
</tbody>
</tgroup>
</table>
<para>So, a few examples are:</para>
<programlisting>LANG="en"
LANG="nl_BE"
LANG="en_US.utf-8"
LANG="nl_NL@euro"</programlisting>
<para>These settings are read as environment variables (which are
discussed later) by the applications. You can mark locales systemwide,
but it is advised that this is stored on a per-user basis. As such, I
recommend that you set something like the following in your
<filename>~/.bashrc</filename> file (and in
<filename>/etc/skel/.bashrc</filename> so that newly created user
accounts have this set automatically as well):</para>
<programlisting>$ <command>nano -w ~/.bashrc</command>
...
# Put your fun stuff here
LANG="en_US.utf-8"</programlisting>
</section>
<section>
<title>Keyboard Settings</title>
<para>When you aren't using the default qwerty layout, you'll need to
modify the keyboard mapping setting on your system. Gentoo makes this
easy for you: edit /etc/conf.d/keymaps and set the KEYMAP variable to
the mapping you need:</para>
<programlisting># <command>nano -w /etc/conf.d/keymaps</command>
...
KEYMAP="be-latin1"</programlisting>
<para>A list of supported keymaps can be found in the subdirectories of
<filename>/usr/share/keymaps</filename>.</para>
<para>If you want to test and see if a particular keymap is correct,
load it manually using the <command>loadkeys</command><indexterm>
<primary>loadkeys</primary>
</indexterm> command:</para>
<programlisting># <command>loadkeys &lt;keymap&gt;</command></programlisting>
</section>
</section>
<section>
<title>Time Settings</title>
<para>To change the system time/date, you can use the
<command>date</command><indexterm>
<primary>date</primary>
</indexterm> command. For instance, to set the date to september 30th,
2008 and time to 17.34h:</para>
<programlisting># <command>date 093017342008</command></programlisting>
<para>If your system has Internet access, it is wise to install
ntp-supporting tools such as the net-misc/ntp package. With
<command>ntpdate</command><indexterm>
<primary>ntpdate</primary>
</indexterm> (and other similar tools), you can use online time servers
to set the time of your system correct to the second.</para>
<programlisting># <command>ntpdate pool.ntp.org</command></programlisting>
<para>To save the current (operating system) time to your hardware clock,
you can use the <command>hwclock</command><indexterm>
<primary>hwclock</primary>
</indexterm> program:</para>
<programlisting># <command>hwclock --systohc</command></programlisting>
</section>
<section>
<title>System Scheduler</title>
<para>Within Unix/Linux, the default scheduler often used is called
<emphasis>cron</emphasis><indexterm>
<primary>cron</primary>
</indexterm>. There are quite a few cron implementations available, such
as the popular <command>vixie-cron</command>, <command>fcron</command>,
<command>bcron</command> and <command>anacron</command>. Once installed,
you start the cron service through an init script (which you most likely
add to the default runlevel):</para>
<programlisting># <command>rc-update add vixie-cron default</command>
# <command>/etc/init.d/vixie-cron start</command></programlisting>
<para>When the cron service is running, every user can define one or more
commands he wants to periodically execute. </para>
<para>To edit your personal scheduling rules, run <command>crontab
-e</command><indexterm>
<primary>crontab</primary>
</indexterm>:</para>
<programlisting>$ <command>crontab -e</command></programlisting>
<para>Your current rule file will be shown in the default editor (nano,
vim, ...). A crontab entry has 6 columns:</para>
<table>
<title>Crontab columns</title>
<tgroup cols="2">
<tbody>
<row>
<entry>Minute</entry>
<entry>Minute of the hour (0-59)</entry>
</row>
<row>
<entry>Hour</entry>
<entry>Hour of the day (0-23)</entry>
</row>
<row>
<entry>Day</entry>
<entry>Day of the month (1-31)</entry>
</row>
<row>
<entry>Month</entry>
<entry>Month of the year (1-12 or use names)</entry>
</row>
<row>
<entry>Weekday</entry>
<entry>Day of the week (0-7 or use names. 0/7 are Sunday)</entry>
</row>
<row>
<entry>Command</entry>
<entry>Command to execute</entry>
</row>
</tbody>
</tgroup>
</table>
<para>Next to the number representation, you can use ranges (first-last),
summation (1,3,5), steps (0-23/2) and wildcards.</para>
<para>For instance, to execute "<command>ntpdate ntp.pool.org</command>"
every 15 minutes, the line could look like:</para>
<programlisting>*/15 * * * * ntpdate ntp.pool.org</programlisting>
<para>or</para>
<programlisting>0,15,30,45 * * * * ntpdate ntp.pool.org</programlisting>
<para>If you just want to view the scheduled commands, run
<command>crontab -l</command>.</para>
</section>
</chapter>

View File

@ -0,0 +1,428 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>Introducing the Graphical Environment</title>
<section>
<title>Introduction</title>
<para>Linux is often seen as a command-only operating system. This is far
from true: although its command-line is a powerful interface, you can also
launch graphical environments on Linux. In this chapter, we briefly cover
the graphical environments in Linux.</para>
<para>Graphical environments are the defacto standard for working with a
workstation. Many users know the Microsoft Windows family or the Apple
MacOS series. However, those two aren't the only providers of a graphical
environment. When the Intel-compliant PCs were hardly known to the world,
consoles and other personal computers already provided a graphical
environment to their users.</para>
<para>It comes to no surprise to hear that the free software community
also provides graphical environments. And, just like you have choice
amongst distributions, you have choice amongst graphical environments:
GNOME, KDE, XFCE4 are popular desktop graphical environments;
enlightenment, fluxbox, window maker, icewm, ... are window
managers.</para>
<para>Although most readers will be sufficiently fluent in using a
graphical environment, this book wouldn't be complete if it didn't cover
it. As such, and with the danger of being overly simple on the subject,
this chapter will briefly cover the concept of graphical
environments.</para>
</section>
<section>
<title>The Structure of X</title>
<para>On Linux, a graphical environment consists of many
components:</para>
<itemizedlist>
<listitem>
<para>Applications</para>
</listitem>
<listitem>
<para>Widget Toolkits</para>
</listitem>
<listitem>
<para>Window Manager</para>
</listitem>
<listitem>
<para>X Server</para>
</listitem>
<listitem>
<para>Hardware</para>
</listitem>
</itemizedlist>
<para>Each of those components interacts with others through specific
interfaces.</para>
<figure>
<title>A possible representation of how X is structured</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/xschema.png" scale="75" />
</imageobject>
</mediaobject>
</figure>
<para>An application is able to draw graphic components (buttons, windows,
progress bars, labels etc.) through a common API called a <emphasis>widget
toolkit</emphasis><indexterm>
<primary>widget toolkit</primary>
</indexterm>. Popular widget toolkits on Linux are GTK+ and Qt. However,
not all applications require a widget toolkit - they can also talk to the
X server immediately. Using such toolkits however facilitates the
development of graphical applications.</para>
<para>The widget toolkits communicate with the X server through an
interface which basically drives all commands to a <emphasis>window
manager</emphasis><indexterm>
<primary>window manager</primary>
</indexterm>. A window manager manages the layout of the users' screen:
where are the windows positioned, can he drag windows from one location to
another, how are buttons rendered, ... Popular window managers are
metacity (used by the GNOME desktop environment), KWin (used by the KDE
desktop environment), fluxbox, enlightenment, ...</para>
<para>Most window managers are written for specific widget toolkits, but
some of their functionality extends beyond one particular window manager:
this allows window managers to support not only rendering of applications
built with different widget toolkits, but also interoperability between
these applications (copy/paste, drag 'n drop ...).</para>
<para>The window manager receives commands from the <emphasis>X
server</emphasis><indexterm>
<primary>X server</primary>
</indexterm>. The X server is responsible for turning requests into
hardware-specific actions (draw window means to render a window through
the graphic card, mouse movements are events coming from the mouse device
and directed to the window manager to move the cursor, ...).</para>
<para>In the following sections, we dive a little bit deeper into each of
those components...</para>
</section>
<section>
<title>The X Window System</title>
<para>On a Unix/Linux system, the <emphasis>X server</emphasis><indexterm>
<primary>X server</primary>
</indexterm> is a tool which manages the graphical card on your system
and offers services to draw things on your screen. These services are
defined in the X11 protocol, an industry open standard. Because the
interface is open, many X servers exist, one more powerful than the other.
Popular X servers are Xorg and XFree86. However, on Gentoo Linux, Xorg is
the only available X server (due to legal restrictions as well as support
base).</para>
<section>
<title>Installing Xorg</title>
<para>To install Xorg on Gentoo Linux, I suggest to read the <ulink
url="http://www.gentoo.org/doc/en/xorg-config.xml">X Server
Configuration HOWTO</ulink> from Gentoo's documentation repository. It
describes how to install Xorg, configure it to work with your hardware
and more. This chapter only gives a quick introduction to this.</para>
<para>You should understand that the Xorg configuration defines, amongst
other things,</para>
<itemizedlist>
<listitem>
<para>the resolution and refresh rates of your screen(s)</para>
</listitem>
<listitem>
<para>the language used by your input (keyboard)</para>
</listitem>
<listitem>
<para>the drivers used to render stuff (i810, vesa, but also closed,
propriatary drivers like nVidia and ATIs)</para>
</listitem>
<listitem>
<para>...</para>
</listitem>
</itemizedlist>
<para>Once configured to your likings, do not forget to take a backup of
your configuration (hint: some people place their X configuration online
for others to see - there is nothing personal inside anyway).</para>
<section>
<title>Installing Xorg</title>
<para>Before installing Xorg, first make sure that the
<parameter>VIDEO_CARDS</parameter><indexterm>
<primary>VIDEO_CARDS</primary>
</indexterm> and <parameter>INPUT_DEVICES</parameter><indexterm>
<primary>INPUT_DEVICES</primary>
</indexterm> variables are set in
<filename>/etc/make.conf</filename>:</para>
<programlisting>INPUT_DEVICES="evdev keyboard mouse"
VIDEO_CARDS="vesa intel"</programlisting>
<para>In the above example, I selected the vesa video driver (a
default driver that is supported by most video cards, but with little
functionality) and intel video driver (as I have an Intel graphic
card).</para>
<para>Next, install <package>x11-base/xorg-server</package><indexterm>
<primary>xorg-server</primary>
</indexterm>:</para>
<programlisting># <command>emerge x11-base/xorg-server</command></programlisting>
<para>Once finished, it is time to check out the graphical server
environment.</para>
</section>
<section>
<title>Testing Xorg</title>
<para>Try out Xorg without using any configuration file. The Xorg
server will try to autodetect the necessary settings and, to be
honest, does a fine job at that. Don't test out things as root
though!</para>
<programlisting>$ <command>startx</command></programlisting>
<para>If you haven't configured a graphical environment yet, you'll be
greeted with a console and an ugly background. However, that alone
should suffice to verify if your mouse and keyboard are working as
well as do a preliminary verification of the resolution of your
screen.</para>
<para>If the graphical server doesn't seem to function properly, make
sure to read up on Gentoo's <ulink
url="http://www.gentoo.org/doc/en/xorg-config.xml">Xorg Server
Configuration HOWTO</ulink>.</para>
</section>
</section>
</section>
<section>
<title>Window Managers</title>
<para>Window managers interact with the X server using the X11 interface
and manage how your graphical environment looks like, but also how it
behaves (for instance, there are window managers that do not support
dragging windows).</para>
<para>Certain window managers are accompanied by various other tools that
integrate nicely with the window manager. These tools offer services like
a panel (from which you can launch commands or programs immediately),
application menus, file manager etc. The aggregation of these tools is
often called a <emphasis>desktop environment</emphasis><indexterm>
<primary>desktop environment</primary>
</indexterm> because it offers a complete desktop to the user.</para>
<section>
<title>Installing a Window Manager</title>
<para>Gentoo supports many window managers. To install one, simply
emerge it.</para>
<para>For fluxbox, a popular, lightweight window manager, Gentoo even
has official documentation available: the <ulink
url="http://www.gentoo.org/doc/en/fluxbox-config.xml">Fluxbox
Configuration HOWTO</ulink>.</para>
</section>
<section>
<title>Activating a Window Manager</title>
<para>To activate a window manager for your end user, create a file
called <filename>.xinitrc</filename><indexterm>
<primary>.xinitrc</primary>
</indexterm> in your home directory. Inside it, you just add "exec
&lt;manager&gt;" where &lt;manager&gt; is the command to launch the
window manager.</para>
<para>For instance, for fluxbox:</para>
<programlisting>exec fluxbox</programlisting>
</section>
</section>
<section>
<title>Desktop Environments</title>
<para>The majority of Linux users use a desktop environment to work with
their work station. The two most used desktop environments are KDE and
GNOME. The third environment, XFCE4, is gaining momentum as a lightweight
yet powerful desktop environment.</para>
<section>
<title>GNOME</title>
<para>The GNOME<indexterm>
<primary>GNOME</primary>
</indexterm> desktop environment is the default desktop environment
for many Linux distributions, including Ubuntu and Fedora. Its desktop
is very simple to use: the number of visible options is kept low to not
confuse users, and all applications that want to integrate with the
GNOME desktop should adhere to various guidelines such as the user
interface guideline.</para>
<para>The GNOME community offers a good introduction to the graphical
environment called the <ulink
url="http://www.gnome.org/learn/users-guide/latest/">GNOME User
Guide</ulink>.</para>
<para>Gentoo has a <ulink
url="http://www.gentoo.org/doc/en/gnome-config.xml">GNOME Configuration
HOWTO</ulink> available as well.</para>
<figure>
<title>An example view of a GNOME desktop</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/gnomedesktop.png" scale="75"
width="13cm" />
</imageobject>
</mediaobject>
</figure>
</section>
<section>
<title>KDE</title>
<para>The KDE desktop is a fully featured desktop environment which
offers all the functionality a regular user might expect from his
system. KDE comes with many tools, ranging from network related tools
(browsers, IM, P2P) to office tools, multimedia tools, authoring and
even development environments.</para>
<para>Gentoo provides a <ulink
url="http://www.gentoo.org/doc/en/kde-config.xml">KDE Configuration
HOWTO</ulink>.</para>
<figure>
<title>An example view of a KDE desktop</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/kdedesktop.png" scale="75" />
</imageobject>
</mediaobject>
</figure>
</section>
<section>
<title>XFCE4</title>
<para>The XFCE4 desktop is designed to still run smoothly on low memory
systems (32 Mbytes and more). Often, power users use XFCE4 even on large
memory systems just to reduce the memory overhead of the graphical
environment.</para>
<para>Gentoo provides an <ulink
url="http://www.gentoo.org/doc/en/xfce-config.xml">XFCE Configuration
Howto</ulink>.</para>
<figure>
<title>An example view of an XFCE4 desktop</title>
<mediaobject>
<imageobject>
<imagedata fileref="images/xfce4desktop.png" scale="75"
scalefit="" />
</imageobject>
</mediaobject>
</figure>
</section>
<section>
<title>Activating a Desktop Environment</title>
<para>To activate a desktop environment for your end user, create a file
called <filename>.xinitrc</filename><indexterm>
<primary>.xinitrc</primary>
</indexterm> in your home directory. Inside it, you just add "exec
&lt;environment&gt;" where &lt;environment&gt; is the command to launch
the desktop environment.</para>
<para>For instance, for Xfce4:</para>
<programlisting>exec xfce4-session</programlisting>
</section>
</section>
<section>
<title>Logging on Graphically</title>
<para>If you want to log on to your system using a graphical logon
manager, you need to do two things:</para>
<itemizedlist>
<listitem>
<para>Install a graphical logon manager</para>
</listitem>
<listitem>
<para>Setup the default graphical environment</para>
</listitem>
</itemizedlist>
<section>
<title>Install Graphical Logon Manager</title>
<para>The desktop environments KDE and GNOME provide their own graphical
logon manager (which are called kdm and gdm respectively). If you don't
have them or want to use a different one, I recommend x11-misc/slim. It
is a lightweight graphical logon manager.</para>
<programlisting># <command>emerge x11-misc/slim</command></programlisting>
<para>Once a graphical logon manager is available, configure the xdm
service to use it.</para>
<para>In <filename>/etc/conf.d/xdm</filename>:</para>
<programlisting>DISPLAYMANAGER="slim"</programlisting>
<para>Finally, add the xdm service to the default runlevel.</para>
<programlisting># <command>rc-update add xdm default</command></programlisting>
</section>
<section>
<title>Setup the Default Graphical Environment</title>
<para>To setup the default graphical environment for a user, you need to
create your .xinitrc file as mentioned before (Activating a Window
Manager or Desktop Environment).</para>
</section>
</section>
<section>
<title>Supporting 3D Acceleration</title>
<para>The graphical environment can also use 3D acceleration.</para>
<para>Now, 3D acceleration is a tricky subject because there are many
implementations that offer 3D services. For instance, you can have 3D
services with software rendering (i.e. no delegation of rendering to
specific 3D hardware) but this usually isn't seen as 3D
acceleration.</para>
<para>When you have a graphic card capable of rendering 3D, you will need
to configure the X Window System to hand over 3D rendering tasks to the
graphic card. This can happen through either open standards or
specifications (such as OpenGL) or through closed, propriatary drivers
(such as the nVidia drivers).</para>
</section>
</chapter>

View File

@ -0,0 +1,467 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<chapter>
<title>Installing Gentoo Linux</title>
<section>
<title>Introduction</title>
<para>I've waited a few chapters before I started discussing the Gentoo
Linux installation because it isn't for the faint of hearted. Although
Gentoo has tried to offer a graphical installer in the past, its user- and
developer base swore by the manual installation approach. As a result, the
graphical installer has been deprecated and the installation procedure is
once more a manual, step by step guide.</para>
<para>With the previous chapters discussed, you should now be able to
install a Gentoo Linux yourself with the following simple set of
instructions. However, if you want to do it the official way, do not
hesitate to read the <ulink
url="http://www.gentoo.org/doc/en/handbook/handbook-x86.xml">Gentoo
Handbook</ulink>. There are also <ulink type=""
url="http://www.gentoo.org/doc/en/handbook">handbooks</ulink> available
for other architectures.</para>
</section>
<section>
<title>Booting a Linux Environment</title>
<para>A Gentoo Linux installation starts from a Linux environment. You can
use any Linux environment you want, but most people suggest to use a
LiveCD.</para>
<para>A popular LiveCD to install Gentoo from is <ulink
url="http://www.sysresccd.org">System Rescue CD</ulink>. All necessary
documentation about booting the CD, including setting up networking (which
you definitely need to do in order to install Gentoo) is available on the
site.</para>
</section>
<section>
<title>Disk Setup</title>
<para>Once your environment is set up, you'll need to setup your disks by
partitioning them and then putting a file system on them. Partitioning and
file system management has been discussed <link
linkend="hdpartitions">beforehand</link>:</para>
<programlisting># <command>fdisk /dev/sda</command>
<emphasis>(Partition the disk)</emphasis>
# <command>mkfs.ext2 /dev/sda1</command>
# <command>mkfs.ext3 /dev/sda2</command>
# <command>mkfs.ext3 /dev/sda3</command></programlisting>
<para>Once that your partitions are created and a file system is put on
it, it is time to really start the Gentoo Linux installation.</para>
<para>First, mount all the necessary partitions onto your Linux
environment. In the rest of this chapter I will assume the partitioning
layout as described in <link
linkend="example_partitiontable">here</link>.</para>
<table id="example_partitiontable">
<title>Example partition layout</title>
<tgroup cols="3">
<tbody>
<row>
<entry>Device</entry>
<entry>Partition</entry>
<entry>Description</entry>
</row>
<row>
<entry>/dev/sda1</entry>
<entry>/boot</entry>
<entry>Small boot partition to hold the Linux kernel and
bootloader information. Can be ext2</entry>
</row>
<row>
<entry>/dev/sda2</entry>
<entry>/</entry>
<entry>Root partition; should be fairly large in this example.
Suggested is ext3</entry>
</row>
<row>
<entry>/dev/sda3</entry>
<entry>/home</entry>
<entry>Home partition where all users' files are stored. Best to
always have a separate partition for the home directories so that
future reinstallations can reuse the home structure.</entry>
</row>
<row>
<entry>/dev/sda4</entry>
<entry>&lt;none&gt;</entry>
<entry>Swap partition, roughly 1.5 times the amount of physical
memory nowadays (still this large because I want to use
hibernate-to-disk).</entry>
</row>
</tbody>
</tgroup>
</table>
<programlisting>~# <command>mkdir /mnt/gentoo</command>
~# <command>mount /dev/sda2 /mnt/gentoo</command>
~# <command>mkdir /mnt/gentoo/boot</command>
~# <command>mount /dev/sda1 /mnt/gentoo/boot</command>
~# <command>mkdir /mnt/gentoo/home</command>
~# <command>mount /dev/sda3 /mnt/gentoo/home</command>
~# <command>swapon /dev/sda4</command></programlisting>
<para>With the above commands executed, the various file systems we will
use for the Gentoo installation are now available at
<filename>/mnt/gentoo</filename>. Every file or directory we put beneath
<filename>/mnt/gentoo</filename> will show up on our final Gentoo
installation. For instance, <filename>/mnt/gentoo/boot</filename> =
<filename>/boot</filename>.</para>
</section>
<section>
<title>Installing Gentoo Base</title>
<para>First, set your system time correct so that the files you're going
to create do not have a weird timestamp:</para>
<programlisting>~# <command>ntpdate pool.ntp.org</command></programlisting>
<para>Next, surf to the <ulink
url="http://www.gentoo.org/main/en/mirrors2.xml">Gentoo mirror
list</ulink> and pick a mirror close to you. On most LiveCDs browsers are
available. On the sysresccd you can use links or lynx (command-line
browsers). Navigate to releases, select your architecture, autobuilds, the
latest date directory to find a listing of stage3 files and install
files.</para>
<programlisting>~# <command>cd /mnt/gentoo</command>
~# <command>links http://www.gentoo.org/main/en/mirrors2.xml</command></programlisting>
<itemizedlist>
<listitem>
<para>A stage3 file is an archive of a prebuilt Gentoo environment
which we will extract to the installation location
(<filename>/mnt/gentoo</filename>)</para>
</listitem>
<listitem>
<para>An install file is an ISO file (CD image) which contains a
minimal Gentoo environment from which you can boot and install Gentoo
from.</para>
</listitem>
</itemizedlist>
<para>Download the stage3 file and store it in
<filename>/mnt/gentoo</filename>. If you have the full URL at hand, you
can also use <command>wget</command>:</para>
<programlisting># <command>cd /mnt/gentoo</command>
# <command>wget http://gentoo.osuosl.org/releases/x86/autobuilds/20091201/stage3-i686-20091201.tar.bz2</command></programlisting>
<para>On many forums, you will find the notion of "funtoo" stages. <ulink
url="http://www.funtoo.org">Funtoo</ulink> is, to say it in the author's
own words (who happens to be Daniel Robbins, the founder of Gentoo Linux),
a Gentoo Linux variant which offers freshly-built Gentoo Linux stable
stages using Gentoo's official stable branch. You can use a funtoo stage
instead of a Gentoo official stage if you want. After all, they both
contain roughly the same material. Both (official and funtoo) stages are
fine as they are both quite recent.</para>
<para>Next, go back a few directories until you can select snapshots.
Enter this directory and download the latest
<filename>portage-&lt;date&gt;.tar.bz2</filename> you can find. Store it
in <filename>/mnt/gentoo</filename> as well. Finally, quit your browser
and extract the downloaded files on your installation location.</para>
<programlisting>~# <command>tar xvjpf stage3-*.tar.bz2</command>
~# <command>tar xvjf portage-*.tar.bz2 -C /mnt/gentoo/usr</command></programlisting>
<para>Again, you can use <command>wget</command> if you want:</para>
<programlisting># <command>wget http://gentoo.osuosl.org/snapshots/portage-latest.tar.bz2</command></programlisting>
<para>The <filename>portage-</filename> file is a snapshot of Gentoo's
Portage tree.</para>
<para>Next, edit the <filename>/mnt/gentoo/etc/make.conf</filename> file.
As discussed previously, this file contains variables that define Portage'
behavior. Right now I'm focussing on the variables CFLAGS, CXXFLAGS and
MAKEOPTS...</para>
<itemizedlist>
<listitem>
<para><varname>CFLAGS</varname> (C) and <varname>CXXFLAGS</varname>
(C++) inform gcc (GNU's Compiler Collection) what optimizations it
should use (see <link linkend="compilerdirectives">Compiler
Directives</link>)</para>
</listitem>
<listitem>
<para>MAKEOPTS defines how many parallel compilations should occur
when you install a package (especially useful for multicore / SMP
systems). A good choice is the number of core's in your system plus
one (for instance, a dual-core CPU would lead to
<varname>MAKEOPTS</varname>="<parameter>-j3</parameter>").</para>
</listitem>
</itemizedlist>
<para>You can edit the <filename>make.conf</filename> file using
<command>nano</command>, <command>vim</command> or any other text
editor.</para>
</section>
<section>
<title>Configuring the System</title>
<para>Our next step is to configure the installation environment.</para>
<section>
<title>Preparing the Installation Environment</title>
<para>First, prepare the environment for chrooting.
<emphasis>Chrooting</emphasis><indexterm>
<primary>chroot</primary>
</indexterm> is the process of altering your sessions' file system
root to another location. In our case, <filename>/mnt/gentoo</filename>
should become <filename>/</filename> for your running session. In order
to chroot succesfully, we need to ensure that networking will still
function properly and that both kernel data and device drivers are
available inside the chroot:</para>
<programlisting>~# <command>cp -L /etc/resolv.conf /mnt/gentoo/resolv.conf</command>
~# <command>mount -t proc none /mnt/gentoo/proc</command>
~# <command>mount -o bind /dev /mnt/gentoo/dev</command></programlisting>
</section>
<section>
<title>Chrooting</title>
<para>Now, chroot into the Gentoo installation environment, update your
environment variables and, for safety reasons, change your prompt so
that you know you're inside your Gentoo installation environment.</para>
<programlisting>~# <command>chroot /mnt/gentoo /bin/bash</command>
~# <command>env-update</command>
~# <command>source /etc/profile</command>
~# <command>export PS1="(chroot) $PS1"</command></programlisting>
<para>Right now, this session (where the prompt starts with "(chroot)")
is inside your Gentoo installation environment.</para>
</section>
<section>
<title>Configuring Portage</title>
<para>Now, update the Portage tree to make sure you have the current set
of packages at your disposal:</para>
<programlisting>~# <command>emerge --sync</command></programlisting>
<para>Next, select a Gentoo profile for your environment. A
<emphasis>Gentoo profile</emphasis><indexterm>
<primary>profile</primary>
</indexterm> is a collection of default Portage settings. If you want
to know what a particular profile selects of default settings, check out
its content at <filename>/usr/portage/profiles</filename> (and don't
forget to read up on cascading profiles). Currently, the 2008.0 set of
profiles is the stable, default one. The 10.0 set of profiles is still
being developed for the upcoming Gentoo 10 release.</para>
<programlisting>~# <command>eselect profile list</command>
~# <command>eselect profile set &lt;number&gt;</command></programlisting>
<para>Finally, set the USE flags you want in either
<filename>/etc/make.conf</filename> (global USE flags) or
<filename>/etc/portage/package.use</filename> (local USE flags).</para>
<programlisting>~# <command>nano -w /etc/make.conf</command></programlisting>
<para>For those of you who want to run Gentoo Linux with support for
international locales, edit <filename>/etc/locale.gen</filename> and
specify the locales you want to support. An example of locales are given
below. Once set, generate the locale files for your system.</para>
<programlisting>~# <command>nano -w /etc/locale.gen</command>
en_US ISO-8859-1
en_US.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE@euro ISO-8859-15
~# <command>locale-gen</command></programlisting>
<para>If you want to know which locales are supported, view the contents
of the /usr/share/i18n/SUPPORTED file:</para>
<programlisting># <command>less /usr/share/i18n/SUPPORTED</command></programlisting>
</section>
<section>
<title>Configuring the Linux Kernel</title>
<para>First select your time zone file from inside /usr/share/zoneinfo
and copy it to /etc/localtime. For instance, to use the GMT time
zone:</para>
<programlisting>~# <command>cp /usr/share/zoneinfo/GMT /etc/localtime</command></programlisting>
<para>Next, install the kernel sources. Gentoo profiles a few kernel
packages like <package>vanilla-sources</package> (bare Linux kernel as
delivered by the kernel developers) and
<package>gentoo-sources</package> (vanilla Linux kernel with patches
managed by Gentoo developers).</para>
<programlisting>~# <command>emerge gentoo-sources</command></programlisting>
<para>You will find the kernel sources at
<filename>/usr/src/linux</filename>. Now continue with building the
Linux kernel as discussed in <link
linkend="configuringkernel">Configuring a Kernel</link>.</para>
</section>
<section>
<title>Configuring the System</title>
<para>There are three blocks of information we need to configure
now:</para>
<itemizedlist>
<listitem>
<para>file system information
(<filename>/etc/fstab</filename>)</para>
</listitem>
<listitem>
<para>networking information</para>
</listitem>
<listitem>
<para>system information</para>
</listitem>
</itemizedlist>
<para>To start with the file system information, you need to edit the
<filename>/etc/fstab</filename> file. The structure of this file has
been discussed before so this shouldn't be an issue (see <link
linkend="mountsection">The mount command</link>).</para>
<programlisting>/dev/sda1 /boot ext2 noauto,noatime 0 0
/dev/sda2 / ext3 defaults,noatime 0 0
/dev/sda3 /home ext3 defaults,noatime 0 0
/dev/sda4 none swap sw 0 0
none /dev/shm tmpfs defaults 0 0</programlisting>
<para>Next, configure your network settings. Start by setting the system
hostname in <filename>/etc/conf.d/hostname</filename> and then configure
the networking settings in <filename>/etc/conf.d/net</filename>.
Finally, add your network interface initialization script to the default
run level so that networking is automatically started at boot
time.</para>
<programlisting>~# <command>nano -w /etc/conf.d/hostname</command>
~# <command>nano -w /etc/conf.d/net</command>
~# <command>rc-update add net.eth0 default</command></programlisting>
<para>Also edit your <filename>/etc/hosts</filename> file to include the
IP addresses and host names of other systems you might need. Also add
your hostname to the 127.0.0.1 entry in
<filename>/etc/hosts</filename>.</para>
<programlisting>~# <command>nano -w /etc/hosts</command></programlisting>
<para>Now, set your root password</para>
<programlisting>~# <command>passwd</command></programlisting>
<para>Next, edit <filename>/etc/rc.conf</filename> which contains your
general system configuration settings:</para>
<programlisting>~# <command>nano -w /etc/rc.conf</command></programlisting>
<para>Next, edit <filename>/etc/conf.d/keymaps</filename> to set your
system-wide keyboard layout settings:</para>
<programlisting>~# <command>nano -w /etc/conf.d/keymaps</command></programlisting>
<para>Finally, edit <filename>/etc/conf.d/clock</filename> to set the
clock options:</para>
<programlisting>~# <command>nano -w /etc/conf.d/clock</command></programlisting>
</section>
<section>
<title>Installing System Tools</title>
<para>Install a system logger, like syslog-ng:</para>
<programlisting>~# <command>emerge syslog-ng</command>
~# <command>rc-update add syslog-ng default</command></programlisting>
<para>Install a system scheduler (cron daemon), like vixie-cron:</para>
<programlisting>~# <command>emerge vixie-cron</command>
~# <command>rc-update add vixie-cron default</command></programlisting>
<para>Install the file system tools for the file systems you use:</para>
<programlisting>~# <command>emerge xfsprogs</command>
~# <command>emerge reiserfsprogs</command>
~# <command>emerge jfsutils</command></programlisting>
<para>Install the necessary networking tools, like a DHCP client:</para>
<programlisting>~# <command>emerge dhcpcd</command></programlisting>
</section>
</section>
<section>
<title>Configuring the Boot Loader</title>
<para>Now, we install the GRUB boot loader:</para>
<programlisting>~# <command>emerge grub</command></programlisting>
<para>Once installed, edit the grub configuration file
(<filename>/boot/grub/grub.conf</filename>) as we've seen before. Finally,
install GRUB on the master boot record:</para>
<programlisting>~# <command>grep -v rootfs /proc/mounts &gt; /etc/mtab</command>
~# <command>grub-install --no-floppy /dev/sda</command></programlisting>
</section>
<section>
<title>Finishing Up</title>
<para>Now that everything is installed, reboot your system by exiting the
chroot, umounting all mounted file systems and reboot:</para>
<programlisting>~# <command>exit</command>
~# <command>cd</command>
~# <command>umount /mnt/gentoo/boot /mnt/gentoo/dev /mnt/gentoo/proc</command>
~# <command>umount /mnt/gentoo/home /mnt/gentoo</command>
~# <command>reboot</command></programlisting>
<para>Once rebooted (and hopefully inside your Gentoo Linux environment),
log in as root and create a user for daily use:</para>
<programlisting>~# <command>useradd -m -G users,wheel,audio -s /bin/bash yournick</command>
~# <command>passwd yournick</command></programlisting>
<para>And to remove the traces from the installation, remove the
downloaded tarballs from your / file system:</para>
<programlisting>~# <command>rm /stage3-*.tar.bz2</command>
~# <command>rm /portage-*.tar.bz2</command></programlisting>
</section>
</chapter>